Mobile Networks and Applications

https://doi.org/10.1007/s11036-022-01937-3

Internet of Things (IoT) Security Intelligence: A Comprehensive

Overview, Machine Learning Solutions and Research Directions
Iqbal H. Sarker1,2 · Asif Irshad Khan3 · Yoosef B. Abushark3 · Fawaz Alsolami3

Accepted: 12 December 2021

© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022

Abstract
The Internet of Things (IoT) is one of the most widely used technologies today, and it has a significant effect on our lives in
a variety of ways, including social, commercial, and economic aspects. In terms of automation, productivity, and comfort
for consumers across a wide range of application areas, from education to smart cities, the present and future IoT technolo-
gies hold great promise for improving the overall quality of human life. However, cyber-attacks and threats greatly affect
smart applications in the environment of IoT. The traditional IoT security techniques are insufficient with the recent security
challenges considering the advanced booming of different kinds of attacks and threats. Utilizing artificial intelligence (AI)
expertise, especially machine and deep learning solutions, is the key to delivering a dynamically enhanced and up-to-
date security system for the next-generation IoT system. Throughout this article, we present a comprehensive picture on
IoT security intelligence, which is built on machine and deep learning technologies that extract insights from raw data to
intelligently protect IoT devices against a variety of cyber-attacks. Finally, based on our study, we highlight the associated
research issues and future directions within the scope of our study. Overall, this article aspires to serve as a reference point
and guide, particularly from a technical standpoint, for cybersecurity experts and researchers working in the context of IoT.

Keywords Internet of Things · Cyber-attacks · Anomalies · Machine learning · Deep learning · IoT data analytics ·
Intelligent decision-making · Security intelligence

1 Introduction
The Internet of Things (IoT) is one of the most widely used
technologies today and is often described as a connected
network of heterogeneous components enabling intelli-
gent systems and services that detect, capture, distribute,
and analyze data. Things in the IoT devices refer to smart
devices, such as sensors, smartwatches, smart refrigerators,
smoke detectors, radio frequency identification (RFID),
heartbeat monitors, accelerometers, smartphones, and so
* Iqbal H. Sarker
[email protected]
1
Swinburne University of Technology, Melbourne VIC‑3122,
Australia
2
Department of Computer Science and Engineering,
Chittagong University of Engineering & Technology,
Chittagong 4349, Bangladesh
3
Computer Science Department, Faculty of Computing
and Information Technology, King Abdulaziz University,
Jeddah 21589, Saudi Arabia
on, that collect and transmit data. The number of connected
things in IoT systems is increasing day by day. For instance,
there will be about 20.4 billion connected things globally in
2022, compared to 8.4 billion connected things in 2020 [57].
The IoT has a significant effect on our lives in a variety of
ways, including social, commercial, and economic aspects.
In terms of growing the digital economy, the IoT sector is
projected to grow in revenue from 892 billion in 2018 to 4
trillion by 2025 [57]. The IoT enables large-scale techno-
logical advancements and value-added services in a variety
of areas of our lives, including smart homes, smart cities,
transportation, logistics, smart health, retail, agriculture, and
business, as well as smart metering, remote monitoring, and
process automation. In terms of automation, performance,
and comfort, current and future IoT applications and services
have tremendous potential for enhancing consumer quality
of life. However, in the context of IoT, numerous sorts of
cyber-attacks and threats are viewed as challenging prob-
lems to the expansion of IoT. Therefore, this paper focuses
primarily on IoT security intelligence to effectively protect

13
Vol.:(0123456789)

systems and applications from a variety of cyber-attacks and
threats in IoT.
The most basic need in the IoT network is to protect all
of the systems, apps, and connected devices. IoT networks’
massive size introduces new challenges in a variety of areas,
including device management, data management, comput-
ing, security, and privacy, etc. As the IoT grows, various
security concerns are being raised as potential threats.
Without a trusted system, the emerging IoT applications,
such as those mentioned above, will be unable to meet the
needs of people and society and may lose all their potential.
Typically, IoT systems operate on several layers, including
the perception or sensing layer, the networking, and data
communication layer, the middleware or support layer, and
the application layer. These layers are briefly discussed in
Section 3. Each of these layers has a unique set of tasks and
relevant technologies to perform in an IoT application, and
each layer brings a new set of issues and security risks. For
example, denial of service (DoS) attacks, spoofing attacks,
jamming, eavesdropping, data tampering, a man in the mid-
dle attacks, and malicious, etc. are the most common IoT
attacks [137]. Thus, depending on the nature of the security
issues, potential IoT security solutions such as authentica-
tion, access control, threat and risk prediction, malware
analysis, anomaly or intrusion detection, and prevention,
etc, could be useful. Due to the advanced boom in security
threats and attacks, and complexity in security incidents, the
conventional techniques for dealing with them are no longer
effective. Therefore an intelligent security system based on
modern technologies that can address these security con-
cerns is urgently required to protect the next-generation IoT
system.
Artificial Intelligence (AI) is one of the most important
technologies for developing intelligent systems, and it is
considered to be a part of the Fourth Industrial Revolution
(4IR) [119, 130] as well. Thus, utilizing AI knowledge, par-
ticularly, machine and deep learning, we can detect anoma-
lies or unwanted malicious activities in the IoT, and, as a
result, offer a dynamic security solution that is constantly
improved and up to date. Typically, machine or deep learn-
ing models comprise a set of rules, methods, or complex
transfer functions that extract useful insights or interesting
data patterns from the security data [122]. Thus, it is possi-
ble to utilize the resultant security models to train machines
to predict threats or risks at an early stage, or to identify
anomalies in IoT to develop an appropriate defensive policy.
Based on information gathered so far from the literature on
these technologies and their use in the IoT environment, the
contribution of this article is summarized as follows:
– This study concentrates on the knowledge of artificial
intelligence, particularly, machine and deep learning-
based IoT security solutions with their effectiveness.
13
Mobile Networks and Applications
– We discuss IoT environment, various IoT security chal-
lenging issues, IoT systems with various layers, and asso-
ciated security issues in each layer, to highlight the scope
of this study.
– We present different machine learning techniques as well
as deep learning architectures and techniques, and their
usage for intelligent security modeling to solve the secu-
rity problems, in the environment of IoT.
– Finally, we explore the issues that have been encountered,
as well as potential research opportunities and future
directions, to secure and trust IoT networks and systems.
The remainder of the paper is carried out as follows: The
Section 2 discusses the domain’s history and reviews related
work. We discuss IoT system architectures with different
layers and the associated security issues in each layer in Sec-
tion 3. We present various machine and deep learning-based
security solutions in the IoT environment in Section 4. The
challenges faced, as well as prospective study opportunities
and future directions, are highlighted in Section 5, and the
work is concluded in Section 6.
2 Background and Related Work
In this section, we make a comprehensive literature review
on the IoT environment with various application areas,
IoT security challenging issues, and recent IoT security
approaches including machine learning techniques, and
highlight the scope of our study.
2.1 The IoT Paradigm
The Internet of Things (IoT) represents a paradigm shift
in information technology. The term ‘Internet of Things,’
which is also abbreviated as IoT, is composed of two key
words: the first is ‘Internet,’ and the second is ‘Things’,
where the Things are defined as smart devices or objects.
The Internet of Things (IoT) is one of the emerging
smart technologies for the Fourth Industrial Revolution (or
Industry 4.0), which represents the ongoing automation of
traditional manufacturing and industrial practices [130].
The IoT refers to a network of interconnected, internet-
connected devices that may collect and send data over a
wireless network without the need for human intervention.
Several organizations and research groups describe IoT
and smart environments in a variety of ways and from a
variety of perspectives. For instance, Thiesse et al. [141]
define the IoT as “consisting of hardware items and digi-
tal information flows based on RFID tags”. The Institute
of Electrical and Electronics Engineers (IEEE) defines
the IoT as a “collection of items with sensors that form
a network connected to the Internet” [93]. The European
Mobile Networks and Applications
Telecommunications Standards Institute (ETSI) defines
“machine-to-machine (M2M) communications as an auto-
mated communications system that makes decisions and
processes data operations without direct human interven-
tion” [72]. Cisco (San Francisco), which is well-known as
the worldwide leader in IT, networking, and cybersecurity
solutions, has summarized the IoE (Internet-of-everything)
concept “as a network that consists of people, data, things,
and processes” [36].
The RFID (Radio Frequency Identification) group
defines the “IoT as the worldwide network of intercon-
nected objects uniquely addressable based on standard
communication protocols” [143]. According to Cluster of
European research projects on the IoT [133] - “Things are
active participants in business, information and social pro-
cesses where they are enabled to interact and communicate
among themselves and with the environment by exchang-
ing data and information sensed about the environment
while reacting autonomously to the real/physical world
events and influencing it by running processes that trigger
actions and create services with or without direct human
intervention”. Gubbi et al. [50] define “IoT is the inter-
connection of sensing and actuating devices providing the
ability to share information across platforms through a uni-
fied framework, developing a common operating picture
for enabling innovative applications”. Atzori et al. [29]
define IoT in three paradigms such as internet-oriented
(middleware), things-oriented (sensors), and semantic-
oriented (knowledge).
In general, the IoT’s main pillars are as follows: smart
devices, data, analytics, and connectivity. Thus, the IoT
can be defined as a network of connected heterogeneous
components that can sense, collect, transmit, and analyze
data over a wireless network to enable intelligent deci-
sion making and services aimed at improving the qual-
ity of human life, where the Things are defined as smart
Fig. 1  Total connected IoT
devices and global IoT market
so far and future prediction
devices or objects such as sensors, smartwatches, and
smartphones, etc.
2.2 IoT‑based Smart Environments
A smart environment is typically a world, where the sensors
and computing devices are integrated with everyday objects
through a connected network to enhance the comfort and
efficiency of human life. Ahmed et al. [23] state that “the
term ‘smart’ refers to the ability to autonomously obtain and
apply knowledge, and the term ‘environment’ refers to the
surroundings”. According to Belissent et al. [32], “a smart
environment uses information and communications tech-
nologies to make the critical infrastructure components and
services of a city’s administration, education, healthcare,
public safety, real estate, transportation and utilities more
aware, interactive and efficient”. Recent developments in IoT
have elevated it to the status of technology for creating smart
environments, such as intelligent cities, intelligent health-
care systems, intelligent building management systems, etc.
Figures 1, and 2 depicted a graphical depiction of the total
number of connected IoT devices and the worldwide IoT
market [137], as well as the potential economic impact and
projected market share of dominant IoT applications by 2025
[24].
The goal of such smart environments is to provide ser-
vices based on data acquired by IoT-enabled sensors using
intelligent methods, which has a significant impact on our
lives [124] in various dimensions, such as social, com-
mercial, as well as economic. According to the statistics
of Navigant Research mentioned in Elrawy et al. [43], the
global smart city services market is expected to be 225.5
billion US dollars by 2026, while 93.5 billion US dollars in
2017. A range of factors, such as usable bandwidth, serv-
ing an increasing number of users and smart objects in IoT
networks, managing large volumes of data, scalable com-
puting systems, such as cloud computing, etc., need to be
13

