Threat Analysis and Prediction in IoT Devices using Machine Learning

Chapter one

Introduction

Brendan O'Brien astutely observed, ”If you think the Internet has changed your life, think again.
The Internet of Things is about to change it all over again!”. This is indeed the case, as the
Internet of Things (IoT) has heralded unprecedented connectivity. The advancements in sensor
technology, wireless communication, and data analytics have spurred an exponential increase
in connected devices. This influx of connectivity, brought about by integrating IoT into various
industries, cities, and households, promotes unmatched efficiency and convenience. As the
backbone of IoT, sensors and actuators acquire and convert data from the physical world into
digital signals. These compact devices amass a diverse range of data, thereby enabling real-time
monitoring and control of numerous systems and processes (Aldhaheri et al., 2023).

However, the rapid proliferation and extensive integration of IoT devices into everyday life have
ushered in various security challenges. These issues must be robustly addressed to ensure the
safety and reliability of this expanding ecosystem. The sheer volume and variety of IoT devices
and their often inconsistent security features and protocols engender a fragmented
environment teeming with potential attack vectors. IoT devices frequently prioritize low cost
and user simplicity over security, making them susceptible to breaches and exploitation. As a
result, these devices are at risk of various cyber threats, including data breaches, Distributed
Denial-of-Service (DDoS) attacks, and malware infections. Any security breach in these devices
could significantly compromise privacy and crucial infrastructure systems, given the sensitive
nature of the data they handle. Moreover, IoT devices, potentially serving as entry points,
might allow attackers to infiltrate broader networks, amplifying the potential impact of security
breaches. Another primary concern is the security of communication routes between IoT
devices and networks, as many IoT devices utilize wireless communication protocols susceptible
to interception or manipulation. These vulnerabilities can be exacerbated by the resource
constraints of specific IoT devices, which prevent them from adopting contemporary encryption
and authentication techniques. Furthermore, the long lifespan and widespread deployment of
IoT devices compound the difficulty of managing security upgrades and patches, as many
devices may not receive regular updates or may be difficult to access for maintenance. This
could lead to an increased number of outdated or vulnerable devices, further exacerbating
security concerns (Chawla et al., 2020).

Given the aforementioned security challenges, machine learning (ML) has surfaced as a potent
instrument for fortifying and advancing IoT security. The escalating complexity in IoT
ecosystems necessitates more sophisticated security systems. ML can supply the requisite
intelligence by employing intricate algorithms and insights from gathered data. It achieves this
by discerning patterns, identifying anomalies, and forecasting potential threats in real-time.
This capability enables a preemptive response to vulnerabilities and intrusions (Al-Taleb and
Saqib, 2022).

A salient application of machine learning in IoT security is anomaly detection. By scrutinizing

their behavior, ML algorithms study the typical operational patterns of IoT devices, networks,
and communication channels. Establishing a benchmark for normal behavior enables these
algorithms to swiftly pinpoint deviations or abnormal activities, thereby flagging them as
potential security risks. This methodology allows for early detection and response to
cyberattacks such as DDoS or malware infections, preventing substantial damage (Hussain et
al., 2020).

Signature-based detection is another prevalent method that can be ameliorated by integrating

ML algorithms. This approach relies on identifying known patterns or signatures of malevolent
activities or malware, forming a crucial first line of defense against recognized cyber threats. By
automating the signature generation and updates process, machine learning can significantly
enhance the effectiveness of signature-based detection. As new threats surface and evolve, ML
algorithms can scrutinize vast malware sample repositories, extracting unique patterns and
characteristics to generate and dynamically update signatures. Consequently, security systems
can stay abreast of the evolving threat landscape, fostering a more robust defense against
known and emerging threats (Waheed et al., 2020).

Furthermore, ML can assist in analyzing vast volumes of data generated by IoT devices. This
allows security professionals to discern hidden correlations, identify trends, and anticipate
future threats. Consequently, organizations can make informed decisions based on data and
allocate resources more judiciously, bolstering their security. Integrating machine learning into
IoT security operations is a robust ally, aiding in tackling the aforementioned challenges and
vulnerabilities. This partnership has further contributed to the evolution of a more secure and
resilient IoT landscape, thereby safeguarding our progressively interconnected world (Pandey,
2017).

The paper encompasses the introduction, discussing the IoT, IoT security, and the integration of
ML into IoT security. This section also clearly outlines the contributions of our paper. Section II
offers a summary of recent works that are relevant to ML-based cyber threat detection. Section
III overviews current trends applied to IoT security, showcasing specific examples and case
studies. In Section IV, we delve into numerous ML methods and techniques, evaluating them
based on their recent implementations as illustrated in various research papers. Section V
provides an in-depth examination and comparison of different cyber threat detection methods.
Section VI discusses the open challenges that warrant attention. Lastly, Section presents the
future vision of ML for Cyber Security in IoT environments, and Section VIII offers a summary of
the survey and concludes the paper with final remarks (Strecker et al., 2021).

Therefore, this essay critically examines everything published in 2019–2023. In this study, we
classify existing IDSs in the IoT, assess several intrusion detection methods, and summarize our
findings. Moreover, many researchers struggle to locate comprehensive and trustworthy
datasets to test and evaluate their proposed approaches, which is a significant problem in and
of itself. To test the efficacy of such methods, we need publicly available datasets that include
both benign and numerous attacks, meet real-world requirements, and are reliable (Moh and
Raju, 2018)

The present study investigates existing and prospective strategies for protecting IoT systems
from extensive attacks. To achieve this objective, it is imperative to comprehend IoT systems
comprehensively, examine past instances of extensive attacks that have disrupted IoT systems,
and evaluate the diverse approaches researchers have suggested or executed to protect them
subject of systematic, in-depth study. Therefore, this essay critically examines everything
published in 2019–2023. In this study, we classify existing IDSs in the IoT, assess several
intrusion detection methods, and summarize our findings. Moreover, many researchers
struggle to locate comprehensive and trustworthy datasets to test and evaluate their proposed
approaches, which is a significant problem in and of itself. To test the efficacy of such methods,
we need publicly available datasets that include both benign and numerous attacks, meet real-
world requirements, and are reliable (Aldhaheri et al., 2023)

The present study investigates existing and prospective strategies for protecting IoT systems
from extensive attacks. To achieve this objective, it is imperative to comprehend IoT systems
comprehensively, examine past instances of extensive attacks that have disrupted IoT systems,
and evaluate the diverse approaches researchers have suggested or executed to protect them
study, we classify existing IDSs in the IoT, assess several intrusion detection methods, and
summarize our findings. Moreover, many researchers struggle to locate comprehensive and
trustworthy datasets to test and evaluate their proposed approaches, which is a significant
problem in and of itself. To test the efficacy of such methods, we need publicly available
datasets that include both benign and numerous attacks, meet real-world requirements, and
are reliable study, we classify existing IDSs in the IoT, assess several intrusion detection
methods, and summarize our findings. Moreover, many researchers struggle to locate
comprehensive and trustworthy datasets to test and evaluate their proposed approaches,
which is a significant problem in and of itself. To test the efficacy of such methods, we need
publicly available datasets that include both benign and numerous attacks, meet real-world
requirements, and are reliable (Bagaa et al., 2020).

