The Internet of Things network penetration testing model using attack graph analysis
Penetration testing (pen-testing) is one of the most effective approaches to increase the security level of information systems. Although pen-testing is a very popular approach, the process requires a significant investment of time and extensive financial resources. Existing pen-testing models have...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
2022
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/98928/ http://dx.doi.org/10.1109/ISMSIT56059.2022.9932758 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Penetration testing (pen-testing) is one of the most effective approaches to increase the security level of information systems. Although pen-testing is a very popular approach, the process requires a significant investment of time and extensive financial resources. Existing pen-testing models have focused heavily on handling IoT security breaches and improving attack path analysis. However, they have their limitations as they are too general and unable to detect multi-stage, multi-host, or zero-day vulnerabilities in IoT devices. In this proposed study, an algorithm is developed to generate all attack paths for vulnerable IoT devices. The techniques to optimize the attack paths are defined. A second algorithm is developed to identify the criticality of the paths, nodes, and vulnerabilities before it is used to optimize the target graphs. The developed model is expected to be an end-to-end, accurate, flexible, and automatic pen-testing model using attack graphs for detecting all possible paths that can be used by an attacker to penetrate the target system. |
|---|