1 Review Article Machine and Deep Learning for IoT Security and Privacy
2025-04-30
0
0
1.13MB
46 页
10玖币
侵权投诉
1
Review Article
Machine and Deep Learning for IoT Security and Privacy:
Applications, Challenges, and Future Directions
Subrato Bharati1, Prajoy Podder2
1,2Institute of Information and Communication Technology (IICT), Bangladesh University of Engineering and Technology (BUET),
Dhaka-1205, Bangladesh
Correspondence should be addressed to Subrato Bharati; subratobharati1@gmail.com
Abstract: The integration of the Internet of Things (IoT) connects a number of intelligent devices with a minimum of human interference
that can interact with one another. IoT is rapidly emerging in the areas of computer science. However, new security problems were posed
by the cross-cutting design of the multidisciplinary elements and IoT systems involved in deploying such schemes. Ineffective is the
implementation of security protocols, i.e., authentication, encryption, application security, and access network for IoT systems and their
essential weaknesses in security. Current security approaches can also be improved to protect the IoT environment effectively. In recent
years, deep learning (DL)/ machine learning (ML) has progressed significantly in various critical implementations. Therefore, DL/ML
methods are essential to turn IoT systems protection from simply enabling safe contact between IoT systems to intelligence systems in
security. This review aims to include an extensive analysis of ML systems and state-of-the-art developments in DL methods to improve
enhanced IoT device protection methods. On the other hand, various new insights in machine and deep learning for IoT Securities
illustrate how it could help future research. IoT protection risks relating to emerging or essential threats are identified, as well as future
IoT device attacks and possible threats associated with each surface. We then carefully analyze DL and ML IoT protection approaches
and present each approach's benefits, possibilities, and weaknesses. This review discusses a number of potential challenges and
limitations. The future works, recommendations, and suggestions of DL/ML in IoT security are also included.
Keywords: Security applications, Deep learning, Internet of Things (IoT), Security and Privacy, Machine Learning, Applications
1. Introduction
Internet of Things (IoT) considers the interconnection
between several devices, i.e., industrial systems,
intelligent sensors, autonomous vehicles, mechanisms
and terminals, mechanical systems, etc. [1, 2].
Alternatively, it can be termed as a network of physical
things or objects that are connected with limited
communication, computation, and storage capabilities
along with embedded electronics (i.e., sensors and
actuators), connectivity of network, and software that
enables these things to exchange, analyze, as well as
collect data [3]. IoT relates to our everyday life,
extending from smart devices in the household, i.e.,
smart meters, IP cameras, smoke detectors, smart
adapters, smart refrigerators, smart bulbs, AC, smart
ovens, and temperature sensors, to more advanced
devices, for example, heartbeat detectors, radio-
frequency identification (RFID) devices, accelerometers,
IoT in automobiles, sensors in rooms, etc. [4]. Several
services and applications referred to by the IoT are
emerging in personal healthcare, home appliances,
critical agricultural infrastructure, and the military [1].
The massive scale of IoT networks introduces
latest issues, including the management of these devices,
the complete volume of data, communication, storage,
processing, as well as security and privacy concerns,
among others. There has been substantial research into
the various components of the IoT, such as architecture,
communication, applications, protocols, security, and
privacy, to name a few. The guarantee of security and
privacy and user satisfaction are the cornerstones of the
commercialization of IoT technology. The fact that the
IoT makes use of empowering technologies including
cloud computing (CC), software-defined networking
(SDN), and edge computing enhances the number of
dangers that attackers can encounter. As a result,
monitoring security in the development of IoT
infrastructure has become challenging and complex.
Solutions must consist of wide-ranging considerations to
fulfill the security challenges [5]. On the other hand, IoT
systems are frequently put to use in an unprepared state.
As a result, a fraudster can use wireless networks to
connect to IoT devices and gain physical access to
confidential data. Complexity and integrative
arrangements characterize IoT systems. In light of the
proliferation of connected devices, it might be difficult to
meet the ever-evolving security standards for the IoT. In
order to provide the necessary level of security, solutions
need to consider the system as a whole. However, most
IoT devices can function independently of human input.
