Detecting Cybersecurity Attacks in Internet of Things Using Artificial Intelligence Methods: A Systematic Literature Review

In recent years, technology has advanced to the fourth industrial revolution (Industry 4.0), where the Internet of things (IoTs), fog computing, computer security, and cyberattacks have evolved exponentially on a large scale. The rapid development of IoT devices and networks in various forms generate enormous amounts of data which in turn demand careful authentication and security. Artificial intelligence (AI) is considered one of the most promising methods for addressing cybersecurity threats and providing security. In this study, we present a systematic literature review (SLR) that categorize, map and survey the existing literature on AI methods used to detect cybersecurity attacks in the IoT environment. The scope of this SLR includes an in-depth investigation on most AI trending techniques in cybersecurity and state-of-art solutions. A systematic search was performed on various electronic databases (SCOPUS, Science Direct, IEEE Xplore, Web of Science, ACM, and MDPI). Out of the identified records, 80 studies published between 2016 and 2021 were selected, surveyed and carefully assessed. This review has explored deep learning (DL) and machine learning (ML) techniques used in IoT security, and their effectiveness in detecting attacks. However, several studies have proposed smart intrusion detection systems (IDS) with intelligent architectural frameworks using AI to overcome the existing security and privacy challenges. It is found that support vector machines (SVM) and random forest (RF) are among the most used methods, due to high accuracy detection another reason may be efficient memory. In addition, other methods also provide better performance such as extreme gradient boosting (XGBoost), neural networks (NN) and recurrent neural networks (RNN). This analysis also provides an insight into the AI roadmap to detect threats based on attack categories. Finally, we present recommendations for potential future investigations.


Introduction
The large-scale growth of the Internet of things (IoT) in recent years has contributed to a significant increase in fog computing, smart cities, and Industry 4.0, all of which execute the complex data processing of confidential information that must be protected against cybersecurity attacks. Cybersecurity attacks have increased rapidly in various domains, such as smart homes, healthcare, energy, agriculture, automation, and industrial processes [1]. As a result of their wide range of services, IoT device sensors generate large amounts of data that requires authentication, security, and privacy. Previously, traditional methods and frameworks were used to ensure the security of IoT. However, the application contributions to the cybersecurity field. The work of [28] investigated and analyzed the importance of artificial immune systems in IoT environments by evaluating and identifying the performance of empirical research on the approaches to secure IoT environments.
In this review, we intend to explore and analyze both ML and DL methods used for the detection of cybersecurity attacks in IoT devices and networks by formulating and addressing research questions, and filling the current research gaps in the area of IoT security by attempting to overcome limitations in the existing work.
IDSs, particularly those designed using AI such as anomaly-based, are preferred for detecting cybersecurity attacks in mobile devices with integrity verification schemes for cloud storage in an endpoint environment [2,[29][30][31]. In this study, we analyze the research published on IoT security and identify the best possible solutions under different scenarios, including detection algorithms, frameworks, architectures, and models. Previously, artificial immune systems have been reviewed to secure IoT via fog orchestration [28,[32][33][34]. Herein, we mapped the literature to identify past learnings and discuss potential future scenarios. To this end, we formulated three research questions.
This SLR (systematic literature review) consists of ten sections and is organized as follows. Section 1 introduction, Section 2 provides metasurvey, Section 3 presents survey methodology, Section 4 presents results, Section 5 presents SLR major findings based on the research questions, Section 6 presents artificial intelligence roadmap, Section 7 presents a discussion, Section 8 presents limitations of the study, Section 9 presents recommendations for future investigations and Section 10 is the conclusion.

Huge Network Traffic Dataset and Imbalanced Dataset
IoT IDSs using AI have challenges of the huge amount of datasets from network traffic which leads to high false alarm and low detection rates [35]. This can be addressed using feature reduction technique. Singh et al. [35] proposed a technique for IDS based on online sequential extreme ML which profiling less time complexity while irrelevant features are excluded using correlation, consistency feature selection. Figure 1 show data imbalanced problem from multi-classes relationship between more complex and classes. In addition, the ML IDSs face challenges due to imbalanced datasets when processing/training entire data, while this can be addressed by identification of intrusion through network traffic behavior and reassembling imbalanced datasets.

