Citing VARIoT

We are really glad that you found our database interesting!
If our database helped you with your work, please consider citing or mentioning our scientific paper describing VARIoT databases. Thank you!

Janiszewski, M.; Felkner, A.; Lewandowski, P.; Rytel, M.; Romanowski, H. Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things. Sensors 2021, 21, 4359. https://doi.org/10.3390/s21134359

Bibtex:

@Article{VARIoT_db,
  AUTHOR = {Janiszewski, Marek and Felkner, Anna and Lewandowski, Piotr and Rytel, Marcin and Romanowski, Hubert},
  TITLE = {Automatic Actionable Information Processing and Trust Management towards Safer Internet of Things},
  JOURNAL = {Sensors},
  VOLUME = {21},
  YEAR = {2021},
  NUMBER = {13},
  ARTICLE-NUMBER = {4359},
  URL = {https://www.mdpi.com/1424-8220/21/13/4359},
  PubMedID = {34202248},
  ISSN = {1424-8220},
  ABSTRACT = {The security of the Internet of Things (IoT) is a very important aspect of everyday life for people and industries, as well as hospitals, military, households and cities. Unfortunately, this topic is still too little researched and developed, which results in exposing users of Internet of Things to possible threats. One of the areas which should be addressed is the creation of a database of information about vulnerabilities and exploits in the Internet of Things; therefore, the goal of our activities under the VARIoT (Vulnerability and Attack Repository for IoT) project is to develop such a database and make it publicly available. The article presents the results of our research aimed at building this database, i.e., how the information about vulnerabilities is obtained, standardized, aggregated and correlated as well as the way of enhancing and selecting IoT related data. We have obtained and proved that existing databases provide various scopes of information and because of that a single and most comprehensive source of information does not exist. In addition, various sources present information about a vulnerability at different times—some of them are faster than others, and the differences in publication dates are significant. The results of our research show that aggregation of information from various sources can be very beneficial and has potential to enhance actionable value of information. We have also shown that introducing more sophisticated concepts, such as trust management and metainformation extraction based on artificial intelligence, could ensure a higher level of completeness of information as well as evaluate the usefulness and reliability of data.},
  DOI = {10.3390/s21134359}
}

We also did a survey of different vulnerabilities databases:

Rytel, M.; Felkner, A.; Janiszewski, M. Towards a Safer Internet of Things—A Survey of IoT Vulnerability Data Sources. Sensors 2020, 20, 5969. https://doi.org/10.3390/s20215969

Bibtex:

@Article{VARIoT_survey,
  AUTHOR = {Rytel, Marcin and Felkner, Anna and Janiszewski, Marek},
  TITLE = {Towards a Safer Internet of Things—A Survey of IoT Vulnerability Data Sources},
  JOURNAL = {Sensors},
  VOLUME = {20},
  YEAR = {2020},
  NUMBER = {21},
  ARTICLE-NUMBER = {5969},
  URL = {https://www.mdpi.com/1424-8220/20/21/5969},
  PubMedID = {33105564},
  ISSN = {1424-8220},
  ABSTRACT = {The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and software available.},
  DOI = {10.3390/s20215969}
}