Intrusion detection systems in the Internet of things: A comprehensive investigation

Abstract

Recently, a new dimension of intelligent objects has been provided by reducing the power consumption of electrical appliances. Daily physical objects have been upgraded by electronic devices over the Internet to create local intelligence and make communication with cyberspace. Internet of things (IoT) as a new term in this domain is used for realizing these intelligent objects. Since the objects in the IoT are directly connected to the unsafe Internet, the resource constraint devices are easily accessible by the attacker. Such public access to the Internet causes things to become vulnerable to the intrusions. The purpose is to categorize the attacks that do not explicitly damage the network, but by infecting the internal nodes, they are ready to carry out the attacks on the network, which are named as internal attacks. Therefore, the significance of Intrusion Detection Systems (IDSs) in the IoT is undeniable. However, despite the importance of this topic, there is not any comprehensive and systematic review about discussing and analyzing its significant mechanisms. Therefore, in the current paper, a Systematic Literature Review (SLR) of the IDSs in the IoT environment has been presented. Then detailed categorizations of the IDSs in the IoT (anomaly-based, signature-based, specification-based, and hybrid), (centralized, distributed, hybrid), (simulation, theoretical), (denial of service attack, Sybil attack, replay attack, selective forwarding attack, wormhole attack, black hole attack, sinkhole attack, jamming attack, false data attack) have also been provided using common features. Then the advantages and disadvantages of the selected mechanisms are discussed. Finally, the examination of the open issues and directions for future trends are also provided.