Fig. 2  Potential economic
impact and projected market
share of dominant IoT applica-
tions by 2025
considered in the implementation of the IoT paradigm for
building smart environments, e.g. smart cities, for the quality
of services of smart environment applications [136].
2.3 What Makes IoT Security Challenging?
Many personal and commercial equipment are becoming
“smart” as the digital revolution takes hold. On IoT net-
works, traditional security and privacy approaches may fail.
The dynamic nature of IoT connectivity introduces a new set
of security challenges. The following are some examples:
– Heterogeneity: IoT intends to connect a huge number of
heterogeneous devices [82] to enable advanced applica-
tions that can improve human life quality. As a result, IoT
devices come in a variety of shapes and sizes, resulting
in a diverse set of hardware and software schemes.
– Volume: In IoT, a large number of devices, i.e., billions
of smart devices [57], are interconnected, which are cou-
pled with the high volume, velocity, and structure of real-
world data.
– Inter-connectivity: The IoT refers to the interconnection
between devices, the information they send and receive
to one another, like a conversation. Thus, IoT networks
are accessed with the nature of any time, and anywhere
[82].
– Structure and vulnerability: Various types of attacks,
such as cookie theft, cross-site scripting, structured query
language injection, session hijacking, and often distrib-
uted denial of service, are vulnerable to IoT devices. On
a large, self-organized IoT network, the vulnerability to
distributed denial of service attacks typically grows [57].
– Dynamism: As IoT devices are continually removed
and added, the nature of the network reconfiguration is
dynamic and must be adaptable [82].
13
Mobile Networks and Applications
– Proximity: In short-range communications, ad hoc net-
works may rely on local devices. Proximity means that
an IoT-enabled object changes and behaves according to
the current location [34].
– Latency and reliability: The main challenges in indus-
trial IoT networks include low-latency and high-reliabil-
ity wireless communication. Sensitive applications like
surgical devices, assembly line production, and traffic
monitoring, etc. require high-reliable, and low-latency
communication [89].
– Cost, resource, and energy consumption: An IoT device
is a piece of hardware with a sensor that transmits data
from one place to another over the Internet. The systems
should be configured to reduce needed resources as well
as costs due to a large number of sensors in a complex
system application [82].
– Security and privacy protection: Consumer and propri-
etary data must be secured and protected, particularly in
sensitive domains, such as healthcare applications [82].
– Intelligent decision-making : For many IoT applications,
sophisticated decisions should be intelligent, according
to the preferences of the users, and must be made in real-
time.
Although most of these issues are shared by many Internet
access points, the constraints of IoT devices, as well as the
dynamic nature and complexity of the environment in which
they operate, magnify many of these concerns beyond the
scope of traditional security capabilities.
2.4 Related work and the Scope of this Study
Several studies have been done on IoT security. For instance,
the authors in [68] present a survey of IoT security issues,
where they review and categorize the popular security
issues, such as attacks, threats, concerning the IoT layered
Mobile Networks and Applications
architecture, networking, communication, and management.
Another study on IoT security has been presented in [94].
The authors in [153] present several research challenges
and opportunities related to IoT security, where they have
considered the general security background of IoT. In [56],
an overview of the current status of IoT security research,
as well as associated tools like IoT modelers and simula-
tors, was presented. In [91], the authors provide an overview
of security concepts, technological and security concerns,
viable solutions, and prospective approaches for safeguard-
ing the IoT. They give their analysis of the current state
and issues of IoT security in their survey, which takes into
account three layers of architecture: perception layer, net-
work layer, and application layer. The authors of [57] under-
take an IoT security survey that takes into account applica-
tion domains, security threats, and solution architectures.
A taxonomy on IoT vulnerabilities, attack vectors, attacks
that exploit such vulnerabilities, and corresponding method-
ologies, has been presented in [99]. In [26], a study on IoT
security is presented by the authors, which focuses on the
most recent IoT security threats and vulnerabilities identified
via a thorough assessment of current IoT security studies.
In addition to these surveys, many research on machine
learning have been conducted. For example, in the paper
[145], the authors explore the threat model for IoT systems
and evaluate IoT security solutions based on machine-learn-
ing methods like supervised learning, unsupervised learning,
and reinforcement learning. They explore methods to data
privacy protection that use learning-based IoT authentica-
tion, access control, secure offloading, and malware detec-
tion. The authors examine the security requirements, attack
vectors, and other discussions in [61], focused on computer
learning for the IoT networks. In [25], a survey of computer
and deep learning techniques for IoT security was presented.
In [154], the impact of IoT new features on protection and
privacy considering new threats, existing solutions and
challenges was addressed. In order to construct data-driven
security systems employing machine and deep learning tech-
niques, it’s important to understand the nature of data includ-
ing various forms of cyber threats and related features. There
are several such datasets exist in the area of cybersecurity.
Hence, we have summarized as NSL-KDD [139], UNSW-
NB15 [97], DARPA [85, 147], CAIDA [3, 4], ISOT’10 [13,
14], ISCX’12 [5, 128], CTU-13 [10], CIC-IDS [9], CIC-
DDoS2019 [6], MAWI [64], ADFA IDS [146], CERT [48,
84], EnronSpam [12], SpamAssassin [17], LingSpam [15],
DGA [1, 2, 11, 151], Malware Genome project [155], Virus
Share [18], VirusTotal [19], Comodo [7], Contagio [8],
DREBIN [74], Microsoft [16], Bot-IoT [71]. The machine
and deep learning based model can be built utilizing these
datasets, according to the problem domain. For instance, a
neural network based deep learning model is used to build
an intrusion detection model utilizing NSL-KDD dataset
[45]. In [38], the authors use several such NSL-KDD [139],
UNSW-NB15 [97], CIC-IDS [9], while analyzing their
machine learning-based network intrusion detection model
for IoT security.
Unlike the previous studies, this paper focuses on artifi-
cial intelligence knowledge, particularly machine and deep
learning-based IoT security solutions. For this, we present
different machine learning techniques as well as deep learn-
ing architectures and techniques, and their usage for intel-
ligent security modeling to solve the security problems, in
the context of IoT.
3 IoT System Architectures and Security
Issues
In this section, we first highlight the attack surface areas of
the IoT, and then we summarize the security issues through
the overall architecture of an IoT system.
3.1 IoT Attack Surface Areas
In the following, we summarize surface areas for IoT attacks,
or areas where threats and vulnerabilities can exist in IoT
systems and applications. These are:
– Devices: IoT devices are one of the most common ways
that cyberattacks are initiated. Memory, firmware,
the physical interface, the web interface, and network
resources are all aspects of an IoT system that can be
vulnerable. Attackers can take advantage of vulnerable
update systems, outdated components, and risky default
settings, among other things.
– Communication channels: Attacks against IoT compo-
nents could originate via the communication channels
that link them to one another. Protocols used in IoT sys-
tems could have security vulnerabilities that could com-
promise the whole system. IoT systems are vulnerable to
well-known network attacks, such as denial of service
(DoS) and spoofing, which may cause significant dam-
age.
– Applications and software: Vulnerabilities in the web
applications and associated software of IoT devices might
cause systems to be compromised. Web apps, for exam-
ple, can be used to steal user credentials or to distribute
malicious firmware upgrades.
3.2 Architectures and Security Issues
Based on the IoT attack surface areas highlighted above,
in this section, we summarize the security issues through
the overall architecture of an IoT system. Several architec-
tures for IoT have been proposed by different researchers and
13

