{"id":"https://openalex.org/W4312548370","doi":"https://doi.org/10.1109/tmc.2022.3231567","title":"Towards System-Level Security Analysis of IoT Using Attack Graphs","display_name":"Towards System-Level Security Analysis of IoT Using Attack Graphs","publication_year":2022,"publication_date":"2022-12-22","ids":{"openalex":"https://openalex.org/W4312548370","doi":"https://doi.org/10.1109/tmc.2022.3231567"},"language":"en","primary_location":{"id":"doi:10.1109/tmc.2022.3231567","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tmc.2022.3231567","pdf_url":null,"source":{"id":"https://openalex.org/S69141925","display_name":"IEEE Transactions on Mobile Computing","issn_l":"1536-1233","issn":["1536-1233","1558-0660","2161-9875"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Mobile Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067263284","display_name":"Zheng Fang","orcid":"https://orcid.org/0000-0002-0698-5731"},"institutions":[{"id":"https://openalex.org/I4210114444","display_name":"Meta (United States)","ror":"https://ror.org/01zbnvs85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210114444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zheng Fang","raw_affiliation_strings":["Meta Platforms, Inc., Menlo Park, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-0698-5731","affiliations":[{"raw_affiliation_string":"Meta Platforms, Inc., Menlo Park, CA, USA","institution_ids":["https://openalex.org/I4210114444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033189459","display_name":"Hao Fu","orcid":"https://orcid.org/0000-0002-8003-0212"},"institutions":[{"id":"https://openalex.org/I4210114444","display_name":"Meta (United States)","ror":"https://ror.org/01zbnvs85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210114444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hao Fu","raw_affiliation_strings":["Meta Platforms, Inc., Menlo Park, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-8003-0212","affiliations":[{"raw_affiliation_string":"Meta Platforms, Inc., Menlo Park, CA, USA","institution_ids":["https://openalex.org/I4210114444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109946639","display_name":"Tianbo Gu","orcid":null},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tianbo Gu","raw_affiliation_strings":["Department of Computer Science, University of California, Davis, Davis, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100703619","display_name":"Pengfei Hu","orcid":"https://orcid.org/0000-0002-7935-886X"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Pengfei Hu","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0000-0002-7935-886X","affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078861586","display_name":"Jinyue Song","orcid":"https://orcid.org/0000-0003-1286-5602"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinyue Song","raw_affiliation_strings":["Department of Computer Science, University of California, Davis, Davis, CA, USA"],"raw_orcid":"https://orcid.org/0000-0003-1286-5602","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055045569","display_name":"Trent Jaeger","orcid":"https://orcid.org/0000-0002-4964-1170"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Trent Jaeger","raw_affiliation_strings":["Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA","Department of Computer Science and Engineering, The Pennsylvania State University, University Park, PA, USA"],"raw_orcid":"https://orcid.org/0000-0002-4964-1170","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, The Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086439160","display_name":"Prasant Mohapatra","orcid":"https://orcid.org/0000-0002-2768-5308"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Prasant Mohapatra","raw_affiliation_strings":["Department of Computer Science, University of California, Davis, Davis, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-2768-5308","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5067263284"],"corresponding_institution_ids":["https://openalex.org/I4210114444"],"apc_list":null,"apc_paid":null,"fwci":0.7429,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.69862328,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"23","issue":"2","first_page":"1142","last_page":"1155"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9951000213623047,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8165183067321777},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6874327063560486},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.6165002584457397},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.4106466472148895},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.358737587928772},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3570128083229065},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11781081557273865}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8165183067321777},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6874327063560486},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.6165002584457397},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.4106466472148895},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.358737587928772},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3570128083229065},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11781081557273865}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tmc.2022.3231567","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tmc.2022.3231567","pdf_url":null,"source":{"id":"https://openalex.org/S69141925","display_name":"IEEE Transactions on Mobile