{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T16:08:29Z","timestamp":1778083709806,"version":"3.51.4"},"reference-count":41,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,11,6]],"date-time":"2024-11-06T00:00:00Z","timestamp":1730851200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"A-MoVeR\u2014\u201cMobilizing Agenda for the Development of Products & Systems towards an Intelligent and Green Mobility\u201d","award":["02\/C05-i01.01\/2022.PC646908627-00000069"],"award-info":[{"award-number":["02\/C05-i01.01\/2022.PC646908627-00000069"]}]},{"name":"A-MoVeR\u2014\u201cMobilizing Agenda for the Development of Products & Systems towards an Intelligent and Green Mobility\u201d","award":["02\/C05-i01\/2022"],"award-info":[{"award-number":["02\/C05-i01\/2022"]}]},{"name":"Mobilizing Agendas for Business Innovation","award":["02\/C05-i01.01\/2022.PC646908627-00000069"],"award-info":[{"award-number":["02\/C05-i01.01\/2022.PC646908627-00000069"]}]},{"name":"Mobilizing Agendas for Business Innovation","award":["02\/C05-i01\/2022"],"award-info":[{"award-number":["02\/C05-i01\/2022"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["AI"],"abstract":"Background: The Internet of Things (IoT) has improved many aspects that have impacted the industry and the people\u2019s daily lives. To begin with, the IoT allows communication to be made across a wide range of devices, from household appliances to industrial machinery. This connectivity allows for a better integration of the pervasive computing, making devices \u201csmart\u201d and capable of interacting with each other and with the corresponding users in a sublime way. However, the widespread adoption of IoT devices has introduced some security challenges, because these devices usually run in environments that have limited resources. As IoT technology becomes more integrated into critical infrastructure and daily life, the need for stronger security measures will increase. These devices are exposed to a variety of cyber-attacks. This literature review synthesizes the current research of artificial intelligence (AI) technologies to improve IoT security. This review addresses key research questions, including: (1) What are the primary challenges and threats that IoT devices face?; (2) How can AI be used to improve IoT security?; (3) What AI techniques are currently being used for this purpose?; and (4) How does applying AI to IoT security differ from traditional methods? Methods: We included a total of 33 peer-reviewed studies published between 2020 and 2024, specifically in journal and conference papers written in English. Studies irrelevant to the use of AI for IoT security, duplicate studies, and articles without full-text access were excluded. The literature search was conducted using scientific databases, including MDPI, ScienceDirect, IEEE Xplore, and SpringerLink. Results were synthesized through a narrative synthesis approach, with the help of the Parsifal tool to organize and visualize key themes and trends. Results: We focus on the use of machine learning, deep learning, and federated learning, which are used for anomaly detection to identify and mitigate the security threats inherent to these devices. AI-driven technologies offer promising solutions for attack detection and predictive analysis, reducing the need for human intervention more significantly. This review acknowledges limitations such as the rapidly evolving nature of IoT technologies, the early-stage development or proprietary nature of many AI techniques, the variable performance of AI models in real-world applications, and potential biases in the search and selection of articles. The risk of bias in this systematic review is moderate. While the study selection and data collection processes are robust, the reliance on narrative synthesis and the limited exploration of potential biases in the selection process introduce some risk. Transparency in funding and conflict of interest reporting reduces bias in those areas. Discussion: The effectiveness of these AI-based approaches can vary depending on the performance of the model and the computational efficiency. In this article, we provide a comprehensive overview of existing AI models applied to IoT security, including machine learning (ML), deep learning (DL), and hybrid approaches. We also examine their role in enhancing the detection accuracy. Despite all the advances, challenges still remain in terms of data privacy and the scalability of AI solutions in IoT security. Conclusion: This review provides a comprehensive overview of ML applications to enhance IoT security. We also discuss and outline future directions, emphasizing the need for collaboration between interested parties and ongoing innovation to address the evolving threat landscape in IoT security.<\/jats:p>","DOI":"10.3390\/ai5040112","type":"journal-article","created":{"date-parts":[[2024,11,6]],"date-time":"2024-11-06T09:16:51Z","timestamp":1730884611000},"page":"2279-2299","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Enhancing IoT Security in Vehicles: A Comprehensive Review of AI-Driven Solutions for Cyber-Threat Detection"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-3415-2773","authenticated-orcid":false,"given":"Rafael","family":"Abreu","sequence":"first","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, Universidade de Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-2088-7358","authenticated-orcid":false,"given":"Emanuel","family":"Sim\u00e3o","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, Universidade de Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4632-9664","authenticated-orcid":false,"given":"Carlos","family":"Ser\u00f4dio","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, Universidade de Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"},{"name":"Algoritmi Center, University of Minho, 4710-057 Braga, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8434-4887","authenticated-orcid":false,"given":"Frederico","family":"Branco","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, Universidade de Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"},{"name":"INESC TEC\u2014Institute for Systems and Computer Engineering, Technology and Science, Rua Dr. Roberto Frias, 4200-465 Porto, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5798-1298","authenticated-orcid":false,"given":"Ant\u00f3nio","family":"Valente","sequence":"additional","affiliation":[{"name":"Department of Engineering, School of Sciences and Technology, Universidade de Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"},{"name":"INESC TEC\u2014Institute for Systems and Computer Engineering, Technology and Science, Rua Dr. Roberto Frias, 4200-465 Porto, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2024,11,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"9395","DOI":"10.1016\/j.aej.2022.02.063","article-title":"A machine learning-based intrusion detection for detecting internet of things network attacks","volume":"61","author":"Saheed","year":"2022","journal-title":"Alex. Eng. J."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"103330","DOI":"10.1016\/j.adhoc.2023.103330","article-title":"Intrusion detection system for cyberattacks in the Internet of Vehicles environment","volume":"153","author":"Korium","year":"2024","journal-title":"Hoc. Netw."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"103906","DOI":"10.1109\/ACCESS.2021.3094024","article-title":"Design and development of a deep learning-based model for anomaly detection in IoT networks","volume":"9","author":"Ullah","year":"2021","journal-title":"IEEE Access"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3431233","article-title":"Cyberattacks and countermeasures for in-vehicle networks","volume":"54","author":"Aliwa","year":"2021","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"165130","DOI":"10.1109\/ACCESS.2020.3022862","article-title":"TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems","volume":"8","author":"Alsaedi","year":"2020","journal-title":"IEEE Access"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Tany, N.S., Suresh, S., Sinha, D.N., Shinde, C., Stolojescu-Crisan, C., and Khondoker, R. (2022). Cybersecurity comparison of brain-based automotive electrical and electronic architectures. Information, 13.","DOI":"10.3390\/info13110518"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Page, M.J., McKenzie, J.E., Bossuyt, P.M., Boutron, I., Hoffmann, T.C., Mulrow, C.D., Shamseer, L., Tetzlaff, J.M., Akl, E.A., and Brennan, S.E. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, 372.","DOI":"10.1136\/bmj.n71"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.jclinepi.2020.07.005","article-title":"Using the full PICO model as a search tool for systematic reviews resulted in lower recall for some PICO elements","volume":"127","author":"Frandsen","year":"2020","journal-title":"J. Clin. Epidemiol."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"278","DOI":"10.5964\/meth.4329","article-title":"The Development of a New Generic Risk-of-Bias Measure for Systematic Reviews of Surveys","volume":"16","author":"Nudelman","year":"2020","journal-title":"Methodology"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"102254","DOI":"10.1016\/j.rineng.2024.102254","article-title":"Security Information Event Management data acquisition and analysis methods with machine learning principles","volume":"22","author":"Tendikov","year":"2024","journal-title":"Results Eng."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"100917","DOI":"10.1016\/j.measen.2023.100917","article-title":"Security enhancement and attack detection using optimized hybrid deep learning and improved encryption algorithm over Internet of Things","volume":"30","author":"Akshaya","year":"2023","journal-title":"Meas. Sens."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"103576","DOI":"10.1016\/j.adhoc.2024.103576","article-title":"LETM-IoT: A lightweight and efficient trust mechanism for Sybil attacks in Internet of Things networks","volume":"163","author":"Hassan","year":"2024","journal-title":"Hoc. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"101035","DOI":"10.1016\/j.measen.2024.101035","article-title":"Intruder identification using feed forward encasement-based parameters for cybersecurity along with IoT devices","volume":"32","author":"Sudharsanan","year":"2024","journal-title":"Meas. Sens."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"103523","DOI":"10.1016\/j.adhoc.2024.103523","article-title":"AI-powered malware detection with Differential Privacy for zero trust security in Internet of Things networks","volume":"161","author":"Nawshin","year":"2024","journal-title":"Hoc. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1016\/j.aej.2024.05.051","article-title":"Hybrid Sine-Cosine Chimp optimization based feature selection with deep learning model for threat detection in IoT sensor networks","volume":"102","author":"Alkhonaini","year":"2024","journal-title":"Alex. Eng. J."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"74571","DOI":"10.1109\/ACCESS.2020.2988854","article-title":"Fog-based attack detection framework for internet of things using deep learning","volume":"8","author":"Samy","year":"2020","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"31788","DOI":"10.1109\/ACCESS.2024.3355794","article-title":"Enhancing Security of Host-based Intrusion Detection Systems for the Internet of Things","volume":"12","author":"Nallakaruppan","year":"2024","journal-title":"IEEE Access"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"40281","DOI":"10.1109\/ACCESS.2022.3165809","article-title":"Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning","volume":"10","author":"Ferrag","year":"2022","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"48570","DOI":"10.1109\/ACCESS.2024.3383831","article-title":"Deep Neural Networks for Enhanced Security: Detecting Metamorphic Malware in IoT Devices","volume":"12","author":"Habib","year":"2024","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"4197","DOI":"10.1007\/s13369-023-08341-3","article-title":"Deep Learning-Based Power Analysis Attack for Extracting AES Keys on ATmega328P Microcontroller","volume":"49","author":"Negabi","year":"2024","journal-title":"Arab. J. Sci. Eng."