research groups. Conventional IoT architecture is considered
to have three layers, such as the perception layer, the network
layer, and the application layer [91]. However, the support or
middleware layer is considered as an important layer later,
according to the needs for data processing and intelligent
decision making, which lies between the network layer and
the application layer. In several cases, the IoT architectures
are based on a network layer and a support layer according to
the needs. Furthermore, the concept of cloud computing for
the support layer has been included in some studies of IoT
systems. In this paper, we take into account the most popular
four-layered IoT architecture, such as the perception layer,
the networking, and data communication layer, middleware
layer, and the application layer, shown in Fig. 3, while dis-
cussing the security threats and attacks in the domain of IoT
security.
– Security Issues at Perception or Sensing Layer: The per-
ception layer is a hardware layer consisting of physical
devices and sensors in different forms, thus also known
Fig. 3  Various security issues at
different layers namely, the per-
ception, network, middleware,
and application layers of IoT
architecture and systems, which
are needed to handle intelli-
gently for secured IoT applica-
tions and services in various
real-world scenarios
13
Mobile Networks and Applications
as the sensing layer. These devices or sensors such as
mechanical, electrical, electronic, or chemical sensors,
are connected with the physical world to capture differ-
ent kinds of information according to the particular IoT
applications. WSN, RFID, and other types of sensing and
identifying systems are the key technologies employed in
the perception layers [140]. There are four major cyber-
security issues: i) wireless signal strength; ii) sensor node
exposure in IoT devices; ii) dynamic nature of IoT topol-
ogy; and iv) communication, computation, storage, and
memory constraints, exist in this layer [87, 98]. To defend
the IoT network, this layer employs three popular mecha-
nisms as node authentication, lightweight encryption and
the access control mechanism [87]. Many attacks and
crimes target the confidentiality of the perception layer
that is common in practice. Examples include node cap-
turing, malicious code, fake data injection, replay attacks,
side-channel attacks, etc. [57]. For example, a node cap-
turing attack can cause a node to stop delivering genuine
data, destroying the entire network and even compro-
Mobile Networks and Applications
mising the security of the entire IoT application. False
data or malicious code injection attacks might produce
false results and cause the IoT application to malfunction.
Eavesdropping, often known as sniffing or snooping, is a
type of attack that uses unsecured network communica-
tions to acquire data in transit between devices. A replay
attack is defined as spoofing, changing, or repeating the
identifying information of smart devices in an IoT net-
work. A time attack occurs when an attacker steals the
encryption key associated with time and other critical
data [129]. Aside from direct attacks on the nodes, a vari-
ety of side-channel attacks may result in sensitive data
being leaked.
– Security Issues at Networking and Data Communica-
tions Layer: The main purpose of this layer is to trans-
mit the information collected by the perceptual layer, as
described above. At this layer, cutting-edge technologies
such as Wi-Fi, LTE, Bluetooth, 3G/4G, ZigBee, and
others are used to operate cloud computing platforms,
Internet gateways, switching, and routing devices, among
other things [87]. At this layer, the most important cyber-
security issues are confidentiality, privacy, and compat-
ibility. At this layer, attackers have a high probability of
evidencing criminal activity through phishing, distrib-
uted denial-of-service (DDoS/DoS), data transit attacks,
routing attacks, identity authentication, and encryption,
among other methods [51, 57]. For example, this layer
of IoT is extremely vulnerable to phishing attacks, which
aim to steal personal data such as credit card and login
information or to infect victims’ devices with malware
[57]. Access attack, also known as an advanced persistent
threat, occurs when an unauthorized individual or adver-
sary gains access to the IoT network because IoT apps are
constantly receiving and transferring valuable data. The
most prevalent and destructive attacks on a network are
denial of service (DoS) and distributed denial of service
(DDoS) attacks, which cause network resources to be
exhausted and service to be unavailable. Furthermore,
attackers may use routing attacks like sinkhole attacks,
wormhole attacks, and others to reroute routing paths
during data transmission.
– Security Issues at Middleware or Support Layer: It’s a
layer of software that exists between the network and the
application. As a result, this layer is usually in charge
of IoT device service management, as well as data pro-
cessing and intelligent operations on data with decision-
making. It can be seen as a dependable support platform,
similar to the cloud [50], that makes this layer in the
IoT system easier to use. In several cases, the more dis-
tributed fog computing technologies have been used to
replace the centralized cloud environment, resulting in
improved performance and faster response times [35].
At this level, the authenticity, integrity, and confidential-
ity of all transmitted data should be checked and main-
tained [87]. Although the middleware layer is essential
for delivering a secure and dependable IoT application, it
is also vulnerable to attacks such as insider attacks, man-
in-the-middle attacks, SQL injection attacks, signature
wrapping attacks, cloud malware injection, cloud flood-
ing attacks, and so on [57, 73]. Internal attackers inten-
tionally modify and extract data or information within the
network in a malicious inside attack [81]. Through a SQL
injection attack, an attacker can include malicious SQL
queries in a program to obtain sensitive data from any
user and even change database records. A virtualization
attack occurs when a virtual machine is harmed and its
effects spread to other virtual machines. Cloud malware
injection allows an attacker to take control of a cloud,
inject malicious code, or even implant a virtual machine
into a cloud. Cloud flooding attacks, which increase the
workload on cloud servers, may have a significant impact
on cloud servers.
– Application layer: The application layer is responsible
for controlling the overall management of IoT apps that
interact with users in a personalized way. A personal
computer, smartphone, or any smart object or device
that can utilize IoT services via Internet connectivity can
serve as the interface. In numerous application domains,
such as smart homes, smart cities, industrial, building,
and health applications, the application layer is depend-
ent on the information processed in the middleware layer
[69]. Different applications may have different levels of
security needs, depending on the application environment
and the necessity. As an example, the security method
used in online banking should be more secure than the
one used in exchanging climate change forecast infor-
mation. Many security issues must be addressed at the
application layer, including access control attacks, mali-
cious code attacks, sniffing attacks, reprogram attacks,
data breaches, service interruption attacks, application
vulnerabilities, and software bugs, to name a few exam-
ples [57, 75]. In the application layer, malicious data is
transferred and exchanged amongst smart devices at the
application layer. Practitioners and academics have major
issues in protecting data privacy and security as well as
identifying things. The attacker injects malware into the
system via the use of viruses, worms, Trojan horses, and
spyware to deny service, manipulate data, and/or gain
access to confidential data [149]. Service interruption
attacks, often known as DDoS attacks, prevent genuine
consumers from using IoT applications by intentionally
making servers or networks too busy to respond. Attack-
ers may use sniffer programs to monitor network traffic
in IoT applications to get access to confidential user data.
An attacker might quickly destroy a system in an unau-
thorized access attack by restricting access to IoT-related
13

