**2.3 Artificial intelligence categories**

When it comes to artificial intelligence (AI), there are several philosophical groundworks that have been done. As per Russel [14], there are two types of AI: weak AI where machine can act intelligently and strong AI where machine can really think. However, when hybrid mechanisms are used, the deployment of AI system features is enhanced.

Artificial intelligence (AI) can be divided into two main categories as per the mechanisms that are used to reach intelligence through data processing [14–16]. The


#### **Table 2.**

*IoT security attributes, techniques and requirements.*

## *Artificial Intelligence Deployment to Secure IoT in Industrial Environment DOI: http://dx.doi.org/10.5772/intechopen.104469*

first category is knowledge-based in which the main component is the existence of inference engine, and it is known as expert system (ES). The second category is machine learning (ML) where different algorithms are used to allow the machine to learn from the dataset. **Table 3** illustrates the main AI categories. The core element is knowledge engineering in order to build either the dataset for ML or the fact database for ES. The data preparation phase needs to make use of other technology such as data mining and Big data techniques. The ML sub-categories are supervised learning, reinforcement learning, and un-supervised learning. The ES types of systems are rulebased, Fuzzy-logic, and frame-based.

	- **Supervised learning**: is learning from examples. This type is the easiest ML type in terms of mathematical complexity. The machine learns from *a behavior (labels)*.
	- **Reinforcement learning**: defined as learning from the environment based on experience. This type is based on an agent that can learn from *reward signal*. The machine learns from its mistake.
	- **un-supervised**: referred to as learning based on analogy and to find a pattern from a dataset. This type is used when there are no examples to learn from and no reward signal to get feedback.

**Figure 2** shows examples of mechanisms for each ML sub-category.

• Expert System (ES): The Expert System, ES is dealing with uncertain knowledge and reasoning. Rule-based ES consist of five basic components that are shown in **Figure 3**: the knowledge base, the database, the inference engine, the explanation facility, and the user. ES intelligence resembles the way the expert human apply their knowledge and intelligence to solve the problem in a narrow domain. ES processes knowledge in the form of rules and uses symbolic reasoning to solve the problem. The main difference between ES and conventional programs (CP) is that the CP processes data using algorithms on well-defined operations to solve a problem in a general domain. Examples of ES are as follows:


**Table 3.** *Artificial intelligence (AI) main categories.*

*Examples of ML sub-categories mechanisms.*

**Figure 3.** Expert system (ES) rule based adapted from *[15].*


## **3. Artificial intelligence in industrial IoT**

#### **3.1 The significance of AI in IIOT**

Artificial intelligence (AI) deployment in Industrial IoT (IIoT) systems is very convenient due to the huge data generated by the IoT system. AI approaches are used to infer knowledge and support data analytics. The main areas requiring exploration and proposing solutions for intelligent IIoT systems are threat hunting and intelligence, blockchain, edge computing such as cloud computing, privacy preservation [17].

The generated big data from IIoT are due to real-time computation and the risk increases when the communicated data are critical and sensitive; therefore, AI can support the need of big data analysis with low latency [2]. Designing security and privacy solutions require to identify business processes and operations. However, this task is complex in the regular industrial system, and it comes more sophisticated in IIoT [18]. AI technology deployment has several implementations including computing paradigm and security; however, inter-operability issues are regarded as a critical challenge [3].

The Internet of Things (IoT) has grown from a concept used in research laboratories and technology companies to a reality in everyday lives. IoT has become embedded in the operations of some companies, enterprises, and governments [19]. Emerging IoT applications are spread out in all domains, and it has affected a variety of industries. **Figure 4** illustrates the examples of IoT technology applications, which include Smart Homes, Smart Health, Intelligent Transportation, Smart Cities, Smart Agriculture, and Factory Automation [3].

Indeed, the very same report by McKinsey & Company mentioned above [19] identifies the top five sectors where IoT adds the most economic value: factories that include all standardized production environments followed by human health, work sites, cities, and retail environment. Indeed, it has been estimated in this report that IoT could add a value of \$5.5 trillion to \$12.6 trillion by 2030, where the most value can be created in B2B type of applications.

