Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
A Novel Security Approach for Communication using IOTIJEACS
The Internet of Things (IOT) is the arrangement of physical articles or "things" introduced with equipment, programming, sensors, and framework accessibility, which enables these things to accumulate and exchange data. Here outlining security convention for the Internet of Things, and execution of this relating security convention on the inserted gadgets. This convention will cover the honesty of messages and verification of every customer by giving a productive confirmation component. By this venture the protected correspondence is executed on implanted gadgets.
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Eswar Publications
The Internet of Things (IoT), is a concept that describes how objects that we are used in daily life will interact and negotiate with other objects over the internet. The amount of devices with Wi-Fi capabilities and built-in sensors keeps on increasing. IoT combines smart devices to provide smart services and applications like smart cities, smart healthcare, smart home, and digital farm etc. But it is very crucial to secure connected IoT devices and networks because of the nature of IoT system. In this paper, the existing works are analyzed and an IoT based
healthcare system architecture is proposed. An authentication scheme to enhance the security of the proposed healthcare system is also present.
Ubiquitous devices are rising in popularity and sophistication. Internet of Things (IoT) avails opportunities for devices with powerful sensing, computing and interaction capabilities ranging from smartphones, wearable devices, home appliances, transport sensors and health products to share information through the internet. Due to vast data shared and increased interaction; they have attracted the interest of malware writers. Internet of Things environments poses unique challenges such as device latency, scalability, lack of antimalware tools and heterogeneity of device architectures that makes malware synthesis complex. In this paper we review literature on internet of things malware categories, support technologies, propagation and tools
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
When Internet of Things (IoT) applications become a part of people’s daily life, security issues in IoT have caught substantial attention in both academia and industry. Compared to traditional computing systems, IoT systems have more inherent vulnerabilities, and in the intervening time, could have higher security requirements. However, the current design of IoT does not successfully address the higher security requirements postured by those vulnerabilities. Many recent attacks on IoT systems have shown that novel security solutions are needed to defend this emerging system. This paper purposes to examine security challenges resulted from the special characteristics of the IoT systems and the new features of the IoT applications. This could help pave the road to better security solution design. Furthermore, three architectural security designs are suggested and analyzed. Examples of how to implement these designs are discussed. Finally, for each layer in IoT architecture, open issues are also identified.
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...IJECEIAES
‘Internet of Things (IoT)’emerged as an intelligent collaborative computation and communication between a set of objects capable of providing on-demand services to other objects anytime anywhere. A large-scale deployment of data-driven cloud applications as well as automated physical things such as embed electronics, software, sensors and network connectivity enables a joint ubiquitous and pervasive internet-based computing systems well capable of interacting with each other in an IoT. IoT, a well-known term and a growing trend in IT arena certainly bring a highly connected global network structure providing a lot of beneficial aspects to a user regarding business productivity, lifestyle improvement, government efficiency, etc. It also generates enormous heterogeneous and homogeneous data needed to be analyzed properly to get insight into valuable information. However, adoption of this new reality (i.e., IoT) by integrating it with the internet invites a certain challenges from security and privacy perspective. At present, a much effort has been put towards strengthening the security system in IoT still not yet found optimal solutions towards current security flaws. Therefore, the prime aim of this study is to investigate the qualitative aspects of the conventional security solution approaches in IoT. It also extracts some open research problems that could affect the future research track of IoT arena.
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSIJNSA Journal
The idea to connect everything to anything and at any point of time is what vaguely defines the concept of
the Internet of Things (IoT). The IoT is not only about providing connectivity but also facilitating
interaction among these connected things. Though the term IoT was introduced in 1999 but has drawn
significant attention during the past few years, the pace at which new devices are being integrated into the
system will profoundly impact the world in a good way but also poses some severe queries about security
and privacy. IoT in its current form is susceptible to a multitudinous set of attacks. One of the most
significant concerns of IoT is to provide security assurance for the data exchange because data is
vulnerable to some attacks by the attackers at each layer of IoT. The IoT has a layered structure where
each layer provides a service. The security needs vary from layer to layer as each layer serves a different
purpose. This paper aims to analyze the various security and privacy threats related to IoT. Some attacks
have been discussed along with some existing and proposed countermeasures.
Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.
A Novel Security Approach for Communication using IOTIJEACS
The Internet of Things (IOT) is the arrangement of physical articles or "things" introduced with equipment, programming, sensors, and framework accessibility, which enables these things to accumulate and exchange data. Here outlining security convention for the Internet of Things, and execution of this relating security convention on the inserted gadgets. This convention will cover the honesty of messages and verification of every customer by giving a productive confirmation component. By this venture the protected correspondence is executed on implanted gadgets.
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Eswar Publications
The Internet of Things (IoT), is a concept that describes how objects that we are used in daily life will interact and negotiate with other objects over the internet. The amount of devices with Wi-Fi capabilities and built-in sensors keeps on increasing. IoT combines smart devices to provide smart services and applications like smart cities, smart healthcare, smart home, and digital farm etc. But it is very crucial to secure connected IoT devices and networks because of the nature of IoT system. In this paper, the existing works are analyzed and an IoT based
healthcare system architecture is proposed. An authentication scheme to enhance the security of the proposed healthcare system is also present.
Ubiquitous devices are rising in popularity and sophistication. Internet of Things (IoT) avails opportunities for devices with powerful sensing, computing and interaction capabilities ranging from smartphones, wearable devices, home appliances, transport sensors and health products to share information through the internet. Due to vast data shared and increased interaction; they have attracted the interest of malware writers. Internet of Things environments poses unique challenges such as device latency, scalability, lack of antimalware tools and heterogeneity of device architectures that makes malware synthesis complex. In this paper we review literature on internet of things malware categories, support technologies, propagation and tools
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
When Internet of Things (IoT) applications become a part of people’s daily life, security issues in IoT have caught substantial attention in both academia and industry. Compared to traditional computing systems, IoT systems have more inherent vulnerabilities, and in the intervening time, could have higher security requirements. However, the current design of IoT does not successfully address the higher security requirements postured by those vulnerabilities. Many recent attacks on IoT systems have shown that novel security solutions are needed to defend this emerging system. This paper purposes to examine security challenges resulted from the special characteristics of the IoT systems and the new features of the IoT applications. This could help pave the road to better security solution design. Furthermore, three architectural security designs are suggested and analyzed. Examples of how to implement these designs are discussed. Finally, for each layer in IoT architecture, open issues are also identified.
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...IJECEIAES
‘Internet of Things (IoT)’emerged as an intelligent collaborative computation and communication between a set of objects capable of providing on-demand services to other objects anytime anywhere. A large-scale deployment of data-driven cloud applications as well as automated physical things such as embed electronics, software, sensors and network connectivity enables a joint ubiquitous and pervasive internet-based computing systems well capable of interacting with each other in an IoT. IoT, a well-known term and a growing trend in IT arena certainly bring a highly connected global network structure providing a lot of beneficial aspects to a user regarding business productivity, lifestyle improvement, government efficiency, etc. It also generates enormous heterogeneous and homogeneous data needed to be analyzed properly to get insight into valuable information. However, adoption of this new reality (i.e., IoT) by integrating it with the internet invites a certain challenges from security and privacy perspective. At present, a much effort has been put towards strengthening the security system in IoT still not yet found optimal solutions towards current security flaws. Therefore, the prime aim of this study is to investigate the qualitative aspects of the conventional security solution approaches in IoT. It also extracts some open research problems that could affect the future research track of IoT arena.
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSIJNSA Journal
The idea to connect everything to anything and at any point of time is what vaguely defines the concept of
the Internet of Things (IoT). The IoT is not only about providing connectivity but also facilitating
interaction among these connected things. Though the term IoT was introduced in 1999 but has drawn
significant attention during the past few years, the pace at which new devices are being integrated into the
system will profoundly impact the world in a good way but also poses some severe queries about security
and privacy. IoT in its current form is susceptible to a multitudinous set of attacks. One of the most
significant concerns of IoT is to provide security assurance for the data exchange because data is
vulnerable to some attacks by the attackers at each layer of IoT. The IoT has a layered structure where
each layer provides a service. The security needs vary from layer to layer as each layer serves a different
purpose. This paper aims to analyze the various security and privacy threats related to IoT. Some attacks
have been discussed along with some existing and proposed countermeasures.
Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.
Comprehensive survey on security problems and key technologies of the interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
With rapid growth of science and information technology, Internet of things (IoT) becomes as an integral part of daily life. The applications of IoT are expanded starting from connected cars, wearables, connected health, smart retail and healthcare. However, security issues are increasing with the increase of its use. Lack of compliances on the part of IoT manufacturers, lack of user knowledge and awareness, device update and management, lack of physical hardening and botnet attacks are considered as the major reasons for security issues in IoT based applications. In this aspect, it becomes important to analyze security issues involved with IoT and its impact on the users that has been performed in the present study
Architectural Layers of Internet of Things: Analysis of Security Threats and ...Scientific Review SR
A pervasive network architecture that interconnect heterogeneous objects, devices, technologies and services called
Internet of Things has prompted a drastic change in demand of smart devices which in turn has increased the rate of
data exchange. These smart devices are built with numerous sensors which collect information from other interacting
devices, process it and send it to remote locations for storage or further processing. Although this mechanism of data
processing and sharing has contributed immensely to the information world, it has recently posed high security risk
on privacy and data confidentiality. This paper therefore analyses different security threats to data at different
architectural layers of Internet of Things, possible countermeasures and other in-depth security measures for Internet
of Things. The paper identifies device authentication on IoT network to be of paramount impo rtance in securing IoT
systems. This paper also suggests some essential technologies of security such as encryption for securing IoT
devices and the data shared over IoT network
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...Dr. Amarjeet Singh
Internet of Things (IoT) is undoubtedly a well-known research area. Security on IoT communication services is the major challenge with advanced technology and devices. This paper mainly focusing on Perceptron layer based attacks and counter measures based on Effective Authentication System (EAS). This paper is ordered as outlining IoT Architecture, Types of Threats ,Perceptron Layer based attacks, sensor based communication services ,RFID mechanism ,Tag identify and verification by back end server and Hash based Effective Authentication System (EAS) to avoid pseudonym attacks .This paper proposes EAS as security measure by preventing privacy attack, pseudonym attack, location tracking and asynchronous attack.
A Study on Device Oriented Security Challenges in Internet of Things (IoT)Eswar Publications
Internet of Things (IoT) basically discusses about the connection of various physical devices through a network
and let them take an active part by exchanging information through Internet. This paper presents important applications of IoT and the different challenges of IoT. Out of the various challenges, attacks on the devices used in IoT are of serious concern. Device oriented attacks and the defensive mechanisms are studied in this paper. A comparison is done for the specific malicious attacks on the M2M communicating devices.
INTERNET OF THINGS AS A TOOL FOR ENHANCEMENT OF EDUCATION ADMINISTRATION AND ...IAEME Publication
In recent times and as far as technological advancement goes, the Internet of
Things is the trending topic in the world. Internet of Things popularly called IoT is the
internetworking of interconnected devices over the internet to enable interaction
between those devices without any human interference. Cisco predicts at least 50
billion of such devices to be available by the year 2020. This leaves a huge gap as to
the appropriate awareness and literacy of the world as a collective to be receptive of
the massive IoT technology overhaul coming in the nearest future. This paper gives a
little insight into the basics of IoT, its core fundamentals, its architecture and
furthermore contributes to knowledge the application of IoT to the education sector.
Considering the number of connected devices expected to be produced, it is expected
also that sufficient amount of personnel are trained in IoT systems adequately to meet
with the rising demand
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
Security Issues & Threats in IoT InfrastructureIJAEMSJORNAL
IoT (Internet of Things) expands the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level.IoT today has a wide scope and researches say that IoT will definitely be a huge reason in the change of human lifestyle. But irrespective of the scope of IoT, we cannot be sure enough to implement it due to the security concerns. There is a genuine need to secure IoT, which has therefore resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper discusses about the flaws in the security structure of IoT, it is a study about the various layers of IoT and how differentattacks are possible in those layers.
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
The use of supervised learning algorithms to detect malicious traffic can be valuable in designing intrusion detection systems and ascertaining security risks. The Internet of things (IoT) refers to the billions of physical, electronic devices around the world that are often connected over the Internet. The growth of IoT systems comes at the risk of network attacks such as denial of service (DoS) and spoofing. In this research, we perform various supervised feature selection methods and employ three classifiers on IoT network data. The classifiers predict with high accuracy if the network traffic against the IoT device was malicious or benign. We compare the feature selection methods to arrive at the best that can be used for network intrusion prediction.
SIEM-based detection and mitigation of IoT-botnet DDoS attacksIJECEIAES
The Internet of Things (IoT) is becoming an integral part of our daily life includ- ing health, environment, homes, military, etc. The enormous growth of IoT in recent years has attracted hackers to take advantage of their computation and communication capabilities to perform different types of attacks. The major concern is that IoT devices have several vulnerabilities that can be easily exploited to form IoT botnets consisting of millions of IoT devices and posing significant threats to Internet security. In this context, DDoS attacks originating from IoT botnets is a major problem in today’s Internet that requires immediate attention. In this paper, we propose Security Information and Event Management-based IoT botnet DDoS attack detection and mitigation system. This system detects and blocks DDoS attack traffic from compromised IoT devices by monitoring specific packet types including TCP SYN, ICMP and DNS packets originating from these devices. We discuss a prototype implementation of the proposed system and we demonstrate that SIEM based solutions can be configured to accurately identify and block malicious traffic originating from compromised IoT devices.
