research proposal on cyber security for iot based smart systems

A Systematic Review of IoT Security: Research Potential, Challenges, and Future Directions

New citation alert added.

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Information & Contributors

Bibliometrics & citations.

Gómez-Hernández J García-Teodoro P (2024) Lightweight Crypto-Ransomware Detection in Android Based on Reactive Honeyfile Monitoring Sensors 10.3390/s24092679 24 :9 (2679) Online publication date: 23-Apr-2024 https://doi.org/10.3390/s24092679
Minani J Sabir F Moha N Guéhéneuc Y (2024) A Systematic Review of IoT Systems Testing: Objectives, Approaches, Tools, and Challenges IEEE Transactions on Software Engineering 10.1109/TSE.2024.3363611 50 :4 (785-815) Online publication date: Apr-2024 https://doi.org/10.1109/TSE.2024.3363611
Alghamdi A Barsoum A (2024) A Comprehensive IDs to Detect Botnet Attacks Using Machine Learning Techniques 2024 IEEE 3rd International Conference on Computing and Machine Intelligence (ICMI) 10.1109/ICMI60790.2024.10585846 (1-6) Online publication date: 13-Apr-2024 https://doi.org/10.1109/ICMI60790.2024.10585846
Show More Cited By

Index Terms

Security and privacy

Formal methods and theory of security

Intrusion/anomaly detection and malware mitigation

Malware and its mitigation

Recommendations

A top-down survey on securing iot with machine learning: goals, recent advances and challenges.

The Internet of Things (IoT) has seen it all from being just another innovation to a leading technology; it is now a binding force that interconnects various aspects of our lives. The IoT's tremendous growth is driven by emerging applications and evolving ...

IoT Eco-system, Layered Architectures, Security and Advancing Technologies: A Comprehensive Survey

Today almost every person’s life revolves around internet and Internet of Things (IoT). IoT is a paradigm which interconnects devices, people, or networks with the ability to process and respond to any physical or virtual communication without a ...

Industrial Internet of Things enabled technologies, challenges, and future directions

IIoT-enabled technologies, challenges, and future directions are explored.
A blockchain-based cement industry security framework can overcome 51% of security issues.
The performance of major companies depends on well-designed IIoT ...

The Industrial Internet of Things (IIoT) is recognized as the fourth industrial revolution as it enhances productivity, dependability, and competitive performance by concentrating on profitability. IIoT-enabled technologies have been reviewed and ...

Display Omitted

Information

Published in.

University of Sydney, Australia

Association for Computing Machinery

New York, NY, United States

Publication History

Permissions, check for updates, author tags.

Internet of Things (IoT)
IoT architecture
IoT security
IoT security challenges
IoT security goals
IoT security technology
IoT vulnerabilities
Machine Learning (ML)
Cloud Computing
Edge Computing

Funding Sources

Natural Sciences and Engineering Research Council (NSERC) of Canada

Contributors

Other metrics, bibliometrics, article metrics.

4 Total Citations View Citations
1,785 Total Downloads
Downloads (Last 12 months) 1,785
Downloads (Last 6 weeks) 137
Galli A La Gatta V Moscato V Postiglione M Sperlì G (2024) Explainability in AI-based behavioral malware detection systems Computers and Security 10.1016/j.cose.2024.103842 141 :C Online publication date: 1-Jun-2024 https://dl.acm.org/doi/10.1016/j.cose.2024.103842

View Options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

View options.

View or Download as a PDF file.

View online with eReader .

View this article in Full Text.

Share this Publication link

Copying failed.

Share on social media

Affiliations, export citations.

Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
Download citation
Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

View all journals
Explore content
About the journal
Publish with us
Sign up for alerts
Open access
Published: 27 October 2023

IoT empowered smart cybersecurity framework for intrusion detection in internet of drones

Syeda Nazia Ashraf 1 ,
Selvakumar Manickam 2 ,
Syed Saood Zia 3 ,
Abdul Ahad Abro 4 ,
Muath Obaidat 5 ,
Mueen Uddin 6 ,
Maha Abdelhaq 7 &
Raed Alsaqour 8

Scientific Reports volume 13 , Article number: 18422 ( 2023 ) Cite this article

4632 Accesses

4 Citations

7 Altmetric

Metrics details

Engineering
Mathematics and computing

The emergence of drone-based innovative cyber security solutions integrated with the Internet of Things (IoT) has revolutionized navigational technologies with robust data communication services across multiple platforms. This advancement leverages machine learning and deep learning methods for future progress. In recent years, there has been a significant increase in the utilization of IoT-enabled drone data management technology. Industries ranging from industrial applications to agricultural advancements, as well as the implementation of smart cities for intelligent and efficient monitoring. However, these latest trends and drone-enabled IoT technology developments have also opened doors to malicious exploitation of existing IoT infrastructures. This raises concerns regarding the vulnerability of drone networks and security risks due to inherent design flaws and the lack of cybersecurity solutions and standards. The main objective of this study is to examine the latest privacy and security challenges impacting the network of drones (NoD). The research underscores the significance of establishing a secure and fortified drone network to mitigate interception and intrusion risks. The proposed system effectively detects cyber-attacks in drone networks by leveraging deep learning and machine learning techniques. Furthermore, the model's performance was evaluated using well-known drones’ CICIDS2017, and KDDCup 99 datasets. We have tested the multiple hyperparameter parameters for optimal performance and classify data instances and maximum efficacy in the NoD framework. The model achieved exceptional efficiency and robustness in NoD, specifically while applying B-LSTM and LSTM. The system attains precision values of 89.10% and 90.16%, accuracy rates up to 91.00–91.36%, recall values of 81.13% and 90.11%, and F-measure values of 88.11% and 90.19% for the respective evaluation metrics.

Survey on security issues of routing and anomaly detection for space information networks

research proposal on cyber security for iot based smart systems

NGMD: next generation malware detection in federated server with deep neural network model for autonomous networks

A conjugate self-organizing migration (CSOM) and reconciliate multi-agent Markov learning (RMML) based cyborg intelligence mechanism for smart city security

Introduction.

The growing popularity of the Internet of Drones (IoD) is ascribed to the ongoing downsizing of sensors and chipsets and pervasive wireless communication. Tiny miniature drones, such as micro drones and quadcopters, have proliferated due to advancements in robot technology and unmanned aerial vehicles 1 , 2 , 3 . The ability of these miniature drones to instantly penetrate any monitoring system to track physical objects is a significant advantage. It is used in a variety of fields, including disaster response, industrial surveillance, military applications, search and rescue, precision agriculture, delivery, and shipping. Unmanned aerial vehicles (UAVs), often known as drones, are aerial aircraft without human pilots. They are helpful for various things, including weather forecasting and aerial photography. Aerodynamics forces frequently use UAVs to provide them access to remote machine control capabilities 4 , 5 , 6 . The aspects of diverse businesses have been influenced by analogous commercial applications, which affect everyone. UAVs are helpful tools for assessment and control since they can often capture aerial data and easily communicate it to the base station. The expanding use of drone technology has raised concerns about liability, privacy, regulation, and security 1 , 4 , 5 , 6 . Drone technology has become widespread since reduced-sized UAVs have so many benefits for privacy, distribution, and shipping 7 . However, these drones have significant privacy and security concerns, such as Intrusion Detection Systems (IDS). The integration of the Internet of Things (IoT) and wireless sensors that might be used in miniature drones has been made to conceive smart drones have been a growing area of research in recent years. Various technologies, including sensors, transmitters, and cameras, can enhance the functionality and effectiveness of drones in a wide range of complex applications. Small drones are providing new opportunities for the defense and public sectors. Tiny drones are susceptible to security and privacy problems because of inadequate design. The Internet of Drones (IoD) is a derivative of the Internet of Things in which drones are linked via Internet technology and offer new routes while presenting security and privacy challenges 6 . Changing IoDs is the fundamental architecture, and design is essential to improve security and dependability. Traditionally, the structure of a conventional drone was constructed using a layered design, as shown in Fig. 1 .

The Current Infrastructure of Smart Factories.

In a typical compact structure for commercial drones, a copter is integrated with a camera as the first module, called the drone module. Smart drones are linked to terrestrial networks using IoT gateways 8 . In this scenario, communication is provided by IoT gateways, like a terrestrial station's network that is cloud-equipped. After receiving the data from the IoT hub, the computational module examines the data stream. The outcomes of the computational analysis are entered into the database at the storage module and then sent to the visualization module for further examination.

On the other hand, one disadvantage is that it does not have the functionality to provide privacy and data security. IoT and drones are combined in the modern idea of the Internetwork of Drone Things (IDT), which enables drones to connect to a device that contains an IoT network. The current study proposes the IDT concept as a solution to security and privacy challenges. The main concerns for the IoD's implementation are the Problem Definition of IDT security. Numerous prospects might be investigated for the secure implementation of the IoD with the advancements in the ML field. The current research solves the issue by utilizing ML approaches to complete the IoD network.

The work that is being presented shows how a data-analysis-based smart drone capacity has been created by enhancing IoT and drones. Meanwhile, Blockchain technology is used in smart drones to provide security and privacy. The seven components of the suggested architecture are the modules of edge computational, drone, transmission, storage, security, processing, and Sensors for visualization 2022, 22, 2630 3 of 25.

However, there are numerous approaches for enabling cognitive tasks in Dragnet. For instance, the main Dragnet enabling technologies are detection, localization, tracking, and control, as shown in Fig. 2 . We give an overview of each of the main enabling approaches in this section, as well as the following technological challenges and unresolved issues. Dragnet, in general, creates an intelligent amateur drone surveillance system by acting as a transparent link between the social world (social behavior, human demand, etc.) and the physical world (with available real/imaginary items, amateur drones, birds, and authorized drones). Dragnet is based on a synthetic technique of understanding learning, and it consists of four basic essential cognitive activities that must be accomplished in the following order: (1) Detecting objects, (2) Analyzing data, (3) Knowledge (Discovery and Semantic), and (4) Smart decision marking.

Smart Framework Layered Architecture of Drone Attacks.

The most fundamental cognitive function in Dragnet is detection, which takes information from social networks and the physical environment using various active and passive surveillance technologies (such as sensors, cameras, crowds of people, or radars). Data analytics is a fundamental cognitive process that uses different surveillance data to locate and track amateur drones, identify intruders, and detect intrusions. The cognitive goal of semantic derivation and knowledge discovery attempts to enable the objects in Dragnet to automatically derive the semantics from examined data and make them self-aware and understandable. Additionally, specific usage patterns or rules can be found as knowledge based on the studied data and semantics, which requires objects in Dragnet to be intelligent. Finally, decision-making is a fundamental cognitive activity that determines broad decisions concerning the existence of amateur drones and actions to manage them (e.g., jamming, destroying, or capturing).

Enhancing security in IoT drones: factors for smart cybersecurity implementation

Smart cybersecurity for IoT drones involves specific considerations and features to ensure the secure operation of these interconnected devices. Here are some factors that make cybersecurity smart for IoT drones:

Encryption and secure communication

Smart cybersecurity for IoT drones involves using robust encryption algorithms to protect data transmission between the drones and the base station or other connected devices. Secure communication protocols, such as Transport Layer Security (TLS), are implemented to safeguard data integrity and prevent unauthorized access.

Authentication and access control

Thanks to smart cybersecurity, only authorized parties may access and control the drones. Strong authentication mechanisms are used to confirm the identity of users and devices, such as multi-factor authentication, digital certificates, or biometric verification. Access control measures restrict privileges and permissions based on user roles and responsibilities.

Firmware and software security

IoT drones are powered by software and firmware. Implementing secure coding techniques, performing frequent security upgrades and patches, and choosing reputable software sources to reduce vulnerabilities are all part of smart cybersecurity. Secure boot techniques and code integrity checks help guard against unauthorized firmware alterations and guarantee its legitimacy.

Intrusion detection and prevention

Intrusion Detection and Prevention Systems (IDPS) are included in smart cybersecurity for IoT drones to monitor network traffic, spot irregularities, and recognize potential cyber threats. These systems use anomaly detection methods and machine learning algorithms to spot malicious activity and take preventative steps to reduce risks.

Threat intelligence and analytics

To identify new threats, patterns, and trends, smart cybersecurity uses threat intelligence feeds, data analytics, and machine learning algorithms. Real-time analysis of drone data and network traffic helps identify potential vulnerabilities and enables proactive defense mechanisms.

Physical security measures

Cybersecurity for IoT drones extends beyond digital protection. Smart cybersecurity ensures physical security measures, such as tamper-resistant enclosures, anti-tampering mechanisms, and geofencing, to prevent unauthorized physical access to drones and protect them from theft or sabotage.

Security monitoring and incident response

Smart cybersecurity continuously monitors drone systems, network traffic, and data flows. Security Operation Centers (SoCs) equipped with advanced monitoring tools and automated alert systems enable real-time threat detection and incident response. Incident response plans are in place to quickly mitigate and recover from security incidents.

Privacy and data protection

Smart cybersecurity for IoT drones emphasizes privacy and data protection. Personal and sensitive data collected by drones are handled following privacy regulations. Encryption, anonymization, and data minimization techniques protect privacy rights and ensure compliance with privacy laws.

Considering these aspects, smart cybersecurity for IoT drones provides a robust defense against cyber threats, protects data privacy, and ensures these interconnected devices' safe and secure operation. The focus of this paper falls in the category of IDS, such as anomaly-based IDS, which is more specifically on the Deep Learning (DL) mechanism. DL approaches performed better than machine learning (ML) algorithms due to learning and training modules 8 . Thus, this can provide a cost-effective and efficient IDS that is highly mandatory to keep the network security of Drones.

The main contributions of this paper are discussed as follows:

The modular structure of an IoT-enabled drone framework is introduced to ensure robust security and privacy within the drone network.

The hybrid ML and DL techniques enforce stringent security measures during data transmission from drones to the base station.

The proposed framework presents intercommunication network properties where networking data, IoT sensors, and drone data are managed securely.

Benchmark datasets are employed to test the efficacy of the proposed framework rigorously. The performance evaluation metrics employed in the results and discussion section include precision, recall, F1-score, and classification accuracy.

On the other hand, another aspect that needs more consideration is the data collection hierarchy. Till now, no standardized process has been presented that shows the working operation of drone-enabled data collection, organization, management, and optimization. This type of problem poses a severe problem in the IoD environment's future development. To tackle this scenario, this work highlights a technological integration prospect, such as the role of Artificial Intelligence (AI) in the Internet of Drones (IoD). The mentioned technological improvement helps in the designing of a standardized hierarchy, such as:

drone-enabled data capture,

separation and filtering,

examination,

illustration,

storage logs,

documentation.

Along with that, the general collaboration of AI involved IoD is critical. In this integration approach, machine learning techniques play a vital role to manages these highlighted prospects of data optimization with a secure protocol for drone-enabled data management and exchange over the network. The list of algorithms that readily associate with the current working procedures of cybersecurity to enhance the sharing of data privacy, protection preservation, and security is as follows:

Gradient descent

Adaptive learning rate

Zeroth order optimization

Meta-learning

Stochastic gradient descent

Derivative-free optimization

Conjugate gradient

Furthermore, to address IoT security and privacy challenges for drones, as IoT-enabled drones continue to expand across various industries, ensuring the security and privacy of these interconnected devices has become a critical concern. The existing cybersecurity solutions and standards often need to be revised to address the unique challenges IoT-powered drones pose. Therefore, a smart cybersecurity architecture especially suited to safeguarding and securing IoT-enabled drones is urgently needed. A comprehensive and robust framework that integrates cutting-edge technologies, authentication procedures, encryption protocols, intrusion detection systems, and incident response capabilities customized to the unique needs and vulnerabilities of IoT drones is lacking in the current environment. IoT drones are vulnerable to interception, intrusion, unauthorized access, data breaches, and physical manipulation without an appropriate cybersecurity framework, which can have serious repercussions like compromised privacy, data loss, operational interruption, and even safety issues. By creating and implementing a smart cybersecurity system that includes encryption and secure communication, authentication and access control, firmware and software security, and intrusion detection, this study seeks to overcome these difficulties.

The following sections in this research are arranged as follows. Section “ Literature review ” presents background works and highlights the previous model. Section “ Proposed Framework ” discusses the methodology used in this paper. Section “ Experiments and results ” presents the experimental evaluation and points out the existing gaps in the reviewed literature and insights for future research, while Sect. “ Conclusion ” presents the conclusions.

Literature review

Law enforcement agencies use technology far more frequently in their daily operations. The most recent advancements in information technology and digital forensics enable more effective and efficient use of real-time monitoring, drone technologies, criminal tracking, crime investigation, spying, and bugging. In a particular situation, the technology-based solution outperforms human police officers when AI is utilized for crime suspect analysis and detection. The same technologies can be used to monitor and assess the environment at the target location to improve safety and reduce crime. To find potential criminal activities, it uses ML algorithms. AI can be used to warn the public or local law enforcement officials of potentially upsetting circumstances 9 , 10 , 11 . Drones are widely used and applied for military and defense purposes 12 , 13 . Drones come in various sizes, from military drones 200 feet to small flying machines. Drone size is an essential factor in terms of utilization and functionalities 14 , 15 . A military drone with a 16,999-mile range can cover much ground in a short amount of time 16 . The surface area, surroundings, and altitude affect the maximum areal duration 17 . The current research reveals that between 2015 and 2021, 51 security-related publications were included in the Web of Science (WoS) database 18 .

Drone security threats

There are several categories for drone security presented which is based on their size, usage, and control mechanisms. Undoubtedly, the drone uses the Wi-Fi communication protocol (IEEE 803.11) entirely for the purpose of communication 19 . The drone infrastructure includes a terrestrial hub and Wi-Fi network, subject to cybersecurity threats. According to Yin et al., the equipment's lack of encryption methods makes drones vulnerable to hijacking 20 . According to Koslowski et al., hijackings may result from assaults such as man-in-the-middle with a 3 km broad range 21 . IDT is growing in popularity in the military industry, as demonstrated by Ozmen et al. 22 . The fact that it was made to protect security and privacy is one of the main problems. Khan et al. demonstrated loss, cryptographic techniques, and data protection as significant privacy problems 23 . Several researchers have recently discovered security concerns, including protocol-specific, corrupted components, and sensor-specific threats. Prior research has focused chiefly on detecting drone cybersecurity issues. The prevention of these dangers is frequently overlooked. Ranjitha et al. proposed cryptographic data while transmitting to a terrestrial terminal using a secure encryption method 24 . According to Li and Bai 25 , mini drones have recently attracted much academic interest because of their small size and lightweight. Government and public information privacy are at risk due to the small drone. Numerous other studies, like those by Tuli et al. 26 , Cabassi et al. 7 , and Aldhyani et al. 3 , have examined the risks and problems that drones represent in terms of security. An efficient and clever edge-assisted IDT authentication approach was provided by Khan et al. 27 to secure the IoD. Drone security monitoring architecture for a manufacturing setting was presented by Maghazei et al. 28 . Kapoutsis et al. 29 suggested a framework for gas-emission industrial drones. In the security and agriculture sectors, drones are mostly used for monitoring. Examining drone cyber threats has been a problematic research area for the past 10 years. Smart city drone applications and the associated privacy problems were covered by Nguyen et al. 30 . Kumar et al. 31 and Aydin et al. 32 addressed drone networks' limits and future directions, and cybersecurity risks. In addition to problems and solutions, Aloqaily et al. 2 noted security vulnerabilities associated with commercial and industrial drones. IoT-based drones for agriculture were taken into consideration by Saha et al. 33 . According to Lyu et al. 34 , commercial drones must deal with issues such as drone data theft, UAV theft, and drone hijacking. Jares et al. 35 provided remedies and responses to security-related problems. GPS spoofing is also a problem with UAVs and needs an authentic, efficient, and safe solution. Several attempts at controlling and hacking UAVs were described in detail by Talaei et al. 36 .

The challenges, issues and vulnerabilities of UAVs

No wireless security or policy standardization is available for these UAVs 37 , 38 , 39 . As seen in Table 1 , this results in several dangers. Researchers have also tackled various cyber-attacks related to several types of UAVs in a pre-controlled environment 40 , 41 , 42 , 43 , 44 , 45 . The crash of drones with numerous parallel queries and the alteration of the request packet is called the buffer-overflow attack. However, some researchers used the cache-poisoning strategy, which resulted in the drone and GCR contact being cut off. In every situation, most attacks target the drone's microcontroller or operating system 46 . Technological advancements have made UAVs increasingly susceptible to such attacks 47 , 48 , 49 , 50 , 51 , 52 , 53 . GPS spoofing is the most prevalent type of attack, including zero-day attacks, signal jamming, and de-authentication. The Authentication, Authorization, and Accounting (AAA) framework defines the criteria for drone operation in any location. It grants several privileges to the controller of a drone to operate by the administrative rights mentioned while also establishing some stringent authentication procedures for drones to safeguard drone control so that it cannot be transferred to an unidentified third party. Furthermore, the operator can be quickly identified if there is any doubt or illegal action by drone. This reduces illegal spying, privacy issues, and cyberattacks. As a result, numerous mechatronic engineering methods have been proposed to counteract these harmful operations 54 .

These drones are inexpensive and widely accessible in marketplaces; thus, criminal conduct can be carried out using them. They are more dangerous because of their ability to carry a range of external payloads, which could lead to drones carrying explosives or toxic chemicals. Furthermore, their capacity to reach locations where normal humans cannot make them more harmful because they can deliver anything without drawing attention 55 . It should be mentioned that safety is a concern as well, especially if drones are flying in overpopulated areas and crash owing to a variety of defects 56 . These kinds of instances have frequently been reported. One of the instances occurred in April 2016, when a UAV collided with a British Airways BA727 passenger plane. After reviewing these incidences and issues, the following public safety measures can be implemented: A drone will likely be hacked or diverted from its intended direction due to strong winds. Therefore, a reset button should be accessible to return the drone to a hovering state and aid in regaining control. Some places where drones may encounter signal jammers and then be managed for a cyberattack. As a result, drones must include some form of sensor that can identify signal jammers in the area.

Drone security using machine learning

The three most common ML technique types are semi-supervised, supervised, and unsupervised learning. To combat cyber threats in IoT networks 57 , cloud computing 58 , and communication networks 59 , several researchers have employed ML models. To identify DDoS assaults using two characteristics, A self-adaptive model using RF and LSTM was integrated with a learning strategy by Vedula et al. 60 (autoencoder). Hosseinzadeh et al. 61 developed a probabilistic approach in a restricted cyber-physical system for identifying and managing an actuation danger. Only a little research has been done on ML-based assaults on drone networks. The current research prominently suggests an access control technique for drone security.

Table 1 summarizes the most current studies on using ML in wireless security network solutions. A thorough literature review revealed many publications addressing privacy and safety issues with drone data security between 2010 and 2020. Most of the study examines cybersecurity challenges, uses, and problems. Additionally, spoofing, drone hijacking, and data protection are considered. Several research studies have recognized the problem domain, but workable solutions have yet to be provided. Bera et al. put up a solution based on blockchain for data security 62 during communication through IoT-enabled drones. Manual attack detection is a component of the described approach. Drones based on IoT networks were proposed. However, a device-based authentication mechanism was not appropriate for it. The development of a safe IDT presents an open research issue by proposing a method that solves concerns about cybersecurity threats to guarantee drone flexibility in the manufacturing industry.

A complex and smart framework is required for drone security to analyze data from assaults and guarantee drone security by implementing appropriate activities. In the past, mobile-based networks for the defense against cyber-attacks have been suggested using artificial intelligence-inspired methodologies, but drone-based security has yet to be included. The approach for drone authentication, security, and access management proposed in the current study is motivated by machine learning.

Drone security using deep learning

Neural networks are used in deep learning, a modern field of AI. These neural networks are more accurate classifiers and predictors because they have more hidden layers 63 , 64 . DL algorithms have numerous applications in present smart cities due to their ability to tackle problems with incredible skills and efficiency. The authors thoroughly examined the application of DL in upcoming smart cities 65 , 66 . The topics explored in this study are smart mobility, smart city urban modeling, transportation, intelligent infrastructure for smart cities, smart urban governance, smart education, smart health solutions, resilience and sustainability, and smart urban governance. Concerns about privacy and cyberattacks have increased because of the growth of smart devices and interconnectivity through IoT. The DL algorithms are highly effective in dealing with cyber threats due to their exceptional anomaly identification and categorization skill. The researchers used several DL algorithm-based techniques 67 , 68 , 69 , 70 , 71 , 72 , 73 , 74 to identify and counteract cyberattacks on the IoT-based infrastructure used in smart cities. These results also point to potential topics for future research by comparing the accuracy of various DL algorithms. Deep hierarchical models and deep learning models have proposed the learning of non-linear correlations between data for malicious attack detection 75 , 76 .

The VIRAT2020 dataset is utilized to detect intrusions using ANN, which lowers features from correlation and data gain 77 . The accuracy of the results from the model was increased. The author combined multivariate component analysis and PCA, offering a method for detecting DDoS attacks in a real-time approach 78 . Based on the trustworthy and current CICIDS2017 network attacks dataset, Musafer et al. 79 developed a sparse classifier for systems that detect intrusions. The NSLKDD and KDD CUP 99 datasets were used to evaluate the authors' suggested deep learning model, which uses a memetic algorithm to identify unusual traffic 80 . To create an effective system for detecting intrusions, feature augmentation has been combined with SVM and has produced reliable results regarding false alarm rate and training speed 81 . Researchers have used multilevel intrusion detection to detect intrusions 82 . A unique neural network model has been put out for intrusion detection to increase accuracy 83 . Additional hazards and security difficulties are brought about by expanding network connectivity and integrating terrestrial networks with satellite networks. DDoS is one of the most frequent attacks that disrupt service in satellite-terrestrial integrated networks. Numerous research has been put forth in the literature to identify DDoS in satellite and terrestrial networks.

Proposed framework

The proposed UAV Framework utilizes a hybrid ML and DL approaches for Intrusion Detection (IoD) in UAV networks. It is designed to accommodate the structure of conventional networks where drones connect with base (drone) and ground base stations for transaction management. The framework consists of two main components: the base and ground station, both responsible for capturing and processing data. Unlike traditional networks that can rely on a centralized module, the proposed framework for drones may require separate hybrid modules for the base station and ground station. The base station module controls all drone communications and validates the selection of the drone's module. Distributed modules are employed to detect and assess the level and type of attacks. Each drone is equipped with a module that directly monitors attacks on the drone, while a second module is situated at the ground base station. These modules collaborate to validate attacks and determine which drones should be notified. All drones in the sky can communicate with the base station, a single station, or a network of stations. Streaming or batching for drone intrusion detection depends on the technology used. Batch processing is required when employing MapReduce as a significant component for decision-making, as it requires time for development. However, runtime identification can be performed using frameworks like Flink, Storm, Apache Kafka, or Spark. In this study, Apache Kafka is preferred due to its efficient handling of massive data streams, particularly during the initial stage. The study simulates real-time analysis by providing data as a stream to the modules. Figure 1 illustrates the Smart Framework Layered Architecture of Drone Attacks. The two primary components of the framework are drones and base stations.

Hierarchy of the proposed model

Drone layer.

The drone layer comprises a camera-equipped quadcopter, the initial layer in the proposed tiered architecture for industrial drones. IoT sensor data update this layer. A camera, GPS sensor, radar, and altitude sensor are deployed as smart sensors. In the suggested architecture, this is the initial stage. This layer can sense, record, and communicate the data collected via drones to the layer above. An unmanned aircraft system (UAS) drone is applied at this layer, which oversees drone flight operations, sensor data logging, etc. The ground controller and the communication connection comprise the two components of the UAS. The disclosed design uses a DJI Phantom 3 drone with a special communication link. and remote control. The drone is equipped with sensors according to the suggested architecture.

Edge processing layer

The privacy and security layer at the second layer receives the data from IoT and drones, known as the edge processing layer for the Internet of Drones (IoD), where the data source is verified as being from approved sources. This layer corresponds to the cloud layer and is responsible for data transmission and communication. Numerous gateway device methods enable wireless communication. Information is transmitted quickly using Wi-Fi connectivity. The edge processing layer efficiently facilitates communication between devices and the cloud. This layer controls flooding, cashing, and data protection. The Azure IoT gateway is implemented for cloud connectivity in the proposed research. Figure 3 depicts the design of the IoT gateway.

