Integrating Blockchain with Artificial Intelligence to Secure IoT Networks: Future Trends

Abstract

Recently, the Internet of Things (IoT) has gained tremendous popularity in several realms such as smart cities, healthcare, industrial automation, etc. IoT networks are increasing rapidly, containing heterogeneous devices that offer easy and user-friendly services via the internet. With the big shift to IoT technology, the security of IoT networks has become a primary concern, especially with the lack of intrinsic security mechanisms regarding the limited capabilities of IoT devices. Therefore, many studies have been interested in enhancing the security of IoT networks. IoT networks need a scalable, decentralized, and adaptive defense system. Although the area of development provides advanced security solutions using AI and Blockchain, there is no systematic and comprehensive study talking about the convergence between AI and Blockchain to secure IoT networks. In this paper, we focus on reviewing and comparing recent studies that have been proposed for detecting cybersecurity attacks in IoT environments. This paper address three research questions and highlights the research gaps and future directions. This paper aims to increase the knowledge base for enhancing IoT security, recommend future research, and suggest directions for future research.

1. Introduction

Internet of Things (IoT) is an emerging and promising technology that automates business and academic processes in form of easy and simple operations. The fundamental concept of this technology is linking a massive number of smart devices together to exchange services and data through the internet without involving any human. IoT networks allow us to cooperate and contribute to those things without involving ourselves in the process [1,2,3]. The vital purpose of IoT is to simplify human operations via smart applications [4,5,6].

IoT has become the biggest network inclusive of millions of interconnected devices [4,5,6]. Examples of those things are cars, mobiles devices, laptops, buildings, and even clothing which have sensors. Those sensors are designed to convert the physical world to the digital world via data flow [1,2,3].

According to the large structure of IoT networks, heterogeneity and decentralization are the key properties of IoT networks [1,2,3]. The range of IoT applications is expanding vastly in our daily life, and this massive range includes interactivity between end devices and network technologies, where the enormous growth of its networks can open new community opportunities [3,4].

Although IoT has proven its benefits in several domains, IoT networks have many challenges, including three main concerns that should be recognized: trust, security, and the identity of things, mainly under the limited capabilities of IoT resources. Indeed, other environments may have these challenges, but their impact on IoT networks could be more harmful, which is worrying as it enables the intruders to penetrate the IoT networks [4,5,6].

The main limitations of IoT networks are the limited abilities of the operating systems in terms of power, storage, and the limited computational capabilities of the end devices. Therefore, few IoT devices can hold the basic security mechanisms, whereas others cannot preserve the security requirements. Additionally, the issues of connectivity, visualization, and data analytics under the heterogeneous nature of IoT, including unreliable networking protocols. Thus, it is a real challenge to merge various technologies and devices into one network securely [3,5,7].

Owing to these limitations, IoT still has many security vulnerabilities that can turn into real threats. Moreover, these limitations make IoT networks weak against today’s cybersecurity attacks that use advanced technical approaches [3,5,7].

To handle the IoT limitations effectively, many security studies have been conducted to enhance IoT security by utilizing other emerging technology. Based on recent studies, Artificial Intelligent (AI) and Blockchain are the key drivers that can revolutionize IoT and contribute to the problem-solving of IoT [1,2,3]. Additionally, the bio-inspired AI approaches have become a suitable model for dynamic and changeable IoT networks because there are common operations between biological phenomena and IoT [2].

AI-based models can generate an Intelligence of Things which rely on a single point of detection. They are built on a centralized server/client model called a third-party auditor responsible for authenticating all nodes [8], whereas Blockchain is one of the most popular decentralization technologies. It is a distributed database that records all network transactions and shares them among all network participants. Blockchain-based models provide a shared distributed ledger, where its consensus mechanism can offer secure data sharing in a tamper-proof way. The Blockchain can solve privacy and trustworthiness issues [8].

Thereby, the convergence of IoT, AI, and Blockchain has several benefits, and it could build a new powerful technology [8]. Combining these three technologies will complement them with each other. The Blockchain can solve privacy and trustworthiness issues. While AI has the power of building an advanced analytical algorithm on the Blockchain to defense against cybersecurity attacks [4].

To the best of our knowledge, no study has performed a Systematic Literature Review (SLR) of research on the convergence of AI and Blockchain to enhance the security of IoT networks. The interconnectedness between these three technologies is still unclear and disregarded.

However, the true potential of these new emerging technologies will be realized when more research is carried out based on integrating these technologies.

Thus, this paper presents a systematic review to analyze and evaluate the ability to apply AI and Blockchain jointly to enhance IoT security. Starting from the studies that talked about one of these three techniques to the ones that discussed solutions using them simultaneously. Precisely, this paper aims to answer the following research questions:

• RQ1: What are the need for integrating AI and Blockchain technologies with IoT to secure its network?
• RQ2: What are the recent approaches that handle the security concerns in the IoT environment by integrating AI algorithms and Blockchain?
• RQ3: What are the research gaps and future directions within the security of IoT networks based on AI and Blockchain technologies ?

1.1. Research Motivation

Presently, our lives have become more interlaced with the digital world. IoT is one of the most emerging technologies that provide helpful services in several domains, such as healthcare and industrial automatization. IoT networks trove the data flow via IoT devices to deliver automatic services.

Generally, IoT devices are manufactured with limited capabilities in a non-standard manner. As a result, IoT networks are exposed to cybersecurity attacks constantly. Data theft, cybersecurity attacks, and other security risks of using IoT devices increase the demand for IoT security solutions. IoT networks demand multi-disciplinary mechanisms capable of defeating today’s cybersecurity attacks and responding rapidly to vital threat activities.

Although AI approaches have proven their ability to analyze big data to extract patterns or identify the symptoms of attacks, IoT network demands decentralized and collaborative solutions that spread across the whole network and are compatible with its nature. Moreover, trust and privacy between collaborative participants play a critical role in determining the efficiency of the defense model. Even though existing AI provide collaborative and decentralizes solutions, they may not be provided efficiently. Since Blockchain is a promising technology that provides a distributed infrastructure securely and ensures the trust and privacy of the provided solutions, it will contribute to remedy the limitations of AI-based solutions in order to serve the IoT network demands. As a result, enhancing the security of IoT networks can be offered efficiently through the integration of the principles of AI and Blockchain.

Therefore, it is necessary to have an exhaustive understanding of the new application of Blockchain and AI technologies to improve the efficiency of the defense models. So, it is essential to conduct a systematic literature review on detecting cybersecurity attacks using Blockchain or AI methods.

To the best of our knowledge, there is no previous study discussing developments toward mitigating the centralization issue of AI-based models by employing Blockchain technologies. Either the studies focus on recent AI solutions or Blockchain solutions. In this study, we aim to bridge the knowledge gap between AI and Blockchain to help the researchers investigate novel solutions by converging AI and Blockchain to empower the security of IoT network.

1.2. Research Contribution

This SLR intends to provide a clear guideline for IoT security research by attaining the following objectives:

• Propose a systematic review and analyze the existing defense models based on AI and Blockchain technologies.
• Highlight the benefits of employing Blockchain to empower the security of IoT networks.
• Explore the main limitations of the Blockchain-based defense models in IoT networks.
• Provide an assessment of the recent defense models using a set of metrics such as IoT network characteristics and requirements.
• Outline future directions that can enhance by integrating Blockchain and AI techniques for securing IoT networks against cybersecurity attacks.

This paper is organized as follows: Section 2 highlights the background of our research. Section 3 describes our research methodology. Section 4 presents the analysis. Finally, Section 5 presents the conclusions.

2. Background

2.1. IoT Overview

In the last few years, IoT applications have spread widely in our daily life. IoT networks are capable to connect billions of things globally anytime, anywhere via wired or wireless networks. The connected things are various from each other in terms of size, storage, power, and applications [8]. The IoT network can include personal computers, laptops, smartphones, tablets, PDAs, and other hand-held embedded devices. All these types have an embedded sensor that collects data from their surrounding environment. The IoT can make an intelligent decision from the collected data [8].

The IoT applications can be divided into two broad classes: sensing applications and data analytics applications. The first class includes monitoring the traffic, smart cities, crowded sensing, and automatization of industry. The second class includes the banking process, insurance, and healthcare implementations [1].

IoT networks differ from traditional networks in terms of the volume of the data produced, where IoT networks generate big data considerably with enhanced accuracy, quality, timeliness, and diversity. Therefore, IoT systems shall have the capability of gathering and analyzing a large amount of data for a particular purpose to achieve multi goals in several fields [1,2,3].

