-
CiteScore
-
Impact Factor
Volume 1, Issue 2, ICCK Journal of Software Engineering
Volume 1, Issue 2, 2025
Submit Manuscript Edit a Special Issue
Article QR Code
Article QR Code
Scan the QR code for reading
Popular articles
ICCK Journal of Software Engineering, Volume 1, Issue 2, 2025: 90-108

Open Access | Review Article | 02 November 2025
IoT Security through ML/DL: Software Engineering Challenges and Directions
1 College of Computing, Illinois Institute of Technology, Chicago, IL 60616, United States
2 Superior University, Lahore 54000, Pakistan
* Corresponding Author: Abdul Karim Sajid Ali, [email protected]
Received: 11 August 2025, Accepted: 20 September 2025, Published: 02 November 2025  
Abstract
The Internet of Things (IoT) is increasingly integrated into modern software-driven systems across consumer, industrial, and healthcare domains. The heterogeneity of IoT devices, combined with their resource constraints, often renders conventional software security mechanisms insufficient, exposing systems to breaches and exploitation. This study examines recent IoT security incidents to illustrate common vulnerabilities in software-intensive IoT ecosystems, highlighting the resulting risks to critical applications. In response, we review emerging machine learning (ML)-driven security modules and deep learning (DL)-based intrusion detection software, positioning them as adaptive components that can be integrated into IoT system architectures. This review highlights recent peer-reviewed contributions, ensuring alignment with the most current developments in IoT security using ML and DL, and follows a systematic review methodology based on IEEE Xplore (2020--2024). The study further identifies software engineering challenges in integrating these intelligent modules into resource-constrained IoT environments and outlines future directions for building secure-by-design, AI-driven IoT software frameworks. Results demonstrate that ML- and DL-enhanced security modules strengthen software resilience by enabling real-time detection of cyber-attacks, reducing false alarms, and adapting to evolving threat landscapes. The review is structured to first discuss notable case studies of IoT security breaches, followed by an analysis of ML- and DL-based security modules, a comparative evaluation of their effectiveness, and finally, a discussion of key challenges and future research opportunities.

Graphical Abstract
IoT Security through ML/DL: Software Engineering Challenges and Directions

Keywords
internet of things (IoT)
cybersecurity
machine learning (ML)
deep learning (DL)
intrusion detection system (IDS)
anomaly detection
IoT security
adversarial attacks

Data Availability Statement
Not applicable.

Funding
This work was supported without any funding.

Conflicts of Interest
The authors declare no conflicts of interest.

Ethical Approval and Consent to Participate
Not applicable.

References
  1. Rachakonda, L. P., Siddula, M., Sathya, V. (2024). A comprehensive study on IoT privacy and security challenges with focus on spectrum sharing in Next-Generation networks (5G/6G/beyond). High-Confidence Computing, 4(2), 100220.
    [CrossRef]   [Google Scholar]
  2. Sahu, S. K., Mazumdar, K. (2024). Exploring security threats and solutions Techniques for Internet of Things (IoT): from vulnerabilities to vigilance. Frontiers in Artificial Intelligence, 7, 1397480.
    [CrossRef]   [Google Scholar]
  3. Awad, A. I., Babu, A., Barka, E., Shuaib, K. (2024). AI-powered biometrics for Internet of Things security: A review and future vision. Journal of Information Security and Applications, 82, 103748.
    [CrossRef]   [Google Scholar]
  4. Baral, S., Saha, S., Haque, A. (2024, November). An Adaptive End-to-End IoT Security Framework Using Explainable AI and LLMs. In 2024 IEEE 10th World Forum on Internet of Things (WF-IoT) (pp. 469-474). IEEE.
    [CrossRef]   [Google Scholar]
  5. Humayun, M., Tariq, N., Alfayad, M., Zakwan, M., Alwakid, G., Assiri, M. (2024). Securing the Internet of Things in artificial intelligence era: A comprehensive survey. IEEE access, 12, 25469-25490.
    [CrossRef]   [Google Scholar]
  6. Al-Shurbaji, T., Anbar, M., Manickam, S., Hasbullah, I. H., ALfriehate, N., Alabsi, B. A., ... Hashim, H. (2025). Deep learning-based intrusion detection system for detecting IoT botnet attacks: a review. IEEE Access.
    [CrossRef]   [Google Scholar]
  7. Attkan, A., Ranga, V. (2022). Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security. Complex Intelligent Systems, 8(4), 3559-3591.
    [CrossRef]   [Google Scholar]
  8. Villegas-Ch, W., Govea, J., Gurierrez, R., Mera-Navarrete, A. (2025). Optimizing security in IoT ecosystems using hybrid artificial intelligence and blockchain models: a scalable and efficient approach for threat detection. IEEE Access.
    [CrossRef]   [Google Scholar]
  9. Al-Garadi, M. A., Mohamed, A., Al-Ali, A. K., Du, X., Ali, I., Guizani, M. (2020). A survey of machine and deep learning methods for internet of things (IoT) security. IEEE communications surveys tutorials, 22(3), 1646-1685.
    [CrossRef]   [Google Scholar]
  10. Desanamukula, V. S., Priyadarshini, M. A., Srilatha, D., Rao, K. V., Kumari, R. L., Vivek, K. (2023, July). A Comprehensive Analysis of Machine Learning and Deep Learning Approaches towards IoT Security. In 2023 4th International Conference on Electronics and Sustainable Communication Systems (ICESC) (pp. 1165-1168). IEEE.
    [CrossRef]   [Google Scholar]
  11. Chen, F., Luo, D., Li, J., Leung, V. C., Li, S., Fan, J. (2022). Arm PSA-certified IoT chip security: a case study. Tsinghua Science and Technology, 28(2), 244-257.
    [CrossRef]   [Google Scholar]
  12. Xenofontos, C., Zografopoulos, I., Konstantinou, C., Jolfaei, A., Khan, M. K., Choo, K. K. R. (2021). Consumer, commercial, and industrial iot (in) security: Attack taxonomy and case studies. IEEE Internet of Things Journal, 9(1), 199-221.
    [CrossRef]   [Google Scholar]
  13. Rajendran, R. K. (2025). Data Privacy and Security Risks in Third-Party App Integrations. In Analyzing Privacy and Security Difficulties in Social Media: New Challenges and Solutions (pp. 311-334). IGI Global Scientific Publishing.
    [CrossRef]   [Google Scholar]
  14. Fazeldehkordi, E., Owe, O., Noll, J. (2019, May). Security and privacy in IoT systems: a case study of healthcare products. In 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT) (pp. 1-8). IEEE.
    [CrossRef]   [Google Scholar]
  15. Sharma, P., Jain, S., Gupta, S., Chamola, V. (2021). Role of machine learning and deep learning in securing 5G-driven industrial IoT applications. Ad Hoc Networks, 123, 102685.
    [CrossRef]   [Google Scholar]
  16. Sánchez, P. M. S., Celdrán, A. H., Bovet, G., Pérez, G. M. (2024). Adversarial attacks and defenses on ML-and hardware-based IoT device fingerprinting and identification. Future Generation Computer Systems, 152, 30-42.
    [CrossRef]   [Google Scholar]
  17. Haghighi, M. S., Farivar, F., Jolfaei, A. (2020). A machine-learning-based approach to build zero-false-positive IPSs for industrial IoT and CPS with a case study on power grids security. IEEE Transactions on Industry Applications, 60(1), 920-928.
    [CrossRef]   [Google Scholar]
  18. Makkar, A., Garg, S., Kumar, N., Hossain, M. S., Ghoneim, A., Alrashoud, M. (2020). An efficient spam detection technique for IoT devices using machine learning. IEEE Transactions on Industrial Informatics, 17(2), 903-912.
    [CrossRef]   [Google Scholar]
  19. Da Cruz, M. A., Abbade, L. R., Lorenz, P., Mafra, S. B., Rodrigues, J. J. (2022). Detecting compromised IoT devices through XGBoost. IEEE transactions on intelligent transportation systems, 24(12), 15392-15399.
    [CrossRef]   [Google Scholar]
  20. Renjith, G., Vinod, P., Aji, S. (2022). Evading machine-learning-based Android malware detector for IoT devices. IEEE Systems Journal, 17(2), 2745-2755.
    [CrossRef]   [Google Scholar]
  21. Ali, A., Akram, M. A., Farooq, W., Ali, M., Nazir, M., Muhammad, A., Mazhar, T. (2025). MalwareVison: A Deep Learning-Driven Approach For Malware Classification. Journal of Computing Biomedical Informatics, 8(02).
    [Google Scholar]
  22. Chavhan, G. S., Rautkar, A., Prithviraj, J., Agrawal, R., Chavhan, N., Dhule, C. (2023, November). Machine learning for 5G security using random forest. In 2023 International Conference on Advances in Computation, Communication and Information Technology (ICAICCIT) (pp. 544-549). IEEE.
    [CrossRef]   [Google Scholar]