Instant Messenger (IM) becomes one of the most popular applications in mobile technology and
communication. A lot of users around the world installed it for daily activities. Current IM found security
lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient
method in authentication and encryption process, conventional security methods and client-server
architecture system have to risk too many users for attacking server such as compromising, cracking
password or PINs by Unauthorized people. Common IM services lack native encryption to protect
information being transmitted over the public network and still used high computation in the mobile
environment, this problem needs efficient security methods. Then, in public IM also found various
messages with fake users, it occurs because public IM carry out the separate system in authentication and
encryption process, strong authentication need to solve this issue in messenger environment. The
tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes
a new efficient method for securing message both in encryption and authentication within the end-to-end
model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in
Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method
produces efficient time in authentication and encryption process while applying in a mobile environment.
Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and
resources.
Wearables are small electronic devices, often comprising one or more sensors and having computational capability. Devices such as wrist watches, pens, and glasses with installed cameras are now available at cheap prices for user to purchase to monitor or securing themselves. The Nigerian state at this period is faced with a lot of kidnapping activities in schools, homes and abduction for the purpose of ransomed collection and other illegal activities necessitate these reviews. The success of the wearable technology in medical uses prompted the research into application into security uses. The method of research is the use of case studies and literature search. This paper takes a look at the possible applications of the wearable technology to combat the cases of abduction and kidnapping in Nigeria.
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docxvrickens
INTERNET OF THINGS: A STUDY ON SECURITY AND PRIVACY THREATS
Md Husamuddin
Dept. of computer science
College of CS and IT, Al-Baha University
Al-Baha, Kingdom of Saudi Arabia
Dr. [email protected]
ABSTRACT
The current world is driven by new, developing technologies. This has resulted in a variety of smart devices in the society that has impacted positively on the lives of people in the community. However, the organization has been experiencing threats and cyberattacks that mostly targets the private information. Therefore, in this paper, my discussion is centered on the different applications of the internet of things as well as security threats that are involved.
Keywords: security, privacy.
INTRODUCTION
The Internet of things is the most significant of the future of the internet. IoT has a global network through which ant object can connect with the other devices that are also linked on the internet. These devices include computers, tabs, cell phones, among many others. Generally, the internet of things is a system made up of connected things. This machine contains a microchip that connects all the methods related to it. Microchips serve the function of tracking the surrounding of the network and to give the report in case of any findings pertaining to the internet. The meaning of PC wrongdoing and cloud wrongdoing will be come to out to the IoT wrongdoing, which talks to any malignant development that incorporates the IoT worldview as within the IoT contraptions, organizations, or correspondence channels can be a subject, thing, or gadget recognized with the infringement. To investigate these sorts of cases, it is required to execute computerized crime scene examination technique within the IoT to choose the substances around an event. The meaning of a capable and adjust IoT progressed lawful sciences method is still at its unimaginable intrigued (Husamuddin, 2015). The most significant part of IoT is that it makes it possible for different entities to be communicated and to be accessed via the internet. This is very economical as a result, attracts many devices to be connected to the internet (Balte &Patil,2015). Research shows that more than 40 billion devices in 2019 got connected, and a higher risk of this is expected in the current year.
SECURITY REQUIREMENTS
The rate at which technologies are emerging is so high, and this has lead to threats as well as a privacy issue. The smart devices arising from this technology will interact with other devices and transmit information in the network (Balte, &Patil,2015). If a computer gets infected, the effects ripples to other devices in the system; thus, the whole internet infrastructure would be at risk. As soon as an attack spot has been identified, it is feasible to enumerate the safety vulnerabilities and risk prone regions requiring defense-in-intensity protection. Such safety refers to a typically used approach to protect important data on company networks wherein security controls ...
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
In the era of computing technology, Internet of Things (IoT) devices are now popular in each and every domains like e-governance, e-Health, e-Home, e-Commerce, and e-Trafficking etc. Iot is spreading from small to large applications in all fields like Smart Cities, Smart Grids, Smart Transportation. As on one side IoT provide facilities and services for the society. On the other hand, IoT security is also a crucial issues.IoT security is an area which totally concerned for giving security to connected devices and networks in the IoT .As, IoT is vast area with usability, performance, security, and reliability as a major challenges in it. The growth of the IoT is exponentially increases as driven by market pressures, which proportionally increases the security threats involved in IoT The relationship between the security and billions of devices connecting to the Internet cannot be described with existing mathematical methods. In this paper, we explore the opportunities possible in the IoT with security threats and challenges associated with it.
Comprehensive survey on security problems and key technologies of the interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
With rapid growth of science and information technology, Internet of things (IoT) becomes as an integral part of daily life. The applications of IoT are expanded starting from connected cars, wearables, connected health, smart retail and healthcare. However, security issues are increasing with the increase of its use. Lack of compliances on the part of IoT manufacturers, lack of user knowledge and awareness, device update and management, lack of physical hardening and botnet attacks are considered as the major reasons for security issues in IoT based applications. In this aspect, it becomes important to analyze security issues involved with IoT and its impact on the users that has been performed in the present study
Architectural Layers of Internet of Things: Analysis of Security Threats and ...Scientific Review SR
A pervasive network architecture that interconnect heterogeneous objects, devices, technologies and services called
Internet of Things has prompted a drastic change in demand of smart devices which in turn has increased the rate of
data exchange. These smart devices are built with numerous sensors which collect information from other interacting
devices, process it and send it to remote locations for storage or further processing. Although this mechanism of data
processing and sharing has contributed immensely to the information world, it has recently posed high security risk
on privacy and data confidentiality. This paper therefore analyses different security threats to data at different
architectural layers of Internet of Things, possible countermeasures and other in-depth security measures for Internet
of Things. The paper identifies device authentication on IoT network to be of paramount impo rtance in securing IoT
systems. This paper also suggests some essential technologies of security such as encryption for securing IoT
devices and the data shared over IoT network
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...Dr. Amarjeet Singh
Internet of Things (IoT) is undoubtedly a well-known research area. Security on IoT communication services is the major challenge with advanced technology and devices. This paper mainly focusing on Perceptron layer based attacks and counter measures based on Effective Authentication System (EAS). This paper is ordered as outlining IoT Architecture, Types of Threats ,Perceptron Layer based attacks, sensor based communication services ,RFID mechanism ,Tag identify and verification by back end server and Hash based Effective Authentication System (EAS) to avoid pseudonym attacks .This paper proposes EAS as security measure by preventing privacy attack, pseudonym attack, location tracking and asynchronous attack.
A Study on Device Oriented Security Challenges in Internet of Things (IoT)Eswar Publications
Internet of Things (IoT) basically discusses about the connection of various physical devices through a network
and let them take an active part by exchanging information through Internet. This paper presents important applications of IoT and the different challenges of IoT. Out of the various challenges, attacks on the devices used in IoT are of serious concern. Device oriented attacks and the defensive mechanisms are studied in this paper. A comparison is done for the specific malicious attacks on the M2M communicating devices.
INTERNET OF THINGS AS A TOOL FOR ENHANCEMENT OF EDUCATION ADMINISTRATION AND ...IAEME Publication
In recent times and as far as technological advancement goes, the Internet of
Things is the trending topic in the world. Internet of Things popularly called IoT is the
internetworking of interconnected devices over the internet to enable interaction
between those devices without any human interference. Cisco predicts at least 50
billion of such devices to be available by the year 2020. This leaves a huge gap as to
the appropriate awareness and literacy of the world as a collective to be receptive of
the massive IoT technology overhaul coming in the nearest future. This paper gives a
little insight into the basics of IoT, its core fundamentals, its architecture and
furthermore contributes to knowledge the application of IoT to the education sector.
Considering the number of connected devices expected to be produced, it is expected
also that sufficient amount of personnel are trained in IoT systems adequately to meet
with the rising demand
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
Security Issues & Threats in IoT InfrastructureIJAEMSJORNAL
IoT (Internet of Things) expands the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level.IoT today has a wide scope and researches say that IoT will definitely be a huge reason in the change of human lifestyle. But irrespective of the scope of IoT, we cannot be sure enough to implement it due to the security concerns. There is a genuine need to secure IoT, which has therefore resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper discusses about the flaws in the security structure of IoT, it is a study about the various layers of IoT and how differentattacks are possible in those layers.
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
The use of supervised learning algorithms to detect malicious traffic can be valuable in designing intrusion detection systems and ascertaining security risks. The Internet of things (IoT) refers to the billions of physical, electronic devices around the world that are often connected over the Internet. The growth of IoT systems comes at the risk of network attacks such as denial of service (DoS) and spoofing. In this research, we perform various supervised feature selection methods and employ three classifiers on IoT network data. The classifiers predict with high accuracy if the network traffic against the IoT device was malicious or benign. We compare the feature selection methods to arrive at the best that can be used for network intrusion prediction.
SIEM-based detection and mitigation of IoT-botnet DDoS attacksIJECEIAES
The Internet of Things (IoT) is becoming an integral part of our daily life includ- ing health, environment, homes, military, etc. The enormous growth of IoT in recent years has attracted hackers to take advantage of their computation and communication capabilities to perform different types of attacks. The major concern is that IoT devices have several vulnerabilities that can be easily exploited to form IoT botnets consisting of millions of IoT devices and posing significant threats to Internet security. In this context, DDoS attacks originating from IoT botnets is a major problem in today’s Internet that requires immediate attention. In this paper, we propose Security Information and Event Management-based IoT botnet DDoS attack detection and mitigation system. This system detects and blocks DDoS attack traffic from compromised IoT devices by monitoring specific packet types including TCP SYN, ICMP and DNS packets originating from these devices. We discuss a prototype implementation of the proposed system and we demonstrate that SIEM based solutions can be configured to accurately identify and block malicious traffic originating from compromised IoT devices.
Instant Messenger (IM) becomes one of the most popular applications in mobile technology and
communication. A lot of users around the world installed it for daily activities. Current IM found security
lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient
method in authentication and encryption process, conventional security methods and client-server
architecture system have to risk too many users for attacking server such as compromising, cracking
password or PINs by Unauthorized people. Common IM services lack native encryption to protect
information being transmitted over the public network and still used high computation in the mobile
environment, this problem needs efficient security methods. Then, in public IM also found various
messages with fake users, it occurs because public IM carry out the separate system in authentication and
encryption process, strong authentication need to solve this issue in messenger environment. The
tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes
a new efficient method for securing message both in encryption and authentication within the end-to-end
model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in
Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method
produces efficient time in authentication and encryption process while applying in a mobile environment.
Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and
resources.
Wearables are small electronic devices, often comprising one or more sensors and having computational capability. Devices such as wrist watches, pens, and glasses with installed cameras are now available at cheap prices for user to purchase to monitor or securing themselves. The Nigerian state at this period is faced with a lot of kidnapping activities in schools, homes and abduction for the purpose of ransomed collection and other illegal activities necessitate these reviews. The success of the wearable technology in medical uses prompted the research into application into security uses. The method of research is the use of case studies and literature search. This paper takes a look at the possible applications of the wearable technology to combat the cases of abduction and kidnapping in Nigeria.
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docxvrickens
INTERNET OF THINGS: A STUDY ON SECURITY AND PRIVACY THREATS
Md Husamuddin
Dept. of computer science
College of CS and IT, Al-Baha University
Al-Baha, Kingdom of Saudi Arabia
Dr. [email protected]
ABSTRACT
The current world is driven by new, developing technologies. This has resulted in a variety of smart devices in the society that has impacted positively on the lives of people in the community. However, the organization has been experiencing threats and cyberattacks that mostly targets the private information. Therefore, in this paper, my discussion is centered on the different applications of the internet of things as well as security threats that are involved.
Keywords: security, privacy.
INTRODUCTION
The Internet of things is the most significant of the future of the internet. IoT has a global network through which ant object can connect with the other devices that are also linked on the internet. These devices include computers, tabs, cell phones, among many others. Generally, the internet of things is a system made up of connected things. This machine contains a microchip that connects all the methods related to it. Microchips serve the function of tracking the surrounding of the network and to give the report in case of any findings pertaining to the internet. The meaning of PC wrongdoing and cloud wrongdoing will be come to out to the IoT wrongdoing, which talks to any malignant development that incorporates the IoT worldview as within the IoT contraptions, organizations, or correspondence channels can be a subject, thing, or gadget recognized with the infringement. To investigate these sorts of cases, it is required to execute computerized crime scene examination technique within the IoT to choose the substances around an event. The meaning of a capable and adjust IoT progressed lawful sciences method is still at its unimaginable intrigued (Husamuddin, 2015). The most significant part of IoT is that it makes it possible for different entities to be communicated and to be accessed via the internet. This is very economical as a result, attracts many devices to be connected to the internet (Balte &Patil,2015). Research shows that more than 40 billion devices in 2019 got connected, and a higher risk of this is expected in the current year.
SECURITY REQUIREMENTS
The rate at which technologies are emerging is so high, and this has lead to threats as well as a privacy issue. The smart devices arising from this technology will interact with other devices and transmit information in the network (Balte, &Patil,2015). If a computer gets infected, the effects ripples to other devices in the system; thus, the whole internet infrastructure would be at risk. As soon as an attack spot has been identified, it is feasible to enumerate the safety vulnerabilities and risk prone regions requiring defense-in-intensity protection. Such safety refers to a typically used approach to protect important data on company networks wherein security controls ...
