0% found this document useful (0 votes)

38 views22 pages

Research On Artificial Intelligence Enhancing Inte

Uploaded by

truongnura008

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

38 views22 pages

Research On Artificial Intelligence Enhancing Inte

Uploaded by

truongnura008

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 22

This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2020.3018170, IEEE Access

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2017.Doi Number

Research on Artificial Intelligence Enhancing

Internet of Things Security： A Survey
HUI WU1*, HAITING HAN2*, XIAO WANG1, and SHENGLI SUN1
1
School of Software and Microelectronics, Peking University, Beijing 100181, China
2
Department of Food and Resource Economics, University of Copenhagen, Copenhagen, FC 1958, Denmark

Corresponding author: Shengli Sun (slsun@ss.pku.edu.cn).

*
They contribute equally to this work. This work was supported in part by the National Key Research and Development Program of China under Grant
No.2018YFB1402900 and 2018YFB1403000, the Natural Science Foundation of Jiangsu Province under Grant No. BK20151132.

ABSTRACT Through three development routes of authentication, communication, and computing, the
Internet of Things (IoT) has become a variety of innovative integrated solutions for specific applications.
However, due to the openness, extensiveness and resource constraints of IoT, each layer of the three-tier IoT
architecture suffers from a variety of security threats. In this work, we systematically review the particularity
and complexity of IoT security protection, and then find that Artificial Intelligence (AI) methods such as
Machine Learning (ML) and Deep Learning (DL) can provide new powerful capabilities to meet the security
requirements of IoT. We analyze the technical feasibility of AI in solving IoT security problems and
summarize a general process of AI solutions for IoT security. For four serious IoT security threats: device
authentication, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks defense, intrusion
detection and malware detection, we summarize representative AI solutions and compare the different
algorithms and technologies used by various solutions. It should be noted that although AI provides many
new capabilities for the security protection of IoT, it also brings new potential challenges and possible
negative effects to IoT in terms of data, algorithm and architecture. In the future, how to solve these challenges
can serve as potential research directions.

INDEX TERMS Artificial Intelligence, Deep Learning, Internet of Things, Machine Learning, Security

I. INTRODUCTION basic part of the chain of IoT. A large number of general-

The International Telecommunication Union formally purpose sensor devices have been popularized, and high-
proposed the concept of "Internet of Things" at the World end sensor devices in specific fields have also made great
Summit on the Information Society (WSIS) in 2005 [1]. The progress.
Internet of things (IoT) refers to a distributed network that • The development of transmission and communication
combines various sensor devices and systems, such as sensor technologies. Transmission and communication
networks, RFID devices, barcode and QR code devices, global technologies are the guarantee of IoT. The large amount
positioning systems, etc. [2], with the Internet through wired of information collected by IoT devices needs to be
and wireless communication technologies, enabling transmitted and aggregated to the central node or the
embedded systems to communicate and interconnect. processing unit in a more convenient, more reliable, and
From the discovery of electromagnetic induction to RFID, safer way. The development of wired and wireless
from simple sensors to ubiquitous connections, from networks, cellular networks, and other transmission and
electronic toll collection (ETC) to smart cities, the communication technologies have made it possible for
development of IoT has always been along the following three large-scale IoT data transmission.
technical routes: • The development of data computing and processing
• The development of sensing, identification and technologies. Data computing and processing
authentication technologies. Sensing, identification and technologies are essential to provide applications and
authentication technologies are the foundation of IoT. As services using IoT data. IoT applications need real-time
nerve endings of IoT, sensors are the largest and most

VOLUME XX, 2017 1

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2020.3018170, IEEE Access

perception and intelligent feedback for a large number of provided by IoT cover many fields such as manufacturing,
information nodes. The development of data computing energy management (such as smart grids), urban life (such as
and processing technologies is the key to improve smart cities), and personal healthcare.
processing intelligence and effectiveness. Computing According to the entire process of information generation,
technologies such as artificial intelligence and cloud transmission and processing, referring to the traditional
computing have given IoT more possibilities to provide architecture [3] and ISO/IEC 30141:2018 "IoT Reference
advanced application services. Architecture" [4], IoT generally has an entity-based
With the development of technologies and the expansion of architecture that can divide IoT from bottom to top into three
application fields, IoT has gradually evolved into a set of layers, namely terminal perception layer, network transport
solutions for specific applications. IoT focuses on the layer, and application service layer. The specific architecture
integration and innovation of solutions and will become a new is shown in Fig. 1. This architecture integrates various entities
idea, new tool and new method of social governance, involved in the IoT and shows that they have an interactive
combining the Internet with the physical world and providing relationship with each other.
intelligent interaction. The numerous applications and services

FIGURE 1. Three-tier Architecture of IoT

The terminal perception layer is the source of IoT data eMTC, etc.) for data encoding, authentication, and
collection. The collected information of various objects will transmission.
be transmitted to the upper layer. The entities involved in The application service layer processes the data transmitted
terminal perception layer include physical entities from the network transport layer and integrates them with
representing real things, IoT device entities (sensor devices, various industries to support vertical applications of IoT,
identification devices represented by RFID, and positioning / providing rich and specific services for different users in
tracking devices represented by GPS), and access platform specific fields, such as smart grids, smart homes, and smart
connecting local IoT device network and wide area network. cities. The application service layer also includes application
The network transport layer transmits information from the & service subsystems that provide capabilities of data storage,
terminal perception layer to the application service layer to analysis and service, as well as operation maintenance &
realize the communication and connection functions. The management subsystems that provide capabilities of
network transport layer uses non-cellular networks (ZigBee, management and operation support.
Bluetooth and Wi-Fi, etc.) and cellular networks (NB-IoT,

VOLUME XX, 2017 9

Ⅱ. IOT SECURITY THREATS communication technologies and standards, and provide open
As more and more machines and smart devices are services for users in various fields. Openness is conducive to
connected to the network, the vulnerabilities of IoT security the development of IoT, but also brings the expansion of the
are gradually exposed. IoT devices are more vulnerable to be scale of potential risks. Due to the interconnection and
attacked than computers or mobile phones, not only because interdependence of IoT system, any vulnerability can be
of the surge in the use of IoT devices, but also on account of exploited by attackers to launch large-scale and systematic
the complexity, diversity, and inherent mobility of such device attacks, which will paralyze the whole system. For example,
application scenarios. At the same time, IoT has developed attackers can use some terminals as the entrance of attack
rapidly but has not yet matured. The privacy protection crises penetration and use tools to analyze the information stored in
caused by the openness of the network and the mobility of data the same type of terminal, such as source code and
are less discussed and regulated. Comprehensive perception authentication mechanism, so as to invade the whole system.
makes the data collected and exchanged by IoT more private The integrity and unity of IoT system. IoT combines
and dangerous than the Internet. machines, network infrastructures and application platforms
into a complex system. This kind of interconnected system
A. ATTRIBUTION ANALYSIS OF IOT SECURITY makes operation maintenance and service provision depend on
THREATS each other and interfere with each other. Although IoT has
The widespread popularity and the large-scale deployment layered architectures, security problems in all layers are not
have promoted the development of IoT, but also brought new independent of each other. The problems of one layer may
security challenges. Maintaining its security is a complex and affect other parts of IoT system. If intruders manipulate some
challenging task. The reasons for the increasingly serious terminals to launch DDoS attacks, the whole system may be
security problems of IoT are as follows: infected, affecting the application service layer and causing
The lack of human supervision. IoT terminals are usually the service to crash; at the same time, attacks against the
deployed in complex and changeable environments to collect application platform and software will also cause the leakage
information and provide data for applications. However, under of user privacy and malicious manipulation of devices, leading
these environmental conditions, due to the limitation of human to the abnormality of the terminal perception layer.
resources, the terminals are exposed, distributed and The lag of legal supervision and management. IoT security
unattended, so that intruders can easily physically damage needs not only technologies such as network security,
devices [5]. Common physical attacks include illegal theft, application security or data security, but also needs legal
malicious movement, etc. These attacks will cause damage, restraints and supervisions of regulatory agencies. However,
data loss and function failure of IoT devices. In the case of the rapid application of IoT does not match with the
huge amount of IoT devices, it is difficult to find and repair implementation and improvement of its safety supervision
damaged terminals in time, which further aggravates the mechanism. In recent years, many countries have made laws
consequences of physical attacks. and standards related to the security of IoT. For example, the
The resource constraints of low-power devices and US House of Representatives passed the "IoT Cybersecurity
terminals. IoT devices are small in size and low in power Improvement Act 2019", and the European
consumption. They can do some simple data calculations and Telecommunications Standards Institute (ETSI) released the
are suitable for distributed computing. In recent years, the standard for "Consumer IoT Cybersecurity" (TS 103 645) [9].
rapid development of edge computing takes advantage of this However, the above-mentioned laws and standards are still in
characteristic of IoT devices [6]. However, the limited the exploratory stage, and large-scale and industrialized safety
computing capacity and power supply cannot support a large management systems have not yet been formed.
number of complex calculations. There are no remaining
resources to implement more fine-grained security measures, B. SECURITY THREATS IN THE TERMINAL
resulting in the inability of IoT devices and systems to use PERCEPTION LAYER
complex security mechanisms [7]. The use of some measures Sensors are the main components of the terminal system.
may reduce the equipment processing efficiency and increase Their main function is to monitor objects in real time and
resource consumption, thus causing damage to the original collect information. These tiny physical devices are spread
services. For example, RSA, a commonly used encryption over a variety of related engineering fields and its number is
protocol, will consume a lot of resources when running on extremely large. Most of them are limited by resources, which
devices with limited computing power, which is easy to makes them become the potential attack surface of attackers.
burden the devices. When performing multiple encryption The first problem faced by the devices in the terminal
operations at the same time, such as in the Internet of vehicles, perception layer is the unpredictable physical attack [5].
the resource consumption will be more serious [8]. Although IoT devices are assets, they are often in a state of
The openness of IoT and the expansion of attack scale. lack of supervision. Criminals use theft, damage and other
Openness is reflected in the various processes of IoT system. physical means to destroy the connection between devices and
IoT can obtain data from various fields, integrate various central server. For example, in 2018, Chinese sharing

VOLUME XX, 2017 9

economy enterprises (sharing portable chargers and bicycles) scale DDoS attack by using IoT devices, resulting in more than
suffered large losses or even went bankrupt. A large part of the 100,000 devices infected [13].
reason is that smart locks and positioning devices on bicycles The communication technologies used by IoT have
and chargers were removed by violence, resulting in asset limitations. IoT uses different communication technologies
losses. [14], including long-distance networks (NB-IoT and LoRa
There are risks of being attacked during the information (Long Range Radio) [15]), short-distance networks (ZigBee
transmission of IoT nodes. There are three main types of [16], Wi-Fi, etc.), and Internet. The security shortcomings of
terminal perception layer nodes: collection endpoints, these technologies have been inherited into IoT. For example,
information aggregation nodes, and isolated nodes. The the Internet provides a wide range of services for different
collection endpoint mainly corresponds to sensors, which is participants, including IoT users, but at the same time, the
responsible for sensing and collecting information; the communication infrastructure based on TCP / IP is not only
information aggregation node is the server responsible for vulnerable to security and privacy threats, such as intrusion,
receiving, processing, forwarding information; the isolation replay attacks, and identities theft [17], but also faces
node is embedded equipment responsible for the operations of challenges such as poor scalability, high complexity, and
information encryption and decryption, internal and external insufficient resource utilization [18].
network isolation. When information is interconnected
between nodes, due to the transmission distance, there are D. SECURITY THREATS IN THE APPLICATION SERVICE
threats such as interception, eavesdropping, counterfeiting, LAYER
and tampering of nodes. The application service layer processes the data transmitted
The identification and authentication technologies are from the network transport layer and provides services for
indispensable prerequisites for the secure communication of different application scenarios according to user requirements.
IoT devices [10]. Although the uniqueness and certainty of Users can directly enjoy the services provided by IoT system
identity can effectively increase the security of IoT devices, through web applications or mobile apps, and enjoy the
hackers can use some ways to bypass this process to convenience brought by IoT system. However, there will be
implement intrusion. For example, in April 2019, a software system security, data security, and software security problems
called iLnkP2P was discovered without any authentication or launched by application-level attackers.
encryption measures. Attackers can bypass the firewall with System security. The application service layer usually
some specific serial numbers and directly establish consists of basic environments, components, and virtualized
connections with IoT devices, send malicious messages cloud platforms. Basic environments and components, such as
instead of any valid messages sent by the device. operating systems, databases and middleware, will be used by
attackers to launch brute force attacks and man-in-the-middle
C. SECURITY THREATS IN THE NETWORK attacks, resulting in unauthorized access, remote control and
TRANSPORT LAYER data leakage. Most IoT systems build virtualized cloud
IoT integrates sensor networks [11] and communication platforms to reduce equipment deployment costs and improve
networks to form a large-scale network. Similar to the risks computing performance or business throughput. However,
faced by the terminal perception layer, the possible attacks virtualization technology also brings security risks, leading to
also increase significantly with the increase of network scale. blurring of the boundary between users and data, resulting in
The confidentiality, integrity, and availability of network security issues including virtual machine escape, virtual
are targets of network transport layer’s attackers [12]. Some network attacks, and virtualized software vulnerabilities.
network targets have poor protection, which makes it easier Data Security. Databases face security problems. Common
for attackers to invade. When the system lacks protection and database attacks include SQL injection [19], privilege
verification mechanisms, the attacker will tamper with the promotion and backup theft. Data privacy protection is an
platform software and hardware modules, resulting in the risk important security requirement of the application service layer.
of leakage of stored information. Therefore, timely detection Many information obtained by the IoT may contain personal
of intrusions is critical to curb attacks and protect network privacy, such as positioning information obtained by GPS.
security in the early stages. Such information can be used by attackers to analyze users’
Network transport layer will suffer from attacks such as sensitive privacy such as residence, income, lifestyle, behavior,
denial of service (DoS) and distributed denial of service and health status [20].
(DDoS). Attackers launch DoS and DDoS attacks by sending Software security. Malicious applications are commonly
traffic beyond the target’s processing capacity to consume used by software attackers. For example, in 2017, Bank of
computing and network resources of the target, resulting in Russia found a malware called Bespalova existed in ATMs,
resource depletion, thus blocking the target network and which automatically paid after entering a specific code. If the
causing denial of service. Large-scale DoS and DDoS attacks system does not have enough code checks and tests, it will be
will cause disastrous consequences to the whole network. vulnerable to attacks by malicious scripts or error indications.
Mirai, the botnet which broke out in 2016, launched a large- For example, attackers will use XSS (Cross-Site Scripting

