A Survey On Application of Machine Learning For Internet of Things

International Journal of Machine Learning and Cybernetics (2018) 9:1399–1417
https://doi.org/10.1007/s13042-018-0834-5
ORIGINAL ARTICLE
A survey on application of machine learning for Internet of Things

Laizhong Cui1 · Shu Yang1 · Fei Chen1 · Zhong Ming1 · Nan Lu1 · Jing Qin2
Received: 17 April 2018 / Accepted: 29 May 2018 / Published online: 11 June 2018
© Springer-Verlag GmbH Germany, part of Springer Nature 2018
Abstract
Internet of Things (IoT) has become an important network paradigm and there are lots of smart devices connected by IoT. IoT
systems are producing massive data and thus more and more IoT applications and services are emerging. Machine learning,
as an another important area, has obtained a great success in several research fields such as computer vision, computer graph-
ics, natural language processing, speech recognition, decision-making, and intelligent control. It has also been introduced
in networking research. Many researches study how to utilize machine learning to solve networking problems, including
routing, traffic engineering, resource allocation, and security. Recently, there has been a rising trend of employing machine
learning to improve IoT applications and provide IoT services such as traffic engineering, network management, security,
Internet traffic classification, and quality of service optimization. This survey paper focuses on providing an overview of the
application of machine learning in the domain of IoT. We provide a comprehensive survey highlighting the recent progresses
in machine learning techniques for IoT and describe various IoT applications. The application of machine learning for IoT
enables users to obtain deep analytics and develop efficient intelligent IoT applications. This paper is different from the pre-
viously published survey papers in terms of focus, scope, and breadth; specifically, we have written this paper to emphasize
the application of machine learning for IoT and the coverage of most recent advances. This paper has made an attempt to
cover the major applications of machine learning for IoT and the relevant techniques, including traffic profiling, IoT device
identification, security, edge computing infrastructure, network management and typical IoT applications. We also make a
discussion on research challenges and open issues.
Keywords Machine learning · IoT · Networking · Application
1 Introduction
Internet of Things (IoT) is becoming a new pervasive and

ubiquitous network paradigm offering distributed and trans-
* Fei Chen parent services [1]. Through IoT, lots of smart devices are
fchen@szu.edu.cn
connected, such as sensors, mobile phones and other smart
Laizhong Cui devices. These smart devices can communicate with each
cuilz@szu.edu.cn
other and exchange information. According to the IDC sta-
Shu Yang tistical report, there are over 50 billion IoT devices in the
yang.shu@szu.edu.cn
world; they will produce over 60ZB data by 2020 [2–4].
Zhong Ming By collecting the data of these IoT devices and analyzing
mingz@szu.edu.cn
these data to sense and understand the environment, the
Nan Lu complex systems can be constructed to enhance the qual-
lunan@szu.edu.cn
ity of life, such as diagnosis of machine condition, human
Jing Qin body activities, health monitoring, localization, and struc-
harry.qin@polyu.edu.hk
tural monitoring.
1
College of Computer Science and Software Engineering, As the popularity and widespread use of IoT, the mas-
Shenzhen University, Shenzhen, People’s Republic of China sive sensors and devices are generating massive data and
2
Center for Smart Health, School of Nursing, The Hong Kong various IoT applications are developed to provide more
Polytechnic University, Kowloon, Hong Kong
13
Vol.:(0123456789)

1400 International Journal of Machine Learning and Cybernetics (2018) 9:1399–1417
accurate and more fine-grained services to users. These • We summarize typical IoT applications leveraging
IoT big data can be further processed and analyzed to pro- machine learning, including personal health applications
vide intelligence for the IoT service providers and users. and industrial applications.
The emerging IoT applications involve many data-driven • We investigate the edge computing and SDN in IoT using
analytic procedures to efficiently utilize big IoT sensing machine learning, including edge computing infrastruc-
data [5]. Recently the AI algorithms are introduced into ture design and IoT network management.
the IoT data analytic procedures [6–8]. • We also discuss the challenges and open issues on the
Over the past decade, the artificial intelligence (AI) reviewed areas, including traffic profiling, IoT device
achieves a great success with the advances in comput- identification, security and edge computing, and SDN
ing technologies of cloud computing, graphics process- via machine learning.
ing unit(GPU) computing, and other hardware enhance-
ments [9]. Machine learning is the most representative The remainder of this paper is organized as follows. Sec-
AI algorithm, which has been already applied in multiple tion 2 introduces the progress about the application of
fields, such as computer vision, computer graphics, natural machine learning to traffic profiling. Section 2 discusses how
language processing (NLP), speech recognition, decision- to use machine learning to identify IoT devices. Section 4
making, and intelligent control. Similarly, machine learn- presents the security solutions of IoT systems by machine
ing can also bring a potential benefit to computer network. learning. Section 5 presents edge computing infrastructures
Some researches studied how to utilize machine learning based on machine learning. Section 6 describes how to use
to solve networking problems, including routing, traffic SDN with machine learning to manage the IoT network. Sec-
engineering, resource allocation, and security [10–14]. tion 7 summarizes the typical IoT applications with machine
Machine learning has been regarded as the key technol- learning. Finally, Sect. 8 concludes this paper.
ogy of autonomous smart/intelligent network management
and operation. Especially, most IoT systems are becoming
increasingly dynamic, heterogeneous, and complex; thus 2 Traffic profiling
the management of such IoT systems is difficult. Moreover,
the services of of such IoT systems need to be improved, Traffic profiling refers to the fundamental task of character-
in terms of effectiveness and diversity, in order to attract izing, understanding the traffic patterns in communication
more users. A lot of studies have made progress on apply- networks, including IP, wireless, mobile networks etc. It
ing machine learning to IoT. Thus we can find that IoT can provides insightful information about the underlying traf-
also benefit from leveraging support from machine learn- fic, thus helps manage, engineer the network to obtain bet-
ing. The application of machine learning for IoT enables ter performance. For instance, among the benefits, detect-
users to obtain deep analytics and develop efficient intel- ing abnormal traffic specifically enhances the security of
ligent IoT applications; this is because machine learning the underlying networks, which have gained considerable
can provide feasible solutions to mine the information and research efforts in recent years.
features hidden in IoT data. We define the traffic profiling problem as follows: the
In this paper, we survey the application of machine input of a traffic profiling task is the captured real network
learning for IoT by supporting the possible cooperation communication data; the output is a collection of patterns
with use case scenarios. Meanwhile, we also study the underlying the traffic. Figure 1 also shows the traffic profiling
current missing integration aspects of the machine learn- problem. Traditionally, researchers focused on investigating
ing and IoT for designating the challenges and future statistical properties of networks traffics, e.g., heavy hitters,
directions. heavy-tail, self-similarity [15–18]. While this approach
As a summary, the original contributions of this paper obtains useful information for engineering networks, it is
are as follows: limited to particular networks. In recent years, researchers
are leveraging the power of machine learning to profiling
• We illustrate the potential of machine learning for traf- network traffics, which obtains more general results.
fic profiling. The unsupervised solutions and supervised Here we review the progress of this area in the last dec-
solutions are presented detailedly. ade, with a focus on security applications. We categorize
• We make a summary on the IoT device identification with the works into unsupervised and supervised solutions. We
machine learning, in terms of mobile phone identification note that the categorization is based on whether background
and general IoT device identification. information is employed in the proposed solutions, which
• We review IoT system security based on machine learn- is different with traditional, theoretical, and abstract unsu-
ing approaches, in terms of device security and network pervised/supervised learning; here we deal with domain-
security. specific problems. We first summarize the core machine
13
International Journal of Machine Learning and Cybernetics (2018) 9:1399–1417 1401
backbone data capture: traffic paerns

