Mostrar el registro sencillo del ítem
Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM
dc.contributor.author | Daniel Díaz López | |
dc.contributor.author | Blanco Uribe, María | |
dc.contributor.author | Santiago Cely, Claudia | |
dc.contributor.author | Vega Torres, Andrés | |
dc.contributor.author | Moreno Guataquira, Nicolás | |
dc.contributor.author | Morón Castro, Stefany | |
dc.contributor.author | Nespoli, Pantaleone | |
dc.contributor.author | Gómez Mármol, Félix | |
dc.date.accessioned | 2021-05-21T21:27:17Z | |
dc.date.accessioned | 2021-10-01T17:22:49Z | |
dc.date.available | 2021-05-21T21:27:17Z | |
dc.date.available | 2021-10-01T17:22:49Z | |
dc.date.issued | 2018 | |
dc.identifier.issn | 1530-8669 | |
dc.identifier.issn | 1530-8677 | |
dc.identifier.uri | https://repositorio.escuelaing.edu.co/handle/001/1467 | |
dc.description.abstract | Due to the growth of IoT (Internet of Tings) devices in diferent industries and markets in recent years and considering the currently insufcient protection for these devices, a security solution safeguarding IoT architectures are highly desirable. An interesting perspective for the development of security solutions is the use of an event management approach, knowing that an event may become an incident when an information asset is afected under certain circumstances. Te paper at hand proposes a security solution based on the management of security events within IoT scenarios in order to accurately identify suspicious activities. To this end, diferent vulnerabilities found in IoT devices are described, as well as unique features that make these devices an appealing target for attacks. Finally, three IoT attack scenarios are presented, describing exploited vulnerabilities, security events generated by the attack, and accurate responses that could be launched to help decreasing the impact of the attack on IoT devices. Our analysis demonstrates that the proposed approach is suitable for protecting the IoT ecosystem, giving an adequate protection level to the IoT devices. | eng |
dc.description.abstract | Debido al crecimiento de los dispositivos IoT (Internet of Tings) en diferentes industrias y mercados en los últimos años y considerando la Actualmente, la protección para estos dispositivos es insuficiente, por lo que es muy deseable una solución de seguridad que proteja las arquitecturas de IoT. Un Una perspectiva interesante para el desarrollo de soluciones de seguridad es el uso de un enfoque de gestión de eventos, sabiendo que un El evento puede convertirse en un incidente cuando un activo de información se ve afectado en determinadas circunstancias. El papel que nos ocupa propone una solución de seguridad basada en la gestión de eventos de seguridad dentro de escenarios de IoT para identificar con precisión los sospechosos ocupaciones. Para ello, se describen las diferentes vulnerabilidades encontradas en los dispositivos IoT, así como las características únicas que hacen que estos dispositivos un objetivo atractivo para los ataques. Finalmente, se presentan tres escenarios de ataque de IoT, que describen vulnerabilidades explotadas, eventos de seguridad generado por el ataque y respuestas precisas que podrían lanzarse para ayudar a disminuir el impacto del ataque en los dispositivos de IoT. Nuestro análisis demuestra que el enfoque propuesto es adecuado para proteger el ecosistema de IoT, brindando una protección adecuada nivel a los dispositivos de IoT. | spa |
dc.format.extent | 19 páginas | spa |
dc.format.mimetype | application/pdf | spa |
dc.language.iso | eng | spa |
dc.publisher | Guest Editor: Constantinos Kolias | spa |
dc.rights | Copyright © 2018 Daniel D´ıaz L´opez et al. Tis is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. | spa |
dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | spa |
