ICCK Journal of Software Engineering Home About Editors Current Issue
-
CiteScore
-
Impact Factor
  1. Home
  2. Journals
  3. ICCK Journal of Software Engineering
  4. Volume 1, Issue 1
Secure Software Engineering for Industrial IoT: A Comprehensive Review of Threat Modeling and Defense Mechanisms
Review Article | Published: 17 August 2025
ICCK Journal of Software Engineering Volume 1, Issue 1, 2025: 17-31
Volume 1, Issue 1, ICCK Journal of Software Engineering
Volume 1, Issue 1, 2025
Submit Manuscript Edit a Special Issue
Academic Editor
Summair Raza
Summair Raza
University of Sargodha, Pakistan
Article QR Code
Article QR Code
Scan the QR code for reading
Popular articles
Research on A Ship Trajectory Classification Method Based on Deep Learning Bridging Modalities: A Survey of Cross-Modal Image-Text Retrieval A Mimic Fusion Algorithm for Dual Channel Video Based on Possibility Distribution Synthesis Theory YOLOv7-Bw: A Dense Small Object Efficient Detector Based on Remote Sensing Image Deep Prediction Network Based on Covariance Intersection Fusion for Sensor Data Case Studies on Integrating Artificial Intelligence in Finance to Transform Decision Making and Risk Management for Enhanced Financial Outcomes Visual Feature Extraction and Tracking Method Based on Corner Flow Detection Inaugural Editorial of the Chinese Journal of Information Fusion YOLOv8-Lite: A Lightweight Object Detection Model for Real-time Autonomous Driving Systems Short and Long-Term Renewable Electricity Demand Forecasting Based on CNN-Bi-GRU Model
ICCK Journal of Software Engineering, Volume 1, Issue 1, 2025: 17-31