network tcpdump machine learning
based data analysis: traffic engineering
etc.
clustering,
wireless network app idenficaon
Bayesian, frequent
data process: item set mining,
flow extracon security intelligence
etc.
mobile network etc. etc.
Fig. 1 Traffic profiling model
learning technique of the proposed approach, then present source port, destination port, protocol
the detailed approach, and finally discuss the merits and lim- type) in each cluster.
its. Table 1 lists a short summary of reviewed works. This scheme finally validated proposed approach on the
core network traffic. The experimental results confirmed that
2.1 Unsupervised solutions the proposed scheme successfully found common, stable,
and anomalous behaviors in the experiments. One notewor-
Xu et al. [19] used the clustering technique to profile IP thy feature of the scheme is that the number of the clusters
network traffics. The scheme first captures traffic data and are adaptively determined. Along this line, the clustering
aggregates the data into flows. Each flow has the same technique is also used in [29] to profile higher level appli-
five dimensions: (source IP, destination IP, cations, specifically on Email. In future, one interesting,
source port, destination port, protocol unknown problem is how different clustering algorithms
type). Next, the scheme clusters the data for each dimen- influence the analysis.
sion, i.e. the source IP dimension, the destination dimension, Brauckhoff et al. [23] used frequent item set mining to
etc. The significant clutters (according to the distributions) detect anomalies for network traffics. The proposed scheme
are output. We note that the significant clusters denote the processes the captured traffic into seven-entry tuples
patterns of the network traffic. The IP addresses information (srcIP, dstIP, srcPort, dstPort, proto-
reveals the nodes’ patterns of the communication traffic; the col, #packets, #bytes). The scheme first employs a
ports information shows the services patterns. Both contains traditional histogram-based detectors to filter out suspicious
important patterns of the traffic. The scheme employed a flows. For the filtered traffic, the scheme sets up a transac-
newly proposed entropy based metric to determine how may tion with seven items (srcIP, dstIP, srcPort,
clusters are output. Then, for each cluster, the scheme ana- dstPort, protocol, #packets, #bytes) for
lyzed the structures, i.e. similarities and dissimilarities, of each suspicious flow. Then the scheme uses frequent item set
the traffic. The scheme also studies how observed structure mining to find the anomalies. For instance, if an IP address
evolves with time. Based on the found structures, the scheme is flagged as an frequent item set, it may be an anomaly. The
used dominant state analysis to model the interaction of the output of the proposed scheme are all the frequent item sets.
five dimensions (source IP, destination IP,
Table 1 Recent machine learning based traffic profiling works

Work Problem Technique Data Application On security
2008 [19] Traffic pattern analysis Clustering Core network Traffic analysis Median
2009 [20] P2P identification Frequent item set mining Campus network App. identification Low
2010 [21] Traffic identification Cluster on graphs Backbone network App. identification median
2011 [22] P2P identification General clustering Backbone network App. identification Median
2012 [23] Anomaly detection Frequent item set mining ISP Intrusion detection High
2013 [24] Traffic classification ML algorithm set Campus App. identification Median
2014 [25] Traffic visualization Frequent item set mining Campus Visualization Median
2015 [26] Network user profiling k means Residential network User profiling Median
2016 [27] Network user profiling k means DNS User profiling High
2017 [28] User location prediction ML algorithm set Wireless AP User profiling Median
13

