Previous Article in Journal
Graph-Aware Scheduling for Multi-Agent Workflows in Edge-Cloud Environments
Previous Article in Special Issue
Multi-Protocol IoT Gateway Architecture: A Unified Approach to Smart-Home Connectivity
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 18
Issue 5
10.3390/fi18050266
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

IoT Security: A Comprehensive Review of Architectures, Threat Models, Detection Methods, and Countermeasures

by
Mehdi Moucharraf
1,*,
Mohammed Ridouani
1,
Fatima Salahdine
2,* and
Naima Kaabouch
3
1
RITM Laboratory, CED Engineering Sciences, ENSEM, Hassan II University, Casablanca 20000, Morocco
2
Department of Electrical and Computer Engineering, The University of North Carolina at Charlotte, Charlotte, NC 28223, USA
3
Artificial Intelligence Research (AIR) Center, University of North Dakota, Grand Forks, ND 58202, USA
*
Authors to whom correspondence should be addressed.
Future Internet 2026, 18(5), 266; https://doi.org/10.3390/fi18050266
Submission received: 14 April 2026 / Revised: 14 May 2026 / Accepted: 15 May 2026 / Published: 18 May 2026
(This article belongs to the Special Issue Future and Smart Internet of Things)
Browse Figures
Versions Notes

Abstract

By allowing continuous connectivity, automation, and data-driven decision-making across these areas, Internet of Things (IoT) has transformed certain facets of daily life, including home automation and healthcare, as well as business operations like supply chain management and smart manufacturing. IoT systems are susceptible to different cyberattacks, though, because of different designs, lack of funds, and inadequate security policies, which creates major security issues given their fast growth. Covering important topics including protocols, architectures, attack classification, detection methods, countermeasures, and research issues, this paper offers a thorough study of IoT security. Emphasizing their relevance in enhancing the security of IoTs, the article offers a thorough analysis of machine and deep learning-based detection techniques. It also offers recommendations for future paths to handle changing risks by means of particular proposals and provides tools and datasets required for IoT security studies. When considering recent progress, however, there are still some major limitations in scaling, real-time detection, dataset availability, and versatility of current solutions. We identified these issues and provided guidance on future research; we also offered a selected set of tools and datasets for further research. Additionally, this paper provides an overview of the most important issues related to IoT security as documented in the current literature, providing a framework for developing resilient and adaptable IoT security solutions in the future.

1. Introduction

Connecting billions of devices all over the world, the Internet of Things (IoT) enables the smooth integration of smart solutions across many different industries, including healthcare, transportation, industrial automation, and smart cities. Rapid IoT growth has seen the number of linked devices estimated to reach 15.9 billion in 2023 and more than double to exceed 32.1 billion by 2030 [1]. This fast expansion emphasizes the transformative potential of IoT and highlights the pressing necessity to handle its security problems [2]. However, this rapid adoption has also highlighted critical security gaps, underscoring the pressing necessity to analyze the associated risks. Maintaining safe and dependable operation of IoT systems is greatly challenged by their unique characteristics [3], including resource-constrained devices, varied architectures and simplified communication protocols. The size and diversity of IoT deployments aggravate these issues, which makes them appealing targets for attackers.
As the threat of attacks is becoming more prevalent and sophisticated on IoT devices, this shows that there is a need for stricter security practices [4]. IoT security failures have the potential for severe impacts on individuals, companies, and critical infrastructures; including data breaches, denial-of-service (DoS), device manipulation and unauthorized access to data. There is an increase in threats of harm to the public safety, reputational damage, and financial loss as a result of IoT integration into essential services [5].
Several previous studies regarding IoT security and its placement have been previously studied. Examples include blockchain-based constructs that allow secure device-to-device communications, while eliminating the need for centralized locations to accomplish tasks that involve many devices and users [6]. Concepts in automated smart agriculture that involve IoT devices accessing machine learning, are currently available to provide near real-time recommendations for precision farming techniques that automate crop observation and decision-making. Automated farming solutions will increase production, but they also create additional vulnerabilities because IoT devices require constant connectivity to collect sensor data [7]. In addition, numerous studies have described the difficulties caused by autonomous IoT system operation and the differences between IoT systems and between technologies such as IoT, Wireless Sensor Networks (WSNs) broadband networks and mobile networks [8].
As such, protecting IoT environments requires a more thorough approach to securing these networks within the IoT domain than simply focusing on addressing vulnerabilities found within the ecosystem. Emphasizing vulnerabilities, detection techniques, and mitigation strategies, this paper seeks to provide a complete picture of IoT security issues. A major focus of this survey is on the use of machine learning (ML) to improve the security of networks, due to its ability to adapt to new types of attacks and to detect complex, evolving threats [9]. This survey will also provide a comprehensive review of current security methodologies used for securing IoT devices, describe the types of data used by researchers studying IoT security, and identify emerging trends in IoT security practices and associated research that will be necessary to stay ahead of emerging cyber threats.
Unlike existing IoT security surveys that often focus on specific aspects such as architectures, attack models, or detection techniques independently, this work provides a unified and multi-dimensional perspective that integrates these components into a single analytical framework. In particular, this paper introduces a four-dimensional attack classification based on attack vector, target, execution method, and impact, enabling a more comprehensive understanding of IoT threats. Furthermore, this survey goes beyond a descriptive review by incorporating critical analysis of IoT architectures, communication protocols, and machine learning-based detection approaches, highlighting their strengths, limitations, and trade-offs. This integrated perspective distinguishes the present work from prior studies and provides deeper insights into the design of robust IoT security solutions.
Key contributions of this review include:
  • A unified and structured analysis of IoT architectures and communication protocols, highlighting their roles, limitations, and security implications in heterogeneous environments.
  • The proposal of a comprehensive four-dimensional attack classification framework based on attack vector, target, execution method, and impact, enabling a more holistic understanding of IoT threats compared to existing taxonomies.
  • A critical review of state-of-the-art machine learning and deep learning techniques for IoT security, with emphasis on their strengths, limitations, and suitability for resource-constrained environments.
  • A comparative discussion of existing countermeasures, analyzing their effectiveness, trade-offs, and applicability across different IoT scenarios.
  • A curated synthesis of publicly available datasets and security tools, with insights into their characteristics, usage, and limitations in IoT security research.
  • An in-depth discussion of current challenges, research gaps, and future directions, providing guidance for the development of robust and scalable IoT security solutions.
The remainder of this study is organized as follows. Section 2 presents an outline of the most recent, available survey articles relating to IoT security. Section 3 analyzes the protocols and architectures utilized in IoT systems. Section 4 provides an exhaustive classification of IoT attacks. Section 5 outlines detection approaches, specifically those employing machine learning. Section 6 analyzes strategies to mitigate IoT vulnerabilities. Section 7 specifies the datasets and instruments utilized in IoT security research. Section 8 addresses problems and prospective paths, while Section 9 closes the article by a conclusion.

2. Related Works

Recent years have seen the publication of numerous surveys on IoT security, highlighting the increasing complexity of threats and breakthroughs in mitigation techniques. Prakash et al. [10] conducted a thorough assessment of IoT security difficulties and attacks, showing the interconnectedness of IoT systems and their vulnerabilities at multiple tiers. Likewise, the authors of [11] provided a comprehensive examination of cybersecurity measures in the IoT era, examining fundamental concepts and practices while emphasizing emergent viewpoints. More recently, Dritsas et al. [12] presented a holistic survey of IoT cybersecurity, addressing key dimensions such as device authentication, data integrity, privacy, network security, and the emerging role of artificial intelligence in strengthening defensive mechanisms, while also outlining open challenges and future research directions. Similarly, Sharma and Bhushan [13] provided an exhaustive discussion of IoT security through a systematic analysis of architectural vulnerabilities in addition to their established classification of IoT attacks, general IoT security requirements and their associated countermeasures. Their work further investigates emerging threats such as adversarial attacks and discusses the role of state-of-the-art technologies, including machine learning, deep learning, blockchain, and federated learning, in strengthening IoT defense mechanisms.
Many researchers have conducted studies on various attack types and detection methods in IoT environments. In particular, the authors of [14] concentrated on Distributed Denial of Service (DDoS) attacks within Software-Defined Networking (SDN)-IoT networks, proposing detection and mitigation mechanisms specifically designed for these contexts. In contrast, the authors of [15] performed a detailed analysis of stealthy and adversarial attacks on IoT networks, focusing on the exploitation of machine learning-based systems and the corresponding mitigation strategies. Dheyaaldin Alsalman [16] reviewed techniques used to detect anomalies in IoT security using adaptive learning methods to combat these threats. At the same time, Sun et al. [17] extensively studied how emerging technologies within the IoT impact privacy protections and the architecture for privacy and security of these devices. Mengistu et al. [18] provided an overview of how Federated Learning relates to Wireless Sensor Networks and IoT devices and looked at protecting privacy throughout all layers. Ghaffari et al. [19] stressed the importance of implementing a strong device detection capability using both machine learning and deep learning algorithms to provide the greatest level of protection for IoT devices.
Several areas of IoT security have been addressed in the recent literature. For example, applications of artificial intelligence (AI) in Internet of Medical Things (IoMT) and Internet of Everything (IoET), and possible threats to them were investigated in [20]. Vulnerabilities of 5G-enabled IoT networks and their data protection strategies were addressed in [21]. Localization challenges were a central theme in [22], where threats to IoT localization and mitigation strategies were reviewed. In addition, the authors of [23] discussed various approaches to developing energy-efficient security solutions for IoT devices in order to enhance their battery life.
Aside from general surveys, there has been a recent and notable focus on particular application domains like healthcare. Fog-enabled IoT architectures have been proposed for real-time health data monitoring, demonstrating improved task distribution and reduced latency [24]. On the other hand, the authors of [25] presented a certificateless secure signature scheme for healthcare IoT environments that can provide lightweight cryptographic security for constrained medical devices. For instance, PUF-based and key agreement protocols were proposed to secure device interactions efficiently [26,27], while an identity-based signature model was introduced to handle dynamic access revocation in cloud-supported IoT environments [28]. In [29], the authors developed quantum antenna modelling for sensor-based biomedical applications and showed that the incorporation of quantum-informed designs could improve the performance of high-frequency IoT communication systems.
Yang et al. [30] introduced a multikey image retrieval mechanism with user traceability and CNN (Convolutional Neural Networks)-based feature extraction. Similarly, the authors of [31] applied a clustering-based index structure and privacy-preserving KNN algorithm for efficient and accurate image search. Furthermore, an efficient homomorphic encryption-based search scheme [32] was proposed for multi-owner IoT settings, offering strong security against plaintext attacks while enhancing performance. Collectively, the above papers demonstrate the increased specialization in research around IoT security, and emphasize the importance of wider cross-domain reviews like the one presented here, which combines findings across architectures, attack classifications, AI-based detection, and countermeasures, datasets and tools.
However, certain gaps remain. For example, although there have been many studies such as [33] that cover the routing vulnerabilities and [34] that cover the use of deep learning for DDoS attacks, there has been little work investigating the need for quantum resistant cryptographic methods or more generally the impact of supply chain vulnerabilities. Similarly, there are many hybrid IoT architectures integrating cloud and edge computing that need more detailed study only partially covered in [35]. Table 1 provides a summary of existing survey papers on IoT security, highlighting their focus on attacks, detection techniques, countermeasures, and datasets/tools. Each of these provides a comparative overview of what threats were examined, what security mechanisms were applied and what mitigation methodologies were provided and alongside the datasets/tools that were used in assessing IoT Security Models. By using these comparisons, we can identify the areas where current research has limitations and also draws conclusions about the strengths and weaknesses of previous work.

3. Protocols and Architectures

3.1. IoT Protocols

IoT devices rely on a variety of communication protocols to operate efficiently within resource-constrained and heterogeneous environments. These protocols are typically designed to ensure reliable data exchange, low power consumption, and scalability across diverse IoT applications.
To better understand their roles, IoT communication protocols are commonly classified according to the layered architecture of IoT systems. Figure 1 illustrates a widely adopted three-layer architecture composed of the perception layer, network layer, and application layer, along with the corresponding protocols associated with each layer. This layered organization facilitates the identification of protocol functionalities, from data acquisition to data transmission and service delivery.
Although the three-layer model is widely used due to its simplicity, more advanced IoT architectures have been proposed in the literature, incorporating additional layers such as middleware, processing, business, and security layers. These extended architectures may include up to five, seven, or even nine layers. In particular, the integration of a dedicated security layer reflects the increasing importance of incorporating mechanisms such as encryption, authentication, intrusion detection, and access control across IoT systems.
The following subsections provide a detailed overview of the most commonly used protocols at each layer of the IoT architecture.
A brief description of protocols under each layer is given below.

3.1.1. Perception Layer Protocols

The Perception Layer provides the foundation for IoT architecture, consisting of a number of physical devices and sensors that interact with the environment and collect data to communicate within an IoT environment. There are different protocols used in the Perception Layer to facilitate the exchange of data. Notable examples of such protocols are:
ZigBee—This is primarily used for home automation and industrial IoT applications. It can provide low-power, short-range communications, but it is also subject to several types of attacks, including eavesdropping and replay attacks (e.g., capturing and retransmitting valid messages) [43]. Bluetooth Low Energy (BLE)—This protocol is commonly found in wearable devices. It provides low-energy communications but is also vulnerable to spoofing (where someone impersonates another Bluetooth device) and data interception (where the Bluetooth communication between devices is intercepted) [44]. LoRaWAN is a type of communication that has a long range and low power requirement. It has the best coverage for very remote locations, but it may have issues from attacks, jamming and replay attacks. Attacks also occur where someone can take an old message, and resend it to gain access without permission [45]. On the other hand, RFID (Radio Frequency Identification) is widely used to keep track of assets in retail and also for inventory management. However, RFID systems face challenges from cloning of RFID tags to eavesdropping on the transmission signals between the RFID Reader and RFID Tag [46]. Finally, NFC (Near Field Communication) allows for making contactless payments and exchanging data; the biggest issue for NFC is Relay Attack. In a relay attack, an intruder captures the communication between the two devices and may be able to copy it, while Interception means capturing the information being transmitted and received [47].

