Search Results (656)

The increasing deployment of IoT-enabled electric-vehicle charging networks has created a rapidly evolving cyber–physical environment in which security mechanisms must operate amid ever-changing data patterns and resource constraints. In these environments, static Machine Learning (ML) pipelines are often insufficient because they struggle to adapt to concept drift issues, emerging attacks, and real-time operational requirements. We analyzed cybersecurity vulnerabilities, challenges of conventional ML approaches, and the possibilities of AI-powered, adaptive security measures. This paper examines Online AutoML and its advantages, including automated adaptation to streaming data, reduced human intervention, and privacy-preserving, resource-aware learning. Furthermore, this paper discusses adversarial attacks and defences in Online AutoML systems, highlighting the need for frameworks that jointly address concept drift, scalability, privacy, and adversarial threats. Finally, this study emphasizes the importance of establishing comprehensive public benchmarks for Online AutoML research. Full article

With the rapid proliferation in communication devices and the expansion of applications, future sixth-generation (6G) networks are expected to enable a truly connected world. They will allow large-scale use cases, such as the Internet of Things (IoT) and unmanned aerial vehicles (UAVs), providing significantly faster and more innovative services ubiquitously. However, challenges remain, particularly in security. The growing number of devices and increased connectivity may lead to a larger attack surface. Many emerging technologies are actively addressing these security and privacy concerns, ensuring that we can benefit from the advantages of 6G networks and applications without falling victim to malicious attacks. In this paper, we conduct a comprehensive literature review of emerging technologies for secure communication in 6G networks, including artificial intelligence (AI) and machine learning (ML), blockchain technology, quantum-safe communication, and physical-layer security. First, we discuss the architecture of 6G networks from a security perspective. Second, we review existing surveys on 6G security issues and provide a quantitative analysis to identify research gaps, including technology-driven silos and domain fragmentation. Third, we develop a hierarchical taxonomy of security challenges and attacks in 6G networks, covering physical-layer attacks, network-level threats, device vulnerabilities, data privacy concerns, and emerging application-specific risks. We then examine the roles of key enabling technologies and present a mapping between security threats and corresponding technological solutions, along with a unified evaluation framework to facilitate cross-technology comparison. Furthermore, we propose an integrated multi-technology security framework and discuss practical deployment challenges by bridging the gap between simulation-based studies and real-world implementations. Finally, we outline concrete future research directions for advancing secure 6G communication systems. Full article

Effective intrusion detection for Internet of Things (IoT) environments requires balancing predictive performance, resource efficiency, and interpretability—particularly in real-world deployments where traffic distributions and attack scenarios vary. While many studies report near-perfect detection on benchmark datasets, this often overlooks model stability under distribution shifts. This paper addresses this gap by introducing a stability-focused evaluation of lightweight, explainable intrusion detection models using compact IoT-23 scenarios and a constrained set of 14 connection-level features for interpretability. Four lightweight models—logistic regression, random forest, XGBoost, and LightGBM—are assessed within a unified pipeline. Beyond standard internal validation, we implement a strict cross-scenario evaluation framework featuring a fully unseen malware capture. Our proposed Internal–External Stability Gap (IESG) framework, enhanced with normalized and multi-metric measures, highlights the degradation in consistency between internal and external metrics. Surprisingly, even models with high internal F1 scores (up to 0.9994) may experience considerable drops in external macro-F1 and specificity, exposing weaknesses in conventional evaluation. Experimentally, LightGBM provides the best trade-off between performance and compactness (606 KB) and shows the smallest stability gap for malicious detection. Nevertheless, all models show reduced balanced performance under scenario shift, underscoring that deployment readiness hinges on stability under changing conditions. Feature ablation reveals that leveraging high-impact features, such as port information, can boost internal accuracy at the expense of generalization. In summary, we demonstrate that while lightweight models deliver strong detection, only those proven stable across scenarios are viable for real-world IoT intrusion detection. Our evaluation framework offers a practical, interpretable tool for assessing model robustness. Full article

