IoT Attack Detection using Machine Learning and Deep Learning in Smart Home

Sharifah S Azli Sham - National Defence University of Malaysia, Sungai Besi, Kuala Lumpur Malaysia
Khairul Ishak - Science University Shah Alam, Selangor, Malaysia
Noor Mat Razali - National Defence University of Malaysia, Sungai Besi, Kuala Lumpur Malaysia
Normaizeerah Mohd Noor - National Defence University of Malaysia, Sungai Besi, Kuala Lumpur Malaysia
Nor Hasbullah - National Defence University of Malaysia, Sungai Besi, Kuala Lumpur Malaysia

Citation Format:



The Internet of Things (IoT) has revolutionized the traditional Internet, pushing past its former boundaries by implementing smart linked gadgets. The IoT is steadily becoming a staple of everyday life, having been implemented into various diverse applications, such as cities, smart homes, and transportation.  However, despite the technological advancements that the IoT brings, various new security risks have also been introduced due to the development of new types of attacks. This prevents current intelligent IoT applications from adaptively learning from other intelligent IoT applications, which leaves them in a volatile state. In this paper, we conducted a structured literature review (SLR) on Smart Home's IoT attack detection using machine learning and deep learning. Four journal databases were used to perform this review: IEEE, Science Direct, Association for Computing Machinery (ACM), and SpringerLink. Sixty articles were selected and studied, where we noted the various patterns and techniques present in the framework of the selected research. We also took note of the different machine learning and deep learning methods, the types of attacks, and the Network layers present in Smart Home. By conducting an SLR, we analyzed the numerous techniques of IoT attack detection for smart homes proposed by various theoretical studies. We enhanced the studied literature by proposing a new solution for better IoT attack detection in smart homes.


Cybersecurity Framework; IoT; Detection; Attacks; Smart Home; Machine Learning

Full Text:



A. N. Muhammad, A. M. Aseere, H. Chiroma, H. Shah, A. Y. Gital, and I. A. T. Hashem, Deep learning application in smart cities: recent development, taxonomy, challenges and research prospects, vol. 33, no. 7. Springer London, 2021. doi: 10.1007/s00521-020-05151-8.

T. Mudawi, “IoT-HASS: A Framework for Protecting Smart Home Environment,” 2020, [Online]. Available:

S. Tsimenidis, T. Lagkas, and K. Rantos, Deep Learning in IoT Intrusion Detection, vol. 30, no. 1. Springer US, 2022. doi: 10.1007/s10922-021-09621-9.

K. Yu and D. Chen, “SmartAttack: Open-source Attack Models for Enabling Security Research in Smart Homes,” 2020 11th International Green and Sustainable Computing Workshops, IGSC 2020, 2020, doi: 10.1109/IGSC51522.2020.9290797.

M. Mafarja, A. A. Heidari, M. Habib, H. Faris, T. Thaher, and I. Aljarah, “Augmented whale feature selection for IoT attacks: Structure, analysis and applications,” Future Generation Computer Systems, vol. 112, pp. 18–40, 2020, doi: 10.1016/j.future.2020.05.020.

S. Homayoun et al., “DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer,” Future Generation Computer Systems, vol. 90, pp. 94–104, 2019, doi: 10.1016/j.future.2018.07.045.

M. Hasan, M. M. Islam, M. I. I. Zarif, and M. M. A. Hashem, “Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches,” Internet of Things (Netherlands), vol. 7, p. 100059, 2019, doi: 10.1016/j.iot.2019.100059.

P. Radoglou-Grammatikis et al., “SPEAR SIEM: A Security Information and Event Management system for the Smart Grid,” Computer Networks, vol. 193, no. September 2020, p. 108008, 2021, doi: 10.1016/j.comnet.2021.108008.

G. L. Nguyen, B. Dumba, Q. D. Ngo, H. V. Le, and T. N. Nguyen, “A collaborative approach to early detection of IoT Botnet,” Computers and Electrical Engineering, vol. 97, no. October, p. 107525, 2022, doi: 10.1016/j.compeleceng.2021.107525.

N. Koroniotis, N. Moustafa, and E. Sitnikova, “A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework,” Future Generation Computer Systems, vol. 110, pp. 91–106, 2020, doi: 10.1016/j.future.2020.03.042.

P. T. Duy, L. K. Tien, N. H. Khoa, D. T. T. Hien, A. G. T. Nguyen, and V. H. Pham, “DIGFuPAS: Deceive IDS with GAN and function-preserving on adversarial samples in SDN-enabled networks,” Comput Secur, vol. 109, p. 102367, 2021, doi: 10.1016/j.cose.2021.102367.