dc.source | https://www.hindawi.com/journals/wcmc/2018/3029638/ | spa |
dc.title | Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM | spa |
dc.type | Artículo de revista | spa |
dc.description.notes | Computer Science Faculty, Colombian School of Engineering Julio Garavito, Colombia Department of Information and Communications Engineering, University of Murcia, Spain Correspondence should be addressed to Daniel D´ıaz L´opez; daniel.diaz@escuelaing.edu.co | spa |
dc.description.notes | Received 28 May 2018; Revised 10 September 2018; Accepted 4 October 2018; Published 25 October 2018 | spa |
dc.type.version | info:eu-repo/semantics/publishedVersion | spa |
oaire.accessrights | http://purl.org/coar/access_right/c_abf2 | spa |
oaire.version | http://purl.org/coar/version/c_970fb48d4fbd8a85 | spa |
dc.contributor.researchgroup | CTG-Informática | spa |
dc.identifier.doi | doi.org/10.1155/2018/3029638 | |
dc.identifier.url | https://www.hindawi.com/journals/wcmc/2018/3029638/ | |
dc.publisher.place | Egipto | spa |
dc.publisher.place | Inglaterra | spa |
dc.relation.citationedition | Volume 2018, Article ID 3029638, 18 pages | spa |
dc.relation.citationendpage | 18 | spa |
dc.relation.citationstartpage | 1 | spa |
dc.relation.citationvolume | 2018 | spa |
dc.relation.indexed | N/A | spa |
dc.relation.ispartofjournal | Wireless Communications and Mobile Computing | spa |
dc.relation.references | K. Yelamarthi, M. S. Aman, and A. Abdelgawad, “An application-driven modular IoT architecture,” Wireless Communications and Mobile Computing, vol. 2017, Article ID 1350929, 16 pages, 2017. | spa |
dc.relation.references | Gartner, “Gartner’s 2016 Hype Cycle for Emerging Technologies,” 2016. [Online]. Available: https://www.gartner.com/ newsroom/id/3412017. | spa |
dc.relation.references | S. Li, L. D. Xu, and S. Zhao, “Te internet of things: a survey,” Information Systems Frontiers, vol. 17, no. 2, pp. 243–259, 2015. | spa |
dc.relation.references | S. Haller, S. Karnouskos, and C. Schroth, “Te Internet ofTings in an Enterprise Context,” in Future Internet – FIS 2008, vol. 5468 of Lecture Notes in Computer Science, pp. 14–28, Springer Berlin Heidelberg, Berlin, Heidelberg, 2009. | spa |
dc.relation.references | A. Abdelgawad and K. Yelamarthi, “Internet of things (IoT) platform for structure health monitoring,” Wireless Communications and Mobile Computing, vol. 2017, Article ID 6560797, 2017. | spa |
dc.relation.references | B. R. Stojkoska, K. Trivodaliev, and D. Davcev, “Internet of things framework for home care systems,” Wireless Communications and Mobile Computing, vol. 2017, Article ID 8323646, 2017 | spa |
dc.relation.references | B. Gomes, L. Muniz, F. J. da Silva e Silva, L. E. Rios, and M. Endler, “A comprehensive cloud-based IoT sofware infrastructure for Ambient Assisted Living,” in Proceedings of the 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1–8, Marrakech, Morocco, June 2015. | spa |
dc.relation.references | S. Charmonman and P. Mongkhonvanit, “Special consideration for Big Data in IoE or Internet of Everything,” in Proceedings of the 13th International Conference on ICT and Knowledge Engineering, ICT and KE 2015, pp. 147–150,Tailand, November 2015. | spa |
dc.relation.references | J. Granjal, E. Monteiro, and J. S´a Silva, “Security for the internet of things: a survey of existing protocols and open research issues,” IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1294–1312, 2015. | spa |
dc.relation.references | A. Zanella, N. Bui, A. P. Castellani, L. Vangelista, and M. Zorzi, “Internet of things for smart cities,” IEEE Internet of Tings Journal, vol. 1, no. 1, pp. 22–32, 2014 | spa |
