Nesnelerin İnternetine (Iot) İlişkin Zafiyetler ve Güvenlik Önlemlerine İlişkin Çalışmaların Analizi

Öz

Nesnelerin interneti (IoT), bireyin günlük hayatından endüstri sektörüne, sağlık sektöründen akıllı ev teknolojilerine kadar geniş bir uygulama alanında kullanılmaktadır. Ancak IoT uygulamalarının hayatımıza girişi, günlük yaşamı kolaylaştırdığı gibi yeni zorlukları, güvenlik açıklarını ve endişeleri de beraberinde getirmiştir. Bu çalışmanın amacı, IoT cihazlarının risk ve zafiyetlerinin kapsamlı bir literatür araştırmasıyla ortaya konulması, IoT güvenliğinin sağlanmasına yönelik çalışmalarda odaklanılan hususların belirlenmesi, olası risk ve tehditlerin sınıflandırılması ve IoT cihazlarının güvenli kullanımı için alınması gereken bilgi güvenliği önlemlerine dikkat çekilerek farkındalığın oluşturulmasıdır. Bu amaçla etki faktörü yüksek ve prestijli çalışmaları içeren ScienceDirect veritabanı üzerinden IoT risklerini, zafiyetlerini ve güvenliğini ele alan çalışmalar içerik analizi yapılarak incelenmiştir. Bu çalışmanın, IoT sistemlerine yönelik risk ve tehditlerin neler olduğu, bu sistemlere yönelik saldırıların nasıl sınıflandırılabileceği ve zafiyetlerin giderilmesi amacıyla ne tür önlemlerin alınması gerektiğine ilişkin sorulara kapsamlı bir literatür araştırmasına dayanarak yanıt vereceği ve bu sayede gündelik yaşamın parçası haline gelen IoT cihazlarının barındırdığı risklere yönelik farkındalığın oluşturulmasına katkı sağlayacağı düşünülmektedir. Çalışmada IoT sistemleri üzerindeki güvenlik zafiyetlerinin neler olduğu, IoT saldırılarının kapsamlı ve güncel sınıflandırmasının nasıl yapıldığı, IoT sistemlerinin gizlilik ve güvenliğine yönelik potansiyel tehditlerin neler olduğu ve üretici ve/veya tüketicilerin IoT sistemlerine yönelik tehditlere karşı ne tür önlemler alabileceğine yönelik sorulara yanıt verilmektedir.

Anahtar Kelimeler

• Nesnelerin interneti (IoT)
• IoT zafiyetleri
• IoT riskleri
• IoT tehditleri
• IoT güvenliği

Analysis of Studies on Internet of Things (Iot) Related Vulnerabilities and Security Measures

Öz

The Internet of Things (IoT) is used in a wide range of applications, from individuals' daily lives to industrial sectors, from healthcare to smart home technologies. However, the introduction of IoT applications into our lives has not only made daily life easier but also brought new challenges, security vulnerabilities, and concerns. The aim of this study is to identify the risks and vulnerabilities of IoT devices through a comprehensive literature review, identify the areas of focus in studies on ensuring IoT security, classify potential risks and threats, and raise awareness by highlighting the information security measures that should be taken for the safe use of IoT devices. For this purpose, a content analysis was conducted to examine studies addressing IoT risks, vulnerabilities, and security from the ScienceDirect database, which contains high-impact and prestigious studies. This study is expected to answer questions such as what the risks and threats to IoT systems are, how attacks against these systems can be classified, and what measures should be taken to address these vulnerabilities, based on a comprehensive literature review. Thus, it is believed that this study will contribute to raising awareness of the risks posed by IoT devices that have become a part of everyday life. The study answers questions such as what the security vulnerabilities are in IoT systems, how a comprehensive and up-to-date classification of IoT attacks is made, what the potential threats are to the privacy and security of IoT systems, and what precautions manufacturers and/or consumers can take against threats to IoT systems.

Anahtar Kelimeler

• Internet of things (IoT)
• IoT vulnerabilities
• IoT risks
• IoT threats
• IoT security

