Automatic Verification and Execution of Cyber Attack on IoT Devices

Færøy, Fartein Lemjan; Yamin, Muhammad Mudassar; Shukla, Ankur; Katt, Basel

doi:10.3390/s23020733

Cited by 8 publications

(12 citation statements)

References 38 publications

(52 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It also emphasizes the use of domain-specific language for scenario modeling and the integration of various cyber exercise components, aiming to automate the entire cybersecurity exercise life cycle. In their study, F. Lemjan et al [19] investigated the security vulnerabilities of Internet of Things (IoT) devices, emphasizing the need for autonomous penetration testing to address these risks. The research explores automated attack execution models for simulating attacks in cyber ranges and applies these models to autonomously test IoT device security.…”

Section: Cyber Security Scenariosmentioning

confidence: 99%

Applications of LLMs for Generating Cyber Security Exercise Scenarios

Yamin,

Hashmi,

Ullah

et al. 2024

Preprint

Self Cite

View full text Add to dashboard Cite

This study proposes a novel approach leveraging Large Language Models (LLMs) to generate dynamic and complex adaptable cybersecu-rity exercise scenarios. Motivated by Turing’s sem-inal exploration into machine cognition, which questions the ability of machines to mimic human thought and intelligence. By exploiting the generative potential of LLMs, our methodology simulates a wide range of cyber threats, both known and novel, thereby enhancing cybersecurity training and awareness. This approach transforms the potential for ’hal-lucination’ inherent in LLMs into a potential advantage , enabling the creation of complex exercise scenarios that push the boundaries of traditional cybersecurity training. The innovation lies in the sophisticated application of AI, aiming to advance the preparedness of security professionals against diverse cyber threats. The scenarios generated through this method were subject to meticulous testing and a rigorous evaluation process involving GPT models and expert review to ensure their realism and applicability. Furthermore, the prompts provided to the LLMs were meticulously designed to adopt a Retrieval-Augmented Generation (RAG) approach, enriching the complexity and relevance of the scenarios. This incorporation of RAG, alongside the inspiration drawn from Tur-ing’s exploration of machine intelligence, showcases an advanced application of AI in cybersecurity training , reflecting a deep understanding of how machines can augment our capabilities to anticipate and mitigate cyber threats.

show abstract

Section: Cyber Security Scenariosmentioning

confidence: 99%

Applications of LLMs for Generating Cyber Security Exercise Scenarios

Yamin,

Hashmi,

Ullah

et al. 2024

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…According to this study, devices that are currently on the market and used worldwide are vulnerable to attacks that could be detrimental to users. Faeroy, Yamin [72], who examined vulnerabilities in IoT devices, such as autonomous monitoring and tracking systems, developed an autonomous agent whose decision-making process paralleled the execution plan model (EP Model). The seven-step PTES comprising (1) pre-engagement interactions, (2) intelligence gathering, (3) threat modeling, (4) vulnerability analysis, (5) exploitation, (6) post-exploitation, and (7) reporting was used in this study.…”

Section: Penetration Testing Frameworkmentioning

confidence: 99%

“…Security assessments must be regularly performed against these devices www.ijacsa.thesai.org to prevent cyber intruders from manipulating user devices. Nevertheless, recent research [8,[70][71][72][73][77][78][79] has not offered a solution for normal users to conduct penetration testing. Given the multitude of incomprehensible steps and software to normal users, this approach requires security experts.…”

Section: A Incompetent Usermentioning

confidence: 99%

“…Although the penetration testing conducted by IT expert they are struggling to perform penetration testing on multiple IoT devices manually. Faeroy, Yamin [72] explained that penetration testing IoT devices do not significantly vary from penetration testing larger computer systems. Meanwhile, Suren, Heiding [51] observed that conventional penetration testing has been well-documented over the years as opposed to the IoT ecosystem.…”

Section: A Incompetent Usermentioning

confidence: 99%

See 1 more Smart Citation

A Raise of Security Concern in IoT Devices: Measuring IoT Security Through Penetration Testing Framework

Jaafar,

Ismail,

Habir

et al. 2024

ijacsa

View full text Add to dashboard Cite

Despite the widespread adoption of IoT devices across different industries to enhance human activities, there is a pressing need to address the vulnerabilities associated with these devices, as they can potentially give rise to a plethora of cyber threats. Cyberattacks targeting IoT devices are predominantly attributed to inadequate patching and security updates. Furthermore, the current atmosphere pertaining to IoT penetration tests primarily focuses on specific devices and sectors while leaving certain fields behind, such as household devices. This study delves into recent penetration testing on IoT devices. Further, it discusses and critically analyzes the significance and issues in conducting IoT penetration tests. The findings of this study reveal a substantial demand for automated IoT penetration testing to serve diverse industries because conducting such testing has the capacity to diminish the consequences of cyber-attacks across numerous industries that utilize IoT devices for various purposes. This study is intended to be a ready reference for the research community to construct effective and innovative solutions in IoT penetration testing, which covers various fields.

show abstract

“…For this purpose, it proposes a novel encryption method called LRO-S to secure sensitive patient data and improve the safety and adaptability of medical professionals’ access to Cloud-based patient-sensitive data. The work in [ 9 ] focused on enabling penetration testing techniques in healthcare IoT devices, in an automatic and systematic manner. Finally, the work in [ 10 ] provides a rigorous and updated state-of-the-art revision of the available mechanisms for healthcare IoT devices.…”

Section: Introductionmentioning

confidence: 99%

Code Integrity and Confidentiality: An Active Data Approach for Active and Healthy Ageing

Litvinov

Llumiguano

Santofimia

et al. 2023

Sensors

View full text Add to dashboard Cite

Internet of Things cybersecurity is gaining attention as the number of devices installed in IoT environments is exponentially increasing while the number of attacks successfully addressed to these devices are also proliferating. Security concerns have, however, been mainly addressed to service availability and information integrity and confidentiality. Code integrity, on the other hand, is not receiving proper attention, mainly because of the limited resources of these devices, thus preventing the implementation of advanced protection mechanisms. This situation calls for further research on how traditional mechanisms for code integrity can be adapted to IoT devices. This work presents a mechanism for code integrity in IoT devices based on a virtual-machine approach. A proof-of-concept virtual machine is presented, specially designed for providing code integrity during firmware updates. The proposed approach has been experimentally validated in terms of resource consumption among the most-widespread micro-controller units. The obtained results demonstrate the feasibility of this robust mechanism for code integrity.

show abstract

Automatic Verification and Execution of Cyber Attack on IoT Devices

Cited by 8 publications

References 38 publications

Applications of LLMs for Generating Cyber Security Exercise Scenarios

Applications of LLMs for Generating Cyber Security Exercise Scenarios

A Raise of Security Concern in IoT Devices: Measuring IoT Security Through Penetration Testing Framework

Code Integrity and Confidentiality: An Active Data Approach for Active and Healthy Ageing

Contact Info

Product

Resources

About