N. Moustafa, “A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets,” Sustain Cities Soc, vol. 72, no. May, p. 102994, 2021, doi: 10.1016/j.scs.2021.102994.

N. Moustafa, M. Keshk, K. K. R. Choo, T. Lynar, S. Camtepe, and M. Whitty, “DAD: A Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks,” Future Generation Computer Systems, vol. 118, pp. 240–251, 2021, doi: 10.1016/j.future.2021.01.011.

P. Yellu, L. Buell, M. Mark, M. A. Kinsy, D. Xu, and Q. Yu, “Security threat analyses and attack models for approximate computing systems,” ACM Transact Des Autom Electron Syst, vol. 26, no. 4, 2021, doi: 10.1145/3442380.

K. S. Sahoo and D. Puthal, “SDN-Assisted DDoS Defense Framework for the Internet of Multimedia Things,” ACM Transactions on Multimedia Computing, Communications and Applications, vol. 16, no. 3s, 2021, doi: 10.1145/3394956.

Y. J. Lee, N. K. Baik, C. Kim, and C. N. Yang, “Study of detection method for spoofed IP against DDoS attacks,” Pers Ubiquitous Comput, vol. 22, no. 1, pp. 35–44, 2018, doi: 10.1007/s00779-017-1097-y.

A. Yahyaoui, H. Lakhdhar, T. Abdellatif, and R. Attia, “Machine learning based network intrusion detection for data streaming IoT applications,” Proceedings - 2021 21st ACIS International Semi-Virtual Winter Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD-Winter 2021, pp. 51–56, 2021, doi: 10.1109/SNPDWinter52325.2021.00019.

E. Adi, A. Anwar, Z. Baig, and S. Zeadally, “Machine learning and data analytics for the IoT,” Neural Comput Appl, vol. 32, no. 20, pp. 16205–16233, 2020, doi: 10.1007/s00521-020-04874-y.

S. Bhattacharya, Di. Manousakas, A. G. C. P. Ramos, S. I. Venieris, N. D. Lane, and C. Mascolo, “Countering Acoustic Adversarial Attacks in Microphone-equipped Smart Home Devices,” Proc ACM Interact Mob Wearable Ubiquitous Technol, vol. 4, no. 2, 2020, doi: 10.1145/3397332.

M. Shahin, F. Frank Chen, H. Bouzary, and A. Zarreh, “Frameworks proposed to address the threat of cyber-physical attacks to lean 4.0 systems,” Procedia Manuf, vol. 51, no. 2019, pp. 1184–1191, 2020, doi: 10.1016/j.promfg.2020.10.166.

P. Nespoli, D. Díaz-López, and F. Gómez Mármol, “Cyberprotection in IoT environments: A dynamic rule-based solution to defend smart devices,” Journal of Information Security and Applications, vol. 60, no. May, p. 102878, 2021, doi: 10.1016/j.jisa.2021.102878.

N. Panwar, S. Sharma, G. Wang, S. Mehrotra, and N. Venkatasubramanian, “Canopy: A verifiable privacy-preserving token ring-based communication protocol for smart homes,” ACM Transactions on Cyber-Physical Systems, vol. 5, no. 1, 2021, doi: 10.1145/3390859.

S. Yao et al., “SenseGAN: Enabling Deep Learning for Internet of Things with a Semi-Supervised Framework,” Proc ACM Interact Mob Wearable Ubiquitous Technol, vol. 2, no. 3, pp. 1–21, 2018, doi: 10.1145/3264954.

N. Muralidhar et al., “Illiad: InteLLigent invariant and anomaly detection in cyber-physical systems,” ACM Trans Intell Syst Technol, vol. 9, no. 3, pp. 1–20, 2018, doi: 10.1145/3066167.

R. Gassais, N. Ezzati-Jivan, J. M. Fernandez, D. Aloise, and M. R. Dagenais, “Multi-level host-based intrusion detection system for Internet of things,” Journal of Cloud Computing, vol. 9, no. 1, 2020, doi: 10.1186/s13677-020-00206-6.

S. S. Murtaza, A. Hamou-Lhadj, W. Khreich, and M. Couture, “Total ADS: Automated software anomaly detection system,” Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014, no. June 2016, pp. 83–88, 2014, doi: 10.1109/SCAM.2014.37.

M. Feurer, “OUTROS - NIPS-2015-efficient-and-robust-automated-machine-learning-Paper,” 2015, [Online]. Available:

A. Pinna, S. Ibba, G. Baralla, R. Tonelli, and M. Marchesi, “A Massive Analysis of Ethereum Smart Contracts Empirical Study and Code Metrics,” IEEE Access, vol. 7, no. 1993, pp. 78194–78213, 2019, doi: 10.1109/ACCESS.2019.2921936.

N. Ezzati-Jivan and M. R. Dagenais, “A Stateful Approach to Generate Synthetic Events from Kernel Traces,” Advances in Software Engineering, vol. 2012, pp. 1–12, 2012, doi: 10.1155/2012/140368.

D. Wagner and P. Soto, “Mimicry attacks on host-based intrusion detection systems,” Proceedings of the ACM Conference on Computer and Communications Security, vol. 2, pp. 255–264, 2002, doi: 10.1145/586110.586145.

M. Moore and M. D. Moore, “Penetration Testing and Metasploit,” no. April 2017, [Online]. Available:

J. Chen, L. Ramanathan, and M. Alazab, “Holistic big data integrated artificial intelligent modeling to improve privacy and security in data management of smart cities,” Microprocess Microsyst, vol. 81, no. September 2020, p. 103722, 2021, doi: 10.1016/j.micpro.2020.103722.

D. K. K. Reddy, H. S. Behera, J. Nayak, B. Naik, U. Ghosh, and P. K. Sharma, “Exact greedy algorithm based split finding approach for intrusion detection in fog-enabled IoT environment,” Journal of Information Security and Applications, vol. 60, no. June, p. 102866, 2021, doi: 10.1016/j.jisa.2021.102866.

X. Ma, J. Ma, S. Kumari, F. Wei, M. Shojafar, and M. Alazab, “Privacy-Preserving Distributed Multi-Task Learning against Inference Attack in Cloud Computing,” ACM Trans Internet Technol, vol. 22, no. 2, pp. 1–24, 2022, doi: 10.1145/3426969.

M. Bhatia, “Intelligent System of Game-Theory-Based Decision Making in Smart Sports Industry,” ACM Trans Intell Syst Technol, vol. 12, no. 3, pp. 1–23, 2021, doi: 10.1145/3447986.

C. U. Om Kumar and P. R. K. Sathia Bhama, “Detecting and confronting flash attacks from IoT botnets,” Journal of Supercomputing, vol. 75, no. 12, pp. 8312–8338, 2019, doi: 10.1007/s11227-019-03005-2.

M. Elnour, N. Meskin, K. Khan, and R. Jain, “Application of data-driven attack detection framework for secure operation in smart buildings,” Sustain Cities Soc, vol. 69, no. September 2020, p. 102816, 2021, doi: 10.1016/j.scs.2021.102816.

G. De La Torre Parra, P. Rad, K. K. R. Choo, and N. Beebe, “Detecting Internet of Things attacks using distributed deep learning,” Journal of Network and Computer Applications, vol. 163, no. April, 2020, doi: 10.1016/j.jnca.2020.102662.

A. Abbas, M. A. Khan, S. Latif, M. Ajaz, A. A. Shah, and J. Ahmad, “A New Ensemble-Based Intrusion Detection System for Internet of Things,” Arab J Sci Eng, 2021, doi: 10.1007/s13369-021-06086-5.

M. T. Banday, J. A. Qadri, and N. A. Shah, “Study of Botnets and their threats to Internet Security,” Working Papers on Information Systems, no. January 2009, 2009.

M. Eslahi, R. Salleh, and N. B. Anuar, “Bots and botnets: An overview of characteristics, detection and challenges,” Proceedings - 2012 IEEE International Conference on Control System, Computing and Engineering, ICCSCE 2012, no. November, pp. 349–354, 2012, doi: 10.1109/ICCSCE.2012.6487169.

A. Kak, “Lecture Notes on ‘ Computer and Network Security ’ Goals : Section Title,” pp. 1–82, 2020.

C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense mechanisms: A classification,” Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology, ISSPIT 2003, no. June 2014, pp. 190–193, 2003, doi: 10.1109/ISSPIT.2003.1341092.

M. A. Raza, T. F. N. Bukht, M. Ali, A. U. Rehman, and M. Idrees, “Analyzing the Behaviour of DDoS Cyber Attack,” Technical Journal, vol. 26, no. 4, pp. 46–55, 2021.

K. K. Brahma, S. Sarmah, C. Kalita, and R. Ghosh, “Detection of Multi-Vector DDoS Attack International Journal of Computer Sciences and Engineering Open Access Detection of Multi-Vector DDoS Attack,” no. December, 2019.