3.1.2. Network Layer Protocols

The protocols in the Network Layer include those that establish rules to manage the sending of data and the communication between devices as well as how data is transmitted across different types of networks. 6LoWPAN (IPv6 over Low power Wireless Networks) allows for communication over low-powered wireless networks via the use of IPv6 protocol. However, this means that the data packet can be fragmented or reassembled and manipulated to interfere with communication channels [48]. Additionally, while the Routing Protocol for Low Power and Lossy Networks (RPL) helps to route information through constrained environments, it has risks from Routing Attacks executed through malicious nodes, Replay Attacks and Resource Exhaustion attacks that can use up resources on the network [49]. The IEEE 802.15.4 standard [50] defines the architecture of LR-WPANs or low-rate wireless personal area networks. It is prone to Jamming Attacks, as well as to Key Compromise, where Security Keys (encryption keys) are used to disrupt communication [51]. Low-Power Wide Area Networks (LPWAN) provide an alternative to cellular technology for long range communications. The LPWANs have a number of threats to overcome, including Data Interception and Replay Attack as well as limited authentication capabilities [52]. Z-Wave is a protocol primarily used for home automation (communicating with smart devices), though Z-Wave communications may be affected by Eavesdropping and Replay Attacks. These risks are exacerbated by Z-Wave’s limited transmission range [53]. BACnet/IP is essential for building automation and control networks but can suffer from interception, weak access control, and DoS attacks that disrupt availability [54]. Lastly, IEEE 802.11ah, [55] known for low-power, long-range communication, is exposed to resource constraints that affect performance and is vulnerable to DDoS attacks that overwhelm resources and replay attacks.

3.1.3. Application Layer Protocols

The Application Layer consists of the protocols that allow for communication and interaction at the application level among IoT systems. There is a wide variety of application layer protocols in use today, although nearly all web-based applications utilize one or both of the following protocols: HTTP/HTTPS. In contrast, HTTPS is a secure communications protocol that encrypts data before transmission over the Internet; while encryption protects the security of communication, it increases the computational overhead for the IoT device, which may create challenges for resource-constrained devices. Web applications that use the WebSocket protocol provide bidirectional communication; however, this protocol is vulnerable to XSS attacks and injection attacks, in which malicious scripts execute within the context of another user. The Extensible Messaging and Presence Protocol (XMPP) enables instant messaging and presence information but also faces XML-based attacks that take advantage of its XML structure, as well as DoS and DDoS attacks that disrupt service [56]. The Simple Network Management Protocol (SNMP) is the most widely used protocol for managing and monitoring networks; thus, it is also a primary target for threats such as unauthorized access, resource-draining DoS attacks, and spoofing, where an attacker impersonates a legitimate device [57]. Lightweight M2M (LwM2M) was developed to facilitate the management of devices in constrained environments, but communications using LwM2M also present many security challenges [58]. The Constrained Application Protocol (CoAP) enables REST-based communication between IoT devices, but it is also susceptible to attacks that can drain resources and overwhelm the service [59]. Message Queuing Telemetry Transport (MQTT) is widely considered a de facto standard for IoT communications due to its lightweight design and efficient publish/subscribe messaging model. It facilitates communication between connected devices, particularly in resource-constrained environments. However, MQTT is prone to security threats such as DoS attacks if proper authentication and protection mechanisms are not implemented [60]. DDS (Data Distribution Service) allows real-time exchange of information; however, there are potential risks for data that would challenge the legitimacy of the data being transmitted, including instance integrity issues, fraudulent agents, and data spoofing attacks [61].
While these protocols are designed to address specific IoT requirements such as low power consumption, long-range communication, or real-time data exchange, they present different trade-offs. For instance, lightweight protocols such as ZigBee and BLE are energy-efficient but may offer limited security features, whereas protocols like HTTPS provide stronger security through encryption at the cost of higher computational overhead. Similarly, long-range protocols such as LoRaWAN and LPWAN improve coverage but may introduce latency and limited authentication capabilities. These differences highlight the challenge of selecting appropriate protocols depending on the specific constraints and security requirements of IoT applications.
Despite their efficiency, many IoT protocols lack built-in security mechanisms, making them vulnerable to attacks such as spoofing, replay attacks, and DoS. This highlights the need for lightweight and scalable security solutions that are adapted to resource-constrained IoT environments.
While IoT protocols define how data is exchanged between devices, IoT architectures determine how these devices and communication processes are organized within the system. Therefore, understanding IoT architectures is essential to analyze how protocol-level interactions are integrated into larger system designs and how security challenges propagate across different layers.

3.2. IoT Architectures

The architecture of an IoT system dictates its functionality, scalability, and security. Below are commonly adopted IoT architectural models: centralized architecture, decentralized architecture, hybrid architecture, and blockchain-based architecture.

3.2.1. Centralized Architecture

Centralized architectures depend on cloud servers to do all data processing, data storage, and data management for the IoT network. The centralized architecture allows for centralized control and resource optimization in an IoT ecosystem and makes analytics scalable and policies uniform. The authors of [62] discussed centralized architectures as representing a level of efficiency in job offloading and resource allocation within IoT–fog–cloud ecosystems and can provide insight into decision making to coordinate systems, e.g., using edge computing for improved efficiency. However, the most concerning aspect of the centralized architecture is the introduction of critical risks, which include systemic architectures relied on single points of failure, risks related to latency, and increased vulnerability to DoS/DDoS attacks and brute-force attacks and data breaches. Figure 2 illustrates the centralized IoT architecture, where cloud-based services orchestrate communication and data processing, but at the cost of increased vulnerability to centralized attacks and bottlenecks.

3.2.2. Decentralized Architecture

Decentralized architectures concentrate computational capacity within the fog and edge layers, moving processing closer to the data source. With this action, the latency, response time, and autonomous decision-making abilities are enhanced with great importance in real-time applications. While this design improves elements of latency and autonomous capabilities, it adds additional security concerns at the edge nodes since they are typically less secure and more likely to be accessed by those with malicious intent or have locally altered data to change, wipe, and otherwise access sensitive data. Mitigating these security concerns is where blockchain has been discussed as a secure, decentralized architecture. The combination of blockchain, decentralized, and autonomy outlined by ref. [63] creates tamper-proof and transparent ledgers and allows for enhanced peer-to-peer communication and peer-to-peer access control, minimizing the need for a centralized authority. The decentralized architecture of computing is presented in the Figure 3 diagram which highlights the distributed computing elements between fog and edge nodes alongside blockchain for trust and security management.

3.2.3. Hybrid Architecture

Hybrid architectures take advantage of both centralized and decentralized architectures distributing the tasks between the edge, on edge devices, or cloud resources. Hybrid architectures are best leveraged for applications requiring both time continuity responsiveness (real-time) and high-performance computing (training of models in the cloud) as demonstrated by Dulana et al. [64]. With regard to hybrid architectural models, edge computing has been demonstrated to be helpful for processing sensitive data through locally based storage and computing and conducting advanced modelling through the use of cloud-based services. As demonstrated in Figure 4 below, edge computing is used by hybrid architectures to eliminate or significantly reduce delays in the execution of data processing while cloud services provide the ability to perform advanced analyses and coordinate multiple processes throughout the ecosystem.

3.2.4. Blockchain-Based Architecture

The implementation of a blockchain-based architecture in an IoT system introduces a trustless, fully distributed model of operation by eliminating the requirement for centralized control authorities. According to [65], blockchain provides an environment in which the data stored within the blockchain’s distributed ledger is verifiable, secure and tamper-proof. This capability will provide a more secure data environment to support IoT applications, for example, the Internet of Robotic Things (IoRT). Moreover, with the incorporation of decentralization into blockchain technology, the overall number of distinct potential breakdowns decreases, improving overall data integrity; enabling increased transparency/accountability of numerous individuals through various types of devices. Blockchain’s peer-to-peer network negates the necessity for a third-party intermediary, whereby devices can send messages directly to one another, as well as perform autonomous financial transactions. Figure 5 presents a general overview of an IoT architecture based on blockchain technology. This example illustrates how distributed ledgers improve the following areas: enhancing security; improving trust management; enabling secure sharing of data; providing accountability; and increasing the resilience of IoT systems.
Each architecture presents trade-offs between scalability, latency, and security, and no single model fully satisfies all IoT requirements.
The comparison of various IoT system design types highlights that each architecture presents distinct trade-offs in terms of performance, scalability, and security. Although centralized, decentralized, hybrid, and blockchain-based architectures share similar objectives, they differ significantly in their operational characteristics [66].
Centralized architectures are easier to manage and enable efficient resource coordination, but they introduce single points of failure and higher latency due to reliance on cloud infrastructure. In contrast, decentralized and blockchain-based architectures improve resilience, data integrity, and trust through distributed operation; however, they often incur higher computational overhead, increased latency, and deployment costs, which may limit their applicability in resource-constrained IoT environments [67]. Hybrid architectures attempt to balance these trade-offs by combining edge and cloud computing, enabling low-latency processing while supporting complex analytics, although they introduce additional design complexity.
Therefore, the selection of an appropriate IoT architecture depends on the specific application requirements, including latency constraints, scalability needs, security requirements, and cost considerations. These various IoT architecture types are summarized in Table 2 to assist decision-makers in identifying the most suitable solutions for their IoT applications.
Although IoT architectures and communication protocols provide the foundation for system functionality, they also introduce potential vulnerabilities that can be exploited by attackers. These weaknesses make it essential to systematically analyze and classify the different types of cyber-attacks targeting IoT systems. The following section presents a comprehensive classification of IoT attacks to better understand their characteristics, execution methods, and impact.

4. Classification of IoT Attacks

Building on the previously discussed IoT protocols and architectures, IoT systems are exposed to a wide range of cyber-attacks that exploit structural and communication vulnerabilities. IoT devices are subject to several types of attacks. Understanding how these attacks can be classified can assist in determining the weaknesses of the devices, honing in on better detection methods, and creating effective countermeasures to improve the IoT security posture in general. With the continued growth of IoT devices, a number of classification frameworks have been created by researchers to categorize threats and vulnerabilities in a systematic fashion. Many researchers have attempted to classify these attacks based on a number of different criteria, including the methods used to attack the devices and the assets affected by the attacks. Furthermore, some researchers have classified IoT attacks by their impact on the devices and systems and how severe the effect is.
Based on attack vectors, the authors of [68] classify IoT attacks, hence highlighting important threats as eavesdropping, injection, DoS, malware, side-channel exploits, replay attacks, and cryptanalysis techniques. A method of categorizing IoT attack types exists, and it indicates that the attackers used details regarding how IoT networks were compromised; however, the taxonomy is limited to only showing what type of attacks were conducted on IoT networks, while omitting the actual target or method of execution for each category, thereby making it an incomplete representation of the methods used to compromise IoT networks, and providing insufficient information on how these types of attacks would spread through and impact IoT ecosystems.
The classification developed by the authors in [69] also allows for an organized means to provide a general overview of IoT attacks; however, it fails to account for any of the complexities that are associated with the growing threat levels that exist within the IoT space. Sasi et al. [70] suggested a more detailed taxonomy that covers attack domains, execution methods, targeted software surfaces, and adversary locations. Also, their classification puts risks into groups based on how they affect the CIA trinity (Confidentiality, Integrity, and Availability) and then divides them into passive and active attacks.
According to Shah and Sengupta [71], there are three main categories of attacks on IoT devices: device category, attack execution methods and their effects on data security. The authors looked at these classifications with respect to the possible effects on integrity, authenticity and privacy of data depending on device type (e.g., wearable devices, smart homes or Industrial Internet of Things (IIoT)). However, this classification does not include a complete overview of the various types of attack vectors and the different adversarial strategies used to execute attacks in the IoT environment, which is important in understanding how threats move and spread within an IoT environment.
A classification scheme for IoT attacks equally considers the attack vector, target, impact to individual users and devices, as well as how an attack may be executed. The four dimensions of IoT attack classification presented in this paper (Figure 6) can help researchers understand the behavior of attackers, and develop appropriate countermeasure and detection capabilities to improve the overall security of IoT systems.
Compared to existing IoT attack taxonomies, the proposed four-dimensional classification provides a more comprehensive and structured perspective by simultaneously capturing multiple aspects of an attack, including its origin (vector), target, execution strategy, and resulting impact. This multi-dimensional approach enables a deeper understanding of how attacks propagate across IoT systems and how different attack characteristics are interrelated. Unlike traditional classifications that focus on a single dimension, this framework facilitates more effective threat analysis and supports the design of targeted detection and mitigation strategies. However, the increased granularity of this classification may introduce additional complexity in practical implementation, particularly in large-scale IoT environments.

4.1. Based on Attack Vector

In IoT, attack vectors present the means for a security breach through multiple channels. Network-based attacks target the weakness inherent in communication protocols to exploit vulnerabilities that could compromise the integrity or confidentiality of data (e.g., spoofing, eavesdropping, or man-in-the-middle attacks) [72]. Software-based attacks exploit a variety of vulnerabilities in devices to compromise firmware and application (e.g., malware injections, buffer overflows, and weak authentication systems) [73]. Attack methods can provide unauthorized access to a device or even total control over it. Physical attacks occur when direct access to an IoT device is obtained, enabling tampering, destruction, or removal of hardware from the network [10]. Such direct access can bypass many of the protections provided by software security protocols; therefore, it is critical that organizations take measures to protect physical access to devices.

