Automated Vulnerability Scanning and Prioritisation for Domestic IoT Devices/Smart Homes: A Theoretical Framework

Abstract

<jats:p>The expansion of Internet of Things (IoT) devices in domestic smart homes has created new conveniences but also significant security risks. Insecure firmware, weak authentication and weak encryption leave households exposed to privacy breaches, data leakage and systemic attacks. Although research has addressed several challenges, contributions remain fragmented and difficult for non-technical users to apply. This work addresses the following research question: How can a theoretical framework be developed to enable automated vulnerability scanning and prioritisation for non-technical users in domestic IoT environments? A Systematic Literature Review of 40 peer-reviewed studies, conducted under PRISMA 2020 guidelines, identified four structural gaps: dispersed vulnerability knowledge, fragmented scanning approaches, over-reliance on technical severity in prioritisation and weak protocol standardisation. The paper introduces a four-module framework: a Vulnerability Knowledge Base, an Automated Scanning Engine, a Context-Aware Prioritisation Module and a Standardisation and Interoperability Layer. The framework advances knowledge by integrating previously siloed approaches into a layered and iterative artefact tailored to households. While limited to conceptual evaluation, the framework establishes a foundation for future work in prototype development, household usability studies and empirical validation. By addressing fragmented evidence with a coherent and adaptive design, the study contributes to both academic understanding and practical resilience, offering a pathway toward more secure and trustworthy domestic IoT ecosystems.</jats:p>