VOLUME XX, 2017 9

Attack) [21] to inject some malicious scripts into another The security mechanism of low-power devices and
trusted website. Successful XSS attacks can lead to hijacking microservice terminals lacks the ability of autonomous
IoT accounts and paralyzing the IoT system. In addition, protecting, learning and upgrading. The large-scale
Android malware has increased significantly in recent years interconnection of IoT devices requires low-power and low-
[22]. For mobile devices, the openness of the Android mobile cost solutions, so complex security mechanisms cannot be
operating system has contributed to the spread of malware. used. Therefore, current IoT security protection methods have
Malware can use vulnerabilities to invade users' mobile the difficulty of updating outdated security strategies. Most of
phones and obtain private data. them do not have abilities of self-renewal and evolution, which
is far from the "active immunity" or "auto-immunity [25]".
Ⅲ. FEASIBILITY ANALYSIS OF APPLYING AI IN IOT Due to the lack of initiative, these methods rely on human to
SECURITY maintain and update the database, define new attack modes
and interception rules. A lot of manual participation leads to a
A. COMMON CHARACTERISTICS AND SPECIAL certain degree of lag in security protection, and it is unable to
REQUIREMENTS OF IOT SECURITY learn and upgrade the security scheme in time. How to design
Through the analysis of various security problems faced by automatic security mechanisms with "active immunity" has
IoT, it can be found that IoT security problems have some become an increasingly urgent problem of IoT security.
common characteristics which makes IoT security more The integrity of IoT requires that security schemes can
complex and produces special requirements for security effectively handle massive data and can be deployed in a large
protection that are different from other fields. scale and unified way. IoT is a multi-layer system across
The distribution of data remains relatively stable in normal terminals, networks and service platforms, the defense of
IoT context, so the detection of abnormal behaviors and data security issues is holistic and data are more complex and large-
outliers becomes the main IoT security requirement. In general, scale. The unity and integrity of IoT put forward an urgent
due to the lack of resources, IoT devices can only complete demand for the processing capacity of security solutions under
simple tasks such as data collection and data transmission. A massive data, and it is necessary to ensure that solutions can
large number of common devices will maintain constant be uniformly deployed in a large-scale way, remain effective
business modes and the collected data will maintain relatively in complex situations, and can evolve according to new
stable distributions. For example, network traffic of consumer scenarios at any time.
IoT devices generally has fixed modes. These devices tend to
send stable signals to a limited number of endpoints, so their B. NEW CAPABILITIES PROVIDED BY AI TO IOT
network activities are more predictable and structured [23]. On SECURITY
the contrary, DoS / DDoS attacks will generate significantly The particularity of IoT security and limitations of
different network traffic than IoT devices. Therefore, real-time traditional methods highlight the urgent need for new security
monitoring and identification of abnormal data, timely capture technologies. As a new technology direction, artificial
and early warning of abnormal business data flow are effective intelligence has a wide range of applicability [26]. Machine
protection measures against many security attacks. Looking learning (ML) is a research focus in the field of artificial
for technologies with the ability to distinguish normal and intelligence. Its theory and methods have been widely used to
abnormal modes efficiently is the main requirement of IoT solve complex problems in many engineering applications.
security. The ML algorithms applied to IoT security can be divided into
The unpredictability and variability of attack modes lead to transaction algorithms and decision algorithms. (Fig. 2)
the lack of prior knowledge, which puts forward higher Transaction algorithms are mainly responsible for data
requirements for the robustness and generalization ability of exploration and data preprocessing. Transaction algorithms
security protection models. In the past, the information use few samples and simple models to obtain the general
security risk existed in the aspect of personal privacy. But with characteristics of the dataset and provide the basis for decision
the expansion of IoT market scale, IoT attack scenarios also algorithms. Decision algorithms are mainly responsible for
show a trend of diversification. Attacks against hardware and business decisions and adopt different decision-making
software vulnerabilities, communication interfaces, or cloud strategies to reduce the ratio of misjudgment, so that the
platforms are emerging in endlessly. However, defenders lack overall profit is the highest. Decision algorithms can be
of prior knowledge [24] about new attack modes and cannot divided into three types according to strategies and scenarios:
adopt appropriate countermeasures in time. They can only single decision-making, sequential decision-making, and
understand the attack after bearing the loss, which greatly integrated decision-making.
increases the security risk of users. If there is not enough prior In addition, machine learning methods can be divided more
knowledge, then security models need to be able to maintain carefully (as shown in Table I), including Supervised Learning
the effectiveness in a variety of unknown scenarios, which [27], Unsupervised Learning [28], Reinforcement Learning
requires higher robustness, generalization ability and data (RL) [29], Ensemble Learning [30], and Deep Learning (DL)
control ability of security protection models. [31].

VOLUME XX, 2017 9

FIGURE 2. Machine Learning for IoT security

Machine learning can make up for the defects of traditional
security solutions in different aspects, conform to the
characteristics of IoT and provide new capabilities for IoT to
meet the new security requirements mentioned above.

B1. The capability of pattern recognition and abnormal

behavior discrimination.
Based on analysis of most IoT security incidents, we know
that the business modes of IoT devices are fixed and their
normal behaviors are predictable and structured. ML methods
such as supervised learning and unsupervised learning can
provide powerful ability to capture abnormal activities and
distinguish abnormal patterns, so as to classify normal
behaviors and abnormal attacks. So, supervised learning and
unsupervised learning can be widely used in IoT security.
For example, a specific example is to use Support Vector
Machine (SVM) [32] , a supervised learning method, to solve
whether an access device is authorized. SVM can use a FIGURE 3. An example of IoT devices
hyperplane to divide points in the feature space of device data classification based on SVM
into two categories: blue nodes are authorized devices, and
yellow nodes are unauthorized devices, so as to classify B2. The capability of autonomous protecting, learning
different devices and intercept the unauthorized devices (as and upgrading
shown in Fig. 3). The lack of learning, upgrading abilities in unknown
scenarios is one of the important reasons for the limited
applicability of traditional schemes in practical applications.
Traditional security schemes are not prepared enough for new

VOLUME XX, 2017 9

viruses or attacks and cannot provide timely and effective exploration ability of the model, thus laying the foundation for
means of resistance. For example, the important defect of the realization of active immunity of IoT security.
Intrusion Detection based on misuse detection is the lack of
capability of unknown network intrusions such as Zero Day B3. The capability of processing large amounts of
attack [33]. complex data effectively
AI provides automation and intelligence capabilities for IoT Traditional IoT security schemes usually work under the
security in three aspects. First of all, unsupervised learning can limited amount of data. With the increasing generation of data,
automatically obtain knowledge from the data without known the deficiencies of these schemes in big data processing
tags. The failure to obtain sample labels is a common lack of capacity and computing efficiency are highlighted. For
prior knowledge, unsupervised learning extends from relying example, malware detection is the primary task of software
on label data to using unlabeled data, which can effectively security in application service layer. Traditional malware
reduce the consumption of manually labeled data and maintain detection methods extract malicious behavior codes from
its effectiveness in the scenario without empirical data. For malware as signatures, and judge whether a new software is
example, unsupervised clustering methods, represented by K- malware by calculating the similarity between the software to
Means [34], can divide the input data into different clusters be detected and the signature database. When the amount and
without labels by detecting the similarity between input data. dimensions of data increase, the computational complexity
As shown in Fig. 4, when K = 3, the K-Means algorithm will rise rapidly, resulting in the efficiency of the model is
divides all the sample points into three clusters, and then greatly reduced, and it is unable to make timely and effective
determines the node risk of each cluster according to the detection.
common properties of the samples in each cluster. Then, the Compared with traditional schemes, the advantage of AI
security level of IoT nodes can be divided so as to take schemes is that it can not only process small-scale data, but
different countermeasures. also can make use the data set with more samples and higher
dimensions for effective calculation. For example, ImageNet
[35] is one of the most famous data sets in the field of image
processing. Its data volume has reached 10 million, and many
of its sub datasets also have a million data. Even so, many deep
learning models have achieved very good results on some
ImageNet sub datasets.

B4. The capability of maintaining excellent model

accuracy
The low model accuracy of traditional models is also the
reason why AI technologies are urgently needed in IoT
security. If models with poor effect cannot detect the potential
attack in time, it will reduce the credibility of security models.
In addition, due to technical limitations, some traditional
models may damage the operation mechanism of IoT in order
to improve the model effect. For example, SYN Flood attack
[36], a very common DDoS attack, sends a large number of
FIGURE 4. An example of IoT node clustering attack messages with forged source address to the network
based on K-Means (K=3) service port, causing the connection queue in the target server
Secondly, ensemble learning can make use of the results of to be occupied. A protection measure is called random drop
multiple classifiers to vote and adjust the learning focus of the (RD). By randomly discarding SYN requests in TCP backlog
model, so as to gradually and automatically improve the model queue, RD can alleviate the queue pressure and reduce server
effect and avoid multiple manual operations. The aggregation load. However, the success rate of many legitimate clients
of models from multiple scenarios can also effectively reduce with normal connection or slow connection will be greatly
the deviation caused by a single scene and enhance the reduced, even unable to respond to SYN-ACK messages from
applicability to new scenarios. the server, thus destroying the operation mechanism of TCP
In addition, reinforcement learning can achieve the gradual itself [37].
optimization of the model through the reward / punishment AI schemes can effectively calculate large data sets, at the
mechanism and adjust learning strategies in a constantly same time, it can ensure that models have good effectiveness
changing environment to maximize the benefits. RL can learn and perform well in many evaluation indicators such as
new strategies while constantly inputting new data, ensure precision and recall. Many supervised learning methods and
security models of IoT adapt to the changes of new deep neural networks have provided excellent solutions in
environment, maintain the validity, and strengthen the active various application scenarios.

VOLUME XX, 2017 9

B5. The capability of providing model robustness and model for unknown data, which ensures that the model will
generalization ability not lose efficacy after being transferred from the experimental
Traditional security solutions generally solve problems in scenario to the application scenario.
relatively simple environments. When these solutions migrate A variety of ML methods have advantages in robustness
to more complex scenarios, such as enterprise IoT security, and generalization ability: SVM determines the classification
they may not achieve the expected results. For example, the result through a small number of support vector samples,
traditional password device authentication, due to the lack of adding or deleting nonsupport vector samples has no effect on
complexity of the password form, is easy to lead to password the model, which makes SVM have good robustness; random
impersonation and interception, so password device forest has good anti-noise ability and is insensitive to outliers;
authentication is only applicable to closed small systems [60]. linear models with L1 and L2 regularization [40] has excellent
AI methods pay great attention to the robustness and generalization ability and can avoid over-fitting. These ML
generalization ability. Robustness [38] requires the model can methods with good robustness and generalization ability can
effectively reduce the impact of noise and outliers and ensure greatly enhance the applicability and scalability of IoT
the model to maintain effectiveness in complex scenes. The security solutions.
generalization ability [39] reflects the prediction ability of the
TABLE I
Common ML methods for IoT security
Common
Type Method Advantages Disadvantages
Application
Device
High calculation efficiency; decision-making The structure of decision tree will be more
authentication;
Decision process is intuitive; no domain knowledge and complex when data with multiple features are
DoS/DDoS attack
Tree [41] parameter assumptions are required; suitable for involved, so appropriate pruning is needed to
detection; Intrusion
high-dimensional data. avoid over-fitting.
detection
The training process is simple, generally used for The principle of feature independence is
Device
Naive Bayes small-scale data sets; when the feature independence difficult to satisfy in many cases. When the
authentication;
[42] is satisfied, Naive Bayesian can also perform well in assumption of feature independence fails, naive
Intrusion detection
the efficiency of large-scale data sets. Bayesian is no longer applicable.
Supervised When data is not linearly separable, kernel method
Learning [43] can be used for nonlinear classification; SVM is difficult to implement for large-scale
SVM is especially suitable for datasets with a large datasets. When the number of samples is large, DoS/DDoS attack
number of features but a small number of samples; the storage and calculation of matrix will detection; Intrusion
SVM [32]
some support vector samples determine the final consume a lot of memory and time. And SVM detection; Malware
classification results, adding and deleting is difficult to solve multi-classification detection
nonsupport vector samples have no impact on the problems.
model, so the robustness of SVM is good.
KNN is simple and easy to understand. The
DoS/DDoS attack
calculation method is still valid for large-scale It is a time-consuming process to determine the
KNN [44] detection; Intrusion
datasets. KNN can be used for nonlinear best value of K.
detection
classification and multi-classification problems.
K-Means can be applied to unlabeled samples to DoS/DDoS attack
K-Means It cannot deal with nonspherical clustering; the
learn the representation of input data without detection; Intrusion
[34] selection of optimal K is a problem.
prelabeled training data. detection
Unsupervised
Principal component is not as explanatory as the
Learning
The calculation of PCA is simple and has no features of the original samples; when the Feature selection
PCA [45]
parameter limitation. variables do not obey the Gaussian distribution, or Feature reduction
scaling and rotation will occur.
The effect of Random Forest is better than single
Device
models; the introduction of randomness makes RF
The features with more value division will have authentication;
not easy to overfit, has a good anti-noise ability, and
Ensemble Random greater impact on random forest; in some DoS/DDoS attack
is not sensitive to outliers; it can handle high-
Learning Forest [46] classification or regression problems with more detection; Intrusion
dimensional data; it has no requirements for data
noise, they may be over-fitting. detection; Malware
types, and can handle both discrete data and
detection
continuous data.
The search and storage of Q-table need a lot of
Reinforcement Q-Learning Q-Learning requires few parameters and can be
time and space; update speed is slow; not Malware Detection
Learning [47] implemented offline.
suitable for high-dimensional data.
CNN shows applicability and robustness in many
CNN [48] image applications and is an effective image Device
classification and recognition model. DL needs a lot of data, computing resources and authentication;
Deep high hardware requirements; black box model, DoS/DDoS attack
Learning RNN have achieved excellent performance in poor interpretability; complex model structure, detection; Intrusion
RNN [49] machine translation, speech recognition and other high computational complexity. detection; Malware
applications with sequential data. detection

