Akademik Veri Yönetim Sistemi
IEEE Access, cilt.13, ss.64770-64782, 2025 (SCI-Expanded, Scopus)
The rapid expansion of Internet of Things (IoT) technology has led to a proliferation of smart devices and interconnected systems. Critical factors such as production limitations, cost constraints, and insufficient technical capabilities have rendered these devices more vulnerable and at higher risk compared to traditional devices. The extensive data processing and communication requirements due to the increasing number of devices and connections have also introduced significant security challenges. Consequently, security risk assessment methodologies have gained relevance for a wide range of IoT systems. However, identifying vulnerable nodes within the system, individually assessing devices, and performing compact and efficient analyses of the entire topology remain underexplored areas. To address these gaps, this paper presents a quantitative assessment approach based on risk and vulnerability metrics. By integrating computational metrics from existing literature, we conduct a host-based attack probability assessment and extend this analysis to devices, communication paths, and the overall graph within a security context. Beyond establishing a mathematical framework, we refine the IOTA approach, typically used for attack path detection and graph generation, into a hybrid risk-based model to enhance search-domain efficiency. Our proposed approach targets high-vulnerability components within the system through risk-weighted backtracking, thereby facilitating more efficient attack path detection and filtering. The developed method is evaluated in a border security case scenario, with comparisons made in terms of algorithmic and asymptotic complexity. Simulation results demonstrate that our hybrid approach for detecting potential attack paths achieves an average runtime improvement of 16.9% compared to existing methods.