The impact of IoT on information communication can be comprehended by studying its benefits with related risks. Studying its impact will identify the reason for using IoT networks, whereas studying the related risk will determine its effect on several fields. The bold benefits of IoT with related risk can be described based on its nature as follows [1,2,3]:

• Linked Feature: The IoT links a large amount of data from various sources to empower the community by delivering self-services at a low cost. Gathering big data from different sources involves different users and techniques. Therefore, the IoT network is complicated. The linked data can improve consumer trust with the ability of fraud detection. But the main risks related to linked data are shortage of skilled personnel, limited educational institutes, and structural issues.
• Big Feature: The IoT networks generate a large volume of data in which big data analytics play a vital role in enhancing information communication. The IoT can improve the planning operation and reactions to unexpected events that enhance the performance of industries. Additionally, the IoT network is being used in the monitoring process such as monitoring the quality of industrial assets. In contrast, the data leak is the main risk that affects privacy.
• Openness Feature: The data produced by IoT can be open for general use. The IoT makes data available for the public to provide transparency of the business processes. IoT allows other devices to access the public data on the IoT network to utilize them. Moreover, the IoT has improved data access to offer consumer self-services. But the risks of open data are scalability problems, security concerns especially providing fine-grained access control.

2.1.1. IoT Architecture

IoT network consists of three layers: the perception layer, the network layer, and the application layer as in Figure 1. The perception layer is the lowest layer in which represents the physical or senses layer. It is in charge of gathering the data from the surrounding environment using sensors such as RFID readers, 2D-barcode, and smart controllers [2,8]. The function of this layer is interlinking and processing the data, then sending it to the network layer. Several data types can be gathered by sensors, such as temperature, motion, locations, and heartbeats [8,9]. The network layer is the middle layer that links the perception and the application layer via well-known transmission technologies such as 4G, WIFI, and Bluetooth [2,3,8]. This layer is responsible for carrying and routing the data between IoT devices and IoT hubs. Finally, the application layer is the upper layer where the end-user meets with IoT via smart applications such as smart home, smart city, and healthcare [2,3,8].

2.1.2. Security Requirements

IoT networks have security prerequisites that must be resolved as any network (See Figure 2). The security requirements of IoT networks are as follows [1,2]:

• Confidentiality: The confidential data must be protected from unauthorized access by unauthorized users. Moreover, the protection of proprietary data and confidentiality should be guaranteed. Cryptographic encryption/decryption schemes are the best way to ensure data confidentiality.
• Integrity: Data integrity means that the data inside the node of IoT cannot be altered, manipulated, or consumed by uncertified entities or users. The most famous attack that can compromise data integrity is the man-in-the-middle attack. The attacker intercepts the data before it is delivered to the receiver node.
• Authenticity: The concept of this requirement is related to the assurance of the data and transactions’ authenticity. Particularly, the user must be the one who claims to be. The most famous technique that can preserve data authenticity is cryptographic digital signatures.
• Non-repudiation: It addresses the ability to prove all occurred events. In general terms, the sender and receiver cannot deny any sent or received data.
• Authorization: It means the provision of granting any user permission to own or perform some function.
• Availability: The concept of this requirement is to guarantee that the data, services, and network resources are available all time to authorized users.
• Energy efficiency: The low resources of IoT devices must be protected from energy consumption.
• Privacy: The individual information must not be exposed by other parties.
• Resilience to attacks: The concept of this requirement is avoiding the single points of failure.

Before discussing the most common security threats in the IoT network, we present the security challenges and vulnerability of the IoT network in the next Section 2.1.3.

2.1.3. Security Challenges and Vulnerability

Protecting IoT networks from cyber-attacks is a complex task under the structure layered. However, identifying the limitations and vulnerabilities of each layer helps to provide a proper security scheme [3]. IoT vulnerabilities can turn into real threats that can be easily exploited by an attacker to perform an attack. Therefore, a security researcher has studied and determined the current IoT vulnerabilities are as follows [3]:

• Lack of sufficient authentication and authorization approaches such as using the default weak passwords, having weak password retrieval systems, and a lack of fine-grained access control.
• Unreliable user interfaces such as weak login certificate and using plain-text credentials.
• Insecure network services.
• Privacy problems.
• Lack of sufficient transport encryption/integrity verification.
• The inadequacy of the security configuration.
• Poor physical security.

In an IoT system, the security challenges are graded according to the nature of the IoT network as follows [1]:

• Data Volume Challenges: IoT applications produce a large amount of confidential data that are a potential target to an attacker. Therefore, privacy protection is a critical concern especially in terms of linked data that are comprised of IoT nodes.
• The Scalability Challenges: The security scheme must be scaled throughout the IoT network to cover a large number of entities.
• Heterogeneity challenges: IoT links various identities in which every identity has different capabilities and complexity. Further, IoT devices differ from each other in their interfaces, versions, and function. Thus, IoT protocols should support all devices and must be able to connect heterogeneous networks and things.
• Interoperability Challenges: IoT security should be developed and utilized without restricting the operations of IoT nodes.
• Autonomous Control Challenges: IoT systems must provide automatic settings in the end devices without users’ configuration.
• Attack Resistant Challenges: End nodes of IoT systems are small devices having very little or no physical armor. Thus, the fixed devices can be destroyed easily by a natural disaster or cameras. Moreover, small mobile sensors can be stolen.

2.1.4. IoT Cybersecurity Attacks

In general, IoT owns a complex and heterogeneous nature to drive the automatization and user-friendliness of business processes. For example, the automatization of rental car processes, automatic healthcare processes, and solving traffic congestion. In contrast, the IoT nature causes many vulnerabilities to the IoT network. Those vulnerabilities are rising day by day, causing several attacks in IoT networks [1]. Additionally, the limited capabilities of IoT devices, the lack of fine-grained access control, and unencrypted data allow the adversaries to perform several attacks such as eavesdropping and traffic analysis [1,2]. The number of attacks are growing with the number of vulnerable devices, and the most common cyber-security attacks in IoT are described in

Table 1. Cybersecurity Attacks in IoT.

Type	Action	IoT Layer	Effect
End Device Attacks	The attacker owns the physical control of IoT devices.	Perception Layer	The attacker can access confidential data such as keys and certificates. Further, the attacker may use the stolen confidential data to pretend to be an authentic node.
Communication Channel Attacks	The attacker intercepts the communication of the unencrypted channels to gain access to the confidential data.	Network layer	Disclosure of IoT data.
Network Protocol Attacks	The attacker exploits the vulnerabilities of the used network protocol to launch different attacks such as blackhole attacks, reply attacks, DDoS attacks.	Network layer & Application layer	The efficiency and precision of the IoT network would be degraded by this type of attack.
Sensory Data Attacks	The attacker alters and tampers the data before they reach the destination.	Network layer & Application layer	Corrupted data will be spread across the IoT network.
DoS Attack	The attacker depletes the IoT resources by sending a huge number of fake requests to make IoT services unavailable to authorized users.	Network layer & Application layer	The IoT resources will be completely consumed, and the whole network will be overwhelmed.
Software Attacks	The attacker exploits the software vulnerabilities to own full control of software using malicious scripts, viruses, and worms.	Application layer	The attacker uses these types of attacks to perform advanced attacks such as the DoS attack.

[1,2].

2.2. Blockchain Overview

Blockchain is an emerging technology that provides a distributed ledger containing a list of blocks. These blocks record all transactions in encrypted forms to offer reliable transactions over an untrusted group of participants [10,11]. Each block consists of four parts: the transaction number, the hash value of the present block, the hash value of the previous block, and a timestamp [6,12]. Specifically, Blockchain is a distributed database that is deployed in a peer-to-peer network [6]. A typical Blockchain process is illustrated in Figure 3. It groups and stores all transactions in a tamper-proof, immutable, and persistent ledger [11]. All transactions are signed using a related public and private key [4]. The Blockchain contains various types of node as follow [6]:

• Miner nodes: These nodes are responsible for packing the transactions into blocks and running the consensus algorithms. Sometimes, they have the highest computational power in some Blockchain types like proof-of-work consensus.
• Full nodes: These nodes are responsible for downloading the entire Blockchain and verifying the integrity of all transactions.
• The thin clients: These nodes can download the block headers only. Thus, the Blockchain can be used with minimal storage and computing requirements.
• The server-trusting clients: These nodes have the public key of clients and can generate a transaction after making the client’s approval.

The key attribute of Blockchain is providing security, data integrity, and anonymity without using a third party to control network transactions. Blockchain technology has become a promising technology in the last few years. Thanks to its high proficiency in building safe and reliable architectures for transport management systems in parallel and intelligent ways [4].

Nowadays, Blockchain systems are rising to meet the demands of business processes and industry [13]. Researchers in the information technology domain and financial institutions have conducted much research on Blockchain to show its technical capabilities. Blockchain facilitates data sharing in decentralized, distributed, secure, and trusted form [13]. Further, Blockchain nodes continuously verify blocks of the system to stand against cybersecurity attacks [6]. Blockchain technologies have proven their functional abilities in various realms such as banking, e-governance, insurance, agriculture [5].

