1 A comprehensive study of various cyber attacks against IoT devices and 53

2 54
3
security measures to prevent them 55
4 56
5 57
6
NILOY, FARDIN AHMED, 16-33038-3, F, CSE, AIUB 58
7 MD. NOZIB UD DOWLA, 16-33040-3, F, CSE, AIUB 59
8 60
9
SYED FAZLUL KARIM, 16-33037-3, F, CSE, AIUB 61
10 62
Internet of Things is the interconnected smart device throughout the Internet with different kinds of applications. Lately, IoT devices
11 63
are becoming increasingly popular because it makes our life more comfortable. However, due to various uses of IoT devices, there are
12 64
13
many devices which use different types of architecture. Thus, increasing the complexity to maintain the security of those devices. An 65
14 IoT device may hold personal information such as name, address, blood group, banking information etc. So, It is essential to secure IoT 66
15 devices so that information does not get leaked. In this paper, we will discuss different types of attack that are performed against 67
16 different types of IoT devices, and we will present methods to prevent them. 68
17 69
18
CCS Concepts: • Computer systems organization → Embedded systems; Redundancy; Robotics; • Networks → Network 70
19 reliability. 71
20 72
Additional Key Words and Phrases: datasets, neural networks, gaze detection, text tagging
21 73
22 ACM Reference Format: 74
23 Niloy, Fardin Ahmed, MD. Nozib UD Dowla, and Syed Fazlul Karim. 2018. A comprehensive study of various cyber attacks against 75
24 76
IoT devices and security measures to prevent them. In Woodstock ’18: ACM Symposium on Neural Gaze Detection, June 03–05, 2018,
25 77
Woodstock, NY . ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/1122445.1122456
26 78
27 79
28
1 INTRODUCTION 80
29 Project: Systematic Literature Review on cyber attacks against IoT devices and security measures to prevent them. 81
30 82
In recent time, the number of Iot devices has increased dramatically. Internet of things has become part and parcel of
31 83
32
our life. Every electronic household product ranging from light bulbs to refrigerators nowadays is connected to the 84
33 internet. 85
34 In this modern era, it is a common way to use devices with voice or monitor various things such as security cameras, 86
35 87
health data, road traffic from smartphone. However, this convenience comes at the cost of our security. Because each
36 88
37
product is different and performs several tasks, developers use different protocols, creating security loopholes. 89
38 Often it seems that to manufacture devices at low cost, companies tend not to provide essential security features such 90
39 as HTTPS network protocol. An IoT device has lots of sensors which collects our data; for example, A security camera 91
40 92
monitors record videos of our office or home. That data is then sent to us over the internet to our phones. Most of the
41 93
42
time collected data are not encrypted. Moreover, many IoT devices still use HTTP protocol giving an attacker the ability 94
43 to eavesdrop on a device. Without encrypting data or securing network an attacker can easily collect those personal 95
44 information. Due to the various uses of IoT devices, no standard is being followed. Thus, increase the complexity to 96
45 97
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not
46 98
made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components
47 99
of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to
48 100
redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org.
49 101
© 2018 Association for Computing Machinery.
50 Manuscript submitted to ACM 102
51 103
52 1 104
 Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.

105 maintain the security of those devices. 157

106 158
Researchers have estimated that by 2020 the number of IoT devices will be 38.8 billion and an increase from 13.4 billion
107 159
in 2015, growth over 285% . Because of increasing popularity, IoT devices are attracting hackers. An IoT device may
108 160
109 hold personal information such as name, address, blood group, banking information. It can cause catastrophic damage 161
110 if such information are leaked. So, it is essential to keep IoT devices secure. 162
111 163
To prevent such catastrophic damage, we need to learn about different types of layers that IoT devices tend to use. By
112 164
studying this information, we can gain knowledge about securing various IoT devices. That is why in this paper, we
113 165
114 will discuss about various types of IoT layers and show a way to secure those layers. 166
115 167
116 1.1 Requirements 168
117 169
118 (1) Review at least 9 Papers (published in Journal / Conference). All papers must be listed in the Reference section. 170
119 (2) Each member is supposed to read through 3 papers. Table 4 should detail who read what. 171
120 172
(3) Submitted paper must contain all the sections provided in this template.
121 173
(4) Sections written by each group member must be listed in Table 5.
122 174
123 (5) Recommended page limit is 6> ?? <10 including reference. Minimum is 3 pages (excluding title, author names 175
124 and references). 176
125 177
(6) Use this template to write your paper. All information in this template must be duly filled. Any missing information
126 178
will lead to penalty.
127 179
128 (7) Plagiarism count above 30% will be graded as ’F’ and is non-negotiable. All other bellow it will be considered. 180
129 (8) Plagiarism count between 0% and 10% will be considered for bonus marks within the range of 1 to 5. 181
130 182
(9) Information missing in Table 4 and Table 5 will be penalized for the students for whom the information is
131 183
missing.
132 184
133 (10) There will be a one-to-one viva on the submitted paper for evaluation. 185
134 186
135 1.2 Submission detail 187
136 188
137 Email: mahbubul.syeed@aiub.edu 189
138 Email Subject: RM Final Project_Section_Group NO 190
139 Email body: 191
140 192
141 • Section: 193
142 • Group No: 194
143 195
• Project name:
144 196
145 • Member 1: name and id 197
146 • Member 2: name and id 198
147 • Member 3: name and id 199
148 200
149 Email Attachment: 201
150 202
151
• final version of the paper (pdf) 203
152 • name the pdf: section_group.pdf (e.g., E_G8.pdf) 204
153 • overleaf project file (ZIP) 205
154 206
155 Submission Deadline: 16-04-2020 11:00 AM. 207
156 2 208
 A comprehensive study of various cyber attacks against IoT devices and security measures to preventWoodstock
them ’18, June 03–05, 2018, Woodstock, NY

209 2 RESEARCH METHODOLOGY 261

210 262
211
We are performing Systematic Literature Review. To perform a SLR we need to follow some pre-defined reserach 263
212 protocol for avoiding research bias [13]. Detailed discussion on those protocol are presented in below sections. 264
213 265
214 2.1 Research Objective 266
215 267
216
The fundamental purpose of this research is to gather knowledge on previous work’s people about various cyber attacks 268
217 that are performed against IoT devices and discuss the possible measures to prevent them. To accomplish our goals we 269
218 will discuss about different layers, protocols and architectures that are used by different types of IoT devices. 270
219 271
220 272
2.2 Research Questions
221 273
222 It is essential to have specific research questions. Our research question follows the context of IoT attacks and security 274
223 measurements. In order to answer our research questions, we have followed the defined task. We followed Schabram’s 275
224 276
[17] methodology for knowledge gathering.
225 277
226 278
227
2.3 Article Selection 279
228 Selecting an article is an iterative process. Selected articles need to be focused on IoT security and prevention. The 280
229 281
article must be unbiased.
230 282
231 283
2.3.1 Keywords and Search String. For searching articles, keywords and search strings play a vital role. Nowadays, an
232 284
233
automated search is used for an initial literature survey. Most digital libraries have this feature. For this paper keywords 285
234 includes iot architecture, ids deep learning, iot network, iot layers, systematic literature survey, information security, 286
235 network security, embedded systems, IoT protocols. 287
236 288
237 2.3.2 Digital Libraries to Search. For digital libraries we used 289
238 290
239
• IEEE Xplore 291
240 • ACM digital library; 292
241 • ScienceDirect; 293
242 294
• SpringerLink
243 295
244 2.3.3 keyword search and Manual Selection. Due to lack of consistent set of keywords, digital libraries do not provide 296
245 297
good support, so it is necessary to perform manual searches for article selection. By doing this process, we have selected
246 298
247 the paper for further knowledge gathering. 299
248 300
249
2.3.4 Final set of Articles. Upon further reading the papers, we have selected **** paper for our research. Based on 301
250 those finding we discussed and answered our research questions. 302
251 303
252 3 DISCUSSION 304
253 305
254 3.1 ATTACKS AGAINST IOT LAYERS 306
255 307
It is essential to understand the operational phases of IoT devices. An IoT device operates in 3 phases. They are Collection
256 308
Phase, Transmission phase, and Processing phase.
257 309
258 𝑪 𝒐𝒍𝒍𝒆𝒄𝒕 𝒊𝒐𝒏 Phase: In this phase, IoT device collects various information from its environment using communication 310
259 technologies or sensors. Those sensors are usually low power, has low processing capabilities. 311
260 3 312
 Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.

313 𝑻 𝒓𝒂𝒏𝒔𝒎𝒊𝒔𝒔 𝒊𝒐𝒏 phase: In this phase, data are transmitted from the collection phase to users, applications, or APIs. Data 365
314 366
transfer technologies such as Ethernet, Wi-Fi, Bluetooth are used to transfer data. Most of the attacks happen in this
315 367
phase.
316 368
317 𝑷 𝒓 𝒐𝒄𝒆𝒔𝒔 𝒊𝒏𝒈 phase: In this state, data are analyzed to learn about the environment. Sometimes IoT device has to take 369
318 action based on analyzed data. This phase is a middle man between a physical object and a user application. 370
319 371
It is essential to understand those phases in order to learn about fully understand IoT attacks.
320 372
There are multiple types of IoT devices that use a different kind of architecture. Commonly used are 3 layers, 4 layer
321 373
322 and 5 layer architectures. In this section, we will discuss about 3 layers [19]; perception, transportation, and network 374
323 layer,as shown on figure: 1 as those layers are highly targeted for attacks. 375
324 376
325 377
326 378
327 379
328 380
329 381
330 382
331 383
332 384
333 385
334 386
335 387
336 388
337 389
338 390
339 391
340 392
341 393
342 394
Fig. 1. Attack against IoT Layers
343 395
344 396
345 397
346 398
347 399
348 3.1.1 Percption Layer: This Layers has physical sensors and actuators of an IoT device that are used to sense the 400
349 environment and collect information. The widespread attacks at this stage are jamming and tempering data. In jamming 401
350 attacks, communication are blocked by using high-frequency signals. For example: an attacker can disconnect a security 402
351 403
camera from its network using Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack. However, recently
352 404
353 attackers use advance attacks to avoid various protective measures like Intrusion Detection System (IDS) / Intrusion 405
354 Prevention System (IPS). To prevent those attacks, a monitoring system is proposed by Liu et al. to recognize interference 406
355 and a real transmission where the amount of energy consumed is verified each time to ensure it is not an attack [14]. 407
356 408
This system can identify interference; however, it fails to detect or prevent other attacks. To deal with those issues,
357 409
358 an advanced Deep Learning (DL) model is developed by researchers Erpek, Tugba, Yalin E. Sagduyu, and Yi Shi [8] to 410
359 launch and prevent jamming attacks. In their work, they presented a way to solve the issue. The classifier will analyze 411
360 the spectrum and predict successful transmission; then, the defense system will generate misleading transmission to 412
361 413
confuse the attack. The research has concluded its performance, and the model’s accuracy was 69%. In both techniques,
362 414
363 it is crucial to ensure that accuracy and performance to detect real-time jamming attacks. 415
364 4 416
 A comprehensive study of various cyber attacks against IoT devices and security measures to preventWoodstock
them ’18, June 03–05, 2018, Woodstock, NY

417 Attack Technique & Implications Defence Mechanism 469

418 470
Radio Signal or
419
Jamming radio/wireless signal using Continuous monitoring the usage across the 471
420 Wireless Signal 472
421
high frequency signals [1]. signal and detect fake radio signal [5]. 473
Jamming Attack
422 474
423 475
424 Random and pattern analysis-based Deep Learning model to confuse 476
425 477
426
jamming attacks using Deep and corrupt the jammer decisions 478
427 Learning [8]. [8]. 479
428 480
429 481
Table 1. Perception Layer Attacks
430 482
431 483
432 484
433 485
434 486
435 487
436 488
437 489
438 490
439 491
440 3.1.2 Transport Layer: This layer ensures end to end communication and provides necessary features to ensure 492
441 reliability, congestion avoidance, and ensures that delivered data packets are in the correct order. For improving IoT 493
442 transport performance, User Datagram Protocol (UDP ) is often used. An attack on this layer may cause someone to 494
443 495
lose his/her life. For example: if an attacker de-synchronize health monitoring device data, a patient may lose his/her
444 496
445 life. In this phase, attacks are based on two types flooding and de-synchronization attacks. 497
446 Flooding: In flooding, the resource of IoT devices is drained by making repetitive fake network request. Another way 498
447 to flood is by finding buffer overflow; buffer overflow helps the attacker to crash process to modify its main element. If 499
448 500
buffer overflow is adequately used, then the attacker can control the host device. A rate-limiting model proves effective
449 501
450 to identify UDP Flood attacks [12]. However, TCP flood still cause problem because earlier flooding attacks detection 502
451 were developed by using Software Defined Networking (SDN). 503
452 De-synchronization: This attack disrupt between IoT nodes, for example: communication between IoT devices and 504
453 505
user applications. This attack drains device performance and can alter data if the data is not encrypted properly.
454 506
455 Remote Control Attack: In this attack, the attacker tries to take full control of the host. Attacker flood the network 507
456 using botnets or Man-in-the-Middle (MITM) [4]. Sometimes an attacker tries to cripple IoT devices by launching a DoS 508
457 attack. Researchers have found a way to tackle RCA attack by combining Transport Layer Security (TLS) and Datagram 509
458 510
Transport Layer Security (DTLS) and created a Constrained Application Protocol (CoAP) based LLNs [6]. Nowadays,
459 511
460 another emerging protocol is MQ Telemetry Transport, which uses less power to operate. 512
461 Man in the Middle (MITM) Attack: Unencrypted network or device is prone to this attack. By launching this kind of 513
462 attack, an attacker can manipulate data, delete information, hijack authentication key such as user id and password, 514
463 515
personal details, etc. So, it is crucial to secure from this attack. An easy way to prevent data loss from this kind of attack
464 516
465 is to encrypt every data packet [4] . Another effective way to prevent this attack is to use an IDS based on ML [3], 517
466 which will perform better against this kind of attack. 518
467 519
468 5 520
 Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.

521 Attack Technique & Implications Defence Mechanism 573

522 574
523 A repetitively network request to jam 575
524 Flooding Attack/ signal and drains memory. Rate-limiting method in Contiki 576
525 577
526
TCP/ UDP/ May lead to DDoS attack or OS [12]. 578
527 jamming attack [1] . 579
528 580
Remote Control TLS & DTLS security framework for
529
Using botnet to perform MITM [4] 581
530 Attack CoAP based LLNs [6] . 582
531 583
532
Attacker manipulate or 584
Man In The
533 delete information. It can lead 585
534 Middle (MITM) ML IDS for attack classification [3]. 586
to DDoS and injection attack
535
Attack 587
536 [4]. 588
537 589
Table 2. Transport layer attacks.
538 590
539 591
540 592
541 3.1.3 Network Layer: In this layer several technologies are used to establish communication connection. Attacker 593
542 594
routes IoT devices data to a unauthorized server. This type of attacks includes spoofing, sinkhole attack, alternating
543 595
544
packets path. Some popular attacks will be discussed below. 596
545 Eavesdropping: During data transmission attacker hijacks unencrypted data packets. Moreover, an attacker can 597
546 monitor wireless channel and can alter its data. A solution has been proposed to tackle this type of attacks. A new way 598
547 599
of Visible Light communication [15] can be use to deal with this problem.
548 600
549
Grey-hole attack: In a multiple hop environment where data is transmitted from one node to another before reaching 601
550 its final destination, an attacker can misguide packets or inject malicious code before forwarding them. Researcher has 602
551 proposed a RPL Tropology based real time IDS to detect data spoofing [7]. 603
552 604
In this section we discussed about the possible attacks that can be used against IoT devices. There are other types of
553 605
554
attacks, however due to technical advancement some of those attacks became obsolete. Based on the study it can be 606
555 said that, in most case encrypting data, setting up access control and real-time monitoring are effective for preventing 607
556 or identifying attacks. 608
557 609
558 610
Attack Technique & Implications Defence Mechanism
559 611
560
An attacker spoof data in transmission VLC method based on channel 612
Eavesdrop
561 stage. correlation and error estimation [15]. 613
562 Modification attacks Grey hole attacks Warm detection in IoT devices using IDS RPL method. [7] 614
563 Table 3. Network layer attacks 615
564 616
565 617
566 618
567 3.2 Robust Security Measurements 619
568 620
It is crucial to ensure that IoT devices are secured and because of the security scalability of those are not hampered. IoT
569 621
570 devices are used in different places. From home to office, in farms or in the industry everywhere, IoT devices are used. 622
571 Different types of IoT devices need different types of customization. The manufacture must take proper to ensure that 623
572 6 624
 A comprehensive study of various cyber attacks against IoT devices and security measures to preventWoodstock
them ’18, June 03–05, 2018, Woodstock, NY

625 proper security measures have been implemented in a way such that scalability are not hampered. In this section, we 677
626 678
will discuss some security practices which is required for better security.
627 679
628 680
3.2.1 Authentication Method: It is common to use an application to access IoT device data. For example, a user uses an
629 681
application to see security camera footage. To ensure that proper user is viewing the data, authentication is a necessary
630 682
631 thing. The most popular authentication method is to use a password. However, most of the time user does not use a 683
632 strong password [18]. Most of the time, they use the same password for different services. Often attackers get access to 684
633 685
user passwords by tricking them using social engineering. So, to tackle those issues, it is recommended to use two-factor
634 686
authentication. In a two-factor authentication scenario, even attacker has the user password they won’t be able to get
635 687
636 access to the data. Two alternative authentication methods are discussed below. 688
637 689
• MFA: MFA stands for Multi-factor Authentication as the name suggests it involves 2-step or 3-step authentication.
638 690
639
Generally, 2-steps verification is enough. However, in a highly secure environment, often, 3-steps verification 691
640 is implemented. This authentication is easy to use, effective, and does not cost much to implement. Basic 692
641 authentication is done by password; then, second verification is done by a one-time password. OTP is sent to 693
642 694
the user email or phone number depending on the situation [18]. In this way, even if the attackers know the
643 695
644
password, they will not be able to get access. 696
645 • Biometric Authentication: As of now, most of the smartphones have a biometric sensor built-in for authentication. 697
646 Many services are adopting the concept of a password-less sign by using biometric verification. This concept is 698
647 699
getting popular day by day as it is much convenient for users because users do not need to memorize complex
648 700
649
passwords or have the risk of using weak passwords for different services. Biometric authentication requires 701
650 bio-features of users like a fingerprint, iris recognition, or face recognition [2]. However, current technology 702
651 has some issues for biometric authentication. Sometimes a biometric sensor can be tempered by using fake 703
652 704
data. But in the future, when those problems are solved, biometric sensors will be a popular alternative for
653 705
654
a password-based login system. Both this system makes sure that only valid user has access to data. For the 706
655 highly secure environment where security is a top priority, the 3-steps solution can be used by combining 707
656 password-based authentication with those two authentication systems. 708
657 709
658 3.2.2 SDN:. Software Defined Networking is growing in popularity in various enterprise areas like smart home, 710
659 711
business, e-healthcare system, etc. In a computer network, the main components are switches and routers. A router/
660 712
switch have two function control plane and data plane. The Control plane decides where to send the data, and the
661 713
662 data plane takes the data to a specific destination. Typically, control and data planed are coupled in networking. 714
663 However, in the SDN system, the control and data plane are separated from each other. For controlling each function, a 715
664 716
software-based solution is used called controller. Controller can remotely control the control plane. The Data plane is
665 717
executed in hardware, and controls plane is controlled by software. By SDN, it is possible to monitor traffic and detect
666 718
667 cyber attacks. It is also capable of isolating the affected node [10]. 719
668 720
669 3.2.3 IDS:. Intrusion detection systems is a method of detecting malicious network activity to detect if a network is 721
670 attacked or not. It also helps to identify valid users and prevent unauthorized access. As demand for IoT devices is 722
671 increasing IDS system has become part and parcel for ensuring security. According to uses, IDS can be categorized in 3 723
672 724
ways, network-based, host-based, and application-based [16]. Now it is common practice to use IDS to detect a cyber
673 725
674 attack. However, for ensuring security, an IDS must have to be efficient and quick to detect and report an attack. Also, 726
675 it must make less false alerts. However, if an IDS detect attacks correctly, but it takes longer time to report, then this 727
676 7 728
 Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.

729 will not be useful. So it is essential to use an algorithm to detect anomalies quickly with less false reports. To solve this 781
730 782
issue, researchers are trying to implement AI approaches [9]. In each layer, we tried to introduce a security measure to
731 783
ensure IoT devices are protected against cyber attacks. The security measure we discussed is selected accordingly to
732 784
733 suit the requirements of each layer. 785
734 786
735 • Authentication: We showed methods to secure devices from unauthorized users. 787
736 788
• IDS: For transport and network layer, we suggest using IDS monitoring to detect attacks and report them.
737 789
738
• SDN: Nowadays, SDN provides better security than other networking practices. SDN is secure, easy to control, 790
739 and much more efficient. 791
740 792
741 793
742 3.3 User Side Situation Monitoring 794
743 795
A user uses different types of clients to access data from IoT devices. Nowadays, it is popular to use a mobile phone
744 796
application to monitor IoT devices. The communication between an IoT device goes through a different network
745 797
746 protocol. In the previous section, we discussed how to secure those layers. In this section, we will discuss application 798
747 side security management. 799
748 800
Encryption: It is necessary to ensure that all the data is coming or going to the IoT device are adequately encrypted.
749 801
Without proper encryption, an attacker can easily see what data is passing between the user and the IoT device. For
750 802
751 added security manufacturer must implement IEEE802.15.4 specification and AES-128 encryption system. Various 803
752 solutions have been proposed to tackle data encryption. 804
753 805
User Authentication: It is essential to ensure that valid users accesses data. For this reason, authentication is a must.
754 806
Nowadays, every smartphone is equipped with a biometric authentication system. With that authentication system,
755 807
756 users can be authenticated. Moreover, we can use a key distribution system [11] . In that scenario, users will be verified 808
757 and given a session key. With that session key and user credentials, users will be able to communicate with IoT devices. 809
758 810
759 811
760 4 FUTURE RESEARCH DIRECTIONS 812
761 813
4.1 Preventing Attacks on IoT Layers
762 814
763 Due to increasing popularity, the number of IoT device is proliferating. For this reason, it is getting harder to maintain 815
764 816
security because there is no standard architecture for IoT devices. So, to solve this issue, a standard architecture can
765 817
be created. This architecture will have machine level behaviour analysis and real-time monitoring system so that if a
766 818
767 device is affected by any attack user will be notified immediately. Also, to improve security, an ML model can be created 819
768 to monitor performance, if any device is sending or receiving unusual data, then the system will check for anomalies to 820
769 821
detect and prevent an attack.
770 822
771 823
772 4.2 IoT security as a service 824
773 825
774
In future IoT devices, security can be maintained by the third party. Vendors will offer security monitors to prevent 826
775 unwanted attacks. Most of the time, users lack the expertise to secure their devices. So third party will ensure the proper 827
776 setup, or we can use the SDN solution for remote monitoring. Moreover, we can create a machine learning model to 828
777 829
ensure our devices are safe. Using machine learning, we can understand the pattern of attacks and take measurements
778 830
779
to prevent them. 831
780 8 832
 A comprehensive study of various cyber attacks against IoT devices and security measures to preventWoodstock
them ’18, June 03–05, 2018, Woodstock, NY

833 4.3 Improving User Side Monitoring 885

834 886
835
For further improving users side authentication AI approach can be taken. AI model can be created for analyzing user 887
836 behavior. With that pattern system can detect whether the user is real or someone is trying to hack the system. 888
837 889
838 5 VALIDITY THREAT 890
839 891
840
6 CONCLUSION 892
841 Throughout history of humankind, we always thrive on making our life more easy and comfortable. From creating the 893
842 894
first sparks of fire to using IoT devices, our goal remains the same. IoT devices collect lots of personal information. So,
843 895
844
it is essential to provide the best security. If companies do not pay attention to the security aspect of those devices, 896
845 customers will lose interest in IoT devices sooner or later. As the market growing rapidly, it is time to standardize some 897
846 protocols to reduce the complexity of securing an IoT device. With common security measure, both developers and 898
847 899
customers will be assured that they are getting the best security. Thus, this research focuses on addressing this problem
848 900
849
and show measures to tackle security issues. 901
850 902
851 REFERENCES 903
852 [1] Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker Targio Hashem, and Faiz Alotaibi. 2017. Internet of Things security: A survey. Journal of 904
853 Network and Computer Applications 88 (2017). https://doi.org/10.1016/j.jnca.2017.04.002 905
854 [2] Ruhul Amin, Neeraj Kumar, G.P. Biswas, R. Iqbal, and Victor Chang. 2018. A Light Weight Authentication Protocol for IoT-Enabled Devices in 906
855 Distributed Cloud Computing Environment. Future Gener. Comput. Syst. 78, P3 (Jan. 2018), 1005–1019. https://doi.org/10.1016/j.future.2016.12.028 907
856 [3] E. Anthi, L. Williams, M. Słowińska, G. Theodorakopoulos, and P. Burnap. 2019. A Supervised Intrusion Detection System for Smart Home IoT 908
857
Devices. IEEE Internet of Things Journal 6, 5 (Oct 2019). https://doi.org/10.1109/JIOT.2019.2926365 909
[4] O. Arias, J. Wurm, K. Hoang, and Y. Jin. 2015. Privacy and Security in Internet of Things and Wearable Devices. IEEE Transactions on Multi-Scale
858 910
Computing Systems 1, 2 (April 2015), 2–3. https://doi.org/10.1109/TMSCS.2015.2498605
859 911
[5] Qazi Mamoon Ashraf and Mohamed Hadi Habaebi. 2015. Autonomic schemes for threat mitigation in Internet of Things. Journal of Network and
860 912
Computer Applications 49 (2015), 112 – 127. https://doi.org/10.1016/j.jnca.2014.11.011
861 [6] M. Brachmann, S. L. Keoh, O. G. Morchon, and S. S. Kumar. 2012. End-to-End Transport Security in the IP-Based Internet of Things. In 2012 21st 913
862 International Conference on Computer Communications and Networks (ICCCN). 1–5. https://doi.org/10.1109/ICCCN.2012.6289292 914
863 [7] Snehal Deshmukh-Bhosale and Santosh S. Sonavane. 2019. A Real-Time Intrusion Detection System for Wormhole Attack in the RPL based 915
864 Internet of Things. Procedia Manufacturing 32 (2019), 840 – 847. https://doi.org/10.1016/j.promfg.2019.02.292 12th International Conference 916
865 Interdisciplinarity in Engineering, INTER-ENG 2018, 4–5 October 2018, Tirgu Mures, Romania. 917
866 [8] T. Erpek, Y. E. Sagduyu, and Y. Shi. 2019. Deep Learning for Launching and Mitigating Wireless Jamming Attacks. IEEE Transactions on Cognitive 918
867
Communications and Networking (2019). https://doi.org/10.1109/TCCN.2018.2884910 919
[9] Z. M. Fadlullah, F. Tang, B. Mao, N. Kato, O. Akashi, T. Inoue, and K. Mizutani. 2017. State-of-the-Art Deep Learning: Evolving Machine Intelligence
868 920
Toward Tomorrow’s Intelligent Network Traffic Control Systems. IEEE Communications Surveys Tutorials 19, 4 (2017), 2432–2455.
869 921
[10] K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris. 2014. Combining OpenFlow and sFlow for an effective and scalable
870 922
anomaly detection and mitigation mechanism on SDN environments. Computer Networks 62 (2014), 122 – 136. https://doi.org/10.1016/j.bjp.2013.10.014
871 [11] Sue-Chen Hsueh and Jian-Ting Li. 2017. Secure Transmission Protocol for the IoT. In Proceedings of the 3rd International Conference on Industrial and 923
872 Business Engineering (ICIBE 2017). Association for Computing Machinery, New York, NY, USA, 73–76. https://doi.org/10.1145/3133811.3133824 924
873 [12] Kamaldeep, M. Malik, and M. Dutta. 2017. Contiki-based mitigation of UDP flooding attacks in the Internet of things. In 2017 International Conference 925
874 on Computing, Communication and Automation (ICCCA). 1296–1300. https://doi.org/10.1109/CCAA.2017.8229997 926
875 [13] Barbara Kitchenham, Rialette Pretorius, David Budgen, O Pearl Brereton, Mark Turner, Mahmood Niazi, and Stephen Linkman. 2010. Systematic 927
876 literature reviews in software engineering–a tertiary study. Information and software technology 52, 8 (2010), 792–805. 928
877
[14] Wei Liu, Stratos Keranidis, Michael Mehari, Jono Vanhie-Van Gerwen, Stefan Bouckaert, Opher Yaron, and Ingrid Moerman. 2013. Various Detection 929
Techniques and Platforms for Monitoring Interference Condition in a Wireless Testbed. In Measurement Methodology and Tools, Lluís Fàbrega, Pere
878 930
Vilà, Davide Careglio, and Dimitri Papadimitriou (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg.
879 931
[15] X. Liu, X. Wei, L. Guo, and Y. Liu. 2019. SecLight: A New and Practical VLC Eavesdropping-Resilient Framework for IoT Devices. IEEE Access 7
880 932
(2019), 19109–19124. https://doi.org/10.1109/ACCESS.2019.2897565
881 [16] Benjamin Morin, Ludovic Mé, Hervé Debar, and Mireille Ducassé. 2002. M2D2: A Formal Data Model for IDS Alert Correlation. In Recent Advances 933
882 in Intrusion Detection, Andreas Wespi, Giovanni Vigna, and Luca Deri (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 115–137. 934
883 [17] Chitu Okoli and Kira Schabram. 2010. A guide to conducting a systematic literature review of information systems research. (2010). 935
884 9 936
 Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.

937 [18] A. Ometov, V. Petrov, S. Bezzateev, S. Andreev, Y. Koucheryavy, and M. Gerla. 2019. Challenges of Multi-Factor Authentication for Securing 989
938 Advanced IoT Applications. IEEE Network 33, 2 (2019), 82–88. 990
939 [19] L. Santos, C. Rabadao, and R. Gonçalves. 2018. Intrusion detection systems in Internet of Things: A literature review. In 2018 13th Iberian Conference 991
940 on Information Systems and Technologies (CISTI). 1–7. https://doi.org/10.23919/CISTI.2018.8399291 992
941 993
942 A CONTRIBUTION RECORD 994
943 995
944
Details of each group member’s contribution are populated to the following tables. 996
945 997
946 A.1 Paper Assessment 998
947 999
948 1000
Student id & name Paper No frm Ref Paper Title
949 1001
950
16-33038-3 Niloy,Fardin 1, 3, 4, 5, 6, 7, 8, 12, 14, 15, 19 1002
951
Ahmed 1003
952
16-33040-3 MD. Nozib 2, 9, 10, 18, 16 1004
953
UD Dowla 1005
954
16-33037-3 Syed Fazlul 11, 13, 17 1006
955
Karim 1007
956 Table 4. Paper collected and read by the group member 1008
957 1009
958 1010
959 1011
960 1012
A.2 Paper writing contribution
961 1013
962 1014
963 Student id & name Section No Section Title 1015
964 16-33038-3 Niloy,Fardin 1, 3.1, 3.1.1, 3.1.2, 3.1.3, 4.1, 6 1016
965 Ahmed 1017
966 16-33040-3 MD. Nozib 3.2 ,3.2.1, 3.2.2, 3.2.3, 4.2, 5 1018
967 UD Dowla 1019
968 16-33037-3 Syed Fazlul 2, 2.1, 2.2, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 3.3, 1020
969 Karim 4.3 1021
970 1022
Table 5. Section(s) Written in the paper by the group member
971 1023
972 1024
973 1025
974 1026
975 1027
976 1028
977 1029
978 1030
979 1031
980 1032
981 1033
982 1034
983 1035
984 1036
985 1037
986 1038
987 1039
988 10 1040