Next Article in Journal
Denoising the ECG from the EMG Using Stationary Wavelet Transform and Template Matching
Next Article in Special Issue
Federated Learning for Surveillance Systems: A Literature Review and AHP Expert-Based Evaluation
Previous Article in Journal
Development of an Extended-Band mTRL Calibration Kit for On-Wafer Characterization of InP-HEMTs up to 1.1 THz
Previous Article in Special Issue
From Shore-A 85 to Shore-D 70: Multimaterial Transitions in 3D-Printed Exoskeleton
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 17
10.3390/electronics14173475
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Review of Fuzzy Methods Application in IIoT Security—Challenges and Perspectives

by
Emanuel Krzysztoń
,
Dariusz Mikołajewski
and
Piotr Prokopowicz
*
Faculty of Computer Science, Kazimierz Wielki University, 85-064 Bydgoszcz, Poland
*
Author to whom correspondence should be addressed.
Electronics 2025, 14(17), 3475; https://doi.org/10.3390/electronics14173475
Submission received: 28 July 2025 / Revised: 20 August 2025 / Accepted: 28 August 2025 / Published: 29 August 2025
(This article belongs to the Special Issue Artificial Intelligence for Advanced Engineering: Techniques, Methods, and Frameworks)
Browse Figures
Versions Notes

Abstract

Traditional methods often fail when confronted with data characterised by uncertainty, incompleteness, and dynamically evolving threats within the Industrial Internet of Things (IIoT) environment. This paper presents the role of fuzzy set methods as a response to these challenges in ensuring IIoT security. A systematic literature review reveals how fuzzy set methods contribute to supporting and enabling actions ranging from anomaly detection to risk analysis. The work focuses on fuzzy systems such as the Fuzzy Inference System (FIS) and the Adaptive Neuro-Fuzzy Inference System (ANFIS), highlighting their strengths, including their resilience to imperfect data and the intuitiveness of their rules. It also identifies challenges related to optimisation and scalability. The article outlines directions for further research, indicating the potential of fuzzy methods as a cornerstone of future, intelligent IIoT cyber defence systems, capable of effectively responding to complex and changing attack scenarios.

1. Introduction

The rapid digital transformation of industrial systems presents significant security and resilience challenges across various sectors. Studies, including those by ENISA [1], confirm the escalating trend of cyberattacks targeting a broad range of industries. Given the scope of these threats, it is crucial to optimise and strengthen existing organisational security safeguards. Within this context, industrial systems at the intersection of Information Technology (IT) and Operational Technology (OT), particularly emerging IIoT technologies, warrant special attention due to their diverse applications, complexity, rapid pace of adoption, and heterogeneous design[2].The European Union’s NIS 2 regulation [3] emphasises the need for a unified approach and the implementation of robust safeguards to ensure system security and resilience.

1.1. Methodology

The paper aims to examine current approaches to ensuring the security and resilience of IIoT systems using fuzzy set methods. To guarantee the review’s thoroughness and comprehensiveness, a systematic approach was employed for searching and selecting scientific publications. The goal was to precisely identify research and studies concerning the application of fuzzy set theory and hybrid models, with a particular focus on neuro-fuzzy systems, in the context of ensuring security within the IIoT environment. This objective was achieved through a systematic and transparent search strategy, partially aligned (we focused on ten PRISMA 2020 items only) with the PRISMA 2020 guidelines presented in Figure 1. The PRISMA 2020 Checklist (partial only) was attached as a Supplementary File.
The first step involved identifying databases and keywords. Renowned scientometric databases such as Google Scholar, ResearchGate, IEEE Xplore, and ACM Digital Library served as the primary sources for publications. Detailed sets of English keywords were also defined, reflecting the main thematic areas of the review. Exemplary, carefully constructed search strings included combinations of terms like “IIoT security”, “Industrial IoT security”, “cybersecurity IIoT”, “threat detection IIoT”, “fuzzy logic”, “fuzzy set theory”, “fuzzy inference system”, “fuzzy clustering”, “fuzzy-c”, “neuro-fuzzy systems”, “ANFIS”, “hybrid AI”, “anomaly detection”, “intrusion detection”, “profiling”, “IIoT risk assessment”, “fuzzy risk assessment”, and “fuzzy trust management IIoT”. Appropriate logical operators (AND, OR) and phrases enclosed in quotation marks were used to precisely narrow down or broaden search results. The next, equally crucial, stage involved defining clear inclusion and exclusion criteria for publications. Only peer-reviewed publications, such as journal articles and conference papers, were included for analysis. Their content had to directly address the application of fuzzy sets or neuro-fuzzy models in the context of IIoT system security (Reason 1). This encompassed specific applications like anomaly detection, trust management, device profiling, or risk assessment. Priority was given to articles published within the last ten years (2015–2025).
Conversely, articles that did not concern IIoT security, focused exclusively on classic IoT without an industrial context, or were in the form of short communications or conference abstracts without full text were systematically excluded from the review (Reason 2).
The final phase comprised the selection and data extraction process. Initially, a comprehensive pool of articles was gathered based on the defined keywords. A preliminary selection was then conducted, assessing thematic relevance based on titles and abstracts, thereby eliminating publications that clearly did not meet the established criteria. For the remaining, initially qualified articles, a full content analysis was carried out to verify their scientific quality. At this stage, the bibliographies of highly rated articles were reviewed to identify additional, valuable sources that might have been missed in the initial search.
From each finally selected article, key information was meticulously extracted, such as the method applied, the specific area of application within the IIoT environment, and the main results achieved and practical applications. The data collected in this manner served to construct Tables 2 and 3, enabling systematic categorisation and an in-depth analysis of current research trends in the discussed field. As a result of this rigorous and systematic review, over 40 carefully selected publications were analysed, forming a solid basis for drawing conclusions regarding the potential, challenges, and directions for further research on the application of fuzzy set theory in the context of ensuring IIoT system security.

1.2. Research Gap, Questions and Contributions

Within this work, the following research questions were formulated:
  • How can uncertainty and ambiguity in IIoT system data be effectively modelled?
  • In what way can fuzzy set theory be utilised to represent degrees of membership to specific states and behavioural patterns to ensure the security of IIoT systems?
  • What are the potential benefits and challenges associated with applying fuzzy set theory to IIoT system profiling, especially in the context of incomplete and ambiguous data?
The main contribution of this paper is to present the first critical review of the use of fuzzy methods in IIoT security, which is based on partial PRISMA 2020. Additionally, the review adapts the guidelines and particularly considers the specific nature of this field. This distinguishes it from broader research. The study systematically organises the current state of knowledge, identifying areas where fuzzy methods have been effectively applied to enhance the security and resilience of IIoT systems. These areas include, amongst others, risk analysis, post-incident decision support, and trust management.
This review contrasts with previous, fragmented studies, offering a holistic perspective on the state of knowledge in IIoT cybersecurity. Based on the selection criteria presented in Table 1, our analysis discusses in detail the technical advantages of fuzzy methods. These advantages stem from their ability to model uncertainty and imprecise data. At the same time, this work highlights the practical limitations of these methods. It also identifies key gaps for further research, such as the subjective process of designing fuzzy rules, the increased computational complexity for large systems, and the lack of traditional self-learning capabilities.
Table 1. Analysis of selected review papers in the context of IIoT security.
Table 1. Analysis of selected review papers in the context of IIoT security.
Year/
Reference		Thematic ScopeReview MethodologyType of Analysis
(Descriptive vs. Critical)		Case Studies
Included		Conclusions and Research Gaps
2020/[5]Security with fuzzy set methodsnarrativedescriptiveYes, detailed case studiesComplex review of fuzzy methods with identified gaps in research regarding system interpretability, scalability, and the need to create unified evaluation benchmarks.
2023/[6]IDS for IoT/IIoTnarrativecritical and analyticalNo, focused on a literature synthesisLack of a unified design methodology, scalability limitations, and lack of public datasets.
2023/[7]IIoT securitysystematiccritical and analyticalYes, a general, non-detailed case studiesResearch gaps in the scalability of fuzzy systems, lack of standard evaluation data sets, and integration with other security techniques in the IIoT context.
2023/[8]Situation awareness with fuzzy set methodsSystematic-PRISMAdescriptiveNo, focused on a literature synthesisReview highlights the need for advanced fuzzy logic and neuro-fuzzy models that can be effectively deployed on resource-constrained IIoT devices to handle real-time threat detection and anomaly analysis, thus bridging the gap between theoretical frameworks and practical, low-power applications.
2024/[9]Fuzzy systems in Medical IoTSystematic-PRISMAcritical and analyticalYes, a general, non-detailed case studyComprehensive review that focuses on the need for more efficient and scalable models for real-time threat detection and the lack of standardised datasets for evaluating these systems.
OurworkIIoT security with fuzzy set methodsSystematic-PRISMAcritical and analyticalYes, detailed case studiesFirst review of fuzzy theory applications in IIoT security, while identifying research gaps such as rule subjectivity, computational complexity, and the urgent need to develop dynamic system profiling methods.
Furthermore, the work includes an analysis of hybrid architecture combining neural networks with fuzzy methods. It demonstrates how the fusion of these two artificial intelligence methods, leveraging the pattern-learning capabilities of neural networks and the flexibility of fuzzy logic for decision interpretation, significantly improves the adaptability and accuracy of IIoT security systems. Moreover, this systematic review not only synthesizes existing knowledge but also critically identifies significant research gaps within the application of fuzzy set methods for IIoT security. Specifically, our findings highlight a pressing need for the development of novel, dynamic concepts for IIoT system profiling. These concepts must effectively utilisefuzzy methods to adapt to uncertainty, data incompleteness, and the dynamically evolving threat landscape of industrial environments. This identified gap underscores a crucial direction for future research, aiming to enhance the resilience and adaptability of IIoT security systems beyond static or traditional approaches.