Research Contribution
Several research studies address the importance of AI in IoT cybersecurity. In this study, we investigate the use of AI methods in the detection of a cybersecurity attack in the IoT. The research contribution for this SLR includes the following:

•
We formulate and answer three research questions using existing empirical studies that use AI methods in IoT.
• We review the current uses of AI methods in detecting IoT threats by evaluating the approach using datasets.

•
We present a classification of studies based on ML Algorithms, DL algorithms, model performance, IDSs and types of threats.

•
We also discuss the limitations of the study and recommendations for future studies.

Metasurvey
In this section, related works have been reviewed based on literature review studies. The existing studies related to AI algorithm-based technique has been used to detect cyberattacks and anomaly activities in IoT nowadays, through developing smart, secure and provide, IoT infrastructure which can detect the abnormal, vulnerability from cyber-attack automatically, the ML, DL algorithms was the best to protect the systems than normal traditional method when it is in an abnormal state. For such reason, the goal is to identify what are the most effective AI methods to detect an attack, threats in IoT environment and investigate the available practice to reduce those attacks using effective techniques. In addition, IoT is subjected to serious risk of cyber security attack due to its huge amount of data generated through the network and communication layers of field devices such as sensor data and actuators which are usually used for real-time monitoring and predictions.
Ahmad et al. [37] conducted a comprehensive analysis of different DL models which include CNN, RNN, LSTM using IoT-Botnet 2020 dataset to propose an efficient anomaly detection using mutual information (MI) by considering deep neural network (DNN) for an IoT network. Similar study by Ali and Choi [38] presents a comprehensive review on state-of-art AI techniques for distributed smart grids with aims to support the integration of renewable energy resources security. Tahsien et al. [39] present a survey of ML-based solutions for IoT security in terms of different types of possible attacks. Alsoufi et al. [40] present a review analysis on anomaly-based intrusion detection systems in IoT using several DL techniques. Echeverría et al. [41] investigated in-depth on cybersecurity model based on hardening to secure IoT using a model of sequence consist seven steps to minimize the attack surface through executing hardening processing. However, new concern about cybersecurity issues are rising in IoT infrastructure Djenna et al. [42] presents a critical analysis of the most recent cybersecurity issues for IoT-based critical infrastructures. Another progressive research on IoT security by Mahbub [43] presents an exhaustive analysis based on perspective protocols, vulnerabilities and preemptive architectonics.
This review focuses on AI techniques used between 2016 and 2021. However, before 2016, AI has played a role in cybersecurity. The dominant techniques during this time include genetic algorithms, fuzzy logic and neural networks where many researchers proposed IDSs and intelligence architecture frameworks based on AI. For example, in 2015, Dilek et al. [44] provided a comprehensive review on AI techniques to combat cybercrimes with efficient methods for detecting and preventing cyber-attacks. In addition, Greensmith [45] provided how artificial immune systems (AIS) can maintain and secure IoT networks using advanced AIS. Moreover, the authors provide its challenges and limitations. In 2011, Morel [46] provided a broad overview of AI as a feature of cybersecurity based on its different approaches. Table 1 shows comparison details of other related studies in the area. The systematic review provides an in-depth analysis with future recommendations towards cybersecurity detection in IoT using AI techniques.

Survey Methodology
The current systematic literature review was conducted based on Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) [55]. The standard guidelines by Kitchenham [56] were applied, while Figure 2 illustrate the study screening and selection process. Table 2

Research Motivations
The approach to detect cybersecurity attacks in IoT using AI is widely developing. Due to this, there's need to explore in-depth analyses through examining previous studies. Our study goal is to identify what are the most effective AI methods to detect attacks, threats in IoT systems and investigate the available practice to reduce those attacks using effective techniques. For this purpose, readers will have an idea about IoT security using AI especially those new in the area. Some studies focused on traditional methods, while some focused on DL techniques for IoT security. In our study, we explore both ML and DL techniques for IoT security with feature recommendations. In addition, we focused on related studies to IoT security using AI methods.

