CFP last date
20 January 2025
Reseach Article

Review on the Security Threats of Internet of Things

by Prajoy Podder, M. Rubaiyat Hossain Mondal, Subrato Bharati, Pinto Kumar Paul
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 176 - Number 41
Year of Publication: 2020
Authors: Prajoy Podder, M. Rubaiyat Hossain Mondal, Subrato Bharati, Pinto Kumar Paul
10.5120/ijca2020920548

Prajoy Podder, M. Rubaiyat Hossain Mondal, Subrato Bharati, Pinto Kumar Paul . Review on the Security Threats of Internet of Things. International Journal of Computer Applications. 176, 41 ( Jul 2020), 37-45. DOI=10.5120/ijca2020920548

@article{ 10.5120/ijca2020920548,
author = { Prajoy Podder, M. Rubaiyat Hossain Mondal, Subrato Bharati, Pinto Kumar Paul },
title = { Review on the Security Threats of Internet of Things },
journal = { International Journal of Computer Applications },
issue_date = { Jul 2020 },
volume = { 176 },
number = { 41 },
month = { Jul },
year = { 2020 },
issn = { 0975-8887 },
pages = { 37-45 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume176/number41/31476-2020920548/ },
doi = { 10.5120/ijca2020920548 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:41:03.170527+05:30
%A Prajoy Podder
%A M. Rubaiyat Hossain Mondal
%A Subrato Bharati
%A Pinto Kumar Paul
%T Review on the Security Threats of Internet of Things
%J International Journal of Computer Applications
%@ 0975-8887
%V 176
%N 41
%P 37-45
%D 2020
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Internet of Things (IoT) is being considered as the growth engine for industrial revolution 4.0. The combination of IoT, cloud computing and healthcare can contribute in ensuring well-being of people. One important challenge of IoT network is maintaining privacy and to overcome security threats. This paper provides a systematic review of the security aspects of IoT. Firstly, the application of IoT in industrial and medical service scenarios are described, and the security threats are discussed for the different layers of IoT healthcare architecture. Secondly, different types of existing malware including spyware, viruses, worms, keyloggers, and trojan horses are described in the context of IoT. Thirdly, some of the recent malware attacks such as Mirai, echobot and reaper are discussed. Next, a comparative discussion is presented on the effectiveness of different machine learning algorithms in mitigating the security threats. It is found that the k-nearest neighbor (kNN) machine learning algorithm exhibits excellent accuracy in detecting malware. This paper also reviews different tools for ransomware detection, classification and analysis. Finally, a discussion is presented on the existing security issues, open challenges and possible future scopes in ensuring IoT security.

References
  1. Abidi, B.; Jilbab, A.; Haziti, M.E. Wireless sensor networks in biomedical: Wireless body area networks. In Europe and MENA Cooperation Advances in Information and Communication Technologies; Springer: Berlin/Heidelberg, Germany, 2017; pp. 321–329.
  2. Xu, Q.; Ren, P.; Song, H.; Du, Q. Security enhancement for IoT communications exposed to eavesdroppers with uncertain locations. IEEE Access 2016, 4, 2840–2853.
  3. Scuotto, V.; Ferraris, A.; Bresciani, S. Internet of Things: Applications and challenges in smart cities: A case study of IBM smart city projects. Bus. Process Manag. J. 2016, 22, 357–367.
  4. Stergiou, C.; Psannis, K.E.; Kim, B.G.; Gupta, B. Secure integration of IoT and cloud computing. Future Generation Computer System. 2018, 78, 964–975.
  5. Truong, H.L.; Dustdar, S. Principles for engineering IoT cloud systems. IEEE Cloud Comput. 2015, 2, 68–76
  6. Dang, L.M.; Piran, M.J.; Han, D.; Min, K.; Moon, H. A Survey on Internet of Things and Cloud Computing for Healthcare. Electronics 2019, 8, 768.
