1 Introduction

The Internet of Things (IoT) is a network where various intelligent objects and devices communicate over the Internet [1, 2]. The total number of connected devices globally is approximately 17 billion, and IoT devices make up 7 billion of that number (excluding smartphones, tablets, and laptops). Projections indicate that this number will reach 75.44 billion devices worldwide by 2025 [3, 4]. IoT technologies are critical in advancing various applications in healthcare [5], home automation, agriculture, transportation [6, 7], and education [8, 9]. With ongoing technological advancements and expanding application domains [10], IoT has evolved into a collection of customized solutions designed for specific purposes [11, 12].

The IoT architecture consists of three layers: the terminal perception layer, the network layer, and the application layer. IoT systems’ complexity and limited resources expose them to various security risks and dynamic and diverse threats [13,14,15,16]. Ensuring the security of these systems is a highly intricate and demanding task [17]. The expansion of IoT also brings forth numerous challenges in various IoT applications, including standardization, interoperability, data storage, processing, trust management, identity, and privacy [18,19,20]. These challenges encompass a broad spectrum of concerns that must be addressed to foster a secure and reliable IoT ecosystem [21,22,23].

The potential attack surface has expanded significantly with IoT devices’ rapid growth and integration into various sectors [24]. This increased attack surface threatens the individual devices and the overall network infrastructure to which they are connected [25, 26]. DoS attacks, spoofing, jamming, eavesdropping, data manipulation, and malicious attacks are the most common IoT attacks. Attackers can exploit vulnerabilities within IoT systems to gain unauthorized access, manipulate data, disrupt services, or compromise privacy [27, 28]. Standardized protocols and interfaces are required to ensure seamless communication and collaboration among IoT devices and platforms [29, 30]. This can lead to compatibility issues, data fragmentation, and difficulties in managing and securing heterogeneous IoT environments.

Moreover, the large amount of data generated by IoT devices poses challenges for storage, processing, and analysis. Efficient data management strategies, including secure storage and effective processing mechanisms, are essential to derive meaningful insights from the vast amounts of data generated by IoT systems while ensuring privacy and protecting sensitive information. Trust management is another crucial aspect in the IoT domain. Establishing trust among various entities, such as devices, applications, and users, is necessary to ensure secure interactions and data exchange. Building robust trust models to authenticate and authorize entities is vital for maintaining the integrity and security of IoT systems. Confidentiality, integrity, and availability of data and services are paramount concerns in the IoT landscape [31]. Safeguarding confidentiality, ensuring the integrity of transmitted and stored information, and guaranteeing the availability of critical services require robust security measures, including encryption, access control mechanisms, intrusion detection systems, and redundancy planning. In addition to security, privacy is a fundamental right that must be preserved in the IoT ecosystem [32]. Collecting and processing vast amounts of personal data through IoT devices can lead to privacy breaches and expose individuals to various risks. Implementing privacy-by-design principles, ensuring user consent, and adopting privacy-enhancing technologies are crucial to protecting individuals’ privacy within the IoT framework [33]. Addressing these multifaceted challenges and developing comprehensive solutions are imperative for the sustainable growth and secure deployment of IoT systems. Collaboration among industry stakeholders, policymakers, and researchers is crucial to establishing best practices, regulations, and standards that promote the security, privacy, and reliability of IoT [34].

Therefore, appropriate security techniques are proposed depending on the particular security concerns. The focus of this paper is specifically on the use of ML/DL techniques. These techniques significantly address security issues and find applications in various domains, including speech recognition and image processing [35]. Their versatility and effectiveness make them valuable tools for enhancing security and enabling advancements in multiple fields. ML is a method that autonomously and intelligently performs computational tasks that require careful design and testing using different approaches [36]. ML requires an efficient process for computing and storing vast data. In contrast, DL is a type of ML that is computationally complex and expensive. It can automatically extract high-level features from surface features, making it an ideal solution to address security concerns in IoT. In addition, DL has made significant advances in training complex deep neural network structures [37], leading to improved decision-making capabilities for a wide range of detection, classification, and prediction tasks [38].

This paper reviewed the recently presented survey papers based on ML/DL and compared them with this paper. However, this paper aims to identify the security challenges and threats hamper IoT applications. We analyze many research models related to the main threats and present a new taxonomy in the field of artificial intelligence. This survey thoroughly examines recent literature concerning deep learning and machine learning techniques applied to IoT security, constituting a substantial contribution to the field. The main contributions of this paper are as follows:

  • This paper comprehensively discusses the security challenges of the IoT.

  • This paper examines the inherent vulnerability and cyber threats associated with IoT systems and emphasizes the critical role of ML/DL techniques in reducing these risks.

  • This paper addresses state-of-the-art IoT-specific challenges, including cyberattacks, eavesdropping, DoS, unauthorized data access, and intrusion detection.

  • The main objective of this paper is to comprehensively analyze and classify the various ML/DL methods proposed for IoT security and to evaluate their strengths and weaknesses accurately.

  • This paper expresses various prospective research challenges and future pathways for the application of ML/DL to ensure the security of IoT.

The next sections of this article are as follows: Sect. 2 discusses the historical background of the field and reviews the relevant literature. Section 3 focuses on the IoT system architecture, which includes various layers, and explains the security concerns associated with each layer. In Sect. 4, security challenges in the IoT are examined. Part 5 presents a range of security solutions based on machine learning and deep learning in IoT environments. Section 6 emphasizes the challenges ahead, potential areas for further research, and future perspectives. Finally, Sect. 7 concludes the paper.

Table 1 shows the acronyms and abbreviations.

Table 1 Acronyms and abbreviations

2 Related works

In [39], the authors examined the IoT paradigm, focusing on intelligent environments that utilize the Internet of Things. The authors also address security issues concerning machine learning solutions. Furthermore, the article highlights the importance of security and explores diverse deep and machine-learning methods that can be applied to enhance security within the IoT domain. Additionally, the authors discuss and investigate potential future approaches centered around advanced learning techniques.

In [40], the authors provided an in-depth analysis of security concepts within the IoT domain, explicitly focusing on cyber security. The article explores integrating artificial intelligence models to address security concerns from various angles in IoT applications. Moreover, the authors emphasize incorporating deep learning approaches to strengthen security measures further.

In [41], the authors briefly introduce the IoT and its applications while addressing security concerns such as confidentiality, integrity, and availability across different layers. The primary focus of this article lies in conducting an extensive evaluation of machine learning (ML), artificial intelligence (AI), and blockchain methods aimed at resolving security challenges arising in the realm of IoT. Furthermore, the article also highlights additional security issues that can be effectively tackled by implementing ML, AI, and blockchain technologies.

In [42], the authors encompassed an in-depth analysis of current IoT security studies. The authors give particular attention to examining intrusion detection systems, emphasizing those that utilize deep learning techniques. Furthermore, they contribute a comprehensive classification system, aligning specific security threats with the corresponding components of the Cisco IoT reference model to provide a holistic understanding of the potential vulnerabilities in the IoT ecosystem. The progress in machine learning and deep learning has opened up new possibilities for creating potent techniques to enhance Internet of Things security. The primary objective of [43] is to conduct an in-depth review of comprehensive studies in this domain. Additionally, it furnishes an extensive compilation of the attributes and obstacles associated with utilizing machine learning and deep learning to secure the Internet of Things frameworks. These insights will contribute to a better understanding of how these advanced technologies can safeguard IoT systems.

In [44], the authors provided a comprehensive overview of the context of the security of the Internet of Things. They also presented a detailed classification of deep learning techniques, followed by an extensive systematic review focusing on three key aspects: security considerations, the implementation of DL architectures, and their application areas, along with the datasets employed. This article primarily focused on the deep learning approaches proposed to address security challenges within the Internet of Things. By focusing solely on these tactics, the authors aimed to offer valuable insights into the effective use of DL in bolstering IoT security.

In [45], the authors initially present an overview of the existing research, offering a classification based on IoT vulnerabilities, the types of attackers involved, and the effects and threats. The analysis delves into weak links, practical solutions, and enterprise authentication technologies deployed to detect and address these vulnerabilities. Moreover, the paper encompasses real-time strategies to identify and manage large-scale malicious IoT devices. Additionally, it delves into observational literature to investigate and categorize network load generated by vulnerable sensors. Lastly, the paper reviews systematic treatment methodologies, culminating in well-informed conclusions. In [46], the authors comprehensively analyze IoT security measures, thoroughly examining four critical security threats concerning device authentication, DoS, and defenses against DDoS attacks. The paper focuses on intrusion detection and malware detection techniques while exploring the application of artificial intelligence (AI) methods, including ML and DL, which are proposed to tackle these security challenges in IoT. Additionally, the authors shed light on the specific challenges of implementing these AI techniques within the IoT architecture.

The interconnected nature of the Internet of Things and the communication capabilities between devices give rise to security concerns within IoT networks. An intrusion detection system (IDS) is proposed to address this as an effective security mechanism for safeguarding IoT networks and devices. In [47], the authors comprehensively examined IDS, encompassing the classification of different IDS placement strategies and IDS analysis strategies within the IoT architecture. Furthermore, the study discusses various categories of intrusions that can occur in IoT. The paper explores utilizing machine learning (ML) and deep learning (DL) techniques to detect attacks within IoT networks. Additionally, security issues and challenges in the IoT ecosystem are thoroughly explored. The paper’s conclusion emphasizes that current detection methods for IoT fall short of adequately addressing a wide range of attacks.

In [48], the authors thoroughly explored the primary security concerns and existing open challenges encountered in IoT infrastructure. Additionally, it conducts an in-depth examination and analysis of advanced ML-based approaches employed to secure IoT domains. The paper sheds light on the security demands and challenges within IoT-based systems while emphasizing the supportive role of ML in enhancing security measures in this domain. Despite the high accuracy achieved by ML-based solutions, they also introduce specific issues. Consequently, the study advocates for developing lightweight ML-based security solutions that operate efficiently within such frameworks. Alternatively, a layered approach may prove beneficial in this context. To this end, the analysis also delves into common limitations of ML security techniques.

In [49], the authors offered a comprehensive evaluation of ML and DL techniques proposed for enhancing security measures within IoT systems and securing the fundamental layers of IoT, namely the perception, network, and application layers. This article delves into the various IoT security threats, encompassing inherent and newly introduced risks. It explores potential attack levels within the IoT system and the associated threats at each level. Subsequently, the paper outlines the potential applications of ML and DL methods in IoT security, highlighting each approach’s advantages, disadvantages, and opportunities. Furthermore, it addresses the opportunities and challenges of integrating ML/DL within IoT security practices. By delving into these aspects, the article aims to provide valuable insights into strengthening the security of IoT ecosystems.

In [50], the authors conducted an extensive survey on implementing deep learning in the context of security and privacy concerns within IoT. The main emphasis lies in utilizing deep learning techniques to address these security issues. To achieve this, the paper initially examines deep learning applications in IoT security from the perspectives of system architecture and the employed methods. Subsequently, it conducts a thorough analysis and evaluation of the effectiveness of deep learning in enhancing security measures. Additionally, the paper introduces a novel approach involving a functional layer to facilitate meaningful device modeling, thus improving feature mapping for precise device identification. In [51], the primary emphasis of the authors lies in conducting a Systematic Literature Review (SLR) that explores diverse research areas related to IoT, cyber security, machine Learning, and big data. This review article briefly covers three main topics: (i) Machine learning algorithms commonly employed for enhancing IoT security, (ii) the susceptibility of large-scale IoT attacks, and (iii) various machine learning approaches and techniques utilized to detect and mitigate such attacks.

In [52], a novel and optimized architecture for IoT is introduced, consisting of five distinct layers. A fresh classification of threats and security attacks targeting IoT devices is presented based on the newly proposed architecture. These layers encompass a physical understanding layer a network and protocol layer, a transmission layer, an application layer, a data layer, and cloud services. The paper also highlights several open research topics, such as the need for standardized encryption algorithms, the potential of machine learning algorithms to strengthen security and the accompanying challenges, the application of blockchain for resolving security issues in the IoT domain, and the considerations surrounding deploying IoT systems.

In [53], the authors explore the most recent advancements in intrusion detection and intelligent methods employed in IoT to ensure data security. Furthermore, the study delves into recent research concerning various intelligent techniques and their implementation in intrusion detection architectures within computer networks, specifically focusing on the Internet of Things and machine learning applications. In [54], the authors extensively examined the hurdles linked to security and sources of threats in IoT applications. After addressing the security concerns, the paper explores emerging and established technologies like blockchain, fog computing, edge computing, and machine learning, aiming to bolster IoT security. Moreover, the article discusses challenges concerning various layers, such as the measurement, network, middleware, gateways, and application layers. In addition, the paper outlines future research directions geared toward elevating the security standards of IoT systems.

In [55], the authors explore improving IoT security, focusing on network- and host-level improvements through machine learning techniques. These techniques encompass supervised, unsupervised, and reinforcement learning approaches. Additionally, the paper investigates the challenges encountered by machine learning methods when striving to provide better protection for IoT devices.

In [27, 31], the authors have examined IoT architecture and explored various threats, security attacks, and their impact on IoT systems. This article investigates the application of machine learning, a subset of artificial intelligence, to tackle these attacks in the IoT domain. Furthermore, the paper delves into different categories of machine learning-based algorithms studied for this purpose. In [56], the researchers examined the existing literature on various machine learning and deep learning techniques applied to cyber security attacks. They explored utilizing these methods to detect diverse types of attacks and presented a thorough classification of the different algorithms employed in the domain of DL/ML.

In [57], the authors explain the complexities and issues related to security, privacy, confidentiality, and reliability concerning computer networks and IoT. The primary emphasis of this research centers on multiple intrusion detection systems, which are thoroughly analyzed from various perspectives. Furthermore, the study evaluates public network-based data intrusion detection systems. It explores the application of deep learning techniques for IDS, assessing their performance based on criteria such as accuracy, recall, f1 score, false alarm rate, and detection rate. Another obstacle encountered within the realm of IoT is cybersecurity. Therefore, it becomes essential to establish a robust cybersecurity framework to detect diverse forms of attacks effectively. In [58], the authors examined a dataset comprising cyber security attacks and underscored the significance of employing machine learning and deep learning methodologies in cybersecurity.

In [59], the authors offered a comprehensive examination of IoT, delving into its various security challenges. The survey investigates security concerns and potential attack risks at every level of IoT. Furthermore, the utilization of deep learning to enhance the security of IoT has been thoroughly explored. The author also discusses the merits and drawbacks of employing deep learning techniques in IoT security.

A thorough investigation has been conducted encompassing cutting-edge deep learning methodologies and technologies related to IoT security and big data. Furthermore, this paper explores a comparative evaluation, thematic categorization, and the interconnections among deep learning, IoT security, and big data technologies. Ultimately, the obstacles encountered within these three domains have been pinpointed and deliberated upon [60]. In [61] offers an exhaustive examination of security vulnerabilities within Machine Learning enabled IoT. It underscores the significance of collaborative endeavors, privacy-preserving strategies, resilient models, ethical benchmarks, and ongoing scholarly investigation for societal progress. On the other hand [62], provides an in-depth review of the integration of IoT and Wireless Sensor Networks (WSN) with a federated learning (FL) machine learning approach. It addresses challenges related to heterogeneity, security, and privacy while outlining achievements and suggesting future research directions.

[53] thoroughly categorizes IIoT networks empowered by blockchain technology, assesses existing centralized systems, and underscores blockchain’s significance and potential applications in the industrial Internet of Things (IIoT) [63]. The paper delves into an examination of different consensus mechanisms and approaches within the scope of IoT applications, tackles security challenges within IoT networks, and investigates forthcoming endeavors associated with IoT systems built on blockchain. It also underscores the significance of robust cybersecurity measures within the IoT sector. It explores how integrating ML and AI algorithms with blockchain technology can bolster detection, prevention, and secure data storage in IoT systems. The passage further delves into diverse machine learning methodologies, including decision trees, artificial neural networks, support vector machines, and deep learning strategies to enhance security solutions for advancing IoT devices [64].

In contrast to the previously cited works, our survey presents a distinctive contribution to the field, comprehensively encompassing all three dimensions of IoT research: ML methods, DL methods, and the associated challenges. Previous papers [27, 31, 39, 47, 49, 57] and [61] collectively present a comprehensive review of machine learning methodologies in IoT security. Their investigation focuses on the challenges inherent on the Internet of Things. Alternatively, as demonstrated in [41, 64, 65], and [66], there has been a focus on the intersection of machine learning, artificial intelligence, and blockchain technology. However, a standard limitation of these studies is the need for increased practical application and empirical testing of the proposed solutions. While the potential of these technologies are deliberated in each study, empirical evidence and case studies showcasing the efficacy of machine learning and deep learning in fortifying IoT devices exist in the literature.

Our survey bridges this gap by integrating these aspects, introducing novel depth to the existing literature, and paving the way to explore new research trajectories. Notably, our survey stands out by encompassing a review of the most recent articles in the field, spanning publications up to 2024. Therefore, our analysis and conclusions are based on the latest trends and advancements in the IoT landscape. Consequently, our work furnishes an up-to-date portrayal of state-of-the-art research, encapsulating recent articles that have leveraged machine learning and deep learning methodologies within this domain.

In Table 2, the surveys mentioned in the related work are briefly stated, along with their primary objectives and limitations.

Table 2 The main object of related works

3 IoT architecture and applications

This section will thoroughly examine and explain IoT’s different applications and architecture, consisting of three main layers: the application, network, and perception.

Fig. 1
figure 1

IoT architecture

3.1 IoT architecture

The architecture of IoT comprises three layers: the application layer, the perception layer, and the network layer. These layers collaborate to facilitate the operation of IoT systems. Figure 1 shows the architecture of IoT. In the following, each of the layers is briefly described.

3.1.1 Application layer

The application layer is where data from IoT devices undergoes processing, analysis, and triggering of actions. It encompasses applications, services, and software that leverage data gathered from IoT devices to offer insights, make informed choices, and execute operations. This layer can be tailored to suit diverse applications, ranging from smart homes and industrial automation to healthcare. Additionally, this layer encompasses security concerns, including DoS attacks, which may involve program-related attacks, injection attacks, tampering, and scripting attacks [67, 68].

3.1.2 Network layer

The network layer facilitates data transmission from IoT devices to the network. Objects can exchange data with connected devices through the network layer, which is essential for intelligent event management and processing in IoT [69]. This layer’s role is to receive valuable digital data. Extracting data from the perception layer and transmitting it to processing systems in the middleware layer involves employing diverse communication technologies like WiFi, Bluetooth, WiMax, Zigbee, GSM, 5G [70], etc., in conjunction with protocols such as IPv4, IPv6, MQTT, and others [71, 72]. Given the substantial volume of data IoT sensors collect [73], efficient middleware is essential for managing this data. In this regard, cloud computing [74, 75] plays a central role in this layer.

3.1.3 Perception layer

The IoT comprehension layer is a crucial bridge connecting the IoT to the physical world. The perception layer is a self-organizing network system consisting of sensor nodes with varying resource limitations, communicating wirelessly. The perception layer establishes a physical connection with ‘objects’ and transmits their data to a sink or gateway. This layer encompasses a range of devices such as sensors, RFID readers, webcams, and smartphones, all employed for sensing and data collection purposes, including information about objects and the environment. However, it is worth noting that this layer is susceptible to significant security challenges [76, 77].

3.2 IoT applications

IoT applications are expanded daily and consist of different applications [78,79,80]. These applications include home automation, smart city, military applications, industries automation [81,82,83], security applications, healthcare applications, and target tracking [84]. Security is one of the most critical challenges in all applications. Figure 2 indicates different applications of IoT.

Fig. 2
figure 2

Applications of IoT

4 IoT Security challenges

The Internet of Things has significantly influenced industries and people’s daily lives. IoT aims to integrate the physical and digital worlds as a bridge between them. By utilizing the Internet of Things, people aim to enhance their lives, seeking simplicity, comfort, and well-being [49, 85, 86].

As the Internet of Things continues to gain prominence and expand usage, there is a concurrent escalation in security and cyber-related challenges. These challenges significantly impact the efficacy and functionality of IoT systems [87]. IoT devices present a range of intricate security concerns due to the open nature of the IoT ecosystem, which operates over the Internet. Consequently, these devices are frequently exposed to damage and attacks from various agents and external factors. Hence, there is a critical need for the early detection of security vulnerabilities within the IoT environment [88]. IoT devices and ecosystems face a wide range of threats and vulnerabilities. A threat is an activity that exploits security flaws in a system that can compromise its security and performance. These threats can have severe consequences for individuals and organizations [89].

4.1 Types of threats

Several types of threats affect the Internet of Things. Figure 2 shows the taxonomy of the Internet of Things threats, divided into physical and cyber categories. In the following, we briefly describe each of them.

4.1.1 Cyber threats

IoT threats are primarily categorized into cyber and physical threats, with cyber threats encompassing passive and active threat types (Fig. 2).

Cybersecurity threats within the realm of the Internet of Things are distinct due to IoT’s unique characteristics and constraints. These threats can potentially target and exploit IoT’s various limitations and vulnerabilities [90, 91].

Cyber threats can be categorized into passive threats and active threats, each representing diverse types of risks and vulnerabilities:

4.1.1.1 Passive threats
Fig. 3
figure 3

Taxonomy of threats in IoT security

Passive threats involve unauthorized access or monitoring of data or IoT devices without altering or disrupting their operations. These threats focus on.

Stealing information or gathering intelligence without directly interfering with the IoT system’s functionality (Fig. 3). Some examples of passive threats in IoT security include:

  • Eavesdropping

Eavesdropping entails secretly listening to the discussions of individuals without their permission, intending to collect information [92].

In an eavesdropping threat, an attacker seeks to exploit weaknesses in security mechanisms, such as encryption or authentication, to access data in transit.

The attacker aims to collect sensitive information by transferring data, commands, or messages without the knowledge or consent of legitimate users or device owners.

  • Traffic Analysis

This type of threat refers to monitoring and analyzing network traffic patterns and data exchange in IoT ecosystem to identify potential security threats, anomalies, or vulnerabilities. This technique helps security professionals and network administrators gain insight into IoT device behavior and data flow, effectively identifying and responding to security issues. The attacker intercepts and examines the messages and analyzes the packet traffic to obtain network information [93]. Critical aspects of traffic analysis in IoT security include Monitoring Data Flows, Anomaly Detection [94], Security Event Correlation, Identification of Abnormal Traffic, Encryption and Decryption Analysis, Network Segmentation Analysis, IoT Device Profiling, and Real-time Monitoring.

  • Data Theft

Data theft in IoT security refers to malicious actors’ unauthorized acquisition, copying, or retrieval of sensitive or confidential data from IoT devices, networks, or systems. Data theft typically occurs when attackers access IoT devices or their associated networks without authorization. Once access is obtained, the attacker may exploit vulnerabilities or weaknesses in the security measures to extract data. The stolen data can be used for various malicious purposes, including identity theft, financial fraud, corporate espionage, or cyberattacks. Protecting against data theft in IoT security requires implementing robust security measures such as encryption, authentication, access controls, intrusion detection systems, and regular security updates to minimize vulnerabilities and unauthorized access. Additionally, monitoring network traffic and IoT device behavior can help detect and respond to potential data theft incidents in real-time [54].

4.1.1.2 Active threats

Active threats involve direct manipulation, disruption, or interference with IoT devices, networks, or data. These threats aim to alter or compromise the functioning of the IoT system. Active threats can have more immediate and noticeable consequences (Fig. 2). Some examples of active threats in IoT security include:

  • Denial of Service (DoS) Attacks

A DoS attack is a technique employed to disrupt a network connection, rendering it inaccessible to its intended users. Such an attack transpires when a malevolent actor inundates the central server with excessive requests, rendering legitimate users unable to access the server. The attacker persistently bombards the host with spam requests until it becomes overwhelmed and ceases to function. Typically, DoS attacks are directed at data communication systems, with web servers of prominent entities like smart homes, personal medical devices, and industrial applications often falling victim to such disruptive attacks.

  • Distributed Denial of Service (DDoS) Attacks

DDoS is a malicious attack that aims to overwhelm a network or system by organizing a coordinated barrage of traffic from multiple compromised devices or bots. DDoS attacks are volume attacks, and compromised devices are often Also known as botnets; these devices have weak internal security and suffer from other limitations such as low computing power and battery capacity. Due to weak security, an attacker injects malware using tools such as Mirai code or the Lizards Tresser tool and takes control of the device. Mitigating DDoS attacks in IoT security usually involves implementing traffic filtering, intrusion detection systems, limiting Rates, and using content delivery networks (CDNs) or specialized DDoS mitigation services to absorb and reduce the high volume of malicious traffic generated by the attack. In addition, IoT devices must be regularly patched and updated to reduce their susceptibility to becoming part of a botnet used in DDoS attacks [95].

  • Malware and Ransomware

Ransomware is malicious software restricting access to critical data and demanding payment for its release. In this attack, the offender seeks to encrypt the victim’s data using robust encryption techniques and requests a ransom, typically in Bitcoin, in exchange for the decryption key. The repercussions of a ransomware incident encompass temporary or permanent data loss, disruption of regular system functions, and financial setbacks. Two primary categories of ransomware exist crypto-ransomware and lock ransomware [96].

  • Device Manipulation

Device manipulation in IoT security refers to unauthorized or malicious alteration, tampering, or interference with IoT devices, configurations, or physical components [97, 98]. This activity is typically done to compromise the IoT device’s functionality, security, integrity, or broader ecosystem. Device manipulation poses significant security risks in IoT environments, as it can result in unauthorized access, data breaches, service disruptions, and privacy violations.

  • Man-in-the-Middle (MitM) Attacks

Man-in-the-middle (MitM) attacks represent a prevalent security threat in wireless networks, enabling attackers to intercept and manipulate communication between two end devices [99]. MitM attacks have greater complexity than other attack types, making them challenging to identify [100, 101].

  • Device Spoofing

This attack involves accessing legitimate network users’ medium access control (MAC) addresses to perpetrate malicious actions [102]. Spoofing attacks can maliciously compromise both wired and wireless networks. In these attacks, the malicious actor gains access to a device, its resources, and the network by exploiting frames and fields containing address identifiers belonging to the target user. These identifiers may include the MAC address or IP address [103]. Spoofing attacks come in various forms, including email, URL, and frame spoofing, but the most prevalent ones involve either MAC address or IP address manipulation [104].

  • Command Injection

Command injection is an attack that aims to run unauthorized commands on the host operating system by exploiting vulnerabilities in a program. These attacks become possible when an application processes insecure data from users. During this attack, the attacker’s provided operating system commands are typically executed with permission from the vulnerable application. The consequences of command injection attacks can vary from compromising data confidentiality and integrity to gaining unauthorized remote access to the system that hosts the vulnerable application [105, 106].

4.1.2 Physical threats

Physical threats in IoT security refer to risks and dangers that arise from physical. Access to IoT devices, systems, or infrastructure. These physical threats are part of The foundation of IoT security includes the potential for unauthorized individuals or entities to tamper with or compromise IoT components physically, resulting in security breaches, data breaches, or operational disruptions [107].

4.2 Effects of threats

Ensuring the security of IoT systems is of utmost importance due to various potential threats and vulnerabilities. The impacts of these threats on IoT can be extensive, significantly affecting the security, functionality, and reliability of IoT ecosystems. The following section briefly outlines the various effects of these threats.

4.2.1 Integrity

Integrity concerns in IoT security pertain to the trustworthiness and precision of data and devices within the IoT environment. These concerns revolve around safeguarding information from unauthorized alterations or tampering [108, 109]. The integrity feature ensures only authorized users can modify IoT device information when utilizing wireless communication networks [110]. Weaknesses in integrity checks can open the door to data tampering within IoT device memory, potentially jeopardizing the core functionality of physical devices and persisting undetected for extended periods. Solutions for ensuring integrity in IoT encompass the generation or utilization of data through programmed methods [108].

4.2.2 Authentication

Authentication is one of the most important security parameters to IoT applications. In IoT security, concerns and challenges regarding authentication are associated with confirming the legitimacy and identity of devices, users, and entities operating within the IoT ecosystem [111]. The issues surrounding authentication and access control in IoT stem from the sheer volume of devices and the character of machine-to-machine (M2M) communication inherent to the Internet of Things [112, 113]. Hence, a well-functioning IoT system requires an authentication mechanism to effectively manage system constraints while delivering robust security measures [114] (Fig. 4).

Fig. 4
figure 4

Effect of threats on IoT security

4.2.3 Availability

To minimize the potential for operational disruptions or failures in IoT systems, it is crucial to improve the availability and continuity of security services [115]. Nevertheless, the increasing amount of data in IoT poses challenges to maintaining consistent device and data availability. Exploiting this vulnerability, attackers deploy diverse attacks that may jeopardize the overall availability of the system [116].

4.2.4 Authorization

Authorization mechanisms are essential for security IoT ecosystems against unauthorized entry, data breaches, and security threats. These mechanisms ensure the security of valid communications by verifying the identities of all devices and confirming their entitlement to access approved resources, data, and services [117, 118]. There are two authorization processes: one for the devices and another for the users. Authorization and Authentication complement each other and have common goals [119].

4.2.5 Non-repudiation

In the IoT, non-repudiation is necessary, ensuring that services serving as a link between the smooth transmission of service/data and effective security implementation can be allowed or disowned [120, 121].

4.2.6 Confidentiality

Confidentiality within IoT security involves safeguarding sensitive information and data from unauthorized access, disclosure, or exposure. It constitutes a vital necessity, and this safeguarding can be guaranteed by implementing secure encryption methods [122, 123]. The difference between confidentiality and integrity is that Confidentiality relies on password-based encryption for protection. In contrast, integrity, specifically against memory tampering, is maintained using a message authentication code derived from the stored context [124].

5 Solutions

In this regard, several successful methods have been introduced recently. Most of them are based on Machine Learning and Deep Learning methods. Machine Learning techniques such as Support Vector Machine (SVM), Artificial Neural Net, and Linear Modeling are successful with small data sets. In big data sets, Deep Learning has higher accuracy. Graph Neural Network is an original approach in that node selection must be done carefully.

In Table 3, the studied methods are compared with each other.

Table 3 Comparison of different methods for attack detection

5.1 Machine learning

Machine learning plays a crucial role in enhancing security in the IoT ecosystem. IoT devices are becoming increasingly prevalent and often collect and transmit sensitive data. Securing these devices and the data they manage is essential. As Fig. 5 shows, we classify the IoT security in three machine learning methods. Table 4 summarizes the reviewed articles in the field of machine learning.

Table 4 Papers use machine learning methods
Fig. 5
figure 5

Machine learning methods used in IoT security

5.1.1 Support vector machine (SVM)

The Support Vector Machine (SVM) is a supervised machine learning algorithm with various applications [125]. It tries to find a decision boundary between different classes in the input feature space. The SVM must be trained at least once for recognition and class using one of many methods. Support Vector Machine has extremely high accuracy. The SVM is not suitable for use in big datasets. The feature selection must be used to reduce data size. Radial base Neural Net is the type of Feed Forward Neural Net. The most common transfer function in RBF [126] is Gaussian. This method needs a considerable amount of memory and is not suitable for big datasets. Generalized Regression Neural Net has the highest accuracy and is like RBF. The biggest drawback of this method is the computation complexity. Every sample of the dataset is stored in memory. The complexity of output calculation is O (N2).

SVM has several applications for detecting Low-Rate Denial of Service (LDoS) attacks in Software Defined Networks (SDN) [127]. In the study [128], an IDS to detect low-rate distributed denial-of-service (LRDDoS) attacks in SD-IoT using an SVM algorithm along with a feature importance method, especially a logistic regression coefficient. This paper proposes different SVM kernel models. Evaluate and find that the linear kernel SVM algorithm achieves the highest accuracy. Another study [129] analyzed machine learning techniques, specifically LSTM, IF, and SVM, to detect internet threats in smart grids based on network traffic analysis. Different types of SVMs are also used to identify malware [130]. have used a decision tree based SVM to identify malware. Their experimental results prove that the proposed method efficiently identifies malware with an accuracy of 98.78%, and it takes only 42 s to process 1000 samples. A new malware detection framework is proposed for the Internet of Things using the Genetic Cascade Support Vector Machine (GC-SVM) classifier. The purpose of the proposed method is to detect and accurately identify malware in Internet of Things-based systems [131]. This study [132] investigates the utilization of support vector machines (SVM) for intrusion detection systems (IDS) deployed in the context of the Internet of Things (IoT). Specifically, two SVM techniques, C-SVM and OC-SVM, are implemented within an IDS framework to monitor and detect abnormal activities in smart node devices. The findings indicate that C-SVM attained a classification accuracy of up to 100% when assessed with unfamiliar data from the identical network topology it was trained on, achieving 81% accuracy in an unfamiliar topology. Conversely, OC-SVM achieved a maximum accuracy of 58%.

This study explores two distinct threat models: ciphertext and background models. In the ciphertext model, the IoT data analyst is restricted to accessing encrypted IoT data stored on a blockchain-based platform, with the capability to record intermediate results generated during the execution of the secure training algorithm. Conversely, in the background model, the IoT data analyst possesses additional knowledge beyond the ciphertext model, enabling collusion with one or more IoT data providers to deduce sensitive data from others. The primary objectives include safeguarding the privacy of multiple IoT providers and devising a privacy-preserving scheme for training SVM models using multiple private datasets from various IoT providers [133]. These previous papers underscore the efficacy of SVM and ML methods in bolstering IoT security by improving attack classification, safeguarding privacy, and detecting and mitigating attacks.

5.1.2 Artificial neural networks (ANN)

Artificial Neural Network or Feed Forward Neural Net is the most common Neural Net type and has at least one hidden layer. The most advantageous feature of this type of neural net is that output computation is high-speed. However, training time with the backpropagation algorithm could be faster. Extreme Learning Machine is another type of ANN. The training algorithm is based on a generalized matrix inverse. ANN is an imitation of a biological neural network, which is an information processing model. It can be used in the intrusion detection system between the IoT environment and the external network. It can also overcome traditional security methods.

There are three primary layers in the artificial neural network:

  • Input layer.

  • Hidden layer.

  • Output layer.

Information enters the neural network through the input layer, is processed in the hidden layers, and the result can be retrieved in the output layer.

The attractiveness of artificial neural networks stems from their remarkable information-processing properties, which are related to nonlinearity, high parallelism, fault and noise tolerance, and learning and generalization capabilities. Several studies have been presented on IoT security using ANN. An ANN-based intrusion detection system for threat analysis in IoT networks, achieving 100% efficiency in detecting DoS attacks, is introduced [134].

In a different study [135], a nearly instantaneous SDN security system employs a CNN to detect DDoS attacks, demonstrating encouraging outcomes in countering advanced DDoS threats. Utilizing artificial Neural Networks in IoT security involves a variety of functions, including anomaly detection, intrusion detection, authentication, and encryption. The valuable features of adaptability and learning inherent in ANNs make them effective instruments for tackling the constantly changing and evolving security challenges in IoT environments.

5.1.3 Linear modeling

Linear modeling in the context of IoT security involves using linear mathematical relationships to analyze and predict security-related outcomes. Linear models are statistical models that assume a linear relationship between input variables and the target variable. These papers [136, 137] collectively explore the theme of linear modeling within the context of IoT security. While they tackle the subject from diverse perspectives, they offer insights into various facets of modeling for IoT security.

One of these papers introduces a model-driven adaptive strategy for IoT security, employing Model-Driven Engineering (MDE) to generate security services according to security requirements. This method aims to improve information management and confidentiality in IoT systems. Meanwhile [137], emphasizes the necessity for a formal IoT security model capable of assessing the security levels of different IoT systems. Their proposed model considers adversaries’ actions, capabilities, and objectives, facilitating a comprehensive security evaluation based on confidentiality, integrity, availability, and soundness.

5.2 Deep learning

With the increase in data size, feature selection must be done to reduce the data size and complexity of training data. Machine learning-based methods are accurate with datasets. However, increasing the dataset size makes finding features easier. Deep Learning calculates these features using an optimization algorithm. It is very suitable for large-scale data sets and has better accuracy [138]. As depicted in Fig. 6, we explore the four deep-learning techniques in IoT security. Table 5 summarizes the reviewed articles in the field of deep learning.

Table 5 Papers based on deep learning methods
Fig. 6
figure 6

Deep learning methods used in IoT security

5.2.1 Convolutional neural network (CNN)

Convolutional Neural Networks are used in IoT security to enhance various aspects of safeguarding IoT ecosystems. This type of DL consists of a convolution Layer, max pooling layer, softmax layer, and fully connected layer. The mammal’s brain activity in object recognition is remarkable like CNN. According to the studies, CNN has higher accuracy in object detection [139, 140].

CNN-based studies have been conducted to ensure the security of the Internet of Things. In [141], the authors presented an improved CNN. The preprocessed data set of KDD99 is inserted into the intrusion detection model through edge calculation, and the enhanced CNN model is employed to achieve multi-classification of the data, utilizing the focal loss function to adjust the ratio. The precision, accuracy, recall, and F1-measure values surpass those of other comparative algorithms, presenting a novel solution within intrusion detection. An attack detection in the network using a robust multi-cascade CNN (RMC-CNN) classification approach is presented to detect attack types [142]. Data is encrypted with a key generation mechanism using a dynamic honeypot encryption algorithm. Therefore, the encrypted information is transmitted securely and stored in the IoT cloud, which can be decrypted based on the user’s request.

In [143], the authors proposed a CNN-CNN-based approach where the first CNN model uses raw network traffic data to select important features that help detect an IoT attack, the second CNN uses the features identified by the first CNN to build a robust detection model that Accurately identifies the Internet of Things. Furthermore, the proposed approach is compared with other deep learning algorithms and feature selection methods. The results show that it performs better than these algorithms. Also, in [144], the possibility of using logit-enhanced CNN models in smart home IoT devices for anomaly detection and face recognition is investigated. The authors have proposed six models that increase performance by combining LR (LR), gradient-boosting classifiers (XGB, GBC, CBC, HGBC, ABC, and LGBM), and CNN. These models are named LR-XGB-CNN, LR-GBC-CNN, LR-CBC-CNN, LR-HGBC-CNN and LR-LGBMCNN. The OSD-IDS mechanism serves as an optimal defense strategy targeting DDoS attacks within IoT networks. It comprises an enhanced ResNet architecture for feature extraction, an improved quantum optimization (IQQO) algorithm for feature selection, and a hybrid deep learning technique combining CNN and diagonal XG boosting (CNN-DigXG). OSD-IDS achieves accuracies of 99.476% and 99.078% in the analyzed datasets [145]. These models showed promising capabilities in anomaly detection, face recognition, and integration of these capabilities into smart home IoT devices. The findings of this study have emphasized the potential of deep learning approaches to enhance security and privacy in smart homes. A comprehensive survey on IoT security, including communication security, application interface security, and data security, is introduced to identify existing security gaps. These documents underscore the significance of tackling security issues associated with CNN in IoT settings.

5.2.2 Gate recurrent unit (GRU)

The GRU is a specialized variant of the RNN model utilized for feature extraction following dimensionality reduction preprocessing. The GRU effectively handles input sequences with temporal dependencies by introducing additional connections between hidden layer nodes, while the GRU unit governs the data output [146]. GRU is similar to LSTM in design and often yields similarly promising results in specific scenarios [147]. Nevertheless, GRU boasts a reduced node count and faster processing speed, mitigating long-term correlation issues and lowering the risk of overfitting in smaller RNN architectures [148]. In specific GRU-related tasks, it outperforms LSTM in terms of accuracy thanks to its swift training, straightforward structure, and ease of analysis [149, 150].

There are various works about GRU in IoT security. The focal point of this research involves utilizing machine learning algorithms, with a particular emphasis on deep learning techniques, to fortify security within wireless sensor networks. This article addresses the hurdles wireless sensor networks encounter concerning energy consumption and security, delving into the capabilities of algorithms. Furthermore, it underscores the significance of IDS in identifying diverse attack types, including DoS attacks. The emphasis is placed on wireless sensor networks, and the evaluation involves deep learning-based IDS models trained on specialized datasets, such as WSN-DS, for detecting various DoS attack forms [151]. In [147], the authors have developed a new approach, DIDDOS, to detect and identify DDoS cyber-attacks using GRU.in [152] focuses on enhancing cyber security in IoT networks through the use of deep learning techniques, especially the CNN-GRU model. The method used in this article includes deep learning models to develop intrusion detection systems suitable for IoT environments. The purpose of the CNN-GRU model is to improve the security performance of IoT by effectively identifying and reducing cyber threats by classifying traffic flow and analyzing network behavior. In [153], the authors concentrated on employing deep learning models, particularly CNN, LSTM, and GRUs, for crafting intrusion detection systems tailored for IoT environments. The research adopts a systematic approach, encompassing stages such as robot-IoT simulation [154], dataset preprocessing, feature selection, classification, and evaluation. This structured methodology aims to fortify the security of IoT networks by adeptly recognizing threats and cyber-attacks.

5.2.3 Graph neural network (GNN)

The latest technology is GNN, which learns from complex network structures and traffic patterns [155]. It can capture the impact of the network and has shown excellent results in detecting network attacks [156]. Also, GNNs have gained popularity due to their ability to model the underlying topology in terms of nodes and edges [157].

GNNs are crafted to account for the graph’s structure, enabling the creation of efficient embeddings at both graph and node levels, exemplified in applications like graph-based malware classification. In the context of a GNN malware classifier, node-level features are consolidated to produce graph-level features, facilitating the classification of input samples. Through message passing, the GNN model combines the features of a node with those of its neighbors, irrespective of the local structure or neighbor count. This iterative process, implemented through graph convolution layers, generates embeddings enriched with information from a broader local structure [158].

GNN is focused on several papers that solve IoT security. In [159], the authors presented the NT-GNN (Network Traffic Graph for Android 5G IoT Mobile Malware Detection) method to identify malicious code and detect malware in Android applications. In [156], the authors introduced a light graph convolutional network (GConv) called NE GConv, which addresses the challenge of limited labeled traffic flow data in IoT networks by using topological flow structure and software-defined networking technologies and intrusion detection in IoT networks.

5.2.4 Long-short-term memory (LSTM)

This type of deep Learning is very suitable for time series data and consists of remember-and-forget Gates and hidden state units [139]. In [160], the authors highlighted the importance of identifying malicious attacks in the IoT environment to minimize security risks. The proposed CNN-LSTM algorithm is applied to detect specific botnet attacks, such as BASHLITE and Mirai, on various commercial IoT devices, including doorbells, thermostats, and security cameras. The experimental results demonstrate the effectiveness of the CNN-LSTM model in detecting botnet attacks with high accuracy across different IoT devices. There are other works based on LSTM for IDS. In [161], the aim is to suggest a fresh design for an IDS tailored explicitly for IoT devices. This structure integrates the Extreme Gradient Boosting (XGBoost) model with the LSTM model to scrutinize unusual states in IoT devices. The sequence of system calls serves as markers for abnormal behaviors, and the newly proposed stacking model is utilized to detect and identify these abnormal behaviors. In [162], a framework leveraging deep learning algorithms within a fog network for devices with Software-Defined Networking (SDN) has been introduced. The system aims to enhance security by recognizing and addressing advanced cyber threats by incorporating innovative technology. A deep learning-based approach using LSTM architecture for intrusion detection in IoT device networks within smart homes is introduced. Specifically, it highlights using LSTM to predict cyberattacks on smart home IoT network devices and learn new outliers over time [163].

The primary objective and emphasis of [164] are centered on the creation and deployment of an advanced IDS specifically designed for Electric Vehicle Charging Stations (EVCS) within IoT framework [165, 166]. Moreover, the paper discusses the construction of an ensemble model that integrates CNN, LSTM, and GRU layers for intrusion detection purposes. The architecture of this model is structured to examine network traffic data, detect abnormalities, and categorize traffic into predetermined classes with notable precision.

6 Future research direction

This section presents challenges and further research directions for securing IoT applications and devices using ML and DL methods.

6.1 Implementation of ML/DL at the fog or cloud computing

The integration of blockchain technology, alongside ML/DL schemes, presents a promising approach to addressing the intricate security needs of the IoT ecosystem. The decentralized nature of blockchain can significantly enhance the security, robustness, and trustless authentication across IoT devices, ensuring a secure exchange of critical data [167]. However, it is acknowledged that blockchain’s computational demands and associated overheads present challenges, including high bandwidth requirements and potential delays, critical for real-time IoT applications [168]. Numerous methodologies leveraging the integration of blockchain with ML/DL for IoT have been proposed to address these, offering innovative solutions to security and privacy challenges. For instance, the combination of Software Defined Networking (SDN) and blockchain introduces a structured framework enhancing IoT networks’ performance and security, proposing a blueprint for smart, secure IoT frameworks [169].

Additionally, the critical review by Taherdoost underscores the role of ML in bolstering blockchain applications, particularly in securing data and enhancing privacy [170]. Moreover, federated learning emerges as a cutting-edge solution in this landscape, optimizing the balance between data privacy and system performance across distributed IoT devices, indicating a direction for future research and development [171]. This is further supported by the work of Ferrag et al., who highlight the effectiveness of federated deep learning approaches in enhancing IoT cybersecurity and provide a comparative analysis against traditional ML methods [172].

The converging paths of blockchain, ML/DL, and IoT technologies present a change in basic assumptions towards a more secure and private IoT ecosystem. Researchers are tasked with navigating these advancements, ensuring that the integration not only addresses current challenges but also anticipates future demands. The integration’s energy and bandwidth implications, alongside the real-time processing delays, serve as critical areas for ongoing investigation, underscoring the necessity for solutions that balance efficiency with security [173,174,175]. As this field continues to evolve, a collaborative and multidisciplinary approach will be paramount in harnessing the full potential of these technologies, ensuring a secure, efficient, and scalable IoT ecosystem [176, 177].

6.2 Security challenge of testing datasets

Testing and training are essential for ML/DL applications, and secure and trusted datasets are needed. Providing such datasets is a significant challenge for IoT applications and can be studied as future work in this regard.

6.3 Integration of ML/DL with metaheuristic algorithms

Metaheuristic algorithms can integrate ML/DL and IoT security. These new algorithms can improve the parameter selection and tuning operations in the security of IoT devices and applications.

6.4 Data diversity

Today, with the expansion of IoT different applications, IoT heterogeneous devices produce various heterogeneous data with different scales according to the type of application. Diversity and heterogeneity of generated data with large volumes and diverse applications and managing the produced data is one of the crucial challenges.

6.5 Adaptability between ML/DL and IoT applications and devices

The IoT landscape has recently seen continuous expansion and advancement of devices and applications. Consequently, ML/DL systems must exhibit a comparable level of adaptability. Zero-day attacks are inevitable in real-world networks, and introducing new devices to the IoT system is expected. Furthermore, network traffic distribution is subject to change as these new devices join the network. A model trained statically struggles to adjust quickly to these changing conditions, potentially increasing false positives and negatives. Daily fluctuations in end-user demands also present new challenges for ML/DL applications in the IoT environment. Thus, ML/DL algorithms must effectively navigate the swiftly evolving landscape from various perspectives.

7 Conclusion

Considering that the IoT is an excellent network and has a practical impact on the daily life of today’s people, but along with its advantages, there are also disadvantages such as eavesdropping, cybercrime, DoS, unauthorized access to data, node forgery, detection infiltrate. This paper reviews ML/DL-based solutions for the security of IoT. According to the studies and research done in this field, we can boldly recommend graph neural networks to detect attacks. GNN can be mixed with other data set classifiers to increase the accuracy of the operation significantly. In the meantime, the AdaBoost device significantly increases the overall accuracy in voting and classifiers. SGDM and ADAM can be used to train the weight of classifications. The size and weight of the classifiers can be quickly determined with these two, and the results are obtained. These two algorithms are based on gradient descent and chaotic behavior. According to the research done and the necessary checks on the above cases, this paper will be helpful for other researchers, and they will make effective use of it.