The quality of human existence is improving day by day, and the internet of things (IoT) has arisen as a new world of technology in the last two decades. It has aided the world through its applications in many sectors. However, while delivering several benefits, the extreme expansion of IoT devices makes them a potential target of attacks, which jeopardise the organisation if left unchecked. Cyber security analysts have recently been using the DL-based model to detect and investigate malware in order to keep the organization secure from cyber-attacks. This work describes how AI-based techniques are utilized to identify cyber threats in the IoT environments better while considering these devices' heterogeneous and resource-constrained nature so that no extra burden is imposed on them. This work comprehensively evaluated the current solutions, challenges, and future directions in IoT security.
Top1. Introduction
The term internet of things (IoT) is defined as an internet-based information service structure (Mendez Mena, Papapanagiotou, & Yang, 2018). It is also defined as a network of devices embedded in software programs and sensors that utilise the internet to communicate data. IoT device connections are now remotely accessed anytime, anywhere in the world with the utilisation of computing devices which includes laptops, phones, and watches, regardless of the network to which they are connected. Hardware and software are the two main components of computer networks. Both components may come with their own set of threats and drawbacks. Hardware attacks are simple to identify, as they only affect the device rather than the data. Physical, electrical, environmental, and maintenance threats are the four categories of hardware threats. Historically, only those with advanced programming abilities are engaged in the creation of hacking programmes but a person can also become a hacker by simply downloading some tools from the internet. An attack can be active or passive. In an “active attack,” an attacker takes actions that could change system resources, such as: breaking or bypassing the protected system. In most cases, this leads to the disclosure of sensitive information, data changes, or complete data loss. Trojan horses, viruses, worms, malicious code injection, network data intrusions, and credential theft are examples of active attacks. This sort of attack is incredibly harmful to the system.
Active attack types are masquerading, session Replay, message modification, and denial of service (Hassija et al., 2019). A ” passive attack” aims to recognize or use important information while causing no harm to system resources. The attacker employs a sniffer program to wait for sensitive information that might be utilised in another attack of this sort of assault. The assault includes traffic analysis software, package sniffer tools, and password filtering. Intrusions are a type of computer assault that includes any harmful action coordinated toward a computer framework or the services it delivers. Viruses, worms, and denial-of-service assaults are all forms of computer attacks. The acquisition of services that attempt to compromise privacy, integrity, or access to resources is known as access to intervention or Intrusion Detection. An intrusion detection system (IDS) is a hardware or software programme in which we scan a network or systems for malicious activity or policy violations (Lazarevic, Kumar, & Srivastava, 2005). IDS may be categorised in view of where detection (connection or host) and the detection mechanism are used (Deka et al., 2015; Hoque, 2012). An intruder can acquire unauthorised access to a system in a variety of ways. Some examples are:
1.1. Software Bug
Generally, the operating system or an application running as root is compromised to execute the inconsistent code of the attacker's choice. The code that the intruder will have the working framework or application run fluctuates, but some frequent activities include returning a command shell running as root or adding a client to the framework with a particular secret word and root permissions.
1.2. System Misconfiguration
This classification incorporates threats taking advantage of records without any passwords or documents with some unacceptable authorizations. Some systems come with a “guest” account that will take any password. Furthermore, a program, such as a web server, might be misconfigured to provide unauthorised users access to sensitive file system locations, such as the password file.
1.3. Social Engineering
Social engineering attacks occur when persons with access to the system are tricked into granting the attacker access. Calling corporate employees while claiming to be an official and requesting for a pin is only one example, as is mailing software purportedly from a provider who claims to have enhanced it. Once installed, this programme has a back door that allows an attacker to get access to the machine.