VOLUME XX, 2017 9

to inject and execute malicious code in IoT software is a

Ⅳ. AI SOLUTIONS TO FOUR IOT SECURITY THREATS common attack method. These vulnerabilities that can be used
for malware injection may be related to the authentication and
A. FOUR THREATS TO IOT SECURITY authorization of the application. Physically tampering with
According to investigation, there are four threats that need IoT devices, software modifications and misconfiguration of
to be solved urgently in IoT security: device authentication, security parameters may also allow attackers to inject
DoS / DDoS attack, intrusion detection, and malware malicious code. Common malware includes bots, ransomware,
detection. The traditional solutions to these problems lack the adware, etc.
processing ability of large data sets and have many problems
such as low efficiency and poor real-time performance. Most B. GENERAL PROCESS OF AI SOLUTIONS FOR IOT
of them cannot be migrated to IoT. AI methods represented by SECURITY
machine learning can use massive IoT data to infer useful The main tasks of device authentication, DoS / DDoS attack
knowledge from the data, and thus make predictions for detection, intrusion detection, and malware detection are
unknown events, providing new solutions for these problems. classification tasks. For example, for device authentication, AI
Device Authentication. There are risks of interception, solutions need to be able to accurately classify authorized and
counterfeiting, tampering, and destruction in the process of unauthorized devices; for intrusion detection, the solutions
information interaction and data transmission between IoT need to be able to classify normal and abnormal network
nodes. In order to prevent the transmission of false information, behaviors; and so on. We analyze existing machine learning
the security requirements between nodes include identity solutions to these problems and summarize the flow of most
authentication, judgment and blocking malicious nodes [50]. solutions into the basic process shown in Fig. 5.
The authentication process of IoT devices is generally Data Collection. ML solutions usually require data sets
restricted by the characteristics of the IoT, such as limited from specific environments. For different problems, you need
resources. Therefore, it is necessary to ensure that the to choose the appropriate environment for data collection to
calculation and communication cost do not exceed the form training data sets and test data sets. For example, data
limitations of the device as much as possible, to ensure that the sets of device authentication need to contain the information
device does not consume too many resources [50]. of device configurations, user behavior and operation habits to
DoS / DDoS Attack. Denial-of-service attacks (DoS) [51] reflect the differences of users.
and distributed denial-of-service attacks (DDoS) [52] use Data Pre-exploration and Pre-processing. The quality of
weaknesses in the transmission protocol, or vulnerabilities in training data is directly linked to the effect of solutions. IoT
systems and servers to launch large-scale destructive attacks data sets comes from various sensors in various fields.
on the target system. Massive data packets exceeding the However, there are more or less problems in the original data
target processing capacity will consume available network set, such as irregular data distribution and incomplete data.
bandwidth resources, causing program buffer overflow, Therefore, it is necessary to mine the training data, master the
preventing other legitimate users from normal requests, and data distribution, and then carry out operations such as
ultimately lead to network service paralysis or system crash. deleting errors and completing incomplete data, so as to
There are some differences between DDoS and DoS. DDoS prepare for subsequent steps.
uses multiple distributed attackers in different positions to Model Selection. There are many ML models that can be
launch attacks on one or several targets at the same time, or an selected for IoT security, but each model has its own
attacker controls multiple machines in different positions and applicable scenario, so we should select appropriate models
uses these machines to attack the victim. according to the characteristics of models and requirements of
Intrusion Detection [53]. Intrusion Detection aims to problems. The size of the data set and the pre-exploration
monitor events that occur in the system, by collecting and results of the data will also affect the choice of the model. For
analyzing the information of key points, to check whether example, if the data set has fewer simple samples and the
there are behaviors that violate the security policy to achieve training needs to be completed in a short time, then the
early detection of intrusion. As an active security protection lightweight algorithms such as naive Bayes can get expected
technology, intrusion detection is an important part of network results.
security providing real-time protection against internal and Data Conversion. In actual applications, the data collected
external attacks. The ability to detect intrusions and malicious is usually inconsistent with the input data required by models
activities in the IoT network is critical to the timely recovery and needs to be converted to meet the needs of models we
of network infrastructure. selected. For example, the audio data collected by voice
Malware Detection [54]. IoT allows a large number of sensors cannot be directly input into RNN models, so it is
smart devices to connect to each other to share information necessary to carry out data conversion. One of the conversion
and improve the user experience. In order to provide methods is to extract the Mel-Frequency Cepstral Coefficients
interactive services with users, more and more PC or mobile (MFCC) from original audio data [55].
applications appear. Using vulnerabilities of these applications

VOLUME XX, 2017 9

Training and Testing. After data pre-processing and model Model Evaluation and Deployment. When selecting the
selection are completed, we need to input data into models for final model for actual deployment and application, we can use
training. In the training process, we can observe the loss some effect indicators to evaluate different models after
function value or result curve to know the training trend of the training. Different evaluation indicators are selected according
model, so as to adjust learning rate or other parameters to problems such as classification, regression, ranking, to
appropriately to ensure that model effect is gradually objectively evaluate the prediction and generalization ability
optimized. After obtaining training models, test datasets of the model. For IoT security, commonly used evaluation
obtained from the real world are used to test the generalization indicators are accuracy, precision, recall, F1 score [57], AUC
ability of training models. Training models may be under- (Area Under ROC Curve) [58], etc.
fitting or over-fitting [56], so parameters need to be adjusted
again.

FIGURE 5. The general process of AI solutions for IoT security

information [61]. The static of device ID or user ID makes the
C. AI FOR DEVICE AUTHENTICATION identity easy to be scanned, read and counterfeited by hackers.
Traditional device authentication: digital certificate ML provide a variety of feasible ideas for secure
authentication and password authentication. Digital authentication of IoT. These schemes use a variety of ways to
certificates include user identity information, relying on a obtain verifiable information related to devices and users. We
trusted third-party Certification Authority (CA) to achieve select several representative schemes for comparative analysis
authentication, and users can access servers of CA with the (as shown in Table Ⅱ).
authentication certificate. The International Manually set information: white list or black list. The white
Telecommunication Union's X.509 standard defines a list and black list are manually set safety / dangerous device
framework for providing authentication services. General CA lists, which are often used to screen and intercept connected
digital certificates follow X. 509 standard format, so it is also devices. The goal of device authentication is to ensure that
called X. 509 certificate [59]. The password authentication only authorized IoT devices can connect to the network, but
saves the user's name and password in advance [60]. When the there are too many and increasing devices with vulnerabilities,
user enters the system, the entered information is compared which makes organizations be cautious and skeptical about all
with the previously saved information to verify whether the IoT devices. A white list of authorized devices will be much
user's identity is legal. smaller than a black list of increasing potentially dangerous
Traditional authentication technologies have many devices and can also improve the efficiency of ML model
problems. For example, although the password authentication training, testing, and deployment. Meidan et al. [62] designed
is simple and easy to implement, it is generally only suitable an authentication scheme combining white list and ensemble
for closed systems. Every time users access the system, they learning, using random forest to perform feature extraction
must enter the password in plaintext, which may be and devices classification of network traffic data in large
intercepted in the process of transmission, thus revealing the enterprises IoT. For testing, the average accuracy of the nine
privacy information. Traditional IoT terminals are easy to be device types tested was 99%, and the method was desirable in
counterfeited because of the static nature of identification accuracy and speed of classification.

VOLUME XX, 2017 9

Human biological characteristics. Human biological 94% and 91% for dynamic and static human activity
characteristics refer to the inherent characteristics of the identification, which proved the feasibility of the combination
human body such as fingerprints, irises, faces, DNAs, sounds, of Wi-Fi signals and DL.
and so on. Sound sensors in wearable IoT devices such as
smartphones and watches can be used for identity
authentication. These devices often interact with individuals
frequently to obtain personal-specific information and have
unique advantages in fine-grained monitoring of user
environments. Breath Print is an authentication technology for
respiratory acoustics on mobile IoT devices. Breath Print
assumes that each person's breathing pattern is unique, thereby
taking advantage of the user's respiratory acoustic
characteristics captured by wearable IoT devices to support
user authentication. With the unique advantages of RNN in
audio and speech processing, Chauhan et al. [63] combined
RNN with Breath Print to model the collected respiratory
acoustic data to distinguish different users. Experiments
showed that this method can be effectively implemented on
various resource-constrained embedded devices with low
latency (less than 200ms for smartphones). It should be noted FIGURE 6. Abstract representation capability of
that human biometrics are important privacy data for users, so DNN with three hidden layers
it is necessary to prevent possible privacy disclosure when Static device information. The RF fingerprints extracted
using them. The Cancellable Biometric System (CBS) from RF wireless communication devices can reflect the
technology can convert the forms of original biometric data. hardware differences of each device. Although the differences
Then, the transformed data can replace the original biological in hardware are small, it has been proved that these differences
characteristics at any time, so as to protect the original data can be used for device authentication. Lin et al. [66] obtained
from being destroyed. Punithavathi et al. [64] developed a safe RF fingerprints of IoT devices, and then used PCA to reduce
prototype of lightweight cancelable biometric recognition the dimension of fingerprint features. The high dimensional
system with the help of image preprocessing, feature fingerprint was reduced from 3187 dimensions to 2 / 76 / 300
extraction, feature conversion, template matching and other / 645. Then, random forest, SVM and artificial neural network
machine learning technologies, which solved the privacy were used to identify the low dimensional data. Experiments
problem of using human biological characteristics. showed that the detection accuracy of 76-dimension data was
Human behavior characteristics. Human behavior better than that of other dimensions and random forest
characteristics such as gaits, handwritings, object performed better than other algorithms.
manipulation habits are also commonly used identity Dynamic operating behavior information. Dynamic
authentication information. Electronic devices in the indoor terminal fingerprint is the combination of static device
environment (such as smart refrigerators, smart TVs, smart air information and user dynamic operation behaviors. It can
conditioners, and security doors) can obtain human behavior contain information such as IP address, operating system
characteristics. There are rich Wi-Fi signals between these version, port status and network access location, etc. Through
devices. When operating these devices (such as opening ML methods, the difficulty of authentication and recognition
refrigerator doors, entering or leaving room), it is possible to caused by the dynamics of device fingerprint can be solved.
capture the unique physiological and behavioral Zhang et al. [61] proposed an intelligent identification scheme
characteristics of human daily activities, providing a feasible combining dynamic terminal fingerprints with decision trees,
direction for distinguishing each individual. Recognizing user logistic regression and naive Bayes. The classification
activities needs to start from simple actions and rise to the accuracy based on decision tree reached 98% and performed
unique behaviors of different users. The system needs to have better than logistic regression and naive Bayes. Bezawada et
abstract capabilities with different granularities, which can al. [67] used the protocol list used by IoT devices in various
extract different levels of feature representation. The powerful stages of their operation (such as ARP, HTTP, DNS, etc.) as
abstract representation capabilities of deep learning provide static behavior information, and used the features extracted
the possibility for this. Shi et al. [65] used the amplitude and from the network traffic of the devices as dynamic behavior
relative phase of the Channel State Information (CSI) in Wi- information. The fingerprint composed of static and dynamic
Fi signals of household appliances to extract representative behavior information can combine with ML models such as
human behavior features, combined with the three-hidden- KNN, decision tree and gradient boosting. In their
layer DNN model to abstract the features at different levels experiments, the average accuracy of detecting similar types
(Fig. 6). This method achieved the authentication accuracy of of devices was up to 99%.

VOLUME XX, 2017 9

TABLE Ⅱ
Comparison of representative device authentication schemes
Scheme Information Used in Scheme Technology ML Methods Used in Scheme
Traditional Third-party digital certificate; Digital certificate authentication;
No ML methods used
methods user name and password in plaintext password authentication
[62] Network traffic White lists Ensemble Learning
Acoustic characteristics of human
[63] Breath Print RNN
respiration
[65] Channel Status Information (CSI) Wi-Fi DNN
Operation behaviors and device Decision Tree; Naive Bayes;
[61] Dynamic device fingerprint
information Logistic Regression
RF wireless communication
[66] Communication signals PCA; Random Forest; ANN
fingerprint

protocol based on Multilayer Perceptron (MLP) (Fig. 7). In

D. AI FOR DOS/DDOS ATTACK DETECTION AND this MAC protocol, each node in WSN has a trained MLP
DEFENSE running on the MAC layer. This new MAC protocol extracts
The cleaning and filtering of abnormal traffic is the key of key parameters from the environment as MLP’s inputs:
DoS / DDoS protection. Traditional DoS and DDoS defenses collision rate, packet request rate, average packet waiting time
are optimized for load balancing, and use anti-DDoS devices, and so on. MLP will output the probability (suspicion factor)
firewalls, or other protection settings. These methods judge of nodes suffering DoS attack. If the suspicion factor is greater
whether the external access traffic is normal through firewall, than the predefined threshold, the node will shut itself down
rule filtering and content filtering. However, due to the large and save energy within a preset duration, limiting the attack to
number of devices and limited resources in the field of IoT, it a local area of the network. At the same time, shutting down
is more and more difficult for IoT devices to resist DoS and the attacked nodes also reduces the power consumption and
DDoS attacks, which requires efficient and accurate traffic prolongs the service life of the system.
filtering methods.
Machine learning is a good choice for providing intelligent
and automated DoS / DDoS detection mechanisms. DoS and
DDoS attacks in a variety of different IoT scenarios can be
solved through machine learning (as shown in Table Ⅲ).
Software-defined network. Software-defined network (SDN)
is a network architecture that separates the control plane and
data plane of network devices. The rich functions provided by
the SDN control plane enable organizations to effectively
control IoT devices. With the characteristics of centralized
control, flexibility, and scalability, SDN can be used as the
underlying communication infrastructure of IoT. However,
the openness of the interfaces in SDN also brings security
implications and is vulnerable to DDoS attacks. Ye et al. [68]
proposed a DDoS detection scheme based on SVM, which
FIGURE 7. Secure MAC protocol combined with
considered attack detection as a classification problem. The
MLP
scheme extracts the values in the switch flow table of the SDN
Consumer IoT. Consumer IoT are also at risk of DDoS
architecture related to DDoS attacks, such as the speed of
attacks, such as wearable devices and smart appliances. The
source IP, source port and flow entries, the standard deviation
IoT traffic of these devices is different from attacks. ML can
of flow packets, the deviation of flow bytes, the ratio of pair-
capture traffic that differs greatly from the network traffic
flow, to use as characteristic values for SVM classification.
characteristics of specific behaviors of consumer IoT devices,
Wireless sensor network. Wireless sensor network (WSN),
such as DDoS traffic, for attack detection. Doshi et al. [70]
as an important communication technology in IoT system,
used a variety of ML algorithms such as K-nearest neighbors,
also has the danger of being targeted by DoS attacks.
decision trees, neural networks, random forests and SVM to
Designing a secure media access control (MAC) protocol
achieve high-precision DDoS detection in consumer IoT
against WSN-oriented DoS attacks is currently an important
traffic. The results showed that the home gateway router can
research direction, and deep learning has provided assistance
use low-cost ML algorithms and traffic data to automatically
for this. Kulkarni et al. [69] proposed a new secure MAC
detect the DDoS attack source of local IoT devices.

VOLUME XX, 2017 9

Smart city and social IoT. Smart city is the fastest growing et al. [71] used deep learning and fog computing architecture
and most influential public service field of social IoT, which to train models and hosted attack detection systems at the edge
helps the city effectively manage water, electricity, of the distributed fog network. The combination of deep
transportation and other infrastructure. Millions of users are learning and fog operation enhanced the autonomy and
connected to social services through IoT, taking advantage of effectiveness of attack detection in local model, accelerated
the private and public services provided by IoT. DoS attack the speed of data training and reduced the calculation costs of
has become the most frequent attack type in smart city. Diro model, data, and parameters of IoT.
TABLE Ⅲ
Comparison of representative DoS / DDoS detection schemes
ML Methods Used
Application Scenario Information Used in Scheme Method Characteristics
in Scheme
Speed of source IP; Speed of
source port; Standard This method uses an adaptive and accurate
Software-defined deviation of flow packets; classifier to make decisions based on
SVM
Network [68] Deviation of flow bytes; uncertain information, which can detect
Speed of flow entries; attacks early.
Ratio of pair-flow
This method can limit the scope of DoS
Collision rate; packet request
Wireless Sensor Network attack, close the attacked nodes in time,
rate; average waiting time of MLP
[69] reduce the consumption and extend the
packets
service life of system.
The method shows that the home gateway KNN; Decision
router can use low-cost ML algorithms and Tree; Neural
Consumer IoT [70] Network flow characteristics
traffic data to automatically detect the DDoS Networks; Random
attack source of local IoT devices. Forest; SVM
41 features such as duration, It has autonomy and effectiveness of local
protocol, service, flag, source attack detection, reduces storage and
Smart City [71] Deep Learning
bytes, destination bytes, etc. computing consumption, and provides fast
response.

brought new changes to intrusion detection and have produced

E. AI FOR INTRUSION DETECTION several new development trends: from single models to
Traditional intrusion detection: misuse detection or combined models, from focusing on method accuracy to
anomaly detection. With the development of IoT, new types taking into account both efficiency and effectiveness, from
of intrusions have brought new problems to intrusion detection. centralized detection to decentralized detection.
Intrusion through unauthorized access to obtain confidential From single models to combined models. In order to solve
information is still increasing, but technologies such as access the shortcomings of two above-mentioned detection methods,
control, data encryption, and firewalls have certain limitations. some studies have proposed hybrid intrusion detection that
Most current intrusion detection systems use misuse detection combines misuse detection and anomaly detection. Most
or anomaly detection. Misuse detection [72] can effectively hybrid detection systems independently train misuse and
detect known attacks according to attack patterns that have anomaly detection models, and then aggregate the results of
appeared. However, they cannot detect unknown new types of two models. Unlike usual methods, Kim et al. [74] proposed a
intrusions such as zero-day attacks, because these attacks are new combined detection method that integrates a misuse
not similar to known attacks. In contrast, anomaly detection detection model and an anomaly detection model
[73] analyzes normal traffic patterns and makes judgments hierarchically (Fig. 8). In the process of integration, misuse
based on the assumption that attacker's behaviors are different model can capture known attacks, and then use anomaly
from normal users. If the characteristics of a certain traffic are model to supplement the ability of unknown attack detection.
far from normal traffic patterns, the traffic is considered an The program first used training data composed of normal
intrusion. Anomaly detection is useful for new attacks, but traffic and known attack traffic to train a C4.5 decision tree to
they are not as effective as misuse detection in terms of known build a misuse detection model, and then trained 1-class SVMs
attacks. Identifying anomalous activity from massive data is a on unknown attack sub dataset of the C4.5 decision tree
time-consuming process. Anomaly detection still needs to be branches to establish multiple anomaly detection models.
developed in terms of shortening time and improving accuracy. Through the test, the combined model performed better than
ML have been applied to intrusion detection and have single traditional model in detecting both unknown attacks and
shown better performance than traditional methods. ML have known attacks.

VOLUME XX, 2017 9

FIGURE 8. Combined intrusion detection

From focusing only on accuracy to taking both efficiency In addition to feature selection methods can improve
and effectiveness into account. Generally, most intrusion efficiency, the above-mentioned combined intrusion detection
detection systems emphasize effectiveness and ignore [74] can also reduce computational complexity of models by
efficiency. For intrusion detection systems, too many data decomposing dataset. When training dataset is decomposed
features may not guarantee good performance, but will into smaller subsets, the training and testing time will be
increase decision delay, so it is critical to choose fewer but significantly reduced to achieve the purpose of improving time
more important features. The feature selection of ML can be a efficiency.
method to improve the efficiency of intrusion detection. From centralized detection to decentralized detection. At
Li et al. [75] designed a two-stage combined model which present, some ML or data mining intrusion detection methods
takes both efficiency and effectiveness into account. In the usually require large amounts of stored data and strong
first stage, they used the heuristic iterative search ability of computing power to find intrusion attack patterns, so they
Swarm Intelligence (SI) algorithm to search for the optimal need to be executed in large central computing systems. But
features. In the second stage, they used the features selected in these methods are incompatible with IoT. The number of IoT
the first stage as inputs and used random forest to classify the devices is increasing and most IoT devices have limited
network traffic into different attack categories. The model computing resources, but there will be no suitable centralized
selected more important features, improved the operation processing equipment. It is difficult for general devices to
efficiency of the model, and achieved better performance in replace central computing nodes to complete their centralized
intrusion detection. Su [76] proposed a feature selection computing tasks. For these reasons, the demand for
scheme combining KNN and GA to improve the efficiency of decentralized intrusion detection is increasing.
intrusion detection. A major disadvantage of KNN is that each Bosman et al. [77] proposed a decentralized anomaly
data feature is given the same weight, but in fact some features detection framework that includes a set of heterogeneous local
may be more important than others, and some features can be anomaly detection models. The framework first uses
ignored. The goal of GA combined with KNN is to find an incremental learning to construct decentralized models with
optimal feature weight vector. Genetic algorithm (GA) is a little or no prior information. The computational cost and
search algorithm to find the optimal solution by simulating the memory cost of decentralized incremental learning models are
natural evolution process. GA starts with a population that usually low, which can meet the requirements of limited
represents the potential solution set of the problem. According resources. In addition, since the detection accuracy is limited
to the principles of “survival of the fittest”, successive by the quality of models, the accuracy of single model may not
generations produce better and better approximate solutions. reach the expected goal, so ensemble learning can be used as
After the evolution of GA, the optimal weight vector of KNN a suitable option to increase accuracy. By integrating the
can be obtained. The researchers used the header information outputs of multiple decentralized weak classifiers, the
of network protocol including IP, TCP, UDP, ICMP, ARP, accuracy of detection can be improved. As shown in Fig. 9,
and IGMP to extract 35 features as initial training data, used firstly, decentralized weak classifier A/B/C which meets the
the proposed algorithm to select some important features for constraints of the embedded platform will be trained. Then
intrusion detection. For known attacks, when considering the multiple weak classifiers are enhanced by ensemble learning.
first 19 features, the overall accuracy was 97.42%. For Compared with centralized detection, decentralized method
unknown attacks, the accuracy of using the first 28 features has proved that under the strict constraints of the embedded
was 78%. The scheme greatly improved the time efficiency of system, decentralized method is feasible. In environments
intrusion detection under the premise of basically with less prior knowledge, it eliminates the need for manual
guaranteeing the effectiveness of detection. intervention and performs as well as centralized solutions.

VOLUME XX, 2017 9

FIGURE 9. Enhancing weak classifiers by ensemble learning

TABLE IV
Comparison of representative intrusion detection schemes
ML Methods
Information Used
Scheme Method Characteristics Used in
in Scheme
Scheme
Misuse detection can detect known attacks effectively but cannot
Misuse detection
detect unknown new attacks. Anomaly detection can detect new No ML
and Network traffic
attack modes, but the detection rate of known attacks is lower than methods used
Anomaly detection
misuse detection
This method combines the advantages of misuse detection and
Combined Model anomaly detection to make up for the defects of single model. The SVM;
Network traffic
[74] structure of hierarchical integration is more flexible, and the Decision Tree
efficiency can also be improved by decomposing data sets.
The network This method can select important features while ensuring the
Feature Selection KNN; Genetic
protocol header of effectiveness of the model without increasing the efficiency through
[76] Algorithm
IP, TCP, UDP, etc. feature selection.
This method disperses the detection process to each independent Incremental
Decentralized Time series data of node, which can be executed in the environment with limited Learning;
Detection [77] sensors computing resources. The detection node can improve the effect of Ensemble
multiple weak models through ensemble learning. Learning

malicious activity before any form of detection or prevention

F. AI FOR MALWARE DETECTION can be carried out. When the initial victim is important, the
Traditional solutions: signature-based malware detection. consequences may be unacceptable. For example, the critical
Signature-based malware detection [78] generates unique infrastructure vulnerabilities of U.S. Office of Personnel
signatures for each known malware to create malware Management in 2015 may lead to decades of chain reaction
behavior libraries. These signatures are manually found by and events [79].
experts or generated by automatic methods, and can include Various ML methods have been applied to malware
many information, such as file names, content strings or bytes. detection. (as shown in Table V) These ML schemes choose
The signature of unknown software can be compared with the to decompose the malware, trying to extract the potential
malware behavior library to search whether there are matching information of the software, so as to pave the way for the
signatures. This method is the most convenient and widely models to detect malware. How to choose appropriate input
used detection method with fast detection speed and low false information becomes the key to AI malware detection. We
alarm rate. But the same as the misuse intrusion detection analyze several representative ML malware detection schemes
mentioned above, the signature-based malware detection is and compare several different potential software information
powerless for the malware that has not appeared before. The that researchers choose to use.
malware library needs to be constantly updated and Network behaviors. The wireless multimedia system (WMS)
maintained. However, there must be an initial victim reporting is used to continuously collect information and control the

VOLUME XX, 2017 9

status of remote devices. Wireless multimedia devices are optimization can increase the applicability of the solution to
usually equipped with multiple sensors, which transmit data to IoT with fewer computing resources.
neighbors based on routing tables. The distributed topology of Opcode and graph. Opcode can be a suitable and reliable
WMS accelerates the spread of malware, thereby threatening feature for identifying malware using ML. With the attempts
other nodes, wireless routers and terminals through data and experiments of many researchers, the combination of
transmission. For the detection of WMS malware, obtaining Windows malware opcodes and ML can effectively detect
its network behaviors is critical. The malware detection malware. Azmoodeh et al. [84] converted the selected features
scheme of Zhou et al. [80] facilitated the collection of network (opcodes) of each sample (software) into a graph (see Fig. 10).
behaviors in WMS using the data sniffer (DroidSniffer), In their graph, nodes represented the opcodes and edges
combined with SVM, BP neural networks to detect malware represented the affinity of each node (which needs to be
and suppress malicious codes. In the experiment, the highest calculated) in the disassembly file of each software. Graphs
infection rate was only 22.17%, which proved that malware can be converted into eigenspace [85], so that CNN can be
can be detected at a lower infection rate. used to classify the generated malicious and benign software
APK and API. Android platform plays a crucial role for the graphs. In Azmoodeh’s experiment, the opcode sequences of
rapid development of IoT applications. At the same time, 1078 benign software and 128 malwares were extracted.
malware for Android has also increased, and virus strains that Using graphs converted from opcodes, the detection accuracy
use highly sophisticated evasion techniques have emerged. of malware samples was 99.68%, and the recall rate was
Yerima et al. [81] developed a high-precision Android 98.37%. This method is very effective for malware
malware detection solution based on ensemble learning. The identification.
key to the analysis of Android malware is the software features
obtained from the APK. Java-based APK analysis tools are
used to extract the storage of features from the app corpus. The
extracted 65 features include various API calls and
Linux/Android command sets. These APIs include: SMS
manager API (used to send, receive, read SMS messages, etc.);
Phone Manager API (used to access device ID, subscriber ID,
network operator, SIM serial number, etc.); package
management API (used to list installed packages). Similarly,
Zhu et al. [82] pointed out that the extraction of sensitive data
stream in the application can effectively detect malware. They
built DeepFlow, an Android malware detection tool, analyzed
Android API codes with APK, extracted the sensitive data
stream, and used Deep Belief Networks (DBN) for
classification. Experiments on 3000 benign applications and
8000 malicious applications showed that DeepFlow achieved
FIGURE 10. A graph converted from opcodes
a high F1 score of 95.05% with appropriate parameters.
Active immunity for malware detection. In addition to
Binary image. A novel malware detection method is to
extracting different forms of software information and using
analyze the binary image transformed from software. The
algorithms to detect malware, the recent development of
binary file of software can be reformatted into an 8-bit
adversarial machine learning provides a new way to enhance
sequence and then converted into a grayscale image, which
the active immunity of malware detection. When we use ML
has one channel and pixel values from 0 to 255. The
algorithms, we should always pay attention to the fact that ML
experiment of [83] gives converted images and points out that
may also be cheated by attackers. The attacker will avoid the
the structural difference between the benign software image
detection according to the weakness of ML. If the detector can
and the malignant software image is obvious. The malware
predict the possible evasion choice of the attacker in advance,
image is always denser, for example, most Mirai malware
it can greatly reduce the detection delay and loss caused by
images have dense centers. Su et al. [83] used the difference
unknown attacks and form "active immunity".
in binary images of different software to transform malware
Chen et al. [86] described this as "arms race between
detection into an image classification problem, so as to
evasion attack and defense". First of all, they proposed an
distinguish benign software and malware by convolutional
effective evasion model (EvnAttack) by simulating attackers.
neural network (CNN). The experimental results showed that
Then, in order to effectively combat this kind of evasion attack,
the classification accuracy of CNN malware detection was
they further proposed a malware detection learning paradigm
94.0%, and the accuracy for two major malware families was
(SecDefender), which considered the cost of attacker's evasion
81.8%. In addition, CNN-based methods can improve
attack. The effectiveness of this method was proved by
efficiency by reduce the size of the network. This further
comprehensive experiments on the real data sets of Comodo
cloud security center. Wu et al. [87] pointed out that malware

VOLUME XX, 2017 9

can avoid ML detection by constantly modifying its structure improved the ability of the detection model for unknown
while maintaining malicious behaviors. Reinforcement attacks. Demontis et al. [88] studied the existing attack
learning can continuously simulate attackers to generate new frameworks, summarized and classified current attacker's
malware samples, thus providing possible attack references targets, knowledge, attack modes and potential attack
for defenders. They designed a model based on reinforcement scenarios. Then they implemented a set of evasion attacks to
learning to improve the possibility of these newly generated evaluate the security of malware detectors. They pointed out
malware to evade ML model, and then retrained the detection that linear and nonlinear classifiers with uniformly distributed
model by using these newly generated samples. In their feature weights can improve the system security without
experiments, the detection accuracy of malware was improved significantly affecting the computational efficiency.
from 15.75% to 93.5% after retraining, which greatly
TABLE V
Comparison of representative malware detection schemes
Scheme Software Information Used in Scheme Malware Type ML Methods Used in Scheme
Signature-based A signature containing software information
No restrictions No ML methods used
detection generated manually or automatically
[80] Network Behaviors WMS malware SVM; BP Neural Network
[81] APK; API Android malware Ensemble Learning
[83] Binary image Telnet attack software CNN
[84] Opcode Windows malware CNN

challenging task [18]. The newly acquired data should be of

V. CHALLENGES AND FUTURE DIRECTIONS the same quality as the original data set. Otherwise, with the
Artificial intelligence has put forward many effective addition of new data, the feature space of the original training
solutions to solve the security problems of IoT, but this does model will be gradually destroyed, resulting in model failure.
not mean that IoT security has been properly solved. There are Although some solutions have been proposed to solve these
still many challenges to be faced in data, algorithm, and problems, due to the decentralization of big data management,
architecture. no solution can handle all aspects of data.
Data Cleaning [90]. Data cleaning is the process of
A. DATA CHALLENGES removing duplicate information, correcting existing errors,
Data is the basis for the application of AI methods in the and providing data consistency. It is estimated that anomaly
field of IoT. The heterogeneity of IoT makes a large number and impurity in the data generally account for about 5% of the
of data generated in different fields, which may lead to various total data, which may be even worse for IoT. The data types
problems such as poor data availability and quality, hidden that need to be cleaned are:
dangers of data privacy, difficulties in data integration and so • Incomplete Data. Incomplete data is data with missing
on. information, such as missing fields. The incomplete data
The availability of data sets. Machine learning and deep needs to be filtered out, supplemented or abandoned
learning require a large number of training data sets. Most according to the actual situation. Only the complete data
deep learning methods are usually based on high-quality data can be written into database. In most cases, missing
to achieve their good performance [89]. Comprehensive and values need to be filled in manually. Some missing
diverse training data is the basis for the model to acquire values can also be derived from data source and can be
knowledge. The quality of training data sets will directly affect replaced by average, maximum, minimum, or more
the effectiveness of the model, so it is necessary to include as complex probability estimates.
much as possible attack information that reflects the real world. • Incorrect Data. The reason for incorrect data is that the
In addition to training data, the model also requires test data business system is not sound enough. The data is written
sets to analyze and compare the generalization capabilities of directly into database without judging whether the data
various algorithms, so as to evaluate and improve training is correct when input, such as the value is out of bounds
models. Therefore, in the context of applying machine and the date format is incorrect. As with incomplete data,
learning and deep learning to IoT security, how to obtain high incorrect data needs to be corrected and reviewed before
availability training and test data sets containing various it can be written into database again. Statistical analysis
possible attack types is an important challenge. can identify possible wrong or abnormal values, for
Maintain the quality of new data in real time. Due to the example, deviation analysis can identify values that do
rapid data generation speed and the complexity of data sources not conform to the distribution or regression equation.
of IoT, maintaining high-quality data in real time is a Simple rules (common-sense rules, business specific

VOLUME XX, 2017 9

rules, etc.) or constraints between attributes can also the original one. For IoT, the diversification of applications
detect incorrect data. will correspond to many different models, all of which need to
• Duplicate Data. Records with the same attribute value in be maintained and updated. But the process of retraining is
the database are considered as duplicate data. It is cumbersome, there will be many unknown errors, resulting in
necessary to merge same records into one record to avoid a huge waste of time and computing resources.
affecting the use efficiency. Instability [94]. In ML and DL, small changes in the input
Data Integration [91]. IoT obtains massive data from may cause different effects on the output. Even if the input
different types of sensor devices such as RFID, ZigBee, GPS, data of models changes slightly, the output may change
which need to be properly integrated before they can be used. dramatically. Attackers can deliberately change some input
Different data sources often have heterogeneous data, so how data, resulting in poor system stability and unexpected results.
to integrate heterogeneous data while ensuring data quality is Therefore, it is important to maintain the integrity and stability
a challenge. Data integration is to integrate data of different of the input data, but it is not an easy task in IoT environment
sources, formats, and properties logically or physically to that generates a large amount of high-frequency data.
provide comprehensive data sharing for users. Different types Poor interpretability / low transparency / black box. Deep
of data generated in various fields of IoT can be divided into neural network models are like black boxes because we have
three categories: (a) structured data, such as table data with no way of knowing how they draw conclusions by
rows and columns stored in traditional database systems; (b) manipulating parameters and input data [95]. There are two
semi-structured data, such as HTML, XML files; (c) opposite trends at the same time: the increasing number of
unstructured data, such as videos and images. There are network layers and the decreasing interpretability. When we
already some frameworks available in the field of enterprise want to improve the effect of the model, it is inevitable to
data integration. Currently, federal-based, middleware-based increase the number of network layers, resulting in a sharp
and data warehouse methods are used to construct integrated increase in the complexity of the model and poor
systems. These technologies solve data integration and data interpretability. Poor interpretability and low transparency
sharing in different focuses and applications, providing make it difficult to find errors when the model fails, which is
decision support for enterprises. However, the applicability of a serious problem for some high-risk areas. For example, when
these technologies for IoT data need to be investigated, and CNN is used in disease diagnosis of medical image, it is
appropriate improvements are required. necessary to make reliable reasoning for its prediction to
Data security and privacy. Data security and privacy are ensure the accuracy of diagnosis, but the lack of
challenges in processing and using data. In the process of data interpretability makes it difficult to apply the model to these
collection and transmission, you may face the risk of leakage work scenarios, reducing the actual benefits of the model.
of privacy. Although data encryption provides enhanced Computational complexity and resource consumption. The
privacy protection, many users may question their security computational complexity [96] and resource consumption of
because the system does not provide a reliable service level ML and DL are in sharp contrast to IoT devices. IoT devices
agreement (SLA) regarding the theft or misuse of personal are resource-constrained devices, and the acquisition of
information of users [92]. For example, personal information memory and computing resources is extremely limited.
contained in wearable device data can easily endanger users’ However, even if a lot of computing resources are given to
privacy. Personalized medical and healthcare applications rely some models related to image, speech and natural language
on human body data collected from wearable devices for processing, it will still take days or even weeks to complete
medical diagnosis and service recommendations. These the training. Therefore, the development of ML and DL
personally related information is very rich, usually including frameworks which can effectively reduce the computational
location, identity and physiological characteristics. It's easy to complexity is considerable to provide effective security
infer individual habits, behaviors, and preferences. Personal mechanisms. Especially for large-scale IoT systems, reducing
information in some areas such as medical care must be computational complexity and resource consumption has
carefully protected by all parties involved in data acquisition, important practical significance in future research.
management, and utilization [93]. ML / DL security risks. The AI methods used to maintain
the security of the IoT also have different degrees of security
B. ALGORITHM CHALLENGES risks, just like IoT itself. The potential threats of the attacker
Artificial intelligence is not omnipotent, but also has many against AI include poisoning, evasion, impersonation, and
defects. When using ML to solve the security problems of IoT, reverse attacks [97]. Poisoning, evasion, and impersonation
the defects are inherited into IoT, which needs attention and attacks change the training data by generating wrong label
improvement. samples, maliciously modifying samples, simulating samples,
Weak portability. ML models are always specific to a so that the model learns wrong and invalid knowledge from
certain field. When a good model is obtained for a scene and the training data, reducing the classifier's ability to distinguish
transferred to other similar problems, the original model normal and abnormal behaviors, leading to the failure of the
parameters may fail. We need to retrain new models to replace detection function of models. Reverse attacks use the

VOLUME XX, 2017 9

application program interface (API) provided by the existing technologies or develop new technologies. In addition to
ML systems to collect some basic information about the target addressing these challenges, we point out two possible new
model, and reverse analysis of the basic information to use the directions here.
target model to obtain private data, such as patient medical • Embedding edge AI chips into IoT devices.
data. When these attack methods are combined with multiple Most of traditional AI computing tasks are performed
IoT services, there will be serious consequences. remotely on centralized core devices or platforms, but this is
not the best solution for IoT. Edge AI chips make it possible
C. ARCHITECTURAL CHALLENGES to embed AI computations into IoT devices. Edge AI chip [98]
When AI technologies are applied to IoT, they must face is a chip that can perform or accelerate machine learning tasks
new trends in the development of IoT: mobile and distributed. on edge devices. At present, Google, NVIDIA, Intel,
The current IoT network and services rely heavily on the Qualcomm and Huawei are all rapidly developing edge AI
"Cloud-Channel-Device" architecture. The establishment of chip technologies, such as Google Coral Edge TPU [99].
large-scale cloud computing center can store and process a In many industrial fields, network conditions are not good
large amount of data in a centralized way, so as to use the and the cost of upgrading communication infrastructure is
computing power of massive machines in the data center to very high. Edge AI chips enable terminals to perform AI
calculate and make decisions. Then, the analysis results are computations locally, which greatly reduces transmission
returned to the device to achieve the interconnection effect. costs. Edge AI chips can also greatly reduce delays. Edge
The transmission, storage and processing of data also depend computing has real-time requirements, because it is necessary
heavily on the C/S service architecture to process and respond to make real-time decisions on various devices. However,
all requests and instructions through the central server. cloud computing and data center computing will have network
The cloud service realizes the construction of super delay, so it is difficult to achieve real-time performance.
computing and storage capabilities, which solves problems of Edge AI chips can also protect data privacy and security.
high cost of infrastructure construction and low utilization rate The calculations don’t need to send original data back to the
of computing storage resources for small and medium-sized cloud, which can greatly protect the security and privacy of
enterprises. However, in the context of IoT, this is data, reduce the possibility of data leakage and interception or
inappropriate. The number of device connections and data abuse of personal / corporate data.
generation increase exponentially, which brings the following • Developing service-oriented IoT security architectures
challenges to the cloud architecture: which can meet the needs of different services in different
• The linear growth of centralized cloud computing fields.
capabilities cannot match the exponential growth of data IoT security needs to meet the differentiated security needs
generated by terminals. of different application scenarios. How to design flexible
• Mass data transmission to the cloud computing center security architectures to provide adaptive and differentiated
dramatically increases the load of the transmission security guarantee capabilities for industrial applications is an
bandwidth, resulting in a large network delay, which urgent problem. The key is that the network infrastructure can
poses severe challenges for delay-sensitive application support the open ability of Security-as-a-Service [100],[101].
scenarios (such as driverless cars, industrial Network architectures need to establish security resources
manufacturing, etc.). independent of devices and applications based on computing
• A large amount of power consumption caused by data resources, such as authentication protocol, cryptographic
transmission brings a great burden to the cloud service. algorithm, data encryption and decryption, etc. On the basis of
The requirements for network transmission, data storage security resources, we can use these resources to establish
and high-performance computing force us to carry out data security functions such as trusted authentication, digital
cleaning, processing and decision-making at the source of the identity, operation maintenance and management. Then, we
data. The new architecture based on edge will become an should build platforms using these security functions to
important direction for the future development of IoT provide security services to third-party applications through
architecture. Distributed and edge architecture will completely open APIs. At last, in the face of different IoT industries with
change the original data application, which will put more different security requirements, the third party can flexibly use
stringent requirements on the application of AI in the field of the security capabilities and services provided by the open
IoT security. platform to realize customized security protection. Compared
with the third-party self-designed security solutions, such
D. FUTURE DIRECTIONS architecture design can achieve complete security protection,
Some of the above-mentioned challenges are inherent in and can embed feasible AI models in open platforms, which
IoT, such as poor data availability and the need for data greatly enhances the security capability of the third party. At
integration. Some are the new challenges that AI brings to IoT, the same time, such design also has strong scalability, so the
such as algorithm security and resource consumption. For security of IoT can also obtain a strong elastic security
these hidden dangers, we need to improve the existing capability.

VOLUME XX, 2017 9

VI. CONCLUSION Internet of Things (IoT) Security,” ieee Commun. Surv. tutorials, p. 1,
The research of this paper proves that AI is feasible for the 2020, doi: 10.1109/COMST.2020.2988293.
[19] R. Dorai and V. Kannan, “SQL Injection-Database Attack Revolution
security of IoT, especially for the four key risks: device and Prevention,” J. Int. Commer. law Technol., vol. 6, no. 4, pp. 224–
authentication, DoS / DDoS attack defense, intrusion detection 231, 2011, doi: 10.4028/www.scientific.net/AMM.740.810.
and malware detection. The general process of the AI schemes [20] Q. Jing, A. V Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the
Internet of Things: perspectives and challenges,” Wirel. networks, vol.
proposed by us can also be used as a reference to solve IoT 20, no. 8, pp. 2481–2501, 2014, doi: 10.1007/S11276-014-0761-7.
security problems in the future. In addition, when AI is applied [21] P. Bisht and V. N. Venkatakrishnan, “XSS-GUARD: Precise Dynamic
for IoT security, potential challenges in data, algorithm and Prevention of Cross-Site Scripting Attacks,” International Conference
on Detection of intrusions and malware, and vulnerability assessment.
architecture need to be solved to avoid adding new threats to pp. 23–43, 2008, doi: 10.1007/978-3-540-70542-0_2.
IoT security. How to solve these challenges can serve as [22] P. Faruki et al., “Android security: A survey of issues, malware
potential future research directions. penetration, and defenses,” IEEE Commun. Surv. Tutorials, vol. 17, no.
2, pp. 998-1022, 2015, doi: 10.1109/COMST.2014.2386139.
[23] R. Doshi, N. Apthorpe, and N. Feamster, “Machine Learning DDoS
Detection for Consumer Internet of Things Devices,” IEEE
REFERENCES Symposium on Security and Privacy. pp. 29–35, 2018, doi:
[1] Strategy, I. T. U., and Policy Unit. "ITU Internet Reports 2005: The 10.1109/SPW.2018.00013.
internet of things." Geneva: International Telecommunication Union [24] A. Madaan, X. Wang, W. Hall, and T. Tiropanis, "Observing data in
(ITU) 1 (2005): 62. IoT worlds: What and how to observe?," 2018.
[2] C. Hai-ming, “Key Technologies and Applications of Internet of [25] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, and A. Bouabdallah,
Things,” Comput. Sci., vol. 36, no. 6, pp. 1-4, 2010. "A systemic approach for IoT security," in 2013 IEEE international
[3] C.-L. Zhong, Z. Zhu, and R.-G. Huang, “Study on the IOT conference on distributed computing in sensor systems, 2013: IEEE,
Architecture and Gateway Technology,” International Symposium on pp. 351-355.
Distributed Computing. pp. 196–199, 2015, doi: [26] M. S. Mahdavinejad, M. Rezvan, M. Barekatain, P. Adibi, P. M.
10.1109/DCABES.2015.56. Barnaghi, and A. P. Sheth, “Machine Learning for Internet of Things
[4] M. Bauer, M. Boussard, N. Bui, J. D. Loof, C. Magerkurth, S. Meissner, Data Analysis: A Survey,” Digit. Commun. networks, vol. 4, no. 3, pp.
A. Nettsträter, J. Stefa, M. Thoma, J. W. Walewski, “IoT Reference 161–175, 2017, doi: 10.1016/J.DCAN.2017.10.002.
Architecture.” pp. 163–211, 2013, doi: 10.1007/978-3-642-40403-0_8. [27] R. Caruana and A. Niculescu-Mizil, “An empirical comparison of
[5] J. Deogirikar and A. Vidhate, "Security attacks in IoT: A survey," in supervised learning algorithms,” in ACM International Conference
2017 International Conference on I-SMAC (IoT in Social, Mobile, Proceeding Series, 2006, pp. 161–168, doi:
Analytics and Cloud)(I-SMAC), 2017: IEEE, pp. 32-37. 10.1145/1143844.1143865.
[6] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge Computing: Vision [28] B. C. Love, “Comparing supervised and unsupervised category
and Challenges,” ieee internet things J., vol. 3, no. 5, pp. 637–646, learning,” Psychon. Bull. Rev., vol. 9, no.4, pp. 829-835, 2002, doi:
2016, doi: 10.1109/JIOT.2016.2579198. 10.3758/BF03196342.
[7] E. Bertino, "Data Security and Privacy in the IoT," in EDBT, 2016, vol. [29] K. Gai and M. Qiu, “Optimal resource allocation using reinforcement
2016, pp. 1-3. learning for IoT content-centric services,” Appl. Soft Comput. J., vol.
[8] A. Singla, A. Mudgerikar, I. Papapanagiotou, and A. A. Yavuz, “HAA: 70, pp. 12-21, 2018, doi: 10.1016/j.asoc.2018.03.056.
Hardware-Accelerated Authentication for internet of things in mission [30] R. Polikar, “Ensemble Learning,” Ensemble Mach. Learn., vol. 4, pp.
critical vehicular networks,” Military Communications Conference. pp. 1–34, Jan. 2012, doi: 10.1007/978-1-4419-9326-7_1.
1298–1304, 2015, doi: 10.1109/MILCOM.2015.7357624. [31] M. Mohammadi, A. Al-Fuqaha, S. Sorour, and M. Guizani, “Deep
[9] Cyber Security for Consumer Internet of Things, ETSI TS 103 645, learning for IoT big data and streaming analytics: A survey,” IEEE
2019. Communications Surveys and Tutorials., vol. 20, no. 4, pp. 2923-2960,
[10] W. U. Chuankun, L. Zhang, and L. I. Jiangli, “Design of Trust 2018, doi: 10.1109/COMST.2018.2844341.
Architecture and Lightweight Authentication Scheme for IoT Devices,” [32] G. J. Liang, “Automatic traffic accident detection based on the internet
Netinfo Secur., 2017. of things and support vector machine,” Int. J. Smart Home, vol. 9, no.
[11] J. Yick, B. Mukherjee, and D. Ghosal, “Wireless sensor network 4, pp. 97-106, 2015, doi: 10.14257/ijsh.2015.9.4.10.
survey,” Comput. networks, vol. 52, no. 12, pp. 2292–2330, 2008, doi: [33] L. Bilge and T. Dumitraş, “Before we knew it: an empirical study of
10.1016/J.COMNET.2008.04.002. zero-day attacks in the real world,” Computer and Communications
[12] S. Samonas and D. Coss, “The CIA Strikes Back: Redefining Security. pp. 833–844, 2012, doi: 10.1145/2382196.2382284.
Confidentiality, Integrity and Availability in Security,” J. Inf. Syst. [34] A. K. Jain, “Data clustering: 50 years beyond K-means,” Pattern
Secur., vol. 10, no. 3, pp. 21–45, 2014, [Online]. Available: Recognit. Lett., vol. 31, no. 8, pp. 651-666, 2010, doi:
http://www.proso.com/dl/Samonas.pdf. 10.1016/j.patrec.2009.09.011.
[13] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: [35] J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei, "Imagenet:
Mirai and Other Botnets,” ieee Comput., vol. 50, no. 7, pp. 80–84, 2017, A large-scale hierarchical image database," in 2009 IEEE conference
doi: 10.1109/MC.2017.201. on computer vision and pattern recognition, 2009: Ieee, pp. 248-255.
[14] S. Al-Sarawi, M. Anbar, K. Alieyan, and M. Alzubaidi, "Internet of [36] M. Bogdanoski, T. Suminoski, and A. Risteski, "Analysis of the SYN
Things (IoT) communication protocols," in 2017 8th International flood DoS attack," International Journal of Computer Network and
conference on information technology (ICIT), 2017: IEEE, pp. 685- Information Security (IJCNIS), vol. 5, no. 8, pp. 1-11, 2013.
690. [37] H. Fujinoki, "Cached Guaranteed-Timer Random-Drop against TCP
[15] R. S. Sinha, Y. Wei, and S. H. Hwang, “A survey on LPWA SYN-flood Attacks and Flash Crowds," in Proceedings of the IASTED
technology: LoRa and NB-IoT,” ict express, vol. 3, no. 1, pp. 14–21, International Conference on Communication, Network, and
2017, doi: 10.1016/J.ICTE.2017.03.004. Information Security, 2005, pp. 162-169.
[16] D. Gislason, Zigbee Wireless Networking. 2008. [38] A. N. Bhagoji, D. Cullina, C. Sitawarin, and P. Mittal, "Enhancing
[17] N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell, “Client-Side robustness of machine learning systems via data transformations," in
Defense Against Web-Based Identity Theft.,” Network and 2018 52nd Annual Conference on Information Sciences and Systems
Distributed System Security Symposium. 2004, [Online]. Available: (CISS), 2018: IEEE, pp. 1-5.
http://simson.net/ref/2005/csci_e-170/ref/webspoof.pdf. [39] B. Neyshabur, S. Bhojanapalli, D. McAllester, and N. Srebro,
[18] M. A. Al-Garadi, A. Mohamed, A. Al-Ali, X. Du, I. Ali, and M. "Exploring generalization in deep learning," in Advances in neural
Guizani, “A Survey of Machine and Deep Learning Methods for information processing systems, 2017, pp. 5947-5956.

VOLUME XX, 2017 9

[40] R. Moore and J. DeNero, "L1 and L2 regularization for multiclass Calif)., vol. 51, no. 5, pp. 60-67, 2018, doi:
hinge loss models," in Symposium on machine learning in speech and 10.1109/MC.2018.2381119.
language processing, 2011. [64] P. Punithavathi, S. Geetha, M. Karuppiah, S. H. Islam, M. M. Hassan,
[41] S. R. Safavian and D. Landgrebe, “A Survey of Decision Tree and K.-K. R. Choo, "A lightweight machine learning-based
Classifier Methodology,” IEEE Trans. Syst. Man Cybern., vol. 21, no. authentication framework for smart IoT devices," Information
3, pp. 660-674, 1991, doi: 10.1109/21.97458. Sciences, vol. 484, pp. 255-268, 2019.
[42] K. P. Murphy, “Naive bayes classifiers,” University of British [65] C. Shi, J. Liu, H. Liu, and Y. Chen, “Smart User authentication through
Columbia, 2006. actuation of daily activities leveraging wifi-enabled IoT,” 2017, doi:
[43] A. Elisseeff and J. Weston, "A kernel method for multi-labelled 10.1145/3084041.3084061.
classification," in Advances in neural information processing systems, [66] Y. Lin, X. Zhu, Z. Zheng, Z. Dou, and R. Zhou, "The individual
2002, pp. 681-687. identification method of wireless device based on dimensionality
[44] R. Chettri, S. Pradhan, and L. Chettri, “Internet of Things: reduction and machine learning," The Journal of Supercomputing, vol.
Comparative Study on Classification Algorithms (k-NN, Naive Bayes 75, no. 6, pp. 3010-3027, 2019.
and Case based Reasoning),” Int. J. Comput. Appl., vol. 130, no. 12, [67] B. Bezawada, M. Bachani, J. Peterson, H. Shirazi, I. Ray, and I. Ray,
pp. 7–9, 2015, doi: 10.5120/IJCA2015907120. "Behavioral fingerprinting of iot devices," in Proceedings of the 2018
[45] M. Ringnér, “What is principal component analysis?,” Nature Workshop on Attacks and Solutions in Hardware Security, 2018, pp.
Biotechnology. vol. 26, no. 3, pp. 303-304, 2008, doi: 41-50.
10.1038/nbt0308-303. [68] J. Ye, X. Cheng, J. Zhu, L. Feng, and L. Song, “A DDoS Attack
[46] A. Liaw and M. Wiener, “Classification and Regression by Detection Method Based on SVM in Software Defined Network,”
randomForest.” 2007, [Online]. Available: Secur. Commun. Networks, 2018, doi: 10.1155/2018/9804061.
http://cogns.northwestern.edu/cbmg/LiawAndWiener2002.pdf. [69] R. V Kulkarni and G. K. Venayagamoorthy, “Neural network based
[47] C. J. C. H. Watkins and P. Dayan, “Q-learning,” Mach. Learn., vol. 8, secure media access control protocol for wireless sensor networks,”
no. 4, pp. 279-292, 1992, doi: 10.1007/bf00992698. International Joint Conference on Neural Network. pp. 3437–3444,
[48] S. C. B. Lo, H. P. Chan, J. S. Lin, H. Li, M. T. Freedman, and S. K. 2009, doi: 10.1109/IJCNN.2009.5179075.
Mun, “Artificial convolution neural network for medical image pattern [70] R. Doshi, N. Apthorpe, and N. Feamster, “Machine Learning DDoS
recognition,” Neural Networks, vol. 8, no. 8, pp. 1201-1214, 1995, doi: Detection for Consumer Internet of Things Devices,” IEEE
10.1016/0893-6080(95)00061-5. Symposium on Security and Privacy. pp. 29–35, 2018, doi:
[49] M. Schuster and K. K. Paliwal, “Bidirectional recurrent neural 10.1109/SPW.2018.00013.
networks,” IEEE Trans. Signal Process., vol. 45, no. 11, pp. 2673- [71] A. A. Diro and N. Chilamkurti, "Distributed attack detection scheme
2681, 1997, doi: 10.1109/78.650093. using deep learning approach for Internet of Things," Future
[50] Y. T. Zhang, C. H. Yan, and Y. R. Wei, “Research on Security of Io T Generation Computer Systems, vol. 82, pp. 761-768, 2018.
Perception Layer Based on Node Authentication,” Netinfo Secur., [72] C. Y. Chung, M. Gertz, and K. Levitt, “DEMIDS: a misuse detection
2015. system for database systems.” pp. 159–178, 2000, doi: 10.1007/978-0-
[51] R. K. C. Chang, “Defending against flooding-based distributed denial- 387-35501-6_12.
of-service attacks: A tutorial,” IEEE Commun. Mag., vol. 40, no. 10, [73] V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A
pp. 42-51, 2002, doi: 10.1109/MCOM.2002.1039856. survey,” acm Comput. Surv., vol. 41, no. 3, 2009, doi:
[52] S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms 10.1145/1541880.1541882.
against distributed denial of service (DDOS) flooding attacks,” IEEE [74] G. Kim, S. Lee, and S. Kim, “A novel hybrid intrusion detection
Commun. Surv. Tutorials, vol. 15, no. 4, pp. 2046-2069, 2013, doi: method integrating anomaly detection with misuse detection,” Expert
10.1109/SURV.2013.031413.00127. Syst. Appl., vol. 41, no. 4, pp. 1690–1700, 2014, doi:
[53] B. Mukherjee, L. T. Heberlein, and K. N. Levitt, “Network intrusion 10.1016/J.ESWA.2013.08.066.
detection,” ieee Netw., vol. 8, no. 3, pp. 26–41, 1994, doi: [75] Li, Jiaqi, et al. "Ai-based two-stage intrusion detection for software
10.1109/65.283931. defined iot networks." IEEE Internet of Things Journal 6.2 (2018):
[54] A. Moser, C. Kruegel, and E. Kirda, “Exploring Multiple Execution 2093-2102.
Paths for Malware Analysis,” IEEE Symposium on Security and [76] M.-Y. Su, “Real-time anomaly detection systems for Denial-of-
Privacy. pp. 231–245, 2007, doi: 10.1109/SP.2007.17. Service attacks by weighted k-nearest-neighbor classifiers,” Expert
[55] M. R. Hasan, M. Jamil, and M. Rahman, "Speaker identification using Syst. Appl., vol. 38, no. 4, pp. 3492–3498, 2011, doi:
mel frequency cepstral coefficients," variations, vol. 1, no. 4, 2004. 10.1016/J.ESWA.2010.08.137.
[56] H. Jabbar and R. Z. Khan, "Methods to avoid over-fitting and under- [77] H. H. W. J. Bosman, G. Iacca, A. Tejada, H. J. Wörtche, and A. Liotta,
fitting in supervised machine learning (comparative study)," Computer “Ensembles of incremental learners to detect anomalies in ad hoc
Science, Communication and Instrumentation Devices, 2015. sensor networks,” Ad Hoc Networks, vol. 35. pp. 14–36, 2015, doi:
[57] C. Rijsbergen, Information Retrieval. 1979. 10.1016/J.ADHOC.2015.07.013.
[58] A. P. Bradley, “The use of the area under the ROC curve in the [78] D. Venugopal and G. Hu, "Efficient signature based malware detection
evaluation of machine learning algorithms,” Pattern Recognit., vol. 30, on mobile devices," Mobile Information Systems, vol. 4, no. 1, pp. 33-
no. 7, pp. 1145-1159, 1997, doi: 10.1016/S0031-3203(96)00142-2. 49, 2008.
[59] C. Adams, P. Sylvester, M. Zolotarev, and R. Zuccherato, "Internet X. [79] J. Scott, "Signature based malware detection is dead," Institute for
509 Public Key Infrastructure data validation and certification server Critical Infrastructure Technology, 2017.
protocols," Request for Comments, vol. 3029, 2001. [80] W. Zhou and B. Yu, “A cloud-assisted malware detection and
[60] A. Shimizu, T. Horioka, and H. Inagaki, “A Password Authentication suppression framework for wireless multimedia system in IoT based
Method for Contents Communications on the Internet,” ieice Trans. on dynamic differential game,” china Commun., vol. 15, no. 2, pp.
Commun., vol. 81, no. 8, pp. 1666–1673, 1998. 209–223, 2018, doi: 10.1109/CC.2018.8300282.
[61] Z. Li, W. Zuoyue, W. Chundong, M. A. Yunfei, and X. Chaocan, [81] S. Y. Yerima, S. Sezer, and I. Muttik, “High Accuracy Android
“Design and implementation of intelligent identification system for Malware Detection Using Ensemble Learning,” iet Inf. Secur., vol. 9,
IoT terminals,” J. Chongqing Univ. Posts Telecommun. ence Ed., 2019. no. 6, pp. 313–320, 2015, doi: 10.1049/IET-IFS.2014.0099.
[62] Y. Meidan, M. Bohadana, A. Shabtai, M. Ochoa, N. O. Tippenhauer, [82] D. Zhu, H. Jin, Y. Yang, D. Wu, and W. Chen, "DeepFlow: Deep
J. D. Guarnizo, Y. Elovici, “Detection of Unauthorized IoT Devices learning-based malware detection by mining Android application for
Using Machine Learning Techniques.” 2017, [Online]. Available: abnormal usage of sensitive data," in 2017 IEEE symposium on
https://arxiv.org/pdf/1709.04647.pdf. computers and communications (ISCC), 2017: IEEE, pp. 438-443.
[63] J. Chauhan, S. Seneviratne, Y. Hu, A. Misra, A. Seneviratne, and Y. [83] J. Su, V. D. Vasconcellos, S. Prasad, S. Daniele, Y. Feng, and K.
Lee, “Breathing-Based Authentication on Resource-Constrained IoT Sakurai, “Lightweight Classification of IoT Malware Based on Image
Devices using Recurrent Neural Networks,” Computer (Long. Beach. Recognition,” Computer Software and Applications Conference, vol.
2. pp. 664–669, 2018, doi: 10.1109/COMPSAC.2018.10315.

VOLUME XX, 2017 9

[84] A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust

Malware Detection for Internet of (Battlefield) Things Devices Using HUI WU received the Bachelor’s degree in
Deep Eigenspace Learning,” vol. 4, no. 1. pp. 88–95, 2019, doi: software engineering from Beijing Jiaotong
10.1109/TSUSC.2018.2809665. University, Beijing, China, in 2018. He is currently
[85] F. R. K. Chung, Spectral Graph Theory. 1996. pursuing the Master's degree with the school of
[86] L. Chen, Y. Ye, and T. Bourlai, "Adversarial machine learning in software and microelectronics, Peking University.
malware detection: Arms race between evasion attack and defense," in His research interests include explainable machine
2017 European Intelligence and Security Informatics Conference learning, Safe & Trusted AI, and IoT.
(EISIC), 2017: IEEE, pp. 99-106.
[87] C. Wu, J. Shi, Y. Yang, and W. Li, "Enhancing machine learning based
malware detection model by reinforcement learning," in Proceedings
of the 8th International Conference on Communication and Network
Security, 2018, pp. 74-78. HAITING HAN received the M.S. degree in
[88] A. Demontis et al., "Yes, machine learning can be more secure! a case software engineering from the Peking University,
study on android malware detection," IEEE Transactions on Beijing, in 2019. He is currently a PhD Fellow at
Dependable and Secure Computing, 2017. Center of Blockchain and Electronic Markets,
[89] Q. Zhang, L. T. Yang, Z. Chen, and P. Li, “A survey on deep learning University of Copenhagen. His research interests
for big data,” Inf. fusion, vol. 42, pp. 146–157, 2018, doi: include Cyber-Physical Systems (CPS) and
10.1016/J.INFFUS.2017.10.006. Distributed Economics Design. Looking forward to
[90] E. Rahm and H. H. Do, “Data Cleaning: Problems and Current find the connection between Protocol, Economy
Approaches.,” ieee data(base) Eng. Bull., vol. 23, pp. 3–13, 2000, Institutions, Cyber Governance (Resource/Powers
[Online]. Available: http://dc-pubs.dbs.uni- Distribution) and Economic Performance. From
leipzig.de/files/Rahm2000DataCleaningProblemsand.pdf. 2015 to 2016, he was an Analyst at Tsinghua Technology & Innovation
[91] M. Lenzerini, “Data integration: a theoretical perspective,” Symposium Holdings Co.,Ltd. From 2018 to 2020, he was a Researcher at the China
on Principles of Database Systems. pp. 233–246, 2002, doi: Academy of Information and Communications Technology. He currently
10.1145/543613.543644. attempting design a new economic system based on distributed technology
[92] M. Marjani et al., “Big IoT Data Analytics: Architecture, and smart contracts-Data Market Infrastructures (DMIs) and E-Market
Opportunities, and Open Research Challenges,” ieee access, vol. 5, pp. Simulator System (EMSS).
5247–5261, 2017, doi: 10.1109/ACCESS.2017.2689040.
[93] E. Bertino, “Security and privacy in the IoT,” Int. Conf. Inf. Secur. XIAO WANG received the bachelor's degree in
Cryptol., pp. 3-10, 2017, doi: 10.1007/978-3-319-75160-3_1. computer science and technology from Jilin
[94] A. Kaplan, D. Nordman, and S. Vardeman, “A note on the instability University, Jilin Province, China, in 2018. He is
and degeneracy of deep learning models.”, pp. 1-29, 2016, doi: currently pursuing the Master's degree in big data
10.1093/imaiai/iaz022. and artificial intelligence with the school of
[95] D. Castelvecchi, “Can we open the black box of AI,” Nature, vol. 538, software and microelectronics, Peking University.
no. 7623, pp. 20–23, 2016, doi: 10.1038/538020A. He is interning at the Institute of computing,
[96] H. Huang, Y. Song, J. Yang, G. Gui, and F. Adachi, “Deep-Learning- Chinese Academy of Sciences. His research
Based Millimeter-Wave Massive MIMO for Hybrid Precoding,” ieee interests include Machine Learning, AI, Internet of
Trans. Veh. Technol., vol. 68, no. 3, pp. 3027–3032, 2019, doi: Things and Big Data.
10.1109/TVT.2019.2893928.
[97] Q. Liu, P. Li, W. Zhao, W. Cai, S. Yu, and V. C. M. Leung, “A Survey
on Security Threats and Defensive Techniques of Machine Learning:
A Data Driven View,” ieee access, vol. 6, pp. 12103–12117, 2018, doi:
SHENGLI SUN received the Ph.D. degree from
10.1109/ACCESS.2018.2805680.
Fudan University, Shanghai, China, in 2008. He is
[98] Z. Zhou, X. Chen, E. Li, L. Zeng, K. Luo, and J. Zhang, "Edge
currently an Associate Professor in the School of
intelligence: Paving the last mile of artificial intelligence with edge
Software and Microelectronics, Peking University,
computing," Proceedings of the IEEE, vol. 107, no. 8, pp. 1738-1762,
Beijing, China. His research interests include
2019.
database, data mining, machine learning and their
[99] J. Sengupta, R. Kubendran, E. Neftci, and A. G. Andreou, "High-
applications in social networks analysis and
Speed, Real-Time, Spike-Based Object Tracking and Path Prediction
intelligent diagnosis, etc. He has published more
on Google Edge TPU," in AICAS, 2020, pp. 134-135.
than 50 research papers in journals and
[100] I. Hafeez, A. Y. Ding, L. Suomalainen, S. Hätönen, V. Niemi, and
conferences.
S. Tarkoma, "Cloud-based Security as a Service for Smart IoT
Environments," in Proceedings of the 2015 Workshop on Wireless of
the Students, by the Students, & for the Students, 2015, pp. 20-20.
[101] T. Bhattasali and N. Chaki, "Poster: Exploring security as a service
for iot enabled remote application framework," in Proceedings of the
14th Annual International Conference on Mobile Systems,
Applications, and Services Companion, 2016, pp. 15-15.

VOLUME XX, 2017 9

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.

Review Article Artificial Intelligence Application
No ratings yet
Review Article Artificial Intelligence Application
10 pages
1 - UNIT III Notes by George
No ratings yet
1 - UNIT III Notes by George
39 pages
Internet of Things (IoT) Security Intelligence - A Comprehensive Overview, Machine Learning Solutions and Research Directions
No ratings yet
Internet of Things (IoT) Security Intelligence - A Comprehensive Overview, Machine Learning Solutions and Research Directions
17 pages
EContent 11 2024 12 26 11 25 30 20241007 Unit4pdf 2024 10 07 08 57 56
No ratings yet
EContent 11 2024 12 26 11 25 30 20241007 Unit4pdf 2024 10 07 08 57 56
31 pages
7 Internet of Things IoT Applications Security Trends and Challenges
No ratings yet
7 Internet of Things IoT Applications Security Trends and Challenges
22 pages
A Survey of DDoS Attacking Techniques and Defence Mechanisms
No ratings yet
A Survey of DDoS Attacking Techniques and Defence Mechanisms
23 pages
A Comprehensive Review of The Internet of Things Security
No ratings yet
A Comprehensive Review of The Internet of Things Security
18 pages
Ijet 15700
No ratings yet
Ijet 15700
9 pages
Cyber-Entity Security in The Internet of Things
No ratings yet
Cyber-Entity Security in The Internet of Things
12 pages
Review and State of Art of Internet
No ratings yet
Review and State of Art of Internet
20 pages
Artificial Intelligence Deployment To Secure IoT in Industrial Environment
No ratings yet
Artificial Intelligence Deployment To Secure IoT in Industrial Environment
24 pages
Electronics 12 00088
No ratings yet
Electronics 12 00088
20 pages
1 s2.0 S2666285X21000121 Main
No ratings yet
1 s2.0 S2666285X21000121 Main
7 pages
Research Project Report
No ratings yet
Research Project Report
9 pages
IoT Eco-System, Layered Architectures, Security
No ratings yet
IoT Eco-System, Layered Architectures, Security
37 pages
The Interconnection of Internet of Things and Artificial Intelligence: A Review
No ratings yet
The Interconnection of Internet of Things and Artificial Intelligence: A Review
11 pages
1 s2.0 S1877050918321379 Main
No ratings yet
1 s2.0 S1877050918321379 Main
5 pages
The Interconnection of Internet of Things and Artificial Intelligence: A Review
No ratings yet
The Interconnection of Internet of Things and Artificial Intelligence: A Review
11 pages
Research Paper
No ratings yet
Research Paper
23 pages
Final
No ratings yet
Final
10 pages
Internet of Things Security Challenges and Key Iss
No ratings yet
Internet of Things Security Challenges and Key Iss
11 pages
Fundamental of Internet of Things
No ratings yet
Fundamental of Internet of Things
41 pages
Unit-4 Etie Notes
No ratings yet
Unit-4 Etie Notes
5 pages
Insight To Security Paradigm Research Trend Statis
No ratings yet
Insight To Security Paradigm Research Trend Statis
11 pages
Banafa A. Introduction To Internet of Things (IoT) 2023
No ratings yet
Banafa A. Introduction To Internet of Things (IoT) 2023
79 pages
The Research
No ratings yet
The Research
12 pages
Research Project Report
No ratings yet
Research Project Report
9 pages
Iot - Winter 2022 - Solution
No ratings yet
Iot - Winter 2022 - Solution
43 pages
Internet of Things and Security Issues: International Journal of Computer Science and Mobile Computing
No ratings yet
Internet of Things and Security Issues: International Journal of Computer Science and Mobile Computing
7 pages
IoT Note Module 5
No ratings yet
IoT Note Module 5
7 pages
Internet of Thing1
No ratings yet
Internet of Thing1
5 pages
Internetr of Things Unit 1
No ratings yet
Internetr of Things Unit 1
28 pages
Iot Seminar
No ratings yet
Iot Seminar
13 pages
003 - 2020 - A Comprehensive Analysis On Intrusion Detection in Iot Based Smart Environments Using Machine Learning Approaches
No ratings yet
003 - 2020 - A Comprehensive Analysis On Intrusion Detection in Iot Based Smart Environments Using Machine Learning Approaches
7 pages
Iot-Unit-1 New
No ratings yet
Iot-Unit-1 New
46 pages
Introduction To Iot and Overview
No ratings yet
Introduction To Iot and Overview
49 pages
A Study of The Advances in Iot Security: September 2018
No ratings yet
A Study of The Advances in Iot Security: September 2018
7 pages
The Research
No ratings yet
The Research
6 pages
V Tharun (1) - Removed
No ratings yet
V Tharun (1) - Removed
29 pages
Crimeprevpdf PDF
100% (1)
Crimeprevpdf PDF
68 pages
Preprints202203 0087 v1
No ratings yet
Preprints202203 0087 v1
18 pages
Role of Neural Network Fuzzy and IoT in Integrat
No ratings yet
Role of Neural Network Fuzzy and IoT in Integrat
14 pages
Abomhara 2014
No ratings yet
Abomhara 2014
8 pages
Conference Template A4
No ratings yet
Conference Template A4
3 pages
Introduction To Iot
No ratings yet
Introduction To Iot
50 pages
Challenges and Research Opportunities
No ratings yet
Challenges and Research Opportunities
9 pages
A Survey On IoT Security Application Areas Security Threats and Solution Architectures
No ratings yet
A Survey On IoT Security Application Areas Security Threats and Solution Architectures
23 pages
research- IoT the security end eyad A عرض الصفحة كامل الاصلي
No ratings yet
research- IoT the security end eyad A عرض الصفحة كامل الاصلي
8 pages
Security Challenges and Limitations in Iot Environments: Suha Ibrahim Al-Sharekh, Khalil H. A. Al-Shqeerat
No ratings yet
Security Challenges and Limitations in Iot Environments: Suha Ibrahim Al-Sharekh, Khalil H. A. Al-Shqeerat
7 pages
Bhgfdkjshebfsdjhgdabdss 3
No ratings yet
Bhgfdkjshebfsdjhgdabdss 3
2 pages
Final Topic Emerging Trends. Bsa - Bsma
No ratings yet
Final Topic Emerging Trends. Bsa - Bsma
5 pages
IoT Module 1
No ratings yet
IoT Module 1
46 pages
Mnet 011 2000396
No ratings yet
Mnet 011 2000396
7 pages
Curriculum Development
67% (3)
Curriculum Development
65 pages
Technical Report On The Internet of Things
No ratings yet
Technical Report On The Internet of Things
4 pages
(IJCST-V11I4P10) :Dr.N.Satyavathi, Dr.E.Balakrishna
No ratings yet
(IJCST-V11I4P10) :Dr.N.Satyavathi, Dr.E.Balakrishna
6 pages
Mondelez Cadbury
100% (1)
Mondelez Cadbury
47 pages
Internet of Things (Iot) : A Survey On Architecture, Enabling Technologies, Applications and Challenges
No ratings yet
Internet of Things (Iot) : A Survey On Architecture, Enabling Technologies, Applications and Challenges
12 pages
The Second Afghan War Its Causes Its Conduct and Its Consequences (1904)
No ratings yet
The Second Afghan War Its Causes Its Conduct and Its Consequences (1904)
391 pages
7CS081 Advanced Security Protocols
No ratings yet
7CS081 Advanced Security Protocols
13 pages
A Review On Internet of Things (IoT)
No ratings yet
A Review On Internet of Things (IoT)
7 pages
Internet of Things (IoT) Security Current Status Challenges and Prospective Measures
No ratings yet
Internet of Things (IoT) Security Current Status Challenges and Prospective Measures
6 pages
Book Unit 2
No ratings yet
Book Unit 2
4 pages
Carpentry LP 1
No ratings yet
Carpentry LP 1
7 pages
Hidden Innovation
No ratings yet
Hidden Innovation
65 pages
Writing and Academic Essay
No ratings yet
Writing and Academic Essay
4 pages
N I Act Esaay
100% (2)
N I Act Esaay
55 pages
Chapter 703
No ratings yet
Chapter 703
14 pages
EXSPI
No ratings yet
EXSPI
235 pages
Business Requirement Document (BRD)
No ratings yet
Business Requirement Document (BRD)
8 pages
Denis Dutton - On Cold Reading
No ratings yet
Denis Dutton - On Cold Reading
24 pages
Literature Review Example Leeds University
100% (2)
Literature Review Example Leeds University
8 pages
Gauteng Department of Health Bursary Application Form 2024
No ratings yet
Gauteng Department of Health Bursary Application Form 2024
4 pages
Islamic Law of Evidence and Procedure
No ratings yet
Islamic Law of Evidence and Procedure
24 pages
ACSIC Guide Book July 2023
No ratings yet
ACSIC Guide Book July 2023
37 pages
C Advertising Agencyad Agency C C
No ratings yet
C Advertising Agencyad Agency C C
9 pages
DR Jagadish Resume 2022
No ratings yet
DR Jagadish Resume 2022
7 pages
Programming Imp Questions
No ratings yet
Programming Imp Questions
32 pages
DLL Imaging and Online Platform
No ratings yet
DLL Imaging and Online Platform
3 pages
Point Out The Main Significance of Democratic Decentralization in India
0% (1)
Point Out The Main Significance of Democratic Decentralization in India
4 pages
Biology Assignment-2 MVPP
No ratings yet
Biology Assignment-2 MVPP
3 pages
Unwholesome Action Brings Suffering (Eng & Chi)
No ratings yet
Unwholesome Action Brings Suffering (Eng & Chi)
13 pages
Ourlog 5343
No ratings yet
Ourlog 5343
10 pages
The History of Spirometry
No ratings yet
The History of Spirometry
16 pages
Process and Task Mining
No ratings yet
Process and Task Mining
2 pages
Inflations, Its Types and Causes of Inflation in Pakistan
No ratings yet
Inflations, Its Types and Causes of Inflation in Pakistan
5 pages
Artist: Eminem /album: The Marshall Mathers LP (2000) /song: Drug Ballad
No ratings yet
Artist: Eminem /album: The Marshall Mathers LP (2000) /song: Drug Ballad
9 pages
Assignment
No ratings yet
Assignment
3 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Research On Artificial Intelligence Enhancing Inte

Uploaded by

Research On Artificial Intelligence Enhancing Inte

Uploaded by

This article has been accepted for publication in a future issue of this journal, but has not been

Research on Artificial Intelligence Enhancing

Corresponding author: Shengli Sun (slsun@ss.pku.edu.cn).

I. INTRODUCTION basic part of the chain of IoT. A large number of general-

VOLUME XX, 2017 1

FIGURE 1. Three-tier Architecture of IoT

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

FIGURE 2. Machine Learning for IoT security

B1. The capability of pattern recognition and abnormal

VOLUME XX, 2017 9

B4. The capability of maintaining excellent model

VOLUME XX, 2017 9

VOLUME XX, 2017 9

to inject and execute malicious code in IoT software is a

VOLUME XX, 2017 9

FIGURE 5. The general process of AI solutions for IoT security

VOLUME XX, 2017 9

VOLUME XX, 2017 9

protocol based on Multilayer Perceptron (MLP) (Fig. 7). In

VOLUME XX, 2017 9

brought new changes to intrusion detection and have produced

VOLUME XX, 2017 9

FIGURE 8. Combined intrusion detection

VOLUME XX, 2017 9

FIGURE 9. Enhancing weak classifiers by ensemble learning

malicious activity before any form of detection or prevention

VOLUME XX, 2017 9

VOLUME XX, 2017 9

challenging task [18]. The newly acquired data should be of

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

VOLUME XX, 2017 9

[84] A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust

VOLUME XX, 2017 9

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.