  7. Subrato Bharati, Prajoy Podder, M. R. H. Mondal, Pinto Kumar Paul, “Applications and Challenges of Cloud Integrated IoMT”. In “Cognitive Internet of medical things for healthcare: Services and applications”, A. E. Hassanien, A. Khamparia, D. Gupta, K. Shankar, A. Slowik (Eds), to be published by Springer. [In Press].
  8. Shahariar Parvez A.H.M., Robiul Alam Robel M., Rouf M.A., Podder P., Bharati S. (2020) Effect of Fault Tolerance in the Field of Cloud Computing. In: Smys S., Bestak R., Rocha Á. (eds) Inventive Computation Technologies. ICICIT 2019. Lecture Notes in Networks and Systems, vol 98. Springer, Cham.
  9. S. M. Riazul Islam, D. Kwak, M. Humaun Kabir, M. Hossain, and K.-S. Kwak, “The Internet of Things for health care: A comprehensive survey,'' IEEE Access, vol. 3, pp. 678-708, Jun. 2015.
  10. M. Wazid, A. K. Das, S. Kumari, X. Li, and F. Wu, ``Provably secure biometric-based user authentication and key agreement scheme in cloud computing,'' Secur. Commun. Netw., vol. 9, no. 17, pp. 4103-4119, 2016.
  11. Mondal, M. Rubaiyat Hossain. "Comparison of DCO-OFDM, ADO-OFDM, HDC-OFDM and HNC-OFDM for Optical Wireless Communications", Journal of Optical Communications (published online ahead of print), doi: https://doi.org/10.1515/joc-2018-0073.
  12. M. M. H. Mishu and M. R. H. Mondal, "Effectiveness of filter bank multicarrier modulation for 5G wireless communications," 2017 4th International Conference on Advances in Electrical Engineering (ICAEE), Dhaka, 2017, pp. 319-324, doi: 10.1109/ICAEE.2017.8255374.
  13. M. R. H. Mondal and J. Armstrong, "Analysis of the Effect of Vignetting on MIMO Optical Wireless Systems Using Spatial OFDM," in Journal of Lightwave Technology, vol. 32, no. 5, pp. 922-929, March1, 2014, doi: 10.1109/JLT.2013.2294647.
  14. M. R. H. Mondal and J. Armstrong, "The effect of defocus blur on a spatial OFDM optical wireless communication system," 2012 14th International Conference on Transparent Optical Networks (ICTON), Coventry, 2012, pp. 1-4.
  15. M. I. Khan and M. R. H. Mondal, "Effectiveness of LED index modulation and non-DC biased OFDM for optical wireless communication," 2017 IEEE International Conference on Telecommunications and Photonics (ICTP), Dhaka, 2017, pp. 227-231.
  16. Shahfida Amjad Munni, Rashed Islam, M. Rubaiyat Hossain Mondal, “Performance Evaluation of ASCO-OFDM Based LiFi”, International Journal of Future Computer and Communication, Vol. 9, Issue 2, pp. 33-39, 2020.
  17. Subrato Bharati, Prajoy Podder, “Adaptive PAPR Reduction Scheme for OFDM Using SLM with the Fusion of Proposed Clipping and Filtering Technique in Order to Diminish PAPR and Signal Distortion”, Wireless Personal Communication (2020). https://doi.org/10.1007/s11277-020-07323-0.
  18. Subrato Bharati, Prajoy Podder, Niketa Gandhi, Ajith Abraham, “Realization of MIMO Channel Model for Spatial Diversity with Capacity and SNR Multiplexing Gains”, International Journal of Computer Information Systems and Industrial Management Applications, Vol. 12, pp. 66-81, 2020.
  19. Rashad J. McFarland, Samuel Bo Olatunbosun, “An Exploratory Study on the use of Internet of Medical Things (IoMT) In the Healthcare Industry and their Associated Cybersecurity Risks”, Proceedings of the 2019 International Conference on Internet Computing & Internet of Things, pp. 115-121, 2019.
