A Survey On Industrial Internet of Things Security

sensors
Review
A Survey on Industrial Internet of Things Security:
Requirements, Attacks, AI-Based Solutions, and Edge
Computing Opportunities
Bandar Alotaibi
Department of Information Technology, University of Tabuk, Tabuk 47731, Saudi Arabia; [email protected]
Abstract: The Industrial Internet of Things (IIoT) paradigm is a key research area derived from
the Internet of Things (IoT). The emergence of IIoT has enabled a revolution in manufacturing and
production, through the employment of various embedded sensing devices connected by an IoT
network, along with a collection of enabling technologies, such as artificial intelligence (AI) and
edge/fog computing. One of the unrivaled characteristics of IIoT is the inter-connectivity provided
to industries; however, this characteristic might open the door for cyber-criminals to launch various
attacks. In fact, one of the major challenges hindering the prevalent adoption of the IIoT paradigm
is IoT security. Inevitably, there has been an inevitable increase in research proposals over the last
decade to overcome these security concerns. To obtain an overview of this research area, conducting
a literature survey of the published research is necessary, eliciting the various security requirements
and their considerations. This paper provides a literature survey of IIoT security, focused on the
period from 2017 to 2023. We identify IIoT security threats and classify them into three categories,
based on the IIoT layer they exploit to launch these attacks. Additionally, we characterize the security
requirements that these attacks violate. Finally, we highlight how emerging technologies, such as AI
and edge/fog computing, can be adopted to address security concerns and enhance IIoT security.
Keywords: Internet of Things; fog computing; edge computing; Industrial Internet of Things;
Industry 4.0; cyber-physical systems; cybersecurity
Citation: Alotaibi, B. A Survey on

Industrial Internet of Things Security: 1. Introduction
Requirements, Attacks, AI-Based
The Internet of Things (IoT) can be defined as a paradigm that utilizes intelligent
Solutions, and Edge Computing
devices that can communicate through the internet [1,2]. IoT environments comprise
Opportunities. Sensors 2023, 23, 7470.
https://doi.org/10.3390/s23177470
many intelligent devices capable of collecting, processing, transmitting, and receiving
data from each other [3]. These interconnected intelligent devices help us to monitor any
Academic Editor: He Fang environment and precisely control any setting [4]. By 2025, the total economic impact
Received: 10 July 2023
derived from IoT technology annually is predicted to reach USD 11.1 trillion [5]. As most
Revised: 20 August 2023 of the IoT systems developed so far are consumer-centric, their nature has enabled the
Accepted: 24 August 2023 adoption of this technology in many industrial applications, creating the so-called IIoT
Published: 28 August 2023 technology [6]. IIoT, also known as industrial internet, can be defined as a paradigm that
utilizes interconnected intelligent devices deployed in an industrial environment, in order
to connect industrial components, including actuators, sensors, controllers, and intelligent
control systems (i.e., for data analysis and industrial process optimization to enhance the
Copyright: © 2023 by the author. speed of execution, decrease costs, and manage the industrial setting dynamically) [7].
Licensee MDPI, Basel, Switzerland. As shown in Figure 1, Industry 4.0—also known as the fourth Industrial
This article is an open access article Revolution—exemplifies an unprecedented industrial evolution and complements various
distributed under the terms and
emerging technologies and systems, such as CPS, MCC, IoT, AI, CC, big data, and fog
conditions of the Creative Commons
computing, in order to improve the adequacy of industries, in terms of heterogeneous
Attribution (CC BY) license (https://
data support, automation, high production, and integrating knowledge [8,9]. The number
creativecommons.org/licenses/by/
of embedded systems utilized in industrial applications has swiftly grown, due to the
4.0/).
Sensors 2023, 23, 7470. https://doi.org/10.3390/s23177470 https://www.mdpi.com/journal/sensors

Sensors 2023, 23, 7470 2 of 49
mounting availability, capability, and affordability of sensors, communication modules,

and processes [10]. This has driven more interest regarding the use of IIoT in industrial
domains such as smart cities, transportation, healthcare, microgrids, and smart factories,
giving rise to Industry 4.0 based on CPS. By 2030, IIoT has been forecasted to be worth USD
7.1 trillion in the U.S. and to exceed USD 1.2 trillion in European countries [11].
Figure 1. Industry 4.0 utilizes various emerging technologies to improve industrial production.
Despite all of the advantages of adopting IIoT, IoT security issues represent one of
the biggest challenges hindering its perfect utilization. The poor security associated with
IoT devices [12,13] makes them vulnerable to cyber-attacks (e.g., IoT devices could be
targeted by adversaries to execute devastating attacks, such as DDoS) [14]. Thus, they
may be susceptible to various cybersecurity threats, causing IIoT security to become a hot
topic in recent years [15]. IoT also relies heavily on the CC to provide the IoT devices
with limited capabilities for the desired services [16]; however, this dependency transports
diverse vulnerabilities to IoT environments [17].
In this context, an emerging computing technology, known as fog computing, has at-
tracted the attention of the research community [18]. Fog computing is a new paradigm
that bridges the gap between CC and IoT by diffusing services and resources on the path
between IoT environments and CC [19]. Fog computing has several advantages, which
can facilitate the secure deployment of IIoT devices. However, fog computing may also
bring some inherited security challenges to the table [20]. This paper presents a review
of the security requirements of IIoT, identifies and classifies cyberattacks that target IIoT
environments, surveys AI-based solutions that enhance IIoT security, and highlights edge
computing opportunities.
The contributions of this paper can be summarized as follows:
• The security requirements and challenges encountered in IIoT environments are
highlighted.
• Solutions based on AI to these security challenges are thoroughly investigated.
• Opportunities and challenges for the secure deployment of IIoT devices at the edge
are presented.
Section 2 introduces the research methodology followed to write this survey. Section 3
presents the background of IIoT and edge/fog computing. Section 4 compares the research
in this paper with the related literature. Section 5 discusses the security requirements that
should be satisfied by IIoT environments. Section 6 presents the attacks that target each
layer of the IIoT paradigm reference architecture. Section 7 introduces the state-of-the-
art solutions proposed to provide secure deployment of IIoT devices on edge computing.
Section 8 presents the opportunities provided by edge/fog computing to IIoT environments,
Sensors 2023, 23, 7470 3 of 49
the challenges that IIoT environments face, and the future research directions. Section 9
concludes the survey paper.
2. Research Methodology
This survey paper utilizes a profound valuation blueprint for an exemplary survey
structure. This paper concentrates on the security requirements for IIoT environments,
investigates possible attacks targeting these environments, explores security solutions that
protect IIoT environments from these attacks, highlights opportunities provided by edge
computing, and introduces future directions. We followed a quantitative approach to
search for ideas regarding each of these concentrations. However, we focus more on the
last six years. The information is collected from various sources, such as journal articles,
conference papers, book chapters, and online sources. The collection sources include
publication houses and public databases such as ScienceDirect, IEEE Xplore, Springer,
MDPI, arXiv (i.e., e-print archive), Hindawi, and ResearchGate. Various keywords related
to the topic of the survey paper were employed to search for the state-of-the-art articles
in these databases. The publication houses and public databases are queried initially for
articles generally related to IIoT security. This provides a recap of the number of papers
published in this broad area of research. Consequentially, other general keywords related
to edge computing security, the integration of edge computing, and IIoT are queried to
give insight into the validity to start writing the survey on this topic. After constructing
the survey structure, the search has narrowed to include keywords related to each section,
such as IIoT application layer, network layer, perception layer attacks, and AI solutions and
solutions that take advantage of edge computing to deal with these attacks. Many articles
were returned, but we carefully chose 243 articles to write this survey paper, as shown in
Figure 2. Twenty papers were used to write the introduction section. Eleven papers were
used to write the IoT/IIoT background and Edge/Fog computing background. Nineteen
closely related papers were precisely compared with our survey. The security requirements
section was written utilizing fifty papers. Sixty-two papers were employed in the attack
categories section. The security solutions section was written using 49 papers, of which
27 papers were utilized to write the network layer security solutions subsection, 8 papers
were used to write the perception layer security solutions subsection, and 15 papers were
employed to write the application layer security solutions subsection. Finally, thirty-one
references were used to write the opportunities and future directions section.
Figure 2. These papers (i.e., 243 articles) were carefully chosen to write this survey paper.
3. IoT/IIoT and Edge/Fog Computing Background

This section is divided into two subsections: Section 3.1 presents the concepts of
IoT and its IIoT subset, while Section 3.2 introduces two CC extensions (i.e., edge and
fog computing).
Sensors 2023, 23, 7470 4 of 49
3.1. IoT and IIoT

Figure 3 depicts the relationships existing between the concepts introduced in this
subsection. Although IIoT originated from IoT it has different focuses, in terms of practical
applications and concepts [21], as shown in Table 1. Namely, the IoT has been designed
to improve people’s quality of life and is generally considered consumption-centric. Typ-
ical IoT application examples include health monitoring, indoor localization, and smart
homes [22]. On the other hand, the IIoT endeavors to enhance the production efficiency of
industries (i.e., it is considered a production-centric paradigm). Typical IIoT applications
include smart manufacturing, smart transportation, remote maintenance, and intelligent lo-
gistics [23]. IoT application system frameworks are generally constructed from scratch, and
the utilized sensors are deployed within a small area and are not sensitive to precision [6].
High mobility is one of the main characteristics of IoT devices; the generated data of these
devices are of moderate size, and delays can be tolerated to a great extent. Meanwhile, IIoT
application system frameworks rely on traditional industrial infrastructures. Thus, the sen-
sors are typically distributed over a large area, and the deployment must be highly precise.
Conversely, most IIoT devices are distributed in specific locations; the data generated by
these devices are large in size, and only slight delays can be tolerated.
Figure 3. The relationships between CPS, IoT, IIoT, industrial internet, and Industry 4.0.
Table 1. Comparison of the main characteristics of IoT and IIoT.
Characteristic IoT IIoT

Smart transportation, intelligent
Smart home, health
Application examples logistics, smart manufacturing,
monitoring,indoor localization
remote maintenance
System Framework Self-reliant Industrial facility-reliant
Delay sensitivity High Low
Mobility High Low
Deployment size Small Large
Deployment preciseness Low High
Data volume Medium High
The IoT terminology relates to other famous concepts, such as CPS, Industry 4.0,
and industrial internet. The CPS concept, introduced in 2006 by Helen Gill, involves the
thorough integration of several technologies, such as sensing and embedded systems
(i.e., combining software and hardware), in order to accomplish efficient internal informa-
tion exchange, resilient real-time feedback, and positive communication between virtual
Sensors 2023, 23, 7470 5 of 49
and physical entities [24]. IoT is regarded as a subset of CPS, which assures communication
between diverse objects through the internet, depending on unique identifiers. The IoT is
supported by the internet, which provides IoT devices with availability, interoperability,
universality, and socialization [25]. Another concept, introduced by the IIC and initiated by
five U.S. tech companies (i.e., Cisco, Intel, IBM, AT&T, and GE) is industrial internet, which
concentrates on data flow enhancement, innovative network standardization, application,
construction, and industrial field automated transformation.
Industry 4.0 was introduced in Germany. This global concept utilizes CPS and emerg-
ing technologies, such as AI, IoT (i.e., forming the IIoT idea), big data, and CC, in intelligent
manufacturers [26]. To recap, CPS connects objects to link the virtual and physical worlds,
while IoT utilizes physical addresses in civilian and industrial settings to facilitate commu-
nication between objects. The industrial internet uses emerging technologies to depict the
prospect of future trends. In this context, industrial internet and IoT are considered subsets
of CPS [27,28], and intersect to form the so-called IIoT. Moreover, Industry 4.0 utilizes IIoT,
among other emerging technologies, in intelligent manufacturing settings.
3.2. Edge and Fog Computing

Edge computing is an enabling paradigm that exclusively processes data on the net-
work’s edge. This occurs between centralized cloud servers and end devices (e.g., sensors,
actuators, and controllers). One of the main reasons for initiating edge computing is to
bring computations closer to hosts, thus reducing delays. Therefore, edge computing en-
ables data to be transferred from end devices to edge computing (i.e., close-to-end devices)
and vice versa, instead of imposing that the end devices interact with cloud servers. Thus,
as shown in Figure 4, edge platforms can act as clients and servers; namely, clients to cloud
servers, and servers to end devices. Acting as servers, they enable end devices to gain
the full benefits from edge platforms that can carry out caching, computational offloading,
storage capabilities, and processing [29].
Figure 4. The interaction between edge platforms; the upper layer (cloud servers) and the lower layer
(edge devices).
Fog computing is another emerging technology that enables edge devices (i.e., end de-
vices and edge platforms) to perform additional computations, handle data, and allocate
network resources [30]. Thus, fog computing is not far from the end devices and enables
the end devices/edge platforms to carry out most services (e.g., data handling, storage,
network resources utilization, and processing) that cloud services can afford [31]. Therefore,
edge and fog computing enable delay-sensitive end-device applications to carry out various
services in real time. These two emerging technologies have become a viable supplement
to CPS and applications in IIoT environments. The following requirements are satisfied by
edge and fog computing:
Sensors 2023, 23, 7470 6 of 49
1. System performance enhancement: Data processing can be achieved at the network’s

edge, improving the system performance of end devices. Edge platforms can ac-
complish data processing in milliseconds, reducing the latency and communication
bandwidth demand, thus enhancing the system’s performance.
2. Data security and privacy protection: Edge and fog computing can reduce privacy and
security risks, as they transmit and store data in decentralized devices (i.e., near-end
devices), as opposed to cloud platforms, which provide centralized data protection
solutions. Additionally, data leakage at centralized cloud servers affects many end de-
vices, compared to data leakage at edge/fog devices, involving only a limited number
of devices (i.e., the end devices nearby that obtain services from edge/fog platforms).
3. Operational cost reduction: When end devices transfer data directly to the cloud,
the operational costs related to migrating data, maintaining good bandwidth, and
shortening delays are increased. On the other hand, when edge/fog platforms are
utilized, the data migration volume, delay, and bandwidth consumption are decreased,
leading to reduced operational costs.
4. Related Work
In this section, we detail recent survey papers that are closely related to this review,
including the state-of-the-art in IoT security, IIoT security, edge computing security, and
edge computing in IIoT, as shown in Table 2. Thus, there is a need to survey the secure
deployment of edge/fog computing in IIoT environments.
4.1. IoT Security Surveys

Meneghello et al. [32] classified IoT attacks into different categories. The authors
defined various security requirements for IoT environments, including access control, in-
tegrity, privacy, anonymity, authorization, authentication, and resilience, and linked various
attacks to suggested security requirements in a well-planned manner. However, this paper
lacked a discussion of the role of emerging technologies, such as edge/fog computing
and AI, in securing IoT networks. Neshenko et al. [33] conducted a detailed survey and
provided a distinctive classification of IoT attacks and vulnerabilities. The authors also
broadly discussed research contributions advancing the state-of-the-art; however, these at-
tacks were not linked to security requirements. Famous threats associated with IoT devices
discussed by the authors, such as improper patch management, false data injection, and
lack of encryption, can be easily linked to security requirements. Furthermore, the authors
did not discuss the positive impact of integrating emerging technologies on IoT security.
Kouicem et al. [34] presented an IoT security survey utilizing a top-down approach.
The authors explored the security requirements in various IoT application domains, such
as smart transportation, healthcare, smart homes, smart grids, and smart cities. Some of the
discussed application domains, such as smart transportation, can play a part in the IIoT
paradigm. The authors also identified specific security requirements for each application
domain. For instance, they defined five security requirements for smart grids: Confiden-
tiality, availability, integrity, privacy, and accountability. In addition, the authors defined
some challenges related to IoT devices and networks, such as heterogeneity, privacy, and
scalability. It appears that the priority of the security requirements in each application
domain differed; for example, confidentiality and privacy are considered more impor-
tant for healthcare than smart transportation. A significant observation introduced in this
survey reveals a security requirement that might be more crucial to IIoT environments,
compared to traditional IoT environments, which is related to safety in IIoT environments
(e.g., plants). One drawback of this survey is its lack of depth in some sections, such as the
challenges part.
Sensors 2023, 23, 7470 7 of 49
Table 2. Comparison of the related literature.
Scope Ref. Major Contribution Advantages Limitations

The role of emerging technologies in securing IoT
[32] A comprehensive overview of IIoT security threats Attacks perfectly linked to security requirements
networks is not discussed
Attacks are not completely linked to security
A distinctive categorization of IoT vulnerabilities and a
IoT security [33] A detailed review of IoT threats and vulnerabilities requirements and the the impacts of integrating emerging
discussion of about 100 research ideas
technologies on IoT security are not discussed
An overview of security requirements for several IoT Noteworthy security requirement prioritization for each
[34] The depth of the challenges section is minimal
application domains application domain
Cyberattacks are not linked to security requirements and
Outstanding future directions and potential applications
[35] A comprehensive review of cyberattack classes the impact of emerging technology on IIoT security is
are discussed
not discussed
A survey of challenges faced by A unique overview of challenges related to energy Security requirements and emerging technologies impact
[6]
Industry 4.0 environments adequacy, interoperability, and security are not discussed
A unique description of the building and linking of IIoT
[36] An overview of IIoT security solutions The depth of the survey is minimal
devices with security in mind
A unified architecture format of security A detailed comparison of security requirements
[37] The authors discuss a few use cases of IIoT devices
requirements in IIoT within heterogeneous
IIoT security
A comprehensive overview of solutions that deal with
[38,39] A discussion of IIoT security requirements The depth of the review is minimal
security violations
A distinctive categorization of the IIoT, exploration of
An overview of IIoT security, threats, and Lacks discussion of the role of adopting emerging
[40] countermeasures taken by industries utilizing
countermeasures taken by industries technologies to protect the IIoT paradigm
security requirements
An evaluation of emerging IIoT security challenges and An ideal mapping study between challenges and The survey is not comprehensive; it complements existing
[41]
investigation of existing countermeasures countermeasures is presented related work
Lacks detailed security threats discussion and enough
A review of IIoT security threats and AI and A distinctive synopsis outlining the advantages and
[42] blockchain and AI background, solutions comparison
Blockchain-based solutions disadvantages of each solution is introduced
elements are brief
An investigation of opportunities provided by edge
[43] An overview of the IoT Edge paradigm and applications The depth of the overview is minimal
computing to improve IIoT security
A distinctive observation related to the unsuitability of
A thorough discussion of fog computing security and
Edge security [44] methods used to secure CC for fog computing The depth of the discussion is minimal
privacy issues
is introduced
Incandescent solutions to privacy and security are The connection between edge applications, threats
[45] A detailed tutorial of the edge computing paradigm
thoroughly discussed targeting them, and security solutions is missing
Sensors 2023, 23, 7470 8 of 49
Table 2. Cont.
Scope Ref. Major Contribution Advantages Limitations

A roadmap for smart manufacturing to integrate IoT and Security requirements and challenges are
[46] One of the first surveys to discuss this area
edge computing inadequately discussed
A demonstration of two scenarios of how IIoT benefits A unique comparison of cloud and fog computing when
[47] The overview is scenario-specific (i.e., not comprehensive)
from fog computing integrated with IIoT
An overview of edge computing reference architectures
[48] A comparison of reference architectures is presented The depth of this overview is minimal
in IIoT
Two enabling technologies that can add value to the
Edge Computing in IIoT [49] A discussion of the integration of fog computing and IIoT This survey is not comprehensive
integration are uniquely discussed
A discussion of recently proposed solutions, recent The lack of in-depth discussion of security challenges and
[50] A review of edge computing and IIoT integration
challenges and few use cases sufficient application examples
Discussion of the Industrial Revolution background and A well-organized and thorough discussion of The discussion part of edge computing lacks
[8]
transformation enabling technologies communication and network protocols essential details
A review of current solutions related to adopting edge Distinctive technical details of some significant edge Security opportunities brought when integrating edge
[21]
computing into IIoT services that add value to the IIoT paradigm computing into IIoT is partially discussed
A thorough discussion of IIoT security challenges,
The IIoT attacks are not deeply discussed and th depth of
[10] A systematic survey of IIoT security from 2011 to 2019 requirements, and opportunities provided when adopting
the opportunitiese part is not sufficient
edge computing that could secure IIoT paradigm
Secure IIoT-Edge A distinctive linkage of IIoT attacks and requirements is
A thorough categorization of IIoT attacks, security
introduced and research attempts to overcome security
Ours requirements, and security benefits from integrating edge N/A
challenges (with a focus on the period 2019–2022) are
computing and IIoT
comprehensively discussed
Sensors 2023, 23, 7470 9 of 49
4.2. IIoT Security Surveys

Lezzi et al. [35] classified IIoT cyberattacks into different categories, while Sisinni et al. [6]
investigated the challenges encountered in Industry 4.0 environments, as well as discussing
the distinction between operational and information technology in these environments.
Neither of the above-mentioned surveys investigated the security requirements in the
IIoT paradigm or deeply discussed the effectiveness of adopting emerging technologies to
enhance the security of IIoT environments.
Hofer [36] noted the growth of articles focusing on IIoT security and discussed some of
these articles. However, the depth of the security discussion was minimal. Hansch et al. [37]
defined the security requirements in IIoT open-platform communications, and organized
them in a unified architecture format. The authors discussed the security requirements
well but did not discuss enough use cases. Other previous reviews [38,39] discussed IIoT
security solutions and explored security requirements for the IIoT paradigm. These surveys
lacked discussions of the existing security solutions and requirements in depth, however.
Tan and Samsudin [40] introduced a detailed survey of IIoT security, discussed the
countermeasures taken by industries to protect their perimeters, discussed current chal-
lenges, and suggested future directions for research. The authors categorized the IIoT
paradigm into four layers and inspected the countermeasures deployed by industries utiliz-
ing the security requirements presented in the CIA+ security certification. One drawback of
this survey was a lack of discussion regarding the role of adopting emerging technologies
to secure IIoT environments and related use cases.
Serror et al. [41] evaluated emerging IIoT security challenges, including risks, threats,
and vulnerabilities. The authors presented a mapping study between security challenges
and countermeasures, taking into consideration the distinctive aspects of IIoT deploy-
ments, such as continuous connectivity and long-lasting elements. The survey paper is not
comprehensive; it complements existing related work.
Jayalaxmi et al. [42] introduced a review of security threats that encounter IIoT en-
vironments and the research efforts that protect IIoT environments from these threats.
The authors focused on solutions that utilize blockchain technology, machine learning, and
deep learning to detect intrusions or mitigate potential threats. Subsequently, a synopsis
was presented to outline the pros and cons of each solution. Finally, the authors presented
open research problems for the research community and future directions. This review lacks
a detailed discussion of the security threats in IIoT environments and sufficient background
on blockchain technology, machine learning, and deep learning for readers to understand
the foundation of these solutions. Also, the comparison elements that the authors utilize to
evaluate existing solutions are shortened.
4.3. Edge Computing Security Surveys