Someone without permission may thus acquire physical
access to these devices [6-8].
Furthermore, The IoT system introduces novel
attack surfaces. The interconnected and interdependent
systems cause these types of attacks to surface.
Accordingly, the security of IoT systems is faced with a
higher risk than the security of other traditional
computing devices. The outdated computing systems
will be fruitless for these IoT schemes [9-11].
IoT systems ought to instantaneously consider
security, energy efficiency, IoT software applications,
and data analytics at the time of related tasks as a sign of
2
the wide-ranging application [7]. This expansion offers
an innovative scope for scholars from the
interdisciplinary research program to consider recent
challenges in the IoT schemes from various perceptions.
However, the large-scale as well as cross-cutting nature
of IoT devices and the many components engaged in
their implementation, have created new security issues.
The IoT devices characteristic presents various security
issues. Additionally, the stages of IoT provide a massive
number of useful information. If this information is not
analyzed and transmitted securely, a crucial privacy gap
may occur. Applying related security mechanisms, such
as authentication, encryption, application security,
network security, and access control, is inadequate and
challenging for enormous schemes with numerous
associated schemes. Every portion of the IoT platform
contains intrinsic vulnerabilities. Such as, a special kind
of botnet like ‘Mirai’ has newly affected extensively
distributed denial of service (DDoS) attacks by using IoT
systems [9, 12].
For extensive methods with multiple connected
devices and each module of the method having inherent
vulnerabilities, it is difficult and inadequate to apply
existing security protection mechanisms like encryption,
identity verification, application security, access control,
and computer security [9]. For example, the 'Mirai'
botnet has lately been responsible for large-scale DDoS
attacks by abusing IoT devices. For the IoT ecosystem,
existing security methods need to be improved.
However, the deployment of cryptographic functions
against a particular security issue is rapidly overtaken by
new categories of attack developed by the attackers in
order to bypass current remedies. Addresses spoofed
source IP are commonly applied in magnified DDoS
attacks to hide the location of attack's from the targeted
organization's security teams. As a result of the
vulnerabilities in IoT systems, more sophisticated and
catastrophic attacks such as Mirai might be predicted. On
account of the wide range of IoT scenarios and
applications, knowing which security solutions are best
for IoT systems is not easy. As a result, the focus of the
study should be on devising appropriate IoT security
methods [12, 13].
While security and privacy are interconnected,
security may exist without privacy, but privacy cannot
exist without security. Security safeguards the
availability of information, integrity, and confidentiality,
while privacy is more detailed about privacy rights in
relation to personal information. Regarding the
processing of personal data, privacy takes precedence,
but information security entails preventing illegal access
to information assets. Personal data may relate to any
information about a person, including names, credentials,
addresses, social security numbers, bank account data,
etc.
A number of ways have been suggested to address
the boundary between security and privacy concerns in
DL and ML. Homomorphic encryption, differential
privacy, trusted execution and secure multi-party
computing environment are the four most often used DL
and ML privacy technologies. This technique uses
differential privacy to prevent the adversary from
figuring out which instances were utilized to build the
target model. Training and testing data are protected by
safe multi-party computing and homomorphic
encryption. For sensitive data security and training code,
trusted execution environments leverage hardware-based
security and isolation. These approaches, on the other
hand, greatly increase the computing burden and need a
tailored approach for each type of neural network. DL or
ML privacy concerns have yet to be addressed in a way
that is accepted worldwide. To protect against
adversarial attacks, a wide variety of security measures
have been suggested, which may be divided into three
categories: input pre-processing, strengthening the
model's resilience and malware detection.
Preprocessing's goal is to lessen the model's reliance on
immunity by doing operations such picture
transformation, randomization, and denoising that don't
often need model update or retraining. Introducing
regulation, feature denoising, and adversarial training as
well as other techniques to strengthen the model's
robustness via model retraining and change, fall under
the second group. Adaptive denoising and image
transformation detection are the examples of third-
category detection mechanisms that may be implemented
before the first layer of the model. To the best of our
knowledge, no defense strategy exists that can entirely
protect against adversarial cases despite the many
defensive mechanisms that have been offered. To
counter hostile instances, adversarial training is currently
the most effective technique. For poisoning attacks, there
are two basic means of defense. The first is an outlier
identification technique, which eliminates outliers from
the relevant set. The second step is to enhance the neural
network's ability to withstand contamination from
poisoned samples.
1.1. Motivation and Scopes
Deep learning (DL) and machine learning (ML) are
effective methods of data analytics as well as
investigation to realize ‘abnormal’ and ‘normal’
behavior following how IoT devices and components
interrelate with each other within the environment of IoT
[14]. The IoT systems' input data can be investigated and
collected to find out standard patterns of the interface,
thus detecting malicious manners at the initial stages.
Furthermore, DL/ML techniques can be significant in
identifying new threats, which are regular modifications
of existing threats, as they can highly detect upcoming
unknown threats by learning from previous attacks. As a
result, IoT systems need to be able to move from secure
communication between security-based intelligence and
devices via ML/DL techniques for safe and efficient
systems.
3
Several unique properties of IoT networks will
be discussed in the following paragraphs.
Heterogeneity: Each item in an IoT network has unique
features, communication protocols, and capabilities that
all function together. Different communication
paradigms and protocols (such as Ethernet or cellular), as
well as varied hardware resource limits, might be used
by the devices. On the one hand, this diversity allows
devices to communicate across platforms, but on the
other, it introduces additional obstacles to the network of
IoT.
Proximity communication: Additionally, IoT devices
may communicate with one other without trusting on a
central authority like base stations, which is an important
feature. Dedicated short range communication (DSRC)
and other point-to-point communication technologies are
used in Device-to-device communication (D2D).
Decoupling services and networks allows device-centric
and content-centric communication, broadening the IoT
service spectrum, whereas the conventional Internet's
design is more network-centric.
Massive deployment: Massive deployment is predicted
that the existing internet's capabilities would be exceeded
by the billions of devices linked to it and the Internet.
Massive IoT deployments are not without their own set
of difficulties. Storage and architecture networks for
intelligent devices, efficient protocols for data transfer,
and proactive detection and protection of IoT-based
devices from malicious attacks are only some of the
difficulties that need to be addressed. A worldwide
information and communication infrastructure that can
be retrieved from everywhere as well as at any time is
envisaged for IoT devices. How much is connection
reliant on the kind of IoT service and application
provided? For example, a swarm of sensors or a
connected automobile may have a local connection,
whereas critical infrastructure management and smart
home access through mobile infrastructure may have
global connectivity.
Low-cost and low-power communication: For optimal
network operations, low-cost as well as ultra-low-power
solutions are needed for the massive networking of IoT
devices. For modern and critical IoT connectivity, self-
healing and self-organization features are needed. Self-
organizing networks ought to be implemented in these
cases since relying on the network structure is not an
option.
Low Latency and Ultra-Reliable Communication
(LLURC): Remote surgical procedures, intelligent
transportation, and industrial process automation
systems all rely on the ability of IoT networks to reliably
and quickly respond to real-time demands.
Safety: As a result of the enormous number of IoT
devices linked to the internet, the private data exchanged
via these systems may be at risk. Privacy and device
security are also vital considerations. One of the most
exciting aspects of IoT is its ability to make timely and
intelligent choices based on the data it processes.
Dynamic changing network: An enormous number of
IoT devices need proper management. These devices
may behave dynamically. For example, when a device
goes to sleep or wakes up, it is determined by various
factors, including the software it is running.
The commercialization of IoT services and
applications is heavily dependent on security and
privacy. Various sectors, such as health care and
business, have been impacted by security breaches that
range from basic hacking to well-coordinated intrusions
at the corporate level. Due to their restrictions and the
environment in which they operate, IoT devices and apps
face significant security issues. IoT security and privacy
concerns have been thoroughly considered from different
viewpoints, including communication privacy and
security, architecture data security, and identity
management as well as malware analysis [4]. Sections 3
and 5 explore more into the issues of security and the
threat model.
According to Fernandes et al. [15], security
challenges in IoT and conventional information
technology (IT) devices are comparable and different. In
addition, they also addressed privacy concerns. Software,
hardware, networks, and applications are some of the
most often cited points of comparison and contrast in this
debate. IoT and conventional IT have a lot of things in
common when it comes to security concerns. Despite
this, the real concern of the IoT is the lack of available
resources, which makes it challenging to implement
advanced security measures in IoT networks. Improved
algorithms and cross-layer architecture are also needed
to address IoT privacy and security concerns. As part of
an overall privacy and security method for IoT, current
security solutions will be nominated for consideration, as
well as new intelligent, resilient, scalable, and
evolutionary methods to handle IoT security concerns.
ML implies intelligent procedures that utilize
previous experiences or example data to understand how
to maximize performance criteria. Algorithms that use
machine learning to develop behavioral models on
massive datasets are known as ML. Because of machine
learning, computers can learn independently, even if no
instructions are provided. The newly included data is fed
into these models, which serve as a foundation for
generating predictions about the future. AI, optimization,
information theory, and cognitive science all have
origins in ML, so it is a multidisciplinary field of study
[16]. ML is no exception. Robotics, voice recognition,
and other areas where people are unable to apply their
skills, such as hostile environments, need the use of
machine learning [17]. It may also be used when the
answer to a particular issue evolves over time. To put this
4
into context, Google utilizes ML to identify risks to
mobile devices and apps running on the Android
platform. Infected mobile devices may be scanned and
cleaned using this tool. Macie, an Amazon tool that
applies ML to organize as well as categorize data stored
in Amazon's cloud storage, was also released recently.
False positives and true negatives may occur even when
ML methods are used correctly. As a result, if an
incorrect prediction is produced, ML approaches need
direction and change of the model.
Contrary to popular belief, with DL, a new kind
of ML, the model is able to establish its accuracy of
prediction. Prediction and classification tasks in novel
applications of IoT with customized and contextual
support might benefit from the self-service character of
DL models. Moreover, the complete volume of data
produced by IoT networks necessitates the use of DL and
ML methods to offer intelligence to the systems. In
addition, the IoT data created by DL and ML algorithms
can be effectively exploited to make educated and
intelligent choices by the IoT systems. The analyses of
privacy, security, malware, and attack detection are just
a few of the many applications for DL and ML. DL
methods can also be employed in IoT systems to conduct
identification tasks and complicated sensing to develop
new apps and services that take into account real-time
interactions among people, the physical environment,
and smart devices.
Real-world uses of ML in security include the following:
(i) Different handwriting styles are used for character
recognition in security encryption.
(ii) Recognition of faces in forensics: lighting, pose,
occlusion (beard, glasses), hairstyle, make-up, etc.
(iii) Software and apps that contain malicious code need
to be identified.
(iv) Behavior analysis is used to identify DDoS attacks
on infrastructure. On the other hand, there are several
difficulties associated with applying DL and ML in IoT
applications. For example, designing an appropriate
model for processing data from many IoT applications is
challenging. In the same way, correctly classifying input
data is likewise a complex undertaking. The use of little
marked data in the learning process is also tricky. Using
these models on IoT devices with limited processing and
storage resources presents further difficulties [18]. Like
essential infrastructure and real-time applications, DL
and ML algorithms produce anomalies. IoT security
solutions that use DL and ML must be thoroughly
analyzed in this context.
1.2. Contributions
The main influences of this work are presented below:
A review of various types of attacks with its example
is discussed.
Comprehensive analysis of ML and latest
developments in IoT defense DL methods: the most
promising DL and ML algorithms are examined for
IoT protection schemes, and their benefits,
drawbacks, and implementations are addressed in
the security of IoT systems. In addition, compare,
and description tables are provided for DL and ML
approaches for learning lessons.
A number of state-of-art applications of DL and ML
in IoT security and privacy are illustrated.
We offer a taxonomy of the most recent IoT privacy
and security solutions based on deep learning and
machine learning techniques. Moreover, new
insights of ML and DL in IoT securities are
illustrated.
Potential limitations, challenges, future directions,
and suggestions of DL and ML are appeared, how
they could help the recent and future research.
The work is presented as follows: Literature reviews
with their limitations and why this work is needed are
illustrated in Section 2. Next, applications of ML or DL
to IoT threats are illustrated in Section 3. Moreover,
Section 4 appears in the DL and ML models, where we
can find how to work with each ML and DL model in IoT
security, and solutions are also described in Section 5. In
section 6, we can see a number of new insights into Deep
and Machine Learning for IoT Security that can help
future research works. Section 7 discusses challenges,
limitations, and future directions. A number of
suggestions and recommendations are presented in
Section 8, and Section 9 shows the conclusion.
2. Literature Reviews
A number of surveys or reviews have covered IoT
security to offer some guidelines for future challenges.
Though several studies have looked at IoT security, none
have focused on DL or ML applications for IoT security.
Several works [19-25] have been reviewed for
motivating and organizing the challenges in access
control, authentication, application security, encryption,
and network security in IoT environments. The survey of
[26] provided a survey of IoT communication on security
issues with its solutions. Another paper [27] emphasized
IoT systems for intrusion detection.
Moreover, IoT frameworks for regulatory
approaches and legal issues can determine security and
privacy requirements [28]. The context of distributed IoT
has also covered privacy and security in [29]. These
works also concerned various challenges. Several issues
must be found out, and the researchers assert that the
distributed IoT method offers numerous advantages in
terms of privacy and security. The survey of [30]
described evolving threats and vulnerabilities in IoT
devices, for example, threats of ransomware as well as
security concerns. The authors of [31] concisely
5
indicated the context of IoT using ML techniques
concerning data security and privacy protection. This
survey also described three challenges with respect to
ML application in IoT environments (i.e.,
communication and computation overhead, partial state
consideration, and backup security justifications).
Numerous survey studies, including [31, 32], have
examined the use of data mining and ML methods in
cybersecurity to assist intrusion detection. Above all,
they reviewed anomaly detections and misuse in
cyberspace [32]. The methodology was based on several
classes of AI (artificial intelligence) methods from the
point of view of an IoT context, and the opportunities of
applying those approaches in IoT environments were
observed. However, that work did not emphasize the
implementation of DL an IoT perceptive. The review of
[3] also provided ML techniques in IoT security where
they offered future challenges and current solutions.
Another survey of ML methods for wireless sensor
networks (WSNs) was appeared in [33].
The motivation of that study was to review ML
methods in real-life WSN applications. i.e., clustering,
localization, routing and unrealistic aspects of quality of
service (QoS) and security. The framework of WSNs in
DL methods was described in the work of [34]. On the
other hand, this work emphasizes network configuration.
Besides, it differs from the proposed survey that focuses
on DL/ML methods for ensuring IoT security. Some
traditional ML techniques [35] were considered with
advanced methods, including DL methods [36] for
processing big data. Above all, the relationship of several
ML techniques for signal processing approaches was
focused on investigating and processing relevant big
data. An overview of DL is offered on state-of-the-art
approaches [37]. The survey proposed the opportunities
and challenges of various existing solutions with their
uses and evolution. The essential principles of several
DL classifiers were evaluated with their procedures in
addition to developments of DL methods in several uses
[38, 39], for example, speech processing, pattern
recognition, and computer vision. In mobile advertising,
a review of improvement in DL methods was used for
recommendation systems, which show a crucial role
[40]. Various effective ML applications [41] were
similarly conducted in self-organizing networks. The
survey focused on the merits and demerits of various
methods and offered future opportunities and challenges
in expanding artificial intelligence and future network
design [42]. The significance of 5G in artificial
intelligence was highlighted. Intrusion detection using
data mining was covered in [43]. Application of
multimedia mobile was surveyed conducting DL
methods as well [44]. Recent DL techniques in mobile
security, speech recognition, mobile healthcare,
language translation, and ambient intelligence were
focused. Similar research was conducted on the most
advanced, state-of-the-art deep learning approaches used
in a diversity of IoT data analytics applications [45]. On
the other hand, our survey covers a complete review of
recent progress in deep learning approaches and cutting-
edge machine learning approaches for ensuring security
in IoT. This review compares and identifies the
advantages, prospects and weaknesses of different
DL/ML approaches for security in IoT. This paper also
discusses numerous future directions and challenges and
discuss the realized problems and future prospects based
on a study of possible DL/ML applications in the context
of IoT security, thus offering an effective guideline for
researchers or scholars to modify the security of IoT
environment from simply empowering a secure
communication between IoT modules to end on IoT
security on the basis of intelligence methods.
3. IoT Threat
Several heterogeneous sensing systems
communicating with one another through a local area
network (LAN) are referred to as the IoT [46]. The risks
in IoT are distinct from those posed by traditional
networks, owing in large part to the capabilities
accessible to end devices [47]. The traditional Internet
relies on powerful computers and servers with plenty of
resources, while the IoT relies on equipment with low
memory and computing power. That is why an IoT
device in the real world cannot continue employing
multifactor authentication and dynamic protocols like a
regular network. Wireless protocols applied by IoT
devices, for example, ZigBee and LoRa are less secure
than those used by traditional networks. A lack of a
standard operating system and particular features inside
IoT applications have resulted in various data contents
and formats in the systems, making the creation of a
uniform security protocol complicated [48]. There are
several security and privacy problems associated with the
IoT because of these flaws. As a network grows in size,
the risk of an attack rises. Since the IoT has no firewalls,
its network is more vulnerable than a traditional office or
company network. IoT systems that exchange data with
one another are frequently multi-vendor systems,
adhering to a wide range of spectra and protocols from
different manufacturers. The connection between such
devices is difficult, necessitating the use of a trustworthy
third party as a bridge [49]. Additionally, many reports
have posed concerns about how billions of smart devices
receive app updates [50, 51]. Since an IoT device has
small computing resources, its ability to cope with
advanced threats is harmed. To conclude, IoT
weaknesses may be classified as either essential or
widespread. For example, although vulnerabilities such
as battery drain attacks, insufficient standardization, and
insufficient confidence are exclusive to IoT systems,
vulnerabilities in internet-inherited systems may be
considered general. Numerous IoT risks have been
identified and classified in the past [32, 52-55]. We
address the most often identified challenges to the IoT
over the last ten years and try to categorize them into
privacy and protection classifications. Privacy and
security are basic principles that turn around network
availability [56-58]. On the internet of things, data may
摘要:
展开>>
收起<<
1ReviewArticleMachineandDeepLearningforIoTSecurityandPrivacy:Applications,Challenges,andFutureDirectionsSubratoBharati1,PrajoyPodder21,2InstituteofInformationandCommunicationTechnology(IICT),BangladeshUniversityofEngineeringandTechnology(BUET),Dhaka-1205,BangladeshCorrespondenceshouldbeaddressedtoSu...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
【词汇变形总汇】2025高考词汇变形总汇 - 教师版VIP免费
2024-12-06 3 -
【超简37页】新课标高考英语考纲3500词汇VIP免费
2024-12-06 4 -
《高考英语3500词详解》(WORD版)VIP免费
2024-12-06 18 -
《高考英语3500词详解》VIP免费
2024-12-06 14 -
高中英语-[教师版]80天通关高考3500词汇VIP免费
2024-12-06 16 -
高中人教选修7课文逐句翻译VIP免费
2024-12-06 8 -
高中人教选修7课文原文及翻译VIP免费
2024-12-06 19 -
高中人教必修4课文逐句翻译VIP免费
2024-12-06 8 -
高中人教必修4课文原文及翻译VIP免费
2024-12-06 22 -
高考英语核心高频688词汇VIP免费
2024-12-06 11
分类:图书资源
价格:10玖币
属性:46 页
大小:1.13MB
格式:PDF
时间:2025-04-30
作者详情
相关内容
-
主题班会:责任与我同行(1)
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
主题班会:责任——我们共同的需要ppt
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
主题班会:预防爱滋病
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
主题班会:远离毒品,珍爱生命ppt1
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
韶关市2024届高三综合测试(一)英语答案
分类:中学教育
时间:2025-06-05
标签:无
格式:PDF
价格:10 玖币
渝公网安备50010702506394