Security and privacy layer

The following layer utilizes machine learning models to provide device authentication and safe access control. The main component of this IoT framework, data safety, and security, is implemented at this level. At this point, numerous threats to privacy could emerge. They are 1. Physical threat to privacy; 2. behavioral threat to privacy; and 3. location threat to privacy. Taking possession of someone's property is connected to physical privacy. The privacy of someone's possessions may be threatened if someone else is covertly keeping an eye on the drone data. An individual's location being recorded by an unauthorized person is a location privacy threat. An unauthorized party watching someone's actions and conduct is considered a threat to their privacy. Authentication procedures and schemes must be used to combat these kinds of security concerns. Unauthorized individuals make such security threats through a variety of security vulnerabilities. The most prevalent threat types include spoofing, DoS, jamming, and intrusion attacks. An algorithm that uses machine learning to detect and alert users of this kind of vulnerability is used to ensure device authentication in the proposed architecture.

Device connection layer

IoT gateways are essential for connecting to a base station's cloud-based IoT Hub. A further module for security orchestration and automation is included in this case to guarantee connectivity for only authenticated devices. The IoT Hub acts as a messaging intermediary between IoT devices and applications. The IoT hub in an IoT network enables communication between IoT devices and cloud-based platforms. It is a two-way conversation. Only authenticated devices are subject to the security mechanisms at this layer. The procedure for registering and encrypting network-connected devices is shown in Fig. 4 . The blockchain client receives sensor, drone, and network data, protects the data's integrity, and saves the data in a database on a cloud server. Real-time security for IoT devices is provided through primitive blockchain technology.

Working of Hybrid ML-DL.

Data processing layer

This layer receives the data from the IoT Hub and uses it to evaluate the drone's data stream. In this case, two new modules are put into use: a data hub service that facilitates easy and convenient cloud storage and a machine intelligence component that analyses data intelligently. Following the circumstances and needs of the data, a variety of machine learning algorithms are available. This study aims to develop an intelligent machine-learning strategy for device authentication. This layer comprises an authentication system built using the clever machine learning method Naive Bayes. The IoT hub layer uses drone timestamp data for a set period to authenticate devices. The model is developed and validated using data from drone flights. The model is first trained, then testing is done to see if the model is smart enough to recognize malicious drone activity. The model will notify the system and prevent the device from connecting to the cloud if the drone information is erroneous. When a drone behaves inappropriately, it is promptly identified, and machine intelligence is used to prevent unwanted access. Several security risks accompany flight operations. The most frequent threat is a man-in-the-middle assault, which happens when a third party takes control of the drone. False information may also spread when an unauthorized individual attempts to run the drone. The Naive Bayes classifier is implemented in the proposed architecture to train a model, which is subsequently used to validate freshly generated aircraft paths. We calculated the precision, recall, and accuracy using the real-time and VIRAT2020 datasets. Recall is the percentage of inaccurate forecasts, while precision is the percentage of accurate and accurate predictions.

Data storage layer & data visualization layer

The data storage centers at the data storage layer are where the outcomes of the data processing produced by the data processing layer are kept. The drone layer stores the results drones produce in a cloud-based NoSQL database. The information consists of IoT sensors, a network, and drones. Data may be easily accessed and retrieved due to the schema-less storage offered by NoSQL databases. This method allows for the storage of many data. As a self-referential database, a NoSQL database is more practical than a SQL database. These databases often use the storage structures depicted in Fig. 5 . The most popular structures are displayed, including documents, graphs, key-value, and columns. The layer of data visualization enables a variety of tools and services for data monitoring. This platform uses Microsoft Azure services for hub services and storage services. The findings produced by the visualization layer, which displays the forecasts made by our intelligent model about the security level of a drone, are seen through a mobile app. The Nave Bayes algorithm is used to detect drone attacks. Using the findings of stream analytics, which are kept in a storage center, Fig. 6 illustrates the architecture of business intelligence. Power BI, a business intelligence modeling and result visualization platform uses these findings.

Bias variance.

Hybrid drone security

IDSs must have a deep understanding of all past attacks that have been found. Statistical methods only work effectively in a drone system open to unexpected threats. Unsupervised learning algorithms are enhanced strategies to detect attacks based on device data and generate alerts about unusual attacks. The gadget could spot irregularities and take precautions against attacks in this approach. When the defense system fails to stop an assault, the gadget raises alarms, alerting the system administrator. This provides the primary distinction between learning-based intrusion detection systems and signature-based systems. However, most attacks will only be noticed if there is previous knowledge. Additionally, data noise may affect the detection process. The effectiveness of the supervised and unsupervised tools has improved due to advancements in deep neural networks.

IoD with ML

sIn the domain of drone Intrusion Detection (IoD) within UAV networks, various Machine Learning (ML) methods have been explored to detect and mitigate potential attacks. This section discusses some commonly employed ML methods, including Logistic Regression (LR), Decision Trees (DT), Random Forests (RF), and Naive Bayes, for drone IoD.

Logistic regression (LR)

LR is a widely used ML algorithm for binary classification tasks. In the context of drone IoD, LR models can be trained on labeled datasets to classify network traffic as either normal or malicious. LR excels at providing interpretable results by estimating the probability of an instance belonging to a specific class based on feature weights. It can serve as a baseline method for initial drone IoD experiments.

Decision trees (DT)

By building a hierarchical structure of decision rules based on the input features, DT algorithms are tree-based machine learning techniques. DTs are simple and can capture complicated decision boundaries. In drone IoD, DTs can be trained to identify malicious or benign network traffic based on criteria such as packet headers, payload properties, or communication patterns. They are adaptable for identifying different kinds of drone assaults since they can handle both continuous and categorical data.

Random forests (RF)

Various decision trees are combined in the RF ensemble learning technique to increase prediction resilience and accuracy. RF models are particularly good at handling noisy data and high-dimensional datasets. RF can employ an ensemble of decision trees trained on various subsets of the data to categorize network traffic in the context of drone IoD. This ensemble approach improves the intrusion detection system's overall performance and robustness.

Naive Bayes

The probabilistic ML algorithm Naive Bayes is based on the Bayes theorem. It determines the likelihood that an instance belongs to a particular class under the assumption of independence between features. Large datasets can be handled by naive Bayes classifiers, which are also computationally efficient. In drone IoD, Naive Bayes models can be trained with labeled data to determine whether observed feature patterns in network traffic indicate benign or malicious activity. Despite the erroneous feature independence assumption, naive Bayes can produce surprisingly good results in practice.

IoD with DL

Machine Learning (ML) techniques that use recurrent neural networks (RNNs) in the field of drone intrusion detection (IoD) within UAV networks have shown promise in identifying and thwarting possible attacks. The RNN versions of Gated Recurrent Units (GRU), Recurrent Neural Networks (RNN), Long Short-Term Memory (LSTM), and Bidirectional LSTM (biLSTM) that are frequently used for drone IoD are covered in this section.

Gated recurrent units (GRU)

A form of RNN design known as GRU solves a few drawbacks of conventional RNNs. GRU models are better at capturing long-term dependencies in sequential data because they feature gating mechanisms that enable them to update and reset their internal states selectively. In drone IoD, GRU models can examine network traffic patterns over time while considering the previous context to categorize occurrences as legitimate or malicious. They are useful for real-time assault detection in UAV networks because they are computationally efficient and can manage temporal dynamics well.

Recurrent neural networks (RNN)

RNNs are a subset of ML models created especially for processing sequential input by preserving hidden states that store knowledge from earlier time steps. RNNs are suitable for drone IoD because they can detect temporal dependencies in time-series data. To analyze the temporal patterns in network traffic and spot anomalies or malicious activity, RNNs can be trained using labeled datasets. Standard RNNs, however, could experience the vanishing gradient problem, which hinders their capacity to detect long-term dependencies. The nodes in Recurrent Neural Networks (RNN) connected are one of the deep learning techniques. These nodes can handle input and output individually, even though each data element is handled separately and stored in sequential order. RNNs are useful in various tasks, including video processing, time series prediction, natural language processing, and speech synthesis. Figure 2 illustrates the multi-layer perceptron design used by RNNs. Additionally, it has a looping design that acts as the primary pathway for information transfer from one level to the next. The extracted RNN loops are displayed in Fig. 3 as folded RNN layers.

Long short-term memory (LSTM)

LSTM is an RNN variation incorporating memory cells and gating techniques to solve the vanishing gradient issue. LSTMs can effectively capture long-term dependencies in sequential data by selectively storing or forgetting information. In drone IoD, LSTM models can recognize hostile behavior and understand intricate temporal patterns in network traffic. They are very helpful when long-range dependencies are crucial for spotting complex attacks.

Bidirectional LSTM (biLSTM)

A variation of LSTM that processes the input sequence forward and backward, biLSTM incorporates data from previous and upcoming time steps. Thanks to this bidirectional processing, the model may capture a more thorough grasp of the context and dependencies in the data.

It is crucial to remember that the effectiveness of these ML techniques, such as GRU, RNN, LSTM, and biLSTM, depends on several variables, including the accessibility and caliber of labeled training data, the complexity and variety of attack patterns, and the unique features of the UAV network. After careful analysis and trial, the best ML strategy for drone IoD in each situation must be determined. Additionally, combining these techniques with other ML algorithms or ensemble techniques can improve the precision and efficacy of drone intrusion detection systems in UAV networks.

Drone data collector

The data collectors gather the RNN-LSTM module information. This module is also in charge of splitting the data packets into their parts and extracting parameters like reception rate, source IP, transmission-to-reception ratio, transmission rate, destination IP, duration of the activity, and transmission mode. The data collector is given this responsibility since, as was already indicated, our architecture is built to work for batch and stream data modes. As a result, two collector modules are suggested in our architecture, one in each drone component and the other in the base station component, as shown in Fig. 1 . The collector configured that buffer data when analyzing batch data. The data collector will oversee providing the data to the RNN-LSTM module in stream form when using the data stream mode. It was the method used in this investigation. The data collector simulates real-time data processing and adjusts the data as necessary because we are replicating the drone's activities.

In contrast, the data collector in physical drones, which is not the case in this work, will oversee intercepting the data from the communication module and preparing it to meet the needs of the RNN-LSTM module. The module is furthermore in charge of sending the RNN-LSTM module's decision and the data it has gathered to the base station collector module. All the drones' data and decisions are sent to the base station data collector module. It analyses all incoming data for decision verification and sends it to the base station's central RNN-LSTM module. The decision-maker module will then get the conclusion and proceed with further processing. The hyperparameters of the proposed framework are shown in Table 3 with (Units, batch size, epochs, dropout, batch size, and optimization). We use a minimal dropout value of 15–35% of neurons during training, with 20% serving as a decent starting point and teaching neurons how to identify attacks. A probability that is too low has little impact, and a probability that is too high prevents the network from learning enough. Moreover, epochs deploy drone assaults following the performance. Even while training accuracy improves, increase the number of epochs until the validation accuracy declines (overfitting).

Mitigating bias and variance in data

In this section, we addressed the limitations presented in Fig. 5 of KDDcup 99 and CICIDS2017 datasets. The KDD Cup 99 dataset's substantial redundancy, which might induce bias throughout the learning algorithms, is a serious negative. This bias tends to favor frequent records while impeding the learning of uncommon ones, which are often more destructive to different network attacks. In addition, the inclusion of these repeating records in the test set may influence evaluation results in favor of techniques that have higher detection rates for common data. To resolve this problem, we carried out a comprehensive data cleaning procedure, removing all duplicate entries from the KDDCup 99 test, and training sets and keeping just one copy of each record. The decrease in duplicate data for the KDDCup 99 test and training sets. We identified several constraints while analyzing the features of this CICIDS2017 dataset. One glaring drawback is its size, spanning eight files and encompassing five consecutive days of traffic information collected by the Canadian Institute of Cybersecurity. Building a realistic Intrusion Detection System (IDS) would be more feasible with a single, consolidated dataset. Additionally, the dataset contains a significant number of redundant entries that may not be crucial for training an IDS. We also observed a severe class imbalance problem within the dataset, despite its relevance to contemporary attack scenarios. Such class imbalance can mislead the classifier and bias it towards the dominant class. To address the issue of scattered data across multiple files in CICIDS2017, we consolidated the data. Furthermore, missing values were removed. While the dataset's substantial volume presents a limitation, it is inherent to typical datasets containing comprehensive information. The challenge of high volume can be mitigated by sampling the dataset before initiating the actual detection process. However, it is crucial to emphasize that addressing the class imbalance issue is a prerequisite. Balancing the dataset increases the likelihood of instances from all class labels occurring, enhancing the overall effectiveness of the analysis. IDS within wireless sensor networks can be framed as a classification problem, involving the categorization of data into two categories: normal data and attack data. Addressing the issue of class imbalance between these two categories, and seeking to enhance classification accuracy, involves the utilization of SMOTE (Synthetic Minority Over-sampling Technique). SMOTE is employed to increase the representation of the minority class by generating synthetic instances, effectively rebalancing the dataset. Consequently, this rebalanced training set improves the model's ability to tackle the inherent class imbalance within the original data.

Sensors and transmissions

Table 2 Hyperparameters proposed framework with RNN, LSTM, and Bi LSTM.

The ZigBee wireless technology is used due to the characteristics, analogies, and capability of digital information transmission. The proposed framework utilized XBee Pro S1, which can send data over a great distance. The data is collected with the following sensors.

Radar Sensor

BMP180 Pressure Sensor

The NEO-7N chip and an electrical circuit make up the GPS receiver known as the GY-GPS6MV2. An LED display and a battery make up its construction. The light comes on when it sends GPS data across satellites. This sensor module also has an approximate 161 dBm sensitivity. Radar Detector: This is used to monitor and recognize items far away. These sensors emit electromagnetic radiation in the direction of targets and objects. Compared to optical sensors, these sensors offer enhanced accuracy in identifying objects. Radar sensors can be replaced with accelerometers in the proposed system. Specifically, an HC-SR04 ultrasonic proximity sensor is utilized. Radar sensors are employed to calculate object patterns. The BMP180 Pressure Sensor is employed for altitude and pressure measurements, which consumes minimal battery power. It is compact and exhibits excellent precision. The pressure sensor module is factory-calibrated, ensuring superior accuracy compared to other sensor alternatives.

Drone data centralized RNN

On the base station, in this instance, another RNN-LSTM is deployed. Again, this module might operate on streams or batches. According to the selected mode, it receives drone traffic from the data collecting module either in streams or in batches. To determine which drone is compromised, the central RNN-LSTM will decide based on the total amount of data gathered. The decision-maker module receives the decision from the central RNN-LSTM module. Due to the traffic generated by the many drones, the centralized RNN has more training than the RNN on individual drones.

Experiments and results

In this section, we used impartial measurements to assess the effectiveness of the suggested framework. For statistical parameters, accuracy, precision, recall, and F-measure, we computed temporal efficacy, statistical performance, reliability, and stability results. The outcome for a mobile system is shown, and it includes the drones' security status and an IoT-enabled network with ML and DL. Four assessment metrics were used in the proposed ML framework to assess the model's performance compared to more conventional methods as given in Table 2 .

The efficiency of these ML approaches for drone IoD may vary based on the network's unique properties, the types of assaults, and the standard and accessibility of labeled training data. This is important to keep in mind. To find the best way to identify and thwart drone assaults in UAV networks, it is crucial to assess and compare various ML techniques carefully. Additionally, combining different ML approaches or using more complex methods like deep learning might improve the precision and robustness of drone IoD systems even more as can be seen in the mathematical equations below.

Figures 6 , 7 and 8 demonstrate the model's accuracy with RNN, LSTM, and Bi-LSTM concerning the number of iterations (epochs). The experiment inspected the accuracy of the proposed model with different sample sizes, epochs, and activation functions (Adam, degrade, madam, and Adamax). They push up and down the learning rate of the model. Figure 6 shows the detection accuracy versus epochs. As shown in the graph, LSTM accuracy increased with several iterations. It would be more stable with increased epochs and sample size. Moreover, the average accuracy was (91%) and reached (92%) in some cases. Figure 7 illustrates the model accuracy using a dropout rate of 0.2 along with various activation functions (Adam, degrade, madam, and Adamax). The graph demonstrates a commendable alignment between the accuracy and the actual function. Moving on to Fig. 8 , it portrays the accuracy of detection over different epochs. However, when applying the proposed model with GRU and utilizing the relu activation function, the achieved accuracy appears to be relatively lower.

Accuracy vs. Epochs based on Recurrent Neural Networks (RNN).

Accuracy vs. Epochs based on Long Short-Term Model (LSTM).

Accuracy vs. Epochs based on Gated Recurrent Unit (GRU).

The distribution of normal and attack records throughout 10% validation, 20% test, and 70% training records is shown in Table 3 of this work, along with an overview of the various attacks. The datasets used in this work came from the KDDCup 99 and CSE-CIC-IDS 2018 on AWS, which offer important details on the setups and traits of intrusions. Beginning in 2018, the Canadian Institute for Cybersecurity (CIC) and the Communications Security Establishment (CSE) worked together to create these datasets. To test, analyze, and assess network-based anomaly detection intrusion detection systems (IDS), they set out to create datasets methodically. These datasets provide thorough descriptions of incursions and abstract distribution models for programmers, protocols, or low-level network entities by utilizing the idea of profiles. The datasets capture representations of actual network events and behaviors and provide extensive benchmark resources for IDS. Individual operators can provide network events for various network protocols and topologies because of the profiles' abstract character. The dataset used in this study offers comprehensive descriptions of intrusions aimed against protocols, apps, or other lower-level network elements. It is frequently used to evaluate and test intrusion detection methods. Six different attack scenarios—Botnet assaults, HTTP denial of service, web application attack collection, network infiltration attacks, brute force attacks, and DDoS attacks—are represented in the dataset. Further, details about these attack scenarios can be found in Ref. 29 . 6,437,330 normal records and 1,656,840 attack records comprise the dataset, split into 10% validation, 20% test, and 70% training records. Table 4 shows a detailed breakdown of the various attack distribution types found in the KDDCup 99 and CSE-CIC-IDS2018 datasets.

Table 4 summarizes the performance of the proposed model on drone dataset in terms of accuracy, precision, recall, and F1 score with various machine learning and deep learning methods such as ML (Random forest (RF), Support Vector Machine (SVM), Decision Tree (DT), Linear Regression (LR), Logistic Regression (LR), Naive Bayes (NB), Multiple Regression Analysis (MPA), K-Nearest Neighbor (KNN) and Perceptron Network (PN), DL (Recurrent Neural Network (RNN), Gated Recurrent Unit(GRU), Long short-term memory (LSTM) and Bi-LSTM (Bidirectional Long short-term memory). Experimental results reveal that the deep learning method has shown significant results for detecting intrusion and drone attacks. It can be seen in Fig. 9 that linear regression; decision tree and random forest results are quite well as compared to naive Bayes and the rest of machine learning methods but comparatively low as deep Learning methods. Table 4 highlighted that LSTM and Bi-LSTM accuracy is better than GRU and RNN. The RNN shows the lowest result in terms of accuracy, precision, recall, and f1 score.

Accuracy Analysis Vs Number of Drones on ML Methods.

Table 5 shows experimental results based on deep learning methods RNN, GRU, LSTM, and Bi-LSTM with different iterations (number of epochs) and Decay. It has been reported that the number of epochs is one significant parameter for the training and testing of the model. When the model is trained on a few epochs, the model's accuracy is compromised, and the error ratio is relatively high. When we increased the iteration, the model gradually covered. Furthermore, there is no substantial difference between 30 to 50 epochs. The iterations model is based on dataset and resources; therefore, it is decided that a maximum of 100 epochs is adequate. Another hypermeter that influences the overfitting and underfitting if the ratio of the neuron is low in each layer, the chance of the model to be underfitting with inaccurate simulation, and the model will also lose significant features in that case. If the ratio of neurons in the layer is high, the chances for overfitting and the model will only learn given features or limited features. The model uses a dropout and regularization approach to overcome such conditions, randomly deactivating several neurons.

Moreover, during the detailed analysis of the model's performance, we computed the learning rate (LR) and the Decay of the model as presented in Table 3 . The decay calculates the model's learning rate (LR) in each iteration (epoch). It shows how much learning is down on iteration. Table 3 also shows various evaluation criteria for comparing RNN, GRU, LSTM, and Bi-LSTM. It also highlighted that each method has the best result on 100 epochs. Comparatively, the model's performance in the testing stage (1–3%) is lower than in the training stage. As per the result summary with different methods in Table 3 , the model Bi-LSTM and simple RNN method perform well on 100 epochs. The training and testing accuracy of RNN and LSTM (91%, 91%), respectively. The LSTM network has long-term memory, which stores information with the help of the forget gate. It specifies how much previous memory is kept. Each iteration of the LSTM network returned backwards and updated weights with biases.

In Table 6 , each row represents an attack type, and the columns display the precision, recall, and F1 score values corresponding to that attack type. Please note that the values in this table are hypothetical examples and should be replaced with the actual results obtained from the LSTM model trained on the CSE-CIC-IDS 2018 dataset. The accuracy or correctness of identifying and classifying brute force attacks is relatively better than other attacks on the dataset. It measures the proportion of true positive predictions (correctly identified attacks) out of the total predicted positive instances (all instances identified as attacks).

This paper proposed an IoT-Empowered smart cyber security framework called the Internet of Drones (IoDs), a drone-based network using machine learning and deep learning methods. This proposed framework uses IoT-based data from sensors, sensors network, and drone-enabling devices information to achieve security level patterns in identifying security threats and exploiting attack patterns. Also, we presented a holistic view of the drones/UAVs and provided a detailed explanation and classification of IoT Empowered smart cyber security networks. The proposed framework has been reported to be effective for detecting cyberattacks on challenging datasets. The proposed framework achieved outstanding results with deep learning methods (RNN and LSTM), which is comparatively better than traditional ML methods. In addition, the precision, recall, and F1-score are computed for detailed analysis to estimate the performance. The presented framework reveals generalizability and robustness for identifying attack types. Finally, imputable to alarmingly increase and use of drones in terrorism and crime, further studies will be conducted to prevent and counter the UAV threats.

Data availability

The datasets used/analysed during the current study are available at the following links: https://www.kaggle.com/datasets/cicdataset/cicids2017 , https://www.kaggle.com/datasets/galaxyh/kdd-cup-1999-data .

Diaz Linares, I.; Pardo, A.; Patch, E.; Dehghantanha, A.; Choo, K.K.R. IoT Privacy, Security and Forensics Challenges: An Unmanned Aerial Vehicle (UAV) Case Study. In Handbook of Big Data Analytics and Forensics; Springer: Berlin, Germany, 2022; pp. 7–39.

Aloqaily, M., Boucher, O., Boukerche, A. & Al Ridhawi, I. Design guidelines for blockchain-assisted 5G-UAV networks. IEEE Netw. 35 , 64–71 (2021).

Article Google Scholar

Aldhyani, T. H. & Alkahtani, H. Attacks to automatous vehicles: A deep learning algorithm for cybersecurity. Sensors 22 , 360 (2022).

Article ADS PubMed PubMed Central Google Scholar

Aloqaily, M., Hussain, R., Khalaf, D., Hani, D. & Oracevic, A. On the role of futuristic technologies in securing UAV-supported autonomous vehicles. IEEE Consum. Electron. Mag. 11 , 93–105 (2022).

Abdani, S.R.; Zulkifley, M.A.; Zulkifley, N.H. A lightweight deep learning model for covid-19 detection. In Proceedings of the 2020 IEEE Symposium on Industrial Electronics & Applications (ISIEA), Kuala Lumpur, Malaysia, 17–18 July 2020; pp. 1–5.

Gharibi, M., Boutaba, R. & Waslander, S. L. Internet of drones. IEEE Access 4 , 1148–1162. https://doi.org/10.1109/ACCESS.2016.2537208 (2016).

Khan, A. A. et al. BIoMT: A state-of-the-art consortium serverless network architecture for healthcare system using blockchain smart contracts.". IEEE Access 10 , 78887–78898 (2022).

Grieco, L.A.; Boggia, G.; Piro, G.; Jararweh, Y.; Campolo, C. Ad-Hoc, Mobile, and Wireless Networks. In Proceedings of the 19th International Conference on Ad-Hoc Networks and Wireless, ADHOC-NOW 2020, Bari, Italy, 19–21 October 2020; Springer Nature: Berlin, Germany, 2020; Volume 12338.

Rademacher, T. Artificial Intelligence and Law Enforcement 225–254 (Springer International Publishing, 2020). https://doi.org/10.1007/978-3-030-32361-5 .

Book Google Scholar

A. Muhammad, M. Asad, and A. R. Javed, “Robust early stage botnet detection using machine learning,” in 2020 International Conference on Cyber Warfare and Security (ICCWS). IEEE, 2020, pp. 1–6.

Saif, W. S., Esmail, M. A., Ragheb, A. M., Alshawi, T. A. & Alshebeili, S. A. Machine learning techniques for optical performance monitoring and modulation format identification: A survey. IEEE Commun. Surv. Tutor. 22 (4), 2839–2882 (2020).

Ala'a Al-Habashna. "Building Height Estimation using Street-View Images, Deep-Learning, Contour Processing, and Geospatial Data." CRV . 2021.

Barletta, V. S., Caivano, D., Nannavecchia, A. & Scalera, M. A spell checking web service API for smart city communication platforms. Open J. Appl. Sci. 9 , 819–840 (2019).

ADS Google Scholar

Chang, C.-W., Lee, H.-W. & Liu, C.-H. A review of artificial intelligence algorithms used for smart machine tools. Inventions 3 , 41 (2018).

Charan, DL Rama, et al. "Convolutional Neural Network based Water Resource Monitoring Using Satellite Images." 2020 5th International Conference on Communication and Electronics Systems (ICCES). IEEE, 2020.

Estrada, Elsa. "Smart City visualization tool for the Open Data georeferenced analysis utilizing machine learning." Instituto de Ciencias Sociales y Administración (2018).

Fedorova, Stanislava. GANs for Urban Design. Preprint at https://arXiv.org/quant-ph/2105.01727 (2021).

Moosavi, V. "Urban morphology meets deep learning: Exploring urban forms in one million cities, towns and villages across the planet. arXiv e-prints, page. Preprint at https://arXiv.org/quant-ph/1709.02939 (2017).

Supramongkonset, J.; Duangsuwan, S.; Promwong, S. A WiFi Link Budget Analysis of Drone-based Communication and IoT Ground Sensors. In Proceedings of the 2021 7th International Conference on Engineering, Applied Sciences and Technology (ICEAST), Pattaya, Thailand, 1–3 April 2021; pp. 234–237.

Yin, Z.; Song, Q.; Han, G.; Zhu, M. Unmanned optical warning system for drones. In Global Intelligence Industry Conference (GIIC 2018); International Society for Optics and Photonics: Bellingham, DC, USA, 2018; Volume 10835, p. 108350Q.

Koslowski, R. & Schulzke, M. Drones along borders: Border security UAVs in the United States and the European Union. Int. Stud. Perspect. 19 , 305–324 (2018).

Ozmen, M.O.; Yavuz, A.A. Dronecrypt-an efficient cryptographic framework for small aerial drones. In Proceedings of the MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM), Los Angeles, CA, USA, 29–31 October 2018; pp. 1–6.

Khan, M. A. et al. An efficient certificate-based aggregate signature scheme for internet of drones. Secure. Commun. Netw. 2022 , 9718580 (2022).

Google Scholar

Ranjitha, K.; Pathak, D.; Tammana, P.; Antony, F.A.; Alladi, T. Accelerating PUF-based UAV Authentication Protocols Using Programmable Switch. In Proceedings of the 2022 14th International Conference on COMmunication Systems & Networks (COMSNETS), Bangalore, India, 4–8 January 2022; pp. 309–313.

Li, S. & Bai, Y. Deep learning and improved HMM training algorithm and its analysis in facial expression recognition of sports athletes. Comput. Intell. Neurosci. 2022 , 1027735 (2022).

PubMed PubMed Central Google Scholar

Tuli, E. A., Golam, M., Kim, D. S. & Lee, J. M. Performance enhancement of optimized link state routing protocol by parameter configuration for UANET. Drones 6 , 22 (2022).

Khan, M. A. et al. A provable and privacy-preserving authentication scheme for UAV-enabled intelligent transportation systems. IEEE Trans. Ind. Inform. 18 , 3416–3425 (2021).

Maghazei, O.; Netland, T.H.; Frauenberger, D.; Thalmann, T. Automatic drones for factory inspection: The role of virtual simulation. In Proceedings of the IFIP International Conference on Advances in Production Management Systems; Springer: Berlin, Germany, 2021; pp. 457–464.

Kapoutsis, A. C., Michailidis, I. T., Boutalis, Y. & Kosmatopoulos, E. B. Building synergetic consensus for dynamic gas-plume tracking applications using UAV platforms. Comput. Electr. Eng. 91 , 107029 (2021).

Nguyen, H.P.D.; Nguyen, D.D. Drone application in smart cities: The general overview of security vulnerabilities and countermeasures for data communication. In Development and Future of Internet of Drones (IoD): Insights, Trends and Road Ahead; Springer: Berlin, Germany, 2021; pp. 185–210.

Kumar, A., Elsersy, M., Darwish, A. & Hassanien, A. E. Drones combat COVID-19 epidemic: Innovating and monitoring approach. In Digital Transformation and Emerging Technologies for Fighting COVID-19 Pandemic: Innovative Approaches (eds Kumar, A. et al. ) 175–188 (Springer, 2021).

Chapter Google Scholar

Aydin, Y.; Kurt, G.K.; Ozdemir, E.; Yanikomeroglu, H. Group authentication for drone swarms. In Proceedings of the 2021 IEEE International Conference on Wireless for Space and Extreme Environments (WiSEE), Cleveland, OH, USA, 12–14 October 2021; pp. 72–77.

Saha, H. N., Roy, R., Chakraborty, M. & Sarkar, C. IoT-enabled agricultural system application, challenges and security issues. In Agricultural Informatics: Automation Using the IoT and Machine Learning (eds Choudhury, A. et al. ) 223–247 (Wiley, 2021).

Liu, C. & Zhan, R. Global analysis of active defense technologies for unmanned aerial vehicle. IEEE Aerosp. Electron. Syst. Mag. 37 , 6–31 (2022).

Jares, G.A.; Valasek, J. Flight Demonstration and Validation of Control Acquisition Autopilot Attack. In Proceedings of the AIAA SciTech 2022 Forum, San Diego, CA, USA, 3–7 January 2022; p. 2341.

Talaei Khoei, T., Ismail, S. & Kaabouch, N. Dynamic selection techniques for detecting GPS spoofing attacks on UAVs. Sensors 22 , 662 (2022).

Kafi, M. A. et al. A study of wireless sensor networks for urban traffic monitoring: Applications and frameworks. Procedia Comput. Sci. 19 , 617–626 (2013).

Mansfield, K.; Eveleigh, T.; Holzer, T.H.; Sarkani, S. Unmanned aerial vehicle smart device ground control station cyber security threat model. In Proceedings of the 2013 IEEE International Conference Technology Homel Security (HST), Waltham, MA, USA, 12–14 November 2013; pp. 722–728.

Khan, A. A., Laghari, A. A., Shafiq, M., Awan, S. A. & Gu, Z. Vehicle to everything (V2X) and edge computing: A secure lifecycle for UAV-assisted vehicle network and offloading with blockchain. Drones 6 (12), 377 (2022).

Eyerman, J. et al. Unmanned Aircraft and the Human Element: Public Perceptions and First Responder Concerns; Institute of Homeland Security and Solutions (Citeseer, 2013).

Khan, Abdullah Ayub, Asif Ali Laghari, Zaffar Ahmed Shaikh, Zdzislawa Dacko-Pikiewicz, and Sebastian Kot. "Internet of Things (IoT) security with blockchain technology: a state-of-the-art review." IEEE Access (2022).

Rahman, M.F.B.A. Smart CCTVS for Secure Cities: Potentials and Challenges; Rajaratnam School of International Studies (RSIS): Singapore, 2017.

Kim, A.; Wampler, B.; Goppert, J.; Hwang, I.; Aldridge, H. Cyber Attack Vulnerabilities Analysis for Unmanned Aerial Vehicles. Aerospace Res. Cent. 2012, 2438.

Zeng, Y., Zhang, R. & Lim, T. J. Wireless communications with unmanned aerial vehicles: Opportunities and challenges. IEEE Commun. Mag. 54 , 36–42 (2016).

Soria, P. R., Bevec, R., Arrue, B. C., Ude, A. & Ollero, A. Extracting objects for aerial manipulation on UAVs using low-cost stereo sensors. Sensors 16 , 700 (2016).

Article ADS Google Scholar

Erdelj, M.; Natalizio, E. Drones, Smartphones and Sensors to Face Natural Disasters. In Proceedings of the 4th ACM Workshop on Micro Aerial Vehicle Networks, Systems, and Applications, Paris, France, 10–15 June 2018; pp. 75–86.

Son, Y.; Shin, H.; Kim, D.; Park, Y.; Noh, J.; Choi, K. Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors. In Proceedings of the 24th USENIX Security Symposium, Washington, DC, USA, 12–14 August 2015.

Zhi, Y., Fu, Z., Sun, X. & Yu, J. Security and privacy issues of UAV: A survey. Mob. Netw. Appl. 25 , 95–101 (2019).

Strohmeier, M., Schafer, M., Lenders, V. & Martinovic, I. Realities and challenges of nextgen air traffic management: The case of ADS-B. IEEE Commun. Mag. 52 , 111–118 (2014).

Hooper, M.; Tian, Y.; Zhou, R.; Cao, B.; Lauf, A.P.; Watkins, L.; Robinson, W.H.; Alexis, W. Securing commercial WiFi-based UAVs from common security attacks. In Proceedings of the MILCOM 2016–2016 IEEE Military Communications Conference, Baltimore, MD, USA, 1–3 November 2016; pp. 1213–1218.

Hartmann, K.; Giles, K. UAV exploitation: A new domain for cyber power. In Proceedings of the 2016 8th International Conference Cyber Conflict, Tallinn, Estonia, 31 May–3 June 2016; pp. 205–221.

Rivera, E.; Baykov, R.; Gu, G. A Study on Unmanned Vehicles and Cyber Security. In Proceedings of the Rivera 2014 ASO, Austin, TX, USA, 2014.

Junejo, I. N. & Foroosh, H. GPS coordinates estimation and camera calibration from solar shadows. Comput. Vis. Image Underst. 114 , 991–1003 (2010).

Shakhatreh, H. et al. Unmanned aerial vehicles (UAVs): A survey on civil applications and key research challenges. IEEE Access 7 , 48572–48634 (2019).

Cook, K.L.B. The Silent Force Multiplier: The History and Role of UAVs in Warfare. In Proceedings of the 2007 IEEE Aerospace Conference, Big Sky, MT, USA, 3–10 March 2007; pp. 1–7.

Siddiqi, M.A.; Khoso, A.M. Aziz, Analysis on Security Methods of Wireless Sensor Network (WSN). In Proceedings of the SJCMS 2018, Sukkur, Pakistan, 10 December 2018.

Kong, W. et al. A reliable and efficient task offloading strategy based on multi-feedback trust mechanism for IoT edge computing. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2022.3143572 (2022).

Pushpa, S. X. & Raja, S. K. Elliptic curve cryptography based authentication protocol enabled with optimized neural network based DoS mitigation. Wirel. Pers. Commun. 124 , 1–25 (2022).

Sengan, S., Khalaf, O. I., Sharma, D. K. & Hamad, A. A. Secured and privacy-based IDS for healthcare systems on E-medical data using machine learning approach. Int. J. Reliab. Qual. Healthc. (IJRQEH) 11 , 1–11 (2022).

Shaikh, Z. A., Khan, A. A., Teng, L., Wagan, A. A. & Laghari, A. A. BIoMT modular infrastructure: The recent challenges, issues, and limitations in blockchain hyperledger-Enabled E-healthcare application. Wirel. Commun. Mobile Comput. 2022 , 1–4 (2022).

Shaikh, Z. A. et al. Blockchain hyperledger with non-linear machine learning: A novel and secure educational accreditation registration and distributed ledger preservation architecture. Appl. Sci. 12 (5), 2534 (2022).

Article CAS Google Scholar

Aldaej, A., Ahanger, T. A., Atiquzzaman, M., Ullah, I. & Yousufudin, M. Smart cybersecurity framework for IoT-empowered drones: Machine learning perspective. Sensors 22 (7), 2630 (2022).

Qureshi, K. N., Rana, S. S., Ahmed, A. & Jeon, G. A novel and secure attacks detection framework for smart cities industrial internet of things. Sustain. Cities Soc. 61 , 102343 (2020).

Khan, A. A., Shaikh, A. A., Shaikh, Z. A. & Laghari, A. A. Karim S IPM-Model: AI and metaheuristic-enabled face recognition using image partial matching for multimedia forensics investigation with genetic algorithm. Multim. Tools Appl. https://doi.org/10.1007/s11042-022-12398-x (2022).

Muhammad, A. N. et al. Deep learning application in smart cities: Recent development, taxonomy, challenges and research prospects. Neural Comput. Appl. https://doi.org/10.1007/s00521-020-05151-8 (2020).

Bhattacharya, S., Somayaji, S. R. K., Gadekallu, T. R., Alazab, M. & Maddikunta, P. K. R. A review on deep learning for future smart cities. Internet Technol. Lett. https://doi.org/10.1002/itl2.187 (2020).

Elsaeidy, A. A., Jagannath, N., Sanchis, A. G., Jamalipour, A. & Munasinghe, K. S. Replay attack detection in smart cities using deep learning. IEEE Access 8 , 137825–137837 (2020).

Singh, S. K., Jeong, Y.-S. & Park, J. H. A deep learning-based IoT oriented infrastructure for secure smart city. Sustain. Cities Soc. 60 , 102252 (2020).

Chen, D., Wawrzynski, P. & Lv, Z. Cyber security in smart cities: A review of deep learning-based applications and case studies. Sustain. Cities Soc. 66 , 102655 (2020).

Vinayakumar, R. et al. A visualized botnet detection system based deep learning for the internet of things networks of smart cities. IEEE Trans. Ind. Appl. 56 (4), 4436–4456 (2020).

Ferrag, M. A., Maglaras, L., Moschoyiannis, S. & Janicke, H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J. Inform. Secur. Appl. 50 , 102419 (2020).

Magaia, N. et al. Industrial Internet of things security enhanced with deep learning approaches for smart cities. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.3042174 (2020).

Javed, A. R., Usman, M., Rehman, S. U., Khan, M. U. & Haghighi, M. S. Anomaly detection in automated vehicles using multistage attention-based convolutional neural network. IEEE Trans. Intell. Transp. Syst. 22 , 4291–300 (2020).

Afzal, S., Asim, M., Javed, A. R., Beg, M. O. & Baker, T. Urldeepdetect: A deep learning approach for detecting malicious urls using semantic vector models. J. Netw. Syst. Manag. 29 (3), 1–27 (2021).

Andresen, G., Appice, A., Di Mauro, N., Loglisci, C. & Malerba, D. Multi-channel deep feature learning for intrusion detection. IEEE Access 8 , 53346–53359 (2020).

Khan, A. A. et al. Healthcare ledger management: A blockchain and machine learning-enabled novel and secure architecture for medical industry. Hum.-Centric Comput. Inform. Sci. 12 , 55 (2022).

Manzoor, I. & Kumar, N. A feature-reduced intrusion detection system using ANN classifier. Expert Syst. Appl. 88 , 249–257 (2017).

Kou, L., Ding, S., Ting, Wu., Dong, W. & Yin, Y. An intrusion detection model for drone communication network in SDN environment. Drones 6 (11), 342 (2022).

Musafer, H., Abuzneid, A., Faezipour, M. & Mahmood, A. An enhanced design of sparse autoencoder for latent features extraction based on trigonometric simplexes for network intrusion detection systems. Electronics 9 , 259 (2020).

Ramadan, R. A., Emara, A.-H., Al-Sarem, M. & Elhamahmy, M. Internet of drones intrusion detection using deep learning. Electronics 10 (21), 2633 (2021).

Khan, A. A. et al. A drone-based data management and optimization using metaheuristic algorithms and blockchain smart contracts in a secure fog environment. Comput. Electr. Eng. 102 , 108234 (2022).

Yao, H., Fu, D., Zhang, P., Li, M. & Liu, Y. MSML: A novel multilevel semi-supervised machine learning framework for intrusion detection system. IEEE Internet Things J. 6 , 1949–1959 (2018).

Jia, Y., Wang, M. & Wang, Y. Network intrusion detection algorithm based on deep neural network. IET Inf. Secur. 13 , 48–53 (2019).

Download references

Acknowledgements

Princess Nourah bint Abdulrahman University Researchers Supporting Project Number (PNURSP2023R97), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia.

This research was supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project Number (PNURSP2023R97), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia.

Author information

Authors and affiliations.

Department of Computer Science, Sindh Madressutal Islam University, Karachi, Pakistan

Syeda Nazia Ashraf

National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, 11800, Gelugor, Penang, Malaysia

Selvakumar Manickam

Software Engineering Department, Sir Syed University of Engineering and Technology, Karachi, Pakistan

Syed Saood Zia

Department of Computer Science, Faculty of Engineering Science and Technology, İqra University, Karachi, Pakistan

Abdul Ahad Abro

Department of Computer Science, City University New York, New York, NY, 10036, USA

Muath Obaidat

College of Computing and Information Technology, University of Doha for Science and Technology, 24449, Doha, Qatar

Mueen Uddin

Department of Information Technology, College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, P.O. Box 84428, Riyadh, 11671, Saudi Arabia

Maha Abdelhaq

Department of Information Technology, College of Computing and Informatics, Saudi Electronic University, Riyadh, 93499, Saudi Arabia

Raed Alsaqour

You can also search for this author in PubMed Google Scholar

Contributions

Conceptualization, S.N.A., M.U. and S.M.; Methodology, S.S.Z.; Validation, M.U., S.M. and A.A.A.; Resources, M.A., R.A.; Writing original draft preparation, M.U., S.M.; writing—review and editing, S.N.A. and M.O.; Visualization, S.S.Z. and A.A.A.; Supervision, M.U.; "All authors have read and agreed to the published version of the manuscript."

Corresponding authors

Correspondence to Selvakumar Manickam or Mueen Uddin .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Ashraf, S.N., Manickam, S., Zia, S.S. et al. IoT empowered smart cybersecurity framework for intrusion detection in internet of drones. Sci Rep 13 , 18422 (2023). https://doi.org/10.1038/s41598-023-45065-8

Download citation

Received : 10 June 2023

Accepted : 15 October 2023

Published : 27 October 2023

DOI : https://doi.org/10.1038/s41598-023-45065-8

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

By submitting a comment you agree to abide by our Terms and Community Guidelines . If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.

Quick links

Explore articles by subject
Guide to authors
Editorial policies

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

Information

Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

Active Journals
Find a Journal
Proceedings Series
For Authors
For Reviewers
For Editors
For Librarians
For Publishers
For Societies
For Conference Organizers
Open Access Policy
Institutional Open Access Program
Special Issues Guidelines
Editorial Process
Research and Publication Ethics
Article Processing Charges
Testimonials
Preprints.org
SciProfiles
Encyclopedia

Article Menu

Subscribe SciFeed
Recommended Articles
Author Biographies
Google Scholar
on Google Scholar
Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Cybersecurity risk analysis in the iot: a systematic review.

1. Introduction

Identify various cybersecurity frameworks and approaches proposed for IoT cybersecurity risk analysis.
Identify the various types of attacks and challenges facing IoT devices.
Highlight the most important techniques that have been used in IoT risk detection.
Identify the new trends in IoT cybersecurity.
Identify the gap found in the literature review and recommend expected solutions.

2. Methodology

2.1. eligibility criterion, 2.2. information sources, 2.3. search strategy and selection process, 2.4. data analysis and synthesis, 2.5. findings, 3. literature review, 3.1. iot risk assessment.

Shortcomings in periodic assessment.
Changing system boundaries, yet limited systems knowledge.
The challenge of understanding the glue.
Failure to consider assets as an attack platform.

3.2. Attacks and Challenges

3.3. detection techniques.

CI-enabled cybersecurity architecture.
CI algorithms and tools.
CI-enabled data mining in cybersecurity.
Cognitive security with IoT devices.
Efficient CI algorithms in cybersecurity.
CI-enabled malware detection and classification.
General data protection regulation vs. CI.

3.4. Proposed Solutions

Devices based on the IoT showed vulnerability related to various attacks.
A robust security mechanism is recommended to improve cybersecurity for the IoT.
The suggested mechanism would preferably be based on mobile computing, which covers the software and hardware security.
New trends in this discipline indicate the importance of mobile computing in cybersecurity, which will be the focus of researchers.

3.5. Future Trends

Novel risk standards.
Specific novel assessment method for the novel risk standards.
Novel regulatory framework and standardization of IoT databases.
Novel risk vectors as defined in the form of International IoT Asset Classification and Key IoT Cyber Risk Factors.
Defining the concept of human factors for cybersecurity;
Proposing a methodology that can be used for different purposes.
Public administration is the top sector attacked.
The education sector had most data violation.
The industrial sector is the sector which will mostly develop based on IoT systems.

3.6. Physical Layer Security Solutions for IoT Devices

4. evaluation and analysis, 5. results and discussion, 5.1. most frequent attacks that iot is vulnerable to, 5.2. most important techniques that have been used in iot risk detection, 5.3. new trends in iot cybersecurity.

Integration of artificial intelligence (AI): artificial intelligence has emerged as a promising technique in addressing the challenges of IoT cybersecurity. Several studies [ 19 , 38 , 40 ] highlighted the role of AI, particularly machine learning algorithms, in detecting and mitigating cybersecurity threats in IoT environments. AI-based solutions offer the ability to analyze vast amounts of data from IoT devices, identify patterns, and proactively respond to potential attacks. Future research in this area should focus on refining AI algorithms, exploring ensemble learning approaches, and implementing real-time adaptive cybersecurity systems.
Blockchain technology for enhanced security: blockchain technology has gained significant attention for its potential to enhance the security and privacy of IoT devices and data [ 12 ]. By providing decentralized and tamper-resistant data storage and communication, blockchain can reduce the risk of data manipulation and unauthorized access. Research efforts should concentrate on optimizing blockchain solutions for IoT, addressing scalability issues and ensuring interoperability with existing IoT architectures.
Dynamic adaptive cybersecurity frameworks: as the IoT ecosystem evolves, static cybersecurity measures may become inadequate to defend against constantly evolving threats. Dynamic adaptive cybersecurity frameworks, as proposed by some studies [ 9 ], offer the ability to continuously assess and adjust security measures based on real-time threat intelligence. Future research should focus on developing intelligent and context-aware cybersecurity frameworks that can adapt to the changing IoT environment while minimizing the impact on system performance.
Privacy-preserving techniques: with increasing concerns over data privacy in IoT, several studies [ 6 , 11 , 37 ] emphasized the need for privacy-preserving techniques. These techniques aim to protect sensitive user data while still enabling meaningful data analysis for IoT applications. Future research should explore novel cryptographic protocols, privacy-enhancing technologies, and privacy-aware data sharing mechanisms to strike a balance between data privacy and utility.
Secure firmware and hardware design: the security of IoT devices heavily depends on the integrity of their firmware and hardware components [ 39 ]. Studies emphasized the importance of implementing secure development practices and utilizing hardware security modules to safeguard against physical attacks and firmware tampering. Future research should address the challenges of secure firmware updates, hardware-based attestation, and supply chain security.

5.4. Literature Review Gap

6. conclusions, author contributions, institutional review board statement, informed consent statement, data availability statement, acknowledgments, conflicts of interest.

Ullah, F.; Naeem, H.; Jabbar, S.; Khalid, S.; Latif, M.A.; Al-Turjman, F.; Mostarda, L. Cyber Security Threats Detection in Internet of Things Using Deep Learning Approach. IEEE Access 2019 , 7 , 124379–124389. [ Google Scholar ] [ CrossRef ]
Zahra, B.F.; Abdelhamid, B. Risk Analysis in Internet of Things Using EBIOS. In Proceedings of the 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Vegas, NV, USA, 9–11 January 2017; pp. 1–7. [ Google Scholar ]
Nurse, J.R.C.; Creese, S.; De Roure, D. Security Risk Assessment in Internet of Things Systems. IT Prof. 2017 , 19 , 20–26. [ Google Scholar ] [ CrossRef ]
Kuzlu, M.; Fair, C.; Guler, O. Role of Artificial Intelligence in the Internet of Things (IoT) cybersecurity. Discov. Internet Things 2021 , 1 , 7. [ Google Scholar ] [ CrossRef ]
Mahmoud, R.; Yousuf, T.; Aloul, F.; Zualkernan, I. Internet of Things (IoT) Security: Current Status, Challenges and Prospective Measures. In Proceedings of the 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 14–16 December 2015; pp. 336–341. [ Google Scholar ]
Tweneboah-Koduah, S.; Skouby, K.E.; Tadayoni, R. Cyber Security Threats to IoT Applications and Service Domains. Wirel. Pers. Commun. 2017 , 95 , 169–185. [ Google Scholar ] [ CrossRef ]
Gonzalez, L.; Ruggia, R. Policy-Based Compliance Control Within Inter-Organizational Service Integration Platforms. In Proceedings of the 2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA), Paris, France, 20–22 November 2018; pp. 202–209. [ Google Scholar ]
Moher, D.; Liberati, A.; Tetzlaff, J.; Altman, D.G. Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. Int. J. Surg. 2010 , 8 , 336–341. [ Google Scholar ] [ CrossRef ]
Boudko, S.; Abie, H. Adaptive Cybersecurity Framework for Healthcare Internet of Things. In Proceedings of the 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), Oslo, Norway, 8–10 May 2019; pp. 1–6. [ Google Scholar ]
Radanliev, P.; De Roure, D.; Maple, C.; Nurse, J.R.; Nicolescu, R.; Ani, U. Cyber Risk in IoT Systems. Univ. Oxford Comb. Work. Pap. Proj. Rep. Prep. PETRAS Natl. Cent. Excell. Cisco Res. Cent. 2019 , 169701 , 1–27. [ Google Scholar ] [ CrossRef ]
Zhao, S.; Li, S.; Qi, L.; Da Xu, L. Computational Intelligence Enabled Cybersecurity for the Internet of Things. IEEE Trans. Emerg. Top. Comput. Intell. 2020 , 4 , 666–674. [ Google Scholar ] [ CrossRef ]
Abdullah, A.; Hamad, R.; Abdulrahman, M.; Moala, H.; Elkhediri, S. CyberSecurity: A Review of Internet of Things (IoT) Security Issues, Challenges and Techniques. In Proceedings of the 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 1–3 May 2019; pp. 1–6. [ Google Scholar ]
Rizvi, S.; Kurtz, A.; Pfeffer, J.; Rizvi, M. Securing the Internet of Things (IoT): A Security Taxonomy for IoT. In Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy, New York, NY, USA, 31 July–3 August 2018; pp. 163–168. [ Google Scholar ]
Tawalbeh, L.; Muheidat, F.; Tawalbeh, M.; Quwaider, M. IoT Privacy and Security: Challenges and Solutions. Appl. Sci. 2020 , 10 , 4102. [ Google Scholar ] [ CrossRef ]
Abomhara, M.; Køien, G.M. Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks. J. Cyber Secur. Mobil. 2015 , 4 , 65–88. [ Google Scholar ] [ CrossRef ]
Islam, M.R.; Aktheruzzaman, K.M. An Analysis of Cybersecurity Attacks against Internet of Things and Security Solutions. J. Comput. Commun. 2020 , 8 , 11–25. [ Google Scholar ] [ CrossRef ]
Gurunath, R.; Agarwal, M.; Nandi, A.; Samanta, D. An Overview: Security Issue in IoT Network. In Proceedings of the 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 30–31 August 2018; pp. 104–107. [ Google Scholar ]
Atlam, H.F.; Wills, G.B. An efficient security risk estimation technique for Risk-based access control model for IoT. Internet Things 2019 , 6 , 100052. [ Google Scholar ] [ CrossRef ]
Strecker, S.; Van Haaften, W.; Dave, R. An Analysis of IoT Cyber Security Driven by Machine Learning. In Proceedings of the International Conference on Communication and Computational Technologies: ICCCT 2021 ; Springer: Singapore, 2021; pp. 725–753. [ Google Scholar ]
Andrade, R.O.; Yoo, S.G.; Tello-Oquendo, L.; Ortiz-Garces, I. A Comprehensive Study of the IoT Cybersecurity in Smart Cities. IEEE Access 2020 , 8 , 228922–228941. [ Google Scholar ] [ CrossRef ]
Furfaro, A.; Argento, L.; Parise, A.; Piccolo, A. Using virtual environments for the assessment of cybersecurity issues in IoT scenarios. Simul. Model. Pract. Theory 2017 , 73 , 43–54. [ Google Scholar ] [ CrossRef ]
Strielkina, A.; Illiashenko, O.; Zhydenko, M.; Uzun, D. Cybersecurity of Healthcare IoT-Based Systems: Regulation and Case-Oriented Assessment. In Proceedings of the 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), Ukraine, Kyiv, 24–27 May 2018; pp. 67–73. [ Google Scholar ]
Kulik, T.; Tran-Jorgensen, P.W.V.; Boudjadar, J.; Schultz, C. A Framework for Threat-Driven Cyber Security Verification of IoT Systems. In Proceedings of the 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), Västerås, Sweden, 9–13 April 2018; pp. 89–97. [ Google Scholar ]
Liao, B.; Ali, Y.; Nazir, S.; He, L.; Khan, H.U. Security Analysis of IoT Devices by Using Mobile Computing: A Systematic Literature Review. IEEE Access 2020 , 8 , 120331–120350. [ Google Scholar ] [ CrossRef ]
Radanliev, P.; De Roure, C.; Cannady, S.; Montalvo, R.M.; Nicolescu, R.; Huth, M. Economic impact of IoT cyber risk-analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance. In Living in the Internet of Things: Cybersecurity of the IoT ; Institution of Engineering and Technology: London, UK, 2018. [ Google Scholar ] [ CrossRef ]
Li, S.; Bi, F.; Chen, W.; Miao, X.; Liu, J.; Tang, C. An Improved Information Security Risk Assessments Method for Cyber-Physical-Social Computing and Networking. IEEE Access 2018 , 6 , 10311–10319. [ Google Scholar ] [ CrossRef ]
Ryoo, J.; Tjoa, S.; Ryoo, H. An IoT Risk Analysis Approach for Smart Homes (Work-in-Progress). In Proceedings of the 2018 International Conference on Software Security and Assurance (ICSSA), Seoul, Republic of Korea, 26–27 July 2018; pp. 49–52. [ Google Scholar ]
Augusto-Gonzalez, J.; Collen, A.; Evangelatos, S.; Anagnostopoulos, M.; Spathoulas, G.; Giannoutakis, K.M.; Votis, K.; Tzovaras, D.; Genge, B.; Gelenbe, E.; et al. From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes. In Proceedings of the 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Limassol, Cyprus, 11–13 September 2019; pp. 1–6. [ Google Scholar ]
Radanliev, P.; De Roure, D.; Nurse, J.R.C.; Nicolescu, R.; Huth, M.; Cannady, S.; Montalvo, R.M. Integration of Cyber Security Frameworks, Models and Approaches for Building Design Principles for the Internet-of-Things in Industry 4.0. In Living in the Internet of Things: Cybersecurity of the IoT ; Institution of Engineering and Technology: London, UK, 2018. [ Google Scholar ]
Wurm, J.; Hoang, K.; Arias, O.; Sadeghi, A.-R.; Jin, Y. Security Analysis on Consumer and Industrial IoT Devices. In Proceedings of the 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), Macao, China, 25–28 January 2016; pp. 519–524. [ Google Scholar ]
Radanliev, P.; De Roure, D.C.; Nicolescu, R.; Huth, M.; Montalvo, R.M.; Cannady, S.; Burnap, P. Future developments in cyber risk assessment for the internet of things. Comput. Ind. 2018 , 102 , 14–22. [ Google Scholar ] [ CrossRef ]
Mozzaquatro, B.A.; Agostinho, C.; Goncalves, D.; Martins, J.; Jardim-Goncalves, R. An Ontology-Based Cybersecurity Framework for the Internet of Things. Sensors 2018 , 18 , 3053. [ Google Scholar ] [ CrossRef ]
Ali, B.; Awad, A.I. Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes. Sensors 2018 , 18 , 817. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Nieto, A.; Rios, R. Cybersecurity profiles based on human-centric IoT devices. Hum.-Centric Comput. Inf. Sci. 2019 , 9 , 39. [ Google Scholar ] [ CrossRef ]
Radanliev, P.; De Roure, D.C.; Nurse, J.R.C.; Mantilla Montalvo, R.; Cannady, S.; Santos, O.; Maddox, L.T.; Burnap, P.; Maple, C. Cyber Risk Impact Assessment-Assessing the Risk from the IoT to the Digital Economy. SN Appl. Sci. 2020 , 2 , 1–12. [ Google Scholar ] [ CrossRef ]
Boeckl, K.; Fagan, M.; Fisher, W.; Lefkovitz, N.; Megas, K.N.; Nadeau, E.; O’Rourke, D.G.; Piccarreta, B.; Scarfone, K. Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks ; US Department of Commerce, National Institute of Standards and Technology: Gaithersburg, MD, USA, 2019.
Lee, I. Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management. Future Internet 2020 , 12 , 157. [ Google Scholar ] [ CrossRef ]
Djenna, A.; Harous, S.; Saidouni, D.E. Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure. Appl. Sci. 2021 , 11 , 4580. [ Google Scholar ] [ CrossRef ]
Echeverría, A.; Cevallos, C.; Ortiz-Garces, I.; Andrade, R.O. Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation. Appl. Sci. 2021 , 11 , 3260. [ Google Scholar ] [ CrossRef ]
Scarfò, A. The Cyber Security Challenges in the IoT Era. In Security and Resilience in Intelligent Data-Centric Systems and Communication Networks ; Elsevier: Amsterdam, The Netherlands, 2018; pp. 53–76. [ Google Scholar ]
Almomani, O.; Almaiah, M.A.; Alsaaidah, A.; Smadi, S.; Mohammad, A.H.; Althunibat, A. Machine learning classifiers for network intrusion detection system: Comparative study. In Proceedings of the 2021 International Conference on Information Technology (ICIT), Amman, Jordan, 14–15 July 2021; pp. 440–445. [ Google Scholar ]
Wahab, A.; Ahmad, O.; Muhammad, M.; Ali, M. A Comprehensive Analysis on the Security Threats and their Countermeasures of IoT. Int. J. Adv. Comput. Sci. Appl. 2017 , 8 , 489–501. [ Google Scholar ] [ CrossRef ]
Lin, Z.; Lin, M.; Champagne, B.; Zhu, W.-P.; Al-Dhahir, N. Secrecy-Energy Efficient Hybrid Beamforming for Satellite-Terrestrial Integrated Networks. IEEE Trans. Commun. 2021 , 69 , 6345–6360. [ Google Scholar ] [ CrossRef ]
Lin, Z.; An, K.; Niu, H.; Hu, Y.; Chatzinotas, S.; Zheng, G.; Wang, J. SLNR-based Secure Energy Efficient Beamforming in Multibeam Satellite Systems. IEEE Trans. Aerosp. Electron. Syst. 2022 , 59 , 2085–2088. [ Google Scholar ] [ CrossRef ]
Lin, Z.; Lin, M.; de Cola, T.; Wang, J.-B.; Zhu, W.-P.; Cheng, J. Supporting IoT With Rate-Splitting Multiple Access in Satellite and Aerial-Integrated Networks. IEEE Internet Things J. 2021 , 8 , 11123–11134. [ Google Scholar ] [ CrossRef ]
Almaiah, M.A.; Ali, A.; Hajjej, F.; Pasha, M.F.; Alohali, M.A. A Lightweight Hybrid Deep Learning Privacy Preserving Model for FC-Based Industrial Internet of Medical Things. Sensors 2022 , 22 , 2112. [ Google Scholar ] [ CrossRef ]
Al Nafea, R.; Almaiah, M.A. Cyber security threats in cloud: Literature review. In Proceedings of the 2021 International Conference on Information Technology (ICIT), Amman, Jordan, 14–15 July 2021; pp. 779–786. [ Google Scholar ]
Bubukayr, M.A.; Almaiah, M.A. Cybersecurity concerns in smart-phones and applications: A survey. In Proceedings of the 2021 international conference on information technology (ICIT), Amman, Jordan, 14–15 July 2021; pp. 725–731. [ Google Scholar ]
Alamer, M.; Almaiah, M.A. Cybersecurity in Smart City: A systematic mapping study. In Proceedings of the 2021 International Conference on Information Technology (ICIT), Amman, Jordan, 14–15 July 2021; pp. 719–724. [ Google Scholar ]
Lutfi, A.; Alrawad, M.; Alsyouf, A.; Almaiah, M.A.; Al-Khasawneh, A.; Al-Khasawneh, A.L.; Alshira’H, A.F.; Alshirah, M.H.; Saad, M.; Ibrahim, N. Drivers and impact of big data analytic adoption in the retail industry: A quantitative investigation applying structural equation modeling. J. Retail. Consum. Serv. 2023 , 70 , 103129. [ Google Scholar ] [ CrossRef ]
Ali, A.; Almaiah, M.A.; Hajjej, F.; Pasha, M.F.; Fang, O.H.; Khan, R.; Teo, J.; Zakarya, M. An industrial IoT-based blockchain-enabled secure searchable encryption approach for healthcare systems using neural network. Sensors 2022 , 22 , 572. [ Google Scholar ] [ CrossRef ]
Cao, H.; Du, J.; Zhao, H.; Luo, D.X.; Kumar, N.; Yang, L.; Yu, F.R. Toward Tailored Resource Allocation of Slices in 6G Networks With Softwarization and Virtualization. IEEE Internet Things J. 2022 , 9 , 6623–6637. [ Google Scholar ] [ CrossRef ]
Alrawad, M.; Lutfi, A.; Alyatama, S.; Al Khattab, A.; Alsoboa, S.S.; Almaiah, M.A.; Ramadan, M.H.; Arafa, H.M.; Ahmed, N.A.; Alsyouf, A.; et al. Assessing customers perception of online shopping risks: A structural equation modeling–based multigroup analysis. J. Retail. Consum. Serv. 2023 , 71 , 103188. [ Google Scholar ] [ CrossRef ]
Almaiah, M.A.; Hajjej, F.; Ali, A.; Pasha, M.F.; Almomani, O. A Novel Hybrid Trustworthy Decentralized Authentication and Data Preservation Model for Digital Healthcare IoT Based CPS. Sensors 2022 , 22 , 1448. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Siam, A.I.; Almaiah, M.A.; Al-Zahrani, A.; Elazm, A.A.; El Banby, G.M.; El-Shafai, W.; El-Samie, F.E.A.; El-Bahnasawy, N.A. Secure Health Monitoring Communication Systems Based on IoT and Cloud Computing for Medical Emergency Applications. Comput. Intell. Neurosci. 2021 , 2021 , 8016525. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Almaiah, M.A.; Al-Zahrani, A.; Almomani, O.; Alhwaitat, A.K. Classification of cyber security threats on mobile devices and applications. In Artificial Intelligence and Blockchain for Future Cybersecurity Applications ; Springer International Publishing: Cham, Switzerland, 2021; pp. 107–123. [ Google Scholar ]
Almaiah, M.A. A new scheme for detecting malicious attacks in wireless sensor networks based on blockchain technology. In Artificial Intelligence and Blockchain for Future Cybersecurity Applications ; Springer International Publishing: Cham, Switzerland, 2021; pp. 217–234. [ Google Scholar ]

Click here to enlarge figure

References	Attacks/Challenges	Proposed Framework/Approaches
[ ]	Software piracy and malware attacks Challenges: economic and reputational damages
[ ]	Confidentiality concerns and data exploitation	Risk analysis based on EBIOS methodology.
[ ]	Organization’s assets attacks	A form of runtime, near-real-time risk assessment support.
[ ]	Controlling traffic light attacks against smart vehicles Collapsing the power grid Surveillance cameras Water supply (chemical levels) Power outage Smart cities lose control of their systems as a result of the attacks	An evaluation model to assess the cybersecurity (level of maturity) of IoT solutions used in a smart city.
[ ]	Eavesdropping attack Identity faking attack Disclosure of sensitive data	A proposed framework for the security verification of distributed industrial control systems. The framework is based on modeling industrial IoT infrastructures. Patterns made by the attacks and mitigation techniques to stop the attacks. Using an alloy analyzer to prove mitigation techniques.
[ ]	Healthcare services attacks including physical attacks and data loss	The dynamic adaptive cybersecurity framework.
[ ]	Context privacy leakage Staff lack of operation and abuse of power Lack of user awareness of protection Privacy cognition	The algorithm Improved Cuckoo Search (ICS) for a back-propagation neural network (BPNN) to enhance the accuracy and stability.
[ ]	Profiling attacks Privacy violating Lifecycle transitions Inventory attack It shows the impact on the physical world	A smartphone application that allows users to monitor the household devices that use the IoT in a quick process, while also checking the state of the security of these devices instantly.
[ ]	IoT systems’ vulnerability Malware detection Data security concerns Personal and public physical safety risk issues	Privacy-preserving data techniques and a 5G IoT environment, in addition to computational intelligence cyber defenses.
[ ]	Cybercrimes Impact on the global economy	Blockchain technology.
[ ]	Healthcare services and cybersecurity challenges	Normative hierarchical model of the international cybersecurity standards.
[ ]	Cybersecurity issues in smart homes: Physical attack Network attack Software attack Impact on safeguarding homes	GHOST, Safe-Guarding Home IoT Environments with Personalized Real-Time Risk Control security framework.

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

AlSalem, T.S.; Almaiah, M.A.; Lutfi, A. Cybersecurity Risk Analysis in the IoT: A Systematic Review. Electronics 2023 , 12 , 3958. https://doi.org/10.3390/electronics12183958

AlSalem TS, Almaiah MA, Lutfi A. Cybersecurity Risk Analysis in the IoT: A Systematic Review. Electronics . 2023; 12(18):3958. https://doi.org/10.3390/electronics12183958

AlSalem, Thanaa Saad, Mohammed Amin Almaiah, and Abdalwali Lutfi. 2023. "Cybersecurity Risk Analysis in the IoT: A Systematic Review" Electronics 12, no. 18: 3958. https://doi.org/10.3390/electronics12183958

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

Advances, Systems and Applications

Open access
Published: 29 September 2023

Next-generation cyber attack prediction for IoT systems: leveraging multi-class SVM and optimized CHAID decision tree

Surjeet Dalal 1 ,
Umesh Kumar Lilhore 2 ,
Neetu Faujdar 3 ,
Sarita Simaiya 2 ,
Manel Ayadi 4 ,
Nouf A. Almujally 4 &
Amel Ksibi 4

Journal of Cloud Computing volume 12 , Article number: 137 ( 2023 ) Cite this article

2643 Accesses

6 Citations

Metrics details

A Correction to this article was published on 12 October 2023

This article has been updated

Billions of gadgets are already online, making the IoT an essential aspect of daily life. However, the interconnected nature of IoT devices also leaves them open to cyber threats. The quantity and sophistication of cyber assaults aimed against Internet of Things (IoT) systems have skyrocketed in recent years. This paper proposes a next-generation cyber attack prediction framework for IoT systems. The framework uses the multi-class support vector machine (SVM) and the improved CHAID decision tree machine learning methods. IoT traffic is classified using a multi-class support vector machine to identify various types of attacks. The SVM model is then optimized with the help of the CHAID decision tree, which prioritizes the attributes most relevant to the categorization of attacks. The proposed framework was evaluated on a real-world dataset of IoT traffic. The findings demonstrate the framework's ability to categorize attacks accurately. The framework may determine which attributes are most crucial for attack categorization to enhance the SVM model's precision. The proposed technique focuses on network traffic characteristics that can be signs of cybersecurity threats on IoT networks and affected Network nodes. Selected feature vectors were also created utilizing the elements acquired on every IoT console. The evaluation results on the Multistep Cyber-Attack Dataset (MSCAD) show that the proposed CHAID decision tree can significantly predict the multi-stage cyber attack with 99.72% accuracy. Such accurate prediction is essential in managing cyber attacks in real-time communication. Because of its efficiency and scalability, the model may be used to forecast cyber attacks in real time, even in massive IoT installations. Because of its computing efficiency, it can make accurate predictions rapidly, allowing for prompt detection and action. By locating possible entry points for attacks and mitigating them, the framework helps strengthen the safety of IoT systems.

Introduction

The term "Internet of Things" refers to a broad category of technology solutions and meaningful objects that interact with one another online, in addition to the big data that all objects produce. Automation, intellectual equipment in home automation, and essential infrastructure are all examples of IoT device equipment with various uses and complexity. IoT devices were created to improve safety and convenience among many facets of a person's life. In addition to greater comfort, the IoT introduces new cybersecurity-related issues and difficulties. The characteristics of a setting affect the security problems underlying the IoT infrastructure. An IoT framework is a potential IoT ecosystem component consisting of collections of advanced technologies with the same or equivalent technical specifications. If a specific device is vulnerable, such homogeneity magnifies the consequence.

A multi-stage cyber-attack is precisely what its name suggests: A cyber-attack that takes place in steps instead of an instantaneous attack. When a resource's integrity, confidentiality, or availability is compromised by an incursion [ 1 ], it is considered an intrusion. Intrusion detection systems are the first line of defence in crucial IoT networks. Anomalies in network traffic or signatures help them identify known threats. Security alarms are growing at an exponential rate as network traffic increases. However, sophisticated attacks elude IoT security systems by carrying out each attack step individually and dividing the attack into many consequential segments. As a result, modern cyberattacks are becoming more accurate, distributed and large-scale. Undetected cyberattacks can have devastating consequences. To secure vital resources now or in the future, a description and projection of the attack and documentation of the attacker's behaviour are helpful.

Similarly, a multi-stage cyber attack on an organization may include using a rogue employee who first recons for weaknesses in the network defences and might use his position within the organization to drop a malware payload that is activated at a reasonable time. The utilization of risky web servers, like telnet servers and File Transfer Protocols (FTP) servers, along with security flaws in devices and access control lists, are critical problems. Security flaws with policies and procedures employed by the communications infrastructure are also an issue. Even highly specialized vulnerable IoT equipment with resource constraints can be leveraged to track and collect information on the IoT to utilize crucially. As a result, the entire IoT infrastructure may be severely harmed by flaws in the protocols used by the IoT application. Depending on the ecosystems the vulnerable connected systems perform in, such effects' amid the challenges vary.

A supervised learning framework with a better classification performance than numerous different classification algorithms, but its application is restricted due to the extended training times required for massive data sets. Various feature selection methods are combined with SVM to acquire reduced dimensional statistics. A classification model needs minimal training time as just an outcome. An ideal set of characteristics is chosen using feature selection before constructing a model. A particular feature selection algorithm is used in the feature selection phase to assess the ranking of each possible characteristic, and the finest "k" characteristics are then determined. This process involves creating a ranked list of features from which a subset of factors can be chosen using various specific requirements. One of the most prevalent statistical methods is the CHAID, which forecasts imbalance from the predicted allocation if the feature occurrence is not highly dependent upon that categorical variable.

The performance of Smart IoT devices can be altered mainly by device manufacturing companies even without the customer's consent by changing the device's custom firmware, a significant IoT cyber threat hazard. It adds new security vulnerabilities that could enable the IoT device to accomplish unpleasant activities on the client device, like secretly capturing confidential user information and even inadequately altering capabilities.

This work proposes an IoT cybersecurity threat detection model that utilizes a multi-class SVM algorithm and CHAID feature screening for high precision, lower false positives, and optimistic factors. The proposed model optimizes a kernel parameter by calculating the variance for each attribute feature and determining the highest attribute variance. A high conflict will lead to a better kernel parameter if the kernel and variance are inversely related. This method is known as the variance optimization technique. The critical contribution of this research mainly includes:

The primary goals of the research were to investigate the potential for multi-stage cyber threat detection in IoT devices using load flow and a more in-depth network monitoring that considers IoT security protocol characteristics.

This research developed a model for early and automatic recognition of cyber security threats for IoT infrastructure based on the CHAID method, which creates locate and new secure paths.

This research attempts to improve cyber attack detection effectiveness through an SVM ML algorithm.

The proposed technique focuses on network activity characteristics that can be signs of cybercrime in the network ecosystem and vulnerable Smart systems.

The complete article is organized as follows: Related work section covers the related work in the field of IoT cyber security attack detection, Materials and methods section covers the materials and methods, Results and discussion section covers the results and analysis, including experimental details and performance metrics, and Conclusion section covers the conclusion and future scope of the IoT cyber security research.

Related work

Fundamentally, circumstances would gain from a method and language for exhibiting IoT cyber security threads [ 2 ] in the direction of robotized location and recognizability of proof of multistep digital assault. IoT architecture is an example of attack designs familiar with reusing nonexclusive modules in the assault. A prototype implementation of a scenario acknowledgement motor using Categorical Abstract Machine Language (CAML) was developed, which gradually consumed first-level security warnings and generated reports that differentiate multistep attack situations in the alarm stream.

Protecting IoT devices from top to bottom is described in [ 3 ], contributing to a greater capacity for mission-driven digital situational awareness. Therefore, the IoT cauldron plotted out all potential network vulnerabilities by linking, summarizing, standardizing, and interweaving data from diverse sources. It allowed for a more nuanced understanding of potential attack vectors, leading to mitigation suggestions. A flexible demonstration supported a multi-stage analysis of firewall rules and host-to-have vulnerabilities, including attack routes within the organization from the outside. They portrayed a prepared relationship because of Caldron assault charts and analyzed the impact of attacks on missions.

In [ 4 ], the authors examine a cyber security threat detection model for IoT devices based on a Hidden Markov Model (HMM). IoT devices relied on information mining to deal with warnings and generate input for the HMM. Given our acquired knowledge, their architecture could continuously stream Snort warnings and anticipate disruptions. With enough data, our approach might infer patterns in the multi-stage attack and rank aggressors accordingly. This allows our system to accurately predict attackers' behaviour and assess the relative danger of different groups of attackers.

In [ 5 ], the authors present a multistep signature language model for IoT device communication that can aid in attacking predetermined sites based on standardized log events collected from various applications and devices. In addition, the wordy language helps us integrate our understanding of external threats and reference up-to-date warning signs. Using this technology, they'd be able to manufacture generic sleep-boosting markings. Using this vocabulary, they could tell between various login animal power initiatives across multiple apps using a single, generic pattern. The researchers presented a review of previous research and a rigorous examination of several machine learning methods [ 6 ]. The paper also includes statistical data to compare the method recognition effectiveness of suspicious activities in IoT network systems. According to research observations, the random forest method generates the most detailed findings for the feature sets.

A cyber security model with an Intrusion Detection System (IDS) is discussed in IoT architecture, which utilizes alarms relating to unusual traffic to connect IoT devices. Because there are many possible permutations of attack time, risk assessment, and attack hub data in the IoT, this study presented a method to mimic multistep assault circumstances within the company. The results of the trials proved that the suggested technique could accurately reproduce multistep assault situations and trace them back to the original host. It might help senior leaders better express safety actions to employees, helping to make the workplace safer for everyone. The IoT network's attack recognition strategy is discussed in [ 7 ]. Its foundation is the application of advanced systems. A sequence of network architectures is used to create IoT solutions. The method uses the information gain, random forest classifier, correlation analysis, and feature global ranking to decrease the number of features. The additional investigation is based on three feature sets coupled using the suggested method to generate an optimized part and functionality.

Research [ 8 ] presents a method for IoT threat detection that relies on cloud technology software-defined networks (SDN). It uses a decentralized multiple SDN to prevent attacks within low-power wireless IoT equipment. The predetermined neighbourhood DNS server of the designated sector was used to carry out network activity dominion for each network interface field. The central component of the strategy is a unique regulator installed in a cloud infrastructure and linked to a base station.

According to research [ 9 ], Evaluation of cyber attack detection using a holistic strategy proposed to address the challenge of pinpointing novel, nuanced threats and the best ways to neutralize them. Particularly illustrative of this issue are zero-day attacks and multistep assaults, which consist of several steps, some malevolent and others not. To identify the multi-stage assault scenario, they present a substantially Boosted Neural Network in this study. The outcomes of running many machine learning methods were displayed, and a greatly enhanced neural network was shown.

Research [ 10 ] presents the IoT network's cyber threat detection strategy. It is founded on the application of advanced techniques. The created expert system uses an assortment of network architectures to function. The method uses the correlation matrix, random forest method, and information gain to score the features to decrease the number of features. Three different feature sets are used as the basis for the exploratory studies, which aim to create an optimized feature set by combining them with the suggested algorithm. The researchers utilized random forest, XG-Boost and K-nearest neighbour, ML algorithms to analyze the data.

Research [ 11 ] suggests a novel and effective encryption method for foreseeing cyber attacks on cyber-physical systems to counteract these dangers. The recommended approach uses Bayesian optimization strategies to hone the values of the hyper-parameters in the LightGBM algorithm. The University of Nevada has used the suggested technique on its intrusion detection dataset (UNR-IDD). The authors have tried out the proposed method in Reno. Accuracy of 0.9918, precision of 0.9922, and recall of 0.9922 were all attained in the suggested way. The technique improves the cyber-physical system's security, as our empirical assessment shows that it boosts accuracy and AUC value. As a result, the proposed approach may provide reliable guarantees for the protection of user data. Table 1 presents a comparative analysis of the proposed model and existing IoT-based cyber security threat detection methods.

Materials and methods

There are the following attack scenarios in the prescribed dataset below

1 st attack scenario

The attacker's goal here is to crack any password on any host in the target network via a brute force attack. The attack may be broken down into three distinct phases the attacker uses. All of the ports were scanned at once [ 21 ]. Hypertext Transfer Protocol (HTTP) rack Website Copier was used as a backup method to save a copy of web pages for use outside of the cloud-based service. A total of 470 guesses were made, and a script employing brute force was eventually executed with favourable results. Figure 1 depicts the occurrence of the attacks.

Frequencies of attacks

2 nd attack scenario

Scenario B utilizes HTTP Slowloris Distributed Denial of Service (DDoS) to launch the initial DDoS attack on the APP [ 22 ]. They finally began their volumetric distributed denial of service attack using the Radware tool. Figure 2 depicts the conditions box plats of the attacks.

Conditional Box Plot of attacks

Three hosts (192.168.159.131, 192.168.159.14, and 192.168.159.16) were compromised after an hour of the volume-based DDoS attack. With the help of a heatmap, the author represented the nature of attacks described in Fig. 3 .

Heat map of attacks

Development stages

Here are the steps that were taken to create a framework for predicting cyber attacks using multi-class support vector machines and the CHAID decision tree:

Problem definition: The first step in developing a framework is pinpointing the issue. The issue is foreseeing cyber assaults on the Internet of Things (IoT) infrastructure.

Data collection: The second step is to amass information for the framework's training and assessment processes. For the framework to accurately anticipate future cyber attacks, the data must indicate such attacks in the actual world.

Data preprocessing: The third step is to prepare any necessary data before using it for training or testing purposes. As part of this process, eliminating anomalies may be required, standardizing the data, and filling in any gaps.

Feature selection: The fourth step is to choose the characteristics for training and evaluate the framework. The correctness of the framework depends heavily on the factors selected. Therefore, this is an essential stage.

Model training: The fifth step is to train the framework using the features chosen in the previous step. Several machine learning techniques may do this, including multi-class SVM and CHAID decision tree.

Model evaluation: The sixth step is to analyze the test set and determine how well the framework works. This is useful in evaluating the framework's ability to handle data it has never seen before.

Deployment: Putting the framework into production is the seventh step. The framework might be accessible as a web service or used with existing security solutions.

It is a continuous phase to improve the multi-class support vector machine (SVM) and CHAID decision tree cyber attack prediction system. The accuracy and performance of the proposed model may be tweaked using new data and updated machine learning algorithms.

Decision tree

Regarding classification, decision trees are the most common supervised learning algorithm with a predetermined target variable. It is an input and output variable for categorical and continuous data [ 23 , 24 , 25 , 26 , 27 ]. If the most significant splitter/differentiator in input variables is identified, the population or sample has been divided into two or more homogenous groups (or subpopulations). Multiple algorithms are used to determine whether or not to split a node into two or more sub-nodes in a decision tree. Sub-nodes are more homogeneous when they are created [ 28 , 29 , 30 , 31 , 32 ].

Using another way, the node's purity improves as the target variable rises. Nodes in a decision tree are divided into sub-nodes based on all of the relevant factors, and then the most homogenous sub-nodes are selected as the final sub-nodes. The variable target type is also considered while choosing an algorithm.

Optimized CHAID decision tree

The Optimized CHAID Decision Tree-based Model is a variant of the traditional CHAID decision tree algorithm that incorporates optimization techniques to improve its performance and effectiveness [ 33 ]. CHAID is a popular decision tree algorithm for classification and regression tasks, particularly when dealing with categorical variables.

The optimization of the CHAID decision tree involves several key steps:

Feature Selection: The optimization process includes identifying and selecting the most relevant features for building the decision tree. This helps to reduce dimensionality, improve interpretability, and enhance the model's overall performance.

Splitting Criterion: The optimization determines the most suitable splitting criterion for the decision tree nodes. The splitting standard measures the association between the predictor variables and the target variable, allowing for the creation of informative and predictive splits.

Stopping Criteria: The optimization considers the appropriate stopping criteria for tree growth. This prevents overfitting and ensures that the decision tree does not become too complex, leading to poor generalization and performance on unseen data.

Pruning: Pruning techniques are applied to the decision tree to eliminate unnecessary branches and nodes that do not contribute significantly to its predictive power. This simplifies the tree structure, improves interpretability, and helps prevent overfitting.

By optimizing the CHAID decision tree, the model can effectively handle complex datasets, identify important features, and provide accurate predictions. The optimization process enhances the interpretability of the decision tree and improves its generalization capabilities [ 34 , 35 , 36 , 37 , 38 , 39 , 40 , 41 ].

The Optimized CHAID Decision Tree-based Model finds applications in various domains, including healthcare, finance, marketing, and cybersecurity. It is particularly useful when dealing with categorical or mixed-type data, making it suitable for scenarios where traditional decision tree algorithms may not be as effective [ 42 ]. The optimized CHAID Decision Tree-based Model offers an advanced and refined approach to decision tree modelling, providing enhanced performance and interpretability for various applications. Algorithm 1 shows the CHAID algorithm steps below.

Algorithm 1: The CHAID algorithm

As a result of using this technique, it is incredibly efficient at searching through enormous datasets [ 43 ]. Still, it is not guaranteed to offer the best splitting forecast at any given time. Algorithm 2 shows the CHAID decision tree construction method. It performs multi-level splits when computing classification trees.

Algorithm 2: CHAID decision tree algorithm

The integration of the Support Vector Machine (SVM) and CHAID (Chi-squared Automatic Interaction Detection) model involves combining the predictions of both models to leverage their respective strengths and improve overall prediction performance [ 34 , 36 , 37 , 38 ]. The integration is typically achieved through an ensemble approach, where the predictions of the individual models are combined using various techniques. Here's a general outline of how SVM and CHAID can be integrated:

Train Individual Models: The SVM and CHAID models are trained individually on the same dataset. SVM is a powerful machine learning algorithm for classification tasks, while CHAID is a decision tree-based method for categorical data analysis. Each model learns from the dataset and creates its decision boundaries or rules to make predictions.

Obtain Model Predictions: The individual SVM and CHAID models predict the same test data or new instances after training. The predictions are typically in the form of class labels or probabilities.

Combine Predictions: The predictions from SVM and CHAID can be combined using various ensemble techniques. Some common methods include:

Majority Voting: In majority voting, the final prediction is determined by selecting the class label that receives the most votes from SVM and CHAID. For example, if SVM predicts Class A, CHAID predicts Class B, and another SVM indicates Class A, the majority vote would favour Class A.

Weighted Averaging: In weighted averaging, each model's prediction is given a weight, and the final prediction is obtained by calculating the weighted average of the individual model predictions. The consequences can be determined based on the personal model's performance or other criteria.

Stacking: Stacking is a more sophisticated ensemble method where the predictions of the individual models are used as input to a meta-model, which learns to combine the predictions optimally.

Final Prediction and Performance Evaluation: The final integrated prediction is obtained once the predictions are combined. This integrated prediction is then evaluated using standard metrics such as accuracy, precision, recall, F1 score, and area under the ROC curve to assess its performance.

Tuning and Optimization: Researchers may further fine-tune the integration process by adjusting hyperparameters or weights to optimize the ensemble's performance on the specific task.

The integration of SVM and CHAID can be particularly useful when complementing each other's strengths [ 43 , 44 , 45 , 46 , 47 ]. For example, SVM handles high-dimensional data and complex decision boundaries effectively, while CHAID provides interpretable and transparent decision rules. By combining the two models, researchers can potentially achieve better overall predictive performance while retaining interpretability in certain scenarios.

Multi-class SVM model

When the labels are chosen from a finite volume set, the issue of labelling records is resolved by SVM. Multi-class learning characterizes the whole method [ 39 , 40 , 41 , 42 ]. Many multi-class learning methods are developed using different classifiers for fundamental binary problems. Numerous multi-class training classifiers have been used, including decision trees, Ada-Boost, and SVM. Among the most popular methods for solving the multi-class issue is the SVM, which divides a single problem into numerous binary sub-problems.

To create a collection of binary classification problems (B1, B2,…, Bn) for 1 to s class set for each classification model that received training to distinguish itself from the other classifiers. Merging them following the optimum outcome before using the sgn feature will yield a multi-class classification concept. Sgk(y) is the distance towards the hyperplane from a point y, which can be calculated as (1).

Proposed model

The proposed model is based on an Optimized CHAID Decision Tree and multi-class SVM fusion for cyber threat detection in IoT infrastructure. Figure 4 shows the working of the proposed model.

The working of the proposed model

The first data preprocessing step involves normalization, accompanied by chi-square-based extracted features. The proposed model includes two phases: Initially, low-rank matrix features have been eliminated, and the best possible subset of all characteristics using chi square-based feature extraction. Finding the highest-priority features essential for the classifier largely depends mostly on ranking features. The statistics are separated into training, validation, and testing set during the second phase. The optimized kernel attribute is obtained using the tenfold cross-validation.

Algorithm 3: The proposed Model

Results and discussion

The proposed model and existing model Contextual information, Cyber Security Game (CSG), multistep attack alert correlation system Systematic and coherent approach were implemented and tested to detect IoT cyber security attacks.

Experimental setup

The proposed model has been run on any computer with a minimum of 2 GB of RAM and 1 GHz processor. The framework requires the following software:

Python 3.6 or higher

Scikit-learn

There are the following parameters to be used in performance evaluation as below:

Precision: Precision pre can be formulated as described in Eq. ( 6 ).

Recall: A recall, Rec, can be formulated as described in Eq. ( 7 ).

F-Measure: An f-measure FMe can be formulated as described in Eq. ( 8 ).

Accuracy: Accuracy Acc can be formulated in Eq. ( 9 ).

Most importantly, regarding ML models, the CHAID model performed better than SVM in experiments.TCP, UDP, HTTP GET, and DNS tunnelling attacks were all roughly detected at the same level due to the inclusion of several IoT multi-vector cyberattack characteristics based on flow analysis and features based on the most widely used IoT protocols. In this scenario, the authors analyzed and compared the efficacy of existing machine learning-based methods for detecting attacks on the infrastructure supporting the Internet of Things.

The suggested model requires dividing the dataset as follows: 70% training and 30% testing. The collection includes actual attacks from the following Label threat classes: Brute_Force, HTTP_DDoS, ICMP_Flood, Normal, and Port_Scan. When no new merging pairs are found, searching for a new couple continues until the p-value is less than the significance level met.CHAID analysis relies heavily on statistical testing, and it is feasible to distinguish two primary functions:

Combination of individual values and categorizations of predictor variables

Predictor variables are chosen according to the statistical significance of their relationship with the dependent variable.

Table 2 contains this model's top Decision Rules for 'Label'. This table indicates the rule confidence concerning a particular rule. One of the most widely used statistically-based supervised learning methods for creating decision trees is the CHAID method. Table 3 displays the CHAID model designed for the current problem.

One of the multivariate dependency methods, the CHAID algorithm, is used to find correlations between a category-dependent variable and several categorical or metric-independent variables (in which case, their coding and transformation into categorical variables must be done previously). Figure 2 displays three modes among 77 nodes created in the CHAID model. Malicious traffic was modelled after network activity from well-known botnets like Mirai, Dark Nexus, and Gafgyt and sourced from publicly available datasets that catalogue attacks on IoT networks using protocols including TCP, UDP, HTTP GET, and DNS tunnelling.

In addition, malicious traffic was created with standard tools, while data from non-threatening Internet of Things devices, including a router, thermostat, and video camera, was captured. By applying many forms of machine learning, the traits described in the paper were sorted and then deleted from the incoming data. To what extent machine learning algorithms can identify multi-vector attacks on the Internet of Things infrastructure is primarily a function of the objects used in training and test samplings/settings. More investigation is being put into this crucial component.

Automated and iterative tree building using Pearson's Chi-square statistic and CHAID denotes the corresponding p-value in Fig. 5 . In Fig. 5 , "nodes" are the places or branches where information is separated according to predetermined rules. Each node stands for a group of similar records inside the dataset, like attack categories, % of attacks encounters and number of attacks. Figure 6 displays predictor importance in the CHAID model. As shown in Fig. 6 , each node in a decision tree constructed with the CHAID method has a set of predictors applied to it, and these predictors are chosen for their ability to partition the data into useful categories. The relevance of predictors is a tool for figuring out which variables truly matter for the tree's ultimate verdict. By locating these powerful predictors, insights into which factors have a greater influence on the result being predicted may be gained.

Nodes in the CHAID model

Predicator importance in the CHAID model

Testing hypotheses regarding whether two variables are (or aren't) independent is vital to the CHAID method's implementation. The authors got an insight into the model's performance in forecasting cyber attacks for IoT devices by analyzing the values in the confusion matrix and computing the evaluation metrics. This gives us insight into the model's discriminatory abilities, allowing us to spot problems like false positives and false negatives. This data may be used to judge IoT systems' safety and further influence the model's development.

Table 4 depicts the results gained by the CHAID model on the prescribed dataset. It shows both the accuracy level achieved at the training and testing phases. This model earns a 90.17% accuracy level overall.

Next, the support vector machine has been implemented to evaluate the various detection methods. The dataset was used to train and test the algorithm, with 75% of the data being used for training and 25% for testing.

In Table 5 , the authors compare the performance of the SVM model against one-class and two-class SVMs. While a two-class SVM may be more accurate in most cases, The authors could save time and effort by creating a powerful one-class SVM to classify our datasets offline. Regular traffic can be used as a training dataset for a one-class SVM. Therefore, the objective of this phase is dual.

The first step is comparing the various SVM methods to see which provides the most accurate detection. Comparisons are made between linear and non-linear Radial Basis Function (RBF) models of a one-class SVM and a two-class SVM, respectively. Second, the authors want to see how well the various SVM approaches perform on intrusion detection tasks compared to our unsupervised anomaly-based IDS. Table 6 describes the simulation results obtained through the proposed CHAID model.

Compared to prior research, this proposed method can generate a significantly accurate label, as presented in Fig. 7 .

Confusion Matrix for the proposed model

Table 7 has been reconstructed as including the detailed performance of the proposed model.

The information displayed in Table 6 has been graphically represented by Fig. 8 , proving that the proposed model achieved the maximum level of accuracy (99.78%), as shown in Fig. 8 .

Comparison of accuracy % for existing Vs. Proposed Method

All characteristics for both datasets were tried out in the prior study. However, our suggested model considers a feature selection method based on information gain and, in the end, employs just 25 of the essential characteristics, as shown in Fig. 9 .

TPR Validation

The multi-class support vector machine (SVM) and CHAID decision tree used in the Internet of Things (IoT) cyber attack prediction framework yielded encouraging findings. The framework not only distinguished the most crucial criteria for attack classification but also achieved excellent accuracy while classifying attacks. The framework's 99.72% accuracy is a big step forward over earlier approaches. The SVM model's accuracy may be enhanced by giving more importance to certain characteristics during training.

Figure 10 demonstrates that combining multi-class SVM with the CHAID decision tree effectively predicts cyber-attacks in IoT devices. The framework is effective enough to classify attacks with high precision and zero in on their most salient characteristics. This data may strengthen the defences protecting IoT infrastructure by pinpointing possible attack entry points. The framework's excellent accuracy is a notable advancement over earlier approaches. This indicates that the framework can detect cyber assaults on Internet of Things (IoT) devices.

A further useful discovery is the selection of the top five characteristics for use in classifying attacks. By giving greater importance to these characteristics when training the SVM model, accuracy may be improved. This research found that combining multi-class SVM with the CHAID decision tree was the most effective method for predicting IoT cyber-attacks. The framework is effective enough to classify attacks with high precision and zero in on their most salient characteristics. This data may strengthen the defences protecting IoT infrastructure by pinpointing possible attack entry points.

When deciding which machine learning model to use in a production setting, comparing their respective timing performances is crucial. Compared to the CHAID decision tree, multi-class SVM is a more time-consuming and resource-intensive technique. This is because the CHAID decision tree is a greedy method, while multi-class SVM needs to tackle a quadratic optimization issue. The temporal complexity of multi-class SVM and the CHAID decision tree are compared in the following table (Table 8 ).

Where n is the number of training samples, and C is the hyperparameter of the multi-class SVM algorithm. Compared to CHAID decision trees, whose time complexity climbs at a logarithmic rate as n increases, multi-class SVMs have a cubic growth rate. This means multi-class SVM will be less efficient for big datasets than the CHAID decision tree. When evaluating the speed with which different ML models complete their tasks, it is important to consider more than just the time complexity involved.

The time needed to train and forecast scales linearly with the model's size.

The hardware platform in use may also impact model performance. For training and forecasting with deep learning models, for instance, a GPU will outperform a CPU.

Here are a few things to keep in mind while picking an ML model for continuous forecasting:

Multi-class SVM may be the best option when working with a limited dataset.

The CHAID decision tree may be the best option for a huge dataset.

Training and prediction using a GPU is recommended if the model is big.

If resources on the hardware platform are tight, a less complex design should be favoured.

Significant progress has been made in IoT security with a revolutionary multi-class SVM and an improved CHAID decision tree-based model for cyber attack prediction for IoT devices. In this section, the authors explore the research's main conclusions and ramifications while elaborating on the model's advantages and disadvantages. Compared to more conventional prediction methods, our innovative model, which combines multi-class SVM with an improved CHAID decision tree, shows substantial improvement. Combining the best features of both algorithms, this model may successfully defend Internet of Things (IoT) systems from more sophisticated and varied cyberattacks. The model can handle numerous attack classes according to the multi-class SVM algorithm, and it is optimized for speed and accuracy in classification thanks to the CHAID decision tree.

Feature selection methods are incorporated into the model to determine which features are most important and informative for cyber attack prediction. The model can enhance its prediction abilities by lowering the number of characteristics included in the analysis and avoiding the negative effects of the curse of dimensionality. To improve the precision of predictions, the CHAID decision tree algorithm may be tweaked to zero down on the most discriminatory characteristics. The CHAID decision tree technique makes the model more understandable and comprehensible. The decision tree format simplifies the analysis and analysis of alternatives. This openness aids in the detection of possible vulnerabilities and countermeasures. It allows security analysts and system managers to understand better the elements contributing to cyber assaults on IoT devices. Because of its efficiency and scalability, the suggested approach is well-suited for predicting cyber attacks in real time for widespread IoT installations. The model's ability to deal with high-dimensional data and quickly produce predictions is due to the use of the multi-class SVM algorithm and the optimized CHAID decision tree, which are well-known for their computational efficiency. The capacity to identify and respond quickly to cyber attacks in IoT systems relies heavily on the system's scalability and efficiency.

Combining Multi-Class SVM with an Optimized CHAID Decision Tree for cyber attack detection is a potent technique to boost detection systems' precision and recall. Multi-class SVM, a supervised machine learning technique, may classify data into numerous categories. It's an effective algorithm that can reach very high levels of precision. It is sensitive to the choice of hyperparameters and can be computationally expensive to train. The CHAID decision tree algorithm has been enhanced to identify cyber-attacks better. The algorithm is easily understood and interpreted.

On the other hand, it may not be as precise as multi-class SVM. The advantages of each method may be obtained by combining them. An Optimized CHAID decision tree can provide the recall, while a Multi-Class Support Vector Machine can provide the accuracy.

Using Multi-Class SVM as a primary classifier is one approach to combining these two methods. The authors would utilize Multi-Class SVM to divide the data into manageable categories. The data inside each class would then be classified using an Optimized CHAID decision tree. Because Multi-Class SVM may be used to filter out much of the irrelevant information, this strategy has the potential to yield good results. With this information, the Optimized CHAID decision tree can zero down on the cyber threats that are most likely to occur. Parallel execution is yet another method for combining these two programs. This would involve employing both algorithms to sort the information. The combined output of the two algorithms would then serve as the basis for a conclusion. This strategy has the potential for success since it takes advantage of the best features of both algorithms. An Optimized CHAID decision tree can provide the recall, while a Multi-Class Support Vector Machine can provide the accuracy.

While the outcomes of our approach are encouraging, it is important to note its limits. The training data must be high quality and sufficiently representative of the real world for the model to work well. Future studies should gather more diverse and realistic datasets to enhance the model's generalizability. Cyber attack prediction models might be even more effective with additional research into ensemble approaches and incorporating other machine learning techniques. Improved accuracy, interpretability, and efficiency are some of the benefits that the unique multi-class SVM and optimized CHAID decision tree-based model bring to the problem of cyber attack prediction for IoT devices. By working together, these algorithms improve the handling of multi-class situations, feature optimization, and decision clarity. Future studies should aim to develop and improve this model to increase its usefulness and the security of IoT systems against cyber threats.

There is scepticism about the added complexity introduced by employing many classifiers in an ensemble model. As time has progressed, however, processing units like mobile devices have become progressively quicker, and memory resources have become increasingly inexpensive; this has led to the possibility of a wide range of algorithms, including ensemble approaches, being used for fog computing. Efficient resource allocation in fog computing is another area of study. Moreover, studies have developed fog system designs that may use ensemble learning without significantly increasing latency. It is argued that the design and efficient resource allocation method explored in this article may be used to implement the stacking strategy. Since missing a cyberattack is associated with a high cost, the discovery that stacking can beat single classifiers for counterattack detection in IoT Smart city applications has significant value despite modest increases in complexity.

Conclusions

To forecast cyber-attacks in IoT systems, the authors provide a unique multi-class support vector machine (SVM) and improved CHAID decision tree-based model. In addition to enhanced prediction accuracy, this model boasts enhanced interpretability, scalability, efficiency, and optimized feature selection. The proposed model gains the highest accuracy level (98.28%). It is maximum accuracy achieved in both the training and testing phases. Using multi-class support vector machines (SVMs) and improved CHAID decision tree algorithms, various attack classes may be handled efficiently and with complete clarity. The model incorporates feature selection approaches to zero in on the most important aspects for cyber attack prediction, lowering the dimensionality and increasing the efficiency with which the model operates. By improving interpretability, the CHAID decision tree method gives security analysts a deeper understanding of attack vectors and weak spots. A potential topic of study is the combination of Multi-Class SVM and Optimized CHAID decision tree for detecting cyber attacks. Combining the best features of these two algorithms allows for the creation more effective and trustworthy systems for detecting cyber attacks. The study found the following additional results:

Accuracy and recall in detecting cyber attacks can be enhanced by combining Multi-Class SVM with an Optimized CHAID decision tree.

Multi-Class SVM may be used as a first-stage classifier in integrating these two techniques, or the two can be used simultaneously.

Organizational requirements should guide the selection of an integration strategy.

Improving the accuracy and reliability of cyber attack detection systems by integrating Multi-Class SVM and Optimized CHAID decision tree is a promising field of research.

Due to its efficiency and scalability, the model may be used for real-time prediction in massive IoT rollouts. Its computing performance allows for rapid forecasts and faster cyber threat detection and mitigation. Our model has potential, but it is not without caveats. Training data is crucial to the model's success; thus, it's important to use a wide variety of data that accurately represents the target domain. Investigating ensemble approaches and incorporating additional machine learning techniques in future studies might improve the resilience and accuracy of the model.

Our unique multi-class support vector machine (SVM) and improved CHAID decision tree-based model both add to the development of cyber attack prediction in IoT systems. It's a helpful resource for countering online dangers and protecting sensitive data. More work will improve and broaden the model, leading to stronger defences for Internet of Things devices. Thus, a CHAID-based paradigm is proposed for predicting multi-stage cyber threat detection for IoT communication. In this research, the authors investigate whether the proposed CHAID method can be used to detect cyberattacks in IoT-based Smart city applications. Through testing with the most up-to-date IoT attack database, we have found that this technique, mainly stacking, outperforms individual models in distinguishing malicious from benign data. Using a feature selection method informed by information gain, the authors can zero in on the data that will impact the model's performance most. Additionally, our proposed technique with the SVM technique leads to higher performance than the single or other models employed in recent publications in categorizing attack types in terms of accuracy, precision, recall, and F1-score metrics. In the future, the authors want to investigate deep learning strategies that might significantly improve the effectiveness of IoT threat detection.

Finally, as automated systems and Smart cities gain popularity, they will also face increased cyber attacks. Suppose citizens are denied access to or otherwise have their privacy invaded within an automated system. In that case, it can have severe consequences for them as individuals and be expensive for the government to fix. System failures in managing emergencies (such as accidents and fires) can potentially endanger people's health. Our findings that stacking classifiers can improve the detection of cyberattacks in smart city networks have ramifications beyond technological contributions, including economic and societal ones.

More information will be gained in this regard from studies to be conducted in the future. To better identify cyber-attacks, new machine learning algorithms may be created. Because they will be customized to the unique traits of cyber assaults, these algorithms may be more accurate and trustworthy than their predecessors. Cyber attack detection systems may be more effective using additional data sources like network traffic data and system logs. This information can be utilized to spot trends in cyber assaults that aren't picked up by currently available databases. It is possible to build automated reaction systems responding to cyber threats. The authors may use these technologies to quarantine compromised machines, stave off harmful traffic, and roll back to a prior configuration.

Availability of data and materials

Publicly available datasets were analyzed in this study .

Change history

12 october 2023.

A Correction to this paper has been published: https://doi.org/10.1186/s13677-023-00526-3

Abdullahi M, Baashar Y, Alhussian H, Alwadain A, Aziz N, Capretz LF, Abdulkadir SJ (2022) Detecting cybersecurity attacks in internet of things using artificial intelligence methods: a systematic literature review. Electronics 11(2):198

Article Google Scholar

Chukwudi AE, Udoka E, Charles E (2017) Game theory basics and its application in cyber security. Adv Wireless Commun Net 3(4):45–49

Abu Al-Haija Q, Krichen M, Abu Elhaija W (2022) Machine-learning-based darknet traffic detection system for IoT applications. Electronics 11(4):556

Lombardi M, Pascale F, Santaniello D (2022) Two-step algorithm to detect cyber-attack over the can-bus: a preliminary case study in connected vehicles. ASCE-ASME J Risk and Uncert in Engrg Sys Part B Mech Engrg 8(3):031105

Rawat R, Mahor V, Garg B, Chouhan M, Pachlasiya K, Telang S (2022) Modeling of cyber threat analysis and vulnerability in IoT-based healthcare systems during COVID. In Lessons from COVID-19. Academic Press, pp. 405–425

Wang X, Gong X, Yu L, Liu J (2021) MAAC: Novel alert correlation method to detect multi-step attack. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, pp. 726–733

Kimani K, Oduol V, Langat K (2019) Cyber security challenges for IoT-based smart grid networks. Int J Crit Infrastruct Prot 25:36–49

Pacheco J, Hariri S (2016) IoT security framework for smart cyber infrastructures. In 2016 IEEE 1st International workshops on Foundations and Applications of self* systems (fas* w). IEEE, pp. 242–247

Dalal S, Manoharan P, Lilhore UK, Seth B, Simaiya S, Hamdi M, Raahemifar K (2023) Extremely boosted neural network for more accurate multi-stage Cyber attack prediction in cloud computing environment. J Cloud Computing 12(1):1–22

Sontowski S, Gupta M, Chukkapalli SSL, Abdelsalam M, Mittal S, Joshi A, Sandhu R (2020) Cyber attacks on smart farming infrastructure. In 2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC). IEEE, pp. 135-143

Dalal S, Poongodi M, Lilhore UK, Dahan F, Vaiyapuri T, Keshta I, Aldossary SM, Mahmoud A, Simaiya S (2023) Optimized LightGBM model for security and privacy issues in cyber-physical systems. Trans Emerging Telecommun Technol 25:e4771

Tran MQ, Elsisi M, Liu MK, Vu VQ, Mahmoud K, Darwish MM, Abdelaziz AY, Lehtonen M (2022) Reliable deep learning and iot-based monitoring system for secure computer numerical control machines against cyber-attacks with experimental verification. IEEE Access 10:23186–23197

ÖZALP AN, ALBAYRAK Z, ÇAKMAK M, ÖZDOĞAN E (2022) Layer-based examination of cyber-attacks in IoT. In 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). IEEE, pp. 1–10

Shahin M, Chen FF, Hosseinzadeh A, Bouzary H, Rashidifar R (2022) A deep hybrid learning model for detecting cyber attacks in industrial IoT devices. The Int J Adv Manuf Technol 123(5):1973–1983

Yazdinejad A, Kazemi M, Parizi RM, Dehghantanha A, Karimipour H (2023) An ensemble deep learning model for cyber threat hunting in industrial internet of things. Digit Commun Networks 9(1):101–110

Ismail S, Reza H (2022) Evaluation of Naïve Bayesian Algorithms for Cyber-Attacks Detection in Wireless Sensor Networks. In 2022 IEEE World AI IoT Congress (AIIoT). IEEE, pp. 283–289

Ahmad T, Zhang D (2021) Using the Internet of things in smart energy systems and networks. Sustain Cities Soc 68:102783

Le K-H, Nguyen M-H, Tran T-D, Tran N-D (2022) IMIDS: An Smart intrusion detection system against cyber threats in IoT. Electronics 11(4):524

Semwal P, Handa A (2022) “Cyber-attack detection in cyber-physical systems using supervised machine learning.” In Handbook of Big Data Analytics and Forensics. Cham, Springer, pp 131–140

Chapter Google Scholar

Raimundo RJ, Rosário AT (2022) Cybersecurity in the internet of things in industrial management. Appl Sci 12(3):1598

Chakrabarty S, Engels DW. "A secure IoT architecture for smart cities." In 2016 13th IEEE annual consumer communications & networking conference (CCNC), pp. 812–813. IEEE, 2016.

Koroniotis N, Moustafa N, Schiliro F, Gauravaram P, Janicke H (2020) A holistic review of cybersecurity and reliability perspectives in smart airports. IEEE Access 8:209802–209834

Ansere JA, Han G, Wang H, Choi C, Wu C (2019) A reliable energy efficient dynamic spectrum sensing for cognitive radio IoT networks. IEEE Internet Things J 6(4):6748–6759

Onyema EM, Dalal S, Romero CAT, Seth B, Young P, Wajid MA (2022) Design of intrusion detection system based on cyborg intelligence for security of cloud network traffic of smart cities. J Cloud Computing 11(1):1–20

Dalal S, Seth B, Jaglan V, Surbhi MM, Dahiya N, Rani U, Le DN, Hu YC (2022) An adaptive traffic routing approach toward load balancing and congestion control in Cloud–MANET ad hoc networks. Soft Computing 26(11):5377–5388

Krundyshev, Vasiliy, and Maxim Kalinin. "Hybrid neural network framework for detection of cyber attacks at smart infrastructures." In Proceedings of the 12th International Conference on Security of Information and Networks, pp. 1–7. 2019.

Saheed YK, Arowolo MO (2021) Efficient cyber attack detection on the internet of medical things-smart environment based on deep recurrent neural network and machine learning algorithms. IEEE Access 9:161546–161554

Seth B, Dalal S, Jaglan V, Le D-N, Mohan S, Srivastava G (2022) Integrating encryption techniques for secure data storage in the cloud. Trans Emerging Telecommun Technol 33(4):e4108

Shafiq M, Tian Z, Sun Y, Xiaojiang Du, Guizani M (2020) Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Futur Gener Comput Syst 107:433–442

Masud RM (2019) IoT-based electric vehicle state estimation and control algorithms under cyber attacks. IEEE Internet Things J 7(2):874–881

Google Scholar

Seth B, Dalal S, Le DN, Jaglan V, Dahiya N, Agrawal A, Sharma MM, Prakash D, Verma KD (2021) Secure cloud data storage system using hybrid paillier–blowfish algorithm. Computers Materials Continua 67:1

Gochhayat SP, Lal C, Sharma L, Sharma DP, Gupta D, Saucedo JAM, Kose U (2020) Reliable and secure data transfer in IoT networks. Wireless Net 26(8):5689–5702

Liu PY, Wu KR, Liang JM, Chen JJ, Tseng YC. "Energy-efficient uplink scheduling for ultra-reliable communications in NB-IoT networks." In 2018 IEEE 29th Annual International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), pp. 1–5. IEEE, 2018.

Ghosh S, Dagiuklas T, Iqbal M, Wang X (2022) A cognitive routing framework for reliable communication in iot for industry 5.0. IEEE Trans Industr Inf 18(8):5446–5457

Rathore MS, Poongodi M, Saurabh P, Lilhore UK, Bourouis S, Alhakami W, Osamor J, Hamdi M (2022) A novel trust-based security and privacy model for internet of vehicles using encryption and steganography. Comput Electr Engi 102:108205

Conti M, Kaliyar P, Lal C. "REMI: a reliable and secure multicast routing protocol for IoT networks." In Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–8. 2017.

Maddikunta PKR, Pham QB, Prabadevi B, Deepa N, Dev K, Gadekallu TR, Ruby R, Liyanage M (2022) Industry 5.0: A survey on enabling technologies and potential applications. J Industrial Inform Integ 26:100257

Khan WU, Ihsan A, Nguyen TN, Ali Z, Javed MA (2022) NOMA-enabled backscatter communications for green transportation in automotive-industry 5.0. IEEE Transact Industrial Inform 18(11):7862–7874

Hassan A, Prasad D, Khurana M, Lilhore UK, Simaiya S (2021) Integration of internet of things (IoT) in health care industry: an overview of benefits, challenges, and applications. Data Sci Innovations Smart Syst 30:165–180

Liu Y, Wu H, Rezaee K, Khosravi MR, Khalaf OI, Khan AA, Ramesh D, Qi L (2022) Interaction-enhanced and time-aware graph convolutional network for successive point-of-interest recommendation in traveling enterprises. IEEE Transact Industrial Inform 19(1):635–643

Qi L, Liu Y, Zhang Y, Xiaolong Xu, Bilal M, Song H (2022) Privacy-aware point-of-interest category recommendation in internet of things. IEEE Internet Things J 9(21):21398–21408

Liu Y, Li D, Wan S, Wang F, Dou W, Xiaolong Xu, Li S, Ma R, Qi L (2022) A long short-term memory-based model for greenhouse climate prediction. Int J Intell Syst 37(1):135–151

Abu Al-Haija Q, Al-Fayoumi M. "An intelligent identification and classification system for malicious uniform resource locators (URLs)." Neural Computing and Applications (2023): 1–17.

Al-Haija QA, McCurry CD, Zein-Sabatto S. "Intelligent self-reliant cyber-attacks detection and classification system for IoT communication using deep convolutional neural network." Selected Papers from the 12th International Networking Conference: INC 2020 12. Springer International Publishing, 2021.

Abu Al-Haija Q, Badawi AA, Bojja GR (2022) Boost-defence for resilient IoT networks: a head-to-toe approach. Expert Syst 39(10):e12934

Abu Al-Haija Q, Alohaly M, Odeh A (2023) A lightweight double-stage scheme to identify malicious DNS over HTTPS traffic using a hybrid learning approach. Sensors 23(7):3489

Al-Haija QA (2023) Cost-effective detection system of cross-site scripting attacks using hybrid learning approach. Results Eng 19:101266

Download references

Acknowledgements

The authors thank Princess Nourah bint Abdulrahman University Researchers Supporting Project number (PNURSP2023R410), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia.

The funding of this work was provided by Princess Nourah bint Abdulrahman University Researchers Supporting Project number (PNURSP2023R410), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia.

Author information

Authors and affiliations.

Department of Computer Science and Engineering, Amity University Haryana, Gurugram, India

Surjeet Dalal

Department of Computer Science and Engineering, Chandigarh University, Mohali, Punjab, 1404133, India

Umesh Kumar Lilhore & Sarita Simaiya

Department of Computer Engineering and Applications, GLA University, Mathura, (UP)-281406, India

Neetu Faujdar

Department of Information Systems, College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, P.O. Box 84428, 11671, Riyadh, Saudi Arabia

Manel Ayadi, Nouf A. Almujally & Amel Ksibi

You can also search for this author in PubMed Google Scholar

Contributions

UKL & S.D. were responsible for Validation, Software, Data Curation, and Writing - Original Draft. N.F. & S.S. was responsible for Conceptualization, Writing - Original Drafts. MA & NA was responsible for Writing - Original Draft, Visualization. NF & NA were responsible for Writing - Review & Editing. SD & MA were responsible for Formal Analysis. A.K. was responsible for Writing - Original Draft, Resources, and Supervision. The author(s) read and approved the final manuscript.

Corresponding author

Correspondence to Umesh Kumar Lilhore .

Ethics declarations

Ethics approval and consent to participate.

Not applicable.

Consent for publication

Competing interests.

The authors declare no competing interests.

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original version of this article was revised: author’s name was published incorrectly. It was: Neetu Foujdar. It should be: Neetu Faujdar.

Rights and permissions

Reprints and permissions

About this article

Cite this article.

Dalal, S., Lilhore, U.K., Faujdar, N. et al. Next-generation cyber attack prediction for IoT systems: leveraging multi-class SVM and optimized CHAID decision tree. J Cloud Comp 12 , 137 (2023). https://doi.org/10.1186/s13677-023-00517-4

Download citation

Received : 12 June 2023

Accepted : 10 September 2023

Published : 29 September 2023

DOI : https://doi.org/10.1186/s13677-023-00517-4

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Anomaly detection
CHAID decision tree
IoT cyber attacks
Multistep attack
Security investigation
Zero-day attack

Enhancing Internet of Things Security with Random Forest-Based Anomaly Detection

Conference paper
First Online: 20 August 2024
Cite this conference paper

Muhammad R. Ahmed 8 , 9 ,
Thirein Myo 8 ,
Ahmed Al Shihimi 8 ,
Badar Al Baroomi 8 &
M. Shamim Kaiser 10

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2065))

Included in the following conference series:

International Conference on Applied Intelligence and Informatics

The Internet of Things (IoT) has revolutionized communication and device operation, but it has also brought significant security challenges. IoT networks are structured into four levels: devices, networks, applications, and services, each with specific security considerations. Personal Area Networks (PANs), Local Area Networks (LANs), and Wide Area Networks (WANs) are the three types of IoT networks, each with unique security requirements. Communication protocols such as Wi-Fi and Bluetooth, commonly used in IoT networks, are susceptible to vulnerabilities and require additional security measures. Apart from physical security, authentication, encryption, software vulnerabilities, DoS attacks, data privacy, and supply chain security pose significant challenges. Ensuring the security of IoT devices and the data they exchange is crucial. This paper utilizes the Random Forest Algorithm from machine learning to detect anomalous data in IoT devices. The dataset consists of environmental data (temperature and humidity) collected from IoT sensors in Oman. The Random Forest Algorithm is implemented and trained using Python, and the accuracy and results of the model are discussed, demonstrating the effectiveness of Random Forest for detecting IoT device data anomalies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save.

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime
Available as PDF
Read on any device
Instant download
Own it forever
Available as EPUB and PDF
Compact, lightweight edition
Dispatched in 3 to 5 business days
Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Salih, K.O.M., Rashid, T.A., Radovanovic, D., Bacanin, N.: A comprehensive survey on the Internet of Things with the industrial marketplace. Sensors 22 (3), 730 (2022). https://doi.org/10.3390/s22030730

Article Google Scholar

Ayaz, M., Ammad-Uddin, M., Sharif, Z., Mansour, A., Aggoune, E.-H.M.: Internet-of-Things (IoT)-based smart agriculture: toward making the fields talk. IEEE Access 7 , 129551–129583 (2019). https://doi.org/10.1109/ACCESS.2019.2932609

Maple, C.: Security and privacy in the internet of things. J. Cyber Policy 2 (2), 155–184 (2017). https://doi.org/10.1080/23738871.2017.1366536

Wu, M., Lu, T.-J., Ling, F.-Y., Sun, J., Du, H.-Y.: Research on the architecture of Internet of Things. In: 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), pp. V5–484-V5–487 (2010) https://doi.org/10.1109/ICACTE.2010.5579493

Saqlain, M., Piao, M., Shim, Y., Lee, J.Y.: Framework of an IoT-based industrial data management for smart manufacturing. J. Sensor Actuator Netw. 8 (2), 25 (2019). https://doi.org/10.3390/jsan8020025

Pau, G., Chaudet, C., Zhao, D., Collotta, M.: Next generation wireless technologies for Internet of Things. Sensors 18 (1), 221 (2018). https://doi.org/10.3390/s18010221

Braley, R.C., Gifford, I.C., Heile, R.F.: Wireless personal area networks: an overview of the IEEE P802.15 working group. SIGMOBILE Mob. Comput. Commun. Rev. 4 (1), 26–33 (2000). https://doi.org/10.1145/360449.360465

Kraijak, S., Tuwanut, P.: A survey on IoT architectures, protocols, applications, security, privacy, real-world implementation and future trends. In: 11th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2015), pp. 1–6 (2015) https://doi.org/10.1049/cp.2015.0714

Ahmed, M. R. Al Shihimi, A., Myo, T., Al Baroomi, B., Aseeri, M. A.: Internet of Things network architecture and security challenges. In: presented at the Second International Conference on Advances in Software Engineering and Information Technology, Mumbai: Hinweis, Jun. 2023

Google Scholar

M. A. Jabraeil Jamali, B. Bahrami, A. Heidari, P. Allahverdizadeh, and F. Norouzi: IoT architecture, towards the Internet of Things: architectures, security, and applications, In: M. A. Jabraeil Jamali, B. Bahrami, A. Heidari, P. Allahverdizadeh, and F. Norouzi, Eds., in EAI/Springer Innovations in Communication and Computing, Springer International Publishing, Cham, pp. 9–31 (2020) https://doi.org/10.1007/978-3-030-18468-1_2

Zhong, C.-L., Zhu, Z., Huang, R.-G.: Study on the IOT Architecture and gateway technology. In: 2015 14th International Symposium on Distributed Computing and Applications for Business Engineering and Science (DCABES), pp. 196–199 (2015) https://doi.org/10.1109/DCABES.2015.56

Kumar, S., Tiwari, P., Zymbler, M.: Internet of Things is a revolutionary approach for future technology enhancement: a review. J. Big Data 6 (1), 111 (2019). https://doi.org/10.1186/s40537-019-0268-2

Oza, S., et al.: IoT: The Future for Quality of Services. In: Kumar, A., Mozar, S. (eds.) ICCCE 2019, pp. 291–301. Lecture Notes in Electrical Engineering, Springer Singapore (2020)

Chapter Google Scholar

Sehrawat, D. Gill, N.S.: Smart sensors: analysis of different types of IoT sensors. In: 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), pp. 523–528 (2019) https://doi.org/10.1109/ICOEI.2019.8862778

Al-Sarawi, S., Anbar, M., Alieyan, K., Alzubaidi, M.: Internet of Things (IoT) communication protocols: Review. In: 2017 8th International Conference on Information Technology (ICIT), pp. 685–690. (2017) https://doi.org/10.1109/ICITECH.2017.8079928

Heđi, I., Špeh, I., Šarabok, A.: IoT network protocols comparison for the purpose of IoT constrained networks. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 501–505 (2017) https://doi.org/10.23919/MIPRO.2017.7973477

Shaukat, K., Alam, T.M., Hameed, I.A., Khan, W.A., Abbas, N., Luo, S. A.: Review on Security Challenges in Internet of Things (IoT). In: 2021 26th International Conference on Automation and Computing (ICAC), pp. 1–6. (2021) https://doi.org/10.23919/ICAC50006.2021.9594183

Kimani, K., Oduol, V., Langat, K.: Cyber security challenges for IoT-based smart grid networks. Int. J. Crit. Infrastruct. Prot. 25 , 36–49 (2019). https://doi.org/10.1016/j.ijcip.2019.01.001

Lin, H., Bergmann, N.W.: IoT privacy and security challenges for smart home environments. Information 7 (3), 44 (2016). https://doi.org/10.3390/info7030044

Waheed, N., He, X., Ikram, M., Usman, M., Hashmi, S.S., Usman, M.: Security and privacy in IoT using machine learning and blockchain: threats and countermeasures. ACM Comput. Surv. 53 (6), 122 (2020). https://doi.org/10.1145/3417987

Mohanta, B.K., Jena, D., Ramasubbareddy, S., Daneshmand, M., Gandomi, A.H.: Addressing security and privacy issues of IoT using blockchain technology. IEEE Internet Things J. 8 (2), 881–888 (2021). https://doi.org/10.1109/JIOT.2020.3008906

Hussain, F., Hussain, R., Hassan, S.A., Hossain, E.: Machine learning in IoT security: current solutions and future challenges. IEEE Commun. Surv. Tutor. 22 (3), 1686–1721 (2020). https://doi.org/10.1109/COMST.2020.2986444

Feroz Khan, A.B.: A multi-layer security approach for DDoS detection in Internet of Things. Int. J. Int. Unmanned Syst. 9 (3), 178–191 (2020). https://doi.org/10.1108/IJIUS-06-2019-0029

Nizzi, F., Pecorella, T., Esposito, F., Pierucci, L., Fantacci, R.: IoT security via address shuffling: the easy way. IEEE Int. Things J. 6 (2), 3764–3774 (2019). https://doi.org/10.1109/JIOT.2019.2892003

Ramya Devi, R., Vijaya Chamundeeswari, V.: Triple DES: privacy preserving in big data healthcare. Int. J. Parallel Prog. 48 (3), 515–533 (2020). https://doi.org/10.1007/s10766-018-0592-8

Abiodun, M.K., Awotunde, J.B., Ogundokun, R.O., Adeniyi, E.A., Arowolo, M.O.: Security and Information Assurance for IoT-Based Big Data Artificial Intelligence for Cyber Security Methods Issues and Possible Horizons or Opportunities. In: S Misra, A Kumar Tyagi, (eds.) Studies in Computational Intelligence, Springer International Publishing Cham, pp. 189–211 (2021)

Tewari, A., Gupta, B.B.: A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices. Int. J. Adv. Int. Paradigms 9 (2–3), 111–121 (2013). https://doi.org/10.1504/IJAIP.2017.082962

Tiwari, H.D., Kim, J.H.: Novel method for DNA-based elliptic curve cryptography for IoT devices. ETRI J. 40 (3), 396–409 (2018). https://doi.org/10.4218/etrij.2017-0220

Barman, P. Saha, B.: DNA encoded elliptic curve cryptography system for IoT security. Rochester, NY, Mar. 19, Accessed: Jun. 18, 2023. [Online]. Available: https://papers.ssrn.com/abstract=3355530 (2019)

Aledhari, M., Parizi, R. M., Dehghantanha, A., Choo, K.-K. R.: A hybrid RSA algorithm in support of IoT greenhouse applications. In: 2019 IEEE International Conference on Industrial Internet (ICII), pp. 233–240. https://doi.org/10.1109/ICII.2019.00049 (2013)

Sullivan, W.: Decision tree and random forest: machine learning and algorithms: the future is here! CreateSpace Independent Publishing Platform, (2018)

Panesar, A.: Machine learning and AI for healthcare: big data for improved health outcomes. Apress, (2019)

Strobl, C.: Statistical issues in machine learning: towards reliable split selection and variable importance measures. Cuvillier Verlag, (2008)

Ahmed, M.R., Myo, T., Al Baroomi, B., Marhaban, M.H., Kaiser, M.S., Mahmud, M.: A Novel Framework to Detect Anomalous Nodes to Secure Wireless Sensor Networks, Applied Intelligence and Informatics. In: Ieracitano, C., Kaiser, M.S., Mammone, N., Morabito, F.C. (eds.) M Mahmud, pp. 499–510. Communications in Computer and Information Science, Springer Nature Switzerland Cham (2022)

Wan, S., Yang, H.: Comparison among methods of ensemble learning. In: 2013 International Symposium on Biometrics and Security Technologies, pp. 286–290. (2013) https://doi.org/10.1109/ISBAST.2013.50

Ahmad, M.W., Mourshed, M., Rezgui, Y.: Tree-based ensemble methods for predicting PV power generation and their comparison with support vector regression. Energy 164 , 465–474 (2018). https://doi.org/10.1016/j.energy.2018.08.207

Download references

Author information

Authors and affiliations.

Military Technological College, Muscat, Oman

Muhammad R. Ahmed, Thirein Myo, Ahmed Al Shihimi & Badar Al Baroomi

Faculty of Engineering, University Putra Malaysia, Selangor, Malaysia

Muhammad R. Ahmed

Institute of Information Technology, Jahangirnagar University, Savar, Bangladesh

M. Shamim Kaiser

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad R. Ahmed .

Editor information

Editors and affiliations.

Nottingham Trent University, Nottingham, UK

Mufti Mahmud

Higher Colleges of Technology, Dubai, United Arab Emirates

Hanene Ben-Abdallah

Jahangirnagar University, Dhaka, Bangladesh

Muhammad Raisuddin Ahmed

Maebashi Institute of Technology, Gunma, Japan

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper.

Ahmed, M.R., Myo, T., Al Shihimi, A., Al Baroomi, B., Kaiser, M.S. (2024). Enhancing Internet of Things Security with Random Forest-Based Anomaly Detection. In: Mahmud, M., Ben-Abdallah, H., Kaiser, M.S., Ahmed, M.R., Zhong, N. (eds) Applied Intelligence and Informatics. AII 2023. Communications in Computer and Information Science, vol 2065. Springer, Cham. https://doi.org/10.1007/978-3-031-68639-9_30

Download citation

DOI : https://doi.org/10.1007/978-3-031-68639-9_30

Published : 20 August 2024

Publisher Name : Springer, Cham

Print ISBN : 978-3-031-68638-2

Online ISBN : 978-3-031-68639-9

eBook Packages : Computer Science Computer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

Find a journal
Track your research

IEEE Account

Change Username/Password
Update Address

Purchase Details

Payment Options
Order History
View Purchased Documents

Profile Information

Communications Preferences
Profession and Education
Technical Interests
US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support
About IEEE Xplore
Accessibility
Terms of Use
Nondiscrimination Policy
Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
PMC10136937

Analysis of IoT Security Challenges and Its Solutions Using Artificial Intelligence

Tehseen mazhar.

1 Department of Computer Science, Virtual University, Lahore 55150, Pakistan

Dhani Bux Talpur

2 Department of Information and Computing, University of Sufism and Modern Sciences, Bhit Shah 70140, Pakistan

Tamara Al Shloul

3 Department of General Education, Liwa College of Technology, Abu Dhabi 15222, United Arab Emirates

Yazeed Yasin Ghadi

4 Department of Computer Science, Al Ain University, Abu Dhabi 112612, United Arab Emirates

Inayatul Haq

5 School of Information Engineering, Zhengzhou University, Zhengzhou 450001, China

6 Department of Computer Engineering, Gachon University, Seongnam 13120, Republic of Korea

Khmaies Ouahada

7 School of Electrical Engineering, Department of Electrical and Electronic Engineering Science, University of Johannesburg, Johannesburg 2006, South Africa

Habib Hamam

8 College of Computer Science and Engineering, University of Ha’il, Ha’il 55476, Saudi Arabia

9 International Institute of Technology and Management, Commune d’Akanda, Libreville BP 1989, Gabon

10 Faculty of Engineering, Université de Moncton, Moncton, NB E1A3E9, Canada

11 Spectrum of Knowledge Production & Skills Development, Sfax 3027, Tunisia

Associated Data

Not applicable.

The Internet of Things (IoT) is a well-known technology that has a significant impact on many areas, including connections, work, healthcare, and the economy. IoT has the potential to improve life in a variety of contexts, from smart cities to classrooms, by automating tasks, increasing output, and decreasing anxiety. Cyberattacks and threats, on the other hand, have a significant impact on intelligent IoT applications. Many traditional techniques for protecting the IoT are now ineffective due to new dangers and vulnerabilities. To keep their security procedures, IoT systems of the future will need AI-efficient machine learning and deep learning. The capabilities of artificial intelligence, particularly machine and deep learning solutions, must be used if the next-generation IoT system is to have a continuously changing and up-to-date security system. IoT security intelligence is examined in this paper from every angle available. An innovative method for protecting IoT devices against a variety of cyberattacks is to use machine learning and deep learning to gain information from raw data. Finally, we discuss relevant research issues and potential next steps considering our findings. This article examines how machine learning and deep learning can be used to detect attack patterns in unstructured data and safeguard IoT devices. We discuss the challenges that researchers face, as well as potential future directions for this research area, considering these findings. Anyone with an interest in the IoT or cybersecurity can use this website’s content as a technical resource and reference.

1. Introduction

The Internet of Things (IoT) connects everything in the modern world and is gaining traction in business, particularly in healthcare. The IoT is one of the most popular new ideas in recent years. It locates, transmits, and analyzes data using a network of connected components. In the IoT, “things” are sensors, RFID tags, heart rate monitors, and other smart devices that collect and transmit data. New devices are added to IoT networks daily. There will be roughly 20.4 billion connected devices in 2022, up from 8.4 billion in 2020 [ 1 ].

The IoT has an impact on our daily social, commercial, and economic activities. IoT revenue is expected to increase from 892 billion USD in 2018 to more than 4 trillion USD by 2025. This expansion is directly related to the growth of the digital economy. The Internet of Things has enabled smart meters, remote monitoring, process automation, smart homes, smart cities, and smart businesses [ 2 ]. Current and future Internet of Things applications and services have the potential to significantly improve the ease, speed, and comfort of customers’ lives [ 3 ]. Many cyber threats and attacks, however, are significant impediments to IoT development.

Expansion of IoT networks raises significant issues in several areas, including device management, data management, computation, security, and privacy [ 4 ]. Several security flaws discovered may jeopardize the burgeoning IoT. Future IoT applications, such as those mentioned above, may fail to fulfill all their promises if a dependable framework is not in place as they will be unable to meet individual needs or adhere to social norms. IoT systems are divided into four layers: the application layer; the middleware or support layer; the networking and data transmission layer; and the perception or sensing layer. There are many layers to IoT applications, and each needs different technology [ 2 ]. At each stage, there are particular security concerns and difficulties. Attacks, including denial-of-service, spoofing, jamming, eavesdropping, data manipulation, and man-in-the-middle, are among the most common IoT risks.

Because security threats and attacks are becoming more numerous and complex, traditional security practices are no longer as effective as they once were. Future IoT infrastructure requires a security solution that uses risk-mitigation technology to reduce risk. Proponents of the Fourth Industrial Revolution argue that artificial intelligence (AI) is critical to the future development of intelligent systems. As a result, we can detect unexpected or harmful IoT behaviors and provide a dynamic, adaptive security solution by leveraging artificial intelligence skills, particularly machine, and deep learning. To sift through security data in search of novel insights and trends, machine learning and deep learning models commonly use a preset set of rules, strategies, or complex transfer functions [ 3 ]. By recognizing anomalies in the IoT, developed security models might also be used to teach robots how to defend themselves against potential threats or attacks. The paper’s contributions to the body of literature are outlined in the following paragraphs. Data on how these technologies are used in the IoT are being gathered [ 4 ]. Numerous academic studies have been conducted on IoT security. For example, some authors have carried out a survey of IoT security vulnerabilities in which they examine and classify common security issues relating to the layered design, networking, communication, and management of the IoT [ 5 ]. The findings of a second study on the security of the IoT were published and produced a list of IoT security research opportunities and concerns after taking security in a broad meaning [ 6 ]. In addition to discussing IoT simulators and models, it summarizes the current state of IoT security research. The author also gives a quick overview of the principles of IoT security, existing dangers, potential solutions, and projections for this industry’s future [ 7 ]. They investigate the problems and state of IoT security in their study at the application, network, and perception layers [ 8 ].

The authors consider application domains, security issues, and the process by which solutions are developed. The authors show how attack vectors, vulnerabilities, and other relevant techniques can be used to classify IoT security issues [ 9 ]. The authors overview the most recent threats and vulnerabilities related to the IoT by carefully analyzing IoT security research [ 10 ]. There have been significant studies on machine learning, in addition to surveys. We look at IoT security solutions based on supervised, unsupervised, and reinforcement learning techniques. Their research primarily focuses on machine-learning-based authentication, access control, safe offloading, and virus detection for IoT data privacy solutions [ 11 ]. The authors investigate many concerns, including potential attack vectors and IoT network security requirements. The use of computers and deep learning to secure the IoT is examined [ 12 ]. Researchers have analyzed known and unknowable risks, accessible solutions, and barriers to see how the IoT’s increasing capabilities affect security and privacy [ 13 ].

Understanding the nature of data, the many kinds of cyber threats, and other pertinent factors is essential when using machine learning and deep learning to build data-driven security systems [ 14 ]. Regarding connectivity, the IoT controls how and what happens when things communicate. This suggests that, regardless of location, IoT networks are always available. Networks must remain flexible and responsive because IoT devices are constantly added and removed [ 15 ].

Because IoT devices are constantly being added and withdrawn, the network reconfiguration process must be dynamic and flexible. Ad hoc networks may rely on nearby devices for short-range communications [ 5 ]. An IoT-enabled device transforms and acts based on its proximity to the current location [ 16 ]. Wireless communication is the primary obstacle in industrial IoT networks. Highly reliable, low-latency communication is necessary for sensitive applications, such as traffic monitoring, manufacturing on an assembly line, and medical equipment [ 17 ].

An IoT device is a piece of hardware equipped with a sensor that sends data between locations through the internet. Because many sensors are used in a complex system application, the systems should be set up to use fewer resources and cost less [ 15 ].

There are different techniques of machine learning and deep learning, such as rule-based techniques, the clustering method, optimization of security features, recurrent neural network, multi-layer perceptron, and classification and regression techniques, used to protect IoT data. Regression and classification techniques are well known and frequently used in IoT machine security. Predicting the outcome of discrete values or categories, such as anomaly, average, or attacks, is a standard definition of classification problems. Clustering algorithms may be very helpful in resolving IoT security issues, such as identifying outliers, anomalies, signatures, fraud, and cyberattacks, by exposing previously hidden patterns and structures in IoT security data. Rule-based systems may be essential to IoT security because they may learn security or policy rules from data. A well-known machine learning technique called association rule learning looks for patterns or relationships between the attributes in a security dataset. This MLP network is used to analyze the NSL-KDD dataset’s malware, explain IoT parameters, detect malicious traffic coming from IoT devices, and create a model for intrusion detection. These enhanced signature properties may simplify the management of large amounts of IoT security data, such as identifying anomalies in IoT network traffic, as part of machine-learning-based security modeling. This article explores how ML and DL can be used to uncover attack patterns from unstructured data and protect IoT devices. We address the difficulties researchers encounter and potential future directions for this study area considering these findings. This study analyzes our current understanding of AI, focusing on the efficacy of machine-learning- and deep-learning-based IoT security solutions. We introduce a variety of machine learning and deep learning architectures and techniques and describe how they can be applied to intelligent security modelling in order to address the problem of IoT security. The abbreviations and their full form are shown in Table 1 .

List of abbreviations.

Abbreviations	Full Form
IoT	Internet of Things
MLP	Multi-layer perceptron
ML	Machine learning
DL	Deep learning
NB	Narrowband
LTE	Long-term evolution
DDoS	Distributed denial-of-service
DoS	Denial-of-service
ANN	Artificial neural network
KNN	K-nearest neighbors
RF	Random Forest
DT	Decision Tree
SVM	Support vector machine
NN	Neural Network
R.N.N.	Recurrent neural network

1.1. Research Gap

Cyberattacks and threats have a significant impact on intelligent IoT applications. Many traditional techniques for protecting the IoT are now ineffective due to new dangers and vulnerabilities. The capabilities of artificial intelligence, particularly machine and deep learning solutions, must be used if the next-generation IoT system is to have a continuously changing and up-to-date security system. We discussed how machine learning and deep learning can be used to detect attack patterns in unstructured data and safeguard IoT devices. Furthermore, we discuss the challenges that researchers face, as well as potential future directions for this research area.

1.2. Structure of Our Article

The remaining sections of the paper are structured as follows. The background of the domain is covered in Section 2 , along with a survey of related works. In Section 3 , we explore IoT System Architectures and Security Concerns and our research methodology. Section 4 outlines our research results, potential machine-learning- and deep-learning-based security options for IoT environments. The work is concluded in Section 5 . Figure 1 shows the taxonomy of this work.

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g001.jpg

Taxonomy of the study.

2. Literature Review

The IoT plays an important role in technological advancement. “IoT” stands for “Internet of Things”, and the term “Things” refers to electrical devices that are linked to the internet. The Fourth Industrial Revolution, also known as Industry 4.0, is defined by increased automation of traditional industrial and manufacturing processes. The IoT is one of the intelligent technologies being developed for this movement [ 18 ].

The IoT is a network of objects that may connect to the internet and wireless networks to send and receive data automatically. Different organizations and research groups from distinct viewpoints define the IoT and smart environments. The authors claim that RFID-based digital information flows and physical components make up the IoT [ 19 ].

The healthcare industry is quickly adopting the IoT, which has the potential to improve patient engagement, health, and access to care. IoT device growth, however, poses significant security, privacy, and safety hazards to patients and healthcare workers. Studies on reducing the risks brought on by the IoT in the healthcare industry are still few and far between. Integrating a secure applications solution with IoT devices in healthcare environments has been the subject of recent research. It is crucial to create a specialized IoT app for health due to the sensitivity of healthcare data and information [ 20 ]. Current IoT possibilities for the healthcare sector are promising. They are also quite popular because of their sensing and measuring capabilities, including narrowband IoT in its low-energy variant (N.B. IoT). Because of its low energy consumption, it is favored in the healthcare industry. Several concepts exist for using N.B. IoT in the healthcare industry. It has not been standardized and works flawlessly with cellular systems such as LTE. As a result, N.B. IoT has emerged as a viable option for healthcare-related applications in recent years. However, security measures and other system-related difficulties are the most severe dangers to N.B. IoT. If these concerns and obstacles are addressed appropriately, it has the potential to be one of the most viable and popular solutions for low-power, wide-area healthcare installations [ 21 ].

One of the many difficulties facing the Internet of Things which connects a wide range of objects to networks to enable complex and intelligent applications is protecting user privacy and preventing attacks, including spoofing, denial of service (DoS), jamming, and eavesdropping. The author looks into the flaws in IoT systems, as well as possible ways to secure IoT networks using machine learning techniques, such as supervised learning, unsupervised learning, and reinforcement learning (RL). The analysis of data privacy focuses on ML-based approaches for authenticating IoT devices, controlling access to such devices, offloading data securely, and identifying viruses. Future IoT adoption will have a significant effect on society, business, and the economy. Because the majority of nodes in an IoT network have little resources, hackers are drawn to them as easy targets. IoT network security and privacy issues have been addressed in a variety of ways, the majority of which make use of common cryptographic protocols. However, current solutions cannot address the security issues that arise with IoT networks and are exacerbated by the distinctive characteristics of IoT nodes. By implementing machine learning (ML) and deep learning into IoT devices and networks, many threats to the security of the Internet of Things (IoT) can be stopped.

Present IoT opportunities in the healthcare sector are promising. It is also well known for its sensing and measuring capabilities, including narrowband IoT in low-energy form (N.B. IoT). It is popular in the healthcare field because of its low energy usage. There are several ideas for using N.B. IoT in the healthcare business. N.B. IoT is already commonplace and works seamlessly with cellular networks such as LTE. As a result, N.B. IoT has emerged as a feasible choice for healthcare-related applications in recent years. The most critical threats to N.B. IoT are security measures and other system-related issues. If these problems and challenges are solved, it has the potential to be one of the most feasible and popular systems for low-power, broad-area healthcare installations [ 22 ]. The IoT risk management model in healthcare is presented in Figure 2 .

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g002.jpg

The IoT risk management model in healthcare [ 23 ].

The IoT is a way to develop intelligent environments, including smart cities, healthcare systems, and building management systems. This is because of recent improvements. It also shows how major IoT applications can affect the economy and the market share they are projected to control by 2025 [ 24 ]. Figure 3 shows the total number of connected devices with the IoT.

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g003.jpg

Total connected IoT devices and global IoT market so far and future prediction [ 25 ].

The goal of these smart environments, which significantly impact business, society, and the economy, is to offer services based on IoT-enabled sensor data and clever methods. According to Navigant Research, the market for splitting city services will grow froM 93.5 billion USD in 2017 to 225.5 billion USD by 2026. Figure 4 shows the economic impact of IoT applications. The amount of available bandwidth, the number of users and smart objects in IoT networks, the ability to effectively manage large datasets, and the availability of scalable computing infrastructures, such as the cloud, are just a few of the factors that affect the quality of services offered by IoE applications in creative environments, such as intelligent cities [ 26 ].

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g004.jpg

Potential economic impact of dominant IoT applications by 2025 [ 26 ].

As the digital world expands, both home appliances and industrial machines are becoming more intelligent. Security and privacy procedures that are effective in traditional networks could not be effective in the IoT. IoT connections’ versatility causes new security issues. We list a few examples below.

To enable the creation of reducing applications that could enhance people’s lives, the IoT aims to connect a sizable number of disparate devices. IoT devices come in various sizes and designs, requiring specific hardware and software solutions. The IoT connects billions of intelligent devices to real-world data in a way that has never been carried out before, regarding volume, speed, and organization [ 27 ].

The limitations of IoT devices and the dynamic and complex nature of the environment in which they operate exacerbate many of these concerns beyond the reach of standard security capabilities, even though many Internet access points share the majority of these problems [ 28 ] (as shown in Table 2 ).

IoT key issues.

References	IoT Key Issues	Advantages
[ ]	Interoperability	General issues, IoT platforms and architectures, technical and semantic interoperability.
[ ]	Security and privacy	Security and privacy issues, definition and design of secure IoT networks and architecture.
[ ]	Management and control	IoT layer management and control, device, network, Application, data and trust management and control.
[ ]	Architecture	Hardware, cloud centric, SOA, process architectures and conceptual models, application frameworks.
[ ]	Quality of service (QoS)	Data traffic load, protocols for all layers in IoT architecture, QoS and QoE routine check.
[ ]	Authentication and identification	Addressing issues and solutions, IoT integrations with internet protocols (IPv6), authentication, and identification issues.
[ ]	Environment, power, and energy	Involvement of green technology in the IoT, design of low-power-consumption devices and chips, pollution control and management.
[ ]	Smart city, healthcare, and transportation	Smart traffic management and control, smart devices for healthcare management, smart vehicles, energy management.
[ ]	Data processing and storage	Data analysis, visualization, integration issues and solutions.
[ ]	Reliability	Connectivity, mobility and routing issues, reliability of infrastructure and applications.
[ ]	Scalability	Scaling issues on large platforms and geographical locations, potential discovery services.
[ ]	Standardization	IoT definition, protocols design, architecture Standardization, vision and framework design.

A robust machine-learning-based IoT security system must consider the IoT cyber threat environment. Security features must therefore be designed and refined. A data-conditionality-reduction technique is essential because security features and the IoT data they are associated with have a direct impact on machine-learning-based security models [ 40 ]. “Feature engineering” refers to the process of developing and refining security features. This term is used when discussing the development of security models using machine learning. It may be challenging to accurately classify cyber dangers given the potential for irrelevant data in today’s IoT security datasets. If you use this kind of security model to make predictions, you could run into problems including high processing costs, excessive variation, the need to build the model, and a lack of generalization. Therefore, if an IoT security model with high-dimensional datasets comprise the right number of security features based on their impact or significance, it might be less stressful to design [ 39 ].

However, the Internet of Things raises security concerns because there are so many devices that can communicate to each other using different protocols. Internet of Things devices cannot be made safer because they do not have enough processing power. This means that the ways we currently protect IoT networks need to be greatly improved. In the last few years, security studies have paid a lot more attention to machine learning models. There may be a need for security for IoT systems because these devices regularly produce huge amounts of data that can be used to train machine learning algorithms [ 40 ]. New product components are developed using feature selection and principal component analysis, which together account for the majority of the significant data. These new brand elements could be useful for creating a machine-learning-based IoT security model [ 41 ]. Table 3 shows the dataset used for cybersecurity.

Datasets in the domain of cybersecurity.

Datasets	References	Datasets	References
NSL-KDD	[ ]	Enron Spam	[ ]
UNSW-NB15	[ ]	Spam Assassin	[ ]
DARPA	[ ]	Ling Spam	[ ]
C.A.I.D.A.	[ ]	D.G.A.	[ ]
ISOT’10	[ ]	Malware Genome project	[ ]
ISCX’12	[ ]	Virus Share	[ ]
CTU-13	[ ]	Virus Total	[ ]
C.I.C.I.D.S.	[ ]	Comodo	[ ]

As the internet revolution continues, an increasing number of everyday objects and industrial tools begin to function as “smart” devices. Traditional data security and protection techniques are unlikely to work on IoT networks. The addition of new services to IoT networks introduces new security flaws. The goal of the IoT is to connect a wide network of various devices so that clamping software can be used to significantly improve people’s lives. IoT devices come in a variety of shapes and sizes, and they can perform a wide range of functions, necessitating the use of a wide range of hardware and software. A network of billions of connected computers makes up the IoT [ 58 ]. It also refers to the vast amount, rapid rate of change, and organization of data derived from the real world. The term “IoT” describes a network of devices capable of two-way data communication. As a result, any time and any place can be connected to an IoT network [ 59 ]. Theft of cookies, cross-site scripting, structured query language injection, session hijacking, and distributed denial of service attacks are all possible on connected IoT devices. DDoS assaults are especially dangerous for large, self-managed IoT networks [ 1 ]. IoT devices are temporary; thus, network configuration needs to be dynamic and flexible. Utilizing nearby devices, ad hoc networks can make communication over shorter distances easier. Proximity is described as how an IoT-enabled object responds and acts in relation to its actual surroundings [ 60 ]. Networks for industrial IoT encounter many difficulties. It is critical to have wireless connections that are speedy and reliable. Applications that call for low latency and high reliability connections include tracking, surgical equipment, and production on a production line [ 17 ]. An IoT device is a piece of hardware with a sensor that can send information to a remote location over the Internet. A complicated system must be built with the least amount of time, money, and effort possible because there are so many sensors involved in its operation [ 61 ]. Patient information is sensitive and valuable, making data security crucial in industries such as healthcare. Numerous IoT applications must make intelligent decisions in real time based on the preferences of the user [ 62 ].

Future-generation wireless networks must be reliable and self-sufficient. The individual’s use of technology in their daily lives is changing as a result of the IoT. Machine learning techniques are used by the Internet of Things to increase the effectiveness and independence of the network. Deep learning (DL) is a computationally costly and challenging machine learning (ML) technique. It is difficult to come up with strategies for combining deep learning technologies with IoT infrastructure to enhance the general performance of IoT applications. A range of methods that achieve a balance between computing costs and performance are needed for the next generation of IoT networks [ 63 ]. Machine learning techniques have quickly advanced, and they are presently used in a wide range of academic advancements [ 64 ]. For instance, they are carefully evaluated in a variety of sectors, including the cement business. Although cement enterprises in developing countries make a significant amount of money through the sale of valuable resources, they still face a number of difficulties. Optimization in machine learning has grown to be a significant topic of study in recent years. Using the FDH model, the set of production possibilities can be built in any way [ 65 ]. An innovative three-layer data-mining filtering pre-process for clustering techniques has been suggested by experts. It makes use of machine learning to increase accuracy and filter out irrelevant features and data. These stages of preparation were designed to reduce redundant information and improve precision. Finally, we are aware of the top business, best performance model and the most precise algorithm. The FDH model consistently performs at the highest possible degree of efficiency when compared to other suggested models [ 66 ]. Out of the three suggested filtering techniques, only the k-means algorithm consistently yields the best results. Second and third place, respectively, went to the model’s BCC and CCR. One of the most widespread technologies in modern society is the Internet of Things, which has a significant impact on people’s personal, professional, and financial lives. There is a lot of hope that the Internet of Things, both now and in the future, will enhance people’s lives in a variety of environments, from urban infrastructure to classrooms [ 67 ]. Automation, consumer comfort, and productivity have all risen as a result of these developments. Yet, threats and assaults have a big impact on the way intelligent Internet of Things applications perform. The quantity and complexity of threats to the Internet of Things have increased, and conventional approaches for protecting it have not been able to keep up [ 68 ]. The security system of the Internet of Things of the future must be dynamically updated so it is up to date for it to operate effectively. Artificial intelligence (AI), in particular machine learning and deep learning techniques, are required to make this viable. The author of [ 69 ] contrasted various approaches in order to identify the most effective one. We showed that this might be carried out interactively and how the model could be solved by switching the GDEA dual model to the MOLP. To solve the GDEA and identify the MPS within the bounds of each DMU’s efficiency, one may use this link as the foundation for an interactive MOLP technique. By fusing the STEM and DM methodologies, the GDEA dual model was able to demonstrate the preferences of the DM. In institutions for stroke care, the max-ordering method was applied to investigate the relationship between the GDEA dual model and the MOLP [ 67 ], which is a practical approach to securing IoT devices is machine learning. One of the most advanced AI techniques, machine learning, performs effectively in massively networked environments without explicit programming. The system may be trained to recognize and respond to various threats using machine learning techniques [ 13 ]. In this scenario, the majority of attacks might be stopped early on. Additionally, it appears that ML approaches may be useful for spotting new threats and putting strategic defenses in place. Machine learning algorithms may be employed in the future to create security standards for IoT devices, making them more dependable and user-friendly than they are now [ 25 ]. IDS’s effectiveness has led to a rise in popularity in recent years. Identification of people who do not belong in a particular location is the main purpose of an IDS [ 70 ]. Every host that tries to join the Internet of Things without authorization is considered an invader. IDS has not been studied enough. IDS on the IoT uses ML/DL in a variety of ways. Nonetheless, it struggles to deal with difficult problems. In addition, you can only apply these tactics for select types of blows, and they are not extremely accurate [ 40 ]. Right now, one of the biggest problems with the Internet of Things is that we do not fully comprehend how apps use data. This study introduces SAINT, a novel static taint analysis tool that locates weak data flows in IoT programmers. SAINT transforms the source code of an Internet of Things application into a lifecycle model. The access points, user inputs, events, and actions of the program are represented by this model. We then watch the information flow between sensitive inputs and final outputs in the washbasin while performing complete static analysis. Both the general SmartThings market and our specially created IOTBENCH application corpus were used to evaluate SAINT. In order to establish the value of SAINT and understand how the market normally functions, initial research focused on the SmartThings sector [ 71 ]. The second analysis used the IOTBENCH app corpus from the first one. Our analysis revealed that the great majority of currently accessible apps convey sensitive data, and that our system is capable of detecting taint sources and sinks. The outcomes of these tests also showed that our technology is able to identify the origin and final destination of contamination. This paper’s main focus is on architectural difficulties because they are the root cause of IoT’s poor performance and utility [ 72 ]. There are many problems and reasons to be worried. Communication, data management, zero-entropy systems, scalability, massive data collection, real-time data processing, security and privacy, interoperability, a lack of standardization, etc., are just a few of the problems that need to be solved. There were 20 billion connected things in 2014, and it was anticipated that this number would increase to 30 billion by 2020. These connections can be used in countless ways. The devices may have features in common, but they are made by different companies and run on different operating systems. Hadoop has trouble dealing with data sources that might carry out comparable operations but have wildly dissimilar data formats [ 71 ]. This lack of consistent standardization is summarized by the phrase “The Internet of Things May Never Speak a Single Language”. The lack of standardized protocols is now the greatest challenge in the path of the Internet of Things, according to a recent survey by Light Reading. This barrier needs to be removed because it prevents the growth of IoT interoperability. Technology progress, data standards, and wireless protocols have all been covered. Companies regularly create their own standards, which leads to incompatible technology [ 73 ]. One of the most important elements affecting people’s daily lives and well-being at work is “worker safety”. Studies that have been published in scholarly journals have shown that knowing that they are working in an environment where they are less likely to be in an accident improves employees’ emotions and well-being. It is crucial that all workplaces have proper safety precautions for their employees and operators, even though the industrial sector is the most dangerous for workers. No matter how frequent or unusual a job may be, it must always be protected in order to safeguard the workers’ health and safety. There are no published solutions that can also monitor and advise people during unusual or dangerous jobs, even if a range of technologies already meet these needs during “normal” operations (e.g., maintenance). The Internet of Things and other real-time applications and services, such as video surveillance systems, are growing quickly, showing the growing importance of technology in our daily lives. The Internet of Things and Industry 4.0 could help identify maintenance problems that have been noticed but not resolved. Fog devices are now processing a sizable percentage of IoT application processing thanks to the development of fog computing [ 74 ]. However, if fog nodes are underpowered, the device’s reliability may suffer and IoT apps will not be able to function. Many clear issues with read/write operations and unsafe edge settings must be addressed. Scalable fault-predictive proactive techniques are necessary to improve dependability. These algorithms should be capable of determining whether fog machines are not powered enough to work. The use of a recurrent neural network to predict proactive problems in fog devices when there are not enough resources is suggested in this research. The method makes use of a new rule-based network policy for computing, memory, and power, as well as an entirely theoretical long short-term memory. An LSTM network is used in the planned CRP to ascertain why the project failed due to a lack of finance. The proposed conceptual design also includes fault monitors and failure detectors. They guard against fog nodes failing to provide services to IoT applications. The accuracy of predictions on training data was 95.16 percent and on testing data, it was 98.69 percent when LSTM and the CRP network policy technique were coupled. Prior to this, machine learning and deep learning techniques were incomparable. This study uses vibration and acoustic emission sensor data to produce analyzable scalograms. To identify whether wavelet functions were useful, we used the RWE criterion. Further Sin GAN scalograms were produced, and a number of picture quality metrics were then retrieved and used to build feature vectors [ 75 ]. The experimental data required to train the LSTM model used to predict tool wear were insufficient. The feature vector was used to train the bidirectional, stacked, and vanilla LSTM models. We looked at five performance indicators, including root-mean-square error, mean square error, mean absolute error, and adjusted root-mean-square error to assess how effectively LSTM models can predict tool wear. The MAE, RMSE, and MSE were the lowest, with values of 0.005, 0.016, and 0.0002, respectively, despite the high values of R2 and Adj. It was discovered that the vibration signal’s R2 value was 0.997%. The findings show that the stacked LSTM model outperforms other LSTM models in predicting tool wear [ 76 ].

3. Methods and Materials

3.1. research method.

The literature on IoT security studies has grown in recent years as more and more academics have developed an interest in the field. With the use of the AND OR search operators, we were able to find a vast amount of information that was relevant to topics, such as IoT, machine learning, deep learning, threats, cyberattacks, and vulnerabilities. We also included other terms, such as “blockchain”, “healthcare”, and “Data Mining. ML and DL”, in our search for a solution to the issue of IoT security breaches.

3.2. Exclusion and Inclusion

The IoT and machine learning approaches were used as a keyword string to find publications in databases from the IEEE, Springer, Scopus, Google Scholar, A.C.M., Science Direct, and Wiley. These works include research on machine learning categorization, IoT security, and the integration of health systems. Papers that were first chosen for review were peer-reviewed before being published. To better understand how machine learning works and how it might be used to improve IoT security, this research explored publications that concentrate on machine-learning-based approaches. After the initial search, any papers found were discarded. We only looked at a few articles because the review aimed to set standards for machine learning research criteria and methodology. The committee did not even read the additional recommendations.

Study Participants

The research query process is shown in Table 4 and Figure 5 .

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g005.jpg

Search query.

Research query process.

Phase	Process	Selection Criteria	IEEE	Scopus	Willey	Google Scholar	Sprinkle	Science Direct	Total
1	Searching	Keywords	80	30	20	70	40	40	280
2	Searching	Title	75	25	15	65	30	30	240
4	Further Screening	Introduction and Conclusion	65	15	10	50	25	25	190
5	Evolution	Complete Articles	60	10	5	40	20	20	155

Table 5 shows the year-wise selection of papers.

Year-wise selection of papers.

Publication Year	No of Papers
2014	03
2015	03
2016	04
2017	05
2018	11
2019	17
2020	15
2021	33
2022	47
2023	08

Figure 6 shows the year-wise article selection.

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g006.jpg

Year-wise article selection.

3.3. Research Questions

The research questions of the study are as follows:

What are the security issues of different IoT layers?
What are the deep learning methods used for IoT security?
What are the research issues and the future direction of IoT security?

3.4. IoT System Architectures and Security Concerns

3.4.1. iot attacks on surface areas.

We look at several possible attack paths for IoT systems and applications in the following sections. There are the following applications in particular: One of the most common entry methods for hackers is through IoT devices. Memory, firmware, physical interfaces, web interfaces, and network resources are only a few of the IoT systems’ many weak points. Hackers may obtain access through faulty parts, vulnerable update systems, and dangerous factory settings, to name a few. IoT devices may be attacked through the communication channels they use [ 77 ]. The protocols used by IoT systems may not be secure, which would put the plan in danger. IoT devices are vulnerable to network threats, including spoofing and denial of service. Security flaws in web applications and other IoT device software could provide unauthorized users access to the system. For instance, hackers might spread malicious firmware upgrades or steal user credentials using web applications [ 78 ].

3.4.2. Architectures and Security Concerns

To highlight the security issues that affect the overall architecture of the IoT system, we summarize the IoT attack surface parts in this section. Different IoT concepts have been created by several academics and think tanks. A typical IoT design has three levels: perception, network, and application. However, it turns out that the support or middleware layer levels are vital because they must process data and draw wise conclusions [ 79 ]. A design for the IoT may contain a network layer and a support layer depending on its planned use. Many academic studies have also looked at how cloud computing might be used for the back-end architecture of the IoT [ 80 ]. Figure 7 shows the security challenges of IoT.

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g007.jpg

Security Challenges of IoT [ 81 , 82 ].

4.1. Security Issues in the Perception or Sensing Layer

A conventional IoT design consists of three layers: the application layer, the network layer, and the perception layer [ 83 ]. However, the support or middleware layer between the network and application layers becomes more important as the significance of data processing and intelligent decision making rises. Multiple layers, including a network layer and a support layer, may be present in IoT systems. Cloud computing has been used as the underlying support layer in numerous studies of IoT systems.

Various sensors and other devices make up the perception layer, sometimes called the sensing layer. This layer’s storage, processing, memory, and communication capabilities are limited. The main methods this layer secures in the IoT network are node authentication, weak encryption, and access control [ 84 ]. Attacks and crimes against the perceiving layer’s privacy are too common in the real world. One approach to conduct this is to take control of a node. Malicious code usage, data injection, replay assaults, and side-channel attacks are other techniques. For example, if an attacker takes over a node, it will stop sending valid network data and may even stop using the IoT security program. It is possible that the IoT application will not operate as planned if it receives terrible data or is compromised by malicious code injection. A technique called eavesdropping, also called sniffing or snooping, allows an attacker to intercept and look through data being exchanged between two devices [ 85 ], as shown in Table 6 . A replay attack in an IoT network could be defined as repeatedly falsifying, changing, or reusing the identities of related items. If an attacker has the required time and data encryption keys, they can execute a timing attack. There are a lot more ways than just direct node attacks for vital information to circulate [ 86 ].

Attacks and countermeasures on physical layer.

Layer	Types of Attacks	Description	Security Countermeasures
Physical	Eavesdropping	Infer information sent by IoT devices via network.	Faraday cage.
	Cyber-physical	Physically attacking a device.	Use of fault-detection algorithm to identify the faulty nodes.
	RFID Tracking	To disable tags, modify their contents, or imitate them.	Faraday cage.

4.1.1. Issues with Networking and Data Communications Layer Security

The main goals of this layer are compatibility, privacy, and secrecy. At this layer, it is expected that criminal activities, including phishing, distributed denial-of-service attacks, attacks on data transit, routing attacks, identity authentication, and encryption, will occur [ 87 ]. This layer of the IoT is especially vulnerable to phishing attacks, which aim to obtain sensitive information such as passwords and login credentials. When an attacker or unauthorized user gains access to the IoT network while IoT apps gather and transfer sensitive data, this is characterized as an access attack, also known as a continuous advanced threat. Table 7 shows the attack and countermeasures on the data communication layer.

The attack and countermeasures on data communication layer.

Layer	Attacks	Description	Security Countermeasures
Data and Cloud services	Poisoning	Input of incorrect training data/labels to decrease the accuracy of classification/clustering process.	Data sanitization.
	Evasion	Generating an adversarial sample leading to evade system from detection spam and malware.	Retraining learning models by classifier designers with adversarial samples.
	Impersonate	Unauthorized access based on deep neural network DNN algorithm.	Defensive distillation on DNN.
	Inversion	Gathering information about ML models to compromise the data privacy.	Differential privacy (DP) technique and data encryption.

The most frequent and harmful kinds of network attacks are DoS and DDoS attacks. They use up network resources and compromise the operation of services. Malicious actors can also change routing channels’ routes when transmitting data by routing attacks, such as holes and worms [ 88 ].

4.1.2. Security Issues in the Middleware or Support Layer

Distributed computing solutions have been used to replace centralized cloud environments in a variety of cases, with good results in terms of performance and response time. All sent data should now be checked for accuracy, concision, and secrecy.

When someone inside a network purposefully alters or steals data or information, this is known as a malicious inside attack [ 89 ]. By inserting malicious SQL queries into the code, SQL injection attacks are used to steal data from user services in the real world. When damage to one virtual machine spreads to another, this is a virtualization attack. With the help of cloud malware injection, a hacker can take over a cloud service, install malicious code, or even create a fake virtual machine. There could be significant consequences if attacks are so powerful that cloud infrastructure is incredibly frustrated [ 90 ]. Table 8 shows the attack and countermeasures on the support layer.

The attack and countermeasures on support layer.

Layer	Types of Attacks	Description	Security Countermeasures
Transport	TCP flooding	Sending many packets through TCP protocol to stop or to reduce his activities.	A classifier based on SVM to detect and prevent DDoS TCP flooding attack.
	UDP flooding	Sending many packets through UDP protocol to stop or to reduce his activities.	A flow-based detection schema on router using a state machine and a hashing table.
	TCP SYN flooding	Tentative to open an externally connection without respecting to the TCP handshake procedure.	SYN-Cookies consist on coding client SYN message to change the state in the server side.
Network/ protocol	Man-in-the-middle	Violate the confidentiality and integrity in data transfer.	Intrusion-detection system (IDS) and virtual private network (VPN).
	DDoS	Making network resource unavailable for its intended use.	Ingress/Egress filtering, D-WARD, Hop Count Filtering and SYN-Cookies.
	Replay	Manipulate the message stream and reorder the data packets.	Timeliness of Message.

4.1.3. Application Layer

Defining and maintaining IoT applications, including their interactions with specific clients, fall under the scope of the application layer. One way to use IoT services is through a user interface. A computer, a smartphone, or any other Internet-enabled smart device could serve as an interface. The data that the middleware layer process is used by the application layer [ 91 ]. This holds for a wide range of application categories, including applications for smart homes, smart cities, industry, construction, and health. The security needs of an application may change depending on how it functions. When sending information on climate change forecasts as opposed to when conducting online banking, it is acceptable to expect a better level of security. The application layer must address various security challenges, such as attacks on access control, malicious code, programming, data leaks, service interruptions, application vulnerabilities, and software flaws [ 92 ]. Table 9 shows the attack and countermeasures on the application layer.

The attack and countermeasures on the application layer.

Layer	Types of Attacks	Description	Security Countermeasures
Application	Malware	Gain access to IoT device by using a default Telnet or SSH account.	Disabling/changing default account of Telnet and SSH account.
	IRC Telnet	Forcing Telnet port to infect LINUX operating system of IoT device.	Disabling Telnet port number.
	Injection	Untrusted data are sent to an interpreter as part of a command or query.	Input validation control.

Attacks that interrupt service, commonly referred to as “Distributed Denial of Service (DoS)” attacks, stop users from using IoT apps by sending a flood of requests to servers or networks. Threat actors could use sniffer software to monitor data being transmitted by IoT apps. Attacks that gain unauthorized access can seriously harm a system quickly by preventing users from using IoT-related services and wiping data [ 93 ].

Each layer of an IoT system may be vulnerable to different security flaws and attacks, as was already mentioned. Furthermore, there is a severe risk of unknown vulnerabilities. One must conduct a thorough investigation to find these hacks. Understanding artificial intelligence, especially machine learning and deep learning architectures and techniques, is an effective way to safeguard the system regarding IoT security. Figure 8 shows the layers and function of IoT architecture.

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g008.jpg

Layered Architecture [ 66 ].

4.2. IoT Security Solutions Based on ML and DL

IoT devices can use AI technologies, such as machine learning and deep learning, to act correctly after learning from the data they gather. It is feasible to detect significant security event trends in IoT data using learning models, which frequently include rules, procedures, or complex “transfer functions” [ 94 ].

This enables DL and ML, which are entirely different, to function in real time over IoT networks. This shows how data-driven IoT security intelligence models could be created using ML and DL. IoT security data can be used to learn new things via classification and regression analysis, clustering, rule-based techniques, feature optimization, and DL with ANN, such as the M.N.L.P.N., C.N., and recurrent networks [ 95 ]. The following section covers the use of ML and DL to increase the security of IoT products. A machine-learning-based IoT security architecture is shown in Figure 9 .

An external file that holds a picture, illustration, etc.
Object name is brainsci-13-00683-g009.jpg

A machine learning security framework for IoT systems [ 96 ].

4.2.1. Classification and Regression Techniques

Regression and classification techniques are well known and frequently used in IoT machine security. Predicting the outcome of discrete values or categories, such as anomaly, average, or attacks, is a standard definition of classification problems [ 97 ]. Regression is the technique of predicting a continuous or quantitative event, such as the effects of an attack. IoT security concerns include identifying intrusions and attacks, analyzing malware, and spotting fraud, as illustrated in Table 10 .

Some ML techniques to handle various IoT security concerns.

Techniques	References
K-nearest neighbors	[ ]
SVM	[ ]
NB	[ ]
AB	[ ]
Logistic regression	[ ]
D.T.	[ ]
Intrude Tree	[ ]
Behave D.T.	[ ]

The uses of such techniques are presented as follows:

The SVM classification approach looks for unusual behavior in IoT devices and malware on Android to assure the dependability of IoT services [ 106 ].
Anomalies, denial-of-service assaults, IoT intrusions, and irregularities in smart cities are all detected using the random forest approach [ 107 ].
Two other methods for detecting abnormalities include a Naive-Bayes-based classification model and a linear-regression-based strategy for spotting malicious IoT malicious nodes [ 108 ].

Regression modeling, on the other hand, can be used to predict attacks or measure the severity of one. Worms, viruses, and another harmful software fall under this category [ 109 ]. Regression techniques, network packet characteristics, and quantitative security models that examine phishing over a specified period are examples of relevant models, as illustrated in Table 11 .

Summary of Classification and Regression Methods.

	Algorithm	Complexity for Prediction	Advantages	Disadvantages	IoT Applications
Classification	KNN	O (np)	Easy to update in online Setting.	Unsalable to large data sets.	Smart Citizen, Smart Tourism.
	Naive Bayes	O (p)	Fast and highly scalable.	Strong feature independence assumptions.	Smart Agriculture, Spam filtering, text categorization.
	SVM	O (n sv p)	Good for unbalanced data.	The lack of transparency of results.	Real-time prediction: detection of intrusion, attacks, and malware.
Regression	Linear regression	O (p)	Processing under high rates	Very sensitive to outliers.	Energy applications, market prediction.
Regression	SVR		Useful and flexible technique.	More complicated.	Intelligent transportation systems, Smart Weather.

iv. Any widely used R.T., such as linear, logistic, polynomial, and partial least-squares regression, can be used to build the quantitative security model. For instance, multiple regression analysis can create a correlation between human characteristics and how people desire to act in terms of cybersecurity [ 110 ].

4.2.2. Clustering Techniques

Clustering is a standard method of unsupervised learning used in machine learning to analyze IoT security data. It may group or cluster data points based on similarity or dissimilarity metrics of security data from IoT devices from various sources. As a result, clustering might make finding hidden patterns and structures in data easier, making it simpler to spot anomalies or attacks in the IoT. Various perspectives, such as partitioning, hierarchies, fuzzy theory, distribution, and grids, can be used to cluster data. Many well-known methods for classifying data include k-means, K-medoids, and the Gaussian mixture model [ 111 ]. These clustering methods could be used to fix several IoT issues as illustrated in Table 12 . An example of an algorithm used to profile unusual IoT device behavior is the k-means algorithm, which is one method that can be used to find outliers or noisy events is a dynamic threshold-based approach. Fuzzy clustering is frequently used to find IoT intrusions [ 112 ].

Summary of Clustering Techniques.

	Algorithm	Complexity	Advantages	Disadvantages	IoT Applications
Clustering	K-means	O (n2)	Very fast and highly scalable.	Difficult to predict the number of clusters (k-value).	Smart Cities, Smart Home, Smart Citizen, Intelligent Transport.
	DBSCAN	O (n2)	Fast and robust against outliers.	Performance is sensitive to the distance metric.	Smart Citizen, Smart Tourism.
	Feed Forward Neural Network	O (n2)	Non-linearity and robustness.	Longer time for training.	Smart Health.

Cybersecurity applications can more effectively find helpful information or intelligence in system log data by clustering. Clustering algorithms may be very helpful in resolving IoT security issues, such as identifying outliers, anomalies, signatures, fraud, and cyberattacks, by exposing previously hidden patterns and structures in IoT security data [ 113 ].

4.2.3. Rule-Based Techniques

By creating various links and patterns based on support and confidence values, rule-based procedures are easy to use and complicate the model. The problem might be lessened with a robust association model. A rule-learning technique that can be used to find trustworthy, non-redundant links between ideas is shown in our earlier work [ 115 ]. Policy rules in a plan define which network usage is allowed and which is not. Even cyberattacks with no known vulnerabilities can be stopped by security policy monitoring filters and protections based on rules [ 116 ].

4.2.4. Optimization of Security Features and Principal Component Analysis

In the current cyber threat environment, the development and optimization of security features are significant barriers to the success of an ML-based IoT security solution. Security characteristics and IoT data have a direct impact on ML-based security models, necessitating the use of a data-dimensionality-reduction technique. “Feature engineering” is the process of establishing and changing security features or variables so that machine-learning-based security models work properly. Today’s IoT security datasets may contain unused or irrelevant data, making simulation of cyberattacks and other challenges difficult [ 101 ]. The forecasting accuracy of a security model can be harmed by extreme variation, overfitting, expensive processing, and time-consuming model setup [ 93 ]. A high-dimensional dataset with many security attributes evaluated according to how important or relevant they are may make it easier to create an IoT security model [ 102 ]. Existing approaches include the correlation coefficient, the chi-squared test, and analysis of variance. Techniques for embedding information include regularization, Lasso, Ridge, Elastic Net, and tree-based feature importance [ 84 ]. Using feature selection and principal component analysis, it is possible to create new brand components that explain the most important data. As part of machine-learning-based security modeling, these enhanced signature properties may make it easier to manage large amounts of IoT security data, such as identifying anomalies in IoT network traffic [ 103 ].

4.2.5. Multi-Layer Perceptron (MLP)

Deep learning usually uses the multi-layer MLP, FFAN. The input layer, the hidden output layers, and the actual output layer are the three layers that make up the traditional M.L.P. design. An AI network links each node in a layer to a specific value in the layer below it. In the end, this number is associated with the layer below it. As the model is being built, MLP employs backpropagation to adjust the internal weight values [ 117 ]. This M.L.P. network is used to analyze the NSL-KDD dataset’s malware, explain the IoT parameters, detect malicious traffic coming from IoT devices, and create a model for intrusion detection [ 118 ]. The idea divides network data into secure data and unsecure data.

4.2.6. Recurrent Neural Network (RNN)

Another variety of artificial neural networks is the recurrent neural network. A directed graph representing time is constructed from the connections between the nodes. In the R.N.N. model, neural feed-forward networks are used. It looks at its internal state, or memory, to determine how long different input sequences last. IoT security, natural language processing, and speech recognition can all benefit from the RNN model’s capabilities to manage sequential data effectively [ 119 ]. IoT devices that are connected provide a lot of sequential data, including information that changes over time and network traffic flows. Recurrent connections in neural networks can uncover potential defense vulnerabilities when a threat’s communication patterns change over time. This is because it has a powerful model for predicting time series because of its long short-term Memory, which allows it to remember what it has been told in the past. For example, it is possible to identify and categorize dangerous applications and detect intrusions using an L.S.T.M.-model-based recurrent network [ 120 ]. It can also be used for further security-related tasks.

The detection and prevention of malware, spoofing, and computer virus attacks across a wide range of IoT devices can be made using a variety of deep learning models and hybrid network models [ 121 ]. One type of deep learning model that could be used to protect IoT devices is a DBN-based security model [ 122 ]. The authors looked at multiple approaches to in-depth learning. Additionally, they were referred to as unique features for jobs requiring human help and generative for those requiring none. Additionally, hybrid systems may be used if the data quality calls for it [ 123 ]. Data-driven security analytics in the context of the IoT can, therefore, greatly benefit from the above machine learning or deep learning methodologies, along with any lightweight modifications (as shown in Table 13 )

Summary of deep learning and machine learning algorithms [ 13 ].

Algorithm	Description
Naive Bayes	It is a collection of rules for grouping data into two or more categories. The term “naive” refers to the practice of calculating the probability of multiple hypothesis by making overly generalized claims. Because all the features are thought to be conditionally independent, determining their actual values is not necessary [ ].
K-Nearest Neighbor	It is an efficient and straightforward technique for identifying connections between fresh and old data elements in a collection. After the model has been trained and classified, the degree of similarity between incoming input and its k neighbors is calculated [ ].
K-Means Algorithm	The most used method is k-means clustering, which belongs to the unsupervised ML family. If the positive integer value of k is known, k-means clustering can sort or group devices according to them characteristics or parameters into k groups [ ].
Random Forest and Decision Tree	It limits a model by placing restrictions on the properties of the data. Then, predictions for a further interesting independent variable are made using this model. Classification and regression issues can be addressed with a decision tree. These trees can be used to split datasets into several branches, each branch representing a rule [ ].
Support Vector Machines	SVM is a technique to supervised machine learning that is simple to use and may be used for regression and classification. It can function in environments that really are binary and multi-class [ ]. It divides the supplied data into groups using n dimensions and n + 1 hyperplane.
Recurrent Neural Networks	In order to address problems that cannot be resolved using conventional methods, this type of supervised learning involves the creation of a hierarchical network of decision-making components [ ]. The programmer builds a network where a specified number of inputs lead to a predefined number of outputs. The multi-layer perceptron, convolutional neural network, and recurrent neural network are three types of neural networks that have been proposed [ ].
Principal Component Analysis	Because it compresses data from several sources using an unsupervised manner, in huge datasets, it reduces the number of dimensions and extracts useful information as a set of “principal components” made up of unrelated variables. These components’ ranges are arranged from most variable to least variable, so the first component’s range contains the most variable data, and so forth. The parts that give the least data and variance can be removed to make things simpler [ ].
Q-Learning	It is used to schedule spectrum management and IoT security resources. As well as for IoT security, a reinforcement learning method used in the field of machine learning is called Q-learning. In real life, an agent discovers the results of its acts through repeated attempts. It assesses the reward following each action and changes states appropriately [ ]. There are rewards for good behavior and penalties for bad behavior.
Deep Learning	It functions as a feed-forward neural network in which there are no connections between any of the neurons in each layer. For deep learning, several layers are used, each having a higher level of abstraction than the layer before it [ ]. One layer’s output is sent onto the next layer.

4.3. Research Issues and Directions

As a result, through current and future research and development, we address the issues raised in this section and attempt to identify the best strategies for protecting IoT networks and devices. As a result, determining the best learning strategy for a specific IoT security scenario can be time consuming. This is conducted so that the results of various learning algorithms can differ depending on the quality of the input [ 84 ]. The model’s efficacy, precision, and labor requirements may be jeopardized if the incorrect learning method is used. Additionally, redundant IoT security data could lead to the gathering of irrelevant data and inaccurate conclusions. Machine learning or deep learning security models may not perform as well, be less accurate, or even be completely ineffective if the IoT data are incomplete in some way, such as by not being representative, being of poor quality, having irrelevant features, or being too small for training [ 134 ].

Here are a few possible future paths for study on IoT security:

Because of the way the IoT works, gathering security information can be difficult. A dynamic feature of the IoT known as heterogeneity was briefly discussed. It enables the routine collection of massive amounts of data from various sources. Data collection for IoT security is difficult. When working with IoT data, it is critical to understand the data collection process [ 62 ]. Statistics that are inaccurate or incomplete, outliers, and other flaws may jeopardize the security of the aging process or insufficient IoT devices [ 122 ]. The machine learning or deep learning methodology of IoT security has a significant impact on data quality and training availability, which has a significant impact on the IoT security model. IoT environments generate a lot of security data, which are hard to manage and clean up. Learning algorithms must be improved, or new data preparation techniques must be devised for them to be helpful in IoT security [ 135 ]. An effective IoT security solution must include the constraints or capabilities of IoT systems and devices. A device’s ability to store, compute, process, make decisions, and communicate must therefore be balanced with security. Therefore, choosing the best machine learning or deep learning algorithms requires extensive research [ 136 ]. In some cases, standard learning techniques might not work immediately with IoT devices due to the vast amount of repetitive processing. For example, the association rule learning approach may be used in a rule-based system to remove redundant IoT security data, making decision making challenging and ineffective [ 137 ].

4.3.1. Poor Management

Systems based on the IoT are having trouble because of poor management. The problem is that most of the time, software engineers try to figure out how to extract useful data from sensors [ 138 ]. They do not care how data are gathered, just that it is. It is easier for attackers to hack a system and steal sensitive user data when there is no guarantee. Developers must start concentrating on data acquisition as a result [ 139 ].

4.3.2. Naming and Identity Management

To communicate with other components of a network, each component needs to have its own identity. Therefore, a technique for dynamically identifying each network node with a special identification must exist [ 140 ]. When the IoT first started, IPv4 was used to give each networked device a special identifier. Because the number of Internet of Things devices is increasing, IPv6 is used to give each one a distinct name.

4.3.3. Trust Management and Policy

The idea of trust is important and complicated. It is also necessary to have scalability, dependability, strength, and availability. It goes above taking safety procedures. IoT apps ask their users for sensitive information with their permission. Therefore, a privacy guarantee is necessary. User data are protected and cannot be accessed without permission. Academics have suggested a range of strategies for improving both trust and privacy in scholarly writings. These strategies for protecting trust and privacy in IoT applications have been ineffective. These issues are currently at the forefront of research on the Internet of Things as a result [ 141 ].

4.3.4. Big Data

Currently, billions of devices are connected to the web, forming what is known as the IoT. Huge volumes of information are being generated by these devices. IoT struggles with the transmission and processing of massive datasets. Therefore, such a system is essential in order to solve the problem of big data [ 142 ].

4.3.5. Security

Information security implementation in the IoT is challenging. Users communicate private data to complete tasks. There are various possible opponents for user privacy. Therefore, security measures should be implemented to safeguard user data and discourage unauthorized access [ 143 ].

4.3.6. Storage

IoT devices must also be secure to use. Sensors keep an eye on the surroundings and send the information they gather to computers. Because there is no encounter measurement, the security of data storage devices cannot be guaranteed. As a result, there needs to be a way to stop unauthorized access to or monitoring of sensitive data [ 144 ].

4.3.7. Authentication and Authorization

User IDs can be verified using several different techniques. The most common approach is to use a login and password, but there are other options as well, such as an access card, retina scan, voice recognition, or fingerprints. Authorization can also be obtained through access control. It is a method of protecting a system by only allowing those who need access to use it. The system has become complex because it consists of so many nodes and components. The traditional methods of authentication and permission have failed in large-scale networks. Although concerns with authentication and authorization have been researched, they still need to be fixed. To solve these challenges, such an approach is necessary [ 145 ].

4.3.8. Secure Network

Man-in-the-middle and denial-of-service attacks are only two examples of the multiple ways the transport layer of a network can be used. An attack that prevents user’s access to the targeted system, device, or network resource is known as a denial-of-service attack [ 146 ]. A cyberattack known as “man-in-the-middle” occurs when an attacker pretends to be a third party and transmits and detects messages between two objectives who believe they are speaking directly to one another. Therefore, a set of protections must be put in place to guarantee the security of the network layer [ 147 ].

Therefore, it is challenging to create new, lightweight algorithms or procedures for IoT devices without first weighing the advantages and disadvantages of current teaching techniques [ 148 ].

Older patterns are less likely to stand out and aid in the identification or prediction of IoT security issues than newer unfriendly behavior patterns. Selectivity analysis, which examines current practices, may be more beneficial in some cases than conventional data analysis [ 136 ]. Another critical goal is to develop a security model for IoT devices that is based on how recently they have been used. Innovative, portable IoT device solutions that take new data trends into account are required. As part of our learning-based research on IoT security, we examined and evaluated the above study directions [ 149 ]. The security of the IoT can be improved by including context-aware computing; “context awareness” is a term used frequently in IoT computing to describe a system’s capacity to take in information about its surroundings and modify its behavior accordingly [ 150 ].

As a result, using chronological, geographical, individual, dependence, activity, the relationship between events or exchanges, and other contextual security data, it is possible to determine whether suspicious behavior occurs [ 151 ]. For example, a user may be able to connect to the network in the office but not when using public Wi-Fi. One area that could be investigated is how to create IoT security solutions that work in different contexts and adapt to them [ 152 ].

5. Conclusions

This research provides a comprehensive review of the literature on IoT security awareness. IoT model, IoT-based intelligent environments, and associated security challenges are some of the topics highlighted by machine learning solutions. In this work, we evaluated the knowledge base on IoT security intelligence. We investigated the IoT paradigm, IoT-based smart environments, security issues, and machine learning solutions to these problems. Identifying and protecting IoT devices and systems necessitates a thorough examination of IoT system architectures, as well as the cyberattacks that can break them down layer by layer. We investigated how various machine learning and deep learning technologies could be used to improve IoT security. If IoT security is to be effective, it must be built on machine learning or deep learning models that use data attributes. Before it can assist in making intelligent decisions, the system must have an effective learning algorithm based on the IoT security knowledge acquired and the application for which it is used. We also talked about potential directions and approaches for future research on teaching and learning. Because of these issues, there is room for new research in the field, and this is where the opportunity to develop effective strategies for continuously improving IoT security presents itself. We believe that our research on machine-learning- and deep-learning-based security solutions is a step in the right direction and will help other academics and practitioners find and implement IoT security solutions in the future.

Acknowledgments

The authors are thankful to reviewers and editors for their valuable comments to improve the quality of our manuscript.

Funding Statement

This research received no external funding.

Author Contributions

Conceptualization, T.M., H.H. and I.H.; methodology, T.M., H.H. and I.U.; software, T.M. and D.B.T., validation, T.M. and T.A.S. formal analysis, K.O. and T.M.; investigation, H.H., Y.Y.G. and T.M., resources, T.M., I.U. and Y.Y.G.; writing—original draft, T.M. and K.O.; writing—review and editing, T.M., T.A.S., D.B.T. and I.U. All authors have read and agreed to the published version of the manuscript.

Institutional Review Board Statement

Informed consent statement, data availability statement, conflicts of interest.

The authors declare no conflict of interest.

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

RSIS International

IOT Based Smart Security System

May 13, 2018
Posted by: RSIS
Categories: Electrical and Electronics Engineering, Electronics & Communication Engineering

International Journal of Research and Scientific Innovation (IJRSI) | Volume V, Issue IV, April 2018 | ISSN 2321–2705

M. Bindu Priya 1 , V. Divya Mani 2 , D. Susmitha 3

1 Assistant Professor, Velagapudi Ramakrishna Siddhartha Engineering College, Vijayawada, Andhra Pradesh, India 2, 3 Student, Velagapudi Ramakrishna Siddhartha Engineering College, Vijayawada, Andhra Pradesh, India

Abstract: – The aim of this paper is to design and implement affordable, flexible and fast monitoring system using Raspberry pi. In recent years, there has been an increase in video surveillance systems in public and private environments due to a heightened sense of security like CCTV and RFID. There are several defects in the video surveillance systems such as picture is indistinct, complex structure, poor stability and lot of storage is needed to save information and surveillance and prices remain relatively high. The system design has motion and camera control. Due to live streaming there is a decrease in data storage and save investment cost.

Keywords:- Internet of things, Raspberry pi, pi camera

I. INTRODUCTION

The concept of Internet of Things (IOT) started with things which identify communication devices. The devices could be tracked, controlled or monitored using remote computersconnected through Internet. IOT extends the use of Internet providing the communication, and thus inter-network of the devices and physical objects, or „Things‟. The two prominent words in IOT are “internet” and “things”. Internet means a vast global network of connected servers, computers, tablets and mobiles using the internationally used protocols and connecting systems. Internet enables sending, receiving, or communicating of information. Thing in English has number of uses and meanings. Dictionary meaning of “Thing” is a term used to reference to a physical object, an action or idea, situation or activity, in case when we do not wish to be precise IOT.

The demand on video surveillance systems are rapidly increasing in the present day. One of the first things people will want to know about their surveillance system is whether or not they have the ability to connect to it over the internet for remote viewing. In the past, security systems had to be monitored by a guard who was locked away in a room all day watching the monitors to make sure that nothing would happen. The other option was to come back and review the footage but damage could have happened. Therefore, researchers and scientists had to come up with ways of overcoming that and thus improving security at large. Commercial spaces, universities, hospitals, casinos and ware houses require video capturing systems that have the ability to alert and record desired live video streaming of the intruder. The advancements in video surveillance technology have made it possible to view your remote security camera from any internet-enabled PC or smart phone from anywhere in the world.

Urban Development
Real Estate Development
Real Estate Economics
Smart Cities

SECURING SMART CITIES

Discover the world's research

25+ million members
160+ million publication pages
2.3+ billion citations
INT J INFORM MANAGE

T J Schneiders
J Henningsen
Barcelona City
Recruit researchers
Join for free
Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

COMMENTS

Using machine learning algorithms to enhance IoT system security
The study analyzes recent technologies, security, intelligent solutions, and vulnerabilities in IoT-based smart systems that utilize ML as a crucial technology to enhance IoT security.
(PDF) Cyber Security in IoT-Based Cloud Computing: A ...
main contributions of this paper: 1. The research presents a consolidated survey on IoT cloud architectur e, services, con-. ﬁgurations, and security models. Additionally, we classify IoT cloud ...
A decade of research on patterns and architectures for IoT security
Security of the Internet of Things (IoT)-based Smart Systems involving sensors, actuators and distributed control loop is of paramount importance but very difficult to address. Security patterns consist of domain-independent time-proven security knowledge and expertise. How are they useful for developing secure IoT-based smart systems? Are there architectures that support IoT security?
Internet of Things (IoT) Cybersecurity Research: A Review of Current
As an emerging technology, the Internet of Things (IoT) revolutionized the global network comprising of people, smart devices, intelligent objects, data, and information. The development of IoT is still in its infancy and many related issues need to be solved. IoT is a unified concept of embedding everything. IoT has a great chance to make the world a higher level of accessibility, integrity ...
A Systematic Review of IoT Security: Research Potential, Challenges
IoT devices are incorporated into various products, ranging from ordinary household items to complex industrial appliances. Despite the increasing demand for IoT, security concerns have impeded its development. This article systematically reviews IoT security research, focusing on vulnerabilities, challenges, technologies, and future directions.
Cybersecurity for Industrial IoT (IIoT): Threats, countermeasures
According to [4], the term IIoT is defined as a combination of intelligent and interconnected industrial nodes that are in place to obtain a maximum production rate, while the operational expenses are minimized through the adoption of real-time monitoring and efficient management of the industrial assets.The rise in the usage of IoT in various sectors and its associated benefits for industrial ...
Machine learning techniques for IoT security: Current research and
Tahsien et al. [12] concentrated on Machine Learning-based security solutions for IoT systems, incorporating the most recent publications up to 2019. The authors initiated the discussion by introducing the layers of the IoT system and the various security challenges these layers confront, including different forms of cyber-attacks.
IoT empowered smart cybersecurity framework for intrusion ...
This paper proposed an IoT-Empowered smart cyber security framework called the Internet of Drones (IoDs), a drone-based network using machine learning and deep learning methods.
Cybersecurity Risk Analysis in the IoT: A Systematic Review
The Internet of Things (IoT) is increasingly becoming a part of our daily lives, raising significant concerns about future cybersecurity risks and the need for reliable solutions. This study conducts a comprehensive systematic literature review to examine the various challenges and attacks threatening IoT cybersecurity, as well as the proposed frameworks and solutions. Furthermore, it explores ...
Next-generation cyber attack prediction for IoT systems: leveraging
Billions of gadgets are already online, making the IoT an essential aspect of daily life. However, the interconnected nature of IoT devices also leaves them open to cyber threats. The quantity and sophistication of cyber assaults aimed against Internet of Things (IoT) systems have skyrocketed in recent years. This paper proposes a next-generation cyber attack prediction framework for IoT systems.
(PDF) Enhancing security for IoT-Based Systems
Abstract. Smart digital systems with IoT capabilities are gaining popularity. It is, nonetheless, critical to address their security concerns. This study suggests an adaptive architecture-driven ...
Cybersecurity challenges in IoT-based smart renewable energy
Upon analyzing the data presented in Fig. 1, it becomes apparent that the number of articles and conference papers related to the keyword string Q1 "Cybersecurity or Vulnerab*" in IoT-based Smart Renewable Energy is significantly higher than those related to the keyword string Q2 and Q3 ("Cyber-attack or Cyber Threats"), respectively.Moreover, it can be observed that the number of published ...
PDF Cybersecurity for Blockchain-Based IoT Systems: A Review
Mahmood et al. [8] provided a comprehensive review of the cybersecurity challenges in blockchain technology. The authors identified and analyzed the various cybersecurity is-sues that arise in the context of blockchain technology, including attacks on smart contracts, privacy risks, and scalability challenges.
A Comprehensive Study of the IoT Cybersecurity in Smart Cities
According to such a study, citizens' main concerns. are security and protection with 45%, data privacy with 25%, and transparency of services with 8%. The other concerns are. equal or below to 5 ...
Internet of Things (IoT) for Next-Generation Smart Systems: A Review of
The Internet of Things (IoT)-centric concepts like augmented reality, high-resolution video streaming, self-driven cars, smart environment, e-health care, etc. have a ubiquitous presence now. These applications require higher data-rates, large bandwidth, increased capacity, low latency and high throughput. In light of these emerging concepts, IoT has revolutionized the world by providing ...
PDF A decade of research on patterns and architectures for IoT security
architectures for IoT security and privacy. We are par-ticularly interested in how advanced patterns and archi-tectures are, and their approaches to address IoT security. ird, based on the results, we identify the gaps to sup-port security and privacy in modern IoT systems and propose further research to ll the gaps. e main contri -
AI-powered biometrics for Internet of Things security: A review and
In conclusion, the integration of AI and biometrics with applications in the IoT has resulted in enhanced security and privacy, offering advanced solutions to cyber vulnerabilities. The applications of these combined technologies span diverse sectors, from healthcare to smart homes, with a promising future scope.
Cyber Security in Smart Cities: A Review of Deep Learning-based
This paper will focus on the security aspects of modern technologies such as communication networks [8], mobile devices [9], the internet of things (IoT) [10], and cyber-physical systems (CPS) [2,11].
Enhancing Internet of Things Security with Random Forest-Based Anomaly
Additionally, a case study is presented, implementing an Ethereum-based blockchain system in a smart IoT environment, which offers practical implications and real-world application. However, it is important to note that while blockchain technology can enhance security, it also has its own limitations and challenges.
Access Control Attacks Against IoT Smart Devices: A Case Study
The Internet of Things (IoT) paradigm refers to a system of billions of Internet-enabled smart devices interconnected with each other. This study attempts to evaluate access control restrictions in smart devices through a penetration test of a lightweight IoT device such as a smartbulb. Very often, lightweight firmware for such devices become the foundation for other products in the market ...
Analysis of IoT Security Challenges and Its Solutions Using Artificial
A robust machine-learning-based IoT security system must consider the IoT cyber threat environment. Security features must therefore be designed and refined. A data-conditionality-reduction technique is essential because security features and the IoT data they are associated with have a direct impact on machine-learning-based security models ...
(PDF) A Proposed Model of IoT Security Management System Based on A
A Proposed Model of IoT Security Management System Based on A study of Internet of Things (IoT) Security October 2018 International Journal of Scientific and Engineering Research 9(9):1227-1244
PDF Securing the smart city: A review of cybersecurity challenges and
Challenges of smart city technologies include the complexity of integrating diverse systems and technologies, ensuring interoperability and scalability, addressing privacy concerns related to data collection and usage, and managing cybersecurity risks (Clim et al., 2022). As smart cities become increasingly reliant on digital infrastructure and ...
IOT Based Smart Security System
IOT Based Smart Security System. IOT Based Smart Security System: The aim of this paper is to design and implement affordable, flexible and fast monitoring system using Raspberry pi. In recent years, there has been an increase in video surveillance systems in public and private environments due to a heightened sense of security like CCTV and RFID.
(PDF) SECURING SMART CITIES
Here are so me of the key el ements that are typically included in the. security architecture of smart cities: 1. Cybersecurity technologies: These include technologies such as firewalls ...

A Systematic Review of IoT Security: Research Potential, Challenges, and Future Directions

New Citation Alert!

Information & Contributors

Index Terms

Recommendations

IoT Eco-system, Layered Architectures, Security and Advancing Technologies: A Comprehensive Survey

Industrial Internet of Things enabled technologies, challenges, and future directions

Information

Publication History

Funding Sources

Contributors

View Options

Full Access

Share this Publication link

Share on social media

IoT empowered smart cybersecurity framework for intrusion detection in internet of drones

Similar content being viewed by others

Survey on security issues of routing and anomaly detection for space information networks

NGMD: next generation malware detection in federated server with deep neural network model for autonomous networks

A conjugate self-organizing migration (CSOM) and reconciliate multi-agent Markov learning (RMML) based cyborg intelligence mechanism for smart city security

Enhancing security in IoT drones: factors for smart cybersecurity implementation

Encryption and secure communication

Authentication and access control

Firmware and software security

Intrusion detection and prevention

Threat intelligence and analytics

Physical security measures

Security monitoring and incident response

Privacy and data protection

Literature review

Drone security threats

The challenges, issues and vulnerabilities of UAVs

Drone security using machine learning

Drone security using deep learning

Proposed framework

Hierarchy of the proposed model

Edge processing layer

Security and privacy layer

Device connection layer

Data processing layer

Data storage layer & data visualization layer

Hybrid drone security

IoD with ML

Logistic regression (LR)

Decision trees (DT)

Random forests (RF)

Naive Bayes

IoD with DL

Gated recurrent units (GRU)

Recurrent neural networks (RNN)

Long short-term memory (LSTM)

Bidirectional LSTM (biLSTM)

Drone data collector

Mitigating bias and variance in data

Sensors and transmissions

Drone data centralized RNN

Experiments and results

Data availability

Acknowledgements

Author information

Contributions

Corresponding authors

Ethics declarations

Additional information

Rights and permissions

About this article

Share this article

Quick links

Information

Initiatives

Article Menu

JSmol Viewer

1. Introduction

2. Methodology

3.2. Attacks and Challenges

3.4. Proposed Solutions

3.5. Future Trends

3.6. Physical Layer Security Solutions for IoT Devices

5.4. Literature Review Gap

Share and Cite