The term "Internet of Things" refers to a broad category of technology solutions and
meaningful objects that interact with one another online, in addition to the big data that all
objects produce. Automation, intellectual equipment in home automation, and essential
infrastructure are all examples of IoT device equipment with various uses and complexity. IoT
devices were created to improve safety and convenience among many facets of a person's life.
In addition to greater comfort, the IoT introduces new cybersecurity-related issues and
difficulties. The characteristics of a setting affect the security problems underlying the IoT
infrastructure. An IoT framework is a potential IoT ecosystem component consisting of
collections of advanced technologies with the same or equivalent technical specifications. If a
specific device is vulnerable, such homogeneity magnifies the consequence (Das et al., 2021).

A multi-stage cyber-attack is precisely what its name suggests: A cyber-attack that takes place in
steps instead of an instantaneous attack. When a resource's integrity, confidentiality, or
availability is compromised by an incursion, it is considered an intrusion. Intrusion detection
systems are the first line of defence in crucial IoT networks. Anomalies in network traffic or
signatures help them identify known threats. Security alarms are growing at an exponential rate
as network traffic increases. However, sophisticated attacks elude IoT security systems by
carrying out each attack step individually and dividing the attack into many consequential
segments. As a result, modern cyberattacks are becoming more accurate, distributed and large-
scale. Undetected cyberattacks can have devastating consequences. To secure vital resources
now or in the future, a description and projection of the attack and documentation of the
attacker's behaviour are helpful (Hodo et al., 2016).

Similarly, a multi-stage cyber attack on an organization may include using a rogue employee
who first recons for weaknesses in the network defences and might use his position within the
organization to drop a malware payload that is activated at a reasonable time. The utilization of
risky web servers, like telnet servers and File Transfer Protocols (FTP) servers, along with
security flaws in devices and access control lists, are critical problems. Security flaws with
policies and procedures employed by the communications infrastructure are also an issue. Even
highly specialized vulnerable IoT equipment with resource constraints can be leveraged to track
and collect information on the IoT to utilize crucially. As a result, the entire IoT infrastructure
may be severely harmed by flaws in the protocols used by the IoT application. Depending on
the ecosystems the vulnerable connected systems perform in, such effects' amid the challenges
vary (Mishra et al., 2022).

A supervised learning framework with a better classification performance than numerous

different classification algorithms, but its application is restricted due to the extended training
times required for massive data sets. Various feature selection methods are combined with
SVM to acquire reduced dimensional statistics. A classification model needs minimal training
time as just an outcome. An ideal set of characteristics is chosen using feature selection before
constructing a model. A particular feature selection algorithm is used in the feature selection
phase to assess the ranking of each possible characteristic, and the finest "k" characteristics are
then determined. This process involves creating a ranked list of features from which a subset of
factors can be chosen using various specific requirements. One of the most prevalent statistical
methods is the CHAID, which forecasts imbalance from the predicted allocation if the feature
occurrence is not highly dependent upon that categorical variable (Javeed et al., 2020)

The performance of Smart IoT devices can be altered mainly by device manufacturing
companies even without the customer's consent by changing the device's custom firmware, a
significant IoT cyber threat hazard. It adds new security vulnerabilities that could enable the IoT
device to accomplish unpleasant activities on the client device, like secretly capturing
confidential user information and even inadequately altering capabilities (Gupta et al., 2020).

This work proposes an IoT cybersecurity threat detection model that utilizes a multi-class SVM
algorithm and CHAID feature screening for high precision, lower false positives, and optimistic
factors. The proposed model optimizes a kernel parameter by calculating the variance for each
attribute feature and determining the highest attribute variance. A high conflict will lead to a
better kernel parameter if the kernel and variance are inversely related (Grover et al., 2020)
We have seen industries evolve from manufacturing just theproductsto building thenetwork of
productsknown as theInternet of Things(IoT), and eventually creating an intelligentnetwork of
productsproviding various, invaluable online service, two devices are connected to the Internet
every 3 minutes. This connectivity and the exponential growth of IoT devices have resulted in
an increased amount of network traffic. Due to this connectivity, challenges like security and
privacy of user data and verification and authentication of devices, have arisen. For example,
hackers compromised one billion Yahoo accounts in 2013. In 2014, 145 million eBay users were
under attack. Following the increasing trend of attacks, in 2017, 143 million customers from
Equifax had their personal information stolen. Similarly, a five billion dollar toy industry in 2017
had their 820,000 client accounts compromised. It also included over two million voice
recordings, out of which a few were held for ransom. The recent cyber history is full of
cybersecurity disasters, from massive data breaches to security flaws in billions of microchips
and computer system lockdowns until a payment was made. There are a plethora of security
and privacy challenges for IoT devices, which are increasing every day. Hence, security and
privacy in complex and resource-constrained IoT environments are big challenges and need to
be tackled effectively. The security challenges in IoT are increasing as the attacks are getting
sophisticated day by day. Scholar highlighted that powerful computing devices, e.g., desktop
computers, might be able to detect malware using sophisticated resources. However, IoT
devices have lim- ited resources. Similarly, traditional cybersecurity systems and software are
not efficient enough in detecting small attack variations or zero-day attacks, since both need to
be updated reg- ularly. Moreover, the updates are not available by the vendor in real time,
making the network vulnerable. Machine Learning (ML) algorithms can be employed to improve
IoT infrastructure (such as smart sensors and IoT gateways), and also to improve the
performance of cybersecu- rity systems. Based on the existing knowledge of cyber-threats,
these algorithms can analyze network traffic, update threat knowledge databases, and keep the
underlying systems protected from new attacks. Alongside using ML algorithms, the
researchers have also started using revolutionary Blockchain (BC) technique to protect the
underlying systems. Although ML algorithms and BC techniques have been developed to deal
with cyber threats in the IoT domain, combining these two is something new that needs to be
explored. Privacy goes hand-in-hand with security. Price et al. defined privacy as an application-
dependent set of rules. The authors elaborate that the rules on how the information can flow
depend on the involved entities, processes, frequency, and motives to access data. There are
many applications, such as wearable devices, Vehicular Area NETwork (VANET), health- care
and smart-home that require providing security and protecting the privacy of personal
information. For example, in a crowdsensing application like VANET, the network is dependent
on the data collected from devices to make intelligent decisions on the latest traffic con-
ditions. However, the users of devices might be hesitant to participate due to inadequate
privacy- preserving mechanisms and related threats. Extensive research works based on ML
algorithms and BC techniques have been conducted in the past few years to protect data on
devices and preserve user's privacy people cannot match. It’s not constrained by human
processing limits and doesn’t require much time to think or analyze (Cui et al., 2020; Churcher
et al., 2021; Gaur and Kumar, 2022).

Cybersecurity threats constantly evolve, so accurate manual risk prediction would take too
long. Around 99% of cyberattacks are created by making minor alterations to previous attacks
to create something new that appears nonthreatening. Therefore, they’re treated as harmless
traffic through an IoT network. A machine learning model can combat this with risk prediction
(Ali et al., 2022).

With continuous data collection, it can learn the preferences of attackers and align them with
potential system vulnerabilities to find likely targets. It can then logically conclude when the
next attack will occur. Ultimately, it can improve the resiliency of an IoT network against
attacks.