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
In the era of computing technology, Internet of Things (IoT) devices are now popular in each and every domains like e-governance, e-Health, e-Home, e-Commerce, and e-Trafficking etc. Iot is spreading from small to large applications in all fields like Smart Cities, Smart Grids, Smart Transportation. As on one side IoT provide facilities and services for the society. On the other hand, IoT security is also a crucial issues.IoT security is an area which totally concerned for giving security to connected devices and networks in the IoT .As, IoT is vast area with usability, performance, security, and reliability as a major challenges in it. The growth of the IoT is exponentially increases as driven by market pressures, which proportionally increases the security threats involved in IoT The relationship between the security and billions of devices connecting to the Internet cannot be described with existing mathematical methods. In this paper, we explore the opportunities possible in the IoT with security threats and challenges associated with it.
Comprehensive Survey on Security Problems and Key Technologies of the Interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
Internet of Things (IoT) is becoming an emerging trend superseding other technologies and researchers considered it as the future of internet. As now the connectivity to the World Wide Web is becoming highly available cost is drastically decreasing so everyone can afford the technology. As Internet of Things provides a great opportunity to develop an important industrial systems and applications with the help of various kind of sensors that can sense out the environment using number of devices that is connected to the internet, usage of IoT is drastically increasing and becoming a common thing. With this sky-rocketed usage and the demand, Communication and storing of the information faces serious security issues as the security of IoT devices become just an afterthought when manufacturing most of the devices. This study tries to summarize this IoT security issues in terms of primary information security concepts confidentiality, integrity and availability with regards to its architecture.
Security Attacks and Countermeasures on Cloud Assisted IoT App.docxedgar6wallace88877
Security Attacks and Countermeasures on Cloud Assisted IoT Applications
Asma Alsaidi
The Communication and Information Research Center
Sultan Qaboos University
Muscat, Oman
[email protected]
Firdous Kausar
Electrical and Computer Engineering Department
College of Engineering, Sultan Qaboos University
Muscat, Oman
[email protected]
Abstract— Internet of things is an emerging technology having
the potential to improve the quality of different aspects of
human life. Furthermore, integration of IoT with cloud
computing has accelerated the wide range of applications in
different areas such as commercial, manufacturing,
engineering, supply chains, etc. Currently security threat
obstacles the adoption of IoT technology in many areas. This
paper presents the architecture of cloud assisted IoT
applications for smart cities, telemedicine and intelligent
transportation system. We investigate the security threats and
attacks due to unauthorized access and misuse of information
collected by IoT nodes and device. Further, we describe the
possible countermeasure to these security attacks.
Keywords- IoT; Cloud Computing; Smart cities; Intelligent
transport system; Telemedicine;
I. INTRODUCTION
The Internet of things (IoT) compromises a combination
of different sensors and objects that can collaborate with
each other with no human interference necessary. The
“things” in the IoT comprises objects, such as cars,
microwaves, refrigerators, toaster, air conditions etc, which
collect useful data from its surroundings with the help of
sensors and transmit this to the other connected devices that
take actions/decisions based on it. In other words, it can be
said that IoT is an architecture that encompasses smart
embedded devices that are connected to internet so they can
be controlled and triggered by internet.
It is expected that by the 2020, around 25 billion objects
will become the part of global IoT network [9], which will
pose new challenges in securing IoT systems. It will become
easy target for hackers as these systems are often deployed in
uncontrolled and hostile environment. The main security
challenges in IoT environment are authorization, privacy,
authentication, admission control, system conformation,
storage, and administration [2]. There are security solutions
available already for Internet, which should be equally
applicable to IoT networks as well. However, constrained
resources, different operational environment, and complex
interconnectivity among huge number of devices in IoT
make those security solutions insufficient.
The IoT systems are vulnerable to numerous different
types of security attacks: Denial of Service (DoS), Jamming
attacks, Sybil attacks, blackhole attacks, wormhole attacks,
and malware attacks etc. Even after implementing proper
security solutions in IoT devices, there are still possibilities
of different kind of attacks on the network. Therefore,
proper.
Using Machine Learning to Build a Classification Model for IoT Networks to De...IJCNCJournal
Internet of things (IoT) has led to several security threats and challenges within society. Regardless of the benefits that it has brought with it to the society, IoT could compromise the security and privacy of individuals and companies at various levels. Denial of Service (DoS) and Distributed DoS (DDoS) attacks, among others, are the most common attack types that face the IoT networks. To counter such attacks, companies should implement an efficient classification/detection model, which is not an easy task. This paper proposes a classification model to examine the effectiveness of several machine-learning algorithms, namely, Random Forest (RF), k-Nearest Neighbors (KNN), and Naïve Bayes. The machine learning algorithms are used to detect attacks on the UNSW-NB15 benchmark dataset. The UNSW-NB15 contains normal network traffic and malicious traffic instants. The experimental results reveal that RF and KNN classifiers give the best performance with an accuracy of 100% (without noise injection) and 99% (with 10% noise filtering), while the Naïve Bayes classifier gives the worst performance with an accuracy of 95.35% and 82.77 without noise and with 10% noise, respectively. Other evaluation matrices, such as precision and recall, also show the effectiveness of RF and KNN classifiers over Naïve Bayes.
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Network security is one of the foremost anxieties of the modern time. Over
the previous years, numerous studies have been accompanied on the
intrusion detection system. However, network security is one of the foremost
apprehensions of the modern era this is due to the speedy development and
substantial usage of altered technologies over the past period. The
vulnerabilities of these technologies security have become a main dispute
intrusion detection system is used to classify unapproved access and unusual
attacks over the secured networks. For the implementation of intrusion
detection system different approaches are used machine learning technique
is one of them. In order to comprehend the present station of application of
machine learning techniques for solving the intrusion discovery anomalies in
internet of thing (IoT) based big data this review paper conducted. Total 55
papers are summarized from 2010 and 2021 which were centering on the
manner of the single, hybrid and collaborative classifier design. This review
paper also includes some of the basic information like IoT, big data, and
machine learning approaches are discussed.
CAN BLOCKCHAIN BE A SOLUTION TO IOT TECHNICAL AND SECURITY ISSUESIJNSA Journal
The Internet of Things (IoT) is a growing trend in technology that interconnects millions of physical devices from any location anytime. Currently, IoT devices have become an integral part of human lives, as such organizations are deeply concerned with its security and technical issues. Blockchain system comprises a distributed digital ledger which is shared among community of users on the Internet; validated and recorded transactions in the ledger which cannot be altered or removed. We presented the challenges of IoT devices and how blockchain can be used to alleviate these problems. An outline of how to integrate blockchain with IoT was tackled, highlighting the challenges of IoT and how blockchain can remedy the issues. It was concluded that blockchain has the capability to curb the challenges posed by IoT devices.
A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet o...DESMOND YUEN
Internet of Things (IoT) is an innovative paradigm
envisioned to provide massive applications that are now part of
our daily lives. Millions of smart devices are deployed within
complex networks to provide vibrant functionalities including
communications, monitoring, and controlling of critical infrastructures. However, this massive growth of IoT devices and the corresponding huge data traffic generated at the edge of the network created additional burdens on the state-of-the-art
centralized cloud computing paradigm due to the bandwidth and
resources scarcity. Hence, edge computing (EC) is emerging as
an innovative strategy that brings data processing and storage
near to the end users, leading to what is called EC-assisted IoT.
Although this paradigm provides unique features and enhanced
quality of service (QoS), it also introduces huge risks in data security and privacy aspects. This paper conducts a comprehensive survey on security and privacy issues in the context of EC-assisted IoT. In particular, we first present an overview of EC-assisted IoT including definitions, applications, architecture, advantages, and challenges. Second, we define security and privacy in the context of EC-assisted IoT. Then, we extensively discuss the major classifications of attacks in EC-assisted IoT and provide possible solutions and countermeasures along with the related research efforts. After that, we further classify some security and privacy issues as discussed in the literature based on security services and based on security objectives and functions. Finally, several open challenges and future research directions for secure EC-assisted IoT paradigm are also extensively provided.
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSIJNSA Journal
The idea to connect everything to anything and at any point of time is what vaguely defines the concept of the Internet of Things (IoT). The IoT is not only about providing connectivity but also facilitating interaction among these connected things. Though the term IoT was introduced in 1999 but has drawn significant attention during the past few years, the pace at which new devices are being integrated into the system will profoundly impact the world in a good way but also poses some severe queries about security and privacy. IoT in its current form is susceptible to a multitudinous set of attacks. One of the most significant concerns of IoT is to provide security assurance for the data exchange because data is vulnerable to some attacks by the attackers at each layer of IoT. The IoT has a layered structure where each layer provides a service. The security needs vary from layer to layer as each layer serves a different purpose. This paper aims to analyze the various security and privacy threats related to IoT. Some attacks have been discussed along with some existing and proposed countermeasures.
Internet of things: review, architecture and applicationsCSITiaesprime
Devices linked to the internet of things (IoT) may communicate with one another in several settings. Furthermore, rather of relying on an existing centralized system, users may develop their own network by using wireless capabilities. This kind of network is known as a wireless mobile ad hoc network. The mobile ad-hoc network (MANET) enables IoT devices to connect with one another in an unstructured networked environment. IoT devices may connect, establish linkages, and share data on a continuous basis. In this system, the cloud's purpose is to store and analyze data acquired from IoT devices. One of the most significant challenges in cloud computing has been identified as information security, and its resolution will result in an even bigger increase in cloud computing usage and popularity in the future. Finally, the goal of this project is to create a framework for facilitating communication between IoT devices in a Cloud and MANET context. Our major contribution is a ground-breaking research initiative that combines cloud computing with the MANET and connects the internet of things. This research might be used to the IoT in the future.
Security Challenges in IoT Software Development and Possible Solutions.pdfJPLoft Solutions
However, this type of accessibility has security threats and issues. IoT devices are known to be vulnerable to security risks when they first connect to corporate networks, which may result in security breaches and expose a company's assets to cyberattacks. IoT security is essential for companies that want to reap the benefits of IoT software development and minimize security risks.
A review on machine learning based intrusion detection system for internet of...IJECEIAES
Within an internet of things (IoT) environment, the fundamental purpose of various devices is to gather the abundant amount of data that is being generated and then transmit this data to the predetermined server over the internet. IoT connects billions of objects and the internet to communicate without human intervention. But network security and privacy issues are increasing very fast, in today's world. Because of the prevalence of technological advancement in regular activities, internet security has evolved into a necessary requirement. Because technology is integrated into every aspect of contemporary life, cyberattacks on the internet of things represent a bigger danger than attacks against traditional networks. Researchers have found that combining machine learning techniques into an intrusion detection system (IDS) is an efficient way to get beyond the limitations of conventional IDSs in an IoT context. This research presents a comprehensive literature assessment and develops an intrusion detection system that makes use of machine learning techniques to address security problems in an IoT environment. Along with a comprehensive look at the state of the art in terms of intrusion detection systems for IoT-enabled environments, this study also examines the attributes of approaches, common datasets, and existing methods utilized to construct such systems.
Privacy-aware secured discrete framework in wireless sensor networkIJECEIAES
Rapid expansion of wireless sensor network-internet of things (WSN-IoT) in terms of application and technologies has led to wide research considering efficiency and security aspects. Considering the efficiency approach such as data aggregation along with consensus mechanism has been one of the efficient and secure approaches, however, privacy has been one of major concern and it remains an open issue due to low classification and high misclassification rate. This research work presents the privacy and reliable aware discrete (PRD-aggregation) framework to protect and secure the privacy of the node. It works by initializing the particular variable for each node and defining the threshold; further nodes update their state through the functions, and later consensus is developed among the sensor nodes, which further updates. The novelty of PRD is discretized transmission for efficiency and security. PRD-aggregation offers reliability through efficient termination criteria and avoidance of transmission failure. PRD-aggregation framework is evaluated considering the number of deceptive nodes for securing the node in the network. Furthermore, comparative analysis proves the marginal improvisation in terms of discussed parameter against the existing protocol.
Similar to Malware threat analysis techniques and approaches for IoT applications: a review (20)
Square transposition: an approach to the transposition process in block cipherjournalBEEI
The transposition process is needed in cryptography to create a diffusion effect on data encryption standard (DES) and advanced encryption standard (AES) algorithms as standard information security algorithms by the National Institute of Standards and Technology. The problem with DES and AES algorithms is that their transposition index values form patterns and do not form random values. This condition will certainly make it easier for a cryptanalyst to look for a relationship between ciphertexts because some processes are predictable. This research designs a transposition algorithm called square transposition. Each process uses square 8 × 8 as a place to insert and retrieve 64-bits. The determination of the pairing of the input scheme and the retrieval scheme that have unequal flow is an important factor in producing a good transposition. The square transposition can generate random and non-pattern indices so that transposition can be done better than DES and AES.
Hyper-parameter optimization of convolutional neural network based on particl...journalBEEI
Deep neural networks have accomplished enormous progress in tackling many problems. More specifically, convolutional neural network (CNN) is a category of deep networks that have been a dominant technique in computer vision tasks. Despite that these deep neural networks are highly effective; the ideal structure is still an issue that needs a lot of investigation. Deep Convolutional Neural Network model is usually designed manually by trials and repeated tests which enormously constrain its application. Many hyper-parameters of the CNN can affect the model performance. These parameters are depth of the network, numbers of convolutional layers, and numbers of kernels with their sizes. Therefore, it may be a huge challenge to design an appropriate CNN model that uses optimized hyper-parameters and reduces the reliance on manual involvement and domain expertise. In this paper, a design architecture method for CNNs is proposed by utilization of particle swarm optimization (PSO) algorithm to learn the optimal CNN hyper-parameters values. In the experiment, we used Modified National Institute of Standards and Technology (MNIST) database of handwritten digit recognition. The experiments showed that our proposed approach can find an architecture that is competitive to the state-of-the-art models with a testing error of 0.87%.