4.2. Based on Target

This Classification highlights the particular elements that are the subjects of attacks within IoT systems [69]. There are two forms of attacks directed toward IoT devices themselves. The first, device attacks target IoT devices by taking advantage of hardware and/or software vulnerabilities. The attacker can gain unauthorized access, disrupt operations, or retrieve confidential information stored on the device using malware, firmware exploitation, or physical manipulation. The second, data attacks, extend beyond just the devices to include the data that the devices communicate. Data attacks can eavesdrop on conversations, alter or corrupt data, create privacy issues, and be used to disseminate false or misleading information. This classification illustrates that there are two primary classes of IoT-related threats: device attacks and data attacks. As stated in this classification, it is of the utmost importance that both corporations and individuals take steps to protect their devices and the data associated with those devices.

4.3. Based on Execution Method

The classification of an attack depends much on its approach. With an active attack, an attacker actively interferes with the operations of a compromised system [74]. They harm the compromised system by altering sent messages, injecting malicious software, or preventing services from being provided. Most active attacks are aggressive and obvious due to their destructive nature when executed in real-time. On the other hand, passive attacks attempt to gain knowledge by taking action without altering the functionality or effectiveness of either the attacking (target) system and/or the data within it [74]. Examples of passive attacks include, but are not limited to, monitoring network traffic for confidential information, and eavesdropping on sensitive communications. While, in general, passive attacks are less observable than active attacks, they could lead to many security compromises, ultimately allowing attackers to capture valuable intelligence, which could lead to more damaging future active attacks.

4.4. Based on Impact

Evaluating the effects of a cyber-attack involves understanding both its effect on users and the way in which it will be taken care of. Confidentiality attacks operate by violating a user’s need for privacy. Confidentiality attacks include personal data and corporate proprietary information; they can cause data breaches, identity theft, and corporate espionage [75]. Integrity attacks change or otherwise interfere with the accuracy of the data processed and/or transmitted through IoT devices. Changing the contents of data or disabling services associated with IoT devices can create a false perception on the part of either an individual or a system and lead to serious consequences, particularly when the data is referenced in critical areas such as healthcare or industrial control [76]. This type of impact is especially critical in Industrial Internet of Things (IIoT) environments, where compromised data integrity may directly affect physical processes and operational decisions. Industrial systems rely on infrastructures such as programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and fieldbus communication networks to ensure continuous monitoring and control [77]. These environments commonly use industrial communication protocols such as Modbus TCP, PROFINET, and EtherCAT, which are often vulnerable to cyberattacks due to limited built-in security features.
As a result, attacks that manipulate or falsify data in such systems can lead to incorrect system behavior, production disruptions, or even safety hazards [78]. To mitigate these risks, security mechanisms such as Transport Layer Security (TLS) and industrial firewalls with Deep Packet Inspection (DPI) capabilities are increasingly adopted to protect communication channels and detect malicious activities in real time. Recent studies have further highlighted the importance of robust cybersecurity solutions in IIoT environments, particularly for ensuring data integrity and system reliability.
Availability attacks are designed to deny IoT services and frequently rely on DoS type attacks. Availability attacks can cause entire systems to become disabled and therefore render IoT devices inoperative, leading to disruptions in service for both consumers and businesses [79].
IoT cyber-attacks can be classified based on vectors, target selection, method of execution and level of impact. The attack types identified within this project can be organized into four different types of IoT application domains. Table 3 presents a list of IoT cyber-attacks and provides context for each. In this example, the first column lists the type of the attack. The second column lists the industry of the attack. In addition to providing context on the differences between IoT cyber-attacks, it is also important to consider which IoT application can best be secured using either type of security solutions available.

5. Detection Techniques

The methods used to detect security threats in IoT are designed to identify existing vulnerabilities and protect against potential threats to IoT networks caused by malicious activity, abnormal behavior or unauthorized access. Threat detection systems can use both traditional (non-AI) approaches as well as modern AI-based technologies to greatly increase the accuracy and effectiveness of identifying threats. Figure 7 provides a timeline of how security threat detection has evolved, providing a better understanding of how to develop an intelligent method to identify security threats.
Detection methods can generally be classified into two groups: AI-based approaches and Non-AI approaches. AI-based methods use machine learning and deep learning methods to provide real time anomaly detection, trend analysis and adaptive security. On the other hand, Non-AI methods use predefined patterns or rules to identify malicious activity in the IoT environment, such as through signature or rule-based methods. In Figure 8, the different forms of identification are separated into two major categories and show the strengths and weaknesses of the detection methods, with respect to the detection of IoT threats.

5.1. Non-AI-Based Detection Techniques

5.1.1. Signature-Based Detection

When it comes to detecting security threats through the use of a signature-based detection system, these systems rely on previously established “patterns” or “signatures” of known attacks to identify any potential threats. While they are excellent at detecting known threats and help to mitigate risks from vulnerability that have been well-documented, signature-based IDS also have important limitations. For example, signature-based systems will not be able to detect new or unknown types of attacks and require ongoing updates in order to maintain the current signature database as new signatures are discovered. According to [80], Signature-based IDSs identify threats by comparing traffic signatures to known threats (known as signatures), produce the lowest false alert rates for known threats, and require simple implementation for fastest detection of such threats. While signature-based systems excel at identifying known threats in real-time, they struggle with “zero-day” attacks and “polymorphic” malware, require significant amounts of resources to maintain their databases, and may present challenges to manage on a large IoT network. In [81], the authors proposed an ex-ample of signature-based IDS specifically for the IoT space, with an emphasis on identifying multi-channel man-in-the-middle (MC-MitM) attacks over Wi-Fi networks. The authors demonstrate the capability of a signature-based approach to detect specific vulnerabilities such as KRACK and FragAttacks and note the limitations of signature-based systems. Thus, complementary approaches, including anomaly detection, hybrid detection, and other models, are needed to be effective in responding to difficult-to-detect threats.

5.1.2. Heuristic and Rule-Based Detection

In the context of detecting various types of attacks, heuristic and rule-based detection can only identify attacks according to pre-determined rules and heuristics. The lightweight and easy-to-implement nature of heuristic and rule-based detection methods makes them an ideal option for low-resource, IoT devices. However, a significant disadvantage of these methods is that they cannot adapt to changing tactics and can detect only known threats. as discussed in [82], heuristic detection takes both dynamic and static analysis into account by utilizing information obtained from the network, such as network traffic, API calls, and permissions, and performs a level of behavioral analysis to detect malicious behavior. In addition to being effective against zero-day exploits and various obfuscation techniques, a drawback of heuristic detection methods is the requirement for considerable amounts of processing power, and the potential for false positives resulting from poorly designed heuristics. Similarly, Ref. [83] develops a rule-based method to detect intrusion attempts. Unlike many previous methods, this rule-based method dynamically adjusts prior security policies according to real-time IoT threat information, thus increasing both the effectiveness of IoT intrusion detection systems and the efficiency of resources. However, the primary drawback of this approach is that it relies on defined security standards and is therefore limited in its ability to respond to and combat new and unknown attack actions. This limitation does not negate the improvements this method offers to the effectiveness of intrusion detection for IoT systems.

5.1.3. Network Traffic Analysis

Monitoring traffic on an IoT network allows for the easy identification of any potential threats to an organization’s network. IoT traffic monitoring also identifies when an organization has been subjected to various types of network attacks, including distributed denial of service (DDoS) attacks. However, existing methods for monitoring IoT networks have their limitations, including the need for constant monitoring, leading to increased workloads and increased demand for network capacity, in addition to not being able to identify every type of attack, particularly stealthy attacks, which are designed to evade detection. The authors of [84] reviews various types of network traffic analysis methods which can be used to identify network traffic anomalies and to provide users with privacy. Of particular interest is a proposed system for identifying anomalous patterns based on the foundation placed on 5G networks and employing a combination of differential privacy and sparse tensor factorization for scalable user privacy. Flow-based systems [85] will be explored as an option for improving the security of IoT systems by detecting both abnormal and malicious traffic patterns in IoT devices and their interactions with their environment.

5.2. AI-Based Detection Techniques

5.2.1. Anomaly-Based Detection

Anomaly-based detection of security threats in IoT systems is based on identifying abnormal behavior [86]. A major advantage of this security method is that it is capable of adapting to new environments through adequate training and can be effective in identifying zero-day vulnerabilities or unknown threats. Both the sheer volume of false positives associated with poorly defined definitions of normal baseline and the high level of computing required by IoT devices with limited resources can greatly complicate the process of identifying these types of threats and vulnerabilities. As demonstrated in [87], implementing combination anomaly detection strategies using both hybrid and artificial intelligence approaches in conjunction with threshold-based techniques can improve accuracy and, therefore, the detection of emerging threats for CPS. In expanding this idea, in [88], the authors provided a differentiation of statistical models, machine learning techniques, and deep learning techniques used for anomaly detection. While machine learning methods (such as clustering algorithms and neural networks) can help provide a proactive means of discovering vulnerabilities, statistical techniques rely upon pre-defined thresholds to identify deviations from normal operation. Focusing on Recurrent Neural Networks (RNN), including Long Short-Term Memory (LSTM), Bidirectional Long Short-Term Memory (Bi-LSTM), and Gated Recurrent Unit (GRU) models, Imtiaz et al. [89] developed an anomaly detection approach based on deep learning for securing IoT networks. With datasets including NSL-KDD, BoT-IoT, IoT-23, and MQTTset that achieve high levels of accuracy, this research demonstrates how these models are able to detect network traffic anomalies more effectively than traditional intrusion detection systems. The work also raises awareness to some of the greatest challenges in creating efficient IoT anomaly detection methods, such as computation demands and/or lagging issues as they relate to processing IoT devices in “real-time”. Therefore, their research points to the requirement for optimal DL methods (Deep Learning) to help improve IoT Network Security. The DL models that are currently used include CNNs and RNNs (Recurrent Neural Networks) which can capture complex relationships or patterns within massive datasets which offers a higher level of detection. Although it is typically accepted that these types of models require much greater amounts of processing power to develop, they continue to be an important means for countering the rapidly changing and evolving threats associated with an IoT system.

5.2.2. Behavioral-Based Detection

The behavior-based approach to detection evaluates the activity of devices, end-users or applications to determine whether there is anything out of the ordinary suggesting that there could be a potential security risk. There are many advantages to this type of detection including preventing insider threat or misuse by legitimate users and providing long-term monitoring of devices and systems [90]. On the downside, the behavior-based detection methodology needs large volumes of past data in order to determine the average expected behaviors of the devices or systems being monitored, which often can be difficult to obtain, and also typically, behavior-based detection is resource intensive when used on large-scale IoT network systems. Specifically, as stated in [91], this type of detection uses machine learning technologies to evaluate numerous inputs from kernel events throughout multiple components such as CPU, disk drive and network interface cards, to develop a unique “fingerprint” for each device or user profile. The results have been very promising in detecting malware including botnets, root-kits, ransomware and cryptojackers with true positive rates between 0.82 and 0.90 and F1 scores ranging between 0.94 and 0.96. One example of how the behavior monitoring can identify anomalies includes monitoring devices’ communication patterns, such as frequency of communications, to identify possible security issues.

5.2.3. Machine Learning and Deep Learning-Based Techniques

IoT security is greatly improved through the use of Machine Learning [92] and Deep Learning [93] technologies, which help in identifying likely threats using the capabilities of both technologies. Both technologies use advanced algorithms for rapid processing of large amounts of information and deter-mining whether or not that information constitutes a threat. Machine Learning has a number of methodologies available, e.g., supervised and unsupervised learning, which make it possible to continually adapt to the changing threat environment. Many of the common Machine Learning algorithms include Support Vector Machines (SVM) and Clustering Techniques, both of which can identify anomalous or attack type behavior [94]. The use of Machine Learning allows for the automated identification of malicious behaviors or attacks directed at IoT devices. DL uses advanced neural networks to analyze large amounts of data with a high degree of complexity. The application of Neural Networks like LSTM or CNN to identifying malicious behaviors or attacks against IoT devices is an effective approach [95]. Machine Learning and Deep Learning are two forms of Machine Learning and Deep Learning will help analyze, detect and identify potentially malicious activity on IoT devices. Though heavily computational, as well as requiring large amounts of diverse training data, the advantages of utilizing Deep Learning to analyze large volume IoT datasets, discover novel anomaly detections, and increase detection accuracy are presented in [96]. Likewise, the authors of [97] underline their capacity to extract complex patterns and adapt to changing threats, hence stressing the use of machine learning and deep learning in jobs such anomaly detection, malware identification, and behavioral analysis. The authors of [98] discussed examples of AI powered detection of attacks using deep learning techniques including examples of the use of generative models by malicious actors to create fake multimedia content and conduct their attacks (deepfake detection). In another study, the authors of [99] reviewed and summarized existing literature to develop a list of at-tack methods that target GPS devices that are associated with the IoT. These methods improve the detection and enhance the security in real time, therefore offering a strong protection against many kinds of hostile activity in IoT systems. Table 4 gives a summary of research works related to ML-based security systems in IoT.
The results summarized in Table 4 highlight several important trends in the application of machine learning and deep learning techniques for IoT security. Deep learning models, particularly LSTM and CNN-based architectures, generally achieve higher detection accuracy in complex and high-dimensional datasets due to their ability to capture temporal and spatial patterns. However, this improved performance often comes at the cost of increased computational complexity and higher resource consumption, which may limit their deployment in resource-constrained IoT environments.
In contrast, traditional machine learning approaches such as Support Vector Machines and clustering techniques provide more lightweight and efficient solutions, although they may exhibit lower performance when handling highly dynamic or large-scale IoT data. Furthermore, the effectiveness of these models is highly dependent on the characteristics of the datasets used, including class imbalance, feature representation, and data quality. Many existing datasets do not fully reflect real-world IoT environments, which can affect the generalization capability of the models.
These observations suggest that there is no universally optimal model, and the selection of an appropriate approach should be guided by the specific requirements of the IoT application, including accuracy, computational efficiency, and scalability.
In addition, the effectiveness of ML/DL-based detection systems can degrade over time due to concept drift, where normal and malicious traffic patterns evolve in dynamic IoT environments. Furthermore, these models are vulnerable to adversarial attacks, where carefully crafted inputs can evade detection mechanisms. These challenges highlight the need for adaptive, robust, and continuously updated security models to ensure reliable performance in real-world IoT systems.