2. Research Problem Statement—IIoT Security

Automation is a field of science and technology concerned with the automation of production and related processes. It involves the replacement of human factors by various OT technologies, which contributes to increasing production efficiency, improving product quality, and reducing costs [10,11,12,13,14,15,16,17,18].Industrial Automation and Control Systems (IACS) is a term referring to physical hardware, software, documented information, and the human element, which collectively form the controlling component, ensuring operational reliability and security [16]. Examples of IACS include Supervisory Control and Data Acquisition (SCADA) systems. Conversely, Industrial Control Systems (ICS) narrow the scope of IACS exclusively to industrial process control systems, such as Building Management Systems (BMS) or Programmable Logic Controllers (PLC).
Currently, new OT technologies are increasingly being integrated with office-based IT. This integration has created hybrid environments that offer new opportunities for Industry 4.0 while simultaneously generating new vulnerabilities to cyber threats [10,17].
IIoT, on the other hand, is a complex ecosystem encompassing all interconnected elements—from individual sensors to extensive infrastructure management systems; linking; amongst others; PLCs; industrial cameras; and machinery. It creates a global networked infrastructure that connects the physical world (sensors, devices, machines) with the digital world (networks, software) in order to optimise business and production processes [19,20]. The Industry IoT Consortium has presented a three-tiered technological architecture model for IIoT [11,21], designed to provide and enhance flexibility, scalability, and security. Figure 2 presents a diagram of this architecture. A detailed description of each of these layers, in the context of its role in IIoT systems, is provided below.
The Enterprise Tier represents the highest level where business decisions are made. This layer relies on data supplied from lower system levels, integrating business applications such as Manufacturing Execution Systems, Quality Management Systems, and advanced analytical tools for process optimisation and predictive analysis, for example, regarding product demand. This level also houses user interfaces, including Human–Machine Interfaces, enabling interaction with the system.
Below this is the Platform Tier, which acts as a central communication hub. Its role is to integrate edge devices with business applications by transmitting control commands from the enterprise layer. Key functions of this tier include data collection, processing, and analysis, as well as ensuring interoperability between various business applications. Advanced data analytics and device lifecycle management are also frequently implemented at this level.
At the lowest point in the hierarchy is the Edge Tier, whose role is to connect physical devices, such as sensors, actuators, and other components, with the digital world. These devices are responsible for generating, collecting, and pre-processing data to extract essential information before transmitting it further to the edge gateway. This layer also handles local decision-making and real-time control, which is crucial for latency-sensitive industrial operations.
The integration of OT and IT within IIoT brings numerous benefits, such as process optimisation. However, this fusion also alters the landscape of security and resilience assurance. Millions of new, connected devices—often with limited capabilities and long lifespans—increase the attack surface. This creates unique and complex challenges in the field of cybersecurity.

Threat Taxonomy in IIoT

IIoT systems, though primarily designed for reliability and operational continuity, are constantly exposed to new types of attacks. The vectors for these attacks are often closely linked to their multi-layered architecture as described above. Security incidents can lead to serious consequences, such as production disruptions, significant financial losses, and even a direct threat to life and health. To effectively counter these threats, a systematic attack taxonomy is essential. It serves as a fundamental tool for organisingknowledge, effectively designing defensive mechanisms, identifying security vulnerabilities, and rapidly responding to incidents. Based on a thorough analysis of the literature and selected studies [2,22,23,24,25,26,27], Figure 3 presents a taxonomy of selected threats to IIoT systems, highlighting those with the greatest potential impact and detection complexity in industrial environments.
The selected threats presented in Figure 3 include network attacks targeting the IIoTs communication infrastructure. It is worth noting DoS/DDoS (Denial of Service/Distributed Denial of Service) attacks, which disrupt service availability by overloading networks or devices. In an IIoT environment, these threats can lead to serious consequences, such as the shutdown of key production processes. It should be noted that Man-in-the-Middle (MITM) attacks involve intercepting and modifying communication, which can result in unauthorised control or the theft of data. In contrast, jamming is designed to disrupt wireless communication, thereby preventing the exchange of information between sensors, actuators, and controllers. Moreover, zero-day attacks exploit unknown vulnerabilities in software or hardware. This makes them exceptionally difficult for traditional security systems to detect, particularly in the IIoT context, where device lifecycles are often long and the update process complex. Equally dangerous is malware, encompassing a broad range of malicious code capable of crippling operations, stealing configuration or operational data, or even taking control of industrial devices. Additionally, data breaches lead to the leakage of sensitive information, such as production data, operational strategies, and even intellectual property. In the IIoT environment, the consequences of breaches can extend beyond financial aspects, directly impacting enterprises’ competitiveness and the operational security of the infrastructure. Meanwhile, insider threats stem from the actions (intentional or unintentional) of privileged users who have access to IIoT systems. These can be exceptionally difficult for security systems to detect and pose a serious risk to the integrity, confidentiality, and availability of the infrastructure. Physical threats include direct acts of equipment sabotage, device theft, or unauthorised access to the physical IIoT infrastructure. In the context of distributed and often hard-to-access locations for many IIoT devices, managing physical risk is paramount.
Consequently, there is an urgent need to develop and implement advanced analytical models that can effectively cope with this uncertainty and ambiguity. Models based on artificial intelligence methods, including machine learning algorithms and, particularly importantly, fuzzy methods, can enable a more flexible and adaptive approach.

3. Fundamentals of Fuzzy Set Theory

The theory of fuzzy sets, introduced in 1965 [28], is an extension of classical set theory. It allows for the modelling of uncertainty, imprecision, and subjective concepts that are present in natural language, as well as in complex systems [29,30,31,32]. In contrast to classical sets, where membership is binary, fuzzy sets allow for gradual membership within the interval [0;1]. Data presented in this manner is particularly useful in IIoT systems, where it is often incomplete, noisy, or originates from heterogeneous sources. For this reason, this method proves exceptionally useful for analysing and addressing complex problems, including those related to security and reliability.

3.1. Fuzzy Set

A fuzzy set A in a space X is defined as a set of ordered pairs ( x ,   μ A x ) where each element x∈X is assigned a degree of membership μ A x to the set A. Mathematically, a fuzzy set A is represented by a membership function μ A x :X→[0,1]:
A = x , μ A x   x X }
where:
  • If μ A x = 0 , then element x does not belong to the fuzzy set A at all.
  • If μ A x = 1 , then element x fully belongs to the fuzzy set A.
  • If 0 < μ A x < 1 , then element x belongs to the fuzzy set A to some degree.

3.2. Membership Function

The membership function μ A x is a fundamental element in the definition of a fuzzy set. It determines the degree to which a given element belongs to the fuzzy set. The choice of an appropriate membership function is often subjective and depends on the problem’s context. The most commonly used shapes for membership functions include singleton, triangular, trapezoidal, and Gaussian. These allow for flexible modelling of various types of uncertainty in data, as shown in Figure 4.

3.3. Fuzzy Logic

Fuzzy logic (FL) processes fuzzy sets to model and manipulate imprecise information. It allows for the formulation of conditional rules using fuzzy concepts and for drawing fuzzy inferences. In the context of IIoT systems, an exemplary rule might be: “If the signal level is very low and the number of packet retransmissions is extremely high, then the probability of interference is high.” These inferences are then converted into concrete actions or decisions through a process of defuzzification.

3.4. Fuzzy Inference System

A Fuzzy Inference System (FIS) is an intelligent logical system based on the principles of fuzzy logic. It is used to process input data, draw inferences from it, and generate precise outputs, even when faced with uncertainty and imprecision. Figure 5 illustrates typical FIS architecture.
The fuzzification module converts input data, known as ‘crisp’ values (meaning precise, numerical values), into fuzzy values. This is achieved using membership functions for each input variable, which determine the degree to which a given value belongs to predefined fuzzy sets. The fuzzy rule base module (knowledge base) contains a set of ‘if-then’ fuzzy rules that link input variables to output variables. These rules are typically formulated by domain experts and form the core of the decision-making system.The inference engine module then evaluates the activation degrees of these rules based on the fuzzy input data. It uses fuzzy logic operators (such as T-norms and S-norms) to generate an output for each rule. Following this, these individual rule outputs are aggregated, resulting in a single fuzzy output set.Finally, the defuzzification module converts this fuzzy output set back into a sharp, precise ‘crisp’ value. This final crisp value can then be used to make a specific decision or trigger an action within the system.

3.5. Fuzzy Clustering

The basis of fuzzy clustering is the concept of a fuzzy set for assigning data points to groups. This iterative process aims to minimise an objective function that weighs the distances between data points and cluster centres, utilising degrees of membership. The most used algorithm is Fuzzy C-Means (FCM).
Expressed by the formula (2):
J m ( U , V ) = i = 1 N j = 1 C μ i j m | | x i c j | | 2
where:
  • N–Total number of data points in the dataset.
  • C–Number of clusters.
  • μ i j –Degree of membership of the i-th data point ( x i ) to the j-th cluster (a value within the interval [0,1]).
  • m–Fuzzification parameter, which is any real number greater than 1.
  • x i –The i-th data point in the dataset.
  • c j –The centre (centroid) of the j-th cluster.
  • | | x i c j | | 2 –The squared Euclidean distance between point x i and cluster centre c j .
Figure 6 illustrates data distributed in a two-dimensional space. Using the FCM algorithm, the data points have been divided into clusters. However, there are also points located on their boundaries or at some distance from the cluster centres (marked with a red cross). The legend indicates the degree of membership (the μ i j value), which expresses how strongly a given point belongs to a particular cluster, taking values within the interval [0,1].
Figure 7 presents a bar chart indicating how selected points from Figure 6 were assigned to a given cluster. All of this confirms that fuzzy clustering is particularly useful within the context of IIoT security.