RQ1
: What are the existing cybersecurity attacks and threats in the IoT environment? RQ2: What are the common AI methods used to detect cybersecurity attacks in the IoT? RQ3: What are the available practices to reduce cybersecurity attacks for IoT using AI approaches?

Information Sources and Database
The literature search was performed using different database sources based on a search strategy developed to identify the relevant studies. To this end, a systematic computerized search was finalized using three database sources, namely SCOPUS, Science Direct, IEEE Xplore, Web of Science, ACM, and MDPI. We developed a search strategy to identify relevant literature following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines during all stages [55]. Figure 2 presents the article screening and selection processes which were assessed by two authors of this study (M.A. and Y.B.).

Search Strategy and Key Terms
The search strategy was customized for three databases using the following search terms: 'Artificial Intelligence' OR 'Machine Learning' OR 'Deep Learning' OR 'AI' OR 'ML' OR 'DL' AND 'Cybersecurity' OR 'Attacks' OR 'Threats' AND 'IoT' OR 'CPS' 'Industrial IoT' OR 'Medical IoT' OR 'Energy IoT' AND 'Detection' OR 'Prediction' OR 'Identification' OR 'Detect'. All searches spanned the period from the inception of the database until 2021 and included journal articles with a few review papers published only in English.

Eligibility Criteria
The search was primarily focused on the mapping of existing literature on Internet security and ML security in the fields of computer science, decision science, and mathematics. The search covered the years 2016 to 2021; all articles published before 2016 were excluded from the search. Moreover, the search was performed on a global level and not restricted to a specific country or region. At this stage, 72 research articles were excluded, and the 80 selected research articles were extracted. Table 3 summarizes the inclusion and exclusion criteria used in selecting the research articles.

Quality Assessment
Quality assessment was based on original research and a few review articles. To maintain the quality of the review, all duplicate records were thoroughly checked. In particular, the abstracts of all research articles included in the review process were checked in detail and filtered to ensure their quality and relevance. A careful evaluation of each research paper was performed at a later stage. Another exclusion criterion was to limit the articles to those published in the English language. Consequently, six articles in non-English languages were excluded from the study.

Data Extraction
Selected studies were placed into a data extraction spreadsheet using Microsoft Excel 2019. The data extracted from the studies were: author(s), year, AI type, algorithm used, performance focus, model performance, number of predictive features, types of cybersecurity attacks and data sources. The data extraction was performed by two authors of this study (N.A. and S.J.A).

Results
In this section, we summarize the results of the screening and search processes based on the PRISMA guidelines. First, we describe the characteristics of selected research studies by presenting their data quantitatively, which includes listing documents by year, journal sources, subject area, and the algorithm used. Second, we classify the literature of selected studies using the AI method, model performance, and types of attacks. The analysis of all results discussed in this section is directly related to the research questions of this study. Figure 3 depicts the yearly distribution of the studies from 2016 to 2021. It was observed that the number of studies has significantly increased over the years, which signifies that the field of cybersecurity and IoT are gaining in popularity and receiving increasing attention from various scholars. The findings also indicate that AI models have produced satisfactory results in detecting IoT cybersecurity threats. As seen in Figure 3, the highest number of studies were published in 2020 (N = 29, 52.7%), followed by 2019 (N = 11, 20%).   Figure 5 depicts the distribution of the selected studies in terms of subject areas. The highest percentage of studies was found in the field of computer science (32%), followed by decision science (16%), which was followed by engineering (14%), material science (13%), others (11%), mathematics (9%) and energy (5%). This indicates that in comparison with other fields of study, computer science has performed more investigation of the use of AI methods for IoT cybersecurity threats.     Table 4 summarizes the classification of the studies based on ML algorithms used in the detection of IoT threats. The table includes article authors, year, description of their work, datasets, and ML algorithms used. ML methods are the most promising for ensuring security within the IoT environment, whereas framework models, IDSs, techniques, and intelligent architectures have been proposed by various researchers to detect threats and attacks in IoT devices and fog-based systems. According to the summary of studies, SVM, SVR, DT, RF, NB classifier, LR, KNN, and fuzzy algorithms are commonly used to address cybersecurity-related issues. The ML algorithms were categorized into supervised, unsupervised, and semi-supervised learning-based methods. Furthermore, certain studies combined different methods to compare their performances, which are referred to as intelligent hybrid models. Table 5 summarizes the classification of the studies based on the DL algorithms used in the detection. The table includes article authors, year, description, datasets, and DL algorithms used. DL is a subsection of ML that is based on a neural network and plays a vital role in cybersecurity within the IoT environment. Most researchers have proposed smart IDSs, framework models, techniques, intelligent architectures, and fogbased methods to detect threats in the identification systems of IoT devices and networks. According to the selected studies, most researchers used deep autoencoders (DA), recurrent neural networks (RNN), convolutional neural networks (CNN), deep neural networks (DNN), multi-layer perception neural networks, and deep belief networks (DBN) to address cybersecurity issues. Certain studies combined different DL models to compare their performances, which are referred to as hybrid models. Additionally, most studies' datasets are KDD, which has limitations due to it being outdated in the IDS community. This work modelled two types of cyber-attacks (e.g., transitory and steady cyber-attacks). A multivariate Gaussian-based anomaly detection method is suggested to detect these false data injections more effectively.

