Attack-based automation of security testing for IoT applications with genetic algorithms and fuzzing

The Internet of Things (IoT) has increased the connectivity of systems and fueled the digitalization. However, IoT systems are prone to various security vulnerabilities thatmay lead to serious incidents that can cause physical harm and financial damage. The security of IoT systems is a major challenge for the their success. If vulnerabilities remain undetected, an attacker can exploit them remotely and thus, gain full access to confidential data, control the connected IoT devices with magnitudes of consequences. This paper presents an approach that exploits information on attacks detected and recorded at runtime to facilitate the development of security patches and uses the information to detect further vulnerabilities. This paper presents work in progress from an ongoing research project.