4. Application of Fuzzy Set Theory in IIoT

This section provides a comprehensive overview of selected publications that address the application of fuzzy set theory in the IIoT security domain. The analysis of these works is summarised in Table 2.
Table 2. Review of fuzzy set applications in IIoT environments for security assurance.
Table 2. Review of fuzzy set applications in IIoT environments for security assurance.
ReferenceMethodIIoTAreaEffect and ApplicationDataEvaluation
Metrics		Test
Environment		Limitations
[33]FLAllFeature selection to improve intrusion detection systemsPublic WUSTL-EHMS-2020AccuracySimulation
(python)		Traditional mutual information-based feature selection methods cannot cope with noise, uncertainty, and imprecision in IoT data.
[34]FLAllTrust management in fog nodes and attack detectionN/A
synthetic		Accuracy, TPR, TNR, FPR, FNRSimulation
(Cooja Contiki)		Reliance on a simulation-based environment requires validation of scalability and deployment in real, heterogeneous IIoT environments.
[35]FLAllRisk assessment to reduce false alarm rates in intrusion detection systemN/A
synthetic		accuracysimulationA lack of real-time learning mechanisms is a general limitation, typical of static rule-based systems.
[36]FLAllRisk assessment in compliance with ISO/IEC 27001N/A
Real data based on the ISO/IEC 27001 standard.		risk matrixSimulation
(Matlab)		Computational cost of Mamdani defuzzification method; subjectivity in defining rules and membership functions.
[37]FLAllRisk assessmentN/Arisk matrixN/AStatic analysis based on subjective rules and membership functions.
[38]FLAutomotiveRisk assessment using TARA methodPublic
Case study extracted from ISO/SAE 21434.		risk matrixSimulation
(Matlab)		Lack of real-world validation; static case study based on a standard. Inferential rules are subjectively derived from expert knowledge, affecting objectivity.
[39]FLAllRisk assessment model for information securityN/A
Expert opinions		risk matrixN/AHigh subjectivity from expert opinions, lack of transparency in method choices, and no empirical validation in a real IIoT environment.
[40]FLAllRisk assessment for attacks on operational networkN/A
The study is based on publicly available reports (CISA, SMICI)		risk matrix, FARsimulationStatic model with predefined rules and membership functions; requires integration of machine learning for dynamic updates.
[41]FLAllDecision support system for edge computing efficacy and securityN/A
synthetic		network throughput, end-to-end delay, energy consumption, packet overheadsimulation
(Matlab)		Lack of scalability with increased routing requests; inefficient resource consumption and network complexity due to malicious routing requests.
[42]FLBMSMultilayer risk assessment to support decision-making, trust management, and access controlN/A
The input data comes from monitoring systems and databases
(CVSS)		risk matrixsimulation
(Matlab)		Static, non-adaptive model; lack of transparency in fuzzy parameter selection.
[43]FLAllRisk assessment for access control policies with decision supportN/A
synthetic		accuracy, TPR, TNR, FPR, FNRsimulationHigh subjectivity of core concepts; lack of empirical validation.
[44]FLAllClassification and reduction of false alarm ratesPublic
CICIoT2023, Aposemat IoT-23		Balanced accuracy, accuracy, precision, recall, and F1-score.simulation
(Matlab)		Static fuzzy component; non-transparent parameter selection.
[45]FLAllControl method for assessing network securityN/A
synthetic		Time performancesimulation
(laboratory environment)		Lack of transparency in selecting fuzzy logic parameters; absence of objective performance evaluation metrics.
[46]FLAllDetection of jamming attacksN/A
synthetic		Accuracy, precision, recallsimulation
(Cooja Contiki)		Lack of transparency in selecting fuzzy logic parameters; static fuzzy component.
[47]FLAllJamming attack detection extended validation testN/A
synthetic		Accuracy, precision, recallsimulation
(Cooja Contiki)		Static model; lack of empirical validation; false positives (difficulty in distinguishing between overload and attacks).
[48]FLAllAssessment of security to support decision-making (for crypto key sharing)N/A
synthetic		Accuracy, overhead, security levelsimulationSubjectivity from reliance on expert knowledge; lack of transparency in selecting fuzzy logic parameters.
[49]FISAllAttacker profile and attack success rateN/A
Expert opinions		Profile matrixsimulation
(Matlab)		Subjectivity from reliance on subjective attributes (knowledge, motivation); static nature.
[50]FISAllDecision-making and controlN/A
Data acquired from sensors		MAE, RMSEsimulation
(Matlab, laboratory environment)		Subjectivity from reliance on expert knowledge; lack of empirical validation in a real-world environment.
[51]FISAllPost-cyber incident decision-makingN/A
synthetic		N/Asimulation
(Matlab)		Static model; lack of empirical validation in a real-world environment.
[52]FISAllDecision support in reaction to a cyberincident with response scoringN/A
synthetic		Accuracy, detection rate, FARsimulation
(Matlab, python)		Lack of empirical validation in a real-world environment.
[53]FISAllBotnet risk assessmentPublic
CICIoT2023		Accuracy, risk matrixsimulation
(Matlab)		Lack of empirical validation in a real-world environment; trade-off between accuracy and interpretability, requiring a balance between the number of rules and readability.
[54]FISAllRisk assessment using multiple FISN/A
synthetic		Risk matrixsimulationStatic model with no empirical validation in a real-world environment; limited scope of risk assessment.
[55]FISIACSRisk assessment model for softwareN/A
Expert opinions		Risk matrixsimulation
(Matlab)		High effort is required from experts and subjectivity based on their knowledge, which hinders scalability and verification of results.
[56]FISAllIntrusion detection classification in the IIoT networkPublic
NSL-KDD		RMSE, accuracy, precision, sensitivity, specificity, F1-scoresimulation
(python)		Lack of empirical validation in a real-world environment; limited granularity of classification, hindering precise differentiation of threat severity.
[26]FCM/FLAllDetection of classical attacks and zero-day attacks with a decision support system N/A
synthetic		Accuracysimulation
(Cooja Contiki)		Subjectivity from expert knowledge, lack of empirical validation, false alarms, limited detection scope.
[57]FCMAllAttack detectionPublic
NSL-KDD		Accuracy, Positive Predictive Value,
Sensitivity, F-score, Mathew Correlation Coefficient		simulationInstability of created algorithm from random weight and bias assignment, potentially leading to suboptimal performance; lack of empirical validation in a real-world environment.
[58]FIS/FCMAllTrust management model in access controlN/A
synthetic		RMSE, precision, recall, F1-scoresimulation
(Matlab)		Limited scope of trust assessment; lack of full implementation, which reduces practical utility; exclusive focus on performance and flexibility.
[59]FCMAllAttack detectionPublic
NSL-KDD, AWID, BoT-IoT		Accuracy, detection, precision, F1-scoresimulation
(python)		Scalability limitations remain an open question; lack of empirical validation in a real-world environment.
[60]FCMAllAnomaly detectionN/A
synthetic		RMSEsimulation
(Matlab, laboratory environment)		Validation conducted in a prototype installation; lack of quantitative evaluation metrics.
[61]FCMMedical IoTAnomaly detectionPublic
WUSTL-EHMS		Accuracy, precision, recall, F1-scoresimulation
(python)		Lack of empirical validation in a real-world environment; lack of transparency in the decision-making process.
[62]FCMAllConfidence grouping in an intelligent city for risk assessmentPublic
NSL-KDD		Risk matrix, true rate, false rate, precision, recall, F-scoresimulationRequires extended evaluation and further research on scalability.
Analysing the information in the “Methods” column of Table 2 highlights the specific fuzzy set methods applied in the discussed research. Conversely, interpreting the “IIoT area” column reveals that while most studies focus on general applications across various IIoT domains, there are also publications dedicated to specific sub-domains. However, this does not alter the overall trend of versatile utilisation.
In the “Effect and application” column, one can observe a number of correlations that are consistent with the assumptions of the threat taxonomy presented in Section 2. Works such as [33,36] emphasise the use of fuzzy set methods to significantly improve the effectiveness of Intrusion Detection Systems (IDS), including reducing the number of false alarms. Publications [46,47] focus on the detection of specific jamming attacks. Furthermore, an analysis of the works [57,58,59,60] unambiguously points to the effective use of FCM and general fuzzy logic principles for detecting anomalies and zero-day attacks. The FCM algorithm is particularly useful in identifying new, unknown attack patterns by grouping behaviours that deviate from the norm, even if their characteristics are not precisely defined. The application of fuzzy set methods is also a natural fit for risk assessment and trust management, as illustrated by the works [34,35,36,37,38,39,40,42,43]. This stems from the fact that the concept of “risk” is inherently imprecise and depends on numerous uncertain factors, making fuzzy approaches an ideal tool for its quantification. Furthermore, trust systems in IIoT need to cope with variable and dynamic levels of trust, where a binary approach is insufficient to capture the nuances. It is also worth highlighting the application area of fuzzy set methods in the context of decision support and control within IIoT systems. Publications [44,48,50,51] show its implementation for security assessment, ranging from supporting decisions on cryptographic key sharing and optimising edge computing efficiency, through trust management in BMS systems, to cyber incident response and general decision-making processes, including control.
The vast majority of the analysed work relies on synthetic data or datasets generated in controlled environments (simulations). While this approach allows for testing specific scenarios, it poses a serious limitation regarding the validation of solutions under real-world conditions. A few studies (e.g., [33,44,56,57,59,61,62]) are based on publicly available datasets, which increases their credibility and enables result replication. The use of expert opinion (refs. [39,49,55]) is typical for risk assessment models, but it introduces a significant element of subjectivity, which undermines the objectivity and scalability of the results.
Most studies, especially in the field of intrusion detection, apply standard classification metrics such as accuracy, precision, recall, and F1-score. These results, although often promising, are obtained in simulated environments. The lack of empirical validation in a real IIoT system is a common and critical limitation. In works concerning risk assessment, the metric used is the risk matrix. While this is a tool for qualitative visualisation, its correct completion requires quantitative data, which is fuzzified at the input stage. Therefore, the risk matrix, unlike classification metrics, does not evaluate the algorithm’s performance but rather the system’s effectiveness in prioritising threats from the perspective of decision-makers.
The analysis of the data in Table 2 unequivocally confirms the hypothesis that fuzzy set theory is a valuable tool for increasing the level of security and reliability in IIoT environments.