6. Countermeasures

IoT security countermeasures seek to minimize vulnerabilities and counteract multiple forms of attack. Given the large volume of IoT systems and their diversity, resource-efficient solutions are needed for these challenges. Essential network security mechanisms are required to secure data transmission and access controls for unauthorized data access; these include traffic filtering [132], encryption (TLS/SSL) [133], and rate limits. Software security control (SSC) measures exist to reduce the risk of hackers accessing devices through vulnerabilities by using SSC measures such as secure coding practices, input (parameter) validation, and Web Application Firewalls (WAFs) [134]. Secure deployment environments, intrusion detection systems (IDSs), and tamper-resistant hardware have been developed to help protect IoT devices against physical attacks [135].
To establish a comprehensive security strategy for devices, one will need to perform vulnerability scans, secure device launch technologies, and separate devices into (network and physical) segments. These strategies assist in preventing unauthorized changes. Data protection is of equal importance and includes protection against unauthorized changes/intrusions. Hence, various forms of data protection, including encryption, Role-Based Access Controls (RBAC) [136], secure Key Management, and Data Integrity Checks, will be very beneficial in helping to protect data. Availability and resiliency of IoT net-works/systems from DoS attacks can be achieved through these redundancy mechanisms and fail-over systems using Load Balancing methods and Malicious Activity Detection Systems, including real-time Intrusion Detection Systems and Anomaly Detection Systems that identify malicious activity. Lightweight Security Frameworks [137], AI-powered Threat Detection, and Blockchain-based Authentication provide robust services to enhance security without overextending the resources of residual IoT devices. The combination of various multiple layers of security solutions (techniques) for IoT systems will allow for strengthening the resiliency and sustainability of these systems from current and future cyber-threats. Table 5 summarizes the various countermeasures employed against these attacks.
While various countermeasures have been proposed to enhance IoT security, several challenges remain in their practical implementation. Many security solutions introduce additional computational overhead, which may not be suitable for resource-constrained devices. Moreover, existing countermeasures often lack adaptability to dynamic and evolving attack patterns. Ensuring robustness against adversarial attacks and maintaining effectiveness in the presence of concept drift remain open challenges. Therefore, future countermeasures should focus on lightweight, adaptive, and resilient security mechanisms that can operate efficiently in real-world IoT environments.

7. Datasets and Tools

Advancement of IoT security research and development depends critically on tools and datasets. They give a controlled environment for modeling IoT attacks and responses and support testing, validation, and benchmarking of security policies.

7.1. Datasets

As IoT devices continue to advance rapidly, they also provide new obstacles to researchers looking to defend systems against emerging intrusion threats. In addition, researchers are utilizing publicly available datasets on which to perform research to improve the capabilities of IDS as well as other products designed for security solutions. These datasets represent a wide range of intrusion types, including DDoS attacks, malicious software (i.e., malware), and data exfiltration, while also reflecting real-world scenarios involving both legitimate and malicious behaviors in IoT environments. The public datasets have been carefully compiled by researchers for their utility in examining cybersecurity-related research, as well as to provide a general understanding of the various features of IoT-related datasets for these purposes. Table 6 specifically shows datasets that were created specifically for the purposes of researching and evaluating security and IDS in IoT environments and also provides an extensive variety of datasets. CICIDS2017 [144] offers a realistic model of network scenarios involving multiple attack types, such as DDoS and port scanning, while including telemetry data from IoT services and their corresponding network communications, together with TON_IoT [145]. RT-IoT2022 [146] focuses on real-time IoT infrastructure, capturing multiple types of device behaviors, while MQTT-IoT-IDS2020 [147] provides an overview of IoT devices operating in an MQTT-based network, including aggressive scanning and brute-force attacks. Both IoT-23 [148] and N-BaIoT [149] collect labeled traffic flows and network data of IoT devices to illustrate both benign and malicious activities, such as Mirai malware attacks. Datasets such as CICIoT2023, IoTID20 [150], and IoT-Sentinel focus on developing hybrid intrusion detection systems and device identification. Similarly, datasets such as UNSW-NB15 [151] and BoT-IoT [152] provide insights into anomaly detection and IoT-specific threat detection. Using all of these datasets together gives researchers a comprehensive toolkit for enhancing IoT system security and facilitating effective cumulative detection and response strategies to protect against a wide range of threats.

7.2. Tools

Numerous tools have been developed for threat analysis, security mechanism evaluation, and intrusion detection evaluations to help both researchers and practitioners in the field of IoT Security. Tools in this area are used for network surveillance, attack emulation, and security protocol validation. The complexity of IoT environments necessitates that Security Technologies are flexible and are capable of supporting any number of architectures, communication protocols, or threat models. Simulation Technologies, for example, Cooja [155] and NS-3 [156] allow for simulation of IoT networks. By using those technologies, Network Vulnerability assessments, evaluation of Intrusion Detection Methods, and Attack Impact analyses can be performed in controlled environments. Network traffic analysis tools such as Wireshark [157], facilitate capturing and examining network packets; therefore, improving opportunities to detect malicious activities, illegal communications, or network security breaches in IoT environments. In addition, large scale IoT Testbeds like IoT-LAB [158], provide real-world experimental testbeds, to facilitate evaluation of security protocols, authentication systems and access control policies in realistic scenarios. Metasploit framework [159] enables a security engineer to conduct penetration testing and vulnerability evaluation to simulate a cyber-attack on IoT devices, identify vulnerabilities, and assess countermeasures for IoT devices. Collectively, these solutions enhance overall IoT security through increased opportunities to proactively perform threat detection, perform security assessment, and optimize overall operational performance. It is important to note that many of the tools listed in Table 7 are open-source, which plays a significant role in the advancement of IoT security research and development. Open-source tools provide transparency, flexibility, and community-driven improvements, allowing researchers and practitioners to adapt and extend security solutions to diverse IoT environments. Furthermore, they enable cost-effective experimentation and facilitate reproducibility, which are essential for validating intrusion detection systems and security mechanisms in complex IoT ecosystems. A summary of the most important tools used to secure IoT, their purpose and role in protecting the IoT Environment is contained in Table 7.

8. Challenges and Future Directions

One of the main challenges in IoT security is the deployment of lightweight AI and edge-based solutions. The need for scalable and heterogeneous networks creates a number of security vulnerabilities, resulting from the increasing number of connected devices with varying hardware and software architectures. The resource constraints of many IoT devices prevent these devices from using security solutions that require a significant amount of computation. Consequently, new lightweight detection techniques are needed that reduce energy consumption and still provide a high level of detection accuracy. Federated learning models enable the distribution of AI model training to the edge devices themselves and lessens centralized cloud computing dependency. Furthermore, this allows for increased security and privacy because of the reduction in centralized dependence.
Another critical challenge lies in securing communication through lightweight cryptographic mechanisms. Research moving forward should concentrate on developing energy-efficient lightweight cryptographic protocols to support End-To-End encryption and authentication without negatively impacting device performance.
In addition, the lack of standardized and interoperable security frameworks remains a major concern. The absence of widely accepted security standards results in uneven security implementations across IoT systems. By advocating for the use of IoT-specific datasets and standardized security frameworks we can generate better, more consistent and more efficient security solutions in the IoT space. Several key organizations have proposed IoT Security Standards (IEEE 802.15.4,CoAP [160], NIST SP 800-213 [161]) while regulations such as GDPR and California SB-327 have established legal thresholds for compliance. While these standards exist, there remain many challenges including global alignment across different countries; enforcing these standards; and moving from the standard definition to the actual implementation of the standards.
From a privacy and long-term security perspective, emerging technologies introduce new challenges and opportunities. In addition, efforts should be made to develop quantum-resistant cryptographic methods to protect against the upcoming threat of quantum computers.
Finally, the integration of distributed and adaptive security architectures is essential for future IoT systems. Implementing safe protocols, federated learning, lightweight artificial intelligence-driven detection, and common security frameworks would significantly enhance IoT security. These research directions directly address the limitations identified in previous sections, including scalability challenges, resource constraints, lack of standardization, and evolving security threats in IoT environments.

9. Conclusions

In this paper, we provided a comprehensive overview of IoT security challenges, focusing on the classification of attacks, detection techniques, and countermeasure strategies. While technology is consistently improving, the inherent distribution of IoT networks causes these systems to be susceptible to multiple threats due to resource constraints and other factors associated with distributed computing models. The increasing frequency and complexity of these attacks underscore the need for effective mechanisms to identify, detect, mitigate, and establish secure and standardized solutions. In the near future, we must work on developing adaptive security systems, progressing real-time detection technologies, and building partnerships between industry, academia, and regulators to create a highly resilient and secure IoT environment. Future studies will also need to explore how to develop lightweight detection technologies that are capable of protecting user privacy, and that can provide quantum-resilient solutions for IoT devices with limited resources.

Author Contributions

Conceptualization, M.M., M.R., F.S. and N.K.; methodology, M.M.; formal analysis, M.M.; investigation, M.M.; writing—original draft preparation, M.M.; writing—review and editing M.R., N.K. and F.S.; supervision, M.R., F.S. and N.K. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. IoT Connections Worldwide 2034. Available online: https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/ (accessed on 8 January 2026).
  2. Zahid, M.; Bharati, T.S. Leveraging Machine Learning and Deep Learning in IoT Security: A Review. Secur. Priv. 2026, 9, e70144. [Google Scholar] [CrossRef]
  3. Sharma, N.; Dhiman, P. A Survey on IoT Security: Challenges and Their Solutions Using Machine Learning and Blockchain Technology. Clust. Comput. 2025, 28, 313. [Google Scholar] [CrossRef]
  4. Tariq, U.; Ahmed, I.; Bashir, A.K.; Shaukat, K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors 2023, 23, 4117. [Google Scholar] [CrossRef] [PubMed]
  5. Zhu, L.; Li, M.; Metawa, N. Financial Risk Evaluation Z-Score Model for Intelligent IoT-Based Enterprises. Inf. Process. Manag. 2021, 58, 102692. [Google Scholar] [CrossRef]
  6. Rana, A.; Sharma, S.; Nisar, K.; Ibrahim, A.A.A.; Dhawan, S.; Chowdhry, B.; Hussain, S.; Goyal, N. The Rise of Blockchain Internet of Things (BIoT): Secured, Device-to-Device Architecture and Simulation Scenarios. Appl. Sci. 2022, 12, 7694. [Google Scholar] [CrossRef]
  7. Singla, D.; Gupta, D.; Goyal, N. IoT Based Monitoring for the Growth of Basil Using Machine Learning. In Proceedings of the 2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, India, 13–14 October 2022; pp. 1–5. [Google Scholar]
  8. Saini, H.K.; Poriye, M.; Goyal, N. A Survey on Security Threats and Network Vulnerabilities in Internet of Things. In Big Data Analytics in Intelligent IoT and Cyber-Physical Systems; Sharma, N., Mangla, M., Shinde, S.K., Eds.; Springer Nature: Singapore, 2024; pp. 297–314. [Google Scholar]
  9. Ahmad, R.; Alsmadi, I. Machine Learning Approaches to IoT Security: A Systematic Literature Review. Internet Things 2021, 14, 100365. [Google Scholar] [CrossRef]
  10. Prakash, R.; Jyoti, N.; Manjunatha, S. A Survey of Security Challenges, Attacks in IoT. E3S Web Conf. 2024, 491, 04018. [Google Scholar] [CrossRef]
  11. Ahmady, E.; Mojadadi, A.R.; Hakimi, M. A Comprehensive Review of Cybersecurity Measures in the IoT Era. J. Soc. Sci. Util. Tech. 2024, 2, 288–298. [Google Scholar] [CrossRef]
  12. Dritsas, E.; Trigka, M. A Survey on Cybersecurity in IoT. Future Internet 2025, 17, 30. [Google Scholar] [CrossRef]
  13. Sharma, A.; Bhushan, K. A Comprehensive Survey on IoT Security: Challenges, Security Issues, and Countermeasures. Comput. Sci. Rev. 2026, 59, 100839. [Google Scholar] [CrossRef]
  14. Singh, C.; Jain, A.K. A Comprehensive Survey on DDoS Attacks Detection & Mitigation in SDN-IoT Network. E-Prime-Adv. Electr. Eng. Electron. Energy 2024, 8, 100543. [Google Scholar] [CrossRef]
  15. Khazane, H.; Ridouani, M.; Salahdine, F.; Kaabouch, N. A Holistic Review of Machine Learning Adversarial Attacks in IoT Networks. Future Internet 2024, 16, 32. [Google Scholar] [CrossRef]
  16. Alsalman, D. A Comparative Study of Anomaly Detection Techniques for IoT Security Using Adaptive Machine Learning for IoT Threats. IEEE Access 2024, 12, 14719–14730. [Google Scholar] [CrossRef]
  17. Sun, P.; Shen, S.; Wan, Y.; Wu, Z.; Fang, Z.; Gao, X.-Z. A Survey of IoT Privacy Security: Architecture, Technology, Challenges, and Trends. IEEE Internet Things J. 2024, 11, 34567–34591. [Google Scholar] [CrossRef]
  18. Mengistu, T.M.; Kim, T.; Lin, J.-W. A Survey on Heterogeneity Taxonomy, Security and Privacy Preservation in the Integration of IoT, Wireless Sensor Networks and Federated Learning. Sensors 2024, 24, 968. [Google Scholar] [CrossRef]
  19. Ghaffari, A.; Jelodari, N.; Pouralish, S.; Derakhshanfard, N.; Arasteh, B. Securing Internet of Things Using Machine and Deep Learning Methods: A Survey. Clust. Comput. 2024, 27, 9065–9089. [Google Scholar] [CrossRef]
  20. Sebestyen, H.; Popescu, D.E.; Zmaranda, R.D. A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories. Computers 2025, 14, 61. [Google Scholar] [CrossRef]
  21. Sousa, A.; Reis, M.J.C.S. 5G Security Features, Vulnerabilities, Threats, and Data Protection in IoT and Mobile Devices: A Systematic Review. Evol. Stud. Imaginative Cult. 2024, 8, 414–427. [Google Scholar] [CrossRef]
  22. Pettorru, G.; Pilloni, V.; Martalò, M. Trustworthy Localization in IoT Networks: A Survey of Localization Techniques, Threats, and Mitigation. Sensors 2024, 24, 2214. [Google Scholar] [CrossRef]
  23. He, P.; Zhou, Y.; Qin, X. A Survey on Energy-Aware Security Mechanisms for the Internet of Things. Future Internet 2024, 16, 128. [Google Scholar] [CrossRef]
  24. Khullar, V.; Singh, H.P.; Miro, Y.; Anand, D.; Mohamed, H.G.; Gupta, D.; Kumar, N.; Goyal, N. IoT Fog-Enabled Multi-Node Centralized Ecosystem for Real Time Screening and Monitoring of Health Information. Appl. Sci. 2022, 12, 9845. [Google Scholar] [CrossRef]
  25. Kakkar, L.; Gupta, D.; Tanwar, S.; Saxena, S.; Alsubhi, K.; Anand, D.; Delgado Noya, I.; Goyal, N. A Secure and Efficient Signature Scheme for IoT in Healthcare. Comput. Mater. Contin. 2022, 73, 6151–6168. [Google Scholar] [CrossRef]
  26. Das, S.; Namasudra, S.; Deb, S.; Ger, P.M.; Crespo, R.G. Securing IoT-Based Smart Healthcare Systems by Using Advanced Lightweight Privacy-Preserving Authentication Scheme. IEEE Internet Things J. 2023, 10, 18486–18494. [Google Scholar] [CrossRef]
  27. Das, S.; Singh, M.P.; Namasudra, S. A Lightweight Authentication and Key Agreement Protocol for IoT-Based Smart Healthcare System. In Proceedings of the 2023 World Conference on Communication & Computing (WCONF); IEEE: Raipur, India, 2023; pp. 1–5. [Google Scholar]
  28. Kumar, T.; Kumar, P.; Namasudra, S. User Revocation-Enabled Access Control Model Using Identity-Based Signature in the Cloud Computing Environment. Int. J. Interact. Multimed. Artif. Intell. 2024, 9, 127. [Google Scholar] [CrossRef]
  29. Krishna, R.; Yaduvanshi, R.S.; Singh, H.; Rana, A.K.; Goyal, N.; Kumar, R. Mathematical Modeling and Parameter Analysis of Quantum Antenna for IoT Sensor-Based Biomedical Applications. J. Auton. Intell. 2023, 6 1–25. [Google Scholar] [CrossRef]
  30. Yang, T.; Li, Y.; He, J.; Liu, Z.; Ren, F.; Wang, T.; Hou, G. Secure and Traceable Multikey Image Retrieval in Cloud-Assisted Internet of Things. IEEE Internet Things J. 2024, 11, 40875–40887. [Google Scholar] [CrossRef]
  31. Liang, J.; Li, P.; Liu, Z.; He, H. Privacy-Preserving Clustering-Based Image Retrieval in Cloud-Assisted Internet of Things. IEEE Internet Things J. 2025, 12, 20484–20497. [Google Scholar] [CrossRef]
  32. Wang, Y.; Miao, Y.; Li, X.; Leng, T.; Liu, Z.; Liu, X.; Raymond Choo, K.-K.; Deng, R.H. Efficient Homomorphic-Encryption-Based Secure Search in Multiowner Setting for Internet of Things. IEEE Internet Things J. 2025, 12, 8885–8896. [Google Scholar] [CrossRef]
  33. Alfriehat, N.A.; Anbar, M.; Karuppayah, S.; Rihan, S.D.A.; Alabsi, B.A.; Momani, A.M. Detecting Version Number Attacks in Low Power and Lossy Networks for Internet of Things Routing: Review and Taxonomy. IEEE Access 2024, 12, 31136–31158. [Google Scholar] [CrossRef]
  34. Nuhu, A.; Mat Raffei, A.F.; Ab Razak, M.F.; Ahmad, A. Distributed Denial of Service Attack Detection in IoT Networks Using Deep Learning and Feature Fusion: A Review. Mesopotamian J. Cybersecur. 2024, 2024, 47–70. [Google Scholar] [CrossRef]
  35. Ferraris, D.; Fernandez-Gago, C.; Roman, R.; Lopez, J. A Survey on IoT Trust Model Frameworks. J. Supercomput. 2024, 80, 8259–8296. [Google Scholar] [CrossRef]
  36. Hossain, M.; Kayas, G.; Hasan, R.; Skjellum, A.; Noor, S.; Islam, S.M.R. A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New Perspectives. Future Internet 2024, 16, 40. [Google Scholar] [CrossRef]
  37. Almutairi, R.; Bergami, G.; Morgan, G. Advancements and Challenges in IoT Simulators: A Comprehensive Review. Sensors 2024, 24, 1511. [Google Scholar] [CrossRef] [PubMed]
  38. Humayun, M.; Tariq, N.; Alfayad, M.; Zakwan, M.; Alwakid, G.; Assiri, M. Securing the Internet of Things in Artificial Intelligence Era: A Comprehensive Survey. IEEE Access 2024, 12, 25469–25490. [Google Scholar] [CrossRef]
  39. Dargaoui, S.; Azrour, M.; El Allaoui, A.; Guezzaz, A.; Alabdulatif, A.; Alnajim, A. An Exhaustive Survey on Authentication Classes in the IoT Environments. Indones. J. Electr. Eng. Inform. 2024, 12, 15–31. [Google Scholar] [CrossRef]
  40. Alrubayyi, H.; Alshareef, M.S.; Nadeem, Z.; Abdelmoniem, A.M.; Jaber, M. Security Threats and Promising Solutions Arising from the Intersection of AI and IoT: A Study of IoMT and IoET Applications. Future Internet 2024, 16, 85. [Google Scholar] [CrossRef]
  41. Kalwar, J.H.; Bhatti, S. Deep Learning Approaches for Network Traffic Classification in the Internet of Things (IoT): A Survey. arXiv 2024, arXiv:2402.00920. [Google Scholar] [CrossRef]
  42. Amoo, O.O.; Osasona, F.; Atadoga, A.; Ayinla, B.S.; Farayola, O.A.; Abrahams, T.O. Cybersecurity Threats in the Age of IoT: A Review of Protective Measures. Int. J. Sci. Res. Arch. 2024, 11, 1304–1310. [Google Scholar] [CrossRef]
  43. Kumar, M.; Yadav, V.; Yadav, S.P. Advance Comprehensive Analysis for Zigbee Network-Based IoT System Security. Discov. Comput. 2024, 27, 22. [Google Scholar] [CrossRef]
  44. Wang, Z. Securing Bluetooth Low Energy: A Literature Review. arXiv 2024, arXiv:2404.16846v1. [Google Scholar] [CrossRef]
  45. Hessel, F.; Almon, L.; Hollick, M. LoRaWAN Security: An Evolvable Survey on Vulnerabilities, Attacks and Their Systematic Mitigation. ACM Trans. Sen. Netw. 2022, 18, 1–55. [Google Scholar] [CrossRef]
  46. Munoz-Ausecha, C.; Ruiz-Rosero, J.; Ramirez-Gonzalez, G. RFID Applications and Security Review. Computation 2021, 9, 69. [Google Scholar] [CrossRef]
  47. Onumadu, P.; Abroshan, H. Near-Field Communication (NFC) Cyber Threats and Mitigation Solutions in Payment Transactions: A Review. Sensors 2024, 24, 7423. [Google Scholar] [CrossRef] [PubMed]
  48. Delwar, T.S.; Aras, U.; Mukhopadhyay, S.; Kumar, A.; Kshirsagar, U.; Lee, Y.; Singh, M.; Ryu, J.-Y. The Intersection of Machine Learning and Wireless Sensor Network Security for Cyber-Attack Detection: A Detailed Analysis. Sensors 2024, 24, 6377. [Google Scholar] [CrossRef] [PubMed]
  49. Verma, A.; Ranga, V. Security of RPL Based 6LoWPAN Networks in the Internet of Things: A Review. IEEE Sens. J. 2020, 20, 5666–5690. [Google Scholar] [CrossRef]
  50. Coppens, D.; Shahid, A.; Lemey, S.; Van Herbruggen, B.; Marshall, C.; De Poorter, E. An Overview of UWB Standards and Organizations (IEEE 802.15.4, FiRa, Apple): Interoperability Aspects and Future Research Directions. IEEE Access 2022, 10, 70219–70241. [Google Scholar] [CrossRef]
  51. Achour, M.; Mana, M.; Rachedi, A. On the Issues of Selective Jamming in IEEE 802.15.4-Based Wireless Body Area Networks. Peer Peer Netw. Appl. 2021, 14, 135–150. [Google Scholar] [CrossRef]
  52. Torres, N.; Pinto, P.; Lopes, S.I. Security Vulnerabilities in LPWANs—an Attack Vector Analysis for the IoT Ecosystem. Appl. Sci. 2021, 11, 3176. [Google Scholar] [CrossRef]
  53. Lilli, M.; Braghin, C.; Riccobene, E. Formal Proof of a Vulnerability in Z-Wave IoT Protocol. In Proceedings of the SECRYPT, Online, 6–8 July 2021; pp. 198–209. [Google Scholar]
  54. Luo, L.; Morales-Gonzalez, C.; Wang, S.; Ling, Z.; Fu, X. Unified View of IoT and CPS Security and Privacy. In Proceedings of the 2024 International Conference on Computing, Networking and Communications (ICNC); IEEE: New York, NY, USA, 2024; pp. 495–499. [Google Scholar]