Ni et al. [43] presented a complete IoT Edge paradigm and discussed various emerg-
ing edge-based IoT applications. The authors investigated mobile edge computing data
processing challenges related to privacy, security, and efficiency. Additionally, the authors
explored some opportunities, such as secure data de-duplication, secure data aggregation,
and secure computational offloading, provided by edge computing that could enhance
the computational efficiency of IoT data security. The authors also introduced various
motivating future research directions related to data analysis at the edge of networks.
Guan et al. [44] discussed fog computing-related privacy and data security issues.
The authors surveyed fog layer security design challenges and also argued that data protec-
tion methods used to secure cloud computing are not directly suitable for fog computing.
Zhang et al. [45] provided a comprehensive tutorial on edge computing architectures.
The authors also discussed edge computing privacy and data security requirements, mech-
anisms, and challenges. Additionally, the authors suggested various future directions to
effectively secure edge computing technology.
Sensors 2023, 23, 7470 10 of 49
4.4. Edge Computing in IIoT Surveys

Some reviews have covered the integration of edge computing and IIoT in part.
For example, Georgakopoulos et al. [46] presented a roadmap for smart manufacturing
to efficiently utilize IoT and edge computing. Seitz et al. [47] introduced two empirical
scenarios, in order to demonstrate that IIoT applications can benefit from fog computing.
The first practical scenario explains how the fog computing paradigm increases the system
availability, compared to cloud computing, and demonstrates how the sensor data can be
analyzed in fog computing with a low delay, compared to cloud computing. The second
practical scenario is implemented in an industry setting, which indicates a decrease in band-
width utilization, allowing for the deployment issues associated with cloud computing to
be overcome and lead to reliable and efficient IIoT applications. Sitton et al. [48] explained
the major state-of-the-art edge computing reference paradigms in Industry 4.0, and com-
pared and contrasted these reference architectures. Steiner and Poledna [49] discussed how
fog computing could be integrated with IIoT in an architectural manner, and explored two
enabling technologies that can perfectly work with fog computing (i.e., deterministic com-
munication and virtualization). Although these surveys introduced valuable knowledge
with respect to integrating IIoT and edge computing, they were not comprehensive.
Other surveys discussed the various main topics related to integrating IIoT and edge
computing; however, the depth of these surveys remains low. For instance, Aazam et al. [50]
explained how fog computing adds value to IIoT environments, discussed some research
challenges, and presented a few use cases; however, they did not discuss the emerging
technologies that could enhance the efficiency and secrecy of IIoT environments when
integrated with edge computing. Furthermore, the survey paper lacked an in-depth discus-
sion of challenges (security challenges in particular) and sufficient application examples.
Basir et al. [8] discussed the Industrial Revolution background and key technologies facili-
tating industrial transformation. The authors also discussed some challenges related to fog
computing. However, their survey was highly concentrated on the communication and
network protocols/algorithms used in IIoT, instead of focusing on the challenges associated
with adopting edge computing.
Qiu et al. [21] reviewed research articles related to edge computing in IIoT. The authors
first discussed the background of edge computing and IIoT in detail. Then, they intro-
duced the edge computing research progress and proposed a prospective edge computing
architecture, including technical details such as task scheduling, data storage, routing,
security, analytics, and standardization, which could be adopted by IIoT environments.
Moreover, the authors discussed the opportunities that edge computing can afford in IIoT
environments, such as data security, load balancing, data offloading, and intelligence.
They also discussed some challenges concerning the adoption of edge computing into
IIoT environments and presented various application scenarios, such as smart grids, smart
manufacturing, smart logistics, and ICV. However, the authors only partially discussed
security aspects.
4.5. Secure IIoT-Edge Deployment

Tange et al. [10] provided a systemic review of IIoT security from 2011 to 2019. The au-
thors concentrated on the security requirements of IIoT and pointed out briefly how fog
computing can enhance IIoT security. Although the authors pointed out some security
benefits that might be introduced when adopting edge computing in IIoT environments,
the depth of the security part when adopting edge computing in IIoT environments was
insufficient, and the security challenges and the research progress required to overcome
these security challenges were not deeply discussed in this survey. To fill this gap, a survey
focused on the security challenges introduced when IIoT environments integrate edge
computing, and the research attempts to overcome these security challenges are discussed
in this survey paper.
Sensors 2023, 23, 7470 11 of 49
5. IIoT Security Requirements

In this section, we introduce the general security requirements that should be satisfied
by each communication system, including IIoT environments when deploying IIoT devices
for edge computing.
5.1. CIA Triad

The famous information security model known as the CIA triad can be regarded as a
building block for security requirements or goals. A set of security mechanisms also belong
to these three requirements, briefly defined as follows:
• Confidentiality concerns the protection of information in any form. The methods
used to satisfy confidentially include access control, encryption, network isolation,
and privacy.
• Integrity aims to provide IIoT entities with consistency, authenticity, and accuracy,
and allows for building trust with other entities.
• Availability guarantees that the system operates efficiently at all times. Various meth-
ods are used to satisfy availability, such as decentralization and redundancy.
Traditionally, the CIA model was utilized in the information security field, implying
that this model is exclusively linked to information. Nevertheless, the CIA model is evenly
adaptable in other fields, including CPS [51]. Conventionally, industrial environments
concentrate primarily on availability, then on integrity, and finally on confidentiality. Mean-
while, with the use of internet-connected devices, this conception should be re-considered,
such that all three requirements should be treated equally. Therefore, with the evolution
of Industry 4.0 and the IIoT paradigm, integrity and confidentiality must be considered
evenly, with respect to availability.
While the CIA security model provides a good foundation and remains of paramount
importance when security requirements are specified for a certain system, it is not always
valuable for reducing solid requirements back to elements of this security model, if one
already has more (e.g., contextual) information that might enable the derivation of a
specific security requirement. For instance, we could simply declare that we should keep
data confidential at rest; however, such a security goal might not imply the states that a
specific confidentiality mechanism should meet. Furthermore, this is open to interpretation.
For example, which party should have their information kept confidential? It is difficult to
design a constant security goal that works well in all scenarios [10].
5.2. Authentication
A major concern in various communication environments, such as IIoT, is authenti-
cating remote entities (e.g., machines, users, and applications) [52]. In the context of IIoT
applications, authentication becomes more challenging, due to the nature of IIoT devices,
which have limited capabilities due to power constraints, as well as limited storage and
processing capacities [53]. Thus, a lightweight authentication mechanism with features
such as light computation overhead and minimum transfer size should be designed to
overcome these limitations.
Another major concern related to data authenticity is ensuring that data integrity is
verifiable and that the data are not altered during transit [54]. Additionally, this applies to
configuration files, which should be verified to have been created by authorized entities
and not altered since their creation. Considering the nature of IIoT devices, IIoT environ-
ments require authentication solutions that satisfy the trade-off between lightweight and
secrecy, as well-known authentication mechanisms will not be able to be adopted in such
environments [55].
In IIoT environments that utilize edge computing, blockchain-based authentication is
a suitable preference to authenticate remote entities and provide data integrity. A represen-
tative model is the one proposed by Wang et al. [56]. The authors proposed a lightweight
message authentication framework based on blockchain that ensures message security
Sensors 2023, 23, 7470 12 of 49
while utilizing minimal computational overhead for IIoT resource-constrained devices.

This framework utilizes edge servers to oblige IIoT devices to perform cross-domain au-
thentication and effectively decrease redundant communications between these devices.
The secrecy of this model is analyzed using a random oracle scheme, proving its resistance
to several attacks.
5.3. Access Control and Authorization

Access control is significant in various circumstances. Devices in IIoT environments
should be given permission to access edge network resources based on their privileges.
For instance, system administrators would be given more permissions (e.g., for updates de-
ployment) than normal users. In some situations, IIoT devices run on two operation modes:
an administrator and a normal user. In this context, adequately separating privileges is one
of the biggest challenges that systems (e.g., SCADA) in IIoT environments encounter [57].
On the other hand, unauthorized users should be prevented from accessing sensitive data
or altering data [58].
Access control is usually regarded as authentication-reliant, as it is necessary to
authenticate users before enforcing the access policy. Thus, access control mechanisms are
typically similar to authentication mechanisms. Access control can consume IIoT device
resources, as the IIoT devices must interact with authorization servers on the edge before
accessing certain resources. Access control is somehow affected by availability, especially
in the IIoT environment (i.e., it is highly distributed); thus, access control policies should
always be available to IIoT devices.
The access control function acts as an agent between a specific user or one of the IIoT
devices processes and system or edge network resources, including operating systems,
firewalls, routers, applications, and databases. If a specific party (i.e., a user or a process)
wants to access a resource, this party must be authenticated first. The authentication
mechanism decides whether the party as a whole is allowed to gain access to the system
or not. Subsequently, the specific request initiated by the party is permitted or not by the
access control function. A network administrator or security personnel typically creates
and sustains an authorization database containing information determining the access type
permitted to that party. The access control mechanism confers the authorization database
to decide whether to permit access to this party [59].
An example is the access control and authorization mechanism developed by the
Kantara initiative, known as UMA [60]. UMA is a capability-based scheme that enables
a particular entity possessing a capability and an access token to access a given resource.
UMA is a suitable fit for IIoT environments because it is a user-oriented standard. In typical
UMA architectures, the resource (e.g., a specific file) owner stores the resources at a resource
server and controls the resources. A designated authorization server should be incorporated
to protect the resource server. The resources must be registered to the authorization server
by the register server and given appropriate policies for users or processes. The user or
process should obtain an authorization grant by sending a request to the resource server.
To issue a ticket to the process, permission must be registered by the resource server on
the authorization server. Then, the process reveals the ticket to the authorization server to
grant permission. If the authorization server gives the permission, an RPT is issued to the
process. The process can access the requested resource using the RPT [61].
The conventional IIoT environments use TTP as middleware to authenticate devices
before enforcing access control policies. Since TTP is involved, data privacy preservation is
a big issue. Additionally, other issues appear due to the involvement of TTP such as SPOF,
trust, and vulnerabilities. Therefore, IIoT devices must be collectively and collaboratively
authenticated in a decentralized manner using for example blockchain technology. For ex-
ample, Dwivedi et al. [62] introduced a solution to these problems utilizing blockchain
technology. The authors present a fully decentralized system for IIoT devices that does not
rely on TTP using IPFS Ethereum smart contracts. The proposed framework also consists
of data accessing policies designated for end users.
Sensors 2023, 23, 7470 13 of 49
5.4. Resilience and Maintainability

Resilience is defined by ICS in its IIoT security framework as an emerging mechanism
equipped with a system that normally carries out the assigned missions, even if it encoun-
ters adversarial conditions. This system must avoid, absorb, and coordinate dynamically to
work properly and complete its designated tasks. Once the system is infected, it should
be capable of reconstituting its operational capabilities. This terminology is similar in
concept to other security terminologies, such as reliability, safety, and trustworthiness [63].
Resilience is one of the most significant security challenges in IIoT environments [64].
IIoT networks should provide some mechanisms to guarantee that operations on IIoT
systems will be normally performed, even if a part of the system is compromised. This could
be done in IIoT networks by forwarding some of the current tasks from the infected part
to another part of the system, or even to a different system. In the research community,
this technique is usually called diversity, redundancy, or hardening [65]. This concept
is applicable in WSNs, in which a sufficient number of sensors are deployed to ensure
redundancy. Such a scenario aims to isolate compromised sensors when infection occurs,
re-routing the new measurements to the other sensors in the network until the issue
is resolved.
Maintainability can be described as the capacity to configure, reconfigure, and update
a system or part of a system. This security requirement is crucial in the IIoT paradigm,
as the software in IIoT devices must have the capacity to be updated to be protected
against previously unknown cyberattacks [66]. Updating software is considered a valuable
countermeasure against various threats, as it helps to continuously modify firewall config-
urations at the network’s edge once the IDS detects new threats. Additionally, software
vulnerabilities can be restored by utilizing software patches in routine software updates.
Various IIoT devices communicate with each other and other traditional devices
through the internet, which is insecure by design. Therefore, regularly updating IIoT
devices and patching their vulnerabilities is essential to maintain their resilience against cy-
berattacks. Some proposals, such as the one proposed by [67], utilize blockchain technology
to provide secure and reliable updates for IIoT devices. The authors employ an incentive
protocol in which a specific agent supplies the updates and utilizes a smart contract to
create a pledge to give collaborated nodes that transmit the updates to the IIoT devices
financial incentive. To obtain the financial incentive, the collaborated nodes should provide
the agent with proof-of-delivery. The collaborated nodes should employ DAPS via an
attribute-based signature to perform the fair exchange and obtain the proof-of-delivery.
5.5. Privacy
Privacy is a significant security requirement for individuals, companies, and govern-
ments. Due to the emerging demand for cloud storage services, privacy preservation has
become a critical issue [68]. Modern devices generate variable amounts of data, making
users susceptible to privacy violations, in which detailed profiles can be created for users
from the generated data without their permission [69]. Additionally, applications can vi-
olate privacy by revealing personal information about a user’s habits, movements, and
interactions with other users [70]; for instance, a user’s location could be tracked by one of
the applications they install on their devices.
Moreover, some websites (e-commerce websites, in particular) collect information
about users, such as previous visits to products, shopping carts, and even credit card
information. The collected information might be released to other companies without
the user’s permission. Another challenge is data capturing in transit, which may reveal
personal information about people and objects.
Data redundancy in IIoT environments can be resolved through mechanisms that
store data at rest. However, privacy protection and data security are two main challenges
for stored data. Stored data can be encrypted and retrieved without violating users’
privacy using some encryption methods, such as attribute-based searchable encryption. For
example, Niu et al. [71] proposed an attribute-based searchable technique that incorporates
Sensors 2023, 23, 7470 14 of 49
an online and offline encryption scheme that relies on a reusable ciphertext pool capable
of reducing the computation burden and outsourcing decryption mechanism that utilizes
an edge server capable of decreasing the overload on the resource-constrained devices
via outsourcing decryption. Additionally, the server can be authenticated by a specified
authentication server in the searchable location.
5.6. Security Monitoring

Dynamic security monitoring of systems behavior is provided by famous tools known
as IDSs. These tools can detect threats targeting networks and provide the required
response procedure. It is substantial for any network—including IIoT environments—to
monitor communications, identify threats, and respond to known and unknown intrusions
if needed [72–74]. One reason underlying the importance of IDSs is that old and less-secure
devices (i.e., those that are difficult to patch to deal with known vulnerabilities) could
connect to the network, which demands continuous security monitoring [75]. These devices
might become a target of a DDoS attack. Then, they may become part of a botnet that can
launch attacks against other legitimate IIoT devices in the network.
Capturing and investigating exchanged data, networks, and services using passive
network traffic monitoring and analysis systems are of paramount significance in coordi-
nating networks and identifying security issues in a timely manner [76–78]. The IDS can be
identified as a tool that monitors network traffic to detect attacks compromising the CIA
model of a given information system [79].
An IDS can be operated in three phases. The first phase is responsible for monitoring
traffic or data, which depends on host- or network-based sensors. The second phase is
responsible for analyzing the captured network traffic or collected data. This phase utilizes
feature extraction or pattern identification techniques to accomplish the task. The third
phase involves detecting threats using two well-known approaches: misuse detection and
anomaly detection [80].
Misuse-based intrusion detection methods gather known signatures and patterns of
familiar threats in a database and compare incoming traffic with the database entries to
detect attacks [81]. Misuse-based intrusion detection techniques have disadvantages, such
as the high cost of signature matching, increased number of false alerts, and overload of
network datagrams [82]. Additionally, the memory constraints of IIoT devices make it
difficult to implement misuse-based IDS in those devices, due to the burden of a large
number of signature entries in a database [83]. Moreover, the databases assigned for attack
signatures and patterns must be periodically updated. Misuse-based IDSs require previous
knowledge to be able to identify suspicious activities. Thus, unknown attacks may not be
detected by this type of IDS [84].
Anomaly-based IDS methods maintain the situation in which genuine devices generate
normal data in the network and assess monitored data accordingly to identify anomalies
(i.e., outliers that deviate from the normal data) [85]. These outliers are usually generated
from noise or other incidents, which could result from utilizing a hacking tool. Therefore,
unusual activities resulting from the existence of attackers would leave footprints in the
infected network [86]. Therefore, attacks (including unknown ones) can be detected by
anomaly-based IDSs using these footprints. In short, an anomaly-based IDS method creates
a pattern of normal data generated by legitimate devices in the network, updates the
pattern periodically, monitors network traffic in real time, and compares the monitored
traffic with the normal pattern; if any deviation from the normal pattern exists, it may
indicate an intruder [87].
The open connectivity nature and the widespread use of IIoT devices make them
susceptible to cyberattacks. Additionally, the prevalence and heterogeneity of IIoT de-
vices increase the difficulty of presenting a centralized cyberattack detection method.
Thus, proposing decentralized approaches in close proximity to IIoT environments to
detect cyberattacks is vital. For instance, Javeed et al. [88] presented an edge-based mecha-
nism capable of securing communication in IIoT environments. The proposed approach
Sensors 2023, 23, 7470 15 of 49
utilizes AI to detect cyberattacks. The authors combine two well-known RNN architectures:
GRU AND BiLSTM to distinguish the anomalies from normal traffic and edge computing
to facilitate the routing flexibility and interoperability of the heterogeneous IIoT devices.
5.7. Secure Data Sharing

Securing data are important in digital paradigms, including IIoT. Various research
papers have described data confidentiality as a substantial security requirement [89–92].
However, integrity and availability have a quantifiable economic effect and, hence, are
considered more important than data confidentiality in traditional industrial settings [93,94].
Due to the evolution of the ICS as an integral part of the IoT paradigm, data confidentiality
significance has become intelligible, due to the interactions in the ICS between devices and
users that generate private data.
Companies consider secure data sharing an important security requirement to inte-
grate Industry 4.0 [95,96]. Additionally, some companies have hesitated to employ data
sharing-based approaches, such as smart maintenance, fault detection and prevention,
and cloud services, as they believe that the data exchanged from their facilities to service
providers might not be sufficiently protected [97]. Other researchers have supported the
sentiment that organizations are hesitant to deploy cloud services or depend on cloud
providers to supply data storage and sharing to customers [98]. Another serious challenge
occurs when data breaches occur internally.
There exist various other challenges related to IIoT devices, applications, and environ-
ments. Data security techniques must be light to be equipped in IIoT devices with limited
resources. Additionally, these techniques should be able to operate on heterogeneous
devices. Some critical IIoT applications demand a full-fledged data security mechanism, so,
it is infeasible to implement the mechanism on a resource-constrained device (i.e., an edge
node is favorable). Moreover, data security is important as, in industrial settings, it is
important to share data to enable various intelligent capabilities; therefore, the data are
usually sensitive [99]. An important characteristic of Industry 4.0 is the utilization of
available data in an intelligent and efficient manner. Thus, the ability to share data with
other entities in an Industry 4.0 environment or outside the environment’s boundaries is
significant to fulfill this requirement.
The IIoT devices generate large amounts of data; the generated data must be processed
via distributed computing and stored in one or more nodes for analysis and retrieval.
This presents security and privacy issues and introduces scalability challenges. To protect
confidential data and share data securely, efficient protocols are required, such as the one in-
troduced by Hosen et al. [100], a secure peer-to-peer and group communication framework
that utilizes edge computing to support IIoT systems’ secure data sharing. The framework
uses consortium blockchain, IPFS-based immutable data storage mechanism, and a detec-
tion scheme to protect confidential data at rest and in transit and detect cyber threats. The
authors improved the PoV consensus algorithm to reduce the latency during block mining
in blockchain technology because of the overhead and errors that cause POF. The detection
scheme is based on two deep learning algorithms known as autoencoder and RNN; the
former is used to reduce the dimensionality of the generated day, and the latter is used to
classify traffic as legitimate or an attack. After detecting the attack, the model can identify
its type.
6. IIoT Attack Categories

IIoT environments comprise various devices, ranging from tiny embedded systems to
full-fledged servers. Thus, it is significant to highlight the security challenges at different
IIoT layers. As shown in Figure 5, the traditional IIoT layer architecture consists of three
layers: The perception layer, the network layer, and the application layer. Each layer has its
own enabling technologies and unique features. Thus, this section discusses these three
layers and the challenges IIoT applications encounter when applying security requirements
Sensors 2023, 23, 7470 16 of 49
in industrial environments [101]. Table 3 depicts popular attacks that target the three IIoT
layers, along with their common countermeasures.
Table 3. Popular security threats that target the three IIoT layers and their common countermeasures.
Layer Attack Violated Requirements Common Countermeasures

Abolishing information related to secure
Node Capture Confidentiality, Authentication
keys after disassociation [102]
Increasing interference resistance using
Jamming Availability techniques such as FHSS [103] and
Perception
DSSS [104]
Ensuring security policies are not violated
Sleep Deprivation Availability
using policy-based IDS [105]
Replay Integrity Utilizing timestamps and nonces [106]
Detection and prevention using a
Selective-Forwarding a Availability
combination of IDS and IPS [107]
Employing access control and data
Eavesdropping Confidentiality, Privacy
encryption techniques [108]
Applying packet filtering, IDS, and
Sybil and ID Cloning b Authentication
localization techniques [109]
Deploying secure neighboring discovery
Wormhole Confidentiality, Availability techniques and measuring
Network
challenge-response and RTT delay [110]
Utilizing traffic filtering, IDS, and tracking
Denial of Service Availability
techniques [111]
Employing light encryption techniques
Man in the Middle Confidentiality, Authentication
and deploying IDS [112]
Employing IDS and IPS to detect and
Sinkhole Availability
prevent this threat [113,114]
Utilizing various routing paths and
Black hole c Availability
deploying IDS and IPS techniques [115]
Employing private-key cryptography,
Malicious Code Injection Confidentiality, Authentication light public-key encryption, and
authentication mechanisms [116]
Deploying signature-based IDS and
Cross-site or Malicious Scripts Confidentiality, Authentication content and pattern analysis
techniques [117]
Deploying IDS, IPS, and malware removal
Malware Injection Integrity
mechanisms [118]
Utilizing access control, encryption, and
Data Distortion Integrity and secure data sharing recovery [119] such as
Application backup mechanisms
Utilizing parameterized statements, IDS,
SQL Injection Confidentiality, integrity access control, and encryption
techniques [120]
Employing traffic filtering, IDS, IPS, and
Ransomware Confidentiality, Authentication
encryption techniques [121]
Protection of cryptography techniques,
Side-channel Confidentiality preventing traffic analysis, and enforcing
strict access control policies [122]
Using access control and authentication
Authorization and Authentication Authentication and access control
techniques [123]
a also known as gray hole; b a.k.a. malicious cloning; c sometimes referred to as selfishness.
Sensors 2023, 23, 7470 17 of 49
Figure 5. Framework of the three traditional IIoT layers: perception, network, and application.
6.1. Perception Layer Attacks

The perception layer (a.k.a. device layer) consists of devices equipped with various
objects, such as sensors, cameras, robots, and smart meters, as shown in Figure 5. This layer
is responsible for identifying and gathering information related to the target sensor. This in-
formation comprises measurements of quantities such as movement, chemicals in a specific
environment, vibrations, heat, acceleration, or humidity. The collected data are transmitted
to the lower layer (i.e., network layer), and eventually conveyed using guided (e.g., indus-
trial Ethernet cable) or unguided media (e.g., WiFi) to an information processing system at
the edge [124]. This subsection concentrates on attacks targeting the perception layer.
6.1.1. Node Capture Attacks

In this kind of attack, the attacker can physically obtain or replace an IIoT node or
modify certain hardware. This type of malicious act leads to exposing sensitive information
related to digital rights coordination, such as cryptography keys or access keys. Once the
attacker gains access to the IIoT device, they can then malignantly act to harm other devices
in the network [125].
6.1.2. Jamming Attacks

This type of attack can disrupt or alert communication of IIoT devices by tampering
or interfering with the access mode of wireless communication. Thus, IIoT devices will be
prevented from transmitting data to other network entities successfully [126]. Attackers
can jam the wireless signal remotely utilizing a powerful passive transmitter. They can also
use shielding techniques to avoid defensive mechanisms. Radio noise that matches the
frequency of a specific system can be utilized to interfere maliciously with RFID systems.
6.1.3. Sleep Deprivation Attacks

This family of attacks prevents IIoT devices from resetting to sleeping mode by insert-
ing infinitely looping codes into the device’s memory or making hardware modifications.
By default, IIoT devices are battery-constrained and remain on sleep mode when they do
not transmit or receive information, to preserve battery; however, these attacks can drain
the batteries of IIoT devices by actively waking them up, eventually shutting them down
completely (this is a type of DoS attack) [127].
6.1.4. Replay Attacks

Without authentication mechanisms, an intruder can capture a previously legitimate
message transmitted from an IIoT device to another entity, then modify and replay the
message to its final destination [128]. This kind of attack is possible when the authentication
Sensors 2023, 23, 7470 18 of 49
is applied in a certain IIoT environment. The intruder can eavesdrop on the wireless
channel, capture the message, clone, and use the authentication code in the captured
message (i.e., generated by the sender).
6.2. Network Layer Attacks

As shown in Figure 5, once the data are handed from the perception layer to the
network layer, the network layer identifies the path the message takes to reach the receiver
(this path includes the first edge router, which is responsible for forwarding the message
to the next router on the route) [129]. The network layer aims to transfer network packets
(a.k.a. datagrams) between heterogeneous networks transmitted by various IIoT devices.
These network packets are sent by the IIoT device interface using a communication pro-
tocol, passing through various communication links [130]. The transmitted packets from
IIoT devices are usually obtained by nodes at the edge, such as routers or gateways for
processing and forwarding to the outside world. Therefore, IIoT devices and edge nodes
are susceptible to network layer attacks. This subsection introduces the attacks that target
the network layer.
6.2.1. Eavesdropping Attacks

This type of attack enables the intruder to listen to the ongoing exchange of messages
between IIoT devices in the communication channel. The message exchange can include
sensitive information, including passwords and bank information in plaintext if encryption
is not applied [131].
6.2.2. Sybil and ID Cloning Attacks

A Sybil attack occurs when an intruder steals the identity of a legitimate IIoT device
to disturb the communication between devices. Additionally, an intruder can maliciously
possess various identities to deceive IIoT devices into believing many IIoT devices are
in the network [132]. On the other hand, a clone ID attack can be defined as spoofing
a legitimate node’s identity and pretending that the attacker has the identity of another
legitimate node in the network. An attacker can launch this attack to access more devices
in the network [133].
6.2.3. Wormhole Attacks

This type of attack allows two attackers to create a virtual long-distance tunnel, which
is created to force the other devices in the network to transmit their packets through
that tunnel [134,135]. Additionally, the exchanged information could pass through the
intermediate legitimate nodes to drain their batteries [136].
6.2.4. Denial of Service (DoS) Attacks

An intruder can launch this type of attack to sabotage bandwidth or network re-
sources, which can be accomplished by actively transmitting a large number of packets to
the devices/servers connected to the network indefinitely or temporarily to make them
busy and eventually prevent them from doing their usual activities. This attack might
also drain the batteries of IIoT devices, leading them to completely shut down [137,138].
Another subset of DoS attacks is DDoS, which compromises normal IIoT devices that do
not have appropriate security protection to become a source of attack traffic. This attack
can be categorized into logical and flooding [139]. A logical attack allows the intruder to
transmit deceiving messages to misguide normal users into believing that the service’s
application or service on the machine they are contacting is unavailable (i.e., fully occupied).
A flooding attack targets edge IIoT devices or servers by transmitting numerous amount of
packets, making the target devices unable to process these packets and eventually become
unavailable to normal users in the network (i.e., they cannot reply to normal requests from
legitimate users) [140,141].
Sensors 2023, 23, 7470 19 of 49
Edge computing is more susceptible to DoS attacks than cloud computing, as ser-
vices are provided by edge IIoT devices, which cannot be equipped with suitable defense
mechanisms due to computational limitations. Additionally, attackers target edge devices
and use them as sources to launch attacks on nearby edge servers; hence, the attacks may
be more severe, compared to when targeting far-away cloud servers (in which case, the
traffic would pass through various routers and might be blocked before it reaches the cloud
server). In this regard, a memorable case is when 65,000 IoT devices were targeted and
exploited to launch malicious packets against famous services, such as Dyn (a company
that offers services to control, coordinate, and optimize online infrastructure), Kerbs (a daily
blog that covers cyberattacks), and OVH (a giant European hosting provider); this attack is
known as the Mirai botnet [142]. The DoS attacks have various subtypes including:
1. A selective-forwarding attack is a type of DoS attack. In this attack, the attacker may
choose to forward certain packets (e.g., RPL control messages) and drop the rest of
the packets to disrupt the route [143]. This attack can have more severe consequences
when combined with other attacks, such as sinkhole attacks.
2. The intruder launches this attack to lure network entities to believe that it is the
sink node (i.e., a node in a network with stronger capabilities than other nodes in
the network), to forward network traffic to it. The forwarded traffic is eventually
transmitted to the attacker, and might not reach the intended receiver [144].
3. This attack can be launched by a malicious node that acts as a hole (a node that forces
the other network entities to route the packets to it and drop the forwarded packets),
to degrade IIoT network performance [145].
6.2.5. Man in the Middle Attacks

The attacker can launch this attack to become a “man in the middle” of ongoing
communication between two legitimate IIoT nodes. The attacker can then monitor the
communication in real-time, as well as intercept and alter the exchanged messages [146].
6.3. Application Layer Attacks

As shown in Figure 5, the last layer in the traditional IIoT layer architecture is the
application layer. The application layer presents data and provides IIoT users with various
applications, such as smart transportation, smart manufacturing, and intelligent logis-
tics [147]. Before we dig into the application layer attacks and for illustration purposes,
we will present an example of application layer attacks (i.e., ransomware attacks) that
might target IIoT environments. Recently, IIoT devices have become tempting targets for
applications layer attacks. IIoT devices and analytics systems deliver various benefits for
industries that help increase growth rates and market capitalization. However, any chance
of sudden downtime would cause substantial losses that could cost the industry up to
USD 260,000 per hour. To that extent, attackers find IIoT devices the ideal targets to gain
profit because if the attacks launched by the attackers succeed, the industry will likely pay
the ransom to avoid the downtime that might occur due to these attacks. IIoT devices
are susceptible to ransomware attacks in some IIoT deployments, such as Brownfield-IIoT
deployments. In these deployments, the legacy systems deployed at the edge should be
connected to the internet. These systems are vulnerable to several security issues because
these systems usually do not support decent security countermeasures such as encryption,
updating, and patching. The workstations at the edge that employ these systems (particu-
larly ones that use unpatched operating systems) are the medium attackers could exploit to
spread their attacks in the IIoT environment because they have direct or indirect connec-
tions with ICSs. The ICSs usually use workstation interfaces through the OLE protocol for
process control.
Additionally, other processes, such as NetBIOS and SMB, are utilized by ICSs for
implementation and configuration purposes. Once a ransomware attack infects the work-
station via and malicious USB, malicious link, or suspicious file, the ransomware can be
easily distributed to critical ICSs. In the last few years, a ransomware version known
Sensors 2023, 23, 7470 20 of 49
as “WannaCry” exploited workstation interfaces to spread attacks in IIoT environments,

affecting several industries worldwide [148]. The application layer is susceptible to various
security issues, listed as follows:
6.3.1. Malicious Code Injection Attacks

Attackers can exploit the vulnerabilities associated with the debug modules to inject
malicious codes. Once the attackers inject the malicious codes, the attacker can then perform
unwanted activities on the affected device [149]. Additionally, the attacker may be able to
carry out malicious activities on the entire network through the affected device. Addition-
ally, IIoT devices can be infected when they upgrade their firmware/software using an OTA
utility. More specifically, the attacker can inject a virus into the IIoT device when the device
is installing a scheduled firmware update; hence, this action demands rebooting the IIoT
device to be effective. To protect IIoT devices from such attacks, there should be a suitable
authentication mechanism and identification for the edge devices, as well as ensuring that
the updates and upgrades that can be installed on IIoT devices are trustworthy (i.e., do not
carry malware).
6.3.2. Cross-Site or Malicious Scripts Attacks

These vulnerabilities can be exploited by malicious nodes, through websites visited
by IIoT users. Particularly, suspicious websites could be equipped with malicious scripts
that decoy the user’s system to become infected, thus revealing the user’s data [150].
Such malicious scripts can be created using any scripting language, such as JavaScript,
like any other legitimate script, and run by any internet browser. One possible threat of
cross-site and malicious scripts is their ability to lure users to upload data, even without
verification [15].
6.3.3. Malware Injection Attacks

In this type of attack, the intruder targets a victim edge device’s service requests to
inject malware into that device’s system or the network [151]. This attack leads to disruptive
threats to system security and data integrity. Both edge servers and devices are susceptible
to this kind of attack. The edge server can be targeted by a malware injection attack known
as SSI. This attack can be categorized into four classes: XML injection, CSRF injection, XSS
injection, and SSRF injection. Edge devices are prone to a malware injection attack known
as DSI (e.g., RCE or reaper), in which the attacker injects malicious code into the targeted
IIoT device [152,153].
6.3.4. Data Distortion Attacks

In this type of attack, intruders eavesdrop on the wireless channel, intercept the packets
transmitted between network entities, distort them, and forward them to the receiver [154].
6.3.5. SQL Injection Attacks

This type of attack exploits the vulnerabilities of applications that retrieve and transmit
information from and to the databases. This family of attacks can also modify the running
SQL query by maliciously launching a query fragment; for example, through a web form.
Consequentially, the attacker can gain access to the database and alter the database schemes,
tables, tuples, or attributes [155].
6.3.6. Ransomware Attacks

A ransomware attack is a subset of the malware attacks family, where the attacker
hijacks IIoT devices or files and asks for compensation (usually money) to restore access to
IIoT devices or decrypt files, such that the victim device can use them again. The cyber-
criminals who launch this type of attack usually interact with the victims and ask them to
pay a ransom (e.g., Bitcoin) in exchange for decrypting the files or regaining access to the
IoT devices [156].
Sensors 2023, 23, 7470 21 of 49
6.3.7. Side-Channel Attacks

This type of attack utilizes publicly available data (i.e., insensitive data) to deduce
confidential data by relating them with the user’s private data. The attacker takes advan-
tage of publicly available data on the edge computing infrastructure and feeds them as
input to ML, DL, or anonymous algorithms to generate the desired output (e.g., sensitive
information). Side-channel attacks may target any network entity, and intruders can utilize
various methods to launch side-channel attacks, such as timing attacks, cache attacks,
and electromagnetic attacks [157–159].
6.3.8. Authorization and Authentication Attacks

In these types of attacks, the intruder utilizes fake credentials to gain access to protected
resources. Ordinarily, edge servers and devices are authenticated in edge computing,
to authorize edge devices to gain access to the services or resources placed on the edge
servers. These types of attacks can be classified into four groups: Threats that exploit
authentication methods, threats that target authorization protocols, dictionary attacks,
and over-privileged attacks [160].
In a dictionary attack, the attacker creates a file of the most-used passwords and tries
every possible password in a matter of minutes, to determine the correct credentials that
allow the attacker to gain access to the resources of a specific user [161]. In authentication
and authorization protocol attacks, the adversary exploits authorization or authentication
vulnerabilities to reveal the authenticated user’s credentials, thus gaining access to the
resources or services at the edge servers as an authorized user. In over-privilege attacks,
the intruder can shut down or gain access to the system as an authorized user by inserting
malware. This attack can be launched in various forms, such as changing a smart home
door pin and retrieving and utilizing the user’s voice records [162].
7. State-of-the-Art IIoT Secure Deployment on Edge Computing

Various IIoT edge computing entities utilize communication protocols, sensing capa-
bilities, and data processing techniques to interact with each other, accomplishing various
advances in many applications. Edge computing plays an integral role in enhancing the
performance of the IIoT paradigm. For example, low latency has become one of the main
characteristics distinguishing edge computing from cloud computing, thus enhancing
the performance of real-time applications. Additionally, edge computing improves the
security of IIoT environments, to some extent. However, traditional security mechanisms
cannot be directly applied to edge computing and completely satisfy the security require-
ments discussed in Section 5, as it is difficult to predict security risks when designing the
security model. Furthermore, security threats related to networks, data, or applications
emerge as technologies are integrated with each other (i.e., adopting edge computing to
IIoT environments will bring more threats to the IIoT paradigm related to edge computing).
Some well-known security risks related to the integration of IIoT and edge computing, as
well as state-of-the-art solutions aimed at these risks, are discussed in this section.
7.1. Network Layer Security

An attack launched from the edge network could threaten all of the edge functional
entities and may propagate to the whole communication network (e.g., eavesdropping
on the communication link or injecting malicious traffic to the broadcast address in the
network) [163]. Intrusion detection and prevention are two important research interests
proposed to protect edge network security in IIoT environments. Many current solutions
to combat IIoT network layer attacks rely on emerging technologies, such as AI- and
Blockchain-based solutions, to provide the necessary detection and prevention mecha-
nisms, as detailed in Table 4. For example, Diro and Chilamkurti [164] utilized the LSTM
algorithm to detect attacks on distributed fog environments that might target IIoT devices.
This technique is the first step to improving the security of fog computing, by accurately
and precisely detecting various attacks that might degrade the network performance and
Sensors 2023, 23, 7470 22 of 49
malfunctioning network entities. The authors validated the proposed technique using
two datasets—ISCX (Found at https://www.unb.ca/cic/datasets/ids.html (accessed on
26 January 2023)) and AWID (Found at https://icsdweb.aegean.gr/awid/ (accessed on
28 January 2023))—and compared the proposed method with LR. The technique yielded
a promising accuracy of 98.22% on the AWID dataset and 99.91% on the ISCX dataset.
The proposed technique was better than LR by 9% on the ISCX dataset; however, it took a
significantly longer time to train the proposed method, compared to LR.
Chekired et al. [165] proposed a distributed and hierarchical intrusion detection sys-
tem to detect attacks targeting the fog architecture. The proposed solution was mainly
designed to detect false data injection attacks that target smart meters in the power grid.
The proposed technique consists of three layers: AMI, fog, and cloud. Each layer incorpo-
rates various IDSs that hierarchically detect intrusions in a cooperative manner. The fog
layer assimilates three types of IDS: Fog IDS, residual area network IDS, and HAN IDS.
The authors then adopted a stochastic MC to differentiate malicious activities from normal
traffic. The authors demonstrated the effectiveness of the proposed technique using real
electricity data generated from Toronto.
Huang et al. [166] presented a defense approach to prevent DDoS attacks in IIoT
environments. The proposed technique relies on a multi-point collaborative capability,
deployed at the edge to detect DDoS attacks and protect IIoT devices from adversaries.
The collaborative defense aspect of the proposed technique is accomplished through the
use of blockchain technology, which is adopted to securely distribute defense information
throughout the IIoT environment. Additionally, the authors introduced a swift defense
information distribution technique, to minimize the information sharing latency and enable
the proposed method to respond promptly. The authors also employed two deep learning-
based mechanisms to differentiate normal traffic from attacks using an LSTM-Attention
network, the attack traffic was further categorized, and the attacks were detected using a
1D CNN architecture. Furthermore, the authors used the classified attack feature repre-
sentations to acquire new feature information and, hence, produce defense information
and improve the robustness of the security system. The classification part based on deep
learning was evaluated and compared with baseline models (i.e., SVM, MLP, and kNN).
The deep learning-based techniques obtained superior results, compared to the baseline
models, in terms of precision, recall, F1 score, and accuracy. Experiments conducted on the
DoS2019 dataset (Found at https://www.unb.ca/cic/datasets/ddos-2019.html (accessed
on 9 February 2023)) also demonstrated that the swift sharing approach could decrease the
propagation delay when distributing the information, thus enhancing the response time
and better protecting the devices from DDoS attacks. The proposed LSTM-based approach
achieved high performance in three performance metrics (i.e., 99% precision, 98.7% recall,
and 98.8% F1 score), while the 1D CNN-based method achieved slightly better results than
the LSTM-based approach (i.e., 99.3% precision, 98.9% recall, and 99.1% F1 score).
Mudassir et al. [167] presented three accurate deep learning-based approaches capable
of detecting botnet attacks that target the IIoT environment. The three techniques are
based on ANN, RNN-LSTM, and RNN-GRU, respectively, and were evaluated on the
BotIoT dataset. The ANN-based approach achieved the highest performance, in terms of
accuracy (99%), although the other techniques obtained similar accuracies (98%). However,
the RNN-GRU-based techniques performed slightly better in terms of detecting attacks with
minimum samples, such as DoS and DDoS targeting HTTP protocol. The performances of
the three models, in terms of precision and recall, were not high, particularly in classifying
attacks with a small number of samples. Thus, the authors improved their performance
by under-sampling the majority class to create a balanced dataset. The proposed methods
achieved better results, in terms of precision and recall, on the balanced dataset. However,
deploying such techniques on IIoT networks may pose an issue, considering the constraints
of the devices, as the deployment of deep learning-based approaches typically requires
high computation and memory usage.
Sensors 2023, 23, 7470 23 of 49
Table 4. Summary of works focused on enhancing the security of the IIoT network layer.
Scope Ref. Algorithm Resolved Issue Security Requirement Dataset Performance Metrics
[164] LSTM DoS attacks Availability ISCX, AWID 98.22% accuracy on AWID, 99.91% on ISCX
[165] Stochastic MC false injection Confidentiality, integrity Custom NA
1D-CNN: 99.3% precision, 98.9% recall,
[166] LSTM and 1D CNN DDoS Availability DoS2019
99.1% F1 score a
[167] ANN, RNN-LSTM, RNN-GRU botnet attacks Availability BotIoT ANN: 99% accuracy, RNN b : 98% accuracy
[168] Stacked deep autoencoders botnet attacks Availability N-BaIoT 3% improvement
[169] LAE and B-LSTM botnet attacks Availability BotIoT 93.17% (binary), 97.29% (multiclass)
99.75% recall, 99.62% precision and
Deep learning-based IDSs [170] RNN botnet attacks Availability BotIoT
F1 score
[171] CFBPNN botnet attacks Availability 5 datasets 100% accuracy
99.76% accuracy, 99.68% F1 score, 0.2250 µ
[172] Custom algorithm botnet attacks Availability N-BaIoT c testing time
99.79% accuracy, 99.51% precision,

96.27% recall, 97.68% F1 score 99.00%
[173] Federated DL zero-day botnet Availability Bot-IoT, N-BaIoT
accuracy, 96.87% precision, 97.24% recall,
96.88% F1 score
[174] Federated DL DDoS attacks Availability UNSW NB-15 98% accuracy
[175] Custom algorithm routing attacks Availability NS2 d 95.0% detection rate, 1.23% FPR e
[176] Custom algorithm SQL injection Confidentiality, integrity Custom 4.7× improvement
[177] Custom algorithm DDoS attacks Availability Custom Not reported
Up to 99.84% detection rate, as low as
[141] Custom algorithm DDoS attacks Availability Custom
129 ms testing time
[140] Custom algorithm DDoS attacks Availability Custom Reduced the damaging impact by 82%
[178] Fuzzy logic Black hole attacks Availability Custom more than 90% accuracy
96.19% detection rate, 4.16% FPR,
[179] Node ranking sinkhole attacks Availability NS3
4.04% FNR f
[180] Parallel ABC Sybil attacks Authentication Simulation ≈ 97% accuracy, 97% sensitivity
Signature-based IDSs
99.99% accuracy, 97.5% recall,
[181] XGBoost botnet attacks Availability BoT-IoT
99.5% precision, 98.5% F1 score
[182] Gaussian distribution and local search Mirai and Gafgyt botnets Availability N-BaIoT 90% in multiclass classification
[183] Dynamic analysis botnet attacks Availability Custom 98.1% to 91.99% accuracy
[184] Fisher score and XGBoost botnet attacks Availability N-BaIoT 99.96% average accuracy
[185,186] Custom algorithm DoS attacks Availability Custom A supply voltage ranging from 2.1 to 3.6 V
[187] Certificateless signature mechanism signature forgery attacks Integrity NA NA
Ciphertext policy
[188] malicious data transmission Confidentiality, authentication NA NA
attribute-based encryption
Average calculation time of 4.7 ms per
[189] Average consensus-based mechanism DoS attacks Availability Matlab
100 iterations
a The results of the LSTM-based approach were less accurate; thus, the better-performing method is reported in this cell; b both RNN-LSTM and RNN-GRU have identical accuracies; c
this symbol represents time in microseconds format; d NS stands for network simulator; e false positive rate; f false negative rate.
Sensors 2023, 23, 7470 24 of 49
Tsogbaatar et al. [168] introduced a framework using an ensemble of deep learning

models as a building block to detect IoT threats utilizing SDN. The proposed framework
consists of three modules: An anomaly detector module, device status prediction, and
smart flow management. Stacked deep auto-encoders are used to extract features and feed
them into the ensemble deep learning model. The proposed system was evaluated on the N-
BaIoT and costumed datasets, and accomplished superior results on even a 1% imbalanced
dataset, compared to related works, achieving an improvement of approximately 3% over
a single deep learning model.
Popoola et al. [169] proposed using dimensionality reduction and intrusion detection
techniques to identify threats in IoT environments. The dimensionality reduction part
of the framework was based on LAE, while the intrusion detection part was based on
B-LSTM. The authors analyzed the long-term inter-related changes using B-LSTM after the
LAE had reduced the feature set to accurately identify network traffic samples. The pro-
posed framework was validated on the BotIoT dataset, yielding promising results. The
conducted experiments demonstrated that the utilized feature reduction technique re-
markably improved the memory space, by approximately 92%, and performed better than
state-of-the-art dimensionality techniques by up to 27%. The performance of the proposed
framework, in terms of MCC, was high; obtaining 93.17% in binary classification scenarios
and 97.29% in multi-class classification scenarios.
Popoola et al. [170] introduced a botnet detection technique based on deep learning
which is capable of dealing with imbalanced network traffic data. The authors adopted the
SMOTE algorithm, which produces additional samples for classes with a small number
of samples, to attain class balance. Consequentially, the authors fed the balanced data
into a deep RNN to acquire knowledge of the hierarchical feature representations and,
thus, distinguished attacks from normal traffic. The authors conducted two types of ex-
periments using the BotIoT dataset: Without and with the SMOTE algorithm. The first
experiment proved that the imbalanced data affected the results (in terms of recall, preci-
sion, F1 score, AUC, GM, and MCC). On the contrary, the SMOTE-RNN-based approach
yielded superior detection results, compared to state-of-the-art models, achieving 99.75%
recall, 99.50% precision, 99.62% F1 score, 99.87% AUC, 99.74% GM, and 99.62% MCC. The
proposed solution utilized the characteristic of RNNs, in terms of distinguishing samples
in historical time-series data, which have achieved high accuracy in many fields, including
intrusion detection systems. However, the time required to detect intrusions is not negli-
gible, which is a key issue, as this technique must be deployed on resource-constrained
edge devices.
Jayalaxmi et al. [171] proposed a botnet detection technique based on deep learn-
ing to protect IIoT networks. This method adopts a CFBPNN architecture and a feature
selection method known as CFS, in order to minimize the time required for the intru-
sions and improve the detection rate performance. Additionally, the authors utilized a
time-series technique known as NARX to examine the elements that have a high impact
on the target class, to anticipate the behavioral pattern. The authors conducted various
experiments on five datasets to evaluate their proposed framework; namely, NF-UNSW-
NB15, NF-CSE-CIC-IDS2018, NF-ToN-IoT, NF-BoT-IoT (these four datasets can be found at
https://staff.itee.uq.edu.au/marius/NIDS_datasets/ (accessed on 12 February 2023)), and
ToN-IoT-Windows (this dataset can be found at https://research.unsw.edu.au/projects/
toniot-datasets (accessed on 20 February 2023)). The authors compared the proposed
framework with various neural network models; the results indicated perfect accuracy, an
outstanding F1 score, and good precision of the proposed model.
Alani et al. [172] proposed an effective botnet detection method using packet inspection
and machine learning. The proposed framework also utilizes a feature selection technique
to reduce the feature set and the detection time. The feature selection method chooses only
seven important features, extracted from the network packet fields. These features are fed
into the machine learning algorithm, in order to train it. The proposed detection technique
and feature selection capability achieved higher than 99% accuracy.
Sensors 2023, 23, 7470 25 of 49
Popoola et al. [173] introduced an FDL-based technique to detect zero-day botnet

attacks and protect IoT edge devices from data privacy leakage. The authors presented
an optimal DNN architecture to classify the captured network traffic. The models of
the DNN architecture are independently trained in multiple IoT edge devices, remotely
managed by a model parameter server, and local model updates are aggregated using
the federated averaging algorithm. Various messages exchanged between IoT edge de-
vices and model parameter servers were used to generate the global DNN model. The
authors utilized two datasets to validate their proposed framework: BotIoT (found at
https://research.unsw.edu.au/projects/bot-iot-dataset (accessed on 2 March 2023) or
https://ieee-dataport.org/documents/bot-iot-dataset (accessed on 2 March 2023)) and N-
BaIoT (found at https://www.kaggle.com/datasets/mkashifn/nBaIoT-dataset (accessed
on 2 March 2023)). The proposed framework presented a high performance in classification
metrics and can ensure data confidentiality and privacy. As the training data are distributed
between edge IoT devices, the required memory space and storage are minimal for each
IoT device. Additionally, the framework is deployed over edge IoT devices, ensuring low
latency. Li et al. [174] have deployed a similar approach, combining both FDL and edge/fog
computing to protect IIoT environments from DDoS attacks. This method also achieved
high detection accuracy (i.e., 98%).
Wazid et al. [175] proposed an effective method to detect routing attacks launched
by malicious neighbors, in order to target edge-based IoT environments and degrade the
performance (particularly, the delay and throughput) of edge networks. This method
was designed to detect routing attacks and can be deployed on edge servers to identify
the suspicious nodes that launch the attacks on their neighbors. This method should be
distributed on powerful servers, as the collected data would be huge, including routing
messages that are sent to all the nodes in the network (i.e., broadcast messages).
Singh et al. [176] introduced a network traffic monitoring system that thoroughly
inspects incoming and outgoing network packets. The proposed system specifies signature
rules to detect SQL injection attacks and other traffic injection attacks, places these rules
in the IDS database, compares the packets with these rules, and, if any deviation is found,
the attack is detected. This method only detects one family of attacks: Traffic injection
attacks. This kind of method belongs to misuse intrusion detection systems. The biggest
issue with intrusion detection systems in this category is their lack of ability to detect novel
attacks (i.e., attacks with no signatures in the database). The only solution is to update the
signature rules placed in the database through historical attack data analysis, which takes
time and effort.
Yan et al. [177] presented a multi-layer framework to mitigate DDoS attacks. The frame-
work collects network traffic at the cloud computing layer, classifies the traffic, and detects
DDoS attacks based on the captured traffic. The authors utilized a data analysis mechanism
located at the cloud computing layer to inspect the DDoS attack behavior. Consequentially,
the inspection information is forwarded to the fog computing layer to mutually combat
DDoS attacks.
Zhou et al. [141] proposed a fog-based technique to mitigate DDoS in IIoT envi-
ronments. The proposed system captures network traffic and analyzes it offline using
VNFs in a local server. The analyzed network traffic information is matched with in-
formation captured at the cloud servers, to effectively detect and defend against DDoS
attacks. The proposed method was designed to improve the response time and enable
IIoT resource-constrained devices to efficiently adopt this technique without noticeable
computational overhead. This approach consists of three levels and was implemented
utilizing the Mero control system to achieve acceptable results. These methods were also
designed to only detect one family of attacks (i.e., DDoS attacks), so they do not constitute
a complete protection solution for IIoT environments.
Bhardwaj et al. [140] proposed a proactive technique to mitigate DDoS attacks. The pro-
posed method uses three components to effectively detect DDoS attacks: Locally deduced
information, edge function, and web service. This approach is distinctive, as the detection
Sensors 2023, 23, 7470 26 of 49
is accomplished in real-time and provides defense responses. The authors claimed that
the proposed solution could detect IoT DDoS attacks faster than related approaches by
10 times. Additionally, the authors claimed that the proposed approach could reduce the
damaging impact of DDoS by 82%.
Simpson et al. [178] proposed an approach based on fuzzy logic to detect cooperative
attacks (i.e., a type of black hole attack) targeting edge nodes in IoT environments. The au-
thors presented a trustworthy infrastructure placed on the edge, to mitigate security risks
in smart cities. This infrastructure was designed to detect malicious threats (cooperative at-
tacks, in particular) in real time. The authors position the detection mechanism on the edge
computing platform to reduce the computational overhead on IoT devices. Compared to
services provided by the cloud, placing the detection method at the network’s edge can de-
crease bandwidth utilization and delay. Once an attacker is detected, the node that launches
the attack is isolated. The authors also proposed utilizing a reaction-based trust evalua-
tion, which generates a reputation value to re-analyze suspicious entities. The proposed
framework was evaluated, demonstrating its effectiveness in detecting cooperative attacks.
Zaminkar et al. [179] presented a defense technique based on node rating and ranking
to deter sinkhole attacks from affecting IoT devices. The authors conducted real experiments
in industrial premises containing IoT devices and launched real-world sinkhole attacks
using relevant tools. The authors captured real data frames flowing from and to IoT
devices communicating with the APs through Wi-Fi (i.e., traffic transferred through wireless
communication). Other network traffic transferring from the APs to a central switch and
then to a router was captured as well (i.e., traffic transferred using wired communication).
Network traffic was captured by switch port mirroring and the Wireshark sniffing tool.
The authors deployed nine commercial IoT tools in the industrial environment, which acted
as infecting devices, and formed two botnets to launch the sinkhole attacks.
Khan et al. [180] introduced a smart communication mechanism that detects and
prevents Sybil devices from targeting IIoT devices in PEC. Once the device masquerades
as one of the IIoT devices (i.e., spoofs its identity), the adversary’s identity is detected,
and a notification is sent to edge servers to deter upstream messages transmitted from
that suspicious node. The building block of the proposed framework is the parallel ABC
algorithm, which determines the optimal network configuration for IIoT devices on each
edge server once the attack is detected. Then, the server carries out job migration with
the servers nearby, in order to improve the network performance and for load balancing,
based on the capabilities of the nearby servers (e.g., storage and processing capabilities).
The authors conducted an experiment to validate their detection and prevention techniques,
proving that the technique is capable of detecting Sybil attacks and the delay can be reduced,
the throughput could be improved, and the data communication of IIoT devices in PEC
could be controlled with the help of the parallel ABC algorithm.
Lawal et al. [181] proposed a fast and accurate anomaly- and misuse-based method to
mitigate anomalies in IoT environments using fog computing. To ensure that an intruder
is detected rapidly, the authors placed a list of IP addresses belonging to suspicious de-
vices in a database (the signature-based part of the proposed system). Meanwhile, the
anomaly detection part of the proposed framework adopted a machine learning technique
known as extreme gradient boosting to differentiate malicious packets from genuine ones.
The signature-based part was shown to be effective, in terms of detection time, when tested
on a dataset (i.e., its detection time was faster than the anomaly detection part by more than
six times). The anomaly-based part of the framework also demonstrated its effectiveness,
achieving a 99% average accuracy and a 97% average recall.
Alharbi et al. [182] introduced a neural network architecture, called local–global
best bat, to detect botnet attacks in the IIoT paradigm. The proposed method efficiently
chooses feature representations and hyperparameters extracted from nine off-the-shelf
IoT devices affected by attacks launched from two botnets: Mirai and Gafgyt. The bat’s
velocity in the swarm is reformed using the local–global best-based inertia weight. Ad-
ditionally, the authors utilized a Gaussian distribution in the population initialization
Sensors 2023, 23, 7470 27 of 49
step, in order to overcome the bat algorithm swarm diversity problem. The Gaussian
density function in each generation is followed by a local search, thus accomplishing ideal
exploration. The authors used a publicly available dataset (i.e., N-BaIoT) to validate their
approach. This dataset consists of eleven classes: ten classes representing botnet attacks
and a benign class. The proposed model was shown to be superior, compared to existing
weight-optimization techniques such as PSO, achieving an accuracy of 90% in multi-class
classification.
Nguyen et al. [183] adopted a dynamic analysis technique to enhance graph-based
features and, hence, improve the IoT botnet attack detection performance. Printable string
information is gathered using dynamic analysis when carrying out the instances. Conse-
quentially, to traverse the graph, the printable string information is effectively employed,
based on static analysis, to obtain graph-based features and eventually differentiate benign
instances from attack instances. The proposed method was evaluated using a dataset of
8330 samples, including 5531 attack samples and 2799 normal samples. The method yielded
a promising accuracy of up to 98.1%.
Alqahtani et al. [184] presented a feature selection method based on the Fisher score
(A representative filter-based technique employed to select important features and ignore
insignificant features through the minimization of intra-class distances and maximization
of inter-class distances) and an IoT botnet attack detection technique based on XGBoost.
The Fisher score-based feature selection method was utilized to choose the most impor-
tant feature out of 115 available features, and the XGBoost-based method was used to
distinguish between IoT botnet attacks and normal traffic. The authors conducted var-
ious experiments on the N-BaIoT dataset and evaluated their approach, using 10-fold
cross-validation and holdout methods. The proposed feature selection method reduced
the feature set to three important features out of 115 available features, thus reducing the
detection time, while the selected features along with the proposed detection technique
improved the detection accuracy when compared to the case where the baseline features
were used.
Arshad et al. [185] introduced a lightweight IDS designed for the IoT paradigm,
which best fits the requirements of constrained IoT devices. The proposed method can
be implemented on IoT devices and edge routers collaboratively to improve detection
accuracy, decrease false positive rates, and enhance visibility. The authors created attack
signatures and placed them in a database; this database is then installed on IoT devices.
Thus, each IoT device is equipped with a signature-based IDS. Furthermore, the edge-
router learns the normal activities of the IoT devices, in order to detect any activity that
deviates from the normal traffic. Thus, an anomaly-based IDS is positioned at the edge
router. The effectiveness of the proposed solution was demonstrated, in terms of energy
and memory consumption.
Arshad et al. [186] designed a similar framework for energy-constrained IoT devices,
which can detect intrusions in IoT environments. The proposed framework can be im-
plemented on IoT devices utilizing the Contiki operating system and on edge devices, in
order to protect IoT environments against increasing threats (particularly, botnet attacks),
while considering their low energy consumption, less computational overhead, and mini-
mum communication cost. As with the previous approach, the proposed method installs a
signature-based IDS in the IoT devices while placing the anomaly detection IDS at the edge
router. Each IoT device has three mechanisms: Network monitoring, system monitoring,
and detection engine. The anomaly detector consists of two GDEs and three capabilities:
Detection, correlation, and alert capability. The framework’s efficacy was demonstrated, in
terms of minimizing energy consumption and memory utilization.
However, the two previous approaches suffer from the following shortcomings:
signature-based IDS could pose an issue for resource-constrained devices, due to the
increasing number of attacks that need to be placed in the database and managed by those
constrained devices. Additionally, new attacks should be added to the database; however,
updating the database on each IoT device is cumbersome and consumes energy and mem-
Sensors 2023, 23, 7470 28 of 49
ory resources. Moreover, the edge router is traditionally designed to forward the network
layer datagrams (i.e., it processes the network layer header); however, to deploy an IDS on
the edge router, it is necessary to decapsulate the packet to see the payload information,
which violates end-to-end communication (i.e., the data should be transferred from the
transport layer of the sender to the transport layer at the receiver).
Zhang et al. [187] presented a method to prevent signature forgery attacks in IIoT
environments using a robust certificateless signature mechanism. The security of the
proposed method was verified, and its effectiveness against malicious third parties and
public key replacement threats was demonstrated.
Qi et al. [188] proposed a prevention scheme utilizing secure access control to ensure
the security of data transmission (i.e., to prevent malicious data transmission issues) in
the IIoT paradigm. The introduced technique relies on a ciphertext policy attribute-based
encryption mechanism, which enables IIoT entities to apply fine-grained policies to coor-
dinate access to IIoT data. The computational overhead of implementing the proposed
technique on IIoT devices is reduced through the use of a hybrid cloud infrastructure,
which handles the encryption and decryption processes. This method can also provide a
new privacy capability to IoT data, known as item-level data protection; a capability that
can deter key leakage issues.
Tajalli et al. [189] adopted an average consensus-based mechanism to provide smart
microgrids (i.e., an IIoT application area) with optimal scheduling for real-time operations
and to resist DoS attacks. The proposed method utilizes a fog layer to decrease delays
and supply the necessary data storage and internal computation capabilities for the IIoT
environment. The security of the proposed method was also tested in heterogeneous
IIoT devices against various attacks (DoS attacks, in particular), in order to evaluate the
method’s performance in the context of such attacks. Their simulation results indicated the
framework’s effectiveness, in terms of accuracy, rapid response time, and feasibility.
7.2. Perception Layer Security

Edge nodes are resource-constrained: they are equipped with memories with limited
storage capacity and micro/processors with limited data processing capabilities. Usually,
these devices temporally sustain data transmitted by IIoT devices. Therefore, the complexity
of data management is decreased; however, data security challenges (e.g., data leakage)
may occur. Secure data storage is one of the hot topics relating to IIoT device deployment in
the edge computing research area. As shown in Table 5, some solutions have been proposed
recently to overcome such challenges.
Liu et al. [190] introduced a framework to preserve data storage security utilizing
a privacy algorithm known as local differential and a combined AES-RSA encryption
technique. The authors adopted the encryption technique to jointly and efficiently protect
the secrecy of the data while making it possible to recover the data in a secure manner
(i.e., an entity with the appropriate key can recover the data). This framework consists
of three layers: Local, cloud, and fog. However, the proposed approach utilizes the RSA
encryption technique, which belongs to public key cryptography and is known to be slow.
Hi et al. [191] utilized SDN technology to capture the data storage status information
and, hence, facilitate secure data storage on fog computing nodes. In more detail, this
approach designs trusted domains, security policies, and collaborative working schemes in
a hierarchical fashion. The ultimate aim of this large-scale secure storage mechanism is to
coordinate and authorize storage requests and provide data storage status information in a
distributed manner, enabling IIoT devices to store and share data securely on the edge.
Ming et al. [192] presented an efficient technique providing data privacy protection
and secure data sharing, which can be deployed to protect devices that use fog com-
puting services and resources. The proposed approach adopts an enhanced inadvertent
transfer algorithm and utilizes edge low-latency services to enable vehicles to query the
optimal driving route while providing these vehicles with location privacy protection
and anonymity.
Sensors 2023, 23, 7470 29 of 49
Table 5. Summary of the works focused on enhancing data sharing and storage security.
Provided Security
Ref. Method Characteristics Advantages Limitations
Requirement
It efficiently protects the
It relies on RSA (i.e., an
Confidentiality, secure secrecy of the data and
[190] Hybrid AES-RSA asymmetric encryption
data sharing enables devices to recover the
method), which is slow
data in a secure manner
Secure data at rest, while A secure method capable of
It is not linked to data and
[191] Hierarchical and distributed providing IIoT devices with large-scale information and
infrastructure characteristics
status updates data storage.
Combining a super-increasing
It efficiently provides secure
[192] sequence and modified Privacy, secure data sharing It is centralized
data sharing and anonymity
oblivious transfer
It achieves encouraging
Encryption outsourcing and Secure data sharing, response latency reduction The security analysis was not
[193]
fine-grained access control access control and overhead savings for discussed in detail
edge devices
Data access authorization and
secure data sharing are The high scalability of edge
Encryption with
[194] Secure data at rest ensured to protect edge networks might cause other
multi-authority cipher-text
devices against collusion security issues to emerge
attacks with low delay
Based on an anonymous edge It accurately detects The method was not tested in
[195] Availability
node mechanism jamming attacks a real-world environment
Relies on channel and routing It improves the packet ratio in
The method was not tested in
[196] assignment and does not Availability IoT environments compared
a real-world environment
require additional hardware to existing methods
It achieves a high The method was tested using
[197] Based on SVM Availability
detection rate a simulation tool
Xue et al. [193] introduced a secure data-sharing approach for VCC utilizing both
cloud and fog computing paradigms. The proposed method was based on encryption
outsourcing and fine-grained access control. The proposed framework provides the ve-
hicles with privacy preservation and confidentiality in an efficient way; the computation
overhead is securely separated from resource-constrained devices to cloud and fog servers.
Additionally, response delay can be reduced while preserving the consumption of fog
server resources with the help of vehicle mobility prediction and pre-pushing data to
certain fog servers. The proposed method yielded a promising reduced response latency
and overhead saving in edge devices.
Fan et al. [194] introduced a data-sharing technique designed for vehicular fog com-
puting, in order to securely recover stored data. The proposed method utilizes a novel
encryption method with a multi-authority ciphertext mechanism, ensuring data access
control in vehicular networks. The proposed framework also integrates an effective mecha-
nism for attribute revocation. Therefore, vehicular network systems can effectively perform
attribute revocation and execute data access authorization using the proposed framework,
guaranteeing data sharing with low latency.
Adil et al. [195] introduced an approach to identify jamming attacks utilizing edge
nodes. The authors deployed three edge nodes equipped with different transmission
frequencies in a WSN and used the RTT measurement of the transmitted signal to detect
jamming attacks targeting the transmission channel. Even if one transmission channel
(i.e., the one that an edge node is communicating through) is jammed, the other two edge
nodes would be able to verify the wireless transmission serviceability in the WSN. More-
over, the RTT of the transmitted signal from the neighboring channel is also intermittent,
compared to its usual time interval, due to interference in the neighboring channels. This in-
terference indicates the existence of a jamming attack in the WSN. The proposed method
was implemented using OMNeT++ and accomplished a detection rate of 94%.
Sensors 2023, 23, 7470 30 of 49
Bany et al. [196] proposed a protocol that deals with proactive jamming attacks target-
ing IoT networks. This protocol relies on the channel and routing assignment, and does
not require new hardware or entities installed in the network or servers. The aim of this
protocol is to enhance the overall packet delivery ratio of the IoT network in the context of
normal activities performed by IoT devices, multi-channel fading, and jamming attacks.
The introduced method comprises three steps: Path discovery, channel assignment, and
route selection. The proposed method enhanced the packet delivery ratio in IoT networks,
compared to existing protocols.
Abhishek et al. [197] proposed a technique to detect jamming attacks in IoV networks.
The authors mentioned that vehicular networks are vulnerable to jamming attacks, due
to the nature of the shared wireless media through which the packets are transmitted.
The authors focused on a type of Jamming attack in which the attacker waits until packets
are transmitted, and then the attacker jams the channel. This type of attack is severe, as
the packet drop rate increases and the delay of the network is noticeable. Thus, sensitive
applications that demand real-time communication would be disrupted. To solve this
issue, the authors introduced a detection technique based on SVM to identify jamming
attacks. To train the proposed method, the authors created a dataset of packet drop proba-
bilities obtained from jointly sufficient statistics. The proposed method was tested, and its
effectiveness, in terms of detection ratio, was proven.
7.3. Application Layer Security

This subsection discusses the work proposed to secure the IIoT application layer.
Table 6 compares those works focused on improving application layer security.
Dovom et al. [198] introduced a framework that detects and categorizes malware, espe-
cially in IoT and IIoT environments, by diverting the program’s opcodes into a vector space
and adopting both fuzzy and fast fuzzy pattern tree mechanisms. The fast fuzzy pattern
tree-based technique achieved acceptable accuracy and good detection time. The frame-
work also utilizes both robust feature extraction capability and a fuzzy categorization
component. These components enable the framework to become a typical edge computing
method that detects and categorizes malware. The only issue with this system is its reliance
on fuzzy logic, which is known to be inaccurate when predicting unseen samples.
Guizani and Ghafoor [199] presented a software-based framework that adopts NFV
technology to resist malware diffusion in heterogeneous IoT environments. To deploy
a precise countermeasure, the authors deployed a deep learning-based IDS to detect a
broad range of malware promptly. The designed IDS is based on a combination of two
well-known deep learning algorithms (i.e., RNN and LSTM). Once the malware is detected,
the framework provides software or operating system updates to address the security
vulnerability that enables the attacker to break into the system.
Khoda et al. [200] observed that several IDS datasets lack a balance between the classes
in the training set (i.e., the number of samples for the benign class is much higher than
the number of samples for the attack class), which may affect the performance of machine
learning-based IDSs. Thus, the authors presented an over-sampling (a mechanism that
increases the number of samples of classes with fewer samples; for example, by duplicating
the samples of that minority class) technique to deal with this problem. The framework also
introduces two capabilities to detect edge computing malware in a unique way. The first
capability utilizes fuzzy set theory, while the second one uses a new loss function capable of
dynamically prioritizing malware samples. The proposed framework accomplished superb
results, compared to related techniques. The method achieved an improvement in terms of
the F1 performance metric, which reached over 9% when compared to related work.
Sensors 2023, 23, 7470 31 of 49
Table 6. Summary of works focused on enhancing the security of the IIoT application layer.
Ref. Algorithm Resolved Issue Provided Security Requirement Dataset Performance Metrics
Kaggle a and 97.0427% and
[198] Fuzzy pattern tree malware Integrity
Vx-Heaven b 88.76% accuracies
[199] LSTM malware Integrity UNSW-NB15 70% accuracy
Fuzzy set theory and a Drebin [201] and 9% F1 score
[200] malware Integrity
new loss function AndroZoo [202] improvement
created from VirusShare: 94.66%,
VirusShare c , Kaggle, Kaggle: 97.56%,
[203] Fuzzy clustering malware Integrity
and Ransomware Ransomware Tracker:
Tracker d 94.26% accuracies
[204] Theoretical analysis malware Integrity NA NA
[205] J48 ransomware Confidentiality, authentication VirusTotal 97.1% detection rate
Window size 15:
94.27% accuracy,
kNN with DTW
[206] ransomware Confidentiality, authentication VirusTotal 95.65% recall,
capability
89.19% precision,
92.31% F1 score
Packet-based (decision
tree): 97.92% accuracy,
97.90 precision, recall,
F1 score; flow-based
Decision tree and
[207] ransomware Confidentiality, authentication Custom (naïve Bayes):
naïve Bayes
97.08% accuracy,
97.72% precision,
97.71% recall
and F1 score
ransomware and 97.817% average F1 score
[208] Random forest ransomware Confidentiality, authentication
malware-trusted of five splits
created from VirusShare 96.3% detection rate and
[209] Logistic regression ransomware Confidentiality, authentication
website 99.5% ROC curve
[210] DNN ransomware Confidentiality, authentication VirusTotal 93% accuracy
[211] Practical analysis ransomware Confidentiality, authentication Synthetic data NA
[212] Systemic analysis ransomware Confidentiality, authentication Custom NA
a found at https://www.kaggle.com/c/malware-classification (accessed on 8 March 2023); b found at https:
//archive.ics.uci.edu/ml/datasets/Malware+static+and+dynamic+features+VxHeaven+and+Virus+Total (ac-
cessed on 12 March 2023); c found at https://www.virusshare.com/ (accessed on 12 March 2023); d found at
https://ransomwaretracker.abuse.ch/ (accessed on 14 March 2023).
Alaeiyan et al. [203] introduced an edge layer deployable multi-label malware detec-
tion system-based fuzzy clustering. This system enables CPS networks to accurately predict
malware threats. The Opcode frequencies are represented as a feature space, which is used
with the proposed framework to conduct statistical analysis and differentiate malware
categories. The proposed method was evaluated using three datasets, in which a high
performance was achieved, in terms of accuracy.
Shen et al. [204] investigated IoT malware spread behavior to determine the best
possible malware detection techniques for protecting the privacy of IoT smart objects and
preventing the spread of malware. The authors introduced a joint cloud-fog infrastructure
and deployed an IDS to detect malware capable of overcoming the heterogeneity of smart
sub-nets and the limited resources of IoT devices. Due to the smart object malware uncer-
tainty, the authors also applied a signaling game to reveal the communication between
the IoT devices and the corresponding edge nodes. The authors also detailed some related
mechanisms, such as theoretically calculating the optimal Bayesian equilibrium of the game
to enhance malware identification probability. Additionally, the researchers explored the
factors influencing the optimal probability of an IoT device spreading malware, as well
as factors that affect the performance of fog nodes in identifying an infected IoT device.
Moreover, the researchers provided a method demonstrating the practical and potential
application of preventing the spread of malware in IoT networks.
Alhawi et al. [205] proposed a decision tree-based approach to detect Windows ran-
somware network traffic attacks. The proposed framework uses a specialized version of
Sensors 2023, 23, 7470 32 of 49
the decision tree, known as J48, and the authors evaluated the method using conversation-
based network traffic samples (i.e., packets) along with extracted features (i.e., fields).
The proposed framework achieved an acceptable true positive rate of about 97%.
Azmoodeh et al. [206] proposed an approach to detect ransomware attacks targeting
IoT networks by measuring the power consumption of Android devices. The proposed
method measures various processes to scan energy consumption patterns and differentiate
ransomware attacks from legitimate applications. The authors compared four well-known
machine learning algorithms (i.e., SVM, neural network, kNN, and random forest) using a
dataset collected from VirusTotal API (This dataset can be found at the following website:
https://www.virustotal.com/gui/home/upload (accessed on 20 March 2023)). The authors
conducted various experiments to compare the machine learning algorithms and fine-tune
the number of neighbors hyperparameter, in order to achieve the best result possible.
kNN with DTW capability achieved the best results, in terms of accuracy, recall, precision,
and F1 score, compared to the other machine learning algorithms.
Almashhadani et al. [207] presented a detailed behavioral analysis of activities oc-
curring when crypto-ransomware—in particular, a type of severe ransomware known as
Locky—attacks a network. The authors built their own test bed to validate their assumption.
They extracted some important features from the network packets, to classify the captured
traffic into various types. Additionally, the authors presented a network-based IDS, utiliz-
ing two separate detectors working simultaneously at two levels: Flow and packet. Various
experiments were conducted using the features extracted by the authors and four machine
learning algorithms: Random forest, decision tree, naïve Bayes, and SVM. The proposed
technique was shown to be effective in detecting ransomware attacks, through five perfor-
mance metrics (accuracy, false positive rate, precision, recall, and F1 score), and provided an
outstanding detection rate and low false positive rate. The best machine learning algorithm
in the packet-based set of experiments was the decision tree, yielding 97.92% accuracy,
97.9% precision, 97.9% recall, 97.9% F1 score, and a false positive rate of 0.021. Meanwhile,
the best machine learning algorithm in the flow-based set of experiments was naïve Bayes,
which obtained 97.08% accuracy, 0.029 false positive rates, 97.72% precision, 97.71% recall,
and 97.71% F1 score.
Maiorca et al. [208] introduced an Android ransomware attack detector using the
random forest ensemble method. The proposed technique differs from previous methods,
in that it utilizes extracted features from API packages to categorize applications, without
needing to be familiar with user-defined content (e.g., strings) and the language used to
write the application. The authors evaluated the proposed approach on two public datasets
(i.e., the ransomware dataset (As indicated by the authors, this dataset can be found
at http://ransom.mobi/ (accessed on 25 March 2023)) and the malware-trusted dataset
(Found at https://www.sec.cs.tu-bs.de/~danarp/drebin/ (accessed on 25 March 2023))).
The results indicated that the proposed approach is applicable, with very high accuracy, to
differentiate malware from Android ransomware attacks. Additionally, the authors flagged
the detected ransomware applications utilized by the VirusTotal service.
Sgandurra et al. [209] introduced a dynamic analysis and classification approach based
on logistic regression, which identifies ransomware threats when users install applications.
The introduced method scans some actions executed by applications at the time of instal-
lation, in order to detect any indication of ransomware activity. The authors validated
the technique on a dataset consisting of 583 ransomware samples (downloaded from the
VirusShare website) belonging to 11 classes and 942 samples belonging to normal applica-
tions. The authors compared their technique with naïve Bayes and SVM. The proposed
method was found to be superior to the other methods, in terms of the low complexity of
the underlying machine learning algorithm and detection rate (achieving 96.3% detection
rate and 99.5% ROC curve).
Tseng et al. [210] proposed a DNN-based approach to identify ransomware in a timely
manner. The authors presented a labeling mechanism and chose some significant features
Sensors 2023, 23, 7470 33 of 49
in order to improve the performance of the proposed method and reduce the detection
time. The proposed method achieved an acceptable detection rate and false negative rate.
Ogundokun et al. [211] proposed a detection technique based on machine learning to
identify ransomware attacks targeting IoT devices. Experiments were conducted using a
laptop computer, a projector, and an Android device. Along with detecting ransomware
attacks, the proposed system monitors the power consumption of IoT devices operating
processes every 500 ms, using Power-to-track. The proposed method achieved acceptable
performance in four metrics: Accuracy, recall, precision, and F-score.
Al-Hawawreh et al. [212] conducted a comprehensive systematic analysis of ran-
somware attacks targeting IIoT devices, and suggested several potential defense mech-
anisms. The authors deployed IIoT devices in an industrial setting following IIRA and
analyzed the shortcomings of IIoT environments that might be exploited by ransomware
threats. The test bed contained I/O devices (i.e., actuators, sensors, and controllers), virtual
components (i.e., mail servers, cloud servers, maintenance operators, and SCADA monitor-
ing devices), and IIoT gateways. The authors found that the gateways in the IIoT networks
are susceptible to ransomware threats, where IIoT devices and systems might be affected
through gateways. The IIoT gateways share some default capabilities; they can act as
mediators between the outside world and the IIoT environment (i.e., I/O devices or PLCs).
Full access to the IIoT gateway can be gained once an attacker initiates a ransomware
attack targeting that gateway, changes the legitimate gateway’s credentials, and updates
the firmware with malignant software. Therefore, the malicious gateway would reveal
any data transmitted from users to the external world (or vice-versa). Consequentially,
the authors launched ransomware attacks in the considered IIoT environment, utilizing
Python scripts similar to the Erebus Linux Ransomware attack. Furthermore, the authors
suggested some potential detection and defense mechanisms to protect IIoT environments
against ransomware attacks, including the adoption of next-generation firewalls that con-
tain enhanced traffic filtering mechanisms, the utilization of monitoring systems (e.g., IDSs)
to detect attacks as early as possible, and the placement of IIoT edge gateways in a trusted
zone to prevent infected gateways from affecting the IIoT infrastructure.
To summarize this section, we can make some observations related to the state-of-the-
art methods. Devices, networks, and exchanged data between devices could all be targeted
by cyber-criminals in various communication systems. However, the difference when
securing the deployment of IIoT devices in edge or fog computing is that the significance
of edge security expands when the data are downgraded to edge devices. The traditional
protection of the exchanged data between IIoT edge devices, edge computing-based IIoT
networks, and the devices themselves is low, while the complexity of the network that
involves both heterogeneous IIoT devices and edge servers is high. Thus, proposing and
standardizing new approaches that protect edge networks or data sharing is difficult,
particularly when considering methods that require changes in the hardware, standardized
communications protocols, or existing infrastructures.
For those approaches that do not impose changes to the hardware, communication
protocols, or existing edge network infrastructure—for example, IDS approaches that
detect various edge computing IIoT attacks such as injection attacks, DDoS attacks, and
routing attacks—it is necessary to provide a solution that is lightweight and accurate.
In this line, the proposed solutions for secure data sharing need to be further improved
and investigated. These solutions are still limited and may become a hot topic in the near
future. The use of emerging technologies, such as Blockchain and AI, could add value to
the secure data sharing and management research area.
Most of the IIoT network layer security solutions are detection-based. Most IIoT net-
work layer security solutions utilize machine learning to detect attacks such as DoS that
prevent the IIoT devices from accessing edge nodes (i.e., violate the availability require-
ment). The detection accuracy and time of these approaches are decent; the accuracies of
these approaches can range from 90% to 100%, depending on the dataset and data division,
and can detect intrusions in real time. A few proposed solutions mitigate security issues
Sensors 2023, 23, 7470 34 of 49
that violate confidentiality and data integrity. These solutions rely on well-known encryp-
tion mechanisms to mitigate the impact of some security issues, such as malicious data
transmission transferred from IIoT devices to the edge nodes or vice-versa and signature
forgery attacks.
The majority of the IIoT perception layer security proposed solutions prevent/mitigate
security challenges that violate confidentiality, secure data sharing/storage security, and
privacy. Some of these approaches rely on standardized encryption methods such as AES
and RSA to provide confidentiality to the transmitted data from IIoT devices and edge
nodes and vice-versa and to preserve the security of the data stored at the edge node.
Infrequent solutions utilize machine learning to detect jamming attacks that violate the
availability requirement, targeting the communication links between the IIoT devices and
edge nodes.
Most IIoT application layer security solutions are detection-based. These solutions
utilize machine learning to detect attacks that inherited traditional networks and IoT
environments, such as malware and a subtype of malware known as ransomware. These at-
tacks violate integrity, confidentiality, and authentication. Thus, detecting these attacks
might help security personnel take further countermeasures to prevent these attacks from
spreading to the IIoT devices (especially if they control the edge nodes). These approaches’
accuracies are reasonable, ranging from 70% to 99.5% depending on the used dataset.
8. Opportunities and Future Directions

Individuals and organizations have begun to appreciate the proficiency fog and edge
computing paradigms provided to the internet community. This appreciation extends
the utilization of these paradigms to store, communicate, and process resources through
edge/fog networks instead of CC. The advances of IIoT secure deployment on edge
computing were investigated in the previous section. After exploring the progress in the
state-of-the-art, there were still some deficiencies in several proposed techniques, hindering
the solution of the corresponding security issues. Emerging technologies, such as AI and
edge computing, provide various opportunities and issues when integrated into secure
IIoT environments. However, the scalability and resilience of edge and fog computing
involve various security and privacy challenges [1,213], which may be further investigated
by researchers. This section discusses some opportunities and challenges for the secure
deployment of IIoT devices at the edge, including secure data sharing, security monitoring,
and authentication and access control. This section also presents some insights into how
the security of IIoT might be advanced with the help of edge/fog computing and AI in the
near future.
8.1. Secure Data Sharing

IIoT devices generate a huge volume of real-time data; thus, data mining enables in-
dustries to make the right decisions and inevitably enhance their production efficiency [214].
Traditionally, the design of IIoT is mostly vertically supplied by closed applications, which
enable industries to enhance manufacturing processes in a single site. Thus, data islands are
forms that need to be split, through the utilization of edge computing, in order to improve
their flexibility. Secure data sharing is a complicated issue. Subdividing data islands in
an efficient manner and sharing real-time data generated by IIoT devices among hetero-
geneous applications and entities securely and in a timely manner is expected to become
a hot topic related to the IIoT-based edge computing paradigm. Sharing data via edge
computing faces two key issues: The limited performance of edge devices, which makes it
hard for robust security techniques to be applied, and the unavoidable huge amounts of
data, which may lead to more serious consequences (e.g., destruction and cyberattacks).
In this context, data generated by IIoT devices in edge computing can be securely shared
through the use of a blockchain [215]. Additionally, the unavoidable huge amounts of data
could be preprocessed by machine learning techniques to extract the meaning features and
feed these features to the edge devices for processing purposes.
Sensors 2023, 23, 7470 35 of 49
If an IIoT device wants to store sensitive data securely, resource-constrained devices

such as IIoT devices may not have the storage capacity and processing capability to enable
them to store data securely. Thus, edge computing provides IIoT devices with a solution.
The edge computing nodes can be equipped with sufficient computational (to deal with
complex encryption methods) and storage capabilities, which enable IIoT devices to store
data and share data securely. Moreover, edge computing nodes can be distributed close to
the IIoT devices, decreasing the associated latency. Even when big data are generated from
IIoT devices (i.e., those which cannot be processed or stored at the edge node), the edge
computing node could act as a server to the IIoT devices and a client for cloud computing
servers, facilitating data storage and processing (the edge node can also transparently
encrypt or decrypt data stored in the cloud server) [216,217]. Furthermore, since the edge
nodes are close to the IIoT devices (i.e., in the same local area network), data transmitted
between the IIoT devices and edge nodes will never leave the network premises, so complex
encryption mechanisms are not necessary. Therefore, IIoT devices would consider the
service to be provided by the edge node and do not need to be aware of the corresponding
security or storage methods.
As edge nodes can act as gateways between IIoT devices and external devices, indus-
tries can secure and control data flow to and from external devices. By setting up an edge
node, high-security standards can be maintained, mutual authentication with outside work
can be accomplished, and the limited capacity of IIoT devices can be overcome; hence, IIoT
devices only need to process secure communications with edge nodes. Additionally, the
edge node can activate the data flow strategy, in order to gain access to the content of the
message when processing the traffic passing through it [218].
The distributed service nature of edge and fog computing might lead to data leakage;
therefore, it is necessary to prevent unauthorized parties from disclosing stored or in-
transit data. Therefore, light encryption techniques such as cryptographic hashing and
homomorphic encryption methods could be utilized to protect the transmitted data stored
at distributed locations from disclosure. Encrypted data prevents disclosure even if the
attacker intercepts the data in transit or accesses secured data stored in specific servers.
Data exchanged between IIoT devices, or between IIoT devices and edge nodes,
should be transmitted securely, in order to prevent intruders from modifying or altering
the data even if interception occurs. Cryptographic signature verification systems are
notable techniques used to enforce integrity on exchanged data, similar to the GnuPG
technique (found at https://gnupg.org/ (accessed on 2 April 2023)), which is utilized
to sign transferred data digitally at the sender side and verify it at the receiver side.
Data integrity is of paramount significance to IIoT devices when utilizing services on edge
computing as, in this situation, the communication between the network entities depends
entirely on the network, considering the distributed nature of the network topology.
8.2. Security Monitoring

Edge computing platforms can be equipped with various capabilities, in order to
satisfy the needs of IIoT environments. Thus, they may serve as the perfect candidate to be
equipped with a substantial system capable of monitoring potential security threats.
An edge node can be equipped with an IDS capable of storing signatures of well-
known attacks, thus having the ability to detect intrusions from captured traffic based on
these signatures. In the case that the IDS is based on machine learning/deep learning and a
number of attack samples need to be used to train the machine learning algorithm, a cloud
server could be utilized to train the algorithm, and the weights could be transferred to
the edge node for the detection intrusions; hence, the latency issues associated with cloud
solutions can be addressed [219].
As sensors communicate their measurements directly to edge nodes, edge nodes can
execute anomaly detection mechanisms to ensure that the measurements are within an
acceptable range. Therefore, a complete security monitoring system could be deployed
to monitor data passing through the edge computing platforms to and from the IIoT
Sensors 2023, 23, 7470 36 of 49
environment, allowing for the detection and deterring of threats [220–222]. Additionally,
actions can be taken based on traffic passing through, in order to mitigate DoS or DDoS
attacks targeting IIoT environments or the edge computing infrastructure.
DoS attacks are among the primary issues restraining the availability of services from
authorized IIoT devices. These issues could be partially resolved by edge/fog comput-
ing, due to the distributed nature of the computational resources. However, DDoS could
degrade or prevent authorized IIoT devices from accessing these services. IIoT environ-
ments could deploy smart DNS resolution services, WAF, and other smart network traffic
monitoring and filtering techniques to ensure that services are always available.
8.3. Authentication and Access Control

Edge computing can address diverse authentication issues. Edge computing can be
applied to replace solutions that necessitate the need for third-party servers [223–227].
An edge node is not resource-constrained and can perform complex computational tasks,
consequently having the ability to act as a third-party service to provide IIoT devices with
the required authentication mechanism. One advantage of edge nodes over third-party
servers is their on-premise placement, providing IIoT devices with low latency when the
devices and edge nodes exchange authentication messages. Moreover, an edge node can
act as a certificate authority (An organization responsible for signing, storing, and issuing
digital certificates) for IIoT devices, thus improving upon conventional PKI infrastructures.
Therefore, edge nodes can form a peer-to-peer network to establish a united and powerful
key infrastructure [10].
Edge nodes could also serve as trusted gateways, adding new IIoT devices, remov-
ing existing ones, and being responsible for re-keying. Some existing works have de-
tailed devices with the required authentication ability through various types of servers,
including NFC tags [228–230], smart cards [231–233], RFID tags [234–238], and biometric
traits [239–241]. Edge nodes could become a substitute for such a server, and may be at-
tached to sensors, acting as proxies for sensor measurements. In this context, the scalability
could be expanded, as more fog nodes may be distributed such that they are reachable by
close IIoT devices. Therefore, if there is an urgent need to apply authentication for device
updates utilizing NFC keys or biometrics, maintenance engineers would need only the fog
node and its binding to the associated key, rather than searching for each device related to
the keys independently.
Other authentication capabilities could be brought to IIoT environments through
edge computing, such as TPM and TEE. This can be accomplished by setting up a secure
communication tunnel between the TEE or TPM and the edge node, as well as adopting a
key setup protocol equipped with a one-time pairing feature. Thus, future work is expected
to integrate trusted capabilities with edge computing platforms.
Similar to the opportunities related to authentication, access control could be enhanced
when integrated with edge computing to authorize IIoT devices. Resource-constrained
devices are not ideal places to carry out access control policies on; thus, these policies could
instead be relocated to edge nodes. This would introduce a new issue (i.e., centralization,
which might lead to SPOF), as all access control policies would be outsourced from IIoT
devices to a specific edge node. A possible solution to this issue is to distribute access
control policies through multiple edge nodes, in order to prevent the possibility of SPOF.
IIoT devices share the secure and reliable services provided by edge and fog computing,
so mutual trust between IIoT devices and between IIoT devices and edge/fog nodes should
be considered. This compels edge and fog servers to prove that the edge nodes that exchange
messages with IIoT devices are trustworthy and that their services are genuine. Meanwhile,
edge nodes must ensure the authenticity of the IIoT requesting services from edge nodes.
These challenges may lead the research community to develop mutual authentication models
for IIoT devices and edge nodes utilizing lightweight techniques/devices such as Trust
Chain [242] (an authentication scheme based on a permission-less Blockchain network)
and PUF [243] (an object that provides a physical component with a trust anchor or an
Sensors 2023, 23, 7470 37 of 49
unrivaled fingerprint by exploiting the intrinsic randomness introduced during production),

or developing techniques with low complexity to be deployed in IIoT environments.
8.4. Maintainability and Resilience

Industrial systems can benefit from edge computing in terms of maintainability. Since
most essential industrial systems are connected to the internet, this connectivity enables
brisk software management and updates. However, it is preferable to utilize edge comput-
ing devices to ascertain the validity of these updates and run thorough tests (e.g., running
the updates needed for the industrial systems at the edge in a sandbox environment to
ensure no anomalies reside before forwarding them to the industrial devices) [10]. This
practice also assures the continuity of services at the industrial systems, enabling them to
perform their routine tasks without degradation. Additionally, edge computing devices
could act as hubs for industrial systems where industrial devices can view software in-
formation, including the version number and required updates, or manage configuration
files for industrial devices. Since edge computing devices can provide an easily accessible
place to read NFC tags or other authentication modules, improving industrial systems
maintenance procedures and other authentication factors is feasible without attending to
each device for maintenance independently and physically.
Edge nodes can act as security agents capable of disabling and isolating compromised
industrial software. This practice enables network administrators or security personnel
to scrutinize the affected software thoroughly while the industrial devices perform other
routine tasks. Additionally, edge computing can overcome intermittent internet connectiv-
ity to cloud services. Edge devices can be provisioned with convenient processes usually
performed in the cloud and requested frequently by industrial systems. Therefore, the edge
node could provide the services if the connection to the cloud server fails. Also, industrial
devices sometimes send data to the cloud for processing purposes, so that intermittent
connectivity would be an issue. Thus, edge computing could be a medium to store or
forward data from its end to the cloud. In this manner, the edge node can buffer information
even if there is no internet connectivity and transmit the buffered information when the
internet connectivity is restored. Thus, industrial devices would be minimally affected by
intermittent connectivity.
9. Conclusions
As a modern industrial solution, IIoT connects network components using advanced
communication technologies, helping industries to monitor, exchange, collect, and analyze
data, thus simplifying crucial decision-making problems, improving productivity, and
significantly enhancing performance more than ever. Edge computing can be adopted
in the IIoT to process a portion of the large-scale real-time sensing data on the network’s
edge, near the origin of the data. In this way, the limited transmission bandwidth and
long-delay decision-making (i.e., if cloud computing is employed) issues may be resolved.
In this survey, a review of IIoT attacks, requirements, and solutions that utilize AI and edge
computing, with a focus on the period from 2017 to 2023, was conducted. The security
challenges were classified into three categories, based on the IIoT security layer: application
layer threats, network layer threats, and perception layer threats. We identified twenty-two
attacks that may target these IIoT layers: four attacks targeting the perception layer, eight
attacks targeting the network layer, and ten attacks exploiting application vulnerabilities.
Each attack was linked with the security requirement it violates and common countermea-
sures that could be taken to prevent the attack. Additionally, solutions proposed to detect
or prevent these attacks and to generally improve the security of IIoT were discussed. More-
over, challenges encountered in the IIoT field when adopting edge computing and AI were
detailed, along with the opportunities these technologies provide. Finally, future research
directions were proposed, providing researchers with insights into utilizing AI and edge
computing to secure the IIoT paradigm. Although edge computing presents various advan-
tages to the IIoT environment, it raises new overhead for maintenance personnel. It might
Sensors 2023, 23, 7470 38 of 49
mandate special training to more network administrators that belong to the organization,
making edge computing more expensive than cloud computing, which can be maintained
by experts on the service provider’s side. Additionally, in case of a security breach found
in a specific edge software, the maintenance team would be responsible for patching every
software installed on distributed edge devices compared to updating software only on
cloud computing infrastructure by security experts at the service provider’s end.
Funding: This research received no external funding.

Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.
Data Availability Statement: Not applicable.
Acknowledgments: The author would like to thank the University of Tabuk for supporting this work.
Conflicts of Interest: The author declares no conflict of interest.
Abbreviations
The following abbreviations are used in this manuscript:
ABC Artificial Bee Colony

ACL Access Control List
AES Advanced Encryption Standard
AI Artificial Intelligence
AMI Advanced Metering Infrastructure
ANN Artificial Neural Network
AP Access Point
API Application Programming Interface
AT&T American Telephone and Telegraph
AUC Area Under the Curve
B-LSTM Bidirectional Long Short-Term Memory
CC Cloud Computing
CFBPNN Cascade Forward Back-Propagation Neural Network
CFS Correlation-based Feature Selection
CIA Confidentiality, Integrity, Availability
CPS Cyber-Physical System
CSP Cloud Service Provider
CSRF Cross-Site Request Forgery
DDoS Distributed Denial of Service
DL Deep Learning
DNN Deep Neural Network
DNS Domain Name System
DoS Denial of Service
DSI Device-Side Injection
DSSS Direct Sequence Spread Spectrum
DTW Dynamic Time Warping
FDL Federated Deep Learning
FHSS Frequency Hopping Spread Spectrum
GDE Global Detection Enactor
GE General Electric
GM Geometric Mean
GnuPG GNU Privacy Guard
GRU Gated Recurrent Unit
HAN Home Area Network
HTTP HyperText Transfer Protocol
Sensors 2023, 23, 7470 39 of 49
IBM International Business Machines

ICS Industrial Control System
ICV Intelligent Connected Vehicles
IDS Intrusion Detection System
IIC Industrial Internet Consortium
IIoT Industrial Internet of Things
IIRA Industrial Internet Reference Architecture
I/O Input/Output
IoT Internet of Things
IoV Internet of Vehicles
IP Internet Protocol
IPFS Interplanetary File System
IPS Intrusion Prevention System
kNN k-Nearest Neighbors
LAE Long short-term memory Autoencoder
LR Logistic Regression
LSTM Long Short-Term Memory
MC Markov Chain
MCC Mobile Cloud Computing
ML Machine Learning
MLP Multi-Layer Perceptron
NARX Nonlinear Autoregressive network with eXogenous input
NFC Near-field Communication
OLE Object Linking and Embedding
OTA Over-The-Air
PEC Pervasive Edge Computing
PKI Public Key Infrastructure
PLC Program Logic Controller
PoV Proof of Vote
PSO Particle Swarm Optimization
PUF Physically Unclonable Functions
RCE Remote Code Execution
RFID Radio Frequency Identification
RNN Recurrent Neural Network
RPL Routing Protocol for Low-power and lossy networks
RPT Requesting Party Token
RSA Rivest, Shamir, and Adleman
RTT Round Trip Time
SCADA Supervisory Control And Data Acquisition
SDN Software-Defined Networking
SQL Structured Query Language
SQLI Structured Query Language Injection
SPOF Single Point Of Failure
SMB Server Message Block
SSI Server-Side Injection
SSRF Server-Side Request Forgery
SVM Support Vector Machine
TEE Trusted Execution Environment
TPM Trusted Platform Module
TTP Trusted Third Party
UMA User-Managed Access
VCC Vehicular Cloud Computing
VNF Virtual Network Function
WAF Web Application Firewall
Wi-Fi Wireless Fidelity
WSN Wireless Sensor Network
XGBoost eXtreme Gradient Boosting
XML eXtensible Markup Language
XSS Cross-Site Scripting
Sensors 2023, 23, 7470 40 of 49
References
1. Chalapathi, G.S.S.; Chamola, V.; Vaish, A.; Buyya, R. Industrial internet of things (iiot) applications of edge and fog computing:
A review and future directions. In Fog/Edge Computing For Security, Privacy, and Applications; Springer: Cham, Switzerland, 2021;
pp. 293–325.
2. Alotaibi, B. Utilizing blockchain to overcome cyber security concerns in the internet of things: A review. IEEE Sens. J. 2019, 19,
10953–10971. [CrossRef]
3. Shishehgarkhaneh, M.B.; Moehler, R.C.; Moradinia, S.F. Blockchain in the Construction Industry between 2016 and 2022: A Review,
Bibliometric, and Network Analysis. Smart Cities 2023, 6, 819–845.
4. Ahmad, T.; Zhang, D. Using the internet of things in smart energy systems and networks. Sustain. Cities Soc. 2021, 68, 102783.
5. Tufail, A.; Namoun, A.; Abi Sen, A.A.; Kim, K.H.; Alrehaili, A.; Ali, A. Moisture computing-based internet of vehicles (Iov)
architecture for smart cities. Sensors 2021, 21, 3785. [CrossRef]
6. Sisinni, E.; Saifullah, A.; Han, S.; Jennehag, U.; Gidlund, M. Industrial internet of things: Challenges, opportunities, and directions.
IEEE Trans. Ind. Inform. 2018, 14, 4724–4734.
7. Xu, H.; Yu, W.; Griffith, D.; Golmie, N. A survey on industrial Internet of Things: A cyber-physical systems perspective.
IEEE Access 2018, 6, 78238–78259. [CrossRef]
8. Basir, R.; Qaisar, S.; Ali, M.; Aldwairi, M.; Ashraf, M.I.; Mahmood, A.; Gidlund, M. Fog computing enabling industrial internet of
things: State-of-the-art and research challenges. Sensors 2019, 19, 4807.
9. Stefanescu, D.; Galán-García, P.; Montalvillo, L.; Unzilla, J.; Urbieta, A. Industrial Data Homogenization and Monitoring Scheme
with Blockchain Oracles. Smart Cities 2023, 6, 263–290.
10. Tange, K.; De Donno, M.; Fafoutis, X.; Dragoni, N. A systematic survey of industrial Internet of Things security: Requirements
and fog computing opportunities. IEEE Commun. Surv. Tutor. 2020, 22, 2489–2520.
11. Daugherty, P.; Berthon, B. Winning with the Industrial Internet of Things: How to Accelerate the Journey to Productivity and Growth;
Accenture: Dublín, Ireland, 2015.
12. Rabbani, M.M.; Dushku, E.; Vliegen, J.; Braeken, A.; Dragoni, N.; Mentens, N. Reserve: Remote attestation of intermittent
iot devices. In Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems, Coimbra, Portugal 15–17
November 2021; pp. 578–580.
13. Fernández-Carrasco, J.Á.; Echeberria-Barrio, X.; Paredes-García, D.; Zola, F.; Orduna-Urrutia, R. ChronoEOS 2.0: Device
Fingerprinting and EOSIO Blockchain Technology for On-Running Forensic Analysis in an IoT Environment. Smart Cities 2023, 6,
897–912. [CrossRef]
14. Xenofontos, C.; Zografopoulos, I.; Konstantinou, C.; Jolfaei, A.; Khan, M.K.; Choo, K.K.R. Consumer, commercial, and industrial
iot (in) security: Attack taxonomy and case studies. IEEE Internet Things J. 2021, 9, 199–221. [CrossRef]
15. Ferrag, M.A.; Friha, O.; Hamouda, D.; Maglaras, L.; Janicke, H. Edge-IIoTset: A new comprehensive realistic cyber security
dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access 2022, 10, 40281–40306. [CrossRef]
16. Botta, A.; De Donato, W.; Persico, V.; Pescapé, A. Integration of cloud computing and internet of things: A survey. Future Gener.
Comput. Syst. 2016, 56, 684–700. [CrossRef]
17. Díaz, M.; Martín, C.; Rubio, B. State-of-the-art, challenges, and open issues in the integration of Internet of things and cloud
computing. J. Netw. Comput. Appl. 2016, 67, 99–117. [CrossRef]
18. Javadzadeh, G.; Rahmani, A.M. Fog computing applications in smart cities: A systematic survey. Wirel. Netw. 2020, 26, 1433–1457.
[CrossRef]
19. Hussain, M.M.; Beg, M.S. Fog computing for internet of things (IoT)-aided smart grid architectures. Big Data Cogn. Comput.
2019, 3, 8. [CrossRef]
20. Alzoubi, Y.I.; Osmanaj, V.H.; Jaradat, A.; Al-Ahmad, A. Fog computing security and privacy for the Internet of Thing applications:
State-of-the-art. Secur. Priv. 2021, 4, e145. [CrossRef]
21. Qiu, T.; Chi, J.; Zhou, X.; Ning, Z.; Atiquzzaman, M.; Wu, D.O. Edge computing in industrial internet of things: Architecture,
advances and challenges. IEEE Commun. Surv. Tutor. 2020, 22, 2462–2488. [CrossRef]
22. Touqeer, H.; Zaman, S.; Amin, R.; Hussain, M.; Al-Turjman, F.; Bilal, M. Smart home security: Challenges, issues and solutions at
different IoT layers. J. Supercomput. 2021, 77, 14053–14089. [CrossRef]
23. Hazra, A.; Adhikari, M.; Amgoth, T.; Srirama, S.N. A comprehensive survey on interoperability for IIoT: Taxonomy, standards,
and future directions. ACM Comput. Surv. 2021, 55, 1–35. [CrossRef]
24. Alguliyev, R.; Imamverdiyev, Y.; Sukhostat, L. Cyber-physical systems and their security issues. Comput. Ind. 2018, 100, 212–223.
[CrossRef]
25. Ortiz, A.M.; Hussein, D.; Park, S.; Han, S.N.; Crespi, N. The cluster between internet of things and social networks: Review and
research challenges. IEEE Internet Things J. 2014, 1, 206–215. [CrossRef]
26. Pivoto, D.G.; de Almeida, L.F.; da Rosa Righi, R.; Rodrigues, J.J.; Lugli, A.B.; Alberti, A.M. Cyber-physical systems architectures
for industrial internet of things applications in Industry 4.0: A literature review. J. Manuf. Syst. 2021, 58, 176–192. [CrossRef]
27. Nunes, D.S.; Zhang, P.; Silva, J.S. A survey on human-in-the-loop applications towards an internet of all. IEEE Commun. Surv. Tutor.
2015, 17, 944–965. [CrossRef]
28. Stojmenovic, I. Machine-to-machine communications with in-network data aggregation, processing, and actuation for large-scale
cyber-physical systems. IEEE Internet Things J. 2014, 1, 122–128. [CrossRef]
Sensors 2023, 23, 7470 41 of 49
29. Dai, Y.; Guan, Y.L.; Leung, K.K.; Zhang, Y. Reconfigurable intelligent surface for low-latency edge computing in 6G. IEEE Wirel.
Commun. 2021, 28, 72–79. [CrossRef]
30. Gasmi, K.; Dilek, S.; Tosun, S.; Ozdemir, S. A survey on computation offloading and service placement in fog computing-based IoT.
J. Supercomput. 2022, 78, 1983–2014. [CrossRef]
31. Sofla, M.S.; Kashani, M.H.; Mahdipour, E.; Mirzaee, R.F. Towards effective offloading mechanisms in fog computing. Multimed.
Tools Appl. 2022, 81, 1997. [CrossRef]
32. Meneghello, F.; Calore, M.; Zucchetto, D.; Polese, M.; Zanella, A. IoT: Internet of threats? A survey of practical security
vulnerabilities in real IoT devices. IEEE Internet Things J. 2019, 6, 8182–8201. [CrossRef]
33. Neshenko, N.; Bou-Harb, E.; Crichigno, J.; Kaddoum, G.; Ghani, N. Demystifying IoT security: An exhaustive survey on IoT
vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Commun. Surv. Tutor. 2019, 21, 2702–2733.
[CrossRef]
34. Kouicem, D.E.; Bouabdallah, A.; Lakhlef, H. Internet of things security: A top-down survey. Comp. Netw. 2018, 141, 199–221.
[CrossRef]
35. Lezzi, M.; Lazoi, M.; Corallo, A. Cybersecurity for Industry 4.0 in the current literature: A reference framework. Comp. Ind. 2018,
103, 97–110. [CrossRef]
36. Hofer, F. Architecture, technologies and challenges for cyber-physical systems in industry 4.0: A systematic mapping study. In Pro-
ceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, New Orleans,
LA, USA, 26–27 October 2018; pp. 1–10.
37. Hansch, G.; Schneider, P.; Fischer, K.; Böttinger, K. A unified architecture for industrial IoT security requirements in open
platform communications. In Proceedings of the 2019 24th IEEE International Conference on Emerging Technologies and Factory
Automation (ETFA), Zaragoza, Spain, 10–13 September 2019; pp. 325–332.
38. Sadeghi, A.R.; Wachsmann, C.; Waidner, M. Security and privacy challenges in industrial Internet of things. In Proceedings of the
52nd Annual Design Automation Conference, San Fransisco, CA, USA, 7–11 June 2015; pp. 1–6.
39. Sajid, A.; Abbas, H.; Saleem, K. Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future
challenges. IEEE Access 2016, 4, 1375–1384. [CrossRef]
40. Tan, S.F.; Samsudin, A. Recent technologies, security countermeasure and ongoing challenges of Industrial Internet of Things
(IIoT): A survey. Sensors 2021, 21, 6647. [CrossRef] [PubMed]
41. Serror, M.; Hack, S.; Henze, M.; Schuba, M.; Wehrle, K. Challenges and opportunities in securing the industrial internet of things.
IEEE Trans. Ind. Inform. 2020, 17, 2985–2996. [CrossRef]
42. Jayalaxmi, P.; Saha, R.; Kumar, G.; Kumar, N.; Kim, T.H. A taxonomy of security issues in Industrial Internet-of-Things: Scoping
review for existing solutions, future implications, and research challenges. IEEE Access 2021, 9, 25344–25359. [CrossRef]
43. Ni, J.; Lin, X.; Shen, X.S. Toward edge-assisted Internet of Things: From security and efficiency perspectives. IEEE Netw. 2019,
33, 50–57. [CrossRef]
44. Guan, Y.; Shao, J.; Wei, G.; Xie, M. Data security and privacy in fog computing. IEEE Netw. 2018, 32, 106–111. [CrossRef]
45. Zhang, J.; Chen, B.; Zhao, Y.; Cheng, X.; Hu, F. Data security and privacy-preserving in edge computing paradigm: Survey and
open issues. IEEE Access 2018, 6, 18209–18237. [CrossRef]
46. Georgakopoulos, D.; Jayaraman, P.P.; Fazia, M.; Villari, M.; Ranjan, R. Internet of Things and edge cloud computing roadmap for
manufacturing. IEEE Cloud Comp. 2016, 3, 66–73. [CrossRef]
47. Seitz, A.; Buchinger, D.; Bruegge, B. The conjunction of fog computing and the industrial Internet of things-an applied ap-
proach. In Proceedings of the 2018 IEEE International Conference on Pervasive Computing and Communications Workshops
(PerCom Workshops), Athens, Greece, 19–23 March 2018; pp. 812–817.
48. Sittón-Candanedo, I.; Alonso, R.S.; Rodríguez-González, S.; García Coria, J.A.; De La Prieta, F. Edge computing architectures in
industry 4.0: A general survey and comparison. In Proceedings of the 14th International Conference on Soft Computing Models
in Industrial and Environmental Applications (SOCO 2019), Seville, Spain, 13–15 May 2019; Springer International Publishing:
Berlin/Heidelberg, Germany, 2020; pp. 121–131.
49. Steiner, W.; Poledna, S. Fog computing as enabler for the Industrial Internet of Things. Elektrotechnik Informationstechnik 2016, 133,
50. Aazam, M.; Zeadally, S.; Harras, K.A. Deploying fog computing in industrial Internet of things and industry 4.0. IEEE Trans.
Ind. Inform. 2018, 14, 4674–4682. [CrossRef]
51. Hassanzadeh, A.; Modi, S.; Mulchandani, S. Towards effective security control assignment in the Industrial Internet of Things.
In Proceedings of the 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy, 14–16 December 2015; pp. 795–800.
52. Ferrag, M.A.; Maglaras, L.A.; Janicke, H.; Jiang, J.; Shu, L. Authentication protocols for Internet of things: A comprehensive
survey. Secur. Commun. Netw. 2017, 2017, 6562953. [CrossRef]
53. Pereira, T.; Barreto, L.; Amaral, A. Network and information security challenges within Industry 4.0 paradigm. Procedia Manuf.
2017, 13, 1253–1260. [CrossRef]
54. Khurshid, A.; Khan, A.N.; Khan, F.G.; Ali, M.; Shuja, J.; Khan, A.U.R. Secure-CamFlow: A device-oriented security model to
assist information flow control systems in cloud environments for IoTs. Concurr. Comput. Pract. Exp. 2019, 31, e4729. [CrossRef]
Sensors 2023, 23, 7470 42 of 49
55. Dammak, M.; Boudia, O.R.M.; Messous, M.A.; Senouci, S.M.; Gransart, C. Token-based lightweight authentication to secure
IoT networks. In Proceedings of the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC),
Las Vegas, NV, USA, 11–14 January 2019; pp. 1–4.
56. Wang, F.; Cui, J.; Zhang, Q.; He, D.; Gu, C.; Zhong, H. Blockchain-Based Lightweight Message Authentication for Edge-Assisted
Cross-Domain Industrial Internet of Things. IEEE Trans. Dependable Secur. Comput. 2023, PrePrints. [CrossRef]
57. Falco, G.; Caldera, C.; Shrobe, H. IIoT cybersecurity risk modeling for SCADA systems. IEEE Internet Things J. 2018, 5, 4486–4495.
[CrossRef]
58. Riad, K.; Hamza, R.; Yan, H. Sensitive and energetic IoT access control for managing cloud electronic health records. IEEE Access
2019, 7, 86384–86393. [CrossRef]
59. Stallings, W.; Brown, L. Computer Security Principles and Practice, 3rd ed.; Pearson: Upper Saddle River, NJ, USA, 2015.
60. Machulak, M.; Richer, J.; Maler, E. User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization; Kantara Initiative: Richmond,
VA, USA, 2018.
61. Ragothaman, K.; Wang, Y.; Rimal, B.; Lawrence, M. Access control for IoT: A survey of existing research, dynamic policies and
future directions. Sensors 2023, 23, 1805. [CrossRef]
62. Dwivedi, S.K.; Amin, R.; Vollala, S. Smart contract and ipfs-based trustworthy secure data storage and device authentication
scheme in fog computing environment. Peer–Peer Netw. Appl. 2023, 16, 1–21. [CrossRef]
63. Hameed, S.; Khan, F.I.; Hameed, B. Understanding security requirements and challenges in Internet of Things (IoT): A review.
J. Comput. Netw. Commun. 2019, 2019, 9629381. [CrossRef]
64. Wu, H.; Miao, Y.; Zhang, P.; Tian, Y.; Tian, H. Resilience in Industrial Internet of Things Systems: A Communication Perspective.
arXiv 2022, arXiv:2206.00217.
65. Laszka, A.; Abbas, W.; Vorobeychik, Y.; Koutsoukos, X. Synergistic security for the industrial internet of things: Integrating
redundancy, diversity, and hardening. In Proceedings of the 2018 IEEE International Conference on Industrial Internet (ICII),
Seattle, WA, USA, 21–23 October 2018; pp. 153–158.
66. Zhou, L.; Guo, H. Anomaly detection methods for IIoT networks. In Proceedings of the 2018 IEEE International Conference on
Service Operations and Logistics, and Informatics (SOLI), Singpapore, 31 July–2 August 2018; pp. 214–219.
67. Zhao, Y.; Liu, Y.; Tian, A.; Yu, Y.; Du, X. Blockchain based privacy-preserving software updates with proof-of-delivery for internet
of things. J. Parallel Distrib. Comput. 2019, 132, 141–149. [CrossRef]
68. Bakhshi, Z.; Balador, A.; Mustafa, J. Industrial IoT security threats and concerns by considering Cisco and Microsoft IoT
reference models. In Proceedings of the 2018 IEEE Wireless Communications and Networking Conference Workshops (WCNCW),
Barcelona, Spain, 15–18 April 2018; pp. 173–178.
69. Solangi, Z.A.; Solangi, Y.A.; Chandio, S.; bin Hamzah, M.S.; Shah, A. The future of data privacy and security concerns in Internet
of Things. In Proceedings of the 2018 IEEE International Conference on Innovative Research and Development (ICIRD), Bangkok,
Thailand, 11–12 May 2018; pp. 1–4.
70. Khan, W.Z.; Aalsalem, M.Y.; Khan, M.K. Communal acts of IoT consumers: A potential threat to security and privacy. IEEE Trans.
Consum. Electron. 2018, 65, 64–72. [CrossRef]
71. Niu, S.; Hu, Y.; Su, Y.; Yan, S.; Zhou, S. Attribute-based searchable encrypted scheme with edge computing for Industrial Internet
of Things. J. Syst. Archit. 2023, 139, 102889. [CrossRef]
72. Zhou, L.; Yeh, K.H.; Hancke, G.; Liu, Z.; Su, C. Security and privacy for the industrial internet of things: An overview of
approaches to safeguarding endpoints. IEEE Signal Process. Mag. 2018, 35, 76–87. [CrossRef]
73. Settanni, G.; Skopik, F.; Karaj, A.; Wurzenberger, M.; Fiedler, R. Protecting cyber physical production systems using anomaly
detection to enable self-adaptation. In Proceedings of the 2018 IEEE Industrial Cyber-Physical Systems (ICPS), Saint Petersburg,
Russia, 15–18 May 2018; pp. 173–180.
74. Zolanvari, M.; Teixeira, M.A.; Jain, R. Effect of imbalanced datasets on security of industrial IoT using machine learning.
In Proceedings of the 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), Miami, FL, USA, 9–11
November 2018; pp. 112–117.
75. Zugasti, E.; Iturbe, M.; Garitano, I.; Zurutuza, U. Null is not always empty: Monitoring the null space for field-level anomaly
detection in industrial IoT environments. In Proceedings of the 2018 Global Internet of Things Summit (GIoTS), Bilbao, Spain,
4–7 June 2018; pp. 1–6.
76. Elrawy, M.F.; Awad, A.I.; Hamed, H.F. Intrusion detection systems for IoT-based smart environments: A survey. J. Cloud Comput.
2018, 7, 21. [CrossRef]
77. Rubio-Loyola, J.; Sala, D.; Ali, A.I. Accurate real-time monitoring of bottlenecks and performance of packet trace collection.
In Proceedings of the 2008 33rd IEEE Conference on Local Computer Networks (LCN), Montreal, AB, Canada, 14–17 October
2018; pp. 884–891.
78. Rubio-Loyola, J.; Sala, D.; Ali, A.I. Maximizing packet loss monitoring accuracy for reliable trace collections. In Proceedings of
the 2008 16th IEEE Workshop on Local and Metropolitan Area Networks, Transylvania, Romania, 3–6 September 2008; pp. 61–66.
79. Ghorbani, A.A.; Lu, W.; Tavallaee, M. Network Intrusion Detection and Prevention; Advances in Information Security; Springer:
New York, NY, USA, 2010; 223p.
80. Anwar, S.; Mohamad Zain, J.; Zolkipli, M.F.; Inayat, Z.; Khan, S.; Anthony, B.; Chang, V. From intrusion detection to an intrusion
response system: Fundamentals, requirements, and future directions. Algorithms 2017, 10, 39. [CrossRef]
Sensors 2023, 23, 7470 43 of 49
81. Bul’ajoul, W.; James, A.; Pannu, M. Improving network intrusion detection system performance through quality of service
configuration and parallel technology. J. Comput. Syst. Sci. 2015, 81, 981–999. [CrossRef]
82. Meng, W.; Li, W.; Kwok, L.F. EFM: Enhancing the performance of signature-based network intrusion detection systems using
enhanced filter mechanism. Comp. Secur. 2014, 43, 189–204. [CrossRef]
83. Abduvaliyev, A.; Pathan, A.S.K.; Zhou, J.; Roman, R.; Wong, W.C. On the vital areas of intrusion detection systems in wireless
sensor networks. IEEE Commun. Surv. Tutor. 2013, 15, 1223–1237. [CrossRef]
84. Nisioti, A.; Mylonas, A.; Yoo, P.D.; Katos, V. From intrusion detection to attacker attribution: A comprehensive survey of
unsupervised methods. IEEE Commun. Surv. Tutor. 2018, 20, 3369–3388. [CrossRef]
85. Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K. Network anomaly detection: Methods, systems and tools. IEEE Commun.
Surv. Tutor. 2013, 16, 303–336. [CrossRef]
86. Hong, J.; Liu, C.C.; Govindarasu, M. Integrated anomaly detection for cyber security of the substations. IEEE Trans. Smart Grid
2014, 5, 1643–1653. [CrossRef]
87. Mishra, P.; Pilli, E.S.; Varadharajan, V.; Tupakula, U. Intrusion detection techniques in cloud environment: A survey. J. Netw.
Comput. Appl. 2017, 77, 18–47.
88. Javeed, D.; Gao, T.; Saeed, M.S.; Khan, M.T. FOG-empowered Augmented Intelligence-based Proactive Defensive Mechanism for
IoT-enabled Smart Industries. IEEE Internet Things J. 2023, preprint. [CrossRef]
89. Lesjak, C.; Ruprechter, T.; Bock, H.; Haid, J.; Brenner, E. ESTADO—Enabling smart services for industrial equipment through
a secured, transparent and ad-hoc data transmission online. In Proceedings of the 9th International Conference for Internet
Technology and Secured Transactions (ICITST-2014), London, UK, 8–10 December 2014; pp. 171–177.
90. Autenrieth, P.; Lörcher, C.; Pfeiffer, C.; Winkens, T.; Martin, L. Current significance of IT-infrastructure enabling industry 4.0
in large companies. In Proceedings of the 2018 IEEE International Conference on Engineering, Technology and Innovation
(ICE/ITMC), Stuttgart, Germany, 17–20 June 2018; pp. 1–8.
91. Jazdi, N. Cyber physical systems in the context of Industry 4.0. In Proceedings of the 2014 IEEE International Conference on
Automation, Quality and Testing, Robotics, Cluj-Napoca, Romania, 22–24 May 2014; pp. 1–4.
92. Moyne, J.; Mashiro, S.; Gross, D. Determining a security roadmap for the microelectronics industry. In Proceedings of the 2018
29th Annual SEMI Advanced Semiconductor Manufacturing Conference (ASMC), Saratoga Springs, NY, USA, 30 April–3 May
2018; pp. 291–294.
93. Benias, N.; Markopoulos, A.P. A review on the readiness level and cyber-security challenges in Industry 4.0. In Proceedings of the
2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference
(SEEDA-CECNSM), Kastoria, Greece, 23–25 September 2017; pp. 1–5.
94. Drias, Z.; Serhrouchni, A.; Vogel, O. Analysis of cyber security for industrial control systems. In Proceedings of the 2015
International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai,
China, 5–7 August 2015; pp. 1–8.
95. Oztemel, E.; Gursev, S. Literature review of Industry 4.0 and related technologies. J. Intell. Manuf. 2020, 31, 127–182.
96. Zhou, K.; Liu, T.; Zhou, L. Industry 4.0: Towards future industrial opportunities and challenges. In Proceedings of the 2015
12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), Zhangjiajie, China, 15–17 August 2015;
pp. 2147–2152.
97. Putra, F.A.; Ramli, K.; Hayati, N.; Gunawan, T.S. PURA-SCIS protocol: A novel solution for cloud-based information sharing
protection for sectoral organizations. Symmetry 2021, 13, 2347. [CrossRef]
98. Esposito, C.; Castiglione, A.; Martini, B.; Choo, K.K.R. Cloud manufacturing: Security, privacy, and forensic concerns. IEEE Cloud
Comput. 2016, 3, 16–22. [CrossRef]
99. Abba Ari, A.A.; Ngangmo, O.K.; Titouna, C.; Thiare, O.; Mohamadou, A.; Gueroui, A.M. Enabling privacy and security in Cloud
of Things: Architecture, applications, security & privacy challenges. Appl. Comput. Inform. 2020, ahead-of-print.
100. Hosen, A.S.; Sharma, P.K.; Puthal, D.; Ra, I.H.; Cho, G.H. SECBlock-IIoT: A Secure Blockchain-enabled Edge Computing
Framework for Industrial Internet of Things. In Proceedings of the Third International Symposium on Advanced Security on
Software and Systems, Melbourne, Australia, 10 July 2023; pp. 1–14.
101. Abosata, N.; Al-Rubaye, S.; Inalhan, G.; Emmanouilidis, C. Internet of things for system integrity: A comprehensive survey on
security, attacks and countermeasures for industrial applications. Sensors 2021, 21, 3654. [CrossRef]
102. Chakrabarty, S.; Engels, D.W.; Thathapudi, S. Black SDN for the Internet of Things. In Proceedings of the 2015 IEEE 12th
International Conference on Mobile Ad Hoc and Sensor Systems, Dallas, TX, USA, 19–22 October 2015; pp. 190–198.
103. Lakshminarayana, S.; Karachiwala, J.S.; Chang, S.Y.; Revadigar, G.; Kumar, S.L.S.; Yau, D.K.; Hu, Y.C. Signal jamming attacks
against communication-based train control: Attack impact and countermeasure. In Proceedings of the 11th ACM Conference on
Security & Privacy in Wireless and Mobile Networks, New York, NY, USA, 22–26 June 2018; pp. 160–171.
104. Aarika, K.; Bouhlal, M.; Abdelouahid, R.A.; Elfilali, S.; Benlahmar, E. Perception layer security in the internet of things. Procedia
Comput. Sci. 2020, 175, 591–596. [CrossRef]
105. Abdul-Ghani, H.A.; Konstantas, D. A comprehensive study of security and privacy guidelines, threats, and countermeasures:
An IoT perspective. J. Sens. Actuator Netw. 2019, 8, 22. [CrossRef]
106. Farha, F.; Ning, H.; Yang, S.; Xu, J.; Zhang, W.; Choo, K.K.R. Timestamp scheme to mitigate replay attacks in secure ZigBee
networks. IEEE Trans. Mob. Comput. 2020, 21, 342–351. [CrossRef]
Sensors 2023, 23, 7470 44 of 49
107. Grammatikis, P.I.R.; Sarigiannidis, P.G.; Moscholios, I.D. Securing the Internet of Things: Challenges, threats and solutions.
Internet Things 2019, 5, 41–70. [CrossRef]
108. Hasan, M.K.; Ghazal, T.M.; Saeed, R.A.; Pandey, B.; Gohel, H.; Eshmawi, A.A.; Abdel-Khalek, S.; Alkhassawneh, H.M. A review
on security threats, vulnerabilities, and counter measures of 5G enabled Internet-of-Medical-Things. IET Commun. 2022, 16,
109. Kaliyar, P.; Jaballah, W.B.; Conti, M.; Lal, C. LiDL: Localization with early detection of sybil and wormhole attacks in IoT networks.
Comput. Secur. 2020, 94, 101849. [CrossRef]
110. Patel, M.; Aggarwal, A.; Chaubey, N. Wormhole attacks and countermeasures in wireless sensor networks: A survey. Int. J. Eng.
Technol. (IJET) 2017, 9, 1049–1060. [CrossRef]
111. Djuitcheu, H.; Debes, M.; Aumüller, M.; Seitz, J. Recent review of distributed denial of service attacks in the internet of things.
In Proceedings of the 2022 5th Conference on Cloud and Internet of Things (CIoT), Marrakech, Morocco, 28–30 March 2022;
pp. 32–39.
112. Tsiknas, K.; Taketzis, D.; Demertzis, K.; Skianis, C. Cyber threats to industrial IoT: A survey on attacks and countermeasures. IoT
2021, 2, 163–186. [CrossRef]
113. Sharma, M.; Bhushan, B.; Khamparia, A. Securing Internet of Things: Attacks, countermeasures and open challenges. In Emerging
Technologies in Data Mining and Information Security: Proceedings of IEMIS 2020; Springer: Singapore, 2021; Volume 1, pp. 873–885.
114. Sharma, G.; Vidalis, S.; Anand, N.; Menon, C.; Kumar, S. A survey on layer-wise security attacks in IoT: Attacks, countermeasures,
and open-issues. Electronics 2021, 10, 2365. [CrossRef]
115. Butun, I.; Österberg, P.; Song, H. Security of the Internet of Things: Vulnerabilities, attacks, and countermeasures. IEEE Commun.
Surv. Tutor. 2019, 22, 616–644. [CrossRef]
116. Bagga, M.; Thakral, P.; Bagga, T. A Study on IoT: Model, Communication Protocols, Security Hazards & Countermeasures.
In Proceedings of the 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC), Solan, India,
20–22 December 2018; pp. 591–598.
117. Rodríguez, G.E.; Torres, J.G.; Flores, P.; Benavides, D.E. Cross-site scripting (XSS) attacks and mitigation: A survey. Comput. Netw.
2020, 166, 106960. [CrossRef]
118. Prabhavathy, M.; Umamaheswari, S. Prevention of Runtime Malware Injection Attack in Cloud Using Unsupervised Learning.
Intell. Autom. Soft Comput. 2022, 32, 101–114. [CrossRef]
119. Xing, K.; Srinivasan, S.S.R.; Rivera, M.J.M.; Li, J.; Cheng, X. Attacks and countermeasures in sensor networks: A survey. In Network
Security; Springer: Boston, MA, USA, 2010; pp. 251–272.
120. Halfond, W.G.; Viegas, J.; Orso, A. A classification of SQL-injection attacks and countermeasures. IEEE Int. Symp. Secur. Softw. Eng.
2006, 1, 13–15.
121. Silva, J.A.H.; López, L.I.B.; Caraguay, Á.L.V.; Hernández-Álvarez, M. A survey on situational awareness of ransomware
attacks—Detection and prevention parameters. Remote Sens. 2019, 11, 1168. [CrossRef]
122. Spreitzer, R.; Moonsamy, V.; Korak, T.; Mangard, S. Systematic classification of side-channel attacks: A case study for mobile
devices. IEEE Commun. Surv. Tutor. 2017, 20, 465–488. [CrossRef]
123. Jesudoss, A.; Subramaniam, N. A survey on authentication attacks and countermeasures in a distributed environment. Indian J.
Comput. Sci. Eng. (IJCSE) 2014, 5, 71–77.
124. Deogirikar, J.; Vidhate, A. Security attacks in IoT: A survey. In Proceedings of the 2017 International Conference on I-SMAC
(IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 10–11 February 2017; pp. 32–37.
125. Kumar, S.; Sahoo, S.; Mahapatra, A.; Swain, A.K.; Mahapatra, K.K. Security enhancements to system on chip devices for IoT
perception layer. In Proceedings of the 2017 IEEE International Symposium on Nanoelectronic and Information Systems (iNIS),
Bhopal, India, 18–20 December 2017; pp. 151–156.
126. Ingham, M.; Marchang, J.; Bhowmik, D. IoT security vulnerabilities and predictive signal jamming attack analysis in LoRaWAN.
IET Inf. Secur. 2020, 14, 368–379. [CrossRef]
127. Ahmad, I.; Niazy, M.S.; Ziar, R.A.; Khan, S. Survey on IoT: Security threats and applications. J. Robot. Control. (JRC) 2021, 2, 42–46.
[CrossRef]
128. Kalinin, E.; Belyakov, D.; Bragin, D.; Konev, A. IoT Security Mechanisms in the Example of BLE. Computers 2021, 10, 162.
[CrossRef]
129. Kakkar, L.; Gupta, D.; Saxena, S.; Tanwar, S. IoT architectures and its security: A review. In Proceedings of the Second International
Conference on Information Management and Machine Intelligence: ICIMMI, Jaipur, India, 23–24 December 2020; pp. 87–94.
130. Wallgren, L.; Raza, S.; Voigt, T. Routing attacks and countermeasures in the RPL-based internet of things. Int. J. Distrib. Sens. Netw.
2013, 9, 794326. [CrossRef]
131. Shah, Y.; Sengupta, S. A survey on Classification of Cyber-attacks on IoT and IIoT devices. In Proceedings of the 2020 11th IEEE
Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York City, NY, USA, 28–31
October 2020; pp. 0406–0413.
132. de Oliveira, G.H.; de Souza Batista, A.; Nogueira, M.; dos Santos, A.L. An access control for IoT based on network community
perception and social trust against Sybil attacks. Int. J. Netw. Manag. 2022, 32, e2181. [CrossRef]
Sensors 2023, 23, 7470 45 of 49
133. Morales-Molina, C.D.; Hernandez-Suarez, A.; Sanchez-Perez, G.; Toscano-Medina, L.K.; Perez-Meana, H.; Olivares-Mercado, J.;
Sanchez, V.; Garcia-Villalba, L.J. A dense neural network approach for detecting clone id attacks on the rpl protocol of the iot.
Sensors 2021, 21, 3173. [CrossRef] [PubMed]
134. Pongle, P.; Chavan, G. A survey: Attacks on RPL and 6LoWPAN in IoT. In Proceedings of the 2015 International Conference on
Pervasive Computing (ICPC), Pune, India, 8–10 January 2015; pp. 1–6.
135. Kamaleshwar, T.; Lakshminarayanan, R.; Teekaraman, Y.; Kuppusamy, R.; Radhakrishnan, A. Self-adaptive framework for
rectification and detection of black hole and wormhole attacks in 6lowpan. Wirel. Commun. Mob. Comput. 2021, 2021, 1–8.
[CrossRef]
136. Bhosale, S.A.; Sonavane, S.S. Wormhole attack detection system for IoT network: A hybrid approach. Wirel. Pers. Commun. 2022,
124, 1081–1108. [CrossRef]
137. Adefemi Alimi, K.O.; Ouahada, K.; Abu-Mahfouz, A.M.; Rimer, S.; Alimi, O.A. Refined LSTM based intrusion detection for
denial-of-service attack in Internet of Things. J. Sens. Actuator Netw. 2022, 11, 32. [CrossRef]
138. Jazzar, M.; Hamad, M. An Analysis Study of IoT and DoS Attack Perspective. In Proceedings of the International Conference on
Intelligent Cyber-Physical Systems: ICPS 2021, Victoria, BC, Canada, 10–12 May 2022; pp. 127–142.
139. Narayanan, A.; De Sena, A.S.; Gutierrez-Rojas, D.; Melgarejo, D.C.; Hussain, H.M.; Ullah, M.; Bayhan, S.; Nardelli, P.H.
Key advances in pervasive edge computing for industrial internet of things in 5 g and beyond. IEEE Access 2020, 8, 206734–206754.
[CrossRef]
140. Bhardwaj, K.; Miranda, J.C.; Gavrilovska, A. Towards IoT-DDoS Prevention Using Edge Computing. In Proceedings of the
USENIX Workshop on Hot Topics in Edge Computing (HotEdge 18), Boston, MA, USA, 10 July 2018.
141. Zhou, L.; Guo, H.; Deng, G. A fog computing based approach to DDoS mitigation in IIoT systems. Compu. Secur. 2019, 85, 51–62.
[CrossRef]
142. Antonakakis, M.; April, T.; Bailey, M.; Bernhard, M.; Bursztein, E.; Cochran, J.; Durumeric, Z.; Halderman, J.A.; Invernizzi, L.;
Kallitsis, M.; et al. Understanding the mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17),
Vancouver, BC, USA, 23 May 2017; pp. 1093–1110.
143. Ding, J.; Zhang, H.; Guo, Z.; Wu, Y. The DPC-based scheme for detecting selective forwarding in clustered wireless sensor
networks. IEEE Access 2021, 9, 20954–20967. [CrossRef]
144. Ioannou, C.; Vassiliou, V. Network attack classification in IoT using support vector machines. J. Sens. Actuator Netw. 2021, 10, 58.
[CrossRef]
145. Ioulianou, P.P.; Vassilakis, V.G.; Shahandashti, S.F. A trust-based intrusion detection system for RPL networks: Detecting
a combination of rank and blackhole attacks. J. Cybersecur. Priv. 2022, 2, 124–153. [CrossRef]
146. Abdul-Ghani, H.A.; Konstantas, D.; Mahyoub, M. A comprehensive IoT attacks survey based on a building-blocked reference
model. Int. J. Adv. Comput. Sci. Appl. 2018, 9, 355–373.
147. Donta, P.K.; Srirama, S.N.; Amgoth, T.; Annavarapu, C.S.R. Survey on recent advances in IoT application layer protocols and
machine learning scope for research directions. Digit. Commun. Netw. 2022, 8, 727–744. [CrossRef]
148. Al-Hawawreh, M.; Sitnikova, E. Leveraging deep learning models for ransomware detection in the industrial internet of things
environment. In Proceedings of the 2019 Military Communications and Information Systems Conference (MilCIS), Canberra,
Australia, 12–14 November 2019; pp. 1–6.
149. Abdullah, A.; Hamad, R.; Abdulrahman, M.; Moala, H.; Elkhediri, S. CyberSecurity: A review of Internet of things (IoT)
security issues, challenges and techniques. In Proceedings of the 2019 2nd International Conference on Computer Applications &
Information Security (ICCAIS), Online, 23–24 December 2019; pp. 1–6.
150. Acar, G.; Huang, D.Y.; Li, F.; Narayanan, A.; Feamster, N. Web-based attacks to discover and control local IoT devices. In Proceed-
ings of the 2018 Workshop on IoT Security and Privacy, Budapest, Hungary, 20 August 2018; pp. 29–35.
151. Watson, M.R.; Marnerides, A.K.; Mauthe, A.; Hutchison, D. Malware detection in cloud computing infrastructures. IEEE Trans.
Dependable Secur. Comput. 2015, 13, 192–205. [CrossRef]
152. Barron, C.; Yu, H.; Zhan, J. Cloud computing security case studies and research. In Proceedings of the World Congress on
Engineering, London, UK, 3–5 July 2013; Volume 2, Number 2, pp. 1–6.
153. Xiao, Y.; Jia, Y.; Liu, C.; Cheng, X.; Yu, J.; Lv, W. Edge computing security: State of the art and challenges. Proc. IEEE 2019, 107,
1608–1631. [CrossRef]
154. Gautam, S.; Malik, A.; Singh, N.; Kumar, S. Recent advances and countermeasures against various attacks in IoT environment.
In Proceedings of the 2019 2nd International Conference on Signal Processing and Communication (ICSPC), Coimbatore, India,
29–30 March 2019; pp. 315–319.
155. Zolanvari, M.; Teixeira, M.A.; Gupta, L.; Khan, K.M.; Jain, R. Machine learning-based network vulnerability analysis of industrial
Internet of Things. IEEE Internet Things J. 2019, 6, 6822–6834. [CrossRef]
156. Humayun, M.; Jhanjhi, N.Z.; Alsayat, A.; Ponnusamy, V. Internet of things and ransomware: Evolution, mitigation and prevention.
Egypt. Inform. J. 2021, 22, 105–117.
157. Xu, Y.; Cui, W.; Peinado, M. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceed-
ings of the 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 17–21 May 2015; pp. 640–656.
Sensors 2023, 23, 7470 46 of 49
158. Zhang, T.; Zhang, Y.; Lee, R.B. Cloudradar: A real-time side-channel attack detection system in clouds. In Proceedings of the
Research in Attacks, Intrusions, and Defenses: 19th International Symposium, RAID, Paris, France, 19–21 September 2016;
pp. 118–140.
159. Lyu, Y.; Mishra, P. A survey of side-channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2018, 2, 33–50.
160. Ansari, M.S.; Alsamhi, S.H.; Qiao, Y.; Ye, Y.; Lee, B. Security of Distributed Intelligence in Edge Computing: Threats and
countermeasures. In The Cloud-to-Thing Continuum: Opportunities and Challenges in Cloud, Fog and Edge Computing; Palgrave
Macmillan: Cham, Switzerland, 2020; pp. 95–122.
161. Alkhwaja, I.; Albugami, M.; Alkhwaja, A.; Alghamdi, M.; Abahussain, H.; Alfawaz, F.; Almurayh, A.; Min-Allah, N. Password
Cracking with Brute Force Algorithm and Dictionary Attack Using Parallel Programming. Appl. Sci. 2023, 13, 5979. [CrossRef]
162. Zuin, N.K.; Selvarajah, V. A Case Study: SYN Flood Attack Launched Through Metasploit. In Proceedings of the 3rd International
Conference on Integrated Intelligent Computing Communication & Security (ICIIC 2021), Bangalore, India, 6–7 August 2021;
pp. 520–525.
163. Qiu, T.; Liu, J.; Si, W.; Wu, D.O. Robustness optimization scheme with multi-population co-evolution for scale-free wireless sensor
networks. IEEE/ACM Trans. Netw. 2019, 27, 1028–1042. [CrossRef]
164. Diro, A.; Chilamkurti, N. Leveraging LSTM networks for attack detection in fog-to-things communications. IEEE Commun. Mag.
2018, 56, 124–130. [CrossRef]
165. Chekired, D.A.; Khoukhi, L.; Mouftah, H.T. Fog-based distributed intrusion detection system against false metering attacks in
smart grid. In Proceedings of the ICC 2019 IEEE International Conference on Communications (ICC), Shanghai, China, 20–24
May 2019; pp. 1–6.
166. Huang, H.; Ye, P.; Hu, M.; Wu, J. A multi-point collaborative DDoS defense mechanism for IIoT environment. Digit. Commun.
Netw. 2023, 9, 590–601.
167. Mudassir, M.; Unal, D.; Hammoudeh, M.; Azzedin, F. Detection of botnet attacks against industrial IoT systems by multilayer
deep learning approaches. Wirel. Commun. Mob. Comput. 2022, 2022, 2845446. [CrossRef]
168. Tsogbaatar, E.; Bhuyan, M.H.; Taenaka, Y.; Fall, D.; Gonchigsumlaa, K.; Elmroth, E.; Kadobayashi, Y. DeL-IoT: A deep ensemble
learning approach to uncover anomalies in IoT. Internet Things 2021, 14, 100391.
169. Popoola, S.I.; Adebisi, B.; Hammoudeh, M.; Gui, G.; Gacanin, H. Hybrid deep learning for botnet attack detection in the
internet-of-things networks. IEEE Internet Things J. 2020, 8, 4944–4956.
170. Popoola, S.I.; Adebisi, B.; Ande, R.; Hammoudeh, M.; Anoh, K.; Atayero, A.A. smote-drnn: A deep learning algorithm for botnet
detection in the internet-of-things networks. Sensors 2021, 21, 2985. [CrossRef]
171. Jayalaxmi, P.L.S.; Kumar, G.; Saha, R.; Conti, M.; Kim, T.H.; Thomas, R. DeBot: A deep learning-based model for bot detection in
industrial internet-of-things. Comput. Electr. Eng. 2022, 102, 108214.
172. Alani, M.M. BotStop: Packet-based efficient and explainable IoT botnet detection using machine learning. Comput. Commun. 2022,
193, 53–62.
173. Popoola, S.I.; Ande, R.; Adebisi, B.; Gui, G.; Hammoudeh, M.; Jogunola, O. Federated deep learning for zero-day botnet attack
detection in IoT-edge devices. IEEE Internet Things J. 2021, 9, 3930–3944.
174. Li, J.; Lyu, L.; Liu, X.; Zhang, X.; Lyu, X. FLEAM: A federated learning empowered architecture to mitigate DDoS in industrial IoT.
IEEE Trans. Ind. Inform. 2021, 18, 4059–4068. [CrossRef]
175. Wazid, M.; Reshma Dsouza, P.; Das, A.K.; Bhat, K.V.; Kumar, N.; Rodrigues, J.J. RAD-EI: A routing attack detection scheme for
edge-based Internet of Things environment. Int. J. Commun. Syst. 2019, 32, e4024.
176. Singh, T.; Aksanli, B. Real-time traffic monitoring and SQL injection attack detection for edge networks. In Proceedings of the
15th ACM International Symposium on QoS and Security for Wireless and Mobile Networks, Miami Beach, FL, USA, 14–17 May
2019; pp. 29–36.
177. Yan, Q.; Huang, W.; Luo, X.; Gong, Q.; Yu, F.R. A multi-level DDoS mitigation framework for the industrial Internet of Things.
IEEE Commun. Mag. 2018, 56, 30–36. [CrossRef]
178. Simpson, S.V.; Nagarajan, G. A fuzzy based co-operative blackmailing attack detection scheme for edge computing nodes in
MANET-IOT environment. Future Gener. Comput. Syst. 2021, 125, 544–563.
179. Zaminkar, M.; Fotohi, R. SoS-RPL: Securing internet of things against sinkhole attack using RPL protocol-based node rating and
ranking mechanism. Wirel. Pers. Commun. 2020, 114, 1287–1312. [CrossRef]
180. Khan, F.; Jan, M.A.; ur Rehman, A.; Mastorakis, S.; Alazab, M.; Watters, P. A secured and intelligent communication scheme for
IIoT-enabled pervasive edge computing. IEEE Trans. Ind. Inform. 2020, 17, 5128–5137. [CrossRef] [PubMed]
181. Lawal, M.A.; Shaikh, R.A.; Hassan, S.R. An anomaly mitigation framework for iot using fog computing. Electronics 2020, 9, 1565.
[CrossRef]
182. Alharbi, A.; Alosaimi, W.; Alyami, H.; Rauf, H.T.; Damaševičius, R. Botnet attack detection using local global best bat algorithm
for industrial internet of things. Electronics 2021, 10, 1341. [CrossRef]
183. Nguyen, T.N.; Ngo, Q.D.; Nguyen, H.T.; Nguyen, G.L. An advanced computing approach for IoT-botnet detection in industrial
Internet of Things. IEEE Trans. Ind. Inform. 2022, 18, 8298–8306. [CrossRef]
184. Alqahtani, M.; Mathkour, H.; Ben Ismail, M.M. IoT botnet attack detection based on optimized extreme gradient boosting and
feature selection. Sensors 2020, 20, 6336. [CrossRef]
Sensors 2023, 23, 7470 47 of 49
185. Arshad, J.; Abdellatif, M.M.; Khan, M.M.; Azad, M.A. A novel framework for collaborative intrusion detection for m2m networks.
In Proceedings of the 2018 9th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan, 3–5
April 2018; pp. 12–17.
186. Arshad, J.; Azad, M.A.; Abdeltaif, M.M.; Salah, K. An intrusion detection framework for energy constrained IoT devices.
Mech. Syst. Signal Process. 2020, 136, 106436.
187. Zhang, Y.; Deng, R.H.; Zheng, D.; Li, J.; Wu, P.; Cao, J. Efficient and robust certificateless signature for data crowdsensing in
cloud-assisted industrial IoT. IEEE Trans. Ind. Inform. 2019, 15, 5099–5108.
188. Qi, S.; Lu, Y.; Wei, W.; Chen, X. Efficient data access control with fine-grained data protection in cloud-assisted IIoT. IEEE Internet
Things J. 2020, 8, 2886–2899. [CrossRef]
189. Tajalli, S.Z.; Mardaneh, M.; Taherian-Fard, E.; Izadian, A.; Kavousi-Fard, A.; Dabbaghjamanesh, M.; Niknam, T. DoS-resilient
distributed optimal scheduling in a fog supporting IIoT-based smart microgrid. IEEE Trans. Ind. Appl. 2020, 56, 2968–2977.
[CrossRef]
190. Liu, J.; Yuan, C.; Lai, Y.; Qin, H. Protection of sensitive data in industrial Internet based on three-layer local/fog/cloud storage.
Secur. Commun. Netw. 2020, 2020, 2017930.
191. He, S.; Cheng, B.; Wang, H.; Xiao, X.; Cao, Y.; Chen, J. Data security storage model for fog computing in large-scale IoT application.
In Proceedings of the IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS),
Honolulu, HI, USA, 15–19 April 2018; pp. 39–44.
192. Ming, Y.; Yu, X. Efficient privacy-preserving data sharing for fog-assisted vehicular sensor networks. Sensors 2020, 20, 514.
[CrossRef]
193. Xue, K.; Hong, J.; Ma, Y.; Wei, D.S.; Hong, P.; Yu, N. Fog-aided verifiable privacy preserving access control for latency-sensitive
data sharing in vehicular cloud computing. IEEE Netw. 2018, 32, 7–13. [CrossRef]
194. Fan, K.; Wang, J.; Wang, X.; Li, H.; Yang, Y. Secure, efficient and revocable data sharing scheme for vehicular fogs. Peer-to-Peer
Netw. Appl. 2018, 11, 766–777. [CrossRef]
195. Adil, M.; Almaiah, M.A.; Omar Alsayed, A.; Almomani, O. An anonymous channel categorization scheme of edge nodes to detect
jamming attacks in wireless sensor networks. Sensors 2020, 20, 2311. [CrossRef]
196. Bany Salameh, H.; Derbas, R.; Aloqaily, M.; Boukerche, A. Secure routing in multi-hop iot-based cognitive radio networks under
jamming attacks. In Proceedings of the 22nd International ACM Conference on Modeling, Analysis and Simulation of Wireless
and Mobile Systems, Miami Beach, FL, USA, 25–29 November 2019; pp. 323–327.
197. Abhishek, N.V.; Gurusamy, M. Jade: Low power jamming detection using machine learning in vehicular networks. IEEE Wirel.
Commun. Lett. 2021, 10, 2210–2214. [CrossRef]
198. Dovom, E.M.; Azmoodeh, A.; Dehghantanha, A.; Newton, D.E.; Parizi, R.M.; Karimipour, H. Fuzzy pattern tree for edge malware
detection and categorization in IoT. J. Syst. Archit. 2019, 97, 1–7. [CrossRef]
199. Guizani, N.; Ghafoor, A. A network function virtualization system for detecting malware in large IoT based networks. IEEE J. Sel.
Areas Commun. 2020, 38, 1218–1228. [CrossRef]
200. Khoda, M.E.; Kamruzzaman, J.; Gondal, I.; Imam, T.; Rahman, A. Malware detection in edge devices with fuzzy oversampling
and dynamic class weighting. Appl. Soft Comput. 2021, 112, 107783. [CrossRef]
201. Arp, D.; Spreitzenbarth, M.; Hubner, M.; Gascon, H.; Rieck, K.; Siemens, C.E.R.T. Drebin: Effective and Explainable Detection of
Android Malware in Your Pocket; NDSS: San Diego, CA, USA, 2014; Volume 14, pp. 23–26.
202. Allix, K.; Bissyandé, T.F.; Klein, J.; Le Traon, Y. Androzoo: Collecting millions of android apps for the research community.
In Proceedings of the 13th International Conference on Mining Software Repositories, Austin, TX, USA, 14–15 May 2016;
pp. 468–471.
203. Alaeiyan, M.; Dehghantanha, A.; Dargahi, T.; Conti, M.; Parsa, S. A multilabel fuzzy relevance clustering system for malware
attack attribution in the edge layer of cyber-physical networks. ACM Trans. Cyber-Phys. Syst. 2020, 4, 1–22. [CrossRef]
204. Shen, S.; Huang, L.; Zhou, H.; Yu, S.; Fan, E.; Cao, Q. Multistage signaling game-based optimal detection strategies for suppressing
malware diffusion in fog-cloud-based IoT networks. IEEE Internet Things J. 2018, 5, 1043–1054. [CrossRef]
205. Alhawi, O.M.; Baldwin, J.; Dehghantanha, A. Leveraging machine learning techniques for windows ransomware network traffic
detection. In Cyber Threat Intelligence; Springer: Cham, Switzerland, 2018; pp. 93–106.
206. Azmoodeh, A.; Dehghantanha, A.; Conti, M.; Choo, K.K.R. Detecting crypto-ransomware in IoT networks based on energy
consumption footprint. J. Ambient. Intell. Humaniz. Comput. 2018, 9, 1141–1152.
207. Almashhadani, A.O.; Kaiiali, M.; Sezer, S.; O’Kane, P. A multi-classifier network-based crypto ransomware detection system:
A case study of locky ransomware. IEEE Access 2019, 7, 47053–47067. [CrossRef]
208. Maiorca, D.; Mercaldo, F.; Giacinto, G.; Visaggio, C.A.; Martinelli, F. R-PackDroid: API package-based characterization and
detection of mobile ransomware. In Proceedings of the Symposium on Applied Computing, Marrakech, Morocco, 4–6 April 2017;
pp. 1718–1723.
209. Sgandurra, D.; Muñoz-González, L.; Mohsen, R.; Lupu, E.C. Automated dynamic analysis of ransomware: Benefits, limitations
and use for detection. arXiv 2016, arXiv:1609.03020.
210. Tseng, A.; Chen, Y.; Kao, Y.; Lin, T. Deep learning for ransomware detection. IEICE Tech. Rep. 2016, 116, 87–92.
Sensors 2023, 23, 7470 48 of 49
211. Ogundokun, R.O.; Awotunde, J.B.; Misra, S.; Abikoye, O.C.; Folarin, O. Application of machine learning for ransomware
detection in IoT devices. In Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities; Springer
International Publishing: Cham, Switzerland, 2021; pp. 393–420.
212. Al-Hawawreh, M.; Den Hartog, F.; Sitnikova, E. Targeted ransomware: A new cyber threat to edge system of brownfield industrial
Internet of Things. IEEE Internet Things J. 2019, 6, 7137–7151. [CrossRef]
213. Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrag, M.A.; Choudhury, N.; Kumar, V. Security and privacy in fog computing:
Challenges. IEEE Access 2017, 5, 19293–19304. [CrossRef]
214. Jbair, M.; Ahmad, B.; Mus’ab, H.A.; Harrison, R. Industrial cyber physical systems: A survey for control-engineering tools.
In Proceedings of the 2018 IEEE Industrial Cyber-Physical Systems (ICPS), Saint Petersburg, Russia, 15–18 May 2018; pp. 270–276.
215. Frey, M.; Gündoğan, C.; Kietzmann, P.; Lenders, M.; Petersen, H.; Schmidt, T.C.; Wählisch, M. Security for the industrial IoT:
The case for information-centric networking. In Proceedings of the 2019 IEEE 5th World Forum on Internet of Things (WF-IoT),
Limerick, Ireland, 15–18 April 2019; pp. 424–429.
216. Fu, J.S.; Liu, Y.; Chao, H.C.; Bhargava, B.K.; Zhang, Z.J. Secure data storage and searching for industrial IoT by integrating fog
computing and cloud computing. IEEE Trans. Ind. Inform. 2018, 14, 4519–4528. [CrossRef]
217. Xu, P.; He, S.; Wang, W.; Susilo, W.; Jin, H. Lightweight searchable public-key encryption for cloud-assisted wireless sensor
networks. IEEE Trans. Ind. Inform. 2017, 14, 3712–3723. [CrossRef]
218. Schütte, J.; Brost, G.S. LUCON: Data flow control for message-based IoT systems. In Proceedings of the 2018 17th IEEE
International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference
on Big Data Science and Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018; pp. 289–299.
219. Moustafa, N.; Adi, E.; Turnbull, B.; Hu, J. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access
2018, 6, 32910–32924. [CrossRef]
220. De Donno, M.; Felipe, J.M.D.; Dragoni, N. ANTIBIOTIC 2.0: A fog-based anti-malware for Internet of Things. In Proceedings of
the 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, 17–19 June 2019;
pp. 11–20.
221. De Donno, M.; Dragoni, N. Combining AntibIoTic with fog computing: AntibIoTic 2.0. In Proceedings of the 2019 IEEE 3rd
International Conference on Fog and Edge Computing (ICFEC), Larnaca, Cyprus, 14–17 May 2019; pp. 1–6.
222. De Donno, M.; Dragoni, N.; Giaretta, A.; Mazzara, M. AntibIoTic: Protecting IoT devices against DDoS attacks. In Proceedings
of the 5th International Conference in Software Engineering for Defence Applications: SEDA 2016, Rome, Italy, 10 May 2018;
pp. 59–72.
223. Eldefrawy, M.H.; Pereira, N.; Gidlund, M. Key distribution protocol for industrial Internet of Things without implicit certificates.
IEEE Internet Things J. 2018, 6, 906–917. [CrossRef]
224. Li, F.; Hong, J.; Omala, A.A. Efficient certificateless access control for industrial Internet of Things. Future Gener. Comput. Syst.
2017, 76, 285–292. [CrossRef]
225. Cui, H.; Deng, R.H.; Liu, J.K.; Yi, X.; Li, Y. Server-aided attribute-based signature with revocation for resource-constrained
industrial-internet-of-things devices. IEEE Trans. Ind. Inform. 2018, 14, 3724–3732. [CrossRef]
226. Xiong, H.; Bao, Y.; Nie, X.; Asoor, Y.I. Server-aided attribute-based signature supporting expressive access structures for industrial
internet of things. IEEE Trans. Ind. Inform. 2019, 16, 1013–1023. [CrossRef]
227. Bao, Y.; Qiu, W.; Cheng, X. Efficient and fine-grained signature for IIoT with resistance to key exposure. IEEE Internet Things J.
2021, 8, 9189–9205. [CrossRef]
228. Basic, F.; Gaertner, M.; Steger, C. Towards trustworthy NFC-based sensor readout for battery packs in battery management
systems. In Proceedings of the 2021 IEEE International Conference on RFID Technology and Applications (RFID-TA), Delhi, India,
6–8 October 2021; pp. 285–288.
229. Basic, F.; Laube, C.R.; Steger, C.; Kofler, R. A Novel Secure NFC-based Approach for BMS Monitoring and Diagnostic Readout. In
Proceedings of the 2022 IEEE International Conference on RFID (RFID), Las Vegas, NV, USA, 17–19 May 2022; pp. 23–28.
230. Basic, F.; Gaertner, M.; Steger, C. Secure and Trustworthy NFC-Based Sensor Readout for Battery Packs in Battery Management
Systems. IEEE J. Radio Freq. Identif. 2022, 6, 637–648. [CrossRef]
231. Sharma, G.; Kalra, S. A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-IoT
applications. J. Inf. Secur. Appl. 2018, 42, 95–106. [CrossRef]
232. Bae, W.I.; Kwak, J. Smart card-based secure authentication protocol in multi-server IoT environment. Multimed. Tools Appl. 2020,
79, 15793–15811. [CrossRef]
233. Zhou, S.; Gan, Q.; Wang, X. Authentication scheme based on smart card in multi-server environment. Wirel. Netw. 2020, 26,
234. Liang, W.; Xie, S.; Zhang, D.; Li, X.; Li, K.C. A mutual security authentication method for RFID-PUF circuit based on deep
learning. ACM Trans. Internet Technol. (TOIT) 2021, 22, 1–20. [CrossRef]
235. Aghili, S.F.; Mala, H.; Kaliyar, P.; Conti, M. SecLAP: Secure and lightweight RFID authentication protocol for Medical IoT. Future
Gener. Comput. Syst. 2019, 101, 621–634. [CrossRef]
236. Tewari, A.; Gupta, B.B. Secure timestamp-based mutual authentication protocol for IoT devices using RFID tags. Int. J. Semant.
Web Inf. Syst. (IJSWIS) 2020, 16, 20–34. [CrossRef]
Sensors 2023, 23, 7470 49 of 49
237. Izza, S.; Benssalah, M.; Drouiche, K. An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT
environment. J. Inf. Secur. Appl. 2021, 58, 102705. [CrossRef]
238. Gope, P.; Amin, R.; Islam, S.H.; Kumar, N.; Bhalla, V.K. Lightweight and privacy-preserving RFID authentication scheme for
distributed IoT infrastructure with secure localization services for smart city environment. Future Gener. Comput. Syst. 2018, 83,
239. Lipps, C.; Herbst, J.; Schotten, H.D. How to Dance Your Passwords: A Biometric MFA-Scheme for Identification and Authentica-
tion of Individuals in IIoT Environments. In Proceedings of the ICCWS 2021 16th International Conference on Cyber Warfare and
Security, Online, 25–26 February 2021; p. 168.
240. Zhao, G.; Zhang, P.; Shen, Y.; Jiang, X. Passive user authentication utilizing behavioral biometrics for IIoT systems. IEEE Internet
Things J. 2021, 9, 12783–12798. [CrossRef]
241. Sarier, N.D. Efficient biometric-based identity management on the Blockchain for smart industrial applications. Pervasive Mob.
Comput. 2021, 71, 101322. [CrossRef]
242. Jayasinghe, U.; Lee, G.M.; MacDermott, Á.; Rhee, W.S. TrustChain: A privacy preserving blockchain with edge computing.
Wirel. Commun. Mob. Comput. 2019, 2019, 2014697. [CrossRef]
243. Huang, B.; Cheng, X.; Cao, Y.; Zhang, L. Lightweight hardware based secure authentication scheme for fog computing. In Pro-
ceedings of the 2018 IEEE/ACM Symposium on Edge Computing (SEC), Seattle, WA, USA, 25–27 October 2018; pp. 433–439.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual
author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to
people or property resulting from any ideas, methods, instructions or products referred to in the content.

A Survey On Industrial Internet of Things Security

Uploaded by

Copyright:

Available Formats

A Survey On Industrial Internet of Things Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Survey On Industrial Internet of Things Security

Uploaded by

Copyright:

Available Formats

sensors

Citation: Alotaibi, B. A Survey on

Sensors 2023, 23, 7470. https://doi.org/10.3390/s23177470 https://www.mdpi.com/journal/sensors

mounting availability, capability, and affordability of sensors, communication modules,

3. IoT/IIoT and Edge/Fog Computing Background

3.1. IoT and IIoT

Table 1. Comparison of the main characteristics of IoT and IIoT.

Characteristic IoT IIoT

3.2. Edge and Fog Computing

1. System performance enhancement: Data processing can be achieved at the network’s

4.1. IoT Security Surveys

Table 2. Comparison of the related literature.

Scope Ref. Major Contribution Advantages Limitations

Scope Ref. Major Contribution Advantages Limitations

4.2. IIoT Security Surveys

4.3. Edge Computing Security Surveys

4.4. Edge Computing in IIoT Surveys

4.5. Secure IIoT-Edge Deployment

5. IIoT Security Requirements

5.1. CIA Triad

while utilizing minimal computational overhead for IIoT resource-constrained devices.

5.3. Access Control and Authorization

5.4. Resilience and Maintainability

5.6. Security Monitoring

5.7. Secure Data Sharing

6. IIoT Attack Categories

Layer Attack Violated Requirements Common Countermeasures

6.1. Perception Layer Attacks

6.1.1. Node Capture Attacks

6.1.2. Jamming Attacks

6.1.3. Sleep Deprivation Attacks

6.1.4. Replay Attacks

6.2. Network Layer Attacks

6.2.1. Eavesdropping Attacks

6.2.2. Sybil and ID Cloning Attacks

6.2.3. Wormhole Attacks

6.2.4. Denial of Service (DoS) Attacks

6.2.5. Man in the Middle Attacks

6.3. Application Layer Attacks

as “WannaCry” exploited workstation interfaces to spread attacks in IIoT environments,

6.3.1. Malicious Code Injection Attacks

6.3.2. Cross-Site or Malicious Scripts Attacks

6.3.3. Malware Injection Attacks

6.3.4. Data Distortion Attacks

6.3.5. SQL Injection Attacks

6.3.6. Ransomware Attacks

6.3.7. Side-Channel Attacks

6.3.8. Authorization and Authentication Attacks

7. State-of-the-Art IIoT Secure Deployment on Edge Computing

7.1. Network Layer Security

99.79% accuracy, 99.51% precision,

Tsogbaatar et al. [168] introduced a framework using an ensemble of deep learning

Popoola et al. [173] introduced an FDL-based technique to detect zero-day botnet

7.2. Perception Layer Security

7.3. Application Layer Security

8. Opportunities and Future Directions

8.1. Secure Data Sharing

If an IIoT device wants to store sensitive data securely, resource-constrained devices

8.2. Security Monitoring