Supervised machine learning based liver disease prediction approach with LASS...journalBEEI
In this contemporary era, the uses of machine learning techniques are increasing rapidly in the field of medical science for detecting various diseases such as liver disease (LD). Around the globe, a large number of people die because of this deadly disease. By diagnosing the disease in a primary stage, early treatment can be helpful to cure the patient. In this research paper, a method is proposed to diagnose the LD using supervised machine learning classification algorithms, namely logistic regression, decision tree, random forest, AdaBoost, KNN, linear discriminant analysis, gradient boosting and support vector machine (SVM). We also deployed a least absolute shrinkage and selection operator (LASSO) feature selection technique on our taken dataset to suggest the most highly correlated attributes of LD. The predictions with 10 fold cross-validation (CV) made by the algorithms are tested in terms of accuracy, sensitivity, precision and f1-score values to forecast the disease. It is observed that the decision tree algorithm has the best performance score where accuracy, precision, sensitivity and f1-score values are 94.295%, 92%, 99% and 96% respectively with the inclusion of LASSO. Furthermore, a comparison with recent studies is shown to prove the significance of the proposed system.
A secure and energy saving protocol for wireless sensor networksjournalBEEI
The research domain for wireless sensor networks (WSN) has been extensively conducted due to innovative technologies and research directions that have come up addressing the usability of WSN under various schemes. This domain permits dependable tracking of a diversity of environments for both military and civil applications. The key management mechanism is a primary protocol for keeping the privacy and confidentiality of the data transmitted among different sensor nodes in WSNs. Since node's size is small; they are intrinsically limited by inadequate resources such as battery life-time and memory capacity. The proposed secure and energy saving protocol (SESP) for wireless sensor networks) has a significant impact on the overall network life-time and energy dissipation. To encrypt sent messsages, the SESP uses the public-key cryptography’s concept. It depends on sensor nodes' identities (IDs) to prevent the messages repeated; making security goals- authentication, confidentiality, integrity, availability, and freshness to be achieved. Finally, simulation results show that the proposed approach produced better energy consumption and network life-time compared to LEACH protocol; sensors are dead after 900 rounds in the proposed SESP protocol. While, in the low-energy adaptive clustering hierarchy (LEACH) scheme, the sensors are dead after 750 rounds.
Plant leaf identification system using convolutional neural networkjournalBEEI
This paper proposes a leaf identification system using convolutional neural network (CNN). This proposed system can identify five types of local Malaysia leaf which were acacia, papaya, cherry, mango and rambutan. By using CNN from deep learning, the network is trained from the database that acquired from leaf images captured by mobile phone for image classification. ResNet-50 was the architecture has been used for neural networks image classification and training the network for leaf identification. The recognition of photographs leaves requested several numbers of steps, starting with image pre-processing, feature extraction, plant identification, matching and testing, and finally extracting the results achieved in MATLAB. Testing sets of the system consists of 3 types of images which were white background, and noise added and random background images. Finally, interfaces for the leaf identification system have developed as the end software product using MATLAB app designer. As a result, the accuracy achieved for each training sets on five leaf classes are recorded above 98%, thus recognition process was successfully implemented.
Customized moodle-based learning management system for socially disadvantaged...journalBEEI
This study aims to develop Moodle-based LMS with customized learning content and modified user interface to facilitate pedagogical processes during covid-19 pandemic and investigate how teachers of socially disadvantaged schools perceived usability and technology acceptance. Co-design process was conducted with two activities: 1) need assessment phase using an online survey and interview session with the teachers and 2) the development phase of the LMS. The system was evaluated by 30 teachers from socially disadvantaged schools for relevance to their distance learning activities. We employed computer software usability questionnaire (CSUQ) to measure perceived usability and the technology acceptance model (TAM) with insertion of 3 original variables (i.e., perceived usefulness, perceived ease of use, and intention to use) and 5 external variables (i.e., attitude toward the system, perceived interaction, self-efficacy, user interface design, and course design). The average CSUQ rating exceeded 5.0 of 7 point-scale, indicated that teachers agreed that the information quality, interaction quality, and user interface quality were clear and easy to understand. TAM results concluded that the LMS design was judged to be usable, interactive, and well-developed. Teachers reported an effective user interface that allows effective teaching operations and lead to the system adoption in immediate time.
Understanding the role of individual learner in adaptive and personalized e-l...journalBEEI
Dynamic learning environment has emerged as a powerful platform in a modern e-learning system. The learning situation that constantly changing has forced the learning platform to adapt and personalize its learning resources for students. Evidence suggested that adaptation and personalization of e-learning systems (APLS) can be achieved by utilizing learner modeling, domain modeling, and instructional modeling. In the literature of APLS, questions have been raised about the role of individual characteristics that are relevant for adaptation. With several options, a new problem has been raised where the attributes of students in APLS often overlap and are not related between studies. Therefore, this study proposed a list of learner model attributes in dynamic learning to support adaptation and personalization. The study was conducted by exploring concepts from the literature selected based on the best criteria. Then, we described the results of important concepts in student modeling and provided definitions and examples of data values that researchers have used. Besides, we also discussed the implementation of the selected learner model in providing adaptation in dynamic learning.
Prototype mobile contactless transaction system in traditional markets to sup...journalBEEI
One way to prevent and reduce the spread of the covid-19 pandemic is through physical distancing program. This research aims to develop a prototype contactless transaction system using digital payment mechanisms and QR code technology that will be applied in traditional markets. The method used in the development of electronic market systems is a prototype approach. The application of QR code and digital payments are used as a solution to minimize money exchange contacts that are common in traditional markets. The results showed that the system built was able to accelerate and facilitate the buying and selling transaction process in traditional market environment. Alpha testing shows that all functional systems are running well. Meanwhile, beta testing shows that the user can very well accept the system that was built. The results of the study also show acceptance of the usefulness of the system being built, as well as the optimism of its users to be able to take advantage of this system both technologically and functionally, so its can be a part of the digital transformation of the traditional market to the electronic market and has become one of the solutions in reducing the spread of the current covid-19 pandemic.
Wireless HART stack using multiprocessor technique with laxity algorithmjournalBEEI
The use of a real-time operating system is required for the demarcation of industrial wireless sensor network (IWSN) stacks (RTOS). In the industrial world, a vast number of sensors are utilised to gather various types of data. The data gathered by the sensors cannot be prioritised ahead of time. Because all of the information is equally essential. As a result, a protocol stack is employed to guarantee that data is acquired and processed fairly. In IWSN, the protocol stack is implemented using RTOS. The data collected from IWSN sensor nodes is processed using non-preemptive scheduling and the protocol stack, and then sent in parallel to the IWSN's central controller. The real-time operating system (RTOS) is a process that occurs between hardware and software. Packets must be sent at a certain time. It's possible that some packets may collide during transmission. We're going to undertake this project to get around this collision. As a prototype, this project is divided into two parts. The first uses RTOS and the LPC2148 as a master node, while the second serves as a standard data collection node to which sensors are attached. Any controller may be used in the second part, depending on the situation. Wireless HART allows two nodes to communicate with each other.
Implementation of double-layer loaded on octagon microstrip yagi antennajournalBEEI
A double-layer loaded on the octagon microstrip yagi antenna (OMYA) at 5.8 GHz industrial, scientific and medical (ISM) Band is investigated in this paper. The double-layer consist of two double positive (DPS) substrates. The OMYA is overlaid with a double-layer configuration were simulated, fabricated and measured. A good agreement was observed between the computed and measured results of the gain for this antenna. According to comparison results, it shows that 2.5 dB improvement of the OMYA gain can be obtained by applying the double-layer on the top of the OMYA. Meanwhile, the bandwidth of the measured OMYA with the double-layer is 14.6%. It indicates that the double-layer can be used to increase the OMYA performance in term of gain and bandwidth.
The calculation of the field of an antenna located near the human headjournalBEEI
In this work, a numerical calculation was carried out in one of the universal programs for automatic electro-dynamic design. The calculation is aimed at obtaining numerical values for specific absorbed power (SAR). It is the SAR value that can be used to determine the effect of the antenna of a wireless device on biological objects; the dipole parameters will be selected for GSM1800. Investigation of the influence of distance to a cell phone on radiation shows that absorbed in the head of a person the effect of electromagnetic radiation on the brain decreases by three times this is a very important result the SAR value has decreased by almost three times it is acceptable results.
Exact secure outage probability performance of uplinkdownlink multiple access...journalBEEI
In this paper, we study uplink-downlink non-orthogonal multiple access (NOMA) systems by considering the secure performance at the physical layer. In the considered system model, the base station acts a relay to allow two users at the left side communicate with two users at the right side. By considering imperfect channel state information (CSI), the secure performance need be studied since an eavesdropper wants to overhear signals processed at the downlink. To provide secure performance metric, we derive exact expressions of secrecy outage probability (SOP) and and evaluating the impacts of main parameters on SOP metric. The important finding is that we can achieve the higher secrecy performance at high signal to noise ratio (SNR). Moreover, the numerical results demonstrate that the SOP tends to a constant at high SNR. Finally, our results show that the power allocation factors, target rates are main factors affecting to the secrecy performance of considered uplink-downlink NOMA systems.
Design of a dual-band antenna for energy harvesting applicationjournalBEEI
This report presents an investigation on how to improve the current dual-band antenna to enhance the better result of the antenna parameters for energy harvesting application. Besides that, to develop a new design and validate the antenna frequencies that will operate at 2.4 GHz and 5.4 GHz. At 5.4 GHz, more data can be transmitted compare to 2.4 GHz. However, 2.4 GHz has long distance of radiation, so it can be used when far away from the antenna module compare to 5 GHz that has short distance in radiation. The development of this project includes the scope of designing and testing of antenna using computer simulation technology (CST) 2018 software and vector network analyzer (VNA) equipment. In the process of designing, fundamental parameters of antenna are being measured and validated, in purpose to identify the better antenna performance.
Transforming data-centric eXtensible markup language into relational database...journalBEEI
eXtensible markup language (XML) appeared internationally as the format for data representation over the web. Yet, most organizations are still utilising relational databases as their database solutions. As such, it is crucial to provide seamless integration via effective transformation between these database infrastructures. In this paper, we propose XML-REG to bridge these two technologies based on node-based and path-based approaches. The node-based approach is good to annotate each positional node uniquely, while the path-based approach provides summarised path information to join the nodes. On top of that, a new range labelling is also proposed to annotate nodes uniquely by ensuring the structural relationships are maintained between nodes. If a new node is to be added to the document, re-labelling is not required as the new label will be assigned to the node via the new proposed labelling scheme. Experimental evaluations indicated that the performance of XML-REG exceeded XMap, XRecursive, XAncestor and Mini-XML concerning storing time, query retrieval time and scalability. This research produces a core framework for XML to relational databases (RDB) mapping, which could be adopted in various industries.
Key performance requirement of future next wireless networks (6G)journalBEEI
Given the massive potentials of 5G communication networks and their foreseeable evolution, what should there be in 6G that is not in 5G or its long-term evolution? 6G communication networks are estimated to integrate the terrestrial, aerial, and maritime communications into a forceful network which would be faster, more reliable, and can support a massive number of devices with ultra-low latency requirements. This article presents a complete overview of potential 6G communication networks. The major contribution of this study is to present a broad overview of key performance indicators (KPIs) of 6G networks that cover the latest manufacturing progress in the environment of the principal areas of research application, and challenges.
Noise resistance territorial intensity-based optical flow using inverse confi...journalBEEI
This paper presents the use of the inverse confidential technique on bilateral function with the territorial intensity-based optical flow to prove the effectiveness in noise resistance environment. In general, the image’s motion vector is coded by the technique called optical flow where the sequences of the image are used to determine the motion vector. But, the accuracy rate of the motion vector is reduced when the source of image sequences is interfered by noises. This work proved that the inverse confidential technique on bilateral function can increase the percentage of accuracy in the motion vector determination by the territorial intensity-based optical flow under the noisy environment. We performed the testing with several kinds of non-Gaussian noises at several patterns of standard image sequences by analyzing the result of the motion vector in a form of the error vector magnitude (EVM) and compared it with several noise resistance techniques in territorial intensity-based optical flow method.
Modeling climate phenomenon with software grids analysis and display system i...journalBEEI
This study aims to model climate change based on rainfall, air temperature, pressure, humidity and wind with grADS software and create a global warming module. This research uses 3D model, define, design, and develop. The results of the modeling of the five climate elements consist of the annual average temperature in Indonesia in 2009-2015 which is between 29oC to 30.1oC, the horizontal distribution of the annual average pressure in Indonesia in 2009-2018 is between 800 mBar to 1000 mBar, the horizontal distribution the average annual humidity in Indonesia in 2009 and 2011 ranged between 27-57, in 2012-2015, 2017 and 2018 it ranged between 30-60, during the East Monsoon, the wind circulation moved from northern Indonesia to the southern region Indonesia. During the west monsoon, the wind circulation moves from the southern part of Indonesia to the northern part of Indonesia. The global warming module for SMA/MA produced is feasible to use, this is in accordance with the value given by the validate of 69 which is in the appropriate category and the response of teachers and students through a 91% questionnaire.
