See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/358903901

A Review on Intrusion Detection Systems to Secure IoT Networks

Article in International Journal of Computer Networks And Applications · February 2022

DOI: 10.22247/ijcna/2022/211599

CITATIONS READS
9 3,357

2 authors, including:

Dr A Arul Anitha
Jayaraj Annapacikam College for Women (Autonomous) Periyakulam
9 PUBLICATIONS 60 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

rank attack in RPL View project

Attack Detection in IoT View project

All content following this page was uploaded by Dr A Arul Anitha on 28 February 2022.

The user has requested enhancement of the downloaded file.

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE

A Review on Intrusion Detection Systems to Secure

IoT Networks
A. Arul Anitha
Department of Computer Science, St. Joseph’s College (Autonomous) (Affiliated to Bharathidasan University),
Tiruchirappalli, Tamil Nadu, India
[email protected]

L. Arockiam
Department of Computer Science, St. Joseph’s College (Autonomous) (Affiliated to Bharathidasan University),
Tiruchirappalli, Tamil Nadu, India
[email protected]

Received: 23 November 2021 / Revised: 08 January 2022 / Accepted: 13 January 2022 / Published: 28 February 2022

Abstract – The Internet of Things (IoT) and its rapid been developed without considering the fundamental security
advancements will lead to everything being connected in the near requirements [3].
future. The number of devices connected to the global network is
increasing every day. IoT security challenges arise as a result of The tools and techniques available for securing the IoT are
the large-scale incorporation of smart devices. Security issues on inadequate because of the large number of interconnected
the Internet of Things have been the most focused area of devices. Moreover, the security mechanisms based on
research over the last decade. As IoT devices have less memory, cryptography are mainly used to prevent external attacks such
processing capacity, and power consumption, the traditional as eavesdropping and message alternation. When the
security mechanisms are not suitable for IoT. A security cryptographic techniques hold the valid key and are
mechanism called an Intrusion Detection System (IDS) has a
crucial role in protecting the IoT nodes and networks. The
compromised by the attack, they cannot detect the vulnerable
lightweight nature of IoT nodes should be considered while nodes. Intruders can easily access the security details from the
designing IDS for the IoT. In this paper, the types of IDS, the compromised nodes and immediately launch several internal
major attacks on IoT, the recent research, and contributions to attacks. Hence, to offer an extra level of security to the IoT,
IDS in IoT networks are discussed, and an analytical survey is the Intrusion Detection System (IDS) acts as a tool [4].
given based on the study. Though it is a promising area for
research, IDS still needs further refinement to ensure high Anthea Mayzaud et al. [5] categorized the Routing Protocol
security for IoT networks and devices. Hence, further research, for Low Power Lossy Networks (RPL) attacks into three
development, and lightweight mechanisms are required for IDS types: attacks targeting the topology, attacks on network
to provide a higher level of security to the resource-limited IoT resources, and attacks targeting the network traffic. Attacks
network. on resources require more of the restricted devices' resources
Index Terms – Attack, IoT, Intrusion, IDS, RPL, Security. like processing requirements, power, and memory; attacks on
topology induce isolation and sub-optimization in the
1. INTRODUCTION topology, and attacks on traffic create security risks from the
The Internet of Things (IoT) is a robustly evolving trend that network's traffic. All these types of attacks have negative
incorporates technical, scientific, social, and economic impacts on the RPL based IoT network. These attacks have to
implications. It is essential to all facets of human life [1]. be detected and mitigated to ensure the security constraints of
Healthcare, logistics, smart-cities, smart-homes, and the IoT networks.
agriculture are just a few of the applications for IoT. Due to Intrusion Detection is an act of monitoring and possibly
its resource-constrained characteristics, the IoT tends to have preventing the malicious activities of the intruders. Intrusion
more vulnerability that can be easily exploited by an attacker. Detection System is a network security tool that consists of
The number of connected unsecured IoT devices on the global software or a combination of hardware and software to protect
network is rapidly increasing [2]. Researchers are mainly the traditional networks. It can be used to monitor all sorts of
focusing on various encryption and authentication activities in the network. If there is any attack or unwanted
mechanisms to ensure data confidentiality, authentication, and activity in the network, the IDS detects the intrusions, alerts
privacy among users and things. Most of the IoT devices have the administrator, logs the attacks for forensic activities,

ISSN: 2395-0455 ©EverScience Publications 38

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
isolates the intruder, and also disconnects the connection path the IDSs that are technologically advanced for the traditional
of the intruder [6]. The functionalities of Intrusion Detection and wireless networks are not suitable for IoT. Because of
System are illustrated in Figure 1. these constraints, finding IoT nodes with higher computing
capability to support IDS agents is very difficult. So, there is a
As it is given in Figure 1, the IDS can monitor, analyse,
need for modelling lightweight IDS to adapt to the IoT
assess, track, alert and mitigate attacks in IoT networks. IDSs
constraints. The Figure 2 illustrates the typical centralized
are at a mature level in the traditional networks. Since IDS
IDS for IoT networks.
consumes more memory, processing capability and energy,

Figure 1 Functionalities of IDS

Figure 2 A Typical IDS for Internet of Things

Here, the smart gadgets are linked to the Internet through the 1.1. Objectives
gateway device called border router. As the Figure 2
The major aim of this paper is to explore systematically the
indicates, the IDS tool is implemented in the gateway device.
IDSs that are available for protecting the IoT networks. The
It monitors all IoT network-related activities and, whenever
objectives are listed below.
an intrusion arises, the IDS will alert the administrator. It also
logs the events for forensic analysis.  To analyse the need for IDS in securing the IoT networks,

ISSN: 2395-0455 ©EverScience Publications 39

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
 To explore the different types of existing IDS for IoT, network, and consuming more resources. The impact of the
attacks was claimed only by using some qualitative measures.
 To discuss the issues and challenges that direct to future
The results are not quantified.
research,
Based on the IoT architecture and layers, Deogirikar and
 To provide an analytical survey of the reviewed IDSs.
Vidhate [11] classified all possible attacks related to IoT into
This paper is structured as follows: The section 2 discusses physical layer-related attacks, network layer-related attacks,
the recent IDS research in the IoT; section 3 explains the software-related attacks, and encryption-related attacks. A
different types of attacks in IoT environment; section 4 comparative analysis was also performed based on the
describes the types of IDSs for IoT based on the placement harmful effects of the attacks, possibilities for detection,
strategy and technologies implemented; section 5 summarizes vulnerability, and location of the attacks. The layer-wise
the reviewed works as an analytical survey; section 6 points attacks and advantages and disadvantages of the attack
out some issues and challenges while implementing the IDS detection techniques were also discussed elaborately. Security
in IoT environment and finally conclusion is presented in solutions are not considered in this paper.
section 7.
Sfar et al. [12] offered an overview of the IoT security
2. LITERATURE REVIEW roadmap based on a systematic and cognitive approach. A
case study is also given to explain this approach. Various
The literature related to the security challenges of IoT and the research challenges are also classified based on access
IDS available for detecting malicious events/and attacks are
control, privacy, trust, and identification. The classified
presented below.
elements were not explained in this paper.
2.1. IoT and Security
2.2. IDS for Internet of Things
In their article, Patel and Patel [7] discussed the definition, Hemdan and Manjaiah [13] described how IoT and IDS are
characteristics, technologies, architecture, and applications of useful in cybercrime investigation, as well as how to use IDS
IoT and also highlighted research issues and challenges
data to analyse criminal behaviour and make decisions based
regarding security, interoperability, data management, and
on the findings. Here, the authors have explained only their
energy issues in a nutshell. According to their survey, security
theoretical views and ideas.
and privacy issues are the most challenging tasks in the IoT.
Among all the security issues, secure data communication and Fu et al. [14] proposed an innovative idea for IDS using
the quality of shared data are the predominant issues to be Automata. The evaluation of this IDS was performed on a
considered for research. Raspberry Pi device with the help of an Android mobile
phone. This IDS successfully detected the jam-attack, false-
Adat and Gupta [8] conducted a thorough examination of the
attack, and replay-attack. This Intrusion Detection System
evolution of the Internet of Things, related works, IoT
detected only these three types of attacks. Some problems
statistics, IoT architecture, and security concerns. The authors
may also arise while running the system out of resources.
provided a set of layer-wise security challenges and security
requirements for the IoT architecture. They also presented a Raza et al. [15] offered Hybrid-IDS suitable for the IoT
classification of security issues and existing defence environment to detect real-time sinkhole and selective
mechanisms for the IoT environment. As per the paper, forward attacks. It was named ‘SVELTE’. The authors
network security issues and attacks cause more damage to the attempted to improve performance in this study by balancing
IoT eco-system. the costs associated with signature and anomaly-based IDS. In
SVELTE, the border router processes intensive IDS modules
Tewari, and Gupta [9] provided an overview of the security by analysing the network data. The IoT devices are
challenges associated with the IoT layered architecture. The
accountable for transmitting the data to the border router and
security issues in traditional networks and IoT networks are
alerting the router about the abnormal data they
compared and discussed. Heterogeneous integration of cross
receive. Periodic updating of the database is required in order
layers and their associated challenges are also analysed in this
to make the IDS relevant to the current attack patterns.
paper, and some future directions are highlighted. Though the
aim of the paper is to present the security and privacy issues The above work was extended by Shreenivas et al. [16] by
of the IoT, they have not been given much focus in this paper. including an IDS module that uses a metric called Expected
Transmission Count (ETX) of RPL networks. They suggested
Sahay et al. [10] suggested an Attack Graph for identifying
the intruders’ activities in the 6LoWPAN network can be
the susceptibilities of the rank of nodes. By mistreating these
prevented and the location of the attacker nodes can be
vulnerabilities, an intruder could invoke several attacks,
identified by monitoring the ETX metric. The true-positive
compromising network traffic, optimizing and isolating the
rate is increased in their work by combining the ETX based

ISSN: 2395-0455 ©EverScience Publications 40

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
rank mechanism with the rank-only approaches. Since there is window technique with fuzzy c-means and one-class SVM.
an additional ETX module in this work, it requires more This system was capable of quickly detecting the assaults.
storage and computational overhead. The EXata Network Simulator was used to test the system's
efficacy. Although it is capable of identifying and detecting
Mbarek et al. [17)] presented an Enhanced Network IDS
communication-destructive assaults, it might be enhanced in
protocol for the Internet of Things (ENIDS) to detect the
terms of recognising multiple attacks.
clone attack. This protocol was evaluated with the
performance of SVELTE and outperformed in terms of In a comparative study, Biswas [24] explained various feature
detection probability and energy consumption. This ENIDS is selection techniques and machine learning classifiers for
limited to clone attacks, and in the normal scenario it developing IDS. The classifiers used in this research are
consumes more energy. Decision Tree (DT), K-Nearest Neighbor (KNN), Support
Vector Machine (SVM), Naive Bayes (NB), and Neural
Ioulianou et al. [18] offered a Hybrid IDS using signature-
Networks (NN). The Correlation-based Feature Selection
based concepts for IoT architecture. Using the Version
method (CFS), Information Gain Ratio (IGR), Minimum
Number modification and ‘hello-flood’ attacks, a Denial of
Redundancy Maximum Relevance method, and Principal
Service (DoS) attack was launched. The impact of the attacks
Component Analysis (PCA) feature selection techniques were
was analyzed in terms of battery-power usage and reachability
evaluated. The NSL-KDD dataset with 10,000 tuples with 40
of nodes. The Intrusion Detection functionalities are not taken
attributes was used for this analysis. According to this study,
into account in this research work.
K-NN (K-Nearest Neighbor) and information gain ratio-based
All possible attacks in the IoT environment are either passive feature selection (GIR) provided a better result. The NSL-
or active. Passive attacks simply monitor the system activities KDD is one of the very old datasets for intrusion detection, so
and data traffic and eavesdrop to recover information. They it is not suitable for IoT.
are less dangerous and cause less damage to IoT devices and
Using the AdaBoost ensemble approach, Moustafa et al. [25]
networks. Active attacks are dissimilar to passive attacks, and
created an IDS for detecting intrusions in IoT networks. To
these attacks cause damage to the IoT infrastructure directly
improve performance, ensemble models are created by
[19]. These attacks can circumvent smart devices and the IoT
integrating numerous classifiers. Three classifiers, namely
ecosystem, resulting in the loss of valuable data.
Artificial Neural Network (ANN), Naive Bayes (NB), and
Using the IoT reference model, Abdul-Ghani et al. [20] Decision Tree (DT), are merged in an ensemble technique to
conducted a thorough investigation on IoT attacks. Physical, produce this model.The botnet was mostly identified using
protocol, data, and software attacks against IoT networks this strategy against application layer protocols. It's also
were characterised by the researchers. A detailed description confined to the three protocols, and should be extended to
of all conceivable attacks in these areas is provided. This include features from more IoT protocols.
article does not go through the security solutions. A summary
Jan et al. [26] proposed a lightweight IDS based on an SVM
of current research on security threats on IoT networks was
classifier to detect attempts to inject unnecessary data into IoT
provided by Lu and Xu [21]. Based on IoT devices, device
networks. The packet arrival rate’s Poisson distribution was
location, access level, data damage degree, node capacity, and
used to differentiate the packets as benign or intrusive. A
protocol, they created a taxonomy of cyber security attacks on
subset of the CICID2017 dataset was selected, obtaining a
IoT networks. They also eloborated the four-layer security
synchronized beget dataset from that subset, which was
architecture for IoT. The attacks on each layer, and the
further utilized in this research. The packet arrival rate is the
security solutions however, are not described in depth.
only attribute considered in this experiment. It supports the
Ramakrishna et al. [22] conducted an analytical assessment on lightweight aspect of IDS, but only a single attribute from a
various forms of IoT threats and their security solutions. huge dataset will not detect all possible attacks.
Physical, side-channel, cryptanalysis, software-based, and
Eskandari et al. [27] suggested an anomaly-based IDS termed
network-based attacks were all identified as IoT security
Passban IDS for detecting intrusions at the edge level based
attacks in this study.This paper only looked at a few attacks
on security attacks. Real-time network traffic was gathered to
from each category, as well as available countermeasures.
detect the attacks, and the iForest ensemble technique was
2.3. Machine Learning and Deep Learning based IDS used in this methodology. This Passban IDS detected the port
scanning, brute force attacks, and SYN flooding attacks. The
For the Wireless Sensor Networks (WSN) nodes with low
attacks during the training phase were not considered in this
resources, Qu et al. [23] proposed a lightweight, fuzzy
research. The SYN Flood attacks in this work will consume
clustering-based Intrusion Detection System. The sensor data more resources and will reduce the detection accuracy of the
collected at the base stations were used to map the network Passban IDS.
state. To build this system, the authors combined the sliding

ISSN: 2395-0455 ©EverScience Publications 41

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
Alkadi et al. [28] recommended distributed IDS using Deep this study. The algorithms used for anomaly-based IDS, such
Blockchain technology and Bidirectional Long Short-Term as supervised, unsupervised, and semi-supervised algorithms,
Memory (BiLSTM). This system detected the DoS, DDoS, were reviewed. Although the authors aimed to review
port scanning, and other attacks in UNSW-NB15 and BoT- anomaly attacks in the IoT, most of the datasets taken for the
IoT datasets effectively. It is suitable for IoT and cloud study are not specific to the Internet of Things.
architecture. For real-world implementation, it requires
Kumar et al. [32] offered an ensemble distributed IDS model
further fine-tuning. The UNSW-NB15 dataset used in this
to safeguard the IoT network from different types of security
research was not specific to IoT.
attacks. The Gaussian Naïve Bayes, KNN, Random Forest,
Cheema et al. [29] introduced a Blockchain based IDS for IoT and XGBoost algorithms were applied to develop the
using Machine Learning Algorithms. The IoT network is ensemble model. The UNSW-NB15 and DS2OS were the
divided into number of Autonomous Systems (AS). The datasets used in this research to examine the IDS's
selected AS nodes are responsible for traffic monitoring in a performance. The model is built for detecting attacks in IoT
distributed manner. The SVM algorithm is applied for environments. But in the experimented datasets, DS2OS is the
training the dataset. This system detects the Botnets and only dataset specific to the IoT. Though there is much
routing attacks. Since the Blockchain module handles all ongoing research and development in the security of IoT by
attackers’ associated details, it increases the computational implementing Intrusion Detection Systems, it is still needed to
complexity for each transaction. The lightweight features enhance the security level further by using innovative tools
should be addressed before incorporating it into IoT networks. and techniques.
Parra et al. [30] suggested a distributed attack detection 3. SECURITY ATTACKS IN IOT
technique for the IoT using Deep Learning algorithms using a
The security related threats and vulnerabilities rise robustly as
cloud-based approach. It comprises two security mechanisms,
the connected devices in IoT increase. The IoT nodes create
such as a Distributed Convolutional Neural Network (DCNN)
dynamic topology and the nodes perform their tasks without
and a cloud-based temporal Long-Short Term Memory
human intervention, so that, handling the security issues in
(LSTM) model. The proposed mechanism detects phishing
IoT becomes more complex. The privacy and security
attacks, DDoS attacks, and botnets. This method can detect
challenges of IoT become more troublesome with the limited
the attack at both the node and the cloud level. The network
resources. Moreover, the enormous growth and adoption of
layer-related attacks are not considered in this research.
IoT devices in all aspects of human life indicate the necessity
Alsoufi et al. [31] investigated anomaly-based IDSs for the of considering these security threats before the
IoT using deep learning approaches. Different databases and implementation of the countermeasures. The security market
journals having deep learning-based IDS were identified in from 2019 to 2025 is given in Figure 3.

Figure 3 IoT Security Market (2019-2025) (Source: IoTAnalyticsResearch 2020)

ISSN: 2395-0455 ©EverScience Publications 42

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
According to IoT Analytics Research 2020, the IoT security pretend that they have other privileges which they may not be
market size was $2,750 million in 2019, and it is estimated to granted. In this attack, the attacker tries to inject and run
be the same as $20,771 million in 2025. The increase in the abnormal codes on the nodes without the user's awareness in
compound annual growth rate (CAGR) is 40% from the year this attack. IDSs protect the IoT network and devices in real-
2019 to 2025. This emphasises the rapid growth of security time from external and internal security threats and attacks
challenges in IoT and the importance of securing the devices [33].
against various attacks. Intrusions or attacks on any network
4. TYPES OF IDS FOR IOT
can be caused in three ways:
Intrusion Detection Systems are used to discover intrusions,
 Attacks are targeted by external attackers after gaining
attacks, and malicious activities in the IoT environment. IDSs
access to any network, and then the systems explore
are networking security components that are widely used to
various malicious activities against the network.
protect network environments from attacks and malicious
 Internal attackers who have been granted a certain level of activities. They normally monitor the behaviour of the
privilege but attempt to launch attacks using additional individual device or the network. Intrusion Detection Systems
unauthorised access. for the Internet of Things are classified into two categories:
 Authorized internal attackers misuse the privileges given
 IDS types based on their positions
to them.
3.1. External Attacks  IDS types based on their techniques

External attacks are initiated from outside of the networks. By The classifications of IDS used in this review are illustrated
acting as insiders, the external attackers inject malicious code using Figure 4.
during data communication. The attackers access the smart The first category is based on where the Intrusion Detection
devices of the IoT devices remotely and attempt various types System is located in the IoT network. The second category of
of attacks against the IoT networks. classification is based on the techniques used for
3.2. Internal Attacks implementing the IDS. Each type is explained in detail.

Internal attacks are initiated by the authorized people of the

IoT network. They misuse their given privileges as well as

Figure 4 Types of IDS for IoT

ISSN: 2395-0455 ©EverScience Publications 43

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
4.1. IDS Types Based on its Position in the Network information was analyzed to check whether there were any
attacks on the network. Malicious nodes and their activities
There are several types of IDSs, each of which is classified
were monitored and reported to the administrator or to the IoT
differently. The IDS can be installed on the border router,
objects. The authors did not consider low-capacity systems in
selected nodes, or every node in the IoT network in the IoT
their approach. Though the authors claim that it is suitable for
ecosystem. Intrusion detection systems are classified into
IoT, it is only relevant for Wireless Sensor Networks (WSN)
three types based on this deployment strategy: distributed
and Mobile Ad-hoc Networks (MANET) as they implemented
IDS, centralized IDS, and hybrid IDS.
these networks only in the NS2 Simulator and gave the
4.1.1. Distributed IDS (Host-based IDS) simulated results.
Each node in the IoT network is responsible for monitoring Cervantes et al. [38] proposed a distributed solution named
and detecting the attacks in this distributed deployment "Intrusion Detection of Sinkhole Assaults on 6LoWPAN for
method. As a result, the intrusion detection system is installed InterneT of Things (INTI)" that monitors, detects, and
on nearly all nodes in the network. The attacks are detected in mitigates the attacks by merging the concepts of trust and
a distributed manner by the IDSs [34]. The resource- status with watchdogs. Different types of nodes, such as
constrained properties of the IoT should be examined and associated, leader, and member nodes, were used to create a
optimised since the intrusion detection system is installed on hierarchical structure. A change in the network, such as
each node. To deal with this problem, a variety of approaches network reconfiguration or the occurrence of an attack, might
have been devised. cause the node to change its role. After then, each node keeps
track of a superior node's incoming and departing traffic.
Oh et al. [35] devised a lightweight approach for identifying
When a node detects an attack, it notifies the other nodes, and
assaults by comparing packet payloads and attack patterns. the attacker node is isolated. The effectiveness of the tool in
Auxiliary shifting and early decision, according to the low capacity nodes is not deliberated by the authors. Since the
authors, are required to minimize the number of matches
distributed IDSs have a hierarchy among themselves, this type
required to identify attacks. This attack detection system skips
of IDS can be termed as Hierarchical Intrusion Detection
a large volume of data that are not relevant for detecting the
System.
attacks.
By deploying the open-source Snort tool on the Raspberry Pi
The authors claim it is a lightweight system since it reduces device, Sforzin and Conti [39] developed a distributed IDS
the memory requirements and computational costs. termed RpiDS. The Raspberry Pi is considered the core
Sometimes, the reduction of memory for pattern matching
commodity for this system. It was implemented in a smart
also degrades the detection accuracy of the system.
home. The performance of the Raspberry Pi is evaluated as a
Lee et al. [36] suggested a lightweight distributed IDS for host of the snort tool. Though this RpiDS is capable of
detecting Denial of Service (DoS) attacks in 6LowPAN hosting Snort, due to its constrained nature, it is very hard to
networks. In this approach, the malicious node is identified monitor and manage the attacks in a large-scale
using the battery power consumption of an IoT device. The implementation.
authors considered only a single node as the parameter in their
4.1.2. Centralized IDS (Network IDS)
research work.
In this strategy, intrusion detection systems are installed on a
In distributed IDS settings, some nodes also have an
centralized router or a dedicated server. Because of the
additional responsibility to monitor their neighbours and such centralized edge node, i.e., border router, which connects the
nodes are called watchdogs. IoT network to the Internet, implementing centralized IDS in
Mehmood et al. [37] developed a multi-agent IDS using IoT is very simple. Because data packets from the outside
Naïve Bayesian algorithm for detecting the probable enter the IoT environment through the border router, external
distributed Denial of Service (DDoS) attacks in IoT layered attackers may be quickly recognised by the centralised IDS.
architecture. In this work, the multi-agents along with Naïve Hence, when the intrusion detection system is deployed in the
Bayesian algorithm were implemented in selected IoT devices border router, it can easily monitor, analyze, and drop the
throughout the network. The agents were classified as system malicious data packets when it detects any attacks. Contrarily,
monitoring, communicating, collector, and actuator agents. internal attack detection is difficult in this approach since it
The distributed multi-agents in this approach share the necessitates thorough monitoring and analysis of all internal
responsibility of intrusion detection and reduce the workload nodes connected to the border router.
of the individual nodes. The agent nodes could communicate
Midi et al. [40] developed a centralized Intrusion Detection
with other agents too, whenever required. The authors used System for an IoT environment called “Knowledge-driven
sensors to gather the information, and the collected Adaptable Lightweight Intrusion Detection System (KALIS)”.

ISSN: 2395-0455 ©EverScience Publications 44

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
It can be deployed as a standalone tool on any specialized different tasks and they were coordinated. This system is
external device or in a centralised installation setting like a capable of detecting and banning flooding attacks, selective
router. KALIS acquires knowledge about the characteristics forwarding attacks, and clone attacks. This system is quite
of network entities on its own and uses it to dynamically complex to handle, and it mainly focuses on limited types of
create a set of detection algorithms. In compared to standard attacks only.
intrusion detection systems, KALIS excelled in identifying
4.2. IDS Types Based on its Techniques
DoS, routing, and conventional attacks, according to the
authors. This system is not tied to any particular protocol or There are many algorithms for detecting intrusions and
architecture. Though the KALIS system outperforms improving the performance of the IDS. These algorithms and
traditional IDS in terms of performance, it requires more techniques can be applied in various stages of intrusion
memory to deploy than the traditional IDS. detection. Based on the techniques and methods implemented
along with it, the IDSs are grouped into four types: signature-
Wani and Revathi [41] recommended an innovative IDS using
based, anomaly-based, specification-based, and hybrid IDSs.
Software Defined Networking (SDN). It is programmable, so
it makes the network flexible. Here, a centralized controller is 4.2.1. Signature-Based IDS
moved to develop a global control system. The authors
implemented their work in Mininet2.0. They achieved 99% This kind of intrusion detection system is also termed as a
accuracy in their result. In this research, the authors "Misuse-based IDS". All possible known attack patterns are
stored in the IDS database. These IDSs analyse the generated
considered only the flooding attack. The NSL-KDD dataset is
information and find out whether there is any match with the
used in this research, which is a very old dataset and it is not
known attack. This type of IDS is very effective against
specific to Internet of Things related attacks. The experiment
and methodology are not explained in detail. known attacks. It needs a periodic update because the
efficiency of this system depends on attack signatures
4.1.3. Hybrid IDS available in the database [44]. Although it gives a higher true-
positive rate, it is incapable of detecting new patterns of
By analysing the pros and cons of the centralized and
attacks.
distributed placement strategies, the hybrid placement strategy
is developed. In this hybrid IDS, the strengths of both Kumar et al. [45] proposed a unified IDS (UIDS) for
strategies are included and the drawbacks are excluded. detecting DoS attacks, probe attacks, generic attacks, and
exploit attacks. The decision tree algorithm is applied to the
Using the hybrid strategy, Amaral et al. [42] proposed a
UNSW-NB15 dataset. Various forms of rule sets are defined
hybrid intrusion detection system. In this work, selected nodes
in order to develop the system. This signature-based IDS
act as watchdogs (Distributed IDS) to detect intrusions caused
detects the attacks more effectively than the existing research
by eavesdropping on their neighbours. According to the
work. It needs further refinement to detect new attacks. The
defined security rules, the watchdogs determine whether there
dataset used in this research is not specific to IoT. It is
is any attack on the network. Each watchdog has a different
difficult to detect unknown attacks using this approach.
rule-set based on the behaviour of the components in the
network. According to the security rule-sets in the centralized 4.2.2. Anomaly-Based IDS
IDS, the patterns are identified from the monitored messages.
This kind of IDS can classify the behavior of the system as
Thus, a hybrid approach is used in this work. The flexibility
abnormal or anomalous. This categorization is based on rules
of using a different set of rules is the main advantage of this
system. The rule-set has to be updated very often in order to or heuristics rather than patterns or signatures. First, the IDS
make the system up-to-date for new attacks. Dynamic attack should be trained to understand the normal behavior of the
system. If there is any activity that violates the normal
detection is not possible in this IDS as it has some predefined
behavior, then the IDS can identify it as an attack. This type
set of rules..
of IDS detects unknown attacks effectively. However, it
Thanigaivelan et al. [43] developed a hybrid attack detection considers everything an intrusion, which means it is deviating
system for internal anomalous activities. It was used to from the normal behavior. Therefore, anomaly-based
monitor and evaluate their neighbors within a one-hop intrusion detection systems normally have higher false-
distance and to report them to their parents only when it positive rates than other types of IDSs [46]. In general, to
detected an anomaly. When an intrusion is detected, the train the normal behavior of the systems, machine learning
monitoring node is isolated, and data packets are discarded in algorithms can be used. But implementing machine learning
the link layer to avoid unnecessary network overhead. The for the resource-constrained IoT nodes is a challenging
system also included a fingerprinting function that allowed research issue. The lightweight aspects should be considered
the border router to detect network changes and locate the in such cases.
source of the threats. The router and other nodes were given

ISSN: 2395-0455 ©EverScience Publications 45

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
Ulla and Mahmoud [47] proposed an anomaly detection defined. The UVa/Padova simulator was used to emulate the
system for IoT networks using deep learning. The functionalities of APS. SVM and kNN are the classifiers used
Convolutional Neural Network algorithm was the backbone in this research to validate the proposed model. The
of this research. The proposed IDS model was evaluated using recommended system monitors the components of the APS
IoT-related IDS datasets such as BoT-IoT, IoT-DS-2, IoT-23, continuously, and abnormal glucose levels are identified with
and MQTT-IoT-IDS2020. This multiclass model detects better accuracy. Since it is related to human life, better
various attacks like DoS, DDoS, flooding attacks, OS Scan, refinements should be required. The behavior-rules of the
Port Scan, Mirai, etc. efficiently in terms of accuracy and APS have to be updated in order to include new symptoms
other metrics. Multiple IDS datasets were combined in this that lead to abnormalities in blood glucose levels.
research for the purpose of developing the model. The deep
4.2.4. Hybrid IDS
learning approach and the multiple data sources require more
training time and computational costs. Hybrid IDSs are developed by combining one or more of the
aforementioned types of IDSs. These IDSs are established to
4.2.3. Specification-Based IDS
optimize the performance by minimizing the drawbacks and
This kind of intrusion detection system is also called "Rule- maximizing the advantages of these IDSs. By merging the
based IDS". These IDSs contain a rule-set and some merits of such IDSs, the detection accuracy and the
thresholds associated with the rule-set. These rules are defined performance of the hybrid IDS are enhanced.
by the experts regarding the normal and abnormal activities of
By using the Map Reduce approach and the unsupervised
the nodes and protocols in the networks. Like anomaly-based
Optimum-Path Forest (OPF) algorithm, Bostani et al. [50]
IDS, these IDSs also detect attacks whenever there is a
developed a hybrid IDS with anomaly and specification- IDS.
deviation from the specified thresholds and rules. In
Based on their experimental results, the authors defend that
specification-based IDS, the rules and thresholds are set by
their IDS performed well by reducing false-positives and
the human experts, but in anomaly-based IDS, the system
increasing true-positives. This hybrid system is suitable for
should be trained. This is the difference between these two
detecting sinkhole and selective forwarding attacks in IoT
types of IDSs. Since there is human involvement in these
networks. This system has its own limitations in unsupervised
IDSs, they have a lower false-positive rate compared to the
learning and the Map-Reduce approach. The raw data packets
anomaly-based IDSs [48]. The specification-based IDSs are
from the simulated Wireless Sensor Networks (WSN) are
not flexible and error-prone due to the manually defined
used in this research. Hence, the dataset used in this research
specifications. Periodic upgrading of the rules and thresholds
is not specific to the Internet of Things.
is essential to make the system relevant for current needs.
5. ANALYTICAL SURVEY OF IDS FOR IOT
Astillo et al. [49] recommended a specification-based system
to detect the malicious acts of an implanted Artificial The Table 1 shows the summary of the reviewed literature.
Pancreas System (APS) which maintains the blood glucose Here, IDS research work, the type of IDS it belongs to,
level of the human body. In this research, the security techniques used in the IDS, advantages, and the research gaps
challenges and associated risks related to patients’ health and of these IDSs are briefly given.
safety were studied. The behavior-rules of the APS were
Research IDS Type Techniques/Tools Attack Detection Required Refinements

Fu et al. [14] Centralized Automata jam-attack false- State-space problem

attack replay-attack
Raza et al. [15] Hybrid SVELTE Sink-hole attacks Additional Control
overhead due to 6Mapper
module
Shreenivas et al. [16] Hybrid Extension to SVELTE ETX and Rank attack Maximum 8 nodes only
using ETX metric, the used.
geographical detection
algorithm
Mbarek et al. [17] Centralized ENIDS protocol Clone attacks Consumes more energy
in normal scenario
Ioulianou et al. [18] Hybrid Cooja Simulator, DoS IDS functionalities are

ISSN: 2395-0455 ©EverScience Publications 46

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
Pattern Matching not considered
Algorithm
Qu et al. [23] Hybrid Sliding window Anomalous events Refinements required for
Protocol, One-Class and routing attacks diversity of attacks
SVM, Fuzzy C-Means
Moustafa et al. [25] Centralized AdaBoost ensemble Botnet attacks Limited to three IoT
method application layer
protocols

Jan et al. [26] Centralized SVM classifier DDoS attacks Single attribute only used
Eskandari et al. [27] Centralized Passban IDS, iForest Port Scanning, Brute Not considered the
force, flooding attack attacks in the training
phase, flooding attack
reduces the detection rate

Alkadi et al. [28] Distributed Blockchain, DoS, DDoS, Port Need further refinement
Bidirectional Long Scanning, OS Scan for real-time
Short-Term Memory etc. implementation
(BiLSTM)
Cheema et al. [29] Distributed Blockchain, Spectral Routing attacks and Real-world conditions
Partitioning Botnet should be addressed
Parra et al.[30] Distributed Deep Learning Phishing, DDoS, More training time
Botnet
Kumar et al. [32] Distributed Ensemble Backdoor, Real-time deployment
Reconnaissance, DoS requires lightweight
mechanisms for IoT
nodes
Oh et al. [35] Distributed auxiliary shifting, Conventional attacks Single device only
using signatures
early decision
Lee et al. [36] Distributed Energy consumption Routing attacks, DoS Single device only
models
Mehmood et al. [37] Distributed Naïve Bayes DDoS Attack Low capacity systems are
Algorithm, Multi-agent not considered
Cervantes et al. [38] Hierarchical - INTI Sinkhole attacks Low capacity systems are
Distributed not considered
Sforzin and Conti [39] Distributed Snort tool Conventional Attacks Single Node is
considered
Midi et al. [40] Centralized KALIS DoS, Routing attacks Complex functionalities
Wani and Revathi [41] Centralized Software-Defined Flooding attacks Only flooding attack is
Networking (SDN) considered
Amaral et al. [42] Hybrid Watchdogs Routing attacks based Requires optimization in
on a different set of enforcing and storing
rules new security rules

ISSN: 2395-0455 ©EverScience Publications 47

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
Thanigaivelan et al. [43] Anomaly- Network fingerprinting Clone, Flooding, Complex to handle
based, Hybrid selective forward
Kumar et al, [45] Centralized Decision Tree Exploit, DoS, Probe, Requires refinement for
Specification- Generic detecting new attacks.
based IDS
Ulla and Mahmoud [47] Anomaly- Convolutional Neural Dos, DDoS, Mirai, Training takes more time
based Networks Flooding, Port Scan
Astillo et al. [49] Centralized UVa/Padova simulator, Abnormal blood Human life related.
glucose level Periodic update required
Specification- SVM, KNN
based
Bostani et al. [50] Hybrid Optimum-Path Forest Sinkhole, wormhole, Simultaneous different
(OPF), Map Reduce selective forward types of attacks reduce
Algorithm attack the performance
Table 1 Intrusion Detection Systems for IoT
According to this review, when machine learning algorithms IDSs have been used in traditional network and information
are deployed, the performance and efficiency of the intrusion systems for more than two decades. The usage of IDS and its
detection systems will be better and the hybrid IDS will implementation in IoT compared to traditional networks is
provide better accuracy, which reduces false positives and still in the initial stage. Moreover, current IDS solutions for
improves the true positives. the IoT are not sufficient. The research gaps for deploying
intrusion detection systems in IoT networks are given below:
6. RESEARCH DIRECTIONS BASED ON THE REVIEW
 The intrusion detection systems used in traditional
The IoT has evolved from the traditional network architecture.
networks are heavyweights, which mean they will not be
Hence, it also incorporates all the vulnerabilities and threats
suitable for resource-constrained IoT networks. The
associated with traditional networks. As IoT is connected to
lightweight aspects in terms of processing, memory, and
the global network, all the security issues that lie on the
battery power consumption should be considered for
Internet also propagate to the IoT environment. The following
developing IDS for the IoT.
are the reasons for various security-related issues in the IoT
environment:  In traditional network, once the connection is established,
there will be an end-to-end data transmission. But in the
 The devices in IoT networks are resource-constrained;
IoT network, the data packets traverse multi-hops from the
they have less memory, processing power, and limited
sender to the receiver. Hence it is more vulnerable. The
energy.
connectivity and link stability issues of the IoT network
 Voluminous IoT devices from heterogeneous sources are should be kept in mind when designing IDS for IoT.
linked to the Internet, which tends to make the IoT more
 The IoT uses advanced protocols and technology that have
vulnerable.
their own vulnerabilities in the networks. So, the IDS
 IoT devices use different technologies and platforms. developed for traditional networks are not applicable in the
Hence, providing interoperability among such devices is a IoT environment.
challenging issue.
 The sensors generate voluminous data. The security
These issues make the IoT vulnerable and cause serious aspects of such data and managing such voluminous data
damage like data breaches and tampering of IoT nodes. If the also lead to research challenges.
nodes are compromised, then the security risk will rise to a
The above facts summarize the issues and challenges of
higher level. Cryptography is one of the technologies used to
implementing IDS while deploying them in IoT networks.
secure data. Here, secure keys are the core elements. But,
when the attacker compromises the internal nodes to get the 7. CONCLUSION
security keys, preventing the network from attacks is not
One of the most important security tools deployed in
possible. In such a scenario, IDSs are a boon for providing
traditional networks is the IDS. While implementing the IDS
security to the IoT networks. Therefore, it is essential to have
in an IoT environment, the characteristics of the IoT should be
an intrusion detection system to monitor the IoT network and
considered. The deployment of IDS in the IoT has a lot of
detect the attacker and compromised IoT devices.

ISSN: 2395-0455 ©EverScience Publications 48

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
emerging scope and challenges for research. In this paper, the [15] S. Raza, L. Wallgren and T. Voigt, “SVELTE: real-time intrusion
detection in the Internet of Things”, Ad Hoc Network, 11(8), ISSN:
security issues in the IoT, the need for IDS in the IoT, and the
2661-2674, 2013, DOI:10.1016/j.adhoc.2013.04.014.
different types of IDS for the IoT are reviewed. An analytical [16] D. Shreenivas, S. Raza and T. Voigt, “Intrusion Detection in the RPL
survey based on the review is also given. The analysis clearly connected 6LoWPAN Networks”, Proceedings of the 3rd ACM
shows that they did not reach a consensus, implying that International Workshop on IoT Privacy, Trust, and Security,
IOTPTS’17, Abu Dhabi, United Arab Emirates, 2017.
additional research and development for IDS in IoT networks
[17] B. Mbarek, M. Ge and T. Pitner, “Enhanced Network Intrusion
is still required. The intrusion detection systems also Detection System Protocol for Internet of Things”, Proceedings of
necessitate periodic refinement to keep the systems suitable ACM SAC Conference (SAC’20), ACM, New York, Article 4, 2020,
for current needs. Hence, it provides a wider scope for IoT DOI: 10.1145/3341105.3373867.
[18] P. P. Ioulianou, V. G. Vassilakis, I.D. Moscholios and M. D.
security researchers.
Logothetis, “A Signature-based Intrusion Detection System for the
REFERENCES Internet of Things”, International Conference on Information and
Communication Technology Forum (ICTF-2018) ,Graz, Austria, 2018,
[1] A. Khraisat and A. Alazab, “A critical review of intrusion detection https://www.researchgate.net/publication/ 326376629.
systems in the Internet of Things: techniques, deployment strategy, [19] P. Wanda and H. J. Jie, “A survey of Intrusion Detection System”,
validation strategy, attacks, public datasets and challenges”, Cyber International Journal of Informatics and Computation (IJICOM) 1(1),
Security 4(18), 2021, DOI: 10.1186/s42400-021-00077-7 ISSN: 2685-8711, 2019.
[2] A. Colakovi and M. Hadziali, “Internet of Things (IoT): A Review of [20] H. Abdul-Ghani, D. Konstantas and M. Mahyoub, “A Comprehensive
Enabling Technologies, Challenges, and Open Research Issues”, IoT Attacks Survey based on a Building-blocked Reference Model”,
Computer Networks, 2018, DOI: 10.1016/j.comnet.2018.07.017. International Journal of Advanced Computer Science and Applications,
[3] E. C. Ugwuabonyi and E.Z. Orji, “Issues and Challenges in Security Springer, 9(3), 2018.
and Privacy of Internet of Things (IoT)”, International Journal of [21] Y. Lu and L.D. Xu, “Internet of Things (IoT) Cyber Security Research:
Latest Technology in Engineering, Management & Applied Science A Review of Current Research Topics”, IEEE Internet of Things
(IJLTEMAS), 7(12), 2018, ISSN 2278-2540. Journal, 2018, DOI: 10.1109/JIOT.2018.2869847.
[4] B. B. Zarpaelo, R.S. Miani, C.T. Kawakani and S. C. Alverenga, “A [22] C. Ramakrishna, G.K. Kumar, A.M. Reddy and P. Ravi, “A Survey on
Survey of Intrusion Detection in Internet of Things”, Journal of various IoT Attacks and its Countermeasures”, International Journal of
Network and Computer Applications, 2017, DOI: Engineering Research in Computer Science and Engineering
10.1016/j.jnca.2017.02.009. (IJERCSE), 5(4), ISSN: 2394-2320, 2018.
[5] A. Mayzaud, R. Badonnel and I. Chrisment, “A Taxonomy of Attacks [23] H. Qu, L. Lei, X. Tang and W. Ping, “A Lightweight Intrusion
in RPL-based Internet of Things”, International Journal of Network Detection Method Based on Fuzzy Clustering Algorithm for Wireless
Security”, ACEEE a Division of Engineers Network, 18 (3), pp.459- Sensor Networks”, Advances in Fuzzy Systems, Article ID: 4071851,
473, 2016, DOI:10.6633/IJNS.201605.18(3), hal-01207859. 2018, DOI: 10.1155/2018/407185.
[6] T. A. Tchakoucht and M. Ezziyyani, “Building A Fast Intrusion [24] S. K. Biswas, “Intrusion Detection Using Machine Learning: A
Detection System For High-Speed Networks: Probe and DoS Attacks Comparison Study”, International Journal of pure and Applied
Detection”, Procedia Computer Science, 127, pp. 521–530, 2018. Mathematics, 118 (19), pp.101-114, ISSN: 1311-8080 (print); ISSN:
[7] K.K. Patel and S.M. Patel, “Internet of Things-IoT: Definition, 1314-3395 (online), 2018.
Characteristics, Architecture, Enabling Technologies, Application and [25] N. Moustafa, B. Turnbull and K. R. Choo, “An Ensemble Intrusion
Future Challenges”, International Journal of Engineering Science and Detection Technique based on proposed Statistical Flow Features for
Computing, 6(5), ISSN 2321- 3361, 2016, DOI: 10.4010/2016.1482. Protecting Network Traffic of Internet of Things”, IEEE Internet of
[8] V. Adat and B. B. Gupta, “Security in Internet of Things: issues, Things Journal, 2018, DOI:10.1109/JIOT.2018.2871719.
challenges, taxonomy, and architecture”, Telecommunication System, [26] S. U. Jan, S. Ahmed, V. Shakov and I. Koo, “Toward a Lightweight
2017, DOI: 10.1007/s11235-017-0345-9. Intrusion Detection System for the Internet of Things”, IEEE Access,
[9] A. Tewari and B.B. Gupta, “Security, privacy and trust of different 2019, DOI: 10.1109/ACCESS.2019.2907965.
layers in Internet-of-Things (IoTs) framework”, Future Generation [27] M. Eskandari, Z. H. Janjua, M. Vecchio and F. Antonell, “Passban
Computer Systems, 108, ISSN: 0167-739X, pp: 909-920, 2020, DOI: IDS: An Intelligent Anomaly Based Intrusion Detection System for
10.1016/j.future.2018.04.027 IoT Edge Devices”, IEEE Internet of Things Journal, pp. (99):1-1,
[10] R. Sahay, G. Geethakumari and K. Modugu, “Attack Graph based 2020, DOI: 10.1109/JIOT.2020.2970501.
Vulnerability Assessment of Rank property in RPL-6LowPAN in IoT”, [28] O. Alkadi, N. Moustafa, B. Turnbull and K. R. Choo, “A Deep
IEEE Explore, 2018, DOI: 10.1109/WF-IoT.2018.8355171 Blockchain Framework-enabled Collaborative Intrusion Detection for
[11] J. Deogirikar and A. Vidhate, “Security Attacks in IoT: A Survey. Protecting IoT and Cloud Networks”, IEEE Internet of Things Journal,
International Conference on IoT in Social, Mobile, Analytical and 2020, DOI:10.1109/JIOT.2020.2996590.
Cloud”, I-SMAC- 2017, IEEE, 2017. [29] M. A. Cheema, H. K. Qureshi, C. Chrysostomou and M. Lestas,
[12] A. R. Sfar, E. Natalizio, Y. Challal and Z. Chtourou, “A Roadmap for “Utilizing Blockchain for Distributed Machine Learning based
Security Challenges in the Internet of Things”, Digital Intrusion Detection in Internet of Things”, 16th International
Communications and Networks, 4, pp.118-137, 2018. Conference on Distributed Computing in Sensor Systems (DCOSS-
[13] E E. Hemdan and D.H. Manjaiah, “Cybercrimes Investigation and 2020), IEEE Xplore, 2020, DOI: 10.1109/DCOSS49796.2020.00074.
Intrusion Detection in Internet of Things based on Data Science [30] G. D. L. T. Parra, P. Rad, K. R. Choo and N. Beebe, “Detecting
Methods”, Cognitive Computing for Big Data Systems over IoT, 2018, Internet of Things Attacks using Distributed Deep Learning”, Journal
DOI: 10.1007/978-3-319-70688-7_2. of Network and Computer Applications, 163(102662), ScienceDirect,
[14] Y. Fu, C. Yan, J. Cao, O. Kore and X. Cao, “An Automata based 2020, DOI: 10.1016/j.jnca.2020.102662.
Intrusion Detection method for Internet of Things”, Mobile [31] M. A. Alsoufi, S. Razak, M. M. Siraj, I. Nafea, F. A. Ghaleb, F. Saeed
Information Systems, Hindawi Publications, 2017(1750637), 2017, and M. Nasser, “Anomaly-based Intrusion Detection Systems in IoT
DOI: 10.1155/2017/1750637. using Deep Learning”, Applied Sciences, 11(18), 8383,
2021,DOI:10.3390/app11188383.

ISSN: 2395-0455 ©EverScience Publications 49

International Journal of Computer Networks and Applications (IJCNA)
DOI: 10.22247/ijcna/2022/211599 Volume 9, Issue 1, January – February (2022)
REVIEW ARTICLE
[32] P. Kumar, G. P Gupta and R. Tripathi, “A distributed ensemble design [44] O. A. Okpe, O. A. John and S. Emmanuel, “Intrusion Detection in
based intrusion detection system using fog computing to protect the Internet of Things”, International Journal of Advanced Research in
Internet of Things networks”, Journal of Ambient Intelligence and Computer Science, 9(1), ISSN: 0976-5697, 2018,
Humanized Computing, 12, pp. 9555–9572, 2020, DOI:10.26483/ijarcs.v9i1.5429.
DOI:10.1007/s12652-020-02696-3 [45] V. Kumar, A. K. Das and D. Sinha, “UIDS: A Unified Intrusion
[33] L. Santos, R. Gonçalves, C. Rabadao and J. Martins, “A flow-based Detection System for IoT Environment”, Evolutionary Intelligence, 14,
intrusion detection framework for internet of things pp. 47–59, 2021, DOI: 10.1007/s12065-019-00291-w
networks”, Cluster Computing, Springer, 2021, DOI: 10.1007/s10586- [46] L. Santos, C. Rabadão and R. Gonçalves, “Intrusion Detection Systems
021-03238-y in Internet of Things: A Literature Review”, ResearchGate, 2018, DOI:
[34] E. Benkhelifa, T. Welsh and W. Hamouda, “A Critical Review of 10.23919/CISTI.2018.8399291.
Practices and Challenges in Intrusion Detection Systems for IoT: [47] I. Ulla and Q. H. Mahmoud, “Design and Development of a Deep
Towards Universal and Resilient Systems”, IEEE, 2018, Learning-Based Model for Anomaly Detection in IoT Networks”,
DOI:10.1109/COMST.2018.2844742. IEEE Access, 9, e-ISSN: 2169-3536, pp. 103906–103926, 2021, DOI:
[35] D. Oh, D. Kim and W. W. Ro, “A Malicious Pattern Detection Engine 1109/ACCESS.2021.309402.
for Embedded Security Systems in the Internet of Things”, Sensors, 14 [48] R. Mitchell and I. Chen, “A Survey of Intrusion Detection Techniques
(12), ISSN: 24188–24211, 2014, DOI: 10.3390/s141224188. for Cyber-physical Systems”, ACM Computing Surveys (CSUR), 46
[36] T. H. Lee, T. H. Wen, L. H. Chang, H. S. Chiang and M.C. Hsieh, “A (4), 55, 2014.
lightweight Intrusion Detection Scheme based on Energy Consumption [49] P. V. Astillo, J. Jeong, W. C. Chien, B. Kim, J. S. Jang, I. You,
Analysis in 6LowPAN”, Advanced Technologies, Embedded and “SMDAps: A Specification-based Misbehavior Detection System for
Multimedia for Human-centric Computing, Lecture Notes in Electrical Implantable Devices in Artificial Pancreas System”, Journal of Internet
Engineering 260, Springer Netherlands, pp. 1205–1213, 2014. Technology, 22(1), e-ISSN:2079-4029, 2021, DOI:
[37] A. Mehmood, M. Mukherjee, S. H. Ahmed, H. Song and M. M. Malik, 10.3966/160792642021012201001
“NBC-MAIDS: Naïve Bayesian classification technique in multi-agent [50] H. Bostani and M. Sheikhan, “Hybrid of Anomaly-Based and
system-enriched IDS for securing IoT against DDoS attacks”, Journal Specification-Based IDS for Internet of Things Using Unsupervised
of Supercomputers, Springer Science+Business Media, LLC, Springer OPF Based on MapReduce Approach”, Computer Communications,
Nature, 2018, DOI:10.1007/s11227-018-2413-7 98(15), pp. 52-71, 2017, DOI:10.1016/j.comcom.2016.12.001.
[38] C. Cervantes, D. Poplade, M. Nogueira and A. Santos, “Detection of
sinkhole attacks for supporting secure routing on 6LoWPAN for Authors
Internet of Things”, IFIP/IEEE International Symposium on Integrated A. Arul Anitha is pursuing her Doctoral Degree at
Network Management (IM), pp.606–611, 2015. St. Joseph’s College (Autonomous), Tiruchirappalli,
[39] A. Sforzin and M. Conti, “RpiDS: Raspberry Pi IDS-A fruitful Tamil Nadu, India, affiliated to the Bharathidasan
Intrusion Detection System for IoT”, International IEEE Conference University, Tiruchirappalli. She received her
on Ubiquitous Intelligence and Computing, Advanced and Trusted Master’s degree in Computer Applications (MCA)
Computing, Scalable Computing and Communications, Cloud and Big from Manonmaniam Sundaranar University,
Data Computing, Internet of People and Smart World Congress, 2016, Tirunelveli, India and her B.Sc in Computer Science
DOI:10.1109/UIC-ATC-Scalcom-CBDCom-IOP- from Madurai Kamaraj University, Madurai, India.
SmartWorld.2016.114. Her research interests are in computer networking
[40] D. Midi, A. Rullo, A. Mudgerikar and E. Bertino, “KALIS: A system and security, intrusion detection systems, the Internet of Things (IoT), and
for knowledge-driven adaptable intrusion detection for the Internet of machine learning. She has published six research articles in reputed journals.
Things”, Proceedings of the IEEE 37th International Conference on She has cleared the National Eligibility Test (NET) for Assistant Professors.
Distributed Computing Systems (ICDCS’17), 2017.
[41] A. Wani and S. Revathi, “Analyzing Threats of IoT Networks Using Dr. L. Arockiam is working as an Associate
SDN Based Intrusion Detection System (SDIoT-IDS)”, Smart and Professor in the Department of Computer Science at
Innovative Trends in Next Generation Computing Technologies St. Joseph’s College (Autonomous),
(NGCT-2017), Springer, CCIS 828, pp. 536–542, 2018. Tiruchirappalli, Tamil Nadu, India. He has
[42] J. Amaral, L. Oliveira, J. Rodrigues, G. Han and L. Shu, “Policy and published four books and 359 research articles in
Network-based Intrusion Detection System for IPv6-enabled Wireless reputed journals. He has guided more than 34
Sensor Networks”, IEEE International Conference on Communications M.Phil Research Scholars and 30 Ph.D. Research
(ICC-2014), pp. 1796–1801, 2014. Scholars, and at present he is guiding eight Ph.D.
[43] N. K. Thanigaivelan, E. Nigussie, S. Virtanen and J. Isoaho, “Hybrid Research Scholars. He received various awards for
Internal Anomaly Detection System for IoT: Reactive Nodes with his academic excellence. His research interests are in the Internet of Things,
Cross-Layer Operation”, Security and Communication Networks, Cloud Computing, Big Data, Data Mining, Software Engineering, Web
Article ID: 3672698, 2018, DOI: 10.1155/2018/3672698. Services, and Mobile Networks.

How to cite this article:

A. Arul Anitha, L. Arockiam, “A Review on Intrusion Detection Systems to Secure IoT Networks”, International Journal of
Computer Networks and Applications (IJCNA), 9(1), PP: 38-50, 2022, DOI: 10.22247/ijcna/2022/211599.

ISSN: 2395-0455 ©EverScience Publications 50

View publication stats