key: cord-0319124-niftq98b
authors: Podder, Prajoy; Mondal, M. Rubaiyat Hossain; Bharati, Subrato; Paul, Pinto Kumar
title: Review on the Security Threats of Internet of Things
date: 2021-01-12
journal: nan
DOI: 10.5120/ijca2020920548
sha: 32e2f52879155c2688f9123c7672d64f1f65c422
doc_id: 319124
cord_uid: niftq98b

Internet of Things (IoT) is being considered as the growth engine for industrial revolution 4.0. The combination of IoT, cloud computing and healthcare can contribute in ensuring well-being of people. One important challenge of IoT network is maintaining privacy and to overcome security threats. This paper provides a systematic review of the security aspects of IoT. Firstly, the application of IoT in industrial and medical service scenarios are described, and the security threats are discussed for the different layers of IoT healthcare architecture. Secondly, different types of existing malware including spyware, viruses, worms, keyloggers, and trojan horses are described in the context of IoT. Thirdly, some of the recent malware attacks such as Mirai, echobot and reaper are discussed. Next, a comparative discussion is presented on the effectiveness of different machine learning algorithms in mitigating the security threats. It is found that the k-nearest neighbor (kNN) machine learning algorithm exhibits excellent accuracy in detecting malware. This paper also reviews different tools for ransomware detection, classification and analysis. Finally, a discussion is presented on the existing security issues, open challenges and possible future scopes in ensuring IoT security.

Many intelligent systems like gadgets and applications are developing day by day based on advanced technology like the Internet of things (IoT). The usage of IoT is increasing day by day because of its importance. IoT has been recently integrated into many gadgets and applications, to make the system linear to rational. This adoption is increasing day by day because of its importance. IoT technology is also effectively influencing our medical science. The healthcare monitoring system is being developed to ensure emergency services to the patients effectively [1] . Some health application is already developed based on IoT such as emergency notification, continuous glucose monitoring (CGM), and computer-assisted rehabilitation. Those software applications are built to solve different aspects of medical issues. Smartphones are the most crucial part of our daily life and the intelligent application uses the sensor of smartphones. They continuously perceive data from the devices using its sensors and try to monitor the subject's health condition [2] . The whole system needs different types of data from the wards and diagnostics equipment. This is to analyze using data mining and to conclude an efficient result for monitoring and tracking purposes [3, 4] . After that, the intelligent system gains the ability to control health care automatically [5] [6] .

However, there are some challenges in the integration of IoT technology. Data storage problem, data management problem, exchange of information between devices, security and privacythese are the main problems that need to be solved first. Cloud computing can be addressed as one of the most effective solutions for all of these problems. A conventional healthcare system is presented in Figure 1 that integrates both IoT and cloud computing in order to provide the facility to access shared medical data and common infrastructure transparently and efficiently.

Cloud computing offers computing services i.e. software, databases, servers, data analytics, networking over the Internet to deliver faster expansion, economies of scale and flexible resources. In edge devices, fog computing exhibits data analytics, so that it performs real-time processing, reduces costs, and improves the privacy of data. The rise of cloud computing, artificial intelligence and portable devices ensure a solid foundation for the evolution of IoT based healthcare sector.

Medical devices or instruments are also engaged with several wireless communication technologies (i.e., Wi-Fi, bluetooth, etc.) that permit the machine-to-machine communication. It is an environment for Internet of medical things (IoMT) communication. In IoMT, the devices for smart healthcare send data to cloud servers. Several cloud platforms, i.e., Amazon Web Services, may be conducted to store the patients' health related data and to explore the data for health prescriptions and accurate decision making [8] .

For rapid deploying and developing the IoT systems, the issues of security in the IoT devices are facing day by day. This increases the probability to launch different types of attacks in the IoMT environment via the Internet. It occurs very crucial issue in the IoMT that controls the smart medical devices with its communication. For example, if an attacker practically obtains the remote control over an IoT based smart medical device, s/he can manipulate the patients' data.

The key motivation behind this work is illustrated as follows. In recent days, IoT devices i.e. smart city, smart home and smart healthcare devices have become the crucial part of our daily life. Since we know it, the users of IoT devices are able to access the data remotely using the Internet [9, 10] . Different entities, such as IoT devices, servers and users, communicate through the Internet. Wi-Fi [11, 12] , WiMax [13, 14] , LTE [15, 16] are the popular forms of using Internet effectively. Light fidelity (LiFi) [11] [12] [13] [14] [15] [16] is also an emerging technology for the Internet. OFDM, MIMO systems are playing a vital role in order to establish upgraded wireless communication systems [17] [18] . However, there are many forms of security issues in IoT/IoMT communication environment.

The massive scale of IoT based networks carry some new challenges. Existing research papers covered different aspects of IoT such as architecture, communication system, IoT related various applications [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] , security and privacy [28] [29] . However, the mainspring of the commercialization of IoT /IoMT and industrial IoT (IIoT) technology is the security and privacy assurance as well as user satisfaction.

Different sorts of IoT malware are continuously emerging. These can easily affect the communication of IoMT. Malware is also used to control the smart medical devices. Different kinds of attacks, i.e., denial of service, replay, password guessing, impersonation and man-in-the-middle (MITM) attacks can get chance to enter in this environment. Usually, the hackers may apply malware to target the Internet based health care devices for entering illegal access or controlling these devices remotely.

To deploy malware in the environment of IoMT, the hackers adopt network of attacker processes such as botnet. Some examples of botnet are Echobot, Mirai, Emotet, Reaper, Necurs and Gamut. These kinds of botnet attacks are also probable in the environment of IoMT and can be permitted to control or hijack an IoMT based smart healthcare device remotely. This can occur several life threatening conditions for the patients. Consequently, people developing in the IoT security domain emerge with novel ideas to protect the environment of IoMT communication against these attacks. For that reasons, in our work we focus on various types of active IoMT malware and malware programs. The major outcomes of this paper are as follows.

(i) The relation between IoT and cloud computing environment is discussed, and different security requirements of IoT communication environment are illustrated.

(iii) Recent malware attacks such as Mirai, Reaper, Echobot, Emotet, Gamut and Necurs are studied in the context of IoT and IoMT environment.

(iv) The performance of various machine learning techniques for classification and Android malware detection are summarized.

(iv) The effect of ransomware in IoT/IoMT environment is discussed and the existing software tools for ransomware detection are summarized. The remaining part of the manuscript is prepared as follows: Section 2 considers the application of IoT communication environment, while Section 3 discusses security threats. Section 4 introduces various kinds of malware, while Section 5 discusses some of the recent malware. The effectiveness of different machine learning algorithms in recognizing security threats are discussed in Section 6. Ransomware is studied in Section 7, and future research directions are reported in Section 8. The concluding remarks are presented in Section 9.

In IIoT, sensors and machines in factories, industries are interconnected with each other. Then they provide real-time data over the Internet to the engineers or the manufacturers to increase the industrial processes.

In the medical or healthcare based systems, reactive healthcare based schemes can be changed into proactive wellness-based schemes using IoMT. These types of systems are particular IoMT based smart healthcare or medical devices monitor as well as send medical data to a cloud server. If a patient's relative or a doctor is attracted in the real-time access of this devices, it can be also accomplished by using the environment of IoT. In this way, IoMT facilitates the analysis, processing and access of the suitable medical data. 

Security and privacy threats are summarized in Figure 4 and Figure 5 .

The IoT healthcare applications architecture normally consists of the following layers [22] :

The percentage rate of affecting the layers are as follows: a) Application layer (9%) b) Communication layer (18%) c) Device layer (42%) d) Network layer (27%) e) Transport layer (4%).

From the above discussion, it can be said that device layer suffers the highest impact, while the transport layer is affected the lowest. 

Malicious software is shortly known as malware in which is a code or program that is generally offered over a network. It conducts or infects various malicious operations that a hacker or an attacker would like to do. Malware can be separated into various categories according to their functionality features. 

Spyware is a kind of malware, which involves by spying the active user without their permission. The malicious types of activities like monitoring, collecting keystrokes, harvesting data such as credit card number, financial data, account credentials, are feasible in the network. It may also infect the software security settings in a device. It can take advantage from the vulnerabilities of the free software and then attach itself with several programs.

This type of malicious is a piece of code, which is conducted by a hacker or attacker to track the keystrokes of the operators or users. All information through the keyboard (i.e., their ID, login information, and passwords) have been documented. This malicious attack is stronger than dictionary attack or brute force. The keylogger first attempts to move into a user's Internet based device. It is so terrible that the device cannot be protected with a strong password. Therefore, suggestion for the users is to use multi-factor authentication (i.e., amalgamation of user name, smart card, biometrics data and password).

This malware pretends itself as a general program to track operators or users into installing after downloading it. In this infected system, it provides the hacker to get opportunity to an authorized remote access. In this system, the hacker can easily steal the data (i.e., credit card information, account number, financial data, password etc.).

This malicious program has a capability of copying itself and deploying to systems. It deploys to each system by including itself to various programs as well as executing the code when a user commences on this infected program. It can steal information, build botnets and damage the host system with the help of this malicious program.

It deploys over a network by searching out the weak operating system. It works on the system for damaging their host networks through web servers overload and bandwidth consumption.

There are some recent events of malware attacks in IoT/IoMT environment. Some of these are discussed below.

Attacks by Mirai botnet are still going on. Mirai enables monitoring devices running Linux operating systems. These devices can also be conducted as a portion of botnet to carry out different malicious attacks. This malicious program mainly targets smart IoT/IoMT devices, i.e., internet based consumer devices (e.g. home appliances or IP cameras).

Mirai was very active botnet along with the statement of Fortinet in 2018. Moreover, this types of botnets have recently extended some features and these are able to infect IoT/IoMT devices. As of Fortinet, Mirai botnets targeted the IoT or IoMT devices for both unknown and known vulnerabilities. In the botnet, crypto mining exhibits up a crucial change. A hacker can conduct the hardware along with electricity of target's scheme to receive the cryptocurrencies via this types of malware. These typical malicious observances are investigating how to conduct IoMT/IoT botnets to create money [52] - [56] .

Reaper is a malware that is known as IoTroop. Some researchers of information security created this new botnet with enhanced functionality features in 2017. It can compromise with IoT based smart device rapidly as in contrast to the Mirai botnet. Reaper has various effects as it can overthrow the whole infrastructure rapidly. Mirai corrupts the IoT based smart devices which conduct default passwords and user names. Nevertheless, reaper is more terrible which aims 9 different vulnerabilities in various makers' devices i.e. Linksys, Netgear, and D-Link. Employing this botnet, the hacker can change or vary the malware code to make it more destroying. According to the information served by "Recorded Future". It conducted to attack on several EU banks (i.e., ABN Amro) [56] - [58] .

Echobot is a kind of malware which is the alteration of Mirai. It was revealed in the year of 2019. This types of malware conducts 26 malicious scripts for expanding its activity. Echobot can put out the advantages of unpatched smart IoT based devices [59] . Ecohobot can create huge number of problems for several applications of the enterprise using these vulnerabilities i.e. weblogic of oracle.

Emotet, Gamu and Necurs are used to launch malware attacks in IoT communication environment. At the time of stealing mails from the user's mailbox, Emotet is applied. Emotet is capable to abduct the credentials of SMTP protocol, which is used for mail transfer. Gamut is good at for making spam emails. At preliminary stage, Gamut try to establish a communication with the target device. In order to launch new type of ransomware attack and different digital extortions, Necurs are used.

Hackers are becoming very complicated and dangerous with the evolving technology and various new types of malware, making traditional methods of attack-prevention cumbersome. Therefore, protecting an IoT system or Cloud/Fog integrated IoT system becomes more challenging with the limited resources. To help detect these attacks, one of the widely used tools is machine learning (ML) algorithms. Several ML algorithms have proven extremely helpful in mitigating security as well as privacy attacks. The performance of various ML algorithms are summarized in Table 1 . Some popular ML algorithms are random forest (RF), decision tree (DT), Naïve Bayes (NB), logistic regression (LR), K nearest neighbor classifier (kNN), support vector machine (SVM), linear discriminant analysis (LDA), etc. In Table 1 , TPR and FPR means true positive rate and false positive rate, respectively.

The kNN machine learning classifier achieves better performance and accuracy in the detection of the malware where static features are considered. 

Ransomware is a dangerous malware. It hijacks a user's system and steals all of his sensitive data. There are two types of ransomware: (a) Crypto-ransomware and, (b) Lockerransomware. The Crypto-ransomware encrypts user's files and makes them inaccessible to the users [42] . The Lockerransomware locks the user's device interface and demands for ransom to unlock the device. Recent ransomware attacks such as WannaCry and NotPetya have crushed the misconception that a back-up file can protect the digital data of an organization from being hacked [41] . If big institutions and firms were forced to pay money for unlocking file from ransom attack, one can only imagine the situation when a single individual is involved. In other words, when IoT, IoE and ransomware collide and cybercriminals begin to load IoT, IoE devices with the dangerous malware, a perfect storm of Al-rimy conducted a comprehensive survey and assessment of current ransomware related studies in his paper [43] . Even though these researches offered various solutions for ransomware recognition and prevention, there remains various open issues that require advance investigation and research.

Here, this paper discusses these research directions and issues which can assist to develop the efficiency and effectiveness of ransomware recognition and prevention solutions [44] . Some existing software tools for detecting, analyzing and predicting ransomware are briefly illustrated in Table 2 . [45] , [46] , [50] , [51] Classification SVM, LR, RF, Baysian Belief Network, NB.

[52], [49] , [46] , [50] Similarity measurement Structural similarity (SSIM), Cosine similarity.

[45], [47] 

In the presence of the recent coronavirus disease 2019 (COVID-19) [62] [63] , [65] [66] , the importance of IoMT has greatly increased. Different machine learning [68] [69] and deep learning techniques along with sensors [64] , image processing [67] and wireless communication techniques [70] [71] can be used to develop IoMT suitable for detecting and monitoring COVID-19 patients. In this section, several research challenges in hereafter, directions and scopes of malware detection in fog/cloud integrated or IoT related environment.

a) Robust security: Various recent malware detection and prevention methods do not provide full proof security against the new type of malware attacks. Moreover, some of these are attack specific and do not work for other types of attacks at the same time. Therefore, malware detection methods should be robust against multiple malware attacks at the same time. It is because the blockchain operations are decentralized, efficient and transparent. Blockchain operations can also be utilized in efficient detection of the malware in IoT/IoMT environment. In such kind of detection method, we can create a block containing the information about the malicious programs (i.e., malware) to add in the blockchain. Since the blockchain is available to all authorized parties, these parties can have get into the information of the existing malware attacks.

With the advent of modern technologies, it is assumed that the number of smart devices will increase to a great extent. This will lead to the extension of IoT networks. IoT is being used in health care, industry as well as in day to day life. Particularly, IoT can be useful in managing current and future pandemics including COVID-19. With the increase in the number of interconnected devices and the growth of IoT, the number of security vulnerabilities are increasing. Security aspects are in the connected devices, in the data communication process, and in the data storage techniques. Security threats in the form of malware, ransomware, etc., may hinder the progress of IoT. Several security measures are being developed to ensure reliable IoT. This paper advances the current state of the art of security aspects of IoT. This work presents a number of potential security threats in the context of IoT, and discusses about the machine learning algorithms that can be useful in combating these threats. The findings of this paper will help develop more secure IoT networks and provide users secure user experience.

Wireless sensor networks in biomedical: Wireless body area networks. In Europe and MENA Cooperation Advances in Information and Communication Technologies

Security enhancement for IoT communications exposed to eavesdroppers with uncertain locations

Internet of Things: Applications and challenges in smart cities: A case study of IBM smart city projects

Secure integration of IoT and cloud computing

Principles for engineering IoT cloud systems

A Survey on Internet of Things and Cloud Computing for Healthcare

Cognitive Internet of medical things for healthcare: Services and applications

Effect of Fault Tolerance in the Field of Cloud Computing

The Internet of Things for health care: A comprehensive survey

Provably secure biometric-based user authentication and key agreement scheme in cloud computing

Comparison of DCO-OFDM, ADO-OFDM, HDC-OFDM and HNC-OFDM for Optical Wireless Communications

Effectiveness of filter bank multicarrier modulation for 5G wireless communications

Analysis of the Effect of Vignetting on MIMO Optical Wireless Systems Using Spatial OFDM

The effect of defocus blur on a spatial OFDM optical wireless communication system

Effectiveness of LED index modulation and non-DC biased OFDM for optical wireless communication

Performance Evaluation of ASCO-OFDM Based LiFi

Adaptive PAPR Reduction Scheme for OFDM Using SLM with the Fusion of Proposed Clipping and Filtering Technique in Order to Diminish PAPR and Signal Distortion

Realization of MIMO Channel Model for Spatial Diversity with Capacity and SNR Multiplexing Gains

An Exploratory Study on the use of Internet of Medical Things (IoMT) In the Healthcare Industry and their Associated Cybersecurity Risks

IoT malware analysis

A Survey on Secure Transmission in Internet of Things: Taxonomy, Recent Techniques, Research Requirements, and Challenges

Internet of Things in the Healthcare Sector: Overview of Security and Privacy Issues

Internet of Things (IoT): Security and Privacy Threats

A survey on dynamic mobile malware detection

A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information

Robust malware detection for Internet of (battlefield) things devices using deep Eigenspace learning

A survey of stealth malware attacks, mitigation measures, and steps toward autonomous open world solutions

Threats and Countermeasures of Cyber Security in Direct and Remote Vehicle Communication Systems

Mobile banking: Evolution and threats: Malware threats and security solutions

Machine Learning DDoS Detection for Consumer Internet of Things Devices

Random Forest Modeling for Network Intrusion Detection System

A reliable and energy-efficient classifier combination scheme for intrusion detection in embedded systems

Android Malware Detection Using Parallel Machine Learning Classifiers

FAMOUS: Forensic analysis of MObile devices using scoring of application permissions

The analysis of feature selection methods and classification algorithms in permission based Android malware detection

Static detection of Android malware by using permissions and API calls

DroidDolphin: A dynamic android malware detection framework using big data and machine learning

DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android

A multimodal malware detection technique for Android IoT devices using various features

EveDroid: Event-Aware Android Malware Detection Against Model Degrading for IoT Devices

RansomWare and Internet of Things: A New Security Nightmare

Windows-based Ransomware: A Survey

Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions

Forensic Analysis of Ransomware Families Using Static and Dynamic Analysis

HELDROID: Dissecting and detecting mobile ransomware

R-PackDroid: API packagebased characterization and detection of mobile ransomware

Cutting the gordian knot: A look under the hood of ransomware attacks

CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data

Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection

A 0-Day Aware Crypto-Ransomware Early Behavioral Detection Framework

An Efficient Approach to Detect TorrentLocker Ransomware in Computer Systems

2entFOX: A framework for high survivable ransomwares detection

A measurement study of Google play

Data mining methods for detection of new malicious executables

Understanding Ransomware and Strategies to Defeat It

Design of Quantification Model for Prevent of Cryptolocker

What is a Botnet? When Armies of Infected IoT Devices Attack

Data Visualization and Analyzation of COVID-19

Data analytics for novel coronavirus disease

Hybrid deep learning for detecting lung diseases from X-ray images

Spread and Treatments of COVID-19

Application of Machine Learning for the Diagnosis of COVID-19

Edge-Based and Prediction-Based Transformations for Lossless Image Compression

Visualization and prediction of energy consumption in smart homes

Diagnosis of Polycystic Ovary Syndrome Using Machine Learning Algorithms

Prediction of Malignant and Benign Breast Cancer: A Data Mining Approach in Healthcare Applications

Artificial Neural Network Based Breast Cancer Screening: A Comprehensive Review