Content area

Abstract

Translate

ABSTRACT

The Internet of Things (IoT) technology is everywhere; they are making things more intelligent and connected, from smart cities to transport systems to homes, especially in the healthcare industry. This paper focuses on IoT in the healthcare domain. One of the major threats is structured query language (SQL) injections. An SQL injection attack is well known as a significant web application vulnerability. Given the potential future attacks from a prediction perspective in the healthcare domain, the other consequences of SQL injection attacks have yet to be well known. This study investigates the most common trend of SQL injection attacks. A systematic review method was carried out in this study. Reviewers selected, analysed and outlined 38 eligible studies. The reviewed literature reveals that IoT technologies are the most common and recent target of SQL injection attacks. The findings are necessary to shape the future of robust IoT security, especially in the healthcare domain, to ensure patients' safety and privacy. This paper suggests some strategies and standards that could help reduce and eliminate the risk of SQL injection in healthcare systems. As a result, it can help engineers develop robust security mechanisms to protect medical IoT devices from SQL attacks.

Full text

Translate
Turn on search term navigation

Introduction

Nowadays, any customers in any industry at any profit and non-profit organisation have different data values to be processed as customers’ information, for example, customers’ accounts or profiles. They are electronically visualized via a variety of database software systems, which are made with database programming languages, such as structured query language (SQL). SQL is primarily used in relational database management systems (RDBMS). Microsoft SQL Server, PostgreSQL, MySQL and Oracle are famous examples of SQL products [1] and are widely used as database sources. Therefore, the current study focuses on SQL.

Moreover, for-profit and non-profit healthcare organisations also use management software that is based on SQL. Patients and healthcare practitioners are some types of healthcare industry customers. However, SQL is a robust solution in healthcare. It provides many functions and perks, such as allowing access to and analysing patient information [2]. SQL manipulates specific healthcare data, such as ‘retrieve and update clinical data that is usually distributed across multiple related tables’ in SQL management software [3].

Simultaneously, the Internet of Things (IoT) is a rapidly emerging, evolving technology in the healthcare industry to improve the quality of health for patients [4]. It is common to use SQL databases to store the obtained data from IoT devices [5]. To rephrase it, many SQL products are used in building software for IoT smart devices.

SQL is susceptible to most identical vulnerabilities, including weak authentication, misconfiguration, insecure design, and other relevant application security; SQL attacks, namely SQL injection, are prevalent in security concerns for SQL systems [1]. The concept behind SQL injection pertains to the query, which interacts with databases. Consequently, hackers possess a comprehensive understanding of constructing the query for interacting with databases [6]. Therefore, this study's objective and scientific contributions are to investigate and predict the current trend of SQL attacks, in turn, it will help healthcare practitioners, developers, and engineers to secure patient data. Utilising the risks of SQL attacks will improve the quality of health for patients operationally and clinically, achieved by securing the confidentiality, integrity and availability (CIA) of the healthcare information. Patients' safety always comes first. For example, breaching the CIA of an implanted IoT device by a malicious hacker could lead to the patient's death. The pacemaker and insulin pump are typical examples of implemented IoT devices. Overall, security gaps in CIA within the domain of healthcare systems have harmful consequences involving security breaches and risks to patient lives.

This study attempts to find what healthcare technology area in the literature is currently associated with SQL attacks. In terms of related work, the literature has shown many relevant studies are targeting the CIA of Health Insurance Portability and Accountability Act (HIPAA) requirements in terms of IoT. [7] conducted a systematic review study to investigate ‘how the National Institute of Standards and Technology (NIST) Special Publication 800–66 Revision 1 was utilised in academic studies within the existing literature, specifically within the US healthcare industry’. Reference [7]’s finding shows that the United States healthcare literature lacks awareness of 800–66 Revision 1 in IoT technology, while [8] ensures that IoT technology is considered in Special Publication 800–66 Revision 2. Other studies address SQL attacks in terms of the web application [9]. However, web applications are an important component of some IoT devices, especially for real-time IoT web applications [10].

Methodology

According to [11], ‘a systematic literature review is a trustworthy, rigorous and auditable methodology for evaluating and interpreting previous research relevant to a particular phenomenon of interest’. Therefore, the study focuses on systematic review methodology follows the following steps:

Research Question

The researchers wondered what the recent SQL security attacks in a particular technological area were addressed and discussed in the literature.

Data Collection and Search Strategy

The researchers rely on secondary data sources from the literature; mainly, they looked for articles in the Google Scholar database engine search using the following keyword ‘sql attacks’. The search looked for a given keyword from 2018 to the present (2023).