dc.relation.references | R. Khan, S. U. Khan, and R. Zaheer, “Future internet: the internet of things architecture, possible applications and key challenges,” in Proceedings of the 10th International Conference on Frontiers of Information Technology (FIT’ 12), pp. 257–260, December 2012. | spa |
dc.relation.references | V. Beltran, A. F. Skarmeta, and P. M. Ruiz, “An ARMCompliant Architecture for User Privacy in Smart Cities: SMARTIE—Quality by Design in the IoT,” Wireless Communications and Mobile Computing, vol. 2017, Article ID 3859836, 13 pages, 2017. | spa |
dc.relation.references | Y. H. Hwang, “IoT security & privacy: Treats and challenges,” in Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security, IoTPTS 2015, p. 1, Singapore. | spa |
dc.relation.references | F. G´omez M´armol, M. Gil P´erez, and G. Mart´ınez P´erez, “I Don’t Trust ICT: Research Challenges in Cyber Security,” in Trust Management X, vol. 473 of IFIP Advances in Information and Communication Technology, pp. 129–136, Springer International Publishing, Cham, 2016. | spa |
dc.relation.references | S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Tings: the road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015. | spa |
dc.relation.references | I. Yaqoob, E. Ahmed, M. H. U. Rehman et al., “Te rise of ransomware and emerging security challenges in the Internet of Tings,” Computer Networks, vol. 129, pp. 444–458, 2017. | spa |
dc.relation.references | D. S. Lavrova, “An approach to developing the SIEM system for the Internet of Tings,” Automatic Control and Computer Sciences, vol. 50, no. 8, pp. 673–681, 2016. | spa |
dc.relation.references | P. Zegzhda, D. Zegzhda, M. Kalinin, A. Pechenkin, A. Minin, and D. Lavrova, “Safe integration of SIEM systems with Internet of Tings: Data aggregation, integrity control, and bioinspired safe routing,” in Proceedings of the 9th International Conference on Security of Information and Networks, SIN 2016, pp. 81–87, USA, July 2016. | spa |
dc.relation.references | G. Ho, D. Leung, P. Mishra, A. Hosseini, D. Song, and D. Wagner, “Smart locks: Lessons for securing commodity internet of things devices,” in Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 461–472, Xi’an, China, June 2016 | spa |
dc.relation.references | M. Woschek, “Owasp cheat sheets,” pp, vol. 315, p. 4, 2015, https://www.owasp.org/images/9/9a/OWASP Cheatsheets Book .pdf. | spa |
dc.relation.references | ISO/IEC, “ISO/IEC 27032:2012 - Information technologyˆa€”Security techniquesˆa€”Guidelines for cybersecurity,” https:// www.iso.org/standard/44375.html, 2012. | spa |
dc.relation.references | C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: mirai and other botnets,” IEEE Computer Society, vol. 50, no. 7, pp. 80–84, 2017 | spa |
dc.relation.references | A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy challenges in industrial internet of things,” in Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC ’15), pp. 1–6, IEEE, San Francisco, Calif, USA, June 2015. | spa |
dc.relation.references | A. O. Prokofev, Y. S. Smirnova, and V. A. Surov, “A method to detect Internet of Tings botnets,” in Proceedings of the 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 105–108, Moscow, January 2018. | spa |
dc.relation.references | V. Adat and B. B. Gupta, “Security in Internet of Tings: issues, challenges, taxonomy, and architecture,” Telecommunication Systems, vol. 67, no. 3, pp. 423–441, 2018. | spa |
dc.relation.references | ISO/IEC, “ISO/IEC 27000:2018 - Information technology-Security techniques-Information security management systemsOverview and vocabulary,” https://www.iso.org/standard/73906 .html, 2018. | spa |
dc.relation.references | S. Gupta, B. S. Chaudhari, and B. Chakrabarty, “Vulnerable network analysis using war driving and Security intelligence,” in Proceedings of the 2016 International Conference on Inventive Computation Technologies, ICICT 2016, India, August 2016 | spa |
dc.relation.references | J. R Vacca, Network and system security, S. Elliot, Ed., Syngress - Elsevier, 2014. | spa |
dc.relation.references | Y. Chahid, M. Benabdellah, and A. Azizi, “Internet of things security,” in Proceedings of the 2017 International Conference on Wireless Technologies, Embedded and Intelligent Systems, WITS 2017, Morocco, April 2017 | spa |
dc.relation.references | R. Van Rijswijk and E. Poll, “Using trusted execution environments in two–factor authentication: comparing approaches,” ser. Lecture Notes in Informatics. 1em plus 0.5em minus 0.4em Bonn, Germany: Gesellschaf for Informatik, 9 2013, pp. 20–31. | spa |
dc.relation.references | C. Doukas, I. Maglogiannis, V. Kouf, F. Malamateniou, and G. Vassilacopoulos, “Enabling data protection through PKI encryption in IoT m-Health devices,” in Proceedings of the 12th IEEE International Conference on BioInformatics and BioEngineering, BIBE 2012, pp. 25–29, November 2012. | spa |
dc.relation.references | W.-I. Bae and J. Kwak, “Smart card-based secure authentication protocol in multi-server IoT environment,” Multimedia Tools and Applications, pp. 1–19, 2017 | spa |
dc.relation.references | B. B. Zarpel˜ao, R. S. Miani, C. T. Kawakani, and S. C. de Alvarenga, “A survey of intrusion detection in Internet of Tings,” Journal of Network and Computer Applications, vol. 84, pp. 25–37, 2017 | spa |
dc.relation.references | W. Meng, “Intrusion Detection in the Era of IoT: Building Trust via Trafc Filtering and Sampling,” Te Computer Journal, vol. 51, no. 7, pp. 36–43, 2018. | spa |
dc.relation.references | I. Smith and D. Bailey, “IoT Security Guidelines for Endpoint Ecosystem,” GSM Association, Tech. Rep., 2016. [Online]. Available: https://www.gsma.com/iot/wp-content/uploads/2016/ 02/CLP.13-v1.0.pdf | spa |
dc.relation.references | P. Kasinathan, G. Costamagna, H. Khaleel, C. Pastrone, and M. A. Spirito, “Demo: An ids framework for internet of things empowered by 6lowpan,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer; Communications Security, pp. 1337–1340, 2013. | spa |
dc.relation.references | P. Nespoli and F. G´omez M´armol, “e-Health Wireless IDS with SIEM integration,” in IEEE Wireless Communications and Networking Conference (WCNC’18), Barcelona, Spain, 2018 | spa |
dc.relation.references | A. Sforzin, F. G. Marmol, M. Conti, and J. Bohli, “RPiDS: Raspberry Pi IDS — A Fruitful Intrusion Detection System for IoT,” in Proceedings of the 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), pp. 440–448, Toulouse, France, July 2016. | spa |
dc.relation.references | I. Kotenko and A. Chechulin, “Computer attack modeling and security evaluation based on attack graphs,” in Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems, IDAACS 2013, pp. 614–619, Germany, September 2013. | spa |
dc.relation.references | I. Kotenko and A. Chechulin, “Common Framework for Attack Modeling and Security Evaluation in SIEM Systems,” in Proceedings of the 2012 IEEE International Conference on Green Computing and Communications (GreenCom), pp. 94– 101, Besancon, France, November 2012. | spa |
dc.relation.references | G. Kambourakis, C. Kolias, and A. Stavrou, “Te Mirai botnet and the IoT Zombie Armies,” in Proceedings of the 2017 IEEE Military Communications Conference, MILCOM 2017, pp. 267– 272, USA, October 2017 | spa |
dc.relation.references | D. Geneiatakis, I. Kounelis, R. Neisse, I. Nai-Fovino, G. Steri, and G. Baldini, “Security and privacy issues for an IoT based smart home,” in Proceedings of the 40th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2017, pp. 1292–1297, Croatia, May 2017 | spa |
dc.relation.references | Z.-K. Zhang, M. C. Y. Cho, C.-W.Wang, C.-W. Hsu, C.-K. Chen, and S. Shieh, “IoT security: ongoing challenges and research opportunities,” in Proceedings of the 7th IEEE International Conference on Service-Oriented Computing and Applications (SOCA ’14), pp. 230–234, IEEE, Matsue, Japan, November 2014. | spa |
