{"id":"https://openalex.org/W7135150767","doi":"https://doi.org/10.3390/make8030070","title":"A Procedure for Vulnerability Analysis and Countermeasures in IoT Systems Based on Their Components Characteristics","display_name":"A Procedure for Vulnerability Analysis and Countermeasures in IoT Systems Based on Their Components Characteristics","publication_year":2026,"publication_date":"2026-03-11","ids":{"openalex":"https://openalex.org/W7135150767","doi":"https://doi.org/10.3390/make8030070"},"language":"en","primary_location":{"id":"doi:10.3390/make8030070","is_oa":true,"landing_page_url":"https://doi.org/10.3390/make8030070","pdf_url":"https://www.mdpi.com/2504-4990/8/3/70/pdf?version=1773229845","source":{"id":"https://openalex.org/S4210213891","display_name":"Machine Learning and Knowledge Extraction","issn_l":"2504-4990","issn":["2504-4990"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning and Knowledge Extraction","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2504-4990/8/3/70/pdf?version=1773229845","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084459370","display_name":"Ponciano Jorge Escamilla-Ambrosio","orcid":"https://orcid.org/0000-0003-3772-3651"},"institutions":[{"id":"https://openalex.org/I59361560","display_name":"Instituto Polit\u00e9cnico Nacional","ror":"https://ror.org/059sp8j34","country_code":"MX","type":"education","lineage":["https://openalex.org/I59361560"]}],"countries":["MX"],"is_corresponding":true,"raw_author_name":"Ponciano Jorge Escamilla-Ambrosio","raw_affiliation_strings":["Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico"],"raw_orcid":"https://orcid.org/0000-0003-3772-3651","affiliations":[{"raw_affiliation_string":"Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico","institution_ids":["https://openalex.org/I59361560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128888559","display_name":"Brandon Iv\u00e1n M\u00e9ndez-Barrera","orcid":null},"institutions":[{"id":"https://openalex.org/I59361560","display_name":"Instituto Polit\u00e9cnico Nacional","ror":"https://ror.org/059sp8j34","country_code":"MX","type":"education","lineage":["https://openalex.org/I59361560"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Brandon Iv\u00e1n M\u00e9ndez-Barrera","raw_affiliation_strings":["Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico","institution_ids":["https://openalex.org/I59361560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128813970","display_name":"Alberto Jorge Rosales-Silva","orcid":null},"institutions":[{"id":"https://openalex.org/I59361560","display_name":"Instituto Polit\u00e9cnico Nacional","ror":"https://ror.org/059sp8j34","country_code":"MX","type":"education","lineage":["https://openalex.org/I59361560"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Alberto Jorge Rosales-Silva","raw_affiliation_strings":["Escuela Superior de Ingenier\u00eda Mec\u00e1nica y El\u00e9ctrica Unidad Zacatenco, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico"],"raw_orcid":"https://orcid.org/0000-0001-8436-3025","affiliations":[{"raw_affiliation_string":"Escuela Superior de Ingenier\u00eda Mec\u00e1nica y El\u00e9ctrica Unidad Zacatenco, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico","institution_ids":["https://openalex.org/I59361560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090418041","display_name":"Gina Gallegos-Garc\u00eda","orcid":"https://orcid.org/0000-0002-5212-350X"},"institutions":[{"id":"https://openalex.org/I59361560","display_name":"Instituto Polit\u00e9cnico Nacional","ror":"https://ror.org/059sp8j34","country_code":"MX","type":"education","lineage":["https://openalex.org/I59361560"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Gina Gallegos-Garc\u00eda","raw_affiliation_strings":["Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico"],"raw_orcid":"https://orcid.org/0000-0002-5212-350X","affiliations":[{"raw_affiliation_string":"Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico","institution_ids":["https://openalex.org/I59361560"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084995362","display_name":"Gilberto Mart\u00ednez-Luna","orcid":null},"institutions":[{"id":"https://openalex.org/I59361560","display_name":"Instituto Polit\u00e9cnico Nacional","ror":"https://ror.org/059sp8j34","country_code":"MX","type":"education","lineage":["https://openalex.org/I59361560"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Gilberto Lorenzo Mart\u00ednez-Luna","raw_affiliation_strings":["Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico"],"raw_orcid":"https://orcid.org/0000-0002-0105-1112","affiliations":[{"raw_affiliation_string":"Centro de Investigaci\u00f3n en Computaci\u00f3n, Instituto Polit\u00e9cnico Nacional, Mexico City 07738, Mexico","institution_ids":["https://openalex.org/I59361560"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5084459370"],"corresponding_institution_ids":["https://openalex.org/I59361560"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.3477249,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"8","issue":"3","first_page":"70","last_page":"70"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.1632000058889389,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.1632000058889389,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.12860000133514404,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.08169999718666077,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7269999980926514},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.7145000100135803},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.6809999942779541},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.6718000173568726},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5253999829292297},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.484499990940094},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.48260000348091125},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.4794999957084656},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.44449999928474426}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7269999980926514},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7196000218391418},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.7145000100135803},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6887999773025513},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.6809999942779541},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.6718000173568726},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5253999829292297},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.484499990940094},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.48260000348091125},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.4794999957084656},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.44449999928474426},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4366999864578247},{"id":"https://openalex.org/C21593369","wikidata":"https://www.wikidata.org/wiki/Q1032176","display_name":"Countermeasure","level":2,"score":0.4311999976634979},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4090999960899353},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.3939000070095062},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.37619999051094055},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.36570000648498535},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.36329999566078186},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.3628000020980835},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.34630000591278076},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.34470000863075256},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.33660000562667847},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.32899999618530273},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.3206999897956848},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.30300000309944153},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.3012999892234802},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.29319998621940613},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.26840001344680786},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.2644999921321869},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.2547999918460846},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.25040000677108765}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/make8030070","is_oa":true,"landing_page_url":"https://doi.org/10.3390/make8030070","pdf_url":"https://www.mdpi.com/2504-4990/8/3/70/pdf?version=1773229845","source":{"id":"https://openalex.org/S4210213891","display_name":"Machine Learning and Knowledge Extraction","issn_l":"2504-4990","issn":["2504-4990"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning and Knowledge Extraction","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:37f536698da547fc8406c3fa4cb033a4","is_oa":true,"landing_page_url":"https://doaj.org/article/37f536698da547fc8406c3fa4cb033a4","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Machine Learning and Knowledge Extraction, Vol 8, Iss 3, p 70 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/make8030070","is_oa":true,"landing_page_url":"https://doi.org/10.3390/make8030070","pdf_url":"https://www.mdpi.com/2504-4990/8/3/70/pdf?version=1773229845","source":{"id":"https://openalex.org/S4210213891","display_name":"Machine Learning and Knowledge Extraction","issn_l":"2504-4990","issn":["2504-4990"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning and Knowledge Extraction","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5918110013008118}],"awards":[{"id":"https://openalex.org/G2630364766","display_name":null,"funder_award_id":"CAR SECTEI/079/2024","funder_id":"https://openalex.org/F4320326490","funder_display_name":"Secretar\u00eda de Estado de Ciencia, Tecnolog\u00eda e Innovaci\u00f3n"},{"id":"https://openalex.org/G2667109539","display_name":null,"funder_award_id":"SIP-20251080","funder_id":"https://openalex.org/F4320321694","funder_display_name":"Instituto Polit\u00e9cnico Nacional"}],"funders":[{"id":"https://openalex.org/F4320321694","display_name":"Instituto Polit\u00e9cnico Nacional","ror":"https://ror.org/059sp8j34"},{"id":"https://openalex.org/F4320326490","display_name":"Secretar\u00eda de Estado de Ciencia, Tecnolog\u00eda e Innovaci\u00f3n","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7135150767.pdf","grobid_xml":"https://content.openalex.org/works/W7135150767.grobid-xml"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W1548644355","https://openalex.org/W2125910575","https://openalex.org/W2275100661","https://openalex.org/W2492688925","https://openalex.org/W2580334929","https://openalex.org/W2694044524","https://openalex.org/W2763330809","https://openalex.org/W2891512841","https://openalex.org/W2894066856","https://openalex.org/W2913811025","https://openalex.org/W2963647436","https://openalex.org/W2986455874","https://openalex.org/W2997353660","https://openalex.org/W3030475315","https://openalex.org/W3087386645","https://openalex.org/W3094173162","https://openalex.org/W3211654378","https://openalex.org/W4367367976","https://openalex.org/W4385607631","https://openalex.org/W4387453400","https://openalex.org/W4393982379","https://openalex.org/W4406356978","https://openalex.org/W4408331172","https://openalex.org/W4410838098"],"related_works":[],"abstract_inverted_index":{"The":[0,70,119,160,190],"increasing":[1],"complexity":[2],"and":[3,17,34,68,84,89,105,116,151,157,174,188,198,215,231,240],"heterogeneity":[4],"of":[5,7,54,77,154,184,209,217,229],"Internet":[6],"Things":[8],"(IoT)":[9],"systems":[10],"pose":[11],"significant":[12],"challenges":[13],"for":[14,46,201,238],"systematic":[15,207],"security":[16,25,36,66,103,203,243],"vulnerability":[18,47,213],"assessment.":[19],"From":[20,140],"a":[21,43,74,108,149,166,170,236],"knowledge-centric":[22,239],"perspective,":[23],"IoT":[24,56,137,172,187,210,242],"analysis":[26,48],"requires":[27],"transforming":[28],"heterogeneous":[29],"asset":[30,61],"information":[31],"into":[32],"structured":[33,44,230],"interpretable":[35,152,232,241],"knowledge.":[37],"In":[38],"this":[39],"paper,":[40],"we":[41],"propose":[42],"methodology":[45,162],"that":[49,125,193],"models":[50],"the":[51,78,132,194,206,221,227],"attack":[52,211],"surface":[53],"an":[55,175],"system":[57,79,173],"by":[58],"explicitly":[59],"linking":[60],"characteristics":[62,96],"to":[63,100,147],"known":[64],"vulnerabilities,":[65,102],"controls,":[67,104],"countermeasures.":[69],"approach":[71,195],"starts":[72],"with":[73,131,179,181],"visual":[75],"representation":[76,153],"architecture,":[80],"where":[81],"hardware,":[82],"software,":[83],"communication":[85],"components":[86],"are":[87,97,145],"identified":[88],"described":[90],"through":[91,165],"their":[92],"technical":[93],"characteristics.":[94],"These":[95],"automatically":[98],"mapped":[99],"relevant":[101],"countermeasures":[106,219],"using":[107],"dedicated":[109],"software":[110],"tool":[111,120],"called":[112],"AVCA":[113],"(Asset":[114],"Vulnerabilities":[115],"Countermeasures":[117],"Analyzer).":[118],"generates":[121],"graph-based":[122],"analytical":[123],"representations":[124],"model":[126],"vulnerabilities\u2013countermeasures":[127],"relationships":[128],"in":[129,186,205],"compliance":[130],"Cloud":[133],"Security":[134,138],"Alliance":[135],"(CSA)":[136],"Framework.":[139],"these":[141],"graphs,":[142],"attack\u2013countermeasure":[143],"trees":[144],"derived":[146],"provide":[148],"clear":[150],"potential":[155],"threats":[156],"mitigation":[158],"strategies.":[159],"proposed":[161],"was":[163],"evaluated":[164,222],"case":[167],"study":[168],"involving":[169],"representative":[171],"exploratory":[176],"applicability":[177],"experiment":[178],"participants":[180],"different":[182],"levels":[183],"experience":[185],"cybersecurity.":[189],"results":[191],"suggest":[192],"is":[196],"feasible":[197],"practically":[199],"applicable":[200],"supporting":[202],"analysts":[204],"assessment":[208],"surfaces,":[212],"identification,":[214],"selection":[216],"appropriate":[218],"under":[220],"conditions.":[223],"This":[224],"work":[225],"highlights":[226],"role":[228],"knowledge":[233],"extraction":[234],"as":[235],"foundation":[237],"analysis.":[244]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2026-03-13T00:00:00"}