{"id":"https://openalex.org/W4404787932","doi":"https://doi.org/10.1109/jiot.2024.3506976","title":"An Empirical Study of High-Risk Vulnerabilities in IoT Systems","display_name":"An Empirical Study of High-Risk Vulnerabilities in IoT Systems","publication_year":2024,"publication_date":"2024-11-27","ids":{"openalex":"https://openalex.org/W4404787932","doi":"https://doi.org/10.1109/jiot.2024.3506976"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2024.3506976","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2024.3506976","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100693928","display_name":"Xiang Chen","orcid":"https://orcid.org/0009-0007-2895-7356"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiang Chen","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040120584","display_name":"Changlin Yang","orcid":"https://orcid.org/0000-0003-1352-7429"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Changlin Yang","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065097911","display_name":"Yuhong Nan","orcid":"https://orcid.org/0000-0001-9597-9888"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuhong Nan","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012731436","display_name":"Zibin Zheng","orcid":"https://orcid.org/0000-0001-7872-7718"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zibin Zheng","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100693928"],"corresponding_institution_ids":["https://openalex.org/I157773358"],"apc_list":null,"apc_paid":null,"fwci":1.3735,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.83382342,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"12","issue":"2","first_page":"1590","last_page":"1601"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.8425999879837036,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.8425999879837036,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8411999940872192,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.7886999845504761,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7773380279541016},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.48960405588150024},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47922569513320923},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.44737234711647034},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.38706591725349426},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12748372554779053}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7773380279541016},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.48960405588150024},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47922569513320923},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.44737234711647034},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.38706591725349426},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12748372554779053},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2024.3506976","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2024.3506976","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1849465935","display_name":null,"funder_award_id":"62202510","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W327452528","https://openalex.org/W1611084195","https://openalex.org/W1761184020","https://openalex.org/W2104577574","https://openalex.org/W2120077409","https://openalex.org/W2134295053","https://openalex.org/W2320629841","https://openalex.org/W2339519091","https://openalex.org/W2588751531","https://openalex.org/W2591728639","https://openalex.org/W2605404816","https://openalex.org/W2619405973","https://openalex.org/W2790360011","https://openalex.org/W2800306076","https://openalex.org/W2969468102","https://openalex.org/W2972103753","https://openalex.org/W2995340752","https://openalex.org/W3004171232","https://openalex.org/W3007018545","https://openalex.org/W3014765529","https://openalex.org/W3015818873","https://openalex.org/W3028311012","https://openalex.org/W3030612835","https://openalex.org/W3033053557","https://openalex.org/W3111143909","https://openalex.org/W3148356943","https://openalex.org/W3160783671","https://openalex.org/W3175406676","https://openalex.org/W3185902186","https://openalex.org/W4200058614","https://openalex.org/W4243214423","https://openalex.org/W4285490477","https://openalex.org/W4285490487","https://openalex.org/W4308643087","https://openalex.org/W4313529598","https://openalex.org/W4387321725"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4245926026","https://openalex.org/W4311097251","https://openalex.org/W2586548817","https://openalex.org/W2390279801","https://openalex.org/W2625093826","https://openalex.org/W4391913857","https://openalex.org/W2358668433"],"abstract_inverted_index":{"Internet":[0],"of":[1,41,51,134,163],"Things":[2],"(IoT)":[3],"systems":[4],"are":[5,16],"increasingly":[6],"widespread":[7],"across":[8],"various":[9],"fields.":[10],"Concurrently,":[11],"vulnerabilities":[12,44,59,78,108,137,151,158],"in":[13,178],"IoT":[14,35,52,58,77,107,180,196],"devices":[15],"continuously":[17],"emerging,":[18],"potentially":[19],"leading":[20],"to":[21,146,193],"severe":[22,66],"consequences,":[23],"such":[24,65,84],"as":[25,85],"information":[26,82],"leakage,":[27],"system":[28,36],"failure,":[29],"or":[30,67,90],"even":[31],"resource":[32],"abuse.":[33],"For":[34],"developers,":[37],"understanding":[38],"the":[39,49,100,111,117,126,140,156,195],"characteristics":[40],"these":[42],"critical":[43,68],"is":[45,123],"crucial":[46],"for":[47,152,191],"safeguarding":[48],"security":[50],"systems.":[53],"However,":[54],"existing":[55],"studies":[56],"on":[57,64,80,105,110,186],"have":[60],"not":[61],"specifically":[62],"focused":[63],"vulnerabilities,":[69],"i.e.,":[70,116],"high-risk":[71,106,150,157],"vulnerabilities.":[72,181],"Moreover,":[73],"previous":[74],"works":[75],"analyzed":[76],"based":[79,109],"unofficial":[81],"sources,":[83],"online":[86],"reports,":[87],"GitHub":[88],"issues,":[89],"open-sourced":[91],"projects.":[92],"To":[93],"fill":[94],"this":[95,97],"gap,":[96],"article":[98],"presents":[99],"first":[101],"large-scale":[102],"empirical":[103],"study":[104,183],"well-known":[112],"vulnerability":[113,119],"data":[114],"source,":[115],"national":[118],"database":[120,132],"(NVD),":[121],"which":[122],"maintained":[124],"by":[125],"U.S.":[127],"government.":[128],"We":[129,154,168],"constructed":[130],"a":[131],"consisting":[133,162],"1739":[135],"IoT-related":[136],"archived":[138],"over":[139],"last":[141],"two":[142],"decades":[143],"(from":[144],"1999":[145],"2023),":[147],"including":[148],"1076":[149],"analysis.":[153],"classified":[155],"into":[159],"four":[160],"categories,":[161],"25":[164],"different":[165],"weakness":[166],"types.":[167],"further":[169],"collected":[170],"11":[171],"detection":[172],"tools":[173],"and":[174,189],"summarized":[175],"their":[176],"capabilities":[177],"detecting":[179],"Our":[182],"sheds":[184],"lights":[185],"new":[187],"findings":[188],"insights":[190],"developers":[192],"secure":[194],"system.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}