Automated penetration testing for industrial IOT systems: enhancing efficiency and reducing reliance on human expertise

Sbai, Fatim, Asif, Waqar ORCID logoORCID: https://orcid.org/0000-0001-6774-3050, IvaylovMarkov, Lyubomir and Saeed, Nagham ORCID logoORCID: https://orcid.org/0000-0002-5124-7973 (2025) Automated penetration testing for industrial IOT systems: enhancing efficiency and reducing reliance on human expertise. In: 2025 IEEE International Symposium on Circuits and Systems (ISCAS), 25-28 May 2025, London, England.

[thumbnail of PDF/A]
Preview
PDF (PDF/A)
Automated Penetration Testing for Industrial_SbaiF & SaeedN_accessible.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (627kB) | Preview

Abstract

Penetration testing is an important aspect when building or deploying Industrial Internet of Things (IIoT) systems. This involves using specialised hacking tools that would help identify exploitable vulnerabilities in an industrial systems, device, and/or network. Conventionally, security experts rely on penetration testing performed by expert individuals where these individuals are expected to have considerable experience and knowledge in the specified domain. This dependence on skill evaluation makes the process unreliable as failure in a penetration test does not guarantee system security. Therefore, this paper proposes the use of automated penetration testing using script files. Tools such as Nessus are employed for vulnerability scanning, PostgreSQL serves as the database management system to store test results and configurations, and Metasploit is utilised for automating the exploitation of identified vulnerabilities. The research shows a considerable improvement in task efficiency in terms of time consumed to find a suitable exploit and execute it in comparison to manual penetration testing.

Item Type: Conference or Workshop Item (Paper)
ISSN: 2158-1525
ISBN: 9798350356830
Identifier: 10.1109/ISCAS56072.2025.11044276
Identifier: 10.1109/ISCAS56072.2025.11044276
Additional Information: For the purpose of open access, the authors have applied a Creative Commons Attribution (CC BY) license to any Accepted Manuscript version arising.
Keywords: Performance evaluation, Large language models, Manuals, Security, Object recognition, Integrated circuit reliability, Penetration testing, Industrial Internet of Things, Testing, Network systems, IIoT, Nessus, PostgreSQL, Metasploit
Subjects: Computing > Information security
Related URLs:
Depositing User: Fatim Sbai
Date Deposited: 22 Jul 2025 13:18
Last Modified: 15 Aug 2025 09:00
URI: https://repository.uwl.ac.uk/id/eprint/13903
Sustainable Development Goals: Goal 9: Industry, Innovation, and Infrastructure

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item

Menu