2.2.1. Blockchain Characteristics

Blockchain has many desirable characteristics that make it proper for reliable data sharing. Blockchain provides a trusted environment through self-enforcing rules that generate automatic transactions. Thus, it reduces the trust needed among the Blockchain partners, where each transaction is performed in a mutually acceptable strategy [14]. These characteristics are listed below:

• Decentralization: The storge of the Blockchain is a distributed database that stores a large number of linked data. It links the current block with the previous block [12]. Furthermore, Blockchain is constructed on peer-to-peer networks without trusted third-party [10].
• Transparency: The data is transparent to all users on the Blockchain that makes it credible. Specifically, in the public Blockchain, the full copy of all transactions in a network is available to all nodes. However, in the private and consortium Blockchain, restricted access to only permissions nodes [1,11,15].
• Immutability: The Blockchain is based on linking all blocks using the hash value of the previous block’s header. Thus, the Blockchain records are irreversible and non-repudiable [1,11].
• Pseudonymity: Each node in the Blockchain uses the pseudonymous address to interact with other nodes. The main reason is to avoid identity exposure without losing the transparency feature [1,11].
• Traceability: The Blockchain records all transactions in the distributed ledger with a timestamp. Thus, all participants can verify and trace any transaction between two parties [1,11,15].
• Autonomy: Each node can send and receive transactions without a trusted third party, using public/private key pairs [11].
• Programmable: Blockchain may include smart contracts that are made to support the negotiation and performance of the contract. A smart contract is a piece of code that can be executed, verified, or enforced by itself. Sometimes, smart contracts are employed to build IP addresses black-list and white-list. The Ethereum platform is the most famous open Blockchain that has smart contracts capabilities [16].

2.2.2. Types of Blockchain

In general, the Blockchain types are public Blockchain, private Blockchain, and consortium Blockchain. Blockchain types differ in terms of the access permissions of users to interact with the ledger. The details of each type are as follows [1,11]:

• Public Blockchains are also called permissionless networks that allow all participants to use the main chain either as readers or writers. Thus, all transactions are open to all nodes, so each node can check and verify all transactions. Moreover, the transaction time and cost are more than other types. Examples of public Blockchain are Bitcoin, Ethereum, and Zerocash
• Private Blockchains are also called permissioned Blockchains that have restricted access. They identify the miner nodes that involve in all transactions. But each node has permission to access its linked data. These types protect data and user confidentiality more than public Blockchains because the number of involved nodes in each transaction is lesser. Examples of these types are Quorum and Multichain
• Consortium Blockchains are also called hybrid Blockchains which are semi-decentralized networks. They combine the public and private forms, but it is closer to private Blockchains. The Blockchain is under the supervision of a group of users. Mainly, they are controlled by unique predetermined nodes without monopoly. Examples of these types are Hyperledger Fabric and Ethermint.

3. Research Methodology

To achieve our objectives mentioned earlier in the document, we extensively conducted a systematic review of recent defense approaches. Precisely, we followed a step-wise methodology proposed by Kitchenham, B., & Charters [17] to evaluate all available relevant research on cybersecurity which consists of three main phases: planning, reviewing, and reporting (See Figure 4).

3.1. Planning Phase

The planning phase was started by defining the necessity for this SLR and specifying the protocol as follows:

• Defining the Needs For SLR:
  From what we know, there has not been any systematic review of the literature on the empowerment of IoT network security by AI and Blockchain research together which led to the start of this work. Our paper discusses the recent studies during the period from 2017 to 2022. This SLR aims to discover how other researchers have remedied the security issues in the IoT network by AI and Blockchain. Then, explore the solutions and assess the studies to figure out how to secure IoT networks by integrating AI and Blockchain simultaneously.
• Indicating Research Questions:
  In accordance with our motivation, we set our research questions clearly to define the problems that our review aims to address (See

  Table 2. The research questions and motivations.

  Research Question	Motivations
  What are the need for integrating AI and Blockchain technologies with IoT to secure its network?	To get insight into recent IoT security solutions that integrate IoT with other emerging technology for improving its security and addressing their effectiveness in a secure manner.
  What are the recent approaches that handle the security concerns in the IoT environment by integrating AI algorithms and Blockchain?	Determine, contrast, and categorize the IoT security techniques currently in use.
  What are the research gaps and future directions within the security of IoT networks based on AI and Blockchain technologies?	Realize the research gaps and future directions in IoT security.

  ).

3.2. Conducting Phase

In this section, we will go over the methodology that we used to conduct a systematic literature review in great detail. Starting from determining and refining the search terms depending on the main keywords regarding the scope of this research and ending with an assessment of the selected studies.

• Step 1: Studies Selection:
  In step one, we appiled a search strategy to find all relevant studies that fulfill the research objectives. Specifically, we performed two steps procedure that clarifies how to search for sources using search terms.
  • First, we have determined the three groups of keywords considering the alternative spellings of the terms through the following strategy:

    -

    Defining the keywords related to the broad scope of the research as follows: Internet of Things, IoT security, network security, and cybersecurity.

    -

    Specifying the keywords related to enhancing IoT security by other technology as follows: Artificial Intelligence, Human Immune System, and Blockchain.

    -

    Narrowing down the research by selecting a set of terms related to the proposed solution type as follows: Intrusion detection system (IDS), Defense approach, Antivirus.

  • Second, we have selected four digital libraries: IEEE, Web of Science, Wiley, and ScienceDirect. Then, we applied the keywords to these libraries using Boolean operators OR and AND. We have used OR between terms of each group and AND between keywords of different groups.
• Step 2: Filter the search results:
  In this step, we filtered down the papers from the search results to set the thematically relevant studies that can help us to answer the research questions of this SLR. We created a list of Inclusion and Exclusion Criteria (see Table 3). The following are the steps involved in this SLR’s selection and filtration:

  -

  Applying our criteria for inclusion and exclusion.

  -

  Removing any duplicate articles discovered in different libraries.

  -

  Searching on the article references to find additional related articles.

A total of 22 studies passed the selection process shown in Table 4. We excluded the papers published before 2017 and the duplicated studies. Figure 5 depicts the results of the search process.

Table 3. Paper Selection Criteria.

Inclution Criteria	Exclution Criteria
Include comprehensive studies which compare recent defense models to secure IoT networks. Include Blockchain-based solutions to secure IoT networks. Include AI-based solutions to secure IoT networks.	Exclude studies that integrate AI and Blockchain technologies but do not relate to network security. Eliminate the studies that were published more than six years ago. Exclude books and theses.

Table 3. Paper Selection Criteria.

Inclution Criteria	Exclution Criteria
Include comprehensive studies which compare recent defense models to secure IoT networks. Include Blockchain-based solutions to secure IoT networks. Include AI-based solutions to secure IoT networks.	Exclude studies that integrate AI and Blockchain technologies but do not relate to network security. Eliminate the studies that were published more than six years ago. Exclude books and theses.

• Step 3: Data Extraction:
  In this step, we gathered the necessary data from each study to find the answer to our research questions. Table 5 presents the extracted data related to our search domain.
  In addition, Table 6 presents useful data related to Blockchain-based solutions, while Table 7 presents useful data related to AI-based solutions.
  Table 4. The most influential papers in the field of securing IoT networks ordered by year of publication.

  Studey No.	Reference	Year	Title
  S1	[16]	2017	A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts
  S2	[18]	2018	BlockSecIoTNet: Blockchain-Based Decentralized Security Architecture for IoT Network
  S3	[9]	2018	Towards decentralized IoT security enhancement: A Blockchain approach.
  S4	[7]	2018	Defense Scheme to Protect IoT from Cyber Attacks using AI Principles.
  S5	[19]	2018	SmartRetro: Blockchain-based Incentives for Distributed IoT Retrospective Detection.
  S6	[20]	2019	Autonomous and Malware-proof Blockchain-based Firmware Update Platform with Efficient Batch Verification for Internet of Things Devices.
  S7	[21]	2019	An Approach For An Distributed Anti-Malware System Based on Blockchain Technology.
  S8	[22]	2019	Secured Cyber-Attack Signatures Distribution using Blockchain Technology.
  S9	[23]	2019	Designing collaborative Blockchained signature-based intrusion detection in IoT environments.
  S10	[10]	2019	Privacy-Preserving Support Vector Machine Training Over Blockchain-Based Encrypted IoT Data in Smart Cities.
  S11	[24]	2019	Collaborative Blockchain-Based Detection of Distributed Denial of Service Attacks Based on Internet of Things Botnets.
  S12	[6]	2019	Designing a Blockchain- Based IoT With Ethereum, Swarm, and LoRa.
  S13	[25]	2020	Immune System Based Intrusion Detection System (IS-IDS): A Proposed Model.
  S14	[13]	2020	Biologically Inspired Smart Contract: A Blockchain-Based DDoS Detection System.
  S15	[26]	2020	Utilizing Blockchain for Distributed Machine Learning based Intrusion Detection in Internet of Things.
  S16	[12]	2020	BlockIoTIntelligence: A Blockchain-enabled Intelligent IoT Architecture with Artificial Intelligence.
  S17	[27]	2020	DeepDCA: Novel Network-Based Detection of IoT Attacks Using Artificial Immune System.
  S18	[5]	2021	Privacy-preserving in smart contracts using Blockchain and artificial intelligence for cyber risk measurements.
  S19	[28]	2021	A Bio-Inspired Reaction Against Cyberattacks: AIS-Powered Optimal Countermeasures Selection.
  S20	[29]	2021	IoTBoT-IDS: A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities.
  S21	[30]	2021	A Framework for Mitigating DDoS and DOS Attacks in IoT Environment Using Hybrid Approach.
  S22	[31]	2021	A Distributed framework for detecting DDoS attacks in smart contract-based Blockchain-IoT Systems by leveraging Fog computing.