Challenges and Limitations of Fuzzy Set Methods

Methods based on fuzzy set theory (FL, FIS, FCM), despite their numerous advantages and wide range of applications, do have certain challenges and limitations. It is important to consider these when designing, implementing, and validating them. A comprehensive understanding of these imperfections is essential for both the effective use of these methods and for the development of innovative, hybrid approaches. What is more, the literature analysis presented in Table 2 indicates that most researchers often focus on showcasing solutions themselves, overlooking a detailed analysis of fuzzy methods’ limitations. This is crucial for the replicability of research and the adaptation of proposed solutions in other design contexts.
One of the challenges is the lack of a universal and formalised method for designing membership functions and rule bases. This process is often subjective and heuristic, largely based on expert knowledge from the given field. In practice, there isno algorithm that guarantees the optimal selection of shapes, ranges, and parameters for membership functions, nor an optimal structure and content for fuzzy rules. This lack of a formalised method means that calibrating these elements often relies on a tedious trial-and-error approach. As a result, the process is not only time-consuming but also extremely difficult to automate, particularly for highly complex systems. Furthermore, many studies lack transparency regarding the method of parameter selection, which makes objective evaluation and replication of the experiment by other researchers impossible.
Models based on fuzzy set methods are inherently static. This means their rules are predefined, and they lack a built-in ability to autonomously learn and adapt from new data, which is a significant difference compared to many contemporary machine learning algorithms. In a dynamic environment like IIoT, where threats are constantly evolving and network conditions change, the need for manual modification and calibration of rules or membership functions is a major limitation. This affects flexibility and often necessitates the use of hybrid approaches.
A problem that undermines the practical value of much of the research is the lack of empirical validation. The vast majority of studies rely exclusively on simulated environments. This makes it impossible to reliably evaluate model performance under real-world IIoT conditions, where variable latency, resource constraints, and unpredictable events occur. Although simulations allow for rapid prototyping, they are not sufficient to prove a solution’s practical utility.
Regarding computational complexity and scalability, the literature analysis reveals two conflicting perspectives. On the one hand, many studies indicate that an increase in the number of input variables and rules leads to an exponential growth in state space. This directly translates into increased computational and memory complexity. This is particularly problematic in applications requiring high reliability and security, where the often-limited computational resources of edge devices must be considered. Furthermore, some works point to the high computational cost associated with specific defuzzification methods ([36]), which has a direct impact on the scalability of the solution ([34,41,55,59,62]).
In contrast to these common concerns about computational complexity, the work in [63] presented a model with minimal complexity and high scalability. This suggests that challenges related to the growing number of devices can be effectively addressed through innovative approaches that optimise performance. This dichotomy in the literature highlights that the challenges associated with computational complexity and scalability are not universal. Their effectiveness largely depends on the specific implementation and optimisation. This points to the need for further research that will allow for a deep analysis of the conditions and optimisation mechanisms that enable the creation of scalable and computationally efficient fuzzy systems. Such systems will be able to meet the demands of real-world IIoT environments.
In the analysedset of papers on IoT security, approximately 45% of studies rely solely on simulations rather than real-world implementations or testbeds. About 35% combine simulations with small-scale experimental validation, while only 15–20% use real-world large-scale implementations. This reliance on simulation highlights the gap between theoretical models and practical application, as many proposed solutions have not been tested under IoT stress conditions. The predominance of simulation-based research often stems from challenges related to cost, scalability, and the heterogeneity of implementing IoT testbeds; the increasing availability of test databases; and the greater variety of scenarios possible using genAI (including synthetic and semi-synthetic data).Such computer-assisted exercises (CAXs) are also common in national security and defence environments. While the lessons learned from simulations are valuable, they may not fully reflect practical security vulnerabilities and performance trade-offs in real IoT systems, but they do provide testing opportunities under extreme conditions that are difficult to implement in practice, such as an attack on a country’s power system or other critical infrastructure (water, transportation).
Key public datasets for IoT security research include:
  • NSL-KDD is one of the earliest and most widely used intrusion detection datasets; however, it is not IoT-specific and has outdated traffic patterns that may not reflect modern IoT threats;
  • CICIDS2017 provides realistic network traffic covering multiple attack scenarios, and although often used in IoT research, it was originally designed for general network intrusion detection, not for resource-constrained IoT environments;
  • BoT-IoT is a purpose-built dataset for IoT security research, generated using simulated IoT devices under normal and attack conditions, although its synthetic nature limits the diversity of device types and real-world variability;
  • CSE-CIC-IDS2018 expands CICIDS2017 with more comprehensive attack coverage while still reflecting traditional IT networks more closely than heterogeneous IoT deployments; The TON_IoT datasets include telemetry, network traffic, and system logs from IoT testbeds and industrial IoT, making them valuable for anomaly detection, but their scale is relatively small compared to real-world IoT ecosystems; CICIoT2023 is a new, large-scale dataset that integrates traffic from multiple IoT devices with different attack types, providing more up-to-date coverage, although it remains limited to the devices included in its testbed;
  • UNSW-NB15 is another general intrusion detection dataset widely used in IoT research. Its limitation is that it is generated in an emulated environment that may not reflect IoT-specific constraints;
  • IoT-23 is a collection of malicious and benign IoT traffic traces published by Stratosphere IPS, offering realistic behaviourof IoT malware, although it lacks representation of normal, heterogeneous IoT usage.
  • The Edge-IIoTset focuses on attack scenarios on industrial IoT and edge computing environments, making it crucial for IIoT research. However, its availability is relatively recent, and its popularity is still growing.
Although the aforementioned datasets are advanced in IoT security research, most of them are synthetic, outdated, or do not fully reflect the enormous heterogeneity and scale of real-world IoT deployments. There is a need to continuously improve these datasets and create new ones that are better adapted to future requirements. To keep up with threats, we must create cybersecurity tools and datasets that already reflect the projected state of technology in 2030 and address future threats, even those not yet fully defined.

5. Hybrid Fuzzy Models

The fuzzy systems analysed so far, based solely on expert knowledge, run into the limitations detailed in Section Challenges and Limitations of Fuzzy Set Methods. These challenges compel us to seek more adaptive and autonomous solutions. In response, hybrid fuzzy models have been considered, combining the advantages of fuzzy sets with other artificial intelligence paradigms, such as neural networks, genetic algorithms, or various machine learning methods.
The core idea behind hybrid approaches is the synergistic use of complementary features from different methods. In the context of this paper, owing to the modular structure of fuzzy systems that integrate seamlessly with the architecture of classic neural networks, the focus has been on Neuro-Fuzzy Systems (NFS). These systems are characterised by their ability to learn from data, adapt to changing conditions, and recognise complex patterns.
There are diverse structures of neuro-fuzzy systems; however, within the scope of this research, particular attention has been paid to the Adaptive Neuro-Fuzzy Inference System (ANFIS). This is a widely used and influential architecture, combining the benefits of a Takagi–Sugeno-type fuzzy inference system with the flexibility of a neural network. The ANFIS structure typically consists of five layers, each responsible for a specific stage of the fuzzy inference process: fuzzification, rule generation, normalisation, aggregation, and defuzzification [64,65]. Table 3 presents an analysis of selected works that address the application of neuro-fuzzy systems within the context of IIoT environment security.
Table 3. Review of neuro-fuzzy set applications in IIoT environments for security assurance.
Table 3. Review of neuro-fuzzy set applications in IIoT environments for security assurance.
ReferenceMethodIIoTAreaEffect and ApplicationDataEvaluation
Metrics		Test
Environment		Limitations
[66]NFSAllAnomaly detectionPublic
IIoT23		Accuracy, precision, recall, F1-score, FPR, FNRN/AChallenges with computational performance and scalability for large-scale deployment; optimization required for real-time operation.
[67]ANFISAllIntrusion recognition and classificationPublic
N-BaIoT		Accuracy, precision, recall, F1-score,simulationPotential loss of fuzzy rule interpretability; uncertain scalability and performance in resource-constrained IoT.
[68]ANFISAllDistributed Denial of Service attack recognitionPublic
UNSW-NB15, CICDDoS2019		Accuracysimulation
(python)		Model complexity and rule explosion problem hinder scalability; manual fuzzy rule definition limits adaptability to new attack types.
[69]ANFISAllProduction system controlN/A
Real data		Accuracy, RMSE, Average Absolute Relative Error, Median Absolute DeviationReal-world IIoT environmentModel complexity leading to the curse of dimensionality with a large number of input variables.
[70]ANFISAllRouting process optimizationN/A
synthetic		RMSEsimulation
(Matlab)		Lack of verification in a real-world IIoT environment; computational complexity from combining three techniques.
[71]ANFISBattlefield IoTIntrusion Detection SystemN/A
Real data		Accuracy, precision, recall, F1-score, FPR, TPRsimulation
(Matlab)		Lack of verification in a real-world environment;dependence on external optimization.
Analysing the review of selected studies in line with the “IIoT area” column, most applications are general in nature (“All”). This suggests their potential use across various layers of the IIoT architecture or within a broad spectrum of industrial applications. One specific case is “Battlefield IoT” [71], which points to applications in demanding environments.
However, the “Effect & application” column is the most significant, as it reveals the primary directions for using neuro-fuzzy methods. Publication [66] clearly indicates the use of NFS for anomaly detection. Meanwhile, study [67], using ANFIS, highlights these systems’ ability to not only detect intrusions but also to classify them. This is a step forward from simple detection, allowing for a better understanding of the threat’s nature and the implementation of more targeted countermeasures.
Another publication [68] unequivocally points to the application of ANFIS for Distributed Denial of Service (DDoS) attack recognition. DDoS attacks are particularly challenging to detect with traditional methods due to their distributed nature and ability to mimic normal network traffic. Study [71], in the context of “Battlefield IoT”, again underlines the role of ANFIS in creating IDS systems. Battlefield environments are characterised by extreme conditions, incomplete data, and high noise levels, making the neuro-fuzzy approach ideal for adaptive and fault-tolerant threat detection.
Publication [69] indicates the use of ANFIS in controlling production processes. While not directly related to cybersecurity, effective process control is intrinsically linked to their reliability and operational safety. In work [70], researchers proved that NFS can optimise routing, taking into account variable network conditions while simultaneously identifying anomalies that could suggest attempted manipulation. Within the IIoT context, efficient and secure routing is essential for data integrity and service availability.
An analysis of the “Data” column indicates a predominance of public datasets. This is a positive trend, as the use of standardised and widely available data increases credibility and enables replication and objective comparison of results between studies. However, it is worth noting the unique approach in [69], where real data from an IIoT environment was used. This represents a valuable departure from purely simulation-based studies and significantly enhances the practical value of that solution. In other cases, where there is a lack of detailed information, the use of synthetic or generic data are a certain limitation that hinders verification.
Most studies, particularly those focused on intrusion detection and classification, use standard classification metrics such as accuracy, precision, recall, and F1-score. This choice of metrics is appropriate and allows for an objective evaluation of model performance. In studies focusing on process optimisation, specific metrics were used, such as mean square error (MSE) [70], which is used to assess the accuracy of the control system’s operation.
Most studies rely on simulated environments. Only in [69] were the tests carried out in a real IIoT environment, which is an exception that confirms the practical utility of the solution and distinguishes it from others.