The scheme was validated on a median-sized ISP. First, During performance evaluation of the proposed scheme,
ground truth is found using manual analysis, which is based 10–15 patterns are obtained for BitTorrent traffics cap-
to top-k queries. Then the scheme was used to identify tured in a campus network. These extracted patterns prove
anomalies. Experimental results show that the proposed to have more 90% accuracy when tested on real traffic.
scheme incurs a very small number of false positives. The An interesting future work along this line is to adapt this
biggest advantage of this scheme is that it reduces the time approach to other approaches.
needed to analyze anomalies when detected. One challeng- Iliofotou et al. [21] used clustering technique, specifi-
ing aspect of this approach is on parameter selection. In its cally community mining in graphs, to profile traffics into
current form, the threshold for frequent item set mining is different applications. The proposed scheme first uses the
by trial and error. captured traffic to construct an IP-level connection graph;
Glatz et al. [25] used frequent item set mining to pro- indeed, only IP addresses are used, but not depending on
file network traffic and visualize the traffic. The proposed ports, payloads. Then the scheme finds clusters/commni-
scheme first captures the traffic, obtaining a five tuple for ties in the graph. For each cluster, the scheme tried to
each flow; flow statistics, e.g. payload size etc., may also be identify the underlying application using traditional sig-
included. Then, the scheme employs frequent item set min- nature analysis. The identified application is labeled for all
ing to find out top traffic flows. Later, the scheme plots the the cluster, which is based on the intuition that the cluster
traffic using a hyper graph. shares the same application type.
The scheme was validated on campus networks. By vis- Further performance evaluation on four backbone net-
ualizing the traffic, it is easy to find the dominant traffic work traffics confirmed the effectiveness. The accuracy is
patterns, including popular network visits, network attacks, around 90%. Besides, the scheme runs fast and works on
network misconfigurations, etc. encrypted traffic. An interesting future work could be lift-
Bakhshi et al. [26] employed K-means clustering to pro- ing the accuracy by employing other useful information,
file network users into different behaviors, which is later e.g. port, payload.
used to engineering software defined networks (SDN). The Iliofotou et al. [22] combined clustering and statistical
proposed scheme first categorizes the captured network into methods to profile network traffics, specifically on P2P
different traffic types. This leads to a 9-entry tuple character- traffics. The proposed scheme works on the traditional
izing application layer services visits. The scheme then uses (source IP, destination IP, source port,
K-means clustering to group different user behaviors. The destination port, protocol type) tuple. The
obtained user behavior is finally used to support software scheme first groups captured traffic into similar flows using
defined network designs. general clustering algorithms. Then for each cluster, the
The scheme is validated on a residual network. A com- scheme generates a traffic dispersion graph. Leveraging
mercial software NetFlow was employed to capture the traf- statistical graph metrics of typical P2P traffics, the scheme
fics. When clustering, the scheme worked from 2 to 7 clus- determined whether a cluster is a p2P traffic.
ters in order to understand user behaviors. The idea of this The performance evaluation shows that the proposed
scheme for SDN design is interesting. scheme identifies 90% of P2P traffic in tested backbone
networks. The accuracy achieves 95%. accuracy in back-
2.2 Supervised solutions bone traces. In future, whether this approach adapts to
other application types is worth studying.
Hu et al. [20] employed the frequent item set mining tech- Huang et al. [24] employed Naive Bayes, decision tree
nique to identify P2P traffic from a bunch of network traffics. to classify network traffics into different high-level appli-
The main idea of the proposed scheme is to extract domi- cations. The proposed scheme defined several statistics on
nant, unique features from the P2P traffic using frequent early negotiation round of upper-layer application. Then
item set mining. In order to get the features, the scheme first taking these statistics as features and well captured know-
records P2P traffics delicately as trained data. The data is type flows, the scheme trained different classifiers for the
processed to contain the standard five tuple, i.e. (source traffic. The well-trained classifiers are later used for future
IP, destination IP, source port, desti- traffic detection.
nation port, protocol type), and some manually The proposed scheme was evaluated on campus traffics.
statistical properties about the communication flow. Then Experimental results show that classifiers with the newly
the scheme uses frequent item set mining to find the the defined statistics have average 92% accuracy. Specifically,
patterns that occur above a threshold. The patterns latter are the accuracy is increased by around 7%, compared with the
later used to identify P2P traffic for online network traffics. It same classifier but without the newly defined feature. To
is worthy noting that a lot of engineering, scientific, heuristic employ this approach, one needs to know the total number
efforts are done in order to obtain good results.
13
of application types; for unknown traffics, how the scheme Huge traffic volume Another challenge is how to deal
works is not known. large volume of traffic, both in storing them and processing
Kirchler et al. [27] used a K-means variant to profile net- them without lowering accuracy. Parallel machine learning
work users according to the network traffic. The proposed algorithms or effective sampling may help. It is worthy fur-
scheme focused on DNS queries. The data is a vector show- ther investigation in future.
ing how many times a flow visits a specific domain name; Model security A very interesting and challenging prob-
the dimension of the vector is the total number of different lem is what if the traffic is perturbed with malicious flows.
domains. The scheme then employs a modified K-means That is the input is not clean; a malicious adversary may
clustering algorithm to group different flows, which denote purposely pollute the network traffic in order to fool classi-
all the traffic of a specific user. Thus, the scheme success- fiers. This needs to be further addressed in future.
fully identified internet users.
The scheme is validated on a campus network DNS
server. Among a period of 2 months, as high as 19% users
were identified completely; 73% of the users in this subgroup 3 IoT device identification
can be linked over a period of 56 days. The accuracy is high.
It is worthy noting that the scheme does not use traditional Device identification refers to a mechanism that predicts the
IP and port information. It is interesting to adapt this tech- type of an internet-of-thing (IoT) device according to the
nique to other network traffics. device’s characteristics. Understanding the identifications
Das et al. [28] used a couple of machine learning tech- of IoT devices is critical to service providers (e.g. mobile
nique to profile users in network traffics in order to identify apps) for commercial purposes (e.g. advertising), and infra-
user locations using traffic information only. The proposed structure (e.g. system/network) managers for security (e.g.
scheme defined several flow level and application level sta- finding vulnerable devices).
tistics and used them as features to train machine learning Specifically, we define the IoT device identification prob-
algorithms. The ground truth is obtained by manually selec- lem as follows: the input is various data collected from a
tion. The trained classifiers are later used to identify user device, e.g. sensors’ data, network data, etc.; the output is
locations. a label for the IoT device indicating the type of the device.
The proposed scheme was validated on network traffics Figure 2 also shows the model for device identification. This
captured on wifi access points (AP). The highest accuracy problem receives extensive attention in recent year due to
is 89%, which is obtained by the Bayesian Network machine the proliferation of mobile computing, IoT depolyment, and
classifier. An advantage of this scheme is that it does not smart everything. Since this area is rapidly evolving due to
record user personal information, thus favors for user pri- fast wireless and mobile technology innovations, we review
vacy. How to choose machine learning algorithms is also recent efforts on leveraging machine learning to identify IoT
heuristic. devices in the last five years. Table 2 presents a short sum-
mary of the reviewed works.
2.3 Challenges and open issues It is worthy noting that proactive approaches are based on
IP address, MAC address, unique device number by manu-
Model reliability All the proposed schemes are valid on facturer or operating system are not stable; thus, research-
tested traffics. It is not known whether the model is still ers turned to machine learning approaches, which may also
effective on different traffics in different ISPs, enterprises, be passive identifications. In the following, we first review
countries, etc. One inherent reason is that traffic patterns proposed approaches that tried to identify mobile phones,
change from time and space. In future, addressing reliability then we move to review works that aimed to identify general
is both interesting and challenging. IoT devices.
PC / laptop data capture: unique device

sensors’ data, idenficaon
mobile phone network trace, machine learning
sensors etc. based data
analysis:
network camera data process: clustering, kNN, k-
adverng,
feature means, SVM, etc.
network/security
general IoT device extracon etc. engineering, etc.
Fig. 2 Device identification model
13

Table 2 Recent machine learning based device identification works

Work Device Technique Data/signal Accuracy (%) On security
2013 [30] Android kNN, SVM Network traffic 90 Median

