Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
8.7
2.8
Journals
IoT
Special Issues
Cybersecurity in the Age of the Internet of Things
share announcement

Cybersecurity in the Age of the Internet of Things

A special issue of IoT (ISSN 2624-831X).

Deadline for manuscript submissions: 30 September 2026 | Viewed by 20459

Special Issue Editor

Dr. Firoz Khan

E-Mail Website
Guest Editor
Center of Information and Communication Sciences, Ball State University, Muncie, IN, USA
Interests: security; IoT; AI; networking
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The rapid proliferation of Internet of Things (IoT) devices has revolutionized various sectors, including healthcare, smart cities, industrial automation, and critical infrastructure. However, this unprecedented connectivity has also introduced significant cybersecurity risks, rendering IoT ecosystems a prime target for cyberattacks. Threats such as unauthorized access, denial-of-service (DoS) attacks, malware propagation, and data breaches pose serious concerns for privacy, reliability, and safety. Traditional security models often fall short in addressing the unique challenges of the IoT, given its resource-constrained devices, heterogeneous architectures, and dynamic network environments.

This Special Issue, “Cybersecurity in the Age of the Internet of Things”, seeks to advance research on novel security mechanisms, architectures, and frameworks that enhance the resilience of IoT systems. We welcome contributions covering a broad range of topics, including AI-driven threat detection, blockchain-based authentication, privacy-preserving cryptographic techniques, and secure communication protocols. Additionally, we welcome research that explores security challenges in emerging IoT paradigms such as 5G-enabled IoT, edge computing, and the industrial IoT (IIoT). Papers that provide real-world case studies, attack analyses, risk assessment models, and regulatory considerations for IoT security are highly encouraged. By fostering interdisciplinary discussions, this Special Issue aims to bridge the gap between academia, industry, and policymakers, offering insights into next-generation cybersecurity strategies for safeguarding IoT ecosystems.

Dr. Firoz Khan
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. IoT is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • IoT security
  • cyber threat intelligence
  • AI and machine learning in cybersecurity
  • blockchain for IoT security
  • privacy-preserving IoT solutions
  • secure IoT architectures
  • intrusion detection systems for IoT
  • 5G and IoT security
  • edge computing security
  • regulatory and policy challenges in IoT security

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (8 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

21 pages, 574 KB  
Article
Hybrid Deep Architectures in Contrastive Latent Space: Performance Analysis of VAE-MLP, VAE-MoTE, and VAE-GAT for IoT Botnet Detection
by Hassan Wasswa and Timothy Lynar
IoT 2026, 7(2), 41; https://doi.org/10.3390/iot7020041 - 12 May 2026
Viewed by 180
Abstract
The rapid proliferation of Internet of Things (IoT) devices has significantly expanded the attack surface of modern networks leading to a surge in IoT-based botnet attacks. Detecting such attacks remains challenging due to the high dimensionality and heterogeneity of IoT network traffic. This [...] Read more.
The rapid proliferation of Internet of Things (IoT) devices has significantly expanded the attack surface of modern networks leading to a surge in IoT-based botnet attacks. Detecting such attacks remains challenging due to the high dimensionality and heterogeneity of IoT network traffic. This study proposes and evaluates three hybrid deep learning architectures for IoT botnet detection that combine representation learning with supervised classification: VAE-encoder-MLP, VAE-encoder-GAT, and VAE-encoder-MoTE. A Variational Autoencoder is initially trained to learn a compact latent representation of the high-dimensional traffic features. Subsequently, the pretrained VAE-encoder component is employed to project the data into a lower-dimensional embedding space. These embeddings are then used to train three different downstream classifiers: a multilayer perceptron (MLP), a graph attention network (GAT), and a mixture of tiny experts (MoTE) model. To further enhance representation discriminability, supervised contrastive learning is incorporated to encourage intra-class compactness and inter-class separability. The proposed architectures are evaluated on two widely studied benchmark datasets—the CICIoT2022 and N-BaIoT dataset—under both binary and multiclass classification settings. Experimental results demonstrate that all three models achieve near-perfect performance in binary attack detection, with accuracy exceeding 99.8%. In the more challenging multiclass scenario, the VAE-encoder-MLP model achieves the best overall performance, reaching accuracies of 98.55% on CICIoT2022 and 99.75% on N-BaIoT. These findings provide insights into the design of efficient and scalable deep learning architectures for IoT intrusion detection. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

