Research On IoT Device Vulnerability Assessment Method Based On Vulnerability Keyword Matching

In recent years,due to the large number of Internet of Things devices and weak security mechanisms,Internet of Things devices have become an ideal target for network hackers.As a new hotspot,Internet of Things security has received wide attention from academia and industry.Because of the difficulty in patching and updating devices for the Internet of Things and the slow replacement of devices,a large number of Internet of Things devices have security vulnerabilities.Therefore,vulnerability assessment for TCP/IP-based devices in the Internet of Things has important research value and practical significance.At present,vulnerability scanning for Internet of Things devices mainly has the problems of incomplete acquisition of device information and inaccurate vulnerability matching.In order to solve the above problems,this paper conducts research on vulnerability assessment methods for Internet of Things devices based on vulnerability keyword matching.The main research contents and results are as follows:(1)A vulnerability keyword extraction method based on natural language processing is studied.To solve the problems in vulnerability keyword extraction,first,extract keywords such as protocol software name by establishing rule base and using keyword extraction method based on named entity recognition;Secondly,the reasons why the current common keyword extraction methods are not suitable for unstructured vulnerability summary text are analyzed.A keyword extraction method based on syntax structure analysis is proposed,and a custom tokenizer and a keyword block extraction scheme are designed.By combining the constituency parsing and dependency parsing,the dependency drift problem of long text is solved,and keywords such as dangerous function name are extracted.Finally,the basic method is compared with the dependency parsing based keyword extraction method by experiments,and the method proposed in this paper can improve the accuracy of keyword extraction.At the same time,the extraction accuracy of this method is higher than that of Semfuzz and E.W(?)reus,which verifies the validity of this method.(2)A hierarchical matching algorithm based on vulnerability keywords is studied.Firstly,by analyzing the limitations of existing vulnerability matching algorithms,a hierarchical matching algorithm for Internet of Things devices is proposed,which is divided into exact matching and fuzzy matching.The exact matching method matches ac-curately according to the order of CPE three elements.It uses the tree representation of version number and compares them in blocks to solve the problem of inaccurate matching caused by the special representation of version number of Io T devices.The fuzzy matching method calculates the matching contribution based on the key words matched to each vulnerability entry,and then outputs the matching result from the largest to the smallest contribution score.Experiments show that the exact matching method is faster than the classical multi-mode matching algorithm AC algorithm in matching speed.The fuzzy matching method is more accurate in matching results than the fuzzy matching algorithm represented by Vulscan.(3)A vulnerability assessment framework for Internet of Things devices based on vulnerability keyword matching is designed and implemented.The framework includes a multi-source information acquisition module,a vulnerability assessment module based on vulnerability keyword matching,and a vulnerability base for Internet of Things devices.The multi-source information acquisition module uses Nmap scanning,Web crawling and custom script scanning to obtain device information such as manufacturer name,device model,etc.The vulnerability assessment module based on vulnerability keyword matching matches multi-source information with vulnerability data in the vulnerability base of Internet of Things devices through a hierarchical matching algorithm to get accurate matching results and fuzzy matching results.This framework verifies the validity of the vulnerability assessment framework proposed in this paper by comparing it with Vulners and Vulscan of Nmap tool on 19 real Io T devices of 5 categories.