Inclusion and Exclusion of the Studies

The primary purpose of the inclusion and exclusion phases is to include the eligible studies and exclude the non-relevant studies. Eventually, it will answer the research question without biasing [12]. As an essential part of following and applying these phases, the three researchers rejected the following manuscripts that were found in the keyword search stage: all articles that were not published in English, posters, duplicated articles, presentations, non-relevant papers, papers without adequate information, non-full research papers, books and student theses. All the manuscripts that followed the rejection criteria were excluded, and the other eligible articles were included in this review study.

The rejection process aims to identify the eligible studies and eliminate the irrelevant ones; the eligible studies were selected after screening all studies made by the three researchers.

Selection of the Eligible Studies

Into the bargain, Figure 1 shows the process of selecting the included studies with the detailed structure of the systematic review steps:

[IMAGE OMITTED. SEE PDF]

A total of 1000 studies were identified in the preliminary search in the Google Scholar Database. The three researchers removed 502 studies as excluded from this review because they met the shaped rejection criteria. In turn, it reduced the total identified articles from 1000 total studies to 498 total eligible studies. The three reviewers reviewed each of these eligible studies for relevance in pointing out the appropriate answer for the given research question. Sequentially, this process brought down the 498 eligible studies to 38 selected studies. The researchers selected the 38 articles quantitatively based on the relevance between the title of each article and the inclusion of the SQL attacks qualitatively in each article. In other words, the researcher presented the following equation: n=38=Numberofstudieswithrelevanttitlesofrepeatedstudiesquantitative+ContentofstudiesthatencompassthekeywordSQLAttack'.qualitative$$\begin{equation*} \def\eqcellsep{&}\begin{array}{l} \left( {n = 38} \right) = {\mathrm{Number\ of\ studies\ with\ relevant\ titles\ of\ repeated}}\\ \quad {\mathrm{studies}}\ \left( {{\mathrm{quantitative}}} \right) + {\mathrm{Content\ of\ studies\ that\ encompass}}\\ \quad {\mathrm{the\ keyword\ {\text{`}}SQL\ Attack{\text{'}}}}.\ \left( {{\mathrm{qualitative}}} \right) \end{array} \end{equation*}$$

Results

Thirty-eight papers were identified and selected for the study; the basic idea of the selection was based on the quantitative characteristics of the contents. The three researchers observed that the research papers with IoT topics are the most relevant in answering the research question. The contents of these papers include the SQL injection subject. All 38 IoT articles were read and analysed by two researchers to ensure the validity of the study.

Synthesis and Analysis of Results

The evidence from the selected 38 papers was synthesised and analysed in Table 1. However, they are listed in alphabetical order together with three columns (title, citations and purpose) as follows:

TABLE 1 Styles available in the Word template.

