A Comprehensive Review of IoT Attack Detection
Taxonomy, IoT-aware Evaluation, and Research Challenges
DOI:
https://doi.org/10.14500/aro.12629Keywords:
Cyber-attack, Internet of Things, Machine learning, Review, TaxonomyAbstract
The lack of security measures in Internet of Things (IoT) systems has made these tiny devices vulnerable to increasingly advanced and evolving cyber-attacks. Attack detection and prevention are one of the most promising approaches to mitigating these attacks. However, these techniques require more computing, memory, and energy than typical IoT devices can provide. In addition, the IoT network is distributed, heterogeneous, and dynamic. These limitations motivate this review to examine the effective use of machine learning and deep learning in detecting attacks on IoT systems. Despite the presence of prior studies on reviewing these techniques, there is still a gap in analyzing attack vectors and assessing the effectiveness of current detection techniques for IoT networks and environments, especially in terms of lightweight and real-time evaluation. In this work, a multidimensional taxonomy of IoT attacks and existing detection techniques is given. The included studies were critically analyzed to evaluate and assess their effectiveness, considering performance metrics, IoT system architecture, datasets, and deployment strategies. The core methodologies of the analyzed studies were examined to guide academia and industry in improving detection techniques. Results showed that most of the proposed techniques in the literature did not address IoT-specific requirements. However, techniques featuring lightweight, real-time, federated, and scalable solutions have been proposed, yet their practical effectiveness remains unvalidated. This review addresses key research gaps and future challenges, emphasizing the need for resource-efficient, adaptable detection methods that align with IoT constraints.
Downloads
References
Abdullah, A.A., Mohammed, N.S., Khanzadi, M., Asaad, S.M., Abdul, Z.K., and Maghdid, H.S., 2025. In-depth analysis on machine learning approaches, Aro the Scientific Journal of Koya University, 13, pp.190-202.
Ahmad, B., Jian, W., Ali, Z.A., Tanvir, S., and Khan, M.S.A., 2019. Hybrid anomaly detection by using clustering for wireless sensor network, Wireless Personal Communications, 106, pp.1841-1853.
Ahmed, N., Ngadi, M.A., Rathore, M.S., and Mahmood, A., 2025. PCM‐RF a hybrid feature selection mechanism for intrusion detection system in IoT, Security and Privacy, 8, p.e499.
Ajao, L.A., and Apeh, S.T., 2023. Secure edge computing vulnerabilities in smart cities sustainability using petri net and genetic algorithm-based reinforcement learning, Intelligent Systems with Applications, 18, p.200216.
Al Shorman, A., Faris, H., and Aljarah, I., 2019. Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection, Journal of Ambient Intelligence and Humanized Computing, 11, pp.2809-2825.
Al-Naday, M., Dobre, V., Reed, M., Toor, S., Volckaert, B., and De Turck, F., 2024. Federated deep Q-learning networks for service-based anomaly detection and classification in edge-to-cloud ecosystems, Annales des Telecommunications/Annals of Telecommunications, 79, pp.165-178.
Alsaleh, S., Menai, M.E.B., and Al-Ahmadi, S., 2025. A heterogeneity-aware semi-decentralized model for a lightweight intrusion detection system for IoT networks based on federated learning and BiLSTM, Sensors (Basel), 25, p.1039.
Alshahrani, H.M., 2021. CoLL-IoT: A collaborative intruder detection system for internet of things devices, Electronics, 10, p.848.
Al-Shurbaji, T., Anbar, M., Manickam, S., Hasbullah, I.H., Alfriehat, N., Alabsi, B.A., Alzighaibi, A.R., and Hashim, H., 2025. Deep learning-based intrusion detection system for detecting IoT botnet attacks: A review, IEEE Access, 13, pp.11792-11822.
Amouri, A., Alaparthy, V.T., and Morgera, S.D., 2018. Cross Layer-Based Intrusion Detection Based on Network Behavior for IoT. In: 2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON), IEEE, United States, pp.1-4.
Analytics, I., 2024. How Many IoT Devices are there? Autobits Labs. Available from: https://autobitslabs.com/how-many-iot-devices-are-there [Last accessed on 2025 Sep 15].
Anthi, E., Williams, L., and Burnap, P., 2018. Pulse: An Adaptive Intrusion Detection for the Internet of Things. Conference: PETRAS - Living in the Internet of Things Conference.
Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., and Burnap, P., 2019. A supervised intrusion detection system for smart home IoT devices, IEEE Internet of Things Journal, 6, pp.9042-9053.
