**Table 1.**

*Intrusion detection schemes.*

Protocol (NTP) attack, Network BIOS (NetBIOS) attack, UDP lag (delay). The authors in [11] proposed a hidden Markov model for predicting and detecting multi-stage attacks. Their work is not applicable for IoT systems as it fails on the high dimension state space since the incoming network traffic in IoT will have largely hidden states. The approach developed by [12] has a high detection rate as it identified most of the occurred attacks. However, they did not consider DDoS attacks. Authors in [2] proposed an anomaly detection module that uses Long Short-term memory for detecting both known and unknown attacks with a low false-positive rate. Their work shows high recognition rates. In [3], researchers discussed the multi-stage attack and its prediction. They proposed a multi-stage Naive Bayes model that can predict each stage of the multistage attack scenarios. However, schemes in [2, 3] are not suitable for predicting multiple attack intents in heteroecious environments. Besides, the authors in [13] propose a Hierarchical Hidden Markov Model (HHMM), which is an extension of the hidden Markov model (HMM), as the method for activity recognition. They analyzed the accuracy rate of their model with the Naive Bayes and HMM schemes. The comparison showed that the HHMM has the highest accuracy rate among others. However, they did not take into consideration the nature of IoT systems. The authors in [14] described routing-specific attacks in the IoT systems and concentrated on identifying the malicious node's location and neighborhood to inform the network administrator. In [15], the researchers proposed an ID scheme to detect flood attacks in IoT networks. Their proposed model identifies the attacks through the back-propagation neural network model. **Table 1** summarizes the properties of the major types of existing ID schemes.
