Future IoT-enabled Threats and Vulnerabilities State of The Art, Challenges, and Future Prospects

See discussions, stats, and author profiles for this publication at: https://www.researchgate.
net/publication/341114294
Future IoT-Enabled Threats and Vulnerabilities: State of the Art, Challenges

and Future Prospects
Article in International Journal of Communication Systems · May 2020

DOI: 10.1002/dac.4443
CITATIONS READS
30 1,810
5 authors, including:
Shashank Gupta Megha Quamara

Birla Institute of Technology and Science Pilani King's College London
76 PUBLICATIONS 1,857 CITATIONS 36 PUBLICATIONS 472 CITATIONS
SEE PROFILE SEE PROFILE
Pooja Chaudhary Vidyadhar Aski

National Institute of Technology, Kurukshetra Manipal University Jaipur
37 PUBLICATIONS 402 CITATIONS 16 PUBLICATIONS 81 CITATIONS
SEE PROFILE SEE PROFILE
All content following this page was uploaded by Shashank Gupta on 16 June 2020.
The user has requested enhancement of the downloaded file.

Received: 1 September 2019 Revised: 28 March 2020 Accepted: 11 April 2020
DOI: 10.1002/dac.4443
RESEARCH ARTICLE
Future IoT-enabled threats and vulnerabilities: State of the

art, challenges, and future prospects
Astha Srivastava1 | Shashank Gupta1 | Megha Quamara2 |

Pooja Chaudhary2 | Vidyadhar Jinnappa Aski1
1
Department of Computer Science and
Information Systems, Birla Institute of
Summary
Technology and Science, Pilani, In the recent era, the security issues affecting the future Internet-of-Things
Rajasthan, India (IoT) standards has fascinated noteworthy consideration from numerous
2
Department of Computer Engineering,
research communities. In this view, numerous assessments in the form of sur-
National Institute of Technology,
Kurukshetra, Haryana, India veys were proposed highlighting several future IoT-centric subjects together
with threat modeling, intrusion detection systems (IDS), and various emergent
Correspondence
technologies. In contrast, in this article, we have focused exclusively on the
Shashank Gupta, Department of
Computer Science and Information emerging IoT-related vulnerabilities. This article is a multi-fold survey that
Systems, Birla Institute of Technology and emphasizes on understanding the crucial causes of novel vulnerabilities in IoT
Science, Pilani, Pilani, Rajasthan 333031,
India.
paradigms and issues in existing research. Initially, we have emphasized on
Email: shashank.gupta@pilani.bits-pilani. different layers of IoT architecture and highlight various emerging security
ac.in challenges associated with each layer along with the key issues of different IoT
Funding information systems. Secondly, we discuss the exploitation, detection, and defense method-
Research Initiation Grant ologies of IoT malware-enabled distributed denial of service (DDoS), Sybil, and
collusion attack capabilities. We have also discussed numerous state-of-the-art
strategies for intrusion detection and methods for IDS setup in future IoT sys-
tems. Third, we have presented a brief classification of existing IoT authentica-
tion protocols and a comparative analysis of such protocols based on different
IoT-enabled cyber attacks. For conducting a real-time future IoT research, we
have presented some emerging blockchain solutions. We have also discussed a
comparative examination of some of the recently developed simulation tools
and IoT test beds that are characterized based on different layers of IoT infra-
structure. We have also outlined some of the open issues and future research
directions and also facilitate the readers with broad classification of existing
surveys in this domain that addresses several scopes related to the IoT para-
digm. This survey article focuses in enabling IoT-related research activities by
comparing and merging scattered surveys in this domain.
KEYWORDS
authentication, future Internet of Things (IoT), intrusion detection system (IDS), malware, radio
frequency identification (RFID), simulators, test beds, wireless sensor networks (WSNs)
Int J Commun Syst. 2020;e4443. wileyonlinelibrary.com/journal/dac © 2020 John Wiley & Sons, Ltd. 1 of 40
https://doi.org/10.1002/dac.4443
2 of 40 SRIVASTAVA ET AL.
1 | INTRODUCTION
The technological buzz in the industry of computing is emerging out of desktop territory. It is not concealed how
steadily technology has accelerated in the last decade.1 Continuous evolvement and adaptation of technology is capable
of connecting various devices through the Internet. In today's generation, various devices possess the capability of con-
nection to the World Wide Web (WWW) to support newer applications.2 Moreover, reduction in underlying cost allows
everyone to sense and obtain access to data. To acquire information instantly, there is a need to obtain Internet services
anytime, anywhere. Therefore, new computing paradigms including big data, cloud computing, blockchain, and Inter-
net of Things (IoT) coined up that enable remote storage and access of information.3
IoT realizes the vision of ubiquitous connectivity and has emerged swiftly in a short span of time. It can be described
as interconnected entities or things on the Internet.4 These entities may vary from humans to appliances that can be
identified over the Internet. All these entities share some common features including Internet connectivity and infor-
mation sharing. Objects across the network can be remotely monitored, bringing them closer to the web with minimal
human intervention.5 IoT has a significant role in the transformation of these objects from traditional to smart devices
by using advanced technologies, such as pervasive computing, data science, telecommunication, cloud computing, and
fog computing. For instance, home appliances, such as washing machines, air conditioners, and refrigerators, help in
power management. This allows customers to be involved in the revolution in the same way as Internet has emerged
and revolutionized.6 Home monitoring system can be used in healthcare, which helps medical professionals to monitor
patients remotely in their homes and decreases hospital charges. To check the number of appliances in running status
in a building, environmental monitoring can be performed.7 IoT transportation would help in providing online tracking
of traffic from source to destination and thus, reducing time. Smart grid and smart metering applications are in use
across the globe with continuous tracking or metering of use of electricity to determine how to reduce the usage rate. In
the same way, water metering is also an application of IoT that checks the quality of drinking water. Many test beds
have already been implemented, and work is still in progress, the results of which will help in proper realization of
smart cities. The outcomes of our exhaustive state-of-art highlights consequent findings by tracing more than hundred
IoT-specific state-of-art ranging from year 2006 to 2019. Figure 1 highlights the overall distribution of our literature
survey.
However, integration of different technologies induces vulnerability issues that can be typically found in mobile
telecommunications, sensor networks, and Internet-based communications. These issues are related to privacy, authen-
tication and access control in different networks, and secure routing among smart appliances. IoT devices seek atten-
tion of various attacks due to their capability of generating, processing, and exchanging information across the
network. IoT systems broadcast data that make it prone to numerous issues including eavesdropping, link loss, and
mobility.8 In IoT systems, numerous computing resources are used with every device having its own battery, power
source, and memory. This gives attackers a chance to disturb communication in IoT systems. During data broadcast,
attackers may send spurious packets and may discard the genuine ones. They can also imitate authorized user's iden-
tity. Thus, there is an urgent need to protect IoT systems from these attacks. To guarantee proper and secure services, it
is essential to ensure integrity of the devices; that is, source code and data should remain unaltered from various
unreliable changes.9 This imposes a vital responsibility to design and implement IoT systems that will deliver security
features, numerous functions, and real-time services with least expenses. In addition, there is a need to maintain uni-
form ways to transfer packets between source and destination in different network topologies. The first step itself is to
F I G U R E 1 Distribution of examined
IoT-specific state-of-art year by year
SRIVASTAVA ET AL. 3 of 40
ensure secure routing between various IoT appliances in heterogeneous networks, which is very challenging and
requires major research efforts.10
According to latest reports and research contributions, IT threats in 2013–2015 were associated with botnet,
denial of service (DoS), spam, and web and android malware in finance domain.11 Hence, there is an urgent
requirement to identify all the loopholes in existing IoT systems and the preventive measures for better utilization
of the technology. In this respect, the focus of this article is to explore all the attacks that are prevalent in IoT
networks and their associated countermeasures.12 We begin with an overview of the architectural aspects of IoT
and the security challenges across its underlying layers. Further, we discuss the detection and defensive
mechanisms against security attacks associated with IoT-enabled malware. Khan and Salah13 provided an exhaus-
tive survey as well as a detailed survey of SDN-based DDoS vulnerability recognition and alleviation methodolo-
gies, and we have classified them w.r.t. the sensing mechanisms. In addition, Salah developed an SDN-based
preemptive DDoS defensive methodology and showed how this methodology could be used for securing applica-
tions designed for smart city infrastructure. Bawany et al.14 also proposed a universal cloud-based secure edge
infrastructure network that could be utilized as an apparent edge n/w for providing the services like antivirus,
DDoS attack alleviation. He also examined all of these in-cloud secure service w.r.t. resilience, efficiency, flexibil-
ity, cost, and so forth. Subsequently, we discuss the intrusion detection approaches with respect to IoT systems.
We then switch our focus on authentication mechanisms, simulation tools, and test beds. Furthermore, we outline
some of the open issues and future directions for research in the domain. Figure 2 highlights the organization of
this article.
1.1 | Key highlights and contributions
Following are the key highlights and contributions of this article:
• Detailed discussion on the IoT architecture comprising different layers and security challenges pertaining to these
layers.
• Discussion on hands-on experience associated with the exploitation, identification, and mitigation of IoT-driven
cyber attacks, and recent state-of-art for detection of intrusion in IoT frameworks and the techniques to create the
infrastructural setup for different intrusion detection systems (IDSs).
• A concise classification of IoT authentication protocols and an explicit comparison-based analysis among these proto-
cols corresponding to different emerging IoT-enabled cyber attacks.
• Discussion on emerging blockchain solutions and existing IoT simulators as well as IoT test beds along with their
existing challenges that are significant for the researchers working in IoT domain as future research directions for
conducting comprehensive, dynamic and efficient IoT simulations, as well as prototype assessments.
• A comparison-based analysis of existing surveys with our finding along with the taxonomy of open challenges and
future directions for research in the domain.
FIGURE 2 Organization of the

survey
2 | INTER-CONNECTIVITY A ND LOT-ENABLED CYBER ATTACKS
The notion behind IoT infrastructure requires identification of framework to control and manage all the processes that
are being executed by numerous IoT elements. This framework can be visualized as a set of protocols that are responsi-
ble for managing the way of exchange of information and processing data between different hosts (e.g., end users and
cloud). It harnesses the capabilities of cloud for storing data into the database, and its security module is used to provide
confidentiality, support for privacy, and so forth. The users can access IoT services through various IoT devices like
smart phones and laptops, either through gateway or through backend cloud. Many approaches exist in the literature
to develop IoT framework depending upon the requirements of the target business. Figure 3 shows the forecasts related
to the inter-connection of 50 billion emerging IoT devices sharing the network by the year 2020.2 It has been observed
that until today, security is the biggest issue in IoT networks. A sense of insecurity may develop among users if there is
any unauthorized access to their data through the Internet. The focus is to protect all the inter-connected devices in the
network from numerous such attacks. Moreover, the framework must hide complications of underlying protocols and
must support high-level implementation of IoT appliances. Different vendors follow different methodologies to build
their own frameworks. The next sub-section highlights the details related to IoT-related threats and security challenges.
2.1 | IoT security
Rapidly growing IoT is offering millions of opportunities; however, it is still under development and has many privacy
and security related issues. Every day, more and more IoT devices are being added to the existing networks, laying extra
load on the network that is far beyond what has been observed in the past.15 IoT networks are soft target of any loop-
hole in information security and, hence, require protection against corresponding attacks. To ensure proper security of
IoT networks, following properties must be ensured:
• Confidentiality: The most crucial aspect of security is to prevent information leakage to wrong hands, which is
ensured by confidentiality. In improvised networks, confidentiality prevents faulty nodes from gaining access to cru-
cial information from verified nodes during data transmission. It prohibits nodes to gain insights of important con-
tent during the exchange of information. The most important aspect to guard confidentiality of information is
cryptographic measures that are crucial to provide defensive measures in network communication.16
• Integrity: Integrity guarantees that information from senders has not been altered during transmission, by any
means, like forced tampering or collision by malicious nodes. It ensures that the received information is exactly simi-
lar to the one before sending. In many situations, packets experience collision resulting from propagation of radio
wave. Nevertheless, faulty nodes are still capable of modifying packets and damage the network. In IoT models,
integrity of information must be ensured in the designs of IoT devices in order to send, share, and collect information
as per the given standards of communication.
• Availability: Survival of services at all layers in the network in the presence of vulnerabilities is the measure of avail-
ability in IoT. Because of global wide spread use of IoT, availability will always be there in list of key security
requirements.
FIGURE 3 Estimation of connected IoT devices until 20202

• Authenticity: A method of ensuring correct identity of devices in the IoT network is authenticity. This is required for
safety of network from numerous imitating nodes that can easily access the network's important information and dis-
turb the whole model. As many devices interact in diverse ways, it is very crucial to provide device information to
stop unauthorized access to the IoT system.
• Non-repudiation: In non-repudiation, sender node takes the responsibility that it has sent the data and the receiver
acknowledges the receipt of the same. No one is privileged to step back for not sending or receiving the information.
This standard is very important for separating, detecting, and preventing malicious nodes from sending incorrect
information.
2.2 | IoT security architecture layers
The biggest issue in IoT today is to ensure protection of user's privacy. It is difficult to have a trustworthy connection
among nodes in IoT because of their heterogeneity and dynamic behavior. The key technologies in IoT include sensors,
nano-technology, radio frequency identification (RFID), and embedded systems. Much emphasis should be given on
the development of secure supporting technologies. To understand the importance of different underlying technologies
at different levels, IoT architectural aspects should be considered first.15 Figure 4 shows IoT architecture categorized
into three layers with each layer having its own technology-wise security aspects.
1 Sensing layer: IoT systems focus on gathering and processing the data from different domains. Multiple cyber attacks
of wireless sensor network (WSN) exist in IoT environment because once an unsecured and corrupted sensor node
joins the network, it affects network's confidentiality, integrity, and availability. Security of sensing technology
depends on the RFID security and security of WSNs. Common security threats at sensing layer are node capture,
replay attack, timing attack, and eavesdropping.
2 Transport layer: This layer combines various entities that are not developed for connection purposes. The primary
goal of IoT is to establish an environment for connecting these entities so that they can interact with each other in a
given network.
Middleware is the component of the model that lets connection between large and various entities by offering layer
of connectivity for sensors and the application layer, to offer services that ensure efficient interaction with the model.
As vulnerable IoT devices can serve as an entry point to many cyber attacks by letting malicious entities inside the
network, re-programming of the device cannot be ignored that malfunction the IoT security. If the communication
signals are disturbed, it creates a large impact on the information. The attacker software, which is malicious, will be
able to modify the information in the interaction process and, hence, will affect the data integrity of the system.
F I G U R E 4 Layers of IoT
security architecture
Transportation layer security includes the security at core network, access network, and local area network. More-
over, we can consider various technologies like 3G access network security, wireless security as part of sublayers.
3 Application layer: Among all issues in application layer, security is the most prominent one. Security of IoT devices
depends on applications that are diverse in nature. There may be different services for each application because ser-
vices are dependent upon information gathered from sensors. For implementing secure IoT-based home system, for
example, the devices inside smart home lack strength of computation and have lesser storage.
Table 1 expounds various IoT security architectures introduced by researchers in the field in the recent past. The idea is
to reflect the details associated with the target domain, key aspects under consideration, and verification and validation
details. Similarly, based on IoT architecture, Table 2 outlines the work done in the field of IoT security.
2.3 | Security issues in IoT
One of the recurring concerns is the exposure of the technological ecosystem of IoT to different security issues. Table 3
highlights these issues associated with different layers of IoT architecture. Heterogeneous nature of IoT networks makes
them susceptible to various threats in IoT systems. The susceptibility in intermission channels and IoT hosts with
highly mobile network topologies make assurance of security in IoT a cumbersome task. Many issues, such as wireless
broadcast of information and introducing incorrect information in the network, greatly disturb integrity. Moreover,
resource-constrained nature of sensors and centralized approach of Certification Authorities (CA) of servers make
secure routing difficult among IoT nodes. Lin et al.16 stated that on an average, 25 security issues are present in a single
IoT device that demands for better security measures.
Figure 5 highlights vulnerabilities that are specific to the internal system, interfaces, and common to both. The
internal system could be vulnerable to ransomware, phishing attacks, and so forth, whereas the underlying interfaces
are vulnerable to cross-site scripting (XSS) attacks, malicious remote access attacks, and so forth. On the other hand,
the vulnerabilities common to both the interfaces and internal systems are malicious access to user credentials, creation
of malicious user accounts, and so forth. Following are some of the issues associated with IoT devices:
• Privacy issues: Multiple IoT objects collect user's personal information, such as address and insurance policy details
from the users. To state an example, consider healthcare domain in which IoT devices gather and transfer personal
information including names, date of birth, and health status. It becomes a point of concern when these are deployed
in cloud with the help of mobile or laptop applications that connect with these devices. Exchange of sensitive data
TABLE 1 IoT security architectures and key aspects
Key Target
contributions Year domain Key aspects under consideration Verification/validation
Dedeoglu et 2019 Block Trust between nodes Implementation
al.3 chain
Karmakar et SDN Authentication
al.4
Conti et al.5 Security, communication reliability
6
Alenezi et al. Cloud, Cost saving
SDN
and
NFV
Bao et al.7 2018 Block Privacy protection, access control, authentication, lightweight
chain feature, regional node fault tolerance, DoS resilience, storage
integrity
Sharma et al.8 2017 SDN and Scalability, Defense effects, accuracy, overhead analysis
block
chain
Tyagi9 2016 - Application-oriented measures -
TABLE 2 Survey on IoT security on the basis of architectural layers
Year
Layer 2019 2018 2017 2016 2015

10 15 16 18 19
Sensing Zhang et al. Hamamreh et al. Li et al. Soni et al. Wang et al. and Huth Trappe21 and
layer Khattak et al.11 and Jameel et al.17 (wireless et al.20 (compressed Mukherjee22
and Zhang et al.12 (taxonomy of techniques security) sensing and frequency (challenges,
(physical or for confidentiality, selection, information sensing and
perception layer cooperative relaying and reconciliation communication
security) jamming) schemes) confidentiality)
Transport Dizdarevic et al.23 Ponnusamy and Yassein et Airehrour et al.27 (secure Granjal et al.28
layer and Mars et al.24 Rajagopalan25 (protocol al.26 routing) (low-power
(communication standards) (MQTT WSN)
protocols, protocol)
information-centric
networking)
Application Johnson and Ketel29 Javdani and Kashanian31 Nastase32 Yassein and Shatnawi34 Karagiannis et
layer and Ang and (service-oriented and and and Dalipi and al.36 and Islam
Seng30 (protocol security approach in Swamy et Yayilgan35 (protocols, et al.37
security, medical applications) al.33 security and privacy in (protocols,
application (protocols, smart grids) Healthcare)
taxonomy) security
threats)
TABLE 3 Layer-wise security issues in IoT architecture
IoT layer Security issues

Sensing layer Intervention, node compromise, node authentication, uniform encoding for RFID, side-channel attacks, device
cloning, substitution attacks, DoS attack, privacy breach, false node injection, malicious code injection, node
jamming, selective forwarding, synchronization attack, Sybil attack, reply attacks, eavesdropping
Transport Network issues, connectivity and compatibility issues, DoS/DDoS attack, privacy breach, eavesdropping, MITM,
layer spoofing, sinkhole attack, routing information attack, impersonation, false routing
Application Buffer overflow, breach of confidentiality of user's data, non-availability of user information, software bugs, data access
layer issues, user authentication issues, phishing, malicious scripts, virus, Worms, Trojan horse, spyware
FIGURE 5 Security issues in IoT

appliances
across IoT networks without proper measures of security is a huge risk, as it can lead to access to information from
malicious nodes.
• Software and firmware vulnerabilities: Lin et al.16 reported that due to absence of reliable cryptographic measures
during up-gradation phase, about 60% of IoT devices are prone to software and firmware vulnerabilities.
• Inadequate authentication/authorization: Lin et al.16 stated that many IoT objects in the market, like webcam and
power remote, do not need authentic passwords for obtaining access. Moreover, password can be recovered very eas-
ily; that is, very fragile password recovery process is employed in these devices. In addition, numerous websites are
also affected because of these IoT devices as they implement poor security mechanisms including pass codes.
The exponentially increasing IoT devices are giving rise to various security related attacks creating hurdle in secure
infrastructure setup for IoT networks. Some of these are discussed as below:
1 Passive or active attacks: Passive attacks on the networks involve system monitoring and sometimes scanning for
open ports and vulnerabilities. On the other hand, active attack aims to perform alteration in system resources or
affects their operations. It may involve data stream modification or creation of false statement, for example, DDoS
attacks.38
2 Intrinsic or extrinsic attacks: Intrinsic attacks are internal to the system; they can be overcome by intrusion detection
in IoT systems. External threats are faulty devices/nodes that try to exploit security of the system by maliciously
entering in the system's firewall region. Extrinsic attacks can be prevented by authentication protocol in IoT
systems.38
3 Related key attacks: In related key attacks, attacker observes the cipher text in different keys with unknown values
initially but can find keys that are related to original keys and attack the network.39
4 Spoofing attacks: In spoofing attacks, messages actually come from the spoofed source, that is, either address of the
source node is forged or node is using other node's address as its own.40
5 Spatial attacks: In spatial attack, target can be disturbed by creating damage in a region.41
6 Intrusive attacks: In intrusive attack, unauthorized work is performed on network by faulty or malicious nodes. To
detect intrusion attacks, IoT system must have the capability to understand how these threats work.42
2.3.1 | Blockchain solutions
Recently, blockchain has acquired tremendous attention from various domains. It has wide spectrum of applications
ranging from finance to social services and has greatly influenced the emerging business world. Since blockchain tech-
nology is getting embedded in the e-commerce services, the cryptocurrencies are gaining huge prevalence. Bitcoin and
ethereum are few such cryptocurrencies, which have utilized decentralized nature of blockchain. Blockchain can be
considered as a distributed database system containing immutable ledgers, which are prone to attack by malicious
users. Although, from the initial digital currency to the present smart contract, the utilities of blockchain have been
harnessed, the innovative technology has to rely on cryptography for its security.13 Table 4 highlights some more issues
in IoT and possible blockchain solutions.
In addition, blockchain has also attracted attention in resolving several authentication-related issues of IoT authen-
tication protocols. Table 5 highlights some the key contributions of blockcahin-based authentication schemes utilized
for IoT frameworks. The techniques have utilized some advanced encryption algorithms that satisfies the requirements
of access control mechanisms and mutual authentication. Also, such techniques can simply obstruct the exploitation of
Sybil attack. In addition, blockchain-based methodologies utilized Lagrange interpolation mechanisms and pre-image
sample-able doorway techniques for alleviating the vulnerabilities of chosen plain text message attack.
2.4 | Malware-enabled cyber attacks in IoT
IoT technology is anticipated to cover innovative engineering in different areas from healthcare to cloud computing. In
order to avoid undesired consequences, security and privacy must be ensured. IoT research can be challenging given its
large coverage.48 Malware-based attacks target the vulnerabilities of unprotected devices, connections, interfaces, and
TABLE 4 Issues in IoT and possible blockchain solutions
Research gap Description Possible blockchain solution

Expenditures overheads Completely infeasible for handling exponential Remove the need of centralized entities: IoT
and capacity development in IoT equipment's by year 2020. It equipment's can interconnect safely, interchange
limitations. has been noted that a network volume in 2020 the values among other IoT devices, and
would be at least 1000 times the level of 2016. accomplish the activities in an automated manner
via smart contracts.
Lacking designing of an All blocks of IoT frameworks acts as a blockage or Secure transaction among IoT equipment: The
enhanced single node of disaster and disconnect the whole legitimacy of the equipment's identity needs to be
architecture. underlying network. Exploitation of remote proved, and digital transactions need to be sign up
hijacking, DDoS vulnerabilities, information and certified using cryptographic primitive units
stealing, etc. also occurs. for ensuring that the message is from a intended
originator.
Fog computing servers Edge computing devices/servers could have Avoid single IoT device failure: Information must be
interruption and undergone in ideal situation (downtime) due to stored on numerous systems and nodes, which
inaccessibility of exploitation of web application vulnerabilities, save several replicas of such information.
services. untraced software viruses, server power-related
issues, etc.
Vulnerable to Data related to IoT sensors can be easily altered and Provide the immutability and distributed access:
manipulation of redirected to malicious users. suspicious activities could be easily sensed and
information. prohibited. IoT devices could be easily linked
assuming updates related to equipment's
blockchain are getting cracked, then the system
discards it.
TABLE 5 Security analysis techniques used by blockchain-based authentication schemes used for the IoT
Year of
State-of-art publication Technique Key contributions
43
Yin et al. 2018 Utilized the contributions of pre-image Technique is intensely unforgeable for preferred
sample-able doorway techniques. message attack.
Lin et al.44 2018 Exploited the game between exploited IoT This methodology is also intensely unforgeable for an
device and the contender for describing the adaptable selected message counterfeiter in the
unforgeability events. conventional framework.
Li et al.45 2018 Utilized the capabilities of Lagrange The technique can simply bye-pass Sybil attack.
interpolation mechanisms.
Lin et al.46 2018 Exploited the game between exploited IoT The linear independent homomorphic signature
device and the contender for describing the technique is found to be safe for selected message
unforgeability events. attacks.
Lin et al.47 2018 Methodology is designed based on the Satisfies the security requirements fine access control
cryptographic algorithms like AES, MAC, mechanisms, mutual authentication, etc.
ABS, etc.
so forth, leading to undesired consequences. In the next sub-sections, we discuss about some of the common malware-
enabled attacks that are common to IoT ecosystem.
2.4.1 | DDoS attack
DDoS attack causes disturbance in the routine transmission of the target server, network, or service by generating huge
network traffic for overpowering the target or its neighboring infrastructure.49–51 DDoS attacks attain efficiency by
using many altered computer systems as hosts of attack. Broken nodes may include computers and other resources of
network, for example, IoT devices. From abstract view, DDoS attack can be visualized as a traffic jam blocking the pas-
sage, preventing regular traffic from coming to appropriate sender.52–54
DDoS attack requires an attacker to obtain online or remote access of the network for executing the attack.55 Mal-
ware targets IoT devices and systems because of which they are turned into bots (zombies). The invader having remote
control of the cluster of bots is called botnet. After establishment of botnet, invader can direct and access the machines
with the help of updated instructions to every bot by remote access. When IP address of injured node is under attack by
bot, every bot will give response by sending request to the target, thereby leading to network overflow resulting in
denial-of-service to the normal traffic. Since every bot is a legal network appliance, separation of attack pattern from
normal pattern can be hard. Intrinsic or inherent nature of Internet that focuses more on functionality rather than
security makes DDoS more powerful.55 Though being efficient, Internet is inherently prone to several security issues
that can be used to commit DDoS attack.56–59
• Limited resources: Every network entity, such as network, hosts, or different services, have limited resources that
may be flooded by more number of users.
• More is better: Synchronized and parallel-distributed attacks can always be more efficient if resources of invaders are
more than the resources of targets.
• Security in Internet is interdependent: Vulnerability to this attack is dependent upon the security of WWW globally.
• Liability is not imposed: Source node address in IP packet is assumed to carry the IP address of the host that has the
packets. Nevertheless, this is a postulation that is not imposed at all, and hence, it gives IP source spoofing attack a
way to penetrate. This attack lets attacker to avoid responsibility of their actions.
• Resources and intelligence are not collocated: Every intelligent system needs to ensure that service is placed in end
nodes. Consequently, invaders may disturb the huge resources of intermediary network for delivering large number
of faulty messages to victims.
• Power is distributed: Network organization and management is shared, and functioning of every network is liable to
administration. Due to which there is no path to implement a global security technique and policy to detect inter-
network behavior because of privacy reasons.
IoT malware with DDoS capabilities

The key method to initiate DDoS attack is to target IoT devices. The choice is very easily elaborated through malware
because of high availability of such devices that are not protected by manufactures or are weakly managed by owners.60
Figure 6 highlights some of the dangerous malwares present in IoT devices.
• Linux.Hydra: It was the very first malware for routers that evolved in the year 2008 as an open source tool. It was
capable of functioning automatically and was managed by Internet Relay Chat (IRC). Its purpose was to attack
routers with brute force techniques for obtaining the access in order to conduct DDoS attacks. To achieve this, a list
of default passwords or exploitation of D-Link authentication bypass was used.60
• Psyb0t: It is very familiar to Linux Hydra that evolved in the year 2009. The malware has many advantages over its
predecessors, as it is able to do ICMP flooding and UDP flooding attacks. Psyb0t focuses on the similar architecture,
F I G U R E 6 Timeline of evolution of
IoT malware with DDoS capabilities
and the two malwares present many identical features. Thus, it is safe to say that Psyb0t is offspring of Linux
Hydra.60
• Progenitor: The phase of exploitation relies upon lexicographic attacks and particular vulnerability. Once the devices
are injected with, it becomes a part of IRC-based network that can only do simple SYN flooding attacks. The malware
credentials tell that this malware also makes invader to perform UDP flooding attacks.60
• Chuck Norris: The rapid growth of Psyb0t botnet attracted the attention of other competitors and developed an inter-
est towards its operation, which led to Chuck Norris in the year 2010. Chuck Norris was from a text discovered in the
reverse engineered headers, and this malware had many similarities with Psyb0t.60
• Adira/Zendran/Light Adira: They came into existence in 2012. These display little variations of the source code and
are so small that they can be grouped in a family. In contrast to the previously mentioned families, the intricacy of
such malware is more, and these are able to take number of different models, such as ARM, PPC, and MIPS, even
though the method of infection depends upon guessing simple authentication. The resultant botnet architecture is
IRC-based and controls simple ACK Flooding and SYN Flooding.60
• Dofloo/Spike/Wrkatk: After the Linux Hydra group, new bunch of malware (e.g., Dofloo and Spike) came into exis-
tence in 2014. One of the fascinating features is the Send_Info, which attempts to get computing power of infected
host and thereby enables CNC server that tunes intensity of DDoS jobs performed by bots.60
• Gafgyt/Torlus/Lizkebab/BASHLITE: In 2014, BASHLITE came into existence, which shares identical features with
Spike malware family. Specifically, the interaction protocol is IRC lightweight version; however, it has been changed
to an extent, which makes resultant botnet highly dependent on IRC server, making botnet as Agent Handler not
IRC-based one.60
• Xor.Dos: In the year 2015, when malware damaged Shellshock vulnerabilities, XOR DDoS began to silently contami-
nate numerous IoT devices everywhere in the world although it does not depend upon above-mentioned
vulnerabilities.60
• LUABOT: It came into existence in the year 2016. It is the first malware developed in LUA platform. Until now, it is
the only payload file to be detected in HTTP Layer 7 flooding attack; however, some other scripts can also run it,
which is not excluded. The most amazing fact is that it consists of V7 JavaScript embedded engine that sidesteps
DDoS security, which is given by few institutions, like Sucuri and cloud fare.
• Linux/New Adira IRC Telnet: Linux IRC Telnet, also called as New Adira, is a spiteful mixture of Kaiten IRC-based
protocol, Adira root code, BASHLITE injection/scanning, and dictionary attack Mirai. All the embedded appliances
based on standard model are prone to various infections. At this time, New Adira is one of the strongest Mirai partic-
ipants in globe of IoT injection movement.
• Mirai: Among all malwares, Mirai is the strongest one. This is used in perpetration of few of the greatest DDoS
attacks known in the history, including abuse of Internet service of France and OVH that is a hosting service pro-
vider. There are 62 entries in dictionary-based attack used by Mirai to pollute and mange IoT devices.
Table 6 outlines research done in the field of DDoS attack detection or mitigation highlighting the key area of opera-
tion, nature of DDoS attack, underlying technique in use, deployment target, and nature of model as centralized or dis-
tributed along with implementation details.
2.4.2 | Sybil attack
Majority of networks, such as peer-to-peer networks, are characterized by the assumption of individuality, where every
node represents an identity.61 Sybil attack happens when an insecure node is hijacked for enforcing many identities.
Issues happen when a status system (e.g., torrent network having file sharing systems) is trapped to believe that invad-
ing computer has disproportionally larger influence. In similar scenarios, invader with various identities may attack
maliciously either by information stealing or by creating disturbance in communication. Some assured methods exist to
secure networks from Sybil attack; however, research work has been mainly conducted to validate and secure comput-
ing environment. One method is to use valid and trusted certification in which only one authority validates every indi-
vidual by certificate. Validated certification uses huge amount of resources and congested traffic on network. In
resource testing investigation, computing power, network bandwidth, and storage space are the measuring criteria to
conclude whether collection is from an individual Sybil attacking series or group of multiple nodes. Using trusted appli-
ances is identical to utilizing trusted certification to defend and prevent against Sybil attack.62
12 of 40
TABLE 6 DDoS detection or mitigation techniques
Key technique Deployment Model Implementation

State-of-art Year Target domain Type of DDoS attack used site (centralized/distributed) platform/dataset used
Procopiou 2019 Smart homes Slow-rate and flooding Forecasting and Gateway Centralized NS-3
et al.48 DDoS attacks at chaos theory
application layer
Zhou et Industrial IoT General Fog computing Servers Distributed SCADA system test bed
al.49
Shafi et al.50 SDN-based IoT Botnet Block chain SDN Distributed Mininet, Stacheldraht
networks controllers
El-Sofany et Mobile systems in Black-listing Mobile Distributed Application level testing
al.51 cloud computing computing
environment application
s
Liu et al.52 2018 Information-centric Bloom-filter IoT nodes Distributed Smart identifier network platform
IoT
Cardoso et IoT devices Complex event Edge servers Distributed Raspberry pi
al.53 processing (CEP),
edge computing
Alharbi et 2017 IoT networks Network function Traffic Distributed -
al.54 virtualization screener
(NFV) and servers
Özçelik et SDN and fog IoT hosts Mininet-Wi-Fi, floodlight, real Mirai
al.55 computing botnet firmware, iperf,
OpenFlow-enabled WAPs
SRIVASTAVA ET AL.
Sybil attack detection in IoT

Following are the various categories of Sybil attacks that are summarized in Table 761,62:
1 SA-1 Sybil Attacks: In SA-1, invaders generally make relations inside the Sybil community. Sybil nodes are strongly
connected to other Sybil nodes. Nevertheless, SA-1 somehow fails to communicate with other honest nodes; that is,
it does establish any substantial connection between Sybil nodes and honest nodes.63
2 SA-2 Sybil Attacks: In SA-2, invaders are generally present in the social domain. Unlike SA-1 attacks, SA-2 can make
social relations with Sybil nodes as well as with normal users. It can be concluded that capability of SA-2 is strong
enough to imitate normal user's social structures from the social graph's point of view. Hence, there are more num-
ber of attacking edges. SA-2 attacks target to broadcast malware, spam, and advertisements to violate user's privacy
and nastily influence reputation of the system. Moreover, SA-2 can create plethora of positive review comments to
overstate the benefits of services or to generate huge negative comments to under state services in any service evalua-
tion system. Noticeably, SA-2 will stress on particular behavior and replicate them frequently.63
3 SA-3 Sybil Attacks: In SA-3, invaders are generally present in mobile networks. The main objective of SA-3 is similar
to that of SA-2. However, its effect can be for shorter time span or in local area network. Owing to the cellular net-
works dynamics, mobile users do not have long duration or regular connections with other users. In addition, central
authority cannot exist in cellular network every moment. The portability and less result on global information are
seen as a difficulty in SA-3 defense as compared to SA-2.63
Sybil detection attack in IoT

Following are some of the Sybil detection attack techniques in IoT:
1 Friend relationship-based Sybil (FRSD): In cellular networks, because of portability, mobility, and availability of less
information with respect to social graph, it is difficult to defend against this attack. Quercia and Hailes63 suggested
an MSD scheme for equivalent cellular user communities, which tags the users of Sybil community as Sybil
attackers. One of the postulation states that each cell manages two lists—first, foe list that has no trusted users and
second, a friend list that has trusted users in it. When these two users are detected in a network, their communities
are checked for a match. If any user is not found in the group of trusted communities, it is called as a Sybil user.
Chang et al.64 provides recommendation for Sybil defense schemes in MSNs with an assumption that normal users
are in different community of Sybil users and it depends upon Sybil user's identification by community matching.
TABLE 7 Comparison of Sybil attacks in IoT devices
Distinct
Type Domain Underlying reasons Goals of attack Key aspects features Portability
SA-1 Sensing domain Protocol-level To take control of Exists in same Frequent No
vulnerabilities, the system by region and repetition of
resource-constrained introducing number of edges specific
sensor nodes malicious are limited. behavior and
comments or perform
information normal
operations
SA-2 Social domain Open platforms, blind To attack user's Tight coupling Frequent No
trust, recommender and privacy, malware with the normal repetition of
reputation system dissemination users and specific
vulnerabilities, fake generates more behavior
ratings and reviews edges
progressively.
SA-3 Mobile domain Absence of central To manipulate local Tight coupling Frequent Yes
authority for identity environment of with the normal repetition of
verification the user and users. specific
violate his/her behavior
privacy
Hence, efficient solution to detect Sybil attackers is by grasping friendship. Nevertheless, mobile users need to pre-
serve the trust community information in advance for FR-MSD schemes to work.
2 Sybil detection attack on cryptography-based mobile: Cryptography is another useful tool for facilitating Sybil
defense, especially designed for MSD and that prevents Sybil attacker's spiteful behavior. To tie an invader to its loca-
tion is the most challenging task in mobility of SA-3 when it has been launched by VANET. Lin65 proposed a scheme
known as LSR that helps in resistance of local Sybil attackers and preserves privacy in Sybil attack issues in VANET.
Users of local transport cannot efficiently detect Sybil attackers before TA revokes it. For this, each user must sign
into the UI posts of events. There is a feature of invalidating multiple signatures from same user on same event, mul-
tiple times. User in this case is connected to other users and is identified as Sybil attackers.
3 Features-based mobile Sybil detection attack: Investigation of attributes, such as mobile features and channel charac-
teristics, can be done for differentiating between Sybil attackers and legitimate users. For instance, to efficiently iden-
tify Sybil attacker, certain wireless networks rely on features of the communication channel. More sophisticated
physical layer does authentication; city areas are exploited by scattering of radio channels. Sybil attackers can be
detected by the combination of channel and authentication features. Practically, projected plan is also viable by the
overhead of more enhanced estimation schemes for channels, either individually or linked by other security schemes
on physical layer. Furthermore, the received signal is used to identify attacker in a static wireless network. If there is
packet from same received signal strength (RSS), then the sender node is most likely to be a Sybil attacker.66
Numerous MSD schemes influence cellular features that prevent Sybil attacks. In Abbas et al,67 we have estimated the
quantity of faulty hosts for determining the success rate of the attacks. They also worked on determining the sender's
power tuning during transmission and analyzed receiver's Omni directional and bidirectional antenna. Scrutinizing the
broadcasted signal difference, it counts the effect of various security suppositions that are made on Sybil attackers and
antenna impact on detection accuracy of Sybil. Park et al.68 states that in cellular network, Sybil identity of only one
attacker is tied to a sole objective node. This can be stated in a different form that huge number of different Sybil identi-
ties progress collectively. Just by controlling user's movement, we are able to detect Sybil identities. Hence, it can be
inferred that preventing Sybil attackers with the help system attributes is a potential way, but the issues lie in gathering
required information of these attributes.
Yao et al.69 presented technique for detecting overload users who are most probably Sybil users. According to
resource testing, each user has to depend on inspection that an invader would work on only one device. Sybil attack
detection requires huge amount of resources in a network if fake identities are created. Li et al.70 discussed admission
control method for insisting nodes to solve computations. With the help of these centralized resources, Sybil attackers
will not be able to initiate the attack, thereby limiting attacker's capability. Dhamodharan et al.71 proposed a fee-based
Sybil attack prevention technique depending upon the identity maintenance cost. In this, invaders have to give more
fees for launching the attack. Sybil attack detection methods have some issues, as device resource and hardware limit
the attacker's behavior.
Sybil defense in IoT

Sybil attackers can be easily defended by time and spatial connection of the RASs and vehicles. For validating user's
genuineness, secure hardware is used. Sybil attackers can be authenticated to a limit. Therefore, forged individual can-
not become legitimate. Even though resistance to Sybil attacks is effective, the cost to maintain this is very high. Hence,
it is typically used in high security domains. Following are some of the recent Sybil defenses:
1 MSN Sybil defense: There are some external defense schemes, which can be used in MSN, but they are not efficient
to detect Sybil attackers because of lack of historical nature required for identification of the schemes to learn. More-
over, there is no traceability of attackers because of dynamic nature of MSN user. Present MSD schemes are able to
distinguish between legitimate users and Sybil users and can propose cryptographic algorithms to hold back Sybil
attacker's behavior. One potential solution is to look at trust relationship in cellular users and then make a connected
local signature. In addition, there should be description of location and contact. Moreover, MSNs contain contact
and local data of cellular users. Therefore, there is a requirement for putting more efforts in research for analysis of
location and contact features of cellular users that would help in Sybil prevention in MSNs.72
2 Sybil defense and privacy: Numerous Sybil defense techniques, for example, MSD and BCSD, are inclined to learn
the behavior of users in the form of click events and browsing history. During defense, it is crucial to handle the pri-
vacy outflow in cellular environment. For instance, identification of SA-3 using contact data can lead to the
disclosure of user's past contact records to other cellular users, LSP, or Sybil attackers. Nevertheless, this computation
increases the overhead, particularly in a cellular environment where power utilization is very critical matter for cel-
lular users. On the other hand, it is promising to search user's general preferences and profiles that might reduce pri-
vacy leak for Sybil defense. The difficult subject is to get the way to assure Sybil defense accuracy while maintaining
privacy. However, leakage of user's records is supporting for defense, but it disrupts user's privacy.72
3 Cooperative Sybil defense: In some situations, because of lack of user's knowledge, Sybil defense is inefficient. For
instance, in cellular networks, user's capability is very less when compared to online users. Collaboration of the
servers and cellular users is one potential way for Sybil defense. Cellular users can use cryptographic algorithms as
signatures, local community structure, and so forth, for identifying malicious Sybil users. The cellular users then
inform servers with analogous contact information. The dedicated servers will be a help for carrying out complicated
things, such as learning behavior of user and detection of community. It is possible that a server takes benefit of stor-
age and computation complexity and then performs Sybil detection for cellular users. Adding to it, collaboration
among cellular users can also aid in Sybil defense. Information of the Sybil invaders may be taken for future identifi-
cation. Hence, the cooperative defense is a potential approach.72
Table 8 summarizes Sybil defense techniques based on nature of target domain, that is, SA-1, 2, and 3, and Table 9
shows various Sybil attack detection and mitigation techniques proposed in the literature highlighting their target area
and key aspects along with implementation details.
2.4.3 | Collusion attack in IoT
Rezvani et al.80 discussed an issue that it is possible for someone using cloud storage to breach the private key for con-
trolling the files. This issue must be resolved for improving the security of cloud storage, thereby organizing integrity of
terms. In numerous security techniques, it is frequently presumed that single node or leader is more reliable in the net-
work and uses various methods for communication protocols. Nevertheless, these protocols could be exploited because
of the primitive collusion attack. In this attack, a node purposely has a deal with the adversarial node that is having a
high-level knowledge about the information transfer. Figure 7 depicts the scenario of collision attack in IoT.81 Prior to
the compromised situation of the system, the node works properly, interacting with others and providing correct infor-
mation or decisions. During the collusion attack, a small behavioral variation at the colluded node may happen for
adversarial node to inject false data or read information. Attackers in this case can cause huge damage to the system by
introducing one or compromised nodes for manipulating data.
RFID and WSNs are among the key underlying technologies of IoT that bear the similar privacy issues as stated in
the above paragraph. For instance, compromised wireless sensors can be used for gathering information from different
sources, such as weather information of urban areas and wearable devices giving health data.
Various promising solutions have been proposed to identify nasty sensors. Nonetheless, collusion attacks need sig-
nificant attention. Because of the exponential growth of applications associated with IoT devices, users can be seen
approaching this new paradigm. Conversely, likelihood of collusion attack increases with an increase in the number of
nodes including users and devices.
Data collection and data aggregation are the most critical functions of IoT in WSNs.82–85 In sensor networks, there
is an aggregator node whose sole job is to gather information from many sensors and to provide the aggregated value to
the base station. Utilizing many sensors is very critical for the strengthening of the control in WSNs. Owing to the limit
TABLE 8 Summary of Sybil defense techniques
Defense scheme Category Distribution feature Base assumption Primary technique

Crypto–MSD SA-3 Distributed Security of cryptography Cryptography
FR-MSD Trusted community features FR matching, community detection
Feature MSD Mobility features Channel estimation, feature classification
BCSD SA-2 Distributed/centralized Behavioral difference Behavior classification
SCSD SA-1 Assumption-II Community selection
SNSD Centralized Assumption-I Random walk, social graph, partition
16 of 40
TABLE 9 Sybil attack detection or mitigation techniques
Type of Implementation
Sybil Model platform/dataset
State-of-art Year Target area attack Key technique used (Centralized/distributed) used Performance measurement
Sensing domain
Jamshidi et 2019 Clustered WSN General Received signal strength Distributed J-SIM simulator True detection and false detection rate,
al.72 Indicator (RSSI) communication overhead
Li et al.73 Industrial WSN Dispersive power gain and Distributed Channel simulator Correct detection probability
delay spread
Dangi et 2018 WSN Efficient routing Centralized NS-2 Transfer and packet drop rate, energy
al.74 procedures consumption
Wang et 2017 Clustered Energy trust systems Distributed OMNeT++, MiXiM Resource consumption, communication
al.75 networks overhead, detection accuracy, memory
overhead
Social domain
Xu et al.76 2018 Twitter General Deep-regression model Centralized Twitter dataset, Accuracy and loss function
Google tensor flow
library
Ayaida et Social Local rule-based C++ Robustness to label noise, ranking
al.77 networks propagation, accuracy, scalability, convergence
structure-based
approach
Hussain et 2017 Online social Location rule based
al.78 networks propagation
Yao et al.79 Location-based Bloom filter-based user Geolife project data Accuracy, efficiency
social gathering detection set
networks scheme
SRIVASTAVA ET AL.
FIGURE 7 Collusion attack in IoT
of processing and power resources in the sensors, information is aggregated with the help of aggregator. However, the
use of such simple approaches is prone to various kinds of faults and attacks. Hence, they are utilized with an estima-
tion of reputation sensors and reliability of the information from these sensors. A cluster node gathers information from
all the sensors in the cluster, and then, aggregate node gives aggregated value to base station.
In collusion attacks, invaders can introduce compromised sensors to fake the summed value at aggregator. For
instance, consider a scenario in which a malicious insider inserts two malicious sensors X and Y in a cluster A. X and Y
could send false data to exploit A to some extent. Iterative filtering algorithms are used for prevention against this type
of attack, as they compute data reliability and aggregation of data based on only one looping function.
Computation of reliability of the sensors depends upon the location of the value taken by the sensors and the origi-
nal values as read by different sensors.86 The true values are taken from the past iterations that are summed by various
aggregations from all the sensors. Sensors that have huge difference in the approximated and corrected values are con-
sidered as less reliable and their measure will have low weight in the present round of loop. Because of large number of
devices and user's mobility in IoT, it is difficult to identify collusion attack. Reliability and their measures are given
more weight when calculating aggregator's aggregate value.87–99 Table 10 outlines some of the collusion attacks includ-
ing IoT architectural layer of their impact, target area, and specific target. Table 11 outlines some of the collusion attack
detection or mitigation techniques from the literature including the nature of attack, key technique used, mode of vali-
dation and verification, and criterion for performance measurement.
3 | INTRUSI ON DE T E CT I ON I N I O T
The primary goal of intrusion detection is to automatically alert management when someone or something is trying to
hamper the system through spiteful actions or by safety policies violation. In IoT, there is an IDS placement strategy for
detecting threats and for verifying the plans, where IDS is kept at the boundary router in a single or multiple devoted
hosts or physical entities. The benefit of keeping IDS at boundary router is to identify the intrusions from WWW on the
entities in the physical environment.100 Nevertheless, it may introduce interaction complexity between nodes and
boundary router because of the frequency with which network status is inquired. Yet this explanation also demands for
management of network in various areas, which is a major issue.101 Figure 8 shows the taxonomy of intrusion detection
in IoT based on detection method, placement strategy, validation strategy, security threat, target of protection, time for
analysis, data source, state of action, and supporting technology. A discussion on different strategies of placing IDS is
presented in the following sub-section, along with their benefits and consequences.
3.1 | IDS placement strategies
Following are various IDS placement strategies in IoT ecosystem:

TABLE 10 Types of collusion attacks
State-of-art IoT architectural layer Area Specific target

86
Marforio et al. Application Smartphone systems Permission based mechanisms
87
Yaseen et al. Network Digital content dissemination Fingerprinting schemes
88
Bayoudh et al. Physical Fuzzy vault scheme Keys
89
Li et al. Network Routing Optimized link state routing protocol (OLSR)
90
Zou et al. Application Cloud systems Identity-based public auditing (IBPA)
Levitin et al.91 Application Multimedia Fingerprinting
92
Chen et al. Application Android Support vector machines
93
Hsiung et al. Network Distributed sensors networks Pairwise key pre-distribution schemes
1 IDS placement in distributed fashion: In this method, IDSs are kept at every substantial object of low-power and
loosy networks (LLN). These IDSs should be enhanced, as the nodes are highly resource-constrained.
2 Centralized IDS placement: In this method, IDSs are placed in a centralized component, like on border router or in a
dedicated host. LLN nodes collect the information that is transferred to both the edge routers and the clients that
requested for it. Hence, the IDS kept on edge router can compute the entire traffic between Internet and LLN. How-
ever, it is not sufficient to identify attacks on the nodes that are in LLN. There should be an IDS that could examine
the traffic transferred among LLN nodes without avoiding the effect that this activity can have on node operations of
low capability.
3 Hybrid IDS placement: It combines the methods of distributed and dedicated placement for extracting their key ben-
efits. Firstly, hybrid method manages the system into groups or regions, and key node of a group is responsible for
the organization of an IDS instance. Once it is done, the given node becomes responsible for controlling other nodes
of its group.
3.2 | Intrusion detection methods
Methods for detection of intrusion in IoT are classified into four categories—signature-based, anomaly-based,
specification-based, and hybrid. These are discussed as follows:
1 Signature-based methods: In this approach, IDS identifies attacks when the network behavior or system attack is
identical to the attack placed in IDS's internal database. If any network process matches with stored signature, it trig-
gers an alert. This easy to interpret approach is efficient and precise for identifying known threats. However, this
method is not appropriate for the detection of new attacks, as equivalent signatures of these attacks are not known.
Detectors having attack signature have been designed as susceptible cells that have the capacity to classify a
datagram into normal or malicious. Moreover, detectors have evolved to adjust to the new constraints in the con-
trolled environment.102
2 Anomaly-based methods: Anomaly-based IDSs are responsible for measuring the behavior of the system at the
immediate response to the usual behavioral pattern, alerting when any variation from general behavior crosses a
threshold. This method is effective to identify attacks, in general, the threats that are related to misuse of the
resources. However, all the things that are not identical to the usual behavior are known to be intrusions, and identi-
fying the whole range of usual behavior is not a simple task.103
3 Specification-based methods: Specification is a technique and entry point that standardizes the anticipated nature of
the components of network as protocols, routing table, and nodes. Intrusion is identified after the behavior of net-
work drifts from definitions of specification. Hence, detection based on specifications has similar idea of detecting
distinction from normal behaviors. Conversely, one main distinction is that specification-based method has human
who himself defines the protocols for every specification. This specification generally gives lesser false positive rates
when compared to detection based on anomalies. Moreover, these systems do not require any preparation stage as
they may begin functioning after setup of specification, although specifications defined by it are not able to adjust to
distinct environment and it might be prone to error and consume lots of time.104
SRIVASTAVA ET AL.
TABLE 11 Collusion attack detection and mitigation techniques
Type of
State-of-art Year Target area collusion attack Key technique used Validation/Verification Performance measurement
94
Luo et al. 2019 Big data transactions Online collusion Product characteristics, Logistic regression, Accuracy of collusion detection
attacks transactional behavior sklearn package in
Python
Yaseen et 2018 General General Fog computing CloudSim Performance overhead, value aggregation
al.87 correctness
Cordero et WSN Collusion attack Collaborative intrusion Experimental verification Trust scores, collusion detection
al.95 by dishonest detection system, evidence on sensors
sensors and reliability-based trust
score, unsupervised
machine learning
Pu et al.96 2017 Energy harvesting-motivated Stealthy collision Adaptive OMNeT++ Detection rate, detection latency
networks attack acknowledgement-based
approach
Sun et al.97 2016 Group key management User-based One-way function tree Mathematical model Prevention of collusion attack, communication
collusion overhead, computational cost, storage
overhead
Asavoae et Android applications Application-based Automated system Maude model-checking Collusion detection, software model checking
al.98 collusion
Pham et 2015 Delay tolerant networks Colluding Statistical-based detection, ONE simulator Forwarding ratio metrics, detection of ER
al.99 blackhole and exchange of record manipulation misbehavior, detection of
greyhole attacks histories collusion packet dropping misbehavior,
storage overhead, mitigation of collusion
behavior-switching attack
19 of 40
FIGURE 8 Taxonomy of intrusion detection in IoT
4 Hybrid methods: This uses the idea of signature-dependent specification and identification of anomaly to optimize
the benefits and reduce the drawback's impact.105,106
Different IDS systems proposed in the literature are summarized in Table 12 highlighting underlying detection
method, placement strategy, validation strategy, attacks encountered, target to be protected, time taken for the
analysis, source of incoming data, action state, and supporting technology. IDS techniques in IoT realms validate
advanced development, while few techniques leave the room for future investigation. However, depending only on
IDS techniques in an effort for monitoring intrusion is not considered to be efficient, as they only recognize few
restricted attacks as highlighted in Table 13. However, active information-driven methodologies hold ability for
overcoming the research gaps. But still, the probability of inferring exploited devices is still vague and demands
future research.
3.3 | Anomaly detection in IoT frameworks
Identifying the anomalous pattern or behavior that does not conform to the expected nature of information or a system
in network is known as anomaly detection. The primary issues with identification of anomaly in IoT are application-
dependent nature of IoT systems, heterogeneous traffic that makes it hard to obtain pattern, and complexity of expected
actions as it might be possible that information is distorted because of noise.115
It is very common to see network topology having heterogeneous behavior in IoT domain, so grouping is a tech-
nique to tackle the intricacy of different environments with the help of intrusion patterns having hierarchies and
methods based on anomaly detection in IoT systems. Statistical and reputation detection methods might be taken in
the grouping of entities or objects.
For the exploitation of approaches based on anomaly in the direction of cloud and IoT, deployment based on agents
is a better choice. For detecting different anomalies efficiently in these types of operations, various agents work consid-
erately and distribute their results among them. From the legal point of view, IoT and cloud surfacing has led to new
methods for ensuring security and privacy that is necessary. Geologically restricted legislations are not suitable for
cloud and IoT. In addition, only self-regulation is not efficient for ensuring security and privacy. The sufficient legal
infrastructure should reflect on the background methods set by the legislature of globe on behalf of non-government
sector in accordance with the particular requirements, and hence, is effortlessly adaptable when required. Table 14 out-
lines some of the anomaly detection schemes in IoT along with their underlying model, detection technology, and key
features.
3.4 | Anomaly detection on cloud platforms
In the IoT model, huge computing power is required by the applications that communicate with the sensors, along with
remarkable space utilization and massive network bandwidth for managing big data generated by sensor network.
Cloud computing facilitates access to common pool of virtual resources.116 Three service models that are provided by
cloud are Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). In IaaS struc-
ture, providers of service give load balancers, computing servers, and data storage by virtual infrastructure coordinator,
SRIVASTAVA ET AL.
TABLE 12 Summary of intrusion detection systems (IDSs) for IoT
Placement Validation Target for Time for Data State of Supporting

State-of-art Detection method strategy strategy Attacks Protection analysis source action technology
Derhab et Signature-based Hybrid Simulation Forgery, Misrouting attack, Host-based On-the-fly System commands
al.102 malicious injection
Active Block chain
Mudgerik ar Anomaly-based Distributed 3973 malware samples Host-based Interval-based Audit Trail Passive Edge
et al.103 (program med) computing
Le et al.104 Specification-based - RPL topology attack Network-based Hybrid Trace files Active -
Pongle et Specification-based Hybrid Wormhole attack Hybrid On-the-fly Network -
al.105 packet
Jun et al.106 Anomaly-based Centralized Man-in-the- Network-based Event stream -
middle
(MITM)
attack
21 of 40
TABLE 13 Intrusion detection techniques deployed in IoT environments
Behavioral-based state-of-art Knowledge-based state-of-art
Raza et Shreenivas Yang et Thanigaivelan Parno et Bostani et Midi et Patel et

Vulnerabilities al.107 et al.108 al.109 et al.110 al.111 al.112 al.113 al.114
Malicious code ✓ ✓ ✓
injection
Sinkhole attack ✓ ✓
Sybil attack ✓ ✓ ✓ ✓
Dictionary ✓
attack
Anomaly ✓
detection
Side Channel
attack
Battery draining ✓ ✓
attacks
Selective ✓ ✓ ✓ ✓
forwarding
Device capture ✓ ✓ ✓
TABLE 14 Distinction between anomaly detection schemes for IoT
State-of-art Model Detection technology Key features

115
Lyu et al. Standalone Use of cluster information Fog computing platform and use of efficient hyper-ellipsoidal
clustering algorithm.
Sforzin et Hierarchical Rule-based approach Approach to improve security of cluster-based networks.
al.116
Pongle et Hierarchical Based on specifications Combines existing IDS approaches and shows the steps to build IDS
al.105 for WSNs.
Assuncao et Standalone Based on statistical anomaly Short-term dynamic statistics with the help of multi-level, sliding
al.117 detection window storage scheme.
Aydin et Hierarchical Based on reputation Detects selfish nodes through cluster-based trust management.
al.118
while PaaS provides a stage for computation and the content of application in PaaS that can be a programming plat-
form, editor, or data.105
Figure 9 describes the classification of anomaly detection in various streams and methodologies used for detection
of anomalies on cloud platforms.
To do real-time computations on big data collected from IoT devices, there is a need of effective retrieval, filtering,
and storage techniques. Information and computing resources can be private or public. Assunç~ao et al.117 discussed four
cases—private information private study, public information public study, private information public study, and public
information private study. It has been observed that in private scenarios, analytical structures are biggest issues and
cloud service providers should address them.
The beginning of mobile computing has increased the concern of privacy for cellular users. For example, every time
border of country is crossed, provider and service are updated. It is possible for service providers to shuffle private data
transient through web sites or SMS messages. There is an urgent requirement of privacy protection in a cloud-centric
environment of IoT, as the data generated from IoT system are huge and billions of devices are connected in our envi-
ronment, as cloud infrastructure allows this information to be remotely stored and processed. It is expected that anom-
aly detection would play a major role to secure cloud-centric platform as data is supposed to comprising patterns, and
any deviation from a specific pattern is indicative of a possible threat or attack. Table 15 presents comparative analysis
F I G U R E 9 Classification of anomaly
detection methodologies in cloud
TABLE 15 Distinction between anomaly detection schemes for cloud
Detection
State-of-art Model technology Key features
Calheiros et Standalone Attribute-based Temporal anomaly detection, real-time online application, time-series
al.119 information is extracted into extra attribute
Moustafa et Collaborative Data logs Capturing and logging of network data, pre-processing collected data, and a
al.120 new decision engine (DE) using a Gaussian mixture model (GMM) and
lower-upper interquartile range (IQR) threshold for detecting attacks
Pandeeswari Hybrid Specification-based Hybrid algorithm as a combination of artificial neural network and fuzzy
et al.121 C-means clustering algorithm (FCM-ANN)
Thanigaivelan Shared Rule-based Provides outlier detection of existing WSNs.
et al.122 approach
Misra et al.123 Cooperative Rule-based Nodes supervise their neighbors and coordinate with them to bring the
and shared approach network to its normal mode.
of anomaly detection schemes in cloud platforms based on underlying model, detection technology, and key
features.118
Table 16 highlights the association of the explored fog computing domains against the different classes of security
challenges (i.e., session hijacking [SH], suspicious insider [SI], distributed denial of service [DDoS], advanced persistent
attacks [APA], access control concerns [ACC], unsafe APIs [UA], data breaching techniques [DBT], information loss
[IL], and inadequate due attentiveness [IDA]). Though the tabular study has been populated based on the inferring
published state-of-art, this must be well-known that in few scenarios, it is quite likely that we might not have connected
details of their work that mitigates a possible category of security vulnerability. The table highlights that none of the
explored application domain has initiated the essential defenses for minimizing the possible effect and vulnerability of
all classes of vulnerabilities.
3.5 | Method of detection of anomalous data from sensors
One of the major characteristics of IoT systems is the significant increase in cyber-physical attacks. Attacks are real-
ized by an intruder because of malicious impact on software as well as hardware modules of system and the secu-
rity methods. In this type of system, by anomalies, we mean variation in information collected from the sensors
TABLE 16 Knowledge gaps for application area based analyzing current fog implementations against the 12 categories of security
issues
Domain SH SI DDoS APA ACC UA DBT IL IDA

5G networks ✓ ✓ ✓ ✓ ✓ ✓
Computation reduction ✓ ✓ ✓ ✓
e-Healthcare applications ✓ ✓ ✓ ✓
Handling of resources ✓ ✓ ✓
Smart meters ✓ ✓ ✓ ✓ ✓ ✓
Virtualized wireless access ✓ ✓ ✓ ✓ ✓ ✓
Disaster reaction and unfriendly background ✓ ✓ ✓ ✓
Speech recognition systems ✓ ✓ ✓
Amplified brain processer ✓ ✓ ✓ ✓
Web optimization ✓ ✓ ✓ ✓ ✓
Surveillance video processing ✓ ✓ ✓ ✓ ✓
Food traceability ✓ ✓ ✓ ✓ ✓ ✓
through cyber-physical attack on them. Potential working of these attacks on sensors leads to distortion of data and
inter-operability. Both connected and indirect impact on sensors takes the effect further that result in data corrup-
tion. An instance of this type of physical influence is the effect of laser on sensor at a distance that is visible in
Yang et al.124 Another scenario to quote is the effect on a barcode or QR sensor. There are certain protocols appro-
priate for detecting data from the sensors that are a part of the system. These specifically consider the past values of
time and month, restrictions to admission on the calculated values, consistency of data internally, conformity to
external data sources, geological location of the appliances with the movements, behavioral attributes of the users of
devices, and rules of system.
Expert understanding in identification of non-standard data from sensor is required to build a generator of software
module controlling anomalous data. Because of classic model of an IoT system, part of smart home is taken into consid-
eration. Assumption is made that anomalous information may rise because of intentional attacks on received informa-
tion from sensors. The spirit of controlling steps while the system runs measures the viability conditions in the system,
relying on the type of the source and target node, status, and location. Depending upon the present state (for instance,
data collected from the sensor and data deposited in a protected component), different conditions are imposed.125,126
The presented methods presume that according to given expert data, relying on the specific infrastructure and logic of a
system, its constituents, assumptions, conditions, and intruder structure, a module for tracking anomalies on informa-
tion by correct group of conditions is created in automatic mode. At this point, input for this module is information
from sensors recorded in a structure in a certain appliance. Table 17 outlines various anomaly detection schemes for
sensors including the nature of data they deal with, detection method, and implementation details.
4 | AUTHENTICATION PROTOCOLS, SIMULATORS, AND TEST BEDS FOR

IOT S YSTEMS
In this section, firstly, we outline various authentication protocols with respect to various IoT sub-domains and present
their comparative security analysis with respect to various security attacks. Then we present various categories of IoT
simulators along with their comparative analysis. Lastly, we discuss and compare various test beds for IoT systems.
4.1 | Authentication protocols
IoT has created its popularity among four fields, including (1) Machine-to-Machine Communications (M2M), (2) Inter-
net of Vehicles (IoV), (3) Internet of Energy (IoE), and (4) Internet of Sensors (IoS). M2M relies on different protocols
and is crucial for the realization of IoT.130 IoV focuses on vehicular cloud that is built by inter-connection of various
resources in the vehicle and Road Side Units (RSUs) to provide network access.131 IoE can be visualized as an
TABLE 17 Distinction between anomaly detection schemes for sensors
State-of-art Nature of data Detection method Implementation details

Jeong et Spatio-temporal correlation Bi-directional recurrent Vibration data based on a numerical simulation of a
al.125 among the sensor data neural network sensor network for bridge monitoring application
Leight et High frequency time-series Rule, regression, and Forecast package for regression-based AD methods,
al.126 data, water quality data feature-based methods DDoutliers package to implement feature-based AD
in situ sensors methods in R statistical software, rule-based code to
implement the automated classification rules within the
regression and feature-based methods
Munir et Streaming sensors data Statistical and deep Auto ARIMA, Numenta anomaly benchmark (NAB)
al.127 learning models dataset
Lin et al.128 Sensor network data stream Sliding window sampling Matlab 2014a, KDD CUP 99 data set in UCI standard data
and optimized clustering set
Hayes et Big data Contextual anomaly Open-source dodgers dataset, Java using the Weka
al.129 detection, multivariate
clustering algorithm
interconnection of grids with network for enabling smart control of power storage, distribution, and production.132 IoS
enables sensors connectivity with the network using protocols based on ZigBee and IEEE 802.15.4.133
Data produced from billions of inter-connected devices and interaction between people can be characterized as
highly complex and massive in size. In addition, it may suffer from various privacy and security related problems, espe-
cially with respect to device authentication. To handle these security issues, various efforts have been put in the area of
computer security, particularly on authentication protocols in context of IoT that refers to the potential of methods for
authenticating users using all the surrounding devices. As large part of IoT devices uses wireless communication chan-
nel, it becomes easier for adversary to eavesdrop and launch attacks by bringing vulnerable devices in contact. The real-
ization of IoT authentication protocol comprises of the following processes as shown in Figure 10.
• Attack modeling
• Authentication protocol modeling
• Countermeasures selection
• Network modeling
• Proposition of phases of authentication protocol
• Performance examination
• Validation/Verification
Figure 11 shows categorization of authentication protocols in different models of IoT. Table 18 to 21 shows contribution
of various researchers to deal with attacks that are present in authentication protocols in M2M, IoE, IoS, and IoV,
respectively.
FIGURE 10 Realization process of authentication protocols

FIGURE 11 Types of authentication

protocols
TABLE 18 Survey of attacks on machine-to-machine (M2M) authentication protocols
State-of-art
Security attacks Qiu et al.134 Park et al.135 Parne et al.136 Chen et al.137 Lin et al.138
Forging attack No Yes No No No
Sybil attack No Partial No No Partial
Replay attack Partial Partial No Yes No
Flooding attack No No No No Yes
DoS attack No No No Yes Yes
Substitution attack Partial Partial Partial Partial No
Man-in-the-middle attack Partial Yes Partial Yes Yes
Blackhole attack Partial Partial No Yes No
Impersonation attack Partial No No No Yes
Eavesdropping attack Partial No No No No
Brute-force attack Partial Partial No Partial Partial
Routing attack No No No No No
Wormhole attack No Partial No Partial No
Note: Yes = Completely Handled, No = Not Handled, Partial = Partially Handled.
4.2 | IoT simulators
Based on capacity, three types of simulators are used for research in IoT. The first type comprises of full stack simula-
tors developed with respect to the introduction of IoT prototype and target to assist end-to-end entities in IoT ecosys-
tem. The second type focuses on processing big data concepts for IoT applications. The third type consists of simulators
for networks. It can be inferred that most of these simulators are not built for assisting IoT paradigm but have emerged
for the development of essential elements of IoT.
Table 22 proposes description of specific IoT simulators, and in the next sub-section, we discuss the three categories
along with some of their examples. The explanation of the chosen criteria for comparison is given below:
• Platform: Presents the target platform with which the simulator is compatible.
• Class: Presents the nature of the underlying class.
• Coverage: Presents the scope of the simulator.
• Expertise: Represents the specialization of the simulator.
TABLE 19 Survey of attacks on authentication protocols for IoE
State-of-art
Security attacks Fouda et al.139 Nicanfar et al.140 Li et al.141 Liu et al.142 Chen et al.143
DoS attack No Yes No Yes No
Replay attack No Yes Yes Yes Yes
Mutual authentication Yes No No Yes No
Data confidentiality No No Yes Yes No
Man-in-the-middle attack No Yes No No No
Injection No No Yes No No
Brute-force attack No Yes No No No
Insider attack No No No No No
Forward secrecy No No No No No
Offside guessing attack No No No No No
Message integrity No No Yes Yes Yes
Impersonation attack No Yes No Yes No
Redirection No No No No No
Privacy preservation No Yes No Yes No
Private key privacy No Yes No No Yes
Insider attack No Yes No No No
TABLE 20 Survey of attacks on authentication protocols for IoS
State-of-art
Security attacks Jiang et al.144 Farash et al.145 Li et al.146 Wu et al.147 Shen et al.148
Forging attack Partial Yes Partial Partial No
Substitution attack No No No Partial Partial
Replay Partial Partial Yes Yes Yes
Attack
Flooding attack No No No Partial Partial
DOS attack Partial No No No Yes
Man in the middle attack Partial Partial Partial Partial Yes
Black hole attack Partial No No No Partial
Sybil attack Partial Partial Partial Partial No
Eavesdropping attack Partial Partial Partial Partial Partial
Brute-force attack No No No No Yes
Routing attack Partial Partial No No No
Wormhole attack Partial No No No Partial
Impersonating attack No Partial Partial Partial Partial
• Range: Represents the overall size of the target application that can be implemented on the simulator.
• Portability: Represents whether the simulator possesses portability option or not.
• Integrated IoT Level: Describes the IoT technology that works in integration.
• IoT Layer: Describes the layer of IoT architecture for which the simulator is designed.
TABLE 21 Survey of attacks on authentication protocols for IoV
State-of-art
Security attacks Lortz et al.149 Shen et al.150 Guo et al.151 Fan et al.152 Liu et al.153
Forging attack No No No Partial No
Wormhole attack No No Partial Partial Partial
Impersonating attack No No Yes No No
Sybil attack No Yes No Yes No
Replay attack Yes Partial Partial Yes Yes
Routing attack Partial No Partial Partial No
Substitution attack Partial Partial Yes Partial Partial
Blackhole attack No No No Partial Partial
DOS attack No Yes No Yes No
Flooding attack No No No No No
Man in the middle attack Partial Yes Partial Yes Partial
Eavesdropping attack Partial Partial No No No
Brute-force attack No Partial No No No
TABLE 22 Comparative analysis of IoT simulators
Integrated
Simulator Platform Class Coverage Expertise Range Portability IoT level IoT layer
IOTSim JAVA Reduce model Data Broad High No - Application
analysis layer
DPWSim Distinct event IoT Broad Low No Device profile
for web
services
QualNet C++/C Distinct event Network Broad High Yes 802.15.14 Sensing layer
Cooja JAVA/C Distinct event Network Broad Low Yes Protocols of
Conitiki
NS-3 C++ Distinct event Network Broad High Yes LoRaWAN,
802.15.14
iFogSim JAVA Distinct event IoT Broad Not No - Sensing
known layer,
SimIot Distinct event Analysis Broad Low No - network
layer
CupCarb JAVA/scripting Distinct and Network Smart Low Yes LoRaWAN,
on agent-based City 802.15.14
event
OmNet++ C++ Distinct event Network Broad High Yes Manual
extension
4.2.1 | Full stack simulators
DPWSim is the expert IoT simulators belonging to this type, and it focuses on particular services that are based on
Device Profile for Web Services (DPWS) protocols. These protocols are aided by the organizations for improving the
standards of structured information. For structuring the required DPWS communication, researchers have proposed
preferred IoT services by utilizing a combination of actions, appliances, and procedures. However, it offers a full DPWS
stack for simulation, and there is no assistance for different techniques and set of rules. Nevertheless, iFogSim154
simulator assists fog computing by offering full-stack surroundings and uses extension of CloudSim toolkit to accom-
plish this.155 The simulator also supports actuators, service processing entities, and sensors so that one can create topol-
ogy and application service views. Simulators might be useful for measuring performance results of different service
deployment methods of fog computing as compared to cloud.
4.2.2 | Simulators for big data processing
This type of simulators (such as IOTSim and SimIot) focus on big data processing and performance of cloud.156
IOTSim is application layer oriented and offers a platform for big data computations and handling cloud comput-
ing based IoT services that are in turn based on Map reduce development tool. This simulator is dependent on
CloudSim toolkit and generates data center procedures (e.g., cost, virtual settings of machines, and computational
needs) other than sensor network communication. On the other hand, SimIoT may be used to compute processing
times of jobs, in particular, cloud-based information processing model configurations that are dependent on infor-
mation provided by IoT applications or various sensors. In its present stage, this simulator focuses on performance
estimation of data center, with the strategy of involving assessment of heterogeneous sensors and management of
the topology.
4.2.3 | Network simulators
Network protocols study explores the IoT models and numerous tools that are used for WSN or the primary network
research that has been tailored to integrate particular IoT entity. The review of conduct in Nayyar and Singh157 involves
additional 30 WSN simulators that may be promising to be used as component of research in IoT. Few of the simulators
involve Cooja, QualNet, CupCarbon, and QualNet. CupCarbon is initially developed as simulator with the well-built
focus on assisting geological node portability that is based upon real-world scenarios. Regardless of its primary lack of
development, it has slowly emerged as well-known IoT model environment for smart home scenario that assists cellular
agents that could signify smart transport and in-depth topology dependent on factual world maps. Unfortunately, in
spite of being IoT-dependent, CupCarbon has no sustenance for communication protocol at application level. Cooja is
supporting simulator obtainable as component of the Contiki OS, which is the most admired OS utilized for developing
IoT sensors.158 It is well preferred in WSN research domain with more than hundred publications in IEEE explore.
Motes in this simulator can access almost all the protocols that are developed by Contiki and, hence, gives capability to
replicate pragmatic cases that integrate protocol of application layer as MQTT, CoAP implemented in 802.15.4, and
IPv6 on 6LoWPAN.
The model executing on nodes may then be incorporated to hardware with small changes, which bridges the
key concepts and phases of prototype. Therefore, Cooja is emulator that does emulation at instruction level in a
wireless domain. It must be observed that there are many questions regarding past simulation validity, which
depends on Cooja's incorrect timing discrepancies in real and virtual development. OMNeT++ is admired frame-
work of simulation, which is commonly used in WSN. The model is extensible and well established. However, the
embedded assistance for IoT-based application level protocols and models are lacking in OMNeT++.159 Hence, the
entire IoT simulation framework needs different simulation structures with different complexities. Method to
resolve this depends on levels of simulation. Different simulators have different extent of assistance for IoT princi-
ples and services as privacy.
4.3 | Open test beds
Although simulators are helpful for implementing concepts, researchers depend on experiments to validate the effi-
ciency of their proposed work. In Papadopoulos et al.160 the idea is verified with the demonstration of the use of test
beds in 596 research works. With the evolvement of test beds, authors can readily access the implemented network for
refinements. The benefit of test beds is similar to simulator regeneration at different instances of the same use-cases.
Table 23 proposes some IoT test beds. It provides explanation for choosing a particular test bed, for which the condition
is dependent on the following criteria:
30 of 40
TABLE 23 Comparison of selected IoT test beds
SMART
Parameters JOSE161 SANTANDER162 FIT/IoT-LAB163 Smart campus164 Senslab165 SmartICS166
Platform Outside home or Labs Cities Smart buildings Cities Smart buildings indoor
labs
Use Monitoring and IoT development Performance Study of user behavior in Evaluation of scalable Range of information associated with
tracking of smart city analysis of smart building and the WSN protocols and each desk including light intensity,
environment protocols effectiveness of loT applications through ambient temperature, power
technologies experimentations. consumption, and noise
Level of parallelism Multiple services Multiple Multiple users Multiple experiments Deployment and sensor Deployment and sensor measurements
experiments measurements
Range High (1200 High (>20 000 Middle (~2700 Low Low Low
computers, 12 000 sensors) sensors)
VMs, 50 servers)
Sensors Takeout, Fixed, mobile, Heterogeneous Multiple sensors 1024 nodes over 4 sites Dust: 100, CO/NO2: 4 (each),
ready-to-use, smartphone (fixed, mobile, anchor, environmental sensors 100, 30 energy
environmental, open, control, etc.) consumption sensors, 100 occupancy
camera, social sensors
infrastructure
Different protocols Yes Yes Yes Yes Yes Yes
used
Scale Japan-wide City-scale 6 different cities Indoor City-scale Campus-wide
in France
Application Smart Smart city WSN Smart buildings WSN Smart buildings
society/agriculture
Mobility In-vehicle Public buses Electric toy Mobile nodes Repeatable mobility via No
trains electric toy trains
SRIVASTAVA ET AL.
• Platform: Describes the under.

• Use: Describes the use of the test bed.
• Level of parallelism: Describes the level to which the test bed possesses parallelism.
• Range: Describes the configuration size.
• Sensors: Describes the type of sensors used.
• Different protocols used: Describes whether the test bed uses different protocols or not.
• Scale: Presents the scale of the test bed application.
• Application: Describes the target application for which the test bed is developed.
• Mobility: Describes how mobility is achieved.
Some of these open IoT test beds and their features are discussed below:
1 Japan-wide orchestrated smart/sensor environment (JOSE): This is a Japan-wide open test bed and provides an appli-
cation framework for IoT application assessment. This test bed offers assistance for simultaneous implementation of
different IoT applications, where every single entity has its virtual cloud framework and sensor model distributed at
five datacenters in Japan. Presently, it helps 27 implementation services of IoT.
2 SmartSantander: SmartSantander is a city-range implementation facility providing a domain for IoT applications
focusing on city environment. It has been deployed in Spain (Santander) and then in Germany, UK, and Serbia. It
has different sensor nodes, RFID, and code responses. The collection of sensors has fixed as well as variable hosts
deployed in transportation systems. On-the-fly programming helps authors for implementing software for assisting
hosts remotely, which is its key feature.
3 FIT IoT-LAB: In this, multiple sites and multiple users exist across various sites. Adding up all the test beds gives
entrance to 2728 varied wireless sensor hosts interacting over 802.15.4. Moreover, for offering standard protocols,
users might integrate their own hardware in the implementation. Robots offer mobility and can work as circuit like
mobility framework while different frameworks like any waypoint and mobility for user-controlled systems are
implemented. At present, this facility is measured as the most accessed open IoT test bed.
5 | OPEN ISSUES AND FUTURE RESEARCH DIRECTIONS
In this section, we have presented a comparison-based analysis of existing surveys on IoT based on eight different
parameters: protocols and technologies, application domains, context awareness, legal frameworks, attacks, access
models, security protocols, and intrusion detection techniques. Table 24 highlights the comparison-based analysis
of existing surveys with our findings. It is clearly reflected from Table 24 that very few existing surveys are focus-
ing on the access control models for effectively highlighting the emerging cyber threats and existing vulnerabilities
on their legal frameworks. On the other hand, most of the existing surveys are utilizing the technologies of proto-
cols and technologies for representing the high level abstraction of IoT layers and the possible threats and vulner-
abilities in such layers.
With all the technological development in IoT, an extravagant growth in IoT-based applications has been encoun-
tered in the last few decades. However, regardless of this innovative revolution, IoT is facing challenges that are yet to
be resolved. Figure 12 highlights these challenges.
5.1 | General issues
Some of the general research challenges and directions for future work in IoT are discussed as follows:
1 Fulfillment of security requirements: Facilitation of security, privacy, and trust is of utmost importance in IoT net-
works. Common security requirements include mutual authentication, secure key exchange, session management,
access control, and authorization. Defense against replay attacks, resource exhaustion, and insider attacks require
the development of non-compromising models to ensure continuous functioning of the underlying network. At the
user's end, lack of security-related awareness is exploited by the vulnerabilities present in the IoT devices and
applications.60,167–170 Tailored software security issues can be dealt with quick operational actions and secure IoT
TABLE 24 A classification of reviewed surveys on IoT
Intrusion
Recent Protocols and Application Context Legal Access Security detection
surveys technologies domains awareness frameworks Attacks models protocols techniques
Ammar167 ✓ O ✓ ✓ ✓ ✓ ✓ ✓
Khan 168
✓ ✓ ✓ ✓ O O O O
Martino 169
O O O O ✓ O O O
Hassija 170
✓ ✓ O O O ✓ ✓ O
Neshenko60 O O ✓ ✓ ✓ O ✓ O
Meneghel ✓ ✓ ✓ ✓ O O O ✓
lo171
Yu172 ✓ O O ✓ ✓ ✓ O O
Lin 173
O O ✓ O O O ✓ ✓
Yang174 ✓ O ✓ O ✓ O O O
Ngu 175
✓ ✓ ✓ O O ✓ O ✓
Din 176
✓ O ✓ ✓ ✓ O O O
FIGURE 12 Open research issues in IoT
coding. Privacy-related research areas for future include prevention of device profiling, monitoring and controlling
data gathering, information flow management, access management and accountability assurance. Trust related
requirements include dedicated node management, anomaly detection and recovery, and conceptualization of trust
visualization.
2 Performance requirements: Apart from the security requirements, performance trade-offs should be handled. Plat-
form compatibility is difficult to be established due to the heterogeneity of devices and configuration variation that
demands for the development of solutions irrespective of the nature of the underlying technologies. Efficient
resource (storage, processing, and power) utilization is desired for long-duration operations that can be acquired
through novel technologies including software-defined networking (SDN), network function virtualization (NFV),
fog computing, and crowd computing.171
3 Standardization and regulatory frameworks: Future enhancements are required for the development of appropriate
standardization frameworks to deal with heterogeneity of IoT ecosystem. In addition, robust regulatory frameworks
demand for the unification of technological advances to deal with novel attacks. Not all business organizations
accept IoT immediately and wait for the government intervention for latest standard and regulations. Since location-
specific barriers do not bound IoT, assignment of responsibility for setting these regulations is another challenging
aspect.172
4 Device naming, monitoring, and organization: Vendor-specific proprietary naming mechanisms weaken the interop-
erability aspects. Moreover, vulnerable domain name system (DNS) is not suitable to be relied upon. In addition, bil-
lions of smart devices actively participating in the network are difficult to be monitored and tracked. Privacy aspects
should also be addressed while device tracking in progress.173–175
5 Connectivity: One of the crucial problems faced by developers and manufacturers is to ensure reliable connectivity
for data transfer among devices. Data streaming is one of the emerging solutions that ensures simultaneous data
transfer between the server while at the same time devices can communicate with one another. However, sending
and receiving data consume CPU and power that raises the need of a network that would ensure less power con-
sumption and avoid battery drainage. In addition, identifying the activity of devices is another requirement to be ful-
filled for ensuring uninterrupted connectivity to the users. Heterogeneity and complexity of devices make
connectivity aspects somewhat challenging.176
5.2 | Technology specific issues
Following are some of the underlying technology specific challenges in IoT:
1 Blockchain technology: Limited number of nodes in the permissioned networks and limited throughput in
permission-less networks make the current blockchain architecture unsuitable for large-scale IoT networks. Develop-
ment of consensus algorithms to prevent excessive use of processing power in resource-constrained devices is an
ongoing area of research. In addition, generation of garbage data is an important aspect related to the tamper-proof
feature of this technology that affects the overall performance of the underlying application and, hence, requires
appropriate garbage data handling mechanisms. Manufacturers and service providers also encounter compliance and
legal issues that limit the adoption of blockchain technology in businesses. Regulatory rules must be defined to
ensure efficient execution of blockchain aspects in IoT at global level. Unites States, Belarus, Malta, and Gibraltar
are some of the nations that are working in this direction.177 Storage is another major hurdle, as the nodes have to
store the ledger instead of any centralized server. Lack of skills to understand and extract the benefits of blockchain
in IoT domain affects its popularity.
2 Fog computing: Node interactions at local level give rise to divergence and inconsistency at global level. Design-
ing end-to-end systems would ensure better trade-offs between centralized and distributed network architectures.
Untrustworthy nodes may create serious concerns in the network for which incentive mechanisms can be
adopted. Fog nodes are incapable to handle the heave load requests due to which most of them are forwarded
to remote cloud servers, which makes resource sharing in fog layer, an open area of research. In addition,
dynamic relocation of tasks in another solution in this direction. Machine learning and artificial intelligence
techniques can be adopted for developing intelligent fog nodes for adaptive decision making related to data
handling and forwarding.
3 Edge computing: Resource-constrained devices on the network's edge are susceptible to various malicious attacks.
These devices typically include sensors, RFID tags, embedded devices, and so forth. Edge devices once compromised
can lead to entire IoT ecosystem and applications coming to a halt. Since these devices typically reply on additional
power sources, power outage attacks can lead to entire edge layer coming to halt. Moreover, deployment of security
mechanisms on these devices is an overhead in terms of performance. No standardized naming mechanism has been
developed so far for the edge-computing paradigm, which is essential for addressing and identifying things, data-level
communication, and application management. Named-data networking (NDN) is a novel naming mechanism that
would ensure efficient scalability for edge computing paradigm.178
4 Low Power Wide-Area Networks (LPWAN): The aim of LPWAN is to achieve optimal performance of IoT net-
works. However, addressing interference issues (cross-layer, co-layer, inter-symbol) in LPWAN is an open
research area. Unlicensed technologies like SigFox and LoRa are behind one of the reasons of these issues as
these typically operate in ISM bands that leads to interference.179 Achieving scalability in dense IoT networks is
another major challenge due to the exponential fall in the performance of LPWANs. For addressing this issue,
channel exploration, opportunistic spectrum sensing, and MAC protocols that dynamically adapt data rate are
some of the possible area of research. In addition, development of efficient security mechanisms is required,
particularly for software update and data transmission, as the traditional mechanisms are costly to be
implemented.
5 Deep learning: One of the key challenges in applying deep learning with respect to IoT is difficulty in training deep
learning systems for high-level of abstractions of the physical world associated with the interaction of the discovered
objects with environment. Decision making is difficult and crucial, particularly in mission-critical applications, and
instability of deep learning based networks due to drastic variations in result on small changes in input data provide
new attack surfaces for the adversaries. Research is going on to build systems based on the concept of deep learning
using higher-level of cognition for healthcare, transportation, and other commercial applications with use cases to
test their working in real time.180
6 | C ON C L US I ON
Recently, future IoT has appeared as the significant research theme. This offers the amalgamation of various IoT sen-
sors, actuators, and various objects for communicating explicitly among each other deprived of human intervention. In
addition, the need and specifications for the comprehensive arrangement of the IoT infrastructure setup are escalating
promptly with key security issues. In this article, we have presented a comprehensive survey of recent state-of-the-art
IoT security attacks and threats. This comprehensive article originates numerous open research queries in the domain
of security of the IoT platforms. World Wide Web (WWW) scale methodologies resolving the IoT vulnerabilities con-
cern is considered to be the utmost noticeable issue towards IoT platforms. We have also classified the IoT platforms by
offering a detailed classification of the relevant security attacks and threats related to its emerging architecture, applica-
tions, and communication technologies. Rigorous efforts are also essential for exploring IoT-related vulnerabilities and
their related suspicious signatures. Certainly, this type of skills is necessary for providing efficient remediation method-
ologies. In addition, subsequent methodologies that are specific to IoT-related attacks combined with their features cer-
tainly requires to be developed and must be coupled into software development lifecycles for contributing to secure
emerging IoT devices. We have also anticipated numerous further initiatives as directed in this article, including emerg-
ing blockchain solutions, IDS defensive methodologies exploring different methodologies. Such technologies focus in
sensing suspicious IoT sensors/actuators in the large-scale for quick therapy, experiential investigations for exploring
and characterizing the inward/outward traffic of these malicious IoT devices. Though investigation in the domain of
future IoT security is in its early stages and is still need to be after explored and tested. The probable solutions to the
argued IoT threats and attacks need to be designed and developed for the emerging IoT infrastructure setup to be
completely embraced by the users of different community.
ACK NO WLE DGE MEN TS

This research work was supported by Research Initiation Grant (RIG) and financially supported by Birla Institute
of Technology and Science, Pilani, India. The authors would also like to thank all the anonymous reviewers and
related co-authors who were actively involved in providing their valuable feedback and comments related to this
manuscript.
ORCID
Shashank Gupta https://orcid.org/0000-0002-2124-9388
R EF E RE N C E S
1. Singh D, Tripathi G, Jara AJ. A survey of internet-of-things: future vision, architecture, challenges and services. In 2014 IEEE World
Forum on Internet of Things (WF-IoT) (pp. 287-292). IEEE. 2014, March.
2. Gartner Inc., Available at: https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-
automotive-io
3. Dedeoglu V, Jurdak R, Putra GD, Dorri A, Kanhere SS. A trust architecture for block chain in IoT. arXiv preprint arXiv:1906.11461.
2019.
4. Karmakar KK, Varadharajan V, Nepal S, Tupakula U. SDN enabled secure IoT architecture. In 2019 IFIP/IEEE symposium on inte-
grated network and service management (IM) (pp. 581-585). IEEE. 2019, April.
5. Conti M, Kaliyar P, Lal C. CENSOR: cloud-enabled secure IoT architecture over SDN paradigm. Concurrency Comput Pract Ex. 2019;
31(8):1–14,e4978.
6. Alenezi M, Almustafa K, Meerja KA. Cloud based SDN and NFV architectures for IoT infrastructure. Egypt Inform J. 2019;20(1):1-10.
7. Bao Z, Shi W, He D, Chood KKR. Iotchain: a three-tier blockchain-based iot security architecture. arXiv preprint arXiv:1806.02008.
2018.
8. Sharma PK, Singh S, Jeong YS, Park JH. Distblocknet: a distributed blockchains-based secure sdn architecture for IoT networks. IEEE
Comm Mag. 2017;55(9):78-85.
9. Tyagi N. A reference architecture for IoT. Int J Comput Eng Appl. 2016;10(I).
10. Zhang N, Chen D, Ye F, Zheng TX, Wei Z. Physical layer security for internet of things. Wireless Comm Mobile Compu. 2019;2019:1-2.
11. Khattak HA, Shah MA, Khan S, Ali I, Imran M. Perception layer security in internet of things. Future Generat Comput Syst. 2019;100:
144-164.
12. Zhang J, Rajendran S, Sun Z, Woods R, Hanzo L. Physical layer security for the internet of things: authentication and key generation.
IEEE Wireless Comm. 2019;26(5):92-98.
13. Khan M, Salah K. IoT Security: review, blockchain solutions, and open challenges. J Future Generat Comput Syst, Elsevier. May 2018;
82:395-411.
14. Bawany NZ, Shamsi JA, Salah K. DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng.
2017;42:425-441.
15. Hamamreh JM, Furqan HM, Arslan H. Classifications and applications of physical layer security techniques for confidentiality: a com-
prehensive survey. IEEE Commun Surv Tutor. 2018;21(2):1773-1828.
16. Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W. A survey on internet of things: architecture, enabling technologies, security and pri-
vacy, and applications. IEEE Internet Things J. 2017;4(5):1125-1142.
17. Jameel F, Wyne S, Kaddoum G, Duong TQ. A comprehensive survey on cooperative relaying and jamming strategies for physical layer
security. IEEE Commun Surv Tutor. 2019;21(3):2734-2771.
18. Soni A, Upadhyay R, Jain A. Internet of things and wireless physical layer security: A survey. In: Computer Communication, Networking
and Internet Security. Singapore: Springer; 2017:115-123.
19. Wang N, Jiang T, Li W, Lv S. Physical-layer security in internet of things based on compressed sensing and frequency selection. IET
Comm. 2016;11(9):1431-1437.
20. Huth C, Guillaume R, Strohm T, Duplys P, Samuel IA, Güneysu T. Information reconciliation schemes in physical-layer security: a sur-
vey. Comput Network. 2016;109:84-104.
21. Trappe W. The challenges facing physical layer security. IEEE Comm Mag. 2015;53(6):16-20.
22. Mukherjee A. Physical-layer security in the internet of things: sensing and communication confidentiality under resource constraints.
Proc IEEE. 2015;103(10):1747-1761.
23. Dizdarevic J, Carpio F, Jukan A, Masip-Bruin X. A survey of communication protocols for internet of things and related challenges of
fog and cloud computing integration. ACM Comput Surv (CSUR). 2019;51(6):1–29,116.
24. Mars D, Gammar SM, Lahmadi A, Saidane LA. Using information centric networking in internet of things: a survey. Wireless Pers
Comm. 2019;105(1):87-103.
25. Ponnusamy K, Rajagopalan N. Internet of Things: a survey on IoT protocol standards. In: Progress in Advanced Computing and Intelli-
gent Engineering. Singapore: Springer; 2018:651-663.
26. Yassein MB, Shatnawi MQ, Aljwarneh S, Al-Hatmi R. Internet of things: survey and open issues of MQTT protocol. In 2017 Interna-
tional Conference on Engineering & MIS (ICEMIS) (pp. 1-6). IEEE. 2017, May.
27. Airehrour D, Gutierrez J, Ray SK. Secure routing for internet of things: a survey. J Netw Comput Appl. 2016;66:198-213.
28. Granjal J, Monteiro E, Silva JS. Security in the integration of low-power wireless sensor networks with the internet: a survey. Ad Hoc
Network. 2015;24:264-287.
29. Johnson D, Ketel M. IoT: Application Protocols and Security. 2019.
30. Ang KLM, Seng JKP. Application specific internet of things (ASIoTs): taxonomy, applications, use case and future directions. IEEE
Access. 2019;7:56577-56590.
31. Javdani H, Kashanian H. Internet of things in medical applications with a service-oriented and security approach: a survey. Health
Technol. 2018;8(1-2):39-50.
32. Nastase L. Security in the internet of things: a survey on application layer protocols. In 2017 21st International Conference on Control
Systems and Computer Science (CSCS) (pp. 659-666). IEEE. 2017, May.
33. Swamy SN, Jadhav D, Kulkarni N. Security threats in the application layer in IOT applications. In 2017 International Conference on I-
SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) (pp. 477-480). IEEE. 2017, February.
34. Yassein MB, Shatnawi MQ. Application layer protocols for the internet of things: a survey. In 2016 International Conference on Engi-
neering & MIS (ICEMIS) (pp. 1-4). IEEE. 2016, September.
35. Dalipi F, Yayilgan SY. Security and privacy considerations for iot application on smart grids: survey and research challenges.
In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 63-68). IEEE. 2016,
August.
36. Karagiannis V, Chatzimisios P, Vazquez-Gallego F, Alonso-Zarate J. A survey on application layer protocols for the internet of things.
Trans IoT Cloud Comput. 2015;3(1):11-17.
37. Islam SR, Kwak D, Kabir MH, Hossain M, Kwak KS. The internet of things for health care: a comprehensive survey. IEEE Access. 2015;
3:678-708.
38. Nasr M, Shokri R, Houmansadr A. "Comprehensive privacy analysis of deep learning: passive and active white-box inference attacks
against centralized and federated learning." In 2019 IEEE Symposium on Security and Privacy (SP), pp. 739-753. IEEE, 2019.
39. Hosoyamada A, Aoki K. On quantum related-key attacks on iterated even-Mansour ciphers. IEICE Trans Fund Electron Comm Comput
Sci. 2019;102(1):27-34.
40. Liu Y-C, Bianchin G, Pasqualetti F. Secure trajectory planning against undetectable spoofing attacks. Automatica. 2020;112:
1–10,108655.
41. Li G, Iyer V, Orshansky M. "Securing AES against Localized EM Attacks through Spatial Randomization of Dataflow." In 2019 IEEE
International Symposium on Hardware Oriented Security and Trust (HOST), pp. 191-197. 2019.
42. Idowu RK, Muniyandi RC. Enhanced throughput and accelerated detection of network attacks using a membrane computing model
implemented on a GPU. In: Advances in Nature-Inspired Computing and Applications. Cham: Springer; 2019:253-268.
43. Yin W, Wen Q, Li W, Zhang H, Jin Z. An anti-quantum transaction authentication approach in Blockchain. IEEE Access. 2018;6:5393-
5401.
44. Lin C, He D, Huang X, Choo K-KR, Vasilakos AV. Bsein: a blockchain-based secure mutual authentication with fine-grained access
control system for industry 4.0. J Netw Comput Appl. 2018;116:42-52.
45. Li L, Liu J, Cheng L, et al. CreditCoin: a privacy-preserving Blockchain-based incentive announcement network for Communications
of Smart Vehicles. IEEE Trans Intell Transp Syst. 2018;19(7):2204-2220.
46. Lin C, He D, Huang X, Khan MK, Choo K-KR. A new transitively closed undirected graph authentication scheme for Blockchain-based
identity management systems. IEEE Access. 2018;6:28203-28212.
47. Lin Q, Yan H, Huang Z, Chen W, Shen J, Tang Y. An ID-based linearly homomorphic signature scheme and its application in
blockchain. IEEE Access. 2018;6:20632-20640.
48. Procopiou A, Komninos N, Douligeris C. ForChaos: real time application DDoS detection using forecasting and chaos theory in smart
home IoT network. Wireless Comm Mobile Compu. 2019;2019:1-14.
49. Zhou L, Guo H, Deng G. A fog computing based approach to DDoS mitigation in IIoT systems. Comput Secur. 2019;85:51-62.
50. Shafi Q, Basit A. DDoS botnet prevention using block chain in software defined internet of things. In 2019 16th international Bhurban
conference on applied sciences and technology (IBCAST) (pp. 624-628). IEEE. 2019, January.
51. El-Sofany H, El-Seoud SA. A Novel Model for Securing Mobile-based Systems against DDoS Attacks in Cloud Computing Environment.
2019.
52. Liu G, QuanW, Cheng N, Feng B, Zhang H, Shen XS. BLAM: lightweight bloom-filter based DDoS mitigation for information-centric
IoT. In 2018 IEEE global communications conference (GLOBECOM) (pp. 1-7). IEEE. 2018, December.
53. da Silva Cardoso AM, Lopes RF, Teles AS, Magalh~aes FBV. Real-time DDoS detection based on complex event processing for IoT. In
2018 IEEE/ACM third international conference on internet-of-things design and implementation (IoTDI) (pp. 273-274). IEEE. 2018,
April.
54. Alharbi T, Aljuhani A, Liu H, Hu C. Smart and lightweight ddos detection using NFV. In Proceedings of the International Conference on
Compute and Data Analysis (pp. 220-227). ACM. 2017, May.
55. Özçelik M, Chalabianloo N, Gür G. Software-defined edge defense against IoT-based DDoS. In 2017 IEEE international conference on
computer and information technology (CIT) (pp. 308-313). IEEE. 2017, August.
56. Salah K, Alcaraz Calero JM, Zeadally S, Al-Mulla S, Alzaabi M. Using cloud computing to implement a security overlay network. IEEE
Secur Privacy. 2012;11(1):44-53.
57. Al-Haidari F, Sqalli M, Salah K. "Impact of cpu utilization thresholds and scaling size on autoscaling cloud resources." In 2013 IEEE
5th International Conference on Cloud Computing Technology and Science, vol. 2, pp. 256-261. IEEE, 2013.
58. Calyam P, Rajagopalan S, Seetharam S, Selvadhurai A, Salah K, Ramnath R. VDC-analyst: design and verification of virtual desktop
cloud resource allocations. Comput Network. 2014;68:110-122.
59. Rashvand HF, Salah K, Alcaraz Calero JM, Harn L. Distributed security for multi-agent systems–review and applications. IET Inform
Secur. 2010;4(4):188-201.
60. Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani N. Demystifying IoT security: an exhaustive survey on IoT vulnerabilities
and a first empirical look on internet-scale IoT exploitations. IEEE Commun Surv Tutor. 2019;21(3):2702-2733.
61. Alharbi A, Zohdy M, Debnath D, Olawoyin R, Corser G. Sybil attacks and defenses in internet of things and mobile social networks.
Int J Comput Sci Issues (IJCSI). 2018;15(6):36-41.
62. Al-Qurishi M, Al-Rakhami M, Alamri A, Alrubaian M, Rahman SMM, Hossain MS. Sybil defense techniques in online social networks:
a survey. IEEE Access. 2017;5:1200-1219.
63. Quercia D, Hailes S. Sybil attacks against mobile users: friends and foes to the rescue. In 2010 proceedings IEEE INFOCOM (pp. 1-5).
IEEE. 2010, March.
64. Chang W, Wu J, Tan CC, Li F. Sybil defenses in mobile social networks. In 2013 IEEE global communications conference
(GLOBECOM) (pp. 641-646). IEEE. 2013, December
65. Lin X. LSR: mitigating zero-day sybil vulnerability in privacy-preserving vehicular peer-to-peer networks. IEEE J Sel Area Comm. 2013;
31(9):237-246.
66. Guette G, Ducourthial B. On the Sybil attack detection in VANET. In 2007 IEEE international conference on Mobile Adhoc and sensor
systems (pp. 1-6). IEEE. 2007, October
67. Abbas S, Merabti M, Llewellyn-Jones D, Kifayat K. Lightweight sybil attack detection in manets. IEEE Syst J. 2013;7(2):236-248.
68. Park S, Aslam B, Turgut D, Zou CC. Defense against Sybil attack in the initial deployment stage of vehicular ad hoc network based on
roadside unit support. Secur Comm Network. 2013;6(4):523-538.
69. Yao Y, Xiao B, Wu G, et al. Multi-channel based Sybil attack detection in vehicular ad hoc networks using RSSI. IEEE Trans Mobile
Comput. 2018;18(2):362-375.
70. Li F, Mittal P, Caesar M, Borisov N. SybilControl: practical Sybil defense with computational puzzles. In proceedings of the seventh
ACM workshop on scalable trusted computing (pp. 67-78). ACM. 2012, October.
71. Dhamodharan USRK, Vayanaperumal R. Detecting and preventing sybil attacks in wireless sensor networks using message authentica-
tion and passing method. Scientific World Journal. 2015;2015:1-7.
72. Jamshidi M, Zangeneh E, Esnaashari M, Darwesh AM, Meybodi MR. A novel model of Sybil attack in cluster-based wireless sensor net-
works and propose a distributed algorithm to defend it. Wireless Pers Comm. 2019;105(1):145-173.
73. Li Q, Cheffena M. Exploiting dispersive power gain and delay spread for Sybil detection in industrial WSNs: a multi-kernel approach.
IEEE Trans Wireless Comm. 2019;18(3):1805-1818.
74. Dangi MP, Goyal P. The detection and avoidance of Sybil attack via efficient routing procedures for multiple nodes in wireless sensor
network. Int J Hum Comput Interact Data Min. 2018;1(1&2):18-24.
75. Wang B, Zhang L, Gong NZ. SybilSCAR: Sybil detection in online social networks via local rule based propagation. In IEEE INFOCOM
2017-IEEE Conference on Computer Communications (pp. 1-9). IEEE. 2017, May.
76. Xu Z, Chen B, Meng X, Liu L. Towards efficient detection of Sybil attacks in location-based social networks. In 2017 IEEE Symposium
Series on Computational Intelligence (SSCI) (pp. 1-7). IEEE. 2017, November
77. Ayaida M, Messai N, Najeh S, Ndjore KB. A macroscopic traffic model-based approach for Sybil attack detection in VANETs. Ad Hoc
Network. 2019;90:1–12,101845.
78. Hussain N, Shukla PMDPK, Singh A. DETECTION OF SYBIL ATTACK IN VEHICULAR NETWORK BASED ON GPCR-MA ROU-
TING PROTOCOL. J Curr Sci. 2019;20(1).
79. Yao Y, Xiao B, Wu G, Liu X, Yu Z, Zhang K, Zhou X. Voiceprint: a novel Sybil attack detection method based on RSSI for
VANETs. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (pp. 591-602). IEEE.
2017, June.
80. Rezvani M, Ignjatovic A, Bertino E, Jha S. Secure data aggregation technique for wireless sensor networks in the presence of collusion
attacks. IEEE Trans Depend Secur Comput. 2015;12(1):98-110.
81. Jiao D, Li M, Yu Y, Ou J. Self-healing key-distribution scheme with collusion attack resistance based on one-way key chains and secret
sharing in wireless sensor networks. Int J Distr Sensor Network. 2012;8(9):1–7,821486.
82. Verma S, Sood N, Sharma AK. Genetic algorithm-based optimized cluster head selection for single and multiple data sinks in heteroge-
neous wireless sensor network. Appl Soft Comput. 2019;85:1–21,105788.
83. Verma S. Neetu Sood, and Ajay Kumar Sharma. "a novelistic approach for energy efficient routing using single and multiple data sinks
in heterogeneous wireless sensor network.". Peer-to-Peer Netw Appl. 2019;12(5):1110-1136.
84. Verma S, Sood N, Sharma AK. QoS provisioning-based routing protocols using multiple data sink in IoT-based WSN. Modern Phys Lett
A. 2019;34(29):1950235.
85. Verma S, Sood N, Sharma AK. Design of a novel routing architecture for harsh environment monitoring in heterogeneous WSN. IET
Wireless Sensor Syst. 2018;8(6):284-294.
86. Marforio C, Francillon A, Capkun S. Application collusion attack on the permission-based security model and its implications for mod-
ern smartphone systems. ETH Zurich. 2011.
87. Yaseen Q, Aldwairi M, Jararweh Y, Al-Ayyoub M, Gupta B. Collusion attacks mitigation in internet of things: a fog based model. Mul-
timed Tools Appl. 2018;77(14):18249-18268.
88. Bayoudh I, Jabra SB, Zagrouba E. Online multi-sprites based video watermarking robust to collusion and transcoding attacks for
emerging applications. Multimed Tools Appl. 2018;77(11):14361-14379.
89. Li G, Wu J, Li J, Guan Z, Guo L. Fog computing-enabled secure demand response for internet of energy against collusion attacks using
consensus and ACE. IEEE Access. 2018;6:11278-11288.
90. Zou X, Deng X, Wu TY, Chen CM. A collusion attack on identity-based public auditing scheme via block chain. In: Advances in Intelli-
gent Information Hiding and Multimedia Signal Processing. Singapore: Springer; 2020:97-105.
91. Levitin G, Xing L, Johnson BW, Dai Y. Optimization of dynamic spot-checking for collusion tolerance in grid computing. Future
Generat Comput Syst. 2018;86:30-38.
92. Chen H, Su J, Qiao L, Xin Q. Malware collusion attack against SVM: issues and countermeasures. Appl Sci. 2018;8(10):1–20,>1718.
93. Hsiung P-Y, Li CH, Chang SH, Cheng B-C. A fog-based collusion detection system. In: International Conference on Security with Intelli-
gent Computing and Big-data Services. Cham: Springer; 2018:514-525.
94. Luo S, Wan S. Leveraging product characteristics for online collusive detection in big data transactions. IEEE Access. 2019;7:40154-
40164.
95. Cordero CG, Traverso G, Nojoumian M, et al. Sphinx: a colluder-resistant trust mechanism for collaborative intrusion detection. IEEE
Access. 2018;6:72427-72438.
96. Pu C, Lim S, Jung B, Min M. Mitigating stealthy collision attack in energy harvesting motivated networks. In MILCOM 2017-2017 IEEE
Military Communications Conference (MILCOM) (pp. 539-544). IEEE. 2017, October.
97. Sun Y, Chen M, Bacchus A, Lin X. Towards collusion-attack-resilient group key management using one-way function tree. Comput
Network. 2016;104:16-26.
98. Asavoae IM, Blasco J, Chen TM, et al. Towards automated android app collusion detection. arXiv preprint arXiv:1603.02308. 2016.
99. Pham TND, Yeo CK. Detecting colluding blackhole and greyhole attacks in delay tolerant networks. IEEE Trans Mobile Comput. 2015;
15(5):1116-1129.
100. Gupta BB, Quamara M. An overview of Internet of Things (IoT): Architectural aspects, challenges, and protocols. Concurrency and
Computation: Practice and Experience, 2018. e4946.
101. Gupta BB, Quamara M. Multi-layered cloud and fog based secure integrated transmission and storage framework for IoT based
applications. In 2018 5th International Conference on Signal Processing and Integrated Networks (SPIN) (pp. 462-467). IEEE. 2018,
February.
102. Derhab A, Guerroumi M, Gumaei A, et al. Blockchain and random subspace learning-based IDS for SDN-enabled industrial IoT secu-
rity. Sensors. 2019;19(14):1–24,3119.
103. Mudgerikar A, Sharma P, Bertino E. E-Spion: a system-level intrusion detection system for IoT devices. In proceedings of the 2019
ACM Asia conference on computer and communications security (pp. 493-500). ACM. 2019, July
104. Le A, Loo J, Chai K, Aiash M. A specification-based IDS for detecting attacks on RPL-based network topology. Inform. 2016;7(2):25.
105. Pongle P, Chavan G. Real time intrusion and wormhole attack detection in internet of things. Int J Comput Appl. 2015;121(9):1-9.
106. Jun C, Chi C. Design of complex event-processing IDS in internet of things. In 2014 sixth international conference on measuring tech-
nology and mechatronics automation (pp. 226-229). IEEE. 2014, January.
107. Raza S, Wallgren L, Voigt T. Svelte: real-time intrusion detection in the internet of things. Ad Hoc Network. 2013;11(8):2661-2674.
108. Shreenivas D, Raza S, Voigt T. “Intrusion detection in the rpl-connected 6lowpan networks,” in Proceedings of the 3rd ACM Interna-
tional Workshop on IoT Privacy, Trust, and Security. ACM, 2017, pp. 31–38.
109. Yang L, Ding C, Wu M, Wang K. “Robust detection of false data injection attacks for the data aggregation in internet of things based
environmental surveillance,” Computer Networks, 2017.
110. Thanigaivelan NK, Nigussie E, Kanth RK, Virtanen S, Isoaho J. “Distributed internal anomaly detection system for internetof-things,”
in Consumer Communications & Networking Conference (CCNC), 2016 13th IEEE Annual. IEEE, 2016, pp. 319–320.
111. Parno B, Perrig A, Gligor V. “Distributed detection of node replication attacks in sensor networks,” in Security and Privacy, 2005 IEEE
Symposium on. IEEE, 2005, pp. 49–63.
112. Bostani H, Sheikhan M. Hybrid of anomaly-based and specification-based ids for internet of things using unsupervised opf based on
mapreduce approach. Comput Comm. 2017;98:52-71.
113. Midi D, Rullo A, Mudgerikar A, Bertino E. “Kalis—a system for knowledge-driven adaptable intrusion detection for the internet of
things,” in Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference on. IEEE, 2017, pp. 656–666
114. Patel AA, Soni SJ. “A novel proposal for defending against vampire attack in wsn,” in Communication Systems and Network Technolo-
gies (CSNT), 2015 Fifth International Conference on. IEEE, 2015, pp. 624– 627.
115. Lyu L, Jin J, Rajasegarar S, He X, Palaniswami M. Fog-empowered anomaly detection in IoT using hyperellipsoidal clustering. IEEE
Internet Things J. 2017;4(5):1174-1184.
116. Sforzin A, Mármol FG, Conti M, Bohli JM. RPiDS: raspberry pi IDS—A fruitful intrusion detection system for IoT. In 2016 Intl IEEE
conferences on Ubiquitous Intelligence & Computing, advanced and trusted computing, scalable computing and communications,
cloud and big data computing, internet of people, and smart world congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld)
(pp. 440-448). IEEE. 2016, July.
117. Assunç~ao MD, Calheiros RN, Bianchi S, Netto MA, Buyya R. Big data computing and clouds: trends and future directions. J Parallel
Distr Comput. 2015;79:3-15.
118. Aydın MA, Zaim AH, Ceylan KG. A hybrid intrusion detection system design for computer network security. Comput Electr Eng. 2009;
35(3):517-526.
119. Calheiros RN, Ramamohanarao K, Buyya R, Leckie C, Versteeg S. On the effectiveness of isolation-based anomaly detection in cloud
data centers. Concurrency Comput Pract Ex. 2017;29(18):e4169.
120. Moustafa N, Creech G, Sitnikova E, Keshk M. Collaborative anomaly detection framework for handling big data of cloud computing.
In 2017 military communications and information systems conference (MilCIS) (pp. 1-6). IEEE. 2017, November.
121. Pandeeswari N, Kumar G. Anomaly detection system in cloud environment using fuzzy clustering based ANN. Mobile Netw Appl. 2016;
21(3):494-505.
122. Thanigaivelan NK, Nigussie E, Kanth RK, Virtanen S, Isoaho J. Distributed internal anomaly detection system for internet-
of-things. In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 319-320). IEEE. 2016,
January.
123. Misra S, Krishna PV, Agarwal H, Saxena A, Obaidat MS. A learning automata based solution for preventing distributed denial of ser-
vice in internet of things. In 2011 international conference on internet of things and 4th international conference on cyber, physical
and social computing (pp. 114-122). IEEE. 2011, October.
124. Yang C, Liu C, Zhang X, Nepal S, Chen J. A time efficient approach for detecting errors in big sensor data on cloud. IEEE Trans Parallel
Distr Syst. 2014;26(2):329-339.
125. Jeong S, Ferguson M, Law KH. Sensor data reconstruction and anomaly detection using bidirectional recurrent neural network. In sen-
sors and smart structures Technologies for Civil, mechanical, and aerospace systems 2019 (Vol. 10970, p. 109700N). International Soci-
ety for Optics and Photonics. 2019, March.
126. Leigh C, Alsibai O, Hyndman RJ, et al. A framework for automated anomaly detection in high frequency water-quality data from in
situ sensors. Sci Total Environ. 2019;664:885-898.
127. Munir M, Siddiqui SA, Chattha MA, Dengel A, Ahmed S. FuseAD: unsupervised anomaly detection in streaming sensors data by fusing
statistical and deep learning models. Sensors. 2019;19(11):2451.
128. Lin L, Su J. Anomaly detection method for sensor network data streams based on sliding window sampling and optimized clustering.
Saf Sci. 2019;118:70-75.
129. Hayes MA, Capretz MA. Contextual anomaly detection framework for big sensor data. J Big Data. 2015;2(1):2.
130. Kim J, Lee J, Kim J, Yun J. M2M service platforms: survey, issues, and enabling technologies. IEEE Commun Surv Tutor. 2013;16(1):
61-76.
131. Gerla M, Lee EK, Pau G, Lee U. Internet of vehicles: from intelligent grid to autonomous cars and vehicular clouds. In 2014 IEEE world
forum on internet of things (WF-IoT) (pp. 241-246). IEEE. 2014, March.
132. Bui N, Castellani AP, Casari P, Zorzi M. The internet of energy: a web-enabled smart grid system. IEEE Network. 2012;26(4):39-45.
133. Lopez J, Rios R, Bao F, Wang G. Evolving privacy: from sensors to the internet of things. Future Generat Comput Syst. 2017;75:46-57.
134. Qiu Y, Ma M. A mutual authentication and key establishment scheme for m2m communication in 6lowpan networks. IEEE Trans Ind
Inform. 2016;12(6):2074-2085.
135. Park N, Kang N. Mutual authentication scheme in secure internet of things technology for comfortable lifestyle. Sensors. 2016;16(1):20.
136. Parne BL, Gupta S, Chaudhari NS. Segb: security enhanced group based aka protocol for m2m communication in an iot enabled lte/-
lte-a network. IEEE Access. 2018;6:3668-3684.
137. Chen S, Ma M, Luo Z. An authentication scheme with identity-based cryptography for M2M security in cyber-physical systems. Secur
Comm Network. 2016;9(10):1146-1157.
138. Lin YH, Huang JJ, Fan CI, Chen WT. Local authentication and access control scheme in M2M communications with computation
offloading. IEEE Internet Things J. 2018;5(4):3209-3219.
139. Fouda MM, Fadlullah ZM, Kato N, Lu R, Shen XS. A lightweight message authentication scheme for smart grid communications. IEEE
Trans Smart Grid. 2011;2(4):675-685.
140. Nicanfar H, Jokar P, Beznosov K, Leung VC. Efficient authentication and key management mechanisms for smart grid communica-
tions. IEEE Syst J. 2013;8(2):629-640.
141. Li H, Lu R, Zhou L, Yang B, Shen X. An efficient merkle-tree-based authentication scheme for smart grid. IEEE Syst J. 2013;8(2):
655-663.
142. Liu H, Ning H, Zhang Y, Yang LT. Aggregated-proofs based privacy-preserving authentication for V2G networks in the smart grid.
IEEE Trans Smart Grid. 2012;3(4):1722-1733.
143. Chen Y, Martínez JF, Castillejo P, López L. A bilinear map pairing based authentication scheme for smart grid communications:
PAuth. IEEE Access. 2019;7:22633-22643.
144. Jiang Q, Zeadally S, Ma J, He D. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless
sensor networks. IEEE Access. 2017;5:3376-3392.
145. Farash MS, Turkanovic M, Kumari S, Hölbl M. An efficient user authentication and key agreement scheme for heterogeneous wireless
sensor network tailored for the internet of things environment. Ad Hoc Network. 2016;36:152-176.
146. Li X, Niu J, Kumari S, Wu F, Sangaiah AK, Choo KKR. A three-factor anonymous authentication scheme for wireless sensor networks
in internet of things environments. J Netw Comput Appl. 2018;103:194-204.
147. Wu F, Xu L, Kumari S, Li X. A privacy-preserving and provable user authentication scheme for wireless sensor networks based on
internet of things security. J Ambient Intell Hum Comput. 2017;8(1):101-116.
148. Shen J, Chang S, Shen J, Liu Q, Sun X. A lightweight multi-layer authentication protocol for wireless body area networks. Future
Generat Comput Syst. 2018;78:956-963.
149. Lortz VB, Rangarajan AP, Rathi S, Kesavan VS. U.S. Patent No. 9,032,493. Washington, DC: U.S. Patent and Trademark Office. 2015.
150. Shen J, Zhou T, Wei F, Sun X, Xiang Y. Privacy-preserving and lightweight key agreement protocol for V2G in the social internet of
things. IEEE Internet Things J. 2017;5(4):2526-2536.
151. Guo L, Dong M, Ota K, et al. A secure mechanism for big data collection in large scale internet of vehicle. IEEE Internet Things J. 2017;
4(2):601-610.
152. Fan K, Wang W, Jiang W, Li H, Yang Y. Secure ultra-lightweight RFID mutual authentication protocol based on transparent comput-
ing for IoV. Peer-to-Peer Netw Appl. 2018;11(4):723-734.
153. Liu Y, Wang Y, Chang G. Efficient privacy-preserving dual authentication and key agreement scheme for secure V2V communications
in an IoV paradigm. IEEE Trans Intell Transport Syst. 2017;18(10):2740-2749.
154. Gupta H, Vahid Dastjerdi A, Ghosh SK, Buyya R. iFogSim: a toolkit for modeling and simulation of resource management techniques
in the internet of things, edge and fog computing environments. Software Pract Exper. 2017;47(9):1275-1296.
155. Buyya R, Ranjan R, Calheiros RN. Modeling and simulation of scalable cloud computing environments and the CloudSim toolkit:
challenges and opportunities. In 2009 international conference on high performance computing & simulation (pp. 1-11). IEEE. 2009,
June.
156. Zeng X, Garg SK, Strazdins P, Jayaraman PP, Georgakopoulos D, Ranjan R. IOTSim: a simulator for analysing IoT applications. J Syst
Architect. 2017;72:93-107.
157. Nayyar A, Singh R. A comprehensive review of simulation tools for wireless sensor networks (WSNs). J Wireless Netw Comm. 2015;
5(1):19-47.
158. Dunkels A, Gronvall B, Voigt T. Contiki-a lightweight and flexible operating system for tiny networked sensors. In 29th annual IEEE
international conference on local computer networks (pp. 455-462). IEEE. 2004, November.
159. Kirsche M, Schnurbusch M. A new IEEE 802.15. 4 simulation model for OMNeT++/INET. arXiv preprint arXiv:1409.1177. 2014.
160. Papadopoulos GZ, Gallais A, Schreiner G, Jou E, Noel T. Thorough IoT test-bed characterization: from proof-of-concept to repeatable
experimentations. Comput Network. 2017;119:86-101.
161. National Institute of Information and Communications Technology. www.nict.go.jp/en/nrh/nwgn/jose.html. Accessed June 2019.
162. SmartSantander. www.smartsantander.eu. Accessed June 2019.
163. FIT/IOT-LAB. https://www.iot-lab.info. Accessed March 2019.
164. Nati M, Gluhak A, Abangar H, Headley W. Smartcampus: a user-centric testbed for internet of things experimentation. In 2013 16th
international symposium on wireless personal multimedia communications (WPMC) (pp. 1-6). IEEE. 2013, June.
165. Burin des Rosiers C, Chelius G, Fleury E, Fraboulet A, Gallais A, Mitton N, Noël T. SensLAB Very Large Scale Open Wireless Sensor
Network Testbed.
166. Federated Interoperable Semantic IoT Testbeds and Applications. http://fiesta-iot.eu/index.php/fiesta-testbeds/. Accessed March 2019.
167. Ammar M, Russello G, Crispo B. Internet of things: a survey on the security of IoT frameworks. J Inform Secur Appl. 2018;38:8-27.
168. Khan MA, Salah K. IoT security: review, blockchain solutions, and open challenges. Future Generat Comput Syst. 2018;82:395-411.
169. Di Martino B, Rak M, Ficco M, Esposito A, Maisto SA, Nacchia S. Internet of things reference architectures, security and interoperabil-
ity: a survey. Internet Things. 2018;1:99-112.
170. Hassija V, Chamola V, Saxena V, Jain D, Goyal P, Sikdar B. A survey on IoT security: application areas, security threats, and solution
architectures. IEEE Access. 2019;7:82721-82743.
171. Meneghello F, Calore M, Zucchetto D, Polese M, Zanella A. IoT: internet of threats? A survey of practical security vulnerabilities in real
IoT devices. IEEE Internet Things J. 2019;6(5):8182-8201.
172. Yu W, Liang F, He X, et al. A survey on the edge computing for the internet of things. IEEE Access. 2018;6:6900-6919.
173. Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W. A survey on internet of things: architecture, enabling technologies, security and pri-
vacy, and applications. IEEE Internet Things J. Oct. 2017;4(5):1125-1142.
174. Yang Y, Wu L, Yin G, Li L, Zhao H. A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. Oct. 2017;
4(5):1250-1258.
175. Ngu AH, Gutierrez M, Metsis V, Nepal S, Sheng QZ. IoT middleware: a survey on issues and enabling technologies. IEEE Internet
Things J. Feb. 2017;4(1):1-20.
176. Din IU, Guizani M, Kim B-S, Hassan S, Khan MK. Trust management techniques for the internet of things: a survey. IEEE Access.
2019;7:29763-29787.
177. Openledger/insights. https://openledger.info/insights/blockchain-law-regulations/. Accessed April 2019.
178. Zhang L, Afanasyev A, Burke J, et al. Named data networking. ACM SIGCOMM Comput Comm Rev. 2014;44(3):66-73.
179. Krupka L, Vojtech L, Neruda M. The issue of LPWAN technology coexistence in IoT environment. In 2016 17th international confer-
ence on mechatronics-Mechatronika (ME) (pp. 1-8). IEEE. 2016, December.
180. Lane ND, Bhattacharya S, Georgiev P, Forlivesi C, Kawsar F. An early resource characterization of deep learning on wearables,
smartphones and internet-of-things devices. In proceedings of the 2015 international workshop on internet of things towards applica-
tions (pp. 7-12). ACM. 2015, November
How to cite this article: Srivastava A, Gupta S, Quamara M, Chaudhary P, Aski VJ. Future IoT-enabled threats
and vulnerabilities: State of the art, challenges, and future prospects. Int J Commun Syst. 2020;e4443. https://doi.
org/10.1002/dac.4443
View publication stats

Future IoT-enabled Threats and Vulnerabilities State of The Art, Challenges, and Future Prospects

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Future IoT-enabled Threats and Vulnerabilities State of The Art, Challenges, and Future Prospects

Uploaded by

Copyright:

Available Formats

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

Future IoT-Enabled Threats and Vulnerabilities: State of the Art, Challenges

Article in International Journal of Communication Systems · May 2020

Shashank Gupta Megha Quamara

SEE PROFILE SEE PROFILE

Pooja Chaudhary Vidyadhar Aski

SEE PROFILE SEE PROFILE

The user has requested enhancement of the downloaded file.

Future IoT-enabled threats and vulnerabilities: State of the

Astha Srivastava1 | Shashank Gupta1 | Megha Quamara2 |

1.1 | Key highlights and contributions

Following are the key highlights and contributions of this article:

FIGURE 2 Organization of the

2 | INTER-CONNECTIVITY A ND LOT-ENABLED CYBER ATTACKS

2.1 | IoT security

FIGURE 3 Estimation of connected IoT devices until 20202

2.2 | IoT security architecture layers

2.3 | Security issues in IoT

TABLE 1 IoT security architectures and key aspects

TABLE 2 Survey on IoT security on the basis of architectural layers

Layer 2019 2018 2017 2016 2015

TABLE 3 Layer-wise security issues in IoT architecture

IoT layer Security issues

FIGURE 5 Security issues in IoT

2.3.1 | Blockchain solutions

2.4 | Malware-enabled cyber attacks in IoT

TABLE 4 Issues in IoT and possible blockchain solutions

Research gap Description Possible blockchain solution

2.4.1 | DDoS attack

IoT malware with DDoS capabilities

2.4.2 | Sybil attack

TABLE 6 DDoS detection or mitigation techniques

Key technique Deployment Model Implementation

Sybil attack detection in IoT

Sybil detection attack in IoT

TABLE 7 Comparison of Sybil attacks in IoT devices

Sybil defense in IoT

2.4.3 | Collusion attack in IoT

TABLE 8 Summary of Sybil defense techniques

Defense scheme Category Distribution feature Base assumption Primary technique

TABLE 9 Sybil attack detection or mitigation techniques

FIGURE 7 Collusion attack in IoT

3.1 | IDS placement strategies

Following are various IDS placement strategies in IoT ecosystem:

TABLE 10 Types of collusion attacks

State-of-art IoT architectural layer Area Specific target

3.2 | Intrusion detection methods

TABLE 11 Collusion attack detection and mitigation techniques

FIGURE 8 Taxonomy of intrusion detection in IoT

3.3 | Anomaly detection in IoT frameworks

3.4 | Anomaly detection on cloud platforms

TABLE 12 Summary of intrusion detection systems (IDSs) for IoT

Placement Validation Target for Time for Data State of Supporting

TABLE 13 Intrusion detection techniques deployed in IoT environments

Behavioral-based state-of-art Knowledge-based state-of-art

Raza et Shreenivas Yang et Thanigaivelan Parno et Bostani et Midi et Patel et

TABLE 14 Distinction between anomaly detection schemes for IoT

State-of-art Model Detection technology Key features

TABLE 15 Distinction between anomaly detection schemes for cloud

3.5 | Method of detection of anomalous data from sensors

Domain SH SI DDoS APA ACC UA DBT IL IDA

4 | AUTHENTICATION PROTOCOLS, SIMULATORS, AND TEST BEDS FOR

4.1 | Authentication protocols