internet security research paper

Cyber risk and cybersecurity: a systematic review of data availability

Open access
Published: 17 February 2022
Volume 47 , pages 698–736, ( 2022 )

Cite this article

You have full access to this open access article

Frank Cremer 1 ,
Barry Sheehan ORCID: orcid.org/0000-0003-4592-7558 1 ,
Michael Fortmann 2 ,
Arash N. Kia 1 ,
Martin Mullins 1 ,
Finbarr Murphy 1 &
Stefan Materne 2

74k Accesses

92 Citations

43 Altmetric

Explore all metrics

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

Systematic Review: Cybersecurity Risk Taxonomy

A Survey of Cybersecurity Risk Management Frameworks

Cybersecurity Risk Management Frameworks in the Oil and Gas Sector: A Systematic Literature Review

Explore related subjects.

Artificial Intelligence

Avoid common mistakes on your manuscript.

Introduction

Globalisation, digitalisation and smart technologies have escalated the propensity and severity of cybercrime. Whilst it is an emerging field of research and industry, the importance of robust cybersecurity defence systems has been highlighted at the corporate, national and supranational levels. The impacts of inadequate cybersecurity are estimated to have cost the global economy USD 945 billion in 2020 (Maleks Smith et al. 2020 ). Cyber vulnerabilities pose significant corporate risks, including business interruption, breach of privacy and financial losses (Sheehan et al. 2019 ). Despite the increasing relevance for the international economy, the availability of data on cyber risks remains limited. The reasons for this are many. Firstly, it is an emerging and evolving risk; therefore, historical data sources are limited (Biener et al. 2015 ). It could also be due to the fact that, in general, institutions that have been hacked do not publish the incidents (Eling and Schnell 2016 ). The lack of data poses challenges for many areas, such as research, risk management and cybersecurity (Falco et al. 2019 ). The importance of this topic is demonstrated by the announcement of the European Council in April 2021 that a centre of excellence for cybersecurity will be established to pool investments in research, technology and industrial development. The goal of this centre is to increase the security of the internet and other critical network and information systems (European Council 2021 ).

This research takes a risk management perspective, focusing on cyber risk and considering the role of cybersecurity and cyber insurance in risk mitigation and risk transfer. The study reviews the existing literature and open data sources related to cybersecurity and cyber risk. This is the first systematic review of data availability in the general context of cyber risk and cybersecurity. By identifying and critically analysing the available datasets, this paper supports the research community by aggregating, summarising and categorising all available open datasets. In addition, further information on datasets is attached to provide deeper insights and support stakeholders engaged in cyber risk control and cybersecurity. Finally, this research paper highlights the need for open access to cyber-specific data, without price or permission barriers.

The identified open data can support cyber insurers in their efforts on sustainable product development. To date, traditional risk assessment methods have been untenable for insurance companies due to the absence of historical claims data (Sheehan et al. 2021 ). These high levels of uncertainty mean that cyber insurers are more inclined to overprice cyber risk cover (Kshetri 2018 ). Combining external data with insurance portfolio data therefore seems to be essential to improve the evaluation of the risk and thus lead to risk-adjusted pricing (Bessy-Roland et al. 2021 ). This argument is also supported by the fact that some re/insurers reported that they are working to improve their cyber pricing models (e.g. by creating or purchasing databases from external providers) (EIOPA 2018 ). Figure 1 provides an overview of pricing tools and factors considered in the estimation of cyber insurance based on the findings of EIOPA ( 2018 ) and the research of Romanosky et al. ( 2019 ). The term cyber risk refers to all cyber risks and their potential impact.

An overview of the current cyber insurance informational and methodological landscape, adapted from EIOPA ( 2018 ) and Romanosky et al. ( 2019 )

Besides the advantage of risk-adjusted pricing, the availability of open datasets helps companies benchmark their internal cyber posture and cybersecurity measures. The research can also help to improve risk awareness and corporate behaviour. Many companies still underestimate their cyber risk (Leong and Chen 2020 ). For policymakers, this research offers starting points for a comprehensive recording of cyber risks. Although in many countries, companies are obliged to report data breaches to the respective supervisory authority, this information is usually not accessible to the research community. Furthermore, the economic impact of these breaches is usually unclear.

As well as the cyber risk management community, this research also supports cybersecurity stakeholders. Researchers are provided with an up-to-date, peer-reviewed literature of available datasets showing where these datasets have been used. For example, this includes datasets that have been used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems. This reduces a time-consuming search for suitable datasets and ensures a comprehensive review of those available. Through the dataset descriptions, researchers and industry stakeholders can compare and select the most suitable datasets for their purposes. In addition, it is possible to combine the datasets from one source in the context of cybersecurity or cyber risk. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks.

Cyber risks are defined as “operational risks to information and technology assets that have consequences affecting the confidentiality, availability, and/or integrity of information or information systems” (Cebula et al. 2014 ). Prominent cyber risk events include data breaches and cyberattacks (Agrafiotis et al. 2018 ). The increasing exposure and potential impact of cyber risk have been highlighted in recent industry reports (e.g. Allianz 2021 ; World Economic Forum 2020 ). Cyberattacks on critical infrastructures are ranked 5th in the World Economic Forum's Global Risk Report. Ransomware, malware and distributed denial-of-service (DDoS) are examples of the evolving modes of a cyberattack. One example is the ransomware attack on the Colonial Pipeline, which shut down the 5500 mile pipeline system that delivers 2.5 million barrels of fuel per day and critical liquid fuel infrastructure from oil refineries to states along the U.S. East Coast (Brower and McCormick 2021 ). These and other cyber incidents have led the U.S. to strengthen its cybersecurity and introduce, among other things, a public body to analyse major cyber incidents and make recommendations to prevent a recurrence (Murphey 2021a ). Another example of the scope of cyberattacks is the ransomware NotPetya in 2017. The damage amounted to USD 10 billion, as the ransomware exploited a vulnerability in the windows system, allowing it to spread independently worldwide in the network (GAO 2021 ). In the same year, the ransomware WannaCry was launched by cybercriminals. The cyberattack on Windows software took user data hostage in exchange for Bitcoin cryptocurrency (Smart 2018 ). The victims included the National Health Service in Great Britain. As a result, ambulances were redirected to other hospitals because of information technology (IT) systems failing, leaving people in need of urgent assistance waiting. It has been estimated that 19,000 cancelled treatment appointments resulted from losses of GBP 92 million (Field 2018 ). Throughout the COVID-19 pandemic, ransomware attacks increased significantly, as working from home arrangements increased vulnerability (Murphey 2021b ).

Besides cyberattacks, data breaches can also cause high costs. Under the General Data Protection Regulation (GDPR), companies are obliged to protect personal data and safeguard the data protection rights of all individuals in the EU area. The GDPR allows data protection authorities in each country to impose sanctions and fines on organisations they find in breach. “For data breaches, the maximum fine can be €20 million or 4% of global turnover, whichever is higher” (GDPR.EU 2021 ). Data breaches often involve a large amount of sensitive data that has been accessed, unauthorised, by external parties, and are therefore considered important for information security due to their far-reaching impact (Goode et al. 2017 ). A data breach is defined as a “security incident in which sensitive, protected, or confidential data are copied, transmitted, viewed, stolen, or used by an unauthorized individual” (Freeha et al. 2021 ). Depending on the amount of data, the extent of the damage caused by a data breach can be significant, with the average cost being USD 392 million Footnote 1 (IBM Security 2020 ).

This research paper reviews the existing literature and open data sources related to cybersecurity and cyber risk, focusing on the datasets used to improve academic understanding and advance the current state-of-the-art in cybersecurity. Furthermore, important information about the available datasets is presented (e.g. use cases), and a plea is made for open data and the standardisation of cyber risk data for academic comparability and replication. The remainder of the paper is structured as follows. The next section describes the related work regarding cybersecurity and cyber risks. The third section outlines the review method used in this work and the process. The fourth section details the results of the identified literature. Further discussion is presented in the penultimate section and the final section concludes.

Related work

Due to the significance of cyber risks, several literature reviews have been conducted in this field. Eling ( 2020 ) reviewed the existing academic literature on the topic of cyber risk and cyber insurance from an economic perspective. A total of 217 papers with the term ‘cyber risk’ were identified and classified in different categories. As a result, open research questions are identified, showing that research on cyber risks is still in its infancy because of their dynamic and emerging nature. Furthermore, the author highlights that particular focus should be placed on the exchange of information between public and private actors. An improved information flow could help to measure the risk more accurately and thus make cyber risks more insurable and help risk managers to determine the right level of cyber risk for their company. In the context of cyber insurance data, Romanosky et al. ( 2019 ) analysed the underwriting process for cyber insurance and revealed how cyber insurers understand and assess cyber risks. For this research, they examined 235 American cyber insurance policies that were publicly available and looked at three components (coverage, application questionnaires and pricing). The authors state in their findings that many of the insurers used very simple, flat-rate pricing (based on a single calculation of expected loss), while others used more parameters such as the asset value of the company (or company revenue) or standard insurance metrics (e.g. deductible, limits), and the industry in the calculation. This is in keeping with Eling ( 2020 ), who states that an increased amount of data could help to make cyber risk more accurately measured and thus more insurable. Similar research on cyber insurance and data was conducted by Nurse et al. ( 2020 ). The authors examined cyber insurance practitioners' perceptions and the challenges they face in collecting and using data. In addition, gaps were identified during the research where further data is needed. The authors concluded that cyber insurance is still in its infancy, and there are still several unanswered questions (for example, cyber valuation, risk calculation and recovery). They also pointed out that a better understanding of data collection and use in cyber insurance would be invaluable for future research and practice. Bessy-Roland et al. ( 2021 ) come to a similar conclusion. They proposed a multivariate Hawkes framework to model and predict the frequency of cyberattacks. They used a public dataset with characteristics of data breaches affecting the U.S. industry. In the conclusion, the authors make the argument that an insurer has a better knowledge of cyber losses, but that it is based on a small dataset and therefore combination with external data sources seems essential to improve the assessment of cyber risks.

Several systematic reviews have been published in the area of cybersecurity (Kruse et al. 2017 ; Lee et al. 2020 ; Loukas et al. 2013 ; Ulven and Wangen 2021 ). In these papers, the authors concentrated on a specific area or sector in the context of cybersecurity. This paper adds to this extant literature by focusing on data availability and its importance to risk management and insurance stakeholders. With a priority on healthcare and cybersecurity, Kruse et al. ( 2017 ) conducted a systematic literature review. The authors identified 472 articles with the keywords ‘cybersecurity and healthcare’ or ‘ransomware’ in the databases Cumulative Index of Nursing and Allied Health Literature, PubMed and Proquest. Articles were eligible for this review if they satisfied three criteria: (1) they were published between 2006 and 2016, (2) the full-text version of the article was available, and (3) the publication is a peer-reviewed or scholarly journal. The authors found that technological development and federal policies (in the U.S.) are the main factors exposing the health sector to cyber risks. Loukas et al. ( 2013 ) conducted a review with a focus on cyber risks and cybersecurity in emergency management. The authors provided an overview of cyber risks in communication, sensor, information management and vehicle technologies used in emergency management and showed areas for which there is still no solution in the literature. Similarly, Ulven and Wangen ( 2021 ) reviewed the literature on cybersecurity risks in higher education institutions. For the literature review, the authors used the keywords ‘cyber’, ‘information threats’ or ‘vulnerability’ in connection with the terms ‘higher education, ‘university’ or ‘academia’. A similar literature review with a focus on Internet of Things (IoT) cybersecurity was conducted by Lee et al. ( 2020 ). The review revealed that qualitative approaches focus on high-level frameworks, and quantitative approaches to cybersecurity risk management focus on risk assessment and quantification of cyberattacks and impacts. In addition, the findings presented a four-step IoT cyber risk management framework that identifies, quantifies and prioritises cyber risks.

Datasets are an essential part of cybersecurity research, underlined by the following works. Ilhan Firat et al. ( 2021 ) examined various cybersecurity datasets in detail. The study was motivated by the fact that with the proliferation of the internet and smart technologies, the mode of cyberattacks is also evolving. However, in order to prevent such attacks, they must first be detected; the dissemination and further development of cybersecurity datasets is therefore critical. In their work, the authors observed studies of datasets used in intrusion detection systems. Khraisat et al. ( 2019 ) also identified a need for new datasets in the context of cybersecurity. The researchers presented a taxonomy of current intrusion detection systems, a comprehensive review of notable recent work, and an overview of the datasets commonly used for assessment purposes. In their conclusion, the authors noted that new datasets are needed because most machine-learning techniques are trained and evaluated on the knowledge of old datasets. These datasets do not contain new and comprehensive information and are partly derived from datasets from 1999. The authors noted that the core of this issue is the availability of new public datasets as well as their quality. The availability of data, how it is used, created and shared was also investigated by Zheng et al. ( 2018 ). The researchers analysed 965 cybersecurity research papers published between 2012 and 2016. They created a taxonomy of the types of data that are created and shared and then analysed the data collected via datasets. The researchers concluded that while datasets are recognised as valuable for cybersecurity research, the proportion of publicly available datasets is limited.

The main contributions of this review and what differentiates it from previous studies can be summarised as follows. First, as far as we can tell, it is the first work to summarise all available datasets on cyber risk and cybersecurity in the context of a systematic review and present them to the scientific community and cyber insurance and cybersecurity stakeholders. Second, we investigated, analysed, and made available the datasets to support efficient and timely progress in cyber risk research. And third, we enable comparability of datasets so that the appropriate dataset can be selected depending on the research area.

Methodology

Process and eligibility criteria.

The structure of this systematic review is inspired by the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework (Page et al. 2021 ), and the search was conducted from 3 to 10 May 2021. Due to the continuous development of cyber risks and their countermeasures, only articles published in the last 10 years were considered. In addition, only articles published in peer-reviewed journals written in English were included. As a final criterion, only articles that make use of one or more cybersecurity or cyber risk datasets met the inclusion criteria. Specifically, these studies presented new or existing datasets, used them for methods, or used them to verify new results, as well as analysed them in an economic context and pointed out their effects. The criterion was fulfilled if it was clearly stated in the abstract that one or more datasets were used. A detailed explanation of this selection criterion can be found in the ‘Study selection’ section.

Information sources

In order to cover a complete spectrum of literature, various databases were queried to collect relevant literature on the topic of cybersecurity and cyber risks. Due to the spread of related articles across multiple databases, the literature search was limited to the following four databases for simplicity: IEEE Xplore, Scopus, SpringerLink and Web of Science. This is similar to other literature reviews addressing cyber risks or cybersecurity, including Sardi et al. ( 2021 ), Franke and Brynielsson ( 2014 ), Lagerström (2019), Eling and Schnell ( 2016 ) and Eling ( 2020 ). In this paper, all databases used in the aforementioned works were considered. However, only two studies also used all the databases listed. The IEEE Xplore database contains electrical engineering, computer science, and electronics work from over 200 journals and three million conference papers (IEEE 2021 ). Scopus includes 23,400 peer-reviewed journals from more than 5000 international publishers in the areas of science, engineering, medicine, social sciences and humanities (Scopus 2021 ). SpringerLink contains 3742 journals and indexes over 10 million scientific documents (SpringerLink 2021 ). Finally, Web of Science indexes over 9200 journals in different scientific disciplines (Science 2021 ).

A search string was created and applied to all databases. To make the search efficient and reproducible, the following search string with Boolean operator was used in all databases: cybersecurity OR cyber risk AND dataset OR database. To ensure uniformity of the search across all databases, some adjustments had to be made for the respective search engines. In Scopus, for example, the Advanced Search was used, and the field code ‘Title-ABS-KEY’ was integrated into the search string. For IEEE Xplore, the search was carried out with the Search String in the Command Search and ‘All Metadata’. In the Web of Science database, the Advanced Search was used. The special feature of this search was that it had to be carried out in individual steps. The first search was carried out with the terms cybersecurity OR cyber risk with the field tag Topic (T.S. =) and the second search with dataset OR database. Subsequently, these searches were combined, which then delivered the searched articles for review. For SpringerLink, the search string was used in the Advanced Search under the category ‘Find the resources with all of the words’. After conducting this search string, 5219 studies could be found. According to the eligibility criteria (period, language and only scientific journals), 1581 studies were identified in the databases:

Scopus: 135

Springer Link: 548

Web of Science: 534

An overview of the process is given in Fig. 2 . Combined with the results from the four databases, 854 articles without duplicates were identified.

Literature search process and categorisation of the studies

Study selection

In the final step of the selection process, the articles were screened for relevance. Due to a large number of results, the abstracts were analysed in the first step of the process. The aim was to determine whether the article was relevant for the systematic review. An article fulfilled the criterion if it was recognisable in the abstract that it had made a contribution to datasets or databases with regard to cyber risks or cybersecurity. Specifically, the criterion was considered to be met if the abstract used datasets that address the causes or impacts of cyber risks, and measures in the area of cybersecurity. In this process, the number of articles was reduced to 288. The articles were then read in their entirety, and an expert panel of six people decided whether they should be used. This led to a final number of 255 articles. The years in which the articles were published and the exact number can be seen in Fig. 3 .

Distribution of studies

Data collection process and synthesis of the results

For the data collection process, various data were extracted from the studies, including the names of the respective creators, the name of the dataset or database and the corresponding reference. It was also determined where the data came from. In the context of accessibility, it was determined whether access is free, controlled, available for purchase or not available. It was also determined when the datasets were created and the time period referenced. The application type and domain characteristics of the datasets were identified.

This section analyses the results of the systematic literature review. The previously identified studies are divided into three categories: datasets on the causes of cyber risks, datasets on the effects of cyber risks and datasets on cybersecurity. The classification is based on the intended use of the studies. This system of classification makes it easier for stakeholders to find the appropriate datasets. The categories are evaluated individually. Although complete information is available for a large proportion of datasets, this is not true for all of them. Accordingly, the abbreviation N/A has been inserted in the respective characters to indicate that this information could not be determined by the time of submission. The term ‘use cases in the literature’ in the following and supplementary tables refers to the application areas in which the corresponding datasets were used in the literature. The areas listed there refer to the topic area on which the researchers conducted their research. Since some datasets were used interdisciplinarily, the listed use cases in the literature are correspondingly longer. Before discussing each category in the next sections, Fig. 4 provides an overview of the number of datasets found and their year of creation. Figure 5 then shows the relationship between studies and datasets in the period under consideration. Figure 6 shows the distribution of studies, their use of datasets and their creation date. The number of datasets used is higher than the number of studies because the studies often used several datasets (Table 1 ).

Distribution of dataset results

Correlation between the studies and the datasets

Distribution of studies and their use of datasets

Most of the datasets are generated in the U.S. (up to 58.2%). Canada and Australia rank next, with 11.3% and 5% of all the reviewed datasets, respectively.

Additionally, to create value for the datasets for the cyber insurance industry, an assessment of the applicability of each dataset has been provided for cyber insurers. This ‘Use Case Assessment’ includes the use of the data in the context of different analyses, calculation of cyber insurance premiums, and use of the information for the design of cyber insurance contracts or for additional customer services. To reasonably account for the transition of direct hyperlinks in the future, references were directed to the main websites for longevity (nearest resource point). In addition, the links to the main pages contain further information on the datasets and different versions related to the operating systems. The references were chosen in such a way that practitioners get the best overview of the respective datasets.

Case datasets

This section presents selected articles that use the datasets to analyse the causes of cyber risks. The datasets help identify emerging trends and allow pattern discovery in cyber risks. This information gives cybersecurity experts and cyber insurers the data to make better predictions and take appropriate action. For example, if certain vulnerabilities are not adequately protected, cyber insurers will demand a risk surcharge leading to an improvement in the risk-adjusted premium. Due to the capricious nature of cyber risks, existing data must be supplemented with new data sources (for example, new events, new methods or security vulnerabilities) to determine prevailing cyber exposure. The datasets of cyber risk causes could be combined with existing portfolio data from cyber insurers and integrated into existing pricing tools and factors to improve the valuation of cyber risks.

A portion of these datasets consists of several taxonomies and classifications of cyber risks. Aassal et al. ( 2020 ) propose a new taxonomy of phishing characteristics based on the interpretation and purpose of each characteristic. In comparison, Hindy et al. ( 2020 ) presented a taxonomy of network threats and the impact of current datasets on intrusion detection systems. A similar taxonomy was suggested by Kiwia et al. ( 2018 ). The authors presented a cyber kill chain-based taxonomy of banking Trojans features. The taxonomy built on a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major U.K.-based financial organisation.

In the context of classification, Aamir et al. ( 2021 ) showed the benefits of machine learning for classifying port scans and DDoS attacks in a mixture of normal and attack traffic. Guo et al. ( 2020 ) presented a new method to improve malware classification based on entropy sequence features. The evaluation of this new method was conducted on different malware datasets.

To reconstruct attack scenarios and draw conclusions based on the evidence in the alert stream, Barzegar and Shajari ( 2018 ) use the DARPA2000 and MACCDC 2012 dataset for their research. Giudici and Raffinetti ( 2020 ) proposed a rank-based statistical model aimed at predicting the severity levels of cyber risk. The model used cyber risk data from the University of Milan. In contrast to the previous datasets, Skrjanc et al. ( 2018 ) used the older dataset KDD99 to monitor large-scale cyberattacks using a cauchy clustering method.

Amin et al. ( 2021 ) used a cyberattack dataset from the Canadian Institute for Cybersecurity to identify spatial clusters of countries with high rates of cyberattacks. In the context of cybercrime, Junger et al. ( 2020 ) examined crime scripts, key characteristics of the target company and the relationship between criminal effort and financial benefit. For their study, the authors analysed 300 cases of fraudulent activities against Dutch companies. With a similar focus on cybercrime, Mireles et al. ( 2019 ) proposed a metric framework to measure the effectiveness of the dynamic evolution of cyberattacks and defensive measures. To validate its usefulness, they used the DEFCON dataset.

Due to the rapidly changing nature of cyber risks, it is often impossible to obtain all information on them. Kim and Kim ( 2019 ) proposed an automated dataset generation system called CTIMiner that collects threat data from publicly available security reports and malware repositories. They released a dataset to the public containing about 640,000 records from 612 security reports published between January 2008 and 2019. A similar approach is proposed by Kim et al. ( 2020 ), using a named entity recognition system to extract core information from cyber threat reports automatically. They created a 498,000-tag dataset during their research (Ulven and Wangen 2021 ).

Within the framework of vulnerabilities and cybersecurity issues, Ulven and Wangen ( 2021 ) proposed an overview of mission-critical assets and everyday threat events, suggested a generic threat model, and summarised common cybersecurity vulnerabilities. With a focus on hospitality, Chen and Fiscus ( 2018 ) proposed several issues related to cybersecurity in this sector. They analysed 76 security incidents from the Privacy Rights Clearinghouse database. Supplementary Table 1 lists all findings that belong to the cyber causes dataset.

Impact datasets

This section outlines selected findings of the cyber impact dataset. For cyber insurers, these datasets can form an important basis for information, as they can be used to calculate cyber insurance premiums, evaluate specific cyber risks, formulate inclusions and exclusions in cyber wordings, and re-evaluate as well as supplement the data collected so far on cyber risks. For example, information on financial losses can help to better assess the loss potential of cyber risks. Furthermore, the datasets can provide insight into the frequency of occurrence of these cyber risks. The new datasets can be used to close any data gaps that were previously based on very approximate estimates or to find new results.

Eight studies addressed the costs of data breaches. For instance, Eling and Jung ( 2018 ) reviewed 3327 data breach events from 2005 to 2016 and identified an asymmetric dependence of monthly losses by breach type and industry. The authors used datasets from the Privacy Rights Clearinghouse for analysis. The Privacy Rights Clearinghouse datasets and the Breach level index database were also used by De Giovanni et al. ( 2020 ) to describe relationships between data breaches and bitcoin-related variables using the cointegration methodology. The data were obtained from the Department of Health and Human Services of healthcare facilities reporting data breaches and a national database of technical and organisational infrastructure information. Also in the context of data breaches, Algarni et al. ( 2021 ) developed a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. For their survey, the authors used two industrial reports from the Ponemon institute and VERIZON. To illustrate the scope of data breaches, Neto et al. ( 2021 ) identified 430 major data breach incidents among more than 10,000 incidents. The database created is available and covers the period 2018 to 2019.

With a direct focus on insurance, Biener et al. ( 2015 ) analysed 994 cyber loss cases from an operational risk database and investigated the insurability of cyber risks based on predefined criteria. For their study, they used data from the company SAS OpRisk Global Data. Similarly, Eling and Wirfs ( 2019 ) looked at a wide range of cyber risk events and actual cost data using the same database. They identified cyber losses and analysed them using methods from statistics and actuarial science. Using a similar reference, Farkas et al. ( 2021 ) proposed a method for analysing cyber claims based on regression trees to identify criteria for classifying and evaluating claims. Similar to Chen and Fiscus ( 2018 ), the dataset used was the Privacy Rights Clearinghouse database. Within the framework of reinsurance, Moro ( 2020 ) analysed cyber index-based information technology activity to see if index-parametric reinsurance coverage could suggest its cedant using data from a Symantec dataset.