Challenges and Limitations of Neuro-Fuzzy Systems

The application of neuro-fuzzy methods in IIoT infrastructure for security assurance, while very promising, is not yet a fully explored area and comes with several challenges.
The most frequently cited problem is model complexity, and particularly the rule explosion problem, which hinders the scalability of a solution as the number of input variables increases [68]. Although architectures like ANFIS mitigate this issue to some extent compared to other fuzzy methods, they remain susceptible to it with a very large number of variables.
Another key challenge is parameter optimisation. While ANFIS automates the learning process, it still requires the optimisation of a large number of parameters, both those related to membership functions and the rule base. Effectively tuning these parameters in complex systems with numerous input and output variables can be a significant computational challenge and extremely time-consuming. Additionally, the optimal number of input variables, the number of fuzzy sets for each variable, and the initial number of rules often require the use of heuristics or reliance on expert knowledge [68], which limits the models’ adaptability to new, previously unknown types of attacks.
Another important aspect is the selection of parameters for learning algorithms, such as the gradient method. Inappropriately chosen values can lead to slow convergence, getting stuck in local minima of the error function, or even a lack of stability in the learning process.
Furthermore, a potential loss of rule interpretability is noted in more complex systems [67]. This limitation, combined with a lack of verification in a real-world environment [70,71], undermines the universality and practical utility of these solutions in dynamic IIoT conditions.
Awareness of these aforementioned limitations forms the foundation for further research aimed at improving these methods, whilst simultaneously opening up prospects for a significant expansion of current research directions.

6. Discussion and Future Research Directions

This systematic literature review has thoroughly examined the application of fuzzy set theory in enhancing the cybersecurity of IIoT environments. While the reviewed studies collectively highlight the significant potential of FIS and ANFIS in addressing challenges such as attack detection, risk assessment, and decision support, a critical analysis reveals several limitations and unexplored avenues within current research. Analysing the works in Table 2 and Table 3 shows that fuzzy methods are particularly applicable where expert knowledge is well-defined and processes are relatively stable. However, their fundamental limitation is the lack of a built-in ability to adapt and learn from new data, making them less flexible in the face of evolving threats. Current research focuses predominantly on reactive threat detection, which leads to a lack of a balanced approach. The following discussion identifies key gaps and proposes a roadmap for future research, aiming to transition from static to dynamic models.
Figure 8 provides a comprehensive visual summary of the research landscape concerning fuzzy method applications in IIoT security, as derived from the publications analysed in Table 2 and Table 3. The figure distinctly categorises research into three primary security domains: Threat/Attack Detection, Decision Support and Automation, and Risk Assessment and Management. The categorisation process was based on a thematic analysis of each paper included in the review. Each paper was assigned to one of these three main categories based on its primary research objective and application area.
A clear observation from Figure 8 is the predominant focus on “Threat/Attack Detection”, which encompasses various specific applications such as IDS, anomaly detection, jamming attack detection, behavioural analysis, and attack and zero-day detection. This concentration indicates that a substantial portion of current research using fuzzy sets in IIoT security is reactive, primarily aimed at identifying and responding to malicious activities. Within this domain, anomaly detection and intrusion detection appear to receive significant attention, suggesting an emphasis on identifying deviations from normal system behaviour. While crucial, this high concentration on detection, particularly of known or observable attack types, may inadvertently lead to a reactive rather than a proactive security posture, leaving gaps for novel or sophisticated threats.
The second domain is “Decision Support & Automation”. This segment reflects the use of fuzzy methods to aid in intelligent decision-making and automate responses within IIoT systems. The relatively fewer connections in this domain compared to Threat/Attack Detection suggest that while the potential for automated decision-making is recognised, its practical implementation using fuzzy methods for IIoT security is less explored or less mature. This aligns with the broader challenge of integrating artificial intelligence for autonomous actions in critical industrial systems.
The final domain analysed, “Risk Assessment and Management”, whilst seemingly mature in some aspects, reveals a significant research gap. There is a particular lack of research into developing dynamic, real-time IIoT security assessment capabilities using fuzzy methods. Effective risk management is fundamental to cybersecurity. However, its limited presence in the reviewed literature suggests it is an under-researched area for fuzzy set theory. The relative scarcity of studies on proactive risk mitigation and trust evaluation—in contrast to the more common post-incident threat detection—clearly highlights a direction for future research.
Overall, Figure 8 visually reinforces the argument that while fuzzy methods are adept at handling uncertainty in IIoT data for specific detection tasks, there is a clear imbalance in research efforts. The current landscape is heavily skewed towards reactive detection, with less emphasis on proactive risk assessment, holistic system profiling, and automated, resilient responses.
Beyond these high-level observations, a more detailed analysis reveals specific limitations:
  • Firstly, scalability and computational overhead remain recurring concerns, and there is a lack of empirical research in real IIoT environments. The vast majority of the analysed work is based on simulations, which undermines the practical value and universality of the proposed solutions [72,73]. While simulations are a valuable tool for rapid prototyping, they are unable to fully capture the complexity and dynamics of real-world systems [74].
  • Secondly, a research gap lies in the lack of dynamic and adaptive profiling mechanisms [75]. Current fuzzy approaches often rely on static thresholds or historical data, limiting their effectiveness against novel or evolving attack vectors and focusing predominantly on identifying known anomalies [76,77].
  • Finally, current studies often focus on isolated security challenges rather than holistic, integrated IIoT security architectures [78,79]. There is a paucity of research exploring seamless integration of individual fuzzy-based components into multi-layered security frameworks, leaving interdependencies and cascading effects across the IIoT stack largely unaddressed [80].
The overarching conclusion drawn from this systematic literature review shows that current research focuses primarily on reactive threat detection in IIoT. There is a clear gap concerning proactive risk management and the integration of security components into comprehensive, layered architectures [81,82]. Consequently, we propose the following directions for future research to address these identified limitations:
  • The first phase of work involves creating a model that not only detects threats but also automatically assesses and prioritises risk in real-time. This will lay the groundwork for a more proactive security posture [83].
  • The next stage will be the development of a dynamic, conceptual framework for IIoT system profiling. Such a framework should be able to profile and continuously update the current behaviour of devices and networks, leveraging the flexibility of fuzzy methods to handle uncertainty and incomplete data [84].
  • The ultimate goal, which represents a long-term perspective, is the creation of an integrated, adaptive security architecture. This architecture will combine dynamic profiling with proactive risk management and intelligent decision-making, fully exploiting the advantages of fuzzy logic while building upon a solid foundation of explainable artificial intelligence [85].
This will significantly enhance both security and operational reliability, representing a vital step towards developing dynamic protection for IIoT infrastructure, where traditional, static profiling methods frequently prove insufficient against adaptive and evolving cyber threats [86,87,88].

7. Conclusions

This paper offers a comprehensive overview of the potential and challenges associated with applying fuzzy set theory and hybrid neuro-fuzzy models for security assurance and profiling in IIoT environments. We have highlighted the unique ability of fuzzy methods to effectively model data uncertainty and imprecision, which is crucial in dynamic and heterogeneous IIoT ecosystems.
The benefits of the analysed methods include their capacity to handle incomplete and noisy data, high interpretability of decision rules, and the potential for adaptation in the case of hybrid models. Applications such as anomaly detection, trust management, and risk assessment confirm their practical value.
However, this work also points out significant challenges. These include the subjectivity in designing membership functions, difficulties in verifying complex systems, scalability limitations, and the need for careful parameter selection in hybrid model learning algorithms.
In summary, despite the challenges encountered, fuzzy set theory and neuro-fuzzy systems offer promising prospects for developing intelligent and adaptive security mechanisms in IIoT. Being aware of these limitations is key to guiding future research. Further work in this area is essential to fully leverage the potential of fuzzy methods to enhance IIoT security and operational reliability.