dc.relation.references | I. A. T. Hashem, I. Yaqoob, N. B. Anuar, S. Mokhtar, A. Gani, and S. Ullah Khan, “Te rise of ‘big data’ on cloud computing: review and open research issues,” Information Systems, vol. 47, pp. 98–115, 2015 | spa |
dc.relation.references | G. Shpantzer, “Implementing hardware roots of trust: Te trusted platform module comes of age,” SANS Whitepaper, 2013. [Online]. Available: https://trustedcomputinggroup.org/ wp-content/uploads/SANS-Implementing-Hardware-Roots-ofTrust.pdf. | spa |
dc.relation.references | S. A. Mirheidari, S. Arshad, and R. Jalili, “Alert Correlation Algorithms: A Survey and Taxonomy,” in Cyberspace Safety and Security, vol. 8300 of Lecture Notes in Computer Science, pp. 183– 197, Springer International Publishing, Cham, 2013. | spa |
dc.relation.references | P. Cichonski, T. Millar, T. Grance, and K. Scarfone, “Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology,” National Institute of Standards and Technology NIST SP 800-61r2, 2012. | spa |
dc.relation.references | D. D´ıaz-L´opez, G. D´olera-Tormo, F. G´omez-M´armol, and G. Mart´ınez-P´erez, “Dynamic counter-measures for risk-based access control systems: An evolutive approach,” Future Generation Computer Systems, vol. 55, pp. 321–335, 2016. | spa |
dc.relation.references | P. Nespoli, D. Papamartzivanos, F. G. Marmol, and G. Kambourakis, “Optimal countermeasures selection against cyber attacks: A comprehensive survey on reaction frameworks,” IEEE Communications Surveys & Tutorials, 2017. | spa |
dc.relation.references | P. H. Gregory, ISSP guide to security essentials, vol. 12, Cengage Learning, 2014. | spa |
dc.relation.references | Alienvault, “Insider’s guide to Incident Response,” https://www .alienvault.com/resource-center/ebook/insider-guide-to-incidentresponse-download, 2017 | spa |
dc.relation.references | E. Tittle, J. M. Stewart, and M. Chapple, CISSP: Certifed Information Systems Security Professional Study Guide, vol. 7, John Wiley Sons, 2012. | spa |
dc.relation.references | S. Perumal, N. Md Norwawi, and V. Raman, “Internet of Tings(IoT) digital forensic investigation model: Top-down forensic approach methodology,” in Proceedings of the 5th International Conference on Digital Information Processing and Communications, ICDIPC 2015, pp. 19–23, Switzerland, October 2015. | spa |
dc.relation.references | RSA, “Two-Factor Authentication Is a Must for Mobile,” 2016. [Online]. Available: https://www.rsa.com/en-us/blog/2016- 06/two-factor-authentication-is-a-must-for-mobile | spa |
dc.relation.references | A. Soro, A. H. Ambe, and M. Brereton, “Minding the gap: Reconciling human and technical perspectives on the IoT for healthy ageing,” Wireless Communications and Mobile Computing, vol. 2017, 2017 | spa |
dc.rights.accessrights | info:eu-repo/semantics/openAccess | spa |
dc.rights.creativecommons | Atribución 4.0 Internacional (CC BY 4.0) | spa |
dc.subject.armarc | Internet de las cosas | spa |
dc.subject.armarc | Seguridad informática | spa |
dc.subject.armarc | Computer security | eng |
dc.subject.armarc | LOT | eng |
dc.subject.proposal | Internet of Things | eng |
dc.subject.proposal | Ciberseguridad | spa |
dc.type.coar | http://purl.org/coar/resource_type/c_2df8fbb1 | spa |
dc.type.content | Text | spa |
dc.type.driver | info:eu-repo/semantics/article | spa |
dc.type.redcol | http://purl.org/redcol/resource_type/ART | spa |
Ficheros en el ítem
Este ítem aparece en la(s) siguiente(s) colección(ones)
-
AD - CTG – Informática [76]
Clasificación B- Convocatoria 2018
Excepto si se señala otra cosa, la licencia del ítem se describe como Copyright © 2018 Daniel D´ıaz L´opez et al. Tis is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.