{"id":"https://openalex.org/W3090090064","doi":"https://doi.org/10.1109/icccn49398.2020.9209626","title":"IoT-APIScanner: Detecting API Unauthorized Access Vulnerabilities of IoT Platform","display_name":"IoT-APIScanner: Detecting API Unauthorized Access Vulnerabilities of IoT Platform","publication_year":2020,"publication_date":"2020-08-01","ids":{"openalex":"https://openalex.org/W3090090064","doi":"https://doi.org/10.1109/icccn49398.2020.9209626","mag":"3090090064"},"language":"en","primary_location":{"id":"doi:10.1109/icccn49398.2020.9209626","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn49398.2020.9209626","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 29th International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084959758","display_name":"Yilian Li","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yilian Li","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","School of Communication Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629"]},{"raw_affiliation_string":"School of Communication Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048531636","display_name":"Yiyu Yang","orcid":"https://orcid.org/0000-0002-7452-3934"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiyu Yang","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023146129","display_name":"Xiao Yu","orcid":"https://orcid.org/0000-0002-5632-5782"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]},{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiao Yu","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044624867","display_name":"Ting Yang","orcid":"https://orcid.org/0000-0002-8182-0195"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I34155123","display_name":"Hebei University of Science and Technology","ror":"https://ror.org/05h3pkk68","country_code":"CN","type":"education","lineage":["https://openalex.org/I34155123"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Yang","raw_affiliation_strings":["College of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang, China","National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"College of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang, China","institution_ids":["https://openalex.org/I34155123"]},{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100527955","display_name":"Dong Li-hua","orcid":null},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lihua Dong","raw_affiliation_strings":["School of Communication Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"School of Communication Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100368544","display_name":"Wenjie Wang","orcid":"https://orcid.org/0000-0003-3276-9298"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenjie Wang","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese of Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5084959758"],"corresponding_institution_ids":["https://openalex.org/I149594827","https://openalex.org/I4210108629"],"apc_list":null,"apc_paid":null,"fwci":1.0607,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.77109941,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":93,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.9281591176986694},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.8003500699996948},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7730135917663574},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6466909646987915},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.6251071691513062},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5852946639060974},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.436271607875824},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.37959757447242737},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.35987961292266846},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26851189136505127}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.9281591176986694},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.8003500699996948},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7730135917663574},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6466909646987915},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.6251071691513062},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5852946639060974},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.436271607875824},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.37959757447242737},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.35987961292266846},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26851189136505127},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icccn49398.2020.9209626","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn49398.2020.9209626","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 29th International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1974350516","https://openalex.org/W2088673953","https://openalex.org/W2399187981","https://openalex.org/W2601292847","https://openalex.org/W2604900212","https://openalex.org/W2605367183","https://openalex.org/W2791710451","https://openalex.org/W2792078641","https://openalex.org/W2794648377","https://openalex.org/W2963580520","https://openalex.org/W3014583938","https://openalex.org/W3099668644","https://openalex.org/W4249039926","https://openalex.org/W6696082722"],"related_works":["https://openalex.org/W2374086689","https://openalex.org/W3176279093","https://openalex.org/W2373945265","https://openalex.org/W2370203001","https://openalex.org/W1912565424","https://openalex.org/W2374393728","https://openalex.org/W2392916544","https://openalex.org/W2124367090","https://openalex.org/W1992436224","https://openalex.org/W2386396757"],"abstract_inverted_index":{"The":[0,14],"Internet":[1],"of":[2,30,50,79,101,114,138,160,170,178,203],"Things":[3],"enables":[4],"interaction":[5],"between":[6,117],"IoT":[7,32,39,42,118,140],"devices":[8,40,80],"and":[9,24,41,81,120,126,142],"users":[10,66],"through":[11,44],"the":[12,28,31,34,47,51,77,89,98,102,124,136,139,158,161,176,192],"cloud.":[13,82],"cloud":[15,35,69,103],"provides":[16,36],"services":[17,37],"such":[18],"as":[19],"account":[20],"monitoring,":[21],"device":[22,25],"management,":[23],"control.":[26],"As":[27],"center":[29],"platform,":[33],"to":[38,67,88,96,197],"applications":[43],"APIs.":[45,173],"Therefore,":[46],"permission":[48,99,181,195],"verification":[49,100,182,196],"API":[52,147,193],"is":[53,110],"essential.":[54],"However,":[55],"we":[56,91,107,130,154,166],"found":[57,108],"that":[58,188],"some":[59],"APIs":[60,125,179],"are":[61],"unverified,":[62],"which":[63,122],"allows":[64],"unauthorized":[65,86],"access":[68,87],"resources":[70],"or":[71,201],"control":[72,202],"devices;":[73],"it":[74],"could":[75,190],"threaten":[76],"security":[78],"To":[83],"check":[84,97,157],"for":[85,145],"API,":[90],"developed":[92],"IoT-APIScanner,":[93],"a":[94,111,168],"framework":[95],"API.":[104,162],"Through":[105,150],"observation,":[106],"there":[109],"large":[112],"amount":[113],"interactive":[115],"information":[116],"application":[119],"cloud,":[121],"include":[123],"related":[127],"parameters,":[128],"so":[129],"can":[131,155],"extract":[132],"them":[133],"by":[134],"analyzing":[135],"code":[137],"application,":[141],"use":[143,191],"this":[144],"mutating":[146],"test":[148,152],"cases.":[149],"these":[151],"cases,":[153],"effectively":[156],"permissions":[159],"In":[163],"our":[164],"research,":[165],"extracted":[167],"total":[169],"5":[171],"platform":[172],"Among":[174],"them,":[175],"proportion":[177],"without":[180,194],"reached":[183],"13.3%.":[184],"Our":[185],"research":[186],"shows":[187],"attackers":[189],"obtain":[198],"user":[199],"privacy":[200],"devices.":[204]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}