Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.7
Journals
Applied Sciences
Special Issues
Information Security Technology for the Internet of Things
share announcement

Information Security Technology for the Internet of Things

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: 20 July 2024 | Viewed by 1003

Special Issue Editors

Dr. Cheng Huang

E-Mail Website
Guest Editor
School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China
Interests: data-driven security; network security; threat intelligence
Special Issues, Collections and Topics in MDPI journals
Dr. Weina Niu

E-Mail Website
Guest Editor
Institute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology, Chengdu, China
Interests: software security; network security
Dr. Libin Yang

E-Mail Website
Guest Editor
School of Cybersecurity, Northwestern Polytechnical University, Xi’an 710072, China
Interests: Internet of Things; cyber security; federated learning
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

With the rapid development of the Internet of Things (IoT), information security issues have become increasingly severe. A large number of IoT devices being connected to a network provides a huge attack surface for network attacks and information leaks. Many researchers have aimed to utilize the latest techniques to achieve effective information security defense for the IoT. Many advanced methods such as natural language processing, information theory, and artificial intelligence techniques have already been widely used in specific areas. However, due to how rapidly the technology is evolving and new situations are being created, there are still many unsolved issues, such as IoT device security detection, threat intelligence extraction, malware classification, and attack attribution.

Therefore, this Special Issue intends to explore new approaches and perspectives on IoT security topics. This Special Issue will focus on (but is not limited to) the following topics:

  • IoT device security detection;
  • IoT threat intelligence extraction;
  • IoT system malware classification; 
  • IoT system or network attack attribution;
  • IoT system vulnerability mining and analysis;
  • IoT privacy data leak detection and classification;
  • IoT social network analysis.

Dr. Cheng Huang
Dr. Weina Niu
Dr. Libin Yang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • IoT security technology
  • network security
  • system security
  • privacy security
  • social network analysis

Published Papers (1 paper)

Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

20 pages, 1822 KiB  
Article
A Vulnerability Scanning Method for Web Services in Embedded Firmware
by Xiaocheng Ma, Chenyv Yan, Yunchao Wang, Qiang Wei and Yunfeng Wang
Appl. Sci. 2024, 14(6), 2373; https://doi.org/10.3390/app14062373 - 12 Mar 2024
Viewed by 630
Abstract
As the Internet of Things (IoT) era arrives, the proliferation of IoT devices exposed to the Internet presents a significant challenge to device security. Firmware is software that operates within Internet of Things (IoT) devices, directly governing their behaviors and functionalities. Consequently, the [...] Read more.
As the Internet of Things (IoT) era arrives, the proliferation of IoT devices exposed to the Internet presents a significant challenge to device security. Firmware is software that operates within Internet of Things (IoT) devices, directly governing their behaviors and functionalities. Consequently, the security of firmware is critical to shielding IoT devices from potential threats. In order to enable users to operate a device intuitively, firmware commonly provides a web interface. Consequently, this interface frequently serves as the primary attack goal in Internet of Things (IoT) devices, rendering them susceptible to numerous cyber-attacks. Unfortunately, web services have complex data interactions and implicit dependencies, and it is not easy to balance efficiency and accuracy during the analysis process, leading to heavy overhead. This paper proposes a lightweight vulnerability scanning approach, WFinder, designed explicitly for embedded firmware web services to perform vulnerability checks on backend binary files in firmware. WFinder uses static analysis to focus on identifying vulnerabilities in boundary binary files related to web services in firmware. Initially, the approach identifies boundary binary files and external data entry points based on front-end and back-end associativity features. Subsequently, rules are formulated to filter hazardous functions to narrow the analysis targets. Finally, the method generates sensitive call paths from the external data input points to the hazardous functions and conducts a lightweight taint analysis along these paths to uncover potential vulnerabilities. We implemented a prototype of WFinder and evaluated it on the firmware of ten devices from five well-known manufacturers. We discovered thirteen potential vulnerabilities, eight of which were confirmed by the CNVD, and assigned them CNVD identification numbers. Compared with the most advanced tool, SATC, WFinder was more efficient at discovering more bugs on the test set. These results indicate that WFinder is effective at detecting bugs in embedded web services. Full article
(This article belongs to the Special Issue Information Security Technology for the Internet of Things)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-1
Back to TopTop