Aouedi, O., Piamrat, K., Muller, G., and Singh, K., 2022. Federated semisupervised learning for attack detection in industrial internet of things, IEEE Transactions on Industrial Informatics, 19, pp.286-295.
Asharf, J., Moustafa, N., Khurshid, H., Debie, E., Haider, W., and Wahab, A., 2020. A review of intrusion detection systems using machine and deep learning in internet of things: Challenges, solutions and future directions, Electronics, 9, p.1177.
Bachl, M., Meghdouri, F., Fabini, J., and Zseby, T., 2020. SparseIDS: Learning Packet Sampling with Reinforcement Learning, In: Conference: 2020 IEEE Conference on Communications and Network Security (CNS).
Bahşi, H., Nõmm, S., and La Torre, F.B., 2018. Dimensionality reduction for machine learning based iot botnet detection. In: 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV), IEEE, United States, pp.1857-1862.
Balakrishnan, N., Rajendran, A., Pelusi, D., and Ponnusamy, V., 2019. Deep belief network enhanced intrusion detection system to prevent security breach in the internet of things, Internet of Things, 14, p.100112.
Batool, S., Abid, M.K., Salahuddin, M.A., Aziz, Y., Naeem, A., and Aslam, N., 2024. Integrating IoT and machine learning to provide intelligent security in smart homes, Journal of Computing and Biomedical Informatics, 7, pp.224-238.
Bedi, P., Mewada, S., Vatti, R.A., Singh, C., Dhindsa, K.S., Ponnusamy, M., and Sikarwar, R., 2021. Detection of attacks in IoT sensors networks using machine learning algorithm, Microprocessors and Microsystems, 82, p.103814.
Benmalek, M., and Seddiki, A., 2025. Particle swarm optimization-enhanced machine learning and deep learning techniques for internet of things intrusion detection, Data Science and Management, 8, pp.423-435.
Bezerra, V.H., Da Costa, V.G.T., Barbon Junior, S., Miani, R.S., and Zarpelao, B.B., 2019. IoTDS: A one-class classification approach to detect botnets in internet of things devices, Sensors (Basel), 19, p.3188.
Bhargavi, K., and Shiva, S.G., 2022. Man-in-The-Middle attack Explainer for Fog computing using Soft Actor Critic Q-Learning Approach, Institute of Electrical and Electronics Engineers Inc., United States, pp.100-105.
Bostani, H., and Sheikhan, M., 2017. Hybrid of anomaly-based and specification based IDS for Internet of Things using unsupervised OPF based on MapReduce approach, Computer Communications, 98, pp.52-71.
Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., and Mukhopadhyay, D., 2018. Adversarial Attacks and Defences: A Survey, [arXiv Preprint].
Da Costa, K.A., Papa, J.P., Lisboa, C.O., Munoz, R., and De Albuquerque, V.H.C., 2019. Internet of Things: A survey on machine learning-based intrusion detection approaches, Computer Networks, 151, pp.147-157.
Dimitrov, D.V., 2016. Medical internet of things and big data in healthcare, Healthcare Informatics Research, 22, pp. 156-163.
Elrawy, M.F., Awad, A.I., and Hamed, H.F., 2018. Intrusion detection systems for IoT-based smart environments: A survey, Journal of Cloud Computing, 7, p.21.
Eskandari, M., Janjua, Z.H., Vecchio, M., and Antonelli, F., 2020. Passban IDS: An intelligent anomaly based intrusion detection system for IoT edge devices, IEEE Internet of Things Journal, 7, pp.6882-6897.
Fantacci, R., Nizzi, F., Pecorella, T., Pierucci, L., and Roveri, M., 2019. False data detection for fog and internet of things networks, Sensors, 19, p.4235.
Garcia-Font, V., Garrigues, C., and Rifà-Pous, H., 2017. Attack classification schema for smart city WSNs, Sensors (Basel), 17, p.771.
Geetha, R., and Thilagam, T., 2020. A review on the effectiveness of machine learning and deep learning algorithms for cyber security, Archives of Computational Methods in Engineering, 28, pp.2861-2879.
Gu, T., Abhishek, A., Fu, H., Zhang, H., Basu, D., and Mohapatra, P., 2020. Towards Learning-Automation IoT Attack Detection Through Reinforcement Learning. In: 2020 IEEE 21st International Symposium on” A World of Wireless, Mobile and Multimedia Networks”(WoWMoM), IEEE, United States, pp.88-97.
