Next Article in Journal
Artificial Intelligence and International Rules in Cyberspace: A Comparative Knowledge-Mapping Analysis
Previous Article in Journal
The Potential of Satellite Internet Technologies for Crisis Management During Urban Evacuation: A Case Study of Starlink in Italy
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 16
Issue 10
10.3390/info16100841
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

AI-Based Solutions for Security and Resource Optimization in IoT Environments: A Systematic Review

by
Cosmin Alioanei
and
Nirvana Popescu
*
Computer Science Department, National University of Science and Technology POLITEHNICA Bucharest, RO-060042 Bucharest, Romania
*
Author to whom correspondence should be addressed.
Information 2025, 16(10), 841; https://doi.org/10.3390/info16100841 (registering DOI)
Submission received: 24 July 2025 / Revised: 16 September 2025 / Accepted: 23 September 2025 / Published: 29 September 2025
(This article belongs to the Section Internet of Things (IoT))
Browse Figures
Versions Notes

Abstract

Nowadays, the rapid expansion of Internet of Things (IoT) systems has introduced significant challenges related to system management, especially in cybersecurity and resource efficiency areas. This systematic review investigates how AI/ML techniques are being applied to address these challenges, with a particular focus on intrusion detection systems, anomaly detection, and intelligent resource allocation. Using a structured methodology inspired by the PRISMA technique, relevant research articles published between 2018 and 2025 across important databases, including IEEE Xplore, ScienceDirect, SpringerLink, ResearchGate, and Web of Science, were analyzed and compared. The selected studies demonstrate that integrating granular perspectives in AI/ML-based solutions could enhance the resilience of IoT systems. This comprehensive review showed extremely interesting results for AI contributions in real life as well as potential advancements in this area by combining different perspectives in order to improve the security and efficiency of IoT systems.

1. Introduction

As IoT systems grew in complexity and scale, their importance increased, even in intelligent, autonomous, and efficient management, where Artificial Intelligence plays a transformative role between input and output or between data and actions. Due to the need for waste reduction, a main target is to define a strategy that uses well-defined management based on IoT systems with a clear focus on optimizing performance and reducing energy consumption.
The integration of AI techniques into IoT infrastructure provides real-time analysis, predictive results, intelligent resource allocation, and extracted feedback for future works.
By addressing both IoT and AI technologies, a complete solution contributes to a more autonomous and adaptive environment that can achieve a certain target for waste reduction. Being two complex and rapidly evolving domains, it becomes essential to conduct a robust state-of-the-art review using a personal methodology inspired by the PRISMA technique to understand the existing landscape, identifying ideas, targets, gaps, and limitations. A structural, comprehensive, and critical comparison is necessary, providing the AI contributions that will reveal opportunities for improvement, optimization, and intelligent resource management in IoT systems.

2. Research Methodology

To identify and evaluate the most relevant papers extracted from IEEE Xplore, Science Direct, and Web of Science, a structural selection process inspired by the PRISMA methodology [1] was applied. This original approach (Figure 1), which was used to achieve a highly qualitative selection, was based on several stages, composed of conducting initial research, removing duplicate and irrelevant papers, removing papers that applied more relevant filters, and removing papers that answered research questions.
The first step was performed using initial and basic keywords/collocations: AI algorithms, IoT systems, embedded solutions, AI in IoT, and edge computing in AI. That general search was completely performed during the initial exploration across databases (e.g., IEEE Xplore, Web of Science, etc.), generating a lot of papers. After removing duplicates and irrelevant articles, 3450 papers remained. After applying additional and relevant filters based on AI/ML relevance and IoT architectures, the dataset was reduced to 92 papers.
Finally, in order to ensure a structured analysis of the literature, the papers were evaluated using specific research questions, resulting in 41 high-quality papers for a complete analysis. The foundation of this review was built on the granularity of existing solution typologies and algorithms. This granularity refers to the detailed classification of methods based on their applicability to specific layers and components of IoT systems. By understanding the operational dynamics of IoT systems, this review was able to formulate precise research questions that reflect the complexity of these environments. These systems require robust protection against cybersecurity threats and efficient resource management. From this perspective, the keywords used in the search were not chosen arbitrarily. They emerged organically from the structure of AI algorithms and IoT systems. Existing terms were selected to capture both the technical and contextual relevance of the studies. These keywords were applied across reputable databases, including IEEE Xplore, ScienceDirect, SpringerLink, ResearchGate, and Web of Science. The selection of articles was equally rigorous. Studies were included only if they demonstrated a clear connection to practical use cases in IoT or AI/ML computation, offered experimental validation, and addressed key aspects. In order to extract the final RQs, the necessity of selecting papers that reflect the real needs of IoT systems was specifically discussed, such as being protected against cyber threats, using AI/ML algorithms to elevate their results, evaluating privacy aspects, or addressing real-time processing solutions. Papers that merely presented theoretical models without relevance to real-world systems were excluded. This ensured that this review remained focused on viable, deployable solutions. The following research questions were considered:
  • RQ1: Does the article/paper propose or evaluate techniques and algorithms applied (or that could be applied) to IoT systems?
  • RQ2: Does the article/paper address scalability or real-time processing in AI/IoT environments?
  • RQ3: Is the solution integrated into a specific AI/IoT architecture?
  • RQ4: Does the solution evaluate privacy, security, or ethical aspects?
  • RQ5: Does the article/paper provide experimental validation?
To ensure consistency in selecting the most relevant papers, after the quantitative approach, each of the 92 filtered papers was evaluated using a qualitative scale: High (2 points), if the paper provided a thorough and well-supported answer to the question; Fair (1 point), if it partially addressed the question, with limited discussion; or Low (0 points), if it did not address the question or lacked relevant content. A minimum threshold of 8 points out of 10 was required for a paper to be included in the final analysis, ensuring that only qualitative studies were considered. To summarize, 40 articles passed the threshold value of 8 points, and their advantages, strengths, and accuracy were studied in the related sections.