Paté-Cornell et al. ( 2018 ) presented a general probabilistic risk analysis framework for cybersecurity in an organisation to be specified. The results are distributions of losses to cyberattacks, with and without considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. The data used were from The Common Vulnerability and Exposures database and via confidential access to a database of cyberattacks on a large, U.S.-based organisation. A different conceptual framework for cyber risk classification and assessment was proposed by Sheehan et al. ( 2021 ). This framework showed the importance of proactive and reactive barriers in reducing companies’ exposure to cyber risk and quantifying the risk. Another approach to cyber risk assessment and mitigation was proposed by Mukhopadhyay et al. ( 2019 ). They estimated the probability of an attack using generalised linear models, predicted the security technology required to reduce the probability of cyberattacks, and used gamma and exponential distributions to best approximate the average loss data for each malicious attack. They also calculated the expected loss due to cyberattacks, calculated the net premium that would need to be charged by a cyber insurer, and suggested cyber insurance as a strategy to minimise losses. They used the CSI-FBI survey (1997–2010) to conduct their research.

In order to highlight the lack of data on cyber risks, Eling ( 2020 ) conducted a literature review in the areas of cyber risk and cyber insurance. Available information on the frequency, severity, and dependency structure of cyber risks was filtered out. In addition, open questions for future cyber risk research were set up. Another example of data collection on the impact of cyberattacks is provided by Sornette et al. ( 2013 ), who use a database of newspaper articles, press reports and other media to provide a predictive method to identify triggering events and potential accident scenarios and estimate their severity and frequency. A similar approach to data collection was used by Arcuri et al. ( 2020 ) to gather an original sample of global cyberattacks from newspaper reports sourced from the LexisNexis database. This collection is also used and applied to the fields of dynamic communication and cyber risk perception by Fang et al. ( 2021 ). To create a dataset of cyber incidents and disputes, Valeriano and Maness ( 2014 ) collected information on cyber interactions between rival states.

To assess trends and the scale of economic cybercrime, Levi ( 2017 ) examined datasets from different countries and their impact on crime policy. Pooser et al. ( 2018 ) investigated the trend in cyber risk identification from 2006 to 2015 and company characteristics related to cyber risk perception. The authors used a dataset of various reports from cyber insurers for their study. Walker-Roberts et al. ( 2020 ) investigated the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The datasets of impacts identified are presented below. Due to overlap, some may also appear in the causes dataset (Supplementary Table 2).

Cybersecurity datasets

General intrusion detection.

General intrusion detection systems account for the largest share of countermeasure datasets. For companies or researchers focused on cybersecurity, the datasets can be used to test their own countermeasures or obtain information about potential vulnerabilities. For example, Al-Omari et al. ( 2021 ) proposed an intelligent intrusion detection model for predicting and detecting attacks in cyberspace, which was applied to dataset UNSW-NB 15. A similar approach was taken by Choras and Kozik ( 2015 ), who used machine learning to detect cyberattacks on web applications. To evaluate their method, they used the HTTP dataset CSIC 2010. For the identification of unknown attacks on web servers, Kamarudin et al. ( 2017 ) proposed an anomaly-based intrusion detection system using an ensemble classification approach. Ganeshan and Rodrigues ( 2020 ) showed an intrusion detection system approach, which clusters the database into several groups and detects the presence of intrusion in the clusters. In comparison, AlKadi et al. ( 2019 ) used a localisation-based model to discover abnormal patterns in network traffic. Hybrid models have been recommended by Bhattacharya et al. ( 2020 ) and Agrawal et al. ( 2019 ); the former is a machine-learning model based on principal component analysis for the classification of intrusion detection system datasets, while the latter is a hybrid ensemble intrusion detection system for anomaly detection using different datasets to detect patterns in network traffic that deviate from normal behaviour.

Agarwal et al. ( 2021 ) used three different machine learning algorithms in their research to find the most suitable for efficiently identifying patterns of suspicious network activity. The UNSW-NB15 dataset was used for this purpose. Kasongo and Sun ( 2020 ), Feed-Forward Deep Neural Network (FFDNN), Keshk et al. ( 2021 ), the privacy-preserving anomaly detection framework, and others also use the UNSW-NB 15 dataset as part of intrusion detection systems. The same dataset and others were used by Binbusayyis and Vaiyapuri ( 2019 ) to identify and compare key features for cyber intrusion detection. Atefinia and Ahmadi ( 2021 ) proposed a deep neural network model to reduce the false positive rate of an anomaly-based intrusion detection system. Fossaceca et al. ( 2015 ) focused in their research on the development of a framework that combined the outputs of multiple learners in order to improve the efficacy of network intrusion, and Gauthama Raman et al. ( 2020 ) presented a search algorithm based on Support Vector machine to improve the performance of the detection and false alarm rate to improve intrusion detection techniques. Ahmad and Alsemmeari ( 2020 ) targeted extreme learning machine techniques due to their good capabilities in classification problems and handling huge data. They used the NSL-KDD dataset as a benchmark.

With reference to prediction, Bakdash et al. ( 2018 ) used datasets from the U.S. Department of Defence to predict cyberattacks by malware. This dataset consists of weekly counts of cyber events over approximately seven years. Another prediction method was presented by Fan et al. ( 2018 ), which showed an improved integrated cybersecurity prediction method based on spatial-time analysis. Also, with reference to prediction, Ashtiani and Azgomi ( 2014 ) proposed a framework for the distributed simulation of cyberattacks based on high-level architecture. Kirubavathi and Anitha ( 2016 ) recommended an approach to detect botnets, irrespective of their structures, based on network traffic flow behaviour analysis and machine-learning techniques. Dwivedi et al. ( 2021 ) introduced a multi-parallel adaptive technique to utilise an adaption mechanism in the group of swarms for network intrusion detection. AlEroud and Karabatis ( 2018 ) presented an approach that used contextual information to automatically identify and query possible semantic links between different types of suspicious activities extracted from network flows.

Intrusion detection systems with a focus on IoT

In addition to general intrusion detection systems, a proportion of studies focused on IoT. Habib et al. ( 2020 ) presented an approach for converting traditional intrusion detection systems into smart intrusion detection systems for IoT networks. To enhance the process of diagnostic detection of possible vulnerabilities with an IoT system, Georgescu et al. ( 2019 ) introduced a method that uses a named entity recognition-based solution. With regard to IoT in the smart home sector, Heartfield et al. ( 2021 ) presented a detection system that is able to autonomously adjust the decision function of its underlying anomaly classification models to a smart home’s changing condition. Another intrusion detection system was suggested by Keserwani et al. ( 2021 ), which combined Grey Wolf Optimization and Particle Swam Optimization to identify various attacks for IoT networks. They used the KDD Cup 99, NSL-KDD and CICIDS-2017 to evaluate their model. Abu Al-Haija and Zein-Sabatto ( 2020 ) provide a comprehensive development of a new intelligent and autonomous deep-learning-based detection and classification system for cyberattacks in IoT communication networks that leverage the power of convolutional neural networks, abbreviated as IoT-IDCS-CNN (IoT-based Intrusion Detection and Classification System using Convolutional Neural Network). To evaluate the development, the authors used the NSL-KDD dataset. Biswas and Roy ( 2021 ) recommended a model that identifies malicious botnet traffic using novel deep-learning approaches like artificial neural networks gutted recurrent units and long- or short-term memory models. They tested their model with the Bot-IoT dataset.

With a more forensic background, Koroniotis et al. ( 2020 ) submitted a network forensic framework, which described the digital investigation phases for identifying and tracing attack behaviours in IoT networks. The suggested work was evaluated with the Bot-IoT and UINSW-NB15 datasets. With a focus on big data and IoT, Chhabra et al. ( 2020 ) presented a cyber forensic framework for big data analytics in an IoT environment using machine learning. Furthermore, the authors mentioned different publicly available datasets for machine-learning models.

A stronger focus on a mobile phones was exhibited by Alazab et al. ( 2020 ), which presented a classification model that combined permission requests and application programme interface calls. The model was tested with a malware dataset containing 27,891 Android apps. A similar approach was taken by Li et al. ( 2019a , b ), who proposed a reliable classifier for Android malware detection based on factorisation machine architecture and extraction of Android app features from manifest files and source code.

Literature reviews

In addition to the different methods and models for intrusion detection systems, various literature reviews on the methods and datasets were also found. Liu and Lang ( 2019 ) proposed a taxonomy of intrusion detection systems that uses data objects as the main dimension to classify and summarise machine learning and deep learning-based intrusion detection literature. They also presented four different benchmark datasets for machine-learning detection systems. Ahmed et al. ( 2016 ) presented an in-depth analysis of four major categories of anomaly detection techniques, which include classification, statistical, information theory and clustering. Hajj et al. ( 2021 ) gave a comprehensive overview of anomaly-based intrusion detection systems. Their article gives an overview of the requirements, methods, measurements and datasets that are used in an intrusion detection system.

Within the framework of machine learning, Chattopadhyay et al. ( 2018 ) conducted a comprehensive review and meta-analysis on the application of machine-learning techniques in intrusion detection systems. They also compared different machine learning techniques in different datasets and summarised the performance. Vidros et al. ( 2017 ) presented an overview of characteristics and methods in automatic detection of online recruitment fraud. They also published an available dataset of 17,880 annotated job ads, retrieved from the use of a real-life system. An empirical study of different unsupervised learning algorithms used in the detection of unknown attacks was presented by Meira et al. ( 2020 ).

New datasets

Kilincer et al. ( 2021 ) reviewed different intrusion detection system datasets in detail. They had a closer look at the UNS-NB15, ISCX-2012, NSL-KDD and CIDDS-001 datasets. Stojanovic et al. ( 2020 ) also provided a review on datasets and their creation for use in advanced persistent threat detection in the literature. Another review of datasets was provided by Sarker et al. ( 2020 ), who focused on cybersecurity data science as part of their research and provided an overview from a machine-learning perspective. Avila et al. ( 2021 ) conducted a systematic literature review on the use of security logs for data leak detection. They recommended a new classification of information leak, which uses the GDPR principles, identified the most widely publicly available dataset for threat detection, described the attack types in the datasets and the algorithms used for data leak detection. Tuncer et al. ( 2020 ) presented a bytecode-based detection method consisting of feature extraction using local neighbourhood binary patterns. They chose a byte-based malware dataset to investigate the performance of the proposed local neighbourhood binary pattern-based detection method. With a different focus, Mauro et al. ( 2020 ) gave an experimental overview of neural-based techniques relevant to intrusion detection. They assessed the value of neural networks using the Bot-IoT and UNSW-DB15 datasets.

Another category of results in the context of countermeasure datasets is those that were presented as new. Moreno et al. ( 2018 ) developed a database of 300 security-related accidents from European and American sources. The database contained cybersecurity-related events in the chemical and process industry. Damasevicius et al. ( 2020 ) proposed a new dataset (LITNET-2020) for network intrusion detection. The dataset is a new annotated network benchmark dataset obtained from the real-world academic network. It presents real-world examples of normal and under-attack network traffic. With a focus on IoT intrusion detection systems, Alsaedi et al. ( 2020 ) proposed a new benchmark IoT/IIot datasets for assessing intrusion detection system-enabled IoT systems. Also in the context of IoT, Vaccari et al. ( 2020 ) proposed a dataset focusing on message queue telemetry transport protocols, which can be used to train machine-learning models. To evaluate the performance of machine-learning classifiers, Mahfouz et al. ( 2020 ) created a dataset called Game Theory and Cybersecurity (GTCS). A dataset containing 22,000 malware and benign samples was constructed by Martin et al. ( 2019 ). The dataset can be used as a benchmark to test the algorithm for Android malware classification and clustering techniques. In addition, Laso et al. ( 2017 ) presented a dataset created to investigate how data and information quality estimates enable the detection of anomalies and malicious acts in cyber-physical systems. The dataset contained various cyberattacks and is publicly available.

In addition to the results described above, several other studies were found that fit into the category of countermeasures. Johnson et al. ( 2016 ) examined the time between vulnerability disclosures. Using another vulnerabilities database, Common Vulnerabilities and Exposures (CVE), Subroto and Apriyana ( 2019 ) presented an algorithm model that uses big data analysis of social media and statistical machine learning to predict cyber risks. A similar databank but with a different focus, Common Vulnerability Scoring System, was used by Chatterjee and Thekdi ( 2020 ) to present an iterative data-driven learning approach to vulnerability assessment and management for complex systems. Using the CICIDS2017 dataset to evaluate the performance, Malik et al. ( 2020 ) proposed a control plane-based orchestration for varied, sophisticated threats and attacks. The same dataset was used in another study by Lee et al. ( 2019 ), who developed an artificial security information event management system based on a combination of event profiling for data processing and different artificial network methods. To exploit the interdependence between multiple series, Fang et al. ( 2021 ) proposed a statistical framework. In order to validate the framework, the authors applied it to a dataset of enterprise-level security breaches from the Privacy Rights Clearinghouse and Identity Theft Center database. Another framework with a defensive aspect was recommended by Li et al. ( 2021 ) to increase the robustness of deep neural networks against adversarial malware evasion attacks. Sarabi et al. ( 2016 ) investigated whether and to what extent business details can help assess an organisation's risk of data breaches and the distribution of risk across different types of incidents to create policies for protection, detection and recovery from different forms of security incidents. They used data from the VERIS Community Database.

Datasets that have been classified into the cybersecurity category are detailed in Supplementary Table 3. Due to overlap, records from the previous tables may also be included.

This paper presented a systematic literature review of studies on cyber risk and cybersecurity that used datasets. Within this framework, 255 studies were fully reviewed and then classified into three different categories. Then, 79 datasets were consolidated from these studies. These datasets were subsequently analysed, and important information was selected through a process of filtering out. This information was recorded in a table and enhanced with further information as part of the literature analysis. This made it possible to create a comprehensive overview of the datasets. For example, each dataset contains a description of where the data came from and how the data has been used to date. This allows different datasets to be compared and the appropriate dataset for the use case to be selected. This research certainly has limitations, so our selection of datasets cannot necessarily be taken as a representation of all available datasets related to cyber risks and cybersecurity. For example, literature searches were conducted in four academic databases and only found datasets that were used in the literature. Many research projects also used old datasets that may no longer consider current developments. In addition, the data are often focused on only one observation and are limited in scope. For example, the datasets can only be applied to specific contexts and are also subject to further limitations (e.g. region, industry, operating system). In the context of the applicability of the datasets, it is unfortunately not possible to make a clear statement on the extent to which they can be integrated into academic or practical areas of application or how great this effort is. Finally, it remains to be pointed out that this is an overview of currently available datasets, which are subject to constant change.

Due to the lack of datasets on cyber risks in the academic literature, additional datasets on cyber risks were integrated as part of a further search. The search was conducted on the Google Dataset search portal. The search term used was ‘cyber risk datasets’. Over 100 results were found. However, due to the low significance and verifiability, only 20 selected datasets were included. These can be found in Table 2 in the “ Appendix ”.

The results of the literature review and datasets also showed that there continues to be a lack of available, open cyber datasets. This lack of data is reflected in cyber insurance, for example, as it is difficult to find a risk-based premium without a sufficient database (Nurse et al. 2020 ). The global cyber insurance market was estimated at USD 5.5 billion in 2020 (Dyson 2020 ). When compared to the USD 1 trillion global losses from cybercrime (Maleks Smith et al. 2020 ), it is clear that there exists a significant cyber risk awareness challenge for both the insurance industry and international commerce. Without comprehensive and qualitative data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price cyber insurance accordingly (GAO 2021 ). For instance, the average cyber insurance loss increased from USD 145,000 in 2019 to USD 359,000 in 2020 (FitchRatings 2021 ). Cyber insurance is an important risk management tool to mitigate the financial impact of cybercrime. This is particularly evident in the impact of different industries. In the Energy & Commodities financial markets, a ransomware attack on the Colonial Pipeline led to a substantial impact on the U.S. economy. As a result of the attack, about 45% of the U.S. East Coast was temporarily unable to obtain supplies of diesel, petrol and jet fuel. This caused the average price in the U.S. to rise 7 cents to USD 3.04 per gallon, the highest in seven years (Garber 2021 ). In addition, Colonial Pipeline confirmed that it paid a USD 4.4 million ransom to a hacker gang after the attack. Another ransomware attack occurred in the healthcare and government sector. The victim of this attack was the Irish Health Service Executive (HSE). A ransom payment of USD 20 million was demanded from the Irish government to restore services after the hack (Tidy 2021 ). In the car manufacturing sector, Miller and Valasek ( 2015 ) initiated a cyberattack that resulted in the recall of 1.4 million vehicles and cost manufacturers EUR 761 million. The risk that arises in the context of these events is the potential for the accumulation of cyber losses, which is why cyber insurers are not expanding their capacity. An example of this accumulation of cyber risks is the NotPetya malware attack, which originated in Russia, struck in Ukraine, and rapidly spread around the world, causing at least USD 10 billion in damage (GAO 2021 ). These events highlight the importance of proper cyber risk management.

This research provides cyber insurance stakeholders with an overview of cyber datasets. Cyber insurers can use the open datasets to improve their understanding and assessment of cyber risks. For example, the impact datasets can be used to better measure financial impacts and their frequencies. These data could be combined with existing portfolio data from cyber insurers and integrated with existing pricing tools and factors to better assess cyber risk valuation. Although most cyber insurers have sparse historical cyber policy and claims data, they remain too small at present for accurate prediction (Bessy-Roland et al. 2021 ). A combination of portfolio data and external datasets would support risk-adjusted pricing for cyber insurance, which would also benefit policyholders. In addition, cyber insurance stakeholders can use the datasets to identify patterns and make better predictions, which would benefit sustainable cyber insurance coverage. In terms of cyber risk cause datasets, cyber insurers can use the data to review their insurance products. For example, the data could provide information on which cyber risks have not been sufficiently considered in product design or where improvements are needed. A combination of cyber cause and cybersecurity datasets can help establish uniform definitions to provide greater transparency and clarity. Consistent terminology could lead to a more sustainable cyber market, where cyber insurers make informed decisions about the level of coverage and policyholders understand their coverage (The Geneva Association 2020).

In addition to the cyber insurance community, this research also supports cybersecurity stakeholders. The reviewed literature can be used to provide a contemporary, contextual and categorised summary of available datasets. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks. With the help of the described cybersecurity datasets and the identified information, a comparison of different datasets is possible. The datasets can be used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems.

In this paper, we conducted a systematic review of studies on cyber risk and cybersecurity databases. We found that most of the datasets are in the field of intrusion detection and machine learning and are used for technical cybersecurity aspects. The available datasets on cyber risks were relatively less represented. Due to the dynamic nature and lack of historical data, assessing and understanding cyber risk is a major challenge for cyber insurance stakeholders. To address this challenge, a greater density of cyber data is needed to support cyber insurers in risk management and researchers with cyber risk-related topics. With reference to ‘Open Science’ FAIR data (Jacobsen et al. 2020 ), mandatory reporting of cyber incidents could help improve cyber understanding, awareness and loss prevention among companies and insurers. Through greater availability of data, cyber risks can be better understood, enabling researchers to conduct more in-depth research into these risks. Companies could incorporate this new knowledge into their corporate culture to reduce cyber risks. For insurance companies, this would have the advantage that all insurers would have the same understanding of cyber risks, which would support sustainable risk-based pricing. In addition, common definitions of cyber risks could be derived from new data.

The cybersecurity databases summarised and categorised in this research could provide a different perspective on cyber risks that would enable the formulation of common definitions in cyber policies. The datasets can help companies addressing cybersecurity and cyber risk as part of risk management assess their internal cyber posture and cybersecurity measures. The paper can also help improve risk awareness and corporate behaviour, and provides the research community with a comprehensive overview of peer-reviewed datasets and other available datasets in the area of cyber risk and cybersecurity. This approach is intended to support the free availability of data for research. The complete tabulated review of the literature is included in the Supplementary Material.

This work provides directions for several paths of future work. First, there are currently few publicly available datasets for cyber risk and cybersecurity. The older datasets that are still widely used no longer reflect today's technical environment. Moreover, they can often only be used in one context, and the scope of the samples is very limited. It would be of great value if more datasets were publicly available that reflect current environmental conditions. This could help intrusion detection systems to consider current events and thus lead to a higher success rate. It could also compensate for the disadvantages of older datasets by collecting larger quantities of samples and making this contextualisation more widespread. Another area of research may be the integratability and adaptability of cybersecurity and cyber risk datasets. For example, it is often unclear to what extent datasets can be integrated or adapted to existing data. For cyber risks and cybersecurity, it would be helpful to know what requirements need to be met or what is needed to use the datasets appropriately. In addition, it would certainly be helpful to know whether datasets can be modified to be used for cyber risks or cybersecurity. Finally, the ability for stakeholders to identify machine-readable cybersecurity datasets would be useful because it would allow for even clearer delineations or comparisons between datasets. Due to the lack of publicly available datasets, concrete benchmarks often cannot be applied.

Average cost of a breach of more than 50 million records.

Aamir, M., S.S.H. Rizvi, M.A. Hashmani, M. Zubair, and J. Ahmad. 2021. Machine learning classification of port scanning and DDoS attacks: A comparative analysis. Mehran University Research Journal of Engineering and Technology 40 (1): 215–229. https://doi.org/10.22581/muet1982.2101.19 .

Article Google Scholar

Aamir, M., and S.M.A. Zaidi. 2019. DDoS attack detection with feature engineering and machine learning: The framework and performance evaluation. International Journal of Information Security 18 (6): 761–785. https://doi.org/10.1007/s10207-019-00434-1 .

Aassal, A. El, S. Baki, A. Das, and R.M. Verma. 2020. 2020. An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access 8: 22170–22192. https://doi.org/10.1109/ACCESS.2020.2969780 .

Abu Al-Haija, Q., and S. Zein-Sabatto. 2020. An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9 (12): 26. https://doi.org/10.3390/electronics9122152 .

Adhikari, U., T.H. Morris, and S.Y. Pan. 2018. Applying Hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Transactions on Smart Grid 9 (5): 4049–4060. https://doi.org/10.1109/tsg.2017.2647778 .

Agarwal, A., P. Sharma, M. Alshehri, A.A. Mohamed, and O. Alfarraj. 2021. Classification model for accuracy and intrusion detection using machine learning approach. PeerJ Computer Science . https://doi.org/10.7717/peerj-cs.437 .

Agrafiotis, I., J.R.C.. Nurse, M. Goldsmith, S. Creese, and D. Upton. 2018. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity 4: tyy006.

Agrawal, A., S. Mohammed, and J. Fiaidhi. 2019. Ensemble technique for intruder detection in network traffic. International Journal of Security and Its Applications 13 (3): 1–8. https://doi.org/10.33832/ijsia.2019.13.3.01 .

Ahmad, I., and R.A. Alsemmeari. 2020. Towards improving the intrusion detection through ELM (extreme learning machine). CMC Computers Materials & Continua 65 (2): 1097–1111. https://doi.org/10.32604/cmc.2020.011732 .

Ahmed, M., A.N. Mahmood, and J.K. Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60: 19–31. https://doi.org/10.1016/j.jnca.2015.11.016 .

Al-Jarrah, O.Y., O. Alhussein, P.D. Yoo, S. Muhaidat, K. Taha, and K. Kim. 2016. Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics 46 (8): 1796–1806. https://doi.org/10.1109/TCYB.2015.2490802 .

Al-Mhiqani, M.N., R. Ahmad, Z.Z. Abidin, W. Yassin, A. Hassan, K.H. Abdulkareem, N.S. Ali, and Z. Yunos. 2020. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations. Applied Sciences—Basel 10 (15): 41. https://doi.org/10.3390/app10155208 .

Al-Omari, M., M. Rawashdeh, F. Qutaishat, M. Alshira’H, and N. Ababneh. 2021. An intelligent tree-based intrusion detection model for cyber security. Journal of Network and Systems Management 29 (2): 18. https://doi.org/10.1007/s10922-021-09591-y .

Alabdallah, A., and M. Awad. 2018. Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System. KSII Transactions on Internet and Information Systems 12 (10): 5143–5158. https://doi.org/10.3837/tiis.2018.10.027 .

Alazab, M., M. Alazab, A. Shalaginov, A. Mesleh, and A. Awajan. 2020. Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems—the International Journal of eScience 107: 509–521. https://doi.org/10.1016/j.future.2020.02.002 .

Albahar, M.A., R.A. Al-Falluji, and M. Binsawad. 2020. An empirical comparison on malicious activity detection using different neural network-based models. IEEE Access 8: 61549–61564. https://doi.org/10.1109/ACCESS.2020.2984157 .

AlEroud, A.F., and G. Karabatis. 2018. Queryable semantics to detect cyber-attacks: A flow-based detection approach. IEEE Transactions on Systems, Man, and Cybernetics: Systems 48 (2): 207–223. https://doi.org/10.1109/TSMC.2016.2600405 .