Open Access | Review Article | 17 August 2025
Secure Software Engineering for Industrial IoT: A Comprehensive Review of Threat Modeling and Defense Mechanisms
by
Aamir Ali Aamir Ali 1
Misbah Ali Misbah Ali 1 *
Uqba Mushtaq Uqba Mushtaq 1
Malik Arslan Akram Malik Arslan Akram 2
1 Department of Computer Science, COMSATS University Islamabad, Sahiwal campus 57000, Pakistan
2 Southwest University of Science and Technology, Mianyang 621010, China
* Corresponding Author: Misbah Ali, [email protected]
DOI: 10.62762/JSE.2025.834259
Received: 16 July 2025, Accepted: 29 July 2025, Published: 17 August 2025  
   PDF  (1.43 MB)
Article Metrics Cite This Article
Abstract
The Industrial Internet of Things (IIoT) is a foundational pillar of Industry 4.0, enabling real-time data exchange and automation through the integration of smart sensors, actuators, and networked machinery. While this interconnectivity enhances operational efficiency and decision-making on the industrial floor, it also introduces complex cybersecurity challenges. This work reviews literature related to the IIoT with a focus on threat modeling techniques, including mitigation strategies. It comprises the theoretical frameworks and the implemented solutions within the domains of critical infrastructure and manufacturing. The coexistence of legacy control software systems, stringent real-time performance requirements, and heterogeneous modern devices, particularly within SCADA networks and cyber-physical systems, complicates the design and implementation of robust security mechanisms. This review synthesizes recent advancements in IIoT security with a specific focus on threat modeling methodologies and mitigation strategies. Key attack vectors such as denial-of-service (DoS) floods, data injection, and Advanced Persistent Threats (APTs) are examined. The paper further analyzes contemporary defense approaches, including AI-driven intrusion detection systems, blockchain-based trust frameworks, and software-defined networking solutions. This work aims to support both researchers and practitioners in developing scalable, resilient, and secure IIoT infrastructures suitable for modern industrial environments.
Graphical Abstract
Secure Software Engineering for Industrial IoT: A Comprehensive Review of Threat Modeling and Defense Mechanisms
Keywords
industrial internet of things
cyber security
denial-of-service
blockchain
Data Availability Statement
Data will be made available on request.
Funding
This work was supported without any funding.
Conflicts of Interest
The authors declare no conflicts of interest. 
Ethical Approval and Consent to Participate
Not applicable.
References
  1. Mosteiro-Sanchez, A., Barcelo, M., Astorga, J., & Urbieta, A. (2020). Securing IIoT using defence-in-depth: towards an end-to-end secure industry 4.0. Journal of Manufacturing Systems, 57, 367-378.
    [CrossRef]   [Google Scholar]
  2. Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-physical systems security—A survey. IEEE Internet of Things Journal, 4(6), 1802-1831.
    [CrossRef]   [Google Scholar]
  3. Lezzi, M., Corallo, A., Lazoi, M., & Nimis, A. (2025). Measuring cyber resilience in industrial IoT: a systematic literature review. Management Review Quarterly, 1-55.
    [CrossRef]   [Google Scholar]
  4. Presekal, A., Ştefanov, A., Rajkumar, V. S., Semertzis, I., & Palensky, P. (2024). Advanced persistent threat kill chain for cyber-physical power systems. IEEE Access.
    [CrossRef]   [Google Scholar]
  5. Serror, M., Hack, S., Henze, M., Schuba, M., & Wehrle, K. (2020). Challenges and opportunities in securing the industrial internet of things. IEEE Transactions on Industrial Informatics, 17(5), 2985-2996.
    [CrossRef]   [Google Scholar]
  6. Ekolle, Z. E., Kimio, K., & Ryuji, K. (2018, November). Intelligent security monitoring in time series of DDoS attack on IoT networks using grammar base filtering and clustering. In 2018 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS) (pp. 37-42). IEEE.
    [CrossRef]   [Google Scholar]
  7. Sikder, A. K., Petracca, G., Aksu, H., Jaeger, T., & Uluagac, A. S. (2018). A survey on sensor-based threats to internet-of-things (iot) devices and applications. arXiv preprint arXiv:1802.02041.
    [Google Scholar]
  8. Zhou, Z., Chen, X., Li, E., Zeng, L., Luo, K., & Zhang, J. (2019). Edge intelligence: Paving the last mile of artificial intelligence with edge computing. Proceedings of the IEEE, 107(8), 1738-1762.
    [CrossRef]   [Google Scholar]
  9. Pliatsios, D., Sarigiannidis, P., Lagkas, T., & Sarigiannidis, A. G. (2020). A survey on SCADA systems: secure protocols, incidents, threats and tactics. IEEE Communications Surveys & Tutorials, 22(3), 1942-1976.
    [CrossRef]   [Google Scholar]
  10. Rathee, G., Ahmad, F., Jaglan, N., & Konstantinou, C. (2022). A secure and trusted mechanism for industrial IoT network using blockchain. IEEE Transactions on Industrial Informatics, 19(2), 1894-1902.
    [CrossRef]   [Google Scholar]
  11. Görmüş, S., Aydın, H., & Ulutaş, G. (2018). Nesnelerin interneti teknolojisi için güvenlik: Var olan mekanizmalar, protokoller ve yaşanılan zorlukların araştırılması. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, 33(4), 1247-1272.
    [CrossRef]   [Google Scholar]
  12. Conti, M., Dehghantanha, A., Franke, K., & Watson, S. (2018). Internet of Things security and forensics: Challenges and opportunities. Future Generation Computer Systems, 78, 544-546.
    [CrossRef]   [Google Scholar]
  13. Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G., & Ghani, N. (2019). Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Communications Surveys & Tutorials, 21(3), 2702-2733.
    [CrossRef]   [Google Scholar]
  14. De Oliveira, G. W., Nogueira, M., dos Santos, A. L., & Batista, D. M. (2023). Intelligent VNF placement to mitigate DDoS attacks on industrial IoT. IEEE Transactions on Network and Service Management, 20(2), 1319-1331.
    [CrossRef]   [Google Scholar]
  15. Sarjan, H., Ameli, A., & Ghafouri, M. (2022). Cyber-security of industrial internet of things in electric power systems. IEEE Access, 10, 92390-92409.
    [CrossRef]   [Google Scholar]
  16. Benmalek, M. (2024). Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges. Internet of Things and Cyber-Physical Systems, 4, 186-202.
    [CrossRef]   [Google Scholar]
  17. Ali, M. A., & Al-Sharafi, S. A. H. (2025). Intrusion detection in IoT networks using machine learning and deep learning approaches for MitM attack mitigation. Discover Internet of Things, 5(1), 1-13.
    [CrossRef]   [Google Scholar]
  18. Yu, J., Wagner, S., & Luo, F. (2021). Data-flow-based adaption of the system-theoretic process analysis for security (STPA-sec). PeerJ Computer Science, 7, e362.
    [CrossRef]   [Google Scholar]
  19. Silawi, E., Shaked, A., & Reich, Y. (2024, July). TRANSLATING THE STPA‐SEC SECURITY METHOD INTO A MODEL‐BASED ENGINEERING APPROACH. In INCOSE International Symposium (Vol. 34, No. 1, pp. 1948-1963).
    [CrossRef]   [Google Scholar]
  20. Gupta, S. K., Chandan, R. R., Shukla, R., Singh, P., Pandey, A. K., & Jaiswal, A. K. (2023). Original Research Article Heterogeneity issues in IoT-driven devices and services. Journal of Autonomous Intelligence, 6(2).
    [CrossRef]   [Google Scholar]
  21. Panchal, A. C., Khadse, V. M., & Mahalle, P. N. (2018, November). Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures. In 2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN) (pp. 124-130). IEEE.
    [CrossRef]   [Google Scholar]
  22. Lei, X., Tu, G. H., Liu, A. X., Ali, K., Li, C. Y., & Xie, T. (2017). The insecurity of home digital voice assistants--amazon alexa as a case study. arXiv preprint arXiv:1712.03327.
    [Google Scholar]
  23. Jain, A., Zhou, Z., & Guin, U. (2021, May). Survey of recent developments for hardware trojan detection. In 2021 IEEE international symposium on circuits and systems (iscas) (pp. 1-5). IEEE.
    [CrossRef]   [Google Scholar]
  24. Choo, K. K. R., Domingo-Ferrer, J., & Zhang, L. (2016). Cloud cryptography: Theory, practice and future research directions. Future Generation Computer Systems, 62, 51-53.
    [CrossRef]   [Google Scholar]
  25. Shepherd, C., Markantonakis, K., Van Heijningen, N., Aboulkassimi, D., Gaine, C., Heckmann, T., & Naccache, D. (2021). Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis. Computers & Security, 111, 102471.
    [CrossRef]   [Google Scholar]
  26. Alotaibi, B. (2023). A survey on industrial Internet of Things security: Requirements, attacks, AI-based solutions, and edge computing opportunities. Sensors, 23(17), 7470.
    [CrossRef]   [Google Scholar]
  27. Sharma, P. K., & Park, J. H. (2018). Blockchain based hybrid network architecture for the smart city. Future Generation Computer Systems, 86, 650-655.
    [CrossRef]   [Google Scholar]
  28. Kumar, S., Kumar, D., Dangi, R., Choudhary, G., Dragoni, N., & You, I. (2024). A review of lightweight security and privacy for resource-constrained IoT devices. Computers, Materials and Continua, 78(1), 31-63.
    [CrossRef]   [Google Scholar]
  29. Vučinić, M., Tourancheau, B., Watteyne, T., Rousseau, F., Duda, A., Guizzetti, R., & Damon, L. (2015, August). DTLS performance in duty-cycled networks. In 2015 IEEE 26th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC) (pp. 1333-1338). IEEE.
    [CrossRef]   [Google Scholar]
  30. Astorga, J., Barcelo, M., Urbieta, A., & Jacob, E. (2022). Revisiting the feasibility of public key cryptography in light of iiot communications. Sensors, 22(7), 2561.
    [CrossRef]   [Google Scholar]
  31. Kavitha, D., & Thejas, S. (2024). Ai enabled threat detection: Leveraging artificial intelligence for advanced security and cyber threat mitigation. IEEE Access.
    [CrossRef]   [Google Scholar]
  32. Sadhwani, S., Modi, U. K., Muthalagu, R., & Pawar, P. M. (2024). SmartSentry: Cyber threat intelligence in industrial IoT. IEEE Access, 12, 34720-34740.
    [CrossRef]   [Google Scholar]
  33. Ali, A., Husain, M., & Hans, P. (2025). Federated Learning-Enhanced Blockchain Framework for Privacy-Preserving Intrusion Detection in Industrial IoT. arXiv preprint arXiv:2505.15376.
    [Google Scholar]
  34. Karunamurthy, A., Vijayan, K., Kshirsagar, P. R., & Tan, K. T. (2025). An optimal federated learning-based intrusion detection for IoT environment. Scientific Reports, 15(1), 8696.
    [CrossRef]   [Google Scholar]
  35. Liu, Y., Garg, S., Nie, J., Zhang, Y., Xiong, Z., Kang, J., & Hossain, M. S. (2020). Deep anomaly detection for time-series data in industrial IoT: A communication-efficient on-device federated learning approach. IEEE Internet of Things Journal, 8(8), 6348-6358.
    [CrossRef]   [Google Scholar]
  36. Rafique, Y., Leivadeas, A., & Ibnkahla, M. (2022, April). An IoT-aware VNF placement proof of concept in a hybrid edge-cloud smart city environment. In 2022 IEEE Wireless Communications and Networking Conference (WCNC) (pp. 1395-1400). IEEE.
    [CrossRef]   [Google Scholar]
  37. Forti, S., Paganelli, F., & Brogi, A. (2022). Probabilistic QoS-aware placement of VNF chains at the edge. Theory and Practice of Logic Programming, 22(1), 1-36.
    [CrossRef]   [Google Scholar]
  38. Mohamed, D., & Ismael, O. (2023). Enhancement of an IoT hybrid intrusion detection system based on fog-to-cloud computing. Journal of Cloud Computing, 12(1), 41.
    [CrossRef]   [Google Scholar]
  39. Gudla, S. P. K., Bhoi, S. K., Nayak, S. R., Singh, K. K., Verma, A., & Izonin, I. (2022). A deep intelligent attack detection framework for fog‐based IoT systems. Computational Intelligence and Neuroscience, 2022(1), 6967938.
    [CrossRef]   [Google Scholar]
  40. Parambil, M. M. A., Rustamov, J., Ahmed, S. G., Rustamov, Z., Awad, A. I., Zaki, N., & Alnajjar, F. (2024). Integrating AI-based and conventional cybersecurity measures into online higher education settings: Challenges, opportunities, and prospects. Computers and Education: Artificial Intelligence, 7, 100327.
    [CrossRef]   [Google Scholar]
  41. Abdullahi, S. M., & Lazarova-Molnar, S. (2025). On the adoption and deployment of secure and privacy-preserving IIoT in smart manufacturing: a comprehensive guide with recent advances. International Journal of Information Security, 24(1), 53.
    [CrossRef]   [Google Scholar]
  42. Kerkeni, R., Mhalla, A., & Bouzrara, K. (2025). Unsupervised Learning and Digital Twin Applied to Predictive Maintenance for Industry 4.0. Journal of Electrical and Computer Engineering, 2025(1), 3295799.
    [CrossRef]   [Google Scholar]
  43. Varghese, S. A., Ghadim, A. D., Balador, A., Alimadadi, Z., & Papadimitratos, P. (2022, March). Digital twin-based intrusion detection for industrial control systems. In 2022 IEEE international conference on pervasive computing and communications workshops and other affiliated events (PerCom workshops) (pp. 611-617). IEEE.