3. AI/ML Techniques in IoT Systems

3.1. Supervised and Unsupervised Learning–How to Prevent an Attack?

Increasing the importance of IoT systems also introduces significant vulnerabilities, particularly regarding cybersecurity. Analyzing security attacks is not only essential for protecting data and infrastructure, but it also plays a crucial role in effective IoT system management and waste reduction, including energy, materials, time, etc. By studying past incidents and potential vulnerabilities, system administrators can implement proactive defenses, such as intrusion detection systems, secure communication protocols, regular firmware updates, and AI/ML algorithms, for example, for anomaly detection in a system. The main difference between supervised and unsupervised learning methods [2] resides in the way they process the data.
The first one learns from labeled datasets, using input–output pairs to train models, predict outcomes, or classify data based on existing examples. Unsupervised learning uses unlabeled data to identify patterns and define structures [3]. In order to combine those two perspectives, semisupervised learning uses both labeled and unlabeled datasets, improving learning accuracy [4] with minimal labeled data. IoT systems are vulnerable to their weak security configurations, being a common environment for different attacks [5] and evolving threat landscapes. They have become more sophisticated and targeted, and they are attacked and defended using AI/ML techniques as well.
Many devices lack robust authentication or encryption, making them attractive targets for attackers. In the public sector, the consequences of such attacks can affect not only digital data but also human safety.
In order to prevent critical situations and to be informed about major incidents (Table 1) from the past [6], robust security measures are highly important. The rapid development of the Internet of Things enabled real-time data, automation, and decision making. Hence, this interconnected system introduces security vulnerabilities, highlighting the attacks in IoT systems due to connected devices [7] as the best example of the need for AI-based management techniques in order to minimize cybersecurity attacks. The limitations of traditional security mechanisms, which often fail to adapt to new challenges, should be replaced with dynamic and intelligent techniques.
Supervised learning is a powerful approach when labeled datasets are available, being effective for tasks such as intrusion detection or malware classification, where the model can learn from previous attack patterns and existing behaviors. Also, the importance of unsupervised learning is well defined through the unavailability of labeled data.
It is used for anomaly detection and moments when the system must learn patterns on its own. In order to solve the issues of IoT systems, researchers introduced a smart Intrusion Detection System [8] that uses a combination of Convolutional Autoencoders (CAEs) and Long Short-Term Memory (LSTM) to detect unusual behavior in IoT traffic with high accuracy (up to 99.99%).
Convolutional Autoencoders take noisy IoT data and use their convolutional layers to extract important features, reconstructing the cleaned version of the data and removing irrelevant or noisy information. After CAEs compress the data, LSTM analyzes and processes it to learn patterns over time, taking only 10 min to train and 2 min to predict. This model must distinguish between normal and abnormal behavior based on labeled pairs, as in supervised learning.
However, autoencoders are typically used in unsupervised learning for feature extraction, compressing the input data in order to remove noise and irrelevant information and to reconstruct a cleaner version of the data. This hybrid perspective (Figure 2) makes the model semisupervised in structure.
Another solution [9] focused on designing and developing a deep learning-based model for anomaly detection in IoT networks. As the CAE and LSTM model is optimized for edge devices, CNN (1D/2D/3D) and LSTM [9] focus on classification depth, especially for multiclass intrusion detection. In the context of IoT security, a multiclass classification model might be trained to detect different types of attacks, instead of detecting the ‘attack’ or ‘no attack’ state, achieving high accuracy and a low false positive rate.
This solution is better suited for detailed attack classification in more powerful systems using standard supervised metrics.

3.2. Anomaly Detection

Anomaly detection [10] in the Internet of Things is a technique used to identify unusual patterns or behaviors in collected data. These kinds of anomalies can indicate problems such as device malfunctions or even security breaches. Several cybersecurity threats include scanning attacks, (distributed) denial of service, ransomware, or injection attacks. These threats probe the network to find open ports and IP addresses, overwhelm it with unwanted traffic to make it unavailable, or encrypt data and demand payment for decryption.
In general, the focus is on unsupervised learning methods because, in many IoT scenarios, it is difficult to obtain labeled data. Instead, unsupervised methods learn and discover patterns from the data itself.
There are five popular unsupervised methods that fit well in this situation, with a certain role in avoiding cybersecurity threats: Random Forest, K-Nearest Neighbors, Support Vector Machine, Logistic Regression, and Decision Tree.
A comparison of the MLMs analyzed in this study is best understood through two key concepts: binary classification and multiclass classification. Binary classification is triggered when a machine learning model is trained to distinguish between two classes. The model decides whether a data point is normal or an attack (malicious behavior). It is simpler to implement and interpret, and it is more accurate to offer a result when only a yes/no decision is needed, but it is harder to extract the root cause. Multiclass classification predicts one of several possible classes/causes. The classes might include the root cause of an attack, for example, DoS, DDoS, ransomware, scanning, etc., providing more detailed insights and helping to understand and respond to specific threats. Clearly, the accuracy of multiclass classification is lower than that of binary classification due to the difficulty in distinguishing between many different types of attacks when they appear much less frequently in the dataset, making them harder to be learned or predicted accurately.
Random Forest (RF) is a well-defined method that combines multiple decision trees, reducing overfitting, and it consistently outperforms other models in both binary and multiclass classification tasks. K-Nearest Neighbors (KNNs) is simple and effective, especially when the data is well distributed, but it is slower with large datasets. It performed nearly as well as Random Forest in both tasks (Figure 3). Support Vector Machine (SVM) is effective in high-dimensional spaces, and it performs well with complex boundaries, being reliable but sensitive, especially for large datasets, where it is not ideal.
Decision Tree (DT) is balanced, easy to understand, and fast, but it can overfit easily. Logistic Regression (LR) is simple and interpretable, but its performance is poor on complex or non-linear data. Hence, study [10] clearly shows that Random Forest (RF) is the most effective model for intrusion detection in IoT networks, followed closely by KNNs and SVM (Figure 3).