services or destroying existing data [87]. Furthermore,
attackers may attempt to remotely reprogram IoT devices,
which might result in the IoT system being hacked.
As discussed above, several security threats and attacks
might happen in each layer of an IoT system. In addition,
Zero-day attack [27, 33, 126] that is used to refer to the
threat posed by an unknown security [95, 127], are consid-
ered as the serious potential security threats. Thus, an in-
depth analysis of detecting these cyber-attacks is important,
where the knowledge of artificial intelligence, particularly,
machine learning methods as well as deep learning archi-
tectures or techniques can be considered as a good solution
in securing the system from such anomalies in the domain
of IoT security.
4 Machine and Deep learning Techniques
in IoT Security Solutions
Machine and deep learning techniques are well-known as
AI techniques that can help the IoT devices to learn from
the experience representing as data, and behave accordingly.
The learning models are often comprised of a set of rules,
procedures, or sophisticated ‘transfer functions’ that may
Fig. 4  Illustration of the
potential role of the machine
learning and deep learning
methods while building data-
driven model for IoT security
intelligence
13
Mobile Networks and Applications
be used to uncover relevant security incident trends in IoT
data, as well as recognize and predict behavior [42]. As a
result, in an IoT context, both machine learning and deep
learning can operate in dynamic IoT networks without the
requirement for human or user intervention. The potential
role of machine learning and deep learning techniques in
developing a data-driven model for IoT security intelligence
is shown in Fig. 4. Several machine learning methods can be
used to learn from IoT security data, including classification
and regression analysis, clustering, rule-based methods, fea-
ture optimization methods [114], and deep learning methods
based on artificial neural networks, such as the multi-layer
perceptron network, convolutional network, recurrent net-
work, etc. [112, 113]. Thus, in the following section, we will
discuss how different machine and deep learning methods
can be applied to security solutions in the context of IoT.
4.1 Classification and Regression Techniques
In the area of machine learning, both classification and
regression methods are well-known and widely used. A clas-
sification task in IoT security is usually defined as predicting
a fixed discrete value/category, such as [anomaly, normal] or
[attack-1, attack-2, attack-3, etc.] outcome, whereas a regres-
sion work is defined as predicting a continuous or numeric
Mobile Networks and Applications
value, such as the impact of attacks. Several popular classifi-
cation techniques, such as k-nearest neighbors [22], support
vector machines [67], navies Bayes [65], adaptive boost-
ing [46], and logistic regression [78], decision tree [105],
IntrudTree [115], BehavDT [117], ensemble learning such
as random forests [37], exist that can categorize security
incidents in order to address different IoT security issues,
including intrusion or attack detection, malware analysis,
and anomaly or fraud detection in IoT.
For instance, the support vector machine classification
technique is used in profiling abnormal behavior of IoT
devices [80], and for detecting android malware for reli-
able IoT services [53]. Random forest technique is used to
detect anomalies [39, 103], denial of service attack [41], IoT
intrusion detection service [96, 106], smart city anomaly
detection [28] etc. Similarly, a naive Bayes based classifica-
tion model is used to detect anomalies [135], and a logistic
regression-based method to detect malicious IoT botnets [31,
104]. On the other hand, a regression model is useful for
predicting attacks quantitatively or to predict the impact of
an attack, such as worms, viruses, or other malicious soft-
ware [62]. Similarly, a quantitative security model, e.g.,
phishing in a certain period or network packet parameters,
regression techniques could be useful [122]. Several popular
regression techniques such as Linear, Logistic, Polynomial,
Ridge, Lasso, regression trees, Principal components, Elas-
ticNet, Poisson, Negative binomial, Stepwise, Partial least
squares regression [144] etc. exist that can be used to build
the quantitative security model according to their work-
ing principle in machine learning. For instance, the linear
regression-based model is used to identify the cyber attack
origin [76], and multiple regression analysis is used for cor-
relating human traits and cybersecurity behavior intentions
[49]. Similarly, regression regularization methods such as
Lasso, Ridge, or ElasticNet, can enhance security attacks
analysis to get a better outcome considering the high dimen-
sionality of IoT security data [52].
Thus, we can conclude that the classification techniques
can be used to build the prediction and classification model
[123] utilizing the relevant data in the domain of IoT secu-
rity, while the regression technique is mainly the impact of
the model [62] through determining the predictor strength,
time-series causes, or the effect of the relations, considering
the security attributes and the outcome.
4.2 Clustering Techniques
In machine learning, clustering is another popular task for
analyzing IoT security data, which is considered unsuper-
vised learning. It can cluster or create groups of a set of
data points based on the measurement for similarity and dis-
similarity in the security data generated by IoT devices from
diverse sources. Thus, clustering could contribute to the
discovery of hidden patterns and structures in data, allow-
ing for the detection of abnormalities or attacks in IoT. Parti-
tion, Hierarchy, Fuzzy Theory, Distribution, Density, Graph
Theory, Grid, Fractal Theory, and other perspectives can be
used to cluster data. [148]. K-means [90], K-medoids [107],
single linkage [131], complete linkage [132], agglomera-
tive clustering, bottom-up BOTS [118], DBSCAN, OPTICS,
Gaussian Mixture Model [148], are the popular concepts of
clustering algorithms. These clustering techniques can be
used to solve various IoT security problems. For instance,
the k-Means algorithm is used in profiling the abnormal
behavior of IoT devices [80]. A dynamic threshold-based
approach can be used to detect the outlier or noisy instances
in data [110]. A fuzzy clustering approach is used in IoT
intrusion detection [86]. To analyze system log data for
cybersecurity applications clustering approaches are use-
ful to extract useful insights or knowledge [77]. Thus, by
uncovering hidden patterns and structures in IoT security
data, the clustering techniques can play a significant role
through measuring the behavioral similarity or dissimilarity,
to solve various security problems, such as outlier detection,
anomaly detection, signature extraction, fraud detection,
cyber-attack detection, etc. in the domain of IoT.
4.3 Rule‑based Techniques
A rule-based system extracting rules from data, can mimic
human intelligence, which is a system that applies rules to
make an intelligent decision [111]. Thus, rule-based systems
can play a significant role in IoT security through learning
security or policy rules from data [119]. Association rule
learning is a prominent method of discovering associations
or rules among a set of available attributes in a security data-
set in the field of machine learning [20]. Several types of
association rules have been proposed in the area, such as fre-
quent pattern based [21, 60, 88], tree-based [55], logic-based
[44], fuzzy-rules [138], belief rule [156] etc. The rule learn-
ing techniques such as AIS [20], Apriori [21], Apriori-TID
and Apriori-Hybrid [21], FP-Tree [55], Eclat [152], RARM
[40] exist that can be used to solve IoT security problems
and intelligent decision making. For instance, an association
rule-mining algorithm-based network intrusion detection has
been presented in [125]. Moreover, fuzzy association rules
are used to build a rule-based intrusion detection system
[138]. To analyze IoT malware activities, an FP-tree associa-
tion rule-based study has been conducted in [100].
Although a rule-based approach is easy to adopt, it has
high time complexity because of generating a huge num-
ber of associations or frequent patterns depending on the
support and confidence values, and consequently, make the
model complex [21, 137]. An effective association model
could minimize this issue. For instance, in our earlier paper,
Sarker et al. [121], we present a rule learning approach that
13

effectively discovers the association rules that are non-
redundant and reliable, and thus could play a significant role
in the domain of IoT security as well. The rules can also be
used to build knowledge-based systems or rule-based expert
systems [120] to solve more complex security problems in
IoT. Each of these systems consists of a set of policy rules to
define the scope of what kind of activities should be allowed
on a network, where each rule is either explicitly allow or
deny. Even new zero-day attacks are blocked that utilize
rule-driven controls or filters security policy monitoring.
4.4 Security Feature Optimization and Principal
Component Analysis
For an effective IoT security system based on the machine
learning approach, security feature engineering and opti-
mization are considered key issues in IoT cyber threat
landscape. The reason is that the security features and cor-
responding IoT data directly influence the machine learning-
based security models and thus a data dimensionality reduc-
tion technique is important [102]. Feature engineering is the
general term used to construct and modify security attributes
or variables to effectively develop machine learning-based
security models [114]. As today’s IoT security datasets may
include features that are less relevant or not at all impor-
tant, effectively modeling cyber attacks or abnormalities is
challenging. A security model with these qualities can lead
to several issues, including excessive variance, overfitting,
high computing cost and model preparation, and a lack of
generalization, all of which can degrade prediction accuracy
[115]. Thus an optimal number of security features selection
based on their impact or importance [115] could minimize
such issues while building an IoT security model with high
dimensional data sets. Several approaches such as wrapper
methods such as recursive feature elimination, forward fea-
ture selection; filter methods such as Pearson correlation,
chi-squared test, analysis of variance test; or embedded
methods such as regularization, Lasso, Ridge, or ElasticNet,
tree-based feature importance [114] can be used. Along with
feature selection, principal component analysis (PCA) [114]
is utilized to generate new brand components that capture
the majority of the relevant information. While developing a
machine learning-based security modeling, these new brand
components may help handle large dimensions of IoT secu-
rity data, such as IoT network traffic anomaly detection [58].
4.5 Deep Neural Network Learning‑based
Approaches
Deep learning (DL) is a subset of machine learning that
developed from the Artificial Neural Network (ANN),
which offers a computational architecture for learning
from data by combining multiple processing levels, such
13
Mobile Networks and Applications
as input, hidden, and output layers, into a single network
[54]. Thus deep learning techniques are also capable to learn
from IoT security data through these layers, and known as
hierarchical learning methods because of their knowledge
capturing nature in deep architecture. Deep learning out-
performs typical machine learning algorithms in a variety
of situations, especially when learning from huge security
datasets. Several IoT-based devices and their applications
or systems produce a large amount of security data in the
IoT environment; consequently, depending on the datasets,
DL approaches may deliver better results. Depending on the
characteristics and nature of the security data, different deep
learning architectures such as Multi-layer perceptron (MLP),
convolutional neural networks (CNN), recurrent neural net-
works (RNN), deep belief networks (DBN), or hybrid net-
works can be used to build IoT security modeling [113, 147],
as discussed below.
– Multilayer perceptron (MLP): A multilayer perceptron
(MLP), often known as a feedforward artificial neural
network, is the fundamental building block of deep learn-
ing algorithms. A typical MLP comprises an input layer,
one or more hidden layers of an output layer, and one or
more output layers. Each node in one layer is linked to
a certain weight in the next layer via a chain of connec-
tions. The weight values are updated internally by MLP
as the model is being developed via the backpropagation
process. Such MLP network is used to build an intrusion
detection model utilizing NSL-KDD dataset [45], mal-
ware analysis [66], to generate explanation in IoT envi-
ronments [47], detecting malicious botnet traffic from IoT
devices [63]. To perform a security threat analysis of the
IoT, MLP based network is used in [59], where the model
classifies the network data as normal or as under attack.
– Convolutional neural networks (CNN): The CNN [79]
improves on the traditional ANN design, which includes
convolutional layers, pooling layers, and fully connected
layers. Each of these levels takes into account optimized
parameters, reducing the complexity. CNN also employs
a dropout to address the problem of overfitting, which
can occur in the MLP network. It is commonly utilized
in numerous areas such as natural language processing,
audio analysis, picture processing, and other autocor-
related data in recent years because it takes advantage
of the two-dimensional (2D) structure of the input data.
CNN may also be used in the area of Internet of Things
(IoT) security. Using a CNN-based deep learning model
for intrusion detection, such as denial-of-service (DoS)
attacks [134], to detect malware [150], android mal-
ware detection [92]. Furthermore, an intrusion detection
model based on multi-CNN fusion may be utilized [83].
In the IoT environment, some innovative CNN-based
deep learning models with lightweight architecture could
Mobile Networks and Applications

reduce computations and provide higher performance
with constrained resources.
– Recurrent neural network (RNN): A recurrent neural
network (RNN) is another kind of ANN in which the
connections between nodes form a directed graph along
a temporal sequence. The RNN model, which is derived
from feedforward neural networks, can process variable-
length sequences of inputs by using their internal state,
or memory. It is possible to use the RNN model for IoT
security, as well as natural language processing and voice
recognition, because of its capacity to effectively handle
sequential data. Internet of Things (IoT) devices produce
a significant quantity of sequential data from several
sources, such as network traffic flows, time-dependent
data, and so on. When the behavior patterns of the threat
are time-dependent, using recurrent connections can help
neural networks detect security concerns. The reason for
this is that it contains a characteristic called Long Short
Term Memory (LSTM) that allows it to retain prior
inputs, making it a particularly helpful model for time
series prediction. Such an LSTM model-based recurrent
network can be used for several purposes in the domain
of security, such as intrusion detection [70], to detect and
classify the malicious apps [142] etc.
In addition to these deep learning models, hybrid network
models, such as the ensemble of classifiers, LSTM net-
work with the combination of CNN, can also be applied
for detecting IoT attacks, such as malware detection [150],
phishing, and Botnet attack detection and mitigation across
multiple IoT devices [101]. Other deep learning models,
such as a deep belief network (DBN) based security model,
may be used to IoT security[30, 108]. In our earlier paper
Sarker et al. [113], we have explored different types of deep
learning techniques with their taxonomy dividing into dis-
criminative for supervised tasks, generative for unsupervised
tasks, and hybrid techniques that can be used according to
the data characteristics. In Table 1, we have summarized how
various machine learning methods including deep learning
are used to solve various security issues in the domain of
IoT. Thus, we can infer that the above-mentioned machine or
deep learning techniques, as well as their variants or modi-
fied lightweight approaches, can play a significant role in
data-driven security analytics in the IoT environment.
5 Research Issues and Directions
Our study on the machine and deep learning-based security
solutions raises concerns in the area of IoT security. As a
consequence, in this section, we describe and analyze the
challenges that have been encountered, as well as possible
research possibilities and future directions for securing IoT
networks and systems.
The effectiveness and efficiency of a machine learning
or deep learning-based IoT security solution are primarily

Table 1  A summary of using machine learning techniques in IoT security

Used Technique Purpose References

SVM profiling abnormal behavior of IoT devices [80]

SVM detecting android malware for reliable IoT services [53]
RF to detect anomalies [28, 39]
RF to detect denial of service attack [41]
RF IoT intrusion detection service [96, 106]
NBC to detect anomalies [135]
LR to detect malicious IoT botnets [31, 104]
LR to predict the impact of an attack, such as worms, viruses, or other malicious software [62]
Regression Regularization to handle high dimensionality of IoT security data, to enhance security attacks analysis [52]
k-Means profiling the abnormal behavior of IoT devices [80]
fuzzy cluster IoT intrusion detection [86]
FP-tree To analyze IoT malware activities [100]
PCA handling high dimensions of IoT security data, IoT network traffic anomaly detection [58]
MLP detecting malicious botnet traffic from IoT devices [63]
MLP a security threat analysis of the IoT [59]
CNN denial-of-service attacks detection in IoT Networks [134]
CNN android malware detection [92]
multi-CNN intrusion detection [83]
LSTM-RNN to detect and classify the malicious apps [142]
LSTM+CNN to detect and mitigate phishing and Botnet attack across multiple IoT devices [101]

13

determined by the nature and features of the data, as well
as the learning algorithms’ performance. There are a vari-
ety of machine and deep learning techniques available to
evaluate data and extract insights, as detailed in Section 4.
As a result, choosing an appropriate learning algorithm
for the intended application in IoT security can be chal-
lenging. The reason behind this is that based on the data
qualities, the results of different learning algorithms may
vary [114, 123]. If the wrong learning algorithm is chosen,
unexpected results may occur, resulting in a loss of effort
as well as the model’s efficacy and accuracy. In the same
way, unnecessary IoT security data might result in garbage
processing and inaccurate outcomes. If the IoT data is bad,
such as non-representative, poor-quality, irrelevant attrib-
utes, or an inadequate quantity for training, machine or
deep learning security models may become worthless or
yield reduced accuracy, or they may even become worth-
less. Future research opportunities and directions in the
topic of IoT security include the following:
– In the world of IoT, gathering security data is not easy.
The dynamic characteristics of IoT, such as heterogene-
ity, covered briefly in Section 2, allows for the generation
of massive amounts of data at a high frequency from
various domains. Collecting security data in the IoT is
not a straightforward endeavor. For further analysis, it
is critical to gather and manage relevant IoT-generated
data for target applications, such as security in smart
city applications, to facilitate further investigation. As
a result, while working with IoT-generated data, a more
in-depth analysis of data gathering methods is required.
– Many ambiguous values, missing values, outliers, and
erroneous data may be discovered in historical or raw
IoT security data. The machine learning or deep learn-
ing methods presented in Section 4 in IoT security have
a significant impact on data quality and training avail-
ability, and hence on the IoT security model. As a result,
cleaning and preprocessing the various security data
generated in an IoT environment is a challenging task.
To effectively apply learning algorithms in the domain
of IoT security, improvement of current methods or the
development of new data preparation techniques are
expected.
– It is critical for an effective IoT security solution to
consider the constraints or capabilities of IoT devices
and systems where learning-based security models are
utilized, as addressed briefly in Section 4. As a conse-
quence, there should be a trade-off between security and
device capabilities in terms of data storage, computing,
data processing, and decision-making, and communica-
tion resources. Therefore, an in-depth investigation is
required to discover the most appropriate machine or
deep learning methods.
13
Mobile Networks and Applications
– Because of the huge amount of redundant processing,
the classical learning techniques outlined in Section 4
may not be directly applicable to IoT devices in various
circumstances. The association rule learning technique
[21], for example, in a rule-based system may extract
redundant generation from IoT security data, making the
decision-making process complex and ineffective [121].
As a result, a better understanding of the benefits and
limitations of existing learning methods is required, mak-
ing the development of new lightweight algorithms or
methods for IoT devices a challenging task.
– Compared to older patterns, a recent malicious behav-
ioral trend is more likely to be intriguing and signifi-
cant for forecasting or detecting attacks in IoT security.
As a result, rather than considering conventional data
analysis, the idea of recency analysis, i.e. current pattern-
based extracted insight or knowledge [116], may be more
appropriate in a variety of situations. Thus another dif-
ficult challenge is to propose new lightweight solutions
for IoT devices that take into consideration current data
patterns, and eventually to construct a recency-based IoT
security model.
In the above, within the scope of our learning-based study
in the area of IoT security, we have reviewed and explored
several research directions. Besides, incorporating context-
aware computing in IoT security could be another potential
research direction. In the context of IoT computing, con-
text-awareness typically refers to the capability of a system
to gather its surrounding information and adapt behaviors
accordingly. A wider sense of security contextual knowledge
[109, 120] can then be used to assess whether a suspicious
behavior occurs or not, such as temporal, spatial, individu-
ality, dependence, activity, or relationship between events
or interactions, etc. An approach might allow an end-user,
for example, to browse the network from within the office,
but refuse access if the end-user tries to connect to public
Wi-Fi. The design of adaptive security solutions based on
the principle of context-aware computing may therefore be
another research problem in the IoT security area.
6 Conclusion
In this paper, we have presented a comprehensive overview
of the literature on IoT security intelligence, which covers
the IoT paradigm, IoT-based smart environments, related
security concerns with machine learning solutions. We have
also reviewed the recent studies for IoT security to make
the position of this paper. A thorough study on the IoT sys-
tem architectures with its layer-wise cyber-attacks that are
needed to detect and protect the IoT devices and systems.
As a consequence, we have briefly explored how various
Mobile Networks and Applications