Article's title Authors’ citation Purpose (summary of how/why the IoT article addresses the SQL injection?)
‘A comprehensive study of the design and security of the IoT layer attacks’ (Rajan et al., 2021) [13] Discussed the IoT security concerns, including SQL injection attacks.
‘A novel web attack detection system for IoT via ensemble classification’ (Luo et al., 2020) [14] To reduce the security risks of the IoT and prevent SQL injection, the author suggests ensemble profound learning-based web assault detection framework (EDL-WADS).
‘A review of attacks, vulnerabilities and defences in industry 4.0 with new challenges on data sovereignty ahead’ (Pedreira et al., 2021) [15] The researcher presented a systematic review of security challenges in IoT and attacks such as Metadata spoofing and SQL injection, then presented the blockchain as a defence technology.
‘A systemic security and privacy review: Attacks and prevention mechanisms over IoT layers’ (Akhtar and Feng, 2022) [16] The researcher discussed the security risks of the IOT and their solutions on three layers: application layer, network layer, perception layer/physical layer. SQL injection is mentioned as a risk.
‘A comprehensive IoT attacks survey based on a building-blocked reference model’ (Abdul-Ghani, Konstantas and Mahyoub, 2018) [17] The researcher developed a four-layer security attack and response model on the IoT.
‘A survey of IoT-enabled cyberattacks: Assessing attack paths to critical infrastructures and services’ (Stellios et al., 2018) [18] The researcher searched IoT-enabled cyber-attacks found in all application domains since 2010.
‘Advancement in robust cyber attacks-an overview’ (Pansari and Kushwaha, 2018) [19] The research showed how AI is a disastrous tool in security attacks and how the IoT is also disastrous when it is Ransomware. He presented Sandboxing technology as a valuable tool for addressing security. Moreover, it mentioned that a SQL injection would be a primary path for starting a malicious action as a type of attack.
‘An analysis of cybersecurity attacks against IoT and security solutions’ (Islam and Aktheruzzaman, 2020) [20] The researcher presented different security attacks on the IOT, such as SQL injection and some current security solutions.
‘An investigation on detection of vulnerabilities in IoT’ (Raghuvanshi et al., 2020) [21] The author studies the techniques for detecting vulnerabilities in IoT devices and applications.
‘An IoT inventory before deployment: A survey on IoT protocols, communication technologies, vulnerabilities, attacks and future research directions’ (Bang et al., 2022) [22] The researcher provided a clear view of the latest IoT security technologies by identifying vulnerabilities and organising protocols according to the TCP/IP stack. SQL injection is listed as a vulnerability of application layer protocols.
‘Analysis of cyber-attacks in IoT-based critical infrastructures’ (Resul and Gündüz, 2020) [23] The researcher examined the security attacks in the IoT-based infrastructure, such as SQL injection and presented a method to address the security attacks related to the internet protocol.
‘ARTEMIS: An intrusion detection system for MQTT attacks in the IoT’ (Ciklabakkal et al., 2019) [24] The researcher designed and experimentally evaluated a preliminary system using IoT devices subscribed to topics at an MQTT broker to detect parasitism.
‘Artificial intelligence enabled cyber security defence for smart cities: A novel attack detection framework based on the MDATA model’ (Jia et al., 2023) [25] The researcher proposed a framework for detecting security responses called ACAM based on the MDATA model.
‘Attack graph modelling for implantable pacemaker’ (Ibrahim et al., 2020) [26] This investigation aims to extend mindfulness about the security of IoT devices. This can be done by distinguishing a few cyberattacks.
‘Attacks on the industrial IoT–development of a multi-layer taxonomy’ (Berger et al., 2020) [27] The researcher presented a multi-layered classification to identify the similarities and differences between attacks on the IoT.
‘Certain investigation of attacks in the field of IoT and blockchain technology’ (Parvathy and Nataraj, 2022) [28] The researcher focused on threat levels and coping techniques related to Blockchain IoT (BIoT). SQL Injection Attack is one of them, which occur in the middleware layer of IoT architecture layer attacks.
‘Classification of various types of attacks in IoT environment’ (Mann et al., 2020) [29] The researcher discussed the security threats of the IoT and addressed these attacks.
“Comparative analysis of penetration testing approaches for IoT devices’ (Kaushik and Mangal, 2023) [30] The authors compare and analyse the different penetration testing techniques for IoT.
‘DDoS In IoT: A roadmap towards security and countermeasures’ (Roohi et al., 2019) [31] The researcher provided a view of the DDoS in IOT as attacks and their response. Code injection is one of the attacks at the application layer.
‘Defending against cyber-attacks on the IoT’ (Abdalrahman and Varol, 2019) [32] The article categorises IoT devices and emphasises their vulnerability to SQL injection attacks and other cyber threats. It underscores the need to understand these risks to develop effective defences.
‘Network intrusion detection on the IoT edge using adversarial autoencoders’ (Aloul et al., 2021) [33] The article explores the use of deep learning algorithms for network intrusion detection in IoT devices, targeting the prevention of SQL injection attacks in response to the increasing number of IoT devices.
‘Leveraging semi-supervised hierarchical stacking temporal convolutional network for anomaly detection in IoT communication’ (Cheng et al., 2021) [34] The article presents the HS-TCN method for detecting anomalies in IoT communication, a critical step in preventing SQL injection attacks.
‘Machine learning-enabled IoT security: open issues and challenges under advanced persistent threats’ (Chen et al., 2022) [35] The study focuses on IIoT network security, specifically SQL injection prevention. It analyses security challenges and explores intrusion detection methods, including machine learning techniques, to enhance the detection and categorisation of attacks.
‘Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralised and federated learning’ (Ferrag et al., 2022) [36] The author highlights SQL injection attacks (INJECTION ATTACKS) designed to breach the targeted system's integrity and confidentiality.
‘Cybersecurity for battery management systems in cyber-physical environments’ (Kumbhar et al., 2018) [37] It identifies potential cybersecurity threats such as SQL injection and outlines categorised strategies to prevent them, including specific measures to mitigate SQL injection in IoT devices.
‘Literature review on the latest security and the vulnerability of IoT and a proposal to overcome’ (Annamalai Lakshmanan, 2020) [38] The article analyses the security needs of IoT devices, focusing on SQL injection flaws. It explores vulnerabilities across various stages of IoT architecture.
‘OWASP IoT top 10 based attack dataset for machine learning’ (Min et al., 2022) [39] The paper highlights IoT vulnerability to cyber-attacks and introduces the AIoT-Sol Dataset. This innovative approach aids in anomaly detection, accurately identifying and preventing malicious traffic, including SQL injection attacks.
‘Critical analysis of the layered and systematic approaches for understanding IoT security threats and challenges’ (Nath N and V Nath, 2022) [40] The article examines the vulnerabilities of IoT systems, emphasising the threat of SQL injection. It offers solutions to reinforce IoT devices against SQL injection attacks.
‘Detecting IoT attacks using distributed deep learning’ (De La Torre Parra et al., 2020) [41] The article outlines a cloud-based deep learning system utilizing DCNN and LSTM to detect and prevent SQL injection and other attacks in IoT devices, proven effective through experiments.
‘Modern security threats in the IoT: attacks and countermeasures’ (Rajendran et al., 2019) [42] The article addresses the growth of IoT and its benefits, contrasting with significant security concerns like SQL injection. It outlines various vulnerabilities and emphasises the challenges in implementing security, discussing solutions across software, hardware and network infrastructure.
‘Securing the IoT: a security taxonomy for IoT’ (Rizvi et al., 2018) [43] The article explores IoT security challenges, including SQL injection attacks, emphasising risks such as identity theft.
‘Identifying the attack surface for IoT network’ (Rizvi et al., 2020) [44] The author explores IoT vulnerabilities to develop an attack surface architecture, emphasising SQL injection risks due to cloud storage. The article presents an IoT threat model that segments the architecture into zones to pinpoint threats and design solutions.
‘IoT security intelligence: a comprehensive overview, machine learning solutions and research directions’ (Sarker et al., 2022) [45] The article focuses on the vulnerability of increasingly complex and interconnected IoT devices to sophisticated cyber-attacks, such as SQL injection. It emphasises the insufficiency of traditional security methods in addressing these threats.
‘Vulnerabilities, attacks and their mitigation: An implementation on IoT’ (Sharma et al., 2019) [46] The article addresses rising cyber threats on IoT devices, especially SQL injection and emphasises the importance of multi-layered security measures within the IoT architecture.
‘IoT vulnerability data crawling and analysis’ (Shiaeles et al., 2019) [47] The article describes the use of crawlers to detect and analyse vulnerabilities in IoT systems, specifically to prevent SQL injection attacks.
‘Securing data from active attacks in IoT: An extensive study’ (Silpa et al., 2022) [48] The author examines IoT security challenges, particularly SQL injection attacks, in sectors such as healthcare and automotive. The paper explores solutions and technologies to reshape IoT architecture for end-to-end security and increase user trust in IoT applications.
‘Securing online web applications for IoT management’ (Veeraiah et al., 2022) [49] The article focuses on securing web applications in IoT implementation, specifically through measures such as Secure Socket Layer SSL layers and data encryption to reduce the risk of SQL injection attacks. The aim is to improve existing security practices and promote safe IoT management.
‘Signature-based and behaviour-based attack detection with machine learning for home IoT devices’ (Visoottiviseth et al., 2020) [50] The article highlights the vulnerability of IoT devices to attacks such as SQL injection. It introduces ‘SPIDAR’, a specialised router and Raspberry Pi system, to protect home Wi-Fi networks.