Kaynakça

1. Abdul-Qawy, A. S., Pramod, P. J., Magesh, E., ve Srinivasulu, T. (2015). The Internet of Things (IoT): An overview. International Journal of Engineering Research and Applications, 5(12, Part-2), 71–82. Erişim adresi: https://www.researchgate.net/publication/323834996
2. Abiodun, O. I., Alabdulatif, A., Omolara, A. E., Alawida, M., Alabdulatif, A., Alshoura, W. H. ve Arshad, H. (2021). The internet of things security: A survey encompassing unexplored areas and new insights. Computers & Security, 102494. doi: 10.1016/j.cose.2021.102494
3. Ahmad, R. ve Alsmadi, I. (2021). Machine learning approaches to IoT security: A systematic literature review. Internet of Things, 14, 100365. doi: 10.1016/j.iot.2021.100365
4. Alani, M. M. (2024). HoneyTwin: Securing smart cities with machine learning- enabled SDN edge and cloud-based honeypots. Journal of Parallel and Distributed Computing, 187, 104866. doi: 10.1016/j.jpdc.2024.104866
5. Allen, A., Mylonas, A., Vidalis, S. ve Gritzalis, D. (2024). Smart homes under siege: Assessing the robustness of physical security against wireless network attacks. Computers & Security, 131, 103687. doi: 10.1016/j.cose.2023.103687
6. Alomari, A. ve Kumar, S., A., P., (2024) Securing IoT systems in a post- quantum environment: Vulnerabilities, attacks, and poossible solutions. doi: 10.1016/j.iot.2024.101132
7. Alshammari, T., Usama, M. ve Azam, M. A. (2024). A survey on cybersecurity and privacy issues in smart healthcare systems: Attacks, countermeasures and open research directions. Heliyon, 10(1), e100526. doi: 10.1016/j.eij.2024.100526
8. Amal, M. R. ve Venkadesh, P. (2023). Honey-based ransomware detection in IoT using a hybrid honeynet approach. Measurement: Sensors, 27, 100664. doi: 10.1016/j.measen.2022.100664

9. Axelrod, C. W. (2015, May). Enforcing security, safety and privacy for the Internet of Things. In 2015 Long Island Systems, Applications and Technology. IEEE. 10.1109/LISAT.2015.7160214
10. Beyrouti, M., Lounis, A. ve Lussier, B. (2024). A vulnerability-focused risk assessment framework for IoT security: Design and validation through a healthcare use-case. Internet of Things, 23, 101333. doi: 10.1016/j.iot.2024.101333
11. Bhardwaj, A., Kaushik, K., Bharany, S. ve Kim, S. (2023). Forensic analysis and security assessment of IoT camera firmware for smart homes. Egyptian Informatics Journal, 24. doi: 10.1016/j.eij.2023.100409
12. Cirne, A., Sousa, P., R., Resende, J., S., ve Antunes, L., (2022). IoT security certifications: Challenges and potential approaches. Computers & Security, 116, 102669. doi: 10.1016/j.cose.2022.102669
13. Coulter, R. ve Pan, L. (2018). Intelligent agents defending for an IoT world: A review. Computers & Security, 77. doi: 10.1016/j.cose.2017.11.014
14. Dargaoui, S., Azrour, M., El Allaoui, A., Guezzaz, A., Alabdulatif, A. ve Alnajim, A. (2024). Internet of Things Authentication Protocols: Comparative Study. Computers, Materials & Continua, 79(1), 65–87. doi: 10.32604/cmc.2024.047625
15. Ding, W., Abdel Basset, M. ve Mohamed, R. (2023). DeepAK-IoT: An effective deep learning model for cyberattack detection in IoT networks. Information Sciences, 636, 119595. doi: 10.1016/j.ins.2023.03.052
16. Farooq, U., Tariq, N. ve Asim, M. (2022). A survey on the role of machine learning in enabling IoT-based intrusion detection systems. Journal of Parallel and Distributed Computing, 162. doi: 10.1016/j.jpdc.2022.01.015
17. Febro, A., Xiao, H., Spring, J. ve Christianson, B. (2022). Edge security for SIP-enabled IoT devices with P4. Computer Networks. doi: 10.1016/j.comnet.2021.108698
18. Gharehchopogh, F. S. ve Abdollahzadeh, B. (2023). A multi-objective dynamic Harris hawks optimization for botnet detection in the Internet of Things. Internet of Things, 23, 100952. doi: 10.1016/j.iot.2023.100952
19. Gönen, S. (2024). A methodical examination of single and multi-attacker flood attacks using RPL-based approaches. Computers & Industrial Engineering. doi: doi.org/10.1016/j.cie.2024.110356
20. HaddadPajouh, H., Dehghantanha, A., Parizi, R. M., Aledhari, M. ve Karimipour, H. (2021). A survey on Internet of Things security: Requirements, challenges, and solutions. Internet of Things, 14, 100129. doi: 10.1016/j.iot.2019.100129
21. Harbi, Y., Aliouat, Z., Refoufi, A. ve Harous, S. (2019). An enhanced authentication and key management scheme for WSN integrated to IoT. Ad Hoc Networks, 93, 101948. doi: 10.1016/j.adhoc.2019.101948
22. Hassan, A., Nizam-Uddin, N., Quddus, A. ve Hassan, S. R. (2024). AI-based lightweight security for IoT architecture: A multi-layered analysis. Computers, Materials & Continua, 78(1). doi: 10.32604/cmc.2024.057877 Journal of Imaging Systems and Technology, 33, 100117. doi: 10.1016/j.hcc.2023.100117
23. Kadri, M. R., Abdelli, A. ve Ben Othman, J. (2024). DoS and DDoS attacks in IoT environments: A systematic review of detection methods, attack types, and validation strategies. Internet of Things, 25, 101021. doi: 10.1016/j.iot.2023.101021
24. Karale, A. (2021). The challenges of IoT addressing security, ethics, privacy, and laws. Internet of Things, 15, 100420. doi: 10.1016/j.iot.2021.100420
25. Karasar, N. (2019). Bilimsel araştırma yöntemi: Kavramlar ilkeler teknikler (34. bs.). Nobel Akademik Yayıncılık.
26. Kebande, V. R. (2022). Industrial internet of things (IIoT) forensics: The forgotten concept in the race toward industry 4.0. Forensic Science International: Reports, 6, 100257. doi: 10.1016/j.fsir.2022.100257
27. Khan, S. H., Alahmadi, T. J., Ullah, W., Iqbal, J., Rahim, A., Alkahtani, H. K., Alghamdi, W. ve Almagrabi, A. O. (2023). SB-BR-STM: An ensemble deep learning framework for malware detection in Internet of Things. Computers & Security, 136, 100543. doi: 10.1016/j.prime.2024.100543
28. Kokila, M. ve Reddy, S. (2025). Authentication, access control and scalability models in Internet of Things Security – A review. Cyber Security and Applications, 100057. doi: 10.1016/j.csa.2024.100057
29. Kumari, P., ve Jain, A. K. (2023). IoT ortamlarında DDoS saldırılarına yönelik savunma stratejilerinin sistematik analizi. Computers & Security, 130, 103096. doi: 10.1016/j.cose.2023.103096 Landspace of IoT security. Computer Science Review, 44, 100467 doi: 10.1016/j.cosrev.2022.100467
30. Lefoane, M., Ghafir, I., Kabir, S. ve Awan, I. U. (2025). A review of botnet detection mechanisms in the IoT ecosystem: Trends, challenges and future directions. Journal of Network and Computer Applications, 222, 104110. doi: 10.1016/j.jnca.2025.104110
31. Mahbub, M. (2020). Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics. Journal of Network and Computer Applications, 168, 102761. doi: 10.1016/j.jnca.2020.102761
32. Martins, I., Resende, J. S., Sousa, P. R., Silva, S., Antunes, L. ve Gama, J. (2022). Host-based IDS: A review and open issues of an anomaly detection system in IoT. Future Generation Computer Systems, 130. doi: 10.1016/j.future.2022.03.001
33. Nath, R. N. ve Nath, H. V. (2022). Critical analysis of the layered and systematic approaches for understanding IoT security threats and challenges. Computers and Electrical Engineering, 102, 107997. doi: 10.1016/j.compeleceng.2022.107997
34. Nazir, A., He, J., Zhu, N., Qureshi, S. S., Qureshi, S. U., Ullah, F., Wajahat, A. ve Pathan, M. S. (2024). A deep learning-based novel hybrid CNN-LSTM architecture for efficient detection of threats in the IoT ecosystem. Ain Shams Engineering Journal, 15(1), 102777. doi: 10.1016/j.asej.2024.102777
35. Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G. ve Ghani, N. (2019). Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Communications Surveys & Tutorials, 21(3), 2702–2733. doi: 10.1109/COMST.2019.2910750
36. Newaz, A. I., Sikder, A. K. M., Rahman, M. A. ve Uluagac, A. S. (2021). A survey on security and privacy issues in modern healthcare systems: Attacks and defenses. ACM Transactions on Computing for Healthcare. doi: 10.1016/j.ins.2019.08.006
37. Ni, C. ve Li, S. C. (2024). Machine learning enabled Industrial IoT Security: Challenges, Trends and Solutions. Journal of Industrial Information Integration, 35, 100549. doi: 10.1016/j.jii.2023.100549
38. Noor, M. B. M. ve Hassan, W. H. (2019). Current research on Internet of Things (IoT) security: A survey. Computer Networks, 148, 283–294. doi: 10.1016/j.comnet.2018.11.025
39. Ogonji, M. M., Okeyo, G., ve Wafula, J. M. (2020). A survey on privacy and security of Internet of Things. Computer Science Review, 38, 100312. doi: 10.1016/j.cosrev.2020.100312
40. Omolara, A. E., Alabdulatif, A., Abiodun, O. I., Alawida, M., Alabdulatif, A., Alshoura, W. H. ve Arshad, H. (2022). The internet of things security: A survey encompassing unexplored areas and new insights. Computers & Security, 114, 102494. doi: 10.1016/j.cose.2021.102494
41. Quwaider, M. ve Shatnaw, Y. (2020). An intelligent hybrid congestion control system to secure IoT data reliability using bio-inspired computing. Computers & Security, 95, 102160. doi: 10.1016/j.adhoc.2020.102160
42. Rana, M., Mamun, Q. ve Islam, R. (2022). A survey on lightweight cryptographic algorithms for resource-constrained IoT devices. Future Generation Computer Systems, 128, 307–324. doi: 10.1016/j.future.2021.11.011
43. Rondon, L. P., Babun, L., Aris, A., Akkaya, K. ve Uluagac, A. S. (2022). Survey on Enterprise Internet-of-Things systems (E-IoT): A security perspective. Ad Hoc Networks, 131, 102728. doi: 10.1016/j.adhoc.2021.102728
44. Sasi, T., Lashkari, A., B., Lu, R. ve Xiong, P., (2024). A comprehensive survey on IoT attacks: Taxonomy, detection, mechanisms and challenges. Journal of Information and Intelligence, 2, 455-513. doi: 10.1016/j.jiixd.2023.12.001
45. Sayed, M., A., Atallah, R., Assi, G. ve Debbabi, M., (2022). Electric vehicle attack impact on power grid operation. International Journal of Electrical Power and Energy Systems, 134, 107784. doi: 10.1016/j.ijepes.2021.107784
46. Schiller, E., Aidoo, E., Fuhrer, J., Stahl, J., Ziörjen, M., Stiller, B. (2022).
47. Sengupta, J., Ruj, S., ve Das Bit, S. (2020). A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. Journal of Network and Computer Applications, 149, 102481. doi: 10.1016/j.jnca.2019.102481
48. Shahin, M., Maghanaki, M., Hosseinzadeh, M. ve Chen, F., F. (2024). Advancing Network Security in Industrial IoT: A Deep Dive into AI-Enabled Intrusion Detection Systems. Advanced Engineering Informatics, 62, 102605. doi: 10.1016/j.aei.2024.102685
49. Terlapu, P. V., Babu, S., Gangu, V. K. ve Pemula, R. (2022). Olasılıksal sinir ağı temelli bir HCV teşhis modeli: Makine öğrenimi perspektifi.
50. Tewari, A. ve Gupta, B. B. (2018). Security, privacy and trust of different layers in Internet‑of‑Things (IoTs) framework. Future Generation Computer Systems, 108, 909–920. doi: 10.1016/j.future.2018.04.027
51. Thabit, F., Can, Ö., Aljahdali, A. O., Al-Gaphari, G. H., ve Alkhzaimi, H. A. (2023). Cryptographic algorithms to enhance IoT security. Discover Internet of Things, 3(1), 1–12. doi: 10.1016/j.iot.2023.100759
52. Turak, Y. (2015). Nesnelerin İnterneti ve Güvenliği. İstanbul.
53. Uluslararası Standardizasyon Örgütü. (2022). ISO/IEC 27001:2022 – Bilgi güvenliği, siber güvenlik ve gizlilik koruması: Bilgi güvenliği yönetim sistemleri – Gereklilikler. ISO. Erişim adresi: https://www.iso.org/standard/27001
54. Vignau, B., Khoury, R., Halle, S. ve Hamou-Lhadj, A. (2021). A taxonomy and analysis of IoT botnet behavior. Journal of Systems Architecture, 119, 102143. doi: 10.1016/j.sysarc.2021.102143
55. Yaqoob, I., Hashem, I. A. T., Ahmed, A., Kazmi, S. M. A., ve Hong, C. S. (2019). Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges. Future Generation Computer Systems, 92, 265–275. doi: 10.1016/j.future.2018.09.058
56. Yugha, R. ve Chithra, S. (2020). A survey on technologies and security protocols: Reference for future generation IoT. Journal of Network and Computer Applications, 169, 102763. doi: 10.1016/j.jnca.2020.102763
57. Zhu, Z., Chen, M., Zhu, C. ve Zhu, Y. (2024). A deep reinforcement learning- based defense model against cyberattacks in dynamic environments. Computers & Security, 135, 103578. doi: 10.1016/j.cose.2023.103578
58. Zohourian, A., Dadkhah, S., Pinto Neto, E. C., Mahdikhani, H., Danso, P. K., Molyneaux, H. ve Ghorbani, A. A. (2023). IoT Zigbee device security: A comprehensive review. Internet of Things, 23, 100791. doi: 10.1016/j.iot.2023.100791