Methodology for the Automatic Categorisation and Classification of Threats and Attacks in IoT Ecosystems
摘要
This paper proposes a comprehensive methodology for the automatic categorisation and classification of threats and attacks in Internet of Things (IoT) ecosystems, based on the analysis of tactics, techniques and procedures used by attackers. The approach is structured in a framework that considers four fundamental layers of an IoT architecture: Perception, Network, Middleware and Application, allowing to address specific risks at each level of the system. At the Perception layer, attacks on sensors and physical devices are analysed; at the Network layer, threats related to data transmission; at the Middleware layer, vulnerabilities in service management; and at the Application layer, attacks targeting services and end users. In addition, a real case is presented that demonstrates the application of this methodology using automated analysis techniques, and various mitigation measures adapted to each layer are discussed, with the aim of strengthening the security and resilience of IoT environments against emerging threats.