With the rapid development of the Internet of Things (IoT) and the increase in the frequency of cyberattacks, accurate identification of IoT end devices is critical to their security. Existing identification methods are based on raw, statistical, and deep features of network traffic, each with their own advantages and disadvantages. Raw feature-based methods have difficulty performing feature extraction and insufficient information. As such, the recognition accuracy of statistical feature-based methods is limited by the distinguishment machine learning classifiers, and the deep feature-based methods do not take into account the problem of large differences in traffic samples, which leads to low recognition accuracy in some devices. For this reason, this paper proposes the IoTDI-ImbS method. The method selects the network traffic payload information as the original features and converts them into grayscale images; uses a generative adversarial network-based IoT terminal devices traffic generation (NTGAN) algorithm to generate traffic samples for devices with fewer samples through generative adversarial network to solve the sample imbalance problem; and constructs a ResNet18-BiLSTM model, mining spatial features with ResNet18 and extracting temporal features with BiLSTM to improve recognition accuracy. The experimental results on different sizes of IoT terminal device datasets show that IoTDI-ImbS has performance advantages over other methods in recognition accuracy, better leverages the sample imbalance problem in the dataset, and provides a more effective solution for IoT device recognition. Experimental results on the UNSW and IoT Sentinel dataset demonstrate that IoTDI-ImbS significantly outperforms baseline methods. Specifically, on the UNSW dataset, our method achieves an overall accuracy of 99.1% and an F1-score of 0.985. After integrating the NTGAN module, the identification accuracy for minority classes improved by approximately 3.5%. On the IoT Sentinel dataset, the model maintains a high precision of 98.7%, proving its robustness in diverse IoT environments. Full article

The convergence of the Internet of Things (IoT), edge computing, and artificial intelligence (AI) is reshaping cyber defense in distributed cyber–physical environments. IoT-edge systems expose heterogeneous, resource-constrained, and intermittently connected devices to threats that unfold close to sensing and control processes, making purely signature-based or rule-based defenses increasingly insufficient. This article presents a structured review of AI for cybersecurity in IoT-edge systems from a systems-oriented perspective. Rather than surveying AI for IoT security in general, it organizes the literature around four practical lenses: AI methods, datasets and benchmarks, evaluation practice, and deployment constraints. The review reconstructs a workspace-verifiable corpus of 96 references, emphasizes literature published between January 2023 and April 2026 while retaining foundational benchmark papers, and uses a conservative 26-paper empirical subset for paper-level gap coding. Because this subset was purposively sampled and the original retrieval logs were not preserved, coded counts are interpreted as recoverable reporting signals and comparability indicators rather than field-level prevalence estimates. The revised synthesis further stratifies the coded evidence by task, model family, dataset, application scenario, metric type, and deployment signal, and translates deployment feasibility into a minimum reporting checklist and edge-hardware decision matrix. Within this evidence boundary, recent work remains dominated by intrusion and anomaly detection, with continued use of traditional machine learning, deep learning, federated learning, explainable AI, and graph-based approaches. However, experimentation remains concentrated around a small set of public benchmarks, while latency, memory, energy, communication overhead, operational robustness, and reproducibility are reported inconsistently. The field is therefore constrained less by classifier novelty than by benchmark concentration, weak deployment reporting, limited response-and-mitigation analysis, undercoverage of authentication, access-control, and trust-management tasks, and limited reproducible edge-aware evaluation. Full article

The possibility of zero-day attacks on Internet of Things (IoT) networks is high, particularly in dynamic and heterogeneous IoT environments, including emerging battlefield scenarios (IoBT). Detecting these attacks requires adaptive and generalizable security mechanisms. Due to the unique and unknown signatures of these attacks, they go undetected using signature-based Intrusion Detection Systems (IDSs) on the one side. On the other side, current anomaly-based IDSs that employ traditional machine learning on statistical features struggle to adapt and generalize to unknown networks, which is the case in IoBT. Transformer-based deep learning models have shown the capability of learning complex sequential patterns. This ability can be leveraged to analyze packet payloads that encompass opcodes capable of executing malicious patterns within an IoT network. In this work, we propose a dual-stage Transformer IDS that operates on the raw payload of network packets to detect zero-day attacks. Due to the lack of IoBT datasets, we evaluate the algorithm on three comprehensive IoT traffic benchmarks—MQTT-IoT, IoT-23, and CIC-IoT-2022—which have a high number of IoT devices and various attacks. Importantly, model evaluation is performed in two cross-validation settings to address the key operational challenges associated with unseen scenarios and networks. The evaluation settings are split-at-scenario to evaluate the detection ability of zero-day attacks and split-at-dataset to evaluate the model’s generalizability to new environments. In the former, the average increase in the F1-score of the proposed algorithm over the baseline model is 44% in detecting four zero-day attacks presented in the MQTT-IoT dataset. In the latter, the average increase in the F1-score is 16% in detecting malicious attacks across the three datasets. These results show the benefit of advanced AI in securing the next generation of IoT systems in future Internet applications. Full article

