1 research outputs found
Deployment Optimization of IoT Devices through Attack Graph Analysis
The Internet of things (IoT) has become an integral part of our life at both
work and home. However, these IoT devices are prone to vulnerability exploits
due to their low cost, low resources, the diversity of vendors, and proprietary
firmware. Moreover, short range communication protocols (e.g., Bluetooth or
ZigBee) open additional opportunities for the lateral movement of an attacker
within an organization. Thus, the type and location of IoT devices may
significantly change the level of network security of the organizational
network. In this paper, we quantify the level of network security based on an
augmented attack graph analysis that accounts for the physical location of IoT
devices and their communication capabilities. We use the depth-first branch and
bound (DFBnB) heuristic search algorithm to solve two optimization problems:
Full Deployment with Minimal Risk (FDMR) and Maximal Utility without Risk
Deterioration (MURD). An admissible heuristic is proposed to accelerate the
search. The proposed method is evaluated using a real network with simulated
deployment of IoT devices. The results demonstrate (1) the contribution of the
augmented attack graphs to quantifying the impact of IoT devices deployed
within the organization on security, and (2) the effectiveness of the optimized
IoT deployment