Select Page

I will upload 3 papers(Paper 1, Paper 2,Paper 3) .1. I need a literature review of Paper 1&Paper 2.(3-4 pages)2. For the third paper (Paper 3) I need a summary of that paper.(2-3 pages).Each in separate word file.


Don't use plagiarized sources. Get Your Custom Essay on
Literature Review: Machine Learning for the IoT Security
Just from $10/Page
Order Essay


Unformatted Attachment Preview

Machine Learning for the Internet of Things Security: A Systematic
Darko Andročec and Neven Vrček
Faculty of Organization and Informatics, University of Zagreb, Pavlinska 2, Varaždin, Croatia
{dandrocec, nvrcek}
Machine Learning, Internet of Things, IoT, Security, Systematic Review.
Internet of things (IoT) is nowadays one of the fastest growing technologies for both private and business
purposes. Due to a big number of IoT devices and their rapid introduction to the market, security of things
and their services is often not at the expected level. Recently, machine learning algorithms, techniques, and
methods are used in research papers to enhance IoT security. In this paper, we systematically review the
state-of-the art to classify the research on machine learning for the IoT security. We analysed the primary
studies, identify types of studies and publication fora. Next, we have extracted all machine learning
algorithms and techniques described in primary studies, and identified the most used ones to tackle IoT
security issues. We classify the research into three main categories (intrusion detection, authentication and
other) and describe the primary studies in detail to analyse existing relevant works and propose topics for
future research.
Market of smart things is growing constantly. Both
established hardware companies and start-ups
introduce their new devices (things – sensors,
actuators, and microcontrollers), Internet of Things
(IoT) software, IoT services and platforms. Their
main motivation is to release their innovative IoT
products and services as fast as possible, to gain the
competitive advantage on the market. For this
reason, many IoT products and services are not
designed with security in mind. Nowadays, we are
witnessing botnets and other types of malicious
software that exploit the various vulnerabilities of
IoT devices and services. Due to high number of IoT
devices, this fact can represent a huge security risk,
e.g. malicious software on devices can initiate a
massive distributed denial of service (DDoS) attack
against the target web site or information system.
For this reason, security is a very important research
and professional topic in the Internet of Things area.
Furthermore, sensors generate enourmous
quantity of data. The dominant method nowadays to
deal with Big Data is a machine learning. The
machine learning algorithm is given the goal(s) and
then it learns from the data which factors are
important in achieving that goal.
The main contribution of this paper is a system-
atic review of existing literature on machine learning
for the IoT security. Such comprehensive review
does not exist in the current literature. In 2015, the
data mining literature for the Internet of Things was
reviewed by Chen et al. (2015), but their focus was
not on machine learning and IoT security. The paper
written by Mahdavinejad et al. (2017) assesses the
different machine learning methods that deal with
the challenges in IoT data by considering smart
cities as the main use case. IoT security was not
tackled in the before mentioned paper. The primary
aim of our research is to provide an overview of
machine learning techniques and methods used to
improve IoT security, to classify the relevant stateof-the art research, and to identify possible future
research ideas and challenges.
For remainder, this paper is organized as follows:
Section 2 describes the research method used for our
systematic literature review. The next section lists
the results and provides a discussion about obtained
results of the systematic review. Our conclusions are
provided in the final section.
Our research has been carried according to the
systematic literature review (SLR) methodology
(Kitchenham and Charters, 2007). Systematic
reviews must be undertaken in accordance with a
predefined search strategy, and the main phases of
SLR are (Kitchenham and Charters, 2007): Planning
(identification of the need for a review, specification
of the research questions, development of a review
protocol); Conducting (identification of research,
selection of primary research study quality
assessment, data extraction and monitoring, data
synthesis); and Reporting (specification of
dissemination mechanisms, formatting the main
report, evaluation of the report). These main steps of
the SLR protocol are explained in the following
Planning the Review
We developed a review protocol in the planning
phase of the SLR procedure. We have described and
explained the needs for a systematic review on
machine learning for the IoT security in the
Introduction. Next, we have defined the following
research questions:
RQ1: What are the most used machine learning
algorithms/techniques/methods for IoT security
RQ2: How can we classify machine learning for IoT
security papers?
Based on the stated research questions and
objectives of our study, we have defined the review
protocol. We have also performed a pilot study of
the systematic review of ten sample studies from
IEEE Xplore Digital Library to refine the research
questions and to define the inclusion and exclusion
criteria. We focused on the following electronic
scientific databases: IEEE Xplore, Web of Science
Core Collection, and Scopus. The search term was
defined as “security machine learning Internet of
We did not limit our search to specific time
period, because our pilot search showed that all the
works that we found are relatively new. Next, we
defined the following inclusion criteria: the paper
must investigate about machine learning for IoT
security, only research (scientific) papers were
included that were published as a conference paper,
journal paper or scientific book chapter, and the
paper must be written in English. We excluded
papers that were not related to our stated research
questions, papers that not discuss all three areas
(security, Internet of things, and machine learning),
duplicate studies, non-English papers, Powerpoint
presentations, preliminary studies, posters, and
proof-of-concept papers.
Conducting the Review
The second main phase of the systematic review
protocol defined by (Kitchenham and Charters,
2007) is conducting the review. We have performed
the search by using the search procedure defined in
the previous subsection on 27th February 2018. The
mentioned search was performed on the three
electronic scientific databases (IEEE Xplore Digital
Library, Web of Science Core Collection, and
Scopus), and studies were excluded based on
exclusion criteria. Next, studies were excluded based
on their titles and abstracts. The papers that remain
after these two initial filters, were fully read. To
make this process quicker, we have used a free
reference management system Zotero.
During our first search, a total of 284 papers
were identified. After filtering the publications list
(using defined inclusion/exclusion criteria) by
reading their titles and abstracts, full text reading of
the articles that had not been excluded was
performed to ensure that the content is related to our
research questions. Finally, 26 studies (Table 1)
were identified as primary studies, and their data
relevant to our research questions were extracted to
Excel spreadsheet. Papers are given identifiers P1P26 (Table1).
Table 1: The Selected Primary Studies.
(Nobakht et
al., 2016)
A Host-Based Intrusion Detection and
Mitigation Framework for Smart Home
IoT Using OpenFlow
(Wang et
al., 2017)
Current Mirror Array: A Novel Circuit
Topology for Combining
Unclonable Function and Machine
et al., 2018)
Deep Abstraction and Weighted Feature
Selection for Wi-Fi Impersonation
P4 (Abeshu and
, 2018)
Deep Learning: The Frontier for
Distributed Attack Detection in Fog-toThings Computing
(Indre and
Detection and prevention system against
cyber attacks and botnet malware for
information systems and Internet of Things
P6 (Bhunia and
P7 (Liu et al.,
Dynamic attack detection and mitigation in
IoT using SDN
(Baldini et
al., 2017b)
Imaging time series for internet of things
radio frequency fingerprinting
EPIC: A Differential Privacy Framework
to Defend Smart Homes Against Internet
Traffic Analysis
Table 1: The Selected Primary Studies (cont.).
ID Reference
results of the SLR (Reporting phase) are shown in
the next section.
Intelligent security on the edge of the
P10 (Perez et al.,
Intrusion detection in computer
networks using hybrid machine learning
P11 (Gao and
Security in Connected Medical Devices
P12 (Ahmed et al.,
Mitigating DNS query-based DDoS
attacks with machine learning on
software-defined networking
P13 (Baldini et al.,
Physical layer authentication of Internet
of Things wireless devices through
permutation and dispersion entropy
P14 (Razeghi
al., 2017)
Privacy preserving identification using
P15 (Lee et
ProFiOt: Abnormal Behavior Profiling
(ABP) of IoT devices based on a
machine learning approach
P16 (Cho et
Obfuscation Based on Dynamic
Monitoring in Android Things
P17 (Roux et al.,
Approach for IoT Based on Radio
Communications Profiling
P18 (Yeh et
Transparent authentication scheme with
adaptive biometrie features for IoT
(Zissis, 2017)
P19 (Canedo and
Using machine learning to secure IoT
P20 (Aminanto et
al., 2017)
weighted-feature selection for neural
networks classifier
P21 (Wu et
Detecting cyber-physical attacks in
CyberManufacturing systems with
machine learning methods
P22 (Diro and
Distributed attack detection scheme
using deep learning approach for
Internet of Things
P23 (Gebrie
Abie, 2017)
Risk-based adaptive authentication for
internet of things in smart home eHealth
P24 (Ali et
Trust in IoT: dynamic remote attestation
through efficient behavior capture
P25 (Outchakoucht
et al., 2017)
Dynamic Access Control Policy based
on Blockchain and Machine Learning
for the Internet of Things
P26 (Domb et al.,
Lightweight adaptive Random-Forest
for IoT rule generation and execution
In the end, we extracted data from the selected
primary studies and did a synthesis and analysis. The
Used Machine Learning
All of the works is actually very recent. We didn’t
limit our search to the specific period, and the results
have shown that selected papers are from 2016,
2017, and 2018. The number of papers significantly
increased in 2017. There is decrease in the number
of papers from 2018, but this is a result of our search
date of the systematic literature review procedure
(February 2018).
Regarding publication types, most of the primary
studies are conference papers (sixteen), followed by
10 journal papers. The publisher of the most papers
is IEEE (20 primary studies), followed by Springer
(2 papers) and Elsevier (2 papers). . All the papers
from 2016 were conference papers. The next year, 5
of 17 published papers were journal papers. All
existing papers from 2018 are journal papers. This
shows that the research on machine learning for IoT
security is more mature and more journals are
accepting these types of papers. The primary studies
are written by authors with affiliations from twenty
During reading the full-text of the primary studies,
we extracted all machine learning algorithms and
techniques described in papers and used for IoT
security. Some papers used more than one technique.
The mentioned data is listed in Table 2.
The most mentioned machine learning
algorithms or techniques in the primary studies are:
Support Vector Machine (9 papers), Artificial
Neural Network (5 papers), Naïve Bayes (4 papers),
Decision Tree (4 papers), kNN (3 papers), k-Mean
(3 papers), Random forest (3 papers), and Deep
Learning (2 papers). All other algorithms and
techniques were used only in one paper. These
results show that Support Vector Machine (SVM) is
most used machine learning method for IoT security.
This is not surprise, because SVM is one of the
state-of-art methods for machine learning and data
mining (Wang, 2005). This method is used in the
primary studies both for intrusion detection and for
authentication. The support vector machine (SVM)
is a supervised learning method that generates inputoutput mapping functions (either a classification
function or a regression function) from a set of
labelled training data (Wang, 2005).
Table 2: Used machine learning algorithms.
Used machine learning algorithms /
technique / method
Support Vector Machines (SVMs)
Extreme learning machine (ELM)
Support Vector Machine (SVM) and
Artificial Neural Network (ANN)
Deep learning (DL)
Used classifiers: Logistic, Linear, SVM,
Decision Tree Classifier (Gini, Entropy),
Decision Tree Regressor, Naïve Bayes
(Gaussian, Multinomial, Bernoulli) ,kNN,
K-Mean, Random Forest, Gradient
SGDC, Passive Aggressive, Mini Batch
KMeans, SGDRegressor.
Support Vector Machine (SVM)
– (machine learning is used by attackers)
SVM, KNN, and Decision Trees
One-class Support Vector Machines
Hybrid Machine Learning techniques:
Neural Network (NN) and Support Vector
Machine (SVM), and K-Means
Decision-Tree Learning
Dirichlet process mixture model (DPMM)
– (statistical methods Permutation Entropy
(PE) and the Dispersion Entropy (DE))
Approximate nearest neighbour (ANN)
k-Means algorithm and support vector
machine (SVM)
Naive Bayes
Neural network
Support vector machine with Gaussian
radial basis function (SVM-GF)
Artificial neural networks
Artificial Neural Network (ANN), and
decision tree
Random forest multi-way classifier, knearest neighbours (kNN)
Deep learning
Naive Bayes
Averaged One-Dependence Estimator
(AODE), Hidden Naive Bayes (HNB) and
Naive-Bayes classifiers
Reinforcement Learning (RL) algorithms
Random forest
Next method of choice is Artificial Neural
Network (ANN). Artificial neural networks (ANNs)
simulate the way in which the human brain
processes information. It is formed from hundreds
artificial neurons, connected
with coefficients
(weights), which are organised in layers
(Agatonovic-Kustrin and Beresford, 2000). The
various applications of ANNs are classification or
pattern recognition, prediction and modelling. In the
primary studies, ANN was used for intrusion
Naïve Bayes and Decision Tree are mentioned
both in 4 primary studies. These methods were used
before in various intrusion detection systems (Amor
et al., 2004), so it was expected that they will be also
used in IoT security domain. Naive Bayes have
several advantages due to their simple structure, but
make a strong independence relation assumption that
is not always true (Amor et al., 2004). There are also
several algorithms developed in order to ensure the
construction of decision trees and its use for the
classification (Amor et al., 2004).
Main Themes of Papers
We have identified two main themes of primary
studies: intrusion detection and authentication. We
also added the category Other which includes all
papers that cannot be classified into an intrusion
detection or an authentication category. The
distribution of the papers per category is depicted in
Figure 1. The category with the most papers (16) is
intrusion detection. We will use this classification to
describe papers in more detail in the next
Figure 1: Classification of primary study.
3.2.1 Intrusion Detection
Intrusion detection is the biggest category that
consists of 16 papers from our set of primary
studies: P1, P3, P4, P5, P6, P9, P10, P11, P12, P15,
P17, P19, P20, P21, P22, and P26. In the rest of this
subsection, we will describe briefly the main themes
of the mentioned papers. Intrusion detection and
mitigation framework IoT-IDM (Nobakht et al.,
2016) provides a network-level protection for IoT
devices deployed in smart homes. IoT-IDM gives its
users the flexibility to employ customized machine
learning techniques for detection based on learned
signature patterns of known attacks.
Aminanto et al. (2018) propose a modified
feature-selection-based method by considering the
weights of each feature obtained from lightweight
machine-learning models to detect an impersonation
attack. Deep model-based attack detection
architecture for IoT was proposed for of cyber-attack
detection in fog-to-things computing (Abeshu and
Chilamkurti, 2018). In the next paper (Indre and
Lemnaru, 2016), authors
applied concepts of
machine learning to select and extract features that
can lead to an accurate decision of classification for
malware and intrusion attacks.
An SDN-based secure IoT framework called
SoftThings is proposed by Bhunia and Gurusamy,
(2017) to detect abnormal behaviours and attacks as
early as possible. Machine learning is used at the
Software-Defined Networking (SDN) controller to
monitor and learn the behaviour of IoT devices over
time. Machine learning models (specifically Support
Vector Machines) are employed on the edge of the
cloud, to perform low footprint unsupervised
learning and analysis of sensor data for anomaly
detection purposes in the study (Zissis, 2017).
The paper written by (Perez et al., 2017) presents
the design, implementation and performance
analysis of multiple hybrid (combination of
supervised and unsupervised learning algorithms)
machine learning models for the task of intrusion
detection. Gao and Thamilarasu (2017) assess the
feasibility of using machine learning models to
efficiently determine attacks targeted on medical
devices by observing any deviation from its normal
behaviour. They tested their method using different
machine learning algorithms and provide their
comparison analysis. Ahmed et al. (2017) propose a
DNS query-based DDoS attack mitigation system
using Software-Defined Networking (SDN) to block
the network traffic for DDoS attacks. Dirichlet
process mixture model (DPMM) was used for
clustering traffic flows.
Next, ProFiOt (Lee et al., 2017) is used for
Abnormal Behaviour Profiling (ABP) of IoT devices
by a wide variety of machine learning algorithms.
The proposed ABP was developed and assumed
when a malicious attacker modified one aspect of
the data from the whole dataset (e.g., just
temperature) instead of compromising the whole
dataset of specific sensors to mislead the target
actuators. An approach to detect potential attacks in
smart places (e.g. smart homes) by detecting
behaviour is proposed by Roux et al. (2017). Their
solution is based on the profiling and monitoring of
the Radio Signal Strength Indication (RSSI)
associated to the wireless transmissions of the
connected objects. A machine learning neural
network algorithm is used to characterize legitimate
communications and to identify suspicious
Canedo and Skjellum (2016) investigate using
Artificial Neural Networks in a gateway to detect
anomalies in the data sent from the edge devices.
Authors of the next paper (Aminanto et al., 2017)
test and validate the feasibility of the selected
features using a common neural network to detect
known and unknown attacks in Wi-Fi networks.
Intrusion detection in cyber manufacturing systems
with machine learning methods was shown in the
paper (Wu et al., 2017). Two examples were
developed with simulation and experiments: 3D
printing malicious attack and CNC milling machine
malicious attack. Deep learning approach was used
by Diro and …
Purchase answer to see full

Order your essay today and save 10% with the discount code ESSAYHSELP