Discussions

The proliferation of IoT devices has accelerated the need for robust cybersecurity measures, especially in the healthcare domain, concerning the HIPAA security rule [8]. Moreover, a pressing concern among cybersecurity researchers and professionals is the vulnerability of these devices to SQL injection attacks. Reference [40] emphasises the potential security flaws inherent in IoT systems, highlighting the threat of SQL injection attacks that can compromise the integrity of these systems. Similarly, [32] underscores the increasing risk of SQL injection attacks on categorised IoT devices and emphasises recognising these vulnerabilities to formulate appropriate defence mechanisms.

According to the observed article in Table 1, many issues are happening with IoT security—the adequacy of traditional security methodologies in addressing the sophisticated nature of current cyber threats. As IoT devices become more intricate and interconnected, they present a larger attack surface for cyber adversaries. Reference [45] underlines that the traditional security protocols are insufficient in addressing advanced attacks such as SQL injection on these complex devices. Additionally, using cloud storage in IoT devices further accentuates the risk of SQL injection, as [44] indicated. The research community has also focused on innovative solutions for the increasing threat. Some solutions use machine learning and deep learning methodologies to enhance the detection and prevention mechanisms. Reference [41] introduced a cloud-based deep learning system using the following network models: cloud-based temporal long-short term memory (LSTM) and Distributed Convolutional Neural Network (DCNN) to identify and counter SQL injection attacks in IoT devices. Furthermore, [35] accentuates the role of machine learning in the Industrial Internet of Things (IIoT) network security, focusing specifically on SQL injection prevention. An interesting approach is the creation of specialised databases and datasets to facilitate better detection of attacks. [36] created the Edge-IIoT set; this is a proposed name by the authors, not a shortcut, that works based on machine learning, highlighting SQL injection attacks targeting the system's integrity and confidentiality. Concurrently, [39] presented the attack dataset, which the researchers named the AIoT-Sol Dataset, aiming to detect malicious traffic, including SQL injection attacks precisely.

However, developers and engineers may benefit from this study's review by helping to develop better-secured IoT healthcare applications, such as employing robust security mechanisms to protect medical IoT devices from SQL attacks. In the realm of practical applications, solutions such as those proposed by [49] prioritise securing web applications in IoT, advocating measures such as secure socket layer (SSL) layers and data encryption to mitigate SQL injection risks. Meanwhile, the research by [48] focuses on reshaping IoT architectures to ensure end-to-end security in sectors such as healthcare and automotive. However, many strategies and standards could help reduce and eliminate the risk of SQL injection in healthcare. We have outlined some of them as the following scenarios:

The first scenario is about strategies for incident response and future planning in the context of IoT and SQL injections: [51]:

  • Incident detection: Deploy intrusion detection systems (IDS) specifically designed for IoT environments. These should detect unusual patterns and signs of SQL injection attempts.
  • Incident classification: Given the vast range of IoT devices, it's essential to classify incidents based on the type of device compromised and the potential impact, ensuring appropriate and timely responses.
  • Communication protocols: Have specific communication channels for IoT-related incidents. Immediate communication can limit the spread of an attack, mainly if similar devices are used across the organisation.
  • Incident containment: When an SQL injection or a similar attack is identified on an IoT device, the appropriate action is to isolate the compromised device from the network. This step is crucial to stop any potential attack expansion or unauthorised data extraction.
  • Eradication: Locate and remove the malicious SQL code or the vulnerability being exploited. This may include patching software or updating firmware on the IoT device.
  • Recovery: Restore the IoT device to its original functionality. This could involve rebooting the machine, restoring from backups, or a factory reset.
  • Lessons learned: Post-incident, analysing the causes and improving defences against SQL injections in the IoT environment is crucial.
  • Future planning: Given the dynamic nature of IoT, it's essential to keep devices updated, invest in secure coding practices and educate users about potential risks, including those of SQL injections.

The second scenario is about the analysis of regulation and standards using a risk management framework (RMF) in the IoT context [52]:

  • Step 1: Prepare: Understand the diverse range of IoT devices within the organisation and their associated risks, especially concerning SQL attacks.
  • Step 2: Categorise information systems: Group IoT devices based on their functionality, data they handle, and susceptibility to SQL attacks.
  • Step 3: Select security controls: Choose security measures tailored to IoT, such as traffic monitoring and SQL injection prevention mechanisms.
  • Step 4: Implement security controls: Introduce defences like web application firewalls (WAFs) that detect and prevent SQL injections.
  • Step 5: Assess security controls: Periodically test IoT defences against SQL injections through penetration testing or vulnerability scanning techniques.
  • Step 6: Authorise information system: Given the vulnerabilities of IoT, a risk assessment should be conducted before any IoT system goes live.
  • Step 7: Monitor security controls: Consistently observe the behaviour of IoT devices, actively identify any irregularities, such as potential instances of SQL injection and promptly respond to these anomalies in real-time.

Implementing the aforementioned strategies and standards will help mitigate and eliminate the risk of SQL injection in healthcare systems. These can help developers and engineers develop robust security mechanisms to protect medical IoT devices from SQL attacks, reducing the harmful consequences and security gaps in healthcare systems.

Limitations

The study surveyed the selected paper based on the keyword search ‘SQL attacks’ on the Google Search Engine. There is a possibility of changing the validity of this study if:

  • Other keywords were used in the search, such as: ‘IoT attacks in healthcare’ and ‘SQL attacks in IoT health devices’.
  • Conducting the keyword search in other database search engines such as Pub-Med, ProQuest, or any databases that specialise in the healthcare domain.

Conclusion

SQL, along with IoT, has a positive impact on operational and clinical healthcare. Together, they promise better healthcare delivery and quality, but security risks still exist. This study's findings have shown that SQL security attacks target IoT technology. In conclusion, while the potential threats and vulnerabilities posed by SQL injection attacks on IoT devices are evident, the collective effort of the research community in exploring diverse methodologies and solutions underscores a promising direction toward enhanced security for IoT ecosystems. As the IoT landscape continues to expand and evolve, the collaborative endeavour to address security challenges will remain paramount. Therefore, this study benefits IoT security developers and engineers by helping to develop better-secured IoT healthcare applications.

Author Contributions

Mohammed conceptualized the study, wrote the introduction section, designed the methodology, and supervised all stages of the research. Norah and Haifa were responsible for collecting and curating the data. All three authors contributed equally to the formal analysis. Mohammed and Norah co-wrote the discussion section. All authors reviewed and approved the final version of the manuscript.

Acknowledgements

The researchers express gratitude to all peer reviewers for their comments and feedback.

Conflicts of Interest

The authors declare no conflicts of interest.

Data Availability Statement

Data derived from public domain resources.

References

P. Loshin and J. Sirkin, “What is Structured Query Language (SQL)?,” Data Management, accessed February 7, 2022, https://www.techtarget.com/searchdatamanagement/definition/SQL.

Rehan, “What is SQL? The Basics of SQL for Healthcare Professionals,” Health Works Collective, accessed December 3, 2021, https://www.healthworkscollective.com/what‐is‐sql‐the‐basics‐of‐sql‐for‐healthcare‐professionals/.

V. V. Kumar, Healthcare Analytics Made Simple: Techniques in Healthcare Computing Using Machine Learning and Python (Packt Publishing Ltd, 2018).

A. Fabbrizio, A. Fucarino, M. Cantoia, et al., Smart Devices for Health and Wellness Applied to Tele‐Exercise: An Overview of New Trends and Technologies Such as IoT and AI (Healthcare, 2023).

H. Pourrahmani, A. Yavarinasab, A. M. H. Monazzah, and J. Van Herle, “A Review of the Security Vulnerabilities and Countermeasures in the Internet of Things Solutions: A Bright Future for the Blockchain,” Internet of Things 23 (2023): 100888.

M. Baklizi, I. Atoum, M. A.‐S. Hasan, N. Abdullah, O. A. Al‐Wesabi, and A. A. Otoom, “Prevention of Website SQL Injection Using a New Query Comparison and Encryption Algorithm,” International Journal of Intelligent Systems and Applications in Engineering 11, no. 1 (2023): 228–238.

M. M. Raoof, “United States Healthcare Data Breaches: Insights for NIST SP 800–66 Revision 2 From a Review of the NIST SP 800–66 Revision 1,” Journal of Information Security 15, no. 02 (2024): 232–244.

A. C. R. Guide, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, National Institute of Standards and Technology (U.S. Department of Health & Human Services, Office for Civil Rights, 2024).

A. H. Farhan and R. F. Hasan, “Detection SQL Injection Attacks Against Web Application by Using Support Vector Machine with Principal Component Analysis,” in AIP Conf. Proc. **3009** (2024), 020008. https://doi.org/10.1063/5.0190440

Z. B. Babovic, J. Protic, and V. Milutinovic, “Web Performance Evaluation for Internet of Things Applications,” IEEE Access 4 (2016): 6974–6992.

H. Jalonen, “The Uncertainty of Innovation: A Systematic Review of the Literature,” Journal of Management Research 4, no. 1 (2012): 1–47.

T. Meline, “Selecting Studies for Systemic Review: Inclusion and Exclusion Criteria,” Contemporary Issues in Communication Science and Disorders 33, no. Spring (2006): 21–27.

M. S. Rajan, J. R. Arunkumar, A. Ramasamy, and B. Sisay, “A Comprehensive Study of the Design and Security of the IoT Layer Attacks,” in 2021 6th International Conference on Communication and Electronics Systems (ICCES) (IEEE, 2021), 538–543.

C. Luo, Z. Tan, G. Min, J. Gan, W. Shi, and Z. Tian, “A Novel Web Attack Detection System for Internet of Things Via Ensemble Classification,” IEEE Transactions on Industrial Informatics 17, no. 8 (2020): 5810–5818.

V. Pedreira, D. Barros, and P. Pinto, “A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 With New Challenges on Data Sovereignty Ahead,” Sensors 21, no. 15 (2021): 5189.

M. S. Akhtar and T. Feng, “A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms Over IOT Layers,” EAI Endorsed Transactions on Security and Safety 8, no. 30 (2022).

H. A. Abdul‐Ghani, D. Konstantas, and M. Mahyoub, “A Comprehensive IoT Attacks Survey Based on a Building‐Blocked Reference Model,” International Journal of Advanced Computer Science and Applications 9, no. 3 (2018): 355–373.

I. Stellios, P. Kotzanikolaou, M. Psarakis, C. Alcaraz, and J. Lopez, “A Survey of IoT‐Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services,” IEEE Communications Surveys & Tutorials 20, no. 4 (2018): 3453–3495.

N. Pansari and D. Kushwaha, “Advancement in Robust Cyber Attacks – An Overview,” International Journal of Research in Engineering, IT and Social Sciences, 8, (2018): 113–119.

M. R. Islam and K. M. Aktheruzzaman, “An Analysis of Cybersecurity Attacks Against Internet of Things and Security Solutions,” Journal of Computer and Communications 08, no. 4 (2020): 11–25.

A. Raghuvanshi, U. K. Singh, C. Bulla, D. M. Saxena, and K. Abadar, “An Investigation on Detection of Vulnerabilities in Internet of Things,” European Journal of Molecular & Clinical Medicine 7, no. 10 (2020): 3289–3299.

A. O. Bang, U. P. Rao, A. Visconti, A. Brighente, and M. Conti, “An IoT Inventory Before Deployment: A Survey on IoT Protocols, Communication Technologies, Vulnerabilities, Attacks, and Future Research Directions,” Computers & Security 122 (2022): 102914.

D. A. S. Resul and M. Z. Gündüz, “Analysis of Cyber‐Attacks in IoT‐Based Critical Infrastructures,” International Journal of Information Security Science 8, no. 4 (2020): 122–133.

E. Ciklabakkal, A. Donmez, M. Erdemir, E. Suren, M. K. Yilmaz, and P. Angin, “ARTEMIS: An Intrusion Detection System for MQTT Attacks in Internet of Things,” in 2019 38th Symposium on Reliable Distributed Systems (SRDS) (IEEE, 2019), 369–3692.

Y. Jia, Z. Gu, L. Du, Y. Long, Y. Wang, J. Li, and Y. Zhang, “Artificial Intelligence Enabled Cyber Security Defense for Smart Cities: A Novel Attack Detection Framework Based on the MDATA Model,” Knowledge‐Based Systems 276 (2023): 110781.

M. Ibrahim, A. Alsheikh, and A. Matar, “Attack Graph Modeling for Implantable Pacemaker,” Biosensors 10, no. 2 (2020): 14.

S. Berger, O. Bürger, and M. Röglinger, “Attacks on the Industrial Internet of Things–Development of a Multi‐Layer Taxonomy,” Computers & Security 93 (2020): 101790.

K. Parvathy and B. Nataraj, “Certain Investigation of Attacks in the Field of Internet of Things and Blockchain Technology,” in 2022 Smart Technologies, Communication and Robotics (STCR) (IEEE, 2022), 1–6.

P. Mann, N. Tyagi, S. Gautam, and A. Rana, “Classification of Various Types of Attacks in IoT Environment,” in 2020 12th International Conference on Computational Intelligence and Communication Networks (CICN) (IEEE, 2020), 346–350.

K. Kaushik and A. Mangal, “Comparative analysis of penetration testing approaches for IoT devices,” in AIP Conference Proceedings (2023), 2814, 030003‑1–030003‑8. https://doi.org/10.1063/5.0148646

A. Roohi, M. Adeel, and M. A. Shah, “DDoS in IoT: A Roadmap Towards Security & Countermeasures,” in 2019 25th International Conference on Automation and Computing (ICAC) (IEEE, 2019), 1–6.

G. A. Abdalrahman and H. Varol, “Defending Against Cyber‐Attacks on the Internet of Things,” in 2019 7th International Symposium on Digital Forensics and Security (ISDFS) (IEEE, 2019), 1–6, https://doi.org/10.1109/ISDFS.2019.8757478.

F. Aloul, I. Zualkernan, N. Abdalgawad, L. Hussain, and D. Sakhnini, “Network Intrusion Detection on the IoT Edge Using Adversarial Autoencoders,” in 2021 International Conference on Information Technology (ICIT) (IEEE, 2021), 120–125, https://doi.org/10.1109/ICIT52682.2021.9491694.

Y. Cheng, Y. Xu, H. Zhong, and Y. Liu, “Leveraging Semisupervised Hierarchical Stacking Temporal Convolutional Network for Anomaly Detection in IoT Communication,” IEEE Internet of Things Journal 8, no. 1 (2021): 144–155, https://doi.org/10.1109/JIOT.2020.3000771.

Z. Chen, J. Liu, Y. Shen, et al., “Machine Learning‐Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats,” ACM Computing Surveys 55, no. 5 (2022): 1–37, https://doi.org/10.1145/3530812.

M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge‐IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning,” IEEE Access 10 (2022): 40281–40306, https://doi.org/10.1109/ACCESS.2022.3165809.

S. Kumbhar, T. Faika, D. Makwana, T. Kim, and Y. Lee, “Cybersecurity for Battery Management Systems in Cyber‐Physical Environments,” in 2018 IEEE Transportation Electrification Conference and Expo (ITEC) (IEEE, 2018), 934–938, https://doi.org/10.1109/ITEC.2018.8450159.

A. Lakshmanan, Literature Review on the Latest Security & the Vulnerability of the Internet of Things (IoT) & a Proposal to Overcome (2020). no. April, https://doi.org/10.13140/RG.2.2.13756.80006.

N. M. Min, V. Visoottiviseth, S. Teerakanok, and N. Yamai, “OWASP IoT Top 10 Based Attack Dataset for Machine Learning,” in 2022 24th International Conference on Advanced Communication Technology (ICACT) (IEEE, 2022), 317–322, https://doi.org/10.23919/ICACT53585.2022.9728969.

R. Nath N and H. V. Nath, “Critical Analysis of the Layered and Systematic Approaches for Understanding IoT Security Threats and Challenges,” Computers and Electrical Engineering 100 (2022): 107997, https://doi.org/10.1016/j.compeleceng.2022.107997.

G. De La Torre Parra, P. Rad, K.‐K. R. Choo, and N. Beebe, “Detecting Internet of Things Attacks Using Distributed Deep Learning,” Journal of Network and Computer Applications 163 (2020): 102662, https://doi.org/10.1016/j.jnca.2020.102662.

G. Rajendran, R. S. Ragul Nivash, P. P. Parthy, and S. Balamurugan, “Modern Security Threats in the Internet of Things (IoT): Attacks and Countermeasures,” in 2019 International Carnahan Conference on Security Technology (ICCST) (IEEE, 2019), 1–6, https://doi.org/10.1109/CCST.2019.8888399.

S. Rizvi, A. Kurtz, J. Pfeffer, and M. Rizvi, “Securing the Internet of Things (IoT): A Security Taxonomy for IoT,” in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (IEEE, 2018), 163–168, https://doi.org/10.1109/TrustCom/BigDataSE.2018.00034.

S. Rizvi, R. Orr, A. Cox, P. Ashokkumar, and M. R. Rizvi, “Identifying the Attack Surface for IoT Network,” Internet of Things 9 (2020): 100162, https://doi.org/10.1016/j.iot.2020.100162.

I. H. Sarker, A. I. Khan, Y. B. Abushark, and F. Alsolami, “Internet of Things (IoT) Security Intelligence: A Comprehensive Overview, Machine Learning Solutions and Research Directions. Mobile Networks and Applications,” Mobile Networks and Applications 28 (2022): 296–312, https://doi.org/10.1007/s11036‐022‐01937‐3.

S. Sharma, M. Manuja, and K. Kishore, “Vulnerabilities, Attacks and Their Mitigation: An Implementation on Internet of Things (IoT),” International Journal of Innovative Technology and Exploring Engineering 8, no. 10 (2019): 146–150, https://doi.org/10.35940/ijitee.F3761.0881019.

S. Shiaeles, N. Kolokotronis, and E. Bellini, “IoT Vulnerability Data Crawling and Analysis,” in 2019 IEEE World Congress on Services (SERVICES) (IEEE, 2019), 78–83, https://doi.org/10.1109/SERVICES.2019.00028.

C. Silpa, G. Niranjana, and K. Ramani, “Securing Data from Active Attacks in IoT: An Extensive Study,” in Proceedings of International Conference on Deep Learning, Computing and Intelligence, ed. G. Manogaran, A. Shanthini, and G. Vadivu (Springer Nature Singapore, 2022), 51–64, https://doi.org/10.1007/978‐981‐16‐5652‐1_5.

V. Veeraiah, N. B. Rajaboina, G. N. Rao, S. Ahamad, A. Gupta, and C. S. Suri, “Securing Online Web Application for IoT Management,” in 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) (IEEE, 2022), 1499–1504, https://doi.org/10.1109/ICACITE53722.2022.9823733.

V. Visoottiviseth, P. Sakarin, J. Thongwilai, and T. Choobanjong, “Signature‐Based and Behavior‐Based Attack Detection With Machine Learning for Home IoT Devices,” in 2020 IEEE Region 10 Conference (TENCON) (IEEE, 2020), 829–834, https://doi.org/10.1109/TENCON50793.2020.9293811.

National Institute of Standards and Technology (NIST), “NIST Special Publication 800 61 Revision 2: Computer Security Incident Handling Guide,” NIST Computer Security Resource Center, accessed August 2012, https://csrc.nist.gov/publications/detail/sp/800‐61/rev‐2/final.

J. T. Force, Risk Management Framework for Information Systems and Organizations (NIST Special Publication, 800, 37, 2018).

Word count: 5473

Show less

© 2025. This work is published under http://creativecommons.org/licenses/by/4.0/ (the "License"). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.