Bits and Pieces
Piecing Together Factors of IoT Vulnerability Exploitation
Arwa Abdulkarim Al Alsadi (TU Delft - Organisation & Governance)
Mathew Vermeer (TU Delft - Organisation & Governance)
Takayuki Sasaki (Yokohama National University)
Katsunari Yoshioka (Yokohama National University)
Michel van Eeten (TU Delft - Organisation & Governance)
C. Hernandez Ganan (TU Delft - Organisation & Governance)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
The proliferation of Internet of Things (IoT) devices has led to a surge in vulnerabilities, with traditional metrics like CVSS and PoC exploits failing to fully explain exploitation patterns. To address this, we leverage features from the-state-of-the-art prediction model EPSS – such as CVSS, CWE, vendors, external references, vulnerability age, and PoCs – and combine it with new features derived from hacking communities. Our study of 23,373 IoT-related CVEs and 25k posts from 25 hacking forums highlights the importance of including insights on attacker behavior from discussions involving vulnerabilities. We identified 38 features with a p-value < 0.05 that impact attackers’ selection of IoT vulnerabilities. We use two metrics to evaluate our model with features from hacking forums: McFadden’s pseudo R2, which showed a 21% improvement in explaining variance, and the Brier score for prediction accuracy, with a 17% improvement over EPSS. These results emphasize that current state-of-the-art methods struggle to capture the distinct nuances and complexity of IoT threats, and incorporating available information such as insights into attacker behavior can enhance the factors influencing the targeting of IoT vulnerability better.
help_outline