Nesnelerin İnternetine (Iot) İlişkin Zafiyetler ve Güvenlik Önlemlerine İlişkin Çalışmaların Analizi

Yıl 2025, Cilt: 9 Sayı: 2, 121 - 141, 31.12.2025

Müzeyyen Barlas , Burcu Ertekin , Türkay Henkoğlu

https://doi.org/10.33461/uybisbbd.1756160

Öz

Nesnelerin interneti (IoT), bireyin günlük hayatından endüstri sektörüne, sağlık sektöründen akıllı ev teknolojilerine kadar geniş bir uygulama alanında kullanılmaktadır. Ancak IoT uygulamalarının hayatımıza girişi, günlük yaşamı kolaylaştırdığı gibi yeni zorlukları, güvenlik açıklarını ve endişeleri de beraberinde getirmiştir. Bu çalışmanın amacı, IoT cihazlarının risk ve zafiyetlerinin kapsamlı bir literatür araştırmasıyla ortaya konulması, IoT güvenliğinin sağlanmasına yönelik çalışmalarda odaklanılan hususların belirlenmesi, olası risk ve tehditlerin sınıflandırılması ve IoT cihazlarının güvenli kullanımı için alınması gereken bilgi güvenliği önlemlerine dikkat çekilerek farkındalığın oluşturulmasıdır. Bu amaçla etki faktörü yüksek ve prestijli çalışmaları içeren ScienceDirect veritabanı üzerinden IoT risklerini, zafiyetlerini ve güvenliğini ele alan çalışmalar içerik analizi yapılarak incelenmiştir. Bu çalışmanın, IoT sistemlerine yönelik risk ve tehditlerin neler olduğu, bu sistemlere yönelik saldırıların nasıl sınıflandırılabileceği ve zafiyetlerin giderilmesi amacıyla ne tür önlemlerin alınması gerektiğine ilişkin sorulara kapsamlı bir literatür araştırmasına dayanarak yanıt vereceği ve bu sayede gündelik yaşamın parçası haline gelen IoT cihazlarının barındırdığı risklere yönelik farkındalığın oluşturulmasına katkı sağlayacağı düşünülmektedir. Çalışmada IoT sistemleri üzerindeki güvenlik zafiyetlerinin neler olduğu, IoT saldırılarının kapsamlı ve güncel sınıflandırmasının nasıl yapıldığı, IoT sistemlerinin gizlilik ve güvenliğine yönelik potansiyel tehditlerin neler olduğu ve üretici ve/veya tüketicilerin IoT sistemlerine yönelik tehditlere karşı ne tür önlemler alabileceğine yönelik sorulara yanıt verilmektedir.

Anahtar Kelimeler

Nesnelerin interneti (IoT) , IoT zafiyetleri , IoT riskleri , IoT tehditleri , IoT güvenliği

Analysis of Studies on Internet of Things (Iot) Related Vulnerabilities and Security Measures

Öz

The Internet of Things (IoT) is used in a wide range of applications, from individuals' daily lives to industrial sectors, from healthcare to smart home technologies. However, the introduction of IoT applications into our lives has not only made daily life easier but also brought new challenges, security vulnerabilities, and concerns. The aim of this study is to identify the risks and vulnerabilities of IoT devices through a comprehensive literature review, identify the areas of focus in studies on ensuring IoT security, classify potential risks and threats, and raise awareness by highlighting the information security measures that should be taken for the safe use of IoT devices. For this purpose, a content analysis was conducted to examine studies addressing IoT risks, vulnerabilities, and security from the ScienceDirect database, which contains high-impact and prestigious studies. This study is expected to answer questions such as what the risks and threats to IoT systems are, how attacks against these systems can be classified, and what measures should be taken to address these vulnerabilities, based on a comprehensive literature review. Thus, it is believed that this study will contribute to raising awareness of the risks posed by IoT devices that have become a part of everyday life. The study answers questions such as what the security vulnerabilities are in IoT systems, how a comprehensive and up-to-date classification of IoT attacks is made, what the potential threats are to the privacy and security of IoT systems, and what precautions manufacturers and/or consumers can take against threats to IoT systems.

Anahtar Kelimeler

Internet of things (IoT) , IoT vulnerabilities , IoT risks , IoT threats , IoT security

Kaynakça

• Abdul-Qawy, A. S., Pramod, P. J., Magesh, E., ve Srinivasulu, T. (2015). The Internet of Things (IoT): An overview. International Journal of Engineering Research and Applications, 5(12, Part-2), 71–82. Erişim adresi: https://www.researchgate.net/publication/323834996
• Abiodun, O. I., Alabdulatif, A., Omolara, A. E., Alawida, M., Alabdulatif, A., Alshoura, W. H. ve Arshad, H. (2021). The internet of things security: A survey encompassing unexplored areas and new insights. Computers & Security, 102494. doi: 10.1016/j.cose.2021.102494
• Ahmad, R. ve Alsmadi, I. (2021). Machine learning approaches to IoT security: A systematic literature review. Internet of Things, 14, 100365. doi: 10.1016/j.iot.2021.100365
• Alani, M. M. (2024). HoneyTwin: Securing smart cities with machine learning- enabled SDN edge and cloud-based honeypots. Journal of Parallel and Distributed Computing, 187, 104866. doi: 10.1016/j.jpdc.2024.104866
• Allen, A., Mylonas, A., Vidalis, S. ve Gritzalis, D. (2024). Smart homes under siege: Assessing the robustness of physical security against wireless network attacks. Computers & Security, 131, 103687. doi: 10.1016/j.cose.2023.103687
• Alomari, A. ve Kumar, S., A., P., (2024) Securing IoT systems in a post- quantum environment: Vulnerabilities, attacks, and poossible solutions. doi: 10.1016/j.iot.2024.101132
• Alshammari, T., Usama, M. ve Azam, M. A. (2024). A survey on cybersecurity and privacy issues in smart healthcare systems: Attacks, countermeasures and open research directions. Heliyon, 10(1), e100526. doi: 10.1016/j.eij.2024.100526
• Amal, M. R. ve Venkadesh, P. (2023). Honey-based ransomware detection in IoT using a hybrid honeynet approach. Measurement: Sensors, 27, 100664. doi: 10.1016/j.measen.2022.100664
• Axelrod, C. W. (2015, May). Enforcing security, safety and privacy for the Internet of Things. In 2015 Long Island Systems, Applications and Technology. IEEE. 10.1109/LISAT.2015.7160214
• Beyrouti, M., Lounis, A. ve Lussier, B. (2024). A vulnerability-focused risk assessment framework for IoT security: Design and validation through a healthcare use-case. Internet of Things, 23, 101333. doi: 10.1016/j.iot.2024.101333
• Bhardwaj, A., Kaushik, K., Bharany, S. ve Kim, S. (2023). Forensic analysis and security assessment of IoT camera firmware for smart homes. Egyptian Informatics Journal, 24. doi: 10.1016/j.eij.2023.100409
• Cirne, A., Sousa, P., R., Resende, J., S., ve Antunes, L., (2022). IoT security certifications: Challenges and potential approaches. Computers & Security, 116, 102669. doi: 10.1016/j.cose.2022.102669
• Coulter, R. ve Pan, L. (2018). Intelligent agents defending for an IoT world: A review. Computers & Security, 77. doi: 10.1016/j.cose.2017.11.014
• Dargaoui, S., Azrour, M., El Allaoui, A., Guezzaz, A., Alabdulatif, A. ve Alnajim, A. (2024). Internet of Things Authentication Protocols: Comparative Study. Computers, Materials & Continua, 79(1), 65–87. doi: 10.32604/cmc.2024.047625
• Ding, W., Abdel Basset, M. ve Mohamed, R. (2023). DeepAK-IoT: An effective deep learning model for cyberattack detection in IoT networks. Information Sciences, 636, 119595. doi: 10.1016/j.ins.2023.03.052
• Farooq, U., Tariq, N. ve Asim, M. (2022). A survey on the role of machine learning in enabling IoT-based intrusion detection systems. Journal of Parallel and Distributed Computing, 162. doi: 10.1016/j.jpdc.2022.01.015
• Febro, A., Xiao, H., Spring, J. ve Christianson, B. (2022). Edge security for SIP-enabled IoT devices with P4. Computer Networks. doi: 10.1016/j.comnet.2021.108698
• Gharehchopogh, F. S. ve Abdollahzadeh, B. (2023). A multi-objective dynamic Harris hawks optimization for botnet detection in the Internet of Things. Internet of Things, 23, 100952. doi: 10.1016/j.iot.2023.100952
• Gönen, S. (2024). A methodical examination of single and multi-attacker flood attacks using RPL-based approaches. Computers & Industrial Engineering. doi: doi.org/10.1016/j.cie.2024.110356