2014 [31] Android, iOS kNN, GMM Acoustic voice 98 Median
2014 [32] Android, iOS kNN, maximum likehood Acoustic signal, accelerator 90, 50 Median
2015 [33] ZigBee device Decision tree, ensemble learning Radio signal 90 High
2015 [34] Android, iOS kNN, GMM Capacitive sensing 98 High
2016 [35] Camera SVM Image signal 97 Low
2016 [36] iOS Threshold based classifier, SVM Phone settings 90 High
2017[37] Android, iOS SVM Magnetometer 94 Low
2017 [38] Android, iOS Random forestry network traffic 95 High
2017 [39] Android, iOS General binary classifier Network traffic 99 Median
3.1 Mobile phone identification The proposed scheme was tested both for the acoustic
sensor (i.e. microphone and microspeaker) and the accelera-
Stober et al. [30] used kNN and SVM to identify mobile tor sensors. For the former, a 90% high accuracy is achieved
phone based on network communication traffic. The pro- for the former. For the latter, a 50% accuracy is obtained
posed scheme records mobile traffic using tcddump for a with the additional user-agent string for web browsing. An
time interval and further transforms the captured data into a interesting future work along this line is to employ more
23-entry feature. The feature is heuristically defined based powerful machine learning algorithms and more features
on traffic bursting patterns and not related to detailed pay- to pursue higher accuracy. Currently, only few features are
load contents. Then, the captured data is trained using kNN used.
and SVM to identify mobile phones. For future phone iden- Huynh et al. [34] used kNN and Gaussian mixture to
tification, just apply the trained classifier. identify mobile phones with the touch screen sensor. The
The proposed scheme was validated on 20 Android proposed scheme is based on the fact that every touch screen
mobile devices running 3G communication links. The accu- of mobile phones are different. The scheme employed 16 dif-
racy achieves 90%. The computation is also efficient: the ferent features regarding to signals generated by capacitive
time needed to identify a mobile phone is about 15 min. The sensing. Then Gaussin mixture model and kNN are used to
results indicate that mobile phones can be reliably identified/ identify mobile devices.
tracked even the communication traffic is encrypted. The proposed scheme was tested on 14 mobile phones
Das et al. [31] employed kNN and Gassian mixture model with Android, iOS as operating systems. The identification
to identify mobile phones based on acoustic data. The pro- accuracy achieve 98%. Such a high accuracy has various
posed scheme captured and extracted features on acoustic potential applications for authentication scenarios, e.g. ATM
signals from the microphone and the microspeaker of a authentication, smart unlocking, as pointed out in the paper
phone. In total, 25 features are defined. Then the proposed [34].
scheme trained machine learning models (i.e. Gassian mix- Kurtz et al. [36] used threshold based classifier and SVM
ture) on the captured data. Later, the trained model or kNN to identify mobile phones for Apple’s iOS system. The pro-
is used to identify mobile phones. posed scheme employs manually defined feature from phone
The proposed scheme was validated in lab on 52 mobile settings, including public (device model, the current iOS
phone. Both iOS and Android systems exist. Experimental version, etc.) and protected resources (location data, photos,
results showed that devices manufactured by different ven- contacts, calendar data, reminders, sensor data) of the phone.
dors can be effectively identified. In addition, devices from In total, 29 features are defined. The scheme then tested the
the same manufacturer and model can also be identified. The effectiveness of these 29 features. A threshold based clas-
accuracy is as high as 98%. sifier and a linear SVM classifier are trained and employed
Bojinov et al. [32] used kNN and maximum-likelihood to identify phones.
classification to identify mobile phones based on acoustic/ The proposed scheme was implemented as an iOS app
acceleratormeter sensors. The scheme first tried to identify and tested. For the threshold based classifier, more than 90%
features for acoustic/accelerator sensors. The features reflect accuracy was achieved; for the SVM classifier, roughly a lit-
a basic fact that each sensor is imperfectly manufactured and tle higher accuracy was obtained, but with the added more
thus has its unique noises. Based on the unique features, the computation overhead. An interesting future work is to adapt
scheme just uses simple kNN to identify mobile phones. the proposed scheme to Android and other IoT devices.
13
Baldini et al. [37] employed SVM to identify mobile The proposed scheme was tested on a representative set of
phones based on magnetometer sensor. The proposed consumer IoT devices in the European market. A data set of
scheme first captured the magnetometer digital output with a 540 fingerprints representing 27 device types was obtained
given sampling time using an app in the phone. The scheme for training and validation. Experimental results showed
then extracts Shannon entropy, log energy entropy, variance, that the accuracy of identification achieved over 95% for 17
standard deviation, skewness, and Kurtosis from the cap- devices, and around 0.5% for the remaining 10 devices with
tured data as features. The features are then input an SVM the same manufacturers. As shown by the paper, the device
to train the later classify mobile phones. identification results can be further used by SDN controllers
The proposed scheme was validated on ten phones of to enforce security policies in the IoT network composing of
different of different brands and models. The classifica- various devices. An interesting future work along this line
tion accuracy achieved 94% for mobile phones of different could be using other machine learning models and more
brands and models. However, intra-model classification has features to increase identification accuracy.
an accuracy around 54%. Meidan et al. [39] employed binary classifiers to iden-
tify general IoT devices, e.g. smart TV, IP camera, baby
3.2 General IoT device identification monitor, etc. The proposed scheme works on network traf-
fics between the IoT devices and access points. Specifically,
Patel et al. [33] employed decision tree combined with ran- various packet and payload characteristics are used to extract
dom fores and with multi-class Ada boost to identify Zig- features. The scheme then trains a binary classifier for each
Bee devices. The proposed scheme first defined statistical IoT device using captured network traffic. When identifying
features on radio signals, including signal’s instantaneous a device, each model is used for multiple network sessions.
amplitude, phase, frequency, ect. Then the scheme collected Finally, a majority vote is used to determine the exact device.
the features for known devices and trained decision tree The proposed scheme was validated in a local wireless
models. For device identification, just capture the features network environment with multiple IoT devices, includ-
for the device and input the features into the classifiers. ing PC, smart phone, a few sensors. Experimental results
The proposed scheme was validated. The accuracy can showed that more than 99% accuracy were obtained.
achieve 90%. This scheme is also capable of detecting
unknown ZigBee devices in a given networked system. One 3.3 Challenges and open issues
interesting future work is to enhance the feature space and
check whether accuracy could be improved. Defense approaches One interesting future direction is on
Tuama et al. [35] employed support vector machine the interplay of IoT device identification and defense. Traf-
(SVM) to identify cameras according to images. The pro- fic encryption/padding, false traffic injection, and mobile
posed scheme leverages the detailed photo-taking process of phone OS priority protection are potential defense strate-
cameras, and then deduces features of a camera. Specifically, gies. How to defend device identification and how to identify
more than 10,000 features on co-occurrences matrix, color devices with protection mechanisms are important research
dependencies, and conditional probability of an image are directions.
used. The scheme then trains a SVM model to classify dif- Understand the efforts of different machine learning
ferent images to different cameras. The trained model is later approaches Another interesting problem relates to how
used to identify cameras. to choose machine learning algorithms. Researchers have
The proposed scheme was validated on a public image proposed a bunch of algorithms. How different algorithms
database. An SVM based on radial basis function (RBF) influence IoT device identification and how to define fea-
was trained on 100 images and later tested on another 100 tures input to the machine learning algorithms are yet to be
images. Experimental results showed that the identification understood.
accuracy achieves more than 97%. Privacy evaluation Further, all reviewed work here show
Miettinen et al. [38] used random forest to identify gen- that IoT devices can be identified with high accuracy. This
eral IoT devices e.g. smart lighting, home automation, secu- breaks user privacy. A deep privacy evaluation and potential
rity cameras, household appliances and health monitoring protecting methods are worthy studying.
devices. The proposed scheme employs the network com-
munication data to extract features. Specifically, 23 features
of first a few network packets during initial communications 4 Security
are employed. The scheme then trained a classifier model for
each IoT device using the captured data on the 23 features. Security problems in IoT networks are more and more
Finally, the trained models were used to identify IoT devices important with the increasing number of attacks nowa-
in the network fastly. days. The IoT networks are more vulnerable than traditional
13