#### **3.2 The IoT business model**

The term business model describes how an organization creates, delivers, and captures value [20]. The adoption of IoT technologies in an organization will most certainly affect the business relationships and the business model for that organization. In this section, the common business models used will be discussed.

One of the early initiatives to develop an IoT business model was published in 2015 [21]. The research focused on identifying the relevant building blocks that can fit in

**Figure 4.** *Example of industry utilizing IoT technology [3].*

IoT business models, as well as the types and importance of the building blocks. This framework identified value proposition as the most important building block for IoT business models. The entities "customer relationships" and "key partnerships" followed suit in terms of importance.

Another conceptual IoT Business Model is the AIC (Aspiration, Implementation and Contribution) model presented in [22], which focuses on context-specific implementation of IoT. This model consists of three interconnected phases: Aspiration, Implementation, and Contribution. The first phase "Aspiration" focuses on defining and predicting the value creation through adoption of IoT. The second phase Implementation includes strategy development in which an organization should investigate how IoT will improve the business by gaining competitive advantage or creating enhanced products or services. In the third phase Contribution, an organization opting for IoT should study the practicality of the approach and the capabilities and resources available for the organization to implement IoT. In other words, does the organization own the knowledge and skills needed to succeed in implementing IoT.

Four types of IoT-enabled servitized business models were classified in [23]. Each business model was analyzed from three perspectives: the role of IoT, the firm's benefits, and the inhibiting factors. **Table 4** adapts from the study presents the four types of IoT business models and compares them based on the stated three perspectives. The four different business models have some shared features as the common role for IoT is adaptation, the common benefit is reducing operation cost, and the common inhibiting factor is the need for close relationship between different stakeholders.

IoT business models vary based on the type of deployment. Therefore, each industry has a different model that will fit with its value proposition. Seven IoT business models were reviewed by the researchers in [24]**.** Based on their analysis, six characteristics of the IoT business model were identified:


*Artificial Intelligence Deployment to Secure IoT in Industrial Environment DOI: http://dx.doi.org/10.5772/intechopen.104469*

#### **Table 4.**

*Business model categorization based on role, benefits, and inhibiting factors.*


#### **3.3 Analytical study of how IoT add-value to the industry**

Given the potential impact and IoT devices' prevalence and ubiquity, one needs to understand how to leverage IoT technologies to realize the value-deriving benefits associated with them. For example, IoT can be used in the factory setting to make various processes more efficient. The IoT applications have noteworthy potential in value creation in terms of operation optimization and predictive maintenance. This can be achieved by monitoring, remotely tracking and adjusting the machineries, based on sensor data from different parts of the factory. It has been estimated that IoT has a potential to create value of \$1.2 trillion to \$3.7 trillion per year in 2025 by optimizing factory settings. This improvement in the working efficiency using IoT may also induce some security and privacy issues [25]. Moreover, technology does not automatically bring added convenience or value unless firms carefully consider the context into which it is introduced and how to derive any practical or monetary benefits. Mostly, add-value is related to performance enhancement. The latter can be improved through a variety of factors such as time saving, cost saving, and processing low-overhead to name but a few.

**Table 5** shows some recent empirical research [26–31] on how to mitigate security challenges in an IoT industrial environment and different add-value. AI approaches are used more in access control, which is related mostly to the Network layer of IoT. Access control is a critical part of the system, which acts as a door for the factory to control authorized access to the recourses and the level of privileges. Due to the heterogenous and dynamic nature of the IoT networks, it will be significant to use AI approaches to enhance the access control.

The IoT add-value is constraint by several challenges and barriers. These can be categorized in two groups based on their domain as follows:



**Table 5.**

*Examples of AI usage in security mitigation approaches based on IoT layer.*

*Artificial Intelligence Deployment to Secure IoT in Industrial Environment DOI: http://dx.doi.org/10.5772/intechopen.104469*


Uncertainty of how IoT will impact existing business models, organizational strategies, and return of investment, business models are considered significant barriers to implementation, where the add-value should be clearly identified.