Computing","issn_l":"1536-1233","issn":["1536-1233","1558-0660","2161-9875"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Mobile Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.4399999976158142}],"awards":[{"id":"https://openalex.org/G8000996158","display_name":null,"funder_award_id":"W911NF-13-2-0045","funder_id":"https://openalex.org/F4320338456","funder_display_name":"DEVCOM Army Research Laboratory"}],"funders":[{"id":"https://openalex.org/F4320338456","display_name":"DEVCOM Army Research Laboratory","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W1508191694","https://openalex.org/W1987264479","https://openalex.org/W2054127354","https://openalex.org/W2100033648","https://openalex.org/W2104588447","https://openalex.org/W2110908300","https://openalex.org/W2121805588","https://openalex.org/W2123442489","https://openalex.org/W2150802402","https://openalex.org/W2180970301","https://openalex.org/W2686848947","https://openalex.org/W2753873057","https://openalex.org/W2890188242","https://openalex.org/W2890559797","https://openalex.org/W2896143299","https://openalex.org/W2983277367","https://openalex.org/W3023694122","https://openalex.org/W3042771014","https://openalex.org/W3047333263","https://openalex.org/W3092161373","https://openalex.org/W3103269073","https://openalex.org/W3107210824","https://openalex.org/W3136780060","https://openalex.org/W4294170691","https://openalex.org/W4295123670","https://openalex.org/W6628508383","https://openalex.org/W6635235395","https://openalex.org/W6678042037","https://openalex.org/W6692650605","https://openalex.org/W6713987737","https://openalex.org/W6744196339","https://openalex.org/W6751184934","https://openalex.org/W6766830175","https://openalex.org/W6779684038"],"related_works":["https://openalex.org/W2934770324","https://openalex.org/W2371072962","https://openalex.org/W4245327557","https://openalex.org/W2603730437","https://openalex.org/W1988877548","https://openalex.org/W2997512100","https://openalex.org/W2580861877","https://openalex.org/W3188635106","https://openalex.org/W2766830182","https://openalex.org/W2116426048"],"abstract_inverted_index":{"Most":[0],"IoT":[1,4,10,20,42,71,80,109,121,138,157,203,208,243,248,295],"systems":[2,110,139,244],"involve":[3],"devices,":[5],"communication":[6,38],"protocols,":[7,39],"remote":[8],"cloud,":[9],"applications,":[11],"mobile":[12],"apps,":[13],"and":[14,40,92,114,126,140,171,177,212,231,250,260,288],"the":[15,30,85,195,270,278,290],"physical":[16,128],"environment.":[17],"However,":[18],"existing":[19],"security":[21,68],"analyses":[22],"only":[23,282],"focus":[24],"on":[25,161,194,201,206,246],"a":[26,61],"subset":[27],"of":[28,84,298],"all":[29,83],"essential":[31],"components,":[32],"such":[33],"as":[34,133],"device":[35,172],"firmware":[36],"or":[37],"ignore":[41],"systems'":[43],"interactive":[44],"nature,":[45],"resulting":[46],"in":[47,227],"limited":[48],"attack":[49,77,95,182,196,266,271,291],"detection":[50],"capabilities.":[51],"In":[52,97,149],"this":[53],"work,":[54],"we":[55,103,151,189],"propose":[56,190],"<sc":[57,73,99,164,216,235],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[58,74,100,165,217,236],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Iota</small>":[59,75,101,166,218,237],",":[60,102],"logic":[62],"programming-based":[63],"framework":[64,257],"to":[65,107,137,145,155,174,180,238,286],"perform":[66],"system-level":[67],"analysis":[69],"for":[70,79,111,120,293],"systems.":[72,204],"generates":[76],"graphs":[78],"systems,":[81],"showing":[82],"system":[86,279,296],"resources":[87],"that":[88,215,255],"can":[89],"be":[90],"compromised":[91],"enumerating":[93],"potential":[94],"traces.":[96],"building":[98],"design":[104],"novel":[105],"techniques":[106,154],"scan":[108],"individual":[112],"vulnerabilities":[113],"further":[115],"create":[116],"generic":[117],"exploit":[118,220],"models":[119],"vulnerabilities.":[122],"We":[123,233],"also":[124],"identify":[125],"model":[127],"dependencies":[129,173],"between":[130],"different":[131],"devices":[132],"they":[134],"are":[135,141,274],"unique":[136],"employed":[142],"by":[143,269,277],"adversaries":[144],"launch":[146],"complicated":[147],"attacks.":[148],"addition,":[150],"utilize":[152],"NLP":[153],"extract":[156],"app":[158,162],"semantics":[159],"based":[160,193,245],"descriptions.":[163],"automatically":[167],"translates":[168],"vulnerabilities,":[169],"exploits,":[170],"Prolog":[175],"clauses":[176],"invokes":[178],"MulVAL":[179],"construct":[181],"graphs.":[183],"To":[184],"evaluate":[185],"vulnerabilities'":[186,229],"system-wide":[187],"impact,":[188],"three":[191],"metrics":[192],"graph,":[197],"which":[198],"provide":[199],"guidance":[200],"hardening":[202],"Evaluation":[205],"127":[207],"CVEs":[209],"(Common":[210],"Vulnerabilities":[211],"Exposures)":[213],"shows":[214],"'s":[219],"modeling":[221],"module":[222],"achieves":[223],"over":[224],"80%":[225],"accuracy":[226],"predicting":[228],"preconditions":[230],"effects.":[232],"apply":[234],"37":[239],"synthetic":[240],"smart":[241],"home":[242],"real-world":[247],"apps":[249],"devices.":[251,300],"Experimental":[252],"results":[253],"show":[254],"our":[256],"is":[258],"effective":[259],"highly":[261],"efficient.":[262],"Among":[263],"27":[264],"shortest":[265],"traces":[267],"revealed":[268],"graphs,":[272],"62.8%":[273],"not":[275],"anticipated":[276],"administrator.":[280],"It":[281],"takes":[283],"1.2":[284],"seconds":[285],"generate":[287],"analyze":[289],"graph":[292],"an":[294],"consisting":[297],"50":[299]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2}],"updated_date":"2026-05-28T09:10:13.091523","created_date":"2025-10-10T00:00:00"}