This paper proposes a comprehensive methodology for the automatic categorisation and classification of threats and attacks in Internet of Things (IoT) ecosystems, based on the analysis of tactics, techniques and procedures used by attackers. The approach is structured in a framework that considers four fundamental layers of an IoT architecture: Perception, Network, Middleware and Application, allowing to address specific risks at each level of the system. At the Perception layer, attacks on sensors and physical devices are analysed; at the Network layer, threats related to data transmission; at the Middleware layer, vulnerabilities in service management; and at the Application layer, attacks targeting services and end users. In addition, a real case is presented that demonstrates the application of this methodology using automated analysis techniques, and various mitigation measures adapted to each layer are discussed, with the aim of strengthening the security and resilience of IoT environments against emerging threats.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Methodology for the Automatic Categorisation and Classification of Threats and Attacks in IoT Ecosystems

  • Laura Grande-Pérez,
  • Jesús-Ángel Román-Gallego,
  • Pablo Plaza Martínez,
  • Manuel López Pérez,
  • Albano Carrera

摘要

This paper proposes a comprehensive methodology for the automatic categorisation and classification of threats and attacks in Internet of Things (IoT) ecosystems, based on the analysis of tactics, techniques and procedures used by attackers. The approach is structured in a framework that considers four fundamental layers of an IoT architecture: Perception, Network, Middleware and Application, allowing to address specific risks at each level of the system. At the Perception layer, attacks on sensors and physical devices are analysed; at the Network layer, threats related to data transmission; at the Middleware layer, vulnerabilities in service management; and at the Application layer, attacks targeting services and end users. In addition, a real case is presented that demonstrates the application of this methodology using automated analysis techniques, and various mitigation measures adapted to each layer are discussed, with the aim of strengthening the security and resilience of IoT environments against emerging threats.