Login | Register

Traditional Indicators of Compromise (IOCs) Meet Dynamic App-Device Interactions for IoT-specific Threat Intelligence

Title:

Traditional Indicators of Compromise (IOCs) Meet Dynamic App-Device Interactions for IoT-specific Threat Intelligence

Smolyakova, Sofya ORCID: https://orcid.org/0009-0009-7298-0144 (2024) Traditional Indicators of Compromise (IOCs) Meet Dynamic App-Device Interactions for IoT-specific Threat Intelligence. Masters thesis, Concordia University.

[thumbnail of Smolyakova_MASc_F2024.pdf]
Preview
Text (application/pdf)
Smolyakova_MASc_F2024.pdf - Accepted Version
Available under License Spectrum Terms of Access.
3MB

Abstract

While enjoying widespread popularity, IoT faces numerous threats with both traditional (e.g., Common Vulnerabilities and Exposures (CVEs) and Common Weakness Enumerations (CWEs)) and IoT-specific (e.g., device-application interactions) attack vectors. Therefore, gathering threat intelligence for an IoT environment is equally essential if not more (compared to many other IT environments). However, extracting threat intelligence from an IoT deployment poses several unique challenges. First, most IoT implementations are not logging threat-related information and even if they are, their logging mechanisms require significant additional effort to turn those logs to a threat intelligence. Second, there is no clear definition of IOCs (indicators of compromise), which are the key inputs to threat intelligence, in the context of IoT; including how to combine IoT-specific IOCs including that are involved with the dynamic app-device interactions. In this thesis, we propose IoTINT, a solution to obtain IoT-specific threat intelligence while addressing the above-mentioned challenges. Specifically, our key ideas are to first enable logging in IoT devices and apps without requiring any code instrumentation (in contrast to existing approaches), then iteratively finding dynamic interactions between IoT devices and their apps that are defined by automation rules and result in various security threats, and finally, combine both app-device interactions with traditional IOCs (such as, CVEs and CWEs) to build a comprehensive
threat intelligence for IoT. We implement IoTINT for Samsung SmartThings, a major smart home platform, and evaluate its performance (e.g., 100% coverage in extracting threat intelligence within 11 seconds for 10 realistic IoT attack scenarios).

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Smolyakova, Sofya
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:7 June 2024
Thesis Supervisor(s):Majumdar, Suryadipta
ID Code:994056
Deposited By: Sofya Smolyakova
Deposited On:24 Oct 2024 18:05
Last Modified:24 Oct 2024 18:05
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top