  20. V. Clincy and H. Shahriar, “IoT malware analysis,” in Proc. IEEE 43rd Annu. Comput. Softw. Appl. Conf. (COMPSAC), Milwaukee, WI, USA, vol. 1, Jul. 2019, pp. 920-921.
  21. Mahapatra, S.N., Singh, B.K. & Kumar, V. A Survey on Secure Transmission in Internet of Things: Taxonomy, Recent Techniques, Research Requirements, and Challenges. Arab J Sci Eng (2020). https://doi.org/10.1007/s13369-020-04461-2
  22. Amaraweera S.P., Halgamuge M.N. (2019) Internet of Things in the Healthcare Sector: Overview of Security and Privacy Issues. In: Mahmood Z. (eds) Security, Privacy and Trust in the IoT Environment. Springer, Cham
  23. E. Shaikh, I. Mohiuddin and A. Manzoor, "Internet of Things (IoT): Security and Privacy Threats," 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 2019, pp. 1-6,
  24. P. Yan and Z. Yan, ``A survey on dynamic mobile malware detection,'' Softw. Qual. J., vol. 26, no. 3, pp. 891-919, 2018.
  25. H. Takase, R. Kobayashi, M. Kato, and R. Ohmura, ``A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information,'' Int. J. Inf. Secur., 2019. doi: 10.1007/s10207-019-00437-y.
  26. A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, ``Robust malware detection for Internet of (battlefield) things devices using deep Eigenspace learning,'' IEEE Trans. Sustain. Comput., vol. 4, no. 1, pp. 88-95, Jan./Mar. 2019.
  27. E. M. Rudd, A. Rozsa, M. Günther, and T. E. Boult, ``A survey of stealth malware attacks, mitigation measures, and steps toward autonomous open world solutions,'' IEEE Commun. Surveys Tuts., vol. 19, no. 2, pp. 1145-1172, 2nd Quart., 2017.
  28. Subrato Bharati, Prajoy Podder, M Rubaiyat Hossain Mondal, Md Robiul Alam Robel, “Threats and Countermeasures of Cyber Security in Direct and Remote Vehicle Communication Systems”, Journal of Information Assurance and Security (JIAS) ISSN 1554-1010, Vol. 15, Issue: 4, pp. 153-164, 2020.
  29. M. Wazid, S. Zeadally, and A. K. Das, ``Mobile banking: Evolution and threats: Malware threats and security solutions,'' IEEE Consum. Electron. Mag., vol. 8, no. 2, pp. 56-60, Mar. 2019
  30. R. Doshi, N. Apthorpe and N. Feamster, "Machine Learning DDoS Detection for Consumer Internet of Things Devices," 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, 2018, pp. 29-35, doi: 10.1109/SPW.2018.00013.
  31. Nabila Farnaaz, M.A. Jabbar, Random Forest Modeling for Network Intrusion Detection System, Procedia Computer Science, Volume 89, 2016, Pages 213-217,
  32. E. Viegas, A. Santin, L. Oliveira, A. Frana, R. Jasinski, and V. Pedroni, “A reliable and energy-efficient classifier combination scheme for intrusion detection in embedded systems,” Computers & Security, vol. 78, pp. 16 – 32, 2018.
  33. S. Y. Yerima, S. Sezer, and I. Muttik, “Android Malware Detection Using Parallel Machine Learning Classifiers,” 2014 Eighth Int. Conf. Next Gener. Mob. Apps, Serv. Technol., no. Ngmast, pp. 37–42, 2014.
  34. A. Kumar, K. S. Kuppusamy, and G. Aghila, ‘‘FAMOUS: Forensic analysis of MObile devices using scoring of application permissions,’’ Future Gener. Comput. Syst., vol. 83, pp. 158–172, Jun. 2018.
  35. U. Pehlivan, N. Baltaci, C. Acartürk and N. Baykal, "The analysis of feature selection methods and classification algorithms in permission based Android malware detection," 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Orlando, FL, 2014, pp. 1-8.
  36. P. P. K. Chan and Wen-Kai Song, "Static detection of Android malware by using permissions and API calls," 2014 International Conference on Machine Learning and Cybernetics, Lanzhou, 2014, pp. 82-87.
  37. W.-C. Wu and S.-H. Hung, ‘‘DroidDolphin: A dynamic android malware detection framework using big data and machine learning,’’ in Proc. Conf. Res. Adapt. Convergent Syst., Oct. 2014, pp. 247–252.
  38. Y. Aafer, W. Du, and H. Yin, DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. New York, NY, USA: Springer, 2014
  39. R. Kumar, X. Zhang, W. Wang, R. U. Khan, J. Kumar, and A. Sharif, ``A multimodal malware detection technique for Android IoT devices using various features,'' IEEE Access, vol. 7, pp. 64411-64430, 2019
  40. T. Lei, Z. Qin, Z. Wang, Q. Li and D. Ye, "EveDroid: Event-Aware Android Malware Detection Against Model Degrading for IoT Devices," in IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6668-6680, Aug. 2019,
  41. S. R. Zahra and M. Ahsan Chishti, "RansomWare and Internet of Things: A New Security Nightmare," 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 2019, pp. 551-555.
  42. Ayesha Naseer, Riffat Mir, Muhammad Aleem, Windows-based Ransomware: A Survey, Journal of Information Assurance and Security. ISSN 1554-1010 Volume 15 (2020) pp. 107-125
  43. Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, Syed Zainuddin Mohd Shaid, Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions, Computers & Security (2018), https://doi.org/10.1016/j.cose.2018.01.001
  44. K. P. Subedi, D. R. Budhathoki and D. Dasgupta, "Forensic Analysis of Ransomware Families Using Static and Dynamic Analysis," 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, 2018, pp. 180-185, doi: 10.1109/SPW.2018.00033.
  45. Andronio, N., Zanero, S., and Maggi, F. (2015). HELDROID: Dissecting and detecting mobile ransomware. In H. Bos, G. Blanc and F. Monrose (Eds.), 18th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2015 (Vol. 9404, pp. 382-404): Springer Verlag.
  46. Maiorca, D., Mercaldo, F., Giacinto, G., Visaggio, C. A., and Martinelli, F. (2017). R-PackDroid: API package-based characterization and detection of mobile ransomware. Paper presented at the Proceedings of the Symposium on Applied Computing.
  47. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., and Kirda, E. (2015). Cutting the gordian knot: A look under the hood of ransomware attacks. In F. Maggi, M. Almgren and V. Gulisano (Eds.), 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2015 (Vol. 9148, pp. 3-24): Springer Verlag.
  48. Scaife, N., Carter, H., Traynor, P., and Butler, K. R. (2016). CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data.
  49. Sgandurra, D., Muñoz-González, L., Mohsen, R., and Lupu, E. C. (2016). Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. arXiv preprint arXiv:1609.03020.
  50. Al-rimy, B. A. S., Maarof, M. A., and Shaid, S. Z. M. (2017). A 0-Day Aware Crypto- Ransomware Early Behavioral Detection Framework. Paper presented at the International Conference of Reliable Information and Communication Technology, 758- 766.
  51. Mbol, F., Robert, J.-M., and Sadighian, A. (2016). An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems. In S. Foresti and G. Persiano (Eds.), Cryptology and Network Security: 15th International Conference, CANS 2016, Milan, Italy, November 14-16, 2016, Proceedings (pp. 532-541). Cham: Springer International Publishing.
  52. Ahmadian, M. M., and Shahriari, H. R. (7-8 Sept. 2016). 2entFOX: A framework for high survivable ransomwares detection. Paper presented at the 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), 79-84.
  53. N. Viennot, E. Garcia and J. Nieh, "A measurement study of Google play", Proc. ACM SIGMETRICS, vol. 42, no. 1, pp. 221-233, 2014.
  54. Google Play Store, Mar. 2019, [online] Available: https://play.google.com/store.
  55. VirusShare, Mar. 2019, [online] Available: https://virusshare.com/.
  56. M. G. Schultz, E. Eskin, F. Zadok and S. J. Stolfo, "Data mining methods for detection of new malicious executables," Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, Oakland, CA, USA, 2001, pp. 38-49.