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1016\/j.aej.2023.09.023","article-title":"Deep learning-based intrusion detection approach for securing industrial Internet of Things","volume":"81","author":"Soliman","year":"2023","journal-title":"Alex. Eng. J."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"101263","DOI":"10.1016\/j.measen.2024.101263","article-title":"DBN-protected material Enhanced intrusion prevention sensor system defends against cyber attacks in the IoT devices","volume":"34","author":"Ajay","year":"2024","journal-title":"Meas. Sens."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"106432","DOI":"10.1016\/j.engappai.2023.106432","article-title":"Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks","volume":"123","author":"Bhayo","year":"2023","journal-title":"Eng. Appl. Artif. Intell."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"102","DOI":"10.1016\/j.aej.2023.10.039","article-title":"Billiard based optimization with deep learning driven anomaly detection in internet of things assisted sustainable smart cities","volume":"83","author":"Manickam","year":"2023","journal-title":"Alex. Eng. J."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"112189","DOI":"10.1109\/ACCESS.2023.3318866","article-title":"A novel federated edge learning approach for detecting cyberattacks in IoT infrastructures","volume":"11","author":"Abbas","year":"2023","journal-title":"IEEE Access"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1016\/j.aej.2024.05.113","article-title":"A novel approach of botnet detection using hybrid deep learning for enhancing security in IoT networks","volume":"103","author":"Ali","year":"2024","journal-title":"Alex. Eng. J."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"101176","DOI":"10.1016\/j.measen.2024.101176","article-title":"A blockchain based federated deep learning model for secured data transmission in healthcare Iot networks","volume":"33","author":"Ganapathy","year":"2024","journal-title":"Meas. Sens."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Adly, S., Moro, A., Hammad, S., and Maged, S.A. (2023). Prevention of Controller Area Network (CAN) Attacks on Electric Autonomous Vehicles. Appl. Sci., 13.","DOI":"10.3390\/app13169374"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Baldini, G. (2023). In-Vehicle Network Intrusion Detection System Using Convolutional Neural Network and Multi-Scale Histograms. Information, 14.","DOI":"10.3390\/info14110605"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"52215","DOI":"10.1109\/ACCESS.2024.3386631","article-title":"FL-IDS: Federated Learning-Based Intrusion Detection System Using Edge Devices for Transportation IoT","volume":"12","author":"Bhavsar","year":"2024","journal-title":"IEEE Access"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Dini, P., and Saponara, S. (2023). Design and Experimental Assessment of Real-Time Anomaly Detection Techniques for Automotive Cybersecurity. Sensors, 23.","DOI":"10.3390\/s23229231"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Pascale, F., Adinolfi, E.A., Coppola, S., and Santonicola, E. (2021). Cybersecurity in automotive: An intrusion detection system in connected vehicles. Electronics, 10.","DOI":"10.3390\/electronics10151765"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"12261","DOI":"10.1007\/s00500-021-05908-w","article-title":"Cyber-physical system with IoT-based smart vehicles","volume":"25","author":"Alshdadi","year":"2021","journal-title":"Soft Comput."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"142206","DOI":"10.1109\/ACCESS.2021.3120626","article-title":"Intrusion detection system using machine learning for vehicular ad hoc networks based on ToN-IoT dataset","volume":"9","author":"Gad","year":"2021","journal-title":"IEEE Access"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Khan, J., Lim, D.W., and Kim, Y.S. (2023). Intrusion detection system can-bus in-vehicle networks based on the statistical characteristics of attacks. Sensors, 23.","DOI":"10.3390\/s23073554"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Santonicola, E., Adinolfi, E.A., Coppola, S., and Pascale, F. (2023). Automotive Cybersecurity Application Based on CARDIAN. Future Internet, 16.","DOI":"10.3390\/fi16010010"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Toker, O., and Alsweiss, S. (2020). Design of a cyberattack resilient 77 GHz automotive radar sensor. Electronics, 9.","DOI":"10.3390\/electronics9040573"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Latif, R.M.A., Jamil, M., He, J., and Farhan, M. (2023). A Novel Authentication and Communication Protocol for Urban Traffic Monitoring in VANETs Based on Cluster Management. Systems, 11.","DOI":"10.20944\/preprints202305.0683.v1"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Moustafa, N., and Slay, J. (2015, January 10\u201312). UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia.","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A.A. (2009, January 8\u201310). A detailed analysis of the KDD CUP 99 data set. Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, Canada.","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref_41","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","volume":"1","author":"Sharafaldin","year":"2018","journal-title":"ICISSp"}],"container-title":["AI"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2673-2688\/5\/4\/112\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:27:19Z","timestamp":1760113639000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2673-2688\/5\/4\/112"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,6]]},"references-count":41,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["ai5040112"],"URL":"https:\/\/doi.org\/10.3390\/ai5040112","relation":{},"ISSN":["2673-2688"],"issn-type":[{"value":"2673-2688","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,6]]}}}