Anomaly detection performance in sensor data is highly sensitive to model hyperparameters, which is central to reliable monitoring in mobile Internet security and industrial IoT (IIoT) scenarios. We propose an IWOA-LightGBM-based anomaly detection method for sensor data. For machine learning-based anomaly detection methods, hyperparameter selection often determines model performance, so we propose an Improved Whale Optimization Algorithm (IWOA) and further use it to optimize the hyperparameters of the LightGBM algorithm. To avoid falling into local optima and accelerate algorithm convergence, the WOA is improved by integrating nonlinear convergence factor, adaptive inertia weight factor and stochastic differential mutation strategy. Experimental results show that during hyperparameter optimization for LightGBM model training, the IWOA achieves faster convergence and higher computational efficiency compared to the Whale Optimization Algorithm (WOA), with anomaly detection accuracy exceeding 90%. Full article

Federated learning is a distributed machine learning paradigm that enables multiple devices to collaboratively train a shared model while keeping their raw data localized. Federated learning has become an attractive solution for intrusion detection in Internet of Things (IoT)-based wireless sensor networks because it enables collaborative model training without transferring raw traffic data. However, real deployments rarely satisfy the common assumption that client data are independent and identically distributed (IID). In practical wireless sensor networks, data heterogeneity naturally arises from spatial variation, uneven attack exposure, traffic imbalance, and differences in sensing conditions, which can substantially affect detection reliability and deployment feasibility. This study presents an application-oriented evaluation of federated intrusion detection under controlled non-IID conditions using three representative datasets: WSN-DS, CIC-IDS-2017, and UNSW-NB15. An LSTM-based intrusion detection model is trained in a federated setting and assessed using three aggregation strategies, namely, FedAvg, FedProx, and SCAFFOLD, under label skew, quantity skew, and feature skew scenarios. The results show that standard FedAvg degrades markedly as heterogeneity increases, with accuracy reductions of up to 23.4 percentage points and substantially higher communication cost under extreme non-IID settings. In contrast, FedProx and SCAFFOLD improve convergence stability and reduce the impact of client drift, with SCAFFOLD showing the strongest overall robustness and up to 45% lower communication cost than FedAvg due to faster convergence. These results demonstrate that non-IID awareness is essential for building deployable privacy-preserving intrusion detection systems for resource-constrained IoT environments. The study provides practical guidance for selecting federated aggregation strategies in wireless sensor network security applications where robustness, bandwidth efficiency, and real-world data heterogeneity must be jointly considered. Full article

Machine learning models increasingly rely on continuously generated sensor data for automated decision-making in Internet of Things (IoT) environments. The distributed and often insecure nature of IoT infrastructures introduces risks related to data manipulation, lack of traceability, and unverifiable model evolution. Existing solutions typically address isolated aspects such as data security or access control but do not provide end-to-end provenance across the machine learning lifecycle. This paper proposes a tamper-evident data and model provenance framework for IoT-based machine learning that integrates blockchain with off-chain storage. The framework records cryptographic hashes and metadata of data, preprocessing outputs, and trained models on-chain while maintaining large artifacts off-chain to ensure scalability. Smart contracts establish verifiable linkage among lifecycle artifacts and automate provenance registration. The framework is evaluated in a simulated IoT–ML pipeline under integrity attack scenarios including data manipulation, model tampering, and metadata modification. Experimental results demonstrate reliable detection of unauthorized modifications with low verification latency and constant on-chain storage per record under controlled conditions. These findings indicate the feasibility of hybrid blockchain architectures for tamper-evident provenance in IoT-based machine learning systems, while highlighting the need for further validation in real-world deployments. Full article

By allowing continuous connectivity, automation, and data-driven decision-making across these areas, Internet of Things (IoT) has transformed certain facets of daily life, including home automation and healthcare, as well as business operations like supply chain management and smart manufacturing. IoT systems are susceptible to different cyberattacks, though, because of different designs, lack of funds, and inadequate security policies, which creates major security issues given their fast growth. Covering important topics including protocols, architectures, attack classification, detection methods, countermeasures, and research issues, this paper offers a thorough study of IoT security. Emphasizing their relevance in enhancing the security of IoTs, the article offers a thorough analysis of machine and deep learning-based detection techniques. It also offers recommendations for future paths to handle changing risks by means of particular proposals and provides tools and datasets required for IoT security studies. When considering recent progress, however, there are still some major limitations in scaling, real-time detection, dataset availability, and versatility of current solutions. We identified these issues and provided guidance on future research; we also offered a selected set of tools and datasets for further research. Additionally, this paper provides an overview of the most important issues related to IoT security as documented in the current literature, providing a framework for developing resilient and adaptable IoT security solutions in the future. Full article