Summary of Studies Classified Based on DL Algorithms
Simulated data K-means clustering, Linear Regression This work explores an approach for attack and anomaly detection based on algorithms for the defense and mitigation of IoT cybersecurity risks in a smart city.

UNSW-NB15, CICIDS2017
SVM, DT, RF, KNN   Table 6 summarizes the studies classified based on a number of predictive features and model performance. Most studies focused on the IoT environment using one of the following: ARM-based IoT applications, IoT/fog networks, Bot-IoT traffic, IIoT, healthcare IoT, power grid, smart city and IoT traffic. Conversely, performance focus determines the input of cybersecurity detection, which includes the detection of new malware samples in IoT applications/devices, effective attack detection of threats owing to the use of AI methods in IoT, and anomaly intrusion identification. Additionally, a number of predictive features, characteristics or attributes are used as a value that determines the resulting outcome of cybersecurity detection. To evaluate AI models different evaluation metrics have been used which include accuracy (ACC), precision (PRE), recall (REC), and f-measure (F1). In addition, Figure 7 shows the frequency of model performance of the studies.   Table 7 summarizes the classification of the selected studies based on IDSs, strategies, detection categories, and types of detection/attack/threat in the IoT. According to the selected studies, most researchers used hybrid, centralized, and distributed strategies with ARM-based IDS, distribution-based IDS, anomaly-based IDS, fog computing-based IDS, and specification-based IDS as detection categories. The types of detection/attack/threat include malware attacks, denial-of-service (DoS), distributed denial-of-service (DDoS), message queuing telemetry transport DoS (MQTT DoS), botnet, network, ramping, blackhole, reconnaissance, sinkhole, wormhole attacks, and network traffic categorization.  To identify the existing cybersecurity attacks, threats, and vulnerabilities in IoT (RQ1), our study confirmed the existence of DoS, DDoS, malicious, ransomware, blackhole, sinkhole, reconnaissance, and wormhole attacks (Table 7) in IoT environments. Additionally, Wang et al. [62] proposed a network attack detection model of power grid disturbances to identify cyberattacks. Rathore and Park [25] introduced fog-based attack detection considering the attack categories of the IoT ecosystem, namely DoS, probe, user-to-root (U2R), and remote-to-local (R2L) attacks. Dovom et al. [61] introduced ransomware and malware attack detection in IoT. Li et al. [60] evaluated the performance of false alarm reduction to enhance collaborative intrusion detection in IoT environments, and Azmoodeh et al. [68] proposed non-malicious applications to detect ransomware by monitoring the energy consumption patterns based on the power consumption of Android devices. Furthermore, our study explores IoT security by identifying existing features and fault identification, which are a vulnerability of IoT that leads to unreliable network and data communication. Vulnerabilities in IoT are increasing rapidly owing to the complexity of network traffic, the addition of network communication protocols, weak credentials, privacy, and insecure networks. Additionally, Diro and Chilamkurti [7] reported unauthorized access to local user accounts and a spy breaking into the system to obtain confidential information as vulnerabilities in the IoT with internet message access protocol (IMAP); these attacks can be categorized as R2L. Rashid et al. [70] added that vulnerabilities can occur through zero-day attacks by exploiting different protocols in the IoT. Therefore, when vulnerable data/information leaks are subjected to cybersecurity threats, the IoT becomes compromised by providing false results that lead to a sophisticated attack. Lastly, Table 8 illustrates the types of attacks within the IoT environment. We believe that support vector machines (SVM) and random forest (RF) are mostly used because of high accuracy detection another reason may be efficient memory. The study [58,59,61,[63][64][65][66][68][69][70] used SVM and RF due to their classifiers effectiveness. They are widely implemented in various domains such as anomaly intrusion detection systems in IoT environments because of their most efficient features from others ML algorithms towards identification of attacks with better performance. In addition, they are used for feature selection techniques to achieve high accuracy performance. However, they have limitations such as long CPU time from SVM and ineffective real-time predictions from RF. The studies from Alrashdi et al. [67] used the random forest method to propose a system for anomaly detection in IoT (AD-IoT), and Rahman et al. [58] used a support vector machine to address the limitations of centralized IDS for resource-constrained devices. They proposed two techniques, namely semi-distributed and distributed, which combine high-performance feature extraction and selection with potential fog-edge coordinated analytics. Furthermore, DL methods based on artificial neural networks are commonly used for cybersecurity detection (Table 5).

Summary of Studies Classified Based on IDSs and Types of Threats
In addition, we find out that HaddadPajouh et al. [71] used a recurrent neural network for detecting and hunting malware in IoT. Diro and Chilamkurti [7] used the DL method for cybersecurity to enable the detection of attacks in the social IoT based on a distributed approach, and Meidan et al. [76] used deep autoencoders to propose a novel network-based anomaly detection method for detecting unusual network traffic from exploited IoT devices. Other studies combine various AI methods for cybersecurity in IoT, which serve as hybrid methods. Additionally, Smys et al. [75] used a hybrid IDS for IoT, wherein the proposed IDS detected different types of attacks based on a hybrid convolutional neural network model. However, with the rapid development of ML and DL such as LSTM, XGBoost, CNN, NN, TCN, models provide efficient classification with high accuracy. We found that [72,74,77,79,83] used LSTM techniques with potential of RNN to hunt IoT malware and OpCodes sequence. The LSTM model is capable of learning on dependencies with input datasets. In addition, the advancements models techniques classification, prediction time series data to detect cybersecurity attacks within IoT environment. The LSTM structure has memory that stores previous time step information similar to blockchain technology. XGBoost techniques significantly improved based on boosting algorithms in cybersecurity such as to detect power grid cyber-attacks [62]. However, most studies from literature used single model technique with evaluating the model using NSL-KDD, KDD99 datasets. While at the current stage those datasets are outdated, we suggest using updated detests from real-world, real-time IoT systems. Multiple models can be combined to archive better results, performance and high detection techniques.

RQ3: What Are the Available Practices to Reduce Cybersecurity Attacks for IoT Using AI Approaches?
We found that many AI approaches have been proposed by researchers to tackle, reduce cybersecurity attacks in IoT systems. The available methods include smart intrusion detection systems, anomaly detection techniques, and intelligent architectural frameworks. An efficient DL based classification and technique has been used to detect cyber-attacks in IoT networks communications through the development of new autonomous DL classification systems using CNN [10]. AI-based data encryption enhances intermediates nodes of IoT systems [12]. In addition, AI approaches explore IoT data features extraction and provide intrusion detection systems with feature extractions for smart cities based on deep migration learning model [74]. However, the current AI techniques have limitations such as long training time due to large input datasets and high computational complexity. In addition, we suggest improving efficiency of AI models with a combination of models for better performance and high detection techniques.

Artificial Intelligence Roadmap
In this section, we provide an AI roadmap with brief overview of its development in detecting cybersecurity attacks within IoT systems. The methods have been categorized based on the cybersecurity threats they identify such as Probe, U2R, R2L and DoS as shown in Figure 8.

AI for Detecting Probe Attack
Probe attacks aim to obtain data based on target external network sources such as portsweep and IPsweep. The effects of probe attacks make data vulnerable within peer networks which gives an attacker the ability to spy, access, or gather information. This attack can be detected using AI-based techniques. For example, Zhang et al. [86] proposed an IDS model based on genetic algorithm (GA) and deep belief network (DBN) to achieve a high detection rate in IoT systems. In addition, a fast intrusion detection system was proposed using hybrid AI techniques such as RF, Naïve Bayes, C4.5, REPTree algorithm to detect attacks [87].

AI for Detecting U2R Attack
User to root (U2R) attack aims to have access into systems as normal account such attacks include perl and xterm. The effects of U2R attacks include manipulating, spying or interrupting normal system behavior. In Bagaa et al. [88], a novel SVM model was proposed based on a security framework to enable mitigating different threats such as U2R in IoT systems. In addition, a GA has been proposed for generating rules to detect U2R threats [89].

AI for Detecting R2L Attack
Remote to user (R2L) attacks occur when a user sends packets to system which do not have legal access such as xclock and guest password. The effects of R2L attacks exploit system privileges. AI methods for detecting R2L attacks include Chatterjee and Hanawal [90]. In the paper, a federated learning IDS was proposed based on a probabilistic hybrid ensemble classifier (PHEC) using KNN and RF to centralize IoT security. Moreover, a GA was proposed for generating rules to detect R2L attacks [89].

AI for Detecting DoS Attack
Denial of services (DoS) attack is among the most common, due to its easy execution. It can be performed by disturbing the network traffic such as DDoS and UDP storm. The effects of DoS attacks make system resources very busy to serve networking genuine requests. An AI detection model has been proposed using various ML/DL techniques which include CNN, RNN and SVM to detect DoS attacks in IoT Botnets datasets [88,91].

Discussion
In this section, we discuss our study findings in terms of the research questions presented in Section 1. We summarize the major findings and explain the limitations of our systematic literature review (SLR). Finally, recommendations for future investigations are presented. Our analysis and evaluation from empirical studies revealed that several vulnerabilities and threats that can lead to attacks exist in the IoT environment. Moreover, these attacks compromise the integrity of the IoT, which behaves abnormally during event processing owing to malicious activities. With the rapid increase in the number of IoT devices resulting from the emergence of Industry 4.0, security aspects must be prioritized. AI methods are the most promising approach for overcoming these security issues through the detection and identification of threats and attacks using smart IDSs and intelligent architectural frameworks. Moreover, the AI methods vary for different types of ML/DL in terms of event processing performance in an IoT environment.
As shown in Table 9, we indicate some selected AI models currently trending. The OIE contribute towards model extracting information from unstructured data for valuable cyber threat information when analyzing cybersecurity report [92]. In natural language processing, transformer-based models are most effective towards detecting misinformation, machine translation, text summarization on large scale with less human effort to generate fake cyber threats intelligence text description with transformed based-model [93]. XGBoost model based on gradient boosting library also among high efficient models towards decision making, XGBoost have used for security modelling to detect cyber security based on abnormalities and multi-attacks [94]. The LSTM models play a vital role among AI models for classification, prediction on time series data based on a recurrent neural network, LSTM technique have been used to introduce a deep frequency decomposition model to achieve stock prediction [95]. EBM model provides generative model from statistical physics used self-supervised learning based on EBM for equilibrium thermodynamics due to its softmax layer and mapping energies to probabilities [96]. In prediction research especially during the coronavirus disease 2019 (COVID-19). As it is been spreading within countries such as used ISI model for proposing COVID-19 prediction to estimate the infection variety for analyzing transmission laws with development trends [97]. However, the AI model has been providing a classification of misconceptions, myths and desired where the authors elaborate more on the most popular AI models with statistical methods representing characteristics models which include NN, ES, HMM, AB, and GLM [98]. Lastly, all AI models presented are effective, efficient in performance towards various applications for decisions, classification, and statistics with many more. Table 9. List of some selected trends for artificial intelligence models.