Supplementary Materials

The following supporting information can be downloaded at: https://www.mdpi.com/article/10.3390/electronics14173475/s1. PRISMA 2020 checklist (partial only). Reference [89] is cited in the Supplementary Materials.

Author Contributions

Conceptualization, E.K., D.M. and P.P.; methodology, E.K., D.M. and P.P.; software, E.K., D.M. and P.P.; validation, E.K., D.M. and P.P.; formal analysis, E.K., D.M. and P.P.; investigation, E.K., D.M. and P.P.; resources, E.K., D.M. and P.P.; data curation, E.K., D.M. and P.P.; writing—original draft preparation, E.K., D.M. and P.P.; writing—review and editing, E.K., D.M. and P.P.; visualization, E.K., D.M. and P.P.; supervision, E.K., D.M. and P.P.; project administration, P.P.; funding acquisition, P.P. All authors have read and agreed to the published version of the manuscript.

Funding

The work presented in this paper has been financed under a grant to maintain the research potential of Kazimierz Wielki University.

Data Availability Statement

No new data were generated.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
IIoTIndustrial Internet of Things
FISFuzzy Inference System
ANFISAdaptive Neuro Fuzzy Inference System
ITInformation Technology
OTOperational Technology
IACSIndustrial Automation and Control Systems
SCADASupervisory Control and Data Acquisition
ICSIndustrial Control System
BMSBuilding Management System
DDoSDistributed Denial of Service
MITMMan in the middle
FLFuzzy Logic
FCMFuzzy C-Means
IDSIntrusion Detection System
NFSNeuro-Fuzzy System
N/A Not Available
TPR True Positive Rate
TNR True Negative Rate
FPR False Positive Rate
FNR False Negative Rate
CISA Cybersecurity and Infrastructure Security Agency
SMICISignificant Multi-domain Incidents against Critical Infrastructure
FAR False Alarm Rate
CVSSCommon Vulnerability Scoring System
MAE Mean Absolute Error
RMSERoot Mean Square Error

References

  1. Lella, I.; Theocharidou, M.; Magonara, E.; Malatras, A.; Naydenov, R.S.; Ciobanu, C.; Chatzichristos, G. (Eds.) ENISA Threat Landscape 2024: July 2023 to June 2024; European Union Agency for Cybersecurity: Athens, Greece, 2024. [Google Scholar]
  2. Dhirani, L.L.; Armstrong, E.; Newe, T. Industrial IoT, Cyber Threats, and Standards Landscape: Evaluation and Roadmap. Sensors 2021, 21, 3901. [Google Scholar] [CrossRef]
  3. NIS2 Directive. Directive (EU)2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union. Off. J. Eur. Union 2022, L333, 80–152. [Google Scholar]
  4. PRISMA 2020 Flow Diagram. Available online: https://www.prisma-statement.org/prisma-2020-flow-diagram (accessed on 8 August 2025).
  5. Masdari, M.; Khezri, H. Towards fuzzy anomaly detection-based security: A comprehensive review. Fuzzy Optim. Decis. Mak. 2021, 20, 1–49. [Google Scholar] [CrossRef]
  6. Bansal, K.; Singhrova, A. Review on intrusion detection system for IoT/IIoT-brief study. Multimed. Tools Appl. 2024, 83, 23083–23108. [Google Scholar] [CrossRef]
  7. Alotaibi, B. A Survey on Industrial Internet of Things Security: Requirements, Attacks, AI-Based Solutions, and Edge Computing Opportunities. Sensors 2023, 23, 7470. [Google Scholar] [CrossRef] [PubMed]
  8. D’Aniello, G. Fuzzy logic for situation awareness: A systematic review. J. Ambient Intell. Hum. Comput. 2023, 14, 4419–4438. [Google Scholar] [CrossRef]
  9. Abdalla, A.Y.; Abdalla, T.Y.; Chyaid, A.M. Internet of Things-Based Fuzzy Systems for Medical Applications: A Review. IEEE Access 2024, 12, 163883–163902. [Google Scholar] [CrossRef]
  10. Czeczot, G.; Rojek, I.; Mikołajewski, D.; Sangho, B. AI in IIoT Management of Cybersecurity for Industry 4.0 and Industry 5.0 Purposes. Electronics 2023, 12, 3800. [Google Scholar] [CrossRef]
  11. Stouffer, K.; Pease, M.; Tang, C.Y.; Zimmerman, T.; Pillitteri, V.; Lightman, S.; Hahn, A.; Saravia, S.; Sherule, A.; Thompson, M. Guide to Operational Technology (OT) Security; NIST Special Publication 800-82r3; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2023. [CrossRef]
  12. Liebl, S.; Lathrop, L.; Raithel, U.; Sollner, M.; Aβmuth, A. Threat Analysis of Industrial Internet of Things Devices. arXiv 2024, arXiv:2405.16314. [Google Scholar] [CrossRef]
  13. Nair, A.; Greeshma, M.R. Mastering Information Security Compliance Management: A Comprehensive Handbook on ISO/IEC 27001:2022; Packt Publishing Ltd.: Birmingham, UK, 2023. [Google Scholar]
  14. IEC 62443-4-1:2018; Security for Industrial Automation and Control Systems Part 4-1: Secure Product Development Lifecycle Requirements. International Electrotechnical Commission: Geneva, Switzerland, 2018.
  15. IEC 62443-4-2:2019; Security for Industrial Automation and Control Systems Part 4-2: Technical Security Requirements for IACS Components. International Electrotechnical Commission: Geneva, Switzerland, 2019.
  16. Krzysztoń, E. Human in the IT security system. In XLIII Studencka Konferencja Naukowa—Potencjał Innowacyjny w Inżynierii Produkcji i Technologii Materiałów; Wyd. Politechniki Częstochowskiej: Częstochowa, Poland, 2019. [Google Scholar]
  17. Liderman, K. IC Ssecurity—Subject content proposal. Przegląd Teleinformatyczny 2020, 8, 3–30. [Google Scholar] [CrossRef]
  18. ISO/IEC 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. International Organization for Standardization: Geneva, Switzerland, 2022.
  19. Krawiec, J. Internet of Things (IoT). In Cyber Security Issues; OWPW: Warszawa, Poland, 2020. [Google Scholar]
  20. Krzysztoń, E.; Rojek, I.; Mikołajewski, D. A Comparative Analysis of Anomaly Detection Methods in IoT Networks: An Experimental Study. Appl. Sci. 2024, 14, 11545. [Google Scholar] [CrossRef]
  21. Industrial IoT Consortium (IIC). The Industrial Internet Reference Architecture, Version 1.10.2022. Available online: https://www.iiconsortium.org/wp-content/uploads/sites/2/2022/11/IIRA-v1.10.pdf (accessed on 2 April 2025).
  22. Abdullahi, S.M.; Lazarova-Molnar, S. On the Adoption and Deployment of Secure and Privacy-Preserving IIoT in Smart Manufacturing: A Comprehensive Guide with Recent Advances. Int. J. Inf. Secur. 2025, 24, 53. [Google Scholar] [CrossRef]
  23. McLaughlin, S.; Konstantinou, C.; Wang, X.; Davi, L.; Sadeghi, A.-R.; Maniatakos, M.; Karri, R. The Cybersecurity Landscape in Industrial Control Systems. Proc. IEEE 2016, 104, 1039–1057. [Google Scholar] [CrossRef]
  24. Țălu, M. Security and Privacy in the IIoT: Threats, Possible Security Countermeasures, and Future Challenges. Comput. AI Connect 2025, 2, 11. [Google Scholar] [CrossRef]
  25. Okunlola, O.A.; Olaoye, J.; Okunlola, O.S.; Okunlola, A.O.; Alao, O. Cybersecurity Strategies for Integrating Industrial IoTa nd Edge Computing: Challenges, Risks, and Future Perspectives. Int. J. Future Eng. Innov. 2025, 2, 87–95. [Google Scholar] [CrossRef]
  26. Zahra, S.R.; Chishti, M.A. Fuzzy Logic and Fog Based Secure Architecture for Internet of Things (FLFSIoT). J. Ambient Intell. Hum. Comput. 2023, 14, 5903–5927. [Google Scholar] [CrossRef]
  27. Tariq, U.; Ahmed, I.; Khan, M.; Bashir, A. Fortifying IoT Against Crimpling Cyber-Attacks: A Systematic Review. Karbala Int. J. Mod. Sci. 2023, 9, 9. [Google Scholar] [CrossRef]
  28. Zadeh, L.A. Fuzzy Sets. Inf. Control 1965, 8, 338–353. [Google Scholar] [CrossRef]
  29. Prokopowicz, P.; Czerniak, J.; Mikołajewski, D.; Apiecionek, L.; Ślęzak, D. Theory and Applications of Ordered Fuzzy Numbers: A Tribute to Professor Witold Kosiński; Springer: Berlin/Heidelberg, Germany, 2017. [Google Scholar]
  30. Shinohara, Y. Fuzzy Set Concepts for Risk Assessment; IIASA Working Paper WP-76-2; International Institute for Applied Systems Analysis: London, UK, 1976; Available online: https://pure.iiasa.ac.at/id/eprint/578/1/WP-76-002.pdf (accessed on 2 April 2025).
  31. Fakhravar, H. Quantifying Uncertainty in Risk Assessment Using Fuzzy Theory. arXiv 2020, arXiv:2009.09334. [Google Scholar] [CrossRef]
  32. Alaaraji, Z.; SyedAhmad, S.S.; Kausar, N.; Anis, F.G.; Ozbilge, E.; Cagin, T. Fuzzy Theory in Fog Computing: Review, Taxonomy, and Open Issues. IEEE Access 2022, 10, 126931–126956. [Google Scholar] [CrossRef]
  33. Saq, A.; Zainal, A.; Al-rimy, B.; Alyami, A.; Abosaq, H. Intrusion Detection in IoT using Gaussian Fuzzy Mutual Information-based Feature Selection. Eng. Technol. Appl. Sci. Res. 2024, 14, 17564–17571. [Google Scholar] [CrossRef]
  34. Zahra, S.; Chishti, M.A. A generic and light weight security mechanism for detecting malicious behavior in the uncertain Internet of Things using fuzzy logic-and fog-based approach. Neural Comput. Appl. 2022, 34, 6927–6952. [Google Scholar] [CrossRef]
  35. Bamhdi, A.M. FLORA: FuzzyLogic—Objective Risk Analysis for Intrusion Detection and Prevention. Int. J. Comput. Sci. Netw. Secur. 2023, 23, 177–190. [Google Scholar] [CrossRef]
  36. Sikman, L.; Latinovic, T.; Sarajlic, N. Modelling of Fuzzy Expert System for an Assessment of Security Information Management System UIS (University Information System). Gazette 2022, 29, 60–65. [Google Scholar] [CrossRef]
  37. Pokorádi, L. Fuzzy logic-based risk assessment. Acad. Appl. Res. Mil. Sci. 2002, 1, 63–73. [Google Scholar]
  38. Merola, F.; Bernardeschi, C.; Lami, G. A Risk Assessment Framework Based on Fuzzy Logic for Automotive Systems. Safety 2024, 10, 41. [Google Scholar] [CrossRef]
  39. Amirova, A.; Tokhmetov, A. A Model for Risk Analysis in the Industrial Internet of Things. J. Theor. Appl. Inf. Technol. 2021, 99, 3449–3459. [Google Scholar]
  40. Nakonechna, Y.; Savchuk, B.; Kovalova, A. Fuzzy logic in risk assessment of multi-stage cyber attacks on critical infrastructure networks. Theor. Appl. Cybersecur. 2024, 6, 31–823. [Google Scholar] [CrossRef]
  41. Haseeb, K.; Ahmad, I.; Siraj, M.; Abbas, N.; Jeon, G. Multi-Criteria Decision-Making Framework with Fuzzy Queries for Multimedia Data Fusion. ACM Trans. Asian Low-Resour. Lang. Inf. Process. 2024, just accepted. [Google Scholar] [CrossRef]
  42. Lytvyn, V.; Bakurova, A.; Zaritskyi, O.; Gritskevich, A.; Hrynchenko, P.; Tereschenko, E.; Shyrokorad, D. Fuzzy logic-based methodology for building access control systems based on fuzzy logic. In Proceedings of the Modern Data Science Technologies Workshop (MoDaST-2024), Lviv, Ukraine, 31 May–1 June 2024; Volume 3723, pp. 104–120. Available online: https://ceur-ws.org/Vol-3723/ (accessed on 2 April 2025).
  43. Parkinson, S.; Khana, S. Identifying high-risk over-entitlement in access control policies using fuzzy logic. Cybersecurity 2022, 5, 6. [Google Scholar] [CrossRef]
  44. Akande, H.B.; Imoize, A.; Adeniran, T.; Lee, C.-C.; Bamidele, A. RF—FLIDS: A Novel Hybrid Intrusion Detection Model for Enhanced Anomaly Detection in IoT Networks. Secur. Priv. 2025, 8, e70041. [Google Scholar] [CrossRef]
  45. Zhang, R.; Hu, Z. Access Control Method of Network Security Authentication Information Based on Fuzzy Reasoning Algorithm. Measurement 2021, 185, 110103. [Google Scholar] [CrossRef]
  46. Savva, M.; Ioannou, I.; Vassiliou, V. Performance evaluation of a Fuzzy Logic-based IDS (FLIDS) technique for the Detection of Different Types of Jamming Attacks in IoT Networks. In Proceedings of the 2023 21st Mediterranean Communication and Computer Networking Conference (MedComNet), Island of Ponza, Italy, 13–15 June 2023. [Google Scholar] [CrossRef]
  47. Savva, M.; Ioannou, I.; Vassiliou, V. Fuzzy Logic-based IDS (FLIDS) for the Detection of Different Types of Jamming Attacks in IoT Networks. Comput. Commun. 2025, 241, 108251. [Google Scholar] [CrossRef]
  48. Senthil Pandi, S.; Roja Ramani, D.; Senthilselvi, A.; Dhanasekaran, S.; Kalpana, B.; Alangudi Balaji, N. Advancing IoT security with flame: A hybrid approach combining fuzzy logic and artificial lizard search optimization. Comput. Secur. 2024, 145, 103984. [Google Scholar] [CrossRef]
  49. Pricop, E.; Mihalache, S.F. Fuzzy approach on modelling cyber attacks patterns on data transfer in industrial control systems. In Proceedings of the 2015 7th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Bucharest, Romania, 25–27 June 2015; IEEE: New York, NY, USA. [Google Scholar]
  50. Sunardi, S.; Widodo, A.M.; Putra, K.T.; Darmarjati, C.; Prayitno, P. Design of IoT-Based Control System Using Fuzzy Inference System. J. Polimesin 2022, 20, 2. [Google Scholar]
  51. Slavyanov, K.; Dimov, R. Application of fuzzy logic in cybersecurity decision making and analysis after a cyber incident detection. ETR 2024, 2, 259–263. [Google Scholar] [CrossRef]
  52. Prabavathy, S.; Sundarakantham, K.; Shalini, S.M. Design of Cognitive Fog Computing for Autonomic Security System in Critical Infrastructure. J. Univers. Comput. Sci. 2018, 24, 577–602. [Google Scholar]
  53. Mashaleh, A.; Ibrahim, N.; Alauthman, M.; Almseidin, M.; Gawanmeh, A. IoT Smart Devices Risk Assessment Model Using Fuzzy Logic and PSO. Comput. Mater. Contin. 2024, 78, 2245–2267. [Google Scholar] [CrossRef]
