August 4, 2021

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security. (arXiv:2106.00073v1 [cs.CR])

Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of
thousands of devices connected in a complex network topology. The diversity and
complexity of these components present an enormous attack surface, allowing an
adversary to exploit security vulnerabilities of different devices to execute a
potent attack. Though significant efforts have been made to improve the
security of individual devices in these systems, little attention has been paid
to security at the aggregate level. In this article, we describe a
comprehensive risk management system, called GRAVITAS, for IoT/CPS that can
identify undiscovered attack vectors and optimize the placement of defenses
within the system for optimal performance and cost. While existing risk
management systems consider only known attacks, our model employs a machine
learning approach to extrapolate undiscovered exploits, enabling us to identify
attacks overlooked by manual penetration testing (pen-testing). The model is
flexible enough to analyze practically any IoT/CPS and provide the system
administrator with a concrete list of suggested defenses that can reduce system
vulnerability at optimal cost. GRAVITAS can be employed by governments,
companies, and system administrators to design secure IoT/CPS at scale,
providing a quantitative measure of security and efficiency in a world where
IoT/CPS devices will soon be ubiquitous.