Georgescu Tiberiu-Marian, Iancu Bogdan, Zurini Madalina
Department of Economic Informatics and Cybernetics, The Bucharest University of Economic Studies, 6 Piata Romana, 010374 Bucharest, Romania.
Sensors (Basel). 2019 Aug 1;19(15):3380. doi: 10.3390/s19153380.
The aim of this paper was to enhance the process of diagnosing and detecting possible vulnerabilities within an Internet of Things (IoT) system by using a named entity recognition (NER)-based solution. In both research and practice, security system management experts rely on a large variety of heterogeneous security data sources, which are usually available in the form of natural language. This is challenging as the process is very time consuming and it is difficult to stay up to date with the constant findings in the areas of security threats, vulnerabilities, attacks, countermeasures, and risks. The proposed system is conceived as a semantic indexing solution of existing vulnerabilities and serves as an information tool for security management experts. By integrating the proposed system, the users can easily discover the potential vulnerabilities of their IoT devices. The proposed solution integrates ontologies and NER techniques in order to obtain a high rate of automation with the scope of reaching a self-maintained and up-to-date system in terms of vulnerabilities and common exposures knowledge. To achieve this, a total of 312 CVEs (common vulnerabilities and exposures) specific to the IoT field were identified. CVEs are arguably one of the most important cybersecurity resources nowadays, containing information about the latest discovered vulnerabilities. This set is further used as data corpus for an NER model designed to identify the main entities and relations that are relevant to IoT security. The goal is to automatically monitor cybersecurity information relevant to IoT, and filter and present it in an organized and structured framework based on users' needs. The taxonomies specific to IoT security are implemented via a domain ontology, which is later used to process natural language. Relevant tokens are marked as entities and the relations between them identified. The text analysis solution is connected to a gateway which scans the environment and identifies the main IoT devices and communication technologies. The strength of the approach proposed within this research is that the designed semantic gateway is using context-aware searches in the modeled IoT security database and can identify possible vulnerabilities before they can be exploited.
本文的目的是通过使用基于命名实体识别(NER)的解决方案,加强物联网(IoT)系统中诊断和检测潜在漏洞的过程。在研究和实践中,安全系统管理专家依赖大量异质的安全数据源,这些数据源通常以自然语言的形式存在。这具有挑战性,因为该过程非常耗时,而且很难跟上安全威胁、漏洞、攻击、对策和风险领域不断出现的发现。所提出的系统被设想为现有漏洞的语义索引解决方案,并作为安全管理专家的信息工具。通过集成所提出的系统,用户可以轻松发现其物联网设备的潜在漏洞。所提出的解决方案集成了本体和NER技术,以便在漏洞和常见暴露知识方面实现高度自动化,达到自我维护和最新的系统。为了实现这一目标,总共识别出312个特定于物联网领域的通用漏洞披露(CVE)。如今,CVE可以说是最重要的网络安全资源之一,包含有关最新发现漏洞的信息。这组数据进一步用作NER模型的数据语料库,该模型旨在识别与物联网安全相关的主要实体和关系。目标是自动监控与物联网相关的网络安全信息,并根据用户需求在有组织和结构化的框架中进行过滤和呈现。特定于物联网安全的分类法通过领域本体来实现,该本体随后用于处理自然语言。相关令牌被标记为实体,并识别它们之间的关系。文本分析解决方案连接到一个网关,该网关扫描环境并识别主要的物联网设备和通信技术。本研究中提出的方法的优势在于,所设计的语义网关在建模的物联网安全数据库中使用上下文感知搜索,并且可以在潜在漏洞被利用之前识别它们。
