Abstract
Inspired by the massive surge of interest in the Internet of Things (IoT), this work focuses on the kinetics of its security. By automating everything, starting from baby monitors to life-saving medical devices, IoT brought convenience to people’s lives and rapidly became a trillion-dollar industry. However, the future of IoT will be decided on how its security and privacy concerns are dealt with. It is a fact that at present, the security of IoT is lacking in coherent and logical perspectives. For example, the researchers do not adequately accommodate the uncertainty and insider attacks while developing the IoT security procedures, even though most security concerns related to IoT arise from an insider and uncertain habitat. This paper provides a critical analysis of the most recent and relevant state-of-art methods of IoT security and identifies the parameters that are crucial for any security posture in IoT. Considering all the intricate details of IoT environments, this work proposes a Generic and Lightweight Security mechanism for detecting malicious behavior in the uncertain IoT using a Fuzzy Logic- and Fog-based approach (GLSF2IoT). It is developed on the principle of “zero trust,” i.e., trust nothing and treat everything as hostile. While Fuzzy Logic has been used to remove uncertainties, the Fog-IoT architecture makes GLSF2IoT inherently better than the cloud-IoT. Once the malicious activity is detected, GLSF2IoT automatically limits the network access against the IoT device that initiated this activity, preventing it from targeting other devices. We evaluated GLSF2IoT for blackhole, selective forward, collusion and DDoS attacks, i.e., attacks which can invalidate any IoT architecture. Besides yielding better accuracy results than the existing benchmarks, we found that GLSF2IoT puts extremely low pressure on the constrained nodes, is scalable, supports heterogeneity, and uncertainty of the IoT environments.
Similar content being viewed by others
References
Serror M, Hack S, Henze M, Schuba M, Wehrle K (2020) Challenges and opportunities in securing the industrial Internet of Things. IEEE Trans Ind Inf 17(5):2985–2996
Al-Garadi MA, Mohamed A, Al-Ali A, Du X, Ali I, Guizani M (2020) A survey of machine and deep learning methods for Internet of Things (IoT) security. IEEE Commun Surv Tutor 22(3):1646–1685
Zahra SR, Chishti MA (2019) Assesing the services, security threaths, challenges and solutions in the Internet of Things. Scal Comput: Pract Exp 20(3):457–484
Arbuckle A (2020) Addressing IoT device security head-on. https://www.securityweek.com/addressing-iot-device-security-head. Accessed 20 Nov 2020
National Law Review (2020) Buyer beware: the Internet of Things comes under new cyber attack from multiple fronts. https://www.natlawreview.com/article/buyer-beware-internet-things-comes-under-new-cyber-attack-multiple-fronts. Accessed 18 Dec 2020
Burke M (2020) Man hacks RING camera in 8-year-old girl's bedroom, taunts her: 'I'm Santa Claus'. https://www.nbcnews.com/news/us-news/man-hacks-ring-camera-8-year-old-girl-s-bedroom-n1100586. Accessed 20 Dec 2020
Hanrahan M (2020) Ring security camera hacks see homeowners subjected to racial abuse, ransom demands. https://abcnews.go.com/US/ring-security-camera-hacks-homeowners-subjected-racial-abuse/story?id=67679790#:~:text=Ring%20camera%20systems%20being%20hacked,-Multiple%20U.S.%20families&text=Owners%20of%20Ring%20security%20cameras,demanded%20a%20ransom%20in%20Bitcoin. Accessed 20 Dec 2020
Fier J (2020) Smart, or not so smart? What the ring hacks tell Us about the future of IoT. https://www.securityweek.com/smart-or-not-so-smart-what-ring-hacks-tell-us-about-future-iot. Accessed 21 December 2020
Haji S (2020) Essential IIoT security trends for 2020. https://www.securityweek.com/essential-iiot-security-trends-2020. Accessed 23 Dec 2020
Ballard B (2020) Millions of smart devices could still have major security flaws. https://www.techradar.com/in/news/millions-of-smart-devices-could-still-have-major-security-flaws. Accessed 26 Dec 2020
Holst A (2021) Global IoT end-user spending worldwide 2017–2025. https://www.statista.com/statistics/976313/global-iot-market-size/#:~:text=The%20global%20market%20for%20Internet,around%201.6%20trillion%20by%202025. Accessed 05 Jan 2021
Verified Market Research (2021) Internet of Things (IoT) Market worth $1319.08 Billion, Globally, by 2026 at 25.68% CAGR: verified market research. https://www.prnewswire.com/news-releases/internet-of-things-iot-market-worth-1319-08-billion-globally-by-2026-at-25-68-cagr-verified-market-research-301092982.html. Accessed 06 January 2021
Matthews K (2021) What do IoT hacks cost the economy? https://www.iotforall.com/iot-hacks-cost#:~:text=Attacks%20Damage%20Revenue&text=The%20survey%20polled%20approximately%20400,13.4%20percent%20of%20annual%20revenue. Accessed 08 Jan 2021
Kleinman L (2021) Attack from DOS: in zero we trust. https://securitybrief.co.nz/story/attack-from-dos-in-zero-we-trust. Accessed 10 Jan 2021
Ponemon Institute (2021) 2018 Cost of insider threats: global. https://www.insiderthreatdefense.us/pdf/Ponemon%20Institute%202018%20Report%20-%20The%20True%20Cost%20Of%20Insider%20Threats%20Revealed.pdf. Accessed 12 Jan 2021
Zahra SR, Chishti MA (2020) Fuzzy logic and fog based secure architecture for Internet of Things (FLFSIoT). J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-020-02128-2
Zadeh LA (1975) Fuzzy logic and approximate reasoning. Synthese 30(3–4):407–428
SOS children’s villages Canada (2020) Poverty in India: two-third of people are considered extremely poor. https://www.soschildrensvillages.ca/news/poverty-in-india602#:~:text=Two%2Dthirds%20of%20people%20in,they%20are%20considered%20extremely%20poor. Accessed 22 Dec 2020
Zadeh LA (1988) Fuzzy logic. Computer 21(4):83–93
TM Forum (2020) 70 percent of IoT devices ‘vulnerable to attack’. https://inform.tmforum.org/news/2014/07/70-percent-iot-devices-vulnerable-attack/. Accessed 27 Dec 2020
Zadeh LA (1965) Fuzzy sets. Inf Control 8(3):338–353
Dzitac I, Filip FG, Manolescu MJ (2017) Fuzzy logic is not fuzzy: world-renowned computer scientist Lotfi A. Zadeh. Int J Comput Commun Control 12(6):748–89
Zadeh LA (1999) From computing with numbers to computing with words. From manipulation of measurements to manipulation of perceptions. IEEE Trans Circuits Syst I: Fundam Theor Appl 46(1):105–19
Zadeh LA (2001) A new direction in AI: toward a computational theory of perceptions. AI Mag 22(1):73–73
Mathur A, Newe T, Rao M (2016) Defence against black hole and selective forwarding attacks for medical WSNs in the IoT. Sensors 16(1):118
Seyedi B, Fotohi R (2020) NIASHPT: a novel intelligent agent-based strategy using hello packet table (HPT) function for trust Internet of Things. The J Supercomput 76(9):1–24
Mabodi K, Yusefi M, Zandiyan S, Irankhah L, Fotohi R (2020) Multi-level trust-based intelligence schema for securing of internet of things (IoT) against security threats using cryptographic authentication. J Supercomput: 1–26.
Vijayakumar P, Chang V, Deborah LJ, Balusamy B, Shynu PG (2018) Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks. Futur Gener Comput Syst 78:943–955
Yaseen Q, Jararweh Y, Al-Ayyoub M, AlDwairi M (2017) Collusion attacks in internet of things: detection and mitigation using a fog based model. In: 2017 IEEE sensors applications symposium (SAS). IEEE. pp. 1–5
Ouechtati H, Azzouna NB, Said LB (2019) A fuzzy logic based trust-ABAC model for the Internet of Things. In: International conference on advanced information networking and applications. Springer, Cham. pp. 1157–1168
Srinivas TA, Manivannan SM (2020) Preventing collaborative black hole attack in IoT construction using a CBHA–AODV routing protocol. Int J Grid High Perform Comput (IJGHPC) 12(2):25–46
Qureshi KN, Rana SS, Ahmed A, Jeon G (2020) A novel and secure attacks detection framework for smart cities industrial internet of things. Sustain Cities Soc 61:102343
Ribera EG, Alvarez BM, Samuel C, Ioulianou PP, Vassilakis VG (2020) Heartbeat-based detection of blackhole and greyhole attacks in RPL networks. In: 2020 12th international symposium on communication systems, networks and digital signal processing (CSNDSP). IEEE. pp. 1–6
Raza S, Wallgren L, Voigt T (2013) SVELTE: real-time intrusion detection in the Internet of Things. Ad Hoc Netw 11(8):2661–2674
Arshad J, Azad MA, Abdeltaif MM, Salah K (2020) An intrusion detection framework for energy constrained IoT devices. Mech Syst Sign Process 136:106436
Rathore S, Park JH (2018) Semi-supervised learning based distributed attack detection framework for IoT. Appl Soft Comput 72:79–89
Haripriya AP, Kulothungan K (2019) Secure-MQTT: an efficient fuzzy logic-based approach to detect DoS attack in MQTT protocol for internet of things. EURASIP J Wirel Commun Netw 2019(1):90
Velliangiri S, Pandey HM (2020) Fuzzy-Taylor-elephant herd optimization inspired deep belief network for DDoS attack detection and comparison with state-of-the-arts algorithms. Fut Gener Comput Syst 110:80–90
Yang Y, Zheng X, Liu X, Zhong S, Chang V (2018) Cross-domain dynamic anonymous authenticated group key management with symptom-matching for e-health social system. Futur Gener Comput Syst 84:160–176
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Smith B (2020) A moment of reckoning: the need for a strong and global cybersecurity response. https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/. Accessed 28 Dec 2020
Yi J, Kim S, Kim J, Choi S (2020) Supremo: cloud-assisted low-latency super-resolution in mobile devices. IEEE Trans Mobile Comput. https://doi.org/10.1109/TMC.2020.3025300
Kamgueu PO, Nataf E, Djotio TN (2015) On design and deployment of fuzzy-based metric for routing in low-power and lossy networks. In: 2015 IEEE 40th local computer networks conference workshops (LCN Workshops). IEEE. pp. 789–795
Moudni H, Er-rouidi M, Mouncif H, El Hadadi B (2019) Black hole attack detection using fuzzy based intrusion detection systems in MANET. Procedia Comput Sci 151:1176–1181
Khalil I, Bagchi S (2010) Stealthy attacks in wireless ad hoc networks: detection and countermeasure. IEEE Trans Mob Comput 10(8):1096–1112
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768
Moteiv (2020) Tmote Sky. https://insense.cs.st-andrews.ac.uk/files/2013/04/tmote-sky-datasheet.pdf. Accessed 15 Nov 2020
Advancare SL (2020) Zolertia. http://zolertia.sourceforge.net/wiki/images/e/e8/Z1_RevC_Datasheet.pdf. Accessed 17 November 2020
Sabireen H, Neelanarayanan V (2021) A review on fog computing: architecture, fog with IoT. Algoritm Res Chall ICT Expr 7(2):162–176
Habibi P, Farhoudi M, Kazemian S, Khorsandi S, Leon-Garcia A (2020) Fog computing: a comprehensive architectural survey. IEEE Access 8:69105–69133
Ijaz M, Li G, Lin L, Cheikhrouhou O, Hamam H, Noor A (2021) Integration and applications of fog computing and cloud computing based on the Internet of Things for provision of healthcare services at home. Electronics 10(9):1077
Cao K, Liu Y, Meng G, Sun Q (2020) An overview on edge computing research. IEEE Access 8:85714–85728
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The author’s declared that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zahra, S.R., Chishti, M.A. A generic and lightweight security mechanism for detecting malicious behavior in the uncertain Internet of Things using fuzzy logic- and fog-based approach. Neural Comput & Applic 34, 6927–6952 (2022). https://doi.org/10.1007/s00521-021-06823-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-021-06823-9