  Table 4. The most influential papers in the field of securing IoT networks ordered by year of publication.

  Studey No.	Reference	Year	Title
  S1	[16]	2017	A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts
  S2	[18]	2018	BlockSecIoTNet: Blockchain-Based Decentralized Security Architecture for IoT Network
  S3	[9]	2018	Towards decentralized IoT security enhancement: A Blockchain approach.
  S4	[7]	2018	Defense Scheme to Protect IoT from Cyber Attacks using AI Principles.
  S5	[19]	2018	SmartRetro: Blockchain-based Incentives for Distributed IoT Retrospective Detection.
  S6	[20]	2019	Autonomous and Malware-proof Blockchain-based Firmware Update Platform with Efficient Batch Verification for Internet of Things Devices.
  S7	[21]	2019	An Approach For An Distributed Anti-Malware System Based on Blockchain Technology.
  S8	[22]	2019	Secured Cyber-Attack Signatures Distribution using Blockchain Technology.
  S9	[23]	2019	Designing collaborative Blockchained signature-based intrusion detection in IoT environments.
  S10	[10]	2019	Privacy-Preserving Support Vector Machine Training Over Blockchain-Based Encrypted IoT Data in Smart Cities.
  S11	[24]	2019	Collaborative Blockchain-Based Detection of Distributed Denial of Service Attacks Based on Internet of Things Botnets.
  S12	[6]	2019	Designing a Blockchain- Based IoT With Ethereum, Swarm, and LoRa.
  S13	[25]	2020	Immune System Based Intrusion Detection System (IS-IDS): A Proposed Model.
  S14	[13]	2020	Biologically Inspired Smart Contract: A Blockchain-Based DDoS Detection System.
  S15	[26]	2020	Utilizing Blockchain for Distributed Machine Learning based Intrusion Detection in Internet of Things.
  S16	[12]	2020	BlockIoTIntelligence: A Blockchain-enabled Intelligent IoT Architecture with Artificial Intelligence.
  S17	[27]	2020	DeepDCA: Novel Network-Based Detection of IoT Attacks Using Artificial Immune System.
  S18	[5]	2021	Privacy-preserving in smart contracts using Blockchain and artificial intelligence for cyber risk measurements.
  S19	[28]	2021	A Bio-Inspired Reaction Against Cyberattacks: AIS-Powered Optimal Countermeasures Selection.
  S20	[29]	2021	IoTBoT-IDS: A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities.
  S21	[30]	2021	A Framework for Mitigating DDoS and DOS Attacks in IoT Environment Using Hybrid Approach.
  S22	[31]	2021	A Distributed framework for detecting DDoS attacks in smart contract-based Blockchain-IoT Systems by leveraging Fog computing.

  Table 5. The Data extracted from selected studies.

  No.	Year	Solution Category	IoT	Attack Type
  S1	2017	DDoS mitigation solutions multiple domains.	-	DDoS attacks
  S2	2018	A decentralized security architecture	✓	TCP flooding, ICMP flooding, and DDoS Attacks.
  S3	2018	High-level security management scheme	✓	-
  S4	2018	Intrution Detection System	✓	DDoS
  S5	2018	Retrospective detection system	✓	-
  S6	2019	Firmware updating platform to enhance the process of updating firmware. (peer-to-peer file sharing system)	✓	DDoS and Malicious code
  S7	2019	Distributed Anti-Malware	✓	Malicious programs
  S8	2019	Architecture that securely stores and distribute attack signatures in real time for the purpose of prompt detection.	-	DoS attack
  S9	2019	Signature-based IDSs	✓	Worm attack and Flooding attack
  S10	2019	Privacy-Preserving Framework	✓	-
  S11	2019	Lightweight agents installed at multiple internet of things (IoT) installations.	✓	DDoS
  S12	2019	Standardized IoT infrastructure	✓	DDoS
  S13	2020	Intrution Detection System	-	-
  S14	2020	A DDoS Detection System	-	DDoS Attacks
  S15	2020	Intrution Detection System	✓	General
  S16	2020	IoT architecture with Blockchain and AI	✓	-
  S17	2020	Intrution Detection System	✓	General but tested on DDoS/DoS attacks, Reconnaissance, and Information Theft
  S18	2021	Privacy-preserving framework	-	-
  S19	2021	Intrusion reaction systems	-	-
  S20	2021	Botnet detection framework (intrusion detection methods)	✓	Botnet attacks
  S21	2021	Framework for Mitigating DDoS and DOS Attacks in IoT	✓	DDoS and DoS attacks
  S22	2021	Distributed Intrution Detection System	✓	DDoS

  Table 5. The Data extracted from selected studies.

  No.	Year	Solution Category	IoT	Attack Type
  S1	2017	DDoS mitigation solutions multiple domains.	-	DDoS attacks
  S2	2018	A decentralized security architecture	✓	TCP flooding, ICMP flooding, and DDoS Attacks.
  S3	2018	High-level security management scheme	✓	-
  S4	2018	Intrution Detection System	✓	DDoS
  S5	2018	Retrospective detection system	✓	-
  S6	2019	Firmware updating platform to enhance the process of updating firmware. (peer-to-peer file sharing system)	✓	DDoS and Malicious code
  S7	2019	Distributed Anti-Malware	✓	Malicious programs
  S8	2019	Architecture that securely stores and distribute attack signatures in real time for the purpose of prompt detection.	-	DoS attack
  S9	2019	Signature-based IDSs	✓	Worm attack and Flooding attack
  S10	2019	Privacy-Preserving Framework	✓	-
  S11	2019	Lightweight agents installed at multiple internet of things (IoT) installations.	✓	DDoS
  S12	2019	Standardized IoT infrastructure	✓	DDoS
  S13	2020	Intrution Detection System	-	-
  S14	2020	A DDoS Detection System	-	DDoS Attacks
  S15	2020	Intrution Detection System	✓	General
  S16	2020	IoT architecture with Blockchain and AI	✓	-
  S17	2020	Intrution Detection System	✓	General but tested on DDoS/DoS attacks, Reconnaissance, and Information Theft
  S18	2021	Privacy-preserving framework	-	-
  S19	2021	Intrusion reaction systems	-	-
  S20	2021	Botnet detection framework (intrusion detection methods)	✓	Botnet attacks
  S21	2021	Framework for Mitigating DDoS and DOS Attacks in IoT	✓	DDoS and DoS attacks
  S22	2021	Distributed Intrution Detection System	✓	DDoS

  Table 6. Data Related to Blockchain-based Solutions.

  Paper	Techniques	Blockchain Usage	Layers of Architecture	Blockchain Nodes	Tools
  S1	A Blockchain-based approach to mitigate DDoS attack using smart contracts.	The Blockchain is used to advertise the whitelisted or blacklisted IP addresses in a fully automated and distributed manner.	The proposed architecture consists of three components: The customers, autonomous systems, and Blockchain with smart contracts.	The autonomous systems are connected to the Blockchain and work as collaborative nodes to publish the IP address list. Moreover, the customers are connected to the Blockchain to report the IP address list.	Ethereum platform and Solidity smart contracts
  S2	A Blockchain based detection model copuled with SDN.	Blockchain is used to provide a decentralized attack detection model. To mitigate the issue of a single point of failure through a dynamic approach that updates the detection model using Blockchain.	The proposed approch is constructed from four layers: sensing, edge, fog, and cloud layers.	The fog nodes are connected to the Blockchain, and they communicate with each other via peer-to-peer transactions using a smart contract.	Ethereum and Mininet emulator
  S5	A Blockchain-based incentive platform	The Blockchain is used to build a distributed incentive platform consisting of a group of detectors. In which these detectors cooperate to detect the vulnerabilities and share their results.	The proposed framework includes three participators: IoT providers, IoT detectors, and IoT consumers.	Distributed detectors	Ethereum platform
  S6	A autonomous and Malware-proof firmware based on Blockchain.	The proposed firmware employs the Blockchain to update system considering the integrity and enforce the scanning via smart contract.	The proposed system contains four phases: phase one is the system setup and registration phase. The second phase is the manufacturer updates the firmware procedure. Thirdly, the device query and update procedure phase. Finally, the transaction and batch verification phase.	There is four type of node: the Blockchain full node, client node, storing node, and manufacturer node.	Ethereum Blockchain, VirusTotal, and distributed storage scheme swarm.
  S8	A Blockchain-based cooperative intrusion detection	The Blockchain is e mployed to store and distribute the signatures of cyber attacks.	The proposed architecture is constructed from three stages: Signature extraction, signature storage, and signature distribution.	The IDS nodes are connected to the Blockchain, where they are divided into two groups: Authorized nodes and Unauthorized nodes.	Ethereum platform and Ubuntu
  S9	A Collaborative Blockchained signature-based intrusion detection.	The Blockchain is used to share the signatures between different nodes without a trusted intermediary.	The proposed signature-based IDS model consists of three components: The Peer-to-peer communication component, the collaboration component, and the trust management component.	A group of verified IDS nodes	Snort and a proof-of-concept Blockchain.
  S10	A Blockchain-based data sharing approach.	The Blockchain is utilized to create a secure and reliable data-sharing approach to train a classifier.	The proposed approach is consist of four components: IoT devices, IoT data providers, IoT data sharing platform, and IoT data processing.	Data providers and data analysts	Java Development Kit 1.8.
  S11	A Blockchain-based DDoS detection approach	The Blockchain is used to allow agents exchange the information about the outbound traffic by smart contracts.	-	The agents are connected to a private network, and they are installed on the gateway usually	-
  S14	A DDoS detection approach based on a Blockchain-based collaborative using a biologically Inspired Smart Contract.	A consortium chain structure to treat all participants as part of the private chain in the system.	The proposed approach is constructed three layer: application layer, the contract layer, the network layer.	All node are connected to Blockchain where every node is linked to its own private chain and can access the public chain in case abnormal behavior is detected.	-
  S15	A Blockchain-based distributed intrusion detection.	The Blockchain is used to share the attackers’ information (IP addresses) between the autonomous system border area nodes.	The proposed system includes three phases: the first phase is the spectral partitioning technique. The second phase is the training of a machine learning model using a set of features to detect intrusions. The third phase is the Blockchain deployment phase.	A set of AS border area nodes are selected to be connected to the Blockchain.	Ethereum platform, MATLAB, Python-3, and web-3.
  S18	A privacy-preserving approach using a smart contracts.	The Blockchain is used to verify whether the participant is legal or illegal to provide a secure data-sharing environment.	The proposed approach is constructed from three layers: The system management layer, user layer, and cloud storage layer.	-	Hyperledger Fabric

  Table 6. Data Related to Blockchain-based Solutions.

  Paper	Techniques	Blockchain Usage	Layers of Architecture	Blockchain Nodes	Tools
  S1	A Blockchain-based approach to mitigate DDoS attack using smart contracts.	The Blockchain is used to advertise the whitelisted or blacklisted IP addresses in a fully automated and distributed manner.	The proposed architecture consists of three components: The customers, autonomous systems, and Blockchain with smart contracts.	The autonomous systems are connected to the Blockchain and work as collaborative nodes to publish the IP address list. Moreover, the customers are connected to the Blockchain to report the IP address list.	Ethereum platform and Solidity smart contracts
  S2	A Blockchain based detection model copuled with SDN.	Blockchain is used to provide a decentralized attack detection model. To mitigate the issue of a single point of failure through a dynamic approach that updates the detection model using Blockchain.	The proposed approch is constructed from four layers: sensing, edge, fog, and cloud layers.	The fog nodes are connected to the Blockchain, and they communicate with each other via peer-to-peer transactions using a smart contract.	Ethereum and Mininet emulator
  S5	A Blockchain-based incentive platform	The Blockchain is used to build a distributed incentive platform consisting of a group of detectors. In which these detectors cooperate to detect the vulnerabilities and share their results.	The proposed framework includes three participators: IoT providers, IoT detectors, and IoT consumers.	Distributed detectors	Ethereum platform
  S6	A autonomous and Malware-proof firmware based on Blockchain.	The proposed firmware employs the Blockchain to update system considering the integrity and enforce the scanning via smart contract.	The proposed system contains four phases: phase one is the system setup and registration phase. The second phase is the manufacturer updates the firmware procedure. Thirdly, the device query and update procedure phase. Finally, the transaction and batch verification phase.	There is four type of node: the Blockchain full node, client node, storing node, and manufacturer node.	Ethereum Blockchain, VirusTotal, and distributed storage scheme swarm.
  S8	A Blockchain-based cooperative intrusion detection	The Blockchain is e mployed to store and distribute the signatures of cyber attacks.	The proposed architecture is constructed from three stages: Signature extraction, signature storage, and signature distribution.	The IDS nodes are connected to the Blockchain, where they are divided into two groups: Authorized nodes and Unauthorized nodes.	Ethereum platform and Ubuntu
  S9	A Collaborative Blockchained signature-based intrusion detection.	The Blockchain is used to share the signatures between different nodes without a trusted intermediary.	The proposed signature-based IDS model consists of three components: The Peer-to-peer communication component, the collaboration component, and the trust management component.	A group of verified IDS nodes	Snort and a proof-of-concept Blockchain.
  S10	A Blockchain-based data sharing approach.	The Blockchain is utilized to create a secure and reliable data-sharing approach to train a classifier.	The proposed approach is consist of four components: IoT devices, IoT data providers, IoT data sharing platform, and IoT data processing.	Data providers and data analysts	Java Development Kit 1.8.
  S11	A Blockchain-based DDoS detection approach	The Blockchain is used to allow agents exchange the information about the outbound traffic by smart contracts.	-	The agents are connected to a private network, and they are installed on the gateway usually	-
  S14	A DDoS detection approach based on a Blockchain-based collaborative using a biologically Inspired Smart Contract.	A consortium chain structure to treat all participants as part of the private chain in the system.	The proposed approach is constructed three layer: application layer, the contract layer, the network layer.	All node are connected to Blockchain where every node is linked to its own private chain and can access the public chain in case abnormal behavior is detected.	-
  S15	A Blockchain-based distributed intrusion detection.	The Blockchain is used to share the attackers’ information (IP addresses) between the autonomous system border area nodes.	The proposed system includes three phases: the first phase is the spectral partitioning technique. The second phase is the training of a machine learning model using a set of features to detect intrusions. The third phase is the Blockchain deployment phase.	A set of AS border area nodes are selected to be connected to the Blockchain.	Ethereum platform, MATLAB, Python-3, and web-3.
  S18	A privacy-preserving approach using a smart contracts.	The Blockchain is used to verify whether the participant is legal or illegal to provide a secure data-sharing environment.	The proposed approach is constructed from three layers: The system management layer, user layer, and cloud storage layer.	-	Hyperledger Fabric

• Step 4: Quality assessment:
  Following our comprehensive study, we defined a set of metrics of the ideal security model that can protect IoT networks considering the nature of the IoT environment. In particular, the goal of this step is that assess the selected studies based on the research questions.
  The following are the most desirable metrics:

  -

  Distributed: As the IoT network is a distributed environment the security model must defeat cybersecurity attacks using a distributed manner.

  -

  Adaptive: Can learn and develop its behaviors over time as the attacker develop an advanced approach day by day.

  -

  Privacy preserving: Able to avoid the data breaches and exchange the important information securely.

  -

  Collaborative: Promote collaboration among organizations through sharing the attacks’ signature response to threats.

  -

  Defeat IoT Botnet: Can protect IoT devices as the attacker can exploit unsecured IoT devices to launch an attack.

We evaluated the selected defense approaches, based on the metrics where each metric worth 1 mark out of 5. Table 8 shows the scoring results. Based on the results, the average score was 3.27 out of 5, where studies that combined AI with Blockchain got higher scores than studies that used either AI or Blockchain. And this proves the effectiveness of convergence between IoT, AI, and Blockchain for securing IoT networks.

Table 7. Data Related to AI-based Solutions.

Studey No.	AI Type	Dataset	Source
S2	Deep Learning	NSL-KDD dataset	[32]
S4	Artificial Neural Networks	-
S10	Support Vector Machines.	Breast Cancer Wisconsin Data Set (BCWD) and Heart Disease Data Set (HDD)	[33,34]
S13	Negative Selection Algorithm	KDD 99 standard dataset and UNSW-NB15 dataset	[35,36]
S14	Fuzzy Neural Networks.	CICDDoS2019 dataset	[37]
S15	Support Vector Machines.	NSL-KDD and UNSW-NB15	[36,38]
S17	Deep Learning and Artificial Immune System	BoT-IoT dataset	[39]
S18	Machine Learning (Decision-tree, nearest neighbor, and Naïve Bayes).	-
S19	Artificial Immune System	-
S22	Machine Learning (Random forest (RF) and XGBoost)	BoT-IoT dataset	[39]

Table 7. Data Related to AI-based Solutions.

Studey No.	AI Type	Dataset	Source
S2	Deep Learning	NSL-KDD dataset	[32]
S4	Artificial Neural Networks	-
S10	Support Vector Machines.	Breast Cancer Wisconsin Data Set (BCWD) and Heart Disease Data Set (HDD)	[33,34]
S13	Negative Selection Algorithm	KDD 99 standard dataset and UNSW-NB15 dataset	[35,36]
S14	Fuzzy Neural Networks.	CICDDoS2019 dataset	[37]
S15	Support Vector Machines.	NSL-KDD and UNSW-NB15	[36,38]
S17	Deep Learning and Artificial Immune System	BoT-IoT dataset	[39]
S18	Machine Learning (Decision-tree, nearest neighbor, and Naïve Bayes).	-
S19	Artificial Immune System	-
S22	Machine Learning (Random forest (RF) and XGBoost)	BoT-IoT dataset	[39]

Table 8. Quality Assessment (Fulfill = 1, Not Fulfilled = 0).

Study ID	Distributed	Adaptive	Privacy Preserving	Collaborative	Defeats IoT Botnet	Total
S1	1	0	1	1	1	4
S2	1	1	1	1	1	5
S3	1	0	1	1	1	4
S4	0	1	0	0	0	1
S5	1	0	1	1	1	4
S6	1	0	1	1	0	3
S7	1	0	1	1	0	3
S8	1	0	1	1	0	3
S9	1	0	1	1	0	3
S10	1	1	1	1	0	4
S11	1	0	1	1	1	4
S12	1	0	1	1	1	4
S13	0	1	0	0	0	1
S14	1	1	1	1	1	5
S15	1	1	1	1	0	4
S16	1	1	1	1	0	4
S17	0	1	0	0	1	2
S18	1	1	1	1	0	4
S19	0	1	0	0	0	1
S20	0	1	0	0	1	2
S21	0	1	1	0	0	2
S22	1	1	1	1	1	5
Total	16	13	17	16	10	Avg = 3.27

Table 8. Quality Assessment (Fulfill = 1, Not Fulfilled = 0).

Study ID	Distributed	Adaptive	Privacy Preserving	Collaborative	Defeats IoT Botnet	Total
S1	1	0	1	1	1	4
S2	1	1	1	1	1	5
S3	1	0	1	1	1	4
S4	0	1	0	0	0	1
S5	1	0	1	1	1	4
S6	1	0	1	1	0	3
S7	1	0	1	1	0	3
S8	1	0	1	1	0	3
S9	1	0	1	1	0	3
S10	1	1	1	1	0	4
S11	1	0	1	1	1	4
S12	1	0	1	1	1	4
S13	0	1	0	0	0	1
S14	1	1	1	1	1	5
S15	1	1	1	1	0	4
S16	1	1	1	1	0	4
S17	0	1	0	0	1	2
S18	1	1	1	1	0	4
S19	0	1	0	0	0	1
S20	0	1	0	0	1	2
S21	0	1	1	0	0	2
S22	1	1	1	1	1	5
Total	16	13	17	16	10	Avg = 3.27

3.3. Reporting Phase

At this phase, the reporting process of our review was done involving three bold steps:

-

The dissemination strategy identification.

-

The report formatting.

-

The report evaluation.

4. Analysis

This section presents the analysis of the results according to our research questions defined in a separate section: Section 4.1, Section 4.2 and Section 4.3.

4.1. What Are the Needs for Integrating AI and Blockchain Technologies with IoT to Secure Its Network?

Cybersecurity attacks have risen in the past years and protecting IoT from these attacks is still a critical security concern. Presently, these attacks are many-to-one dimensions; therefore, they are hard to defeat [13]. To bridge the gap between IoT limitations and security requirements, the existing literature studies focused on enhancing IoT security by integrating it with other technologies. The main reason for this integration is that IoT has poor security mechanisms due to its constrained resource. Thus, IoT networks can not apply an advanced approach, and they need a third party that can control and monitor the traffic [30].

Integrating IoT with AI has become a trending technique that employs the capabilities of AI to analyze big data from different IoT devices. These approaches rely on building a single point of detection with high analytical abilities that can recognize the patterns of attacks from the network traffic [11].

Although AI-based approaches may contain advanced security mechanisms, they suffer from several challenges as they are built on a centralized server/client model. Furthermore, they assumed that the third party is always a trusted party which is not an accurate assumption [11,13]. Thus, the AI-based models have become incompatible with the nature of IoT and could not provide a reliable defense model to outspread the IoT networks. The attackers can easily bypass these isolated or centralized defense systems. Therefore, defeating cybersecurity attacks demands a distributed and collaborative detection approach, and designing a decentralized model might be the best decision [8,13].

Recently, much attention has been given to Blockchain technology for providing decentralized defense models. This technology can improve the security of IoT networks by providing a decentralized infrastructure and secure data sharing among untrusted nodes. Furthermore, it enables various IoT devices to participate in the detection process without any trusted third party [11].

However, the recently proposed Blockchain-based solutions face significant challenges as Blockchain is an emerging technology. They do not get a deep insight into IoT networks to detect cybersecurity attacks. Further, Blockchain approaches have some flaws, such as scalability and efficiency [8]. Moreover, Blockchain-based models are not intelligent techniques to fulfill the adaptive requirements to cope with newer and cleverer variants of launching the cybersecurity attacks [6].

Given IoT limitations and the current status of the aforenamed models, IoT networks need more efficient and Intelligent decentralized defense solutions based on other promising technologies simultaneously for defeating cybersecurity attacks. In this context, AI and Blockchain technologies have emerged as promising partners, leveraging their characteristics such as the analytical abilities of AI and the decentralization of Blockchain.

4.2. What Are the Recent Approaches That Handle the Security Concerns in the IoT Environment by Integrating AI Algorithms and Blockchain?

We extensively looked for promising approaches in the last six years that can enhance the security of IoT networks. The security researchers have proposed many solutions that integrate IoT with another technology and apply various mechanisms to restructure the IoT network. The fundamental concept of these approaches is addressing IoT vulnerabilities by inheriting the characteristics of Blockchain and Artificial intelligence like the decentralization feature of Blockchain. Additionally, the biologically inspired approaches have proved their abilities to enhance IoT security.

What we know about the security improvement of IoT networks is based upon empirical studies that investigate the resistance of IoT networks against cybersecurity attacks. Numerous studies aim to prevent, detect, and mitigate a specific type of attack, while the rest propose a general defense mechanism. Figure 6 shows the attack types involved among the selected studies where the DDoS attack was dealt with in most of the selected studies.

Overall, we surveyed recent studies related to IoT security enhancement that aim to protect IoT networks from a specific type of attack, as well as the studies that propose general defense schemes. Our comprehensive study consists of three main categories: AI-based approaches, Blockchain-based approaches, and Integrating IoT with Blockchain and AI. Figure 7 presents the number of publications of each category per year, where the interest in integrating AI with Blockchain is increased in the last two years.

4.2.1. AI-Based Approaches

This category contains the studies that enable IoT to create intelligent operations and decisions. While IoT links devices via the internet, AI learns from big data and experience. Figure 8 shows the AI algorithms involved among the selected studies.

Ghali, A.A., et al. [30] presented a hybrid solution that addresses data exfiltration issues caused by DDoS and DoS attacks in IoT networks. The main contribution of this paper is to provide a framework for mitigating DDoS and Dos attacks. The proposed approach consists of three phases. First, the preprocessing phase in which selects random keys based on the distance and signal of the nodes. Second, the cluster head selection phase. Third, the mitigation mechanism phase. To assess the efficiency of the proposed approach, the authors had conducted experimental tests considering the following parameters: throughput, consumption, security, lifetime, and energy. The tests show that the proposed approach mitigates the DDoS and DoS attacks with about 95.4% improvements. The average enhancements in the network lifetime, throughput, and energy consumption of 15%, 60%, and 25%, respectively. In this approach, the random keys are used to validate all nodes. Thus, it helps the IoT network to drop requests coming from unvalidated nodes. Moreover, it improves the communication between the nodes where each node can not communicate with other nodes before it is validated.

Ahanger, T.A. [7] proposed an attack analysis based on principles of Artificial Neural Networks (ANN). The IoT framework contains eight node sensors, seven client nodes, and one server relay node. The server node is for analyzing data. In this research, to decline the DDoS Attacks, internet packet traces are used to train supervised ANN (Multilevel Perceptron). Mainly, the proposed model categorizes the traffic of the IoT networks into two categories: legitimate traffic and attack traffic patterns. The proposed model was simulated on an IoT network, and it obtained 99% detection accuracy.

Mehra. et al. [40] proposed a Random Forest Classifier. The authors combined several datasets to improve the performance of the machine learning techniques. They used more than one type of files to train the system, including Linux Malware Files, IoT application files, Linux system files, and IoT Botnet files. For the feature set selection, the dynamic, static, and network features were included. Combining many datasets showed significant improvements of machine learning model. Additionally, they proposed an exhaustive scenario-based method, which showed that training the model with IoT botnets dataset can detect zero-day attacks. The proposed model obtained 99.89% detection accuracy.

Additionally, the Human Immune System (HIS) has always inspired security researchers. Bio-inspired security approaches have become popular since there is some resemblance with the HIS. Many studies employed AI to propose bio-inspired approaches.

Dutti. et al. [25] proposed an intrusion detection system using an unsupervised anomaly detection method. The authors built the proposed model by mimicking the Natural Immune System (NIS). The proposed model monitors the network traffics and implements the detection algorithms. The detection process depends on relevant features from the header and payload options. The proposed model contains two subsystems analog with NIS layers: innate immune system and adaptive immune system. The innate immune system includes two preprocessing modules that act as Statistical Modeling-based Anomaly Detection (SMAD). The authors had conducted the experimental tests using the real-time network traffic and the standard datasets KDD99 and UNSW-NB15 for intrusion detection. The proposed model obtained almost 99% accuracy in detecting the File-based and user-based anomalies.

Aldhaheri, Sahar, et al. [27] proposed an Intrusion Detection System (IDS) based on a hybrid Deep Learning and Dendritic Cell Algorithm (DeepDCA). Dendritic Cell Algorithm is the second generation of Artificial Immune System (AIS) that mimics the human immune system. The main goal of this study is to classify the IoT intrusions and reduce false alarm generation. The proposed model utilizes Self Normalizing Neural Network (SNN) to automate the signal extraction phase and enhance the classification process. They used the IoT-Bot dataset to select the appropriate set of features. Based on experimentation results, the proposed model obtained a high detection over 98.73% accuracy. Moreover, it performed better than SVM, NB, KNN, and MLP classifiers.

4.2.2. Blockchain-Based Approaches

This category contains the studies that enable IoT to create decentralized approaches to make IoT resistant against cybersecurity attacks. While IoT links devices via the internet, Blockchain filters the transactions.

Most of the recent studies proposed abstract and general approaches to show the benefits of Blockchain in IoT networks. Qian, Yongfeng, et al. [9] proposed a high-level Blockchain-based scheme for security management in IoT. The authors used the Blockchain to provide a de-centralization security management model without needing a trusted third party. The proposed scheme can achieve all security requirements of IoT layers using a Blockchain ledger that consists of two parties. The first party is the leader between IoT device and network, and the second party is the leader between IoT device and remote cloud. The Blockchain ledger is responsible for implementing security policies when IoT device interconnects with the remote cloud including identity authentication, devices state, and record the information of IoT devices.

Moreover, Ozyilmaz, K.R. and Yurdakul, A. [6] proposed an illustrated Blockchain-based IoT infrastructure to support the availability of IoT networks with a minimal security risk. The authors utilized the Ethereum Blockchain as a decentralized storage service that is resistant to DDoS attacks, where the Blockchain client is connected to the LoRa gateway via a private peer-to-peer network. Thus, all peers can send and store the data through a Blockchain infrastructure. Furthermore, the authors proposed several methods to integrate IoT devices and gateways with the Blockchain by considering their types. To validate their solution, they built a prototype using an unlicensed-band LPWAN technology. Furthermore, the authors defined the standard way to access and retrieve data using Swarm and Ethereum smart contracts. The authors argue that IoT security can be improved by replacing traditional back-end systems with one smart contract, and a new IoT back end can be generated.

On other hand, Rodrigues, Bruno, et al. [16] proposed a novel Blockchain-based architecture for mitigating DDoS attacks for several domains. The proposed model is an automated and collaborative DDoS mitigation approach using Ethereum Blockchain with smart contracts aimed at the decentralized manner. The system structure is composed of three collaborative components, the customers, the Autonomous Systems (AS), and the Blockchain with smart contracts. The Ethereum Blockchain creates a new block every 14 s, and ASs and customers are responsible for creating whitelists or blacklists of IP addresses and sharing them with other network participants. The main operation of attack detection and mitigation is analyzing and filtering the network traffic using whitelists and blacklists of IP addresses. First, every AS and customer must generate a smart contract with a legal IP address. Once the attack occurs, the AS or customer stores the attacker’s IP address in the smart contract. After updating the lists, the smart contract must be registered on another smart contract that contains all relevant contracts that must be watched. Therefore, every participant in the network will receive the attacker’s information to be blocked by analyzing the network traffic. When the attack is authenticated, other ASs can implement a different mitigation strategy based on their security policies. The proposed model was implemented and tested using Software-defined Network (SDN). However, the proposed model is a general approach for any network type and not restricted to Software-defined networks (SDN). Further, it can be implemented as an additional security defense system.

Moreover, WU, Bo, et al. [19] proposed a retrospective detection approach to analyze the security status of an IoT network and cover and notify the new vulnerability. They employ the Blockchain to encourage a group of distributed detectors to collaborate to detect the vulnerability and share their analysis results via smart contracts. They performed a theoretical analysis to evaluate their approach. Further, they built a prototype using Ethereum to assess the performance of the proposed model. The experimental results show that the proposed mechanism is economically beneficial and technically feasible.

4.2.3. The Integration of IoT, Blockchain, AI

This category contains the studies that enable IoT to incorporate AI and Blockchain simultaneously. The main contribution of these studies is to design a suitable format for training data that Blockchain can accommodate while preserving the privacy of all IoT participants. Moreover, these studies aimed to create an algorithm that includes classifiers to make intelligent decisions to protect IoT from cybersecurity attacks.

Shen, Meng, et al. [10] proposed a Blockchain-based training scheme called secureSVM to train a Support Vector Machine (SVM) classifier. The main goal of the proposed model is to preserve privacy of IoT data in smart cities applications. Blockchain techniques were employed to share the data among different IoT data providers in a secure manner without using a trust-third party auditor. Using Blockchain, IoT data providers can encrypt the data using their private keys and store it on the Blockchain using a specific format of transactions. In addition, they combined Paillier cryptosystem with Blockchain to address the issues of data privacy, integrity, and ownership meanwhile training process. The proposed scheme includes IoT devices, IoT data providers, a single shared Blockchain-ledger, and a single IoT data analyst which is responsible for training the classifier. First, IoT devices sense and send the data to IoT data providers. Second, the IoT data provider encrypts the data and store it in a shared Blockchain ledger. Then, the IoT data analyst can access the encrypted data that is recorded on the shared Blockchain ledger in order to train the classifier using training algorithms such as secure comparison and secure polynomial addition. The proposed model was evaluated in terms of accuracy and efficiency using two real-world datasets. These two datasets are Breast Cancer Wisconsin Data Set (BCWD) and Heart Disease Data Set (HDD), which are publicly available from the UCI ML repository. Based on the experimental results, the accuracy of the SVM classifier was not affected while considering the IoT data privacy.

Han, Xu, et al. [13] proposed a biologically inspired DDoS detection system based on consortium Blockchain technology. The structure of the proposed system consists of four layers, the application layer, the contract layer, the network layer, and the public storage layer. The application layer includes the user interfaces to enable users to interact with the application, and this layer does not involve any Blockchain implementations. In the contract layer, the authors built a bio-inspired smart contract using fuzzy neural network algorithms to calculate the data set of DDoS attacks. Moreover, this layer includes algorithmic mechanisms and script code besides the smart contracts. In the network layer, each participant owns a channel under its corresponding private chain, and the outsider channel cannot access or modify its data. The network layer adopts private and public Blockchain where each participant in the private chain can communicate by a p2p network. The private chains include propagation and an authentication mechanism. The public chain is a central chain that can detect and store the outlier’s information in the exception chain. The bio-inspired contract in each node is responsible for detecting malicious data and uploading all abnormal results in the public Chain. So, all members can share the DDoS detection process without considering privacy leaks and trust issues between all participants. The authors did several experiments using the hyper ledger fabric as an experimental platform. The dataset was randomly selected from the CICDDoS2019 dataset of the Canadian Cyber Security Institute CICDDoS2019. It includes 500 data of the DDoS DNS dataset. Based on the experimental results, the proposed model obtained 89.8% accuracy.

Singh, S.K., et al. [12] proposed an IoT architecture based on Blockchain and artificial intelligence called BlockIoTIntelligence to provide efficient big data analytics in IoT networks. The proposed design contains four intelligent layers (device intelligence, edge intelligence, fog intelligence, and cloud intelligence). Firstly, the device intelligence includes various IoT devices that involve Blockchain and AI applications, and it produce produce a large amount of data. Secondly, the edge intelligence layer is AI-enabled based stations that are linked with the Blockchain and connected to many sensing devices that analyze and process the produced data from the previous layer. Thirdly, fog intelligence is a distributed fog network that includes several AI-enabled fog nodes with a Blockchain. Finally, cloud intelligence is a decentralized cloud that includes AI-enabled data centers connected with a Blockchain to offer secure decentralized big data of IoT implementations. The proposed architecture was evaluated using qualitative analysis and quantitative analysis. Based on experimental results, the proposed model obtained high accuracy while addressing the challenges of IoT security, privacy, storage capacity, and data flow. In conclusion, the proposed architecture is a more efficient solution than traditional IoT schemes and mitigates the current challenges.

4.3. What Are the Research Gaps and Future Directions within the Security of IoT Networks Based on AI and Blockchain Technologies

In this section, we define the research gaps of the recent solutions related to IoT security enhancement. Subsequently, we determine the future areas, including the trend of research and future directions.

4.3.1. The Research Gaps

Although securing IoT networks by employing AI and Blockchain techniques has gained much attention in the last few years still, IoT networks suffer from many security challenges as most recent solutions focus on integrating IoT with AI or Blockchain separately.

In this section, we present the strengths and weaknesses of each technology to highlight that each technology has irreplaceable benefits and that the combination of artificial intelligence and Blockchain can create solutions capable of facing cybersecurity attacks. AI and Blockchain can complete each other and mitigate their challenges. Combining them will build an explainable AI, decentralized and distributed IoT structure, digitally signed transactions, secure data sharing, and immutable IoT. Therefore, taking advantage of each technology can protect IoT from cybersecurity attacks.

Table 9. AI-based Solutions Review Summary.

Strength-Points

Limitations

AI-based solutions can extract a piece of meaningful information for use in security problem-solving. AI-based applications are able to classify the data in real-world scenarios efficiently. Integrating IoT network with AI technologies facilitate the analytical and decision-making operations from a huge number of data collected from IoT devices. AI-based solutions have the power to define the patterns and differences of DDoS attacks, thus IoT networks will be able to filter the traffic. The perception, reasoning, and acting abilities of AI make IoT devices and networks smarter with the help of artificial neurons and scientific theorems. AI technologies in IoT can manage a large amount of network traffic and employ them to take their full advantage to defeat DDoS attacks. AI technology is able to deliver programmatic reasoning, ultimate learning, and self-correction.

AI-based solutions rely on a single point of detection that analyzes the big data via a centralized server. Thus, using a single system has led to a single point of failure besides the issues of low speed, computational storage, low latency and speed, and low accuracy. Based on the distributed nature of DDoS attacks, different entities must encourage to share their data to improve the detection process. However, data privacy, ownership, and integrity become critical concerns that AI-based IoT cannot handle alone. The potential attackers may alter or modify the data recorded during the sharing operations, leading to inaccurate classifying results of machine learning. Applying IoT on centralized models requires all IoT devices to be authenticated via one server, which is not suitable with the rapid growth of IoT systems. Some of the AI-based solutions require efficient training data to provide the expected security enhancement for IoT.

presents the strength-points and limitations of recent AI-based approaches. And

Table 10. Blockchain-based Solutions Review Summary.

Strength-Points

Limitations

Blockchain-based solutions provide secure transactions without needing a trusted third party. Blockchain-based solutions can record IoT data secuerly. Blockchain can standardize the IoT data and store it in one format to improve the data extraction and interpretation process across the platform. Blockchain-based solutions enhance the data privacy of IoT through cryptography and consensus mechanisms. Blockchain provides immutable records using digital identities, relying on the identity of things (machines and devices) to interact independently in the peer-to-peer network without a third party. Blockchain-based solutions can be used to authenticate the IoT participants and increase the trust between them. Blockchain-based solutions work in collaborative dynamics manner over decentralized infrastructure. Thus, data management can be improved. The transparent feature of Blockchain can offer fault-proof integration. Blockchain can involve various domains in the process of DDoS detection. Therefore, the overhead may be reduced. Utilizing Blockchain in IoT can avoid developing and adopting new protocols. Blockchain-based solutions facilitate the advertisement of white or blacklisted IP addresses, along with the help of smart contracts to indicate the type of list that should be reported.

The cost of storing and retrieving the complete list of addresses is high. Further, smart contracts are costly as many contracts are needed to be mined. Blockchain-based solutions have scalability issues and do not work well with large-scale attacks such as DDoS attacks. Blockchain-based approaches do not work efficiently with dynamic IPs only. Smart contracts support one hierarchy only. Setting up the Blockchain as an open infrastructure leads to the trade-off between the high privacy of IoT and controlling illicit activities. Therefore, Blockchain needs more intelligent mechanisms that to take full advantage of the big data of IoT.

shows the strength-points and of current Blockchain-based approaches.

4.3.2. Future Directions

Based on our comprehensive study, this section offers various vital issues that need more investigation to prove its abilities (See Figure 9).

• Collaborative Machine Learning (ML) Model:
  Although the ML-based IDS has the power to extract and process IoT data in real-time to analyze the data to detect intrusions, it suffers from a single-point-failure problem as it usually builds on a centralized-single server to train ML model. And many studies have proposed distributed ML solutions to carry out this issue. However, the distributed ML-based approaches involve a group of collaborative participants, which makes the data-sharing process a critical concern.
  To deal with these issues, recent studies have tended to link AI with Blockchain as it encourages participants to share information between IDS participants in a secure and decentralized manner. But this strategy is still in a formative phase and under investigation, and it has several obstacles due to the cost of computation, storage constraints, and the dynamic nature of the IoT network. Nevertheless, it needs more attention to provide a lightweight solution. More experiments using this approach would lead to the next wave of revolution in IoT network security.
• Collaborative Attack Mitigation Model:
  Some existing defense approaches lack the resources to cope with cybersecurity attacks alone. And utilizing other companies’ resources might be an efficient way to share the burden and mitigate attacks. The IP address is one of the most valuable pieces of information that could be shared among companies to mitigate the attacks. Recently the researchers employed the Blockchain to advertise black or whitelisted IP addresses, especially to defeat DDoS attacks. Though there is a benefit in employing Blockchain to advertise black- or whitelisted IP addresses, this approach works as an additional method. Therefore, it needs more investigation to be combined with the existing AI-based solutions without changing existing ones. Furthermore, such integrations need further research to deal with a dynamic IP address.
  Moreover, updating the list is a critical issue and must be performed professionally and in a timely manner. For example, when the attacker launches the attack using a victim’s device, the IP address of the victim device should be unblocked after the recovery process using antivirus. Further, its behavior must remain under observation for a while to avoid another violation. Thus, more research is needed to get deep into real-world scenarios.
• Build a Trusted Signature Database:
  Researchers recently employed Blockchain to build a trusted database that contains attack signatures where a group of IoT nodes is connected to a Blockchain. These nodes cooperate to create this database where every node signs a signature using its private key. Each node monitors the traffic to define signatures periodically using an analytical algorithm. However, these studies faced several limitations and are still in early research and need more investigation as they do not consider the insider attack.

5. Conclusions

This study presents a systematic review of the state-of-the-art techniques for securing IoT networks by integrating AI and Blockchain. We threw light on IoT architecture, IoT security requirements, security challenges and vulnerabilities, and IoT cybersecurity attacks. We also highlighted Blockchain characteristics and Types of Blockchain.

Based on the applied SLR in the period from 2017 to 2022, the interest in this technique is increasing in which several studies have been published reflecting that it will be explored and grow. We analyzed recent defense models and evaluated the 22 selected studies using a set of metrics. We also divided the solutions into three classes: AI-based solutions, Blockchain-based solutions, and solutions that integrate AI and Blockchain simultaneously.

Most of the studies focused on integrating IoT either with AI or Blockchain. Therefore, we discussed the need for integrating AI and Blockchain technologies with IoT to secure its network. Moreover, we addressed the strengths-points and limitations of each class. Generally, the research gaps in recent works present in providing distributed defense models against distributed problems on the heterogenous network without losing privacy.

The results have shown that integrating IoT with AI and Blockchain is a promising approach that can create new and powerful technologies that may enhance the security of IoT in multiple dimensions and pave a new way to digitization. AI and Blockchain can complete each other and mitigate their challenges. Therefore, taking advantage of each technology can protect IoT from cybersecurity attacks. Integrating them will build an explainable AI, decentralized and distributed IoT structure, digitally signed transactions, secure data sharing, and immutable IoT. Thus, it can lead to the next revolution for industry and other realms.

By the end of this study, several research questions are raised, and our review does not claim to answer all the questions. Instead, we tried to contribute to bridging the gap between AI-based models and Blockchain models. We paper argue that integrating IoT with Blockchain and AI in the security field is an appealing choice for dealing with cybersecurity attacks. However, the development of this technique is still in the earlier stage and demands more research.

This paper pointed out the future directions to help security researchers to build an effective integration of AI and Blockchain to secure IoT networks. One of the exciting research areas is revising the current distributed IDS models and mitigating their limitations. Furthermore, one more point is to build a trusted attack signature database and develop a collaborative attack mitigation model.