network because of the characteristics of IoT devices and 4.1 Device security

communication protocols. For example, (1) IoT devices are
usually equipped with lower battery and micro-controller, Kotenko et al. [40] used a combination of multilayered per-
thus it is easy to be flooded; (2) IoT communicate with each ceptron and probabilistic neural network to forecast the state
through Bluetooth, ZigBee, WIFI or GSM, which are more of an IoT element. The paper used the volume of the traffic,
vulnerable to attacks. the rate of service, the rate of losses, the length of packets
In an IoT network, there are usually three components, queue and time of user action to inquiry as indicators, to
including devices, gateway and controller. All of these com- unambiguously define the state of an element. The solution
ponents could become targets of potential attackers. Figure 3 is expected to reduce of cost of administration, especially
shows the IoT security problem model. In the model, traf- during emergency.
fic, wireless signals, device events and configuration files The proposed solution was evaluated in MathCAD. The
could be analyzed. With the feature extracted from the data results show that the combined ANN model can provide
sources, varieties of machine learning methods are used to higher precision. Compared with recurrent ANN model,
classify the data. The results can be used for privacy and the convergence of the combined model was close to 100%,
authentication, or judging whether an event belongs to intru- where the recurrent model fell to 15% in certain cases.
sion or anomaly events. Baldini et al. [41] used RF fingerprinting for device
Here we review the progress of this area. We categorize authentication, which was computed based on permutation
the works into device security which focuses problems on entropy and dispersion entropy for cellular communication
an isolated device, and network security which focuses prob- devices, including WIFI, GSM, etc. The mechanism is not
lems across the whole network. The network security mecha- easy to crack, because it is based on the physical properties
nism could be installed on gateway or controller, depending of cellular devices. The authors in the paper also make a
on the specific environment. Table 3 lists a short summary comparison between different machine learning classifica-
of reviewed works. tion methods, including KNN, SVM and decision tree.
data capture:
gateway machine learning intrusion detecon
traffic, signals,
events, based data
configuraon analysis: anomaly
device ANN, SVM
data process: bayes network privacy
flow/feature decision tree
controller extracon etc. K-means authencaon
Fig. 3 IoT security model
Table 3 Recent machine learning based security mechanism works

Work Problem Technique Data/signal Accuracy (%) Security granularity
2015 [40] Security of an IoT element Combined ANN Device traffic 100 Device
2017 [41] Authentication of an IoT KNN/SVM/decision tree RF signals 80 Device
element
2017 [42] Authentication of an IoT None RF signals and environment None Device
element parameter
2017 [43] Privacy of an IoT element NN Device traffic None Device
2015 [44] Security of an IoT element Bayes Algorithm Device properties None Device
2016 [45] Intrusion detection SVM Device traffic and events 100 Network
2016 [46] Security of IoT networks ANN Device traffic and events 99 Network
2016 [47] Security of Mobile networks SVM/NN Signals and environment None Network
parameter
2013 [48] Intrusion detection SVM/Bayes network/decision IDS events 50–78 Network
tree
2013 [49] Intrusion detection SVM/K-means Device traffic and events None Network
13
The authors used a set of 9 nRF24LU1+ wireless devices, model was 96.2%, and the accuracy of the SVMs model
where the RF signals are transmitted. The signals were col- was 100%.
lected by a software defined radio (SDR). The results show Canedo et al. [46] deployed machine learning within an
that the overall accuracy can achieve 80%, which is enough IoT gateway, to address the challenges, including heteroge-
to support multi-authentication wireless IoT devices. neity and quantity of devices across an IoT network. The
Sharaf-Dabbagh et al. [42] presented a demo, which also edge devices in the network will collect data and transfer
uses RF fingerprinting for wireless device authentication. them to the gateway devices. The gateway devices will use
Additionally, the proposed framework monitors the noises of artificial neural networks (ANN) to learn the healthy state
communication channels and the environment surrounding of each device and make informed decisions.
the source object. Hence, the fingerprinting is more robust The proposed solution created an IoT testbed, where
compared with previous solutions. The authors also setup a Arduino devices were used to simulate the edge devices,
demo which consists of multiple Raspberry Pi boards. and Raspberry Pi devices were used to simulate the gateway
Jeong et al. [43] proposed a new approach that can protect devices. The simulation results show that ANN can make
user privacy when running cloud based machine learning correct prediction over 99% of the time.
algorithms. Traditionally, the cloud collects user data, which Do et al. [47] proposed a mobile security system using
is sensitive and vulnerable. The new approach let the clients machine learning. The new system can be used to improve
compute the partially-processed feature data obtained from vulnerabilities in mobile networks, such as phone and IoT
the early state of neural networks, and the server continues networks. Compared with previous systems, the machine
the rest stages after receiving the feature data. Thus, the learning based system can better solve security problems,
service is safer, while the data in transmission is not easy including zero day attacks and construction of conclusive
for reverse-engineer. The authors also measured the perfor- attack signatures. The authors also presented a case study
mance with a testbed, where an embedded board equipped about Man-In-The-Middle attack with IMSI catcher. In the
with ARM big.LITTLE CPU acted as the client, and a desk- case study, SVN and neural networks are used to detect the
top PC equipped with x86 CPU acted as the server. The anomalies.
results show that the new approach have a shorter prediction Stroeh et al. [48] proposed a security mechanism, which
time while improving the privacy. does not rely on network traffic, but correlates the attacks
Jincy et al. [44] created a general security framework with security events or alerts provides by sensors, such as
for IoT devices. Due to the increasing use of variety of IoT IDSs, logs, etc. The system first collects raw data and trans-
devices, currently we do not own a specific security mecha- forms them into standardized format. Secondly, the system
nism which adapts to all kinds of IoT devices. the framework take the standardized alerts and cluster them into meta-
in this paper classifies the devices to different types indicat- alerts, which contains a structure called alert_taxonomy_set,
ing the capability to support security mechanism, based on a bit array that represents each of the supported alert types.
their capabilities and parameters, such as power, processing, At last, the system will sort the meta-alerts into attacks and
scalability, network layer, etc. The authors also found that false alarms.
naive bayes algorithm is appropriate for the above purpose. The authors implemented and tested the new systems
Thus after inputing a file consists of listed properties, the against two major data sources, including DARPA chal-
system will output the class of the device, e.g., Class A for lenge and SotM from the honeynet project. Three differ-
Critical, Class B for Medium and Class C for Non critical ent machine learning techniques, including SVM, Bayesian
devices. Network and decision tree, are used. The results show that
the detection rate increase from 40–60% to 50–78% with
different operating systems and attack types.
4.2 Network security Rathore et al. [49] proposed a bio-inspired machine
learning mechanism for improving wireless sensor net-
Nobakht et al. [45] proposed a intrusion detection and miti- work security. To address the challenges faced by current
gation system for smart home called IoT-IDM. The proposed wireless sensor networks, with increasing number of nodes
scheme collects traffic and events data from various devices and complexities of network topologies. The authors were
in a smart home. The data will be transported to the SDN inspired by the human immune system, which have intel-
controller, where IoT–IDM is deployed. At last, IoT–IDM ligent capabilities of detecting anomalies in the body. The
use linear regression model and SVMs to obtain the optimal system first classifies the nodes into fraudulent or benevolent
classification model. nodes. According to the classification results, the system
The proposed scheme was tested with an experiment will generate virtual antibodies, which in advance will have
setup where Philips lighting system is employed, and a real- an impact on the trust rate. Finally, the gateway will make
istic setting is used. The accuracy of the linear regression a decision whether or not to attack the fraudulent nodes.
13

