Table 2: Correlation rules for different attacks scenarios implemented in OSSIM.

Scenario Rule nameReliabilityTimeout [sec]OccSecurity eventUser dataVulnerability exploitedAttack surface related

1IoT GeoFencing Directive8None1Device Access eventGE1Denial of ServiceDevice physical interface

2IoT rule1None1Authentication Exception eventBF1Username enumeration, Use of weak passwords, Account lockout or two-factor authenticationAdministrative interface, Device web interface, Cloud interface and Mobile application
Brute Attack355

3IoT Command injection3None1Command Injection Exceptions eventAE1Encryption mechanisms impl. fails, Remote update is done without security controls or Storage location is writableDevice network services and Update mechanism