cs.CR
Internet of Things Security: A Survey on Common Attacks
May 5, 2026
This survey comprehensively analyzes the IoT threat landscape by detailing 28 common attacks and mapping them to foundational vulnerability classes, providing a structured roadmap for building secure IoT systems.
The exponential growth of the Internet of Things (IoT) has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally challenged by significant security risks, primarily due to the inherent computational limitations of devices, lack of standardization, and an expanding attack surface. Given that security is paramount to ensuring trust in these environments, this paper presents a comprehensive survey and a multi-dimensional analysis of the IoT threat landscape. It describes 28 common attacks, ranging from traditional threats, such as Man-in-the-Middle, to specialized IoT exploits, including node replication and skimming. To provide a structured understanding of these risks, we employ the STRIDE model for functional threat classification alongside the CVSS framework for quantitative criticality assessment. Furthermore, the research establishes a robust mapping between these threats and five foundational vulnerability classes (Process, Code, Communication, Operation, and Device), uncovering the specific technical entry points exploited by adversaries. Beyond threat identification, the survey presents state-of-the-art mitigation techniques and discusses emerging paradigms and research gaps, working as a roadmap for future investigation and providing a consolidated technical foundation for both researchers and practitioners aiming to build resilient and secure IoT ecosystems.
Digital Privacy in IoT: Exploring Challenges, Approaches and Open Issues
This paper analyzes digital privacy risks in IoT ecosystems, proposing a compreh…
Framework for Risk-Based IoT Cybersecurity Audit Engagements
This paper proposes a comprehensive, risk-based auditing framework designed to h…
Targeted Adversarial Traffic Generation : Black-box Approach to Evade Intrusion Detection Systems in…
This paper evaluates a novel black-box adversarial attack to demonstrate the vul…
Explainable Threat Attribution for IoT Networks Using Conditional SHAP and Flow Behavior Modelling
This paper proposes an explainable threat attribution system for IoT networks th…
Optimizing IoT Intrusion Detection with Tabular Foundation Models for Smart City Forensics
The paper demonstrates that using the transformer-based foundation model TabPFNv…
AI Security in the Foundation Model Era: A Comprehensive Survey from a Unified Perspective
The paper proposes a unified closed-loop threat taxonomy to systematically analy…
Zero Trust in the Context of IoT: Industrial Literature Review, Trends, and Challenges
This paper conducts a literature review of non-academic publications to consolid…
Toward a Multi-Layer ML-Based Security Framework for Industrial IoT
This paper proposes a lightweight, multi-layer Machine Learning-based security f…