• HaddadPajouh, H., Dehghantanha, A., Parizi, R. M., Aledhari, M. ve Karimipour, H. (2021). A survey on Internet of Things security: Requirements, challenges, and solutions. Internet of Things, 14, 100129. doi: 10.1016/j.iot.2019.100129
• Harbi, Y., Aliouat, Z., Refoufi, A. ve Harous, S. (2019). An enhanced authentication and key management scheme for WSN integrated to IoT. Ad Hoc Networks, 93, 101948. doi: 10.1016/j.adhoc.2019.101948
• Hassan, A., Nizam-Uddin, N., Quddus, A. ve Hassan, S. R. (2024). AI-based lightweight security for IoT architecture: A multi-layered analysis. Computers, Materials & Continua, 78(1). doi: 10.32604/cmc.2024.057877 Journal of Imaging Systems and Technology, 33, 100117. doi: 10.1016/j.hcc.2023.100117
• Kadri, M. R., Abdelli, A. ve Ben Othman, J. (2024). DoS and DDoS attacks in IoT environments: A systematic review of detection methods, attack types, and validation strategies. Internet of Things, 25, 101021. doi: 10.1016/j.iot.2023.101021
• Karale, A. (2021). The challenges of IoT addressing security, ethics, privacy, and laws. Internet of Things, 15, 100420. doi: 10.1016/j.iot.2021.100420
• Karasar, N. (2019). Bilimsel araştırma yöntemi: Kavramlar ilkeler teknikler (34. bs.). Nobel Akademik Yayıncılık.
• Kebande, V. R. (2022). Industrial internet of things (IIoT) forensics: The forgotten concept in the race toward industry 4.0. Forensic Science International: Reports, 6, 100257. doi: 10.1016/j.fsir.2022.100257
• Khan, S. H., Alahmadi, T. J., Ullah, W., Iqbal, J., Rahim, A., Alkahtani, H. K., Alghamdi, W. ve Almagrabi, A. O. (2023). SB-BR-STM: An ensemble deep learning framework for malware detection in Internet of Things. Computers & Security, 136, 100543. doi: 10.1016/j.prime.2024.100543
• Kokila, M. ve Reddy, S. (2025). Authentication, access control and scalability models in Internet of Things Security – A review. Cyber Security and Applications, 100057. doi: 10.1016/j.csa.2024.100057
• Kumari, P., ve Jain, A. K. (2023). IoT ortamlarında DDoS saldırılarına yönelik savunma stratejilerinin sistematik analizi. Computers & Security, 130, 103096. doi: 10.1016/j.cose.2023.103096 Landspace of IoT security. Computer Science Review, 44, 100467 doi: 10.1016/j.cosrev.2022.100467
• Lefoane, M., Ghafir, I., Kabir, S. ve Awan, I. U. (2025). A review of botnet detection mechanisms in the IoT ecosystem: Trends, challenges and future directions. Journal of Network and Computer Applications, 222, 104110. doi: 10.1016/j.jnca.2025.104110
• Mahbub, M. (2020). Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics. Journal of Network and Computer Applications, 168, 102761. doi: 10.1016/j.jnca.2020.102761
• Martins, I., Resende, J. S., Sousa, P. R., Silva, S., Antunes, L. ve Gama, J. (2022). Host-based IDS: A review and open issues of an anomaly detection system in IoT. Future Generation Computer Systems, 130. doi: 10.1016/j.future.2022.03.001
• Nath, R. N. ve Nath, H. V. (2022). Critical analysis of the layered and systematic approaches for understanding IoT security threats and challenges. Computers and Electrical Engineering, 102, 107997. doi: 10.1016/j.compeleceng.2022.107997
• Nazir, A., He, J., Zhu, N., Qureshi, S. S., Qureshi, S. U., Ullah, F., Wajahat, A. ve Pathan, M. S. (2024). A deep learning-based novel hybrid CNN-LSTM architecture for efficient detection of threats in the IoT ecosystem. Ain Shams Engineering Journal, 15(1), 102777. doi: 10.1016/j.asej.2024.102777
• Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G. ve Ghani, N. (2019). Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Communications Surveys & Tutorials, 21(3), 2702–2733. doi: 10.1109/COMST.2019.2910750
• Newaz, A. I., Sikder, A. K. M., Rahman, M. A. ve Uluagac, A. S. (2021). A survey on security and privacy issues in modern healthcare systems: Attacks and defenses. ACM Transactions on Computing for Healthcare. doi: 10.1016/j.ins.2019.08.006
• Ni, C. ve Li, S. C. (2024). Machine learning enabled Industrial IoT Security: Challenges, Trends and Solutions. Journal of Industrial Information Integration, 35, 100549. doi: 10.1016/j.jii.2023.100549
• Noor, M. B. M. ve Hassan, W. H. (2019). Current research on Internet of Things (IoT) security: A survey. Computer Networks, 148, 283–294. doi: 10.1016/j.comnet.2018.11.025
• Ogonji, M. M., Okeyo, G., ve Wafula, J. M. (2020). A survey on privacy and security of Internet of Things. Computer Science Review, 38, 100312. doi: 10.1016/j.cosrev.2020.100312
• Omolara, A. E., Alabdulatif, A., Abiodun, O. I., Alawida, M., Alabdulatif, A., Alshoura, W. H. ve Arshad, H. (2022). The internet of things security: A survey encompassing unexplored areas and new insights. Computers & Security, 114, 102494. doi: 10.1016/j.cose.2021.102494
• Quwaider, M. ve Shatnaw, Y. (2020). An intelligent hybrid congestion control system to secure IoT data reliability using bio-inspired computing. Computers & Security, 95, 102160. doi: 10.1016/j.adhoc.2020.102160
• Rana, M., Mamun, Q. ve Islam, R. (2022). A survey on lightweight cryptographic algorithms for resource-constrained IoT devices. Future Generation Computer Systems, 128, 307–324. doi: 10.1016/j.future.2021.11.011
• Rondon, L. P., Babun, L., Aris, A., Akkaya, K. ve Uluagac, A. S. (2022). Survey on Enterprise Internet-of-Things systems (E-IoT): A security perspective. Ad Hoc Networks, 131, 102728. doi: 10.1016/j.adhoc.2021.102728
• Sasi, T., Lashkari, A., B., Lu, R. ve Xiong, P., (2024). A comprehensive survey on IoT attacks: Taxonomy, detection, mechanisms and challenges. Journal of Information and Intelligence, 2, 455-513. doi: 10.1016/j.jiixd.2023.12.001
• Sayed, M., A., Atallah, R., Assi, G. ve Debbabi, M., (2022). Electric vehicle attack impact on power grid operation. International Journal of Electrical Power and Energy Systems, 134, 107784. doi: 10.1016/j.ijepes.2021.107784
• Schiller, E., Aidoo, E., Fuhrer, J., Stahl, J., Ziörjen, M., Stiller, B. (2022).
• Sengupta, J., Ruj, S., ve Das Bit, S. (2020). A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. Journal of Network and Computer Applications, 149, 102481. doi: 10.1016/j.jnca.2019.102481
• Shahin, M., Maghanaki, M., Hosseinzadeh, M. ve Chen, F., F. (2024). Advancing Network Security in Industrial IoT: A Deep Dive into AI-Enabled Intrusion Detection Systems. Advanced Engineering Informatics, 62, 102605. doi: 10.1016/j.aei.2024.102685
• Terlapu, P. V., Babu, S., Gangu, V. K. ve Pemula, R. (2022). Olasılıksal sinir ağı temelli bir HCV teşhis modeli: Makine öğrenimi perspektifi.
• Tewari, A. ve Gupta, B. B. (2018). Security, privacy and trust of different layers in Internet‑of‑Things (IoTs) framework. Future Generation Computer Systems, 108, 909–920. doi: 10.1016/j.future.2018.04.027
• Thabit, F., Can, Ö., Aljahdali, A. O., Al-Gaphari, G. H., ve Alkhzaimi, H. A. (2023). Cryptographic algorithms to enhance IoT security. Discover Internet of Things, 3(1), 1–12. doi: 10.1016/j.iot.2023.100759
• Turak, Y. (2015). Nesnelerin İnterneti ve Güvenliği. İstanbul.
• Uluslararası Standardizasyon Örgütü. (2022). ISO/IEC 27001:2022 – Bilgi güvenliği, siber güvenlik ve gizlilik koruması: Bilgi güvenliği yönetim sistemleri – Gereklilikler. ISO. Erişim adresi: https://www.iso.org/standard/27001
• Vignau, B., Khoury, R., Halle, S. ve Hamou-Lhadj, A. (2021). A taxonomy and analysis of IoT botnet behavior. Journal of Systems Architecture, 119, 102143. doi: 10.1016/j.sysarc.2021.102143
• Yaqoob, I., Hashem, I. A. T., Ahmed, A., Kazmi, S. M. A., ve Hong, C. S. (2019). Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges. Future Generation Computer Systems, 92, 265–275. doi: 10.1016/j.future.2018.09.058
• Yugha, R. ve Chithra, S. (2020). A survey on technologies and security protocols: Reference for future generation IoT. Journal of Network and Computer Applications, 169, 102763. doi: 10.1016/j.jnca.2020.102763
• Zhu, Z., Chen, M., Zhu, C. ve Zhu, Y. (2024). A deep reinforcement learning- based defense model against cyberattacks in dynamic environments. Computers & Security, 135, 103578. doi: 10.1016/j.cose.2023.103578
• Zohourian, A., Dadkhah, S., Pinto Neto, E. C., Mahdikhani, H., Danso, P. K., Molyneaux, H. ve Ghorbani, A. A. (2023). IoT Zigbee device security: A comprehensive review. Internet of Things, 23, 100791. doi: 10.1016/j.iot.2023.100791