    [CrossRef]   [Google Scholar]
  44. Halder, S., & Newe, T. (2022). Enabling secure time-series data sharing via homomorphic encryption in cloud-assisted IIoT. Future Generation Computer Systems, 133, 351-363.
    [CrossRef]   [Google Scholar]
  45. Tawfik, A. M., Al-Ahwal, A., Eldien, A. S. T., & Zayed, H. H. (2025). PriCollabAnalysis: privacy-preserving healthcare collaborative analysis on blockchain using homomorphic encryption and secure multiparty computation. Cluster Computing, 28(3), 191.
    [CrossRef]   [Google Scholar]
  46. Songhorabadi, M., Rahimi, M., MoghadamFarid, A., & Kashani, M. H. (2023). Fog computing approaches in IoT-enabled smart cities. Journal of Network and Computer Applications, 211, 103557.
    [CrossRef]   [Google Scholar]
  47. Sharma, G. (2024). A survey on secure communication technologies for smart grid cyber physical system. e-Prime-Advances in Electrical Engineering, Electronics and Energy, 10, 100831.
    [CrossRef]   [Google Scholar]
  48. Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer networks, 76, 146-164.
    [CrossRef]   [Google Scholar]
  49. Cui, L., Xie, G., Qu, Y., Gao, L., & Yang, Y. (2018). Security and privacy in smart cities: Challenges and opportunities. IEEE access, 6, 46134-46145.
    [CrossRef]   [Google Scholar]
  50. Kouicem, D. E., Bouabdallah, A., & Lakhlef, H. (2018). Internet of things security: A top-down survey. Computer Networks, 141, 199-221.
    [CrossRef]   [Google Scholar]
  51. Fernández-Caramés, T. M., & Fraga-Lamas, P. (2018). A Review on the Use of Blockchain for the Internet of Things. IEEE Access, 6, 32979-33001.
    [CrossRef]   [Google Scholar]
  52. Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., & Sikdar, B. (2019). A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access, 7, 82721-82743.
    [CrossRef]   [Google Scholar]
  53. Chui, K. T., Gupta, B. B., Liu, J., Arya, V., Nedjah, N., Almomani, A., & Chaurasia, P. (2023). A survey of internet of things and cyber-physical systems: Standards, algorithms, applications, security, challenges, and future directions. Information, 14(7), 388.
    [CrossRef]   [Google Scholar]
  54. Zanasi, C., Russo, S., & Colajanni, M. (2024). Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures. Ad Hoc Networks, 156, 103414.
    [CrossRef]   [Google Scholar]
  55. Asim, M., Tariq, N., Awad, A. I., Waheed, F., Ullah, U., & Murtaza, G. (2025). SecT: A Zero-Trust Framework for Secure Remote Access in Next-Generation Industrial Networks. IEEE Journal on Selected Areas in Communications.
    [CrossRef]   [Google Scholar]
  56. Xu, L., Yu, H., Qin, H., Chai, Y., Yan, N., Li, D., & Chen, Y. (2023). Digital twin for aquaponics factory: Analysis, opportunities, and research challenges. IEEE Transactions on Industrial Informatics, 20(4), 5060-5073.
    [CrossRef]   [Google Scholar]
  57. Gaitan-Cardenas, M. C., Abdelsalam, M., & Roy, K. (2023, July). Explainable AI-based intrusion detection systems for cloud and IoT. In 2023 32nd International Conference on Computer Communications and Networks (ICCCN) (pp. 1-7). IEEE.
    [CrossRef]   [Google Scholar]
  58. Trantzas, K., Brodimas, D., Agko, B., Tziavas, G. C., Tranoris, C., Denazis, S., & Birbas, A. (2025). Intent-driven network automation through sustainable multimodal generative AI. EURASIP Journal on Wireless Communications and Networking, 2025(1), 42.
    [CrossRef]   [Google Scholar]
Cite This Article
APA Style
Ali, A., Ali, M., Mushtaq, U., & Akram., M. A. (2025). Secure Software Engineering for Industrial IoT: A Comprehensive Review of Threat Modeling and Defense Mechanisms. ICCK Journal of Software Engineering, 1(1), 17–31. https://doi.org/10.62762/JSE.2025.834259
Article Metrics
Citations:

Google Scholar
0

Crossref

0

Scopus

0

Web of Science

0
Article Access Statistics:
Views: 88
PDF Downloads: 17
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
CC BY Copyright © 2025 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
ICCK Journal of Software Engineering

ICCK Journal of Software Engineering

ISSN: request pending (Online) | ISSN: request pending (Print)

Email: [email protected]

Portico

Portico

All published articles are preserved here permanently:
https://www.portico.org/publishers/icck/