pith. sign in

arxiv: 2605.03744 · v1 · submitted 2026-05-05 · 💻 cs.CR

Internet of Things Security: A Survey on Common Attacks

Dalton C\'ezane Gomes Valadares , Luiz Antonio Pereira Silva , Daniel Hindemburg de Miranda Marques , \'Alvaro Alvares de Carvalho C\'esar Sobrinho , Andson Marreiros Balieiro , Mohamed Ahmed Hail , Mohammed B. Alshawki , Kyller Costa Gorg\^onio This is my paper

Pith reviewed 2026-05-07 15:25 UTC · model grok-4.3

classification 💻 cs.CR
keywords IoT securitycommon attacksSTRIDE modelCVSS frameworkvulnerability classesthreat landscapemitigation techniquessecurity survey
0
0 comments X

The pith

A survey maps 28 common IoT attacks to five vulnerability classes using STRIDE classification and CVSS scoring.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper surveys the security risks facing the Internet of Things by describing 28 common attacks, from classic man-in-the-middle exploits to IoT-specific ones like node replication. It applies the STRIDE model to organize threats by their functional impact and the CVSS framework to rate their severity. The attacks are then linked to five foundational vulnerability classes covering process, code, communication, operation, and device weaknesses. This produces a structured view of entry points that adversaries exploit and includes current mitigation approaches plus open research questions. A reader would care because IoT devices now appear in critical settings where these patterns, once recognized, can guide concrete steps toward stronger protections.

Core claim

The paper claims that a multi-dimensional analysis of the IoT threat landscape, built from 28 documented attacks, STRIDE-based functional classification, CVSS-based criticality scores, and an explicit mapping onto five vulnerability classes (Process, Code, Communication, Operation, and Device), yields a clear identification of technical entry points together with mitigation techniques and remaining research gaps.

What carries the argument

The mapping of the 28 attacks onto the five vulnerability classes (Process, Code, Communication, Operation, and Device) performed with the STRIDE model for threat categorization and CVSS for quantitative assessment.

If this is right

  • Security designers can target mitigations at the specific vulnerability class each attack exploits rather than treating threats in isolation.
  • CVSS scores attached to each mapped attack allow prioritization of defenses according to measurable risk in real IoT deployments.
  • The identified research gaps direct future work toward defenses for emerging IoT paradigms such as large-scale smart-city networks.
  • The consolidated mapping supplies both researchers and practitioners with a shared technical reference for evaluating new IoT systems.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same five-class structure could be applied to audit an existing IoT deployment by checking which classes contain open weaknesses.
  • New attacks reported after the survey could be tested for fit within the classes; repeated misfits would indicate the need to revise the taxonomy.
  • The classification approach may transfer to related domains such as industrial control systems or vehicle networks that share similar device constraints.
  • Standardization bodies could use the attack-to-class mapping to define required security controls for each vulnerability type.

Load-bearing premise

The selection of exactly these 28 attacks and these five vulnerability classes fully covers the IoT threat space without major omissions or overlaps that would demand a different grouping.

What would settle it

A substantial set of documented IoT attacks that cannot be assigned to any of the five vulnerability classes without stretching the definitions or that cluster into a sixth distinct class.

Figures

Figures reproduced from arXiv: 2605.03744 by \'Alvaro Alvares de Carvalho C\'esar Sobrinho, Andson Marreiros Balieiro, Dalton C\'ezane Gomes Valadares, Daniel Hindemburg de Miranda Marques, Kyller Costa Gorg\^onio, Luiz Antonio Pereira Silva, Mohamed Ahmed Hail, Mohammed B. Alshawki.

Figure 1
Figure 1. Figure 1: Layered Architecture for IoT Applications. view at source ↗
Figure 2
Figure 2. Figure 2: Threat Model. • Physical hardware interface - Unlike traditional IT assets secured within data centers, many IoT devices are deployed in public or unmonitored environments (e.g., smart streetlights, agricultural sensors). This exposure permits physical adversaries to tamper directly with the hardware. Thus, attackers may capture devices to extract sensitive data from flash memory or perform Node Replicatio… view at source ↗
Figure 3
Figure 3. Figure 3: Frequency of attacks per STRIDE category. view at source ↗
Figure 4
Figure 4. Figure 4: Frequency of attacks per CVSS severity. of sophisticated attack chains, such as backdoor or hijacking, where an adversary achieves total control over the vulnerable system. This multi-dimensional view confirms that IoT security cannot rely on a single defensive layer, as attackers exploit diverse technical entry points across the architecture. B Distribution according to CVSS severity The quantitative asse… view at source ↗
Figure 5
Figure 5. Figure 5: Attacks according to the IoT architectural layers. view at source ↗
read the original abstract