W. Niu, X. Zhang, X. Du, L. Zhao, R. Cao, and M. Guizani, “A deep learning based static taint analysis approach for IoT software vulnerability location,” Measurement (Lond), vol. 152, p. 107139, 2020, doi: 10.1016/j.measurement.2019.107139.

M. A. Azad, F. Riaz, A. Aftab, S. K. J. Rizvi, J. Arshad, and H. F. Atlam, “DEEPSEL: A novel feature selection for early identification of malware in mobile applications,” Future Generation Computer Systems, vol. 129, pp. 54–63, 2022, doi: 10.1016/j.future.2021.10.029.

M. Ge, N. F. Syed, X. Fu, Z. Baig, and A. Robles-Kelly, “Towards a deep learning-driven intrusion detection approach for Internet of Things,” Computer Networks, vol. 186, no. January, p. 107784, 2021, doi: 10.1016/j.comnet.2020.107784.

H. K. Bui, Y. D. Lin, R. H. Hwang, P. C. Lin, V. L. Nguyen, and Y. C. Lai, “CREME: A toolchain of automatic dataset collection for machine learning in intrusion detection,” Journal of Network and Computer Applications, vol. 193, no. August, p. 103212, 2021, doi: 10.1016/j.jnca.2021.103212.

M. Chowdhury, B. Ray, S. Chowdhury, and S. Rajasegarar, “A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things,” ACM Transactions on Internet of Things, vol. 2, no. 4, pp. 1–23, 2021, doi: 10.1145/3466721.

F. Ullah, M. R. Naeem, A. S. Bajahzar, and F. Al-Turjman, “IoT-based Cloud Service for Secured Android Markets using PDG-based Deep Learning Classification,” ACM Trans Internet Technol, vol. 22, no. 2, pp. 1–17, 2022, doi: 10.1145/3418206.

Y. S. Can and C. Ersoy, “Privacy-preserving Federated Deep Learning for Wearable IoT-based Biomedical Monitoring,” ACM Trans Internet Technol, vol. 21, no. 1, 2021, doi: 10.1145/3428152.

J. Chauhan, J. Rajasegaran, S. Seneviratne, A. Misra, A. Seneviratne, and Y. Lee, “Performance Characterization of Deep Learning Models for Breathing-based Authentication on Resource-Constrained Devices,” Proc ACM Interact Mob Wearable Ubiquitous Technol, vol. 2, no. 4, pp. 1–24, 2018, doi: 10.1145/3287036.

J. Danial, D. Das, A. Golder, S. Ghosh, A. Raychowdhury, and S. Sen, “EM-X-DL: Efficient Cross-device Deep Learning Side-channel Attack With Noisy EM Signatures,” ACM J Emerg Technol Comput Syst, vol. 18, no. 1, pp. 1–17, 2022, doi: 10.1145/3465380.

Z. Lv, L. Qiao, A. Kumar Singh, and Q. Wang, “AI-empowered IoT Security for Smart Cities,” ACM Trans Internet Technol, vol. 21, no. 4, 2021, doi: 10.1145/3406115.

R. M. A. Ujjan, Z. Pervez, K. Dahal, A. K. Bashir, R. Mumtaz, and J. González, “Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN,” Future Generation Computer Systems, vol. 111, pp. 763–779, 2020, doi: 10.1016/j.future.2019.10.015.

N. M, M. H, and K. T, “Virtual Machines Detection Methods Using IP Timestamps Pattern Characteristic,” International Journal of Computer Science and Information Technology, vol. 8, no. 1, pp. 1–15, 2016, doi: 10.5121/ijcsit.2016.8101.

N. A. M. Razali et al., Opinion mining for national security: techniques, domain applications, challenges and research opportunities, vol. 8, no. 1. Springer International Publishing, 2021. doi: 10.1186/s40537-021-00536-5.

W. N. W. Muhamad et al., “Evaluation of Blockchain-based Data Sharing Acceptance among Intelligence Community,” International Journal of Advanced Computer Science and Applications, vol. 11, no. 12, pp. 597–606, 2020, doi: 10.14569/IJACSA.2020.0111270.

R. Wahyudi, “Metadata of the chapter that will be visualized in Online,” Springer Nature Singapor, no. August, pp. 1–8, 2023, doi: 10.1007/978-3-030-34032-2.

M. Noorafiza, H. Maeda, R. Uda, T. Kinoshita, and M. Shiratori, “Vulnerability analysis using network timestamps in full virtualization virtual machine,” ICISSP 2015 - 1st International Conference on Information Systems Security and Privacy, Proceedings, no. January 2015, pp. 83–89, 2015, doi: 10.5220/0005242000830089.