Gupta, A., Pandey, O.J., Shukla, M., Dadhich, A., Mathur, S., and Ingle, A., 2013. Computational intelligence based intrusion detection systems for wireless communication and pervasive computing networks. 2013 IEEE International Conference on Computational Intelligence and Computing Research, IEEE, United States, pp.1-7.
Gupta, R., Tanwar, S., Tyagi, S., and Kumar, N., 2020. Machine learning models for secure data analytics: A taxonomy and threat model, Computer Communications, 153, pp. 406-440.
Habib, M., Aljarah, I., and Faris, H., 2020. A modified multi-objective particle swarm optimizer-based lévy flight: An approach toward intrusion detection in internet of things, Arabian Journal For Science And Engineering, 45, pp.6081-6108.
Ham, H.S., Kim, H.-H., Kim, M.-S., and Choi, M.-J., 2014. Linear SVM based android malware detection for reliable IoT services, Journal of Applied Mathematics, 2014, pp.1-10.
Hameed, S.S., Hassan, W.H., Latiff, L.A., and Ghabban, F., 2021. A systematic review of security and privacy issues in the internet of medical things; The role of machine learning approaches, PeerJ Computer Science, 7, p.e414.
Hameed, S.S., Selamat, A., Latiff, L.A., Razak, S.A., and Krejcar, O., 2022. Multi-classification of imbalance worm ransomware in the IoMT system. In: New Trends in Intelligent Software Methodologies, Tools and Techniques, IOS Press, Netherlands.
Haque, S., El-Moussa, F., Komninos, N., and Muttukrishnan, R., 2023. A systematic review of data-driven attack detection trends in IoT, Sensors (Basel), 23, p.7191.
Harkat, H., Camarinha-Matos, L.M., Goes, J., and Ahmed, H.F., 2024. Cyber physical systems security: A systematic review, Computers and Industrial Engineering, 188, p.109891.
Hasan, M., Islam, M.M., Zarif, M.I.I., and Hashem, M., 2019. Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches, Internet of Things, 7, p.100059.
Hizal, S., Cavusoglu, U., and Akgun, D., 2024. A novel deep learning-based intrusion detection system for IoT DDoS security, Internet of Things, 28, p101336.
Hussain, F., Hussain, R., Hassan, S.A., and Hossain, E., 2020. Machine learning in IoT security: Current solutions and future challenges, IEEE Communications Surveys and Tutorials, 22, p.1.
Jan, I., and Sofi, S., 2024. Data management for resource optimization in medical IoT, Health and Technology, 14, pp.51-68.
Jan, S.U., Ahmed, S., Shakhov, V., and Koo, I., 2019. Toward a lightweight intrusion detection system for the internet of things, IEEE Access, 7, pp. 42450-42471.
Karthikeyan, M., Manimegalai, D., and Rajagopal, K., 2024. Firefly algorithm based WSN-IoT security enhancement with machine learning for intrusion detection, Sci Rep, 14, p.231.
Karunamurthy, A., Vijayan, K., Kshirsagar, P.R., and Tan, K.T., 2025. An optimal federated learning-based intrusion detection for IoT environment, Sci Rep, 15, p.8696.
Khan, A.Y., Latif, R., Latif, S., Tahir, S., Batool, G., and Saba, T., 2019. Malicious insider attack detection in IoTs using data analytics, IEEE Access, 8, pp.11743-11753.
Krimmling, J., and Peter, S., 2014. Integration and evaluation of intrusion detection for CoAP in smart city applications. In: 2014 IEEE Conference on Communications and Network Security, IEEE, United States, pp.73-78.
Kumar, A., Dutta, S., and Pranav, P., 2024. Analysis of SQL injection attacks in the cloud and in WEB applications, Security and Privacy, 7, p.e370.
Kumar, P., Gupta, G.P., and Tripathi, R., 2021. An ensemble learning and fog cloud architecture-driven cyber-attack detection framework for IoMT networks, Computer Communications, 166, pp.110-124.
Kumar, R., Zhang, X., Wang, W., Khan, R.U., Kumar, J., and Sharif, A., 2019. A multimodal malware detection technique for Android IoT devices using various features, IEEE Access, 7, pp.64411-64430.
Lalouani, W., and Younis, M., 2021. Robust Distributed Intrusion Detection System for Edge of Things, Institute of Electrical and Electronics Engineers Inc., United States.
Lee, Y.C., Chien, W.C., and Chang, Y.C., 2024. FedDB: A federated learning approach using DBSCAN for DDoS attack detection, Applied Sciences, 14, p.10236.
Liu, L., Xu, B., Zhang, X., and Wu, X., 2018a. An intrusion detection method for internet of things based on suppressed fuzzy clustering, EURASIP Journal on Wireless Communications and Networking, 2018, p.113.
Liu, S., Wang, L., Qin, J., Guo, Y., and Zuo, H., 2018b. An intrusion detection model based on IPSO-SVM algorithm in wireless sensor network, Journal of Internet Technology, 19, pp. 2125-2134.
Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A., and Lloret, J., 2017. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot, Sensors, 17, p.1967.
Luqman, M., Zeeshan, M., Riaz, Q., Hussain, M., Tahir, H., Mazhar, N., and Khan, M.S., 2025. Intelligent parameter-based in-network IDS for IoT using UNSW-NB15 and BoT-IoT datasets, Journal of the Franklin Institute, 362, p.107440.
Maleh, Y., Ezzati, A., Qasmaoui, Y., and Mbida, M., 2015. A global hybrid intrusion detection system for wireless sensor networks, Procedia Computer Science, 52, pp.1047-1052.
Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., and Elovici, Y., 2018. N-BaIoT-network-based detection of IoT botnet attacks using deep autoencoders, IEEE Pervas Comput, 17(3), pp.12-22.
Merlino, V., and Allegra, D., 2024. Energy-based approach for attack detection in IoT devices: A survey, Internet of Things, 27, p.101306.
Miyato, T., Maeda, S.I., Koyama, M., and Ishii, S., 2018. Virtual adversarial training: A regularization method for supervised and semi-supervised learning, IEEE Transactions on Pattern Analysis and Machine Intelligence, 41, pp.1979-1993.
Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., and Karimipour, H., 2019. Cyber intrusion detection by combined feature selection algorithm, Journal of Information Security and Applications, 44, pp.80-88.
Mosenia, A., and Jha, N.K., 2016. A comprehensive study of security of internet
of-things, IEEE Transactions on Emerging Topics in Computing, 5, pp.586-602.
Moustafa, N., Garg, S., Stinkova, E., Jones, T., and Sioutis, C., 2021a. A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets, Sustainable Cities and Society, 72, p.102994.
Moustafa, N., Keshk, M., Choo, K.K.R., Lynar, T., Camtepe, S., and Whitty, M., 2021b. DAD: A Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks, Future Generation Computer Systems, 118, pp.240-251.
Musthafa, M.B., Huda, S., Kodera, Y., Ali, M.A., Araki, S., Mwaura, J., and Nogami, Y., 2024. Optimizing IoT intrusion detection using balanced class distribution, feature selection, and ensemble machine learning techniques, Sensors (Basel), 24, p.4293.
Najafli, S., Toroghi Haghighat, A., and Karasfi, B., 2024. A novel reinforcement learning-based hybrid intrusion detection system on fog-to-cloud computing, Journal of Supercomputing, 80, pp.26088-26110.
Olanrewaju-George, B., and Pranggono, B., 2025. Federated learning-based intrusion detection system for the internet of things using unsupervised and supervised deep learning models, Cyber Security and Applications, 3, p.100068.
Oreški, D., and Andročec, D., 2018. Hybrid Data Mining Approaches for Intrusion Detection in the Internet of Things. In: 2018 International Conference on Smart Systems and Technologies (SST). IEEE, United States, pp.221-226.
Othman, T.S., and Abdullah, S.M., 2023. An intelligent intrusion detection system for inernet of things attack detection and identification using machine learning, Aro the Scientific Journal of Koya University, 11, pp. 126-137.
Pajouh, H.H., Javidan, R., Khayami, R., Ali, D., and Choo, K.K.R., 2016. A two layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks, IEEE Transactions on Emerging Topics in Computing, 7, pp.314-323.
Paramesha, M., Rane, N., and Rane, J., 2024. Big data analytics, artificial intelligence, machine learning, internet of things, and blockchain for enhanced business intelligence. In: Artificial Intelligence, Machine Learning, Internet of Things, and Blockchain for Enhanced Business Intelligence, [SSRN Paper].
Parra, G.D.L.T., Rad, P., Choo, K.K.R., and Beebe, N., 2020. Detecting internet of things attacks using distributed deep learning, Journal of Network and Computer Applications, 163, p.102662.
Poornima, I.G.A., and Paramasivan, B., 2020. Anomaly detection in wireless sensor network using machine learning algorithm, Computer Communications, 151, pp.331-337.
Qin, T., Wang, B., Chen, R., Qin, Z., and Wang, L., 2019. IMLADS: Intelligent maintenance and lightweight anomaly detection system for internet of things, Sensors (Basel), 19, p.958.
Racherla, S., Sripathi, P., Faruqui, N., Alamgir Kabir, M., Whaiduzzaman, M., and Aziz Shah, S., 2024. Deep-IDS: A real-time intrusion detector for IoT nodes using deep learning, IEEE Access, 12, pp.63584-63597.
Raghunath, M.P., Deshmukh, S., Chaudhari, P., Bangare, S.L., Kasat, K., Awasthy, M., Omarov, B., and Waghulde, R.R., 2025. PCA and PSO based optimized support vector machine for efficient intrusion detection in internet of things, Measurement Sensors, 37, p.101806.
Rahim, R., and Chishti, M.A., 2025. IoT security innovations: Recent technologies, threats, and solutions, SN Computer Science, 6, p.593.
Rathore, S., and Park, J.H., 2018. Semi-supervised learning based distributed attack detection framework for IoT, Applied Soft Computing, 72, pp. 79-89.
Roopak, M., Tian, G.Y., and Chambers, J., 2020. Multi-objective-based feature selection for DDoS attack detection in IoT networks, IET Networks, 9, pp. 120-127.
S. O’dea, S., 2020. Data Volume of Internet of Things (IoT) Connections Worldwide in 2019 and 2025(in Zettabytes). Statista. Available from: https://www.statista.com/statistics/1017863/worldwide-iot-connected-devices-data-size [Last accessed on 2021 May 31].
Saeed, A., Ahmadinia, A., Javed, A., and Larijani, H., 2016. Random neural network based intelligent intrusion detection for wireless sensor networks, Procedia Computer Science, 80, pp. 2372-2376.
Shafiq, M., Tian, Z., Bashir, A.K., Du, X., and Guizani, M., 2020. IoT malicious traffic identification using wrapper-based feature selection mechanisms, Computers and Security, 94, p.101863.
Shen, S., Zhang, K., Zhou, Y., and Ci, S., 2020. Security in edge-assisted internet of things: Challenges and solutions, Science China Information Sciences, 63, p.220302.
Sinha, R., Thakur, P., Gupta, S., and Shukla, A., 2024. Development of lightweight intrusion model in industrial internet of things using deep learning technique, Discover Applied Sciences, 6, p.346.
Sudqi Khater, B., Wahab, A., Bin, A.W., Idris, M.Y.I.B., Abdulla Hussain, M., and Ahmed Ibrahim, A., 2019. A lightweight perceptron-based intrusion detection system for fog computing, Applied Sciences, 9, p.178.
Thamilarasu, G., and Chawla, S., 2019. Towards deep-learning-driven intrusion detection for the internet of things, Sensors, 19, p.1977.
Wang, Y., Meng, W., Li, W., Li, J., Liu, W.X., and Xiang, Y., 2018. A fog-based privacy-preserving approach for distributed signature-based intrusion detection, Journal of Parallel and Distributed Computing, 122, pp.26-35.
Yaacoub, J.P.A., Noura, M., Noura, H.N., Salman, O., Yaacoub, E., Couturier, R., and Chehab, A., 2020. Securing internet of medical things systems: Limitations, issues and recommendations, Future Generation Computer Systems, 105, pp.581-606.
Zhang, H., 2025. Development of an intelligent intrusion detection system for IoT networks using deep learning, Discover Internet of Things, 5, p.74.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Shilan S. Hameed
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Authors who choose to publish their work with Aro agree to the following terms:
-
Authors retain the copyright to their work and grant the journal the right of first publication. The work is simultaneously licensed under a Creative Commons Attribution License [CC BY-NC-SA 4.0]. This license allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
-
Authors have the freedom to enter into separate agreements for the non-exclusive distribution of the journal's published version of the work. This includes options such as posting it to an institutional repository or publishing it in a book, as long as proper acknowledgement is given to its initial publication in this journal.
-
Authors are encouraged to share and post their work online, including in institutional repositories or on their personal websites, both prior to and during the submission process. This practice can lead to productive exchanges and increase the visibility and citation of the published work.
By agreeing to these terms, authors acknowledge the importance of open access and the benefits it brings to the scholarly community.
Accepted 2026-02-26
Published 2026-05-24
ARO Journal is a scientific, peer-reviewed, periodical, and diamond OAJ that has no APC or ASC.