3.3. A More Comprehensive and Reliable Comparison of AI/ML Techniques

Several AI and ML techniques are presented to better understand the focus on intrusion and anomaly detection, beginning with an exploration of the fundamental concepts of supervised and unsupervised learning. In the current section, a comparative analysis of multiple research papers will offer a more robust comparison, highlighting the strengths, limitations, and practical applicability of various models and scenarios.
This comparison was performed based on articles and papers from IEEE Xplore, Science Direct, and Web of Science, using the existing steps of the original research technique described above.
The reviewed papers (Table 2) offer a wide range of AI techniques, reflecting the evolving nature of IoT security. The existing accuracies depend on the presented model, algorithm, and dataset chosen for each research study, but the best long-term approach is to collect real-time data in order to permanently train an ML model and to improve its accuracy, using the right data properly, with a certain target to increase the performance over time. Several studies utilize deep learning architectures, such as CNN, RNN, LSTM, etc., making them suitable for detecting simple or even sophisticated attacks. Plenty of hybrid approaches combine multiple models to leverage their strengths in order to achieve higher accuracy. Combining models can reduce the risk of overfitting, as they are tailored to specific environments or attack scenarios, but they are more complex to design, train, and maintain.
These models typically demand more computational power [11,12,13]. The papers that compare multiple AI/ML models provide a more realistic perspective on how different models perform under the same conditions and datasets, identifying the most suitable model for a specific application. In the existing research, similar comparative studies discovered that other models may be more suitable, depending on the specific characteristics of the dataset or the environment, even though the goal was approximately the same [14,15]. This variation is often caused by attack types, resources, or computational constraints. While deep learning models may perform better on large datasets, simpler models, such as Random Forest (RF) or SVM, may be more effective in real-time or limited IoT environments. However, deep learning models require significant computational resources [16] and large datasets. As expected, the accuracy is higher for binary classification than for multiclass classification [17] due to its limitation.
The choice of dataset [18,19] significantly influences the performance of Intrusion Detection System models. Several papers [11,14] use real-world or industrial datasets, which increases their applicability. In contrast, many studies, including [12,15], rely on default datasets and may not fully capture the complexity of IoT traffic and its possible threats. Most papers target common attack categories, such as DoS or DDoS, even though some studies aim to detect a wider variety of attacks, where many types of threats might occur, but all of them kept high accuracy as their final goal. The specialized systems are often very accurate at detecting the specific threats they are built for, but they may not perform as well if they are used to detect other types of attacks. A zero-day attack [16] exploits a vulnerability that is unknown even to the software programmer, making it very difficult to stop. To perform a replication attack [20], an IoT device is copied or cloned, and the hacker pretends to be that device. The new fake device can send false data or spy on the network, posing a high risk of losing relevant information that will be used in inappropriate scopes. DDoS [21] is executed when many devices flood a system with traffic to make it crash, making it possible to take down websites or entire networks or to mask other attacks that happen at the same time. In conclusion, it is extremely important that ML models can catch threats before they cause unwanted damage [22,23]; they must also be improved over time as attackers change their tactics, reducing the need for constant human workload. These models can handle large volumes of data from many IoT devices [24] in real time, with different kinds of use cases, including smart homes [25], IoT [14], or even general-purpose detection [11,15], demonstrating the effectiveness of AI-based techniques against intrusion and cybersecurity threats. This suggests that these techniques are a starting point for creating a complete environment based on information extracted by IoT systems and used in complex AI algorithms.

4. Internet of Things and Its Use Cases

4.1. Privacy and Security

IoT connects systems and devices that collect and exchange data for different use cases. Smart lights, thermostats, voice assistants, or cameras help automate daily tasks in smart homes; wearable devices monitor relevant health parameters in healthcare; and efficient systems manage traffic or lighting in smart cities. Even though the use cases are well known, and their number is increasing day by day, IoT devices often collect data without users realizing or approving it [26]. Their spread has increased the risk of unwanted data collection, privacy violations, and different types of attacks. Those devices are often easy targets due to their weak passwords, old software, or insecure communication protocols. They are vulnerable at multiple layers [27], from the device itself to the cloud services that support it.
It is easier to develop, use, and validate relevant algorithms or solutions in order to implement a flow itself for an IoT system, but the necessity of implementing solutions to keep a safe environment is not so obvious all the time. The vulnerability of IoT devices and systems was studied in general, with the aim of avoiding and preventing unwanted attacks. Particularly, a certain example is defined by cold boot attacks [28], focusing especially on the Raspberry Pi environment. A cold boot attack involves physically restarting a device and accessing its memory with a clear scope in extracting sensitive information, such as passwords, keys, etc. The researchers powered off the Raspberry Pi, commonly used in smart home systems or device monitoring, and immediately rebooted it with a custom bootloader. They were able to extract sensitive data successfully without needing access to the user credentials. This vulnerability could be exploited in real scenarios where attackers have physical access to a device. Although this specific attack is physical, it highlights the need for behavioral anomaly detection or federated learning [29], such as ML techniques with a high degree of relevance in IoT security. SILEX malware is a destructive cyberattack [30] that especially targets IoT devices with an existing internet connection. Totally different from the cold boot attack, SILEX was operated remotely, exploiting weak security configurations. The main necessity was internet scanning in order to find IoT devices with weak login credentials. Once access was obtained, harmful commands were executed to corrupt, disable, or delete data and firmware. This action made the devices completely inoperable, even requiring a total replacement. Thousands of devices were bricked, causing serious issues in smart homes, institutions, or even businesses where low-cost devices with minimal protection faced sophisticated attacks and allocated resources. According to reports, SILEX was created by a 14-year-old hacker who wanted to brick unsecured IoT devices, starting as a ‘fun’ activity and becoming a punishment campaign to expose over 4000 devices within just a few days of its launch. There was no financial motivation, just an intention to destroy and to show vulnerabilities and the lack of interest.