42 pages, 6154 KB  
Article
A Novel Hybrid Opcode Feature Selection Framework for Efficient and Effective IoT Malware Detection
by Bakhan Tofiq Ahmed, Noor Ghazi M. Jameel and Bakhtiar Ibrahim Saeed
IoT 2026, 7(1), 24; https://doi.org/10.3390/iot7010024 - 2 Mar 2026
Viewed by 878
Abstract
Malware’s proliferation in the Internet of Things (IoT) ecosystem requires precise, efficient detection systems capable of operating on IoT devices. Existing static analysis approaches often fail due to computational inefficiency stemming from high feature dimensionality inherent in raw opcode features. This research addresses [...] Read more.
Malware’s proliferation in the Internet of Things (IoT) ecosystem requires precise, efficient detection systems capable of operating on IoT devices. Existing static analysis approaches often fail due to computational inefficiency stemming from high feature dimensionality inherent in raw opcode features. This research addresses this limitation by proposing a novel machine-learning (ML)-driven Intelligent Hybrid Feature Selection (IHFS) framework with two distinct architectures. IHFS1 combines a filter method (variance threshold) with an embedded method (LGBM feature importance). Conversely, IHFS2 integrates variance thresholding with a wrapper method (Recursive Feature Elimination with Cross-Validation using LGBM) for optimal selection. This framework is specifically designed to select an optimally stable and minimal feature subset from the initial 1183 opcode frequency vector extracted from ARM binaries. Applying this framework to a multi-family IoT malware dataset, the IHFS architectures yielded distinct and highly efficient feature subsets: IHFS1 achieved a 95.77% reduction (to 50 features), while IHFS2 attained a 98.06% reduction (to 23 features). Evaluation across eight ML models confirmed that the Random Forest (with IHFS1 subset) and Decision Tree (with IHFS2 subset) classifiers were the best performing, achieving robust classification metrics that outperform current state-of-the-art solutions. The Decision Tree model demonstrated exceptional detection capabilities, with an accuracy of 99.87%, a precision of 99.82%, a recall of 99.88%, and an F1-score of 99.85%. It achieved an average inference time of 0.058 ms per sample. Experimental results attained on a native ARM64 environment validate the deployment feasibility of the proposed system for resource-constrained IoT devices, such as the Raspberry Pi. The proposed system achieves a high-throughput, low-overhead security posture while maintaining host operational stability, processing a single ELF binary in just 3.431 ms. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

31 pages, 3500 KB  
Article
Lightweight Protection Mechanisms for IoT Networks Based on Trust Modelling
by Andric Rodríguez, Asdrúbal López-Chau, Leticia Dávila-Nicanor, Víctor Landassuri-Moreno and Saul Lazcano-Salas
IoT 2026, 7(1), 18; https://doi.org/10.3390/iot7010018 - 10 Feb 2026
Viewed by 1150
Abstract
Since the deployment of the Internet of Things (IoT), it has transformed everyday life by enabling intelligent environments that improve efficiency and automate services in domains such as agriculture, healthcare, smart cities, and industry. However, the rapid proliferation of IoT devices has introduced [...] Read more.
Since the deployment of the Internet of Things (IoT), it has transformed everyday life by enabling intelligent environments that improve efficiency and automate services in domains such as agriculture, healthcare, smart cities, and industry. However, the rapid proliferation of IoT devices has introduced significant security challenges, largely driven by the heterogeneity of devices, resource constraints, and the increasing exposure of network communications. This work proposes a lightweight security protection mechanism for IoT networks based on trust modelling. The proposed approach integrates machine learning techniques to evaluate IoT node behavior using network-layer (Layer 3) traffic features under different labeling granularities, including binary, categorical, and subcategorical classifications. By focusing on network-layer observations, the model remains applicable across heterogeneous IoT devices while preserving a low computational footprint. In addition, the Common Vulnerability Scoring System (CVSS) is incorporated as a standardized vulnerability severity metric, enabling the integration of probabilistic security evidence with contextual information about potential impact. This combination allows the estimation of trust to reflect not only the likelihood of anomalous behavior but also its associated severity. Experimental evaluation was conducted using a representative IoT traffic dataset, multiple preprocessing strategies, and several classical machine learning models. The results demonstrate that aggregating traffic-based intrusion detection outputs with vulnerability severity metrics enables a more robust, flexible, and interpretable trust estimation process. This approach supports the early identification of potentially compromised nodes while maintaining scalability and efficiency, making it suitable for deployment in heterogeneous IoT environments. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

30 pages, 3927 KB  
Article
FG-RCA: Kernel-Anchored Post-Exploitation Containment for IoT with Policy Synthesis and Mitigation of Zero-Day Attacks
by Fouad Ailabouni, Jesús-Ángel Román-Gallego and María-Luisa Pérez-Delgado
IoT 2026, 7(1), 3; https://doi.org/10.3390/iot7010003 - 25 Dec 2025
Viewed by 1290
Abstract
Zero-day intrusions on IoT endpoints demand defenses that curtail attacker impact and persistence after breach. This article presents Fine-Grained Runtime Containment Agent (FG-RCA), a lightweight post-exploitation containment system that learns least-privilege behavior from execution and enforces it in the kernel via eBPF with [...] Read more.
Zero-day intrusions on IoT endpoints demand defenses that curtail attacker impact and persistence after breach. This article presents Fine-Grained Runtime Containment Agent (FG-RCA), a lightweight post-exploitation containment system that learns least-privilege behavior from execution and enforces it in the kernel via eBPF with Linux Security Modules (LSM). In a learn phase, LSM/eBPF probes stream security-relevant events to a Rust agent that synthesizes policies per device role. In an enforce phase, policies are compiled into eBPF maps and evaluated at an extended hook set spanning process execution (bprm_check_security), file access (file_open), network egress and exfiltration (socket_connect, socket_sendmsg), privilege use (capable), process injection (ptrace_access_check), tamper/anti-forensics (inode_unlink). Policies bind to kernel-truth identities—inode, device, mount intrusion detection system (IDS), executable SHA-256, and cgroup/namespace identifiers—rather than paths, mitigating time-of-check to time-of-use (TOCTOU) and aliasing. Operational safeguards include Ed25519-signed policies, atomic rollback, and shadow mode logging events to enable policy evolution. Evaluation on embedded Linux demonstrates containment with low overhead. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

20 pages, 835 KB  
Article
Trustworthy Adaptive AI for Real-Time Intrusion Detection in Industrial IoT Security
by Mohammad Al Rawajbeh, Amala Jayanthi Maria Soosai, Lakshmana Kumar Ramasamy and Firoz Khan
IoT 2025, 6(3), 53; https://doi.org/10.3390/iot6030053 - 8 Sep 2025
Cited by 16 | Viewed by 4309
Abstract
Traditional security methods fail to match the speed of evolving threats because Industrial Internet of Things (IIoT) technologies have become more widely adopted. A lightweight adaptive AI-based intrusion detection system (IDS) for IIoT environments is presented in this paper. The proposed system detects [...] Read more.
Traditional security methods fail to match the speed of evolving threats because Industrial Internet of Things (IIoT) technologies have become more widely adopted. A lightweight adaptive AI-based intrusion detection system (IDS) for IIoT environments is presented in this paper. The proposed system detects cyber threats in real time through an ensemble of online learning models that also adapt to changing network behavior. The system implements SHAP (SHapley Additive exPlanations) for model prediction explanations to allow human operators to verify and understand alert causes while addressing the essential need for trust and transparency. The system validation was performed using the ToN_IoT and Bot-IoT benchmark datasets. The proposed system detects threats with 96.4% accuracy while producing 2.1% false positives and requiring 35 ms on average for detection on edge devices with limited resources. Security analysts can understand model decisions through SHAP analysis because packet size and protocol type and device activity patterns strongly affect model predictions. The system underwent testing on a Raspberry Pi 5-based IIoT testbed to evaluate its deployability in real-world scenarios through emulation of practical edge environments with constrained computational resources. The research unites real-time adaptability with explainability and low-latency performance in an IDS framework specifically designed for industrial IoT security. The solution provides a scalable method to boost cyber resilience in manufacturing, together with energy and critical infrastructure sectors. By enabling fast, interpretable, and low-latency intrusion detection directly on edge devices, this solution enhances cyber resilience in critical sectors such as manufacturing, energy, and infrastructure, where timely and trustworthy threat responses are essential to maintaining operational continuity and safety. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

25 pages, 3109 KB  
Article
Radio Frequency Fingerprinting Authentication for IoT Networks Using Siamese Networks
by Raju Dhakal, Laxima Niure Kandel and Prashant Shekhar
IoT 2025, 6(3), 47; https://doi.org/10.3390/iot6030047 - 22 Aug 2025
Cited by 6 | Viewed by 4861
Abstract
As IoT (internet of things) devices grow in prominence, safeguarding them from cyberattacks is becoming a pressing challenge. To bootstrap IoT security, device identification or authentication is crucial for establishing trusted connections among devices without prior trust. In this regard, radio frequency fingerprinting [...] Read more.
As IoT (internet of things) devices grow in prominence, safeguarding them from cyberattacks is becoming a pressing challenge. To bootstrap IoT security, device identification or authentication is crucial for establishing trusted connections among devices without prior trust. In this regard, radio frequency fingerprinting (RFF) is gaining attention because it is more efficient and requires fewer computational resources compared to resource-intensive cryptographic methods, such as digital signatures. RFF works by identifying unique manufacturing defects in the radio circuitry of IoT devices by analyzing over-the-air signals that embed these imperfections, allowing for the identification of the transmitting hardware. Recent studies on RFF often leverage advanced classification models, including classical machine learning techniques such as K-Nearest Neighbor (KNN) and Support Vector Machine (SVM), as well as modern deep learning architectures like Convolutional Neural Network (CNN). In particular, CNNs are well-suited as they use multidimensional mapping to detect and extract reliable fingerprints during the learning process. However, a significant limitation of these approaches is that they require large datasets and necessitate retraining when new devices not included in the initial training set are added. This retraining can cause service interruptions and is costly, especially in large-scale IoT networks. In this paper, we propose a novel solution to this problem: RFF using Siamese networks, which eliminates the need for retraining and allows for seamless authentication in IoT deployments. The proposed Siamese network is trained using in-phase and quadrature (I/Q) samples from 10 different Software-Defined Radios (SDRs). Additionally, we present a new algorithm, the Similarity-Based Embedding Classification (SBEC) for RFF. We present experimental results that demonstrate that the Siamese network effectively distinguishes between malicious and trusted devices with a remarkable 98% identification accuracy. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

Review

Jump to: Research

38 pages, 809 KB  
Review
Intrusion Detection on the Internet of Things: A Comprehensive Review and Gap Analysis Toward Real-Time, Lightweight, Adaptive, and Autonomous Security
by Suzan Sallam, May El Barachi and Nan Li
IoT 2026, 7(1), 16; https://doi.org/10.3390/iot7010016 - 7 Feb 2026
Cited by 1 | Viewed by 2169
Abstract
The rapid growth of the Internet of Things (IoT) has exposed billions of interconnected, heterogeneous, and resource-constrained devices to increasingly sophisticated threats. To evaluate the readiness of current intrusion detection systems (IDSs), this study reviews 32 recent IoT-IDS proposals spanning conventional, machine-learning, deep-learning, [...] Read more.
The rapid growth of the Internet of Things (IoT) has exposed billions of interconnected, heterogeneous, and resource-constrained devices to increasingly sophisticated threats. To evaluate the readiness of current intrusion detection systems (IDSs), this study reviews 32 recent IoT-IDS proposals spanning conventional, machine-learning, deep-learning, and hybrid approaches. Each system is assessed against 10 criteria that reflect practical IoT requirements, including real-time performance, latency, lightweight design, detection accuracy, mitigation capabilities, integrated detection-and-mitigation workflows, adaptability, resilience to advanced attacks, validation in realistic environments, and scalability. The results indicate that although many approaches achieve high detection accuracy, most do not meet real-time and lightweight thresholds commonly cited in IoT deployment literature. Mitigation features are often absent, adaptability is rarely implemented, and 29 out of 32 studies rely solely on offline datasets, thereby limiting confidence in their robustness to deployment. Scalability remains the most significant limitation, as none of the reviewed IDSs have tested their performance under realistic multi-node or high-traffic conditions, even though scalability is critical for large IoT ecosystems. Overall, the review suggests that future IoT IDS research should move beyond accuracy-focused models and toward lightweight, adaptive, and autonomous solutions that incorporate mitigation, support real-time inference, and undergo standardized evaluations under real-world operating conditions. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

29 pages, 1829 KB  
Review
A Comprehensive Review of Cybersecurity Threats to Wireless Infocommunications in the Quantum-Age Cryptography
by Ivan Laktionov, Grygorii Diachenko, Dmytro Moroz and Iryna Getman
IoT 2025, 6(4), 61; https://doi.org/10.3390/iot6040061 - 16 Oct 2025
Cited by 1 | Viewed by 3850
Abstract
The dynamic growth in the dependence of numerous industrial sectors, businesses, and critical infrastructure on infocommunication technologies necessitates the enhancement of their resilience to cyberattacks and radio-frequency threats. This article addresses a relevant scientific and applied issue, which is to formulate prospective directions [...] Read more.
The dynamic growth in the dependence of numerous industrial sectors, businesses, and critical infrastructure on infocommunication technologies necessitates the enhancement of their resilience to cyberattacks and radio-frequency threats. This article addresses a relevant scientific and applied issue, which is to formulate prospective directions for improving the effectiveness of cybersecurity approaches for infocommunication networks through a comparative analysis and logical synthesis of the state-of-the-art of applied research on cyber threats to the information security of mobile and satellite networks, including those related to the rapid development of quantum computing technologies. The article presents results on the systematisation of cyberattacks at the physical, signalling and cryptographic levels, as well as threats to cryptographic protocols and authentication systems. Particular attention is given to the prospects for implementing post-quantum cryptography, hybrid cryptographic models and the integration of threat detection mechanisms based on machine learning and artificial intelligence algorithms. The article proposes a classification of current threats according to architectural levels, analyses typical protocol vulnerabilities in next-generation mobile networks and satellite communications, and identifies key research gaps in existing cybersecurity approaches. Based on a critical analysis of scientific and applied literature, this article identifies key areas for future research. These include developing lightweight cryptographic algorithms, standardising post-quantum cryptographic models, creating adaptive cybersecurity frameworks and optimising protection mechanisms for resource-constrained devices within information and digital networks. Full article
(This article belongs to the Special Issue Cybersecurity in the Age of the Internet of Things)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-8
Back to TopTop