Journal of Information Processing Systems

  • 제14권3호
  • /
  • Pages.740-750
  • /
  • 2018
  • /
  • 1976-913X(pISSN)
  • /
  • 2092-805X(eISSN)
한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

Service Identification of Internet-Connected Devices Based on Common Platform Enumeration

  • Na, Sarang (Security Technology R&D Team, Korea Internet & Security Agency) ;
  • Kim, Taeeun (Security Technology R&D Team, Korea Internet & Security Agency) ;
  • Kim, Hwankuk (Security Technology R&D Team, Korea Internet & Security Agency)
  • 투고 : 2017.04.06
  • 심사 : 2017.07.27
  • 발행 : 2018.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.

키워드

참고문헌

  1. S. Maity and J. H. Park, "Powering IoT devices: a novel design and analysis technique," Journal of Convergence, vol. 7, article no. 16071001, 2016.
  2. R. Mafrur, I. G. D. Nugraha, and D. Choi, "Modeling and discovering human behavior from smartphone sensing life-log data for identification purpose," Human-centric Computing and Information Sciences, vol. 5, article no. 31, 2015.
  3. A. Nordrum, "Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated," 2016 [Online]. Available: https://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated.
  4. J. W. Joo, J. K. Lee, and J. H. Park, "Security considerations for a connected car," Journal of Convergence, vol. 6, no. 2, pp. 1-9, 2015.
  5. Mirai (malware) [Online]. Available: https://en.wikipedia.org/wiki/Mirai_(malware).
  6. Z. Wikholm "When vulnerabilities travel downstream," 2016 [Online]. Available: https://www.flashpoint-intel.com/blog/cybercrime/when-vulnerabilities-travel-downstream/
  7. CVE details: the ultimate security vulnerability datasource [Online]. Available: https://www.cvedetails.com.
  8. National Vulnerability Database [Online]. Available: https://nvd.nist.gov.
  9. Shodan (website) [Online]. Available: https://en.wikipedia.org/wiki/Shodan_(website).
  10. Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman, "A search engine backed by Internet-wide scanning," in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, 2015, pp. 542-553.
  11. Banner grabbing [Online]. Available: https://en.wikipedia.org/wiki/Banner_grabbing.
  12. Official Common Platform Enumeration (CPE) dictionary [Online]. Available: https://nvd.nist.gov/cpe.cfm.
  13. B. A. Cjeoles, D. Waltermire, and K. Scarfone, "Common Platform Enumeration: Naming Specification Version 2.3," National Institute of Standard and Technology (NIST) Interagency Report No. 7695, 2011.
  14. Z. Durumeric, E. Wustrow, and J. A. Halderman, "ZMap: fast Internet-wide scanning and its security applications," in Proceedings of the 22nd USENIX Security Symposium, Washington, DC, 2013, pp. 605-619.
  15. G. F. Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Sunnyvale, CA: Insecure, 2009.
  16. Nessus (software) [Online]. Available: https://en.wikipedia.org/wiki/Nessus_(software).
  17. B. Genge and C. Enachescu, "ShoVAT: Shodan‐based vulnerability assessment tool for Internet‐facing services," Security and Communication Networks, vol. 9, no. 15, pp. 2696-2714, 2016. https://doi.org/10.1002/sec.1262
  18. S. Na, T. Kim, and H. Kim, "A study on the service identification of Internet-connected devices using common platform enumeration," in Advanced Multimedia and Ubiquitous Engineering. Singapore: Springer, 2017, pp. 237-241.