#### **4. Critical analysis of IoT security**

#### **4.1 Threat modeling**

A threat model is an essential approach in defining security requirements. The goal of threat modeling is to understand how an attacker would be able to compromise a system, and then to ensure that proper mitigation techniques are in place to prevent such attacks. Threat modeling pushes the design team to consider the mitigations during the process of the system creation before deployment. In general, the threat modeling process consists of four steps.


The most critical step is step 2 aimed at exposing the vulnerabilities and security challenges of the IoT systems. After properly classifying the threats, it will be possible to explore the mitigation techniques. For classifying threats in an information system, Microsoft introduced the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of privilege) threat model [32] Countermeasures are recommended and evaluated for each threat. The application of STRIDE for threat modeling in Industrial IoT (IIoT) has been studied before as discussed in [33, 34]. It also describes the adaptation of STRIDE for the Azure IoT reference architecture. After discovering threats, these should be rated according to their severity using some tools. The use of the DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) model as one of commonly used tools to assign ratings to threats is mentioned in [35] .

Generally, each IoT system will have a multi-layered architecture consisting of various layers. These layers make use of diversified technologies, which introduce a plethora of challenges and security threats. As a result, the architecture of the IoT system plays a significant role in identifying the threats and attacks. However, there is no specific standard architecture because most of the IoT solutions are applicationspecific developed with explicit technologies, resulting thus in heterogeneous and fragmented architectures.

A secured IoT network architecture was proposed in [36] that would be using Software Defined Networks (SDN) for identifying the threats. It also summarizes how IoT network security can be achieved in a more effective and flexible way using SDN. Furthermore, studies, reviews, and analysis were conducted on some existing IoT architectures and a new architecture was proposed based on those architectures [37]. This new architecture includes a lot of the key elements of the other architectures, while fostering a high degree of inter-operability across diverse assets and platforms. Among the several IoT architectures reviewed in [38], it is found that the four-layer architecture (Application, Transport, Network, and Perception layers) is often being considered by researchers to address security challenges and solutions at each layer. Moreover, the most used IoT architectures are often three-tier/layer systems, including a perception/hardware layer, network and communication layer, and application interfaces and services layer. Additionally, the Open Web Application Security Project (OWASP) [39] identified attack vectors using the three layers of an IoT system: hardware, communication links, and interfaces/services layers. Thus, as shown in **Figure 5** at all layers of the IoT architecture, implementation of IoT security mitigation techniques should include security architecture [40].

According to the IoT security architecture, there are security issues and concerns at each of the three IoT layers. Because of their relative positions in the architecture, each of these layers has its own set of security needs. However, because they are all interconnected, if one is compromised, the others may suffer as well. The goal of IoT security is to protect customer's privacy, confidentiality, data integrity, infrastructure, and IoT device security, as well as the availability of the services. The following subsection discusses the IoT Security issues and threats at each of the layer.

**Figure 5.** IoT security architecture *[40].*

#### **4.2 Classification of IoT threats and attacks with solutions**

Like in any other system, confidentiality, integrity, AAA, availability, and nonrepudiation are some general security goals and requirements as already stated in previous sub-section. This section discusses about some of the most frequent threats and attacks at each IoT layer that might affect at least one of these criteria. Following **Table 6** provides an overview of the classification of the threats at each IoT layer and some proposed solutions corresponding to these threats [41–44].

#### **4.3 State-of-art IoT security mitigations**

The primary goal of implementing security mitigation is to ensure privacy, confidentiality, and the security of IoT users, infrastructures, data, and devices, as well as to ensure the availability of services provided by an IoT ecosystem. As a result, mitigation and countermeasures are often implemented in accordance with the traditional threat vectors.