During the classification phase, SVM and K-means algo- 5 Edge computing with machine learning
rithm could be used.
In the IoT world, sensors and equipments are all around
4.3 Challenges and open issues the network, including the edge network. Lot of IoT appli-
cations put requirements for latency, bandwidth, security
DDoS attack Unlike previous attack detection system, on the network, and cloud computing can not satisfy such
machine learning based system consumes more computing requirements. Edge computing is a promising new tech-
resources. Thus, itself becomes the choke point, which is nology that can satisfy such demands [50]. For example,
vulnerable to DDoS attack. How to make a tradeoff between (1) VR and AR applications that needs high bandwidth
accuracy and computing complexity is an important research can fetch contents from the edge network; (2) Vehicles
direction for machine learning based security mechanism. can exchange data with each other through the edge net-
Security infrastructure Lots of works are devoted to works, supporting vehicles on roads to act co-operatively
intrusion and anomaly detection for IoT network/elements. and providing better user experience [51]. In the follow-
There are much room for research on detecting attacks tar- ing sections, we use “edge computing” and “fog network”
geting at the security infrastructure and key distribution interchangeably for convenience.
mechanism. Figure 4 shows the edge computing problem model in
Data acquisition Almost all work use traffic, event, and the IoT networks. In the model, traffic and sensor data
signal data, for security analysis. However, for some attack, could be analyzed. With the feature extracted from the
it is hard to detect using these data. At the same time, there data sources, varieties of machine learning methods are
are large volume of security related data in the IoT network, used to classify the data. The results can be used for intru-
including administration, configuration, and routing data, sion detection, image recognition, diseases identification,
etc. It is worth investigation on how to make better classifi- traffic engineering, etc. Table 4 lists a short summary of
cation decisions with these data. reviewed works.
data capture: machine learning intrusion detecon

sensors
sensor data, based data image recognion
traffic data, etc. analysis:
edge devices clustering, diseases idenficaon
data process: Bayesian, SVM,
deep learning, traffic engineering
feature
cloud extracon etc. markov etc. etc.
Fig. 4 Edge computing in IoT network model
Table 4 Recent machine learning based edge computing works

Work Problem Technique Data/signal Accuracy (%)
2017 [52] Identification of Parkinson’s disease in edge com- Clustering Speech data None
puting
2017 [53] Image recognition in edge networks Markov-model Images 90
2017 [54] Arrhythmia detection Linear support vector machine ECG of patients 93.6
2015 [55] Evaluating parking availability Cascade classifier Video captured by smartphone None
2017 [56] Service recommendation in mobile edge computing Collaborative filtering User mobility information 64.4
2017 [57] Anomalies detection Support vector machine Sensor data 90
2017 [58] Anomalies detection Federated learning Sensor data 95–98
2018 [59] Distributed attack detection Deep learning Traffic data 92
2018 [60] Privacy protection during data aggregation Linear regression algorithm Sensor data 90
2017 [61] Traffic engineering Bayesian Networks Path latency traces 80–90
13
5.1 Edge computing applications algorithms. The authors carried out a series of experiments
based on the data from Shanghai Telecom, and the results
Borthakur et al. [52] proposed a new framework in a smart show that the new system can achieve higher prediction
telehealth system with kinds of wearable devices. In the accuracy.
framework, the authors suggested the use of the edge com-
puting devices, that have lower resources, but locate more 5.2 Improving edge computing infrastructure
closely to the end user. Firstly, the paper described a new based on machine learning
architecture for telehealth computing such that decentraliza-
tion of services at the edge network can be achieved. Sec- Zissis [57] presented an intelligent intrusion detection sys-
ondly, algorithms of speech signal recognition are used for tem (IDS), which can secure the underlying edge computing
telehealth monitoring, and K-means clustering is used to infrastructure. The system improves the traditional “Self-
identify parkinson disease. protecting” system proposed by IBM. By collecting data
Drolia et al. [53] proposed a system called Precog, which from sensors, and making use of the latest unsupervised
accelerate image recognition through enabling caching and machine learning method, the system can intelligently detect
prefetching on the edge devices. The system is collaborated the abnormal devices which could be harmful to the whole
between three parts: devices, edge server and cloud server. system. Finally, the author developed a proof of concept
Unlike previous edge computing solutions that all comput- system, that can detect anomalies in real world.
ing tasks could be completed on the edge server, Precog also Schneible et al. [58] also presented an anomalies detec-
uses computing resource on devices and cloud server, due to tion system in edge computing environments using artificial
the computing complexity and data volumn of image recog- neural networks. In traditional neural networks, all sensor
nition. Both the edge server and device will employ recog- data and the training model should be placed in one place,
nition cache that stores relevant parts of the trained model. i.e., the centralized cloud. This characteristic brings conges-
What is more, devices will prefetch part of the trained clas- tion and latencies along the traveling path. The new system
sifiers which are predicated to be used in the near future. is based on federated learning, where training data is split
Azimi et al. [54] proposed a hierarchical computing archi- among the edge devices, and each edge device stores a copy
tecture (HiCH) for healthcare IoT network. In the architec- of the training model. Thus, the centralized cloud reposi-
ture, the existing machine learning methods are partitioned tory only needs to aggregate the training results from edge
among different layers of the fog network. For example, the devices. The federated learning mechanism can improve
sensor devices are responsible for sensing and monitoring; latency, bandwidth and make full utilization of computa-
the edge computing devices are responsible for local deci- tion power across the edge networks.
sion making and system management; and clould is respon- Abeshu et al. [59] further investigated the distributed
sible for heavy training procedures. The authors devise a attack detection problem, which is more difficult to detect
system based on IBM’s MAPE-K model, and demonstrate compared with non-distributed attack. In the edge comput-
a complete implementation that focus arrhythmia detection. ing environments, due to the diversity and complexity of
The results show that HiCH out-performs traditional systems devices, traditional machine learning mechanisms have low
in both response time, bandwidth utilization and storage, accuracy and less scalability. Thus, the authors proposed
while the accuracy is acceptable. a new scheme based on deep learning, which is popular in
Grassi et al. [55] devised a low-cost crowdsourcing archi- recent years due to the advancement of GPU hardware and
tecture called ParkMaster in visual analytics for evaluating theory in deep neural networks. At last, the authors evalu-
parking availability. Different with traditional centralized ated the new mechanism through simulations based on pub-
monitoring system, ParkMaster makes use of smartphones, licly available datasets. The results show that the DL based
which locates inside the car, captures the video stream along mechanism outperform the traditional methods.
the street and count the number of detected cars after pro- Besides security considerations. privacy is also an impor-
cessing the video with machine learning methods. The pro- tant aspect for fog computing environment. Yang et al. [60]
cessing results are uploaded to the ParkMaster cloud, that proposed a machine learning based privacy protection mech-
processes data from multiple cars and recommends a parking anism when devices aggregate data from sensors in a fog
slot for a driver. computing architecture. More importantly, the new mecha-
Wang et al. [56] proposed a service recommendation nism supports multifunctional data aggregation method, thus
system based on QoS prediction in mobile edge computing it can support a wide range of data sources. The system also
environment. Unlike other context-aware service recom- distributes the computationally heavy tasks to the edge of the
mendation system, the proposed system takes mobility into network, making the system more scalable then centralized
consideration. Based on the mobility information, the system system. The experiment results show that the system achieve
recommend service to users by using collaborative filtering high accuracy without disclosing user privacy.
13

Hogan et al. [61] proposed a solution for traffic engi- time between local and global training point could become
neering in edge networks. In the edge networks, there may a bottleneck of the whole system.
exist multiple end-to-end paths, where each path has differ-
ent delay and bandwidth. Choosing one that bestly match
requirements of users is especially important. The solution 6 Software‑defined networking
mentioned in this paper computes the results based on port- with machine learning in IoT
folio theory, which maximizes the expected return given
the level of risk (representing the expected throughput dur- Recently, both academic and industrial fields have seen
ing the lifetime). Given the model, the authors use machine emerging of software-defined networking (SDN) due to its
learning to evaluate the level of risk for each path. At last, flexibility. SDN separates control plane from forwarding
using real-world latency traces, the paper compare the pro- plane, thus network operators can manipulate the network
posed solution with other techniques, and the results show with high level configuration language, and do not need to
that the solution leads to better performance. take the complex forwarding table configuration into consid-
eration. Due to the complexity and diversity of IoT devices,
data path configuration in IoT network is even more diffi-
5.3 Challenges and open issues cult compared with traditional network. Thus, SDN can play
an important role in the IoT world [62]. However, also due
Heterogeneous data types In the edge network environment, to the complexity of IoT, the control plane needs machine
the data sources are composed of heterogeneous sensors. learning for better management of the networks.
The collected information could contain a diversity of data Figure 5 shows the software-defined networking prob-
types, even contain uncertainty under some circumstance. lem model. In the model, traffic and sensor data could be
Some data may be incomplete, which add extra complexity analyzed. With the feature and flow extracted from the data
to the system. Thus, new architecture in edge computing sources, varieties of machine learning methods are used
should take this heterogeneous into consideration. to classify the data. The results can be used for intrusion
DDoS attack on edge devices Lot of work has been detection, traffic management, fault detection, DDoS attack
devoted to DDoS attack on cloud computing, which has tre- detection, etc.
mendous capacity and is well designed to defend such attack. In this section, we will investigate into the previous works
In the edge computing, (1) the edge devices have lower related with machine learning for SDN in IoT network. We
capacity; (2) the infrastructure is not so mature compared will review two important aspects, (1) how machine learn-
to traditional cloud computing. Thus, the edge computing ing can IoT network management with SDN more easily and
environment is more vulnerable to DDoS attack, especially effectively; (2) how machine learning can help detect the
when the attackers desire to flood a specific attacking point. possible intrusion and increase the accuracy.
Convergence speed for distributed machine learning Pre-
vious work proposed to use distributed machine learning 6.1 IoT network management
in the edge computing, where sensors and edge devices is
responsible for local and light-weight training procedure, Kim et al. [63] proposed a new solution that can identify the
and centralized cloud is responsible for global and heavy service context of a flow, and infer the QoS requirements of
training procedure. The distributed machined learning the flow. Because SDN will assign a flow to a virtual net-
mechanism can improve latency time and achieve similar work, thus the service context identification is important for
training accuracy. However, previous work has not taken flow assignment and virtual network construction. However,
convergence time into consideration, due to the transmit the service context identification is not straightforward, i.e.,
data capture: intrusion detecon

sensors machine learning
sensors data, traffic management
traffic data, etc. based data
network analysis:
.
fault detecon
devices clustering, neural
data process:
network, SVM, DDoS aack detecon
flow/feature
bayesian, etc.
controller extraon etc. .
etc.
Fig. 5 Software-defined networking in IoT network model
13
it can not be derived directly from the protocol field, because future. Thus, machine learning could be used to increase the
the packets could be encrypted. Thus, the authors proposed accuracy of prediction.
that machine learning could be used to classify the flows,
based on their characteristics, such as mean packet length
and mean inter-arrival time, etc. 6.2 Intrusion detection
Vukobratovic et al. [64] presented a novel architecture
called Condense which integrate data analysis function Nobakht et al. [45] proposed a host-based intrusion detection
into the IoT infrastructure, thus data manipulation such as system (IDS) based on openflow for smart home environ-
aggregation and computation, could be done along the path. ment. In the new system, the controller collects and analyze
With Condense, data redundancies could be reduced, and data from sensors. Using machine learning, the controller
network bandwidth could be saved, in the IoT networks. can judge whether there is intrusion or not. The authors also
To implement Condense, the authors proposed a function implemented a proof of concept system called IoT-IDM
computation interface, which should be placed between data based on Floodlight. Machine learning methods could be
communication and analysis. SDN can be used for imple- used as a module in the system. The paper also studies a
mentation of the function computation. With this enhance- special case in a smart light system, and the results show
ment, machine learning tasks can also be integrated into the that the system can bring flexibility with SDN, and achieve
Condense architecture, that is, the learning tasks could be high accuracy with appropriate machine learning algorithm.
seen as a series of function computation across the network Uwagbol et al. [67] presented a pattern driven corpus to
(Table 5). predict SQL injection attack. Although SQL injection attack
Jagadeesan et al. [65] described a new mechanism for is well studies, the problem arises again because IoT and
software faults detection in software-defined IoT network. SDN networks bring new opportunities for the attackers, and
Although SDN brings flexibility in the control plane, and the defenders lack a readiness corpus for machine learning
operators can control the network through high level lan- method that could identify new attacks. The authors in this
guage such as JAVA or python, it could make the network paper presented a pattern driven corpus generation mecha-
more vulnerable to software faults. Considering the com- nism based on finite state automata. With the generated cor-
plexity and heterogeneity of the IoT network, the problem pus, machine learning methods could be used to train a new
could be even more serious. The authors in this paper pro- model. Finally, two publicly datasets are used to evaluate the
posed to use machine learning to classify the encountered accuracy of the proposed mechanism, and the results show
problem into software faults and other problems. that the mechanism can achieve high accuracy.
Taneja [66] proposed a framework for traffic management Most previous work tried to secure DDoS attack in the
in IoT networks using SDN. In the IoT networks, traffic man- IoT world, Ahmed et al. [68] made use of machine learning
agement is more necessary and more difficult, because of methods to identify DNS query-based attack. Unlike DDoS
the great differences between different devices. Fortunately, attack, DNS query-based attack could be launched with only
most IoT communication protocols support traffic classi- a small number of packets, thus it would be more harmful
fication. For example, 802.11ah can classify devices into if used. In the proposed system, the SDN controller will
TIM (Traffic Indication Map) devices and non-Tim devices, collect traffic data from the network, and identify the DNS
and LoRaWAN can classify devices into class A, B or C. query-based attack traffic based on machine learning. At last,
The authors put forward a new management mechanism, the authors implement a prototype based on dirichlet pro-
where SDN is used to perform dynamic management of traf- cess mixture model, and conduct simulation based on real-
fic class, and transmit requirements prediction in the near world traces. The simulation results show that the machine
Table 5 Recent machine Work Problem Technique Data/signal Accuracy (%)