Algarni, A.M., V. Thayananthan, and Y.K. Malaiya. 2021. Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems. Applied Sciences (switzerland) . https://doi.org/10.3390/app11083678 .

Alhowaide, A., I. Alsmadi, and J. Tang. 2021. Towards the design of real-time autonomous IoT NIDS. Cluster Computing—the Journal of Networks Software Tools and Applications . https://doi.org/10.1007/s10586-021-03231-5 .

Ali, S., and Y. Li. 2019. Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access 7: 108647–108659. https://doi.org/10.1109/ACCESS.2019.2933304 .

AlKadi, O., N. Moustafa, B. Turnbull, and K.K.R. Choo. 2019. Mixture localization-based outliers models for securing data migration in cloud centers. IEEE Access 7: 114607–114618. https://doi.org/10.1109/ACCESS.2019.2935142 .

Allianz. 2021. Allianz Risk Barometer. https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2021.pdf . Accessed 15 May 2021.

Almiani, M., A. AbuGhazleh, A. Al-Rahayfeh, S. Atiewi, and Razaque, A. 2020. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101: 102031. https://doi.org/10.1016/j.simpat.2019.102031

Alsaedi, A., N. Moustafa, Z. Tari, A. Mahmood, and A. Anwar. 2020. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8: 165130–165150. https://doi.org/10.1109/access.2020.3022862 .

Alsamiri, J., and K. Alsubhi. 2019. Internet of Things cyber attacks detection using machine learning. International Journal of Advanced Computer Science and Applications 10 (12): 627–634.

Alsharafat, W. 2013. Applying artificial neural network and eXtended classifier system for network intrusion detection. International Arab Journal of Information Technology 10 (3): 230–238.

Google Scholar

Amin, R.W., H.E. Sevil, S. Kocak, G. Francia III., and P. Hoover. 2021. The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information (switzerland) 12 (1): 1–18. https://doi.org/10.3390/info12010002 .

Arcuri, M.C., L.Z. Gai, F. Ielasi, and E. Ventisette. 2020. Cyber attacks on hospitality sector: Stock market reaction. Journal of Hospitality and Tourism Technology 11 (2): 277–290. https://doi.org/10.1108/jhtt-05-2019-0080 .

Arp, D., M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T. Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Ndss 14: 23–26.

Ashtiani, M., and M.A. Azgomi. 2014. A distributed simulation framework for modeling cyber attacks and the evaluation of security measures. Simulation 90 (9): 1071–1102. https://doi.org/10.1177/0037549714540221 .

Atefinia, R., and M. Ahmadi. 2021. Network intrusion detection using multi-architectural modular deep neural network. Journal of Supercomputing 77 (4): 3571–3593. https://doi.org/10.1007/s11227-020-03410-y .

Avila, R., R. Khoury, R. Khoury, and F. Petrillo. 2021. Use of security logs for data leak detection: A systematic literature review. Security and Communication Networks 2021: 29. https://doi.org/10.1155/2021/6615899 .

Azeez, N.A., T.J. Ayemobola, S. Misra, R. Maskeliunas, and R. Damasevicius. 2019. Network Intrusion Detection with a Hashing Based Apriori Algorithm Using Hadoop MapReduce. Computers 8 (4): 15. https://doi.org/10.3390/computers8040086 .

Bakdash, J.Z., S. Hutchinson, E.G. Zaroukian, L.R. Marusich, S. Thirumuruganathan, C. Sample, B. Hoffman, and G. Das. 2018. Malware in the future forecasting of analyst detection of cyber events. Journal of Cybersecurity . https://doi.org/10.1093/cybsec/tyy007 .

Barletta, V.S., D. Caivano, A. Nannavecchia, and M. Scalera. 2020. Intrusion detection for in-vehicle communication networks: An unsupervised Kohonen SOM approach. Future Internet . https://doi.org/10.3390/FI12070119 .

Barzegar, M., and M. Shajari. 2018. Attack scenario reconstruction using intrusion semantics. Expert Systems with Applications 108: 119–133. https://doi.org/10.1016/j.eswa.2018.04.030 .

Bessy-Roland, Y., A. Boumezoued, and C. Hillairet. 2021. Multivariate Hawkes process for cyber insurance. Annals of Actuarial Science 15 (1): 14–39.

Bhardwaj, A., V. Mangat, and R. Vig. 2020. Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud. IEEE Access 8: 181916–181929. https://doi.org/10.1109/ACCESS.2020.3028690 .

Bhati, B.S., C.S. Rai, B. Balamurugan, and F. Al-Turjman. 2020. An intrusion detection scheme based on the ensemble of discriminant classifiers. Computers & Electrical Engineering 86: 9. https://doi.org/10.1016/j.compeleceng.2020.106742 .

Bhattacharya, S., S.S.R. Krishnan, P.K.R. Maddikunta, R. Kaluri, S. Singh, T.R. Gadekallu, M. Alazab, and U. Tariq. 2020. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9 (2): 16. https://doi.org/10.3390/electronics9020219 .

Bibi, I., A. Akhunzada, J. Malik, J. Iqbal, A. Musaddiq, and S. Kim. 2020. A dynamic DL-driven architecture to combat sophisticated android malware. IEEE Access 8: 129600–129612. https://doi.org/10.1109/ACCESS.2020.3009819 .

Biener, C., M. Eling, and J.H. Wirfs. 2015. Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance—Issues and Practice 40 (1): 131–158. https://doi.org/10.1057/gpp.2014.19 .

Binbusayyis, A., and T. Vaiyapuri. 2019. Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach. IEEE Access 7: 106495–106513. https://doi.org/10.1109/ACCESS.2019.2929487 .

Biswas, R., and S. Roy. 2021. Botnet traffic identification using neural networks. Multimedia Tools and Applications . https://doi.org/10.1007/s11042-021-10765-8 .

Bouyeddou, B., F. Harrou, B. Kadri, and Y. Sun. 2021. Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing—the Journal of Networks Software Tools and Applications 24 (2): 1435–1453. https://doi.org/10.1007/s10586-020-03203-1 .

Bozkir, A.S., and M. Aydos. 2020. LogoSENSE: A companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Computers & Security 95: 18. https://doi.org/10.1016/j.cose.2020.101855 .

Brower, D., and M. McCormick. 2021. Colonial pipeline resumes operations following ransomware attack. Financial Times .

Cai, H., F. Zhang, and A. Levi. 2019. An unsupervised method for detecting shilling attacks in recommender systems by mining item relationship and identifying target items. The Computer Journal 62 (4): 579–597. https://doi.org/10.1093/comjnl/bxy124 .

Cebula, J.J., M.E. Popeck, and L.R. Young. 2014. A Taxonomy of Operational Cyber Security Risks Version 2 .

Chadza, T., K.G. Kyriakopoulos, and S. Lambotharan. 2020. Learning to learn sequential network attacks using hidden Markov models. IEEE Access 8: 134480–134497. https://doi.org/10.1109/ACCESS.2020.3011293 .

Chatterjee, S., and S. Thekdi. 2020. An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems. Reliability Engineering and System Safety . https://doi.org/10.1016/j.ress.2019.106664 .

Chattopadhyay, M., R. Sen, and S. Gupta. 2018. A comprehensive review and meta-analysis on applications of machine learning techniques in intrusion detection. Australasian Journal of Information Systems 22: 27.

Chen, H.S., and J. Fiscus. 2018. The inhospitable vulnerability: A need for cybersecurity risk assessment in the hospitality industry. Journal of Hospitality and Tourism Technology 9 (2): 223–234. https://doi.org/10.1108/JHTT-07-2017-0044 .

Chhabra, G.S., V.P. Singh, and M. Singh. 2020. Cyber forensics framework for big data analytics in IoT environment using machine learning. Multimedia Tools and Applications 79 (23–24): 15881–15900. https://doi.org/10.1007/s11042-018-6338-1 .

Chiba, Z., N. Abghour, K. Moussaid, A. Elomri, and M. Rida. 2019. Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms. Computers and Security 86: 291–317. https://doi.org/10.1016/j.cose.2019.06.013 .

Choras, M., and R. Kozik. 2015. Machine learning techniques applied to detect cyber attacks on web applications. Logic Journal of the IGPL 23 (1): 45–56. https://doi.org/10.1093/jigpal/jzu038 .

Chowdhury, S., M. Khanzadeh, R. Akula, F. Zhang, S. Zhang, H. Medal, M. Marufuzzaman, and L. Bian. 2017. Botnet detection using graph-based feature clustering. Journal of Big Data 4 (1): 14. https://doi.org/10.1186/s40537-017-0074-7 .

Cost Of A Cyber Incident: Systematic Review And Cross-Validation, Cybersecurity & Infrastructure Agency , 1, https://www.cisa.gov/sites/default/files/publications/CISA-OCE_Cost_of_Cyber_Incidents_Study-FINAL_508.pdf (2020).

D’Hooge, L., T. Wauters, B. Volckaert, and F. De Turck. 2019. Classification hardness for supervised learners on 20 years of intrusion detection data. IEEE Access 7: 167455–167469. https://doi.org/10.1109/access.2019.2953451 .

Damasevicius, R., A. Venckauskas, S. Grigaliunas, J. Toldinas, N. Morkevicius, T. Aleliunas, and P. Smuikys. 2020. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics 9 (5): 23. https://doi.org/10.3390/electronics9050800 .

De Giovanni, A.L.D., and M. Pirra. 2020. On the determinants of data breaches: A cointegration analysis. Decisions in Economics and Finance . https://doi.org/10.1007/s10203-020-00301-y .

Deng, L., D. Li, X. Yao, and H. Wang. 2019. Retracted Article: Mobile network intrusion detection for IoT system based on transfer learning algorithm. Cluster Computing 22 (4): 9889–9904. https://doi.org/10.1007/s10586-018-1847-2 .

Donkal, G., and G.K. Verma. 2018. A multimodal fusion based framework to reinforce IDS for securing Big Data environment using Spark. Journal of Information Security and Applications 43: 1–11. https://doi.org/10.1016/j.jisa.2018.10.001 .

Dunn, C., N. Moustafa, and B. Turnbull. 2020. Robustness evaluations of sustainable machine learning models against data Poisoning attacks in the Internet of Things. Sustainability 12 (16): 17. https://doi.org/10.3390/su12166434 .

Dwivedi, S., M. Vardhan, and S. Tripathi. 2021. Multi-parallel adaptive grasshopper optimization technique for detecting anonymous attacks in wireless networks. Wireless Personal Communications . https://doi.org/10.1007/s11277-021-08368-5 .

Dyson, B. 2020. COVID-19 crisis could be ‘watershed’ for cyber insurance, says Swiss Re exec. https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/covid-19-crisis-could-be-watershed-for-cyber-insurance-says-swiss-re-exec-59197154 . Accessed 7 May 2020.

EIOPA. 2018. Understanding cyber insurance—a structured dialogue with insurance companies. https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_understanding_cyber_insurance.pdf . Accessed 28 May 2018

Elijah, A.V., A. Abdullah, N.Z. JhanJhi, M. Supramaniam, and O.B. Abdullateef. 2019. Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: An empirical study. International Journal of Advanced Computer Science and Applications 10 (9): 520–528.

Eling, M., and K. Jung. 2018. Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance Mathematics & Economics 82: 167–180. https://doi.org/10.1016/j.insmatheco.2018.07.003 .

Eling, M., and W. Schnell. 2016. What do we know about cyber risk and cyber risk insurance? Journal of Risk Finance 17 (5): 474–491. https://doi.org/10.1108/jrf-09-2016-0122 .

Eling, M., and J. Wirfs. 2019. What are the actual costs of cyber risk events? European Journal of Operational Research 272 (3): 1109–1119. https://doi.org/10.1016/j.ejor.2018.07.021 .

Eling, M. 2020. Cyber risk research in business and actuarial science. European Actuarial Journal 10 (2): 303–333.

Elmasry, W., A. Akbulut, and A.H. Zaim. 2019. Empirical study on multiclass classification-based network intrusion detection. Computational Intelligence 35 (4): 919–954. https://doi.org/10.1111/coin.12220 .

Elsaid, S.A., and N.S. Albatati. 2020. An optimized collaborative intrusion detection system for wireless sensor networks. Soft Computing 24 (16): 12553–12567. https://doi.org/10.1007/s00500-020-04695-0 .

Estepa, R., J.E. Díaz-Verdejo, A. Estepa, and G. Madinabeitia. 2020. How much training data is enough? A case study for HTTP anomaly-based intrusion detection. IEEE Access 8: 44410–44425. https://doi.org/10.1109/ACCESS.2020.2977591 .

European Council. 2021. Cybersecurity: how the EU tackles cyber threats. https://www.consilium.europa.eu/en/policies/cybersecurity/ . Accessed 10 May 2021

Falco, G. et al. 2019. Cyber risk research impeded by disciplinary barriers. Science (American Association for the Advancement of Science) 366 (6469): 1066–1069.

Fan, Z.J., Z.P. Tan, C.X. Tan, and X. Li. 2018. An improved integrated prediction method of cyber security situation based on spatial-time analysis. Journal of Internet Technology 19 (6): 1789–1800. https://doi.org/10.3966/160792642018111906015 .

Fang, Z.J., M.C. Xu, S.H. Xu, and T.Z. Hu. 2021. A framework for predicting data breach risk: Leveraging dependence to cope with sparsity. IEEE Transactions on Information Forensics and Security 16: 2186–2201. https://doi.org/10.1109/tifs.2021.3051804 .

Farkas, S., O. Lopez, and M. Thomas. 2021. Cyber claim analysis using Generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics 98: 92–105. https://doi.org/10.1016/j.insmatheco.2021.02.009 .

Farsi, H., A. Fanian, and Z. Taghiyarrenani. 2019. A novel online state-based anomaly detection system for process control networks. International Journal of Critical Infrastructure Protection 27: 11. https://doi.org/10.1016/j.ijcip.2019.100323 .

Ferrag, M.A., L. Maglaras, S. Moschoyiannis, and H. Janicke. 2020. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications 50: 19. https://doi.org/10.1016/j.jisa.2019.102419 .

Field, M. 2018. WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled. https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/ . Accessed 9 May 2018.

FitchRatings. 2021. U.S. Cyber Insurance Market Update (Spike in Claims Leads to Decline in 2020 Underwriting Performance). https://www.fitchratings.com/research/insurance/us-cyber-insurance-market-update-spike-in-claims-leads-to-decline-in-2020-underwriting-performance-26-05-2021 .

Fossaceca, J.M., T.A. Mazzuchi, and S. Sarkani. 2015. MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications 42 (8): 4062–4080. https://doi.org/10.1016/j.eswa.2014.12.040 .

Franke, U., and J. Brynielsson. 2014. Cyber situational awareness–a systematic review of the literature. Computers & security 46: 18–31.

Freeha, K., K.J. Hwan, M. Lars, and M. Robin. 2021. Data breach management: An integrated risk model. Information & Management 58 (1): 103392. https://doi.org/10.1016/j.im.2020.103392 .

Ganeshan, R., and P. Rodrigues. 2020. Crow-AFL: Crow based adaptive fractional lion optimization approach for the intrusion detection. Wireless Personal Communications 111 (4): 2065–2089. https://doi.org/10.1007/s11277-019-06972-0 .

GAO. 2021. CYBER INSURANCE—Insurers and policyholders face challenges in an evolving market. https://www.gao.gov/assets/gao-21-477.pdf . Accessed 16 May 2021.

Garber, J. 2021. Colonial Pipeline fiasco foreshadows impact of Biden energy policy. https://www.foxbusiness.com/markets/colonial-pipeline-fiasco-foreshadows-impact-of-biden-energy-policy . Accessed 4 May 2021.

Gauthama Raman, M.R., N. Somu, S. Jagarapu, T. Manghnani, T. Selvam, K. Krithivasan, and V.S. Shankar Sriram. 2020. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artificial Intelligence Review 53 (5): 3255–3286. https://doi.org/10.1007/s10462-019-09762-z .

Gavel, S., A.S. Raghuvanshi, and S. Tiwari. 2021. Distributed intrusion detection scheme using dual-axis dimensionality reduction for Internet of things (IoT). Journal of Supercomputing . https://doi.org/10.1007/s11227-021-03697-5 .

GDPR.EU. 2021. FAQ. https://gdpr.eu/faq/ . Accessed 10 May 2021.

Georgescu, T.M., B. Iancu, and M. Zurini. 2019. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in IoT networks. Sensors (switzerland) . https://doi.org/10.3390/s19153380 .

Giudici, P., and E. Raffinetti. 2020. Cyber risk ordering with rank-based statistical models. AStA Advances in Statistical Analysis . https://doi.org/10.1007/s10182-020-00387-0 .

Goh, J., S. Adepu, K.N. Junejo, and A. Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In CRITIS.

Gong, X.Y., J.L. Lu, Y.F. Zhou, H. Qiu, and R. He. 2021. Model uncertainty based annotation error fixing for web attack detection. Journal of Signal Processing Systems for Signal Image and Video Technology 93 (2–3): 187–199. https://doi.org/10.1007/s11265-019-01494-1 .

Goode, S., H. Hoehle, V. Venkatesh, and S.A. Brown. 2017. USER compensation as a data breach recovery action: An investigation of the sony playstation network breach. MIS Quarterly 41 (3): 703–727.

Guo, H., S. Huang, C. Huang, Z. Pan, M. Zhang, and F. Shi. 2020. File entropy signal analysis combined with wavelet decomposition for malware classification. IEEE Access 8: 158961–158971. https://doi.org/10.1109/ACCESS.2020.3020330 .

Habib, M., I. Aljarah, and H. Faris. 2020. A Modified multi-objective particle swarm optimizer-based Lévy flight: An approach toward intrusion detection in Internet of Things. Arabian Journal for Science and Engineering 45 (8): 6081–6108. https://doi.org/10.1007/s13369-020-04476-9 .

Hajj, S., R. El Sibai, J.B. Abdo, J. Demerjian, A. Makhoul, and C. Guyeux. 2021. Anomaly-based intrusion detection systems: The requirements, methods, measurements, and datasets. Transactions on Emerging Telecommunications Technologies 32 (4): 36. https://doi.org/10.1002/ett.4240 .

Heartfield, R., G. Loukas, A. Bezemskij, and E. Panaousis. 2021. Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning. IEEE Transactions on Information Forensics and Security 16: 1720–1735. https://doi.org/10.1109/tifs.2020.3042049 .

Hemo, B., T. Gafni, K. Cohen, and Q. Zhao. 2020. Searching for anomalies over composite hypotheses. IEEE Transactions on Signal Processing 68: 1181–1196. https://doi.org/10.1109/TSP.2020.2971438

Hindy, H., D. Brosset, E. Bayne, A.K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens. 2020. A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8: 104650–104675. https://doi.org/10.1109/ACCESS.2020.3000179 .

Hong, W., D. Huang, C. Chen, and J. Lee. 2020. Towards accurate and efficient classification of power system contingencies and cyber-attacks using recurrent neural networks. IEEE Access 8: 123297–123309. https://doi.org/10.1109/ACCESS.2020.3007609 .

Husák, M., M. Zádník, V. Bartos, and P. Sokol. 2020. Dataset of intrusion detection alerts from a sharing platform. Data in Brief 33: 106530.

IBM Security. 2020. Cost of a Data breach Report. https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf . Accessed 19 May 2021.

IEEE. 2021. IEEE Quick Facts. https://www.ieee.org/about/at-a-glance.html . Accessed 11 May 2021.

Kilincer, I.F., F. Ertam, and S. Abdulkadir. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 107840. https://doi.org/10.1016/j.comnet.2021.107840 .

Jaber, A.N., and S. Ul Rehman. 2020. FCM-SVM based intrusion detection system for cloud computing environment. Cluster Computing—the Journal of Networks Software Tools and Applications 23 (4): 3221–3231. https://doi.org/10.1007/s10586-020-03082-6 .

Jacobs, J., S. Romanosky, B. Edwards, M. Roytman, and I. Adjerid. 2019. Exploit prediction scoring system (epss). arXiv:1908.04856

Jacobsen, A. et al. 2020. FAIR principles: Interpretations and implementation considerations. Data Intelligence 2 (1–2): 10–29. https://doi.org/10.1162/dint_r_00024 .

Jahromi, A.N., S. Hashemi, A. Dehghantanha, R.M. Parizi, and K.K.R. Choo. 2020. An enhanced stacked LSTM method with no random initialization for malware threat hunting in safety and time-critical systems. IEEE Transactions on Emerging Topics in Computational Intelligence 4 (5): 630–640. https://doi.org/10.1109/TETCI.2019.2910243 .

Jang, S., S. Li, and Y. Sung. 2020. FastText-based local feature visualization algorithm for merged image-based malware classification framework for cyber security and cyber defense. Mathematics 8 (3): 13. https://doi.org/10.3390/math8030460 .

Javeed, D., T.H. Gao, and M.T. Khan. 2021. SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT. Electronics 10 (8): 16. https://doi.org/10.3390/electronics10080918 .

Johnson, P., D. Gorton, R. Lagerstrom, and M. Ekstedt. 2016. Time between vulnerability disclosures: A measure of software product vulnerability. Computers & Security 62: 278–295. https://doi.org/10.1016/j.cose.2016.08.004 .

Johnson, P., R. Lagerström, M. Ekstedt, and U. Franke. 2018. Can the common vulnerability scoring system be trusted? A Bayesian analysis. IEEE Transactions on Dependable and Secure Computing 15 (6): 1002–1015. https://doi.org/10.1109/TDSC.2016.2644614 .

Junger, M., V. Wang, and M. Schlömer. 2020. Fraud against businesses both online and offline: Crime scripts, business characteristics, efforts, and benefits. Crime Science 9 (1): 13. https://doi.org/10.1186/s40163-020-00119-4 .

Kalutarage, H.K., H.N. Nguyen, and S.A. Shaikh. 2017. Towards a threat assessment framework for apps collusion. Telecommunication Systems 66 (3): 417–430. https://doi.org/10.1007/s11235-017-0296-1 .

Kamarudin, M.H., C. Maple, T. Watson, and N.S. Safa. 2017. A LogitBoost-based algorithm for detecting known and unknown web attacks. IEEE Access 5: 26190–26200. https://doi.org/10.1109/ACCESS.2017.2766844 .

Kasongo, S.M., and Y.X. Sun. 2020. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security 92: 15. https://doi.org/10.1016/j.cose.2020.101752 .

Keserwani, P.K., M.C. Govil, E.S. Pilli, and P. Govil. 2021. A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model. Journal of Reliable Intelligent Environments 7 (1): 3–21. https://doi.org/10.1007/s40860-020-00126-x .

Keshk, M., E. Sitnikova, N. Moustafa, J. Hu, and I. Khalil. 2021. An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems. IEEE Transactions on Sustainable Computing 6 (1): 66–79. https://doi.org/10.1109/TSUSC.2019.2906657 .

Khan, I.A., D.C. Pi, A.K. Bhatia, N. Khan, W. Haider, and A. Wahab. 2020. Generating realistic IoT-based IDS dataset centred on fuzzy qualitative modelling for cyber-physical systems. Electronics Letters 56 (9): 441–443. https://doi.org/10.1049/el.2019.4158 .

Khraisat, A., I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab. 2020. Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9 (1): 18. https://doi.org/10.3390/electronics9010173 .

Khraisat, A., I. Gondal, P. Vamplew, and J. Kamruzzaman. 2019. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2 (1): 20. https://doi.org/10.1186/s42400-019-0038-7 .

Kilincer, I.F., F. Ertam, and A. Sengur. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 16. https://doi.org/10.1016/j.comnet.2021.107840 .

Kim, D., and H.K. Kim. 2019. Automated dataset generation system for collaborative research of cyber threat analysis. Security and Communication Networks 2019: 10. https://doi.org/10.1155/2019/6268476 .

Kim, G., C. Lee, J. Jo, and H. Lim. 2020. Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network. International Journal of Machine Learning and Cybernetics 11 (10): 2341–2355. https://doi.org/10.1007/s13042-020-01122-6 .

Kirubavathi, G., and R. Anitha. 2016. Botnet detection via mining of traffic flow characteristics. Computers & Electrical Engineering 50: 91–101. https://doi.org/10.1016/j.compeleceng.2016.01.012 .

Kiwia, D., A. Dehghantanha, K.K.R. Choo, and J. Slaughter. 2018. A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science 27: 394–409. https://doi.org/10.1016/j.jocs.2017.10.020 .

Koroniotis, N., N. Moustafa, and E. Sitnikova. 2020. A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework. Future Generation Computer Systems 110: 91–106. https://doi.org/10.1016/j.future.2020.03.042 .

Kruse, C.S., B. Frederick, T. Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25 (1): 1–10.

Kshetri, N. 2018. The economics of cyber-insurance. IT Professional 20 (6): 9–14. https://doi.org/10.1109/MITP.2018.2874210 .

Kumar, R., P. Kumar, R. Tripathi, G.P. Gupta, T.R. Gadekallu, and G. Srivastava. 2021. SP2F: A secured privacy-preserving framework for smart agricultural Unmanned Aerial Vehicles. Computer Networks . https://doi.org/10.1016/j.comnet.2021.107819 .

Kumar, R., and R. Tripathi. 2021. DBTP2SF: A deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Transactions on Emerging Telecommunications Technologies 32 (4): 27. https://doi.org/10.1002/ett.4222 .

Laso, P.M., D. Brosset, and J. Puentes. 2017. Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data in Brief 14: 186–191. https://doi.org/10.1016/j.dib.2017.07.038 .

Lee, J., J. Kim, I. Kim, and K. Han. 2019. Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7: 165607–165626. https://doi.org/10.1109/ACCESS.2019.2953095 .

Lee, S.J., P.D. Yoo, A.T. Asyhari, Y. Jhi, L. Chermak, C.Y. Yeun, and K. Taha. 2020. IMPACT: Impersonation attack detection via edge computing using deep Autoencoder and feature abstraction. IEEE Access 8: 65520–65529. https://doi.org/10.1109/ACCESS.2020.2985089 .

Leong, Y.-Y., and Y.-C. Chen. 2020. Cyber risk cost and management in IoT devices-linked health insurance. The Geneva Papers on Risk and Insurance—Issues and Practice 45 (4): 737–759. https://doi.org/10.1057/s41288-020-00169-4 .

Levi, M. 2017. Assessing the trends, scale and nature of economic cybercrimes: overview and Issues: In Cybercrimes, cybercriminals and their policing, in crime, law and social change. Crime, Law and Social Change 67 (1): 3–20. https://doi.org/10.1007/s10611-016-9645-3 .

Li, C., K. Mills, D. Niu, R. Zhu, H. Zhang, and H. Kinawi. 2019a. Android malware detection based on factorization machine. IEEE Access 7: 184008–184019. https://doi.org/10.1109/ACCESS.2019.2958927 .

Li, D.Q., and Q.M. Li. 2020. Adversarial deep ensemble: evasion attacks and defenses for malware detection. IEEE Transactions on Information Forensics and Security 15: 3886–3900. https://doi.org/10.1109/tifs.2020.3003571 .

Li, D.Q., Q.M. Li, Y.F. Ye, and S.H. Xu. 2021. A framework for enhancing deep neural networks against adversarial malware. IEEE Transactions on Network Science and Engineering 8 (1): 736–750. https://doi.org/10.1109/tnse.2021.3051354 .

Li, R.H., C. Zhang, C. Feng, X. Zhang, and C.J. Tang. 2019b. Locating vulnerability in binaries using deep neural networks. IEEE Access 7: 134660–134676. https://doi.org/10.1109/access.2019.2942043 .

Li, X., M. Xu, P. Vijayakumar, N. Kumar, and X. Liu. 2020. Detection of low-frequency and multi-stage attacks in industrial Internet of Things. IEEE Transactions on Vehicular Technology 69 (8): 8820–8831. https://doi.org/10.1109/TVT.2020.2995133 .

Liu, H.Y., and B. Lang. 2019. Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences—Basel 9 (20): 28. https://doi.org/10.3390/app9204396 .

Lopez-Martin, M., B. Carro, and A. Sanchez-Esguevillas. 2020. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications . https://doi.org/10.1016/j.eswa.2019.112963 .

Loukas, G., D. Gan, and Tuan Vuong. 2013. A review of cyber threats and defence approaches in emergency management. Future Internet 5: 205–236.

Luo, C.C., S. Su, Y.B. Sun, Q.J. Tan, M. Han, and Z.H. Tian. 2020. A convolution-based system for malicious URLs detection. CMC—Computers Materials Continua 62 (1): 399–411.

Mahbooba, B., M. Timilsina, R. Sahal, and M. Serrano. 2021. Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021: 11. https://doi.org/10.1155/2021/6634811 .

Mahdavifar, S., and A.A. Ghorbani. 2020. DeNNeS: Deep embedded neural network expert system for detecting cyber attacks. Neural Computing & Applications 32 (18): 14753–14780. https://doi.org/10.1007/s00521-020-04830-w .

Mahfouz, A., A. Abuhussein, D. Venugopal, and S. Shiva. 2020. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet 12 (11): 1–19. https://doi.org/10.3390/fi12110180 .

Maleks Smith, Z., E. Lostri, and J.A. Lewis. 2020. The hidden costs of cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf . Accessed 16 May 2021.

Malik, J., A. Akhunzada, I. Bibi, M. Imran, A. Musaddiq, and S.W. Kim. 2020. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access 8: 134695–134706. https://doi.org/10.1109/ACCESS.2020.3009849 .

Manimurugan, S. 2020. IoT-Fog-Cloud model for anomaly detection using improved Naive Bayes and principal component analysis. Journal of Ambient Intelligence and Humanized Computing . https://doi.org/10.1007/s12652-020-02723-3 .

Martin, A., R. Lara-Cabrera, and D. Camacho. 2019. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. Information Fusion 52: 128–142. https://doi.org/10.1016/j.inffus.2018.12.006 .

Mauro, M.D., G. Galatro, and A. Liotta. 2020. Experimental review of neural-based approaches for network intrusion management. IEEE Transactions on Network and Service Management 17 (4): 2480–2495. https://doi.org/10.1109/TNSM.2020.3024225 .

McLeod, A., and D. Dolezel. 2018. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems 108: 57–68. https://doi.org/10.1016/j.dss.2018.02.007 .

Meira, J., R. Andrade, I. Praca, J. Carneiro, V. Bolon-Canedo, A. Alonso-Betanzos, and G. Marreiros. 2020. Performance evaluation of unsupervised techniques in cyber-attack anomaly detection. Journal of Ambient Intelligence and Humanized Computing 11 (11): 4477–4489. https://doi.org/10.1007/s12652-019-01417-9 .

Miao, Y., J. Ma, X. Liu, J. Weng, H. Li, and H. Li. 2019. Lightweight fine-grained search over encrypted data in Fog computing. IEEE Transactions on Services Computing 12 (5): 772–785. https://doi.org/10.1109/TSC.2018.2823309 .

Miller, C., and C. Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (S 91).

Mireles, J.D., E. Ficke, J.H. Cho, P. Hurley, and S.H. Xu. 2019. Metrics towards measuring cyber agility. IEEE Transactions on Information Forensics and Security 14 (12): 3217–3232. https://doi.org/10.1109/tifs.2019.2912551 .

Mishra, N., and S. Pandya. 2021. Internet of Things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review. IEEE Access . https://doi.org/10.1109/ACCESS.2021.3073408 .

Monshizadeh, M., V. Khatri, B.G. Atli, R. Kantola, and Z. Yan. 2019. Performance evaluation of a combined anomaly detection platform. IEEE Access 7: 100964–100978. https://doi.org/10.1109/ACCESS.2019.2930832 .

Moreno, V.C., G. Reniers, E. Salzano, and V. Cozzani. 2018. Analysis of physical and cyber security-related events in the chemical and process industry. Process Safety and Environmental Protection 116: 621–631. https://doi.org/10.1016/j.psep.2018.03.026 .

Moro, E.D. 2020. Towards an economic cyber loss index for parametric cover based on IT security indicator: A preliminary analysis. Risks . https://doi.org/10.3390/risks8020045 .

Moustafa, N., E. Adi, B. Turnbull, and J. Hu. 2018. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access 6: 32910–32924. https://doi.org/10.1109/ACCESS.2018.2844794 .

Moustakidis, S., and P. Karlsson. 2020. A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity . https://doi.org/10.1186/s42400-020-00056-4 .

Mukhopadhyay, A., S. Chatterjee, K.K. Bagchi, P.J. Kirs, and G.K. Shukla. 2019. Cyber Risk Assessment and Mitigation (CRAM) framework using Logit and Probit models for cyber insurance. Information Systems Frontiers 21 (5): 997–1018. https://doi.org/10.1007/s10796-017-9808-5 .

Murphey, H. 2021a. Biden signs executive order to strengthen US cyber security. https://www.ft.com/content/4d808359-b504-4014-85f6-68e7a2851bf1?accessToken=zwAAAXl0_ifgkc9NgINZtQRAFNOF9mjnooUb8Q.MEYCIQDw46SFWsMn1iyuz3kvgAmn6mxc0rIVfw10Lg1ovJSfJwIhAK2X2URzfSqHwIS7ddRCvSt2nGC2DcdoiDTG49-4TeEt&sharetype=gift?token=fbcd6323-1ecf-4fc3-b136-b5b0dd6a8756 . Accessed 7 May 2021.

Murphey, H. 2021b. Millions of connected devices have security flaws, study shows. https://www.ft.com/content/0bf92003-926d-4dee-87d7-b01f7c3e9621?accessToken=zwAAAXnA7f2Ikc8L-SADkm1N7tOH17AffD6WIQ.MEQCIDjBuROvhmYV0Mx3iB0cEV7m5oND1uaCICxJu0mzxM0PAiBam98q9zfHiTB6hKGr1gGl0Azt85yazdpX9K5sI8se3Q&sharetype=gift?token=2538218d-77d9-4dd3-9649-3cb556a34e51 . Accessed 6 May 2021.

Murugesan, V., M. Shalinie, and M.H. Yang. 2018. Design and analysis of hybrid single packet IP traceback scheme. IET Networks 7 (3): 141–151. https://doi.org/10.1049/iet-net.2017.0115 .

Mwitondi, K.S., and S.A. Zargari. 2018. An iterative multiple sampling method for intrusion detection. Information Security Journal 27 (4): 230–239. https://doi.org/10.1080/19393555.2018.1539790 .

Neto, N.N., S. Madnick, A.M.G. De Paula, and N.M. Borges. 2021. Developing a global data breach database and the challenges encountered. ACM Journal of Data and Information Quality 13 (1): 33. https://doi.org/10.1145/3439873 .

Nurse, J.R.C., L. Axon, A. Erola, I. Agrafiotis, M. Goldsmith, and S. Creese. 2020. The data that drives cyber insurance: A study into the underwriting and claims processes. In 2020 International conference on cyber situational awareness, data analytics and assessment (CyberSA), 15–19 June 2020.

Oliveira, N., I. Praca, E. Maia, and O. Sousa. 2021. Intelligent cyber attack detection and classification for network-based intrusion detection systems. Applied Sciences—Basel 11 (4): 21. https://doi.org/10.3390/app11041674 .

Page, M.J. et al. 2021. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews 10 (1): 89. https://doi.org/10.1186/s13643-021-01626-4 .

Pajouh, H.H., R. Javidan, R. Khayami, A. Dehghantanha, and K.R. Choo. 2019. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Transactions on Emerging Topics in Computing 7 (2): 314–323. https://doi.org/10.1109/TETC.2016.2633228 .

Parra, G.D., P. Rad, K.K.R. Choo, and N. Beebe. 2020. Detecting Internet of Things attacks using distributed deep learning. Journal of Network and Computer Applications 163: 13. https://doi.org/10.1016/j.jnca.2020.102662 .

Paté-Cornell, M.E., M. Kuypers, M. Smith, and P. Keller. 2018. Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis 38 (2): 226–241. https://doi.org/10.1111/risa.12844 .

Pooser, D.M., M.J. Browne, and O. Arkhangelska. 2018. Growth in the perception of cyber risk: evidence from U.S. P&C Insurers. The Geneva Papers on Risk and Insurance—Issues and Practice 43 (2): 208–223. https://doi.org/10.1057/s41288-017-0077-9 .

Pu, G., L. Wang, J. Shen, and F. Dong. 2021. A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology 26 (2): 146–153. https://doi.org/10.26599/TST.2019.9010051 .

Qiu, J., W. Luo, L. Pan, Y. Tai, J. Zhang, and Y. Xiang. 2019. Predicting the impact of android malicious samples via machine learning. IEEE Access 7: 66304–66316. https://doi.org/10.1109/ACCESS.2019.2914311 .

Qu, X., L. Yang, K. Guo, M. Sun, L. Ma, T. Feng, S. Ren, K. Li, and X. Ma. 2020. Direct batch growth hierarchical self-organizing mapping based on statistics for efficient network intrusion detection. IEEE Access 8: 42251–42260. https://doi.org/10.1109/ACCESS.2020.2976810 .

Rahman, Md.S., S. Halder, Md. Ashraf Uddin, and U.K. Acharjee. 2021. An efficient hybrid system for anomaly detection in social networks. Cybersecurity 4 (1): 10. https://doi.org/10.1186/s42400-021-00074-w .

Ramaiah, M., V. Chandrasekaran, V. Ravi, and N. Kumar. 2021. An intrusion detection system using optimized deep neural network architecture. Transactions on Emerging Telecommunications Technologies 32 (4): 17. https://doi.org/10.1002/ett.4221 .

Raman, M.R.G., K. Kannan, S.K. Pal, and V.S.S. Sriram. 2016. Rough set-hypergraph-based feature selection approach for intrusion detection systems. Defence Science Journal 66 (6): 612–617. https://doi.org/10.14429/dsj.66.10802 .

Rathore, S., J.H. Park. 2018. Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing 72: 79–89. https://doi.org/10.1016/j.asoc.2018.05.049 .

Romanosky, S., L. Ablon, A. Kuehn, and T. Jones. 2019. Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity (oxford) 5 (1): tyz002.

Sarabi, A., P. Naghizadeh, Y. Liu, and M. Liu. 2016. Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity 2 (1): 15–28. https://doi.org/10.1093/cybsec/tyw004 .

Sardi, Alberto, Alessandro Rizzi, Enrico Sorano, and Anna Guerrieri. 2021. Cyber risk in health facilities: A systematic literature review. Sustainability 12 (17): 7002.

Sarker, Iqbal H., A.S.M. Kayes, Shahriar Badsha, Hamed Alqahtani, Paul Watters, and Alex Ng. 2020. Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data 7 (1): 41. https://doi.org/10.1186/s40537-020-00318-5 .

Scopus. 2021. Factsheet. https://www.elsevier.com/__data/assets/pdf_file/0017/114533/Scopus_GlobalResearch_Factsheet2019_FINAL_WEB.pdf . Accessed 11 May 2021.

Sentuna, A., A. Alsadoon, P.W.C. Prasad, M. Saadeh, and O.H. Alsadoon. 2021. A novel Enhanced Naïve Bayes Posterior Probability (ENBPP) using machine learning: Cyber threat analysis. Neural Processing Letters 53 (1): 177–209. https://doi.org/10.1007/s11063-020-10381-x .

Shaukat, K., S.H. Luo, V. Varadharajan, I.A. Hameed, S. Chen, D.X. Liu, and J.M. Li. 2020. Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies 13 (10): 27. https://doi.org/10.3390/en13102509 .

Sheehan, B., F. Murphy, M. Mullins, and C. Ryan. 2019. Connected and autonomous vehicles: A cyber-risk classification framework. Transportation Research Part a: Policy and Practice 124: 523–536. https://doi.org/10.1016/j.tra.2018.06.033 .

Sheehan, B., F. Murphy, A.N. Kia, and R. Kiely. 2021. A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research 24 (12): 1619–1638.

Shlomo, A., M. Kalech, and R. Moskovitch. 2021. Temporal pattern-based malicious activity detection in SCADA systems. Computers & Security 102: 17. https://doi.org/10.1016/j.cose.2020.102153 .

Singh, K.J., and T. De. 2020. Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems 29 (1): 71–83. https://doi.org/10.1515/jisys-2017-0472 .

Skrjanc, I., S. Ozawa, T. Ban, and D. Dovzan. 2018. Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering. Applied Soft Computing 62: 592–601. https://doi.org/10.1016/j.asoc.2017.11.008 .

Smart, W. 2018. Lessons learned review of the WannaCry Ransomware Cyber Attack. https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf . Accessed 7 May 2021.

Sornette, D., T. Maillart, and W. Kröger. 2013. Exploring the limits of safety analysis in complex technological systems. International Journal of Disaster Risk Reduction 6: 59–66. https://doi.org/10.1016/j.ijdrr.2013.04.002 .

Sovacool, B.K. 2008. The costs of failure: A preliminary assessment of major energy accidents, 1907–2007. Energy Policy 36 (5): 1802–1820. https://doi.org/10.1016/j.enpol.2008.01.040 .

SpringerLink. 2021. Journal Search. https://rd.springer.com/search?facet-content-type=%22Journal%22 . Accessed 11 May 2021.

Stojanovic, B., K. Hofer-Schmitz, and U. Kleb. 2020. APT datasets and attack modeling for automated detection methods: A review. Computers & Security 92: 19. https://doi.org/10.1016/j.cose.2020.101734 .

Subroto, A., and A. Apriyana. 2019. Cyber risk prediction through social media big data analytics and statistical machine learning. Journal of Big Data . https://doi.org/10.1186/s40537-019-0216-1 .

Tan, Z., A. Jamdagni, X. He, P. Nanda, R.P. Liu, and J. Hu. 2015. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers 64 (9): 2519–2533. https://doi.org/10.1109/TC.2014.2375218 .

Tidy, J. 2021. Irish cyber-attack: Hackers bail out Irish health service for free. https://www.bbc.com/news/world-europe-57197688 . Accessed 6 May 2021.

Tuncer, T., F. Ertam, and S. Dogan. 2020. Automated malware recognition method based on local neighborhood binary pattern. Multimedia Tools and Applications 79 (37–38): 27815–27832. https://doi.org/10.1007/s11042-020-09376-6 .

Uhm, Y., and W. Pak. 2021. Service-aware two-level partitioning for machine learning-based network intrusion detection with high performance and high scalability. IEEE Access 9: 6608–6622. https://doi.org/10.1109/ACCESS.2020.3048900 .

Ulven, J.B., and G. Wangen. 2021. A systematic review of cybersecurity risks in higher education. Future Internet 13 (2): 1–40. https://doi.org/10.3390/fi13020039 .

Vaccari, I., G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso. 2020. MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20 (22): 17. https://doi.org/10.3390/s20226578 .

Valeriano, B., and R.C. Maness. 2014. The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research 51 (3): 347–360. https://doi.org/10.1177/0022343313518940 .

Varghese, J.E., and B. Muniyal. 2021. An Efficient IDS framework for DDoS attacks in SDN environment. IEEE Access 9: 69680–69699. https://doi.org/10.1109/ACCESS.2021.3078065 .

Varsha, M. V., P. Vinod, K.A. Dhanya. 2017 Identification of malicious android app using manifest and opcode features. Journal of Computer Virology and Hacking Techniques 13 (2): 125–138. https://doi.org/10.1007/s11416-016-0277-z

Velliangiri, S., and H.M. Pandey. 2020. Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Generation Computer Systems—the International Journal of Escience 110: 80–90. https://doi.org/10.1016/j.future.2020.03.049 .

Verma, A., and V. Ranga. 2020. Machine learning based intrusion detection systems for IoT applications. Wireless Personal Communications 111 (4): 2287–2310. https://doi.org/10.1007/s11277-019-06986-8 .

Vidros, S., C. Kolias, G. Kambourakis, and L. Akoglu. 2017. Automatic detection of online recruitment frauds: Characteristics, methods, and a public dataset. Future Internet 9 (1): 19. https://doi.org/10.3390/fi9010006 .

Vinayakumar, R., M. Alazab, K.P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman. 2019. Deep learning approach for intelligent intrusion detection system. IEEE Access 7: 41525–41550. https://doi.org/10.1109/access.2019.2895334 .

Walker-Roberts, S., M. Hammoudeh, O. Aldabbas, M. Aydin, and A. Dehghantanha. 2020. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. Journal of Supercomputing 76 (4): 2643–2664. https://doi.org/10.1007/s11227-019-03028-9 .

Web of Science. 2021. Web of Science: Science Citation Index Expanded. https://clarivate.com/webofsciencegroup/solutions/webofscience-scie/ . Accessed 11 May 2021.

World Economic Forum. 2020. WEF Global Risk Report. http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf . Accessed 13 May 2020.

Xin, Y., L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, and C. Wang. 2018. Machine learning and deep learning methods for cybersecurity. IEEE Access 6: 35365–35381. https://doi.org/10.1109/ACCESS.2018.2836950 .

Xu, C., J. Zhang, K. Chang, and C. Long. 2013. Uncovering collusive spammers in Chinese review websites. In Proceedings of the 22nd ACM international conference on Information & Knowledge Management.

Yang, J., T. Li, G. Liang, W. He, and Y. Zhao. 2019. A Simple recurrent unit model based intrusion detection system with DCGAN. IEEE Access 7: 83286–83296. https://doi.org/10.1109/ACCESS.2019.2922692 .

Yuan, B.G., J.F. Wang, D. Liu, W. Guo, P. Wu, and X.H. Bao. 2020. Byte-level malware classification based on Markov images and deep learning. Computers & Security 92: 12. https://doi.org/10.1016/j.cose.2020.101740 .

Zhang, S., X.M. Ou, and D. Caragea. 2015. Predicting cyber risks through national vulnerability database. Information Security Journal 24 (4–6): 194–206. https://doi.org/10.1080/19393555.2015.1111961 .

Zhang, Y., P. Li, and X. Wang. 2019. Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7: 31711–31722.

Zheng, Muwei, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. 2018. Cybersecurity research datasets: taxonomy and empirical analysis. In 11th {USENIX} workshop on cyber security experimentation and test ({CSET} 18).

Zhou, X., W. Liang, S. Shimizu, J. Ma, and Q. Jin. 2021. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics 17 (8): 5790–5798. https://doi.org/10.1109/TII.2020.3047675 .

Zhou, Y.Y., G. Cheng, S.Q. Jiang, and M. Dai. 2020. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks 174: 17. https://doi.org/10.1016/j.comnet.2020.107247 .

Download references

Open Access funding provided by the IReL Consortium.

Author information

Authors and affiliations.

University of Limerick, Limerick, Ireland

Frank Cremer, Barry Sheehan, Arash N. Kia, Martin Mullins & Finbarr Murphy

TH Köln University of Applied Sciences, Cologne, Germany

Michael Fortmann & Stefan Materne

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Barry Sheehan .

Ethics declarations

Conflict of interest.

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file1 (PDF 334 kb)

Supplementary file1 (docx 418 kb), rights and permissions.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cremer, F., Sheehan, B., Fortmann, M. et al. Cyber risk and cybersecurity: a systematic review of data availability. Geneva Pap Risk Insur Issues Pract 47 , 698–736 (2022). https://doi.org/10.1057/s41288-022-00266-6

Download citation

Received : 15 June 2021

Accepted : 20 January 2022

Published : 17 February 2022

Issue Date : July 2022

DOI : https://doi.org/10.1057/s41288-022-00266-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Cyber insurance
Systematic review
Cybersecurity
Find a journal
Publish with us
Track your research

Information

Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

Active Journals
Find a Journal
Proceedings Series
For Authors
For Reviewers
For Editors
For Librarians
For Publishers
For Societies
For Conference Organizers
Open Access Policy
Institutional Open Access Program
Special Issues Guidelines
Editorial Process
Research and Publication Ethics
Article Processing Charges
Testimonials
Preprints.org
SciProfiles
Encyclopedia

Article Menu

Subscribe SciFeed
Recommended Articles
PubMed/Medline
Google Scholar
on Google Scholar
Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

A critical cybersecurity analysis and future research directions for the internet of things: a comprehensive review.

1. Introduction

There is a lack of comprehensive security solutions for IoT devices. The number of devices and the different applications that they are used for having resulted in a complex ecosystem that is hard to secure. This complexity is exacerbated by the limited computational resources of many IoT devices, which makes it difficult to implement advanced security solutions.
There is a lack of protocol standardization in IoT device security. The lack of universal security measures makes it easier for attackers to exploit vulnerabilities, resulting in a higher risk of security breaches. Without a common taxonomy, it becomes difficult to ensure the security of an IoT ecosystem, which consists of several different types of devices, communication protocols, and applications.
There is a need for research to identify new security risks that arise from the integration of IoT devices with other systems, such as layer-based services. The integration of IoT devices with diverse systems introduces new vulnerabilities, which need to be identified and addressed.
There is a need for more research on access control driven anomalies and countermeasures related to IoT devices. The massive deployment of these devices has led to the collection of vast amounts of data, and it is essential to ensure that this data is protected from unauthorized access and misuse.

2. General Design, Components, and Protocols for the Internet of Things

2.1. observation layer, 2.2. network layer, 2.3. application layer, 3. potential security issues with the internet of things, data, network and device security, 4. what distinguishes iot anomaly detection from it security.

Microcontroller or microprocessor with low power consumption and wireless connectivity (e.g., Wi-Fi, Bluetooth, and Zigbee);
Sensors and actuators for data acquisition and control;
Power source (e.g., battery, energy harvesting, and power adapter);
Memory and storage for data and software;
Security features (e.g., secure boot, encryption, and access control).
Wireless communication protocols (e.g., Wi-Fi, Bluetooth, Zigbee, and LoRaWAN);
Network topology (e.g., star, mesh, and point-to-point);
Gateway or edge device for data aggregation and processing;
Cloud or server infrastructure for data storage and analysis;
Security protocols (e.g., SSL/TLS, VPN, firewalls, and intrusion detection/prevention).
Operating System (e.g., embedded Linux, FreeRTOS, and Zephyr);
Middleware (e.g., MQTT, CoAP, and AMQP);
Database (e.g., Apache Cassandra, MongoDB, and InfluxDB);
Application Development Tools (applied) (e.g., software development kits (SDKs) and integrated development environments (IDEs).

5. Classification of Internet of Things Access Control

5.1. cryptographic paradigm in iot.

An “always-on” interoperability method is preferable to the periodic activation and deactivation of communication networks when an IoT system application has to transfer data often.
Data from IoT devices should be gathered as efficiently as possible and compressed before being sent over the network. Coordinating several IoT Services delivered by a single communications module within a single IoT device application is essential for making efficient use of the network.
To avoid seeming as though they are all functioning unison, application software operating on IoT devices should utilize a random pattern to request network connection.
The data should be encrypted from edge to edge using the IoT system software.
Before beginning any data transfer, the IoT device application must verify that it can communicate with the IoT platform. The level of security provided by the encryption technique should be commensurate with the IoT Service.
The application running on the IoT device should not have to constantly reestablish the modem’s network connection.
When an Internet of Things device framework does not require constant information exchange and therefore may function with some delay in its IoT Service.
The Internet of Things device application must include “temporal resynchronization” capability, both for local and distant connections.

5.1.1. Symmetric Ciphering

Block cipher methods, data encryption standard (des), advanced encryption standard (aes), stream cipher methods, 5.1.2. asymmetric ciphering, rivest–shamir–adleman (rsa) crypto algorithm, digital signature standards (dss), elliptical curve cryptography (ecc), ntruencrypt, 5.1.3. ciphering protocols, internet protocol security (ipsec), secure/multipurpose internet mail extensions (s/mime), transport layer security (tls), secure shell protocol (ssh), 5.1.4. hashing (integrity), 6. roadmap for securing iot devices, 6.1. how can artificial intelligence (ai) and machine learning (ml) change iot security, 6.2. risk factors, 6.3. future directions: decisive remarks, 7. conclusions and our recommendations, author contributions, institutional review board statement, informed consent statement, data availability statement, acknowledgments, conflicts of interest.

Das, A.; Yashkova, O. Market Analysis Perspective: Worldwide Internet of Things, 2022—Infrastructure and the Intelligent Edge. (IDC) from IDC: The Premier Global Market Intelligence Company. October 2022. Available online: https://www.idc.com/getdoc.jsp?containerId=US49735922 (accessed on 15 January 2023).
Alaba, F.A.; Othman, M.; Hashem, I.A.; Alotaibi, F. Internet of Things security: A survey. J. Netw. Comput. Appl. 2017 , 88 , 10–28. [ Google Scholar ] [ CrossRef ]
Wani, A.R.; Gupta, S.K.; Khanam, Z.; Rashid, M.; Alshamrani, S.S.; Baz, M. A novel approach for securing data against adversary attacks in UAV embedded HetNet using identity based authentication scheme. IET Intell. Transp. Syst. Early View 2022 , 1–19. [ Google Scholar ] [ CrossRef ]
CONNECT. Fast Innovation Requires Fast IT. Building the Internet of Things. December 2022. Available online: https://www.cisco.com/c/dam/global/en_ph/assets/ciscoconnect/pdf/bigdata/jim_green_cisco_connect.pdf (accessed on 5 January 2023).
NIST. Cybersecurity Framework. Cybersecurity Framework Version 1.1. 12 November 2013. Available online: https://www.nist.gov/cyberframework (accessed on 5 January 2023).
Cao, C.; Tang, Y.; Huang, D.; Gan, W.; Zhang, C. IIBE: An Improved Identity-Based Encryption Algorithm for WSN Security. Secur. Commun. Netw. 2021 , 2021 , 1–8. [ Google Scholar ] [ CrossRef ]
Yu, H.J.; Kim, C.H.; Im, S.S.; Oh, S.H. ZigBee Authentication Protocol with Enhanced User Convenience and Safety. J. Inf. Secur. 2022 , 22 , 81–92. [ Google Scholar ] [ CrossRef ]
Sofi, A. Bluetooth Protocol in Internet of Things (IoT), Security Challenges and a Comparison with Wi-Fi Protocol: A Review. Int. J. Eng. Tech. Res. 2016 , 5 , 1–7. [ Google Scholar ] [ CrossRef ]
Barua, A.; Al Alamin, M.A.; Hossain, M.S.; Hossain, E. Security and Privacy Threats for Bluetooth Low Energy in IoT and Wearable Devices: A Comprehensive Survey. IEEE Open J. Commun. Soc. 2022 , 3 , 251–281. [ Google Scholar ] [ CrossRef ]
Aloufi, K.S. 6LoWPAN Stack Model Configuration for IoT Streaming Data Transmission over CoAP. Int. J. Commun. Netw. Inf. Secur. (IJCNIS) 2022 , 11 , 304–312. [ Google Scholar ] [ CrossRef ]
Zhang, L.; Ma, M.; Qiu, Y. An enhanced handover authentication solution for 6LoWPAN networks. Comput. Secur. 2021 , 109 , 102373. [ Google Scholar ] [ CrossRef ]
Mbarek, B.; Ge, M.; Pitner, T. Proactive trust classification for detection of replication attacks in 6LoWPAN-based IoT. Internet Things 2021 , 16 , 100442. [ Google Scholar ] [ CrossRef ]
Ingham, M.; Marchang, J.; Bhowmik, D. IoT security vulnerabilities and predictive signal jamming attack analysis in LoRaWAN. IET Inf. Secur. 2020 , 14 , 368–379. [ Google Scholar ] [ CrossRef ]
Ugwuanyi, S.; Paul, G.; Irvine, J. Survey of IoT for Developing Countries: Performance Analysis of LoRaWAN and Cellular NB-IoT Networks. Electronics 2021 , 10 , 2224. [ Google Scholar ] [ CrossRef ]
Kuntke, F.; Romanenko, V.; Linsner, S.; Steinbrink, E.; Reuter, C. LoRaWAN security issues and mitigation options by the example of agricultural IoT scenarios. Trans. Emerg. Telecommun. Technol. 2022 , 5 , 33. [ Google Scholar ] [ CrossRef ]
Seoane, V.; Garcia-Rubio, C.; Almenares, F.; Campo, C. Performance evaluation of CoAP and MQTT with security support for IoT environments. Comput. Netw. 2021 , 197 , 108338. [ Google Scholar ] [ CrossRef ]
Bilal, D.; Rehman, A.U.; Ali, R. Internet of Things (IoT) Protocols: A Brief Exploration of MQTT and CoAP. Int. J. Comput. Appl. 2018 , 179 , 9–14. [ Google Scholar ] [ CrossRef ]
Tsai, W.C.; Tsai, T.H.; Wang, T.J.; Chiang, M.L. Automatic Key Update Mechanism for Lightweight M2M Communication and Enhancement of IoT Security: A Case Study of CoAP Using Libcoap Library. Sensors 2022 , 22 , 340. [ Google Scholar ] [ CrossRef ]
Park, J.H.; Kim, H.S.; Kim, W.T. DM-MQTT: An Efficient MQTT Based on SDN Multicast for Massive IoT Communications. Sensors 2018 , 18 , 3071. [ Google Scholar ] [ CrossRef ]
Lee, J.G.; Lee, S.J.; Kim, Y.W. Attack Detection and Classification Method Using PCA and LightGBM in MQTT-based IoT Environment. J. Inf. Secur. 2022 , 22 , 17–24. [ Google Scholar ] [ CrossRef ]
Hussein, N.; Nhlabatsi, A. Living in the Dark: MQTT-Based Exploitation of IoT Security Vulnerabilities in ZigBee Networks for Smart Lighting Control. IoT 2022 , 3 , 450–472. [ Google Scholar ] [ CrossRef ]
Venkatraman, S.; Overmars, A. New Method of Prime Factorisation-Based Attacks on RSA Authentication in IoT. Cryptography 2019 , 3 , 20. [ Google Scholar ] [ CrossRef ]
Hung, C.W.; Hsu, W.T. Power Consumption and Calculation Requirement Analysis of AES for WSN IoT. Sensors 2018 , 18 , 1675. [ Google Scholar ] [ CrossRef ]
Sheikhpour, S.; Ko, S.B.; Mahani, A. A low cost fault-attack resilient AES for IoT applications. Microelectron. Reliab. 2021 , 123 , 114202. [ Google Scholar ] [ CrossRef ]
Sreekanth, M.; Jeyachitra, R. Implementation of area-efficient AES using FPGA for IOT applications. Int. J. Embed. Syst. 2022 , 15 , 354. [ Google Scholar ] [ CrossRef ]
OPEN. MQTT—The Standard for IoT Messaging. MQTT—The Standard for IoT Messaging. December 2022. Available online: https://mqtt.org/ (accessed on 2 January 2023).
Muñoz Castañeda, Á.L.; Mata, J.A.A.; Aláiz-Moretón, H. Characterization of threats in IoT from an MQTT protocol-oriented dataset. Complex Intell. Syst. 2023 , 1–16. [ Google Scholar ] [ CrossRef ]
Kim, G.; Park, J.; Chung, K. MQTT-based Gateway System for Auto-configuration of IoT Devices and Services. J. KIISE 2019 , 46 , 385–390. [ Google Scholar ] [ CrossRef ]
Yu, H.; Park, Y. Design and implementation of IIoT edge device for collecting heterogeneous machine data. J. Internet Electron. Commer. Resarch 2021 , 21 , 23–32. [ Google Scholar ] [ CrossRef ]
Vaclavova, A.; Strelec, P.; Horak, T.; Kebisek, M.; Tanuska, P.; Huraj, L. Proposal for an IIoT Device Solution According to Industry 4.0 Concept. Sensors 2022 , 22 , 325. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Pappalardo, M.; Virdis, A.; Mingozzi, E. An Edge-Based LWM2M Proxy for Device Management to Efficiently Support QoS-Aware IoT Services. IoT 2022 , 3 , 169–190. [ Google Scholar ] [ CrossRef ]
Debroy, S.; Samanta, P.; Bashir, A.; Chatterjee, M. SpEED-IoT: Spectrum aware energy efficient routing for device-to-device IoT communication. Future Gener. Comput. Syst. 2019 , 93 , 833–848. [ Google Scholar ] [ CrossRef ]
Che, B.; Liu, L.; Zhang, H. KNEMAG: Key Node Estimation Mechanism Based on Attack Graph for IoT Security. J. Internet Things 2020 , 2 , 145–162. [ Google Scholar ] [ CrossRef ]
Agrawal, S.; Das, M.L.; Lopez, J. Detection of Node Capture Attack in Wireless Sensor Networks. IEEE Syst. J. 2019 , 13 , 238–247. [ Google Scholar ] [ CrossRef ]
Kim, M.; Suh, T. Eavesdropping Vulnerability and Countermeasure in Infrared Communication for IoT Devices. Sensors 2021 , 21 , 8207. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Alharbi, I.A.; Almalki, A.J.; Alyami, M.; Zou, C.; Solihin, Y. Profiling Attack on WiFi-based IoT Devices using an Eavesdropping of an Encrypted Data Frames. Adv. Sci. Technol. Eng. Syst. J. 2022 , 7 , 49–57. [ Google Scholar ] [ CrossRef ]
Singh, Y.; Mohindru, V. Node authentication algorithm for securing static wireless sensor networks from node clone attack. Int. J. Inf. Comput. Secur. 2018 , 10 , 129. [ Google Scholar ] [ CrossRef ]
Jenisha, R. Node to Node Communication Security in IOT Networks. Int. J. Res. Appl. Sci. Eng. Technol. 2022 , 10 , 3212–3226. [ Google Scholar ] [ CrossRef ]
Staniec, K.; Kowal, M. On Vulnerability of Selected IoT Systems to Radio Jamming—A Proposal of Deployment Practices. Sensors 2020 , 20 , 6152. [ Google Scholar ] [ CrossRef ]
Khadr, M.H.; Salameh, H.B.; Ayyash, M.; Elgala, H.; Almajali, S. Jamming resilient multi-channel transmission for cognitive radio IoT-based medical networks. J. Commun. Netw. 2022 , 24 , 666–678. [ Google Scholar ] [ CrossRef ]
Chung, W.J. Modeling and Simulation of Replay Attack Detection using V2X Message in Autonomous Vehicles in WSN based IoT Environment. Int. J. Eng. Adv. Technol. 2020 , 9 , 1279–1286. [ Google Scholar ] [ CrossRef ]
Yildirim, M.; Demiroğlu, U.; Şenol, B. An in-depth exam of IoT, IoT Core Components, IoT Layers, and Attack Types. Eur. J. Sci. Technol. 2021 , 28 , 665–669. [ Google Scholar ] [ CrossRef ]
Ramadan, M.; Abdollahi, F. An active approach for isolating replay attack from sensor faults. Eur. J. Control 2023 , 69 , 100725. [ Google Scholar ] [ CrossRef ]
Abdulla, H.; Al-Raweshidy, H.; SAwad, W. ARP Spoofing Detection for IoT Networks Using Neural Networks. SSRN Electron. J. 2020 , 20 , 1–9. [ Google Scholar ] [ CrossRef ]
Singh, A.; Sikdar, B. Adversarial Attack and Defence Strategies for Deep-Learning-Based IoT Device Classification Techniques. IEEE Internet Things J. 2022 , 9 , 2602–2613. [ Google Scholar ] [ CrossRef ]
Mehta, M.; Patel, K. Experimental Study of Location Spoofing and Identity Spoofing Attack in Internet of Things Network. Int. J. Intell. Inf. Technol. 2022 , 18 , 1–13. [ Google Scholar ] [ CrossRef ]
Madhurikkha, S.; Sabitha, R. Hierarchical Honey Bee Model to Avoid Sleep Deprivation Attack in MANET. Int. J. Eng. Technol. 2018 , 7 , 358. [ Google Scholar ] [ CrossRef ]
Vivekanadam, B. A Novel Hybrid HNN and Firefly Algorithm to Overcome Denial of Sleep Attack on Wireless Sensor Nodes. J. Ubiquitous Comput. Commun. Technol. 2021 , 2 , 223–227. [ Google Scholar ] [ CrossRef ]
Bani-Yaseen, T.; Tahat, A.; Kastell, K.; Edwan, T.A. Denial-of-Sleep Attack Detection in NB-IoT Using Deep Learning. J. Telecommun. Digit. Econ. 2022 , 10 , 14–38. [ Google Scholar ] [ CrossRef ]
Yoon, J. Deep-learning approach to attack handling of IoT devices using IoT-enabled network services. Internet Things 2020 , 11 , 100241. [ Google Scholar ] [ CrossRef ]
Abbasi, M.; Plaza-Hernandez, M.; Prieto, J.; Corchado, J.M. Security in the Internet of Things Application Layer: Requirements, Threats, and Solutions. IEEE Access 2022 , 10 , 97197–97216. [ Google Scholar ] [ CrossRef ]
Rodionov, A.; Belyanin, V.; Gorbunov, A. Improving the Methods for Protecting Information from Unauthorized Access. NBI Technol. 2018 , 2 , 39–43. [ Google Scholar ] [ CrossRef ]
Aldhyani, T.H.H.; Alkahtani, H. Cyber Security for Detecting Distributed Denial of Service Attacks in Agriculture 4.0: Deep Learning Model. Mathematics 2023 , 11 , 233. [ Google Scholar ] [ CrossRef ]
Jin, R.; Zhang, H.; Liu, D.; Yan, X. IoT-based detecting, locating and alarming of unauthorized intrusion on construction sites. Autom. Constr. 2020 , 118 , 103278. [ Google Scholar ] [ CrossRef ]
Minu, R.I.; Nagarajan, G.; Munshi, A.; Venkatachalam, K.; Almukadi, W.; Abouhawwash, M. An Edge Based Attack Detection Model (EBAD) for Increasing the Trustworthiness in IoT Enabled Smart City Environment. IEEE Access 2022 , 10 , 89499–89508. [ Google Scholar ] [ CrossRef ]
Tahir, M.; Sardaraz, M.; Muhammad, S.; Saud Khan, M. A Lightweight Authentication and Authorization Framework for Blockchain-Enabled IoT Network in Health-Informatics. Sustainability 2020 , 12 , 6960. [ Google Scholar ] [ CrossRef ]
Ayfaa, B.; Apa, C. LMAAS-IoT: Lightweight Multi-factor Authentication and Authorization Scheme for Real-time Data Access in IoT Cloud-based Environment. J. Netw. Comput. Appl. 2021 , 192 , 103177. [ Google Scholar ] [ CrossRef ]
Mohammad, A.; Al-Refai, H.; Alawneh, A.A. User Authentication and Authorization Framework in IoT Protocols. Computers 2022 , 11 , 147. [ Google Scholar ] [ CrossRef ]
Mullen, G.; Meany, L. Assessment of buffer overflow based attacks on an IoT operating system. In Proceedings of the 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, 17–21 June 2019; pp. 1–6. [ Google Scholar ] [ CrossRef ]
Mazumdar, N.; Roy, S.; Nag, A.; Singh, J.P. A buffer-aware dynamic UAV trajectory design for data collection in resource-constrained IoT frameworks. Comput. Electr. Eng. 2022 , 100 , 107934. [ Google Scholar ] [ CrossRef ]
Akhtar, M.S.; Feng, T. A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms over IOT Layers. ICST Trans. Secur. Saf. 2022 , 8 , e5. [ Google Scholar ] [ CrossRef ]
Zeng, J.Y.; Chang, L.E.; Cho, H.H.; Chen, C.Y.; Chao, H.C.; Yeh, K.H. Using Poisson Distribution to Enhance CNN-based NB-IoT LDoS Attack Detection. In Proceedings of the 2022 IEEE Conference on Dependable and Secure Computing (DSC), Edinburgh, UK, 22–24 June 2022; pp. 1–7. [ Google Scholar ]
Rani, S.J.; Ioannou, I.; Nagaradjane, P.; Christophorou, C.; Vassiliou, V.; Charan, S.; Pitsillides, A. Detection of DDoS attacks in D2D communications using machine learning approach. Comput. Commun. 2023 , 198 , 32–51. [ Google Scholar ] [ CrossRef ]
Kareem, M.K.; Aborisade, O.D.; Onashoga, S.A.; Sutikno, T.; Olayiwola, O.M. Efficient model for detecting application layer distributed denial of service attacks. Bull. Electr. Eng. Inform. 2023 , 12 , 441–450. [ Google Scholar ] [ CrossRef ]
Alduais, N.; Abdullah, J.; Jamil, A. APRS: Adaptive real-time payload data reduction scheme for IoT/WSN sensor board with multivariate sensors. Int. J. Sens. Netw. 2018 , 28 , 211. [ Google Scholar ] [ CrossRef ]
Khosravi, M.R.; Samadi, S. Efficient payload communications for IoT-enabled ViSAR vehicles using discrete cosine transform-based quasi-sparse bit injection. EURASIP J. Wirel. Commun. Netw. 2019 , 2019 , 262. [ Google Scholar ] [ CrossRef ]
Wang, H.; Singhal, A.; Liu, P. Tackling imbalanced data in cybersecurity with transfer learning: A case with ROP payload detection. Cybersecurity 2023 , 6 , 2. [ Google Scholar ] [ CrossRef ]
Jung, J.H.; Gohar, M.; Koh, S.J. CoAP-Based Streaming Control for IoT Applications. Electronics 2020 , 9 , 1320. [ Google Scholar ] [ CrossRef ]
Gladson Oliver, S.; Purusothaman, T. Lightweight and Secure Mutual Authentication Scheme for IoT Devices Using CoAP Protocol. Comput. Syst. Sci. Eng. 2022 , 41 , 767–780. [ Google Scholar ] [ CrossRef ]
Ahmad, M.Z.; Adenan, A.R.; Rohmad, M.S.; Yussoff, Y.M. Performance Analysis of Secure MQTT Communication Protocol. In Proceedings of the 2023 19th IEEE International Colloquium on Signal Processing & Its Applications (CSPA), Kedah, Malaysia, 3–4 March 2023; pp. 225–229. [ Google Scholar ] [ CrossRef ]
Jang, W.; Jeong, D.; Lee, S. A Method of IoT Object Control based on MQTT for Enhancing Object Mobility. J. Korean Inst. Inf. Technol. 2022 , 20 , 107–119. [ Google Scholar ] [ CrossRef ]
Husnain, M.; Hayat, K.; Cambiaso, E.; Fayyaz, U.U.; Mongelli, M.; Akram, H.; Ghazanfar Abbas, S.; Shah, G.A. Preventing MQTT Vulnerabilities Using IoT-Enabled Intrusion Detection System. Sensors 2022 , 22 , 567. [ Google Scholar ] [ CrossRef ]
Celesti, A.; Fazio, M.; Villari, M. Enabling Secure XMPP Communications in Federated IoT Clouds Through XEP 0027 and SAML/SASL SSO. Sensors 2017 , 17 , 301. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Jun, H.J.; Yang, H.S. Performance of the XMPP and the MQTT Protocols on IEC 61850-Based Micro Grid Communication Architecture. Energies 2021 , 14 , 5024. [ Google Scholar ] [ CrossRef ]
Yoshino, D.; Watanobe, Y.; Yaguchi, Y.; Nakamura, K.; Ogawa, J.; Naruse, K. AMQP Communication Interface on RT Middleware for highly-reliable IoR System Construction. Proc. JSME Annu. Conf. Robot. Mechatron. (Robomec) 2019 , 2019 , 2A1-M09. [ Google Scholar ] [ CrossRef ]
Srivastava, A.; Shah, P. Identification of the Issues in IoT Devices with HSTS Not Enforced and Their Exploitation. In Proceedings of the 2021 International Conference on Security and Information Technologies with AI, Internet Computing and Big-Data Applications, Taichung City, Taiwan, 18–20 November 2021; Springer: Cham, Switzerland, 2023; pp. 325–334. [ Google Scholar ] [ CrossRef ]
Chatzoglou, E.; Kouliaridis, V.; Kambourakis, G.; Karopoulos, G.; Gritzalis, S. A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset. Comput. Secur. 2023 , 125 , 103051. [ Google Scholar ] [ CrossRef ]
Bezawada, B.; Bachani, M.; Peterson, J.; Shirazi, H.; Ray, I.; Ray, I. Behavioral fingerprinting of iot devices. In 2018 Workshop on Attacks and Solutions in Hardware Security ; ACM: New York, NY, USA, 2018; pp. 41–50. [ Google Scholar ] [ CrossRef ]
Lee, S.; Abdullah, A.; Jhanjhi, N.; Kok, S. Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning. PeerJ Comput. Sci. 2021 , 7 , e350. [ Google Scholar ] [ CrossRef ]
Menard, P.; Bott, G.J. Analyzing IOT users’ mobile device privacy concerns: Extracting privacy permissions using a disclosure experiment. Comput. Secur. 2020 , 95 , 101856. [ Google Scholar ] [ CrossRef ]
Bindrwish, F.B.; Ali, A.N.A.; Ghabban, W.H.; Alrowwad, A.; Fallatah, N.A.; Ameerbakhsh, O.; Alfadli, I.M. Internet of Things for Digital Forensics Application in Saudi Arabia. Adv. Internet Things 2023 , 13 , 1–11. [ Google Scholar ] [ CrossRef ]
Shanmugapriya, R.; Santhosh Kumar, S.V.N. Comprehensive survey on data dissemination protocols for efficient reprogramming in Internet of Things. Concurr. Comput. Pract. Exp. 2022 , 34 , e7280. [ Google Scholar ] [ CrossRef ]
Salah, S.; Amro, B.M. Big picture: Analysis of DDoS attacks map-systems and network, cloud computing, SCADA systems, and IoT. Int. J. Internet Technol. Secur. Trans. 2022 , 12 , 543–565. [ Google Scholar ] [ CrossRef ]
Gowtham, M.; Pramod, H.B. Semantic Query-Featured Ensemble Learning Model for SQL-Injection Attack Detection in IoT-Ecosystems. IEEE Trans. Reliab. 2022 , 71 , 1057–1074. [ Google Scholar ] [ CrossRef ]
Fanani, G.; Riadi, I. Analysis of Digital Evidence on Denial of Service (DoS) Attack Log Based. Bul. Ilm. Sarj. Tek. Elektro 2020 , 2 , 70. [ Google Scholar ] [ CrossRef ]
Anthi, E.; Williams, L.; Javed, A.; Burnap, P. Hardening machine learning denial of service (DoS) defences against adversarial attacks in IoT smart home networks. Comput. Secur. 2021 , 108 , 102352. [ Google Scholar ] [ CrossRef ]
Shah, Z.; Ullah, I.; Li, H.; Levula, A.; Khurshid, K. Blockchain Based Solutions to Mitigate Distributed Denial of Service (DDoS) Attacks in the Internet of Things (IoT): A Survey. Sensors 2022 , 22 , 1094. [ Google Scholar ] [ CrossRef ]
Singhal, P.; Sharma, P.; Arora, D. An approach towards preventing iot based sybil attack based on contiki framework through cooja simulator. Int. J. Eng. Technol. 2018 , 7 , 261. [ Google Scholar ] [ CrossRef ]
Pu, C.; Choo, K.K.R. Lightweight Sybil Attack Detection in IoT based on Bloom Filter and Physical Unclonable Function. Comput. Secur. 2022 , 113 , 102541. [ Google Scholar ] [ CrossRef ]
Vaishnavi, S.; Sethukarasi, T. Retraction Note to: SybilWatch: A novel approach to detect Sybil attack in IoT based smart health care. J. Ambient Intell. Humaniz. Comput. 2022 , 14 , 539. [ Google Scholar ] [ CrossRef ]
Tripathy, A.K.; Sinha, M.; Mishra, A.K. A sinkhole prevention mechanism for RPL in IoT. Int. J. Comput. Sci. Eng. 2020 , 23 , 262. [ Google Scholar ] [ CrossRef ]
Jebadurai, I.J.; Paulraj, G.J.L.; Jebadurai, J. Mitigating Sinkhole attack in RPL based Internet of Things Environment using Optimized K means Clustering technique. In Proceedings of the 2022 6th International Conference on Electronics, Communication and Aerospace Technology, Coimbatore, India, 1–3 December 2022; pp. 502–507. [ Google Scholar ] [ CrossRef ]
Bilal, A.; Hasany, S.M.N.; Pitafi, A.H. Effective modelling of sinkhole detection algorithm for edge-based Internet of Things (IoT) sensing devices. IET Commun. 2022 , 16 , 845–855. [ Google Scholar ] [ CrossRef ]
Shiranzaei, A.; Khan, R.Z. An Approach to Discover the Sinkhole and Selective Forwarding Attack in IoT. J. Inf. Secur. Res. 2018 , 9 , 107. [ Google Scholar ] [ CrossRef ]
Prathapchandran, K.; Janani, T. A trust aware security mechanism to detect sinkhole attack in RPL-based IoT environment using random forest—RFTRUST. Comput. Netw. 2021 , 198 , 108413. [ Google Scholar ] [ CrossRef ]
An, G.H.; Cho, T.H. Improving Sinkhole Attack Detection Rate through Knowledge-Based Specification Rule for a Sinkhole Attack Intrusion Detection Technique of IoT. Int. J. Comput. Netw. Appl. 2022 , 9 , 169. [ Google Scholar ] [ CrossRef ]
Yang, N.; Chen, K.; Wang, M. SmartDetour: Defending Blackhole and Content Poisoning Attacks in IoT NDN Networks. IEEE Internet Things J. 2021 , 8 , 12119–12136. [ Google Scholar ] [ CrossRef ]
Kaur, R.; Sandhu, J.K.; Pundir, M.; Mehta, A. Blackhole Prevention Techniques Using Machine Learning. SSRN Electron. J. 2021 , 11 , 100241. [ Google Scholar ] [ CrossRef ]
Kumar, R.; Venkanna, U.; Tiwari, V. A Time Granular Analysis of Software Defined Wireless Mesh Based IoT (SDWM-IoT) Network Traffic Using Supervised Learning. Wirel. Pers. Commun. 2020 , 116 , 2083–2109. [ Google Scholar ] [ CrossRef ]
Shahraki, A.; Taherkordi, A.; Haugen, Y. TONTA: Trend-based Online Network Traffic Analysis in ad-hoc IoT networks. Comput. Netw. 2021 , 194 , 108125. [ Google Scholar ] [ CrossRef ]
Mishra, S. Network traffic analysis using machine learning techniques in IoT network. Int. J. Veh. Inf. Commun. Syst. 2022 , 9 , 107–123. [ Google Scholar ] [ CrossRef ]
Li, Y.; Qin, Y. Real-Time Cost Optimization Approach Based on Deep Reinforcement Learning in Software-Defined Security Middle Platform. Information 2023 , 14 , 209. [ Google Scholar ] [ CrossRef ]
Kwon, S.; Park, S.; Cho, H.; Park, Y.; Kim, D.; Yim, K. Towards 5G-based IoT security analysis against Vo5G eavesdropping. Computing 2021 , 103 , 425–447. [ Google Scholar ] [ CrossRef ]
Lauria, F. How to Footprint, Report and Remotely Secure Compromised IoT Devices. Netw. Secur. 2017 , 2017 , 10–16. [ Google Scholar ] [ CrossRef ]
Tang, F.; Kawamoto, Y.; Kato, N.; Yano, K.; Suzuki, Y. Probe Delay Based Adaptive Port Scanning for IoT Devices with Private IP Address Behind NAT. IEEE Netw. 2020 , 34 , 195–201. [ Google Scholar ] [ CrossRef ]
Gibson, D. IoT law and order. Netw. Secur. 2021 , 2021 , 20. [ Google Scholar ] [ CrossRef ]
Nguyen-An, H.; Silverston, T.; Yamazaki, T.; Miyoshi, T. IoT Traffic: Modeling and Measurement Experiments. IoT 2021 , 2 , 140–162. [ Google Scholar ] [ CrossRef ]
Kore, A.; Patil, S. IC-MADS: IoT Enabled Cross Layer Man-in-Middle Attack Detection System for Smart Healthcare Application. Wirel. Pers. Commun. 2020 , 113 , 727–746. [ Google Scholar ] [ CrossRef ]
Kilinçer, L.F.; Ertam, F.; Şengür, A. Automated Fake Access Point Attack Detection and Prevention System with IoT Devices. Balk. J. Electr. Comput. Eng. 2020 , 8 , 50–56. [ Google Scholar ] [ CrossRef ]
Jamil, H.; Ali, A.; Jamil, F. Spoofing Attack Mitigation in Address Resolution Protocol (ARP) and DDoS in Software-Defined Networking. J. Inf. Secur. Cybercrimes Res. 2022 , 5 , 31–42. [ Google Scholar ] [ CrossRef ]
Banadaki, Y.M.; Robert, S. Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers. J. Comput. Sci. Appl. 2020 , 8 , 46–55. [ Google Scholar ] [ CrossRef ]
Humaira, F.; Islam, M.S.; Luva, S.A.; Rahman, M.B. A Secure Framework for IoT Smart Home by Resolving Session Hijacking. Glob. J. Comput. Sci. Technol. 2020 , 20 , 9–20. [ Google Scholar ] [ CrossRef ]
Satapathy, A.; Livingston, J. A Comprehensive Survey on SSL/ TLS and their Vulnerabilities. Int. J. Comput. Appl. 2016 , 153 , 31–38. [ Google Scholar ] [ CrossRef ]
Rouhani, S.; Belchior, R.; Cruz, R.S.; Deters, R. Distributed attribute-based access control system using permissioned blockchain. World Wide Web 2021 , 24 , 1617–1644. [ Google Scholar ] [ CrossRef ]
Li, H.; Yu, K.; Liu, B.; Feng, C.; Qin, Z.; Srivastava, G. An Efficient Ciphertext-Policy Weighted Attribute-Based Encryption for the Internet of Health Things. IEEE J. Biomed. Health Inform. 2022 , 26 , 1949–1960. [ Google Scholar ] [ CrossRef ]
Song, Q.; Chen, Y.; Zhong, Y.; Lan, K.; Fong, S.; Tang, R. A Supply-chain System Framework Based on Internet of Things Using Blockchain Technology. ACM Trans. Internet Technol. 2021 , 21 , 1–24. [ Google Scholar ] [ CrossRef ]
Bouras, M.A.; Xia, B.; Abuassba, A.O.; Ning, H.; Lu, Q. IoT-CCAC: A blockchain-based consortium capability access control approach for IoT. PeerJ Comput. Sci. 2021 , 7 , e455. [ Google Scholar ] [ CrossRef ] [ PubMed ]
Li, C.; Li, F.; Huang, C.; Yin, L.; Luo, T.; Wang, B. A Traceable Capability-based Access Control for IoT. Comput. Mater. Contin. 2022 , 72 , 4967–4982. [ Google Scholar ] [ CrossRef ]
Fossen, K. Exploring Capability-Based Security in Software Design with Rust. Master’s Thesis, The University of Bergen, Bergen, Norway, 2022. Available online: https://hdl.handle.net/11250/3001153 (accessed on 5 February 2023).
Saha, R.; Kumar, G.; Conti, M.; Devgun, T.; Kim, T.H.; Alazab, M.; Thomas, R. DHACS: Smart Contract-Based Decentralized Hybrid Access Control for Industrial Internet-of-Things. IEEE Trans. Ind. Inform. 2022 , 18 , 3452–3461. [ Google Scholar ] [ CrossRef ]
El Bouanani, S.; El Kiram, M.A.; Achbarou, O.; Outchakoucht, A. Pervasive-Based Access Control Model for IoT Environments. IEEE Access 2019 , 7 , 54575–54585. [ Google Scholar ] [ CrossRef ]
Astillo, P.V.; Kim, J.; Sharma, V.; You, I. SGF-MD: Behavior Rule Specification-Based Distributed Misbehavior Detection of Embedded IoT Devices in a Closed-Loop Smart Greenhouse Farming System. IEEE Access 2020 , 8 , 196235–196252. [ Google Scholar ] [ CrossRef ]
Wang, Q.; Chen, D.; Zhang, N.; Qin, Z.; Qin, Z. LACS: A Lightweight Label-Based Access Control Scheme in IoT-Based 5G Caching Context. IEEE Access 2017 , 5 , 4018–4027. [ Google Scholar ] [ CrossRef ]
Lee, W.; Jung, B.C.; Lee, H. DeCoNet: Density Clustering-Based Base Station Control for Energy-Efficient Cellular IoT Networks. IEEE Access 2020 , 8 , 120881–120891. [ Google Scholar ] [ CrossRef ]
Yu, C.; Zhan, Y.; Sohail, M. SDSM: Secure Data Sharing for Multilevel Partnerships in IoT Based Supply Chain. Symmetry 2022 , 14 , 2656. [ Google Scholar ] [ CrossRef ]
Sivaselvan, N.; Bhat, K.V.; Rajarajan, M.; Das, A.K.; Rodrigues, J.J.P.C. SUACC-IoT: Secure unified authentication and access control system based on capability for IoT. Clust. Comput. 2022 , 22 , 1–20. [ Google Scholar ] [ CrossRef ]
Zhang, J.; Cheng, Z.; Cheng, X.; Chen, B. OAC-HAS: Outsourced access control with hidden access structures in fog-enhanced IoT systems. Connect. Sci. 2020 , 33 , 1060–1076. [ Google Scholar ] [ CrossRef ]
Nakamura, S.; Enokido, T.; Takizawa, M. Information Flow Control Based on the CapBAC (Capability-Based Access Control) Model in the IoT. Int. J. Mob. Comput. Multimed. Commun. 2019 , 10 , 13–25. [ Google Scholar ] [ CrossRef ]
Nakamura, S.; Enokido, T.; Takizawa, M. Information Flow Control Based on Capability Token Validity for Secure IoT: Implementation and Evaluation. Internet Things 2021 , 15 , 100423. [ Google Scholar ] [ CrossRef ]
Silva, C.; Barraca, J.P. Dynamic Delegation-based Privacy Preserving in IoT Architectures. In Proceedings of the 2022 9th International Conference on Future Internet of Things and Cloud (FiCloud), Rome, Italy, 22–24 August 2022; pp. 46–54. [ Google Scholar ] [ CrossRef ]
Pal, S.; Jadidi, Z. Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities. Sensors 2021 , 21 , 6832. [ Google Scholar ] [ CrossRef ]
Namane, S.; Ben Dhaou, I. Blockchain-Based Access Control Techniques for IoT Applications. Electronics 2022 , 11 , 2225. [ Google Scholar ] [ CrossRef ]
Nadkarni, A.; McCarthy, D.; Filkins, P.; Mehra, R. Internet of Things and Intelligent Edge: Infrastructure. IDC: The Premier Global Market Intelligence Company. Available online: https://www.idc.com/getdoc.jsp?containerId=IDC_P35569 (accessed on 30 December 2022).
Kandele, S.; Paul, S. Key Assignment Scheme with Authenticated Encryption. IACR Trans. Symmetric Cryptol. 2018 , 2018 , 150–196. [ Google Scholar ] [ CrossRef ]
Sarkar, A. A symmetric neural cryptographic key generation scheme for Iot security. Appl. Intell. 2022 , 22 , 1–19. [ Google Scholar ] [ CrossRef ]
López Delgado, J.L.; Álvarez Bermejo, J.A.; López Ramos, J.A. Homomorphic Asymmetric Encryption Applied to the Analysis of IoT Communications. Sensors 2022 , 22 , 8022. [ Google Scholar ] [ CrossRef ]
Suresh Kumar, M.; Purosothaman, T. Multivariate Broadcast Encryption with Group Key Algorithm for Secured IoT. Comput. Syst. Sci. Eng. 2023 , 45 , 925–938. [ Google Scholar ] [ CrossRef ]
Liu, Z.; Seo, H. IoT-NUMS: Evaluating NUMS Elliptic Curve Cryptography for IoT Platforms. IEEE Trans. Inf. Secur. 2019 , 14 , 720–729. [ Google Scholar ] [ CrossRef ]
Chauhan, C.; Ramaiya, M.K.; Rajawat, A.S.; Goyal, S.B.; Verma, C.; Raboaca, M.S. Improving IoT Security Using Elliptic Curve Integrated Encryption Scheme with Primary Structure-Based Block Chain Technology. Procedia Comput. Sci. 2022 , 215 , 488–498. [ Google Scholar ] [ CrossRef ]
Han, K.; Lee, W.K.; Hwang, S.O. cuGimli: Optimized implementation of the Gimli authenticated encryption and hash function on GPU for IoT applications. Clust. Comput. 2021 , 25 , 433–450. [ Google Scholar ] [ CrossRef ]
Chien, H.-Y. Two-Level-Composite-Hashing Facilitating Highly Efficient Anonymous IoT and D2D Authentication. Electronics 2021 , 10 , 789. [ Google Scholar ] [ CrossRef ]
Braghin, C.; Lilli, M.; Riccobene, E. A Model-based approach for Vulnerability Analysis of IoT Security Protocols: The Z-Wave case study. Comput. Secur. 2022 , 127 , 103037. [ Google Scholar ] [ CrossRef ]
Castellon, C.E.; Roy, S.; Kreidl, O.P.; Dutta, A.; Bölöni, L. Towards an Energy-Efficient Hash-based Message Authentication Code (HMAC). In Proceedings of the 2022 IEEE 13th International Green and Sustainable Computing Conference (IGSC), Pittsburgh, PA, USA, 24–25 October 2022; pp. 1–7. [ Google Scholar ] [ CrossRef ]
Narlagiri, S.; Malathy, V.; Sudharani, C.; Sridevi, C.; Chakradhar, A. Modified advanced encryption standard using cipher based message authentication code algorithm. In Proceedings of the AIP Conference Proceedings, Sathyamangalam, India, 25–26 March 2022; AIP Publishing LLC: Melville, NY, USA, 2022; Volume 2418, p. 030011. [ Google Scholar ] [ CrossRef ]
Kureshi, R.R.; Mishra, B.K. A Comparative Study of Data Encryption Techniques for Data Security in the IoT Device. In Internet of Things and Its Applications ; Springer: Singapore, 2022; pp. 451–460. [ Google Scholar ] [ CrossRef ]
Rivero, J.; Huynh, T.N.B.; Smith-Evans, A.; Thao, O.; Cheng, Y. Analyzing the Efficiency of Lightweight Symmetric Ciphers on IoT Devices. California State University Sacramento . 2021, pp. 1–6. Available online: https://scholarworks.calstate.edu/downloads/m326m683z (accessed on 27 February 2023).
Altameem, A.; Poonia, R.C.; Saudagar, A.K.J. A Hybrid AES with a Chaotic Map-Based Biometric Authentication Framework for IoT and Industry 4.0. Systems 2023 , 11 , 28. [ Google Scholar ] [ CrossRef ]
Tsantikidou, K.; Sklavos, N. Hardware Limitations of Lightweight Cryptographic Designs for IoT in Healthcare. Cryptography 2022 , 6 , 45. [ Google Scholar ] [ CrossRef ]
Hsiao, F.H. Chaotic synchronization cryptosystems using a Twofish encryption algorithms. Asian J. Control 2022 , 24 , 1022–1041. [ Google Scholar ] [ CrossRef ]
Bhagat, V.; Kumar, S.; Gupta, S.K.; Chaube, M.K. Lightweight cryptographic algorithms based on different model architectures: A systematic review and futuristic applications. Concurr. Comput. Pract. Exp. 2023 , 35 , e7425. [ Google Scholar ] [ CrossRef ]
Hachim, E.A.W.; Abbas, T.; Gaata, M.T. Modified RC4 Algorithm for Improve Data Protection in Cloud Environment. In Proceedings of the 2022 International Conference on Information Technology Systems and Innovation (ICITSI), Bandung, Indonesia, 8–9 November 2022; pp. 295–299. [ Google Scholar ] [ CrossRef ]
Najm, H. Data authentication for web of things (WoT) by using modified secure hash algorithm-3 (SHA-3) and Salsa20 algorithm. Turk. J. Comput. Math. Educ. (TURCOMAT) 2021 , 12 , 2541–2551. [ Google Scholar ] [ CrossRef ]
Paul, K. Vulnerability Analysis of Salsa20: Differential Analysis and Deep Learning Analysis of Salsa20. Master’s Thesis, Universitetet i Sørøst-Norge, Norge, Norway, 2020. [ Google Scholar ]
Aamir, M.; Sharma, S.; Grover, A. ChaCha20-in-Memory for Side-Channel Resistance in IoT Edge-Node Devices. IEEE Open J. Circuits Syst. 2021 , 2 , 833–842. [ Google Scholar ] [ CrossRef ]
Serrano, R.; Duran, C.; Sarmiento, M.; Pham, C.K.; Hoang, T.T. ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3. Cryptography 2022 , 6 , 30. [ Google Scholar ] [ CrossRef ]
Liu, W.; Gao, J. Quantum security of Grain-128/Grain-128a stream cipher against HHL algorithm. Quantum Inf. Process. 2021 , 20 , 1–22. [ Google Scholar ] [ CrossRef ]
Carlson, A.; Dutta, I.; Ghosh, B. Using the Collision Attack for Breaking Cryptographic Modes. In Proceedings of the 2022 13th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kharagpur, India, 3–5 October 2022; pp. 1–7. [ Google Scholar ] [ CrossRef ]
Madani, M.; Tanougast, C. FPGA implementation of an optimized A5/3 encryption algorithm. Microprocess. Microsyst. 2020 , 78 , 103212. [ Google Scholar ] [ CrossRef ]
Gundaram, P.K.; Tentu, A.N.; Allu, S.N. State Transition Analysis of GSM Encryption Algorithm A5/1. J. Commun. Softw. Syst. 2022 , 18 , 36–41. [ Google Scholar ] [ CrossRef ]
Zhang, B. Cryptanalysis of GSM encryption in 2G/3G networks without rainbow tables. In Proceedings of the25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 8–12 December 2019; Springer: Cham, Switzerland, 2019; pp. 428–456. [ Google Scholar ] [ CrossRef ]
Muthalagu, R.; Jain, S. A novel modified KASUMI block chiper for global system for mobile communications. Int. J. Comput. Appl. 2021 , 43 , 805–811. [ Google Scholar ] [ CrossRef ]
Manz, O. Symmetric Ciphers. In Encrypt, Sign, Attack. Mathematics Study Resources ; Springer: Berlin/Heidelberg, Germany, 2022; Volume 4. [ Google Scholar ] [ CrossRef ]
Kumar, A.; Mishra, P.R.; Pal, S.K.; Ojjela, O. Analysis of variability and degree of non-linearity of HC-128. J. Discret. Math. Sci. Cryptogr. 2021 , 24 , 2093–2108. [ Google Scholar ] [ CrossRef ]
Walden, J. The impact of a major security event on an open source project: The case of OpenSSL. In Proceedings of the 17th International Conference on Mining Software Repositories, Seoul, Republic of Korea, 29–30 June 2020; pp. 409–419. [ Google Scholar ] [ CrossRef ]
Alrowaithy, M.; Thomas, N. Investigating the performance of C and C++ cryptographic libraries. In Proceedings of the 12th EAI International Conference on Performance Evaluation Methodologies and Tools, Palma, Spain, 12–15 March 2019; pp. 167–170. [ Google Scholar ] [ CrossRef ]
Boesgaard, M.; Vesterager, M.; Zenner, E. Information on RFC 4503. 21 January 2021. Available online: https://www.rfc-editor.org/info/rfc4503 (accessed on 13 January 2023).
Surantha, N. Secure Portable Virtual Private Network with Rabbit Stream Cipher Algorithm. Procedia Comput. Sci. 2018 , 135 , 259–266. [ Google Scholar ] [ CrossRef ]
Marpaung, J.A.; Ndibanje, B.; Lee, H.J. Higher-Order Countermeasures against Side-Channel Cryptanalysis on Rabbit Stream Cipher. J. Inf. Commun. Converg. Eng. 2014 , 12 , 237–245. [ Google Scholar ] [ CrossRef ]
Sajid, F.; Hassan, M.A.; Khan, A.A.; Rizwan, M.; Kryvinska, N.; Vincent, K.; Khan, I.U. Secure and Efficient Data Storage Operations by Using Intelligent Classification Technique and RSA Algorithm in IoT-Based Cloud Computing. Sci. Program. 2022 , 2022 , 2195646. [ Google Scholar ] [ CrossRef ]
Bhutta, M.N.M.; Bhattia, S.; Alojail, M.A.; Nisar, K.; Cao, Y.; Chaudhry, S.A.; Sun, Z. Towards Secure IoT-Based Payments by Extension of Payment Card Industry Data Security Standard (PCI DSS). Wirel. Commun. Mob. Comput. 2022 , 2022 , 9942270. [ Google Scholar ] [ CrossRef ]
Kerry, C.F.; Gallagher, P.D. Digital Signature Standard (DSS) ; FIPS PUB 186–4; Information Technology Laboratory, National Institute of Standards and Technology: Gaithersburg, MD, USA, 2013. [ Google Scholar ]
Alhayani, B.S.; Hamid, N.; Almukhtar, F.H.; Alkawak, O.A.; Mahajan, H.B.; Kwekha-Rashid, A.S.; Alkhayyat, A. Optimized video internet of things using elliptic curve cryptography based encryption and decryption. Comput. Electr. Eng. 2022 , 101 , 108022. [ Google Scholar ] [ CrossRef ]
Verma, U.; Bhardwaj, D. A secure lightweight anonymous elliptic curve cryptography-based authentication and key agreement scheme for fog assisted-Internet of Things enabled networks. Concurr. Comput. Pract. Exp. 2022 , 34 , e7172. [ Google Scholar ] [ CrossRef ]
Matiyko, A.A. The Comparative Analysis of NTRUCipher and NTRUEncrypt Encryption Schemes. Mathematical and Computer Modelling. Ser. Tech. Sci. 2019 , 19 , 81–87. [ Google Scholar ] [ CrossRef ]
DENIAL. Bouncycastle Fails NTRU Generation. Stack Overflow. 15 April 2014. Available online: https://stackoverflow.com/questions/23095051/bouncycastle-fails-ntru-generation (accessed on 13 January 2023).
Hauser, F.; Haberle, M.; Schmidt, M.; Menth, M. P4-IPsec: Site-to-Site and Host-to-Site VPN With IPsec in P4-Based SDN. IEEE Access 2020 , 8 , 139567–139586. [ Google Scholar ] [ CrossRef ]
Hong, S. Issues and Security on IPSec: Survey. J. Digit. Converg. 2014 , 12 , 243–248. [ Google Scholar ] [ CrossRef ]
Khan, A.F.; Anandharaj, G. A Multi-layer Security approach for DDoS detection in Internet of Things. Int. J. Intell. Unmanned Syst. 2020 , 9 , 178–191. [ Google Scholar ] [ CrossRef ]
Aravind, K.A.; Naik, B.R.; Chennarao, C.S. Combined Digital Signature with SHA Hashing Technique-based Secure System: An Application of Blockchain using IoT. Turk. J. Comput. Math. Educ. (TURCOMAT) 2022 , 13 , 402–418. [ Google Scholar ]
Varo, Q.; Lardier, W.; Yan, J. Dynamic Reduced-Round TLS Extension for Secure and Energy-Saving Communication of IoT Devices. IEEE Internet Things J. 2022 , 9 , 23366–23378. [ Google Scholar ] [ CrossRef ]
Kumari, N.; Mohapatra, A.K. A comprehensive and critical analysis of TLS 1.3. J. Inf. Optim. Sci. 2022 , 43 , 689–703. [ Google Scholar ] [ CrossRef ]
Alwazzeh, M.; Karaman, S.; Shamma, M.N. Man in The Middle Attacks Against SSL/TLS: Mitigation and Defeat. J. Cyber Secur. Mobil. 2020 , 9 , 449–468. [ Google Scholar ] [ CrossRef ]
Timko, A.M. Cybersecurity of Internet of Things Devices: A Secure Shell Implementation. 2022. Available online: https://urn.fi/URN:NBN:fi:amk-202205139197 (accessed on 10 March 2023).
Kaiser. SSH Client/Server for SM-R760. SSH Client/Server for SM-R760|Tizen Developers. 3 February 2001. Available online: https://developer.tizen.org/forums/general-support/ssh-clientserver-sm-r760 (accessed on 13 January 2023).
Ganeshkumar, P.; Albalawi, T. A Locality-Sensitive Hashing-Based Jamming Detection System for IoT Networks. Comput. Mater. Contin. 2022 , 73 , 5943–5959. [ Google Scholar ] [ CrossRef ]
Khadidos, A.O.; Shitharth, S.; Khadidos, A.O.; Sangeetha, K.; Alyoubi, K.H. Healthcare Data Security Using IoT Sensors Based on Random Hashing Mechanism. J. Sens. 2022 , 2022 , 1–17. [ Google Scholar ] [ CrossRef ]
Wang, F.; Zhu, M.; Wang, M.; Khosravi, M.R.; Ni, Q.; Yu, S.; Qi, L. 6G-Enabled Short-Term Forecasting for Large-Scale Traffic Flow in Massive IoT Based on Time-Aware Locality-Sensitive Hashing. IEEE Internet Things J. 2021 , 8 , 5321–5331. [ Google Scholar ] [ CrossRef ]
Lin, C.H.; Liu, J.C.; Chen, J.I.Z.; Chu, T.P. On the Performance of Cracking Hash Function SHA-1 Using Cloud and GPU Computing. Wirel. Pers. Commun. 2019 , 109 , 491–504. [ Google Scholar ] [ CrossRef ]
Martino, R.; Cilardo, A. Designing a SHA-256 processor for blockchain-based IoT applications. Internet Things 2020 , 11 , 100254. [ Google Scholar ] [ CrossRef ]
Zellagui, A.; Hadj-Said, N.; Ali-Pacha, A. Comparative Study Between Merkle-Damgård And Other Alternative Hashes Construction. In Proceedings of the Second Conference on Informatics and Applied Mathematics IAM, Guelma, Algeria, 24–25 April 2019; Volume 180, pp. 30–34. [ Google Scholar ]
Al-Odat, Z.A.; Khan, S.U.; Al-Qtiemat, E. A modified secure hash design to circumvent collision and length extension attacks. J. Inf. Secur. Appl. 2022 , 71 , 103376. [ Google Scholar ] [ CrossRef ]
Tang, Y.; Zeng, G.; Han, W. Classification of disturbance vectors for collision attack in SHA-1. Sci. China Inf. Sci. 2015 , 58 , 1–10. [ Google Scholar ] [ CrossRef ]
Kumar, K.K.; Ramaraj, E.; Srikanth, B.; Rao, A.S.; Prasad, P.B.V.N. Role of MD5 Message-Digest Algorithm for Providing Security to Low-Power Devices. In Proceedings of the 2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India, 25–27 May 2022; pp. 352–358. [ Google Scholar ] [ CrossRef ]
Kuznetsov, A. Parallel algorithm for MD5 collision attack. Program Syst. Theory Appl. 2015 , 6 , 61–72. [ Google Scholar ] [ CrossRef ]
RFC 7693. BLAKE2. BLAKE2—Fast Secure Hashing. 13 June 2018. Available online: https://www.blake2.net/ (accessed on 14 January 2023).
EL Makhtoum, H.; Bentaleb, Y. Comparative Study of Keccak and Blake2 Hash Functions. In Networking, Intelligent Systems and Security ; Springer: Singapore, 2022; pp. 343–350. [ Google Scholar ] [ CrossRef ]
Liu, F.; Dobraunig, C.; Mendel, F.; Isobe, T.; Wang, G.; Cao, Z. Efficient collision attack frameworks for RIPEMD-160. In Proceedings of the 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, 18–22 August 2019; Springer: Cham, Switzerland, 2019; pp. 117–149. [ Google Scholar ] [ CrossRef ]
Asare, B.T.; Quist-Aphetsi, K.; Nana, L. Using RC4 and whirlpool for the encryption and validation of data in IoT. In Proceedings of the 2019 International Conference on Cyber Security and Internet of Things (ICSIoT), Accra, Ghana, 29–31 May 2019; pp. 114–117. [ Google Scholar ] [ CrossRef ]
Venkatesan, R.; Srinivasan, B.; Rajendiran, P. Tiger hash based AdaBoost machine learning classifier for secured multicasting in mobile healthcare system. Clust. Comput. 2019 , 22 , 7039–7053. [ Google Scholar ] [ CrossRef ]
Waguie, F.T.; Al-Turjman, F. Artificial Intelligence for Edge Computing Security: A Survey. In Proceedings of the 2022 International Conference on Artificial Intelligence in Everything (AIE), Lefkosa, Cyprus, 2–4 August 2022; pp. 446–450. [ Google Scholar ] [ CrossRef ]
Arp, D.; Quiring, E.; Pendlebury, F.; Warnecke, A.; Pierazzi, F.; Wressnegger, C.; Rieck, K. Dos and don’ts of machine learning in computer security. arXiv 2020 , arXiv:2010.09470. [ Google Scholar ]

Click here to enlarge figure

Wireless Communication Technology	ZigBee	BLE	6LoWPAN	LoRaWAN
	Mesh topology	Mesh topology	Mesh topology	Star topology
	1–100 m	Approximately 10 m	~200 m max.	6.2 miles max.
	12 μA	9 μA 0.4 μA at low energy	12 μA	7.66 μA to 34 μA
	50 mA	35 mA	>40 mA	>34 mA
	52 mA	37 mA	>50 mA	>52 mA
	✓	x	✓	✓
	x	x	✓	✓
(VBAT)	3.3 V	3.3 V	3.3 V	4.2 V
	Home Automation, Embedded Sensing, Industrial Control Systems	Transfer Data Files, Data Logging Equipment, Short-range Data Transmission	Transmission of IPv6 Packets, Wireless Sensor Networks (WSN), Low-power Mesh networks	Smart City, Chirp Spread Spectrum (CSS) technology
	1 or 0	1 or 0	1 or 0	1 or 0

Attack	Portrayal	Purpose
Intrusion into a node [ , ]	IoT nodes are the components of an IoT ecosystem that facilitate data transfer between devices in the real world and the cloud. These devices are envisioned as aggregators of data from several sensors coming from various sources. The attacker makes changes to the nodes or disrupts their functions and then acquires full control of the node. This exploit damages the hardware, which will reduce the availability of resources.	Attacks that entail tampering with the device can take advantage of newly discovered vulnerabilities and exploit them. In point of fact, they are a type of physical attack in which the attacker attempts to break security after first attempting to corrupt the memory or the computation, and then gaining further knowledge by interacting with the IoT equipment. This occurs after the attacker has attempted to break security by corrupting the memory or the computation. Following this, the attacker will try to circumvent the security.
Node Dependency Injection [ , ]	When one or more dependents (or services) are “injected” into a reliant entity, they are given by reference to the instrument. This can be done with several dependents at the same time. The term “dependency injection” refers to this specific approach to creating software applications. Moreover, when an adversary injects fake nodes into a complete network, this is known as fake node injection. This occurs when the adversary inserts counterfeit nodes into the linked authorized nodes of the network.	It grants the attacker the ability to exert control over the data stream. The need to govern the data flow will arise as a direct consequence of this attack. Any kind of data might be susceptible to being processed by an opponent, who could then take control of it. A variety of different physical devices might be compromised by using this attack. When working in an environment such as this one, establishing reliable connections between every sensor/IoT node and the user who will ultimately be using the system is of the highest importance.
Node Acquisition Attack [ , ]	A typical example of a physical attack on a network is the capture of a node and subsequent extraction of its ciphering data. Later, it will be used to initiate more exploits within the network. There are several different types of IoT Node Acquisition Attacks, including spoofing, jamming, physical compromise, supply chain attack, firmware attack, and malware.	The adversary’s purpose is to trick the unidentified nodes into thinking they are at a known location by manipulating the signals between known nodes or by posing as a recognized node to falsify, change, or replay signals. With that in mind, precautions must be taken to ensure the estimated locations remain accurate even when under attack.
Eavesdropping Attack [ , ]	Eavesdropping attacks, in which hackers listen in on normally private network traffic, can successfully target any device connected to the Internet of Things (IoT). Types of eavesdropping attacks include passive eavesdropping, active eavesdropping, phishing and spear phishing attacks, drive-by attack, password attack, SQL injection attack, cross-site scripting (XSS) attack, eavesdropping attack, device fingerprinting, malware, and AI-powered IoT-based attacks.	Eavesdropping can occur when a connection between two endpoints is neither secure nor sufficiently strong. This leaves the link vulnerable to assault. Lack of encryption, outdated software or hardware, malware infection, or a mix of the three is all potential causes of unprotected switches and routers. Eavesdropping attacks might yield a large reward for the perpetrators. Information such as credit card numbers, names, addresses, phone numbers, email addresses, passwords, and even privileged information might be stolen.
Node Cloning [ , ]	Most IoT installations are placed in unrestricted, potentially dangerous areas. Consequently, they are extremely susceptible to intrusions through clone nodes or node replication. Some common types of Node Cloning Attacks in IoT are physical cloning, software cloning, address spoofing, configuration injection, replay attack, and side-channel attacks.	Capturing valid IoT devices allows the attacker to extract them, get access to important data such as node ID and keys, and launch a replication operation. If an attacker uses this vulnerability, he or she can eventually take over the entire network and do any action permitted by the approved nodes.
Radio Frequency (RF) Jamming [ , ]	One of the most common and successful forms of exploitation is the jamming of infrastructure communication, which disrupts or halts data transmission through the system. Jamming occurs when an adversary takes over the channel where legitimate nodes are trying to communicate. Many methods exist for an attacker to cause interference and clutter in the wireless frequency. One method is to flood the network with noise in the form of continual, uncontrolled data transmissions. It is also possible that there is a constantly high volume of data transmitting valid frames but just taking up all the available bandwidth. Some of the common types of RF Jamming attacks include pulse jamming, continuous wave jamming, random jamming, selective jamming, and reactive jamming.	The majority of devices include RF capabilities for sharing data wirelessly. A denial-of-service attack can be caused by any circumstance preventing normal data transmission.
Replay Attack [ , , ]	When a malicious user falsely delays or retransmits a secure network message to trick the intended recipient into performing the hacker’s desired action, this is known as a replay attack. Several types of replay attacks can be used against IoT devices, including authentication replay attacks, session hijacking replay attacks, and encrypted data replay attacks. In an authentication replay attack, an attacker can intercept an authentication request and then delay or repeat it in order to gain access to a system. In a session hijacking replay attack, an attacker can intercept a valid session and use it to bypass authentication and access the system. In an encrypted data replay attack, an attacker can intercept and replay encrypted data in order to gain access to confidential information.	To steal private information, hack into secure networks, or make identical transactions are common goals of replay attacks. To protect against these types of attacks, devices should be secured with encryption, authentication, and authorization. Additionally, monitoring devices for suspicious activity and regularly patching any vulnerabilities is important.
Device Spoofing Attack [ , , ]	Spoofing occurs when a linked IoT network suffers a cybersecurity failure at a lower layer. When, for instance, a computer system containing financial information is connected to the same IoT network as a Zigbee-enabled smart appliance with minimal security measures in place. In this context, “device spoofing” refers to the process of impersonating a different device using specialized software. The tools can fake software and hardware characteristics to deceive surveillance software. Some of the most occurring vulnerabilities are MAC address spoofing, IP address spoofing, DNS spoofing, HTTP spoofing, IoT cloud spoofing, and node spoofing.	It is a practice of impersonating a trusted entity to gain access to protected resources, commit fraud, steal sensitive information, obtain financial gain, or distribute malicious codes. A wide variety of spoofing attacks relate to data, domain, IP, and ARP. A few methods can be used to help prevent an IoT device spoofing attack. The first is to ensure that all devices on the network have strong authentication methods in place, such as passwords and two-factor authentication. Additionally, it is important to keep all devices up to date with the latest security patches and updates. It is also important to use encryption technologies such as a Secure Socket Layer (SSL) or Transport Layer Security (TLS) to protect data transmissions. Finally, it is important to enabling firewalls and network address translation (NAT) to protect the network from outside access.
Sleep Deprivation Attack [ , , ]	As part of a sleep deprivation or denial-of-sleep exploit, a malevolent device transmits requests to target endpoints only at the frequency required for keeping them active. Therefore, unlike in a barrage assault, the target devices are kept awake but are not forced to carry out any particularly taxing tasks. There are several types of IoT sleep deprivation attacks. These include flooding the target device with requests, sending malicious code to disrupt its sleep cycle, and exploiting vulnerabilities in the device’s firmware to prevent it from entering a low-power state. Additionally, some attackers may attempt to use social engineering tactics to induce the user to keep the device active and thus prevent it from entering a low-power state.	The interactions are meant to prevent the victim node from entering a power-saving sleep state. As a result, the victim’s lifespan can be drastically shortened by this attack.
Temporary Disabling Attack (TDA) [ , ]	The malware injected into an IoT system by an attacker can compromise its integrity and allow for the theft of sensitive information or the implementation of additional attacks. Furthermore, if vendors do not guarantee proper software protection, certain systems might be compromised with viruses’ right out of the box. IoT devices are particularly vulnerable to TDA attacks because of their limited processing capability. Thus, several types of IoT temporary disabling attacks exist, including exploiting hardware or firmware vulnerabilities, distributed denial-of-service (DDoS) attacks, flooding servers with requests, and using malicious scripts to disable devices. Additionally, attackers may use physical access to the device to temporarily disable it, such as unplugging it or removing its battery.	Denial-of-service attacks, such as TDA hinder a system’s ability to handle legitimate requests by flooding it with spam. In most cases, these attacks are used to disrupt services or interfere with the normal functioning of the device, but in some cases, the goal may be access to the device or its data.
Unauthorized Access Attack [ , , , ]	The term “unauthorized access” describes when hackers enter a system without authorization. Passwords that are too easy to crack, a failure to safeguard against thought control, hacked credentials, and even insider threats all contribute to the prevalence of these types of attacks. Types of unauthorized access attacks include a brute force attack, man-in-the-middle attack, IoT-focused phishing attacks, and social engineering attacks that attempt to trick device users into revealing sensitive information. Extensive monitoring of shadow devices and regular software updates can furnish safeguard against such attacks.	Access is gained to an IoT system by an unauthorized user/device who intends to commit an attack of some kind, whether it relates to data theft, system destruction, or the activation of a ransomware vulnerability.
Authentication and Authorization [ , , ]	Whether an individual is using an IoT device for home automation or a major corporation is using hundreds of IoT devices to track and monitor processes and resources, authentication and authorization are crucial components of security breaches. The first step in developing an IoT authentication and authorization strategy is gaining an in-depth knowledge of the organization’s IoT usage and network communication patterns. Some common types of authentication and authorization attacks in IoT include password attacks (i.e., brute force or dictionary attacks), man-in-the-middle attacks, spoofing attacks, repudiation attacks, and session hijacking attacks.	For devices that can only communicate to one other device, “one-way authentication” is the best option for establishing trust. It is still important to implement security measures, although constant monitoring is not required for such setups. The process of two devices engaging with each other verifying the identities of the other device before transferring data is referred to as “mutual authentication”. Both devices need to be able to compare their IDs and maintain access to the technologies used by the other gadgets. Unless both devices trust each other’s digital certificates, there will be no way for them to talk to each other. Through the TLS protocol, certifications can be transferred and compared. Devices are authorized in three separate ways using the “centralized three-way authentication” approach, which requires a valid digital certificate to be registered with a central authority or server. The trustworthy third-party acts as an intermediary between the communication devices to facilitate the transfer of cryptographic guarantees. Hackers are unable to steal the three-factor authentication security certificates since they are not stored on the devices.
Buffer-overflow Attack [ , , ]	Overflow happens when more data is being stored than can fit in a buffer. When the IoT application tries to save the input to the buffer, it writes over the neighboring system memory, which can cause serious issues. A system can be exploited by malicious actors that are aware of its storage architecture if they purposefully feed it data that exceeds the capacity of the buffer or if they get access to the system and modify the source code stored in the system’s memory. Buffer overflow attacks in IoT can take several forms, including stack-based buffer overflows, heap-based buffer overflows, format string attacks, integer overflows, and stack smashing.	By far, the most common kind of buffer overflow exploits the ephemeral data on the stack, which is reserved for use within a function. It is more challenging to carry out a heap-based attack since doing so necessitates using more memory than the system has allotted to the program, which is needed for its continuous dynamic activities. To prevent this type of attack, IoT developers should ensure that their code is secure by using secure coding practices and ensuring all buffers are properly allocated and all input is validated. Additionally, security patches should be consistently applied to ensure that any newly discovered vulnerabilities are addressed.
DDoS (Slowloris) Attack [ , , ]	Slowloris is an application layer distributed denial-of-service (DDoS) attack that overloads and eventually shuts down a target Web server by repeatedly delivering unclear Hypertext Transfer Protocol (HTTP) requests from a single IoT device. This specific DDoS attack can be launched with minimal bandwidth while leaving other applications and ports unaffected. A Slowloris attack can take several forms, including HTTP flood, SYN flood, DNS amplification, SQLi, ICMP Echo request attack, and fraggal attack.	The attack of a Slowloris is deliberate and meticulous in nature. A series of incomplete connection requests are sent to the vulnerable central server. Therefore, the intended server responds to requests by opening additional connections. All the server’s available sockets for connections will be used up quickly, preventing any new connections from being established. In the end, even though it may take a while for Slowloris to totally take over high-traffic services, the DDoS attack will cause all legitimate requests to be refused.
Large Payload Transfer Attack [ , , ]	The current utilization of the Internet of Things involves various applications that require large payload transfer, such as uploading medical data, transmitting audio data from medical devices, detecting vehicle crashes through digital audio, uploading images related to traffic crimes, and uploading binary files generated by industrial machines. Nevertheless, if such data transfers are initiated by devices controlled by hackers, they must be treated as anomalous and potentially malicious.	Complex and large payload transfer can have devastating impact on data transfer messaging protocols namely Constrained Application Protocol (CoAP) [ , ], MQ Telemetry Transport (MQTT) [ , , ], Extensible Messaging and Presence Protocol (XMPP) [ , ], Advanced Message Queuing Protocol (AMQP) [ ], and HTTP [ , ] Anomaly can trigger latency in constant and real-time data transfers. It is crucial to minimize data packet latency and inefficiency without compromising on reliability. It is worth highlighting that a certain amount of inefficiency is necessary for maintainability, flexibility, and testability in an IoT network; without it, these features would be impossible.
Mimicked Device Behavior [ , ]	Behaviors are incorporated into a IoT node Security Profile. For each pattern, the applied protocol will find an associated metric that defines the baseline performance of IoT devices as a whole or as a subset. There are two broad types of actions: behavioral patterns can be detected by either rules or machine learning (ML). ML utilizes past device data to analyze device behavior, whereas rules lets the administrator specify the device behavior. Both machine learning and rule-based thresholds are viable options for a Security Profile to mimic device behavior. Mimicked Device Behavior Attacks in the IoT include malicious software injection attacks, command and control (C&C) attacks, botnet attacks, data manipulation attacks, and rogue access point attacks.	Device behavior analysis triggered by hackers can lead to revealing critical information and may compromise data related to scalability and reliability of IoT network, user’s private data and device design flaws.
Permissions Manipulation [ , ]	The term “permission” refers to the action of bestowing rights upon a verified individual or entity. Authenticated identities in an IoT environment have their capabilities constrained by fundamental regulations. Devices, mobile apps, online apps, and desktop apps all rely on an authorized identity. The types of Permissions Manipulation Attacks in IoT include privilege escalation, horizontal attacks (i.e., attackers can gain access to accounts with limited permissions and then attempt to escalate privileges to gain more), data leaks, and DoS attacks.	The IoT’s inclination to cache copies of policy implies that it may take a few minutes for an adversary’s alterations to bring an action. Then it might take a few seconds to obtain a connection to a resource once it has been introduced to the network, and it can continue to be available for some time after access has been revoked.
Payload Flooding [ , ]	In communications networks, inundation is a straightforward routing approach in which a source or node broadcasts packets over all available outbound connections. When originating packets (lacking routing data) are sent to entire connected network, a phenomenon known as flooding unfolds. Payload Flooding Attacks in the IoT include malformed flooding, unauthorized message flooding, data flooding, command flooding, and fragmentation attack (i.e., the attacker fragments large messages into smaller pieces and sends them to the IoT device, which can cause the device to become overwhelmed and unresponsive).	A “payload flood” attack aims to overwhelm a system with data, making it impossible to distinguish between legitimate and unauthorized data traffic.
SQLi [ ]	One typical method for hackers to break into the data-repository of IoT systems illegally, hack the system, and carry out malicious actions is through SQL injection (SQLi). The attack is carried out by inserting malicious script into an otherwise innocuous database query. SQLi attacks can be categorized into three main types (a) In-Band SQLi attacks, (b) Out-of-Bound SQLi attacks, and (c) Inferential SQLi attacks. The main difference between the three categories of SQLi attacks is the method used to send malicious data. In-Band SQLi attacks send malicious data via an input field or web application, Out-of-Band SQLi attacks send malicious data via a different channel such as an email or file transfer, and Inferential SQLi attacks infer data from the database without directly interacting with it.	In SQLi, the contributor’s input is changed by inserting special characters that change the setting of the SQL query. This situation reinforces the attacker’s goals by tricking the repository into running a malicious script rather than the user’s input. Since SQLi may lead to the exposure of private user information or even provide attackers complete administrator access to a database, it can have far-reaching consequences.
DoS Attack [ , , ]	A Denial-of-Service (DoS) attack is one in which the target system or network is intentionally overloaded to the point where it cannot serve its intended purpose. The types of DoS attacks in the IoT include, but are not limited to, amplification attacks, reflection attacks, flooding attacks, protocol attacks, and resource exhaustion attacks.	The goal of a denial-of-service attack is to make the target system unusable by overloading it with traffic or delivering it data that causes it to fail. DoS attacks can either overload the target’s system or bring it down entirely. When a server is hit with an overwhelming number of requests at once, it is said to be experiencing a flood attack.
Sybil Attack [ , , ]	During a Sybil attack, the attacker mimics the identities of several different targets. Communicating to a peer-to-peer network presents this as one of the most significant challenges. By constructing several false identities, it is able to influence the network and exert complete control over it. There are several types of Sybil attacks in IoT, including false identity attacks, false data attacks, resource depletion attacks, and denial-of-service attacks.	Sybil attacks, if successful, can prevent Internet of Things devices from communicating with the network and thereby execute a 51% assault. Such attacks can be averted by the use of direct and indirect node validation.
Sinkhole [ , , ]	In this type of attack, malevolent nodes spread false information to other adjacent nodes in an effort to gain their trust. By sending their transmissions to the compromised nodes, the legitimate nodes equip them to carry out a variety of cyber-attacks. Some of the types of sinkhole attack include selective forwarding attack, blackhole attack, gratuitous routing attack, and replay attack.	With the intention of diverting traffic away from the main hub, the malicious node poses as the shortest path to the access point. This pulls in nodes from a wider area, not just the immediate vicinity of the sinkhole. The data may then be easily manipulated by the intruder node or sinkhole, which compromises the security of the network. A sinkhole attack might originate either from within the network or from the outside IoT environment.
Sinkhole Attack (DNS Configured) [ , , ]	In a sinkhole attack, a hacked node actively seeks out network packets by spreading the message of its deceptive routing transformation. Alternative attacks, such as node capture attacks, acknowledgement replay attack, and dropped or changed routing tables, can be launched from a sinkhole attack. DNS Sinkholing, on the other hand, is a method of user protection that involves redirecting DNS queries that are intended for known harmful or undesired domains to a controlled, fake IP address.	An Internet of Things sinkhole attack is one that intentionally slows down or stops an entire network by delivering false routing data. Disrupting communications, denying users access to services, and even launching more assaults on the network are all possible outcomes. In addition, a sinkhole attack may be used to steal information from a network, including IP addresses, data packets, and user passwords. The two most popular forms of sinkhole attacks are blackhole attacks and grayhole attacks. In a blackhole attack, the adversary does not pass along any information it obtains. In a grayhole attack, the malicious node selectively suppresses packets while allowing others to get through.
Blackhole Attack [ , ]	Black hole attacks occur when a router stops forwarding relevant data. A router’s settings can be tweaked such that it establishes a direct connection to any other node on the IoT network at no additional expense. Therefore, all network traffic will be sent to specific routers. The router can also exhibit false failure under certain conditions. Some common types of blackhole attacks in IoT are routing-based blackhole attacks, selective data forwarding attack, false data injection attack, timing attack, reflection attack, and resource consumption attack.	When a malicious node alters the standard operation of the routing protocol, the vulnerable node continues to believe that it has a good route and continues sending data to its intended recipient. An originating node will send out RREQ (route request) to all its communication range as part of the route-finding procedure. When an adversary gets such a request, it will send a RREP (route reply) packet to the originating node, with a high identifier and a low hop count of 1. Data is rendered inaccessible, because the intruder node, upon receiving these packets, discards them without forwarding them to the intended IoT node.
Traffic Analysis Attack [ , , ]	When an attacker targets an IoT network, they potentially seek to conduct a traffic analysis attack by intercepting or monitoring data sent and received between connected devices. Common types of traffic analysis attacks include eavesdropping [ , ], footprinting [ ], network scanning [ , ], and traffic redirection [ ].	These exploits have the potential to learn the type of device that is linked to a network, to analyze user behavior, and to extract private information. To counter these threats, enterprises should use an Intrusion Detection System to keep tabs on network activity and implement encryption and robust authentication to safeguard their IoT networks. Researchers should also implement secure protocols such as HTTPS to encrypt data transferred between IoT gadgets.
Man-in-the-Middle Attack (MITM) [ ]	A man-in-the-middle attack is a type of cyberattack that occurs in the context of the IoT, in which an attacker intercepts and alters data that is transmitted between two endpoints. This is possible because many IoT devices and infrastructures lack sufficient security measures, making them susceptible to such attacks. The attacker positions himself as the “man in the middle” and has the ability to modify and monitor the data that is being exchanged between the two systems or devices. There are many types of MITM attacks that attackers can use to exploit insecure applications and user data. Some of the most common types of MITM attacks include rogue access point attacks [ ], address resolution protocol (ARP) spoofing [ ], domain name system (DNS) spoofing [ ], session hijacking [ ], and SSL/TLS interception [ ].	Passwords and critical information are only two examples of the kinds of private data that might be compromised by this kind of cyberattack. The attacker can take charge of the device or system, changing data or issuing malicious commands. In order to stop man-in-the-middle attacks in the IoT, it is essential that all sensors are protected and that all data sent between them is encrypted. In addition, only approved respondents should be provided access to the system; hence, robust authentication mechanisms such as two-factor authentication are highly recommended.

IoT Anomaly Detection	Data Security and Consequence Administration Procedure (DSCAP)	Intrusion Detection, Management and Prevention System (IDMPS)	Firewall
IoT Anomaly Detection			Firewall
Physical and Service security	Physical and Service security	Physical and Service security	Physical and Service security
System and interconnected network supervision	System and interconnected network supervision	Access Management
Guaranteeing IoT/IIoT/IoMT accessibility and throughput	System and interconnected network supervision	Access Management
Monitoring and evaluation of the active state of “Operational Technology (OT) networks” that are complicated and have predictable communication techniques	Surveillance of intricate IoT network infrastructures.	Governance of permissions	IoT edge security and monitoring
IoT Control Systems and OT settings are the primary focus, with smart IT infrastructure as a secondary consideration.
As a component of a defensive strategy, Tier-based security protects against (persistent, unknown) external attacks.
Identification of any deviations from the norm in information exchange (identified and unfamiliar)	An extended inspection of the framework of data transmission	Intercepting internal and external attacks based on their characteristic patterns (identifiers).	Neutralization of identified external anomalies.
Accessibility and availability in the digital realm	Systems’ security vulnerabilities are being identified
A comprehensive evaluation of the communication medium
Governance of IoT Assets
Assessment of identified abnormalities’ risk levels	Extensive policy framework	The efficacy of the defense largely dependent on the anomaly-signature repository.	Defense effectiveness is tied to the availability of a comprehensive database of threats.
Wide-ranging scenario filtering options	Extensive policy framework	Recurrent false-positive and false-negative identification
A non-proactive source of information	Real-time data input	Obliges specialized technical understanding.	Consistently implement and upgrade the policy
Need for specific setup and data hosting	Significant constraints for setup and data handling
	Necessitates specialized, in-depth understanding of environment ruleset and data requirements.

	Scalability	Process-Centric	Distribution	Data Privacy	Device Imposed Policies	Security	Access Model/Method
Attribute-based [ , , ]							Decentralized access control management application
Capability-based [ , , ]							Blockchain driven privacy assurance.
Rule-based [ , , ]							Prioritize sensing and communicating nodes as per their role
LACS [ ]							Authorizing Fog nodes based on caching services,
DeCoNet [ ]							Cluster reachability-distance based utilization of thinning operation to enforce Access validation.
SDSM [ ]							Enforcement of combination of blockchain and ciphertext-based attribute cryptography
SUACC-IoT [ ]							Capability-driven authorization system for IoT devices with limited resources.
OAC-HAS [ ]							Fog-cloud computing outsourcing verification to avoid access structure data leaks

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

Tariq, U.; Ahmed, I.; Bashir, A.K.; Shaukat, K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors 2023 , 23 , 4117. https://doi.org/10.3390/s23084117

Tariq U, Ahmed I, Bashir AK, Shaukat K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors . 2023; 23(8):4117. https://doi.org/10.3390/s23084117

Tariq, Usman, Irfan Ahmed, Ali Kashif Bashir, and Kamran Shaukat. 2023. "A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review" Sensors 23, no. 8: 4117. https://doi.org/10.3390/s23084117

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

IEEE Account

Change Username/Password
Update Address

Purchase Details

Payment Options
Order History
View Purchased Documents

Profile Information

Communications Preferences
Profession and Education
Technical Interests
US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support
About IEEE Xplore
Accessibility
Terms of Use
Nondiscrimination Policy
Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

A Systematic Review of IoT Security: Research Potential, Challenges, and Future Directions

New citation alert added.

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.

New Citation Alert!

Please log in to your account

Information & Contributors

Bibliometrics & citations.

Gómez-Hernández J García-Teodoro P (2024) Lightweight Crypto-Ransomware Detection in Android Based on Reactive Honeyfile Monitoring Sensors 10.3390/s24092679 24 :9 (2679) Online publication date: 23-Apr-2024 https://doi.org/10.3390/s24092679
Minani J Sabir F Moha N Guéhéneuc Y (2024) A Systematic Review of IoT Systems Testing: Objectives, Approaches, Tools, and Challenges IEEE Transactions on Software Engineering 10.1109/TSE.2024.3363611 50 :4 (785-815) Online publication date: Apr-2024 https://doi.org/10.1109/TSE.2024.3363611
Alghamdi A Barsoum A (2024) A Comprehensive IDs to Detect Botnet Attacks Using Machine Learning Techniques 2024 IEEE 3rd International Conference on Computing and Machine Intelligence (ICMI) 10.1109/ICMI60790.2024.10585846 (1-6) Online publication date: 13-Apr-2024 https://doi.org/10.1109/ICMI60790.2024.10585846
Show More Cited By

Index Terms

Security and privacy

Formal methods and theory of security

Intrusion/anomaly detection and malware mitigation

Malware and its mitigation

Recommendations

A top-down survey on securing iot with machine learning: goals, recent advances and challenges.

The Internet of Things (IoT) has seen it all from being just another innovation to a leading technology; it is now a binding force that interconnects various aspects of our lives. The IoT's tremendous growth is driven by emerging applications and evolving ...

IoT Eco-system, Layered Architectures, Security and Advancing Technologies: A Comprehensive Survey

Today almost every person’s life revolves around internet and Internet of Things (IoT). IoT is a paradigm which interconnects devices, people, or networks with the ability to process and respond to any physical or virtual communication without a ...

Industrial Internet of Things enabled technologies, challenges, and future directions

IIoT-enabled technologies, challenges, and future directions are explored.
A blockchain-based cement industry security framework can overcome 51% of security issues.
The performance of major companies depends on well-designed IIoT ...

The Industrial Internet of Things (IIoT) is recognized as the fourth industrial revolution as it enhances productivity, dependability, and competitive performance by concentrating on profitability. IIoT-enabled technologies have been reviewed and ...

Display Omitted

Information

Published in.

University of Sydney, Australia

Association for Computing Machinery

New York, NY, United States

Publication History

Permissions, check for updates, author tags.

Internet of Things (IoT)
IoT architecture
IoT security
IoT security challenges
IoT security goals
IoT security technology
IoT vulnerabilities
Machine Learning (ML)
Cloud Computing
Edge Computing

Funding Sources

Natural Sciences and Engineering Research Council (NSERC) of Canada

Contributors

Other metrics, bibliometrics, article metrics.

4 Total Citations View Citations
1,860 Total Downloads
Downloads (Last 12 months) 1,860
Downloads (Last 6 weeks) 173
Galli A La Gatta V Moscato V Postiglione M Sperlì G (2024) Explainability in AI-based behavioral malware detection systems Computers and Security 10.1016/j.cose.2024.103842 141 :C Online publication date: 1-Jun-2024 https://dl.acm.org/doi/10.1016/j.cose.2024.103842

View Options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

View options.

View or Download as a PDF file.

View online with eReader .

View this article in Full Text.

Share this Publication link

Copying failed.

Share on social media

Affiliations, export citations.

Please download or close your previous search result export first before starting a new bulk export. Preview is not available. By clicking download, a status dialog will open to start the export process. The process may take a few minutes but once it finishes a file will be downloadable from your browser. You may continue to browse the DL while the export process is in progress. Download
Download citation
Copy citation

We are preparing your search results for download ...

We will inform you here when the file is ready.

Your file of search results citations is now ready.

Your search export query has expired. Please try again.

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to upgrade your browser .

We're Hiring!
Help Center

Internet Security

Most Cited Papers
Most Downloaded Papers
Newest Papers
Last »
Network Security Follow Following
Information Security Follow Following
Internet and web security Follow Following
Computer Security Follow Following
World Wide Web Follow Following
Software Security Follow Following
Internet Governance Follow Following
Cyber Security Follow Following
Evarist Galois Follow Following
Analytical Functions Follow Following

Enter the email address you signed up with and we'll email you a reset link.

Academia.edu Journals
We're Hiring!
Help Center
Find new research papers in:
Health Sciences
Earth Sciences
Cognitive Science
Mathematics
Computer Science
Academia ©2024

Venue: Shaw Centre, Ottawa
Registration
Visa and Travel Authorization
Travelling to Ottawa
Getting Around Ottawa
Code of Conduct
Equity, Diversity, and Inclusion Plan
Fun Activities
Sponsorship
Submitting to ICSE2025: Q&A
Recreational Activities
Research Track
SE In Practice (SEIP)
SE in Society (SEIS)
New Ideas and Emerging Results (NIER)
Journal-first Papers
Demonstrations
Artifact Evaluation
Industry Challenge Track
Software Engineering Education
Doctoral Symposium
Tutorials and Technical Briefings
New Faculty Symposium
SRC - ACM Student Research Competition
Student Mentoring Workshop (SMeW)
Co-hosted Conferences
CAIN Research and Experience Papers
CAIN Doctoral Symposium
CAIN Industry Talks
CAIN Posters
CSEE&T Software Engineering Education
FORGE Research Papers
FORGE Industry Papers
FORGE Benchmarking
FORGE Tutorials
FormaliSE : International Conference on Formal Methods in Software Engineering
ICPC Research Track
MOBILESoft Research Track
MSR Data and Tool Showcase Track
MSR Industry Track
MSR Junior PC
MSR Mining Challenge
MSR Technical Papers
MSR Vision and Reflection
SEAMS Research Track
SEAMS Artifact Track
TechDebt Technical Papers
TechDebt Journal First
TechDebt Junior Program Committee
DeepTest Deep Learning <-> Testing
EnCyCriS Cybersecurity of Critical Systems
FTW Flaky Tests
GE@ICSE Gender Equality
Gamify Gamification in Development + V & V
MO2RE Multi-Discip. Requirements Engineering
NSE Neuro-Symbolic SE
Q-SE Quantum SE
RAISE Requirements Engg. for AI-Powered SW
RoSE Robotics Software Engineering
SATrends Software Architecture Trends
SE4ADS SE for Autonomous Driving Systems
SERP4IoT SE for the Internet of Things
SESoS Systems of Systems and Ecosystems
STATIC Advancing Static Analysis
SVM Software Vulnerability Management
ICSE 2025 Committees
Organizing Committee
Track Committees
Program Committee
Student Mentoring Workshop Organizing Committee
Student Mentoring Workshop Steering Committee
Contributors
People Index
Steering Committee
Research and Experience Papers
Industry Talks
Organization Committee
Research Papers
Industry Papers
Benchmarking
Artifact Evaluation Committee
Organization committee
Data and Tool Showcase Track
Industry Track
Mining Challenge
Technical Papers
Vision and Reflection
MIP Award Committee
Artifact Track
Proceedings Chair
Publicity and Web Chair
Organizing committee
N/A - check homepage
Organising Committee
Publicity Chairs
* ICSE 2018 *

SERP4IoT 2025

Call for papers, 7th international workshop on software engineering research & practices for the internet of things, serp4iot 2025, icse 2025, ottawa (canada).

We face a new software crisis. In 1968, computer scientists learned that developing robust software requires skills, methods, and tools. Today, software and hardware engineers realize that developing a robust Internet of Things (IoT) also pushes the states of their art and practice. Recent news illustrate the many problems faced by IoT: from lack of inter-operability to broken updates to massive security attacks. In this context, the International Workshop on Software Engineering Research & Practices for Internet of Things (SERP4IoT) aims to provide a highly interactive forum for researchers and practitioners to address the challenges of, find solutions for, and share experiences with the development, release, and testing of robust software for IoT devices. With the huge success of previous years, and the subsequent success of our special issue on the IEEE IoT Journal, we welcome researchers from all the world to participate in this workshop.

Do not miss it!

Workshop History

SERP4IoT 2019 (Montreal, Canada)
SERP4IoT 2020 (Seoul, South Korea)
SERP4IoT 2021 (Madrid, Spain)
SERP4IoT 2022 (Pittsburgh, PA, USA)
SERP4IoT 2023 (Melbourne, Australia)
SERP4IoT 2024 (Lisbon, Portugal)

Social Media

IoT systems are composed of software systems that enable solutions for device connectivity, device management, data management, application development, and advanced analytics for/from connected IoT systems. Software engineering is vital for IoT to design systems that are secure, interoperable, modifiable, and scalable. However, there is not a consensus of crucial questions like what are the best practices for developing projects for IoT, how to select the best architecture, which communications protocols are the most suitable, and what are the best practices in terms of security.

SERP4IoT 2025 aims to provide a highly interactive forum for researchers and practitioners to address the challenges of, find solutions, and share experiences with the development, release, and testing of robust software for IoT devices. The workshop will consist of keynotes presented by academic experts and practitioners from industry , long- and short-paper presentations, talks, poster sessions, working groups after each lighting session, and a fishbowl panel for semi-structured group discussions at the end of the workshop.

Topics for papers and talks include, but are not limited to:

Software engineering (SE) practices in IoT projects
Software security and reliability in IoT products
Architecture and design models and techniques in IoT projects
Software quality management in IoT projects
Usability aspects in IoT projects
Software development tools, platforms, and environments for IoT Teaching
SE practices in industrial IoT (IIoT) SE practices in domain-specific IoT projects, e.g., smart city, retail, logistics, healthcare, transportation, utilities
SE methods and techniques for IoT projects
Risk and valuation techniques for software development in IoT projects
Big data and analytics in IoT projects
Context-awareness.
Model-based SE for IoT projects
SE practices for IoT projects
Software orchestration for IoT
IoT Communication protocols
Green and eco-friendly software for IoT
Context-aware software for IoT
Local, edge, and cloud based IoT services

Prospective participants, from academy and industry, are invited to submit long (8-pages), short (4-pages) or poster (1-page) papers describing their work or ideas related to the workshop topics. Short and long papers should identify challenges, discuss opposing viewpoints, outline processes, or present solutions related to any aspects of software engineering for IoT. Authors will have the choice to publish or not their papers in pre- and post-proceedings. Submissions must conform to the IEEE conference proceedings template, specified in the IEEE Conference Proceedings Formatting Guidelines . Papers must have a maximum length of 8 pages. It is not possible to pay for extra pages.

Accepted papers and talk abstracts will have between 5 and 10 minutes for presentation.

Submissions should follow ICSE formatting guidelines and should be submitted through EasyChair .

Note: the official publication date of the workshop proceedings is the date the proceedings are made available by IEEE. This date may be up to two weeks prior to the first day of ICSE 2025. The official publication date affects the deadline for any patent filings related to published work.

Mon 11 Nov 2024new
submission deadline

Sun 8 Dec 2024new
acceptance Notification

Rodrigo Morales Organizing Committee

Concordia university.

Rubén Saborido Organizing Committee

Itis software, university of malaga.

Shah Rukh Humayoun Organizing Committee

San francisco state university, united states.

Yann-Gaël Guéhéneuc Organizing Committee

Concordia university and polytechnique montréal.

Majid Babaei Publicity Chair

Mcgill university.

IMAGES

Internet Security IT Research Paper Example
Research Paper Cyber Security IT 104
(PDF) Comprehensive Overview of Security Issues in the Internet and Mobile Applications
STUDY RESEARCH PAPER BASED ON NETWORK SECURITY
Internet safety research papers
Network Security Research Paper

VIDEO

Security Guard Gets Paper Sprayed
AI-Introduction to the Issue
Network Security Research Paper
Hướng dẫn cấu hình Nginx sử dụng Let’s Encrypt trên Ubuntu 18.04
Information Security (18)| Legal and Social Issues in Information Security| by Arfan Shahzad
IoT Security by Design

COMMENTS

Journal of Cybersecurity
Journal of Cybersecurity - Oxford Academic
Cyber security: State of the art, challenges and future directions
Internet security has become an integral part of the development of new technologies, services, and government policies. ... (ML) attacks. In this paper, we discuss the challenges of cyber security, and future research direction including AI, machine learning, and other states of the art techniques used to combat cyber security challenges ...
57585 PDFs
Explore the latest full-text research PDFs, articles, conference papers, preprints and more on INTERNET SECURITY. Find methods information, sources, references or conduct a literature review on ...
Research paper A comprehensive review study of cyber-attacks and cyber
A comprehensive review study of cyber-attacks and ...
A Study of Cyber Security Issues and Challenges
A Study of Cyber Security Issues and Challenges
Cyber risk and cybersecurity: a systematic review of data availability
Cyber risk and cybersecurity: a systematic review of data ...
Artificial intelligence for cybersecurity: Literature review and future
Artificial intelligence for cybersecurity: Literature review ...
(PDF) Cyber Security Threats and Vulnerabilities: A ...
Abstract. There has been a tremendous increase in research in the area of cyber security to support cyber applications and to avoid key security threats faced by these applications. The goal of ...
Journal of Cyber Security Technology
The Journal of Cyber Security Technology is a new journal aimed at publishing World-leading research and is dedicated to being the primary platform for research in all technical areas of cyber security. It will encompass original research and review papers in computer science, electronics, networking, information technology, systems ...
An Overview of Implementation Strategies on Cyber Security
Because of the ubiquitous use of technology and the internet in modern culture, internet safety has become increasingly important. This study paper provides a complete assessment of the present status of cyber security, emphasizing the necessity for good practices and legislation to avoid future cyber-attacks. A detailed examination of cyber security will be offered, concentrating on its ...
A Critical Cybersecurity Analysis and Future Research Directions for
The emergence of the Internet of Things (IoT) technology has brought about tremendous possibilities, but at the same time, it has opened up new vulnerabilities and attack vectors that could compromise the confidentiality, integrity, and availability of connected systems. Developing a secure IoT ecosystem is a daunting challenge that requires a systematic and holistic approach to identify and ...
Internet governance and cyber-security: a systematic literature review
This study aims to uncover the challenges of Internet governing bodies to inform a trajectory for better cybersecurity governance and policy formulation. ... reviewed papers focused on varied issues and overlaps. The power-driven nature of the numerous Internet governing bodies against 14 (20%) of the total included studies calling for some ...
(PDF) A Systematic Literature Review on the Cyber Security
This paper offers a comprehensive overview of current research into cyber security. We commence, section 2 provides the cyber security related work, in section 3, by introducing about cyber security.
Full article: Cybersecurity Deep: Approaches, Attacks Dataset, and
ABSTRACT. Cyber attacks are increasing rapidly due to advanced digital technologies used by hackers. In addition, cybercriminals are conducting cyber attacks, making cyber security a rapidly growing field. Although machine learning techniques worked well in solving large-scale cybersecurity problems, an emerging concept of deep learning (DL ...
Internet of Things (IoT) Cybersecurity Research: A Review of Current
As an emerging technology, the Internet of Things (IoT) revolutionized the global network comprising of people, smart devices, intelligent objects, data, and information. The development of IoT is still in its infancy and many related issues need to be solved. IoT is a unified concept of embedding everything. IoT has a great chance to make the world a higher level of accessibility, integrity ...
(PDF) ADVANCES IN NETWORK SECURITY: A COMPREHENSIVE ...
The methodology adopted in this paper is a review of papers with keywords network security, network attacks and threats and network security measures. The aim of this paper is to critically review ...
A Systematic Review of IoT Security: Research Potential, Challenges
IoT devices are incorporated into various products, ranging from ordinary household items to complex industrial appliances. Despite the increasing demand for IoT, security concerns have impeded its development. This article systematically reviews IoT security research, focusing on vulnerabilities, challenges, technologies, and future directions.
Full article: Online Privacy Breaches, Offline Consequences
Every minute in 2019, Americans used an estimated 4,416,720 GB of Internet data and users performed 4,497,420 Google searches (Domo, Citation 2019). Given the staggering amount of private information shared online, much of the research on informational privacy, not surprisingly, focuses on the Internet.
Internet Security Research Papers
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use.
Network security
The goal of this paper is to communicate an updated perspective of network security for organizations, and researchers in the field and present some recommendations to tackle the current situation of security threats. ... Educational institutes are uploading study materials and research findings over the Internet for the speedy propagation of ...
Security in Internet of Things: Issues, Challenges, and Solutions
Abstract. In the recent past, Internet of Things (IoT) has been a focus of. research. With the great potential of IoT, there comes many types of issues and. challenges. Security is one of the main ...
SERP4IoT 2025
7th International Workshop on Software Engineering Research & Practices for the Internet of Things SERP4IoT 2025, ICSE 2025, Ottawa (Canada) We face a new software crisis. In 1968, computer scientists learned that developing robust software requires skills, methods, and tools. Today, software and hardware engineers realize that developing a robust Internet of Things (IoT) also pushes the ...
Security and privacy in the internet of things
Professor Carsten Maple leads the GCHQ-EPSRC recognised Academic Centre of Excellence in Cyber Security Research at the University of Warwick, where he is Professor of Cyber Systems Engineering and Director of Research in Cyber Security in WMG. Professor Maple has published over 200 peer reviewed papers and is co-author of the UK Security ...
Research Paper on Cyber Security
I.C.S. College, Khed, Ratnagri. Abstract: In the current world that is run by technology and network connections, it is crucial to know what cyber security is. and to be able to use it effectively ...

Cyber risk and cybersecurity: a systematic review of data availability

Cite this article

Similar content being viewed by others

Systematic Review: Cybersecurity Risk Taxonomy

A Survey of Cybersecurity Risk Management Frameworks

Cybersecurity Risk Management Frameworks in the Oil and Gas Sector: A Systematic Literature Review

Introduction

Related work

Methodology

Information sources

Study selection

Data collection process and synthesis of the results

Case datasets

Impact datasets

Cybersecurity datasets

Intrusion detection systems with a focus on IoT

Literature reviews

New datasets

Author information

Corresponding author

Ethics declarations

Additional information

Supplementary Information

Supplementary file1 (PDF 334 kb)

About this article

Share this article

Information

Initiatives

Article Menu

JSmol Viewer

1. Introduction

2. General Design, Components, and Protocols for the Internet of Things

5. Classification of Internet of Things Access Control

5.1.1. Symmetric Ciphering

Share and Cite

Article Metrics

IEEE Account

Purchase Details

Profile Information

A Systematic Review of IoT Security: Research Potential, Challenges, and Future Directions

New Citation Alert!

Information & Contributors

Index Terms

Recommendations

IoT Eco-system, Layered Architectures, Security and Advancing Technologies: A Comprehensive Survey

Industrial Internet of Things enabled technologies, challenges, and future directions

Information

Publication History

Funding Sources

Contributors

View Options

Full Access

Share this Publication link

Share on social media

Internet Security

SERP4IoT 2025

Workshop History

Social Media

Rodrigo Morales Organizing Committee

Rubén Saborido Organizing Committee

Shah Rukh Humayoun Organizing Committee

Yann-Gaël Guéhéneuc Organizing Committee

Majid Babaei Publicity Chair

IMAGES

VIDEO

COMMENTS