摘要
为解决物联网漏洞数量规模巨大、分类方法欠缺问题,针对已有漏洞分类方法应用于物联网漏洞存在覆盖不完全、交叉重叠现象严重的现状,提出从物联网设备、同源跨平台漏洞以及漏洞的影响效果和漏洞利用复杂度3个维度对物联网漏洞进行科学分类的方法——VCECI。首先研究传统漏洞分类方法的特点和物联网产品研发固有特点,分析物联网漏洞分类不完善的原因。其次,对VCECI方法定量和定性相结合的分类过程进行深入论述。最后,结合实验分析该方法的应用效果。实验结果表明,VCECI方法对物联网漏洞具有较好的标识和去重能力,能够有效表示物联网漏洞的异构多样性特点。
In order to solve the problem of large number of IoT vulnerabilities and the lack of classification methods,aiming at the current situation that the existing vulnerability classification methods are applied to the IoT,the coverage of the vulnerabilities is imcomplete,and the overlaps are serious,the scientific classification of the IoT vulnerabilities from the three dimensions of the IoT devices,homogeneous crossplatform vulnerabilities,and the impact of vulnerability and the complexity of vulnerability exploitation—VCECI is proposed.First,the characteristics of traditional vulnerability classification methods and the inherent characteristics of the research and development of IoT products are explored,and the reasons for the incomplete classification of IoT vulnerability analyzed.Then,the classification process based on the quantitative and qualitative combination of VCECI method is discussed in depth.Finally,the application effect of this method is analyzed with experiments.The experimental results indicate that the VCECI method has better identification and deduplication capabilities for IoT vulnerabilities,and can effectively represent the heterogeneous and diverse characteristics of IoT vulnerabilities.
作者
兰昆
朱治丞
张宇光
LAN Kun;ZHU Zhi-cheng;ZHANG Yu-guang(No.30 Institute of CETC,Chengdu,Sichuan 610041,China)
出处
《通信技术》
2020年第2期461-468,共8页
Communications Technology
基金
军委装备发展部装备预研领域基金(No.61403120502)~~
关键词
物联网
漏洞
同源
跨平台
分类
IoT(Internet of Things)
vulnerability
homogeneous
cross-platform
classification
