A Customizable Security Risk Assessment Framework Using Multi-Attribute Decision Making for IoT Systems

Mofareh Waqdan; Habib Louafi; Malek Mouhoub

doi:10.5220/0013081700003899

A Customizable Security Risk Assessment Framework Using Multi-Attribute Decision Making for IoT Systems

Mofareh Waqdan, Habib Louafi, Malek Mouhoub

2025

Abstract

The advent of the Internet of Things (IoT) has transformed how we conduct our daily lives and engage with technology. The seamless integration of connected devices, from household to industrial equipment, has ushered in a new era of interconnectivity. Nevertheless, this swift expansion of the IoT also presents novel security concerns that must be addressed. We present a customizable framework for assessing the risk of deploying and utilizing IoT devices in various environments. We dynamically calculate risk scores for different devices, considering their importance to the system and their vulnerabilities, among other parameters. The framework we propose improves on existing research by considering the important parameters of the devices, their vulnerabilities and how they impact the overall risk assessment. The importance of these devices and the severity of vulnerabilities are incorporated in the framework using well-known Multi-Attribute Decision Making (MADM) methods, namely, Simple Additive Weighting (SAW) and Weighting Product (WP). The risk is assessed on a setup comprised of a set of IoT devices widely deployed in healthcare systems, such as emergency rooms.

Download

Paper Citation

in Harvard Style

Waqdan M., Louafi H. and Mouhoub M. (2025). A Customizable Security Risk Assessment Framework Using Multi-Attribute Decision Making for IoT Systems. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 121-132. DOI: 10.5220/0013081700003899

in Bibtex Style

@conference{icissp25,
author={Mofareh Waqdan and Habib Louafi and Malek Mouhoub},
title={A Customizable Security Risk Assessment Framework Using Multi-Attribute Decision Making for IoT Systems},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={121-132},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013081700003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - A Customizable Security Risk Assessment Framework Using Multi-Attribute Decision Making for IoT Systems
SN - 978-989-758-735-1
AU - Waqdan M.
AU - Louafi H.
AU - Mouhoub M.
PY - 2025
SP - 121
EP - 132
DO - 10.5220/0013081700003899
PB - SciTePress