  23. Subathra, K., Vignesh, G. R., Babu, S. T., Mendhe, D., kumar Yada, R., Maranan, R. (2024, April). Secure Data Transmission in IoT Networks: A Machine Learning-Based Approach. In 2024 Ninth International Conference on Science Technology Engineering and Mathematics (ICONSTEM) (pp. 1-5). IEEE.
    [CrossRef]   [Google Scholar]
  24. Mahmood, M. A., Zeki, A. M. (2020, September). Securing IOT against DDOS attacks using machine learning. In IET Conference Proceedings CP777 (Vol. 2020, No. 6, pp. 471-476). Stevenage, UK: The Institution of Engineering and Technology.
    [CrossRef]   [Google Scholar]
  25. Luqman, M., Zeeshan, M., Riaz, Q., Hussain, M., Tahir, H., Mazhar, N., Khan, M. S. (2025). Intelligent parameter-based in-network IDS for IoT using UNSW-NB15 and BoT-IoT datasets. Journal of the Franklin Institute, 362(1), 107440.
    [CrossRef]   [Google Scholar]
  26. Kumar, P. M., Kavin, B. P., Jagathpally, A., Shahwar, T. (2025, February). Transforming the cybersecurity space of healthcare IoT devices using Deep Learning. In 2025 IEEE 4th International Conference on AI in Cybersecurity (ICAIC) (pp. 1-6). IEEE.
    [CrossRef]   [Google Scholar]
  27. Koroniotis, N., Moustafa, N., Turnbull, B., Schiliro, F., Gauravaram, P., Janicke, H. (2021, October). A deep learning-based penetration testing framework for vulnerability identification in internet of things environments. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 887-894). IEEE.
    [CrossRef]   [Google Scholar]
  28. Kim, T. H., Srinivasulu, A., Chinthaginjala, R., Dhakshayani, J., Zhao, X., Obaidur Rab, S. (2025). Enhancing cybersecurity through script development using machine and deep learning for advanced threat mitigation. Scientific Reports, 15(1), 8297.
    [CrossRef]   [Google Scholar]
  29. Jablaoui, R., Liouane, N. (2024, May). An effective deep CNN-LSTM based intrusion detection system for network security. In 2024 International Conference on Control, Automation and Diagnosis (ICCAD) (pp. 1-6). IEEE.
    [CrossRef]   [Google Scholar]
  30. Nguyen, T. T., Reddi, V. J. (2021). Deep reinforcement learning for cyber security. IEEE Transactions on Neural Networks and Learning Systems, 34(8), 3779-3795.
    [CrossRef]   [Google Scholar]
  31. Khoa, T. V., Hoang, D. T., Trung, N. L., Nguyen, C. T., Quynh, T. T. T., Nguyen, D. N., ... Dutkiewicz, E. (2022). Deep transfer learning: A novel collaborative learning model for cyberattack detection systems in IoT networks. IEEE Internet of Things Journal, 10(10), 8578-8589.
    [CrossRef]   [Google Scholar]
  32. Javed, A., Malhi, A., Kinnunen, T., Främling, K. (2020). Scalable IoT platform for heterogeneous devices in smart environments. IEEE access, 8, 211973-211985.
    [CrossRef]   [Google Scholar]
  33. Racherla, S., Sripathi, P., Faruqui, N., Kabir, M. A., Whaiduzzaman, M., Shah, S. A. (2024). Deep-IDS: A real-time intrusion detector for IoT nodes using deep learning. IEEE Access, 12, 63584-63597.
    [CrossRef]   [Google Scholar]
  34. Gueriani, A., Kheddar, H., Mazari, A. C. (2024, April). Enhancing iot security with cnn and lstm-based intrusion detection systems. In 2024 6th International Conference on Pattern Analysis and Intelligent Systems (PAIS) (pp. 1-7). IEEE.
    [CrossRef]   [Google Scholar]
  35. Dritsas, E., Trigka, M. (2025). A survey on the applications of cloud computing in the industrial internet of things. Big data and cognitive computing, 9(2), 44.
    [CrossRef]   [Google Scholar]
  36. Ray, P. P. (2023). An overview of WebAssembly for IoT: Background, tools, state-of-the-art, challenges, and future directions. Future Internet, 15(8), 275.
    [CrossRef]   [Google Scholar]
  37. Mishra, R., Mishra, A. (2025). Current research on Internet of Things (IoT) security protocols: A survey. Computers Security, 104310.
    [CrossRef]   [Google Scholar]
  38. Ni, C., Li, S. C. (2024). Machine learning enabled industrial iot security: Challenges, trends and solutions. Journal of Industrial Information Integration, 38, 100549.
    [CrossRef]   [Google Scholar]
  39. Halgamuge, M. N., Niyato, D. (2025). Adaptive edge security framework for dynamic IoT security policies in diverse environments. Computers Security, 148, 104128.
    [CrossRef]   [Google Scholar]
  40. Rehman, Z., Gondal, I., Ge, M., Dong, H., Gregory, M., Tari, Z. (2024). Proactive defense mechanism: Enhancing IoT security through diversity-based moving target defense and cyber deception. Computers Security, 139, 103685.
    [CrossRef]   [Google Scholar]
  41. Alwahedi, F., Aldhaheri, A., Ferrag, M. A., Battah, A., Tihanyi, N. (2024). Machine learning techniques for IoT security: Current research and future vision with generative AI and large language models. Internet of Things and Cyber-Physical Systems, 4, 167-185.
    [CrossRef]   [Google Scholar]

Cite This Article
APA Style
Arif, H., Ali, A. K. S., & Nabi, H. A. (2025). IoT Security through ML/DL: Software Engineering Challenges and Directions. ICCK Journal of Software Engineering, 1(2), 90–108. https://doi.org/10.62762/JSE.2025.372865

Article Metrics
Citations:

Crossref

0

Scopus

0

Web of Science

0
Article Access Statistics:
Views: 214
PDF Downloads: 20

Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and Permissions
CC BY Copyright © 2025 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
ICCK Journal of Software Engineering

ICCK Journal of Software Engineering

ISSN: 3069-1834 (Online)

Email: [email protected]

Portico

Portico

All published articles are preserved here permanently:
https://www.portico.org/publishers/icck/