4.2. Waste Reduction

A key example for waste reduction in IoT systems is an intelligent garbage management system [31] that ensures fair and efficient garbage collection in urban areas. There are plenty of IoT sensors installed in garbage bins to monitor fill levels in real time. To maintain a connection between bins and the central system, the LoRa (low power, long range) network optimizes routes and prevents the frequency of half-empty bin pickups and fuel waste. Relevant data are collected for dynamic scheduling and better resource allocation, permitting the design of targeted interventions when the bin density suddenly increases. One study addressed the inefficiencies of traditional systems due to their no-sensor approach, fixed routes even when bins are empty, higher costs, and lack of technology. The main advantages presented in the study included dynamic routes based on which bins were full, less fuel use, cleaner air, lower costs due to optimized routes, and fuel savings. In conclusion, in a period when the urban population is growing rapidly, the study offers a transformative solution for an entire philosophy on how cities can manage waste smartly and cleanly. The system does not just collect garbage; it learns and adapts, ensuring that no bin is forgotten and no fuel, time, or energy resource is wasted, which is a relevant step in a smart city environment.

4.3. A More Comprehensive and Reliable Comparison of IoT Use Cases

To understand the complexity and variety of IoT use cases, a comprehensive and reliable comparison of different solutions was needed. A total of 11 papers offered a panoramic view (Table 3) of IoT’s versatility and variety, outlining its implementation and use cases across multiple domains, such as home automation, industrial monitoring, smart agriculture, wearables, education, energy efficiency, and transportation. Smart homes served as the focus for IoT technologies.
The following ideas were extracted when exploring this space from complementary angles [32,33]: the first is a relevant survey of trends and innovations, while the other focuses on a concrete implementation of a cost-efficient smart home system.
Moving from the personal [34] to the industrial level, several papers are based on IoT environments with a robust security framework [35] for industrial applications, while some operational safety measures are taken in high-risk areas, especially during coal mining. The agricultural sector is improved using the idea of sustainable farming [36], based on AI and IoT, promising increased yields and resource efficiency. This application is a model showing how IoT can support global sustainability goals, creating a bridge between technological advancement and environmental care. In the health monitoring area, wearable smart bracelets [37] illustrate how IoT can be mobilized during crises [38]. Capable of tracking vital signs and enforcing medical protocols, this exemplifies the human-centric potential of IoT to not only automate smart devices but also care. Education should be a main pillar of modern society. It is also represented in the current comprehensive IoT research. One educational paper [39] explores how IoT can transform learning environments, making them more interactive and responsive to today’s needs.
In order to outline the perspective of IoT environments [40,41] in identifying even rare cyberattacks [42], a deep learning architecture (Focal Causal Temporal Convolutional Neural Networks–FCTCNNs) was proposed, which uses a smart binary classification strategy to detect threats more accurately and efficiently. Also, for industrial models, energy-saving strategies developed for smart homes can be used, where even niche applications with limited scalability or specific behaviors can show resource optimization and safety measures in high-risk environments. The main advantage of IoT in all the selected papers is the interoperability perspective. It is not a single technology but a mix of sensors, networks, platforms, and algorithms that work in parallel to obtain a clear and useful result. Several studies show how those components are integrated, creating systems that are efficient and scalable. The IoT use cases outline its ability to adapt, connect, and evolve across domains, making it one of the most promising pillars for a more sustainable future.
In conclusion, this comprehensive comparison reveals the true strength of IoT not only in its technical capabilities but in its adaptability, as each paper demonstrates how IoT can be tailored to address challenges in several domains. All the existing solutions show the possibility of using IoT in various situations, combining software and hardware requirements in order to obtain an expected outcome. Starting with general domains, such as education, agriculture, or health, and continuing with domains such as mining, IoT is a bridge used to solve difficult challenges in a futuristic way.