Securing IoT networks presents fundamental challenges rooted in hardware constraints: firmware is often non-upgradeable and every security boundary is fixed at manufacture. Machine learning-based intrusion detection offers a scalable response, yet nearly all published systems assume clean training data and clean inference conditions. Production IoT environments satisfy neither assumption. Sensors degrade, packets drop, and adversaries deliberately corrupt telemetry streams to evade detection. The framework described here is built around that reality. The proposed framework is distinguished from prior work by four design decisions. First, three encoding branches, a residual DNN, a 1D-CNN, and a BiLSTM, are run in parallel and are fused by concatenation, each capturing structural patterns in tabular traffic data that the others miss. Second, a dual-view consistency loss trains the model under simultaneous feature masking and Gaussian noise, penalizing prediction divergence between two independently corrupted views of the same sample. Third, we introduce entropy-weighted attention: rather than fixed learned weights, per-feature importance is adjusted dynamically from information entropy measured across training batches, giving higher-entropy features stronger influence because they carry more discriminative variation. Fourth, branch-dropout regularization randomly silences entire branches during training, forcing each to develop independently useful representations instead of co-adapting. Class imbalance is handled through severity-aware loss weighting which scales contributions by the operational cost of missing each attack category, not purely by inverse frequency. On UNSW-NB15, the full model achieves 99.99% accuracy, 100% precision, 99.97% recall, and a false-negative rate of 2.65 × 10⁻⁴—the lowest across all compared architectures. Full article

Machine learning-based intrusion detection systems (IDS) deployed in real-world environments frequently degrade due to concept drift, where evolving traffic patterns invalidate assumptions learned during training. This challenge is especially pronounced in Internet of Things (IoT) environments, where device behavior changes over time due to user interaction, firmware updates, and emerging attack strategies. Prior work introduced FIRCE, a framework that integrates conformal evaluation into streaming IDS pipelines to enable uncertainty-aware drift detection and adaptive retraining. In this journal extension, we present FADES, a framework for adaptive drift estimation that generalizes drift monitoring beyond prediction-space uncertainty by supporting both conformal evaluation and representation-space detectors within a unified streaming architecture. FADES incorporates multiple conformal evaluation variants, including Approximate Cross-Conformal Evaluation, which preserves the statistical structure of cross-conformal evaluation while eliminating repeated model training, as well as an Adaptive Chunking Controller that dynamically balances detection responsiveness and computational cost. We extend prior work through three major contributions: (i) a variance-aware evaluation protocol comprising 375 simulations across multiple seeds and runs, (ii) integration of a contrastive autoencoder-based detector to enable direct comparison between prediction-space and representation-space drift detection, and (iii) expanded evaluation across in-domain and cross-dataset transfer settings using UNSW-NB15, CICIDS2018, and a real-world IoT testbed. Approx-CCE achieves performance comparable to standard cross-conformal evaluation across hundreds of simulations, providing empirical evidence that the statistical benefits of CCE derive primarily from its disjoint calibration partition structure rather than fold-specific model diversity, a finding with implications for conformal evaluation in repeated recalibration settings more broadly. In contrast, representation-space drift detection via CADE incurs substantial computational cost under repeated retraining, limiting its practicality in streaming settings. These findings demonstrate that conformal evaluation provides a statistically grounded and computationally efficient foundation for real-time drift-aware intrusion detection, and that FADES enables flexible, unified evaluation of drift detection strategies under realistic deployment conditions. Full article