An approach of re-organizing input dataset to enhance the quality of emotion ...journalBEEI
The purpose of this paper is to propose an approach of re-organizing input data to recognize emotion based on short signal segments and increase the quality of emotional recognition using physiological signals. MIT's long physiological signal set was divided into two new datasets, with shorter and overlapped segments. Three different classification methods (support vector machine, random forest, and multilayer perceptron) were implemented to identify eight emotional states based on statistical features of each segment in these two datasets. By re-organizing the input dataset, the quality of recognition results was enhanced. The random forest shows the best classification result among three implemented classification methods, with an accuracy of 97.72% for eight emotional states, on the overlapped dataset. This approach shows that, by re-organizing the input dataset, the high accuracy of recognition results can be achieved without the use of EEG and ECG signals.
Parking detection system using background subtraction and HSV color segmentationjournalBEEI
Manual system vehicle parking makes finding vacant parking lots difficult, so it has to check directly to the vacant space. If many people do parking, then the time needed for it is very much or requires many people to handle it. This research develops a real-time parking system to detect parking. The system is designed using the HSV color segmentation method in determining the background image. In addition, the detection process uses the background subtraction method. Applying these two methods requires image preprocessing using several methods such as grayscaling, blurring (low-pass filter). In addition, it is followed by a thresholding and filtering process to get the best image in the detection process. In the process, there is a determination of the ROI to determine the focus area of the object identified as empty parking. The parking detection process produces the best average accuracy of 95.76%. The minimum threshold value of 255 pixels is 0.4. This value is the best value from 33 test data in several criteria, such as the time of capture, composition and color of the vehicle, the shape of the shadow of the object’s environment, and the intensity of light. This parking detection system can be implemented in real-time to determine the position of an empty place.
Quality of service performances of video and voice transmission in universal ...journalBEEI
The universal mobile telecommunications system (UMTS) has distinct benefits in that it supports a wide range of quality of service (QoS) criteria that users require in order to fulfill their requirements. The transmission of video and audio in real-time applications places a high demand on the cellular network, therefore QoS is a major problem in these applications. The ability to provide QoS in the UMTS backbone network necessitates an active QoS mechanism in order to maintain the necessary level of convenience on UMTS networks. For UMTS networks, investigation models for end-to-end QoS, total transmitted and received data, packet loss, and throughput providing techniques are run and assessed and the simulation results are examined. According to the results, appropriate QoS adaption allows for specific voice and video transmission. Finally, by analyzing existing QoS parameters, the QoS performance of 4G/UMTS networks may be improved.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Malware threat analysis techniques and approaches for IoT applications: a review
1. Bulletin of Electrical Engineering and Informatics
Vol. 10, No. 3, June 2021, pp. 1558~1571
ISSN: 2302-9285, DOI: 10.11591/eei.v10i3.2423 1558
Journal homepage: http://beei.org
Malware threat analysis techniques and approaches for IoT
applications: a review
Chimeleze Collins Uchenna1
, Norziana Jamil2
, Roslan Ismail3
, Lam Kwok Yan4
, Mohamad Afendee
Mohamed5
1,2,3
College of Computing and Informatics, Universiti Tenaga Nasional, Selangor, Malaysia
4
School of Computer Science and Engineering, Nanyang Technological University, Singapore
5
Faculty of Informatics & Computing, Universiti Sultan Zainal Abidin, Malaysia
Article Info ABSTRACT
Article history:
Received Mar 26, 2020
Revised Jul 12, 2020
Accepted Apr 27, 2021
Internet of things (IoT) is a concept that has been widely used to improve
business efficiency and customer’s experience. It involves resource
constrained devices connecting to each other with a capability of sending
data, and some with receiving data at the same time. The IoT environment
enhances user experience by giving room to a large number of smart devices
to connect and share information. However, with the sophistication of
technology has resulted in IoT applications facing with malware threat.
Therefore, it becomes highly imperative to give an understanding of existing
state-of-the-art techniques developed to address malware threat in IoT
applications. In this paper, we studied extensively the adoption of static,
dynamic and hybrid malware analyses in proffering solution to the security
problems plaguing different IoT applications. The success of the reviewed
analysis techniques were observed through case studies from smart homes,
smart factories, smart gadgets and IoT application protocols. This study gives
a better understanding of the holistic approaches to malware threats in IoT
applications and the way forward for strengthening the protection defense in
IoT applications.
Keywords:
Data analytics
Internet of things
Malware threat
Mobile threat
This is an open access article under the CC BY-SA license.
Corresponding Author:
Norziana Jamil
College of Computing and Informatics
Universiti Tenaga Nasional
Selangor, Malaysia
Email: norziana@uniten.edu.my
1. INTRODUCTION
Over the years, the internet of things (IoT) concept has exhibited great potential for actuating
various domains (personal and enterprise environments); with examples and likely applications but not
restricted, smart health for cashless and easy admission into major hospitals, smart cites for energy cost and
pollution reduction, smart transportation for developing alternative means to solve road traffic issues as well
as smart homes whereby energy industries are developing systems for increasing energy preservation and
security among others [1], [2].
With the advent of IoT, computing platforms for general purpose that runs on conventional desktops
are now been substituted by platforms like tablets and smartphones. High functionality applications that were
once restrained for usage on highly efficient desktops and laptops are currently accessible on the existing
mobile platforms as their computational power rises. The ripple effects of the growing trend in usage and
popularity of the smartphones have been evidenced in several internet applications where products,
accessibility and applications have been migrated to the platform for productivity and interoperability
2. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1559
enhancement [3], [4]. IoT technologies are being utilized as foundational technologies for the cooperative-
intelligent transport system (C-ITS), that is regarded as next generation intelligent transportation system [5].
Hence, IoT has become a bridge that unites the physical and digital world through the inclusion of smart
objects that relate with physical ambience with no direct human interference [6]. Highly essential in IoT
applications are confidentiality, authentication, access control and integrity through the implementation of
accurate security and privacy protocols [7]. Whilst the novel functionality derived from the IoT can be
utilized in improving the lives of humans, the possibility of conventional cyber-attacks on IoT system is rife
[8]. More so, it has been well established that a lot of IoT gadgets are susceptible to simple intrusion trials
such as utilizing weak or at times default passwords. For instance, in spite of the high sensitivity exhibited by
mobile platforms and the tendencies for abuse, various security threats not so different from those that are
currently affecting their desktop counterparts have begun to emerge. Similarly with the capacity of
smartphones to have several sensors and connection with a lot of IoT gadgets, it becomes a main target for
malwares [9].
Furthermore, their nature to host other integrated components such as microphones, inbuilt cameras,
accelerometer etc. makes them prone to hijack by malware as well as eavesdrop on their enclosure [10].
Recently, significant numbers of malware including worms, viruses, Trojan horses and rookits have begun to
emerge which are targets at exfiltrating confidential data in mobile platform or leverages on the compromised
asset so as to access confidential networks through which the gadget has genuine access [11], [12].
Atamli and Martin [13] has identified the three primary groups of malicious entities threatening IoT as: (1)
external attackers, (2) malicious users and (3) bad manufacturers [13]. For the purpose of assisting academics
and developers to easily comprehend the insight of several kinds of IoT security attacks as well as to create
relevant security measures in their IoT developments, Nawir et al. [14] designed a well-organized taxonomy
as presented in Figure 1 that outlines eight different categories under which attackers can attack the IoT
systems.
Meanwhile, traditional computers bring a lot of attacks in IoT environment and uses these
computers to infect other connected devices in IoT environment. Having seen these trends, IoT applications
are imminently a new area of security research. In this paper, we comprehensively explored the analysis
techniques and approaches of current IoT applications regarding series of threats from malware. Several
points of interest that an attacker can manipulate either by gaining access to unauthorized information or by
causing a denial of service have been identified alongside with the appropriate security architecture to
prevent the occurrence.
There are at least 2 research questions that need to be addressed: (1) What are the techniques that
malware threats in IoT applications can be efficiently addressed or mitigated? (2) What are the attributes to
be considered for malware analytic? This paper gives detailed information on recent challenges with malware
threats in IoT applications and highlights existing security techniques for the evaluation of existing
vulnerabilities in IoT applications. This paper is organized as follows: section 2 highlights challenges with
malware threats in IoT applications, section 3 presents the security techniques in place for malware detection
and evaluation and the conclusion and future work is given in section 4.
Figure 1. Taxonomy of security attacks on IoT [12]
3. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1558 – 1571
1560
2. CATEGORIES OF MALWARE THREATS IN IOT DEVICES AND APPLICATIONS
Security threats information technology (IT) have increased and advanced, and those developing
these threats are becoming highly ingenious in concealing their efforts. Hence, it has become essential to
explore the various means of protecting enabled services on the internet i.e. IoT. Due to this reason, it is
important to give a summary of malware threats in IoT platforms and the possible vulnerabilities. Hence,
malware threats in software, malware threats in hardware, malware threats in database and malware threats in
network services are reflected in this section.
2.1. Malware threats in software
Software patching is an important process to update a particular software with remedy to
vulnerabilities. Patching a software in IoT devices seems to be challenging because the device of different
limited capabilities. Commonly cloud-based approach is used to patch software in IoT environment and has
shown great potential. However, with a high possibility of the cloud imposing security threats such as data
breaches, human error, malicious insiders, account hijacking, and DDoS attacks, it becomes essential for
researchers to keep exploring software patches update for IoT devices.
2.2. Malware threats in hardware
IoT devices are exposed to the public space due to the clear structure, thus creating for the system
free threat sources in several aspects including the exposure of the device ID or serial number of the IoT
devices. Meanwhile, most of the IoT devices are connected through cloud infrastructure [2] that poses serious
security concerns. The possibility of an attacker to compromise the cloud through the loading of a single
malware to multiple IoT devices instantaneously is very high. Data transfer becomes a serious security issue
if important or confidential data is shifted in an open wireless network in a random public Wi-Fi network.
More so, multiple instance of hacks and data breach have exposed password of the user of popular websites
and companies.
2.3. Malware threats in database
In IoT environment, data sent by IoT nodes are usually passed through an IoT gateway before they
are sent to the database that resides at cloud. This database, without proper sanitizing, will open doors to
hackers to exploit it through SQL injection attacks or other web application attacks, that yields impersonation
or false command control.
2.4. Malware threats in network services
The network services is also one of the platforms through which IoT devices can be attacked. The
failure of sophisticated encryption algorithms execution on IoT systems promotes their vulnerability with
respect to information disclosure attacks. Failure to detect normal data traffic might leave a system exposed
to malware infection through distributed denial of service (DDoS) attacks [2]. Owing to resource constraints
including computational power and data storage capacity, IoT devices are least required to carry out payload
verification as well as integrity check that promotes insecurity in the IoT device.
3. EXISTING SECURITY TECHNIQUES
3.1. Malware detection techniques in software
With the threat of malicious software becoming an essential factor in securing smartphones,
Zhao et al. [15] designed and implemented an SVM active learning algorithm based Android malware
detection architecture called AntiMalDroid with the capacity for the detection and restriction of several
common and few novel malwares running on the Android platform. The framework of the AntiMalDroid as
shown in Figure 2 consists of two major parts: (i) Learning component which includes the characteristic
monitoring module, characteristic learning module, behavior characteristics signature module and signature
database, and (ii) Malware detection which includes the run-time behavior monitoring module, behavior
signature module, decision module ans the response module. From the results obtained, the performance
evaluation i.e. time consumption and battery consumption overhead was a little more but bearable.
The development and execution of a web-based software for detecting and classifying malware was
highlighted by Dogru and Kiraz [16]. The system developed depends on client-server structure, static
evaluation and web-scraping techniques. Static analysis technique was employed to analyze Android
applications. For the purpose of developing a benign application dataset, Android apps of formal institutes (in
Turkey and other countries), and common apps on the Google Play market were downloaded through the
utilization of the APKPure web page. Malicious software dataset was retrieved from the developed dataset in
the Drebin that has been distributed as an open resource.
4. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1561
Figure 2. Overview of AntiMalDroid malware detection architecture [15]
The robust nature of the system developed was analyzed by employing 5545 and 1173 Android apps
that are malicious and benign respectively. Talha et al. [17] developed a permission-based malware detection
system, APK auditor which utilizes static analysis for characterization and classification of Android
applications as benign or malicious. A new approach to assess potential maliciousness of apps by estimating
a statistical score through the requested permissions and uses a central server for the application analysis
while the results are retrieved by a web service was proposed. Overall, the APK auditor is made up of three
components: (1) a signature database to store extracted information about applications and analyse results,
(2) an Android client which is used by end-users to grant application analysis requests, and (3) a central
server with the capacity to communicate with both signature database and smartphone client as well as
managing the overall analysis process.
A StaDynA andriod malware detection system was proposed by Zhauniarovich et al. [18] to address
the problem of dynamic code updates in the security analysis of Android applications. The architecture of
StaDynA presented comprises two logical components: a server and a client. The static analysis of an
application is performed on the server. The client part of StaDynA is a modified Android operating system,
hosted either on a real device or an emulator. The client runs the application whenever the dynamic analysis
is required. D’Oraziob et al. [19] highlighted the potential for pairing mode in iOS devices (which gives
room for establishment of a trusted relationship between iOS device and private computer) and exploitation
for covert data exfiltration. A data exfiltration model with the capacity to scan iOS devices for vulnerabilities
against data exfiltration was developed to exploit the trusted relationship between a private computer and iOS
device to collect and transmit user data from victim device to an attacker.