types of machine and deep learning approaches might be 12. Enronspam. Available online: https://labs-repos.iit.demokritos.
employed for security solutions in the IoT context. Depend- gr/skel/i-config/downloads/enron-spam/. Accessed 20 Oct 2019
13. The honeynet project. http://​w ww.​h oney​n et.​o rg/​chapt​e rs/​
ing on the data characteristics, a successful IoT security france/. Accessed 20 Oct 2019
model should have the appropriate machine or deep learning 14. Isot botnet dataset. https://​www.​uvic.​ca/​engin​eering/​ece/​isot/​
modeling. Before the system can assist in making intelligent datas​ets/​index.​php/. Accessed 20 Oct 2019
decisions, an effective learning algorithm must be developed 15. Lingspam. Available online: https://​labs-​repos.​iit.​demok​r itos.​
gr/​skel/i-​config/​downl​oads/​lings​pampu​blic.​t ar.​gz/. Accessed
using the obtained IoT security knowledge connected with 20 Oct 2019
the target application. 16. Microsoft malware classification (big 2015). Available online:
Finally, we have discussed and addressed the issues that arXiv:1802.10135. Accessed 20 Oct 2019
have arisen, as well as potential research directions and 17. Spamassassin. Available online: http://​www.​spama​ssass​in.​org/​
publi​ccorp​us/. Accessed 20 Oct 2019
future approaches that are based on learning techniques. As 18. Virusshare. Available online: http://virusshare.com/. Accessed
a result, the challenges that have been highlighted present 20 Oct 2019
promising research possibilities in the field, which must be 19. Virustotal. Available online: https://virustotal.com/. Accessed
addressed with effective solutions to enhance IoT security 20 Oct 2019
20. Agrawal R, Imieliński T, Swami A (1993) Mining association
over time. Overall, we believe that our study on machine and rules between sets of items in large databases. In: ACM SIG-
deep learning-based security solutions points in the direction MOD record, vol 22. ACM, pp 207–216
of a promising path and can be used as a reference guide for 21. Agrawal R, Srikant R, et al. (1994) Fast algorithms for mining
future IoT security research and implementations by aca- association rules. In: Proc. 20th int. conf. very large data bases,
VLDB, vol 1215. pp 487–499
demic and industry experts. 22. Aha DW, Kibler D, Albert MK (1991) Instance-based learning
algorithms. Machine Learning 6(1):37–66
Acknowledgements This Project was funded by the Deanship of Scien- 23. Ahmed E, Yaqoob I, Gani A, Imran M, Guizani M (2016)
tific Research (DSR), King Abdulaziz University, Jeddah, under Grant Internet-of-things-based smart environments: state of the art,
D-059-611-1443. The authors, therefore, gratefully acknowledge DSR taxonomy, and open research challenges. IEEE Wireless Com-
technical and financial support. munications 23(5):10–16
24. Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash
Declarations M (2015) Internet of things: A survey on enabling technolo-
gies, protocols, and applications. IEEE Communications Sur-
veys & Tutorials 17(4):2347–2376
Competing interests The authors declare that they have no competing 25. Al-Garadi MA, Mohamed A, Al-Ali A, Du X, Ali I, Guizani
interests. M (2020) A survey of machine and deep learning methods for
internet of things (IoT) security. IEEE Commun Surv Tutorials
26. Alaba FA, Othman M, Hashem IAT, Alotaibi F (2017) Internet
of things security: A survey. Journal of Network and Computer
Applications 88:10–28
References 27. Alazab M, Venkatraman S, Watters P, Alazab M, et al (2010)
Zero-day malware detection based on supervised learning algo-
1. Alexa top sites. Available online: https://aws.amazon.com/alexa- rithms of api call signatures
top-sites/. Accessed 20 Oct 2019 28. Alrashdi I, Alqazzaz A, Aloufi E, Alharthi R, Zohdy M, Ming
2. Bambenek consulting-master feeds. Available online: http://osint. H (2019) Ad-iot: Anomaly detection of iot cyberattacks in
bambenekconsulting.com/feeds/. Accessed 20 Oct 2019 smart city using machine learning. In: 2019 IEEE 9th annual
3. Caida anonymized internet traces 2008 dataset. https://www. computing and communication workshop and conference
caida.org/datapassive/passive-2008-dataset.xml/. Accessed 20 (CCWC). IEEE, pp 0305–0310
Oct 2019 29. Atzori L, Iera A, Morabito G (2010) The internet of things: A
4. Caida ddos attack 2007 dataset. http://www.caida.org/data/ pas- survey. Computer networks 54(15):2787–2805
sive/ddos-20070804-dataset.xml/. Accessed 20 Oct 2019 30. Balakrishnan N, Rajendran A, Pelusi D, Ponnusamy V (2019)
5. Canadian institute of cybersecurity, university of new brun- Deep belief network enhanced intrusion detection system to
swick, iscx dataset. http://www.unb.ca/cic/datasets/index.html/. prevent security breach in the internet of things. Internet of
Accessed 20 Oct 2019 Things:100112
6. Cic-ddos2019 [online]. Available: https://www.unb.ca/cic/data- 31. Bapat R, Mandya A, Liu X, Abraham B, Brown DE, Kang H,
sets/ddos-2019.html/. Accessed 28 March 2020 Veeraraghavan M (2018) Identifying malicious botnet traffic
7. Comodo. Available online: https://www.comodo.com/home/ using logistic regression. In: 2018 systems and information
internet-security/updates/vdp/database.php. Accessed 20 Oct engineering design symposium (SIEDS). IEEE, pp 266–271
2019 32. Bélissent J et al (2010) Getting clever about smart cities: New
8. Contagio. Available online: http://contagiodump.blogspot.com/. opportunities require new business models. Cambridge, Mas-
Accessed 20 Oct 2019 sachusetts, USA 193:244–77
9. Cse-cic-ids2018 [online]. Available: https://www.unb.ca/cic/ 33. Bilge L, Dumitraş T (2012) Before we knew it: an empirical
datasets/ids-2018.html/. Accessed 20 Oct 2019 study of zero-day attacks in the real world. In: Proceedings of
10. The ctu-13 dataset. Available online: https://stratosphereips.org/ the 2012 ACM conference on Computer and communications
category/datasets-ctu13. Accessed 20 Oct 2019 security. ACM, pp 833–844
11. Dgarchive. Available online: https://​dgarc​hive.​caad.​fkie.​fraun​
hofer.​de/​site/. Accessed 20 Oct 2019

13

34. Bolic M, Rostamian M, Djuric PM (2015) Proximity detection
with rfid: A step toward the internet of things. IEEE Pervasive
Computing 14(2):70–76
35. Bonomi F, Milito R, Natarajan P, Zhu J (2014) Fog comput-
ing: A platform for internet of things and analytics. In: Big
data and internet of things: A roadmap for smart environments.
Springer, pp 169–186
36. Bradley J, Loucks J, Macaulay J, Noronha A (2013) Internet
of everything (ioe) value index. White Paper CISCO and/or its
affiliates
37. Breiman L (2001) Random forests. Machine Learning
45(1):5–32
38. Chaabouni N, Mosbah M, Zemmari A, Sauvignac C, Faruki P
(2019) Network intrusion detection for IoT security based on
learning techniques. IEEE Communications Surveys & Tutorials
21(3):2671–2701
39. Chang Y, Li W, Yang Z (2017) Network intrusion detection based
on random forest and support vector machine. In: 2017 IEEE
international conference on computational science and engineer-
ing (CSE) and IEEE international conference on embedded and
ubiquitous computing (EUC), vol 1. IEEE, pp 635–638
40. Das A, Ng W-K, Woon Y-K (2001) Rapid association rule min-
ing. In: Proceedings of the tenth international conference on
Information and knowledge management. ACM, pp 474–481
41. Doshi R, Apthorpe N, Feamster N (2018) Machine learning ddos
detection for consumer internet of things devices. In: 2018 IEEE
security and privacy workshops (SPW). IEEE, pp 29–35
42. Dua S, Du X (2016) Data mining and machine learning in cyber-
security. CRC Press, Boca Raton
43. Elrawy MF, Awad AI, Hamed HFA (2018) Intrusion detection
systems for iot-based smart environments: a survey. Journal of
Cloud Computing 7(1):21
44. Flach PA, Lachiche N (2001) Confirmation-guided discovery of
first-order rules with tertius. Machine Learning 42(1–2):61–95
45. De Almeida Florencio F, Moreno ED, Macedo HT, Salgueiro
RJ, Do Nascimento FB, Santos FA (2018) Intrusion detection via
mlp neural network using an arduino embedded system. In: 2018
VIII Brazilian symposium on computing systems engineering
(SBESC). IEEE, pp 190–195
46. Freund Y, Schapire RE, et al (1996) Experiments with a new
boosting algorithm. In: ICML, vol 96. Citeseer, pp 148–156
47. García-Magariño I, Muttukrishnan R, Lloret J (2019) Human-
centric AI for trustworthy IoT systems with explainable multi-
layer perceptrons. IEEE Access 7:125562–125574
48. Glasser J, Lindauer B (2013) Bridging the gap: A pragmatic
approach to generating insider threat data. In: 2013 IEEE secu-
rity and privacy workshops. IEEE, pp 98–104
49. Gratian M, Bandi S, Cukier M, Dykstra J, Ginther A (2018)
Correlating human traits and cyber security behavior intentions.
Computers & Security 73:345–358
50. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of
things (IoT): A vision, architectural elements, and future direc-
tions. Future Generation Computer Systems 29(7):1645–1660
51. Gupta BB, Tewari A, Jain AK, Agrawal DP (2017) Fighting
against phishing attacks: state of the art and future challenges.
Neural Computing and Applications 28(12):3629–3654
52. Hagos DH, Yazidi A, Kure Ø, Engelstad PE (2017) Enhanc-
ing security attacks analysis using regularized machine learn-
ing techniques. In: 2017 IEEE 31st international conference on
advanced information networking and applications (AINA).
IEEE, pp 909–918
53. Ham H-S, Kim H-H, Kim M-S, Choi M-J (2014) Linear svm-
based android malware detection for reliable IOT services. J
Appl Math:2014
54. Han J, Pei J, Kamber M (2011) Data mining: concepts and tech-
niques. Elsevier, New York
13
Mobile Networks and Applications
55. Han J, Pei J, Yin Y (2000) Mining frequent patterns without
candidate generation. In: ACM sigmod record, vol 29. ACM, pp
1–12
56. Hassan WH et al (2019) Current research on internet of things
(IoT) security: A survey. Computer Networks 148:283–294
57. Hassija V, Chamola V, Saxena V, Jain D, Goyal P, Sikdar B
(2019) A survey on IoT security: application areas, security
threats, and solution architectures. IEEE Access 7:82721–82743
58. Hoang DH, Nguyen HD (2018) A PCA-based method for IoT
network traffic anomaly detection. In: 2018 20th international
conference on advanced communication technology (ICACT).
IEEE, pp 381–386
59. Hodo E, Bellekens X, Hamilton A, Dubouilh P-L, Iorkyase E,
Tachtatzis C, Atkinson R (2016) Threat analysis of iot networks
using artificial neural network intrusion detection system. In:
2016 international symposium on networks, computers and com-
munications (ISNCC). IEEE, pp 1–6
60. Houtsma M, Swami A (1995) Set-oriented mining for associa-
tion rules in relational databases. In: Proceedings of the eleventh
international conference on data engineering, 1995. IEEE, pp
25–33
61. Hussain F, Hussain R, Hassan SA, Hossain E (2020) Machine
learning in IoT security: current solutions and future challenges.
IEEE Commun Surv Tutorials
62. Jaganathan V, Cherurveettil P, Sivashanmugam PM (2015) Using
a prediction model to manage cyber security threats. The Scien-
tific World Journal, 2015
63. Javed Y, Rajabi N (2019) Multi-layer perceptron artificial neural
network based IoT botnet traffic classification. In: Proceedings of
the future technologies conference. Springer, pp 973–984
64. Jing X, Yan Z, Jiang X, Pedrycz W (2019) Network traffic fusion
and analysis against ddos flooding attacks with a novel reversible
sketch. Information Fusion 51:100–113
65. John GH, Langley P (1995) Estimating continuous distributions
in bayesian classifiers. In: Proceedings of the Eleventh confer-
ence on Uncertainty in artificial intelligence. Morgan Kaufmann
Publishers Inc., pp 338–345
66. Karbab EB, Debbabi M, Derhab A, Mouheb D (2018) Maldozer:
Automatic framework for android malware detection using deep
learning. Digital Investigation 24:S48–S59
67. Keerthi SS, Shevade SK, Bhattacharyya C, Murthy KRK (2001)
Improvements to platt’s smo algorithm for svm classifier design.
Neural Computation 13(3):637–649
68. Khan MA, Salah K (2018) Iot security: Review, blockchain solu-
tions, and open challenges. Future Generation Computer Systems
82:395–411
69. Khan R, Khan S, Zaheer R, Khan S (2012) Future internet: The
internet of things architecture, possible applications and key
challenges. In: 2012 10th international conference on frontiers
of information technology. IEEE, Islamabad, pp 257–260
70. Kim J, Kim J, Thu HLT, Kim H (2016) Long short term memory
recurrent neural network classifier for intrusion detection. In:
2016 international conference on platform technology and ser-
vice (PlatCon). IEEE, pp 1–5
71. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019)
Towards the development of realistic botnet dataset in the inter-
net of things for network forensic analytics: Bot-iot dataset.
Future Generation Computer Systems 100:779–796
72. Krčo S, Pokrić B, Carrez F (2014) Designing IoT architecture (s):
A european perspective. In: 2014 IEEE World forum on internet
of things (WF-IoT). IEEE, pp 79–84
73. Kügler D (2003) “man in the middle” attacks on bluetooth. In:
International conference on financial cryptography. Springer, pp
149–161
74. Kumar R, Xiaosong Z, Khan RU, Kumar J, Ahad I (2018)
Effective and explainable detection of android malware based
Mobile Networks and Applications
on machine learning algorithms. In: Proceedings of the 2018
international conference on computing and artificial intelligence.
ACM, pp 35–40
75. Kumar SA, Vealey T, Srivastava H (2016) Security in internet of
things: Challenges, solutions and future directions. In: 2016 49th
Hawaii international conference on system sciences (HICSS).
IEEE, pp 5772–5781
76. Lalou M, Kheddouci H, Hariri S (2017) Identifying the cyber
attack origin with partial observation: a linear regression based
approach. In: 2017 IEEE 2nd international workshops on foun-
dations and applications of self* systems (FAS* W). IEEE, pp
329–333
77. Landauer M, Skopik F, Wurzenberger M, Rauber A (2020) Sys-
tem log clustering approaches for cyber security applications: A
survey. Computers & Security 92:101739
78. Le Cessie S, Van Houwelingen JC (1992) Ridge estimators in
logistic regression. Journal of the Royal Statistical Society:
Series C (Applied Statistics) 41(1):191–201
79. LeCun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based
learning applied to document recognition. Proceedings of the
IEEE 86(11):2278–2324
80. Lee S-Y, Wi S-R, Seo E, Jung J-K, Chung T-M (2017) Profiot:
Abnormal behavior profiling (abp) of IoT devices based on a
machine learning approach. In: 2017 27th international telecom-
munication networks and applications conference (ITNAC).
IEEE, pp 1–6
81. Li S, Da Xu L (2017) Securing the internet of things. Syngress
82. Li S, Da Xu L, Zhao S (2015) The internet of things: a survey.
Information Systems Frontiers 17(2):243–259
83. Li Y, Xu Y, Liu Z, Hou H, Zheng Y, Xin Y, Zhao Y, Cui L (2020)
Robust detection for network intrusion of industrial IoT based on
multi-CNN fusion. Measurement 154:107450
84. Lindauer B, Glasser J, Rosen M, Wallnau KC, ExactData L
(2014) Generating test data for insider threat detectors. JoWUA
5(2):80–94
85. Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR,
McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham
RK, et al. (2000) Evaluating intrusion detection systems: The
1998 darpa off-line intrusion detection evaluation. In: Proceed-
ings DARPA information survivability conference and exposi-
tion. DISCEX’00, vol 2. IEEE, pp 12–26
86. Liu L, Xu B, Zhang X, Wu X (2018) An intrusion detection
method for internet of things based on suppressed fuzzy cluster-
ing. EURASIP Journal on Wireless Communications and Net-
working 2018(1):113
87. Lu Y, Da Xu L (2018) Internet of things (IoT) cybersecurity
research: A review of current research topics. IEEE Internet of
Things Journal 6(2):2103–2115
88. Liu B, Hsu W, Ma Y (1998) Integrating classification and asso-
ciation rule mining. In: Proceedings of the fourth international
conference on knowledge discovery and data mining
89. Ma Z, Xiao M, Xiao Y, Pang Z, Poor HV, Vucetic B (2019) High-
reliability and low-latency wireless communication for internet
of things: challenges, fundamentals, and enabling technologies.
IEEE Internet of Things Journal 6(5):7946–7970
90. MacQueen J (1967) Some methods for classification and analysis
of multivariate observations. In: Fifth Berkeley symposium on
mathematical statistics and probability, vol 1
91. Mahmoud R, Yousuf T, Aloul F, Zualkernan I (2015) Internet
of things (IoT) security: Current status, challenges and prospec-
tive measures. In: 2015 10th international conference for inter-
net technology and secured transactions (ICITST). IEEE, pp
336–341
92. McLaughlin N, Martinez del Rincon J, Kang B, Yerima S, Miller
P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupé A, et al (2017)
Deep android malware detection. In: Proceedings of the seventh
ACM on conference on data and application security and privacy.
pp 301–308
93. Minerva R, Biru A, Rotondi D (2015) Towards a definition of the
internet of things (IoT). IEEE Internet Initiative 1(1):1–86
94. Minoli D, Occhiogrosso B (2018) Blockchain mechanisms for
IoT security. Internet of Things 1:1–13
95. Moganedi S (2018) Undetectable data breach in iot: Healthcare
data at risk. In: ECCWS 2018 17th european conference on cyber
warfare and security V2. Academic Conferences and publishing
limited, p 296
96. Mohamed T, Otsuka T, Ito T (2018) Towards machine learning
based iot intrusion detection service. In: International conference
on industrial, engineering and other applications of applied intel-
ligent systems. Springer, pp 580–585
97. Moustafa N. Slay J (2015) Unsw-nb15: a comprehensive data set
for network intrusion detection systems (unsw-nb15 network data
set). In: 2015 military communications and information systems
conference (MilCIS). IEEE, pp 1–6
98. Muhammad F, Anjum W, Mazhar KS (2015) A critical analysis
on the security concerns of internet of things (IoT). International
Journal of Computer Applications 111(7):1–6
99. Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani
N (2019) Demystifying IoT security: an exhaustive survey on
IoT vulnerabilities and a first empirical look on internet-scale
IoT exploitations. IEEE Communications Surveys & Tutorials
21(3):2702–2733
100. Ozawa S, Ban T, Hashimoto N, Nakazato J, Shimamura J (2020)
A study of IoT malware activities using association rule learn-
ing for darknet sensor data. International Journal of Information
Security 19(1):83–92
101. La Torre Parra GD, Rad P, Choo K-KR, Beebe N (2020) Detect-
ing internet of things attacks using distributed deep learning. J
Netw Comput Appl:102662
102. Pour MS, Bou-Harb E, Varma K, Neshenko N, Pados DA, Choo
K-KR (2019) Comprehending the IoT cyber threat landscape: A
data dimensionality reduction technique to infer and character-
ize internet-scale IoT probing campaigns. Digital Investigation
28:S40–S49
103. Primartha R, Tama BA (2017) Anomaly detection using random
forest: A performance revisited. In: 2017 International confer-
ence on data and software engineering (ICoDSE). IEEE, pp 1–6
104. Prokofiev AO, Smirnova YS, Surov VA (2018) A method to
detect internet of things botnets. In: 2018 IEEE conference of
russian young researchers in electrical and electronic engineering
(EIConRus). IEEE, pp 105–108
105. Quinlan JR (1993) C4.5: Programs for machine learning. Mach
Learn
106. Resende PAA, Drummond AC (2018) A survey of random forest
based methods for intrusion detection systems. ACM Computing
Surveys (CSUR) 51(3):1–36
107. Rokach L (2010) A survey of clustering algorithms. In: Data min-
ing and knowledge discovery handbook. Springer, pp 269–298
108. Saeed A, Ahmadinia A, Javed A, Larijani H (2016) Intelligent
intrusion detection in low-power IoTs. ACM Transactions on
Internet Technology (TOIT) 16(4):1–25
109. Sarker IH (2019) Context-aware rule learning from smartphone
data: survey, challenges and future directions. Journal of Big
Data 6(1):95
110. Sarker IH (2019) A machine learning based robust predic-
tion model for real-life mobile phone data. Internet of Things
5:180–193
111. Sarker IH (2021) Data science and analytics: An overview from
data-driven smart computing, decision-making and applications
perspective. SN Comput Sci
13

112. Sarker IH (2021) Deep cybersecurity: a comprehensive overview
from neural network and deep learning perspective. SN Com-
puter Science 2(3):1–16
113. Sarker IH (2021) Deep learning: A comprehensive overview on
techniques, taxonomy, applications and research directions. SN
Comput Sci
114. Sarker IH (2021) Machine learning: Algorithms, real-world
applications and research directions. SN Computer Science
2(3):1–21
115. Sarker IH, Abushark YB, Alsolami F, Khan AI (2020) Intrudtree:
A machine learning based cyber security intrusion detection
model. Symmetry 12(5):754
116. Sarker IH, Colman A, Han J (2019) Recencyminer: mining
recency-based personalized behavior from contextual smart-
phone data. Journal of Big Data 6(1):49
117. Sarker IH, Colman A, Han J, Khan AI, Abushark YB, Salah
K (2020) Behavdt: a behavioral decision tree learning to build
user-centric context-aware predictive model. Mobile Networks
and Applications 25(3):1151–1161
118. Sarker IH, Colman A, Kabir MA, Han J (2018) Individualized
time-series segmentation for mining mobile phone user behavior.
The Computer Journal 61(3):349–368
119. Sarker IH, Furhad MdH, Nowrozy R (2021) Ai-driven cyberse-
curity: an overview, security intelligence modeling and research
directions. SN Computer Science 2(3):1–18
120. Sarker IH, Hoque MM, Uddin MdK, Alsanoosy T (2020) Mobile
data science and intelligent apps: Concepts, AI-based modeling
and research directions. Mob Netw Appl:1–19
121. Sarker IH, Kayes ASM (2020) Abc-ruleminer: User behavioral
rule-based machine learning method for context-aware intelli-
gent services. Journal of Network and Computer Applications
168:102762
122. Sarker IH, Kayes ASM, Badsha S, Alqahtani H, Watters P, Ng
A (2020) Cybersecurity data science: an overview from machine
learning perspective. Journal of Big Data 7(1):1–29
123. Sarker IH, Kayes ASM, Watters P (2019) Effectiveness analysis
of machine learning classification models for predicting per-
sonalized context-aware smartphone usage. Journal of Big Data
6(1):57
124. Schaffers H, Komninos N, Pallot M, Trousse B, Nilsson M,
Oliveira A (2011) Smart cities and the future internet: Towards
cooperation frameworks for open innovation. In: The future inter-
net assembly. Springer, Berlin, Heidelberg, pp 431–446
125. Sellappan D, Srinivasan R (2020) Association rule-mining-based
intrusion detection system with entropy-based feature selection:
Intrusion detection system. In: Handbook of research on intel-
ligent data processing and information security systems. IGI
Global, pp 1–24
126. Sharma V, Lee K, Kwon S, Kim J, Park H, Yim K, Lee S-Y
(2017) A consensus framework for reliability and mitigation of
zero-day attacks in IoT. Secur Commun Netw:2017
127. Shaw A (2009) Data breach: from notification to prevention using
PCI DSS. Colum JL & Soc Probs 43:517
128. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward
developing a systematic approach to generate benchmark datasets
for intrusion detection. Computers & Security 31(3):357–374
129. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Secu-
rity, privacy and trust in internet of things: The road ahead. Com-
puter networks 76:146–164
130. Ślusarczyk B (2018) Industry 4.0: Are we ready? Pol J Manag
Stud:17
131. Sneath PHA (1957) The application of computers to taxonomy.
J Gen Microbiol 17(1)
132. Sorensen T (1948) method of establishing groups of equal ampli-
tude in plant sociology based on similarity of species. Biol Skr:5
13
Mobile Networks and Applications
133. Sundmaeker H, Guillemin P, Friess P, Woelfflé S (2010) Vision
and challenges for realising the internet of things. Cluster of
European Research Projects on the Internet of Things, European
Commision 3(3):34–36
134. Susilo B, Sari RF (2020) Intrusion detection in IoT networks
using deep learning algorithm. Information 11(5):279
135. Swarnkar M, Hubballi N (2016) Ocpad: One class naive bayes
classifier for payload based anomaly detection. Expert Systems
with Applications 64:330–339
136. Taherkordi A, Eliassen F (2016) Scalable modeling of cloud-
based iot services for smart cities. In: 2016 IEEE international
conference on pervasive computing and communication work-
shops (PerCom Workshops). IEEE, pp 1–6
137. Tahsien SM, Karimipour H, Spachos P (2020) Machine learning
based solutions for security of internet of things (IoT): A survey.
Journal of Network and Computer Applications 161:102630
138. Tajbakhsh A, Rahmati M, Mirzaei A (2009) Intrusion detec-
tion using fuzzy association rules. Applied Soft Computing
9(2):462–469
139. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed
analysis of the KDD cup 99 data set. In: 2009 IEEE symposium
on computational intelligence for security and defense applica-
tions. IEEE, pp 1–6
140. Tewari A, Gupta BB (2020) Security, privacy and trust of differ-
ent layers in internet-of-things (IoTs) framework. Future Genera-
tion Computer Systems 108:909–920
141. Thiesse F, Michahelles F (2006) An overview of EPC technology.
Sensor Review 26(2):101–105
142. Vinayakumar R, Soman KP, Poornachandran P (2017) Deep
android malware detection and classification. In: 2017 Interna-
tional conference on advances in computing, communications
and informatics (ICACCI). IEEE, pp 1677–1683
143. Welbourne E, Battle L, Cole G, Gould K, Rector K, Raymer S,
Balazinska M, Borriello G (2009) Building the internet of things
using rfid: the rfid ecosystem experience. IEEE Internet Comput-
ing 13(3):48–55
144. Witten IH, Frank E, Trigg LE, Hall MA, Holmes G, Cunningham
SJ (1999) Weka: Practical machine learning tools and techniques
with java implementations
145. Xiao L, Wan X, Lu X, Zhang Y, Wu D (2018) Iot security
techniques based on machine learning: How do IoT devices
use AI to enhance security? IEEE Signal Processing Magazine
35(5):41–49
146. Xie M, Hu J, Yu X, Chang E (2015) Evaluating host-based
anomaly detection systems: Application of the frequency-based
algorithms to adfa-ld. In: International conference on network
and system security. Springer, pp 542–549
147. Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H,
Wang C (2018) Machine learning and deep learning methods for
cybersecurity. IEEE Access 6:35365–35381
148. Xu D, Tian Y (2015) A comprehensive survey of clustering algo-
rithms. Annals of Data Science 2(2):165–193
149. Xu Q, Ren P, Song H, Du Q (2016) Security enhancement for
IoT communications exposed to eavesdroppers with uncertain
locations. IEEE Access 4:2840–2853
150. Yan J, Qi Y, Rao Q (2018) Detecting malware with an ensem-
ble method based on deep neural network. Secur Commun
Netw:2018
151. Zago M, Pérez MG, Pérez GM (2020) Umudga: A dataset for
profiling algorithmically generated domain names in botnet
detection. Data in Brief:105400
152. Zaki MJ (2000) Scalable algorithms for association min-
ing. IEEE Transactions on Knowledge and Data Engineering
12(3):372–390
153. Zhang Z-K, Cho MCY, Wang C-W, Hsu C-W, Chen C-K,
Shieh S (2014) Iot security: ongoing challenges and research
Mobile Networks and Applications
opportunities. In: 2014 IEEE 7th international conference on
service-oriented computing and applications. IEEE, pp 230–234
154. Zhou W, Jia Y, Peng A, Zhang Y, Liu P (2018) The effect of IoT
new features on security and privacy: New threats, existing solu-
tions, and challenges yet to be solved. IEEE Internet of Things
Journal 6(2):1606–1616
155. Zhou Y, Jiang X (2012) Dissecting android malware: Characteri-
zation and evolution. In: 2012 IEEE symposium on security and
privacy. IEEE, pp 95–109
156. Zhou Z-J, Hu G-Y, Hu C-H, Wen C-L, Chang L-L (2019) A
survey of belief rule-base expert system. IEEE Trans Syst Man
Cybern Syst
13