M. Ge et al. (2017) extends the framework proposed by Ge and Kim (2015) with a formal definition of the framework, three-layer graphical security model, detailed calculations of the security metrics and a comprehensive evaluation using both heterogeneous and homogeneous networks. The framework proposed by M. Ge et al. (2017) which is the first of its kind for modelling and analyzing security of the IoT graphically. They use the Hierarchical Attack Representation Model (HARM) to capture potential attack paths in the network. They also use the Symbolic Hierarchical Automated Reliability and Performance Evaluator (SHARPE), to evaluate the security and to analyze the performance and reliability of the system. They evaluate the framework using three scenarios, one of them is a smart home. Using their framework, the potential attack paths can be founded using the extended HARM, a decision can be made about the device that should be protected at first and to compare the effectiveness of different device-level strategies based on the evaluation of the security metrics. Then, the most effective device-level security strategies for specific devices can be chosen by the security decision maker.J. M. Batalla et al (2017), presents current security approaches and issues, classifying them according to the objectives (integrity, privacy, availability, etc. ), which are closely related to Smart Home environment. Also, It presents threats and countermeasures used in current systems. It shows the good practices and guidelines imposed on the market for developing secure systems in houses. Implementation issues in hardware like choosing the best device that can have enough energy to aid security mechanisms and the E9 is the one selected, and some in software like the use of the cloud services to help in the management tasks which requires secure communications along with the protocols and certificates used. It is important for the smart devices and the applications connected to the HAN to be authenticated on the platform. New standards of the one to one encryption are required because of the variety of applications making use of the HAN-cloud communications. The Google’s Nest platform is mentioned as the platform which is making use of HAN cloud computing and different types of encryption mechanisms such as AES 128, 2048-bit RSA. Controlling the home appliances and accessing the services can be done using the new network protocol Apple’s HomeKit. Using this protocol, different types of application can be integrated in a smartphone, and it imposes encryption by public-private key pairs. At the end of the paper some future solutions for efficient and secure Smart Homes management is proposed such as having an external actor to manage the system with keeping the security in all layers and guaranteeing privacy of data, and indicated that the network operators the one who can fulfil this position and give management support to Smart Homes since they are connected to the HAN through home gateways for multimedia delivery.
One IDS/IPS development was done by M. Agarwal and D. Pasumarthi et al(2014). They proposed a ML based IDS and IPS that detects the flooding DOS attack in 802. 11 wi-fi networks and help the victim station to recover. Using ML technique in developing an IDS gives the accuracy and a 95% detection rate. They used the Angle of Arrival (AoA) approach to locate the attacker. Therefore, they can block the incoming frames from the attacker region. The proposed architecture consists of the knowledge base which is the storage for the generated datasets and it can update its content using the IPS module feedbacks and it is considered as a trainer for the IDS by giving the pre-processing traces, IDS module that has two sub-module – one to capture the frames and passes it to the other for investigation and analysis, the localization module to locate the attacker and forward the angel to the AP to block the traffic coming from it, and the last module is the IPS module. They used a dataset generated at Computer Science and Engineering Department of IIT Guwahati due to non-availability of any public dataset for flooding attacks. They mentioned that for The ML based IDS to be successful, the classifier should be chosen carefully. The classifier as mentioned above is part from the IDS and it has the training step where the classification algorithm use the training data to form the classifier, and then the classification step. They selected different classifiers to let the admin to choose the best algorithm depends on his network characteristics. They have compared the performance for the used classification techniques according to the accuracy and detection rate, and they found that their proposed IDS performs really well for a host of classification algorithms. As a result of this architecture, the network recovers swiftly from the attack and the services of the other clients are not affected.
Another IDS/IPS proposed by J. Granjal, J. M. Silva and N. Lourenço (2018). They proposed an IDS/IPS framework for the detection and prevention of attacks in CoAP Wireless Sensor Networks Using Anomaly Detection for detecting Denial of Service (DoS) attacks and attacks against the 6LoWPAN. They used Contiki operating system-because of its stability, hardware compatibility and the quality of the documentation at hand- to program the CoAP intrusion (attack) scenarios and to generate then analyze the traffic to train the ML algorithm to detect the suspicious communications. They used the Support Vector Machines (SVM) algorithm for intrusion detection because it has a faster classification procedure that enables a real time implementation. Mariusz Gajewski et al. (2017) presents a two-layer network architecture for Intrusion Detection System (IDS) for Smart Home environment. In this architecture there are IDS located in the Home Gateway (HG) and another IDS located within the ISP infrastructure. As a result of that distribution of the IDS, the security data processing and analysis are carried out by the devices at the user’s side – initial detection – and by the service provider data center – deep detection -. This distributed data processing allows – in addition to the user’s devices – the service provider for detecting extremely advanced threats and minimizes the impact on the HG performance. Because the IDS can only detect the known threats and it doesn’t do any defensive action, the development of an IPS that has intelligent agents to react to the intruder attempts by choosing the most correct action to do is a necessity. The previous process of decision making which the intelligent agent should do, it comes from a continuous knowledge feeding and teaching until reaching the autonomy which in turn will give the ability to process an unlimited list of actions to choose from. This is what R. Coulter and L. Pan (2018) touched in their paper. The development of IoT systems requires flexible and adaptive agents to not only operate but defend. These systems need to be able to adjust, heal and promote trust through autonomous action. With the use of machine learning mechanisms, the IPS can detect the most serious threats, even zero-day attacks.
R. Coulter and L. Pan(2018) reviewed the current intrusion detection approaches from an intelligence point of view. They redefined the elements shared between IoT, IDS and Intelligent agents. Also, they gave a formal model of an agent and apply it against two different modelling approaches: Traditional and Distributed, where they found that the distributed multi-agent approaches provided the closest real-world solution. It is problematic to apply the traditional IDS in the IoT because of the computing and resource limitations, Zarpelão et al, (2017). They mentioned that there are many review articles that focus on designing IDSs for elements related to IoT, and there is no published paper reviewing researchers’ efforts on the design and development of IDSs for the IoT paradigm and this is their objective from this paper. They review 18 papers between 2009 and 2016 classified according to four different attributes. They discuss three placement strategies, and before that three studies are presented to show an overview of the IoT networks architectures. The strategies are the distributed IDS placement – the IDSs are placed in every physical object of the LLN and this should be considered when a lightweight IDS is proposed-, centralized IDS placement – the IDS is centralized in a component such as a border router or a dedicated host-, and the last strategy is the hybrid IDS placement – which combines concepts of centralized and distributed placement strategies. They classified the intrusion detection methods into: anomaly-based, signature-based, specification-based and hybrid, and they discussed how these methods have been used to develop IDSs for IoT. They presented some security threats mentioned in the IDS proposals for IoT such as routing attack, conventional attack, man-in-the-middle attack, DOS attack. Also, an investigation for the validation strategies is done using the classification of validation methods proposed by Verendel (2009), and it shows that there are no standardized validation efforts for intrusion detection in IoT. Finally, open research issues and future trends are mentioned such as investigating the strong and weak points of different detection methods and placement strategies, addressing more IoT technologies and improving validation strategies.
The position of the IDS shouldn’t affect its purpose as stated by J. F. Colom et al (2018). They developed a distributed IDS framework to schedule IDS tasks where the security requirements are achieved and the IDS utilization of the computing resources in the connected devices is minimized by using the cloud computing services and resources – only when necessary-, so that the user processes won’t be interrupted and all relevant data flows are passed through the IDS. Therefore, any single point of failure or attack should be avoided. The paper concluded that to combine IoT with Cloud services, an innovative mapping of advanced techniques, collaborative methods and algorithms for IDS are essentials.