IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion

Zhang Shuqin; Bai Guangyao; Li Hong; Zhang Minzhi

doi:10.7544/issn1000-1239.20210954

Journal of Computer Research and Development > 2022 > 59(12): 2735-2749. > DOI: 10.7544/issn1000-1239.20210954 CSTR: 32373.14.issn1000-1239.20210954

Zhang Shuqin, Bai Guangyao, Li Hong, Zhang Minzhi. IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion[J]. Journal of Computer Research and Development, 2022, 59(12): 2735-2749. DOI: 10.7544/issn1000-1239.20210954

Citation:

PDF (5997 KB)

IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion

¹(College of Computer Science, Zhongyuan University of Technology, Zhengzhou 450007)
²(Key Laboratory of Internet of Things Information Security Technology(Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

Funds: This work was supported by the Key Program Research Fund of Higher Education of Henan Province (21A520053, 19A520048) and the Science and Technique Foundation of Henan Province (182102210526).

More Information

Published Date: November 30, 2022

Graphical Abstract

Abstract

Abstract

With the development of the information technology industry and the increase of the number of IoT devices, the difficulty and complexity of IoT security defense are rising continuously. Major security incidents for IoT and the supply chain occur frequently, which reveals the complexity of the security management of the IoT supply chain. Nowadays, there are kinds of public knowledge bases about information security which can be used for the IoT security threat analysis. However, the heterogeneity of these knowledge bases makes it difficult for threat assessment. Aiming at improving the capabilities of threat elements assessment of IoT security, which used disclosed threat events, we exploit multiple information security knowledge bases, integrate the sources of security knowledge which the defenders are concerned about, and the tactics, attack patterns, attack techniques of attackers into a unified relational mapping linkages graph knowledge base. An IoT security ontology, namely, Risk Analysis of IoT Supply Chain Ontology (RIoTSCO) is constructed. Based on RIoTSCO, the inference rules of IoT security are defined to establish the semantic relationship among the knowledge bases of IoT security which can solve the semantic heterogeneity of multi-source knowledge. Meanwhile, based on the IoT security knowledge reasoning method proposed above in this paper, we conduct a security threat assessment on an IoT supply chain scenario. Moreover, RIoTSCO can also automatically infer mitigations in respond to threats, and describe the overall perspective of the inbound and outbound supply chain intelligences related to the threat events.
- IoT security,
- supply chain security,
- threat analysis,
- ontology,
- knowledge reasoning,
- inference rule

FullText(HTML)

References (0)

[1]	Lai Baoqiang, Li Zheng, Zhao Ruilian, Guo Junxia. Context-Aware Based API Recommendation with Diversity[J]. Journal of Computer Research and Development, 2023, 60(10): 2335-2347. DOI: 10.7544/issn1000-1239.202220317
[2]	Tang Dan, Cai Hongliang, Geng Wei. Decoding Method of Reed-Solomon Erasure Codes[J]. Journal of Computer Research and Development, 2022, 59(3): 582-596. DOI: 10.7544/issn1000-1239.20210575
[3]	Zhang Bing, Wen Zheng, Wei Xiaoyu, Ren Jiadong. InterDroid: An Interpretable Android Malware Detection Method for Conceptual Drift[J]. Journal of Computer Research and Development, 2021, 58(11): 2456-2474. DOI: 10.7544/issn1000-1239.2021.20210560
[4]	Yang Wang, Gao Mingzhe, Jiang Ting. A Malicious Code Static Detection Framework Based on Multi-Feature Ensemble Learning[J]. Journal of Computer Research and Development, 2021, 58(5): 1021-1034. DOI: 10.7544/issn1000-1239.2021.20200912
[5]	Guo Jinyang, Shao Chuanming, Wang Jing, Li Chao, Zhu Haojin, Guo Minyi. Programming and Developing Environment for FPGA Graph Processing: Survey and Exploration[J]. Journal of Computer Research and Development, 2020, 57(6): 1164-1178. DOI: 10.7544/issn1000-1239.2020.20200106
[6]	Zheng Zhen, Zhai Jidong, Li Yan, Chen Wenguang. Workload Analysis for Typical GPU Programs Using CUPTI Interface[J]. Journal of Computer Research and Development, 2016, 53(6): 1249-1262. DOI: 10.7544/issn1000-1239.2016.20148354
[7]	Jiao Sibei, Ying Lingyun, Yang Yi, Cheng Yao, Su Purui, and Feng Dengguo. An Anti-Obfuscation Method for Detecting Similarity Among Android Applications in Large Scale[J]. Journal of Computer Research and Development, 2014, 51(7): 1446-1457.
[8]	Dong Longming, Wang Ji, Chen Liqian, Dong Wei. Memory Leak Detection for Heap-Manipulating Programs Based on Local Heap Abstraction[J]. Journal of Computer Research and Development, 2012, 49(9): 1832-1842.
[9]	Ma Peijun, Wang Tiantian, and Su Xiaohong. Automatic Grading of Student Programs Based on Program Understanding[J]. Journal of Computer Research and Development, 2009, 46(7): 1136-1142.
[10]	Wang Zhaofei and Huang Chun. Static Detection of Deadlocks in OpenMP Fortran Programs[J]. Journal of Computer Research and Development, 2007, 44(3).