Threat Modeling and Vulnerability Management for Securing IoT Ecosystems
DOI:
https://doi.org/10.56472/ICCSAIML25-104Keywords:
IoT Security, Threat Modeling, Vulnerability, Management, Risk Assessment, Cyber security Frameworks, Attack Surface Analysis, Penetration Testing, Secure Development LifecycleAbstract
The fast growth of the Internet of Things (IoT) has revolutionized businesses, improving connectivity & the efficiency, but it has also seriously threatened security. Cyber threats include unlawful access, data breaches & their virus attacks greatly affect the huge network of networked devices found in IoT systems. The varied nature of IoT devices, limited processing resources & lack of established security frameworks all help to make their conventional security systems often insufficient. The need of threat modeling & vulnerability management as proactive approaches for protecting IoT environments is underlined by this study While strong vulnerability management provides their continuous monitoring, fast patching & risk prioritization, threat modeling lets companies deliberately find their probable attack routes, assess risks & run particular mitigating strategies. Along with automated vulnerability scanning, penetration testing & their firmware security assessments for vulnerability management, this article looks at important techniques such as STRIDE, DREAD & attack surface analysis for threat modeling. Studies show that including these approaches into the IoT development process greatly enhances their security posture, therefore reducing the likelihood of exploitation. Emphasizing the importance of regulatory compliance, security-by-design ideas & AI-driven threat intelligence to fight latest cyberthreats. This paper offers best practices, a disciplined framework for IoT security practitioners & emphasizes the need of automation in their risk reducing. Using a security-centric strategy in IoT development & application can help businesses create strong ecosystems safeguarding critical infrastructure & their private information
Downloads
References
[1] Sequeiros, J. B., Chimuco, F. T., Samaila, M. G., Freire, M. M., & Inácio, P. R. (2020). Attack and system modeling applied to IoT, cloud, and mobile ecosystems: Embedding security by design. ACM Computing Surveys (CSUR), 53(2), 1-32.
[2] Anand, P., Singh, Y., Selwal, A., Alazab, M., Tanwar, S., & Kumar, N. (2020). IoT vulnerability assessment for sustainable computing: Threats, current solutions, and open challenges. IEEE access, 8, 168825-168853.
[3] Srivastava, A., Gupta, S., Quamara, M., Chaudhary, P., & Aski, V. J. (2020). Future IoT‐enabled threats and vulnerabilities: State of the art, challenges, and future prospects. International Journal of Communication Systems, 33(12), e4443.
[4] Wong, A. Y., Chekole, E. G., Ochoa, M., & Zhou, J. (2023). On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers & Security, 128, 103140.
[5] Wheelus, C., & Zhu, X. (2020). IoT network security: Threats, risks, and a data-driven defense framework. IoT, 1(2), 259-285.
[6] Al Asif, M. R., Hasan, K. F., Islam, M. Z., & Khondoker, R. (2021, December). STRIDE-based cyber security threat modeling for IoT-enabled precision agriculture systems. In 2021 3rd International Conference on Sustainable Technologies for Industry 4.0 (STI) (pp. 1-6). IEEE.
[7] Andrade, R. O., Yoo, S. G., Tello-Oquendo, L., & Ortiz-Garcés, I. (2020). A comprehensive study of the IoT cybersecurity in smart cities. Ieee Access, 8, 228922-228941.
[8] Malamas, V., Chantzis, F., Dasaklis, T. K., Stergiopoulos, G., Kotzanikolaou, P., & Douligeris, C. (2021). Risk assessment methodologies for the internet of medical things: A survey and comparative appraisal. IEEE Access, 9, 40049-40075.
[9] Prawiyogi, A. G., & Meria, L. (2023). For a cps-iot enabled healthcare ecosystem consider cognitive cybersecurity. International Transactions on Artificial Intelligence, 2(1), 24-32.
[10] Chantzis, F., Stais, I., Calderon, P., Deirmentzoglou, E., & Woods, B. (2021). Practical IoT hacking: the definitive guide to attacking the internet of things. No Starch Press.
[11] Jiang, W., Synovic, N., Sethi, R., Indarapu, A., Hyatt, M., Schorlemmer, T. R., ... & Davis, J. C. (2022, November). An empirical study of artifacts and security risks in the pre-trained model supply chain. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (pp. 105-114).
[12] Camacho, N. G. (2024). The role of AI in cybersecurity: Addressing threats in the digital age. Journal of Artificial Intelligence General science (JAIGS) ISSN: 3006-4023, 3(1), 143-154.
[13] K. Patibandla, R. Daruvuri, and P. Mannem, "Streamlining workload management in AI-driven cloud architectures: A comparative algorithmic approach," International Research Journal of Engineering and Technology, vol. 11, no. 11, pp. 113-121, 2024.
[14] Obaidat, M. A., Obeidat, S., Holst, J., Al Hayajneh, A., & Brown, J. (2020). A comprehensive and systematic survey on the internet of things: Security and privacy challenges, security frameworks, enabling technologies, threats, vulnerabilities and countermeasures. Computers, 9(2), 44.
[15] Issa, W., Moustafa, N., Turnbull, B., Sohrabi, N., & Tari, Z. (2023). Blockchain-based federated learning for securing internet of things: A comprehensive survey. ACM Computing Surveys, 55(9), 1-43.
[16] G. Lakshmikanthan, S. S. Nair, J. Partha Sarathy, S. Singh, S. Santiago and B. Jegajothi, "Mitigating IoT Botnet Attacks: Machine Learning Techniques for Securing Connected Devices," 2024 International Conference on Emerging Research in Computational Science (ICERCS), Coimbatore, India, 2024, pp. 1-6, doi: 10.1109/ICERCS63125.2024.10895253
[17] Radoglou-Grammatikis, P., Rompolos, K., Sarigiannidis, P., Argyriou, V., Lagkas, T., Sarigiannidis, A. & Wan, S. (2021). Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach. IEEE Transactions on Industrial Informatics, 18(3), 2041-2052.