5. Final Discussion and Conclusions

IoT has changed the way devices are connected, collecting large volumes of data for existing purposes. Their potential is unlocked through AI-based solutions. AI processes help IoT technologies to analyze data, recognize patterns, and avoid different types of attacks. Furthermore, AI enables IoT systems to make autonomous decisions based on data patterns, improving efficiency, reducing human interventions, predicting events, and minimizing failures. Through pattern recognition, even harmful attacks can be stopped automatically. Learning from new data over time, IoT systems can improve their performance and adapt to new environments even if they increase in complexity. In conclusion, the integration of AI into IoT systems brings intelligence, adaptability, and efficiency to connected technologies. By enabling data analysis, the relevance of IoT’s versatility is increased by AI’s computational power.
Hence, using an original research methodology, inspired by the PRISMA technique, it was possible to identify high-quality studies by applying clear criteria and research questions (RQ1-RQ5) based on the techniques and algorithms evaluated while addressing privacy, security, waste reduction, and multiple security cyberthreats. This allowed us to address solutions that are not only technically related but also scalable and practically viable for integration in IoT systems. It also increased transparency by documenting each step of the review process until the final selection of studies. Based on this review, some research gaps were identified for further research solutions that can provide valuable support to developers and researchers in the IoT field. Although the current research offers promising AI/ML-based solutions for IoT security, a comprehensive solution that simultaneously addresses security threats, waste reduction, and ethical concerns remains underdeveloped. Most studies focus on either security or efficiency, answering relevant questions, but rarely in an integrated manner. In today’s interconnected world, IoT systems play a vital role in industries, homes, and public infrastructure. However, they face increasing challenges from cybersecurity threats, inefficient resource usage, and ethical issues. While the current research offers promising AI/ML-based solutions for individual problems, a comprehensive approach that integrates all three dimensions—security, sustainability, and ethics—is necessary to achieve a complete environment. This initial research offers novelty in this direction. One major advantage of such a solution is enhanced resilience. By using AI to detect and mitigate cyberattacks in real time, IoT systems can maintain operational integrity and protect sensitive data. This is especially critical in healthcare, transportation, and smart cities, where system failures can have serious consequences. Waste reduction through intelligent resource management leads to both environmental and economic benefits. AI algorithms can optimize energy consumption, reduce redundant data transmission, and extend device lifespans—contributing to global sustainability goals. In conclusion, a unified AI/ML-based solution that simultaneously addresses security threats, waste reduction, and ethical concerns is not just beneficial—it is essential. It enables smarter, safer, and more responsible IoT ecosystems, creating a way for a more sustainable and secure digital future. Not only are combined use cases necessary in order to create stronger and safer environments, but no single ML technique is sufficient to address the multifaceted security challenges of IoT ([42,43]). IoT systems are inherently heterogeneous, involving various devices, protocols, and data types. This complexity demands hybrid models that can adapt to different scenarios, scale across networks, and maintain performance under resource constraints. Combining multiple ML techniques is not just beneficial—it is essential. However, this approach also requires careful design and validation. Poorly integrated models can lead to overfitting, increased latency, or conflicting decision boundaries. Therefore, it is necessary to pay close attention to model architectures, training strategies, and evaluation metrics [44]. This comparison highlighted common challenges, successful strategies, and gaps in the existing literature. Furthermore, the use of an original methodology, inspired by the PRISMA technique, to study and compare papers on AI and IoT integration revealed a solid foundation for drawing meaningful conclusions about their utility in specific environments and domains.