  55. Alam, M.; Ahmed, N.; Matam, R.; Barbhuiya, F.A. Analyzing the Suitability of IEEE 802.11ah for next Generation Internet of Things: A Comparative Study. Ad Hoc Netw. 2024, 156, 103437. [Google Scholar] [CrossRef]
  56. Hmissi, F.; Ouni, S. A Survey on Application Layer Protocols for IoT Networks. arXiv 2024, arXiv:2405.15901. [Google Scholar] [CrossRef]
  57. Alotaibi, A.; Aldawghan, H.; Aljughaiman, A. A Review of the Authentication Techniques for Internet of Things Devices in Smart Cities: Opportunities, Challenges, and Future Directions. Sensors 2025, 25, 1649. [Google Scholar] [CrossRef] [PubMed]
  58. Basu, S.S.; Haxhibeqiri, J.; Baert, M.; Moons, B.; Karaagac, A.; Crombez, P.; Camerlynck, P.; Hoebeke, J. An End-to-End LwM2M-Based Communication Architecture for Multimodal NB-IoT/BLE Devices. Sensors 2020, 20, 2239. [Google Scholar] [CrossRef] [PubMed]
  59. Petrescu, I.; Niculae, E.; Vulturescu, V.; Dimitrescu, A.; Ungureanu, L.M. Transport and Application Layer Protocols for IoT: Comprehensive Review. Technologies 2025, 13, 583. [Google Scholar] [CrossRef]
  60. Pérez-Solano, J.J.; Ruiz-Canales, A. Data Collection and Remote Control of an IoT Electronic Nose Using Web Services and the MQTT Protocol. Sensors 2025, 25, 4356. [Google Scholar] [CrossRef]
  61. Gambo, M.L.; Danasabe, A.; Almadani, B.; Aliyu, F.; Aliyu, A.; Al-Nahari, E. A Systematic Literature Review of DDS Middleware in Robotic Systems. Robotics 2025, 14, 63. [Google Scholar] [CrossRef]
  62. Rezaee, M.R.; Abdul Hamid, N.A.W.; Hussin, M.; Zukarnain, Z.A. Fog Offloading and Task Management in IoT-Fog-Cloud Environment: Review of Algorithms, Networks, and SDN Application. IEEE Access 2024, 12, 39058–39080. [Google Scholar] [CrossRef]
  63. Ahakonye, L.A.C.; Nwakanma, C.I.; Kim, D.-S. Tides of Blockchain in IoT Cybersecurity. Sensors 2024, 24, 3111. [Google Scholar] [CrossRef]
  64. Rupanetti, D.; Kaabouch, N. Combining Edge Computing-Assisted Internet of Things Security with Artificial Intelligence: Applications, Challenges, and Opportunities. Appl. Sci. 2024, 14, 7104. [Google Scholar] [CrossRef]
  65. Zafir, E.I.; Akter, A.; Islam, M.N.; Hasib, S.A.; Islam, T.; Sarker, S.K.; Muyeen, S.M. Enhancing Security of Internet of Robotic Things: A Review of Recent Trends, Practices, and Recommendations with Encryption and Blockchain Techniques. Internet Things 2024, 28, 101357. [Google Scholar] [CrossRef]
  66. Dauda, A.; Flauzac, O.; Nolot, F. A Survey on IoT Application Architectures. Sensors 2024, 24, 5320. [Google Scholar] [CrossRef]
  67. Ramírez-Gordillo, T.; Maciá-Lillo, A.; Pujol, F.A.; García-D’Urso, N.; Azorín-López, J.; Mora, H. Decentralized Identity Management for Internet of Things (IoT) Devices Using IOTA Blockchain Technology. Future Internet 2025, 17, 49. [Google Scholar] [CrossRef]
  68. Xenofontos, C.; Zografopoulos, I.; Konstantinou, C.; Jolfaei, A.; Khan, M.K.; Choo, K.-K.R. Consumer, Commercial and Industrial IoT (In) Security: Attack Taxonomy and Case Studies. arXiv 2021, arXiv:2105.06612. [Google Scholar] [CrossRef]
  69. Msgna, M. Anatomy of Attacks on IoT Systems: Review of Attacks, Impacts and Countermeasures. J. Surveill. Secur. Saf. 2022, 3, 150–173. [Google Scholar] [CrossRef]
  70. Sasi, T.; Lashkari, A.H.; Lu, R.; Xiong, P.; Iqbal, S. A Comprehensive Survey on IoT Attacks: Taxonomy, Detection Mechanisms and Challenges. J. Inf. Intell. 2024, 2, 455–513. [Google Scholar] [CrossRef]
  71. Shah, Y.; Sengupta, S. A Survey on Classification of Cyber-Attacks on IoT and IIoT Devices. In Proceedings of the 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON); IEEE: New York, NY, USA, 2020; pp. 406–413. [Google Scholar]
  72. Liang, X.; Kim, Y. A Survey on Security Attacks and Solutions in the IoT Network. In Proceedings of the 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC); IEEE: Las Vegas, NV, USA, 2021; pp. 853–859. [Google Scholar]
  73. Mathas, C.-M.; Vassilakis, C.; Kolokotronis, N.; Zarakovitis, C.C.; Kourtis, M.-A. On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids. Energies 2021, 14, 2818. [Google Scholar] [CrossRef]
  74. Eian, I.C.; Lim, K.Y.; Yeap, M.X.L.; Yeo, H.Q.; Z, F. Wireless Networks: Active and Passive Attack Vulnerabilities and Privacy Challenges. Preprints 2020, 21, 230–233. [Google Scholar]
  75. Khanam, S.; Ahmedy, I.B.; Idna Idris, M.Y.; Jaward, M.H.; Bin Md Sabri, A.Q. A Survey of Security Challenges, Attacks Taxonomy and Advanced Countermeasures in the Internet of Things. IEEE Access 2020, 8, 219709–219743. [Google Scholar] [CrossRef]
  76. Shah, M.S.M.; Leau, Y.-B.; Anbar, M.; Bin-Salem, A.A. Security and Integrity Attacks in Named Data Networking: A Survey. IEEE Access 2023, 11, 7984–8004. [Google Scholar] [CrossRef]
  77. Orman, A. Cyberattack Detection Systems in Industrial Internet of Things (IIoT) Networks in Big Data Environments. Appl. Sci. 2025, 15, 3121. [Google Scholar] [CrossRef]
  78. Calderón, D.; Folgado, F.J.; González, I.; Calderón, A.J. Implementation and Experimental Application of Industrial IoT Architecture Using Automation and IoT Hardware/Software. Sensors 2024, 24, 8074. [Google Scholar] [CrossRef]
  79. Shafiq, M.; Gu, Z.; Cheikhrouhou, O.; Alhakami, W.; Hamam, H. The Rise of “Internet of Things”: Review and Open Research Issues Related to Detection and Prevention of IoT-Based Security Attacks. Wirel. Commun. Mob. Comput. 2022, 2022, 1–12. [Google Scholar] [CrossRef]
  80. Nawaal, B.; Haider, U.; Khan, I.U.; Fayaz, M. Signature-Based Intrusion Detection System for IoT. In Cyber Security for Next-Generation Computing Technologies; CRC Press: Boca Raton, FL, USA, 2023; pp. 141–158. [Google Scholar]
  81. Thankappan, M.; Rifà-Pous, H.; Garrigues, C. A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks. IEEE Access 2024, 12, 23096–23121. [Google Scholar] [CrossRef]
  82. Yunmar, R.A.; Kusumawardani, S.S.; Widyawan; Mohsen, F. Hybrid Android Malware Detection: A Review of Heuristic-Based Approach. IEEE Access 2024, 12, 41255–41286. [Google Scholar] [CrossRef]
  83. Nespoli, P.; Díaz-López, D.; Gómez Mármol, F. Cyberprotection in IoT Environments: A Dynamic Rule-Based Solution to Defend Smart Devices. J. Inf. Secur. Appl. 2021, 60, 102878. [Google Scholar] [CrossRef]
  84. Wang, J.; Han, H.; Li, H.; He, S.; Kumar Sharma, P.; Chen, L. Multiple Strategies Differential Privacy on Sparse Tensor Factorization for Network Traffic Analysis in 5G. IEEE Trans. Ind. Inf. 2022, 18, 1939–1948. [Google Scholar] [CrossRef]
  85. Altaf, T.; Wang, X.; Ni, W.; Yu, G.; Liu, R.P.; Braun, R. GNN-Based Network Traffic Analysis for the Detection of Sequential Attacks in IoT. Electronics 2024, 13, 2274. [Google Scholar] [CrossRef]
  86. Isma’ila, U.A.; Danyaro, K.U.; Muazu, A.A.; Maiwada, U.D. Review on Approaches of Federated Modeling in Anomaly-Based Intrusion Detection for IoT Devices. IEEE Access 2024, 12, 30941–30961. [Google Scholar] [CrossRef]
  87. Jeffrey, N.; Tan, Q.; Villar, J.R. A Review of Anomaly Detection Strategies to Detect Threats to Cyber-Physical Systems. Electronics 2023, 12, 3283. [Google Scholar] [CrossRef]
  88. Chatterjee, A.; Ahmed, B.S. IoT Anomaly Detection Methods and Applications: A Survey. Internet Things 2022, 19, 100568. [Google Scholar] [CrossRef]
  89. Ullah, I.; Mahmoud, Q.H. Design and Development of RNN Anomaly Detection Model for IoT Networks. IEEE Access 2022, 10, 62722–62750. [Google Scholar] [CrossRef]
  90. Rabbani, M.; Gui, J.; Zhou, Z.; Nejati, F.; Mirani, M.; Piya, G.; Opushnyev, I.; Lu, R.; Ghorbani, A. A Lightweight IoT Device Identification Using Enhanced Behavioral-Based Features. Peer Peer Netw. Appl. 2024, 18, 2. [Google Scholar] [CrossRef]
  91. Celdrán, A.H.; Sánchez, P.M.S.; Castillo, M.A.; Bovet, G.; Pérez, G.M.; Stiller, B. Intelligent and Behavioral-Based Detection of Malware in IoT Spectrum Sensors. Int. J. Inf. Secur. 2023, 22, 541–561. [Google Scholar] [CrossRef]
  92. Talaei Khoei, T.; Kaabouch, N. Machine Learning: Models, Challenges, and Research Directions. Future Internet 2023, 15, 332. [Google Scholar] [CrossRef]
  93. Talaei Khoei, T.; Ould Slimane, H.; Kaabouch, N. Deep Learning: Systematic Review, Models, Challenges, and Research Directions. Neural Comput. Appl. 2023, 35, 23103–23124. [Google Scholar] [CrossRef]
  94. Moucharraf, M.; Ridouani, M.; Salahdine, F.; Kaabouch, N. From Clusters to Classifiers: A Unified Framework for Multi-Class IoT Threat Detection. In Proceedings of the 2025 International Conference on Intelligent Systems: Theories and Applications (SITA), Rabat, Morocco, 20–21 October 2025; pp. 1–6. [Google Scholar]
  95. Moucharraf, M.; Ridouani, M.; Salahdine, F.; Kaabouch, N. A Hybrid CNN-LSTM Architecture for Multiclass Intrusion Detection in IoT Networks. In Proceedings of the 2025 12th International Conference on Wireless Networks and Mobile Communications (WINCOM), Riyadh, Saudi Arabia, 25–27 November 2025; pp. 1–7. [Google Scholar]
  96. Liu, C.; Chen, B.; Shao, W.; Zhang, C.; Wong, K.; Zhang, Y. Unraveling Attacks in Machine Learning-Based IoT Ecosystems: A Survey and the Open Libraries Behind Them. arXiv 2024, arXiv:2401.11723. [Google Scholar]
  97. Rafique, S.H.; Abdallah, A.; Musa, N.S.; Murugan, T. Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection—Current Research Trends. Sensors 2024, 24, 1968. [Google Scholar] [CrossRef]
  98. Naitali, A.; Ridouani, M.; Salahdine, F.; Kaabouch, N. Deepfake Attacks: Generation, Detection, Datasets, Challenges, and Research Directions. Computers 2023, 12, 216. [Google Scholar] [CrossRef]
  99. Burbank, J.; Greene, T.; Kaabouch, N. Detecting and Mitigating Attacks on GPS Devices. Sensors 2024, 24, 5529. [Google Scholar] [CrossRef] [PubMed]
  100. Jony, A.I.; Arnob, A.K.B. A Long Short-Term Memory Based Approach for Detecting Cyber Attacks in IoT Using CIC-IoT2023 Dataset. J. Edge Comp. 2024, 3, 28–42. [Google Scholar] [CrossRef]
  101. Moucharraf, M.; Ridouani, M.; Salahdine, F.; Kaabouch, N. AutoBoost-IoT: A Hybrid Model for Intrusion Detection in IoT Networks. Future Internet 2026, 18, 229. [Google Scholar] [CrossRef]
  102. Asgharzadeh, H.; Ghaffari, A.; Masdari, M.; Soleimanian Gharehchopogh, F. Anomaly-Based Intrusion Detection System in the Internet of Things Using a Convolutional Neural Network and Multi-Objective Enhanced Capuchin Search Algorithm. J. Parallel Distrib. Comput. 2023, 175, 1–21. [Google Scholar] [CrossRef]
  103. Priyadarshini, I. Anomaly Detection of IoT Cyberattacks in Smart Cities Using Federated Learning and Split Learning. Big Data Cogn. Comput. 2024, 8, 21. [Google Scholar] [CrossRef]
  104. Zaheer, A.; Tahir, S.; Almufareh, M.F.; Hamid, B. A Hybrid Model for Botnet Detection Using Machine Learning. In Proceedings of the 2023 International Conference on Business Analytics for Technology and Security (ICBATS), Dubai, United Arab Emirates, 7–8 March 2023; pp. 1–8. [Google Scholar]
  105. Elnakib, O.; Shaaban, E.; Mahmoud, M.; Emara, K. EIDM: Deep Learning Model for IoT Intrusion Detection Systems. J. Supercomput. 2023, 79, 13241–13261. [Google Scholar] [CrossRef]
  106. Arsalan, M.; Mubeen, M.; Bilal, M.; Abbasi, S.F. 1D-CNN-IDS: 1D CNN-Based Intrusion Detection System for IIoT. In Proceedings of the 2024 29th International Conference on Automation and Computing (ICAC); IEEE: Sunderland, UK, 2024; pp. 1–4. [Google Scholar]
  107. Almarshdi, R.; Nassef, L.; Fadel, E.; Alowidi, N. Hybrid Deep Learning Based Attack Detection for Imbalanced Data Classification. Intell. Autom. Soft Comput. 2023, 35, 297–320. [Google Scholar] [CrossRef]
  108. Al-Fawa’reh, M.; Abu-Khalaf, J.; Szewczyk, P.; Kang, J.J. MalBoT-DRL: Malware Botnet Detection Using Deep Reinforcement Learning in IoT Networks. IEEE Internet Things J. 2024, 11, 9610–9629. [Google Scholar] [CrossRef]
