International Journal of Computer Networks and Applications (IJCNA)

DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)

SURVEY ARTICLE

Machine Learning for Internet of Things (IoT)

Security: A Comprehensive Survey
Haifa Ali Saeed Ali
Department of Computer Application, CMR Institute of Technology (Affiliated to Visvesvaraya Technological
University), Bangalore, India.
✉ [email protected]

Vakula Rani J
Department of Computer Application, CMR Institute of Technology (Affiliated to Visvesvaraya Technological
University), Bangalore, India.
[email protected]

Received: 22 June 2024 / Revised: 05 October 2024 / Accepted: 15 October 2024 / Published: 30 October 2024

Abstract – The Internet of Things (IoT) represents a network of produced by IoT platforms require secure transmission and
interconnected gadgets, enabled by technology facilitating analysis to prevent privacy breaches. Despite its many
seamless communication between gadgets and the cloud. The benefits, IoT introduces security challenges due to its
adoption of IoT and its unique features expose these systems and unsupervised operation, reliance on wireless networks, and
devices to various intrusions. Traditional security methods are
inadequate to secure IoT and requires to reevaluate the existing
inability to support complex security systems. To address
security protocols. While IoT devices come with built-in security these challenges requires comprehensive strategies that
features such as encryption and authentication, they require account for the unique requirements of IoT environments.
more advanced techniques to ensure robust system protection. Modifications to current security frameworks for information
Machine learning has emerged as a vital tool in enhancing IoT and wireless networks are essential to develop robust IoT
security, proving effective in mitigating cybersecurity risks and security solutions that accommodate the global accessibility,
improving the intelligence of security systems. This survey resource limitations, and lossy network characteristics of IoT.
provides a comprehensive overview of IoT systems, with a focus Traditional defense mechanisms such as encryption,
on their security aspects, including features, architectures, authentication, access control, network security, and
protocols, and associated risks. It also highlights recent
algorithmic advancements, emphasizing the pivotal role of ML
application security face limitations and are often inadequate
in strengthening IoT security. Furthermore, it categorizes for IoT systems.
attacks on IoT systems, offering a systematic understanding of However, these security mechanisms can be enhanced to
vulnerabilities, and identifies relevant datasets to support future
satisfy the distinct needs of the IoT ecosystem. Advanced
research efforts.
techniques, such as ML and DL, can be utilized for data
Index Terms – IoT Security, Machine Learning (ML), Deep analysis, enabling the identification of normal and abnormal
Learning (DL), IoT Applications, Security, Attacks, Datasets, behaviors based on interactions among IoT devices. By
Cyber-Attacks, Challenges, IoT Layers. leveraging data from IoT components, it becomes possible to
1. INTRODUCTION detect malicious behavior early by analyzing typical
interaction patterns.
The Internet of Things (IoT) consists of inter-connected
physical objects that communicate through software, sensors, The motivation behind this survey is to furnish academicians
and network connectivity to share and collect data. Its primary and researchers with an extensive understanding of how ML
objective is to enable autonomous interaction between DL methodologies can address security challenges in IoT
devices, creating a smart, interconnected environment that environments, particularly focusing on mitigating attacks.
profoundly impacts people's lives. IoT is applied in various These techniques play a vital role in forecasting new attacks
fields, including intelligent homes, autonomous vehicles, gene by analyzing patterns from previous ones, thereby aiding in
therapy, and medical advancements. However, its inherent the detection of unknown threats. Furthermore, recent
characteristics also pose significant security and privacy literature lacks a thorough examination of the capabilities of
challenges, making IoT systems vulnerable to attacks such as ML and DL in securing IoT systems, especially in handling
impersonation and intrusion. The enormous amount of data emerging threats and scaling to real-world applications. This

ISSN: 2395-0455 ©EverScience Publications 617

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

paper aims to fill that gap by systematically reviewing recent IoT security. Figure 1 depicts the crucial significance of
advancements, applications, and limitations of ML and DL in ML/DL on the IoT environment.

Figure 1 ML/DL Role in IoT System

This research paper aims to furnish researchers and readers faced by IoT infrastructures. It provided a thorough analysis
with a thorough understanding of IoT and ML methods, and critique of the most advanced ML-based solutions for
specifically their positive impacts on detecting IoT attacks. protecting such systems, detailing how ML enhances security
Since there have been limited comprehensive studies on ML measures, as well as the security requirements. Authors [5]
and DL in this area since 2018, a modern literature review applied DL, ML, and federated learning (FL) algorithms to
covering all articles on IoT security using ML and DL IoT security, covering various models and offering overviews,
methods is essential. Few studies offer an exhaustive assessments, and summaries of FL- and DL-based IoT
examination of IoT, including its characteristics, protocols, security strategies.
architecture, and layered attacks, in addition to exploring
Despite these reviews, gaps remain in comprehensively
relevant ML and DL techniques and datasets for IoT attacks.
addressing all relevant aspects of IoT security and ML/DL
In this paper, we analyzed ML approaches and recent techniques, including insufficient exploration of emerging
advancements in DL techniques, providing insights into threats and scalability issues in real-world IoT environments.
enhancing security protocols for IoT devices. This research In this research study, we tackle the constraints identified in
also [1], explored various potential threats to IoT systems, previous research and furnish thorough insights for
including inherent and emerging threats to IoT security. A researchers. Additionally, we conducted a focused analysis by
detailed discussion on ML & DL techniques for IoT security addressing the following questions:
is presented, including their advantages, drawbacks, potential
applications, and future research directions. • RQ.1: What are the possible vulnerabilities and assaults
inherent within the interconnected network of IoT
The study [2] explored security solutions and assault vectors devices?
for IoT networks, highlighting the weaknesses that necessitate
ML and DL techniques. It offered a detailed discussion of • RQ.2: The frameworks, algorithms, and structures of IoT
accessible ML and DL strategies for addressing IoT security security impact the effectiveness of ML and DL methods
challenges and explored future research possibilities. Authors in strengthening IoT system security?
[3] conducted an in-depth analysis of IDS for IoT, covering • RQ.3: How can current security measures, involving ML
IoT intrusions and ML/DL methodologies for disclosing and DL, be enhanced to better protect IoT architecture
assaults in IoT networks. against attacks?
The authors also discussed the security issues encountered by The contributions of this research, summarized below, are
IoT infrastructures and examined advanced ML-based based on the questions above:
solutions for protecting these systems, emphasizing how ML
aids IoT security measures and the difficulties in • A thorough discussion on potential characteristics, IoT
implementing ML-based security solutions. The authors [4] protocols, architectures, vulnerabilities, applications, and
addressed the major security challenges and unresolved issues prevalent assaults in the IoT environment.

ISSN: 2395-0455 ©EverScience Publications 618

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

• A comprehensive study of ML and DL methods for IoT efficient designs to extend device operation without frequent
security, covering their advantages, disadvantages, recharging.
solutions to security challenges, and applications.
Real Time Operations: The capability for processing and
• An analysis of current surveys on ML/DL, categorizing responding in real-time is vital for IoT applications, whether
research papers from 2018 to 2024. for managing autonomous vehicles or monitoring vital
infrastructure.
• An In-depth classification of attacks on IoT layers,
including principles, weaknesses, and objectives of each Network Connectivity: As the quantity of IoT gadgets
layer. increases, maintaining connectivity becomes more
challenging. Solutions such as cloud services and gateways
• An evaluation of diverse datasets in IoT security, help optimize network performance.
providing insights into their benefits and drawbacks.
Remote monitoring and Control: A key advantage of IoT is
• A presentation of possible research challenges in ML/DL the capacity to remotely monitor and control devices. Users
for IoT security, along with discussion on future trends. can access and manage IoT devices from any location with an
The remainder of the survey is organized as follows: Section internet access, providing comfort and flexibility.
2 provides a brief overview of the IoT system. Section 3 Cost-Effectiveness: As IoT adoption increases, the cost of IoT
reviews ML and DL methods, while Section 4 analyzes gadgets and associated technologies has decreased. Cost-
existing surveys on ML and DL by examining studies from effectiveness is a vital factor in the extensive adoption of IoT
2018 to the present. Section 5 discuses and emphasizes the across various industries and applications. These
classification of attacks on IoT layers. Section 6 introduces characteristics form the foundation for addressing security
datasets in the IoT system, and Section 7 discusses research concerns and designing effective IoT systems.
challenges, future trends, and related discussions on ML/DL.
Finally, Section 8 concludes the paper. 2.2. IoT Architecture and Protocols

2. OVERVIEW OF THE IOT SYSTEM IoT architecture indicates to the framework that defines the
interactions and relationships between the various
This section furnishes an overview of the IoT systems, components of an IoT system. It includes devices (things),
covering the characteristics, architecture, protocols, and communication protocols, cloud services, and applications
vulnerabilities that raise significant security concerns. that work together to gather, process, and act upon data.
2.1. Characteristics of IoT Different studies offer various classifications of IoT
architecture, with some [7, 8] identifying three essential
The following attributes are vital for the efficient design, layers, while others [9], [10, 11] categorize it into three, four
deployment, and management of IoT systems, as identified in [12] or five layers. In this study, we present the three-layer
[2], [6]: approach: Perception layer, Network layer, and Application
Actuating and Sensing: IoT gadgets contain sensors to gather layer.
environmental data and may include actuators to carry out 2.2.1. Perception layer
actions based on this data, such as adjusting thermostat
settings. The perception layer handles with the physical connectivity
and hardware components of the system [13, 14]. It includes
Scalability: The ability to handle substantial volumes of data devices, sensors, actuators, and technologies that enable
effectively is crucial in IoT systems, enabling insightful connectivity to the network. The key elements of the physical
analysis and decision-making. layer in IoT are shown in Figure 2. This layer also
Safety: Concerns about the security of personal data have incorporates protocols for performing specific tasks, as
emerged with the rise of IoT devices, highlighting the need illustrated in Figure 3.
for measures to avert unauthorized access and data breaches. 2.2.2. Network layer
Interoperability: Given the numerous origins of IoT gadgets In an IoT system, the network layer is crucial for facilitating
and the use of various communication protocols, device connectivity and enabling data exchange across
interoperability is essential to ensure seamless and efficient networks [15, 16]. It aligns with the OSI (Open Systems
collaboration between different devices. Interconnection) model and is responsible for routing packets
Energy Efficiency: Many IoT gadgets depend on batteries or between devices across different networks. Various protocols
limited energy sources, emphasize the importance of energy- in this layer handle transmitting IP datagrams from the source
to the target network.

ISSN: 2395-0455 ©EverScience Publications 619

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Key protocols include: used in IoT for its publish-subscribe model, making it
suitable for scenarios with intermittent connectivity.
• IPv4 (Internet Protocol Version 4): The most widely
deployed internet protocol, using a 32-bit address scheme • XMPP (Extensible Messaging and Presence Protocol)
to identify devices in a network. and AMQP (Advanced Message Queuing Protocol):
Additional protocols used for message-oriented
• IPv6 (Internet Protocol Version 6): The latest version of communication in IoT systems.
the internet protocol, which uses a 128-bit address
scheme and is the successor to IPv4. These layers and protocols work together to ensure the
efficient operation and communication of IoT systems, with
• 6LoWPAN (IPv6 over Low-Power Wireless Personal each layer addressing specific functional and technical
Area Networks): A protocol that allows IPv6 packets to requirements.
be transmitted over low-power, low-rate wireless
networks, commonly used in IoT devices. It is designed 2.3. Internet of Things Vulnerabilities
to tackle the challenges of connecting devices with IoT gadgets have become more prevalent in every facet of
limited power, processing capabilities, and memory. everyday life, providing simplicity and automation [18].
• RPL (Routing Protocol for Low-Power and Lossy However, they also introduce significant security challenges
Networks): A protocol designed for routing data in low- and vulnerabilities. Below are some common IoT
power IoT networks. vulnerabilities [19], [20]:

• LoRaWAN (Long Range Wide Area Network): A low- • Inadequate Authentication and Authorization: Numerous
power, long-range protocol designed for wireless battery- IoT gadgets come with default usernames and passwords
operated devices. that are often left unchanged by users, making them
vulnerable to unauthorized access. The absence of Two-
Selecting a network layer protocol depends on the particular Factor Authentication (2FA) also makes it easier for
needs and limitations of the IoT implementation, considering hackers to obtain illegal access to IoT gadgets.
factors like interoperability, security, scalability, and power
efficiency. • Poorly Implemented Encryption: Some IoT devices
transmit data without adequate encryption, making it
2.2.3. Application Layer susceptible to interception and manipulation by attackers.
This layer is the top layer, accountable for delivering specific The use of weak encryption methods further increases the
functionality and services to various IoT applications [17]. It risk of compromising sensitive data.
enables communication between devices, applications, and • Outdated Software and Firmware: When manufacturers
services within the IoT ecosystem. Figure 4 demonstrates the fail to release regular firmware updates, devices remain
three layers and the protocols used in each layer. Various be susceptible to known exploits. Additionally, some
application layer protocols are employed to facilitate devices are unable to install updates, leaving them
interoperability, data sharing, and communication between exposed to security vulnerabilities.
IoT systems and devices: HTTP (Hypertext Transfer
Protocol): Used for web communication. Devices can send • Privacy Concerns: Inadequate privacy protections may
and receive data over the internet using HTTP or its secure result to the exposure of sensitive user information,
version, HTTPS. It is commonly used for web-based resulting in data leaks. Moreover, manufacturers may
communication and RESTful APIs. gather and retain more user data than necessary,
increasing the risk of privacy breaches due to insufficient
• CoAP (Constrained Application Protocol): A lightweight user data management.
protocol designed for networks and devices with
constraints. It is often used where a simple and efficient • Limited User Awareness: Many users are unaware of the
communication protocol is needed. hazards related to with IoT gadgets, which can lead to
insufficient security practices, such as neglecting to
• WebSocket: A protocol that enables full-duplex change default settings or failing to apply security
communication over a single socket, enabling real-time measures.
message exchange between client and server.
• Inadequate Physical Security: A lack of tamper
• MQTT (Message Queue Telemetry Transport): A protection can result in unauthorized physical access to
lightweight messaging protocol designed for low- IoT devices, compromising their security. gadgets
bandwidth, high-latency, or unreliable networks. It without proper physical security measures are vulnerable
operates on top of the TCP/IP protocol and is frequently to being manipulated or stolen. These vulnerabilities

ISSN: 2395-0455 ©EverScience Publications 620

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

emphasise necessity of developing robust security operations, and the integration of IoT technologies for
practices and educating users about potential risks in IoT autonomous vehicles.
systems.
2.4.5. Smart Agriculture
2.4. Internet of Things Applications
Precision agriculture, or smart agriculture, utilizes IoT sensors
IoT applications span across multiple industries and fields, to monitor crop health, irrigation, and soil conditions.
offering innovative solutions to improve efficiency, Wearable technologies and sensors are also used for cattle
connectivity, and automation. Below are some of the monitoring, tracking the health and behavior of livestock.
prominent IoT applications: These technologies enhance productivity, sustainability, and
efficiency in farming [1].
2.4.1. Smart Home Automation
2.4.6. Smart Healthcare
In intelligent homes, appliances like refrigerators, televisions,
doors, and heating systems can be automated and remotely IoT gadgets are widely utilized in healthcare for remote
controlled [1]. Users can customize door settings, maintain patient monitoring and timely interventions. For instance,
cameras, manage home security systems, and control sensors can be implanted to observe glucose levels in diabetic
appliances such as air conditioners and heaters. Energy patients and send alerts when levels become critical. Wearable
consumption can also be optimized by automating tasks like devices track health indicators and communicate data to
lighting and temperature management. Examples include medical professionals. Additionally, smart pill dispensers help
smart thermostats that adjust temperature and humidity based monitor drug adherence, and asset tracking systems in
on user preferences and energy-efficient lighting systems that hospitals manage medical supplies and equipment.
are remotely controlled. Integrated cameras, sensors, and
2.4.7. Smart Environment
alarms enable remote surveillance and form part of smart
security systems. Smart environmental technologies use data-driven strategies
to monitor and improve both built and natural environments.
2.4.2. Smart Cities
These innovations address environmental issues, promote
Urban areas leverage IoT devices like meters, lights, and sustainability, and enhance quality of life. Air quality sensors
sensors to collect and analyze data, which is used to improve measure pollutants, providing real-time data for managing
public utilities, infrastructure, and services. Smart city environmental health, while water sensors monitor the
technologies aim to simplify daily tasks, enhance efficiency, condition of natural bodies of water to detect pollution.
and address public safety, traffic management, and
2.4.8. Smart Grid
environmental sustainability issues. Examples include smart
meters for effective energy management and connected This domain is the next generation of energy infrastructure,
vehicles [21]. Traffic management systems, such as intelligent enhanced with IoT connectivity and communication
traffic lights and parking systems, reduce congestion, while technologies to improve resource utilization. It enables more
waste management solutions use sensors to optimize efficient electricity distribution, real-time monitoring, and
collection routes. disaster prevention. Smart grids also detect energy spikes and
device malfunctions, helping to enhance reliability and reduce
2.4.3. Smart Transportation
power transmission costs. In Table 1, the applications,
Smart transportation integrates IoT and other advanced principles, and weaknesses of IoT in various domains are
technologies to boost the sustainability, safety, and efficacy of summarized.
transportation networks. It relies on interconnected sensors
2.5. Internet of Things Critical Attacks
and data from mobile gadgets, GPS, accelerometers, and
weather sensors to optimize urban traffic and freight An IoT assaults indicate to a breach of an IoT system,
scheduling, improve road safety, and reduce delivery times targeting gadgets, networks, data, or users. Cybercriminals
[22]. exploit these vulnerabilities to steal data or gain control over
automated systems, threatening their functionality. Due to the
2.4.4. Smart Vehicles
inherent weaknesses in the IoT environment, it remains
Smart vehicles, or intelligent cars, are equipped with AI- constantly exposed to cyberattacks. These assaults can be
controlled computer systems that relieve drivers of routine categorized as either active or passive, and they are still under
driving tasks. This technology aims to improve highway investigation, as researchers have not yet developed definitive
safety by reducing the driver's decision-making burden. Key solutions to fully protect IoT systems. This subsection
features include telematics for data collection and discusses the most critical active and passive assaults in the
transmission, fleet management for monitoring vehicle IoT environment. The objectives and details of each attack are

ISSN: 2395-0455 ©EverScience Publications 621

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

outlined in Tables 2 and 3. Below are the primary types of This attack involves the illegal monitoring and analysis of
IoT attacks. network traffic to gain insights into patterns, behavior, or
private data shared between IoT devices. Unlike other attacks
2.5.1. Passive Internet of Things Attacks
that exploit device or network vulnerabilities, traffic analysis
Passive IoT attacks involve unauthorized monitoring, focuses on passive observation of data transmission [25].
eavesdropping, or information gathering without actively
• Passive Device Fingerprinting
interfering with the communication or functionality of IoT
devices [23]. These attacks are often subtle and aim to collect Passive device fingerprinting in IoT refers to identifying and
sensitive information for malicious purposes. Defending profiling IoT devices on a network without actively engaging
against passive IoT attacks requires strong encryption, secure with them. This involves observing and analyzing network
communication protocols, monitoring network traffic for traffic, characteristics, and patterns generated by devices to
anomalies, and using intrusion detection systems. Below are create a unique fingerprint or signature. The data can be used
common types of passive IoT attacks: for goal such as targeted attacks, reconnaissance, or
unauthorized access [26].
• Eavesdropping
• Radio Frequency (RF) Snooping
Eavesdropping in IoT threats refers to the unauthorized
monitoring and interception of communication between an RF snooping in IoT involves the unauthorized interception
IoT device and a network. In this type of attack, the assailant and analysis of radio frequency signals emitted by IoT
covertly listens to the data or messages being transmitted to devices. These attacks exploit wireless communication
acquire sensitive information, such as credentials or personal channels used by IoT devices to exchange information,
data, without actively disrupting communication [24]. potentially leading to the extraction of sensitive data, device
identification, or remote control of targeted devices [27].
• Traffic Analysis Attack

Figure 2 Key Components of Physical Layer

ISSN: 2395-0455 ©EverScience Publications 622

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Figure 3 Physical Layer Protocols

Figure 4 Protocols Based IoT Architecture

Table 1 IoT Application Principles and Weaknesses
Domain Principle Weaknesses
Smart Home Upgrading the standard of living Safety, security
- Lack of physical security.
and convenience in the home.
- Vulnerabilities in devices.
- Weak passwords.
Inadequate authentication.
Smart Cities Encompasses intelligent homes, intelligent traffic
- Weaknesses in security protocols.
management, intelligent disaster management,
- Lack of encryption.
intelligent utilities, etc.
- Lack of standardization and interoperability.
High Implementation Costs.

ISSN: 2395-0455 ©EverScience Publications 623

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Smart Encompasses diverse IoT applications like fire - FN and FP may result in disastrous results for such
Environment disclosure in forests, observing the amount of snow IoT applications.
in high altitude areas, avoiding landslides,
- Integrating diverse technologies, protocols, and
premature disclosure of earthquakes, pollution
devices can be complex, leading to challenges in
observation, etc.
maintaining and managing the system.
Privacy breaches.
Smart Grids A bi-directional power network that facilitates the
- Physical and cyber-attacks criticality of data delivery
transmission of both electricity and data using latency.
digital communications technologies.
- The smart grid may be more vulnerable to
cyberattacks, equipment malfunctions, and system
failures due to its reliance on digital technologies.
Intelligent grids rely heavily on digital
communication and data transfer, making them
vulnerable to cyber-assaults and hacking.
Smart Healthcare Enhancing the quality of care delivered. - Sensitive health data gathering, and storage provide
serious security threats.
Enhancing patient health outcomes.
- Insufficient cost-effective intelligent and precise
Minimizing healthcare expenses.
medical sensors.
- Lack of a standard architecture of IoT system.
- High handling volume data and challenge of
interoperability, etc.
Require robust privacy measures to ensure that
patients' personal health information.
Smart Decreased traffic congestion leads to improved air
- The software of the control system could be
Transportation quality, less wasted time, and decreased compromised by hackers.
consumption of energy.
- creating issues with data privacy and the possibility
of misuse or illegal access.
- High Implementation cost.
Energy Requirements.
Smart Vehicles Analyzes intelligent vision for safe driving, Vulnerability to Hacking.
intelligent monitoring of driving that is insecure,
Accomplishing a high level of safety in autonomous
intelligent disclosure of automobile power and
vehicles is challenging,
transmission systems, intelligent vehicle navigation
and transportation systems, and intelligent High energy consumption.
technology that can be assisted by vehicles.
Data Privacy Risks.

Smart Managing farms with the utilize of sophisticated Vulnerable to cyber threats.
Agricultural information and communication technology to raise
- Farmers' Privacy Concerns.
product quantity and quality while reducing the
amount of human work necessary. - Lack of technical skills.
Affected by adverse weather conditions.

ISSN: 2395-0455 ©EverScience Publications 624

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

• Bluetooth Sniffing or inject false data into the communication, effectively

gaining unauthorized access or manipulating the data being
Bluetooth sniffing involves the unauthorized interception and transmitted. It transpires when an individual or cybercriminal
analysis of Bluetooth communication between devices. This intervenes in the connection between a system and a user, or
can result in the extraction of confidential information, device between two users, to steal personal information, messages,
identification, or even unauthorized access or control of IoT data, and more.
devices that rely on Bluetooth for communication [28].
Users may believe they are connecting normally, but during
• Social Engineering MiTM assault, the assailant controls all interactions between
IoT social engineering attacks trick users into revealing the two parties or between the user and the system. The
information about IoT devices without authorization by attacker can also alter messages while remaining undetected.
exploiting human weaknesses. Social engineering relies on The primary objective of these assaults is to steal personal
psychological manipulation to convince people to perform information, such as login credentials, card details, transaction
certain actions or disclose sensitive information [29]. data, and other sensitive information [33, 34].

• Location Tracking • IoT worms and malware

Location tracking attacks involve the illegal acquisition or Attacks involving malware and IoT worms propagate
alteration of location data from IoT devices. Attackers may malicious software created to penetrate vulnerabilities in IoT
exploit vulnerabilities in networks or devices to trace the gadgets. These attacks often include self-replicating malware
location of devices or individuals. Techniques such as GPS that disseminates through IoT networks, infecting multiple
spoofing, malicious firmware updates, or RFID/NFC devices and potentially causing significant damage. IoT
skimming may be used to achieve these goals [30]. malware can take various forms, including worms, viruses,
and trojans, and can have numerous harmful effects, such as
2.5.2. Active Internet of Things Attacks stealing confidential information, impairing device
Active IoT assaults involve direct interference with the functionality, or even posing physical threats. The risk of IoT
normal functioning of IoT gadgets, networks, or systems. malware attacks increases with the number of connected
These attacks seek to manipulate, disrupt, or gain devices [35, 36].
unauthorized control over the targeted IoT infrastructure. • Jamming Attacks
Below are types of active IoT attacks:
Jamming is one of the vulnerabilities used to compromise
• Denial of Service Attack (DoS) wireless environments. It works by denying service to
A DoS assaults prevents a system from being accessible by legitimate users, as authorized traffic is congested by
legitimate users, prohibiting them from using the system's illegitimate high-frequency signals. Jamming assaults
resources. This may result to significant financial and time interfere existing wireless network connections by
losses for service providers, as users may switch to other transmitting unwanted signals to IoT gadgets, causing issues
services due to security apprehensions. DoS assaults can for users by keeping the network continuously occupied.
exhaust network resources, bandwidth, and CPU time, additionally, these attacks can reduce the functionality of IoT
emphasizing the necessity for a complete security strategy devices by consuming additional energy, bandwidth, memory,
that involving technical measures and proactive monitoring and other resources. Attackers employ various techniques to
[31]. jam radio frequency (RF) signals, preventing IoT devices
from sending or receiving data [37, 38].
• Distributed Denial of Service (DDoS) Attacks
• Sinkhole Attacks
This assault entails overwhelming a target server or website
with a massive amount of fake traffic from multiple sources to A sinkhole assault indicates to a malicious activity where an
slow down or disrupt the service. It differs from a DoS attack attacker diverts or redirects the traffic of IoT devices to a
in that DDoS utilizes numerous computers and internet destination under their control. The term "sinkhole" indicates
connections, often through a botnet, to flood the target. DDoS that the attacker creates a point where the diverted traffic is
attacks can cause significant congestion in IoT devices and directed.
networks, leading to service interruptions [32]. Sinkhole attacks can serve various purposes, including
• Man-In-The-Middle Attack eavesdropping on communications, collecting critical
information, or disrupting the normal operation of IoT
This assault transpires when an assailant intercepts devices. These attacks can be passive or active, depending on
communication between two parties, such as IoT devices, how they are executed [39].
without their knowledge. The assailant can eavesdrop, alter,

ISSN: 2395-0455 ©EverScience Publications 625

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

• Zero-Day-Attacks DDoS Increase a DoS attack's impact and make it

more challenging to mitigate.
This attack takes advantage a potentially malicious software
vulnerability that the vendor or developer may not be aware MiTM Eavesdrop on sensitive information, alter data
of, often indicated to as Day Zero. To mitigate risks to while it's being transmitted, or pretend to be an
software users, developers must act quickly to address authorized communicator.
vulnerabilities as they are discovered. The assault can
encompass malware, adware, spyware, or unauthorized access IoT Infect an extensive number of devices in order
to user information. In IoT, zero-day assaults exploit worms that initiate a botnet, steal information, or carry
weaknesses in devices or systems that are unknown to the and out coordinated attacks.
vendor or the public. These vulnerabilities are termed "zero- malware
day" because there is no prior protection or awareness at the Jamming Disable or degrade connection, leading to
time of the attack. Zero-day attacks can be both passive and Attacks service disruption or loss of connectivity.
active, depending on their interpretation in relation to
cybersecurity [40].
Table 2 Passive Attacks Sinkhole Compromise the connection and control of IoT
appliances for malicious purposes.
Passive Attack Objectives
Zero- Exploit security flaws in IoT devices or
Eavesdropping Collect sensitive information, such as Day- software for which no security patch or update
credentials or data, without actively Attacks has been released
disrupting the communication
Consequently, it is crucial to understand and mitigate both
Traffic Analysis Gain insights about how IoT devices passive and active attacks to secure IoT ecosystems. Reducing
typically operation, identify the risks associated with these attacks requires implementing
vulnerabilities, or gather vital robust encryption, authentication methods, and frequent
information. security assessments. Unfortunately, traditional security
Passive Device Identify software versions, identify defence mechanisms often lack the capabilities to confront
Fingerprinting particular devices, or obtain these potential attacks. Therefore, modern security measures
information for possible exploitation. must be adopted to prevent and detect these threats, which
jeopardize vulnerable IoT systems. This paper discusses and
presents security measures that can effectively combat IoT
Radio Frequency Obtain information about
attacks. The categorization of IoT critical attacks is illustrated
(RF) Snooping communication patterns or extract
in Figure 5.
data without direct access to the
gadget. 2.6. Existing Surveys in IoT Security
Bluetooth Extract confidential information or The IoT environment has provided numerous benefits,
Sniffing observe the interactions between facilitating remote device usage and leveraging smart devices
Bluetooth-enabled IoT devices. powered by artificial intelligence to meet human needs.
However, despite these advantages, these devices are often
Social Utilize collected Information for SE inadequately equipped from a security perspective to protect
Engineering schemes like phishing and against cyberattacks. Various studies and reviews have
impersonation. conducted thorough analyses of literature on security threats.
Location Tracking Monitor the movements of individuals In this subsection, we examine significant surveys focused on
or objects that are linked to IoT IoT security. For instance, study [41] addressed primary
gadgets. challenges in the IoT environment, including security
communication, issues and unresolved challenges, along with
Table 3 Active Attacks potential solutions.
Active Objectives Study [42] analyzed security issues, unique IoT
Attack characteristics, significant security challenges, and solutions
DoS Produce a disturbance in service by rendering in relation to previous surveys. Study [43] discussed IoT
devices or systems temporarily or permanently security challenges, open issues, and provided a foundation
unavailable. for future research. Study [44] offered a comprehensive
classification of security risks within the IoT framework,

ISSN: 2395-0455 ©EverScience Publications 626

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

providing insights to help IoT developers in managing contributed to the current advancements in learning
hazards and security flaws for improved protection. It also algorithms, commonly referred to as ML and DL.
presented alternative five-layer and seven-layer IoT
ML is an area of AI focused on developing systems that learn
architectures alongside the current three-layer design. Modern
or enhance their performance based on the data they consume,
approaches to enhancing IoT device security include
while DL is a subfield of ML. AI is an umbrella term that
leveraging machine learning, edge computing, fog computing,
indicates to systems or gadgets that simulate human
and blockchain technology while also addressing unresolved
intelligence. ML, DL, and AI are often discussed together,
research issues. Author [45] presented a complete
and the terms are sometimes employed interchangeably;
categorization for authentication and access (AA) in IoT
however, they do not represent the same concept. It is vital to
networks, evaluating various elements of AA using
note that while ML and DL methods are forms of AI, not all
conventional and ML-driven approaches to assess their
AI encompasses ML or DL.
potential to enhance IoT ecosystem security and identify
research areas. The topic of IoT architecture in the context of ML enables machines to learn independently without human
AA schemes was also covered, focusing on different risks and guidance to perform tasks. It deduces a model for solving
attacks at each IoT layer. IoT applications utilizing machine future problems by extracting specific patterns from data [51].
learning algorithms for AA were examined for their This field emerged from scientists' aspirations to create
requirements and existing challenges. autonomous systems that infer without human intervention,
moving beyond the previous reliance on direct commands. In
Study [46] analyzed recently proposed models, protocols, and
today's world, ML is pervasive in various sectors. Whether we
encryption techniques for securing IoT networks, highlighting
link with banks, shop online, or use social media, ML
the latest security trends. It discussed the classification of IoT
algorithms play a crucial role in ensuring our experiences are
attacks and provided an updated analysis of protocols and
efficient, seamless, and secure.
standards proposed for IoT systems. Study [47] reviewed
current IoT security issues related to potential future attacks, The technologies surrounding ML are evolving rapidly.
identifying concerns associated with IoT integration with Conventional ML methods rely on engineered features, while
cloud and blockchain technologies, changes in cryptography DL methods represent advancements in learning techniques
due to quantum computing, and the growth of artificial that utilize multiple non-linear processing layers for feature
intelligence. Study [48] compiled information on reported abstraction and transformation, aiding in pattern analysis.
security vulnerabilities, their classification, and remedies Therefore, the aim of this review of ML and DL is to provide
proposed to address IoT security challenges. readers with a comprehensive understanding of both. In this
section, we will first examine ML techniques from an IoT
Study [49] identified major security concerns and anticipated
security perspective, discussing their pros and cons, along
challenges within the IoT ecosystem, guiding authentication
with solutions for IoT security. Next, we will review DL
methods and addressing various threats. Study [50] provided a
algorithms, their advantages and disadvantages, and their
concise overview of security issues across different IoT
applications in addressing IoT security challenges.
protocol layers, along with preliminary simulation findings.
Through our review of these studies, we summarize them in 3.1. Machine Learning (ML) Techniques
Table 4, focusing on discussions about IoT security and the
In this subsection, we furnish an overview of ML methods
limitations of these studies.
that have proven effective in disclosing and mitigating cyber-
3. REVIEW ON MACHINE LEARNING AND DEEP assaults in IoT-based environments. ML involves training a
LEARNING computer to achieve a performance criterion by using
previous or sample data [52]. ML algorithms create a
Traditional security mechanisms have demonstrated
mathematical model that aids in generating predictions or
inadequate in tackling the security challenges related to IoT.
decisions using training data and previous data samples,
Therefore, researchers and experts must explore more
without the need for explicit programming. ML merges
efficient mechanisms to confront the security risks that
computer science and statistics to develop prediction models,
threaten this technology and, consequently, human lives. For
with a fundamental aspect being the development and use of
this reason, modern methods related to artificial intelligence
algorithms that derive knowledge from past data. Providing
(AI) have been investigated and shown to be capable of
more data generally improves the performance of ML
combating cyberattacks, such as hacking devices and cracking
algorithms.
passwords. Due to their distinct problem-solving approaches,
learning algorithms have found widespread adoption in ML techniques are suitable for IoT devices with resource
various real-world applications. The emergence of low- constraints, as they can detect various IoT attacks early by
computation-cost algorithms, combined with the availability observing network behavior [53]. ML methods can be broadly
of vast datasets and the development of novel methods, has classified into two categories: Supervised Machine Learning

ISSN: 2395-0455 ©EverScience Publications 627

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

(SML) and Unsupervised Machine Learning (USML). This (KNN), Random Forest (RF), Association Rule (AR), and
subsection addresses common ML techniques, such as PCA, Ensemble Learning (EL), along with their pros and cons in
K-means clustering, Decision Trees (DT), Support Vector IoT security.
Machines (SVM), Naive Bayes (NB), k-Nearest Neighbors

Figure 5 IoT Critical Attacks

3.1.1. Support Vector Machines (SVM) detection of malicious traffic in IoT networks. In [57], the
authors proposed an intrusion detection system (IDS) using
It is a SML methods which is commonly utilized to tackle
ML to disclose novel assaults with SVM, achieving up to
classification and regression problems; Nevertheless, it is
99.8% accuracy and 100% recall. Nonetheless, limitations in
applied in classification problems. It is composed of three
the proposed methods include the need for more training
important concepts:
samples for selective forward attacks, as well as
1. Support Vectors: Data points closest to the hyperplane. improvements required in the Matthews correlation
coefficient (MCC) and precision.
2. Hyperplane: A decision boundary that separates diverse
classes of data. 3.1.2. Decision Tree (DT)
3. Margin: The distance between the hyperplane and the This algorithm is a form of (SML) that describes the input and
nearest data points from diverse classes. associated output in the training data. DTs can be employed
for both classification and regression tasks and are
The primary goal of SVM is to partition datasets into
represented by a tree-like diagram that results from a series of
categories by obtaining a maximum margin hyperplane [54,
feature-based splits. A DT starts with a root node and ends
55]. In IoT security, SVM algorithms have made significant with leaf nodes. The root node is where the initial population
strides in detecting, classifying, and mitigating security risks. split occurs, based on various features [58]. The leaf nodes
The application of kernel techniques and non-linear decision
represent the final decisions. DTs are crucial for IoT security
boundaries has improved their ability to categorize complex
because of their high accuracy in identifying intrusions, such
threats in IoT environments. For example, a study [56]
as DDoS assaults. Their simplicity and reliability make them
combined the TOPSIS and Shannon Entropy methods based
an efficient tool for researchers. DTs utilize pruning methods
on a bijective soft set to verify selected features for to mitigate overfitting by removing unnecessary branches,
identifying malicious traffic in IoT networks using SVM and which greatly improves performance on large IoT datasets.
other ML techniques. This resulted in the development of a
Boosted decision trees, such as Gradient Boosting, enhance
feature selection (FS) algorithm named Corrauc, which uses a
the disclosure of complex assaults. DTs have shown
wrapper technique to precisely refine and select useful
exceptional performance in detecting IoT attacks, establishing
features for the chosen ML methods based on the AUC
them as a key technique in machine learning. For example, a
metric. The findings indicated that the suggested method study [59] compared various ML methods, including DT,
attained an accuracy exceeding 96% utilizing SVM. KNN, ANN, RF, and NB, using the Bot-IoT dataset to
However, the paper could benefit from providing more details
analyze HTTP DDoS attacks. The study found that DT, RF,
on the process of selecting optimal features to ensure precise
and KNN scored higher compared to other ML methods.

ISSN: 2395-0455 ©EverScience Publications 628

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Another study [60] presented and implemented a sequential networks using SMOTE-RF, which is trained to address
detection architecture for an ML-based botnet attack detection imbalanced and multi-classification issues. The suggested
system, utilizing J48 DT, ANN, and NB, which showed a method attained an accuracy rate of 80%.
higher performance score in creating a lightweight, high-
3.1.4. Naive Bayes (NB)
performing detection system.
NB is a (SML) algorithm based on Bayes' theorem and is
3.1.3. Random Forest (RF)
commonly utilized for solving classification problems. NB
RF is a (SML) method where multiple DTs are built and makes predictions based on the probability of an event
combined to form an RF, which creates a robust and accurate occurring given the prior data [64]. In IoT security, the NB is
prediction model for better overall outcomes. In RF, trees are employed to forecast attacks based on historical data and is
randomly constructed and trained to select a class by voting. particularly effective in detecting network layer anomalies. It
The method's performance improves as the number of trees has benefited from methodologies such as Gaussian Naive
increases, leading to higher classification accuracy and Bayes, which allows it to handle continuous data more
prediction reliability. RF is widely utilized in IoT security efficiently in IoT applications. This enhancement makes NB
operations, such as anomaly disclosure, due to its exceptional suitable for real-time intrusion detection that requires quick
classification capabilities. Recent advancements in RF utilize classifications [65]. A study in [66] proposed intrusion
ensemble methods that combine multiple DTs to enhance detection methods based on Naïve Bayes, noting that the
classification accuracy and robustness in detecting anomalies Bayes classifier is particularly well-suited for intrusion
in IoT communications. Additionally, feature importance detection systems (IDS) due to its high classification speed.
analysis allows RF to identify critical features in high- Another study [67] presented an IDS model based on a two-
dimensional IoT data, improving the model's interpretability layer dimension reduction and a two-tier classification
[61]. For instance, a study [62] employed RF and other ML module, built to disclose malicious activities such as User-to-
techniques to disclose and prevent DoS assault traffic arriving Root (U2R) and Remote-to-Local (R2L) attacks using NB and
from smart home LAN devices. RF achieved 99% accuracy KNN. The model achieved a DR of 84.82% with a high false
and precision compared to other ML algorithms in the alarm rate (FAR) of 5.56%, while the two-tier model attained
proposed methods. Another study [63] suggested a method to a DR of 83.24% and FAR of 4.83%.
classify Advanced Persistent Threat (APT) malware in IoT
Table 4 Existing Surveys in IoT Security
Ref. IoT IoT IoT IoT IoT Limitations
Characteristics Protocols Architectures Security Challenges
Solution
[41]      Deficiency to taxonomy ant bit
discussion on attacks detection scheme
in IoT layers.
Deficiency to present security solution
mechanism, IoT vulnerabilities are not
considered
[42]      IoT security measures are not
adequately regarded and focuses on the
of IoT features’ impact on security and
privacy without emphasis regarding IoT
security requirements.
[43]      IoT security requirements and
mechanisms are disregarded.
Deficiency to discuss IoT application.
[44]      Deficiency to discussions on important
IoT security requirements.
[45]      Lacks classification and minimal
discussion on ML techniques, moreover,
IoT Vulnerabilities are not specified.

ISSN: 2395-0455 ©EverScience Publications 629

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

[46]      Concentrate on affection protocols in

support security solutions without
concentrating on IoT security
requirements.
[47]      Deficiency to discuss the IoT
mechanism.
[48]      Lack to present the solutions to IoT
Security.
[49]      Modern Security methods are ignored
and minimal debate on the attack
detection schemes.
[50]      Modern Security methods are ignored.
Deficiency to discuss on the attack
detection schemes.
3.1.5. K-Nearest Neighbor (KNN) 3.1.7. Association Rule (AR)
KNN is a simple SMLA that can be utilized to both regression Association Rule (AR) is employed to discover hidden
and classification tasks, though it is more commonly utilized relationships between variables in a dataset. It detects frequent
for classification. KNN measures the distance between data patterns or variable combinations, which are often seen in
points using the Euclidean distance as a metric, calculating assaults scenarios, and builds models to predict future
the average value of the unknown data point based on its k- classifications based on these patterns. Although AR
nearest neighbors. KNN is widely used in IoT security for approaches are not widely utilized in IoT contexts, further
detecting malware, anomalies, and intrusions. Recent research is recommended to optimize or integrate them with
advancements in rapid nearest-neighbor search methods have other strategies to improve IoT security [72].
improved the scalability of KNN, allowing it to handle larger
3.1.8. K-Mean Clustering
IoT datasets without compromising classification speed.
Distance-weighted voting has further improved its predictive K-Means is an (USML) algorithm that groups unlabeled
accuracy in identifying attacks [68]. In [69], a distributed datasets into clusters, with K representing the number of
modular solution utilizing KNN was proposed to disclose IoT predefined clusters. It is a simple and effective method for
malware network activity in large-scale networks, identifying categories in unlabeled datasets without requiring
demonstrating the effectiveness of the KNN classifier. prior training. The algorithm iteratively separates data into K
clusters by locating the optimal K Centre points and assigning
3.1.6. Principal Component Analysis (PCA)
each data point to the nearest Centre. In [73], the author
PCA is an USML algorithm used for dimensionality reduction proposed an organized insider assaults model called CPMA,
in ML models. PCA reduces the complexity of datasets by where attackers maliciously manipulate packets that meet
minimizing the quantity of features while retaining essential specific conditions using K-Means clustering. The
information. This process improves computational efficiency, experimental findings indicated that the suggested scheme,
speeds up calculations, and helps mitigate overfitting in utilizing K-Means, achieved high disclosure performance and
machine learning models. PCA is often integrated with other effectively organized malicious nodes' assaults modes with
machine learning techniques to develop more effective high accuracy. Recent advancements in initialization methods
security strategies. Recent improvements have combined PCA have improved K-Means accuracy in anomaly detection,
with feature selection techniques to enhance its ability to making it more effective in IoT security applications.
identify relevant features for detecting IoT security
3.1.9. Ensemble Learning (EL)
vulnerabilities, simplifying attack detection models while
boosting computational speed. PCA enhances machine Ensemble Learning (EL) improves machine learning
learning performance by identifying features linked to IoT outcomes by combining multiple models. This strategy
attack detection [70]. For example, in [71], a two-level typically yields better predictive performance than using a
detection strategy was proposed to identify unusual network single model. EL has been applied to various complex
traffic in IoT networks using PCA algorithms. The problems, especially in forecasting and predictive tasks.
experiment, conducted with various datasets and employing a Techniques like AdaBoost and Gradient Boosting improve
95% threshold, demonstrated a high true positive rate (TPR). detection accuracy by combining weak classifiers into a

ISSN: 2395-0455 ©EverScience Publications 630

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

resilient robust classifier, which addresses the imbalanced 3.2. Deep Learning (DL) Techniques
nature of IoT security datasets. Various EL methods, such as
Recently, the incorporation of DL in IoT systems has gained
stacking, boosting, and voting, can be applied in IDS
significant attention as a research area. DL outperforms
strategies, enhancing their effectiveness [74].
classical ML techniques, particularly when applied to large
In [75], the authors suggested a new smart ensemble-based datasets, which is one of its primary advantages [88]. DL is
IDS designed to be deployed at the IoT gateway. The method the most advanced method for analyzing data to assess both
applied NB, SVC, and KNN classifiers and achieved high benign and malicious behaviors of IoT components based on
accuracy and performance when combined with EL the interactions between devices within an IoT environment.
techniques, exceeding 90% in accuracy compared to methods By learning from past attacks, DL models can accurately
without EL. While ML techniques are effective in disclosing predict future attacks. DL is a branch of ML that employs
cyber-attacks in IoT environments, they face challenges multiple non-linear processing layers to abstract and
related to reliability, accuracy, and efficient labeling of data. transform features in a discriminative or generative manner
These methods must adapt to the diverse data generated by for pattern analysis. Because DL techniques can capture
IoT applications, but they also come with limitations. hierarchical representations in deep architectures, they are
often referred to as hierarchical learning techniques [1].
Table 5 highlights the benefits and drawbacks of diverse ML
Examples of discriminative DL methods include
techniques and their applicability to different types of
Convolutional Neural Networks (CNNs) and Recurrent
assaults. Although many studies have proposed ML-based
Neural Networks (RNNs). Hybrid DL methods include
methods to mitigate IoT security concerns, there remain
Autoencoders (AEs), Deep Belief Networks (DBNs),
deficiencies in their findings.
Restricted Boltzmann Machines (RBMs), Generative
Table 6 presents previous work on using ML to detect assaults Adversarial Networks (GANs), and Ensembles of DL
in IoT environments [76-87]. Networks (EDLNs).
Table 5 Advantages and Disadvantages of ML Techniques
Technique Advantages Disadvantages Application
SVM Employ kernel mechanisms and is Unbalanced samples have an impact Use with:
capable of simulate decision boundaries on conventional SVM performance
Anomaly Detection.
that are non-linear. efficiency.
IoT-Botnet
SVMs are well-known for their capacity Memory-sensitive and could find it
detection.
to generalize and for being applicable to challenging to choose the best
data that has a lot of feature attributes but kernel when modeling massive data DoS/DDoS
few sample points. sets. Detection
Perfect for data with a numerous of
feature attributes.
Memory and storage are used less.
Extremely scalable and task-performing.
Suitable to IoT Security due to has a
higher classification accuracy.
NB Employ to address practical issues such Incapable of extracting valuable Suitable for
as text classification and spam detection. information from feature Anomaly disclosure
correlations and interactions. in IoT network.
High Scalable, Rapid, Robust.
Appropriate for carrying out multi-stage
classification and needs less data for
classification.
Handle with high-dimensional data
points.

ISSN: 2395-0455 ©EverScience Publications 631

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

RF Its applicability to any size data sets and Require a long time to train period Suitable for DoS,
flexibility of implementation are not than other supervised algorithms. DDoS, Probe, R2L,
quite complex. U2R attacks,
Impacted when the quantity of trees
intrusion anomalies,
Suitable for simulating real-world surpasses a particular threshold,
and unauthorized
situations. which causes the algorithm to
IoT devices.
become sluggish and less efficient
High veracity and less prediction time.
for real-time classification tasks.

K-NN Simple to use. Unqualified for data with high Suitable for U2R,
dimensional and are memory R2L, Flooding
Reasonable score to accuracy to detect
intensive. attacks, DoS, DDoS.
U2R and R2L attacks.
Not function well with enormous And Intrusion
data sets and are highly sensitive to detection and
outliers and missing values. anomalies.
K-mean Simple algorithm and flexible. less effectiveness than techniques in Suitable for:
SL. methods, especially in detecting Detecting anomalies.
Functions well with unlabeled data.
known attacks.
Sybil attacks in IoT.
Utilize for confidential data
Obtained poor cluster formation
anonymization in an IoT system.
results, if the clusters are not
globular.
DT Basic, simple to use, and transparent Demands large storage. DDoS
technique.
Understanding DT-based Network traffic
approaches are simple only if a few
DTs are included.
PCA Reduce data dimensionality and rise the Not resistant to any outliers, which Used in IoT system
computational speed. has an impact on its performance. real-time detection
Enhances the effectiveness of ML Presupposes a linear connection
techniques by choosing features related between two features, making it
to IoT assault disclosure. challenging to assess the correlation
between the features.

AR Effortless usages. Time Complexity is high. Intrusion Detection

EL Suitable for complex problem in IoT Long time for training and testing Used with anomaly
attacks detection phase. detection and botnet
disclosure
Providing high performance
Table 6 Previous Studies on IoT Attacks Detection-Based ML Algorithms
Reference Algorithm Attacks Shortcoming Observation
[76] DT, NB, RF, Malicious Inappropriate feature DT and RF fulfilled high performance,
SVM Bot-net selection lead to However SVM, and NB were slightly weak.
misclassify malicious
traffic flow.
[77] KNN, DT, APT Less performance RF achieved high performance compare the
XGB, RF malware measurement. rest of classifiers.

ISSN: 2395-0455 ©EverScience Publications 632

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

[78] SVM, DT, NB, DDoS FAR is high. The classifiers performance evaluation,
USML however, FAR and specificity need to be
Specificity is less.
improved.
[79] NB, C4.5, RF Anomaly Time taken to establish The classifiers obtained exceptional
and the model is high. performance but the time need to be
Intrusion minimized.
[80] EL, RF, DR, Botnet Imbalanced dataset. The ensemble model achieved high
KNN performance, however the time computation
Binary-class
is high.
classification model.
[81] DT, XGB, LR Botnet Binary-class The model achieved high performance Metric
classification. with EL classifier compare to the other two
classifiers, but the model needs to get rid of
Overfitting model.
overfitting and increase the test accuracy in
Testing accuracy for balanced dataset.
balanced data is less.
[82] DT, RF, SVM Injection Performance classifiers Classifiers fulfilled high performance metric
attack reduces as the quantity of except SVM achieved the vilest performance.
features increases. However, the model requires to adjust the
number of selected features.
[83] Voting, stacking DDoS Execution time is high. The models achieved high performance but
the time of execution is high specially in
stacking.
[84] DT, SVM, NB Routing Overfitting in few The models achieved high performance
Attack classes. metric, but the model lack lacks clarification.
[85] NB, LR, DT, DDoS Binary- class The model contains two experiments, both
KNN, RF classification. fulfilled high performance but only in binary
classification.
Overfitting model.
[86] RF, DT, XGB, MiTM, DoS Binary-class The classifiers achieved high performance
GB classification. metric to detect MiTM but achieved
reasonable performance metric to detect DoS.
[87] ML Black hole The energy consumption The energy consumption is increase by
attack is high. increase the quantity of nodes.
3.2.1. Convolutional Neural Network (CNN) DenseNet, which improve their feature extraction capabilities
from IoT traffic data. Moreover, CNNs can utilize multi-
CNNs are a type of DL model frequently employed for image
channel inputs to analyze various characteristics of network
classification and recognition. They analyze input images and
data simultaneously, enhancing their ability to detect complex
classify them into categories such as dogs, cats, lions, and
cyber-attacks. Their capacity to process large datasets makes
tigers. Unlike other neural networks, CNNs process images as
CNNs highly effective in IoT security, leading to improved
two-dimensional pixel arrays, focusing directly on the images
detection results. For example, a study in [89] presented a
rather than relying on feature extraction. CNNs consist of
technique combining two CNN models (CNN-CNN) to
three layers: the input layer, which supplies inputs to the
disclose assaults on IoT networks. Using raw network traffic
model (each neuron in this layer corresponds to features in the
data, the first CNN model identifies key features that assist in
data); the hidden layers, which can consist of multiple layers;
disclosing IoT assaults. The second CNN utilizes these
and the output layer, which converts the outputs of the hidden
features to generate a strong disclosure model that reliably
layers into probability scores for each class using a logistic
identifies IoT assaults. The suggested approach attained a
function such as sigmoid or SoftMax. CNNs have been
confusion matrix score of 98%. The ability of CNNs to
enhanced with sophisticated architectures such as ResNet and
concurrently learn relevant features and perform classification

ISSN: 2395-0455 ©EverScience Publications 633

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

removes the need for manual feature extraction, producing an accuracy, achieving superior detection rates for abnormal
end-to-end model that, with optimization algorithms, offers attacks.
exceptional results for IoT security-based IDS [90].
3.2.4. Restricted Boltzmann Machine (RBM)
3.2.2. Recurrent Neural Network (RNN)
RBMs are generative and stochastic neural networks that can
RNNs, or Artificial Neural Networks (ANNs), are primarily model probability distributions over input groups. They are
applied in speech recognition and natural language processing used for feature selection and extraction in various
(NLP). RNNs are designed to recognize patterns in various applications, including dimensionality reduction,
data types, comprising text, genomes, handwriting, spoken classification, and regression. RBMs consist of two layers: an
language, and numerical time-series data. RNNs are used by input (visible) layer and a hidden layer, which serve as the
systems such as Apple’s Siri and Google’s voice search for foundational elements of Deep Belief Networks (DBNs).
processing sequential data. RNNs are especially effective in RBMs excel at pattern recognition tasks such as interpreting
IoT security because of their ability to analyze sequential handwritten text and identifying radar targets in low signal-to-
data, making them essential for network IDS (NIDS). Long noise ratio conditions. Additionally, RBMs are used in
Short-Term Memory (LSTM) networks enhance RNNs by recommendation systems, enhancing user suggestions through
mitigating the vanishing gradient problem and enabling the filtering algorithms [95]. Improvements in RBMs, such as
detection of long-term dependencies, which are crucial for layer-wise pre-training, allow these models to develop
disclosing IoT security vulnerabilities in time-series data. As hierarchical features that improve their ability to detect
a result, DL methodologies such as RNNs have become a intricate attack patterns in IoT networks. RBMs are crucial for
central focus in NIDS research [91]. In [92], a proposed identifying attacks in IoT environments [96]. A previous
model integrated DL and metaheuristic techniques by using study [97] proposed an innovative approach for anomaly
RNNs within a multi-modal framework to efficiently capture detection by projecting raw features through a constrained
complex correlations in diverse network traffic data. The Boltzmann machine. This approach outperformed several
model used a wavelet-based feature extraction method to modern methods when evaluated on a widely known anomaly
improve the discriminative power of the generated features, detection dataset, demonstrating strong performance metrics.
achieving remarkable performance metrics with a 98%
3.2.5. Deep Belief Network (DBN)
accuracy score and an AUC of 99%.
A DBN is a type of generative neural network that uses an
3.2.3. Auto-Encoders (AEs)
unsupervised learning model. DBNs are often referred to as
AEs are an area of neural network in which the "Boltzmann Machines" and consist of multiple layers of
dimensionality of the input and output layers are equal. Since neural networks. They have enhanced their ability to predict
an AE replicates data from the input to the output in an complex patterns in IoT traffic for threat detection through
unsupervised manner, it is also referred to as a replicator unsupervised pre-training followed by supervised fine-tuning.
neural network. The AE network consists of two main DBNs have emerged as a critical technique for detecting
components: the encoder function (h = f(x)) and the decoder malicious activities in IoT security [98]. While researchers
function responsible for reconstructing the input (r = g(h)) [1]. have not yet thoroughly analysed every aspect of DBN-based
intrusion detection model, further research is expected to
The encoder takes the input and converts it into an abstract
present these techniques in greater detail, as DBNs are ideal
representation named a code, while the decoder uses this code
for feature extraction and are particularly robust for
to rebuild the original input. During AE training, the goal is to
classification tasks.
minimize reconstruction error. Recent advancements in
variational autoencoders (VAEs) have improved their ability 3.2.6. Generative Adversarial Network (GAN)
to learn data distributions and extract features, increasing their
GANs are ML models that contains two neural networks
efficacy for unsupervised anomaly detection in IoT security.
competing against each other to improve their prediction
In IoT networks, AEs can proficiently detect various types of
accuracy. GANs typically operate in an unsupervised manner
IoT assaults. A study [93] developed an architecture based on
within a cooperative zero-sum game framework. To use
an asymmetric parallel autoencoder (APAE), with two
GANs effectively, the first step is to identify the desired
encoders working simultaneously, each with three successive
outcome and collect an initial training dataset based on these
layers of convolutional filters. This lightweight architecture
parameters. GANs have advanced significantly through the
enhances AE's ability to detect unknown attacks and improve
use of conditional GANs and semi-supervised learning
detection rates. Another study [94] proposed the
methods, enhancing their ability to create realistic attack
nonsymmetric autoencoder (NAE) model, where the encoder
scenarios. This strengthens model robustness and prepares
extracts complex hidden representations of network traffic,
systems to defend against unknown attacks. In IoT security,
and the decoder reconstructs the input data with high
GANs can proficiently protect systems from unknown

ISSN: 2395-0455 ©EverScience Publications 634

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

intrusions [99]. GANs are also capable of securing the IoT their applicability in assault detection. Table 8 outlines
physical layer [100]. A previous study [101] introduced a various DL algorithms from previous studies that discuss
technique for detecting human activity using generative researchers' efforts to address IoT security challenges referred
adversarial micro-aggregation, which improved data privacy to in [102-115]. Table 9 summarizes the key hardware and
while generating realistic samples based on the estimated resource requirements for applying ML and DL in low-power
distribution of the original data. This method showed superior IoT devices, which is crucial for optimizing model
efficacy in securing IoT systems. Despite the benefits of using performance while maintaining energy efficiency and
DL to combat IoT assaults, some challenges remain. Table 7 practical operation.
illustrates the benefits and drawbacks of DL methods and
Table 7 Advantages and Disadvantages of DL Techniques
Technique Advantages Disadvantages Applications
CNN Ideal for rapid and extremely efficient Needs high computational Malware attacks
feature extraction. power.
Anomaly attacks
Require less preprocessing Compared to Highly challenge when using
other methods that are ideal for rapid and on resource-constrained IoT
highly effective feature extraction. devices.
It may employ raw network security data to
automatically learn behavior.

RNN Can automatically learn new information and Addressing the problem of Malware attacks
predict sequences based on historical data. gradients that vanish or
extend, which poses
Suitable to IoT Security due to IoT
difficulties while learning long
environment creates sequential data in some
data sequences.
circumstances.
Training Slow and complex
high prediction capability.
tasks.

AEs Used in dimensionality reduction and extract Required high computational. Botnet attacks
the features.
Since the training dataset is
not typical of the testing
dataset, the outcomes could
not be what was expected.
RBM RMBMs' feedback function enables the elicit Require a lot of computational R2L, DoS, U2R
of vital features, that are then utilize to log capacity. and Probe
IoT traffic behavior.
Features cannot be represented
by a single RBM.

DBN Exceptionally accurate and reliable. Demand a large computational R2L, DoS, U2R
cost.
It is suitable for significant feature extraction
because it has been trained on unlabeled
data.

GAN Suitable for Zero-day attack. Training is challenging and Mirai, Bashlite,
provides erratic outcomes. Scanning, MiTM

ISSN: 2395-0455 ©EverScience Publications 635

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Table 8 Previous Studies IoT Attacks Detection-Based DL Algorithms

Reference Algorithm Attacks Shortcoming Observation
[102] DNN DDoS Binary-class The model achieved high performance
classification metric and high AUC Roc Curve,
however, the model was limited to
Imbalanced dataset.
binary classification, and if the model
was applied to multi-class
classification, the performance and
detection veracity would differ.
[103] CNN, Phishing, DDoS FPR is high. LSTM model obtained higher
LSTM performance evaluation compare to
CNN, however, FPR require to be
reduced.
[104] AE DOS, probe, Low accuracy. The accuracy for the statics and
R2L, U2L adaptive IDS based attacks is low.
Imbalanced dataset.
[105] FDL, DNN Zero-day botnet High training time. FDL model outperform high veracity
attack compared to the other models.
BoT-IoT dataset has
overfitting.
[106] DBN Security breach Performance metric for The model fulfilled high performance
unknown attacks is less. evaluation, however, the unknown
attacks achieved the vilest score.
[107] GAN Botnet attacks, Imbalanced dataset. GAN obtained high veracity, however
adversarial the other performance metric achieved
Performance evaluation
evasion attacks low score.
slightly low.
[108] RBM Anomaly Performance evaluation A novel approach has reasonable
need to be increased. performance evaluation with 20, and
38 features. However, the more
features, the less performance.
[109] DNN, GAN Anomaly Some attack class GAN model obtained higher
obtained less performance metric compared to
performance. DNN, however, still multi-class
classification attacks detection is
challenge.
[110] CNN, Botnet The dataset has LSTM achieved high accuracy and
LSTM overfilling. performance metric, and less FA,
however, with overfitting, the
classifiers may misclassify in
prediction.
[111] RNN, DNN DoS, Probe, High error rate. The proposed achieved high-
R2L, U2R performance evaluation, however, the
The performance metric
author mentioned the classifier’s
for each attack not
average result not each class’s
mentioned.
performance results.
[112] FFNN, Malicious Binary-class FFNN achieved better performance
LSTM traffic classification. metric than LSTM, however, the

ISSN: 2395-0455 ©EverScience Publications 636

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

author did not determine type of

malicious traffic in the datasets used.
[113] MLP DDoS High false positive. The proposed achieved high veracity
and true positive, however, the dataset
Binary-class
is imbalanced.
classification.
[114] DL Normal, Imbalance dataset. The suggested approach acquired high
Flooding, performance evaluation. However, the
Attacks classes findings
Blackhole, and dataset is imbalanced and that would
not mentioned.
Selective affect on the prediction results.
Forwarding
[115] RNN Botnet FPR and FNR are high. The proposed achieved exceptional
results. However, the false rate is very
high.
Table 9 Hardware and Resource Considerations for ML and DL in Low-Power IoT Devices
Aspect Description
Processing Capabilities Microcontrollers (MCUs): Low-power IoT devices frequently depend on MCUs with
constrained processing capabilities relative to conventional CPUs or GPUs.
Consequently, ML and DL models must be optimized for efficient performance on
these systems. Lightweight algorithms, such as decision trees or linear regression, are
better suited for low-complexity problems, but complex models require adaptations to
adjust to hardware constraints.
Application-Specific Integrated Circuits (ASICs): designed for certain functions can
substantially enhance performance and efficiency in ML and DL applications.
Hardware accelerators such as Google’s Edge TPU and NVIDIA's Jetson series are
designed to execute neural network models with optimal power and speed efficiency.
Memory Constraints RAM and Storage: IoT devices frequently possess constrained RAM and storage
space. Models must be sufficiently compact to adhere to these limitations, requiring
approaches such as model pruning, which eliminates less significant weights, and
quantization, which diminishes weight precision (e.g., from 32-bit to 8-bit), hence
decreasing memory consumption.
Feature Selection: Employing techniques like PCA to reduce the number of features
helps optimize memory utilization and enhance processing efficiency. This is
especially significant in IoT environment, where data may be high-dimensional.
Energy Efficiency Low-Power Consumption: Given that numerous IoT devices rely on batteries,
reducing energy usage is essential. Optimized algorithms that necessitate reduced
computations and diminished data transmission will enhance battery longevity.
Methods like as low-power modes and dynamic voltage and frequency scaling (DVFS)
can optimize performance and energy consumption.
Edge Computing (EC): Performing computations near the data source EC diminishes
the necessity for data transmission to centralized computers., hence reducing energy
expenses linked to data transfer. This facilitates expedited decision-making and
diminishes the total workload on the device.
Hardware Accelerators Dedicated Hardware Accelerators: Devices such as FPGAs (Field-Programmable Gate
and Frameworks Arrays) can be configured to execute particular machine learning algorithms
effectively, offering a balance between adaptability and performance in IoT
applications.

ISSN: 2395-0455 ©EverScience Publications 637

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

4. EXISTING SURVEYS ON ML AND DL The study also discussed how blockchain can be applied to
TECHNIQUES efficiently address these issues. The study in [127] provided
fundamental information on security threats and safeguards in
This article presents and discusses previous studies on ML
IoT networks, covering topics such as the IoT market,
and DL, comparing them with the survey we present. Since
security architecture, and procedures for security managers
2018, many studies on IoT security have been conducted,
and IoT developers. The author in [128] discussed primary
with a particular focus on ML and DL applications for IoT
security and forensic issues in the IoT domain and presented
security. Our survey addresses the shortcomings in previous
papers addressing these topics.
discussions of these two techniques, as well as inadequate
allocation of attention to their capabilities. For instance, the In [129], DNN topologies and the potential benefits of deep
author in [116] provided a comprehensive review and analysis learning were discussed, along with a detailed analysis of IoT
of diverse ML methodologies, highlighting issues with use cases powered by DL. In [130], a comprehensive
different ML approaches for detecting invasive activities. The overview of current IoT security solutions and developments
research in [117] analyzed the possibilities and challenges of was presented, focusing on IoT security threats. The survey in
utilizing data in ML solutions for IoT privacy by exploring [131] provided a recent overview of various ML techniques
various data sources, analyzing them, and examining ML- for IoT applications, covering supervised and unsupervised
based solutions currently in development, designed to models that support IoT frameworks and the importance of
preserve IoT privacy. In [118], the threats to IoT security ML models in relation to IoT.
were reviewed, along with a systematic analysis of those
In [132], a classification system for IoT attacks was provided,
threats from both the training and testing/inference
along with an examination of IoT security weaknesses at
perspectives. The author categorized current ML-based
different levels. The study also presented an analysis of recent
defensive techniques into four groups.
security systems by evaluating the effectiveness of new
The research in [119] focused on studies related to intrusion solutions. The study in [133] reviewed IoT security protection
detection (ID) for computer network security and ML and concluded that AI methods such as ML and DL can offer
techniques for IoT. In [120], the Cisco IoT reference model novel abilities to meet IoT security requirements. In [134], a
architecture was used to classify well-known security brief description of ML and DL-based IDS was provided,
concerns, allowing the study to focus on IoT security threats discussing different types of assaults and anomalies and how
and vulnerabilities. Additionally, an analysis of previous these systems disclose them.
studies on DL-based IDS in IoT security was included. In
In [135], a detailed account of cutting-edge approaches to IoT
[121], the IoT design was presented after an in-depth
data challenges was provided, while in [136], a systematic
literature analysis of ML techniques and the essential role of
literature review (SLR) examined the utilize of DL
IoT security concerning various attack vectors.
approaches for anomaly-based IDS in IoT environments. The
In [122], the IoT network security needs, assault vectors, and study extracted data from sources like IEEE Xplore, Scopus,
available security solutions were analyzed. The author also WoS, Elsevier, and MDPI. In [137], a summary of DL
highlighted the weaknesses in existing security solutions that techniques in cybersecurity applications was provided,
require ML and DL techniques and detailed the various ML including explanations of GANs, RNNs, restricted Boltzmann
and DL technologies currently available to tackle security machines, and deep autoencoders (AEs), followed by how
concerns in IoT networks. The study in [123] evaluated these DL methods apply to various types of assaults such as
current approaches for categorizing IoT security risks and network intrusions, malware, spam, insider threats, and more.
challenges in IoT networks, with a focus on network intrusion
In [138], a review of the pros and cons of ML algorithms in
detection systems (NIDS). A thorough analysis of NIDS using
IoT security was presented, with a concentrate on the
various IoT learning strategies was also provided.
application of DL and Federated Learning (FL) in IoT
In [124], the notion of malware and botnets causing DDoS security. FL models enable systems to share information
assaults in IoT was outlined and contrasted, along with the while protecting data privacy. In [139], the specifics of ML
different DDoS defense strategies. In [125], a detailed security attacks in cyber-physical systems were outlined,
investigation of IoT malware disclosure and static analysis along with defense strategies, threat models, and a
methods was presented, covering key techniques, along with comparative analysis of ML model performance under diverse
the pros and cons of current static IoT malware disclosure assault scenarios. The study in [140] reviewed privacy and
frameworks. security concerns related to DL algorithms, categorized
various assault types, and examined protection strategies,
In [126], assaults were classified into groups based on the
including privacy-preserving techniques like Homomorphic
most pertinent security threats, countermeasures, and real-
Encryption (HE) and hash functions.
world assaults across the generalized IoT/IIoT architecture.

ISSN: 2395-0455 ©EverScience Publications 638

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

The study in [141] discussed the major security problems and security, although it is impossible to cover every aspect in one
challenges that IoT infrastructures face, providing a thorough study. We analyzed these studies along with additional studies
examination of ML-based solutions for IoT security. [146-150], classified their contributions from 2018 to the
Additionally, the limitations of common ML-based security present in a sequential and descending order based on the
techniques for IoT were discussed. In [142], a tutorial-style years of publishing, and compared them with our survey, as
analysis of advanced DL architectures for cybersecurity summarized in Table 10.
applications was provided, along with an evaluation of recent
4.1. Research Papers Methodology
contributions and challenges.
In this survey, a collection of research articles was compiled
In [143], the latest findings on ML/DL-based scheduling
from various sources, including Elsevier, IEEE, Springer,
strategies were examined, covering the trade-offs between
MDPI, ACM, Hindawi, and others, published between 2018
accuracy and execution time, as well as the security and
and 2024. These articles focus on ML and DL survey papers
privacy of learning-based algorithms in real-time IoT systems.
and models. Each study was analyzed based on the problem
The study in [144] aimed to enhance IoT device security by
statement it attempted to tackle, the domain in which it was
reviewing ML systems and the latest advances in DL
executed, the types of attacks it aimed to detect, the methods
techniques, identifying future IoT device threats and
used to address the problem, and the outcomes obtained. A
protection concerns. The study also evaluated DL/ML
total of 200 papers were gathered for the literature review on
strategies for IoT security, discussing their potential and
ML and DL methods.
limitations.
Figure 6 illustrates the number of papers published in the
Lastly, in [145], a comprehensive overview of IoT security
journals mentioned in this survey, showing an increase in
intelligence based on DL/ML technologies was presented,
publications from Elsevier and IEEE compared to other
highlighting research topics and future directions. Prior
sources. Additionally, Figure 7 highlights the number of
studies have substantially enhanced our comprehension of IoT
papers published between 2018 and 2024.
Table 10 Analyzing and Classifying the Previous Studies Between 2018-2024
Reference Year ML DL Dataset Domain Attacks/Threats Countermeasures Challenges/Issues

[116] 2018       

[118] 2018       

[128] 2018       

[119] 2019       

[122] 2019       

[123] 2019       

[124] 2019       

[126] 2019       

ISSN: 2395-0455 ©EverScience Publications 639

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

[1] 2020       

[117] 2020       

[120] 2020       

[121] 2020       

[125] 2020       

[127] 2020       

[129] 2020       

[133] 2020       

[134] 2021       

[135] 2021       

[136] 2021       

[137] 2021       

[140] 2022       

[143] 2022       

[144] 2022       

[150] 2022       

[138] 2023       

[142] 2023       

ISSN: 2395-0455 ©EverScience Publications 640

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

[145] 2023       

[146] 2023       

[147] 2024       

[148] 2024       

[149] 2024       

Our 2024       
Survey

Figure 6 Number of Papers Published in the Journals Figure 7 Papers Published Between 2018-2024
5. CLASSIFICATIONS OF IOT LAYERS ATTACKS section discusses the types of assaults at each layer and the
solutions presented by researchers.
As mentioned in Section 2, the IoT architecture contain of
three key tiers: the perception layer, network layer, [151], and 5.1. Perception Layer Attacks
application layer, as demonstrated in Figure 4. The perception
This layer in IoT is accountable for gathering information via
layer is made up of sensors and controllers that collect data.
actuators, Zigbee, and RFID. It faces a variety of attacks
The network layer's primary role is to establish connections
aimed at damaging or destroying its devices. Attackers may
between networks, using protocols and various connections.
penetrate and modify devices through social engineering,
Finally, the application layer responds to the user and
launching large-scale attacks such as device destruction,
software programs, allowing users to access and retrieve data.
eavesdropping, or other assaults. Physical assaults, such as
The goal of this section is to understand the risks of attacks at manipulating energy sources or disrupting communication
each layer and provide an overview of the solutions offered mechanisms, may require the attacker to be in close proximity
by researchers, along with the benefits of each study. This to the target. For example, physical attacks like jamming,
eavesdropping, interference, and traffic analysis can disrupt

ISSN: 2395-0455 ©EverScience Publications 641

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

the physical layer. Robust approaches, including ML/DL to contemporary techniques, P4NIS reduced encryption costs
technologies, are required to detect and secure this layer. by 69.85%–81.24% and minimized false alarms. In [153], a
Several researchers have addressed physical layer attacks, ML model using SVM was presented to classify spoofing
particularly jamming attacks using radio frequency (RF). One assaults on signals received by unmanned aerial vehicles
technique compared SVM and K-NN methods in multi-track (UAVs). K-fold examinations were conducted to improve the
and single-route scenarios. The RF technique, combined with learning pattern, which was termed K-learning. The model,
AdaBoost, achieved superior findings compared to other using GPS features, achieved high levels of accuracy,
methods. Additionally, RF showed better accuracy and lower precision, recall, and F-score (99%, 98%, 99%, and 98%)
false alarms compared to other techniques. In [152], the when compared to earlier research. Additionally, Table 11
author proposed P4NIS, a network invulnerable schema with summarizes a few studies, [154], [155], [156], [157] detailing
three layers of protection to identify and prevent the contribution of each study, the type of assault tackled, and
eavesdropping attempts. The findings showed that, compared the outcomes obtained.
Table 11 Attack Detection in Physical Layer
Reference Contribution Attacks Algorithm Results
[154] The study provided a wireless fingerprinting-based Spoofing DT ACC: 95.43
PHY-layer continuous authentication and spoofing
disclosure method for a real WSN in which diverse
nodes connect to a central sink node.
[155] The author used DL with LSTM to provide DDoS LSTM ACC: 0.99
confidentiality and privacy in physical layer.
AUC: 0.99
R: 0.98
P: 0.95
[156] Proposed a CDAE model that decreases feature Malicious AE ACC: 0.98
dimensions, removes noise, and extracts key vectors.
AUC: 0.99
[157] Provided the advanced hybridized optimization Malicious UML DR: 0.98
technique AHGFFA to avoid attacks issues using
EC: 5
USML in the MANET-IoT sensors system.
5.2. Network Layer Attacks endpoints. Securing the application layer poses significant
challenges. Many of the vulnerabilities found here are based
This layer is accountable for transmitting data from the
on sophisticated user inputs that are difficult to disclose with
perception layer to the application layer for processing [158].
IDS. Additionally, this layer is vulnerable to software-based
This layer faces several threats, including eavesdropping,
assaults such as malware, viruses, worms, etc., and is publicly
man-in-the-middle (MITM) assault, Sybil assault, routing
accessible and visible to everyone. One notable example of an
information threats, and DDoS. When compromised, IoT
application layer attack is SQL injection, which was
devices may become botnets, enabling hackers to hinder
responsible for significant data breaches in 2014. SQL
communication paths between source and destination.
injection ranks third in frequency of attacks after DDoS and
Hackers can also launch Sybil attacks by exploiting
malware. Other common vulnerabilities in this layer include
compromised or fake nodes, tampering with security keys and
security misconfiguration, which allows hackers to alter
routing tables, which can affect higher levels of the IoT
program details and access confidential information without
system. Because the network layer sits between the physical
being detected by network security measures. In Table 13, we
and application layers, it plays a vital role in IoT security.
present recent studies [165-170] that address IoT attack
Numerous efforts have been made to secure this layer, with
detection at the application layer. Additionally, Figure 8
many studies achieving exceptional results in disclosing IoT
illustrates the taxonomy of IoT attack layers.
assaults at the network layer. Table 12 analyzes studies [159-
164] related to IoT assaults at the network layer. In Section 2, we discussed the prominent assaults in the IoT
environment, which are considered the most critical threats
5.3. Application Layer Attacks
impacting general IoT security. In this section, we have
This layer handles several data transactions and is responsible outlined the attacks that occur in each tier, focusing on the
for establishing a user interface between end users and primary challenges in each layer. This helps researchers

ISSN: 2395-0455 ©EverScience Publications 642

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

identify issues specific to each layer and gain comprehensive provides detailed information, and Table 15 outlines the key
knowledge of the challenges within each IoT layer. Table 14 principles of attacks on IoT layers [171-185].
Table 12 Attack Detection in Network Layer
Reference Contribution Attacks Algorithm Results
Presented a DL model named DeepAK-IoT to Botnet DeepAK ACC: 90.57
disclose cyber-assaults in IoT networks. base DL
[159] F1: 88.87
P: 89.59
Used DL to present a new anomaly-based IDs DoS DNN, ACC:
method for IoT networks. In particular, a DNN GAN-
DNN: 84.4
model with filter-based FS that eliminates highly DNN
[160] linked features has been introduced. Additionally, GAN-DNN: 90.9
the model is fine-tuned utilizing a range of
parameters and hyperparameters.
The author provided a new technique using the RF DDoS RF ACC: 99.53
classifier to get over the attacks. This method
[161] P: 0.99
utilizes EL to combine many DRs in order to
generate precise and efficient forecasts for the quick F1: 0.98
identification of hazards in IoT networks.
AUC: 0.99
[162] The author designs a model using ensemble Anomaly AE, GAN AE = ACC: 97.96
approaches on the KDD Cup 99 dataset after doing a
P: 90.68
survey of the literature on the most recent studies
utilizing deep learning techniques. GAN =
ACC: 90.26
P: 91.27
[163] Provided an IDS defensive system that applies DoS DT, RF, ACC, P, R, F1 are
anomaly disclosure and ML to enhance the security SVM, 0.99 for all
of IoT networks against DoS assault. They also used KNN classifiers
two several features selection algorithms, the GA
and the Correlation-based Feature Selection (CFS)
algorithm, and evaluated how well they performed.

This paper provided a novel ID method IoT devices Blackhole DNN ACC: 93.74
based on DL. To identify malicious traffic that could
[164] Sinkhole P: 93.73
start an assault on linked IoT gadgets, this intelligent
system employs a four-layer deep Fully linked (FC) Workhole R: 93.82
network architecture. Based on the experimental
DDoS F1: 93.47
performance analysis, the suggested system
demonstrated reliable performance for both DT: 93.21
simulated and real invasions.
Table 13 Attack Detection in Application Layer
Reference Contribution Attacks Algorithm Results

[165] This research, which focused on communication and Jamming Stack ACC: 99.5
environmental dynamics in industrial settings, LSTM
P: 99.4
proposed a novel method for detecting jamming in
IoT. It focused on gathering QoS, and connection R: 99.26
parameters during normal communication and

ISSN: 2395-0455 ©EverScience Publications 643

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

jamming assaults in production lines equipped with S: 99.66

wireless IoT gadgets with server-client architecture in
F1:99.34
order to better examine the communication conditions
and jamming in the industrial production
environment.
[166] The study presented FMDADM, a framework for DDoS RF, SVM, ACC: 99.79
SDN-enabled IoT networks that applied ML for KNN,
P: 99.43
DDoS disclosure and mitigation. Three disclosure GNB, DT
modules and a mitigation module make up the F1: 99.77
suggested framework.
R: 99.79
S: 99.59
FPR:0.91
FNR:0.23
[167] This paper offered a ML model to detect DDoS DDoS DT, RF, ACC=
against CoAP LSVC, NB
RF, DT: 0.98
P, R, F1=
RF, DT: 0.92
[168] Introduced an IoT micro-security extension that is Phishing, CNN, CNN=
integrated into the device. This extension utilizes a DDoS LSTM
ACC: 0.94
CNN model to identify and prevent URL-based
assaults targeted at a client's IoT gadgets. An LSTM AUC: 0.92
model is deployed on the backend servers to identify
LSTM=
botnet assaults on IoT gadgets.
ACC: 0.97
AUC: 0.99
[169] Proposed an AD method utilizing the DNN for the Theft, DNN ACC: 0.99
IoT network layers to taxonomy traffic as normal and DoS,
abnormal. DDoS,
[170] This work presented a novel IDS using ML in the DDoS, DL, ML ACC; 0.99
application and transport layers, the author used BoT- DoS
CM: 0.99
IoT dataset
Table 14 IoT Architecture
Layer Attack Major Purpose Challenges
Perception Layer Reverse Engineering. Collected IoT is unreliable and susceptible to
Information hackers.
Jamming.
Destroying perception gadgets and
Social Engineering.
falsifying data collected.
Tampering.
The devices are resource
Spoofing. constrained.
DoS. Data confidentiality.
RF Interference. Power consumption.
Signal Manipulation. Reliability.

ISSN: 2395-0455 ©EverScience Publications 644

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Network Layer MiTM. Deliver the TCP and IP protocol.

collected data
DDoS. Energy effectiveness.
DoS. Network congestion due to high
volume of data on network.
Spoofing.
Dynamic Network Structure.
Routing attacks
Heterogeneity.
Sinkhole attacks
Confidentiality.
RFID clone.
Sybil attack.
Eavesdropping.
Traffic analysis.
Ransomware.
Application Layer Malicious and Code. User-requested User Interaction and Experience.
assistance
Injection attacks. Performance and Scalability.
XSS. High volume data lead to massive
issue in IoT security.
DNS spoofing and phishing.
Leak of data due to attacks against
SQL injection.
software.
Manipulation of data.
Resilience and Reliability.
Software Tampering.
API abuse.

Figure 8 IoT Attacks Layer Classification

ISSN: 2395-0455 ©EverScience Publications 645

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Table 15 The Principle of Attacks in IoT Layers

Attacks Description
Tampering Attack A form of physical assault when the attacker aims to breach security, alters memory,
[171] and gains further information by reacting with a malfunctioning device

Spoofing Attack [172] Hackers pose as authorized users or devices in order to distribute malware, steal data,
and get around access control measures.
Reverse Engineering A person-to-person assault where the criminal makes direct connect with the target in
[173] an attempt to get them to furnish crucial information.
Physical damage [174] Carrey out in a situation where the hacker is approaching the device. A malicious user
has the capability to take control a computer or communication system, harm property,
and jeopardize lives.
RFID Cloning [175] Signifies the process of duplicating the data from an RFID electronic tag or intelligent
card to a cloned tag that will resemble the original tag and possibly replace it.
RF interface [176] Target devices that employ radio, Wi-Fi, Bluetooth, and Bluetooth Low Energy (BLE)
as communication means
Code and malicious Malicious software, sometimes known as malware, that has the ability to rapidly or
[177] gradually damage client PCs, databases, networks, and even server clusters.
Injection attacks [178] A malicious code injected into the network which retrieves all the data from the
database to the hacker.
DNS Spoofing and Attackers may spoof DNS responses or launch phishing attacks aiming IoT applications
Phishing. [179] to disclosing private data including login passwords or bank account information
SQL injection [180] SQL injection assault exploit weaknesses in IoT apps that store and retrieve data from
databases. Attackers can extract sensitive data, alter database contents, or run
unauthorized instructions on the underlying database server by adding malicious SQL
queries in the input fields or API parameters.
XSS [181] Cross-site Scripting attacks penetrate websites visited by other users with malicious
scripts, aimed targeting web-based Internet of Things applications. Attackers can alter
web interfaces, take illicit actions on behalf of authorized users, and steal session
cookies by taking advantage of XSS vulnerabilities.
Software Tampering On IoT devices, hackers may tamper with the firmware or software to add backdoors,
[182] vulnerabilities, or malicious features. Firmware-altering assaults pose a vital risk to the
security, reliability, and integrity of IoT gadgets by allowing data to be exfiltrated,
causing malfunctions or unauthorized access.
Sybil attacks [183] A group of nodes that broadcast fake data from a random network by pretending to be
several peer identities in order to compromise an IoT ecosystem.
API abused Assailants misuse Application Programming Interfaces (APIs) made available by IoT
applications to carry out illicit operations, obtain private information, or alter device
settings. Attacks using API abuse can take advantage of poorly constructed APIs, weak
access restrictions, or insufficient input validation systems.
Manipulation of data In order to trick consumers, set off false alarms, or bring about disruptive events,
attackers alter or corrupt data that is transferred between IoT gadgets and applications.
Attacks that modify data might jeopardize the integrity and reliability of IoT systems,
resulting in incorrect judgments or actions taken in responding to misrepresented data.

ISSN: 2395-0455 ©EverScience Publications 646

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Routing attacks [184] Routing attacks aim to modify or interfere with device-to-device communication by
targeting the routing protocols and techniques utilized in IoT networks. Attackers
might, for instance, create routing loops, reroute traffic to hostile nodes, or insert
erroneous routing information, all of which could cause network congestion or
fragmentation.
Ransomware [185] Attacks using ransomware encrypt or prevent users from accessing files, systems, or
devices and demand a ransom to be paid by the target in order to unlock the device.
Ransomware can harm an organization's brand in addition to causing large financial
losses and operational problems.
6. INTERNET OF THINGS SECURITY DATASETS statistics from Ubuntu 14 and 18. The dataset was gathered
from a large-scale, realistic network at the Australian Defense
In this paper, we discuss the datasets commonly used to
Force Academy (ADFA), School of Engineering and
construct IoT security models. We focus on the typical and
Information Technology (SEIT), UNSW Canberra, and the
popular datasets that help researchers gain insights into the
IoT Lab of UNSW Canberra Cyber [188].
types of datasets they will use to develop models for
identifying IoT attacks. Additionally, we discuss the pros and 6.4. IoT-23 Dataset
cons of each dataset, along with research papers that have
The dataset comprises network traffic data from 23 distinct
utilized these datasets.
IoT gadgets across different categories, addressing various
6.1. BoT-IoT Dataset IoT applications such as industrial control systems, wearable
technologies, intelligent home devices, and healthcare
This dataset is an extensive dataset for IoT botnet research,
equipment. The dataset includes traffic from devices like
containing both malicious and benign traffic gathered from
fitness trackers, IP cameras, smart doorbells, smart
various IoT gadgets. It simulates real-world IoT network
thermostats, and industrial sensors. The IoT-23 dataset aims
conditions by incorporating traffic data from multiple IoT
to support IoT security research and development, particularly
devices. The dataset contains five distinct attack scenarios,
in traffic analysis, anomaly detection, and IDS. Researchers
each with several assault variations, and was created at
can employ this dataset to evaluate the effectiveness of
UNSW Canberra's Cyber Range Lab. The source files are
security algorithms and processes in protecting IoT networks
available in multiple formats, including CSV files, Argus
and devices [189].
files, and original pcap files. The dataset includes attacks such
as DDoS, DoS, OS and service scanning, keylogging, and 6.5. MQTT-IoT-IDS2020 Dataset
data exfiltration, with DDoS and DoS assaults further
In machine-to-machine (IoT) communication, one of the most
classified based on the protocol used [186]. The dataset serves
utilized protocols is the Message Queuing Telemetry
as a reference for assessing the performance of ML and IDS
Transport (MQTT) protocol. It is the initial dataset that
IDS in identifying IoT botnet activity.
mimics a network based on MQTT. 12 sensors, a broker, a
6.2. UNSW-NB15 Dataset phony camera, and an assailant make up the network. A
dataset concentrates on IoT security, specifically to
The dataset an extensively used network traffic dataset for
identifying security risks in IoT networks utilizing the MQTT
assessing IDS. The UNSW-NB 15 dataset was generated in
protocol. IDS for IoT networks can be trained and assessed
the UNSW Canberra Cyber Range Lab using the IXIA
using the labeled data in the dataset, which includes both
PerfectStorm tool to build a blend of real-world modern-day
normal and assault traffic [190].
activities and artificial modern-day assault behaviors. It
comprises of about two million records totaling 49 features 6.6. CICIDS 2017 dataset
that were obtained with the aid of Argustools, Bro-IDS, and a
This dataset is a labeled network traffic dataset collected in a
few specially developed algorithms. The labeled dataset
controlled environment. It was generated as a result of
UNSW-NB15 includes network traffic information gathered
research conducted by the Canadian Institute for
under controlled environment [187].
Cybersecurity (CIC). The dataset's primary objective is to
6.3. ToN-IoT Dataset promote cybersecurity research and development, especially
in IDS.
This dataset is one of the recent IoT and IIoT datasets,
designed to assess the accuracy and effectiveness of various It provides a standard benchmark for assessing the
AI-based cybersecurity technologies. It includes data from effectiveness of IDS methods and algorithms. The dataset
IoT and IIoT sensor telemetry datasets, Windows 7 and 10 captures network protocol traffic, such as TCP, UDP, and
operating system datasets, and TLS and network traffic ICMP, along with traffic from various services and

ISSN: 2395-0455 ©EverScience Publications 647

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

applications, offering a broad range of network behaviors for 6.9. NetFlow ToN-IoT dataset
analysis [191].
The NF-ToN-IoT v1 dataset was created utilizing the publicly
6.7. CTU-13 Dataset accessible pcap files from the ToN-IoT dataset to generate its
NetFlow records. This resulted in the NF-ToN-IoT NetFlow-
The CTU-13 dataset, generated by the Czech Technical
based IoT network dataset. Of the total 1,379,274 data flows,
University (CTU) in Prague, is a popular benchmark dataset
270,279 (19.6%) are benign samples, and 1,108,995 (80.4%)
in cybersecurity, particularly for NIDS. It contains of labeled
are attack samples. The NF-ToN-IoT v2 dataset was similarly
network traffic data generated in a lab setting that simulates
produced utilizing publicly available pcap files, resulting in
various types of cyberattacks [192].
16,940,496 total data flows, of which 10,841,027 (63.99%)
6.8. NetFlow BoT-IoT Dataset are assault samples, and 6,099,469 (36.01%) are benign. Both
NetFlow datasets, NF-BoT-IoT v1 and v2, as well as NF-
The BoT-IoT dataset was employed to build the NF-BoT-IoT
ToN-IoT v1 and v2, were created by Mohanad Sarhan [193].
v1 dataset, an IoT NetFlow-based dataset. The features were
extracted from publicly available pcap data, and the flows 6.10. N-BaIoT Dataset
were labeled with the appropriate attack types. There are
The dataset tackled the scarcity of botnet databases,
600,100 data flows in total, of which 13,859 (2.31%) are
particularly in the IoT domain. It contains authentic traffic
benign, and 586,241 (97.69%) are assault samples.
data collected from nine commercial IoT gadgets confirmed
The dataset includes four distinct assault categories. The to be infected with the BASHLITE and Mirai botnets [194].
distribution of all flows in this dataset is demonstrated in the Furthermore, there are several other IoT datasets that are less
table below [193]. The dataset has two versions: version one prevalent. For more details and further knowledge, refer to
(discussed here) and version two, which also uses features [195].
extracted from pcap data and labeled flows.
In this section, we provided an overview of key IoT security
In version two, out of 37,763,497 total data flows, 37,628,460 datasets, along with references to assist researchers in easily
(99.64%) are assault samples, and 135,037 (0.36%) are locating them. Each dataset has its advantages and
benign. The dataset contains four distinct assault categories. disadvantages, which we will outline in Table 16.
Additionally, Table 17 presents some studies [196-205] that
have utilized these IoT security datasets.
Table 16 IoT Datasets
Dataset Attack type Advantages Disadvantages
BoT-IoT DDoS, DoS, OS and• Real-Word Network Traffic. • Imbalanced Dataset.
Service Scan,
Keylogging and Data• Include a wide variety of IoT • Accurately labeling network
exfiltration attacks. gadgets and assault scenarios. traffic data can be
challenging.
• Labeled Data.
• Has overfitting.
• New generated Features.
• Privacy Issues.
• Accessibility Dataset.
UNSW-NB15 Fuzzers, Analysis, • Realistic Dataset. • Developed with a synthetic
Backdoors, DoS, environment for producing
Exploits, Generic, • Offers CSV files and network assault activities.
Reconnaissance, traffic (PCAP).
• Imbalanced Dataset.
Shellcode and • Labeled Dataset.
Worms. • Deficiency of update.
• Diversity Dataset.
• A collection of a wide array of
features derived from network
traffic.

ISSN: 2395-0455 ©EverScience Publications 648

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

ToN-IoT DoS, DDoS and Include heterogeneous data Launched exclusively on IIoT
Ransomware. sources. Network computer systems,
IoT gateways, and web
Realistic traffic.
applications.
Cove various attacks.
Restricted acceptance and
validation in the field of
cybersecurity research
IoT-23 Malware An extensive dataset. Imbalanced dataset.
Labeled dataset. Limited to attacks type.
Contain various of protocol which Contain Biases which leads to
assist researchers to evaluate influence the outcomes.
various IoT device and protocol
Contain sensitive information
interactions and vulnerabilities.
due to its real-word dataset.
Benefield for security research.
MQTT-IoT- SSH-Brute Force, Real word traffic data. Dependence on particular
IDS2020 MQTT brute-force protocol.
Includes an extensive amount of
attack, aggressive
network traffic data Captures of static network
scan, UDP Scan
traffic.
Contain divers type of attacks.
CICIDS 2017 Brute Force FTP, Real-word traffic network. Imbalanced dataset.
Brute Force SSH,
Labeled dataset. Contain limited attacks.
DoS, Heartbleed,
Web Attack, Accessibility dataset. Need preprocessing for
Infiltration, Botnet optimization which cause
and DDoS. computational cost.
CTU-13 Botnet, Malware Real-word dataset. Limited attack type.
Scalability dataset.
Labeled dataset.
NF- BoT-IoT v1, Benign, DoS, DDoS, Real-word data traffic. Data quality issues.
v2 theft, Reconnaissance
Applied to disclose Botnet attacks. Analytical complexity.
Used in IoT security researches. Imbalanced dataset.
Contain noise.
NF-ToN-IoT v1, Benign, Backdoor, Real-word dataset. Contain Biases.
v2 MiTM, Password,
Contain data different IoT Contain Noise.
XSS, Scanning, DoS,
devices.
DDoS, Injection, Focus only on traffic data.
Ransomware. Used in Anomaly detection.
Imbalanced Dataset.
N-BaIoT Mirai, Bashlite Real Data collected for 9 IoT Imbalanced and Biases
devices. dataset.
Used in Anomaly detection. Limited volume of network
traffic.

ISSN: 2395-0455 ©EverScience Publications 649

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

Table 17 Studies Related to IoT Datasets Using ML and DL Techniques

Refences Dataset Attack Method used Findings
[196] UNSW-NB15 Intrusion ANN ACC: 0.84

[197] BoT-IoT DoS ML (SVM, RF), DL ACC:0.90

(CNN)
[198] MQTT dataset Brute force, DoS, NN, RF, NB, DT, GB ACC: 0.98
Flood, Legitimate, MPL
Time: 30s.
Malformed

[199] CSE-CIC-IDS2018, DDOS, DOS, ML (LR, DT, NB), DL DT: 0.99

ToN-IoT, UNSW- Backdoor, Injection, (DFF, RNN, CNN)
NB15 MITM, Ransomware,
Scanning, Password,
XSS
[200] NF-BoT-IoT Botnet XGB ACC: 0.97
NF-ToN-IoT AUC: 0.99
NF-CSE-CIC- Recall: 0.98
IDS2018-v2 Precision: 0.99
NF-UNSW-NB15-v2
[201] CTU-13 Botnet EL, DT, KNN, RF ACC: 99.07
CM: 0.1
Time: 12.99s
RTime: 0.0004s
[202] IoT-23 DDoS, botnets like KNN, RF ACC: 0.89
Mirai, Okiruk
Precision: 0.1
Recall: 0.81
[203] N-BaIoT Mirai and BASHLITE Supervised and ACC: 99.92
Unsupervised ML
[204] CIC-IDS2017 DDoS, Probe, Web Hybrid DL ACC: 99.32
attacks, DoS
[205] UNSW-NB15 Norma, Generic, ANN, CNN, LSTM, ACC: 95.97
Exploits, Fizzers, DoS, RNN
Training Timing:
Reconnaissance,
6043.32s
Analysis, Backdoor,
Shell code, and Worms

7. CHALLENGES, FUTURE TREND, AND security. This section presents the challenges linked to ML
DISCUSSION and DL in relation to IoT security. Furthermore, it provides a
discussion on the roles, future trend, and the limitations of
ML and DL are essential components in ensuring the security
ML and DL methods.
of IoT systems; however, they face diverse challenges in IoT

ISSN: 2395-0455 ©EverScience Publications 650

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

7.1. Machine Learning challenges 7.1.8. Interpretability of the Model

This section concentrates on the challenges of ML in the IoT Understanding and analysing ML model decisions is crucial
environment, summarizing essential obstacles to help for establishing trust in IoT security systems. However, many
researchers build a comprehensive understanding of ML sophisticated ML models lack interpretability, making it
algorithms. complex to comprehend their decision-making processes.
7.1.1. Quantity and Quality of Data 7.1.9. False Positive Rate in ML
Data is considerable for training ML models. The data Many IoT security studies have aimed to reduce the false
generated by several IoT gadgets may be noisy, incomplete, positive rate (FPR), but only a few have successfully lowered
or inconsistent, making it difficult to ensure data quality. the false alarm rate (FAR) to an Optimal level. This problem
Additionally, having enough labeled data for training robust persists, and researches are continually working to mitigate it.
models is a significant challenge.
Addressing these challenges requires multidisciplinary efforts
7.1.2. Scalability and Heterogeneity that combine domain-specific knowledge, ML, cybersecurity,
and IoT expertise. Ongoing research and collaboration are
IoT gadgets vary widely in design, protocols, and
vital to developing innovative solutions that boost the security
communication standards. Developing ML models that can
of IoT ecosystems.
handle this heterogeneity accurately and scale to support large
IoT deployments is challenging. 7.2. Deep Learning Challenges
7.1.3. Insufficient Training Data While DL presents promising solutions for IoT security, it
also faces several challenges.
Training data is crucial for achieving accurate results in ML.
Insufficient data can lead to biased or erroneous predictions. 7.2.1. Adversarial Attacks Risks
Research indicates that when algorithms are trained with
This assault involves altering input data to manipulate the
limited data, the accuracy can fluctuate as the data increases,
model’s predictions or decisions. These attacks could be used
highlighting the need for appropriate training data.
in IoT security to bypass security measures or trigger false
7.1.4. Selection the proper ML techniques alarms.
Choosing the correct ML classifier is vital for producing 7.2.2. Interpretability and Explainability
accurate results. Using an inappropriate algorithm can lead to
DL models are often seen as "black boxes" that make
inaccurate outputs, inefficiencies, and reduced effectiveness.
decisions through complex internal computations. This lack of
7.1.5. Privacy Concern transparency can hinder understanding the rationale behind a
decision, which is problematic in security applications where
IoT systems often collect sensitive information about
understanding the justification is important.
individuals or organizations. ML models trained on this data
can pose privacy concerns if not adequately secured. 7.2.3. Effectiveness
Enhancing privacy-preserving ML algorithms that can
The constraint resources available on IoT gadgets (memory,
function on encrypted or anonymized data without sacrificing
bandwidth, and time) can hinder the deployment of DL
performance is a complex task.
models. Although DL models can be trained offline,
7.1.6. Resource Constraints implementing them on devices with limited resources remains
challenging. Additionally, applying DL to large datasets is
IoT appliances often have constrained memory, computational
powerful, but DL models rely on raw data processed through
power, and energy resources. Designing lightweight ML
multiple layers of neurons, posing ongoing challenges in
algorithms that maintain security and perform well on such
minimizing storage and computational demands for resource-
devices is challenging.
constrained devices.
7.1.7. Dark Web Risks
7.2.4. Robustness
The dark web is composed of anonymous networks and
IoT environments are dynamic, with varying network
websites with hidden IP addresses. ML models used in IoT
conditions, device settings, and environmental factors. DL
security may be vulnerable to dark web assaults, where
models trained on static datasets may perform poorly in these
malicious actors leverage input data to deceive the model.
dynamic conditions, making them more insecure to security
Designing ML models resilient to such assaults remains a
breaches.
challenge.

ISSN: 2395-0455 ©EverScience Publications 651

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE

7.2.5. Privacy of Data enhance that with the primary objective for each attack. An
existing survey related to IoT security has been presented.
DL models require large amounts of data, which often include
ML/DL methods have been discussed with the strength and
sensitive information from IoT devices. Ensuring data privacy
weakness of each. Furthermore, we discuss the previous
while collecting enough data to train effective models is a key
studies with respect of them. analyzing and classifying of the
challenge.
existing researches between 2018 up to this date have been
Addressing DL challenges requires innovative algorithms discussed. After that, we present the taxonomy of IoT layer
development, optimization strategies, and system-level design attacks and discussed each attack type in detail, providing
tailored to IoT security applications. Collaboration between recent studies that propose solutions using ML/DL methods to
deep learning and IoT security researchers is necessary to address these attacks. Additionally, we summarized the
create solutions that balance security, performance, and datasets related to IoT security, highlighting their advantages
resource constraints. and disadvantages, as well as current research that has applied
these datasets. We also discussed the challenges, and the
7.3. Discussion
future trends related to ML/DL in the context of IoT security.
DL, and ML mitigate some of these limitations by The purpose of this survey is to provide a helpful guide for
automatically extracting complex features from large, academic researchers, offering comprehensive knowledge of
unsupervised IoT datasets, making it particularly effective at
IoT, IoT security, DL/ML techniques, and common IoT
identifying advanced security threats. In IoT security, DL has
attacks at various network layers. By outlining the challenges
been used to detect attacks and network anomalies by
faced by ML and DL in this domain, we aim to equip
analyzing real-time data from smart home systems and other researchers with a clear understanding, enabling them to
interconnected appliances. select the most appropriate techniques for disclosing and
However, despite the potential of ML and DL, challenges mitigating IoT attacks.
remain, including scalability, energy efficiency, and accuracy.
REFERENCES
Over classification and misclassification can lead to
significant errors in attack detection, resulting in false [1] M. A. Al-Garadi et al., “A survey of machine and deep learning
methods for internet of things (IOT) security,” IEEE Communications
positives and negatives. Future trends aim to enhance model Surveys & Tutorials, vol. 22, no. 3, pp. 1646–1685, 2020.
robustness through techniques like adversarial learning and doi:10.1109/comst.2020.2988293.
self-learning systems that adapt to emerging threats in real [2] F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine
time. learning in IOT security: Current solutions and future challenges,”
IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp.
The development of energy-efficient algorithms and federated 1686–1721, 2020. doi:10.1109/comst.2020.2986444.
learning will improve privacy and reliability for resource- [3] A. Thakkar and R. Lohiya, “A review on machine learning and Deep
Learning Perspectives of ids for IOT: Recent updates, security issues,
constrained IoT gadgets. Further research is required to tackle and challenges,” Archives of Computational Methods in Engineering,
these constrains fully and improve the accuracy of assaults vol. 28, no. 4, pp. 3211–3243, Oct. 2020. doi:10.1007/s11831-020-
disclosure in IoT security systems. 09496-0.
[4] U. Farooq, N. Tariq, M. Asim, T. Baker, and A. Al-Shamma’a,
8. CONCLUSION “Machine learning and the internet of things security: Solutions and
open challenges,” Journal of Parallel and Distributed Computing, vol.
IoT is increasingly integrated into our everyday lives because 162, pp. 89–104, Apr. 2022. doi:10.1016/j.jpdc.2022.01.015.
of the growth of the internet and the vast number of gadgets [5] V. Gugueoth, S. Safavat, and S. Shetty, “Security of internet of things
(IOT) using Federated Learning and deep learning — recent
linked to it. Because IoT networks are dynamic, securing advancements, issues and prospects,” ICT Express, vol. 9, no. 5, pp.
them can be challenging and presents a number of issues for 941–960, Oct. 2023. doi:10.1016/j.icte.2023.03.006.
standard security solutions. Securing IoT is complex and [6] B. Patel, J. Vasa, and P. Shah, “IOT concepts, characteristics, enabling
traditional security solutions face a several of challenges due technologies, applications and protocol stack: Issues and Imperatives,”
International Journal of Wireless and Mobile Computing, vol. 25, no.
to the nature and the characteristics of IoT networks. ML and 4, pp. 397–406, 2023. doi:10.1504/ijwmc.2023.135404.
DL have facilitated the enhancement of a several of [7] X. Liang and Y. Kim, “A survey on security attacks and solutions in
sophisticated analytical approaches that may be utilized to the IOT Network,” 2021 IEEE 11th Annual Computing and
enhance IoT security. Moreover, ML techniques can address Communication Workshop and Conference (CCWC), Jan. 2021.
doi:10.1109/ccwc51732.2021.9376174.
IoT security issues and challenges caused by the risk of
[8] H. Mrabet, S. Belguith, A. Alhomoud, and A. Jemai, “A survey of IOT
attacks and affected by leaving holed. In this survey, the security based on a layered architecture of sensing and data analysis,”
characteristics, IoT architecture, protocols, and IoT Sensors, vol. 20, no. 13, p. 3625, Jun. 2020. doi:10.3390/s20133625.
vulnerabilities of IoT systems are highlighted. we discuss IoT [9] N. Verma, S. Singh, and D. Prasad, “A review on existing IOT
architecture and communication protocols used in Healthcare
applications and present a table that summarizes the pros and Monitoring System,” Journal of The Institution of Engineers (India):
cons of each application. Then, we discuss the potential IoT Series B, vol. 103, no. 1, pp. 245–257, Jun. 2021. doi:10.1007/s40031-
attacks in term of passive attack and active attacks and 021-00632-3.

ISSN: 2395-0455 ©EverScience Publications 652

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
[10] A. Thakkar and R. Lohiya, “A review on machine learning and Deep Intelligent Systems & Security, May 2023.
Learning Perspectives of ids for IOT: Recent updates, security issues, doi:10.1145/3607720.3607771.
and challenges,” Archives of Computational Methods in Engineering, [28] A. Barua, M. A. Al Alamin, Md. S. Hossain, and E. Hossain, “Security
vol. 28, no. 4, pp. 3211–3243, Oct. 2020. doi:10.1007/s11831-020- and privacy threats for Bluetooth Low Energy in IOT and wearable
09496-0. devices: A comprehensive survey,” IEEE Open Journal of the
[11] V. Hassija et al., “A survey on IOT security: Application areas, Communications Society, vol. 3, pp. 251–281, 2022.
security threats, and solution architectures,” IEEE Access, vol. 7, pp. doi:10.1109/ojcoms.2022.3149732.
82721–82743, 2019. doi:10.1109/access.2019.2924045. [29] K. Chetioui, B. Bah, A. O. Alami, and A. Bahnasse, “Overview of
[12] D. Swessi and H. Idoudi, “A survey on internet-of-things security: social engineering attacks on social networks,” Procedia Computer
Threats and emerging countermeasures,” Wireless Personal Science, vol. 198, pp. 656–661, 2022.
Communications, vol. 124, no. 2, pp. 1557–1592, Jan. 2022. doi:10.1016/j.procs.2021.12.302.
doi:10.1007/s11277-021-09420-0. [30] N. Ahmed et al., “A survey on location privacy attacks and prevention
[13] B. B. Gupta and M. Quamara, “An overview of internet of things deployed with IOT in Vehicular Networks,” Wireless Communications
(IOT): Architectural aspects, challenges, and protocols,” Concurrency and Mobile Computing, vol. 2022, pp. 1–15, Apr. 2022.
and Computation: Practice and Experience, vol. 32, no. 21, Sep. 2018. doi:10.1155/2022/6503299.
doi:10.1002/cpe.4946. [31] M. R. Kadri, A. Abdelli, J. Ben Othman, and L. Mokdad, “Survey and
[14] A. H. Mohd Aman, E. Yadegaridehkordi, Z. S. Attarbashi, R. Hassan, classification of Dos and DDOS attack detection and validation
and Y.-J. Park, “A survey on trend and classification of internet of approaches for IOT Environments,” Internet of Things, vol. 25, p.
things reviews,” IEEE Access, vol. 8, pp. 111763–111782, 2020. 101021, Apr. 2024. doi:10.1016/j.iot.2023.101021.
doi:10.1109/access.2020.3002932. [32] P. Kumari and A. K. Jain, “A comprehensive study of ddos attacks
[15] L. Tawalbeh, F. Muheidat, M. Tawalbeh, and M. Quwaider, “IOT over IOT network and their countermeasures,” Computers &
privacy and security: Challenges and solutions,” Applied Sciences, vol. Security, vol. 127, p. 103096, Apr. 2023.
10, no. 12, p. 4102, Jun. 2020. doi:10.3390/app10124102. doi:10.1016/j.cose.2023.103096.
[16] T. M. Ghazal et al., “IOT for Smart Cities: Machine Learning [33] P. Vennam, S. K. Mouleeswaran, S. Shamila, and S. R. Kasarla, “A
Approaches in smart healthcare—A Review,” Future Internet, vol. 13, comprehensive analysis of fog layer and man in the middle attacks in
no. 8, p. 218, Aug. 2021. doi:10.3390/fi13080218. IOT Networks,” 2022 IEEE 2nd Mysore Sub Section International
[17] J. Asharf et al., “A review of intrusion detection systems using Conference (MysuruCon), vol. 9, pp. 1–5, Oct. 2022.
machine and deep learning in internet of things: Challenges, solutions doi:10.1109/mysurucon55714.2022.9972612.
and future directions,” Electronics, vol. 9, no. 7, p. 1177, Jul. 2020. [34] D. Panda, B. Kishore Mishra, and K. Sharma, “A taxonomy on man-
doi:10.3390/electronics9071177. in-the-middle attack in IOT Network,” 2022 4th International
[18] P. Malhotra et al., “Internet of things: Evolution, concerns and security Conference on Advances in Computing, Communication Control and
challenges,” Sensors, vol. 21, no. 5, p. 1809, Mar. 2021. Networking (ICAC3N), vol. 7, pp. 1907–1912, Dec. 2022.
doi:10.3390/s21051809. doi:10.1109/icac3n56670.2022.10074170.
[19] M. Yu, J. Zhuge, M. Cao, Z. Shi, and L. Jiang, “A survey of security [35] P. Victor et al., “IOT malware: An attribute-based taxonomy, detection
vulnerability analysis, discovery, detection, and mitigation on IOT mechanisms and challenges,” Peer-to-Peer Networking and
devices,” Future Internet, vol. 12, no. 2, p. 27, Feb. 2020. Applications, vol. 16, no. 3, pp. 1380–1431, May 2023.
doi:10.3390/fi12020027. doi:10.1007/s12083-023-01478-w.
[20] B. I. Mukhtar, M. S. Elsayed, A. D. Jurcut, and M. A. Azer, “IOT [36] C. S. Yadav et al., “Malware analysis in IOT & Android systems with
vulnerabilities and attacks: Silex malware case study,” Symmetry, vol. Defensive Mechanism,” Electronics, vol. 11, no. 15, p. 2354, Jul. 2022.
15, no. 11, p. 1978, Oct. 2023. doi:10.3390/sym15111978. doi:10.3390/electronics11152354.
[21] J. Sengupta, S. Ruj, and S. Das Bit, “A comprehensive survey on [37] H. Pirayesh and H. Zeng, “Jamming attacks and anti-jamming
attacks, security issues and blockchain solutions for IOT and Iiot,” strategies in wireless networks: A comprehensive survey,” IEEE
Journal of Network and Computer Applications, vol. 149, p. 102481, Communications Surveys & Tutorials, vol. 24, no. 2, pp. 767–
Jan. 2020. doi:10.1016/j.jnca.2019.102481. 809, 2022. doi:10.1109/comst.2022.3159185.
[22] T. J. Saleem and M. A. Chishti, “Deep learning for the internet of [38] F. Alrefaei, A. Alzahrani, H. Song, and S. Alrefaei, “A survey on the
things: Potential benefits and use-cases,” Digital Communications and jamming and spoofing attacks on the Unmanned Aerial Vehicle
Networks, vol. 7, no. 4, pp. 526–542, Nov. 2021. Networks,” 2022 IEEE International IOT, Electronics and
doi:10.1016/j.dcan.2020.12.002. Mechatronics Conference (IEMTRONICS), Jun. 2022.
[23] S. Khanam, I. B. Ahmedy, M. Y. Idna Idris, M. H. Jaward, and A. Q. doi:10.1109/iemtronics55184.2022.9795809.
Bin Md Sabri, “A survey of security challenges, attacks taxonomy and [39] A. A. Al-chikh Omar, B. Soudan, and Ala’ Altaweel, “A
advanced countermeasures in the internet of things,” IEEE Access, vol. comprehensive survey on detection of sinkhole attack in routing over
8, pp. 219709–219743, 2020. doi:10.1109/access.2020.3037359. low power and lossy network for internet of things,” Internet of
[24] N. Abosata, S. Al-Rubaye, G. Inalhan, and C. Emmanouilidis, Things, vol. 22, p. 100750, Jul. 2023. doi:10.1016/j.iot.2023.100750.
“Internet of things for system integrity: A comprehensive survey on [40] R. Ahmad, I. Alsmadi, W. Alhamdani, and L. Tawalbeh, “Zero-Day
security, attacks and countermeasures for Industrial Applications,” attack detection: A systematic literature review,” Artificial Intelligence
Sensors, vol. 21, no. 11, p. 3654, May 2021. doi:10.3390/s21113654. Review, vol. 56, no. 10, pp. 10733–10811, Feb. 2023.
[25] F. B. H.J. and S. S., “A survey on IOT security: Attacks, challenges doi:10.1007/s10462-023-10437-z.
and countermeasures,” Webology, vol. 19, no. 1, pp. 3741–3763, Jan. [41] R. Patnaik, N. Padhy, and K. Srujan Raju, “A systematic survey on
2022. doi:10.14704/web/v19i1/web19246. IOT security issues, vulnerability and open challenges,” Advances in
[26] R. R. Chowdhury and P. E. Abas, “A survey on device fingerprinting Intelligent Systems and Computing, pp. 723–730, Aug. 2020.
approach for Resource-constraint IOT devices: Comparative study and doi:10.1007/978-981-15-5400-1_68.
research challenges,” Internet of Things, vol. 20, p. 100632, Nov. [42] K. Shaukat et al., “A review on security challenges in internet of things
2022. doi:10.1016/j.iot.2022.100632. (IOT),” 2021 26th International Conference on Automation and
[27] A. Maatallaoui, H. Touil, and L. Setti, “The impact of radio frequency Computing (ICAC), Sep. 2021.
(RF) attacks on Security and Privacy: A Comprehensive Review,” doi:10.23919/icac50006.2021.9594183.
Proceedings of the 6th International Conference on Networking, [43] K. M. Sadique, R. Rahmani, and P. Johannesson, “Towards security on
internet of things: Applications and challenges in Technology,”

ISSN: 2395-0455 ©EverScience Publications 653

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
Procedia Computer Science, vol. 141, pp. 199–206, 2018. [60] Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai,
doi:10.1016/j.procs.2018.10.168. “Machine learning-based IOT-botnet attack detection with sequential
[44] R. R. Krishna et al., “State-of-the-art review on IOT threats and architecture,” Sensors, vol. 20, no. 16, p. 4372, Aug. 2020.
attacks: Taxonomy, challenges and solutions,” Sustainability, vol. 13, doi:10.3390/s20164372.
no. 16, p. 9463, Aug. 2021. doi:10.3390/su13169463. [61] S. Nakhodchi, A. Upadhyay, and A. Dehghantanha, “A comparison
[45] V. N and P. T. V. Bhuavneswari, “ADBIS: Anomaly detection to between different machine learning models for IOT malware
bolster IOT security using machine learning,” 2023 IEEE 3rd detection,” Security of Cyber-Physical Systems, pp. 195–202, 2020.
International Conference on Applied Electromagnetics, Signal doi:10.1007/978-3-030-45541-5_10.
Processing, & Communication (AESPC), pp. 1–6, Nov. 2023. [62] R. Doshi, N. Apthorpe, and N. Feamster, “Machine learning ddos
doi:10.1109/aespc59761.2023.10390100. detection for consumer internet of things devices,” 2018 IEEE Security
[46] Rachit, S. Bhatt, and P. R. Ragiri, “Security trends in internet of things: and Privacy Workshops (SPW), May 2018.
A survey,” SN Applied Sciences, vol. 3, no. 1, Jan. 2021. doi:10.1109/spw.2018.00013.
doi:10.1007/s42452-021-04156-9. [63] S. Li, Q. Zhang, X. Wu, W. Han, and Z. Tian, “Attribution
[47] S. Balogh, O. Gallo, R. Ploszek, P. Špaček, and P. Zajac, “IOT security classification method of APT Malware in IOT using machine learning
challenges: Cloud and blockchain, Postquantum cryptography, and techniques,” Security and Communication Networks, vol. 2021, pp. 1–
evolutionary techniques,” Electronics, vol. 10, no. 21, p. 2647, Oct. 12, Sep. 2021. doi:10.1155/2021/9396141.
2021. doi:10.3390/electronics10212647. [64] I. S. Thaseen, V. Mohanraj, S. Ramachandran, K. Sanapala, and S.-S.
[48] R. F. Ali, A. Muneer, P. D. Dominic, S. M. Taib, and E. A. Ghaleb, Yeo, “A Hadoop based framework integrating machine learning
“Internet of things (IOT) security challenges and solutions: A classifiers for anomaly detection in the internet of things,” Electronics,
systematic literature review,” Communications in Computer and vol. 10, no. 16, p. 1955, Aug. 2021. doi:10.3390/electronics10161955.
Information Science, pp. 128–154, 2021. doi:10.1007/978-981-16- [65] S. M. Tahsien, H. Karimipour, and P. Spachos, “Machine learning
8059-5_9. based solutions for security of internet of things (IOT): A survey,”
[49] M. Azrour, J. Mabrouki, A. Guezzaz, and A. Kanwal, “Internet of Journal of Network and Computer Applications, vol. 161, p. 102630,
things security: Challenges and key issues,” Security and Jul. 2020. doi:10.1016/j.jnca.2020.102630.
Communication Networks, vol. 2021, pp. 1–11, Sep. 2021. [66] B. Zhang, Z. Liu, Y. Jia, J. Ren, and X. Zhao, “Network intrusion
doi:10.1155/2021/5533843. detection method based on PCA and Bayes algorithm,” Security and
[50] B. Yedle, G. Shrivastava, A. Kumar, A. K. Mishra, and T. K. Mishra, Communication Networks, vol. 2018, pp. 1–11, Nov. 2018.
“A survey: Security issues and challenges in internet of things,” doi:10.1155/2018/1914980.
Lecture Notes in Networks and Systems, pp. 75–86, Jun. 2020. [67] H. H. Pajouh, R. Javidan, R. Khayami, A. Dehghantanha, and K.-K. R.
doi:10.1007/978-981-15-4218-3_8. Choo, “A two-layer dimension reduction and two-tier classification
[51] S. Chesney, K. Roy, and S. Khorsandroo, “Machine learning model for anomaly-based intrusion detection in IOT backbone
algorithms for preventing IOT cybersecurity attacks,” Advances in networks,” IEEE Transactions on Emerging Topics in Computing, vol.
Intelligent Systems and Computing, pp. 679–686, Aug. 2020. 7, no. 2, pp. 314–323, Apr. 2019. doi:10.1109/tetc.2016.2633228.
doi:10.1007/978-3-030-55190-2_53. [68] Z. H. Abdaljabar, O. N. Ucan, and K. M. Ali Alheeti, “An intrusion
[52] M. Bagaa, T. Taleb, J. B. Bernabe, and A. Skarmeta, “A Machine detection system for IOT using KNN and decision-tree based
Learning Security Framework for IOT systems,” IEEE Access, vol. 8, classification,” 2021 International Conference of Modern Trends in
pp. 114066–114077, 2020. doi:10.1109/access.2020.2996214. Information and Communication Technology Industry (MTICTI), Dec.
[53] S. M. Tahsien, H. Karimipour, and P. Spachos, “Machine learning 2021. doi:10.1109/mticti53925.2021.9664772.
based solutions for security of internet of things (IOT): A survey,” [69] A. Kumar and T. J. Lim, “Edima: Early detection of IOT malware
Journal of Network and Computer Applications, vol. 161, p. 102630, network activity using Machine Learning Techniques,” 2019 IEEE 5th
Jul. 2020. doi:10.1016/j.jnca.2020.102630. World Forum on Internet of Things (WF-IoT), Apr. 2019.
[54] A. S. Ahmed and H. A. Salah, “Development a software defined doi:10.1109/wf-iot.2019.8767194.
network (SDN) with internet of things (IOT) security for medical [70] Sharipuddin et al., “Features extraction on IOT intrusion detection
issues,” Journal of Al-Qadisiyah for Computer Science and system using Principal Components Analysis (PCA),” 2020 7th
Mathematics, vol. 15, no. 3, Sep. 2023. International Conference on Electrical Engineering, Computer
doi:10.29304/jqcm.2023.15.3.1268. Sciences and Informatics (EECSI), vol. 8491, pp. 114–118, Oct. 2020.
[55] M. Shen, X. Tang, L. Zhu, X. Du, and M. Guizani, “Privacy- doi:10.23919/eecsi50503.2020.9251292.
preserving support vector machine training over blockchain-based [71] S. K. Dash et al., “Enhancing ddos attack detection in IOT using
encrypted IOT data in Smart Cities,” IEEE Internet of Things Journal, PCA,” Egyptian Informatics Journal, vol. 25, p. 100450, Mar. 2024.
vol. 6, no. 5, pp. 7702–7712, Oct. 2019. doi:10.1016/j.eij.2024.100450 G. Abbas, A. Mehmood, M. Carsten, G.
doi:10.1109/jiot.2019.2901840. Epiphaniou, and J. Lloret, “Safety, security and privacy in machine
[56] M. Shafiq, Z. Tian, A. K. Bashir, X. Du, and M. Guizani, learning based internet of things,” Journal of Sensor and Actuator
“CORRAUC: A malicious bot-IOT traffic detection method in IOT Networks, vol. 11, no. 3, p. 38, Jul. 2022. doi:10.3390/jsan11030038.
network using machine-learning techniques,” IEEE Internet of Things [72] L. Liu, X. Xu, Y. Liu, Z. Ma, and J. Peng, “A detection framework
Journal, vol. 8, no. 5, pp. 3242–3254, Mar. 2021. against CPMA attack based on trust evaluation and Machine Learning
doi:10.1109/jiot.2020.3002255. in IOT network,” IEEE Internet of Things Journal, vol. 8, no. 20, pp.
[57] C. Ioannou and V. Vassiliou, “Experimentation with local intrusion 15249–15258, Oct. 2021. doi:10.1109/jiot.2020.3047642.
detection in IOT networks using supervised learning,” 2020 16th [73] Y. Alotaibi and M. Ilyas, “Ensemble-Learning Framework for
International Conference on Distributed Computing in Sensor Systems intrusion detection to enhance internet of things’ devices security,”
(DCOSS), May 2020. doi:10.1109/dcoss49796.2020.00073. Sensors, vol. 23, no. 12, p. 5568, Jun. 2023. doi:10.3390/s23125568.
[58] D. Puthal et al., “Decision tree based user-centric security solution for [74] P. K. Danso et al., “Ensemble-based intrusion detection for internet of
critical IOT infrastructure,” Computers and Electrical Engineering, vol. things devices,” 2022 IEEE 19th International Conference on Smart
99, p. 107754, Apr. 2022. doi:10.1016/j.compeleceng.2022.107754. Communities: Improving Quality of Life Using ICT, IoT and AI
[59] A. Churcher et al., “An experimental analysis of attack classification (HONET), vol. 30, pp. 034–039, Dec. 2022.
using machine learning in IOT Networks,” Sensors, vol. 21, no. 2, p. doi:10.1109/honet56683.2022.10019140.
446, Jan. 2021. doi:10.3390/s21020446.

ISSN: 2395-0455 ©EverScience Publications 654

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
[75] H. Li, K. Ota, and M. Dong, “Learning IOT in edge: Deep learning for and Applications, vol. 35, no. 7, pp. 4813–4833, Apr. 2021.
the internet of things with Edge Computing,” IEEE Network, vol. 32, doi:10.1007/s00521-021-06011-9.
no. 1, pp. 96–101, Jan. 2018. doi:10.1109/mnet.2018.1700202. [93] Y. Hou et al., “Hybrid intrusion detection model based on a designed
[76] S. Li, Q. Zhang, X. Wu, W. Han, and Z. Tian, “Attribution autoencoder,” Journal of Ambient Intelligence and Humanized
classification method of APT Malware in IOT using machine learning Computing, vol. 14, no. 8, pp. 10799–10809, Sep. 2022.
techniques,” Security and Communication Networks, vol. 2021, pp. 1– doi:10.1007/s12652-022-04350-6.
12, Sep. 2021. doi:10.1155/2021/9396141. [94] Q. E. Ul Haq, M. Imran, K. Saleem, T. Zia, and J. Al Muhtadi,
[77] T. A. Tuan et al., “Performance evaluation of botnet ddos attack “Review on variants of restricted boltzmann machines and
detection using machine learning,” Evolutionary Intelligence, vol. 13, autoencoders for Cyber-Physical Systems,” Internet of Things Security
no. 2, pp. 283–294, Nov. 2019. doi:10.1007/s12065-019-00310-w. and Privacy, pp. 188–207, Oct. 2023. doi:10.1201/9781003199410-8.
[78] M. Shafiq, Z. Tian, Y. Sun, X. Du, and M. Guizani, “Selection of [95] V. S. Desanamukula et al., “A comprehensive analysis of machine
effective machine learning algorithm and bot-IOT attacks traffic learning and deep learning approaches towards IOT Security,” 2023
identification for internet of things in Smart City,” Future Generation 4th International Conference on Electronics and Sustainable
Computer Systems, vol. 107, pp. 433–442, Jun. 2020. Communication Systems (ICESC), vol. 29, pp. 1165–1168, Jul. 2023.
doi:10.1016/j.future.2020.02.017. doi:10.1109/icesc57686.2023.10193209.
[79] A. Arshad et al., “A novel ensemble method for enhancing internet of [96] G. H. Rosa, M. Roder, D. F. Santos, and K. A. Costa, “Enhancing
things device security against botnet attacks,” Decision Analytics anomaly detection through restricted Boltzmann machine features
Journal, vol. 8, p. 100307, Sep. 2023. projection,” International Journal of Information Technology, vol. 13,
doi:10.1016/j.dajour.2023.100307. no. 1, pp. 49–57, Oct. 2020. doi:10.1007/s41870-020-00535-4.
[80] K. Alissa et al., “Botnet attack detection in IOT using machine [97] I. Sohn, “Deep belief network based Intrusion Detection Techniques:
learning,” Computational Intelligence and Neuroscience, vol. 2022, pp. A Survey,” Expert Systems with Applications, vol. 167, p. 114170,
1–14, Oct. 2022. doi:10.1155/2022/4515642. Apr. 2021. doi:10.1016/j.eswa.2020.114170.
[81] T. Gaber, A. El-Ghamry, and A. E. Hassanien, “Injection attack [98] T. K. Boppana and P. Bagade, “Gan-ae: An unsupervised intrusion
detection using machine learning for smart IOT Applications,” detection system for MQTT Networks,” Engineering Applications of
Physical Communication, vol. 52, p. 101685, Jun. 2022. Artificial Intelligence, vol. 119, p. 105805, Mar. 2023.
doi:10.1016/j.phycom.2022.101685. doi:10.1016/j.engappai.2022.105805.
[82] V. Tomer and S. Sharma, “Detecting IOT attacks using an ensemble [99] R. Lin et al., “Physical-layer security enhancement in energy-
machine learning model,” Future Internet, vol. 14, no. 4, p. 102, Mar. harvesting-based cognitive internet of things: A gan-powered deep
2022. doi:10.3390/fi14040102. reinforcement learning approach,” IEEE Internet of Things Journal,
[83] S. Rabhi, T. Abbes, and F. Zarai, “IOT routing attacks detection using vol. 11, no. 3, pp. 4899–4913, Feb. 2024.
machine learning algorithms,” Wireless Personal Communications, doi:10.1109/jiot.2023.3300770.
vol. 128, no. 3, pp. 1839–1857, Sep. 2022. doi:10.1007/s11277-022- [100] A. Aleroud, M. Shariah, R. Malkawi, S. Y. Khamaiseh, and A. Al-
10022-7. Alaj, “A privacy-enhanced human activity recognition using Gan &
[84] H. Gebrye, Y. Wang, and F. Li, “Traffic data extraction and labeling entropy ranking of Microaggregated Data,” Cluster Computing, vol.
for machine learning based attack detection in IOT networks,” 27, no. 2, pp. 2117–2132, Jun. 2023. doi:10.1007/s10586-023-04063-1.
International Journal of Machine Learning and Cybernetics, vol. 14, [101] M. Alshamkhany et al., “Botnet attack detection using machine
no. 7, pp. 2317–2332, Jan. 2023. doi:10.1007/s13042-022-01765-7. learning,” 2020 14th International Conference on Innovations in
[85] S. A. Al-Juboori, F. Hazzaa, Z. S. Jabbar, S. Salih, and H. M. Gheni, Information Technology (IIT), Nov. 2020.
“Man-in-the-middle and denial of service attacks detection using doi:10.1109/iit50501.2020.9299061.
machine learning algorithms,” Bulletin of Electrical Engineering and [102] G. De La Torre Parra, P. Rad, K.-K. R. Choo, and N. Beebe,
Informatics, vol. 12, no. 1, pp. 418–426, Feb. 2023. “Detecting internet of things attacks using distributed deep learning,”
doi:10.11591/eei.v12i1.4555. Journal of Network and Computer Applications, vol. 163, p. 102662,
[86] H. M. Saleh, H. Marouane, and A. Fakhfakh, “Stochastic gradient Aug. 2020. doi:10.1016/j.jnca.2020.102662.
descent intrusions detection for wireless sensor network attack [103] D. Papamartzivanos, F. Gomez Marmol, and G. Kambourakis,
detection system using machine learning,” IEEE Access, vol. 12, pp. “Introducing deep learning self-adaptive misuse network intrusion
3825–3836, 2024. doi:10.1109/access.2023.3349248. detection systems,” IEEE Access, vol. 7, pp. 13546–13560, 2019.
[87] J. P, J. Shareena, A. Ramdas, and H. A P, “Intrusion detection system doi:10.1109/access.2019.2893871.
for IOT botnet attacks using Deep Learning,” SN Computer Science, [104] S. I. Popoola et al., “Federated deep learning for Zero-Day botnet
vol. 2, no. 3, Apr. 2021. doi:10.1007/s42979-021-00516-9. attack detection in IOT-edge devices,” IEEE Internet of Things
[88] B. Alabsi, M. Anbar, and S. Rihan, “CNN-CNN: Dual Convolutional Journal, vol. 9, no. 5, pp. 3930–3944, Mar. 2022.
Neural Network Approach for feature selection and attack detection on doi:10.1109/jiot.2021.3100755.
internet of things networks,” Sensors, vol. 23, no. 14, p. 6507, Jul. [105] N. Balakrishnan, A. Rajendran, D. Pelusi, and V. Ponnusamy, “Deep
2023. doi:10.3390/s23146507. belief network enhanced intrusion detection system to prevent security
[89] A. Dahou et al., “Intrusion detection system for IOT based on Deep breach in the internet of things,” Internet of Things, vol. 14, p. 100112,
Learning and modified reptile search algorithm,” Computational Jun. 2021. doi:10.1016/j.iot.2019.100112.
Intelligence and Neuroscience, vol. 2022, pp. 1–15, Jun. 2022. [106] R. H. Randhawa, N. Aslam, M. Alauthman, H. Rafiq, and F. Comeau,
doi:10.1155/2022/6473507. “Security hardening of botnet detectors using generative adversarial
[90] I. Ullah and Q. H. Mahmoud, “Design and development of RNN networks,” IEEE Access, vol. 9, pp. 78276–78292, 2021.
Anomaly Detection Model for IOT Networks,” IEEE Access, vol. 10, doi:10.1109/access.2021.3083421.
pp. 62722–62750, 2022. doi:10.1109/access.2022.3176317. [107] G. H. Rosa, M. Roder, D. F. Santos, and K. A. Costa, “Enhancing
[91] P. Sanju, “Enhancing intrusion detection in IOT systems: A hybrid anomaly detection through restricted Boltzmann machine features
metaheuristics-deep learning approach with ensemble of Recurrent projection,” International Journal of Information Technology, vol. 13,
Neural Networks,” Journal of Engineering Research, vol. 11, no. 4, pp. no. 1, pp. 49–57, Oct. 2020. doi:10.1007/s41870-020-00535-4.
356–361, Dec. 2023. doi:10.1016/j.jer.2023.100122. [108] J. Kumar and G. Ranganathan, “Malware attack detection in large
[92] A. Basati and M. M. Faghih, “APAE: An IOT intrusion detection scale networks using the ensemble deep restricted Boltzmann
system using asymmetric parallel auto-encoder,” Neural Computing machine,” Engineering, Technology & Applied Science Research,
vol. 13, no. 5, pp. 11773–11778, Oct. 2023. doi:10.48084/etasr.6204.

ISSN: 2395-0455 ©EverScience Publications 655

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
[109] B. Sharma, L. Sharma, C. Lal, and S. Roy, “Anomaly based network Express, vol. 6, no. 4, pp. 280–286, Dec. 2020.
intrusion detection for IOT attacks using Deep Learning Technique,” doi:10.1016/j.icte.2020.04.005.
Computers and Electrical Engineering, vol. 107, p. 108626, Apr. 2023. [126] J. Sengupta, S. Ruj, and S. Das Bit, “A comprehensive survey on
doi:10.1016/j.compeleceng.2023.108626. attacks, security issues and blockchain solutions for IOT and Iiot,”
[110] A. M. Banaamah and I. Ahmad, “Intrusion detection in IOT using Journal of Network and Computer Applications, vol. 149, p. 102481,
Deep Learning,” Sensors, vol. 22, no. 21, p. 8417, Nov. 2022. Jan. 2020. doi:10.1016/j.jnca.2019.102481.
doi:10.3390/s22218417. [127] P. Williams, I. Dutta, H. Daoud, and M. Bayoumi, “Security aspects of
[111] J. Simon, N. Kapileswar, P. K. Polasi, and M. A. Elaveini, “Hybrid internet of things – A survey,” 2020 IEEE 6th World Forum on
intrusion detection system for wireless IOT networks using Deep Internet of Things (WF-IoT), vol. 5, pp. 1–6, Jun. 2020.
Learning algorithm,” Computers and Electrical Engineering, vol. 102, doi:10.1109/wf-iot48130.2020.9221429.
p. 108190, Sep. 2022. doi:10.1016/j.compeleceng.2022.108190. [128] M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of
[112] O. Jullian et al., “Deep-learning based detection for cyber-attacks in things security and forensics: Challenges and opportunities,” Future
IOT Networks: A distributed attack detection framework,” Journal of Generation Computer Systems, vol. 78, pp. 544–546, Jan. 2018.
Network and Systems Management, vol. 31, no. 2, Feb. 2023. doi:10.1016/j.future.2017.07.060 .
doi:10.1007/s10922-023-09722-7. [129] T. J. Saleem and M. A. Chishti, “Deep learning for the internet of
[113] S. Ahmed et al., “Effective and efficient ddos attack detection using things: Potential benefits and use-cases,” Digital Communications and
deep learning algorithm, Multi-Layer Perceptron,” Future Internet, vol. Networks, vol. 7, no. 4, pp. 526–542, Nov. 2021.
15, no. 2, p. 76, Feb. 2023. doi:10.3390/fi15020076. doi:10.1016/j.dcan.2020.12.002 .
[114] V. Shakya, J. Choudhary, and D. P. Singh, “Irada: Integrated [130] X. Liang and Y. Kim, “A survey on security attacks and solutions in
Reinforcement Learning and deep learning algorithm for attack the IOT Network,” 2021 IEEE 11th Annual Computing and
detection in wireless sensor networks,” Multimedia Tools and Communication Workshop and Conference (CCWC), Jan. 2021.
Applications, vol. 83, no. 28, pp. 71559–71578, Feb. 2024. doi:10.1109/ccwc51732.2021.9376174.
doi:10.1007/s11042-024-18289-7. [131] V. Porkodi et al., “A survey on various machine learning models in
[115] N. Sakthipriya, V. Govindasamy, and V. Akila, “Security-aware IOT IOT Applications,” 2020 International Conference on Computing and
botnet attack detection framework using dilated and cascaded deep Information Technology (ICCIT-1441), vol. 44, pp. 1–4, Sep. 2020.
learning mechanism with conditional adversarial autoencoder-based doi:10.1109/iccit-144147971.2020.9213819.
features,” Peer-to-Peer Networking and Applications, vol. 17, no. 3, [132] Y. Harbi, Z. Aliouat, A. Refoufi, and S. Harous, “Recent security
pp. 1467–1485, Feb. 2024. doi:10.1007/s12083-024-01657-3. trends in internet of things: A comprehensive survey,” IEEE Access,
[116] P. Mishra, V. Varadharajan, U. Tupakula, and E. S. Pilli, “A detailed vol. 9, pp. 113292–113314, 2021. doi:10.1109/access.2021.3103725.
investigation and analysis of using machine learning techniques for [133] H. Wu, H. Han, X. Wang, and S. Sun, “Research on artificial
intrusion detection,” IEEE Communications Surveys & Tutorials, intelligence enhancing internet of things security: A survey,” IEEE
vol. 21, no. 1, pp. 686–728, 2019. doi:10.1109/comst.2018.2847722. Access, vol. 8, pp. 153826–153848, 2020.
[117] M. Amiri-Zarandi, R. A. Dara, and E. Fraser, “A survey of machine doi:10.1109/access.2020.3018170.
learning-based solutions to protect privacy in the internet of things,” [134] P. Malhotra et al., “Internet of things: Evolution, concerns and security
Computers & Security, vol. 96, p. 101921, Sep. 2020. challenges,” Sensors, vol. 21, no. 5, p. 1809, Mar. 2021.
doi:10.1016/j.cose.2020.101921. doi:10.3390/s21051809 .
[118] Q. Liu et al., “A survey on security threats and defensive techniques of [135] R. Al-amri et al., “A review of machine learning and deep learning
Machine Learning: A data driven view,” IEEE Access, vol. 6, pp. techniques for anomaly detection in IOT Data,” Applied Sciences, vol.
12103–12117, 2018. doi:10.1109/access.2018.2805680. 11, no. 12, p. 5320, Jun. 2021. doi:10.3390/app11125320.
[119] K. A. P. da Costa, J. P. Papa, C. O. Lisboa, R. Munoz, and V. H. de [136] M. A. Alsoufi et al., “Anomaly-based intrusion detection systems in
Albuquerque, “Internet of things: A survey on machine learning-based IOT using Deep Learning: A Systematic Literature Review,” Applied
intrusion detection approaches,” Computer Networks, vol. 151, pp. Sciences, vol. 11, no. 18, p. 8383, Sep. 2021.
147–157, Mar. 2019. doi:10.1016/j.comnet.2019.01.023. doi:10.3390/app11188383.
[120] I. Idrissi, M. Azizi, and O. Moussaoui, “IOT security with deep [137] D. S. Berman, A. L. Buczak, J. S. Chavis, and C. L. Corbett, “A survey
learning-based intrusion detection systems: A systematic literature of Deep Learning Methods for Cyber Security,” Information, vol. 10,
review,” 2020 Fourth International Conference On Intelligent no. 4, p. 122, Apr. 2019. doi:10.3390/info10040122.
Computing in Data Sciences (ICDS), vol. 2019 july, pp. 1–10, Oct. [138] V. Gugueoth, S. Safavat, and S. Shetty, “Security of internet of things
2020. doi:10.1109/icds50568.2020.9268713. (IOT) using Federated Learning and deep learning — recent
[121] S. M. Tahsien, H. Karimipour, and P. Spachos, “Machine learning advancements, issues and prospects,” ICT Express, vol. 9, no. 5, pp.
based solutions for security of internet of things (IOT): A survey,” 941–960, Oct. 2023. doi:10.1016/j.icte.2023.03.006.
Journal of Network and Computer Applications, vol. 161, p. 102630, [139] J. Singh, M. Wazid, A. K. Das, V. Chamola, and M. Guizani,
Jul. 2020. doi:10.1016/j.jnca.2020.102630. “Machine learning security attacks and defense approaches for
[122] Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. emerging cyber physical applications: A comprehensive survey,”
Ahmad, “Network intrusion detection system: A systematic study of Computer Communications, vol. 192, pp. 316–331, Aug. 2022.
machine learning and Deep Learning Approaches,” Transactions on doi:10.1016/j.comcom.2022.06.012.
Emerging Telecommunications Technologies, vol. 32, no. 1, Oct. [140] M. Tayyab et al., “A comprehensive review on Deep Learning
2020. doi:10.1002/ett.4150. Algorithms: Security and privacy issues,” Computers & Security,
[123] N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, and P. Faruki, vol. 131, p. 103297, Aug. 2023. doi:10.1016/j.cose.2023.103297.
“Network intrusion detection for IOT security based on Learning [141] U. Farooq, N. Tariq, M. Asim, T. Baker, and A. Al-Shamma’a,
Techniques,” IEEE Communications Surveys & Tutorials, vol. “Machine learning and the internet of things security: Solutions and
21, no. 3, pp. 2671–2701, 2019. doi:10.1109/comst.2019.2896380. open challenges,” Journal of Parallel and Distributed Computing, vol.
[124] R. Vishwakarma and A. K. Jain, “A survey of ddos attacking 162, pp. 89–104, Apr. 2022. doi:10.1016/j.jpdc.2022.01.015.
techniques and defence mechanisms in the IOT network,” [142] vinayakumar R et al., Deep Learning for Cyber Security Applications:
Telecommunication Systems, vol. 73, no. 1, pp. 3–25, Jul. 2019. A comprehensive survey, Oct. 2021.
doi:10.1007/s11235-019-00599-z. doi:10.36227/techrxiv.16748161.v1.
[125] Q.-D. Ngo, H.-T. Nguyen, V.-H. Le, and D.-H. Nguyen, “A survey of
IOT malware and detection methods based on static features,” ICT

ISSN: 2395-0455 ©EverScience Publications 656

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
[143] J. Bian et al., “Machine learning in real-time internet of things (IOT) [160] B. Sharma, L. Sharma, C. Lal, and S. Roy, “Anomaly based network
systems: A survey,” IEEE Internet of Things Journal, vol. 9, no. 11, intrusion detection for IOT attacks using Deep Learning Technique,”
pp. 8364–8386, Jun. 2022. doi:10.1109/jiot.2022.3161050. Computers and Electrical Engineering, vol. 107, p. 108626, Apr. 2023.
[144] S. Bharati and P. Podder, “Machine and deep learning for IOT security doi:10.1016/j.compeleceng.2023.108626.
and privacy: Applications, challenges, and Future Directions,” Security [161] T. S. Chu, W. Si, S. Simoff, and Q. V. Nguyen, “A machine learning
and Communication Networks, vol. 2022, pp. 1–41, Aug. 2022. classification model using random forest for detecting ddos attacks,”
doi:10.1155/2022/8951961. 2022 International Symposium on Networks, Computers and
[145] I. H. Sarker, A. I. Khan, Y. B. Abushark, and F. Alsolami, “Internet of Communications (ISNCC), vol. 18, pp. 1–7, Jul. 2022.
things (IOT) security intelligence: A comprehensive overview, doi:10.1109/isncc55209.2022.9851797.
machine learning solutions and research directions,” Mobile Networks [162] M. Liu and L. Yang, “IOT network traffic analysis with Deep
and Applications, vol. 28, no. 1, pp. 296–312, Mar. 2022. Learning,” 2024 IEEE International Conference on Pervasive
doi:10.1007/s11036-022-01937-3. Computing and Communications Workshops and other Affiliated
[146] C. Alex, G. Creado, W. Almobaideen, O. A. Alghanam, and M. Events (PerCom Workshops), vol. 23, pp. 184–189, Mar. 2024.
Saadeh, “A comprehensive survey for IOT security datasets taxonomy, doi:10.1109/percomworkshops59983.2024.10502498.
classification and Machine Learning Mechanisms,” Computers & [163] E. Altulaihan, M. A. Almaiah, and A. Aljughaiman, “Anomaly
Security, vol. 132, p. 103283, Sep. 2023. detection ids for detecting DOS attacks in IOT networks based on
doi:10.1016/j.cose.2023.103283. machine learning algorithms,” Sensors, vol. 24, no. 2, p. 713, Jan.
[147] Z. T. Pritee et al., “Machine learning and deep learning for user 2024. doi:10.3390/s24020713.
authentication and authorization in cybersecurity: A state-of-the-art [164] A. Awajan, “A novel deep learning-based Intrusion Detection System
review,” Computers & Security, vol. 140, p. 103747, May 2024. for IOT Networks,” Computers, vol. 12, no. 2, p. 34, Feb. 2023.
doi:10.1016/j.cose.2024.103747. doi:10.3390/computers12020034.
[148] R. Priyadarshi, “Exploring machine learning solutions for overcoming [165] F. T. Zahra, Y. S. Bostanci, and M. Soyturk, “LSTM-based jamming
challenges in IOT-based Wireless Sensor Network Routing: A detection and forecasting model using transport and application layer
comprehensive review,” Wireless Networks, vol. 30, no. 4, pp. 2647– parameters in Wi-Fi based IOT Systems,” IEEE Access, vol. 12, pp.
2673, Feb. 2024. doi:10.1007/s11276-024-03697-2. 32944–32958, 2024. doi:10.1109/access.2024.3371673.
[149] S Fharis, “Securing the Dynamic Realm: A comprehensive review of [166] W. I. Khedr, A. E. Gouda, and E. R. Mohamed, “FMDADM: A multi-
ML algorithms in IOT-based home automation systems and beyond,” layer ddos attack detection and mitigation framework using Machine
International Journal of Emerging Trends in Engineering Research, Learning for stateful SDN-based IOT Networks,” IEEE Access, vol.
vol. 12, no. 1, pp. 1–7, Jan. 2024. doi:10.30534/ijeter/2024/011212024. 11, pp. 28934–28954, 2023. doi:10.1109/access.2023.3260256.
[150] S. A. Haifa Ali and J. Vakula Rani, “Attack detection in IOT using [167] S. M. Almeghlef, A. A.-M. AL-Ghamdi, M. S. Ramzan, and M.
machine learning—A survey,” Engineering Cyber-Physical Systems Ragab, “Application layer-based denial-of-service attacks detection
and Critical Infrastructures, pp. 211–228, 2023. doi:10.1007/978-3- against IOT-Coap,” Electronics, vol. 12, no. 12, p. 2563, Jun. 2023.
031-18497-0_16. doi:10.3390/electronics12122563.
[151] B. Upadhyaya, S. Sun, and B. Sikdar, “Machine learning-based [168] G. De La Torre Parra, P. Rad, K.-K. R. Choo, and N. Beebe,
jamming detection in wireless IOT Networks,” 2019 IEEE VTS Asia “Detecting internet of things attacks using distributed deep learning,”
Pacific Wireless Communications Symposium (APWCS), Aug. 2019. Journal of Network and Computer Applications, vol. 163, p. 102662,
doi:10.1109/vts-apwcs.2019.8851633. Aug. 2020. doi:10.1016/j.jnca.2020.102662.
[152] G. Liu et al., “Softwarized IOT network immunity against [169] Z. Ahmad et al., “Anomaly detection using Deep Neural Network for
eavesdropping with programmable data planes,” IEEE Internet of IOT Architecture,” Applied Sciences, vol. 11, no. 15, p. 7050, Jul.
Things Journal, vol. 8, no. 8, pp. 6578–6590, Apr. 2021. 2021. doi:10.3390/app11157050.
doi:10.1109/jiot.2020.3048842. [170] J. G. Almaraz-Rivera, J. A. Perez-Diaz, and J. A. Cantoral-Ceballos,
[153] A. Shafique, A. Mehmood, and M. Elhadef, “Detecting signal spoofing “Transport and application layer ddos attacks detection to IOT devices
attack in uavs using machine learning models,” IEEE Access, vol. 9, by using machine learning and Deep Learning Models,” Sensors, vol.
pp. 93803–93815, 2021. doi:10.1109/access.2021.3089847. 22, no. 9, p. 3367, Apr. 2022. doi:10.3390/s22093367.
[154] D. Marabissi, L. Mucchi, and A. Stomaci, “IOT nodes authentication [171] A. K. Pathak, S. Saguna, K. Mitra, and C. Ahlund, “Anomaly detection
and ID spoofing detection based on joint use of Physical Layer using machine learning to discover sensor tampering in IOT Systems,”
Security and machine learning,” Future Internet, vol. 14, no. 2, p. 61, ICC 2021 - IEEE International Conference on Communications, vol.
Feb. 2022. doi:10.3390/fi14020061. 20, pp. 1–6, Jun. 2021. doi:10.1109/icc42927.2021.9500825.
[155] A. Sharma et al., “An efficient hybrid deep learning model for denial [172] D. Marabissi, L. Mucchi, and A. Stomaci, “IOT nodes authentication
of service detection in Cyber Physical Systems,” IEEE Transactions on and ID spoofing detection based on joint use of Physical Layer
Network Science and Engineering, vol. 10, no. 5, pp. 2419–2428, Sep. Security and machine learning,” Future Internet, vol. 14, no. 2, p. 61,
2023. doi:10.1109/tnse.2023.3273301. Feb. 2022. doi:10.3390/fi14020061.
[156] Y. Chen et al., “Physical layer authentication for industrial control [173] B. Urooj, M. A. Shah, C. Maple, M. K. Abbasi, and S. Riasat,
based on convolutional denoising autoencoder,” IEEE Internet of “Malware detection: A framework for reverse engineered Android
Things Journal, vol. 11, no. 9, pp. 15633–15641, May 2024. applications through Machine Learning Algorithms,” IEEE Access,
doi:10.1109/jiot.2023.3347603. vol. 10, pp. 89031–89050, 2022. doi:10.1109/access.2022.3149053.
[157] S. Alangari, “An unsupervised machine learning algorithm for attack [174] J. Sakhnini, H. Karimipour, A. Dehghantanha, and R. M. Parizi,
and anomaly detection in IOT Sensors,” Wireless Personal “Physical layer attack identification and localization in cyber–physical
Communications, Feb. 2024. doi:10.1007/s11277-023-10811-8. grid: An ensemble deep learning based approach,” Physical
[158] H. Mrabet, S. Belguith, A. Alhomoud, and A. Jemai, “A survey of IOT Communication, vol. 47, p. 101394, Aug. 2021.
security based on a layered architecture of sensing and data analysis,” doi:10.1016/j.phycom.2021.101394.
Sensors, vol. 20, no. 13, p. 3625, Jun. 2020. doi:10.3390/s20133625. [175] M. Piva, G. Maselli, and F. Restuccia, “The tags are Alright,”
[159] W. Ding, M. Abdel-Basset, and R. Mohamed, “Deepak-IOT: An Proceedings of the Twenty-second International Symposium on
effective deep learning model for cyberattack detection in IOT Theory, Algorithmic Foundations, and Protocol Design for Mobile
networks,” Information Sciences, vol. 634, pp. 157–171, Jul. 2023. Networks and Mobile Computing, Jul. 2021.
doi:10.1016/j.ins.2023.03.052. doi:10.1145/3466772.3467033.

ISSN: 2395-0455 ©EverScience Publications 657

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
[176] M. Jacovic, X. R. Rey, G. Mainland, and K. R. Dandekar, “Mitigating [192] S. García, M. Grill, J. Stiborek, and A. Zunino, “An empirical
RF jamming attacks at the physical layer with machine learning,” IET comparison of botnet detection methods,” Computers & Security,
Communications, vol. 17, no. 1, pp. 12–28, Oct. 2022. vol. 45, pp. 100–123, Sep. 2014. doi:10.1016/j.cose.2014.05.011.
doi:10.1049/cmu2.12461. [193] M. Sarhan, S. Layeghy, N. Moustafa, and M. Portmann, “NetFlow
[177] M. S. Akhtar and T. Feng, “Detection of malware by Deep Learning as datasets for Machine Learning-based network intrusion detection
CNN-LSTM machine learning techniques in Real time,” Symmetry, systems,” Lecture Notes of the Institute for Computer Sciences, Social
vol. 14, no. 11, p. 2308, Nov. 2022. doi:10.3390/sym14112308. Informatics and Telecommunications Engineering, pp. 117–135, 2021.
[178] T. Gaber, A. El-Ghamry, and A. E. Hassanien, “Injection attack doi:10.1007/978-3-030-72802-1_9.
detection using machine learning for smart IOT Applications,” [194] Y. Meidan et al., “N-Baiot—network-based detection of IOT botnet
Physical Communication, vol. 52, p. 101685, Jun. 2022. attacks using deep autoencoders,” IEEE Pervasive Computing, vol. 17,
doi:10.1016/j.phycom.2022.101685. no. 3, pp. 12–22, Jul. 2018. doi:10.1109/mprv.2018.03367731.
[179] Q. Abu Al-Haija, M. Alohaly, and A. Odeh, “A lightweight double- [195] F. De Keersmaeker, Y. Cao, G. K. Ndonda, and R. Sadre, “A survey of
stage scheme to identify malicious DNS over HTTPS traffic using a public IOT datasets for Network Security Research,” IEEE
hybrid learning approach,” Sensors, vol. 23, no. 7, p. 3489, Mar. 2023. Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1808–
doi:10.3390/s23073489. 1840, 2023. doi:10.1109/comst.2023.3288942.
[180] G. M and P. H B, “Semantic Query-featured Ensemble learning model [196] S. Hanif, T. Ilyas, and M. Zeeshan, “Intrusion detection in IOT using
for SQL-injection attack detection in IOT-ecosystems,” IEEE artificial neural networks on UNSW-15 dataset,” 2019 IEEE 16th
Transactions on Reliability, vol. 71, no. 2, pp. 1057–1074, Jun. 2022. International Conference on Smart Cities: Improving Quality of Life
doi:10.1109/tr.2021.3124331. Using ICT & IoT and AI (HONET-ICT), Oct. 2019.
[181] P. Chaudhary, B. B. Gupta, and A. K. Singh, “Securing heterogeneous doi:10.1109/honet.2019.8908122.
embedded devices against XSS attack in intelligent IOT System,” [197] B. Susilo and R. F. Sari, “Intrusion detection in IOT networks using
Computers & Security, vol. 118, p. 102710, Jul. 2022. Deep Learning algorithm,” Information, vol. 11, no. 5, p. 279, May
doi:10.1016/j.cose.2022.102710. 2020. doi:10.3390/info11050279.
[182] J. Wang and J. Liu, “Deep learning for securing software-defined [198] I. Vaccari, G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso,
industrial internet of things: Attacks and countermeasures,” IEEE “MQTTset, a new dataset for machine learning techniques on Mqtt,”
Internet of Things Journal, vol. 9, no. 13, pp. 11179–11189, Jul. 2022. Sensors, vol. 20, no. 22, p. 6578, Nov. 2020. doi:10.3390/s20226578.
doi:10.1109/jiot.2021.3126633. [199] M. Sarhan, S. Layeghy, N. Moustafa, M. Gallagher, and M. Portmann,
[183] H. B. ul Haq and M. Saqlain, “An implementation of effective machine “Feature extraction for machine learning-based intrusion detection in
learning approaches to perform sybil attack detection (SAD) in IOT IOT networks,” Digital Communications and Networks, vol. 10, no. 1,
Network,” Theoretical and Applied Computational Intelligence, vol. 1, pp. 205–216, Feb. 2024. doi:10.1016/j.dcan.2022.08.012.
no. 1, pp. 1–14, Oct. 2023. doi:10.31181/taci1120232. [200] H. Nguyen and R. Kashef, “TS-ids: Traffic-aware self-supervised
[184] M. Albishari, M. Li, R. Zhang, and E. Almosharea, “Deep learning- learning for IOT network intrusion detection,” Knowledge-Based
based early stage detection (DL-ESD) for routing attacks in internet of Systems, vol. 279, p. 110966, Nov. 2023.
things networks,” The Journal of Supercomputing, vol. 79, no. 3, pp. doi:10.1016/j.knosys.2023.110966.
2626–2653, Aug. 2022. doi:10.1007/s11227-022-04753-4. [201] A. Arshad et al., “A novel ensemble method for enhancing internet of
[185] F. Mofidi, S. G. Hounsinou, and G. Bloom, “L-ids: A multi-layered things device security against botnet attacks,” Decision Analytics
approach to ransomware detection in IOT,” 2024 IEEE 14th Annual Journal, vol. 8, p. 100307, Sep. 2023.
Computing and Communication Workshop and Conference (CCWC), doi:10.1016/j.dajour.2023.100307.
vol. 13291, pp. 0387–0396, Jan. 2024. [202] N. Abdalgawad, A. Sajun, Y. Kaddoura, I. A. Zualkernan, and F.
doi:10.1109/ccwc60891.2024.10427870. Aloul, “Generative deep learning to detect cyberattacks for the IOT-23
[186] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards dataset,” IEEE Access, vol. 10, pp. 6430–6441, 2022.
the development of realistic botnet dataset in the internet of things for doi:10.1109/access.2021.3140015.
network forensic analytics: Bot-IOT dataset,” Future Generation [203] C. Okur, A. Orman, and M. Dener, “DDOS intrusion detection with
Computer Systems, vol. 100, pp. 779–796, Nov. 2019. machine learning models: N-Baiot Data Set,” Engineering Cyber-
doi:10.1016/j.future.2019.05.041. Physical Systems and Critical Infrastructures, pp. 607–619, 2023.
[187] N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for doi:10.1007/978-3-031-31956-3_51.
network intrusion detection systems (UNSW-NB15 Network Data [204] Z. K. Maseer et al., “DeepIoT.IDS: Hybrid deep learning for
Set),” 2015 Military Communications and Information Systems enhancing IOT network intrusion detection,” Computers, Materials
Conference (MilCIS), Nov. 2015. doi:10.1109/milcis.2015.7348942. & Continua, vol. 69, no. 3, pp. 3945–3966, 2021.
[188] N. Moustafa, “A new distributed architecture for evaluating AI-based doi:10.32604/cmc.2021.016074.
security systems at the edge: Network ton_iot datasets,” Sustainable [205] M. Ali et al., “Hybrid machine learning model for efficient botnet
Cities and Society, vol. 72, p. 102994, Sep. 2021. attack detection in IOT environment,” IEEE Access, vol. 12, pp.
doi:10.1016/j.scs.2021.102994. 40682–40699, 2024. doi:10.1109/access.2024.3376400.
[189] F. Jeelani, D. S. Rai, A. Maithani, and S. Gupta, “The detection of IOT
botnet using machine learning on IOT-23 Dataset,” 2022 2nd Authors
International Conference on Innovative Practices in Technology and Haifa Ali Saeed Ali received the Engineering of
Management (ICIPTM), Feb. 2022. Batcheler of Information Technology degree from
doi:10.1109/iciptm54933.2022.9754187. the Engineering College, University of Aden,
[190] H. Hindy et al., “Machine learning based IOT intrusion detection Yemen, in 2007, and MCA degree in Computer
system: An MQTT case study (MQTT-IOT-IDS2020 dataset),” Application from Visvesvaraya Technological
Lecture Notes in Networks and Systems, pp. 73–84, 2021. University (VTU), Belagavi, Karnataka, India, in
doi:10.1007/978-3-030-64758-2_6. 2017. She is currently a Ph.D. Research Scholar
[191] I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward with the Department of Computer Application,
generating a new intrusion detection dataset and intrusion traffic CMR. Institute of Technology (affiliated to VTU),
characterization,” Proceedings of the 4th International Conference on Bengaluru, India. She also working in Cyber
Information Systems Security and Privacy, 2018. Security, and IoT. Her area of interests includes
doi:10.5220/0006639801080116. Machine Learning, Deep Learning, Internet of Things (IoT), Cyber Security.

ISSN: 2395-0455 ©EverScience Publications 658

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2024/40 Volume 11, Issue 5, September – October (2024)
SURVEY ARTICLE
Dr. Vakula Rani J is a Professor and President of
the Institution Innovation Council at CMR
Institute of Technology, Bangalore. With over 26
years of teaching and research experience, she
specializes in Artificial Intelligence, Computer
Vision, Machine Learning, Deep Learning, and
Cloud Computing. Dr. Vakula has authored more
than 20 research papers published in reputed
international journals and conferences. She holds
two Australian patents, two Indian design patents,
and has filed & published eight Indian patents. A
reviewer for renowned Q1 and Q2 journals, she is also certified as an
Innovation Ambassador by the Ministry of Education, India. She severed as a
member of the Board of Studies and Board of Examiner at various
Universities. She is a recognized guide under VTU and guiding four Ph.D.,
research scholars. She is a Life member in leading National Professional
Societies ISC and ISTE.

How to cite this article:

Haifa Ali Saeed Ali, Vakula Rani J, “Machine Learning for Internet of Things (IoT) Security: A Comprehensive Survey”,
International Journal of Computer Networks and Applications (IJCNA), 11(5), PP: 617-659, 2024, DOI:
10.22247/ijcna/2024/40.

ISSN: 2395-0455 ©EverScience Publications 659