Author Contributions

Conceptualization, C.A. and N.P.; methodology, N.P.; software, C.A.; validation, N.P.; formal analysis, C.A.; investigation, C.A.; resources, C.A.; data curation, N.P.; writing—original draft preparation, C.A.; writing—review and editing, N.P.; visualization, N.P.; supervision, N.P.; project administration, N.P.; funding acquisition, N.P. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Krishnan, S.K.; Nagaprakash, T.; Karthikeyan, R. Systematic Literature Review of Product Feature Prioritization Frameworks in Startups Building Digital Products Using PRISMA. In Proceedings of the IEEE 11th Region 10 Humanitarian Technology Conference (R10-HTC), Rajkot, India, 16–18 October 2023. [Google Scholar]
  2. Gautam, A.; Singh, S.; Arora, K.; Kaur, A. A Comparative Analysis of Supervised, Semi Supervised and Unsupervised Object Detection Techniques in Video Surveillance. In Proceedings of the 7th International Conference on Signal Processing, Computing and Control (ISPCC), Solan, India, 6–8 March 2025. [Google Scholar]
  3. Dalal, K.R. Analyzing the Role of Supervised and Unsupervised Machine Learning in IoT. In Proceedings of the International Conference on Electronics and Sustainable Communication Systems (ICESC), Coimbatore, India, 2–4 July 2020. [Google Scholar]
  4. Donoso-Daille, P.; Peesapati, V.; Smith, C.; Tavernier, K.; Tavernier, G. Classification of Partially Labelled Partial Discharge Datasets Using Semi-Supervised Learning. In Proceedings of the 10th International Conference on Condition Monitoring and Diagnosis (CMD), Gangneung, Republic of Korea, 20–24 October 2024. [Google Scholar]
  5. Lounis, K.; Zulkernine, M. Attacks and Defenses in Short-Range Wireless Technologies for IoT; IEEE: New York, NY, USA, 2020; pp. 8892–88932. [Google Scholar]
  6. Traynor, O. IoT Cybersecurity: Connecting the Dots. 2025. Available online: https://cybelangel.com/iot_cybersecurity/ (accessed on 8 May 2025).
  7. Abdel-Basset, M.; Moustafa, N.; Hawash, H. Deep Learning Approaches for Security Threats in IoT Environments; Wiley and Sons: Hoboken, NJ, USA, 2023; pp. 1–26. [Google Scholar]
  8. Vyas, M.; Vijayaganth, R.; Chandhok, J.; Srivastava, A.; Sethu, A.; Tiwari, M. Revolutionizing IoT Network Security with Deep Learning-Anomaly Detection Model. In Proceedings of the 4th International Conference on Electronics and Sustainable Communication Systems (ICESC-2023), Coimbatore, India, 6–8 July 2023. [Google Scholar]
  9. Ullah, I.; Mahmoud, Q.H. Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks; IEEE: New York, NY, USA, 2021; pp. 103906–103926. [Google Scholar]
  10. Elsayed, M.A.; Russell, P.; Nandy, B.; Seddigh, N.; Zincir-Heywood, A.N. Anomaly Detection for IoT Networks: Empirical Study. In Proceedings of the IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), Regina, SK, Canada, 24–27 September 2023. [Google Scholar]
  11. Kamaldeep, K.; Malik, M.; Dutta, M.; Granjal, J. IoT-Sentry: A Cross-Layer-Based Intrusion Detection System in Standardized Internet of Things. IEEE Sens. J. 2021, 21, 28066–28076. [Google Scholar] [CrossRef]
  12. Kandhro, I.A.; Al Enezi, S.M.; Ali, F.; Kehar, A.; Fatima, K.; Uddin, M.; Karuppayah, S. Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures. IEEE Access 2023, 11, 9136–9148. Available online: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10023499 (accessed on 30 June 2025).
  13. Xue, B.; Zhao, H.; Yao, W. Deep Transfer Learning for IoT Intrusion Detection. In Proceedings of the IEEE 3rd International Conference on Computing, Networks and Internet of Thing, Qingdao, China, 20–22 May 2022. [Google Scholar]
  14. Ruzafa-Alcázar, P.; Fernandez-Saura, P.; Mármol Campos, E.; González Vidal, A.; Hernández-Ramos, J.L.; Bernal Bernabe, J.; Skarmeta, A.F. Intrusion Detection Based on Privacy-Preserving Federated Learning for the Industrial IoT; IEEE Transactions on Industrial Informatics: New York, NY, USA, 2022. [Google Scholar]
  15. Anupama, A.; Prasad, R.R. Hybrid Intrusion Detection System. In Proceedings of the International Conference on Quantum Technologies, Communications, Computing, Hardware and Embedded Systems Security, Kottayam, India, 15–16 September 2023. [Google Scholar]
  16. Hairab, B.I.; Elsayed, M.S.; Jurcut, A.D.; Azer, M.A. Anomaly Detection Based on CNN and Regularization Techniques Against Zero-Day Attacks in IoT Networks; IEEE Access: New York, NY, USA, 2022; Volume 10. [Google Scholar]
  17. Park, C.; Lee, J.; Kim, Y.; Park, J.-G.; Kim, H.; Hong, D. An Enhanced AI-Based IDS Using GANs; IEEE Internet of Things Journal: New York, NY, USA, 2022; Volume 10. [Google Scholar]
  18. Said, R.B.; Sabir, Z.; Askerzade, I. CNN-BiLSTM: A Hybrid Deep Learning Approach for Network Intrusion Detection System in Software-Defined Networking with Hybrid Feature Selection; IEEE Access: New York, NY, USA, 2023; Volume 11. [Google Scholar]
  19. Santos, R.R.D.; Viegas, E.K.; Santin, A.O. A Reminiscent Intrusion Detection Model Based on Deep Autoencoders and Transfer Learning. In Proceedings of the IEEE Global Communications Conference, Madrid, Spain, 7–11 December 2021. [Google Scholar]
  20. da Cruz, M.A.A.; Abbade, L.R.; Lorenz, P.; Mafra, S.B.; Rodrigues, J.J.P.C. Detecting Compromised IoT Devices Through XGBoost; IEEE Transactions on Intelligent Transportation Systems: New York, NY, USA, 2022. [Google Scholar]
  21. Hossain, M.D.; Ochiai, H.; Fall, D.; Kadobayashi, Y. LSTM-based Network Attack Detection: Performance Comparison by Hyper-parameter Values Tuning. In Proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA, 1–3 August 2020. [Google Scholar]
  22. Wang, W.; Du, X.; Wang, N. Cloud IDS Using Feature Selection and SVM; IEEE Access: New York, NY, USA, 2023; Volume 7. [Google Scholar]
  23. Gazdar, T.; Gazdar, T.; Alqarni, H.; Bakhsh, A.; Aljidaani, M.; Alzahrani, M. A 2-Layers Deep learning Based Intrusion Detection System for Smart Home. In Proceedings of the 5th IEEE National Computing Colleges Conference, Makkah, Saudi Arabia, 17–18 December 2022. [Google Scholar]
  24. Panthakkan, A.; Anzar, S.M.; Mansoor, W. Enhancing IoT Security: A Machine Learning Approach to Intrusion Detection System Evaluation. In Proceedings of the IEEE International Conference and Expo on Real Time Communications at IIT (RTC), Chicago, IL, USA, 2–5 October 2023. [Google Scholar]
  25. Rani, D.; Gill, N.S.; Gulia, P.; Arena, F.; Pau, G. Design of an Intrusion Detection Model for IoT-Enabled Smart Home; IEEE Access: New York, NY, USA, 2023; Volume 11. [Google Scholar]
  26. Zhang, K.; Qian, Y.; Motti, V.; Fung, V. A Study on the Privacy Concerns of the Internet of Things. In Proceedings of the 7th IEEE Cybersecurity in Networking Conference, Montreal, QC, Canada, 16–18 October 2023. [Google Scholar]
  27. Awad, A.I.; Abawajy, J. Security and Privacy in the Internet of Things: Architectures, Techniques and Applications; Wiley and Sons: Hoboken, NJ, USA, 2022; Chapters 1–12. [Google Scholar]
  28. Won, Y.-S.; Park, J.-Y.; Han, D.-G.; Bhasin, S. Practical Cold boot attack on IoT device––Case study on Raspberry Pi. In Proceedings of the IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits, Singapore, 20–23 July 2020. [Google Scholar]
  29. Lee, H.; Jiang, M.; Zhao, Q. FedAssist: Federated Learning in AI-Powered Prosthetics for Sustainable and Collaborative Learning. In Proceedings of the IEEE 46th Annual International Conference of the IEEE Engineering in Medicine and Biology Society, Orlando, FL, USA, 15–19 July 2024. [Google Scholar]
  30. Mukhtar, B.I.; Elsayed, M.S.; Jurcut, A.D.; Azer, M.A. IoT Vulnerabilities and Attacks: SILEX Malware Case Study. Symmetry 2023, 15, 1978. [Google Scholar] [CrossRef]
  31. Rahman, A.; Tan, S.W.; Asyhari, T.; Kurniawan, I.F.; Alenazi, M.J.F.; Uddi, M. IoT Enabled Intelligent Garbage Management System for Smart City: A Fairness Perspective; IEEE Access: New York, NY, USA, 2024; Volume 12. [Google Scholar]
  32. Sosunova, I.; Porras, J. IoT-Enabled Smart Waste Management Systems for Smart Cities: A Systematic Review; IEEE Access: New York, NY, USA, 2022; Volume 10. [Google Scholar]
  33. Zielonka, A.; Wozniak, M.; Garg, S.; Kaddoum, G.; Piran, M.J.; Muhammad, G. Smart Homes: How Much Will They Support Us? A Research on Recent Trends and Advances; IEEE Access: New York, NY, USA, 2021; Volume 9. [Google Scholar]
  34. Kayastha, S.; Upadhyaya, P. Design and Implementation of a Cost-Efficient Smart Home System with Enhanced Security and Energy Management. In Proceedings of the IEEE Artificial Intelligence for Transforming Business and Society, Kathmandu, Nepal, 5 November 2020. [Google Scholar]
  35. Bhatt, S.; Pham, T.K.; Gupta, M.; Benson, J.; Park, J.; Sandhu, R. Attribute-Based Access Control for AWS Internet of Things and Secure Industries of the Future. IEEE Access 2021, 9, 107200–107223. [Google Scholar] [CrossRef]
  36. Alzubi, A.A.; Galyna, K. Artificial Intelligence and Internet of Things for Sustainable Farming and Smart Agriculture. IEEE Access 2023, 11, 78686–78692. [Google Scholar] [CrossRef]
  37. Naji, H.K.; Goga, N.; Karkar, A.; Ali, H.; Falahi, M.; Marin, I.; Popa, R.-C. Software Implementation of a Smart Bracelet Prototype to Monitor Vital Signs, Locate, and Track COVID-19 Patients in Quarantine Zone. In Proceedings of the IEEE International Conference on Blockchain, Smart Healthcare and Emerging Technologies, Bucharest, Romania, 24–25 October 2022. [Google Scholar]
  38. Khalid, A.; Sakthivel, U.; Senthilkumaran, T.; Drieberg, M.; Sebastian, P.; Abd Aziz, A.; Hai, L. Extended Lifetime of IoT Applications using Energy Saving Schemes. In Proceedings of the IEEE International Conference on Future Trends in Smart Communities, Kuching, Sarawak, Malaysia, 1–2 December 2022. [Google Scholar]
  39. Pradeep, A. Influence of IoT Technologies in Education. In Proceedings of the 5th International Conference on Inventive Research in Computing Applications (ICIRCA), Coimbatore, India, 3–5 August 2023. [Google Scholar]
  40. Wang, M.; Kang, J.; Liu, W.; Zhang, F.; Su, J.; Yang, Z.; Fang, Z.; Li, X.; Yu, W. Design and Implementation of an Automatic Emulsion Dispensing and Remote Monitoring System Based on IoT Platform. IEEE Access 2023, 11, 102768–102780. [Google Scholar] [CrossRef]
  41. Hasan, H.H.; Bouloukakis, G.; Kattepur, A.; Conan, D.; Belaïd, D. Implementation of an Adaptive Flow Management Framework for IoT Spaces. In Proceedings of the IEEE/ACM 18th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), Melbourne, Australia, 15–16 May 2023. [Google Scholar]
  42. Miryahyaei, M.; Fartash, M.; Torkestani, J.A. Focal Causal Temporal Convolutional Neural Networks: Advancing IIoT Security with Efficient Detection of Rare Cyber-Attacks. Sensors 2024, 24, 6335. [Google Scholar] [CrossRef] [PubMed]
  43. Aldahaid, A.; Almars, A.M.; Alharbi, F.; Atlam, E.; Mahgoub, I. Machine Learning-Based Security Solutions for IoT Networks: A Comprehensive Survey. Sensors 2025, 25, 3341. [Google Scholar] [CrossRef] [PubMed]
  44. Nguyen, D.C.; Ding, M.; Pathirana, P.N.; Seneviratne, A.; Li, J.; Poor, H.V. Federated Learning: A Comprehensive Survey. IEEE Commun. Surv. Tutor. 2021, 23, 3. [Google Scholar] [CrossRef]
Information 16 00841 g001
Figure 1. Research methodology.
Figure 1. Research methodology.
Information 16 00841 g001
Information 16 00841 g002
Figure 2. Smart intrusion detection system.
Figure 2. Smart intrusion detection system.
Information 16 00841 g002
Information 16 00841 g003
Figure 3. Accuracy graphic for ML models.
Figure 3. Accuracy graphic for ML models.
Information 16 00841 g003
Table 1. Well-known IoT attacks in history.
Table 1. Well-known IoT attacks in history.
IncidentYearDescription
Casino Thermostat Breach2017Data exfiltration via smart thermostat.
Ring Camera Hacks2019Unauthorized surveillance.
BrickerBot2017Permanent device damage.
Mirai Botnet2016DDoS via default credentials.
Table 2. Comparison of several AI research papers.
Table 2. Comparison of several AI research papers.
PaperTechniquesAccuracyStrengthsWeaknesses
IoT-Sentry: A Cross-Layer-Based Intrusion Detection System in Standardized Internet of Things (2021) [11]Ensemble Learning Model.99%.High accuracy, real-world dataset.Limited to specific testbed.
Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures (2023) [12]MLP, RNN, DNN.95–97%.High TNR and High DR.High resource usage.
Deep Transfer Learning for IoT Intrusion Detection (2022) [13]Autoencoder + CNN.Could be > 99%.High generalization, robust.Requires pretraining.
Intrusion Detection Based on Privacy-Preserving Federated Learning for the Industrial IoT (2022) [14]Federated Learning.Typically, above 90%.Data privacy, distributed training.Communication overhead.
Hybrid Intrusion Detection System (2023) [15]RF, RNN.Typically, above 99%.High TNR and effective detection.Model complexity.
Anomaly Detection Based on CNN and Regularization Techniques Against Zero-Day Attacks in IoT Networks (2022) [16]CNN + L1/L2 Regularization.Up to 99.2%.High detection rate.Computationally expensive
An Enhanced AI-Based IDS Using GANs (2022) [17]GAN, Autoencoder.Up to 90% for Binary Classification.Handles imbalanced data.Training instability.
CNN-BiLSTM Hybrid IDS (2023) [18]CNN, BiLSTM.Up to 97%Classifying temporal and spatial data.Requires large training data.
A Reminiscent Intrusion Detection Model Based on Deep Autoencoders and Transfer Learnings (2021) [19]Deep Autoencoder, Transfer Learning.Up to 90%.Low labeling and compute cost.High false positives.
Detecting Compromised IoT Devices through XGBoost (2022) [20]XGBoost.Up to 93%.High accuracy, fast inference.Overfitting risk.
LSTM-based Network Attack Detection: Performance Comparison by Hyper-parameter Values Tuning(2020) [21]LSTM.DDoS attacks: 99.08%.High accuracy for sequential attacks.Training time and complexity.
Cloud IDS Using Feature Selection and SVM (2023) [22]ECOFS + SVM.Up to 95%.Low computational cost.Limited to classical ML.
A 2-Layers Deep learning Based Intrusion Detection System for Smart Home (2023) [23]CNN, LSTM.CNN-LSTM: Up to 90%.Hybrid architecture.Scalability.
Enhancing IoT Security: A Machine Learning Approach to Intrusion Detection System Evaluation (2023) [24]DT, SVM, KNN, RF.RF: 95.12%.Comprehensive evaluation.Scalability not addressed.
Design of an Intrusion Detection Model for IoT-Enabled Smart Home (2023) [25]RF, SVM, KNN, NB.RF: 98.99%.High accuracy, comparative evaluation.Scalability not addressed.
Table 3. Comparison of several IoT research papers.
Table 3. Comparison of several IoT research papers.
PaperUse CaseStrengthDisadvantages
IoT-Enabled Smart Waste Management Systems for Smart Cities: A Systematic Review [32]Smart waste management in urban environments.Structured methodology, stakeholder centric.Rapidly evolving field and focused on solid waste only.
Smart Homes: How Much Will They Support Us? A Research on Recent Trends and Advances [33]Smart homes supporting daily life through IoT.Covers multiple domains (healthcare, energy, security).No specific implementation.
Design and Implementation of a Cost-Efficient Smart Home System with Enhanced Security and Energy Management [34]Smart home system integrating IoT for security and energy management.Practical implementation with hardware, software integration and cost efficiency.Limited scalabulity for large homes or buildings.
Attribute-Based Access Control for AWS Internet of Things and Secure Industries of the Future [35]Industrial IoT security using AWS IoT for smart manufacturing environments.Real-world implementation using AWS IoT.Focused on AWS ecosystem, limiting generalizability.
Artificial Intelligence and Internet of Things for Sustainable Farming and Smart Agriculture [36]Smart agriculture using IoT and AI to improve resource efficiency and sustainability.Real-world relevance with qualifiable benefits.Lacks specific hardware/software deployment case studies.
Software Implementation of a Smart Bracelet Prototype to Monitor Vital Signs, Locate, and Track COVID-19 Patients in Quarantine Zone [37]Wearable bracelet for real-time health monitoring and quarantine enforcement.Fully implemented prototype with hardware and software.Focused on COVID-19, limiting broader applicability.
Extended Lifetime of IoT Applications using Energy Saving Schemes [38]Enhancing energy efficiency and device lifetime in IoT networks through adaptive strategies.Focused on practical energy-saving techniques.Limited to specific hardware and simulation environments and does not address security.
Influence of IoT Technologies in Education [39]Explores the integration of IoT technologies into educational environments.Timely and relevant topic.Generalized discussion without specific educational levels or contexts.
Design and Implementation of an Automatic Emulsion Dispensing and Remote Monitoring System Based on IoT Platform [40]Intelligent coal mine production: automatic emulsion dispensing and remote monitoring.Real-world industrial deployment; High accuracy and reliability.Focused on a specific industrial niche (coal mining).
Implementation of an Adaptive Flow Management Framework for IoT-Enhanced Spaces (PlanIoT) [41]Adaptive flow management in IoT-enhanced smart environments.Addresses real-time performance in IoT systems; Adaptable to various smart environments.Focused on edge computing scenarios; Evaluation limited to specific testbeds.
Focal Causal Temporal Convolutional Neural Networks: Advancing IIoT Security with Efficient Detection of Rare Cyber-Attacks [42]Intrusion detection in network traffic where rare cyber-attacks are difficult to detect due to imbalanced datasets.Binary Hierarchical Architecture: Converts multi-class classification into sequential binary tasks, improving detection of minority classes.While performance is strong in offline datasets, real-time deployment and adaptability are not tested.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Alioanei, C.; Popescu, N. AI-Based Solutions for Security and Resource Optimization in IoT Environments: A Systematic Review. Information 2025, 16, 841. https://doi.org/10.3390/info16100841

AMA Style

Alioanei C, Popescu N. AI-Based Solutions for Security and Resource Optimization in IoT Environments: A Systematic Review. Information. 2025; 16(10):841. https://doi.org/10.3390/info16100841

Chicago/Turabian Style

Alioanei, Cosmin, and Nirvana Popescu. 2025. "AI-Based Solutions for Security and Resource Optimization in IoT Environments: A Systematic Review" Information 16, no. 10: 841. https://doi.org/10.3390/info16100841

APA Style

Alioanei, C., & Popescu, N. (2025). AI-Based Solutions for Security and Resource Optimization in IoT Environments: A Systematic Review. Information, 16(10), 841. https://doi.org/10.3390/info16100841

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop