With the increasing number of Internet of Things (IoT) devices connected to the internet, the industry and research community have become increasingly concerned about their security impact. Adversaries or hackers often exploit public security flaws to compromise IoT devices and launch cyber attacks. However, despite this growing concern, little effort has been made to investigate the detection of IoT devices and their underlying risks. To address this gap, this paper proposes to automatically establish relationships between IoT devices and their vulnerabilities in the wild. Specifically, we construct a deep neural network (DNN) to extract semantic information from IoT packets and generate fine-grained fingerprints of IoT devices. This enables us to annotate IoT devices in cyberspace, including their device type, vendor, and product information. We collect vulnerability reports from various security sources and extract IoT device information from these reports to automatically match vulnerabilities with the fingerprints of IoT devices. We implemented a prototype system and conducted extensive experiments to validate the effectiveness of our approach. The results show that our DNN model achieved a 98% precision rate and a 95% recall rate in IoT device fingerprinting. Furthermore, we collected and analyzed over 13,063 IoT-related vulnerability reports and our method automatically built 5,458 connections between IoT device fingerprints and their vulnerabilities. These findings shed light on the ongoing threat of cyber-attacks on IoT systems as both IoT devices and disclosed vulnerabilities are targets for malicious attackers.
Ranging-based localization is a fundamental problem in the Internet of Things (IoT) and Unmanned Aerial Vehicles (UAV) networks. However, the nodes’ limited-ranging scope and users’ broad coverage purpose inevitably cause network sparsity or subnetwork sparsity. The performances of existing localization algorithms are extremely unsatisfactory in sparse networks. A crucial way to deal with the sparsity is to exploit the hidden knowledge provided by the unmeasured edges, which inspires this paper to propose a hypothesis-based Joint Edge Inference and Localization algorithm, i.e., InferLoc. InferLoc mines the Unmeasured but Inferable Edges (UIEs). Each UIE is an unmeasured edge, but it is restricted through other edges in the network to be inside a rigid component, so it has only a limited number of possible lengths. We propose an efficient method to detect UIEs and geometric approaches to infer possible lengths for UIEs in 2D and 3D networks. The inferred possible lengths of UIEs are then treated as multiple hypotheses to determine the node locations and the lengths of UIEs simultaneously through a joint graph optimization process. In the joint graph optimization model, to make the 0/1 decision variables for hypotheses selection differentiable, differentiable functions are proposed to relax the 0/1 selections, and rounding is applied to select the final length after the optimization converges. We also prove the condition when a UIE can contribute to sparse localization. Extensive experiments show remarkably better accuracy and efficiency performances of InferLoc than the state-of-the-art network localization algorithms. In particular, it reduces the localization errors by more than (90% ) and speeds up the convergence time over 100 times than the widely used G2O-based methods in sparse networks.
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: