Enhanced IoT cybersecurity through Machine Learning - based penetration testing
Article Sidebar
Open full text
Main Article Content
DOI
Authors
Abstract
The Internet of Things (IoT) is a new technology that builds on the old Internet. A network connects all objects using technologies such as Radio Frequency Identification (RFID), sensors, GPS, or Machine-to-Machine (M2M) communication. The development of IoT has been negatively impacted by security concerns, which has led to a significant increase in research interest. However, very few methods look at the security of IoT from the attacker's point of view. As of today, penetration testing is a common way to check the security of traditional internet or systems. It usually takes a lot of time and money. In this paper, we look at the security problems of the Internet of Things (IoT) and suggest a way to test for them. This way is based on a combination of the belief-desire intention (BDI) model and machine learning. The results of the experiments showed that they were very good at detecting and defending against cyberattacks on IoT devices. The proposed BDI-based recall method provided 85% of the results. The 90% precision suggests that the measurements are very accurate. The F1-score was 87.4%, and the accuracy was 95%. The proposed BDI is of exceptional quality in every part of the penetration-testing model. Therefore, it is possible to create a system that can detect and defend against cyberattacks based on the proposed BDI model.
Keywords:
References
Abu-Dabaseh, F., & Alshammari, E. (2018). Automated penetration testing: An overview. 4th International Conference on Natural Language Computing (NATL 2018). http://dx.doi.org/10.5121/csit.2018.80610 DOI: https://doi.org/10.5121/csit.2018.80610
Abu-Ein, A. A., Abuain, W. A., Alhafnawi, M. Q., & Al-Hazaimeh, O. M. (2025). Security enhanced dynamic bandwidth allocation-based reinforcement learning. WSEAS Transactions on Information Science and Applications, 22(1), 21-27. https://doi.org/10.37394/23209.2025.22.3 DOI: https://doi.org/10.37394/23209.2025.22.3
Al-Hazaimeh, O. M., & Al-Smadi, M. (2019). Automated pedestrian recognition based on deep convolutional neural networks. International Journal of Machine Learning and Computing, 9(5), 662-667. http://dx.doi.org/10.18178/ijmlc.2019.9.5.855 DOI: https://doi.org/10.18178/ijmlc.2019.9.5.855
Al-Hazaimeh, O. M., & Al-Smadi, M. A. (2023). Vehicle to vehicle and vehicle to ground communication-speech encryption algorithm. 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME) (pp. 1-4). IEEE. http://dx.doi.org/10.1109/ICECCME57830.2023.10252814 DOI: https://doi.org/10.1109/ICECCME57830.2023.10252814
Al-Hazaimeh, O. M., Abu-Ein, A. A., Al-Nawashi, M. M., & Gharaibeh, N. Y. (2022). Chaotic based multimedia encryption: a survey for network and internet security. Bulletin of Electrical Engineering and Informatics, 11(4), 2151-2159. https://doi.org/10.11591/eei.v11i4.3520 DOI: https://doi.org/10.11591/eei.v11i4.3520
Al-Hazaimeh, O. M., Alhindawi, N., & Otoum, N. A. (2014). A novel video encryption algorithm-based on speaker voice as the public key. 2014 IEEE International Conference on Control Science and Systems Engineering (pp. 180-184). IEEE. http://dx.doi.org/10.1109/CCSSE.2014.7224533 DOI: https://doi.org/10.1109/CCSSE.2014.7224533
Al-Hazaimeh, O. M., Al-Smadi, A., Abuain, T., & Abu-Ein, A. A. (2025). End-to-end cybersecurity encryption-video algorithm. WSEAS Transactions on Computer Research, 13, 116-123. http://dx.doi.org/10.37394/232018.2025.13.12 DOI: https://doi.org/10.37394/232018.2025.13.12
Ali Khattak, H,. Ali Shah, M., Khan, S., Ali, I., Imran, M. (2019). Perception layer security in Internet of Things. Future Generation Computer Systems, 100, 144-164. https://doi.org/10.1016/j.future.2019.04.038 DOI: https://doi.org/10.1016/j.future.2019.04.038
Al-Nawashi, M. M., Al-Hazaimeh, O. M., & Khazaaleh, M. Kh. (2024). New approach for breast cancer detection based on machine learning techniques. Applied Computer Science, 20(1), 1-16. https://doi.org/10.35784/acs-2024-01 DOI: https://doi.org/10.35784/acs-2024-01
Al-Nawashi, M. M., Al-hazaimeh, O. M., Nedal, T. M., Gharaibeh, N., Abu-Ain, W., & Abu-Ain, T. (2025). Deep reinforcement learning-based framework for enhancing cybersecurity. International Journal of Interactive Mobile Technologies, 19(3), 170-190. http://dx.doi.org/10.3991/ijim.v19i03.50727 DOI: https://doi.org/10.3991/ijim.v19i03.50727
Al-Qasrawi, I. S., & Al-Hazaimeh, O. M. (2013). A pair-wise key establishment scheme for AD HOC networks. International Journal of Computer Networks & Communications, 5(2), 125-136. http://dx.doi.org/10.5121/ijcnc.2013.5210 DOI: https://doi.org/10.5121/ijcnc.2013.5210
Al-Sarawi, S., Anbar, M., Abdullah, R., & Al Hawari, A. B. (2020). Internet of things market analysis forecasts, 2020–2030. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4) (pp. 449-453). IEEE. https://doi.org/10.1109/WorldS450073.2020.9210375 DOI: https://doi.org/10.1109/WorldS450073.2020.9210375
Bella, G., Biondi, P., Bognanni, S., & Esposito, S. (2023). Petiot: Penetration testing the internet of things. Internet of Things, 22, 100707. https://doi.org/10.1016/j.iot.2023.100707 DOI: https://doi.org/10.1016/j.iot.2023.100707
Bello, O., Zeadally, S., & Badra, M. (2017). Network layer inter-operation of device-to-device communication technologies in Internet of Things (IoT). Ad Hoc Networks, 57, 52-62. https://doi.org/10.1016/j.adhoc.2016.06.010 DOI: https://doi.org/10.1016/j.adhoc.2016.06.010
Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., McMahan, H. B., Patel, S., Ramage, D., Segal, A., & Seth, K. (2017). Practical secure aggregation for privacy-preserving machine learning. 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). Association for Computing Machinery. https://doi.org/10.1145/3133956.3133982 DOI: https://doi.org/10.1145/3133956.3133982
Borgohain, T., Kumar, U., & Sanyal, S. (2015). Survey of security and privacy issues of internet of things. ArXiv, abs/1501.02211. https://doi.org/10.48550/arXiv.1501.02211
Borthakur, D., Dubey, H., Constant, N., Mahler, L., & Mankodiya, K. (2017). Smart fog: Fog computing framework for unsupervised clustering analytics in wearable internet of things. 2017 IEEE Global Conference on Signal and Information Processing (GlobalSIP) (pp. 472-476). IEEE. https://doi.org/10.1109/GlobalSIP.2017.8308687 DOI: https://doi.org/10.1109/GlobalSIP.2017.8308687
Bout, E., Loscri, V., & Gallais, A. (2022). Evolution of IoT security: The era of smart attacks. IEEE Internet of Things Magazine, 5(1), 108-113. http://dx.doi.org/10.1109/IOTM.001.2100183 DOI: https://doi.org/10.1109/IOTM.001.2100183
Butun, I., Österberg, P., & Song, H. (2020). Security of the internet of things: Vulnerabilities, attacks, and countermeasures. IEEE Communications Surveys & Tutorials, 22(1), 616-644. https://doi.org/10.1109/COMST.2019.2953364 DOI: https://doi.org/10.1109/COMST.2019.2953364
Cao, K., Ding, H., Wang, B., Lv, L., Tian, J., Wei, Q., & Gong, F. (2022). Enhancing physical-layer security for IoT with nonorthogonal multiple access assisted semi-grant-free transmission. IEEE internet of things journal, 9(24), 24669-24681. https://doi.org/10.1109/JIOT.2022.3193189 DOI: https://doi.org/10.1109/JIOT.2022.3193189
Gokhale, P., Bhat, O., & Bhat, S. (2018). Introduction to IOT. International Advanced Research Journal in Science, Engineering and Technology, 5(1), 41-44.
Hu, Z., Beuran, R., & Tan, Y. (2020). Automated penetration testing using deep reinforcement learning. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 2-10) . IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00010 DOI: https://doi.org/10.1109/EuroSPW51379.2020.00010
Kang, H., Ahn, D. H., Lee, G. M., Do Yoo, J., Park, K. H., & Kim, H. K. (2019, September 27). IoT network intrusion dataset. IEEE Dataport. https://dx.doi.org/10.21227/q70p-q449
Kumar, J. S., & Patel, D. R. (2014). A survey on internet of things: Security and privacy issues. International Journal of Computer Applications, 90(11), 20-26. http://dx.doi.org/10.5120/15764-4454 DOI: https://doi.org/10.5120/15764-4454
Lee, S., & Chung, T. (2005). Data aggregation for wireless sensor networks using self-organizing map. In T. G. Kim (Ed.), Artificial Intelligence and Simulation (Vol. 3397, pp. 508–517). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-540-30583-5_54 DOI: https://doi.org/10.1007/978-3-540-30583-5_54
Lin, H., & Bergmann, N. W. (2016). IoT privacy and security challenges for smart home environments. Information, 7(3), 44. https://doi.org/10.3390/info7030044 DOI: https://doi.org/10.3390/info7030044
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on internet of things: Architecture, enabling technologies, security and privacy, and applications. IEEE internet of things journal, 4(5), 1125-1142. https://doi.org/10.1109/JIOT.2017.2683200 DOI: https://doi.org/10.1109/JIOT.2017.2683200
Mohassel, P., & Zhang, Y. (2017). SecureML: A system for scalable privacy-preserving machine learning. 2017 IEEE Symposium on Security and Privacy (SP) (pp. 19-38). IEEE. https://doi.org/10.1109/SP.2017.12 DOI: https://doi.org/10.1109/SP.2017.12
Mphale, O., Gorejena, K. N., & Nojila, O. (2024). The future of things: A comprehensive overview of internet of things history, definitions, technologies, architectures, communication and beyond. Journal of Information Systems and Informatics, 6(2), 1263-1286. http://dx.doi.org/10.51519/journalisi.v6i2.738 DOI: https://doi.org/10.51519/journalisi.v6i2.738
Nahar, K. M. O., Al-Hazaimeh, O. M., Abu-Ein, A., & Gharaibeh, N. (2020). Phonocardiogram classification based on machine learning with multiple sound features. Journal of Computer Science, 16(11), 1648-1656. https://doi.org/10.3844/jcssp.2020.1648.1656 DOI: https://doi.org/10.3844/jcssp.2020.1648.1656
Ni, Q., Lobo, J., Calo, S., Rohatgi, P., & Bertino, E. (2009). Automating role-based provisioning by learning from examples. 14th ACM symposium on Access control models and technologies (SACMAT '09) (pp. 75-84). Association for Computing Machinery. http://dx.doi.org/10.1145/1542207.1542222 DOI: https://doi.org/10.1145/1542207.1542222
Outchakoucht, A., Es-Samaali, H., & Leroy, J. P. (2017). Dynamic access control policy based on blockchain and machine learning for the internet of things. International journal of advanced Computer Science and applications, 8(7). http://dx.doi.org/10.14569/IJACSA.2017.080757 DOI: https://doi.org/10.14569/IJACSA.2017.080757
Prince, N. U., Al Mamun, M. A., Olajide, A. O., Khan, O. U., Akeem, A. B., & Sani, A. I. (2024). IEEE standards and deep learning techniques for securing internet of things (IoT) devices against cyber attacks. Journal of Computational Analysis and Applications, 33(7), 1270-1289.
Rooshenas, A., Rabiee, H. R., Movaghar, A., & Naderi, M. Y. (2010). Reducing the data transmission in wireless sensor networks using the principal component analysis. 2010 Sixth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (pp. 133-138). IEEE. https://doi.org/10.1109/ISSNIP.2010.5706781 DOI: https://doi.org/10.1109/ISSNIP.2010.5706781
Rouhani, B. D., Riazi, M. S., & Koushanfar, F. (2018). Deepsecure: Scalable provably-secure deep learning. 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC) (pp. 1-6). IEEE. http://dx.doi.org/10.1109/DAC.2018.8465894 DOI: https://doi.org/10.1109/DAC.2018.8465894
Safitra, M. F., Lubis, M., & Widjajarto, A. (2023). Security vulnerability analysis using penetration testing execution standard (PTES): case study of government's website. 2023 6th International Conference on Electronics, Communications and Control Engineering (ICECC '23) (pp. 139-145). Association for Computing Machinery. http://dx.doi.org/10.1145/3592307.3592329 DOI: https://doi.org/10.1145/3592307.3592329
Santos, A., Macedo, J., Costa, A., & Nicolau, M. J. (2014). Internet of things and smart objects for M-health monitoring and control. Procedia Technology, 16, 1351-1360. https://doi.org/10.1016/j.protcy.2014.10.152 DOI: https://doi.org/10.1016/j.protcy.2014.10.152
Shaikh, F., Bou-Harb, E., Neshenko, N., Wright, A. P., & Ghani, N. (2018). Internet of malicious things: Correlating active and passive measurements for inferring and characterizing internet-scale unsolicited iot devices. IEEE Communications Magazine, 56(9), 170-177. http://dx.doi.org/10.1109/MCOM.2018.1700685 DOI: https://doi.org/10.1109/MCOM.2018.1700685
Shanley, A., & Johnstone, M. N. (2015). Selection of penetration testing methodologies: A comparison and evaluation. 13th Australian Information Security Management Conference (pp. 65-72). Cowan University. https://doi.org/10.4225/75/57b69c4ed938d
Shaqboua, R., Tahat, N., Ababneh, O., & Al-Hazaimeh, O. M. (2022). Chaotic map and quadratic residue problems-based hybrid signature scheme. International Journal for Computers & Their Applications, 29(4), 229-235.
Shaukat, K., Alam, T. M., Hameed, I. A., Khan, W. A., Abbas, N., & Luo, S. (2021). A review on security challenges in internet of things (IoT). 2021 26th international conference on automation and computing (ICAC) (pp. 1-6). IEEE. http://dx.doi.org/10.23919/ICAC50006.2021.9594183 DOI: https://doi.org/10.23919/ICAC50006.2021.9594183
Shokri, R., Stronati, M., Song, C., & Shmatikov, V. (2017). Membership inference attacks against machine learning models. 2017 IEEE Symposium on Security and Privacy (SP) (pp. 3-18). IEEE. https://doi.org/10.1109/SP.2017.41 DOI: https://doi.org/10.1109/SP.2017.41
Su, D., Cao, J., Li, N., Bertino, E., & Jin, H. (2016). Differentially private k-means clustering. Sixth ACM Conference on Data and Application Security and Privacy (CODASPY '16) (pp. 26-37). Association for Computing Machinery. https://doi.org/10.1145/2857705.2857708 DOI: https://doi.org/10.1145/2857705.2857708
Swamy, S. N., Jadhav, D., Kulkarni, N. (2017). Security threats in the application layer in IOT applications. 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC) (pp. 477-480). IEEE. http://dx.doi.org/10.1109/I-SMAC.2017.8058395 DOI: https://doi.org/10.1109/I-SMAC.2017.8058395
Tahat, N., Tahat, A. A., Abu-Dalu, M., Albadarneh, R. B., Abdallah, A. E., & Al-Hazaimeh, O. M. (2020). A new RSA public key encryption scheme with chaotic maps. International Journal of Electrical and Computer Engineering, 10(2), 1430-1437. http://doi.org/10.11591/ijece.v10i2.pp1430-1437 DOI: https://doi.org/10.11591/ijece.v10i2.pp1430-1437
Tawalbeh, L., Muheidat, F., Tawalbeh, M., & Quwaider, M. (2020). IoT privacy and security: Challenges and solutions. Applied Sciences, 10(12), 4102. https://doi.org/10.3390/app10124102 DOI: https://doi.org/10.3390/app10124102
Ujjwal, K. C., & Chodorowski, J. (2019). A case study of adding proactivity in indoor social robots using Belief–Desire–Intention (BDI) model. Biomimetics, 4(4), 74. https://doi.org/10.3390/biomimetics4040074 DOI: https://doi.org/10.3390/biomimetics4040074
Wang, S., Tuor, T., Salonidis, T., Leung, K. K., Makaya, C., He, T., & Chan, K. (2019). Adaptive federated learning in resource constrained edge computing systems. IEEE Journal on Selected Areas in Communications, 37(6), 1205-1221. http://dx.doi.org/10.1109/JSAC.2019.2904348 DOI: https://doi.org/10.1109/JSAC.2019.2904348
Wang, X., Han, Y., Wang, C., Zhao, Q., Chen, X., & Chen, M. (2019). In-edge AI: Intelligentizing mobile edge computing, caching and communication by federated learning. IEEE Network, 33(5), 156-165. https://doi.org/10.1109/MNET.2019.1800286 DOI: https://doi.org/10.1109/MNET.2019.1800286
Xiao, L., Li, Y., Han, G., Liu, G., & Zhuang, W. (2016). PHY-layer spoofing detection with reinforcement learning in wireless networks. IEEE Transactions on Vehicular Technology, 65(12), 10037-10047. https://doi.org/10.1109/TVT.2016.2524258 DOI: https://doi.org/10.1109/TVT.2016.2524258
Xu, C., Ren, J., Zhang, D., & Zhang, Y. (2018). Distilling at the edge: A local differential privacy obfuscation framework for IoT data analytics. IEEE Communications Magazine, 56(8), 20-25. http://dx.doi.org/10.1109/MCOM.2018.1701080 DOI: https://doi.org/10.1109/MCOM.2018.1701080
Yalli, J. S., Hasan, M. H., & Badawi, A. A. (2024). Internet of things (IoT): Origin, embedded technologies, smart applications and its growth in the last decade. IEEE access, 12, 91357-91382. http://dx.doi.org/10.1109/ACCESS.2024.3418995 DOI: https://doi.org/10.1109/ACCESS.2024.3418995
Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250-1258. https://doi.org/10.1109/JIOT.2017.2694844 DOI: https://doi.org/10.1109/JIOT.2017.2694844
Zeinab, K. A. M., & Elmustafa, S. A. A. (2017). Internet of things applications, challenges and related future technologies. World Scientific News, 67(2), 126-148.
Article Details
Abstract views: 34
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles published in Applied Computer Science are open-access and distributed under the terms of the Creative Commons Attribution 4.0 International License.