Ontology-Driven Framework for Trend Analysis of Vulnerabilities and Impacts in IoT Hardware

摘要

The number of publicly known cyber-security vulnerabilities submitted to the National Vulnerability Database (NVD) has increased significantly. However, it is cumbersome to explore useful information from this large corpus of unstructured data to find meaningful trends over time without proper tools. Prior works with this purpose have mainly focused on the software vulnerabilities and fail to provide a storytelling framework that can extract useful information about the relationship and trends within the CVE and CWE databases over time. Additionally, hardware attacks on IoT devices are evolving very rapidly due to the recent proliferation of computing devices in mobile and IoT domains. Thus, herein, we focus on IoT hardware vulnerabilities and develop an Ontology-driven Storytelling Framework (OSF) which aims to identify similar patterns of vulnerabilities over time, to help mitigate the impacts of vulnerabilities or predict and prevent future vulnerabilities.