  57. McAfee, L. (2016). Understanding Ransomware and Strategies to Defeat It. In I. Security (Ed.)
  58. Kim, D., Soh, W., and Kim, S. (2015). Design of Quantification Model for Prevent of Cryptolocker. Indian Journal of Science and Technology, 8(19).
  59. M. Korolov. What is a Botnet? When Armies of Infected IoT Devices Attack. Accessed: June, 2020. [Online]. Available: https://www.csoonline.com/ article/3240364/ what-is-a-botnet.html
  60. https://www.quora.com/What-advancements-can-we-do-in-a-healthcare-monitoring-system-using-IoT (last accessed July 21, 2020)
  61. https://www.iiot-center.org/ (last accessed July 21, 2020)
  62. Khanam F., Nowrin I., and Mondal M. R. H., “Data Visualization and Analyzation of COVID-19”, Journal of Scientific Research and Reports, vol. 26, no. 3, pp. 42-52, Apr. 2020.
  63. Mondal M. R. H., Bharati S., Podder P., Podder P., “Data analytics for novel coronavirus disease”, Informatics in Medicine Unlocked, Volume 20, 2020, 100374, ISSN 2352-9148, https://doi.org/10.1016/j.imu.2020.100374.
  64. Bharati S., Podder P., Mondal M.R.H., “Hybrid deep learning for detecting lung diseases from X-ray images”, Informatics in Medicine Unlocked, Volume 20, 2020, 100391, ISSN 2352-9148, https://doi.org/10.1016/j.imu.2020.100391.
  65. Subrato Bharati, Prajoy Podder, M. R. H. Mondal, Priya Podder, Utku Kose, “A Review on Epidemiology, Genomic Characteristics, Spread and Treatments of COVID-19”. In “Data Science for COVID-19”, Utku Kose, Deepak Gupta, Victor H.C. de Albuquerque, Ashish Khanna (Eds), Elsevier. [In Press].
  66. Prajoy Podder, Subrato Bharati, M. R. H. Mondal, Utku Kose, “Application of Machine Learning for the Diagnosis of COVID-19”. In “Data Science for COVID-19”, Utku Kose, Deepak Gupta, Victor H.C. de Albuquerque, Ashish Khanna (Eds), Elsevier. [In press].
  67. M. A. Kabir and M. R. H. Mondal, "Edge-Based and Prediction-Based Transformations for Lossless Image Compression", Journal of Imaging, vol. 4, no. 5, DOI: 10.3390/jimaging4050064, May 2018.
  68. Bharati S., Podder P., Mondal M.R.H., “Visualization and prediction of energy consumption in smart homes”, International Journal of Hybrid Intelligent Systems, IOS Press, 2020. DOI: 10.3233/HIS-200283.
  69. S. Bharati, P. Podder, and M. R. H. Mondal, Diagnosis of Polycystic Ovary Syndrome Using Machine Learning Algorithms. Presented at 2020 IEEE Region 10 Symposium (TENSYMP), 5-7 June 2020, Bangladesh.
  70. Kumar V., Mishra B.K., Mazzara M., Thanh D.N.H., Verma A. (2020) Prediction of Malignant and Benign Breast Cancer: A Data Mining Approach in Healthcare Applications. In: Borah S., Emilia Balas V., Polkowski Z. (eds) Advances in Data Science and Management. Lecture Notes on Data Engineering and Communications Technologies, vol 37. Springer, Singapore.
  71. S. Bharati, P. Podder, M. R. H. Mondal, "Artificial Neural Network Based Breast Cancer Screening: A Comprehensive Review", International Journal of Computer Information Systems and Industrial Management Applications, MIR Labs, USA, vol. 12 (2020), pp. 125-137, May 2020.
Index Terms

Computer Science
Information Sciences

Keywords

Accuracy IoT IoMT Intrusion Detection Malware Machine Learning Ransomware Threats.