Securing IoT Networks with Machine Learning

Connected devices are prone to bot attacks that quickly overwhelm them, so a rapid detection
and response tool is necessary. Machine learning models can accurately predict threats, patch
vulnerabilities automatically and respond to incidents without human intervention. They can
secure IoT networks in multiple ways to enhance security (Chawla et al., 2020).
The Internet of Things (IoT) has revolutionized technology in many areas of life. The Internet of
Things model aims to connect people to everything, everywhere, all the time. In general, the
Internet of Things is characterized by a three-layer architecture consisting of perception,
network, and application layers. To ensure the stability of the Internet of Things, security
principles must be applied at each layer. Moreover, the number of vulnerabilities in embedded
subsystems increases with technological progress. Therefore, embedded security is an integral
part of embedded system design. With a technological revolution that enables human-to-
human and machine-to-machine communication, the Internet of Things (IoT) will allow us to
develop new online applications and services for all living beings to improve our quality of life.
Trust is critical in the context of IoT devices and services. In addition, IoT security devices and
networks must be monitored and investigated to prevent damage to system components from
posing unacceptable risks and to ensure effective security by analyzing the social behavior and
ethical use of IoT technologies (Javeed et al., 2020)

The Internet of Things IoT systems have been found to have vulnerabilities that make

them susceptible to various types of attacks. In addition to the risk of losing important

information, other security issues such as confidentiality, privacy, and accessibility also pose a
threat. By monitoring IoT devices and vulnerable resources, it is possible to determine what
types of attacks are likely to occur against low-cost IoT devices

In recent years, the number of IoT devices in our homes and lives has increased

significantly. Technology is advancing rapidly, and the number of computers connected

to the Internet is increasing. It is expected that in the next few years, this number will

multiply and become much larger than it is today. There will be more devices, but they will be
different. The fear is that hackers will take advantage of the growth of this technology to launch
attacks. They will rely largely on discovered vulnerabilities and inadequate user security
settings. This means that not only is this device vulnerable, but so are other devices on the
network. Vulnerabilities in IoT systems can be a problem and lead to devices being exposed to
many types of attacks, including the risk of denial of service and security issues such as
confidentiality, privacy, availability, and vulnerability to attack (Haque et al., 2021).

MQTT is a protocol that can be vulnerable to many forms of cyberattacks and is

used in this study to address issues related to IoT and embedded systems. It helps

in the transmission of low-bandwidth data connection, authentication, communication,

and termination and also the publish/subscribe model. The problem occurs when the

MQTT protocol receives messages or requests from nearby nodes in the same area of the
network, especially in networks where authentication has not been performed. The most well-
known of these attacks is the HELLO flooding attack, which targets an IoT device and floods it
with contact requests until the service is discontinued. To enable routing and data transfer
between IoT devices, the Cooja IoT simulator was used to simulate HELLO flooding attacks
(Hussain et al., 2020)

In recent years, machine learning has made significant progress as machine intelligence has
evolved from a laboratory curiosity to practical machines in several important

applications. IoT device intelligence provides important solutions to new or zero-day

attacks, as these devices can be monitored. Using powerful data exploration methods

(ML), the “normal” and “abnormal” behavior of IoT devices and components in their

environment can be determined. These methods are, therefore, of great importance for
transforming the security of IoT systems into a security-based intelligent system and not only
for secure communication between devices (Mishra et al., 2022).

This research is also a step forward in identifying cybersecurity threats in modern

technology and identifying vulnerabilities in organizations that deploy technologies and

systems. We identify key areas where vulnerabilities may occur within the system to
develop a hardened cybersecurity defense methodology, analyze various classifiers used for
DDOS attack detection, including support vector machine (SVM), random forest (RF), k-nearest
neighbors (KNN), and logistic regression (LR), as well as an artificial neural network, multilayer
perceptron (MLP), naive Bayes (NB), and decision tree (DT), and propose a cybersecurity
incident response plan to help organizations efficiently and quickly respond to security
incidents and also implement intrusion detection systems using Snort to monitor server and
system activities in real-time. The key details of the experiment include protocol analysis,
network flow analysis, intrusion detection, vulnerability scanners, cyberattack defense, and
return to normality. The experimental results are compared with the existing works for
validation. The results show that the random forest algorithm (RF) has high accuracy in
detecting DDoS attacks compared to existing research work (Rehman et al., 2020).

The DDoS accuracy detection rate reported in using support vector machines (SVM), random
forest (RF), k-nearest neighbors (KNN), and logistic regression (LR) classifier artificial neural
networks (ANN) is in the range of 63% to 98%. In this research, we investigated whether
machine learning techniques, including support vector machines (SVM), random forest (RF), k-
nearest neighbors (KNN), logistic regression (LR), naive Bayes (NB) and decision tree (DT)
classifiers can be useful tools to support DDoS attack detection. Additionally, an artificial neural
network-based approach called Multilayer Perceptron (MLP) has been investigated. These
techniques could detect malicious activities and attacks, improve human analysis, and
automate repetitive security tasks. The dataset used in this research was collected by scholar.
The results obtained in this research suggest that random forest (RF) is more suitable for
anomaly detection using machine learning techniques (Strecker et al., 2021)

Pervasive growth and use of the Internet and mobile applications have expanded cyberspace.
The huge distribution of smart sensors and devices around us as an important part related to
our lives makes researchers focus on the security and performance of the Internet of Things
(henceforth IoT). IoT refers to a type of network that allows any object to be connected to each
other using communication protocols. The term IoT was invented by Kevin Ashton in 1999 while
he was developing supply chain optimization at Proctor & Gamble, and according to a recent
statistical study released in 2019, there were a total of 22 billion IoT devices connected
worldwide in 2018. It also projects that the number will be increased to 38.6 billion in 2025 and
50 billion in 2030. Smart objects are called ‘smart’ because these objects are intelligent, and
they can communicate with each other and with human beings. These objects became
powerful as they have embedded chips with small processors, equipped with power sources,
sensors, and data transmitters and receivers (Moh and Raju, 2018).
The IoT shares some security needs with traditional networks, but also has some unique
security measures based on its own characteristics and limitations which make some
differences between it and traditional networks. Peoples and individuals daily store huge data
in the cloud, which makes it a challenge to secure this data and the back-and-forth connections,
especially sensitive and private information. All information should be encrypted before
transfers over the connections; on the other side, the authorized users will have the key to
decrypt the data when arrived (Gupta et al., 2020)
IoT technologies have been employed broadly in many sectors, such as telecommunications,
transportation, manufacturing, water and power management, healthcare, education, finance,
government, and even entertainment. IoT is not an innovation: it is an evolution. IoT is the
combination of technologies, including sensors, advanced automation systems, networking,
data collection, data analysis, and small processing devices embedded into objects. Most of the
IoT and cyber–physical system (CPS) devices are comprised of physical objects, such as smart
vehicles, drones, smart appliances, and other machines/machinery, which are embedded with
sensors for either a single specific application or multiple applications. The wide variety of IoT
devices comes with security and privacy problems. It is not only privacy as people rely more on
technology for different activities such as shopping, banking, doing business, and online
studying. The proliferation of IoT was expected to reach 29 billion connected devices by 2022,
and the IoT market size was anticipated to reach U.S. $54 billion by 2022.. We believe those
numbers increased because of Covid-19 where more people started using online shopping and
online studying more than any time before (Churcher et al., 2021)
Some IoT devices are embedded in public areas and use shared networks, and this makes them
vulnerable and easy to attack.The IoT facilitates integration between the physical world and
computer communication networks and applications (apps) such as infrastructure management
and environmental monitoring make privacy and security techniques critical for future IoT
systems. The IoT ecosystem is likely to be confronted with nonconventional security challenges.
Besides, the security vulnerabilities that the IoT faces due to the heterogeneity and resource
limitations of the IoT devices, the interactions among the IoT, and fog and cloud layers, make
room for additional vulnerabilities (Cui et al., 2020).

There exist several ways IoT nodes connect to the Internet, and this includes communication
protocols such as the Transmission Control Protocol and the Internet Protocol (TCP/IP) using
Message Queue Telemetry Transport (MQTT), Modbus TCP, Cellular, and LongRange Radio
Wide Area Network (LoRaWAN), among others. Theft of sensitive data or network disruptions,
such as Brute Force, Port Scanning, Denial of Service (DoS), Distributed denial of service (DDoS),
Man in the middle (MITM), Remote to Local (R2L), Probing (Probe), User to Root (U2R) and
operating system attacks are all examples of IoT attacks (Bagaa et al., 2020).

The volume of audit data surges rapidly when the network size is enlarged. This makes manual
detection difficult or even impossible, due to the increasing quantities of data transmitted over
the Internet which led to the introduction of new networking paradigms (e.g., the Internet of
Things (IoT), cloud computing, and fog/edge computing, and complex inference models (e.g.,
deep learning (DL)). The concept of machine learning emerged in the middle of the 20th
century; nevertheless, it was not until the 1990s that the application took off (Grover et al.,
2020).
IoT devices are generally limited in computational capability and so are often unable to
incorporate or employ the various security mechanisms and protocols used by more powerful
systems. Intrusion detection systems (IDSs) first collect and process data, and then apply a
detection mechanism to raise alarms which are sent to a human network analyst for further
screening. This survey focuses on ML and DL techniques used in the last five years to secure the
IoT environment. It also considers the devices’ limitations and lists the most important open
challenges and future works for hundreds of studies that help other researchers to improve
Ioonline studying. The proliferation of IoT was expected to reach 29 billion connected devices
by 2022, and the IoT market size was anticipated to reach U.S. $54 billion by 2022. We believe
those numbers increased because of Covid-19 where more people started using online
shopping and online studying more than any time before (Krishnan et al., 2021).
Some IoT devices are embedded in public areas and use shared networks, and this makes them
vulnerable and easy to attack. The IoT facilitates integration between the physical world and
computer communication networks and applications (apps) such as infrastructure
management and environmental monitoring make privacy and security techniques critical for
future IoT systems. The IoT ecosystem is likely to be confronted with nonconventional security
challenges. Besides, the security vulnerabilities that the IoT faces due to the heterogeneity and
resource limitations of the IoT devices, the interactions among the IoT, and fog and cloud
layers, make room for additional vulnerabilities (Hussain et al., 2020).
There exist several ways IoT nodes connect to the Internet, and this includes communication
protocols such as the Transmission Control Protocol and the Internet Protocol (TCP/IP) using
Message Queue Telemetry Transport (MQTT), Modbus TCP, Cellular, and LongRange Radio
Wide Area Network (LoRaWAN), among others. Theft of sensitive data or network disruptions,
such as Brute Force, Port Scanning, Denial of Service (DoS), Distributed denial of service (DDoS),
Man in the middle (MITM), Remote to Local (R2L), Probing (Probe), User to Root (U2R) and
operating system attacks are all examples of IoT attacks (Mishra et al., 2022).
The volume of audit data surges rapidly when the network size is enlarged. This makes manual
detection difficult or even impossible, due to the increasing quantities of data transmitted over
the Internet which led to the introduction of new networking paradigms (e.g., the Internet of
Things (IoT), cloud computing, and fog/edge computing, and complex inference models (e.g.,
deep learning (DL)). The concept of machine learning emerged in the middle of the 20th
century; nevertheless, it was not until the 1990s that the application took off (Waheed et al.,
2020).

IoT devices are generally limited in computational capability and so are often unable to
incorporate or employ the various security mechanisms and protocols used by more powerful
systems. Intrusion detection systems (IDSs) first collect and process data, and then apply a
detection mechanism to raise alarms which are sent to a human network analyst for further
screening. This survey focuses on ML and DL techniques used in the last five years to secure the
IoT environment. It also considers the devices’ limitations and lists the most important open
challenges and future works for hundreds of studies that help other researchers to improve Iot
security (Rehman et al., 2020)

The Internet of Things (IoT) is a powerful digital technology that connects the real and online
worlds. It lets people, things, and machines communicate and interact with each other across
the globe. This creates new ways of doing business and working together. But IoT devices are
also hard to design and secure, so cybercriminals can easily hack them. They use weak
passwords, old software, and malware to take over IoT devices. In 2020, one out of every four
cyberattacks was aimed at IoT devices, and this number will only go up as more people use
these technologies. Malware is one of the biggest dangers for IoT devices, and it shows how
important it is to have better security solutions (Krishnan et al., 2021).

Gaur and Kumar, (2022) state that in October 2016, Dyn, a major DNS provider in the US, was
hit by one of the biggest and strongest DDoS attacks by the Mirai malware family. This malware
infected more than 1.2 million IoT devices, and attacked popular websites like Google and
Amazon.

So, it is very important for researchers to improve the security of IoT devices, especially when
they deal with IoT-related malware. There are many research studies on how to make IoT
devices more secure, such as how to protect IoT communications [2][3]. Jamal Adineh and his
colleagues have categorized various applications of the Internet of Things to identify security
requirements and their upcoming challenges. They analyze traditional encryption solutions to
address issues of privacy, confidentiality, and accessibility (Chawla et al., 2020).

Additionally, they explore emerging technologies such as blockchain and software-defined

networks. In this context, a recent survey conducted by Imran Makhdoom and others
comprehensively addresses security issues and threats posed by IoT devices. Furthermore, they
emphasized that the inherent safety provided by communication protocols does not sufficiently
protect IoT devices from malicious malware and potentially endangering attacks. Hussain and
his associates conducted a survey regarding security issues for IoT devices. (Hussain et al.,
2020).

However, Cui et al. (2020) solely focus on introducing solutions like authentication and
lightweight encryption, not the issue of identifying IoT malware. Furthermore, Felt and
colleagues examined 46 pieces of mobile malware in the wild and collected a dataset to
evaluate the effectiveness of mobile malware identification and prevention methods. Chawla et
al. (2020) presented only a comprehensive review and analysis of all known classes of IoT
malware without delving into approaches for identifying IoT malware. There are two main ways
to find IoT malware: dynamic and static analysis. The dynamic way is to watch executable files
while they run and find weird behaviors. But this way is not very good, because some malware
only acts badly when certain things happen. Also, it is hard to run IoT executable files because
they use different architectures like MIPS, ARM, PowerPC, Sparc, and they have limited
resources (Haque et al., 2021)

The static way is to look at and find bad files without running them. One big benefit of static
analysis is that it can see what the malware is made of. This means that we can see all the
possible ways the malware can work, no matter what kind of processor it uses. This is great for
dealing with the variety of IoT devices (Javeed et al., 2020)

However, there is not much research on how to use static analysis to find IoT malware, even
though there are many studies on IoT security and malware detection. Identifying IoT malware
is becoming a key issue for ensuring the security of the internet system and personal data. In
summary, IoT malware identification methods can be divided into two groups: non-graph-based
and graph-based methods. Non-graph-based methods can achieve good results when
identifying malware without customization or obfuscation, but they potentially lose their
accuracy when identifying clear malware. On the other hand, graph-based methods show
advantages when analyzing the control flow of IoT malware, so despite the complexity of these
methods, they have the potential to identify precise malicious codes that are invisible or
complicated. Based on the mechanism, detection analysis and processing time, the advantages
and limitations of the work done so far, they can be used to improve efficiency in future
research. As a further development of this work, a lightweight graph-based detection method
can be designed and developed that helps to detect malicious executable files in IoT devices
(Pandey, 2017).

The initial approach for identifying IoT devices on the internet involves scanning the entire 4Ipv
address space. The use of scanners to find specific types of devices has been demonstrated, as
shown in. Researchers illustrate how Shodan, Masscan, and Nmap can be used to identify
particular vulnerable IoT models. Similarly, CERN network researchers analyzed and attempte
to identify IoT devices using web scraping. They identified all devices, initially by scanning their
open ports and subsequently by scraping their web interfaces when they had a port. Using this
technique, they successfully identified numerous models and manufacturers of Internet of
Things devices. They then conducted vulnerability assessments on the identified devices, noting
that 11% were vulnerable by default and an additional 13% could be easily guessed through
default credential verification (Strecker et al., 2021)
The second intriguing approach to identify Internet of Things devices involves traffic capture.
Although this is a new research area, some researchers have developed techniques to identify
devices based on traffic capture. Most of these techniques are based on domain names that the
devices contact, as they can be easily obtained from the captures as they are not encrypted in
DNS lists. Authors propose a model for fingerprinting IoT devices behind NAT (Network Address
Translation) and identifying them in a precise and explainable manner. Their idea involves
indexing each device with a list of domains related to their query frequency. Since researchers
cannot own all IoT devices, Princeton University researchers crowdsourced IoT identification
and suggested Inspector-IoT, a tool aimed at collecting device traffic to create datasets for IoT
identification. This tool is intended to be run by volunteer users who have devices on their
personal computers (Hodo et al., 2016).
Ali et al. (2022) attempted to identify Internet of Things traffic to measure the growth of IoT
devices. They propose three detection techniques: IP-based, DNS-based, and TLS-based. The
IPbased technique works by listening to DNS traffic to record IP address profiles of devices
purchased. The second technique, DNS-based, is similar to the previous one, except that
working with domain names instead of IP addresses prevents changes over time and facilitates
identification of third-party and manufacturer domains thanks to domain names and WHOIS
information. These techniques exhibit high accuracy in their own devices and seem to be more
flexible over time as they have identified devices through several years of old traffic captures.
Finally, the TLS-based detection method aims to identify IoT devices that present an HTTPS
interface (e.g., IP cameras). Researchers analyze web page TLS certificates and search for
keywords that can identify the manufacturer or type of device. Previous studies primarily
conducted traffic detection on a local scale, for example, within a university environment.
Authors studied IoT device detection on a larger scale: transferring detection to the ISP
(Internet Service Provider) or IXP (Internet Exchange Point) level. The detection technique relies
on specific IoT infrastructure detection. Researchers initially identify domains that devices
contact by monitoring DNS traffic and classify them into specific IoT domains and public
domains. Then they obtain IP addresses associated with IoT-specific domains using DNSDB and
filter out those shared across multiple services to derive dedicated infrastructure. Ultimately,
the endpoint (IP address, port) is linked to the related device, creating a profile for each type of
device. This method achieves excellent detection performance in evaluating functions;
however, researchers acknowledge its limitations as it cannot identify devices that were not
part of the training set and does not work well for devices with limited network traffic (Al-Taleb
and Saqib, 2022).
Malware analysis in the Internet of Things is performed using static, dynamic, and hybrid
analysis techniques. Scholar were the first to perform malware analysis based on gray-scale
images in 2011. Visual images of malware are created by rewriting the eight-bit code value of
executable files to the corresponding gray-scale value. Texture features are extracted from
these images. Texture-based analysis for Internet of Things malware in the field of deep
learning is emerging. Evanson and colleagues proposed an approach for analyzing malware
using texture images of malware files and machine learning in IoTPOT. They provided Haralick
texture features from the cooccurrence matrix and used machine learning classifiers. Carillo
and colleagues examined the forensic and reverse engineering capabilities of malware for
identifying IoT malware. They initially used machine learning to identify malware for Linux-
based IoT systems. They also discovered new malware using clustering techniques. They utilized
the dataset (Chawla et al., 2020).
Aldhaheri et al. (2023) used machine learning capabilities to identify Mirai botnet attacks in the
Internet of Things. They used ANN for evaluation in the BaIoT-N dataset. Churcher et al. (2021)
used deep learning for analyzing IoT traffic malware. They applied 50ResNet for empirical
validation of their concept using a 1000-network file (pcap). Scholar proposed a lightweight
approach to identify Internet of Things malware. They targeted DDoS malware for their study
and extracted malware images from IoTPOT binaries. Their experimental setup demonstrated
performance for identifying DDoS malware and benign software. Grover et al. (2020) presented
a comprehensive malware detection mechanism for IoT Android devices. They collected 8000
malicious APK files and 8000 harmful files respectively from the Google Play store and
VirusShare. They utilized deep learning importance for evaluating their concept.
Pandey (2017) identified industrial IoT malware with a proposed deep analysis of CNN-based
traffic. They used color images of the intended malware for identification in the Mobile Leopard
dataset.

Concerns over security and privacy regarding computer networks are increasing in the world,
and computer security has become a requirement as a result of the spread of information
technology in daily life. The raise in the amount of Internet applications and the appearance of
modern technologies such as the Internet of Things (IoT) are followed with new and recent
efforts to invade computer networks and systems. The Internet of Things (IoT) is a set of
interrelated devices where the devices have the ability to connect without the need for human
intervention. With IoT, many things that have sensors (such as coffee makers, lights, bicycles,
and many others) in areas like healthcare, farming, transportation, etc. can connect to the
Internet. By saving time and resources, IoT applications are changing our work and lives. It also
has unlimited advantages and opens numerous opportunities for the exchange of knowledge,
innovation, and growth (Javeed et al., 2020).
Every security threat within the Internet exists within the IoT as well because the Internet is the
core and center of the IoT. Compared to other traditional networks, IoT nodes have low
capacity and limited resources, and do not have manual controls. Also, the rapid growth and
broad dailylife adoption of IoT devices makes IoT security issues very troublesome, raising the
need to develop security solutions based on networks. While current systems perform well in
identifying some attacks, it is still challenging to detect others (Moh and Raju, 2018).

As network attacks grow, along with a massive increase in the amount of information present in
networks, faster and more effective methods of detection of attacks are required and there is
no doubt that there is scope for more progressive methods to improve network security. In this
context, in order to provide embedded intelligence in the IoT environment, we can consider
Machine Learning (ML) as one of the most effective computational models. Machine learning
approaches have been used for different network security tasks such as network traffic analysis,
intrusion detection and botnet detection (Rehman et al., 2020)
According to Mishra et al. (2022) machine Learning can be described as an intelligent device’s
ability to modify or automate a knowledge-based state or behavior, which is considered a
critical part of an IoT solution. ML has the ability to infer helpful knowledge from data
generated by devices or humans, and ML algorithms are used in tasks such as regression, and
classification. Likewise, in an IoT network, ML can be used to provide security services

The use of machine learning in attack detection problems is becoming a hotly pursued subject,
and ML is being used more and more in different applications in the cybersecurity field.
Although many studies in the literature have used ML techniques to discover the best ways to
detect attacks, only limited research exists on efficient detection methods suitable for IoT
environments (Javeed et al., 2020).

Machine learning can be applied to the attack detection task via two main types of cyber-
analysis: signature-based (sometimes also called misuse- based) or anomaly-based.
Signaturebased techniques are designed to detect known attacks by using
specific traffic characteristics (also known as “signatures”) in those attacks. One of the
advantages of this class of detection technique is its ability to detect all known attacks
effectively without generating an overwhelming number of false alarms (Haque et al., 2021).

In the literature, some works use signature-based techniques to detect attacks; for instance, in
the domain of network traffic analysis, applied four different machine learning techniques as
preliminary tools to learn the features of some known attacks. Signature-based techniques
were also used in to identify compromised machines by identifying botnet network traffic
patterns. The main drawbacks of signaturebased approaches are that the efficient use of these
approaches requires frequent manual updates of attack traffic signatures and that these
approaches cannot detect previously unknown attacks. The second class of detection methods
is anomalybased detection. This class models normal network behavior, and anything abnormal
is considered an attack. The ability of this class to detect unknown attacks makes it appealing to
use. The essential issue with anomaly-based techniques is the possibility of high false alarm
rates (FARs), as previously unknown (even though legal) behaviors can be considered as
anomalies. Signature and anomaly detection techniques can be combined as a hybrid
technique. One of the hybrid technique examples is presented in [8] where this technique is
used to increase the detection rates of known attacks and reduce the false positive (FP) rate for
unknown attacks (Krishnan et al., 2021; Strecker et al., 2021)
Network traffic has seen unprecedented growth in the last decades. With growing volumes of
Internet-connected devices, cheaper cloud storage, growing smartphone technology,
decreasing device and network hardware costs, and the advent of 5G technology, it is predicted
that by 2023, there will be 3X more networked devices on earth than humans. A Cisco Annual
Internet Report Forecasts 5G to support more than 10% of Global Mobile Connections by 2023.
This growth in network traffic and Internet-connected devices has resulted in an increase of
malicious attacks over the network that can sometimes be difficult to detect. A network attack
is a type of cyber-attack in which the attacker attempts to gain unauthorized access into a
computer network or an Internet-connected device for malicious purposes or reconnaissance.
Cyber-attacks rank as the fastest growing crime in the U.S., causing catastrophic business
disruption. Globally, cybercrime damages are expected to reach US $10.5 trillion annually by
2025 (Strecker et al., 2021). NIST defines a cyber-attack (breach) as, “An attack, via cyberspace,
targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying,
or maliciously controlling a computing environment/infrastructure; or destroying the integrity
of the data or stealing controlled information”. Over the years, Cybercrime has moved on from
targeting and harming people, computers, networks, and smartphones - to cars, power-grids,
smart devices, and anything that can connect back to the Internet (Krishnan et al., 2021)

The Internet of Things (IoT) has come a long way since the 80s when early IoT designers
(students) at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending
machine to remotely check on the temperature and availability of their favorite beverages. IoT
devices and technology have gone mainstream these days, with IoT devices remotely
controlling our home speakers, smart elevators, cars, household appliances, power plants,
security cameras, baby cams, smart buildings, medical devices, freight, etc. These devices
connect back to the Internet via traditional copper wires, fiber, and telecom technology for
remote control functionality, thereby making them game for malicious actors using the
Internet. IoT devices are often shipped to users with minimal logon security, operating system
vulnerabilities, and overall poor security design. This can be mostly attributed to keeping costs
down, ease of use for the user, and inadequate security foresight by the manufacturers (Gupta
et al., 2020). Consequently, the attack surface of IoT devices has greatly grown, triggering
security and privacy concerns. The infamous scholar self-replicated by seeking out hundreds of
thousands of home routers with weak or non-existent passwords. The roll-out of the 5G mobile
networks may further embolden IoT cyber attackers due to the advantage of high bandwidth,
ultra-low latency, and fundamentally new networking capabilities of 5G technology. IoT tangibly
solves many business problems across industries such as healthcare, smart cities, building
management, utilities, transportation, and manufacturing (Mishra et al., 2022). About 30% of
devices on enterprise networks today are network-connected IoT devices, making them
potential targets over a network. Unlike traditional IT assets like servers and endpoints, these
network-connected devices may not be well maintained and documented by IT teams. Such
assets can easily be missed from an organization’s proactive security monitoring apparatus. IoT
devices are also found in home networks and may not have adequate security controls or
infrastructure to protect them. With more and more diverse types of IoT devices continuing to
connect to the network, there can be a dramatic broadening of the attack surface. All it takes
for a successful intrusion is the diminished integrity of a weak asset on the network (Rehman et
al., 2020).
Predictive capabilities are incredibly beneficial in any industrial setting, especially in thwarting
cyber-attacks. Machine learning helps solve tasks (such as regression, clustering, classification,
dimensionality reduction, etc.) using an approach/method based on available data. A popular
area of machine learning application in cybersecurity is helping businesses detect malicious
activity faster and stop attacks before they get started. Cybersecurity should be implemented in
layers against any asset. It must be noted that machine learning alone will never be a silver
bullet for cybersecurity, but when coupled with other controls, it can improve intrusion
detection. While extensive research has been undertaken to predict/detect network attacks on
common Information Technology assets, little research has been conducted towards IoT device
attacks. In this research, we apply machine learning approaches towards IoT attack detection
using the IoTID20 dataset that was built on the network traffic of botnet attacks against IoT
devices (Moh and Raju, 2018).

Strecker et al. (2021) state that three feature selection models are chosen, and the prediction
of an attack based on supervised learning is presented by applying three classifiers against each
feature selection model.

As the number of internet-connected devices continues to grow, the need for robust
cybersecurity measures to protect against cyber threats has become increasingly important. IoT
cybersecurity refers to the methods and technologies used to secure internet-connected
devices and systems from cyber attacks. The unique nature of IoT devices and systems presents
several challenges to cybersecurity. IoT devices often have limited processing power and
memory, making them more vulnerable to attacks such as denial-of-service (DoS) and
distributed denial-of-service (DDoS) attacks. Additionally, many IoT devices are designed with
minimal security features, making them easy targets for hackers (Waheed et al., 2020)
Cybersecurity for IoT involves a range of strategies, including encryption, authentication, access
control, and threat detection and response. Encryption helps protect the privacy and integrity
of data transmitted between IoT devices, while authentication and access control ensure that
only authorized users can access and interact with IoT systems. Threat detection and response
involve the use of technologies such as machine learning and artificial intelligence to identify
and respond to potential cyber attacks in real-time. Ensuring strong cybersecurity for IoT is
crucial for a range of industries, including healthcare, manufacturing, and transportation, as IoT
devices are increasingly used to control critical systems and infrastructure. As the number of
IoT devices continues to grow, it is essential to prioritize cybersecurity and implement robust
measures to protect against cyber threats (Chawla et al., 2020).

For the first project, we understood that as the protected design of computer networks shifts
towards unrestricted connection, the network gains increased flexibility, widespread coverage,
and cognitive capabilities. These improvements have expedited the progress of advanced
internet technologies, such as big data, cloud computing, the Internet of Things (IoT), and
networks that can be programmed. However, the possibility of a DDoS attack caused by
centralized control becomes more evident with software-defined network architecture. There
are two types of IDS, namely vulnerability assessment and anomaly detection. Vulnerability
assessment identifies attacks through recognized signatures, while anomaly detection detects
unusual attacks based on normal usage patterns. Detecting unknown threats is challenging
using abuse and anomaly detection. Although anomaly detection is helpful in identifying them,
it has a high rate of false alerts because defining a range of typical usage patterns is complex
(Cui et al., 2020).

Currently, identifying DDoS attacks is considered one of the most difficult network attack types.
These attacks aim to exhaust the target network or platforms, rendering the victim unable to
carry out routine operations. DDoS attacks can be divided into two categories: resource
bandwidthconsuming attacks and system resource-consuming attempts. Resource bandwidth
attacks utilize many zombie hosts to rapidly generate a large amount of traffic, which is then
directed towards the victim's server, completely consuming its network bandwidth resources
(Haque et al., 2021).

One type of attack that can occur is flooding, which involves sending a large number of
repeated packets such as UDP, TCP, and ICMP packets. This flooding attack can result in UDP
flooding, TCP flooding, or ICMP flooding. Another type of attack is amplification, which can be
accomplished through reflection, such as in DNS reflection amplification attacks. In system
resource attacks, attackers can take advantage of protocol vulnerabilities to use the victim's
host resources (Javeed et al., 2020).

The traditional methods of network analysis and data processing face several challenges and
difficulties, such as the reliability of the analysis and the real-time handling of vast amounts of
data. In cellular networks, the behavior of network traffic can be extremely complex due to
various factors, including device mobility and network heterogeneity. Deep learning has been
effective in dealing with large-scale data analysis and discovering complex patterns. Networking
researchers are utilizing deep learning techniques for traffic monitoring and analysis
applications, such as traffic prediction and categorization, due to their success. Traditional
machine learning methods based on expert-generated features are outdated and unable to
keep up with the increasing number of applications and the ever-changing nature of mobile
traffic (Mishra et al., 2022).

As cyberattacks become more advanced, it is getting harder to identify them in various sectors
such as industry, national defense, and healthcare. Traditional intrusion detection systems are
not able to recognize complex attacks with unconventional patterns. Attackers are able to avoid
detection by pretending to be normal users. Deep Learning (DL) has the potential to address
these challenges. DL-based intrusion detection does not rely on a significant amount of
malicious activity or a predefined set of typical activities to establish detection rules. Instead, DL
autonomously identifies intrusion patterns through empirical data learning (Hodo et al., 2016).
The main objective of our first project is to examine innovative techniques in the field of
metainnovation by utilizing an IDS (Intrusion Detection System) based on deep learning. The
primary focus of the project is to detect DDoS (Distributed Denial of Service) attacks in IoT
(Internet of Things) environments using various machine learning algorithms such as MLP
(MultiLayer Perceptron), LSTM (Long Short-Term Memory), BiLSTM (Bidirectional LSTM), KNN
(KNearest Neighbors), SVM (Support Vector Machine), LDA (Linear Discriminant Analysis), DT
(Decision Tree), and RF (Random Forest). The NSL-KDD (Network Security LaboratoryKnowledge
Discovery and Data Mining) dataset is used in this project, and it consists of two labels, 0 and 1,
representing abnormal and normal behavior, respectively. The findings of the classification
process are presented using a confusion matrix.

In the second project we realized that anomalies in an internet of things (IoT) network provide
important information about network traffic and patterns. The presence of anomalies does not
necessarily suggest a destruction of the network, but they do offer valuable insight into the
nature of the issues relating to anomalies in the network. Thus, using a fingerprint is one
method of detecting irregularities in IoT-connected devices. The fingerprint is one of the most
important components of the network for identifying IoT devices attached to it. Researchers
face a number of challenges in identifying potential abnormalities in networked systems. Active
fingerprinting provides additional information regarding connected devices, but it limits its use
since it must be able to identify the device and apply security regulations when a network
abnormality occurs. It may therefore be more appropriate to use the passive fingerprinting
technique on any networkconnected device instead of using the active fingerprinting
technique. As there is no additional monitoring traffic sent to the network with the passive
fingerprint approach, the network capacity is also utilized far less. A passive fingerprinting
approach uses properties of USB hardware, features from protocol headers, and unique
deviations from device clocks to create unique fingerprints for a device.
Identifying abnormalities in IoT devices on a network can help manage network resources and
security rules effectively. If a collection of characteristics can be utilized to describe the device's
typical behavior, the model may be the main foundation for identifying aberrant device
behavior of the same kind. Anomaly diagnosis can reveal consequences of device errors/faults
other than assaults, which are often hidden from security technologies. The selection of a
security strategy in this situation is dependent on an accurate identification of the type of
equipment. A bad forecast not only contributes to the slowdown of the device but also
compromises the security of the network. Our second project aims to identify devices in a
network in order to facilitate the identification of unusual behavior in IoT devices. Using
machine learning, we propose a featurebased approach to introduce a fingerprint technique
and identify unusual device behaviors (Grover et al., 2020).

The Internet of Things (IoT) is one of the emerging technologies that aims to simplify human
lives. However, there are significant security and privacy concerns associated with this
technology that can be exploited. IoT devices often operate in unattended environments,
making them easily susceptible to manipulation, and communicate through wireless
technologies, which makes them vulnerable to eavesdropping. The IoT is a network of
interconnected devices that enable seamless data exchange between physical devices, such as
wearable technology, autonomous cars, industrial robots, medical and healthcare equipment,
smart TVs, and smart city infrastructures that can be monitored and controlled remotely. It is
predicted that IoT devices, which have access to sensitive data like personal information and
bank details, will become more prevalent than mobile devices. In fact, IoT systems today often
span across cloud and fog/edge layers, composed of multiple interconnected devices, resulting
in a significant attack surface area (Hodo et al., 2016).

The unique features of IoT networks raise serious security and privacy concerns. Traditional
computer security technologies are ineffective when applied to IoT networks due to the low
computing capacities of IoT devices, limited power resources, communication technologies,
software vulnerabilities, and lengthy security software update cycles. While security-enhancing
techniques such as encryption, certification, and authentication mechanisms like DTLS
(Datagram Transport Layer Security) can significantly improve security, they may not
completely protect against unauthorized access to IoT network devices. Therefore, ensuring the
security of IoT networks is one of the primary objectives in the development of information
security technology. All layers of the IoT application, including the hardware level where data is
gathered, the network level where data is transmitted to the data processing center, and the
cloud level/databases where data is stored, are potential targets for IoT attacks. Scholar
proposed an Intrusion Detection System (IDS) that uses a machine learning technique called
Self-Organizing Map (SOM) to protect IoT devices from cross-site Scripting (XXS) attacks at the
application layer (Strecker et al., 2021)
The performance of this approach was validated with real-time datasets and found to be
effective. Strecker et al. (2021) conducted a study on the vulnerabilities of the Routing Protocol
for Low-Power and Lossy Networks (RPL) at the network layer of IoT applications. They
proposed a deep learning approach based on Gated Recurrent Unit (GRU) network model,
considering energy consumption and power resources, to detect and prevent Hello Flooding
(HF) attacks in this routing protocol. The use of machine learning techniques is one of the
popular modern approaches to identifying anomalies and identifying attacks in computer
networks. In the current application of Machine Learning in IoT intrusion detection systems,
there are certain problems with using machine learning (ML) approaches to detect IoT intrusion
threats. To illustrate, the first forms of intrusion attacks that have been investigated are rather
simple, and more sophisticated attacks have not been taken into account. The second
procedure of processing a large volume of data is quite difficult; in order to identify useful
features for training ML models, a vast number of features must be extracted, which uses a lot
of resources. Therefore, a lightweight method is required to automatically extract a small
number of features for the ML model to detect various numbers of attacks. In our earlier
research, feature selection issues were investigated and robust features were chosen by putting
forth several kinds of techniques for traffic identification and attacks traffic detection.
Similarly, in and, for accurate network traffic classification using ML algorithms, many feature
selection techniques are given to address the issue of selecting features. But based on the
previous study, we concluded that taking more feature sets is ineffective for correct
identification using ML approaches and this might reduce the accuracy of ML classifiers and
increase computing complexity. However, no efficient ML model has yet been established for
the identification of IoT network cyberattack traffic (Javeed et al., 2020). In order to propose a
novel method that addresses this problem, it is essential to analyze the effective feature
selection problem for anomaly and malicious traffic in the IoT network.
Research Objectives
In this research paper, we make the following contributions.

1. Providing an exhaustive survey and critical review of recent trends in cyber threat detection
methodologies.

2. Presenting a range of ML techniques, emphasizing their respective approaches, applications,

and pros and cons.

3. Conducting a comparative analysis of cutting-edge ML-based Intrusion Detection Systems

(IDSs).

4. Discussing the current unresolved issues and challenges within IoT Security.

5. Providing the future vision with Generative AI.

Reference

Al-Taleb, N., & Saqib, N. A. (2022). Towards a hybrid machine learning model for intelligent cyber threat
identification in smart city environments. Applied Sciences, 12(4), p. 1863.

Aldahiri, A., Alrashed, B., & Hussain, W. (2021). Trends in using IoT with machine learning in health
prediction system. Forecasting, 3(1), 181-206.

Aldhaheri, A., Alwahedi, F., Ferrag, M. A., & Battah, A. (2023). Deep learning for cyber threat detection in
IoT networks: A review. Internet of Things and Cyber-Physical Systems.

Ali, M. H., Jaber, M. M., Abd, S. K., Rehman, A., Awan, M. J., Damaševičius, R., & Bahaj, S. A. (2022).
Threat analysis and distributed denial of service (DDoS) attack recognition in the internet of things (IoT).
Electronics, 11(3), p. 494.

Bagaa, M., Taleb, T., Bernabe, J. B., & Skarmeta, A. (2020). A machine learning security framework for iot
systems. IEEE Access, 8, pp. 114066-114077.

Chawla, N., Singh, A., Kumar, H., Kar, M., & Mukhopadhyay, S. (2020). Securing iot devices using dynamic
power management: Machine learning approach. IEEE Internet of Things Journal, 8(22), 16379-16394.

Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., ... & Buchanan, W. J. (2021).
An experimental analysis of attack classification using machine learning in IoT networks. Sensors, 21(2),
p. 446.

Cui, J., Wang, L., Zhao, X., & Zhang, H. (2020). Towards predictive analysis of android vulnerability using
statistical codes and machine learning for IoT applications. Computer Communications, 155, pp. 125-
131.
Das, A., Nayeem, Z., Faysal, A. S., Himu, F. H., & Siam, T. R. (2021, March). Health monitoring IoT device
with risk prediction using cloud computing and machine learning. In 2021 National Computing Colleges
Conference (NCCC) (pp. 1-6). IEEE.

Gaur, V., & Kumar, R. (2022). Analysis of machine learning classifiers for early detection of DDoS attacks
on IoT devices. Arabian Journal for Science and Engineering, 47(2), pp. 1353-1374.

Grover, M., Sharma, N., Bhushan, B., Kaushik, I., & Khamparia, A. (2020). Malware threat analysis of IoT
devices using deep learning neural network methodologies. Security and Trust Issues in Internet of
Things, pp. 123-143.

Gupta, R., Tanwar, S., Tyagi, S., & Kumar, N. (2020). Machine learning models for secure data analytics: A
taxonomy and threat model. Computer Communications, 153, pp. 406-440.

Haque, N. I., Rahman, M. A., Shahriar, M. H., Khalil, A. A., & Uluagac, S. (2021). A novel framework for
threat analysis of machine learning-based smart healthcare systems. arXiv preprint arXiv:2103.03472.

Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P. L., Iorkyase, E., Tachtatzis, C., & Atkinson, R. (2016,
May). Threat analysis of IoT networks using artificial neural network intrusion detection system. In 2016
International Symposium on Networks, Computers and Communications (ISNCC) (pp. 1-6). IEEE.

Hussain, F., Hussain, R., Hassan, S. A., & Hossain, E. (2020). Machine learning in IoT security: Current
solutions and future challenges. IEEE Communications Surveys & Tutorials, 22(3), pp. 1686-1721.

Javeed, D., Badamasi, U. M., Iqbal, T., Umar, A., & Ndubuisi, C. O. (2020). Threat detection using
machine/deep learning in IOT environments. International Journal of Computer Networks and
Communications Security, 8(8), pp. 59-65.

Krishnan, S., Neyaz, A., & Liu, Q. (2021). IoT network attack detection using supervised machine learning.

Mishra, S., Albarakati, A., & Sharma, S. K. (2022). Cyber Threat Intelligence for IoT Using Machine
Learning. Processes, 10(12), p. 2673.

Moh, M., & Raju, R. (2018, July). Machine learning techniques for security of Internet of Things (IoT) and
fog computing systems. In 2018 International Conference on High Performance Computing & Simulation
(HPCS) (pp. 709-715). IEEE.

Pandey, P. S. (2017, July). Machine learning and IoT for prediction and detection of stress. In 2017 17th
International Conference on Computational Science and Its Applications (ICCSA) (pp. 1-5). IEEE.

Rehman, A., Liu, J., Keqiu, L., Mateen, A., & Yasin, M. Q. (2020). Machine learning prediction analysis
using IoT for smart farming. Int. J, 8(9), pp. 1-6.
Strecker, S., Van Haaften, W., & Dave, R. (2021). An analysis of IoT cyber security driven by machine
learning. In Proceedings of International Conference on Communication and Computational
Technologies: ICCCT 2021 (pp. 725-753). Springer Singapore.

Waheed, N., He, X., Ikram, M., Usman, M., Hashmi, S. S., & Usman, M. (2020). Security and privacy in IoT
using machine learning and blockchain: Threats and countermeasures. ACM Computing Surveys (CSUR),
53(6), pp. 1-37.