The explosive growth of the Internet of Things (IoT) has expanded the attack surface across industrial systems, smart cities, healthcare, and homes, motivating a synthesis of recent advances in machine learning for IoT security and a clear statement of remaining gaps. This review conducted a systematic search of MDPI, IEEE Xplore, Nature, ScienceDirect, and SpringerLink for publications from 2023 to 2025, screening them for domain relevance and organizing findings into a taxonomy of ML methods, threat types, and deployment contexts, with particular attention to datasets, edge constraints, and privacy considerations. We find that the field is shifting from signature-based detection to supervised and deep learning approaches that report high accuracy on benchmark traffic, while federated learning enables privacy-preserving, distributed intrusion detection with near-real-time edge performance. Across domains, prevalent threats include DDoS, unauthorized access, and malware; persistent challenges include device heterogeneity, rapid exploit weaponization, nonstandardized evaluation, concept drift, adversarial/poisoning risks, and governance and privacy constraints that hinder real world rollouts. We conclude that ML materially strengthens IoT resilience but requires rigorous, industry-scale validation, lightweight and explainable models, protocol-aware designs, robust federated aggregation, and SDN/NFV orchestration; we outline benchmark and deployment priorities to translate laboratory gains into operational security. Full article

The widespread deployment of Internet of Things (IoT) technologies in smart-home energy systems has increased the demand for secure, context-aware, and energy-efficient access control (AC) mechanisms. Although blockchain-based AC provides immutability, auditability, and fine-grained policy enforcement, its dependence on on-chain decision-making introduces significant computational latency and energy overhead, limiting its suitability for resource-constrained IoT environments. This paper proposes Optimized Dynamic-Attribute-Based Access Control-IoT (ODABAC-IoT), a hybrid off-chain and decentralized ABAC framework that combines off-chain LightGBM inference with selective on-chain verification to reduce blockchain workload while preserving trust and transparency. This work focuses on improving the computational efficiency, latency, and energy consumption of blockchain-enabled AC within smart-home energy systems, rather than directly optimizing physical energy consumption. In the proposed framework, high-confidence access requests are evaluated off-chain, whereas uncertain requests are forwarded to smart contracts for final validation. This hybrid decision-making strategy reduces unnecessary blockchain transactions, lowers latency, and improves computational efficiency without compromising security. Experimental results demonstrate up to 65% reduction in blockchain transaction volume, 64% improvement in latency, and 65% reduction compared to on-chain ABAC and 50% compared to hybrid blockchain approaches. These gains correspond to a reduction in daily blockchain energy consumption from 10 kWh to 3.5 kWh in a representative household scenario. The results indicate that ODABAC-IoT improves scalability, energy efficiency of the digital control layer, and responsiveness in IoT-enabled smart home energy systems, offering an effective pathway toward energy-aware and secure AC in the digital infrastructure of smart home energy systems. Full article

Artificial intelligence (AI) is rapidly redefining the management of urban energy systems by coupling predictive analytics with closed-loop control across buildings, power grids, and mobility networks, positioning cities as critical leverage points in global decarbonization efforts. Contemporary urban environments generate vast, heterogeneous datasets that enable advanced machine learning applications; however, limitations remain, including interpretability–fairness trade-offs, fragmented data governance, interoperability gaps, cybersecurity risks, and insufficient long-term validation across diverse climatic and socio-economic contexts. This review evaluates AI-driven strategies for energy-efficient urban systems and identifies the technical and governance conditions required for scalable impact. The evidence synthesized indicates that supervised and ensemble learning models achieve high predictive accuracy for electricity demand and chiller performance, with models such as Random Forest Regression achieving R² values up to 0.9835 in electricity consumption forecasting, while unsupervised approaches detect latent inefficiencies in HVAC systems, delivering measurable savings typically around 6% under controlled benchmarking conditions. Deep learning architectures improve multi-building forecasting and real-time control, with hybrid CNN–LSTM models achieving prediction accuracies up to 97% and outperforming traditional statistical approaches in weekly energy demand forecasting achieving higher prediction accuracy and significant energy savings in complex urban subsystems with reported reductions of approximately 21–23% in residential and educational buildings and up to 37% in office HVAC systems. Hybrid and physics-informed AI models embed thermodynamic principles into data-driven frameworks, improving robustness, interpretability, and generalization. IoT sensor networks and edge-computing architectures support adaptive HVAC, demand–response, and smart-grid management, while integrated building–grid–mobility systems enhance load balancing, storage use, and carbon reduction. AI-enhanced strategies offer a credible pathway toward measurable reductions in urban energy use and emissions with deep reinforcement learning in digital twin environments reducing HVAC energy demand by 10–35% while maintaining thermal comfort within ±0.5 °C in line with ASHRAE standards, and overall energy savings reaching up to 44% in optimized systems when supported by interoperable infrastructures, secure digital-twin architectures, and standardized measurement and verification protocols. Full article