Razak et al. [20] proposed bio-inspired Android malware detection system capable of examining
new variants of known malware and also to detect the existence of dangerous permissions observed in mobile
device applications. The Android malware detection system has three phases as shown in Figure 3 including
data collection, machine learning and database. Data collection starts with gathering all permissions
including benign and malware applications. The process includes decompiling .apk file, extracting and
filtering the permission. The machine learning phase ensures mobile device users can optimize the
permission features by employing features optimization approach. Navarro et al. [21] and Yang et al. [22]
respectively combined leveraging ontologies and hybrid analysis with machine-learning techniques for
Android malware detection and analysis. The former investigation employed the manifest XML files as the
information source and a complex ecosystem of a commercial Android smartphone provided the benign
applications downloaded from official apps stores and applications known as malware were obtained from
security research repositories. Lastly, ontology queries were used to build the model and machine-learning
algorithm (forest-based method) was used to process the original model. For the latter investigation, hybrid
method was firstly used for extracting characteristics of software followed by design of a two-stage detection
method based on machine learning to achieve the multi-label detection of malware. Random forest-based
multi-classifier was employed to determine the family to which the malware belongs.
5. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1558 – 1571
1562
Figure 3. Bio-inspired malware detection architecture [20]
3.2. Malware detection techniques in hardware
Akatyev and James [23] developed a model of a near-future user-centric IoT (UCIoT) network data
flow built on STRIDE and DREAD models capable of identifying high-level threats in smart home system
and concentration areas for investigators. From the threat assessment made, it was observed that the threats to
personal data posed great risks and the digital attacks in the developed have the potential to degenerate into
physical consequences such as death. A scheme for minimizing security susceptibilities and threats in IoT
devices as well as improving the security of the IoT service environment was proposed by Choi et al. [24].
With the implementation of the proposed scheme, the entire security of IoT apps and devices, especially in
smart factory can be put into check through system hardening and security monitoring.
A technique that exploits virtual environments and agent-based simulation for evaluating
cybersecurity solutions for the future of IoT applications in practical strategies was proposed by Furfaro et al.
[25]. Most importantly, the integrated utilization of the newly designed virtual environments has the capacity
for the exploitation of cutting-edge hardware virtualization technologies and cloud computing, simulation
that is agent-based as well as actual gadgets that give room for development and evaluation, in a regulated
manner, IoT technologies (applications, protocols, device prototypes) and relevant security threats before
they are released in production. The efficiency of the technique was showcased through the consideration of
a case study with regards to a regular smart home that involves the combination of real and virtual smart
gadgets within a virtualized scenario that initially evaluates security challenges and are being handled
thereafter.
In their investigation on malware threats targeted at gadgets deployed in industrial mobile-IoT
networks and the complementing detection methods, Sharmeen et al. [26] systematically compared static,
dynamic, and hybrid analyses by relying on data set, feature extraction and selection methods, detection
techniques as well as the efficiency of these techniques. Suspicious API and system calls, as well as the
permissions which were extracted and selected as features to detect mobile malware were identified during
the investigation. The outcome of the investigation therefore offers great assistance to application developers
in securing the use of APIs during the development of applications for industrial IoT network. A concept of
dynamic permutation that handles both hardware Trojan and side-channel analysis attacks in emerging IoT
applications was proposed by Dofe et al. [27]. The implementation of this technique creates enormous
difficulty for attackers to launch a hardware attack successfully. More so, the dynamic nature of the
permutation technique further hinders Trojan attack, replaces power profile with time and creates difficulty in
retrieving the crypto key that relies on the power analysis.
Xiao et al. [28] investigated a cloud-based malware detection game where gadgets offload their
application traces to security services through base stations/access locations in dynamic networks. The
malware detection system was designed with Q-learning in order for a mobile gadget to obtain the optimum
rate for offloading without identifying the trace generation and the ratio bandwidth model of the mobile
gadgets. The study above was enhanced further in another study by the same set of authors [29] with the use
of hotbooting-Q techniques in designing the mobile malware detection system which makes the quality
values that rely on the malware detection experience. The deep Q-network method having a deep
convolutional neural network was utilized to further enhance the detection speed, the detection accuracy and
the utility. Patil et al. [30] developed in-VM-assisted lightweight agent-based malware detection (AMD)
architecture for securing high-risk virtual machine (VM) from malware at the initial stage of VM life cycle.
6. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1563
The malware detection architecture has two parts, which are agent at VM and anomaly detection at
hypervisor for detecting both known and unknown malware. Figure 4 presents the design of the AMD
architecture.
Mishra et al. [31] proposed a dynamic evaluation-based introspection technique, named
KVMInspector for malware detection in KVM-based cloud environment. Libraries of LibVMI and Nitro
were utilized in extracting the reduced level information of a running virtual machine by checking its
memory, trapping hardware events, as well as evaluating the vCPU registers from KVM. X. Jia et al. [32]
proposed FindEvasion, a cloud based technique for the detection of environment-sensitive malware. It has
capacity to extract the suspected program from the VM and evaluates them on multiple operating
environments. It is also capable of multiple behavioral sequences similarity (MBSS) check algorithm, that
relates the behaviors of a suspected program noticed in multiple operating environments, and ascertains the
suspected program is an environment-sensitive malware or not. Kumara and Jaidhar [33] proposed a
hypervisor oriented automated internal-external (A-IntExt) malware detection model. It employs a protected
and lightweight in-VM-assisted component to gather internally state information. It possesses an intelligent
cross view analyzer (ICVA) at hypervisor that regularly checks the supplied data by the in-VM component to
detect hidden, dead and malicious processes.
3.3. Malware detection techniques in database
By utilizing the iOS devices as a case study, D’Orazio et al. [34] presented for the iOS devices, the
capacity for pairing mode (which allows institution of a genuine relationship between iOS device and private
computer) and the usage for exfiltration of hidden data. A data exfiltration model with the capacity to subject
iOS gadgets to scanning for susceptibilities against data exfiltration was developed for the exploitation of the
genuine relationship between a private computer and iOS gadget for collection and transmission of user data
from victim gadget to an intruder.
In their investigation, Chen et al. [35] proposed unbalanced classification methods consisting of
synthetic minority oversampling technique (SMOTE) + support vector machine (SVM), SVM cost-sensitive
(SVMCS), and C4.5 cost sensitive (C4.5CS) methods for machine-learning based mobile malware detection
using imbalanced network traffic. An imbalanced data gravitation-based classification (IDGC) algorithm was
deployed to classify imbalanced data when they approach certain threshold where the behavior of the
algorithm for classification is significantly degraded. A simplex imbalanced data gravitation classification
(S-IDGC) model was developed to decrease the time cost of IDGC without affecting the behavior of the
classification process and a machine-learning based correlative standard prototype system was proposed for
users to detect the performance of various classification algorithms on similar dataset. The architecture of the
prototype system is shown in Figure 5 and can be grouped into these units: (1) unified network traffic data
(2) traffic processing and classifier settings, (3) comparative performance results, and (4) operating
procedures of the system.
An efficient malware detection technique in cloud infrastructure employing CNN (convolutional
neural network) was proposed by Abdelsalam et al. [36]. The accuracy of the CNN classifier was enhanced
by employing a new 3d CNN (wherein the input is an assembly of samples over a period of time) that largely
assists in reducing the mistakenly labelled samples in the course of data collection and training. Elsewhere,
Silakari and Chourasia [37] proposed the accelerated chaotic map particle swarm optimization (ACMPSO
K-means) technique which combines PSO and K-means to give satisfactory result for the detection of
malware in cloud computing infrastructure.
Figure 4. The design of the AMD architecture [30]
7. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1558 – 1571
1564
Sun et al. [38] developed CloudEyes; a cloud-based malware detection system that offers effective
and trusted security services in resource constrained devices. CloudEyes offers questionable bucket
cross-filtering, a new signature detection system reliant on the reversible sketch structure that offers hindsight
and efficient positions for fragments of malicious signature. In a complementary study [39], another
cloud-based detection system that gives protection to data privacy of both the cloud server and the client.
PriMal employs a recently developed Private Malware Signature Set Intersection (PMSSI) protocol to
activate the cloud server and client for the achievement of malware confirmation without exposing the data
privacy in semi-honest model. Figure 6 shows the system architecture for PriMal. Q. K. Ali Mirza et al. [40]
proposed CloudIntell; an intelligent machine learning method for the enhancement of malware detection rate
and a cloud-based framework for supporting and hosting the implementation of the methodology. An
automated feature tool was developed for extraction, that obtained features from over 200,000 files in an
efficient manner.
Figure 5. A relative standard prototype system architecture for network traffic-based malware detection [35]
Figure 6. System architecture for PriMal [39]
3.4. Malware detection techniques in network services
Having identified the vulnerabilities of IoT devices and applications to sensor-based threats owing
to the absence of decent security measures available for controlling the usage of sensors by apps, Sikder et al.
[41] conducted a comprehensive survey on the existing countermeasures developed specially for sensors
security in IoT devices and gave feasible recommendations for future research exploration. The existing
security mechanisms for prevention of sensor-based threats were categorized into two entities. For the first
category i.e. the enhancement of existing sensor management systems, the developed systems include: (i)
Semadroid-an Android sensor management system which offers users a monitoring and logging feature that
makes the utilization of sensors by app explicit, (ii) Aware-an authorization architecture for android that
extends Android Middleware for controlling access to privacy-sensitive sensors and with the capacity of at
most 7% of the users being tricked by examples of four kinds of attack, contrary to an average of 85% for
8. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1565
previous approaches, and (iii) 6thSense-a comprehensive context-aware architecture with approx. 97%
accuracy and F-score, that employs the entire sensor data in real time and decides if the current context of the
sensors or not utilizing several machine learning-based techniques.
For the second category i.e. protection of sensed data, the developed mechanisms include: (i)
location-privacy preserving mechanisms (LPPMs)-a mechanism to limit the probability of success of
inference attack, on location data and offers a robust defense against white-box attacks when integrated with
targeted maneuvers ( reduction of probability success of white-box attacks to 3%), (ii) single inverter ring
oscillator (SIRO)-a countermeasure to immune IoT devices and applications from power analysis and
electromagnetic emanation attacks, and (iii) AuDroid-a model for securing communications through audio
channels whenever applications utilize the device’s microphones and speakers.
Owing to the diverse existence of malicious software (malcode/malware) which poses great issues
for network and end host security, Gupta et al. [42] developed a new graph pruning system for establishing
the inheritance relationships between several instances of malcode that relies on temporary information and
major general phrases detected in the malcode descriptions. Comprehensive investigation revealed the
identification of 669 distinct malware families by algorithm which can be of great use to domain experts and
can assist in the design and development of proactive strategies to prevent malware attacks.
Being one of the most adopted IoT application protocols, Firdous et al. [43] presented the message
quelling telemetry protocol (MQTT) threat model as shown in Figure 7 and conducted an analysis on the
denial of service (DoS) attack which targets MQTT brokers. The investigators setup a testbed using virtual
machines for the testing of an MQTT broker server performance in the course of a DoS attack. A simulation
utilizing 2000 PUBLISH messages (4MB payload each) were transferred to the broker which triggered the
crash of the broker in 30 s. In the course of the attack, CPU load rise steadily and the memory was elevated to
100% prior the crash of the MQTT, while the network traffic reached 100MB/s in the course of the payload
flooding attack.
Alhawi et al. [44] leveraged on different machine learning methods for Windows ransomware
network traffic detection. NetConverse was introduced out of the methods where in the data collection phase
of their experiment, samples of network traffic were collected for the ransomeware and benign Windows
apps while the feature extraction phase retrieves the necessary features and attaches them for the creation of
the utilized dataset. Lastly, in the machine learning classifier phase, training and testing of numerous
algorithms located in Waikato Envitonment for knowledge Analysis 3.8.1 (WEKA) tool for machine learning
to find the optimal detection model. Messabi et al. [45] presented a novel approach using Python for the
detection of DNS malware through the use of various behavioral features for the recognition of malicious
domains from the legitimate ones before they are opened by the user. The approach employs the collection of
most common DNS-based feature utilized in past investigations so as to obtain the optimal results.
In order to develop a malware detection model for cloud environment, Yadav [46] proposed a new
consolidated WFCM-AANN (weighted fuzzy c-means clustering algorithm with auto associative neural
network). The proposed system consists of two modules. On the first hand, the clustering module is
employed to gather the input dataset into clusters with the use of the WFCM clustering. On the other hand,
the centroidal part from the clustered dataset is subjected to the periodic AANN which is utilized in
characterizing intrusion state of the information.
Figure 7. MQTT threat model [43]
9. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1558 – 1571
1566
By relying on text semantics of network flows, Wang et al. [47] proposed a framework for malware detection
that can endure encrypted HTTPS and non-encrypted HTTP traffic in home networks, bring-your-own-
device (BYOD) enterprise networks, and 3G/4G mobile networks. The proposed technique handles all HTTP
flow as a document, and thereafter utilizes the word segmentation reliant on N-gram generation for
generation candidate features for effective characterization of a certain HTTP flow. Finally, an SVM
classifier is trained to automatically detect if the unknown traffic is malicious or benign.
For the purpose of ensuring information security, Kang et al. [48] classified malware into families
by employing the word2vec model and the long short-term memory (LSTM). The word2vec was used to
extract names of opcodes as well as API function from the assembly source and later vectorized into vectors
having smaller value of dimensions for the reduction of learning time and improve the classification rate. The
LSTM was then used to obtain the classification results by receiving the vectorized results. Prasse et al. [49]
developed and investigated a model for malware detection that relies on LSTMs which utilizes just the
observable areas of the HTTPS traffic. A VPN client was deployed to numerous client computers for
observing the relationships between executable files and network flows on numerous client computers.
