Research Article
Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM
Table 2
Correlation rules for different attacks scenarios implemented in OSSIM.
| | Scenario | Rule name | Reliability | Timeout [sec] | Occ | Security event | User data | Vulnerability exploited | Attack surface related |
| | 1 | IoT GeoFencing Directive | 8 | None | 1 | Device Access event | GE1 | Denial of Service | Device physical interface |
| | 2 | IoT rule | 1 | None | 1 | Authentication Exception event | BF1 | Username enumeration, Use of weak passwords, Account lockout or two-factor authentication | Administrative interface, Device web interface, Cloud interface and Mobile application | | Brute Attack | 3 | 5 | 5 |
| | 3 | IoT Command injection | 3 | None | 1 | Command Injection Exceptions event | AE1 | Encryption mechanisms impl. fails, Remote update is done without security controls or Storage location is writable | Device network services and Update mechanism |
|
|