In the above sub-section, some empirical based solutions have been listed in **Table 2** corresponding to the given threat or attack. Based on the studies performed in [11, 45–47], it is observed that some ubiquitous state-of-the-art technologies such as Blockchain, Fog Computing, Edge Computing, SDN, Artificial Intelligence can be used to enhance the security in an IoT environment. These technologies are vital and have enormous potential for addressing the IoT ecosystem's security concerns.

**Blockchain (BC)**: A blockchain is a special kind of database. It differs from a standard database because of the unique approach in which it saves data. Data are, hence, saved in a series of blocks that are subsequently linked together to form a blockchain. IoT devices capture data from sensors in real time, and BC provides data security by establishing a distributed, de-centralized, and shared ledger [48]. Due to its critical operational properties, such as distributed functionality, de-centralized behavior, encrypted communication, embedded cryptography, and authorized access, it provides security solutions against a variety of threats across the different layers of the IoT such as disclosure of critical information, device compromise, malicious data injection, tag cloning, node cloning, unauthorized access, software modification, data manipulation, spoofing, session hijacking, false data injection, brute force attack.

**Fog computing (FC)**: Fog computing allows processing, storage, and intelligent control to be close to the data devices themselves. Hardware failures, eavesdropping, device compromise, disclosure of critical information, leaks of critical information, node tampering, node capture attacks, node replication, battery drainages attack, illegal access, DoS and DDoS, MITM, etc. are just some of the threats and attacks that can be prevented by the vast processing, storage and management capabilities of the voluminous data that it processes, stores, and manages.

**Edge Computing (EC)**: In edge computing, data are transmitted within the network or within the device. Data movement is reduced as compared to fog computing, which alleviates security concerns. Real-time services such as intrusion detection, identity recognition, access management enable edge computing to strengthen security against a variety of threats and attacks, including battery drain, hardware failure, eavesdropping, node capture, DoS and DDoS, SQL injection, jamming, malicious attack, virtualization, data integrity, cloud flooding attack, illegal access.

**SDN**: Software-defined networking is the preferred method of managing network security in a variety of application domains, including smart homes, businesses, and e-health care systems. The control plane and data plane refer to the two primary tasks


*Artificial Intelligence Deployment to Secure IoT in Industrial Environment DOI: http://dx.doi.org/10.5772/intechopen.104469*


#### **Table 6.**

*Common IoT threats, description, and solutions.*

of switches/routers. The control plane determines where traffic should be routed, whereas the data plane routes traffic to a specific destination. The control plane and data plane are linked together in conventional networking, but are separated in an SDN architecture. The data plane runs on hardware, while the control plane runs on software and is logically centralized. SDN is capable of monitoring and detecting harmful activity on the network. It separates the compromised nodes from the rest of the network by identifying them. Flow statistics in SDN architectures was employed to detect anomalies through a variety of techniques, including DDoS attacks, port scanning, and worm spreading [49].

**Artificial intelligence (AI)**: The use of artificial Intelligence is growing in cybersecurity because it can help protect systems from cyber threats in a more dynamic way. AI is most frequently employed in cybersecurity for intrusion detection, which involves studying traffic patterns and looking for activities indicative of threat. With the growth of IoT technology, AI has received considerable attention. As a result of this expansion, AI technologies such as machine learning, support vector machines, decision trees, linear regression, and neural networks have been integrated into IoT cybersecurity applications to detect threats and prospective attacks. AI is viable for IoT security, particularly for the four critical risks: intrusion detection, defense against DoS/DDoS attacks, device authentication, and virus detection [50]. The following section discusses the role of AI techniques and their comparative studies for IoT security.

## **5. Comparative study AI categories used to mitigate industrial IoT security**

AI is a promising approach, which can be employed to mitigate the security challenges faced by IoT autonomous system. As per [51], the secure solution can be improved through AI approaches to predict future threats. The researchers point out generative adversarial networks (GAN) that are using generator and discriminator. The generator's scope is to add samples to the real data, whereas the discriminator's purpose is to remove the fake samples from the original data. The suggested AI-based solutions are from the data-driven type, which are support vector machine (SVM), neural networks (NN), artificial neural networks (ANN), recurrent neural network (RNN).

A framework has been proposed where AI based reaction agent is introduced [52]. The security enhancement is a combination between two intrusion detection systems: knowledge-based and anomaly-based. For network pattern analysis, Weka has been used as data mining tool and NSL KDD as dataset source and distributed JRip algorithm in which machine learning can be used for security enhancement. For anomalybased IDS, the dataset is collected from real sensor data and the model uses library of python Scikit-learn.

The main finding of [53] is that AI can be used for IoT security mostly in intrusion detection system (IDS) in order to analyze the traffic and learn the characteristic of the attack. Naïve Bayes algorithm is mostly used to classify attack data where it is assumed this to originate from the independent events.

A two-tier framework is proposed by [54] for embedded systems such as an IoT system. The security mitigation is to improve the traditional host-based IDS. The machine learning approach used is of a pipeline method where a set of algorithms are involved which allow the flexibility of adjusting the ML processing and the link between different tiers.

From a comprehensive survey published by [55], it has been found that high-level encryption techniques are not advisable to be implanted in IoT systems due to resource limitation. Therefore, AI approach is a very strong candidate to enhance security in IoT system in addition to the other existing network security protocols. Consequently, to the nature of IoT-layered architecture, each layer has its specific security threats. It has been noticed that machine learning approaches are widely adopted in comparison to the knowledge-based expert systems.


**Table 7.** *AI branches used in IoT security solutions.*

#### *Artificial Intelligence Deployment to Secure IoT in Industrial Environment DOI: http://dx.doi.org/10.5772/intechopen.104469*

Another study published by [56] suggests that the machine learning based security approaches are used mostly to enhance the detection mechanism of IDS. The only approach that provides mitigation features is based on the techniques that utilizes deep learning such as Gaussian mixture, SNN, FNN, RNN or utilize supervised machine learning such as SVM. **Table 7** [45, 51–58] shows that machine learning is mostly used in the security mechanisms in IoT environment as there are a huge data to learn from.

As per the literature, AI-based methods are recommended to be used to enhance protection against IoT attack. However, most of them are not yet commercialized due to the difficulty of its implementation. The focus of proposing different IoT security mitigation is to introduce high-performance approaches with low cost in a real-time environment. Moreover, dataset preparation is a critical factor that affects the accuracy and efficiency of machine learning approaches.

#### **6. Conclusions**

As discussed in this chapter, industries deployed IoT technology to develop industrial applications to add values to their businesses and consumers in terms of performance and cost. Different business models are also reviewed to comprehend that the standardization of IoT business model is very difficult due to the different types of industries and their varied requirements. As such, it is critical for industries to ensure confidentiality, data integrity, availability to ensure data privacy, and security of the system. However, maintaining privacy and security emerged as a challenge in IIOT because of the sophistication of the IoT system. This chapter considered the most used three-layer IoT architecture to study and review the various possible threats and attacks and their conventional mitigation techniques. Conventional security mechanisms have a limitation in IIoT, particularly in predicting attacks.

The state-of-the-art technologies such as Blockchain, Fog computing, Edge computing, SDN, and AI have also been discussed to enhance the security levels in IIoT systems. But artificial intelligence (AI) has been emerging as a promising approach to secure the IIoT-based systems because of its ability to learn from the big data. It furthermore supports data analysis and enhances security mechanisms. AI techniques such as SVM, NN, ANN, RNN have been reviewed and recommended to design and improve countermeasures such as IDS. Data engineering is a critical phase to prepare the datasets required for machine learning. Therefore, it is highly recommended to consider this phase in order to achieve an effective AI deployment. Based on the analysis presented herein, it is the authors' view that this is an open challenge to enhance security mechanisms through AI-based mitigation techniques.

#### **Acknowledgements**

We would like to extend our appreciation to the Ministry of higher education and research and innovation for funding this research through the block funding program. This paper is aimed at contributing and further fostering the quality of research in the University of Technology and Applied Sciences in Oman. We extend our gratitude to the reviewers for their insights on the submitted manuscript that greatly improved the chapter.