Authors
Year As shown in Table 10, the state-of-art are listed from previous studies with providing insight on cybersecurity attacks detection using AI techniques to detect threats in IoT environments. Notably, intrusion detections systems and anomaly-based detection are most used due to their efficient performance. While some studies applied hybrid performance to solve IoT network issues. To further improve AI performance towards predicting attacks, malware analyses and anomaly detection, current techniques need to be enhanced.
We suggest researchers focus more on combining trending AI models, development of architectural intelligence framework and increasing accuracy performance.

Limitations of the Study
Our SLR comprehensively summarizes the empirical studies using only 80 research articles based on a search strategy by examining several databases, including SCOPUS, Science Direct, IEEE Xplore, Web of Science, ACM, and MDPI. Consequently, certain related studies may not be included as the search was performed considering journal papers published over five years (2016)(2017)(2018)(2019)(2020)(2021). Moreover, non-English studies were excluded. In addition, some database searches are excluded such as Springer.
After a critical analysis, we determined that several proposed frameworks are weak in terms of methodology and data analysis, which leads to an outcome with low accuracy.
Additionally, each proposed system has certain problems that have not yet been solved. Although the results of certain studies are in different metric performances, we focused more on results in terms of accuracy (%) when analyzing IoT security using AI methods. In addition, it is worth mentioning that several studies did not report the predictive features of their datasets. Finally, our paper has some potential extensions and further applications but we are unable to investigate several threats which include fault injection, jamming in the IoT environment.

Recommendations for Future Investigations
Owing to the rapid development and increase in the use of IoT devices in various sectors, which include IIoT, medical IoT, energy IoT, and CPS, we recommend further investigation of the existing AI algorithms by introducing next-generation approaches in IoT security and privacy. Additionally, search databases other than SCOPUS, Science Direct, IEEE Xplore, Web of Science, ACM, and MDPI should be analyzed.
Our results reveal that different AI approaches have been proposed and implemented by researchers based on ML/DL algorithms, including hybrid methods that combine different algorithms. This implies that improving the existing intelligent architectural frameworks can aid in introducing different AI methods of ML/DL with better performance.
Our results also, verify the existence of different types of cybersecurity attacks, such as DDoS, sinkhole, wormhole, and ramping attacks, in the IoT environment. Although these attacks are categorized as DoS, probe, R2L, and U2R attacks, researchers can explore vulnerabilities beyond these categories. Moreover, the most vulnerable layer in IoT needs to be identified.
Further work also needs to be performed in improving the detection accuracy as well as concentrating on the availability of recent real-world datasets in order to detect new types of IoT threats. Finally, we anticipate our SLR results will encourage further inspiration in developing new IDS/AI models to secure the IoT environment against cybersecurity threats and attacks.

Conclusions
In this paper, we present a systematic review of cybersecurity detection attacks in the IoT using AI methods. Due to their rapid development in the various domains, large amounts of data are constantly being generated, which requires an increased focus on privacy and security. Attacks in IoT can be categorized into Probe, R2L, U2R, and DoS. If these attacks succeed, IoT performance can be compromised in many ways such as giving false information. While in the past, traditional methods have been used for improving IoT security, due to the rapid evolution of cyber threats. As a result of industrial 4.0, the AI approach can be considered one of the most promising methods.
We summarized, categorized, and mapped the existing literature on AI methods for the detection of cybersecurity attacks in IoT environments using formulated research questions. The survey was conducted using the PRISMA method, wherein eighty studies from 2016 to 2021 were carefully selected and evaluated. However, the SLR validates that AI approaches are a promising method for providing security and privacy in IoT environments.

Conflicts of Interest:
The authors declare that there are no conflict of interest.

Abbreviations
The