The exponential growth of the Internet of Things (IoT) has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally challenged by significant security risks, primarily due to the inherent computational limitations of devices, lack of standardization, and an expanding attack surface. Given that security is paramount to ensuring trust in these environments, this paper presents a comprehensive survey and a multi-dimensional analysis of the IoT threat landscape. It describes 28 common attacks, ranging from traditional threats, such as Man-in-the-Middle, to specialized IoT exploits, including node replication and skimming. To provide a structured understanding of these risks, we employ the STRIDE model for functional threat classification alongside the CVSS framework for quantitative criticality assessment. Furthermore, the research establishes a robust mapping between these threats and five foundational vulnerability classes (Process, Code, Communication, Operation, and Device), uncovering the specific technical entry points exploited by adversaries. Beyond threat identification, the survey presents state-of-the-art mitigation techniques and discusses emerging paradigms and research gaps, working as a roadmap for future investigation and providing a consolidated technical foundation for both researchers and practitioners aiming to build resilient and secure IoT ecosystems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 3 minor

Summary. The manuscript is a descriptive survey of IoT security threats. It describes 28 common attacks (from traditional ones like Man-in-the-Middle to IoT-specific ones like node replication), classifies them using the STRIDE model, assesses their criticality via the CVSS framework, and maps them to five vulnerability classes (Process, Code, Communication, Operation, and Device). The paper also reviews mitigation techniques and identifies research gaps to serve as a roadmap.

Significance. As a compilation and structured organization of known material using established frameworks (STRIDE and CVSS), the survey can function as a useful reference for researchers and practitioners. The multi-dimensional mapping to vulnerability classes provides a practical lens, though the work introduces no new technical results, derivations, or empirical data. Its value rests on the accuracy and utility of the curation rather than novelty.

major comments (2)
  1. The abstract and introduction claim a 'robust mapping' between the 28 attacks and the five vulnerability classes, yet no explicit selection methodology, inclusion/exclusion criteria, or discussion of potential overlaps/gaps among the classes is provided. This directly affects the defensibility of the central organizational claim.
  2. In the sections applying CVSS, the manuscript does not detail how specific base, temporal, or environmental metrics were assigned to each of the 28 attacks. Without this, the quantitative criticality assessments lack transparency and reproducibility.
minor comments (3)
  1. The abstract refers to 'state-of-the-art mitigation techniques'; the corresponding section should include more recent citations (post-2023) to avoid appearing dated.
  2. Figures showing the STRIDE classification or the vulnerability mapping would benefit from added legends, example attack labels, or improved visual clarity for better reader comprehension.
  3. A brief comparison table or paragraph contrasting this survey's scope and taxonomy with prior IoT security surveys would strengthen the positioning of the contribution.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback and positive overall assessment of our survey. We address the two major comments point by point below, with plans to revise the manuscript for greater transparency.

read point-by-point responses

  1. Referee: The abstract and introduction claim a 'robust mapping' between the 28 attacks and the five vulnerability classes, yet no explicit selection methodology, inclusion/exclusion criteria, or discussion of potential overlaps/gaps among the classes is provided. This directly affects the defensibility of the central organizational claim.

    Authors: The 28 attacks were chosen from prevalent examples in IoT security literature and standards, with mappings assigned by identifying the dominant vulnerability class each attack exploits based on its documented mechanism. We acknowledge the absence of an explicit methodology section. We will add a dedicated subsection describing the literature-based selection criteria, inclusion/exclusion rationale, and a brief analysis of observed overlaps and gaps among the five classes. revision: yes

  2. Referee: In the sections applying CVSS, the manuscript does not detail how specific base, temporal, or environmental metrics were assigned to each of the 28 attacks. Without this, the quantitative criticality assessments lack transparency and reproducibility.

    Authors: The CVSS v3.1 scores were derived from standard interpretations of each attack's exploitability and impact vectors as described in the literature. We agree that explicit metric assignments are needed for reproducibility. In the revised manuscript we will include an appendix table listing the base, temporal, and environmental metric values for all 28 attacks together with concise justifications tied to attack characteristics. revision: yes

Circularity Check

0 steps flagged

No circularity; standard literature survey with no derivations

full rationale

The paper is a descriptive survey compiling 28 known IoT attacks from existing literature, applying the established STRIDE threat model and CVSS scoring framework for classification, and mapping threats to five vulnerability classes (Process, Code, Communication, Operation, Device) as an organizational exercise. No equations, predictions, first-principles derivations, or fitted parameters exist. The abstract and structure present the work as curation and roadmap rather than novel technical claims. No self-citation chains, ansatzes, or renamings reduce any result to its own inputs by construction. The selection of attacks and classes is a reasonable partitioning of known material, not an asserted exhaustive or self-defined partition. This is a self-contained compilation against external benchmarks with no internal circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

This is a literature survey paper. It introduces no free parameters, no new axioms, and no invented entities; it relies entirely on prior published attacks and the established STRIDE and CVSS frameworks.

pith-pipeline@v0.9.0 · 5582 in / 1033 out tokens · 36260 ms · 2026-05-07T15:25:21.411622+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

239 extracted references · 16 canonical work pages

  1. [1]

    Kevin Ashton Invents the Term ‘The Internet of Things

    Jeremy M. Norman - History of Information, “Kevin Ashton Invents the Term ‘The Internet of Things”,” accessed: 2025-06-23. [Online]. Available: https://www.historyofinformation.com/detail.php?id=3411

    2025

  2. [2]

    State of iot 2025: Number of connected iot devices growing 14% to 21.1 billion globally,

    S. Sinha, “State of iot 2025: Number of connected iot devices growing 14% to 21.1 billion globally,” 2025. [Online]. Available: https://iot-analytics.com/number-connected-iot-devices/

    2025

  3. [3]

    Internet of things (iot) market summary,

    Grand View Research, “Internet of things (iot) market summary,” 2024, accessed: 2025-06-23. [Online]. Available: https://www.grandviewresearch.com/industry-analysis/iot-market IEEE, VOL. XXX, NO. XXX, MONTH 202X 25

    2024

  4. [4]

    The internet of things: Catching up to an accelerating opportunity,

    McKinsey & Company, “The internet of things: Catching up to an accelerating opportunity,” 2021, accessed: 2025- 06-23. [Online]. Available: https://www.mckinsey.com/ ∼/ media/mckinsey/business%20functions/mckinsey%20digital/our% 20insights/iot%20value%20set%20to%20accelerate%20through% 202030%20where%20and%20how%20to%20capture%20it/ the-internet-of-things...

    2021

  5. [5]

    Worldwide internet of things spending guide,

    International Data Corporation (IDC), “Worldwide internet of things spending guide,” 2023, accessed: 2025-06-23. [Online]. Available: https://www.idc.com/getdoc.jsp?containerId=prUS50126423

    2023

  6. [6]

    Systematic literature review on the use of trusted execution environments to protect cloud/fog-based internet of things applications,

    D. C. G. Valadares, N. C. Will, J. Caminha, M. B. Perkusich, A. Perku- sich, and K. C. Gorg ˆonio, “Systematic literature review on the use of trusted execution environments to protect cloud/fog-based internet of things applications,”IEEE Access, vol. 9, pp. 80 953–80 969, 2021

    2021

  7. [7]

    Systematic literature review on 5g-iot security aspects,

    D. Valadares, N. Will, ´A. Sobrinho, A. Lima, I. Morais, and D. Santos, “Systematic literature review on 5g-iot security aspects,”Preprints,

  8. [8]

    Available: https://doi.org/10.20944/preprints202311

    [Online]. Available: https://doi.org/10.20944/preprints202311. 0565.v1

    work page doi:10.20944/preprints202311

  9. [9]

    Security challenges and recommen- dations in 5g-iot scenarios,

    D. C. G. Valadares, N. C. Will, ´A. ´A. C. C. Sobrinho, A. C. D. Lima, I. S. Morais, and D. F. S. Santos, “Security challenges and recommen- dations in 5g-iot scenarios,” inAdvanced Information Networking and Applications, L. Barolli, Ed. Cham: Springer International Publishing, 2023, pp. 558–573

    2023

  10. [10]

    Understanding the mirai botnet,

    M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y . Zhou, “Understanding the mirai botnet,” inProceedings of the 26th USENIX Conference on Security Symposium, ser. SEC’17. USA: USE...

    2017

  11. [11]

    The evolution of mirai botnet scans over a six-year period,

    A. Affinito, S. Zinno, G. Stanco, A. Botta, and G. Ventre, “The evolution of mirai botnet scans over a six-year period,”Journal of Information Security and Applications, vol. 79, p. 103629, 2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2214212623002132

    2023

  12. [12]

    Botnets unveiled: A comprehensive survey on evolving threats and defense strategies,

    M. Asadi, M. A. J. Jamali, A. Heidari, and N. J. Navimipour, “Botnets unveiled: A comprehensive survey on evolving threats and defense strategies,”Transactions on Emerging Telecommunications Technologies, vol. 35, no. 11, p. e5056, 2024. [Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10.1002/ett.5056

    work page doi:10.1002/ett.5056 2024

  13. [13]

    Targeted ran- somware: A new cyber threat to edge system of brownfield industrial internet of things,

    M. Al-Hawawreh, F. d. Hartog, and E. Sitnikova, “Targeted ran- somware: A new cyber threat to edge system of brownfield industrial internet of things,”IEEE Internet of Things Journal, vol. 6, no. 4, pp. 7137–7151, 2019

    2019

  14. [14]

    A large-scale empirical analysis of the vulnerabilities introduced by third-party components in iot firmware,

    B. Zhao, S. Ji, J. Xu, Y . Tian, Q. Wei, Q. Wang, C. Lyu, X. Zhang, C. Lin, J. Wu, and R. Beyah, “A large-scale empirical analysis of the vulnerabilities introduced by third-party components in iot firmware,” inProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ser. ISSTA 2022. New York, NY , USA: Association for...

    work page doi:10.1145/3533767.3534366 2022

  15. [15]

    Demystifying security and applications of internet of things,

    V . Choudhary, S. Tanwar, and A. Rana, “Demystifying security and applications of internet of things,” inInternational Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), 2021, pp. 1–5

    2021

  16. [16]

    Challenges and opportunities in mobile network security for vertical applications: A survey,

    A. Sobrinho, M. Vilarim, A. Barbosa, E. Candeia Gurj ˜ao, D. F. S. Santos, D. Valadares, and L. Dias da Silva, “Challenges and opportunities in mobile network security for vertical applications: A survey,”ACM Comput. Surv., vol. 57, no. 2, Nov. 2024. [Online]. Available: https://doi.org/10.1145/3696446

    work page doi:10.1145/3696446 2024

  17. [17]

    [Online]

    FIRST.Org, Inc.,Common Vulnerability Scoring System v4.0: Specification Document, Forum of Incident Response and Security Teams (FIRST), 2026, accessed: 2026-02-12. [Online]. Available: https://www.first.org/cvss/v4.0/specification-document

    2026

  18. [18]

    Security of the internet of things: Vulnerabilities, attacks, and countermeasures,

    I. Butun, P. ¨Osterberg, and H. Song, “Security of the internet of things: Vulnerabilities, attacks, and countermeasures,”IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616–644, 2019

    2019

  19. [19]

    A survey of iot security based on a layered architecture of sensing and data analysis,

    H. Mrabet, S. Belguith, A. Alhomoud, and A. Jemai, “A survey of iot security based on a layered architecture of sensing and data analysis,” Sensors, vol. 20, no. 13, p. 3625, 2020

    2020

  20. [20]

    Internet of things: Evolution, concerns and security challenges,

    P. Malhotra, Y . Singh, P. Anand, D. K. Bangotra, P. K. Singh, and W.-C. Hong, “Internet of things: Evolution, concerns and security challenges,” Sensors, vol. 21, no. 5, p. 1809, 2021

    2021

  21. [21]

    Detecting cybersecurity attacks in internet of things using artificial intelligence methods: A systematic literature review,

    M. Abdullahi, Y . Baashar, H. Alhussian, A. Alwadain, N. Aziz, L. F. Capretz, and S. J. Abdulkadir, “Detecting cybersecurity attacks in internet of things using artificial intelligence methods: A systematic literature review,”Electronics, vol. 11, no. 2, p. 198, 2022

    2022

  22. [22]

    Internet of things (iot) security with blockchain technology: A state-of-the-art review,

    A. A. Khan, A. A. Laghari, Z. A. Shaikh, Z. Dacko-Pikiewicz, and S. Kot, “Internet of things (iot) security with blockchain technology: A state-of-the-art review,”IEEE Access, vol. 10, pp. 122 679–122 695, 2022

    2022

  23. [23]

    Cve based classification of vulner- able iot systems,

    G. J. Blinowski and P. Piotrowski, “Cve based classification of vulner- able iot systems,” inInternational Conference on Dependability and Complex Systems. Springer, 2020, pp. 82–93

    2020

  24. [24]

    Introduction of security and privacy issues for iot and wsn,

    F. K. Oluwalola and D. Oluyemi, “Introduction of security and privacy issues for iot and wsn,” inSecurity and Privacy Issues for IoT and WSN-based Real-time Applications. Chapman and Hall/CRC, 2025, pp. 1–14

    2025

  25. [25]

    Anomaly based network intrusion detection for iot attacks using deep learning technique,

    B. Sharma, L. Sharma, C. Lal, and S. Roy, “Anomaly based network intrusion detection for iot attacks using deep learning technique,” Computers and Electrical Engineering, vol. 107, p. 108626, 2023

    2023

  26. [26]

    Machine learning and deep learning techniques for internet of things network anomaly detection—current research trends,

    S. H. Rafique, A. Abdallah, N. S. Musa, and T. Murugan, “Machine learning and deep learning techniques for internet of things network anomaly detection—current research trends,”Sensors, vol. 24, no. 6, p. 1968, 2024

    1968

  27. [27]

    Anomaly detection of zero-day attacks based on cnn and regularization techniques,

    B. Ibrahim Hairab, H. K. Aslan, M. S. Elsayed, A. D. Jurcut, and M. A. Azer, “Anomaly detection of zero-day attacks based on cnn and regularization techniques,”Electronics, vol. 12, no. 3, p. 573, 2023

    2023

  28. [28]

    Federated-learning-based anomaly detection for iot security attacks,

    V . Mothukuri, P. Khare, R. M. Parizi, S. Pouriyeh, A. Dehghantanha, and G. Srivastava, “Federated-learning-based anomaly detection for iot security attacks,”IEEE Internet of Things Journal, vol. 9, no. 4, pp. 2545–2554, 2021

    2021

  29. [29]

    Fedlabx: a practical and privacy-preserving framework for federated learning,

    Y . Yan, M. B. Alshawki, M. Zoltay, M. Gal, R. Hollos, Y . Jin, L. Peter, and A. Tenyi, “Fedlabx: a practical and privacy-preserving framework for federated learning,”Complex & Intelligent Systems, vol. 10, no. 1, pp. 677–690, 2024

    2024

  30. [30]

    A deep reinforcement learning approach for anomaly network intrusion detection system,

    Y .-F. Hsu and M. Matsuoka, “A deep reinforcement learning approach for anomaly network intrusion detection system,” in2020 IEEE 9th international conference on cloud networking (CloudNet). IEEE, 2020, pp. 1–6

    2020

  31. [31]

    Intrusion detection and big heterogeneous data: a survey,

    R. Zuech, T. M. Khoshgoftaar, and R. Wald, “Intrusion detection and big heterogeneous data: a survey,”Journal of Big Data, vol. 2, no. 1, p. 3, 2015

    2015

  32. [32]

    Blockchain-based multi-factor authentication: A systematic literature review,

    M. S. Almadani, S. Alotaibi, H. Alsobhi, O. K. Hussain, and F. K. Hussain, “Blockchain-based multi-factor authentication: A systematic literature review,”Internet of Things, vol. 23, p. 100844, 2023

    2023

  33. [33]

    A survey on blockchain-based trust management for internet of things,

    Y . Liu, J. Wang, Z. Yan, Z. Wan, and R. J ¨antti, “A survey on blockchain-based trust management for internet of things,”IEEE in- ternet of Things Journal, vol. 10, no. 7, pp. 5898–5922, 2023

    2023

  34. [34]

    Privacy-preserving blockchain technologies,

    D. C. G. Valadares, A. Perkusich, A. F. Martins, M. B. Alshawki, and C. Seline, “Privacy-preserving blockchain technologies,”Sensors, vol. 23, no. 16, p. 7172, 2023

    2023

  35. [35]

    A comparative analysis of dag-based blockchain architectures,

    H. Pervez, M. Muneeb, M. U. Irfan, and I. U. Haq, “A comparative analysis of dag-based blockchain architectures,” in2018 12th Interna- tional conference on open source systems and technologies (ICOSST). IEEE, 2018, pp. 27–34

    2018

  36. [36]

    Blockchain-enabled gdpr compliance enforcement for iiot data access,

    A. Isazade, A. Malik, and M. B. Alshawki, “Blockchain-enabled gdpr compliance enforcement for iiot data access,”Journal of Cybersecurity and Privacy, vol. 5, no. 4, p. 84, 2025

    2025

  37. [37]

    A distributed approach based on catboost, blockchain and edge computing for iot security,

    M. Douiba, C. Hazman, A. Guezzaz, S. Benkirane, M. Azrour, and B. Bipin Nair, “A distributed approach based on catboost, blockchain and edge computing for iot security,” inReliability in Cyber-Physical Systems: The Human Factor Perspective. Springer, 2026, pp. 83–91

    2026

  38. [38]

    Analysis of security vulnerabilities for iot devices

    H.-H. Kim and J. Yoo, “Analysis of security vulnerabilities for iot devices.”Journal of Information Processing Systems, vol. 18, no. 4, 2022

    2022

  39. [39]

    Exploiting memory corruption vulnerabilities in connman for iot devices,

    K. V . English, I. Obaidat, and M. Sridhar, “Exploiting memory corruption vulnerabilities in connman for iot devices,” in2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2019, pp. 247–255

    2019

  40. [40]

    An empirical study of high- risk vulnerabilities in iot systems,

    X. Chen, C. Yang, Y . Nan, and Z. Zheng, “An empirical study of high- risk vulnerabilities in iot systems,”IEEE Internet of Things Journal, vol. 12, no. 2, pp. 1590–1601, 2024

    2024

  41. [41]

    Privacy threats and countermeasures in federated learning for internet of things: A systematic review,

    A. ElZemity and B. Arief, “Privacy threats and countermeasures in federated learning for internet of things: A systematic review,” in2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress ...

    2024

  42. [42]

    V oicelistener: A training-free and universal eavesdropping attack on built-in speakers of mobile devices,

    L. Wang, M. Chen, L. Lu, Z. Ba, F. Lin, and K. Ren, “V oicelistener: A training-free and universal eavesdropping attack on built-in speakers of mobile devices,”Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., vol. 7, no. 1, Mar. 2023. [Online]. Available: https://doi.org/10.1145/3580789 IEEE, VOL. XXX, NO. XXX, MONTH 202X 26

    work page doi:10.1145/3580789 2023

  43. [43]

    An analytical study on eavesdropping attacks in wireless nets of things,

    X. Li, H. Wang, H.-N. Dai, Y . Wang, and Q. Zhao, “An analytical study on eavesdropping attacks in wireless nets of things,”Mobile Information Systems, vol. 2016, no. 1, p. 4313475,

    2016

  44. [44]

    Available: https://onlinelibrary.wiley.com/doi/abs/10

    [Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10. 1155/2016/4313475

    2016

  45. [45]

    A survey of existing attacks on 5g sa,

    M. Gong, Z. Wei, S. Chen, W. Yu, and F. Wang, “A survey of existing attacks on 5g sa,”Computer Networks, vol. 270, no. 1, 2025

    2025

  46. [46]

    Noise-based active defense strategy for mitigating eavesdropping threats in internet of things environments,

    A. Farraj and E. Hammad, “Noise-based active defense strategy for mitigating eavesdropping threats in internet of things environments,” Computers, vol. 14, no. 1, 2025

    2025

  47. [47]

    Security analy- sis and defense of multi-encoding mechanism against eavesdropping attacks,

    J. Wang, W. Yang, G. Chen, J. Zhou, and W. Ding, “Security analy- sis and defense of multi-encoding mechanism against eavesdropping attacks,”IEEE Transactions on Network Science and Engineering, vol. 12, no. 5, pp. 3758–3769, 2025

    2025

  48. [48]

    Security vulnerabilities of internet of things: A case study of the smart plug system,

    Z. Ling, J. Luo, Y . Xu, C. Gao, K. Wu, and X. Fu, “Security vulnerabilities of internet of things: A case study of the smart plug system,”IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1899– 1909, 2017

    1909

  49. [49]

    Ciciot2023: A real-time dataset and benchmark for large-scale attacks in iot environment,

    E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, “Ciciot2023: A real-time dataset and benchmark for large-scale attacks in iot environment,”Sensors, vol. 23, no. 13, 2023. [Online]. Available: https://www.mdpi.com/1424-8220/23/13/5941

    2023

  50. [50]

    Multi-factor credential hashing for asymmetric brute-force attack resistance,

    V . Nair and D. Song, “Multi-factor credential hashing for asymmetric brute-force attack resistance,” in2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), 2023, pp. 56–72

    2023

  51. [51]

    Brute-force attack mitigation on remote access services via software-defined perimeter,

    F. A. Ruambo, E. E. Masanga, B. Lufyagila, A. A. Ateya, A. A. Abd El- Latif, M. Almousa, and B. Abd-El-Atty, “Brute-force attack mitigation on remote access services via software-defined perimeter,”Sci Rep, 2025

    2025

  52. [52]

    Distributed denial of service attacks and its defenses in iot: a survey,

    M. M. Salim, S. Rathore, and J. H. Park, “Distributed denial of service attacks and its defenses in iot: a survey,”J. Supercomput., vol. 76, no. 7, p. 5320–5363, Jul. 2020. [Online]. Available: https://doi.org/10.1007/s11227-019-02945-z

    work page doi:10.1007/s11227-019-02945-z 2020

  53. [53]

    Distributed denial of service attack prediction: Challenges, open issues and opportunities,

    A. B. de Neira, B. Kantarci, and M. Nogueira, “Distributed denial of service attack prediction: Challenges, open issues and opportunities,” Computer Networks, vol. 222, p. 109553, 2023

    2023

  54. [54]

    A survey on botnets: Incentives, evolution, detection and current trends,

    S. N. Thanh Vu, M. Stege, P. I. El-Habr, J. Bang, and N. Dragoni, “A survey on botnets: Incentives, evolution, detection and current trends,” Future Internet, vol. 13, no. 8, p. 198, 2021

    2021

  55. [55]

    Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ml,

    R. U. Rasool, H. F. Ahmad, W. Rafique, A. Qayyum, and J. Qadir, “Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ml,”Journal of Network and Computer Applications, vol. 201, p. 103332, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S1084804522000017

    2022

  56. [56]

    A comprehensive survey on ddos attacks detection & mitigation in sdn-iot network,

    C. Singh and A. K. Jain, “A comprehensive survey on ddos attacks detection & mitigation in sdn-iot network,”e-Prime - Advances in Electrical Engineering, Electronics and Energy, vol. 8, p. 100543, 2024. [Online]. Available: https://www.sciencedirect.com/ science/article/pii/S2772671124001256

    2024

  57. [57]

    A taxonomy of ddos attack mitigation approaches featured by sdn technologies in iot scenarios,

    F. S. Dantas Silva, E. Silva, E. P. Neto, M. Lemos, A. J. Venancio Neto, and F. Esposito, “A taxonomy of ddos attack mitigation approaches featured by sdn technologies in iot scenarios,”Sensors, vol. 20, no. 11, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/ 20/11/3078

    2020

  58. [58]

    Distributed denial of service attacks,

    F. Lau, S. Rubin, M. Smith, and L. Trajkovic, “Distributed denial of service attacks,” inSmc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. ’cybernetics evolving to systems, humans, organizations, and their complex inter- actions’ (cat. no.0, vol. 3, 2000, pp. 2275–2280 vol.3

    2000

  59. [59]

    Enhancing iot defenses against radio jamming: Insights from a thread testbed case study,

    P. Yadav, A. Moulds, and P. Gillingham, “Enhancing iot defenses against radio jamming: Insights from a thread testbed case study,” inProceedings of the 18th European Workshop on Systems Security, ser. EuroSec’25. New York, NY , USA: Association for Computing Machinery, 2025, p. 18–25. [Online]. Available: https://doi.org/10.1145/3722041.3723096

    work page doi:10.1145/3722041.3723096 2025

  60. [60]

    Lorawan sensitivity analysis and prevention strategies against wireless dos attacks,

    N. Prasad and P. Lynggaard, “Lorawan sensitivity analysis and prevention strategies against wireless dos attacks,”Wireless Personal Communications, vol. 126, no. 4, pp. 3663–3675, 2022. [Online]. Available: https://doi.org/10.1007/s11277-022-09884-8

    work page doi:10.1007/s11277-022-09884-8 2022

  61. [61]

    Real-time jamming detection in wireless iot networks,

    F. T. Zahra, Y . S. Bostanci, and M. Soyturk, “Real-time jamming detection in wireless iot networks,”IEEE Access, vol. 11, pp. 70 425– 70 442, 2023

    2023

  62. [62]

    Intelligent jamming-aware routing in multi-hop iot-based opportunistic cognitive radio networks,

    H. B. Salameh, S. Otoum, M. Aloqaily, R. Derbas, I. A. Ridhawi, and Y . Jararweh, “Intelligent jamming-aware routing in multi-hop iot-based opportunistic cognitive radio networks,”Ad Hoc Networks, vol. 98, p. 102035, 2020. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1570870519306365

    2020

  63. [63]

    Jamming attacks and anti-jamming strategies in wireless networks: A comprehensive survey,

    H. Pirayesh and H. Zeng, “Jamming attacks and anti-jamming strategies in wireless networks: A comprehensive survey,”IEEE Communications Surveys & Tutorials, vol. 24, no. 2, pp. 767–809, 2022

    2022

  64. [64]

    Security in internet of things: A review,

    N. A. Khan, A. Awang, and S. A. A. Karim, “Security in internet of things: A review,”IEEE Access, vol. 10, pp. 104 649–104 670, 2022

    2022

  65. [65]

    Detecting denial of sleep attacks by analysis of wireless sensor networks and the internet of things,

    R. Jenifer and V . Prakash, “Detecting denial of sleep attacks by analysis of wireless sensor networks and the internet of things,”The Scientific Temper, vol. 14, no. 04, pp. 1412–1418, 2023

    2023

  66. [66]

    Wireless sensor network denial of sleep attack,

    M. Brownfield, Y . Gupta, and N. Davis, “Wireless sensor network denial of sleep attack,” inProceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, 2005, pp. 356–364

    2005

  67. [67]

    A generation of dataset towards an anomaly-based intrusion detection system to detect denial of sleep attacks in internet of things (iot),

    I. Dissanayake, H. D. Weerasinghe, and A. Welhenge, “A generation of dataset towards an anomaly-based intrusion detection system to detect denial of sleep attacks in internet of things (iot),” in2022 22nd International Conference on Advances in ICT for Emerging Regions (ICTer), 2022, pp. 092–097

    2022

  68. [68]

    A comprehensive study of security of internet-of-things,

    A. Mosenia and N. K. Jha, “A comprehensive study of security of internet-of-things,”IEEE Transactions on Emerging Topics in Com- puting, vol. 5, no. 4, pp. 586–602, 2017

    2017

  69. [69]

    Anatomy of attacks on iot systems: review of attacks, impacts and countermeasures,

    M. Msgna, “Anatomy of attacks on iot systems: review of attacks, impacts and countermeasures,”Journal of Surveillance, Security and Safety, vol. 3, no. 4, 2022. [Online]. Available: https://www.oaepublish.com/articles/jsss.2022.07

    2022

  70. [70]

    A framework for automating security analysis of the internet of things,

    M. Ge, J. B. Hong, W. Guttmann, and D. S. Kim, “A framework for automating security analysis of the internet of things,”Journal of Network and Computer Applications, vol. 83, pp. 12–27, 2017. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S1084804517300541

    2017

  71. [71]

    Assessing iot enabled cyber-physical attack paths against critical systems,

    I. Stellios, P. Kotzanikolaou, and C. Grigoriadis, “Assessing iot enabled cyber-physical attack paths against critical systems,” Computers & Security, vol. 107, p. 102316, 2021. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404821001401

    2021

  72. [72]

    A study on the digital forensic investigation method of clever malware in iot devices,

    D. Kim, Y . Pan, and J. H. Park, “A study on the digital forensic investigation method of clever malware in iot devices,”IEEE Access, vol. 8, pp. 224 487–224 499, 2020

    2020

  73. [73]

    Phishing mitigation techniques: A literature survey,

    W. P. Nmachi and T. Win, “Phishing mitigation techniques: A literature survey,”Internetional Journal of Network Security and its Applications, 2021

    2021

  74. [74]

    Phishing detection: A literature survey,

    M. Khonji, Y . Iraqi, and A. Jones, “Phishing detection: A literature survey,”IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2091–2121, 2013

    2091

  75. [75]

    5g security threat landscape, ai and blockchain,

    M. N. Alanazi, “5g security threat landscape, ai and blockchain,” Wireless Pers Commun, vol. 133, no. 1, p. 1467–1482, 2023

    2023

  76. [76]

    Truck platoon security: State-of- the-art and road ahead,

    A. Ghosal, S. U. Sagong, S. Halder, K. Sahabandu, M. Conti, R. Poovendran, and L. Bushnell, “Truck platoon security: State-of- the-art and road ahead,”Computer Networks, vol. 185, no. 1, 2021

    2021

  77. [77]

    Hijacking spoofing attack and defense strategy based on internet tcp sessions,

    Y . Wang and J. Chen, “Hijacking spoofing attack and defense strategy based on internet tcp sessions,” in2013 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA), 2013, pp. 507–509

    2013

  78. [78]

    Group key management in internet of things: A systematic literature review,

    F. Samiullah, M.-L. Gan, S. Akleylek, and Y . Aun, “Group key management in internet of things: A systematic literature review,”IEEE Access, vol. 11, pp. 77 464–77 491, 2023

    2023

  79. [79]

    Diffie-Hellman picture show: Key exchange stories from commercial V oWiFi deployments,

    G. K. Gegenhuber, F. Holzbauer, P. ´E. Frenzel, E. Weippl, and A. Dabrowski, “Diffie-Hellman picture show: Key exchange stories from commercial V oWiFi deployments,” in33rd USENIX Security Symposium (USENIX Security 24). Philadelphia, PA: USENIX Association, Aug. 2024, pp. 451–468. [Online]. Available: https:// www.usenix.org/conference/usenixsecurity24/p...

    2024

  80. [80]

    Physical layer spoofing attack detection in mmwave massive mimo 5g networks,

    W. Li, N. Wang, L. Jiao, and K. Zeng, “Physical layer spoofing attack detection in mmwave massive mimo 5g networks,”IEEE Access, vol. 9, pp. 60 419–60 432, 2021

    2021

Showing first 80 references.