  54. Kerimkhulle, S.; Dildebayeva, Z.; Tokhmetov, A.; Amirova, A.; Tussupov, J.; Makhazhanova, U.; Adalbek, A.; Taberkhan, R.; Zakirova, A.; Salykbayeva, A. Fuzzy Logic and Its Application in the Assessment of Information Security Risk of Industrial Internet of Things. Symmetry 2023, 15, 1958. [Google Scholar] [CrossRef]
  55. Abdymanapov, S.; Muratbekov, M.; Sharipbay, A.; Barlybayev, A. Fuzzy Expert System of Information Security Risk Assessment on the Example of Analysis Learning Management Systems. IEEE Access 2021, 9, 156556–156565. [Google Scholar] [CrossRef]
  56. Bamidele, A.; Ayo, F.; Panigrahi, R.; Garg, A.; Bhoi, A.K.; Barsocchi, P. A Multi-level Random Forest Model-Based Intrusion Detection Using Fuzzy Inference System for Internet of Things Networks. Int. J. Comput. Intell. Syst. 2023, 16, 31. [Google Scholar] [CrossRef]
  57. Rathore, S.; Park, J. Semi-supervised learning based distributed attack detection framework for IoT. Appl. Soft Comput. 2018, 72, 79–89. [Google Scholar] [CrossRef]
  58. Kesarwani, A.; Khilar, P. Development of Trust Based Access Control Models Using Fuzzy Logic in Cloud Computing. J. King Saud Univ. Comput. Inf. Sci. 2019, 34, 1958–1967. [Google Scholar] [CrossRef]
  59. Elsedimy, E.; Abo Hashish, S. An intelligent hybrid approach combining fuzzy C-means and the sperm whale algorithm for cyber attack detection in IoT networks. Sci. Rep. 2025, 15, 1005. [Google Scholar] [CrossRef]
  60. Hore, U.; Wakde, D. An Effective Approach of IIoT for Anomaly Detection Using Unsupervised Machine Learning Approach. J. ISMAC 2022, 4, 184–197. [Google Scholar] [CrossRef]
  61. Koo, J.; Siddiqui, I.; Qureshi, N.M.F.; Attique, M.; Shin, D. A Fuzzy-Based Duo-Secure Multi-Modal Framework for IoMT Anomaly Detection. J. King Saud Univ. Comput. Inf. Sci. 2022, 35, 131–144. [Google Scholar] [CrossRef]
  62. Yin, Q. Design and Application of Smart City Internet of Things Service Platform Based on Fuzzy Clustering Algorithm. Mob. Inf. Syst. 2022, 2022, 8405306. [Google Scholar] [CrossRef]
  63. Ibrahim, K.; Sajid, A.; Ullah, I.; Khan, I.; Kaushik, K.; Askar, S.S.; Abouhawwash, M. Fuzzy Inference Rule Based Task Offloading Model (FI-RBTOM) for Edge Computing. Peer J Comput. Sci. 2025, 11, e2657. [Google Scholar] [CrossRef]
  64. Apiecionek, L. Fuzzy Neural Networks—A Review with Case Study. Appl. Sci. 2025, 15, 6980. [Google Scholar] [CrossRef]
  65. Apiecionek, Ł. Liczby Rozmyte w Architekturze Sztucznych Sieci Neuronowych; Wydawnictwo Uniwersytetu Kazimierza Wielkiego: Bydgoszcz, Poland, 2024. [Google Scholar]
  66. Rahane, K.; Pawar, A. Intelligent System Vulnerability Detection Using Neuro-Fuzzy Approach. J. Comput. Res. Dev. 2025, 25, 48–71. [Google Scholar]
  67. Alrayes, F.S.; Alshuqayran, N.; Nour, M.K.; Al Duhayyim, M.; Mohamed, A.; Mohammed, A.A.A.; Mohammed, G.P.; Yaseen, I. Optimal Fuzzy Logic Enabled Intrusion Detection for Secure IoT-Cloud Environment. Comput. Mater. Contin. 2022, 74, 6737–6753. [Google Scholar] [CrossRef]
  68. Usha, G.; Karthikeyan, H.; Gautam, K.; Pachauri, N. DDoS attack detection in intelligent transport systems using adaptive neuro-fuzzy inference system. Sci. Rep. 2025, 15, 20597. [Google Scholar] [CrossRef]
  69. Abou Elaz, M.A.; Alhasnawi, B.N.; Sedhom, B.E.; Bureš, V. ANFIS-optimized control for resilient and efficient supply chain performance in smart manufacturing. Results Eng. 2025, 25, 104262. [Google Scholar] [CrossRef]
  70. Semenova, O.; Kryvinska, N.; Semenov, A.; Martyniuk, V.; Voytsehovska, O. Genetic Neuro-Fuzzy Approach towards Routing in Industrial IoT. Int. J. Electron. Telecommun. 2024, 70, 935–941. [Google Scholar] [CrossRef]
  71. Alkanjr, B.; Alshammari, T.; Alanazi, A.; Alalwany, E. An IDS-based Adaptive Neural Fuzzy Inference System (ANFIS) for IoBT Security Utilizing Particle Swarm Optimization. Eng. Technol. Appl. Sci. Res. 2025, 15, 24141–24147. [Google Scholar] [CrossRef]
  72. Apiecionek, Ł. Fuzzy Network Solutions for IoT Security. In Proceedings of the IEEE EUROCON 2025—21st International Conference on Smart Technologies, Gdynia, Poland, 4–6 June 2025; pp. 1–5. [Google Scholar]
  73. Zohaib, M.; Abdul-Aziz Alsanad, A.; Azeem Akbar, M. Success Factors of IoT Security: A Structured Analysis Using Fuzzy-AHP. IEEE Access 2024, 12, 186186–186209. [Google Scholar] [CrossRef]
  74. Ali, H.S.; Sridevi, R. Mobility and Security Aware Real-Time Task Scheduling inFog-Cloud Computing for IoT Devices: A Fuzzy-Logic Approach. Comput. J. 2024, 67, 782–805. [Google Scholar] [CrossRef]
  75. Liao, T.H. The importance of human interactivity in artificial intelligence use in advertising: Development of a new scale. Int. J. Advert. 2025, 1–36. [Google Scholar] [CrossRef]
  76. Aaisha, M.; Ghosh, U.; Kumar Sharma, P.; Javed, A. A Fuzzy-Based Approach to Enhance Cyber Defence Security for Next-Generation IoT. IEEE Internet Things J. 2023, 10, 2079–2086. [Google Scholar]
  77. Kumar Mishra, R.; Kumar Yadav, R.; Nath, P. Secure IoT data management and sharing architecture for information security using cryptographic technique. J. Intell. Fuzzy Syst. 2023, 45, 10951–10966. [Google Scholar] [CrossRef]
  78. Navaneethan, M.; Janakiraman, S. An optimized deep learning model to ensure data integrity and security in IoT based e-commerce block chain application. J. Intell. Fuzzy Syst. 2023, 44, 8697–8709. [Google Scholar] [CrossRef]
  79. Chirag Sharma, S.; Khan, S.; Mahajan, S.; Alsagri, H.S.; Almjally, A.; Alabduallah, B.I.; Ansari, A.A. Lightweight Security for IoT. J. Intell. Fuzzy Syst. 2023, 45, 5423–5439. [Google Scholar] [CrossRef]
  80. Sureshkumar, T.; Sivaraj, R.; Vijayakumar, M. Design and implementation of a framework for blockchain based security using IoT. J. Intell. Fuzzy Syst. 2023, 44, 905–918. [Google Scholar] [CrossRef]
  81. Xu, Y.; de Souza, R.W.R.; Medeiros, E.P.; Jain, N.; Zhang, L.; Passos, L.A.; de Albuquerque, V.H.C. Intelligent IoT security monitoring based on fuzzy optimum—Path forest classifier. Soft Comput. 2023, 27, 4279–4288. [Google Scholar] [CrossRef]
  82. Kotenko, I.V.; Parashchuk, I.B.; Desnitsky, V. Determination of the Transition Probability Matrix for an IoT Fuzzy Security Model. In Proceedings of the 2023 IEEE International Conference on Internet of Things and Intelligence Systems (IoTaIS), Bali, Indonesia, 28–30 November 2023; pp. 40–44. [Google Scholar]
  83. Zukifl, Z.; Khan, F.; Tahir, S.; Afzal, M.; Iqbal, W.; Rehman, A.; Saeed, S.; Almuhaideb, A.M. FBASHI: Fuzzy and Blockchain-Based Adaptive Security for Healthcare IoTs. IEEE Access 2022, 10, 15644–15656. [Google Scholar] [CrossRef]
  84. Swaroop, J.; Nagalakshmi, T.J.; Subash Sharma, S. Girl Child Security System based on IOT Technology with GPS Tracker Comparing with Fuzzy Classifier Based Safety Device. In Proceedings of the 2022 International Conference on Cyber Resilience (ICCR), Dubai, United Arab Emirates, 6–7 October 2022; pp. 1–6. [Google Scholar]
  85. Hong, E.; Lee, S.; Oh, M.K.; Seo, S.H. Two-Factor Device DNA-Based Fuzzy Vault for Industrial IoT Device Security. IEEE Access 2021, 9, 99009–99023. [Google Scholar] [CrossRef]
  86. Deepika, J.; Rajan, C.; Senthil, T. Security and Privacy of Cloud-and IoT-Based Medical Image Diagnosis Using Fuzzy Convolutional Neural Network. Comput. Intell. Neurosci. 2021, 2021, 6615411. [Google Scholar] [CrossRef]
  87. Bagher Haghparast, M.; Berehlia, S.; Akbari, M.; Sayadi, A. Developing and evaluating a proposed health security framework in IoT using fuzzy analytic network process method. J. Ambient Intell. Humaniz. Comput. 2021, 12, 3121–3138. [Google Scholar] [CrossRef]
  88. Richa, V.; Shalini, C. A Fuzzy AHP Approach for Ranking Security Attributes in Fog-IoT Environment. In Proceedings of the 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kharagpur, India, 1–3 July 2020; pp. 1–5. [Google Scholar]
  89. Page, M.J.; McKenzie, J.E.; Bossuyt, P.M.; Boutron, I.; Hoffmann, T.C.; Mulrow, C.D.; Shamseer, L.; Tetzlaff, J.M.; Akl, E.A.; Brennan, S.E.; et al. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ 2021, 372, n71. [Google Scholar] [CrossRef]
Electronics 14 03475 g001
Figure 1. PRISMA 2020 flow diagram for systematic review (own elaboration based on [4]).
Figure 1. PRISMA 2020 flow diagram for systematic review (own elaboration based on [4]).
Electronics 14 03475 g001
Electronics 14 03475 g002
Figure 2. Three-tiered IIoT technological architecture model (own elaboration).
Figure 2. Three-tiered IIoT technological architecture model (own elaboration).
Electronics 14 03475 g002
Electronics 14 03475 g003
Figure 3. Selected threats to IIoT systems (own elaboration).
Figure 3. Selected threats to IIoT systems (own elaboration).
Electronics 14 03475 g003
Electronics 14 03475 g004
Figure 4. Overview of membership functions (own elaboration).
Figure 4. Overview of membership functions (own elaboration).
Electronics 14 03475 g004
Electronics 14 03475 g005
Figure 5. Overview of FIS architecture (own elaboration).
Figure 5. Overview of FIS architecture (own elaboration).
Electronics 14 03475 g005
Electronics 14 03475 g006
Figure 6. Fuzzy C-Meansclustering (own elaboration).
Figure 6. Fuzzy C-Meansclustering (own elaboration).
Electronics 14 03475 g006
Electronics 14 03475 g007
Figure 7. Degree of membership points to different clusters (own elaboration).
Figure 7. Degree of membership points to different clusters (own elaboration).
Electronics 14 03475 g007
Electronics 14 03475 g008
Figure 8. Mapping IIoT security domains to unified applications to identify research areas based on the publications [33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71] in Table 2 and Table 3 (own elaboration).
Figure 8. Mapping IIoT security domains to unified applications to identify research areas based on the publications [33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71] in Table 2 and Table 3 (own elaboration).
Electronics 14 03475 g008
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Krzysztoń, E.; Mikołajewski, D.; Prokopowicz, P. Review of Fuzzy Methods Application in IIoT Security—Challenges and Perspectives. Electronics 2025, 14, 3475. https://doi.org/10.3390/electronics14173475

AMA Style

Krzysztoń E, Mikołajewski D, Prokopowicz P. Review of Fuzzy Methods Application in IIoT Security—Challenges and Perspectives. Electronics. 2025; 14(17):3475. https://doi.org/10.3390/electronics14173475

Chicago/Turabian Style

Krzysztoń, Emanuel, Dariusz Mikołajewski, and Piotr Prokopowicz. 2025. "Review of Fuzzy Methods Application in IIoT Security—Challenges and Perspectives" Electronics 14, no. 17: 3475. https://doi.org/10.3390/electronics14173475

APA Style

Krzysztoń, E., Mikołajewski, D., & Prokopowicz, P. (2025). Review of Fuzzy Methods Application in IIoT Security—Challenges and Perspectives. Electronics, 14(17), 3475. https://doi.org/10.3390/electronics14173475

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop