INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 03, MARCH 2020 ISSN 2277-8616

Classification For Iot Threats Based On The

Analytic Hierarchy Process
Islam Abdalla Mohamed, Anis Ben Aissa, Loay F. Hussein

Abstract: The Internet of Things technology make us depending on a machine to control a massive part of our life by collecting more personal
information. The data collected and stored with these devices such as your name, age, health data, location and more can aid cyberattack activity. The
first step to face these threats is to classify it and determine the risk according to different classes of users. This paper introduces classification to IoT
threats from a user perspective. The classification is done by collecting the opinion of 80 users divided into three classes. Our proposed classification is
done by AHP algorithm to calculate the weigh and determine the risk of each threat according to users classes. The result will contribute to create more
secure and reliable IoT services and systems.

Index Terms : analytic hierarchy process, Internet of Things, Quality of service, security risk, Threat.
——————————  ——————————

1 INTRODUCTION
A new chapter in the future of humanity started when the
Internet of Things (IoT) technology invaded our life. We live in
an era that guided by computers, which collect data from our
surrounded environment and then serve us according to it.
Nowadays, most devices such as televisions, thermostats,
sensors in your car, and medical devices are finding their way
online without our help. Many refer to this as the "Internet of
Things". The concept behind IoT idea involves a variety of
objects that can be connected using either wireless or wired
networks. These objects have a unique addressing scheme
that allows them to interact and cooperate to create novel
applications and services [1]. According to IoT security report
in 2018 from National Institute of Standers and Technology
(NIST) 25% firms reported security issues in IoT which lead to
damages cost of at least 34 million dollars in the last couple of
years. This number will increase with more security threats
arising every day, which led to different classification and
complex security measures [2].Ideally, one would like to have
a single classification for these threats. However, different
systems have different use and users. Also, most classification
is focused on threats nature but not the system users. It will be
unpractical to add more security layers to IoT massive system
without gaining the user trust to use the system. The core of
this study is to classifies IoT threats by determining the risk
according to the opinions of different users. To do that First,
we describe the IoT security threat and classify them. Then,
we collect the data needed for calculation using two
questionnaires. After that, the AHP algorithm is applied to find
the risk for every threat. Finally, a conclusion is presented to
summarise the main outcomes of this research.
2 RELATED WORK
The Internet of Things is one of the fastest-growing industry
and technology in the world of wireless Network
Telecommunication. The main objective of this technology is to
provide connectivity between heterogeneous network devices
[3]. Tuhin Borgohain,
____________________________________
• Islam Abdalla Mohamed, Department of Computer Science, Jouf
University, Saudi Arabia, [email protected].
• Anis Ben Aissa, Department of Computer Science, Jouf University,
Saudi Arabia, [email protected].
• Loay F. Hussein, Department of Computer Science, Jouf University,
Saudi Arabia [email protected].
IJSTR©2020
www.ijstr.org
Uday Kumar, and Sugata Sanyal have surveyed all security
flaws, along with an analysis of the privacy issues that an end-
user may face. They concluded that more security measures
should have existed before implementing IoT systems in our
daily life [4]. In [5] Jyoti Deogirikar and Amarsinh Vidhate
discuss the problem of building a secure IoT system.
Implementing different security measures could consume
more power, which is not practical, because of that, there is a
need for a security mechanism that handles maximum security
problems and be lightweight for robust IoT. In [6] Yang Lu, and
Li Da Xu Discuss what people need from IoT technology and
IoT cybersecurity. The complex structure of IoT led to
comprise data model, interfaces and protocol. In fact, we do
not have a standardised framework that can integrate data
models, ontology, and data formats with IoT protocols,
applications, and services. As a result, QoS (Quality of
service) research is needed to support the development of IoT
Data privacy and integrity. In [7] Mirza Abdur, Sajid Habib,
Muhammad Ali and Saleem Ullah have categorised twelve
threats to low-level attacks, medium-level attacks, high-level
attacks, and extremely high-level attacks according to their
effect and behaviour. The suggested solution will be difficult to
apply due to the different behaviour of threats and the
complexity of IoT. In [8] Se-Ra Oh and Young-Gab Kim
analysed three essential characteristics heterogeneity,
resource constraint and dynamic environment to find out basic
IoT security requirements. Based on six elements IoT network,
cloud, user, attacker, service and security requirements
evaluation is performed to be used as a guide to design
secure IoT systems. In [9], Peter Aufner discuss the gap
between threat modelling and frameworks in IoT security. By
quantitative three threats modelling framework STRIDE,
LINDDUN and CORAS three gaps in security research
founded. The first gap is between threats modelling
frameworks and IoT because frameworks developed during a
time when software could examine regard of hardware. The
second gap is between threats modelling frameworks and
common security research. Here, most research focuses on
frameworks without having a deep explanation of threats
modelling and possible attacks, which led to weakness and
confusing standards for IoT security. The third gap is between
security research and IoT itself. Most research focuses on IoT
software and network regards of the attacks that rise with new
devices deployed in IoT systems. In [10] Keon Chul Park and
Dong-Hee Shin proposed a new framework that integrates
fuzzy DEMATEL and fuzzy ANP to reflect dependence and
4860