  109. Behiry, M.H.; Aly, M. Cyberattack Detection in Wireless Sensor Networks Using a Hybrid Feature Reduction Technique with AI and Machine Learning Methods. J. Big Data 2024, 11, 16. [Google Scholar] [CrossRef]
  110. Elsayed, N.; ElSayed, Z.; Bayoumi, M. IoT Botnet Detection Using an Economic Deep Learning Model. arXiv 2023, arXiv:2302.02013. [Google Scholar] [CrossRef]
  111. Henda, N.B.; Msolli, A.; Hagui, I.; Helali, A.; Maaref, H.; Mghaieth, R. A Novel SVM Based CFS for Intrusion Detection in IoT Network. In Proceedings of the 2023 IEEE International Conference on Advanced Systems and Emergent Technologies (IC_ASET), Hammamet, Tunisia, 29 April–1 May 2023; pp. 1–5. [Google Scholar]
  112. Gaber, T.; Awotunde, J.B.; Torky, M.; Ajagbe, S.A.; Hammoudeh, M.; Li, W. Metaverse-IDS: Deep Learning-Based Intrusion Detection System for Metaverse-IoT Networks. Internet Things 2023, 24, 100977. [Google Scholar] [CrossRef]
  113. Al-kahtani, M.S.; Mehmood, Z.; Sadad, T.; Zada, I.; Ali, G.; ElAffendi, M. Intrusion Detection in the Internet of Things Using Fusion of GRU-LSTM Deep Learning Model. Intell. Autom. Soft Comput. 2023, 37, 2279–2290. [Google Scholar] [CrossRef]
  114. Moucharraf, M.; Ridouani, M.; Salahdine, F.; Kaabouch, N. Ensemble Learning Model for Robust Intrusion Detection in IoT Networks. In Proceedings of the 2025 International Conference on Advanced Technologies and Interdisciplinary Innovation (ICAT2I), Fez, Morocco, 25–26 December 2025; pp. 1–6. [Google Scholar]
  115. Ferrag, M.A.; Ndhlovu, M.; Tihanyi, N.; Cordeiro, L.C.; Debbah, M.; Lestable, T.; Thandi, N.S. Revolutionizing Cyber Threat Detection With Large Language Models: A Privacy-Preserving BERT-Based Lightweight Model for IoT/IIoT Devices. IEEE Access 2024, 12, 23733–23750. [Google Scholar] [CrossRef]
  116. Anushiya, R.; Lavanya, V.S. A New Deep-Learning with Swarm Based Feature Selection for Intelligent Intrusion Detection for the Internet of Things. Meas. Sens. 2023, 26, 100700. [Google Scholar] [CrossRef]
  117. El-Ghamry, A.; Gaber, T.; Mohammed, K.K.; Hassanien, A.E. Optimized and Efficient Image-Based IoT Malware Detection Method. Electronics 2023, 12, 708. [Google Scholar] [CrossRef]
  118. Bhavsar, M.; Roy, K.; Kelly, J.; Olusola, O. Anomaly-Based Intrusion Detection System for IoT Application. Discov. Internet Things 2023, 3, 5. [Google Scholar] [CrossRef]
  119. Om Kumar, C.U.; Marappan, S.; Murugeshan, B.; Beaulah, P.M.R. Intrusion Detection Model for IoT Using Recurrent Kernel Convolutional Neural Network. Wirel. Pers. Commun. 2023, 129, 783–812. [Google Scholar] [CrossRef]
  120. Rani, D.; Gill, N.S.; Gulia, P.; Arena, F.; Pau, G. Design of an Intrusion Detection Model for IoT-Enabled Smart Home. IEEE Access 2023, 11, 52509–52526. [Google Scholar] [CrossRef]
  121. Elsayed, R.A.; Hamada, R.A.; Abdalla, M.I.; Elsaid, S.A. Securing IoT and SDN Systems Using Deep-Learning Based Automatic Intrusion Detection. Ain Shams Eng. J. 2023, 14, 102211. [Google Scholar] [CrossRef]
  122. Liu, X.; Du, Y. Towards Effective Feature Selection for IoT Botnet Attack Detection Using a Genetic Algorithm. Electronics 2023, 12, 1260. [Google Scholar] [CrossRef]
  123. Musleh, D.; Alotaibi, M.; Alhaidari, F.; Rahman, A.; Mohammad, R.M. Intrusion Detection System Using Feature Extraction with Machine Learning Algorithms in IoT. J. Sens. Actuator Netw. 2023, 12, 29. [Google Scholar] [CrossRef]
  124. Abbas, S.; Hejaili, A.A.; Sampedro, G.A.; Abisado, M.; Almadhor, A.S.; Shahzad, T.; Ouahada, K. A Novel Federated Edge Learning Approach for Detecting Cyberattacks in IoT Infrastructures. IEEE Access 2023, 11, 112189–112198. [Google Scholar] [CrossRef]
  125. Ullah, S.; Mahmood, Z.; Ali, N.; Ahmad, T.; Buriro, A. Machine Learning-Based Dynamic Attribute Selection Technique for DDoS Attack Classification in IoT Networks. Computers 2023, 12, 115. [Google Scholar] [CrossRef]
  126. Ferrag, M.A.; Debbah, M.; Al-Hawawreh, M. Generative AI for Cyber Threat-Hunting in 6G-Enabled IoT Networks. arXiv 2023, arXiv:2303.11751. [Google Scholar]
  127. Moucharraf, M.; Ridouani, M.; Salahdine, F.; Kaabouch, N. Hybrid Deep Learning and Boosting Approach for Iot Intrusion Detection Using Autoencoder and Xgboost. In Proceedings of the 2025 International Conference on Circuit, Systems and Communication (ICCSC), Fez, Morocco, 19–20 June 2025; pp. 1–6. [Google Scholar]
  128. Bhandari, G.; Lyth, A.; Shalaginov, A.; Grønli, T.-M. Distributed Deep Neural-Network-Based Middleware for Cyber-Attacks Detection in Smart IoT Ecosystem: A Novel Framework and Performance Evaluation Approach. Electronics 2023, 12, 298. [Google Scholar] [CrossRef]
  129. Dash, S.K.; Dash, S.; Mahapatra, S.; Mohanty, S.N.; Khan, M.I.; Medani, M.; Abdullaev, S.; Gupta, M. Enhancing DDoS Attack Detection in IoT Using PCA. Egypt. Inform. J. 2024, 25, 100450. [Google Scholar] [CrossRef]
  130. Altunay, H.C.; Albayrak, Z. A Hybrid CNN+LSTM-Based Intrusion Detection System for Industrial IoT Networks. Eng. Sci. Technol. An. Int. J. 2023, 38, 101322. [Google Scholar] [CrossRef]
  131. Ding, W.; Abdel-Basset, M.; Mohamed, R. DeepAK-IoT: An Effective Deep Learning Model for Cyberattack Detection in IoT Networks. Inf. Sci. 2023, 634, 157–171. [Google Scholar] [CrossRef]
  132. Pakmehr, A.; Aßmuth, A.; Taheri, N.; Ghaffari, A. DDoS Attack Detection Techniques in IoT Networks: A Survey. Clust. Comput. 2024, 27, 14637–14668. [Google Scholar] [CrossRef]
  133. Oppliger, R. SSL and TLS: Theory and Practice, 3rd ed.; Artech House: New York, NY, USA, 2023. [Google Scholar]
  134. Noman, H.A.; Abu-Sharkh, O.M.F. Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations. Sensors 2023, 23, 6067. [Google Scholar] [CrossRef]
  135. Applied Reconfigurable Computing. In Architectures, Tools, and Applications: 17th International Symposium, ARC 2021, Virtual Event, June 29–30, 2021, Proceedings; Lecture Notes in Computer Science; Derrien, S., Hannig, F., Diniz, P.C., Chillet, D., Eds.; Springer International Publishing: Cham, Switzerland, 2021; Volume 12700. [Google Scholar]
  136. Ameer, S.; Benson, J.; Sandhu, R. An Attribute-Based Approach toward a Secured Smart-Home IoT Access Control and a Comparison with a Role-Based Approach. Information 2022, 13, 60. [Google Scholar] [CrossRef]
  137. Ahsan, M.S.; Pathan, A.-S.K. A Comprehensive Survey on the Requirements, Applications, and Future Challenges for Access Control Models in IoT: The State of the Art. IoT 2025, 6, 9. [Google Scholar] [CrossRef]
  138. Nankya, M.; Chataut, R.; Akl, R. Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies. Sensors 2023, 23, 8840. [Google Scholar] [CrossRef]
  139. Domnik, J.; Holland, A. On Data Leakage Prevention Maturity: Adapting the C2M2 Framework. J. Cybersecur. Priv. 2024, 4, 167–195. [Google Scholar] [CrossRef]
  140. Hasan, M.K.; Weichen, Z.; Safie, N.; Ahmed, F.R.A.; Ghazal, T.M. A Survey on Key Agreement and Authentication Protocol for Internet of Things Application. IEEE Access 2024, 12, 61642–61666. [Google Scholar] [CrossRef]
  141. Pourrahmani, H.; Yavarinasab, A.; Monazzah, A.M.H.; Van Herle, J. A Review of the Security Vulnerabilities and Countermeasures in the Internet of Things Solutions: A Bright Future for the Blockchain. Internet Things 2023, 23, 100888. [Google Scholar] [CrossRef]
  142. Román, R.; Arjona, R.; Baturone, I. A Lightweight Remote Attestation Using PUFs and Hash-Based Signatures for Low-End IoT Devices. Future Gener. Comput. Syst. 2023, 148, 425–435. [Google Scholar] [CrossRef]
  143. Shahid, K.; Ahmad, S.N.; Rizvi, S.T.H. Optimizing Network Performance: A Comparative Analysis of EIGRP, OSPF, and BGP in IPv6-Based Load-Sharing and Link-Failover Systems. Future Internet 2024, 16, 339. [Google Scholar] [CrossRef]
  144. Kurniabudi; Stiawan, D.; Darmawijoyo; Bin Idris, M.Y.; Bamhdi, A.M.; Budiarto, R. CICIDS-2017 Dataset Feature Analysis With Information Gain for Anomaly Detection. IEEE Access 2020, 8, 132911–132921. [Google Scholar] [CrossRef]
  145. Le, T.-T.-H.; Oktian, Y.E.; Kim, H. XGBoost for Imbalanced Multiclass Classification-Based Industrial Internet of Things Intrusion Detection Systems. Sustainability 2022, 14, 8707. [Google Scholar] [CrossRef]
  146. Sharmila, B.S.; Nagapadma, R. Quantized Autoencoder (QAE) Intrusion Detection System for Anomaly Detection in Resource-Constrained IoT Devices Using RT-IoT2022 Dataset. Cybersecurity 2023, 6, 41. [Google Scholar] [CrossRef]
  147. Hindy, H.; Bayne, E.; Bures, M.; Atkinson, R.; Tachtatzis, C.; Bellekens, X. Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset). arXiv 2020, arXiv:2006.15340. [Google Scholar]
  148. Garcia, S.; Parmisano, A.; Erquiaga, M.J. IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic. 2020. Available online: https://www.stratosphereips.org/datasets-iot23 (accessed on 10 February 2026).
  149. Umair, M.; Tan, W.-H.; Foo, Y.-L. Efficient Malware Classification with Spiking Neural Networks: A Case Study on N-BaIoT Dataset. In Proceedings of the 2023 Fourteenth International Conference on Ubiquitous and Future Networks (ICUFN); IEEE: Paris, France, 2023; pp. 231–236. [Google Scholar]
  150. Al Attar, R.; Alkasassbeh, M.; Al-Dala’ien, M.; Alohaly, M. Detecting Anomalies in IoT Devices: A Machine Learning-Based Solution. Preprints 2024, 2024040499. [Google Scholar]
  151. Zoghi, Z.; Serpen, G. UNSW-NB15 Computer Security Dataset: Analysis through Visualization. Secur. Priv. 2024, 7, e331. [Google Scholar] [CrossRef]
  152. Alosaimi, S.; Almutairi, S.M. An Intrusion Detection System Using BoT-IoT. Appl. Sci. 2023, 13, 5427. [Google Scholar] [CrossRef]
  153. Gheni, H.Q.; Al-Yaseen, W.L. Two-Step Data Clustering for Improved Intrusion Detection System Using CICIoT2023 Dataset. E-Prime-Adv. Electr. Eng. Electron. Energy 2024, 9, 100673. [Google Scholar] [CrossRef]
  154. Ferrag, M.A.; Friha, O.; Hamouda, D.; Maglaras, L.; Janicke, H. Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning. IEEE Access 2022, 10, 40281–40306. [Google Scholar] [CrossRef]
  155. Cooja Simulator Code Projects|Cooja Simulator for Iot Download Tutorials. Netw. Simul. Tools. Download. Available online: https://networksimulationtools.com/cooja-simulator-for-iot-download/ (accessed on 10 February 2026).
  156. nsnam Ns-3. Available online: https://www.nsnam.org/ (accessed on 10 February 2026).
  157. Wireshark · Download. Available online: https://www.wireshark.org/download.html (accessed on 10 February 2026).
  158. FIT IoT-LAB. Available online: https://iot-lab.github.io/ (accessed on 10 February 2026).
  159. Download Metasploit: World’s Most Used Penetration Testing Tool. Available online: https://www.metasploit.com/download (accessed on 10 February 2026).
  160. Sarkar, C.; Das, A.; Jain, R.K. Development of CoAP Protocol for Communication in Mobile Robotic Systems Using IoT Technique. Sci. Rep. 2025, 15, 9269. [Google Scholar] [CrossRef]
  161. Song, Y.-R.; Kwak, J. Semantic Similarity-Based AI RMF and NIST SP 800-53 Integrated Crosswalk Structured Process. IEEE Access 2026, 14, 52324–52341. [Google Scholar] [CrossRef]
Futureinternet 18 00266 g001
Figure 1. IoT Protocol Stack Across Perception, Network, and Application Layers.
Figure 1. IoT Protocol Stack Across Perception, Network, and Application Layers.
Futureinternet 18 00266 g001
Futureinternet 18 00266 g002
Figure 2. Centralized IoT Architecture.
Figure 2. Centralized IoT Architecture.
Futureinternet 18 00266 g002
Futureinternet 18 00266 g003
Figure 3. Decentralized IoT Architecture.
Figure 3. Decentralized IoT Architecture.
Futureinternet 18 00266 g003
Futureinternet 18 00266 g004
Figure 4. Hybrid IoT Architecture.
Figure 4. Hybrid IoT Architecture.
Futureinternet 18 00266 g004
Futureinternet 18 00266 g005
Figure 5. Blockchain-Based IoT Architecture.
Figure 5. Blockchain-Based IoT Architecture.
Futureinternet 18 00266 g005
Futureinternet 18 00266 g006
Figure 6. IoT attack taxonomy.
Figure 6. IoT attack taxonomy.
Futureinternet 18 00266 g006
Futureinternet 18 00266 g007
Figure 7. Evolution of IoT Detection Techniques.
Figure 7. Evolution of IoT Detection Techniques.
Futureinternet 18 00266 g007
Futureinternet 18 00266 g008
Figure 8. Taxonomy of Detection Techniques in IoT Security.
Figure 8. Taxonomy of Detection Techniques in IoT Security.
Futureinternet 18 00266 g008
Table 1. Overview of Related IoT Security Surveys.
Table 1. Overview of Related IoT Security Surveys.
Ref.AttacksDetection TechniquesCountermeasuresDatasets/Tools
[10]Network attacks (MITM, DoS), software, physical, encryption attacksN/AStrong passwords; tamper protection; secure communication; 2FA; segmentationN/A
[36]Attacks based on location, device property, information damageN/ASecure execution; bootstrap; storage; debugging; cryptosystemsN/A
[11]N/AAI-based detectionN/AN/A
[14]DDoS attacksAnomaly detection; LEDEMSDN; Fog; Blockchain; CloudNSL-KDD; CICIDS2017
[15]Adversarial attacksML-based detectionAdversarial training; preprocessing; tuningNSL-KDD; UNSW-NB15; ToN-IoT
[17]Privacy threatsN/AAI detection; blockchain; encryptionN/A
[37]N/AN/AN/AIoTSim; Contiki-Cooja
[19]Passive/active cyber threats; physical threatsML/DL detectionN/AKDD99; UNSW-NB15; CICDDoS2019
[18]Unauthorized access, malware, botnets, DoSFederated learningEncryption; access control; IDPS; patchingN/A
[38]Cyber and physical attacksIntrusion Detection System (IDS); ML anomaly detectionAI-based securityN/A
[39]Replay, impersonation, insider attacksCryptography-basedAuthentication; blockchainAVISPA; Scyther; ProVerif
[22]Jamming, spoofing, Sybil, ByzantineSignal + ML detectionN/AN/A
[40]Malware, MITMML techniquesAI-based methodsSGCC; WESAD
[23]DoS, botnets, data breachesN/AHardware; software; network; ML approachesN/A
[21]DDoS, MITM, spoofingN/ABlockchainN/A
[33]Replay, sinkhole attacksSignature; anomaly; hybridN/AIDC; IRAD; COOJA; NS-2
[34]DDoS attacksDeep learning detectionN/ACIC-DDoS2019; BoT-IoT; ToN-IoT
[41]DDoS, zero-day attacksDeep learningN/ANSL-KDD; UNSW-NB15; CICIDS2017
[42]Data breaches, malwareIDS; anomaly detectionSecure boot; encryption; segmentationN/A
[35]Replay, message modificationTrust modelsN/AN/A
Table 2. Comparison of IoT Security Architectures.
Table 2. Comparison of IoT Security Architectures.
Architecture TypeAdvantagesDisadvantages
Centralized
Simple to manage and deploy
Centralized control enables unified analytics and policy enforcement
Single point of failure
High latency and bandwidth consumption
Scalability issues
Decentralized (Edge/Fog)
Low latency due to local processing
Reduces cloud dependency
Better scalability and responsiveness
Increased complexity in management
Limited resources at edge nodes
Potential security gaps at the edge
Hybrid
Combines benefits of edge and cloud
Flexible load distribution
Balances latency and compute power
Higher design and maintenance complexity
Requires careful orchestration
Blockchain-Based
High data integrity and transparency
Decentralized trust and secure logging
Reduces single point of failure
High computational and energy costs
Scalability limitations
Latency in consensus mechanisms
Table 3. Classification of IoT Attacks Across Different Domains.
Table 3. Classification of IoT Attacks Across Different Domains.
ClassificationAttack TypeHealthcareIndustrialSmart HomeTransportation
Based on Attack VectorNetwork AttacksEavesdropping on patient dataMitM on control systemsSpoofing smart devicesGPS spoofing
Software AttacksMalware in medical devicesN/AMalware on smart appliancesHacking vehicle systems
Physical AttacksN/ATampering with machineryN/AN/A
Based on TargetDevice AttacksTargeting wearable monitorsExploiting industrial sensorsHacking smart locksHacking infotainment systems
Data AttacksAccessing patient recordsChanging operational dataControlling surveillance footageManipulating traffic data
Based on ExecutionActive AttacksInterfering with medical dataSabotaging machineryDisabling home securityDisrupting communications
Passive AttacksMonitoring health trafficCollecting operational dataMonitoring user habitsTracking travel patterns
Based on ImpactConfidentialityExposing patient recordsLeaking industrial secretsAccessing personal dataHacking driver data
IntegrityAltering medication dosagesFalsifying sensor dataChanging device settingsManipulating navigation data
AvailabilityDisabling medical devicesDisrupting productionDisabling home systemsDisabling vehicle systems
Table 4. Comparison of ML/DL-Based Intrusion Detection Techniques.
Table 4. Comparison of ML/DL-Based Intrusion Detection Techniques.
Ref.TechniquesPerformance MetricsDataset Used
[100]LSTMAcc: 98.75%; Prec: 98.66%; Rec: 98.75%; F1: 98.59%CIC-IoT2023
[101]AutoBoost-IoTAcc: 99.63%; 98.94%N-BaIoT; CIC-IoT2023
[102]CNN-BMECapSA-RFAcc: 99.99%; 99.85%TON-IoT; NSL-KDD
[103]FL, SLAcc: 98.99%, 99.23%; 97.78%, 98.02%NSL-KDD; UNSW-NB15
[104]Hybrid (K-means + DT + Rule-based)Acc: 99.00%CTU-13
[105]EIDMAcc: 95%CICIDS2017
[106]1D-CNNAcc: 99.90%; Prec: 98.80%; Rec: 98.78%; F1: 98.79%Edge-IIoTset
[107]CNN + LSTMAcc: 92.10%; Prec: 92.85%; Rec: 91.75%; F1: 90.11%UNSW-NB15
[108]DQN-based RLAcc: 99.8%; 99.4%MedBIoT; N-BaIoT
[109]DFFNNAcc: 99.7%; 99.1%; 99.8%NSL-KDD; UNSW-NB15; CICIDS2017
[110]CNN-GRUAcc: 99.75%UNSW 2018 IoT Botnet
[111]CFS+SVMAcc: 99.11%NSL-KDD
[112]KPCA + CNNAcc: 99.8%ToN-IoT; BoT-IoT
[113]LSTM-GRUAcc: 98.86%CICIDS-2017
[114]Stacking Ensemble: RF + XGBoost + SVM + MLP with LR (meta-learner)Acc: 98.14%; Prec: 98.18%; Rec: 98.12%; F1: 98.13%NF-ToN-IoT-V2
[115]BERT-based modelAcc: 98.2%Edge-IIoTset
[116]GA-FR-CNNAcc: 94.49%; 93.78%UNSW-NB15; BoT-IoT
[117]PSO-SVMAcc: 95.56%; Prec: 94.12%; Rec: 96.43%; F1: 95.26%BinVis dataset
[118]PCC-CNNAcc: 99.89%NSL-KDD; CICIDS2017; IOTID20
[119]RKCNN-MMBOAcc: 99.96%; 99.95%N-BaIoT; CICIDS-2017
[120]LGBMAcc: 99.92%DS2OS
[121]SATIDS (improved LSTM)Acc: 96.35%; 99.73%ToN-IoT; InSDN
[122]GA + DTAcc: 99.98%; F1: 99.63%BoT-IoT
[123]VGG-16 + StackingAcc: 98.3%; Prec: 96.3%; Rec: 100%; F1: 98%IEEE Dataport
[124]DNNAll metrics ≈ 99%CICIoT2023
[125]Feature Selection + DTAcc: 99.98%CICI-IDS-2018
[126]GAN + TransformerAcc: 95%Edge-IIoT
[127]AE + XGBoostAcc: 99.54%N-BaIoT
[128]DNNAcc: 93%; F1: 92%IoT-23; Edge-IIoTset
[129]PCA + RFAcc: 99.87%; Prec: 99.79%; Rec: 99.94%; F1: 99.86%NSL-KDD
[130]CNN + LSTMAcc: 92.9%; 99.80%UNSW-NB15; X-IIoTID
[131]DeepAK-IoTAcc: 90.57%; 94.96%; 98.41%TON-IoT; Edge-IIoTset; UNSW NB15
Table 5. Countermeasures for IoT Attacks.
Table 5. Countermeasures for IoT Attacks.
ClassificationAttack TypeProactive CountermeasuresReactive Countermeasures
Based on Attack VectorNetwork Attacks [132,133]
Traffic filtering
Encryption (TLS/SSL)
Rate limiting
N/A
Software Attacks [134]
Secure coding
Input validation
Web Application Firewall (WAF)
Physical Attacks [135]
Tamper-proof hardware
Secure environments
Physical intrusion detection
Based on TargetDevice Attacks [138]
Vulnerability scanning
Secure boot
Network segmentation
N/A
Data Attacks [139]
Access control
Secure encrypted storage
Data Leakage Prevention (DLP)
Based on Execution MethodActive Attacks [140]
Strong authentication
Secure session handling
Anomaly detection
Passive Attacks [79,141]
Encrypted communication
VPN usage
Traffic obfuscation
N/A
Based on ImpactConfidentiality Attacks [136]
Encryption (at rest & in transit)
Role-Based Access Control (RBAC)
Key management
N/A
Integrity Attacks [142]
Data integrity checks
Hash validation
Secure channels
N/A
Availability Attacks [143]
Load balancing
Redundancy/failover systems
Traffic filtering
Table 6. Commonly Used IoT Intrusion Detection Datasets.
Table 6. Commonly Used IoT Intrusion Detection Datasets.
Ref.DatasetYearData SizeDescription
[145]TON_IoT2020∼25 GB, 1 M+ recordsComprehensive dataset combining telemetry, OS, and network traffic for IDS and threat intelligence.
[144]CICIDS20172017∼3.6 GB, ∼3 M recordsRealistic traffic including DDoS, scanning, and brute-force attacks in IoT-like environments.
[147]MQTT-IoT-IDS20202020∼1.2 GBMQTT-based IoT network with scanning, brute-force attacks, and normal traffic.
[146]RT-IoT20222022∼6 GBFocuses on real-time IoT environments and wireless attack scenarios.
[148]IoT-232021∼17 GB, 20 scenariosLabeled IoT traffic including benign and malware (e.g., Mirai) scenarios.
[151]UNSW-NB152015∼2.5 GB, 2.5 M recordsMixed normal and attack traffic including botnets for anomaly detection.
[152]BoT-IoT2018∼16.7 GB, 72 M recordsIoT-specific dataset with DDoS, data exfiltration, and scanning attacks.
[149]N-BaIoT2018∼0.6 GBIoT device traffic with normal behavior and Mirai-based attacks.
[153]CICIoT20232023N/ARecent dataset including IoT attack patterns for hybrid IDS research.
[150]IoTID202020∼1.5 GBLabeled IoT dataset with protocol and device-specific features.
[154]Edge-IIoTset2022∼1.8 GBEdge IoT dataset supporting binary and multiclass intrusion detection.
Table 7. Common Tools for IoT Security Evaluation.
Table 7. Common Tools for IoT Security Evaluation.
Tool NameDescriptionPurpose in IoT SecurityProtocol/OS SupportAvailability
Cooja SimulatorIoT network simulator designed for wireless sensor networks (WSNs).Used for testing security protocols, intrusion detection, and simulating attack scenarios in IoT environments.Contiki OS, 6LoWPAN, RPL, IEEE 802.15.4Open-source
WiresharkA network protocol analyzer for capturing and analyzing traffic.Helps monitor network security, detect malicious packets, and analyze attacks such as DDoS and MitM.IPv4/IPv6, TCP/UDP, IEEE 802.15.4, Linux-compatibleOpen-source
IoT-LABA large-scale IoT testbed for real-world experimentation.Allows testing of IoT security protocols, attack simulations, and network performance in a controlled environment.Contiki-NG, RIOT OS, CoAP, RPLOpen-access
NS-3A discrete-event network simulator supporting IoT protocols.Used to simulate IoT attacks, evaluate security mechanisms, and analyze intrusion detection systems.Protocol-agnostic; supports TCP/IP, MQTT, CoAPOpen-source
Metasploit FrameworkA penetration testing tool for vulnerability assessment.Used to simulate IoT attacks, exploit vulnerabilities, and evaluate security defenses.OS-independent; supports HTTP, UPnP modulesOpen-source
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Moucharraf, M.; Ridouani, M.; Salahdine, F.; Kaabouch, N. IoT Security: A Comprehensive Review of Architectures, Threat Models, Detection Methods, and Countermeasures. Future Internet 2026, 18, 266. https://doi.org/10.3390/fi18050266

AMA Style

Moucharraf M, Ridouani M, Salahdine F, Kaabouch N. IoT Security: A Comprehensive Review of Architectures, Threat Models, Detection Methods, and Countermeasures. Future Internet. 2026; 18(5):266. https://doi.org/10.3390/fi18050266

Chicago/Turabian Style

Moucharraf, Mehdi, Mohammed Ridouani, Fatima Salahdine, and Naima Kaabouch. 2026. "IoT Security: A Comprehensive Review of Architectures, Threat Models, Detection Methods, and Countermeasures" Future Internet 18, no. 5: 266. https://doi.org/10.3390/fi18050266

APA Style

Moucharraf, M., Ridouani, M., Salahdine, F., & Kaabouch, N. (2026). IoT Security: A Comprehensive Review of Architectures, Threat Models, Detection Methods, and Countermeasures. Future Internet, 18(5), 266. https://doi.org/10.3390/fi18050266

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop