{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T21:28:06Z","timestamp":1743024486581,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031230196"},{"type":"electronic","value":"9783031230202"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-23020-2_15","type":"book-chapter","created":{"date-parts":[[2022,12,6]],"date-time":"2022-12-06T07:03:04Z","timestamp":1670310184000},"page":"267-282","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Survey on\u00a0IoT Vulnerability Discovery"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3847-7483","authenticated-orcid":false,"given":"Xinbo","family":"Ban","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3690-0321","authenticated-orcid":false,"given":"Ming","family":"Ding","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3122-6745","authenticated-orcid":false,"given":"Shigang","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1355-3870","authenticated-orcid":false,"given":"Chao","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2189-7801","authenticated-orcid":false,"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,12,7]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Ban, X., Chen, C., Liu, S., Wang, Y., Zhang, J.: Deep-learnt features for twitter spam detection. In: 2018 International Symposium on Security and Privacy in Social Networks and Big Data, pp. 208\u2013212. IEEE (2018)","DOI":"10.1109\/SocialSec.2018.8760377"},{"key":"15_CR2","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-030-95484-0_14","volume-title":"European Symposium on Research in Computer Security","author":"X Ban","year":"2021","unstructured":"Ban, X., Ding, M., Liu, S., Chen, C., Zhang, J., Xiang, Y.: TAESim: a testbed for IoT security analysis of trigger-action environment. In: Katsikas, S., et al. (eds.) European Symposium on Research in Computer Security, pp. 218\u2013237. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-95484-0_14"},{"issue":"19","key":"15_CR3","doi-asserted-by":"publisher","first-page":"e5103","DOI":"10.1002\/cpe.5103","volume":"31","author":"X Ban","year":"2019","unstructured":"Ban, X., Liu, S., Chen, C., Chua, C.: A performance evaluation of deep-learnt features for software vulnerability detection. Concurr. Comput. Pract. Exp. 31(19), e5103 (2019)","journal-title":"Concurr. Comput. Pract. Exp."},{"issue":"3","key":"15_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3185501","volume":"2","author":"L Bu","year":"2018","unstructured":"Bu, L., et al.: Systematically ensuring the confidence of real-time home automation IoT systems. ACM Trans. Cyber-Phys. Syst. 2(3), 1\u201323 (2018)","journal-title":"ACM Trans. Cyber-Phys. Syst."},{"key":"15_CR5","unstructured":"Celik, Z.B., McDaniel, P., Tan, G.: SOTERIA: automated IoT safety and security analysis. In: USENIX, Boston, MA, USA, pp. 147\u2013158 (2018)"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"Celik, Z.B., Tan, G., McDaniel, P.: IoTGuard: dynamic enforcement of security and safety policy in commodity IoT. In: Network and Distributed System Security Symposium, San Diego, CA, USA, pp. 1\u201315. The Internet Society (2019)","DOI":"10.14722\/ndss.2019.23326"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for linux-based embedded firmware. In: 23rd Annual Network and Distributed System Security Symposium, San Diego, CA, USA. The Internet Society (2016)","DOI":"10.14722\/ndss.2016.23415"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS, San Diego, CA, USA. The Internet Society (2018)","DOI":"10.14722\/ndss.2018.23159"},{"key":"15_CR9","unstructured":"Croft, J., Mahajan, R., Caesar, M., Musuvathi, M.: Systematically exploring the behavior of control programs. In: Proceedings of the 2015 USENIX Conference, Santa Clara, CA, USA, pp. 165\u2013176. USENIX Association (2015)"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Ding, W., Hu, H.: On the safety of IoT device physical interaction control. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, pp. 832\u2013846. ACM (2018)","DOI":"10.1145\/3243734.3243865"},{"key":"15_CR11","doi-asserted-by":"crossref","unstructured":"Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, pp. 480\u2013491. ACM (2016)","DOI":"10.1145\/2976749.2978370"},{"key":"15_CR12","doi-asserted-by":"crossref","unstructured":"Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE symposium on security and privacy (SP), San Jose, CA, USA, pp. 636\u2013654. IEEE (2016)","DOI":"10.1109\/SP.2016.44"},{"issue":"4","key":"15_CR13","doi-asserted-by":"publisher","first-page":"3725","DOI":"10.1016\/j.asej.2021.03.026","volume":"12","author":"AA Hamza","year":"2021","unstructured":"Hamza, A.A., Abdel-Halim, I.T., Sobh, M.A., Bahaa-Eldin, A.M.: A survey and taxonomy of program analysis for IoT platforms. Ain Shams Eng. J. 12(4), 3725\u20133736 (2021)","journal-title":"Ain Shams Eng. J."},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Iijima, R., Takehisa, T., Mori, T.: Cyber-physical firewall: monitoring and controlling the threats caused by malicious analog signals. In: Proceedings of the 19th ACM International Conference on Computing Frontiers, pp. 296\u2013304 (2022)","DOI":"10.1145\/3528416.3530997"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Kang, H.J., Sim, S.Q., Lo, D.: Iotbox: sandbox mining to prevent interaction threats in IoT systems. In: 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST), pp. 182\u2013193. IEEE (2021)","DOI":"10.1109\/ICST49551.2021.00029"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Kashaf, A., Sekar, V., Agarwal, Y.: Protecting smart homes from unintended application actions. In: 2022 ACM\/IEEE 13th International Conference on Cyber-Physical Systems (ICCPS), pp. 270\u2013281. IEEE (2022)","DOI":"10.1109\/ICCPS54341.2022.00031"},{"key":"15_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2017.08.007","volume":"72","author":"J Li","year":"2018","unstructured":"Li, J., Zhang, Y., Chen, X., Xiang, Y.: Secure attribute-based data sharing for resource-limited users in cloud computing. Comput. Secur. 72, 1\u201312 (2018)","journal-title":"Comput. Secur."},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Nguyen, D.T., Song, C., Qian, Z., Krishnamurthy, S.V., Colbert, E.J., McDaniel, P.: IotSan: fortifying the safety of IoT systems. In: Proceedings of the 14th International Conference on Emerging Networking Experiments and Technologies, Heraklion, Greece, pp. 191\u2013203. ACM (2018)","DOI":"10.1145\/3281411.3281440"},{"issue":"1","key":"15_CR19","doi-asserted-by":"publisher","first-page":"191","DOI":"10.3390\/iot3010012","volume":"3","author":"P Pradeep","year":"2022","unstructured":"Pradeep, P., Kant, K.: Conflict detection and resolution in IoT systems: a survey. IoT 3(1), 191\u2013218 (2022)","journal-title":"IoT"},{"key":"15_CR20","doi-asserted-by":"crossref","unstructured":"Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Proceedings of 23rd Annual Network and Distributed System Security Symposium, San Diego, CA, USA. The Internet Society (2016)","DOI":"10.14722\/ndss.2016.23368"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., Jia, L.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, Perth, Australia, pp. 1501\u20131510 (2017)","DOI":"10.1145\/3038912.3052709"},{"key":"15_CR22","doi-asserted-by":"crossref","unstructured":"Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., Gunter, C.A.: Charting the attack surface of trigger-action IoT platforms. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, pp. 1439\u20131453. ACM (2019)","DOI":"10.1145\/3319535.3345662"},{"key":"15_CR23","unstructured":"Wang, X., Sun, Y., Nanda, S., Wang, X.: Looking from the mirror: evaluating IoT device security through mobile companion apps. In: 28th USENIX Security Symposium, Santa Clara, CA, USA, pp. 1151\u20131167. USENIX Association (2019)"},{"issue":"15","key":"15_CR24","doi-asserted-by":"publisher","first-page":"3362","DOI":"10.3390\/s19153362","volume":"19","author":"Z Wang","year":"2019","unstructured":"Wang, Z., et al.: Automated vulnerability discovery and exploitation in the internet of things. Sensors 19(15), 3362 (2019)","journal-title":"Sensors"},{"key":"15_CR25","unstructured":"Wen, H., Chen, Q.A., Lin, Z.: Plug-N-Pwned: comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT. In: 29th USENIX Security Symposium, Boston, MA, USA. USENIX Association (2020)"},{"issue":"2","key":"15_CR26","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1109\/TETC.2017.2754103","volume":"8","author":"F Xiao","year":"2020","unstructured":"Xiao, F., Sha, L., Yuan, Z., Wang, R.: Vulhunter: a discovery for unknown bugs based on analysis for known patches in industry internet of things. IEEE Trans. Emerg. Top. Comput. 8(2), 267\u2013279 (2020)","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"15_CR27","doi-asserted-by":"crossref","unstructured":"Zhang, Y., et al.: SRFuzzer: an automatic fuzzing framework for physical SOHO router devices to discover multi-type vulnerabilities. In: 35th Annual Computer Security Applications Conference, San Juan, PR, USA, pp. 544\u2013556. ACM (2019)","DOI":"10.1145\/3359789.3359826"},{"key":"15_CR28","unstructured":"Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: USENIX, Santa Clara, CA, USA, pp. 1099\u20131114. USENIX Association (2019)"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Zheng, Y., Song, Z., Sun, Y., Cheng, K., Zhu, H., Sun, L.: An efficient greybox fuzzing scheme for linux-based IoT programs through binary static analysis. In: 38th IEEE International Performance Computing and Communications Conference, London, UK, pp. 1\u20138. IEEE (2019)","DOI":"10.1109\/IPCCC47392.2019.8958740"},{"key":"15_CR30","unstructured":"Zhou, W., et al.: Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms. In: 28th USENIX Security Symposium, Santa Clara, CA, pp. 1133\u20131150. USENIX Association (2019)"},{"key":"15_CR31","doi-asserted-by":"crossref","unstructured":"Zuo, C., Wen, H., Lin, Z., Zhang, Y.: Automatic fingerprinting of vulnerable BLE IoT devices with static UUIDs from mobile apps. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, pp. 1469\u20131483. ACM (2019)","DOI":"10.1145\/3319535.3354240"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-23020-2_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,9]],"date-time":"2024-10-09T23:42:03Z","timestamp":1728517323000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-23020-2_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031230196","9783031230202"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-23020-2_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"7 December 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denarau Island","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Fiji","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easy chair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"83","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}