Finally, anti-virus devices were used to obtain in retrospect, which of the network flows in the training and
evaluation dataset emanate from malware. Malik and Kaushal [50] proposed CREDROID which detects
malicious apps by relying on their DNS queries and the data it transfers to remote server by carrying out the
comprehensive evaluation of network traffic logs in offline mode. The technique is semi-automated and
works on several considerations including the remote server that connects the application, data being
transfered as well as the protocol that is utilized in communicating for the identification of the credibility of
the application.
4. FUTURE APPROACHES FOR SECURITY ENHANCEMENT IN IoT APPLICATIONS
Sikder et al. [41] proposed the open issues listed as follows as future directions in the context of
sensor-based threats: (i) investigation of anticipated functionality for threats identification, (ii) standard
security mechanisms adoption, (iii) Fine-grained control of the sensors, (iv) control data distribution between
sensors, (v) protection of sensor data when at rest, (vi) leakage prevention of confidential data, (vii) integrity
protection of sensor operations, and (viii) adoption of intrusion systems for detecting attacks. Upon
conducting a state-of-the-art survey on security attacks in IoT, J. Deogirikar and A. Vidhate [51] proposed a
need for refinement in the current network architecture as well as the creation of a novel network architecture
that is lightweight for future work. With this in place at the security layers in each network layer, there is
high possibility of solving the performance and security related issues in IoT applications.
Focusing on the smart devices and multimedia applications which provides remote monitoring of
our daily activities. Shifa et al. [52] proposed for future investigation a lightweight encryption to preserve the
privacy of multimedia data within IoT environment. The proposed system ensures the security of
organizations and individuals by tackling the various security levels needed by multimedia applications at
various stages in the operation. For the total implementation of the system for different device capabilities,
the investigators emphasized on the performance and security evaluation by considering several potential
attacks against the encryption system the validation for the efficiency of the implemented multi-level partial
encryption techniques. In addition, future investigations must also focus on threat and investigation of retail
IoT devices through the development of systems for statistics measurement of malware threats as well as the
continuous monitoring and analysis of new malware threats in IoT devices. Table 1 in appendix presents the
performance and security characteristics of analysis techniques for malware detection in different platforms.
5. CONCLUSION
In this study, we have documented comprehensive analysis techniques with cutting-edge solutions
to address malware threat in IoT applications. In particular, static, dynamic as well as hybrid analyses have
been adopted by researchers to confront security issues plaguing several IoT applications. The effectiveness
of the documented analysis techniques was demonstrated using case studies including smart home systems,
smart factories, smart gadgets and IoT application protocols. Systems such as 6thSense, a comprehensive
context-aware architecture for sensors security in IoT devices offers approximately 97% accuracy and
F-score. Similarly the location-privacy preserving mechanisms (LPPMs) with integrated targeted maneuvers
offers a robust defense against white-box attacks by reducing the probability success of white-box attacks to
3%. It was discovered from all the techniques reviewed that the investigation of anticipated functionality for
sensor-based threats and investigation of a lightweight encryption to preserve the privacy of multimedia data
within IoT environment as key areas that must be worked on in future investigations.
10. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1567
APPENDIX
Table 1. Performance and security characteristics of analysis techniques for malware detection in different
platforms
Existing approach to malware
threat
Cate-
gory
Performance Char. Security Char.
General Char. Limitations Ref.
Technique used
Compu
ter
power
Memor
y
Footpri
nt
Energy
Consu
me
Integr
ity
Data
Protecti
on
An SVM active learning
algorithm based Android
malware detection architecture
called AntiMalDroid with the
capacity for the detection and
restriction of several common and
few novel malwares running on
the Android platform
Sf Y Y Y Y N
Efficient;
Reliable;
Flexible;
Extension to other Linux-
based embedded systems is
necessary for the validation
of the technique
[15]
Web-based Android malicious
software detection and
classification system based on
client-server architecture, static
analysis and web-scraping
methods
Sf Y N N Y Y
Reliable;
Efficient
Accuracy can be further
increased
[16]
APK Auditor Android client
APK; APK Auditor Signature
Database Applications; APK
Auditor central server; APK
Auditor administration portal
Sf N Y N Y Y
External
resource
dependency
External system
dependencies make the
whole system unavailable
when these dependencies are
out of service.
[17]
StaDynA andriod malware
detection solution based on
combination of static and
dynamic analysis of applications
Sf N Y N Y Y Flexible Android emulator is slow [18]
A data exfiltration model with the
capacity to scan iOS devices for
vulnerabilities against data
exfiltration
Sf Y N Y Y N Reliable
Not supported by other IoT
devices and big data systems
[19]
A bio-inspired Android malware
detection system capable of
examining new variants of known
malware and also to detect the
existence of dangerous
permissions observed in mobile
device applications
Sf Y N N Y N
Adaptable;
Efficient
The limitation observed in
the study lies in the ability of
the system to detect Android
malware in the cloud
[20]
A system comprising of
leveraging ontologies and
machine-learning techniques for
malware analysis into Android
permissions ecosystem.
Sf Y N Y Y N
Efficient;
Reliable
The inclusion into the graph
and use of the already
trained classifier could be
trivial.
[21]
A two-stage detection method
based on machine learning to
achieve the multi-label detection
of malware.
Sf Y N Y Y N
Efficient;
Reliable
Accuracy can be further
increased
[22]
A near-future User-Centric IoT
(UCIoT) network data flow built
on STRIDE and DREAD models
capable of identifying high-level
threats in Smart Home System
and concentration areas for
investigators
Hd Y N N Y Y
Reliable;
Adaptable
The proposed model for
threat assessment is yet to be
tested on industrial IoT
systems
[23]
A scheme for minimizing security
susceptibilities and threats in IoT
devices as well as improving the
security of the IoT service
environment
Hd Y N N Y Y
Adaptable;
Flexible
There is a need to reduce the
size and optimize binaries
used in the implementation
of the technique
[24]
A technique that exploits virtual
environments and agent-based
simulation for evaluating
cybersecurity solutions for the
future of IoT applications in
practical strategies
Hd Y N N Y N Efficient
Current findings revealed the
necessity for a system
upgrade in future
investigations.
[25]
Comparison study of static,
dynamic, and hybrid analyses by
relying on data set, feature
extraction and selection methods,
detection techniques as well as
the efficiency of these techniques
based on client-server
Hd N N Y Y N Reliable
Accuracy can be further
increased
[26]
11. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1558 – 1571
1568
architecture, static analysis and
web-scraping methods
A concept of dynamic
permutation that handles both
hardware Trojan and side-channel
analysis attacks in emerging IoT
applications
Hd N Y Y N Y
Efficient;
Reliable
Higher computational power
is required
[27]
Cloud-based mobile malware
detection system designed with
Q-learning
Hd Y N Y Y N
Efficient;
Reliable
The Q-learning has a slow
learning rate
[28]
Cloud-based mobile malware
detection system designed
withhotbooting-Q techniques
Hd Y Y Y Y N
Efficient;
Reliable
More dataset is required to
ascertain the prospects of
this method
[29]
Agent-based malware detection
(AMD) architecture for securing
high-risk virtual machine (VM)
from malware at the initial stage
of VM life cycle.
Hd Y N Y Y N
Efficient;
Reliable;
Flexible
It needs to be extended for
the detection of certain
encrypted malware such as
Ransomeware, that are
challenging to detect without
running them
[30]
A dynamic evaluation based
introspection technique, named
KVMInspector for malware
detection in KVM-based cloud
environment
Hd Y Y Y Y N
Efficient;
Reliable
There is need to integrate
network monitoring
functionalities with the
KVMInspector in order for
the program and network
behaviour to be evaluated
[31]
FindEvasion, a cloud based
technique for the detection of
environment-sensitive malware
Hd Y N N Y N
Efficient;
Reliable
It consumes too much time
and may be not be feasible
for large-scale computing
systems.
[32]
A hypervisor oriented
Automated Internal–External (A-
IntExt) malware detection model.
Hd Y N Y Y N
Efficient;
Adaptable
It is quite challenging to
secure the ICVA is a
challenge.
[33]
Adataexfiltrationmodelwiththe
capacitytoscaniOSdevicesfor
vulnerabilitiesagainstdataexfiltration
Db Y N Y Y Y Reliable
Not supported by other IoT
gadgets and systems having
large data
[34]
Machine Learning based
approach for malware detection
for Android platform using Rain
Forest (RF), Support Vector
Machine (SVM), k-nearest
neighbour (KNN), Naive Bayes
(NB)
Db N Y N N Y
Flexible;
Adaptable;
Samples primarily emanate
from the academic sample
category of the institution or
platform and have no
metamorphic malware
sample. Metamorphic
malware has the capacity to
avoid the suggested
technique. It is obviously
susceptible to obfuscation
and packing
[35]
Malware detection technique in
cloud infrastructure that employs
CNN
Db Y N N Y Y
Efficient;
Reliable;
Flexible
There is need to extend the
scale of experiment in future
study by employing more
malware binaries
[36]
ACMPSO K-means for detection
of malware in cloud computing
infrastructure
Db Y N N Y N
Reliable;
Flexible
Investigation of more
standard dataset is necessary
before the full
implementation of the
approach
[37]
CloudEyes; a cloud-based
detection system that offers
effective and trusted security
services in resource constrained
devices
Db Y N Y Y Y Reliable
The detection needs further
improvement by using better
algorithms
[38]
PriMal; a cloud-based detection
system that gives protection to
data privacy of both the cloud
server and the client
Db Y Y N Y Y Reliable
The detection needs further
improvement by using better
algorithms
[39]
CloudIntell; an intelligent
malware detection system for the
enhancement of malware
detection rate
Db Y N N Y N
Efficient;
Reliable
The memory footprint needs
to be improved
[40]
Countermeasures developed
specially for sensors security in
IoT devices
Ns Y N N Y Y
Efficient;
Adaptable
A total and extensive
solution for autonomous
policy enforcement, detailed
coverage of the entire
sensors, as well as an
accurate trade-off between
power and performance are
yet to be developed
[41]
A new graph pruning system for Ns Y N N Y N Adaptable; Corpus of malware meta- [42]
12. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1569
establishing the inheritance
relationships between several
instances of malcode that relies
on temporary information and
major general phrases detected in
the malcode descriptions
Reliable data must be expanded for
detailing malware
evolutionary attributes and
collaboration with AV
companies is essential for the
development of systems with
capacity to anticipate future
trends in malware evolution
Message Quelling Telemetry
Protocol (MQTT) threat model
with analysis on the Denial of
Service (DoS) attack which
targets MQTT brokers
Ns N Y N Y N Satisfactory
The method is restricted to
quantify only the impact of
DoS attacks
[43]
NetConverse; a machine learning
technique for Windows
ransomeware network traffic
detection
Ns Y N Y Y Y
Efficient;
Reliable;
Flexible
The memory footprint
requires improvement
[44]
A novel approach using Python
for the detection of DNS malware
Ns N N Y Y N Reliable
The approach is not complex
enough for the detection of
all malware domains on the
internet
[45]
A new consolidated WFCM-
AANN for malware detection in
cloud environment
Ns Y N Y Y N
Efficient;
Reliable
Only two normal and
anomaly detection problems
were investigated. Hence,
detection of multiple types of
attacks needs to be explored
in future work.
[46]
A framework for malware
detection that relies on text
semantics of network flows
Ns Y N Y Y N
Efficient;
Relibale;
Flexible
The technique can not trigger
all malicious behaviors
[47]
Utilization of word2vec model
and Long Short-Term Memory
(LSTM) for malware
classification into families.
Ns N Y Y Y Y
Efficient;
Reliable
The technique requires high
computing resources
[48]
LSTM based malware detection
model that utilizes just the
observable areas of HTTPS
traffic
Ns Y N Y Y N
Efficient;
Reliable;
Adaptable
Further study is necessary
with large dataset
[49]
CREDROID; a malware
detection system that rely on
DNS queries and the data it
transfers to remote server through
evaluation of network traffic logs
in offline mode.
Ns N N Y Y N Reliable
It is almost impossible to
map out the sent messages to
the premium numbers by the
malware
[50]
*Sf: software, Hd: hardware, Db: Database, Ns: Network services, Y: Yes, N: No
REFERENCES
[1] L. Atzori, A. Iera, and G. Morabito, “The internet of things: A survey,” Computer networks, vol. 54, no. 15, pp.
2787-2805, 2010, doi: 10.1016/j.comnet.2010.05.010.
[2] J. Ahamed and A. V. Rajan, "Internet of Things (IoT): Application systems and security vulnerabilities," 2016 5th
International Conference on Electronic Devices, Systems and Applications (ICEDSA), Ras Al Khaimah, United
Arab Emirates, 2016, pp. 1-5, doi: 10.1109/ICEDSA.2016.7818534.
[3] S. A. Akinboro, A. Omotosho, and M. Odusami, “An improved model for securing ambient home network against
spoofing attack,” International Journal Computer Network and Information Security, vol. 10, no. 2, pp. 20-26,
2018, doi: 10.5815/ijcnis.2018.02.03.
[4] M. Odusami, et al., “Android Malware Detection: A Survey,” in International Conference on Applied Informatics,
ICAI 2018, Bogota, Colombia, 2018, pp. 255-266, doi: 10.1007/978-3-030-01535-0_19.
[5] J. Alfonso, N. Sanchez, J. M. Menendez, and E. Cacheiro, “Cooperative ITS communications architecture: the
FOTsis project approach and beyond,” IET Intelligent Transport Systems, vol. 9, no. 6, pp. 591-598, 2015, doi:
10.1049/iet-its.2014.0205.
[6] E. Fleisch, “What is the internet of things? An economic perspective,” Economics, Management, and Financial
Markets, vol. 5, no. 2, pp. 125-157, 2010.
[7] M. A. Razzaq, S. Habib, M. Ali, and S. Ullah, “Security issues in the Internet of Things (IoT): A comprehensive
study,” International Journal of Advanced Computer Science and Applications, vol. 8, no. 6, p. 383, 2017, doi:
10.14569/IJACSA.2017.080650.
[8] B. Min and V. Varadharajan, "Design and Evaluation of Feature Distributed Malware Attacks against the Internet
of Things (IoT)," 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS),
Gold Coast, QLD, Australia, 2015, pp. 80-89, doi: 10.1109/ICECCS.2015.19.
[9] S. Jha, S. Katzenbeisser, C. Schallhart, H. Veith and S. Chenney, "Enforcing Semantic Integrity on Untrusted
Clients in Networked Virtual Environments," 2007 IEEE Symposium on Security and Privacy (SP '07), Berkeley,
CA, USA, 2007, pp. 179-186, doi: 10.1109/SP.2007.16.
13. ISSN: 2302-9285
Bulletin of Electr Eng & Inf, Vol. 10, No. 3, June 2021 : 1558 – 1571
1570
[10] Jon Howell and Stuart Schechter, “What You See is What they Get: Protecting users from unwanted use of
microphones, camera, and other sensors,” in Proceedings of Web 2.0 Security and Privacy Workshop.
[11] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “A survey of mobile malware in the wild,” in
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp. 3-14, 2011,
doi: 10.1145/2046614.2046618.
[12] M. C. Mont, S. Pearson and P. Bramhall, "Towards accountable management of identity and privacy: sticky
policies and enforceable tracing services," 14th International Workshop on Database and Expert Systems
Applications, 2003. Proceedings., Prague, Czech Republic, 2003, pp. 377-382, doi: 10.1109/DEXA.2003.1232051.
[13] A. W. Atamli and A. Martin, "Threat-Based Security Analysis for the Internet of Things," 2014 International
Workshop on Secure Internet of Things, Wroclaw, Poland, 2014, pp. 35-43, doi: 10.1109/SIoT.2014.10.
[14] M. Nawir, A. Amir, N. Yaakob and O. B. Lynn, "Internet of Things (IoT): Taxonomy of security attacks," 2016 3rd
International Conference on Electronic Design (ICED), Phuket, Thailand, 2016, pp. 321-326, doi:
10.1109/ICED.2016.7804660.
[15] M. Zhao, F. Ge, T. Zhang, and Z. Yuan, “AntiMalDroid: An efficient SVM-based malware detection framework
for android,” in International Conference on Information Computing and Applications, Springer, Berlin,
Heidelberg, 2011, vol. 243, pp. 158-166, doi: 10.1007/978-3-642-27503-6_22.
[16] I. A. Dogru and O. Kiraz, “Web-Based Android Malicious Software Detection and Classification System,” Applied
Sciences, vol. 8, no. 9, p. 1622, 2018, doi: 10.3390/app8091622.
[17] K. A. Talha, D. I. Alper, and C. Aydin, “APK Auditor: Permission-based Android malware detection system,”
Digital Investigation, vol. 13, pp. 1-14, 2015, doi: 10.1016/j.diin.2015.01.001.
[18] Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, and F. Massacci, “Stadyna: Addressing the problem of
dynamic code updates in the security analysis of android applications,” in Proceedings of the 5th ACM Conference
on Data and Application Security and Privacy, pp. 37-48, 2015, doi: 10.1145/2699026.2699105.
[19] C. J. D’Orazio, K. R. Choo and L. T. Yang, "Data Exfiltration From Internet of Things Devices: iOS Devices as
Case Studies," in IEEE Internet of Things Journal, vol. 4, no. 2, pp. 524-535, April 2017, doi:
10.1109/JIOT.2016.2569094.
[20] M. F. Ab Razak, N. B. Anuar, F. Othman, A. Firdaus, F. Afifi, and R. Salleh, ”Bio-inspired for features
optimization and malware detection,” Arabian Journal for Science and Engineering, vol. 43, no. 12, pp. 6963-
6979, 2018, doi: 10.1007/s13369-017-2951-y.
[21] L. C. Navarro, A. K. W. Navarro, A. Gregio, A. Rocha, and R. Dahab, “Leveraging ontologies and machine-
learning techniques for malware analysis into Android permissions ecosystems,” Computers & Security, vol. 78,
pp. 429-453, doi: 10.1016/j.cose.2018.07.013.
[22] F. Yang, Y. Zhuang, and J. Wang, “Android Malware Detection Using Hybrid Analysis and Machine Learning
Technique,” in International Conference on Cloud Computing and Security, vol. 10603, pp. 565-575, 2017, doi:
10.1007/978-3-319-68542-7_48.
[23] N. Akatyev and J. I. James, “Evidence identification in IoT networks based on threat assessment,” Future
Generation Computer Systems, vol. 93, pp. 814-821, 2019, doi: 10.1016/j.future.2017.10.012.
[24] S. K. Choi, C. H. Yang, and J. Kwak, “System Hardening and Security Monitoring for IoT Devices to Mitigate IoT
Security Vulnerabilities and Threats,” KSII Transactions on Internet & Information Systems, vol. 12, no. 2, pp.
906-918, 2018, doi: 10.3837/tiis.2018.02.022.
[25] A. Funrfao, L. Argento, A. Parise, and A. Piccolo, “Using virtual environments for the assessment of cybersecurity
issues in IoT scenarios,” Simulation Modelling Practice and Theory, vol. 73, pp. 43-54, 2017, doi:
10.1016/j.simpat.2016.09.007.
[26] S. Sharmeen, S. Huda, J. H. Abawajy, W. N. Ismail and M. M. Hassan, "Malware Threats and Detection for
Industrial Mobile-IoT Networks," in IEEE Access, vol. 6, pp. 15941-15957, 2018, doi:
10.1109/ACCESS.2018.2815660.
[27] J. Dofe, J. Frey and Q. Yu, "Hardware security assurance in emerging IoT applications," 2016 IEEE International
Symposium on Circuits and Systems (ISCAS), Montreal, QC, Canada, 2016, pp. 2050-2053, doi:
10.1109/ISCAS.2016.7538981.
[28] L. Xiao, Y. Li, X. Huang and X. Du, "Cloud-Based Malware Detection Game for Mobile Devices with
Offloading," in IEEE Transactions on Mobile Computing, vol. 16, no. 10, pp. 2742-2750, 1 Oct. 2017, doi:
10.1109/TMC.2017.2687918..
[29] X. Wan, G. Sheng, Y. Li, L. Xiao and X. Du, "Reinforcement Learning Based Mobile Offloading for Cloud-Based
Malware Detection," GLOBECOM 2017-2017 IEEE Global Communications Conference, Singapore, 2017, pp. 1-
6, doi: 10.1109/GLOCOM.2017.8254503.
[30] R. Patil, H. Dudeja, and C. Modi, “Designing in-VM-assisted lightweight agent-based malware detection
framework for securing virtual machines in cloud computing,” International Journal of Information Security, vol.
19, no. 2, pp. 147-162, 2020, doi: 10.1007/s10207-019-00447-w.
[31] P. Mishra, I. Verma, and S. Gupta, “KVMInspector: KVM Based introspection approach to detect malware in cloud
environment,” Journal of Information Security and Applications, vol. 51, p. 102460, 2020, doi:
10.1016/j.jisa.2020.102460.
[32] X. Jia, G. Zhou, Q. Huang, W. Zhang, and D. Tian, “Findevasion: an effective environment-sensitive malware
detection system for the cloud,” in International Conference on Digital Forensics and Cyber Crime, Springer,
Cham, 2017, vol. 216,pp. 3-17, doi: 10.1007/978-3-319-73697-6_1.
14. Bulletin of Electr Eng & Inf ISSN: 2302-9285
Malware threat analysis techniques and approaches for IoT applications… (Chimeleze Collins Uchenna)
1571
[33] M. A. A. Kumara and C. D. Jaidhar, “Leveraging virtual machine introspection with memory forensics to detect
and characterize unknown malware using machine learning techniques at hypervisor,” Digital Investigation, vol.
23, pp. 99-123, 2017, doi: 10.1016/j.diin.2017.10.004.
[34] F. H. A. Jabar, J. I. Mohammad, A. F. M. Zain, and A. B. Hasan, "Data Exfiltration of Ultrasonic Signal in
Computer Security System: A Review,” Indonesian Journal of Electrical Engineering and Computer Science, vol
10, no 2, pp. 490-497, May 2018, doi: 10.11591/ijeecs.v10.i2.pp490-497.
[35] Z. Chen, et al., “Machine learning based mobile malware detection using highly imbalanced network traffic,”
Information Sciences, vol. 433-434, pp. 346-364, 2018, doi: 10.1016/j.ins.2017.04.044.
[36] M. Abdelsalam, R. Krishnan, Y. Huang and R. Sandhu, "Malware Detection in Cloud Infrastructures Using
Convolutional Neural Networks," 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), San
Francisco, CA, USA, 2018, pp. 162-169, doi: 10.1109/CLOUD.2018.00028.
[37] Nancy, S. Silkari, and U. Chourasia, “Malware Detection Techniques in Cloud Computing Infrastructure using
ACMPSO-k means,” International Journal of Computer Science and Information Security, vol. 14, no. 8, p. 29,
2016.
[38] H. Sun, X. Wang, R. Buyya, and J. Su, “CloudEyes: Cloud‐based malware detection with reversible sketch for
resource‐constrained internet of things (IoT) devices,” Software: Practice and Experience, vol. 47, no. 3, pp. 421-
441, 2016, doi: 10.1002/spe.2420.
[39] H. Sun, J. Su, X. Wang, R. Chen, Y. Liu, and Q. Hu, “Primal: Cloud-based privacy-preserving malware detection,”
in Australasian Conference on Information Security and Privacy, Springer, Cham, 2017, pp. 153-172, doi:
10.1007/978-3-319-59870-3_9.
[40] Q. K. Ali Mirza, I. Awan, and M. Younas, “CloudIntell: An intelligent malware detection system,” Future
Generation Computer Systems, vol. 86, pp. 1042-1053, 2018, doi: 10.1016/j.future.2017.07.016.
[41] A. K. Sikder, G. Petracca, H. Aksu, T. Jaeger, and A. S. Uluagac, “A survey on sensor-based threats to internet-of-
things (iot) devices and applications,” arXiv preprint arXiv:1802.02041, 2018.
[42] A. Gupta, P. Kuppili, A. Akella and P. Barford, "An empirical study of malware evolution," 2009 First
International Communication Systems and Networks and Workshops, Bangalore, India, 2009, pp. 1-10, doi:
10.1109/COMSNETS.2009.4808876.
[43] S. N. Firdous, Z. Baig, C. Valli and A. Ibrahim, "Modelling and Evaluation of Malicious Attacks against the IoT
MQTT Protocol," 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing
and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart
Data (SmartData), Exeter, UK, 2017, pp. 748-755, doi: 10.1109/iThings-GreenCom-CPSCom-
SmartData.2017.115.
[44] O. M. K. Alhawi, J. Baldwin, and A. Dehghantanha, “Leveraging machine learning techniques for windows
ransomware network traffic detection,” in Cyber Threat Intelligence, Springer, Cham, 2018, vol. 70, pp. 93-106,
doi: 10.1007/978-3-319-73951-9_5.
[45] K. Al Messabi, M. Aldwairi, A. Al Yousif, A. Thoban, and F. Belqasmi, “Malware detection using dns records and
domain name features,” in Proceedings of the 2nd International Conference on Future Networks and Distributed
Systems, New York, United States of America, 2018, vol 29, pp. 1-7, doi: 10.1145/3231053.3231082.
[46] Ram Mahesh Yadav, “Effective analysis of malware detection in cloud computing,” Computers & Security, vol. 83,
pp.14-21, 2019, doi: 10.1016/j.cose.2018.12.005.
[47] S. Wang, Q. Yan, Z. Chen, B. Yang, C. Zhao and M. Conti, "Detecting Android Malware Leveraging Text
Semantics of Network Flows," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 5, pp.
1096-1109, May 2018, doi: 10.1109/TIFS.2017.2771228.
[48] J. kang, S. Jang, S. Li, Y.-S. Jeong, and Y. Sung, “Long short-term memory-based malware classification method
for information security,” Computers & Electrical Engineering, vol. 77, pp. 366-375, 2019, doi:
10.1016/j.compeleceng.2019.06.014.
[49] P. Prasse, L. Machilca, T. Pevny, J. Havelkam and T. Scheffer, “Malware detection by analysing encrypted
network traffic with neural networks,” in Joint European Conference on Machine Learning and Knowledge
Discovery in Databases, Springer, Cham, 2017, vol. 10535, pp. 73-88, doi: 10.1007/978-3-319-71246-8_5.
[50] J. Malik and R. Kaushal, “CREDROID: Android malware detection by network traffic analysis,” in Proceedings of
the 1st acm workshop on privacy-aware mobile computing, New York, NY, United States, 2016, pp. 28-36, doi:
10.1145/2940343.2940348.
[51] J. Deogirikar and A. Vidhate, "Security attacks in IoT: A survey," 2017 International Conference on I-SMAC (IoT
in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 2017, pp. 32-37, doi: 10.1109/I-
SMAC.2017.8058363.
[52] A. Shifa, M. N. Asghar and M. Fleury, "Multimedia security perspectives in IoT," 2016 Sixth International
Conference on Innovative Computing Technology (INTECH), Dublin, Ireland, 2016, pp. 550-555, doi:
10.1109/INTECH.2016.7845081.