D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks

Yair Meidan, Daniel Benatar, Ron Bitton, Dan Avraham, Asaf Shabtai

Research output: Contribution to journalArticlepeer-review


IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel taxonomy for IoT attack detection which also encapsulates traffic predictability aspects, (c) propose an expert-based attack detectability estimation method which uses this taxonomy to derive a detectability score (termed ‘D-Score’) for a given combination of IoT model and attack scenario, and (d) empirically evaluate our method while comparing it with a data-driven method.

Original languageEnglish
Article number103073
JournalComputers and Security
StatePublished - 1 Mar 2023


  • Analytical hierarchical process (AHP)
  • Attack detection
  • Internet of things (IoT) security
  • Multi-Criteria decision making
  • Network traffic predictability

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law


Dive into the research topics of 'D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks'. Together they form a unique fingerprint.

Cite this