learning based SDN in IoT
networks 2017 [63] Identification of service context Clustering Traffic data None
2016 [64] Distributed learning with SDN Neural networks Device data None
2016 [65] Software faults detection Clustering Packets data None
2016 [66] Traffic management None Traffic data None
2016 [45] Intrusion detection in smart home SVM & Logistic Sensor data 96.2
aggregation
2017 [67] SQL injection attack detection SVM Traffic data 96.4
2017 [68] DNS query-based attack detection Bayesian Traffic data 75
2017 [69] Dynamic attack detection SVM Traffic data 98
13

learning based method outperform traditional mean shift 7 IoT applications

based method.
Bhunia et al. [69] proposed a dynamic attack detection In recent years, IoT applications are constantly emerging
system called SoftThings, which is based on SDN, and tries in almost all fields, e.g., health, agriculture, industrial, etc.
to prevent attacks at the network layer rather than device However, IoT applications are facing great challenges, due
layers. Thus, the network can eliminate the malicious traffic to the heterogeneity and complexity of the data sources. In
as early as possible. The system system is divided into three Fig. 6, we show the model of IoT applications. In the model,
layers: devices layer, cluster SDN controller and centralized the potential data sources include wearable device, mobile
master controller. The distributed SDN controller will moni- phone sensors (like accelerometers), network camera and
tor and detect anomalous behaviors of IoT devices. Once kinds of wireless sensors. These sensors capture human
found, the mis-behavior will be reported to the master con- vital signs like temperature, ECG, and environment data like
troller, which will dynamically judge whether there exists humidity, meter readings and camera images. Then, varie-
attacking or not. Finally, the authors conducted simulations ties of machine learning methods could be used for human
on Mininet emulator, and the results show that SoftThings health monitoring, human activity recognition, fraud action
greatly improve the performance of traditional attack detec- detection and object detection.
tion system. There are lots of works on IoT applications. We mainly
review the previous works on personal health monitoring
and industrial applications. For example, IoT networks can
6.3 Challenges and open issues be used to monitor human stress, recognize human activity
or presence in the personal health field; or predict agriculture
Overheads in control plane Overload in control plane is a disease and fraud action in smart cities. Table 6 list a short
possible problem in SDN network. In the IoT environment, summary of review works.
the overheads could be even higher with huge number of
data sources and high complexity of machine learning meth- 7.1 Personal health applications
ods. Thus, it is important to guarantee that the additional
overheads will not crash the system. Asthana et al. [70] presented a recommendation system that
DDoS attack on controllers As mentioned above, the advises wearable IoT solutions and wearable devices for any
overheads in control plane will be quite high. It will become individual. The system first collects available user health
a vulnerable point in the system. Once the attackers find data, including health history, demographic features and
the patter that can bring large overheads to the system, in previous collected IoT data from medical or health sensors.
both data collection and training procedure. It can make the Then, with classification models like decision tree, logis-
whole system collapse with high probability. tic regression and LibSVM, the system makes predications
Controller placement In the IoT world, controller could about the diseases. Each disease is related to some attributes
be place almost everywhere, e.g., edge network, centralized that need to be monitored. At last, a mathematical optimiza-
cloud based controller. However, different placement mecha- tion model is used to recommend the best IoT solution or
nism bring different performance. For example, controller on wearable devices.
the edge can reduce the communication latencies, and con- Walinjkar et al. [71] proposed a prognostic approach
trollers on the centralized cloud can bring large computation based on real-time Electrocardiograph (ECG) analysis. With
capacity. Depending on the application scenario, controller real-time data from constantly ECG monitoring devices,
placement should be well studies to satisfy user demands. the scheme first analyze the ECG waveforms with K-NN or
data capture: machine learning human health

wearable devices based data analysis:
vital signs, condion
mobile phone environment decision tree,
logisc regression, human acvity
sensors data, etc.
SVM,
network camera data process: Markov model, fraud detecon
feature extracon Bayes network,
wireless sensor etc. clustering, object detecon
network random forest
Fig. 6 IoT application model
13
Table 6 Recent machine learning based IoT application works

Work Problem Technique Data/signal Accuracy (%)
2017 [70] Recommend IoT solutions and Decision tree, logistic regression, LibSVM Health history None
wearable devices
2017 [71] Prognostic based on ECG Bagged tree, K-NN ECG waveform 99.4
2017 [72] IoT health architecture None Sensor data None
2016 [73] Human presence detection C4.5 decision tree, LinearSVC, random forest IoT devices 50–90
2017 [74] Human stress detection SVM, logistic regression Pulse waveform 68
2011 [75] Human activity recognition Logistic regression, multilayer perceptron Accelerometer data 90
2016 [76] Grape disease prediction Hidden markov model Environment data in yards 90.9
2017 [77] Smart meter operation Bayesian network, naive bayes, decision tree, Smart meter data 96.69
random forest
2017 [78] Parking space detection Clustering algorithm Camera data 97
2015 [79] Flowering dynamics in rice SVM Camera data 80
other classifier. The system can predict arrhythmia and other designed a Wifi-equipped board that can detect pulse wave-
ECG abnormalities. The authors also setup a monitoring IoT form. The board will transfer the data to the server. Over
network, where the analysis results will be transferred to time, the server will assemble a fingerprint of the data across
NHS (National Health Services, UK) cloud in real-time. In different times of the day. Using either SVM or logistic
this paper, two classifiers including bagged tree and K-NN regression, the server can make prediction on stress. The
were used, the test results show that the precision can reach results show that the precision can reach 68% if appropriate
99.4% if K-NN is used. models are used.
Nguyen et al. [72] explored the IoT application in medical Kwapisz et al. [75] proposed a user activity recognition
field and proposed an IoT tiered architecture, which collects mechanism based on phone accelerometers. The system first
sensor data, analyze them and transform them into clinical collects data from users who carried cell phone while per-
feedback. The architecture is divided into five layers: (1) forming some chosen activities. With the time series gener-
sensing layer, which uses sensors, actuators and wearable ated by the accelerometers, the system then transform them
devices to gather data; (2) sending layer, where kinds of into information features, such as average, standard devia-
communication mechanism including Wifi, Bluetooth, Zig- tion, etc. At last, the system uses machine learning method,
Bee and LTE could be used to send the data to the cloud; including logistic regression and multilayer perceptron, to
(3) processing layer, which could happen on smart phones, classify the feature vectors into different activities.
micro-controllers and micro-processors. Notifications and The authors test the system with data collected from
alerts could be generated if necessary after processing; 4) twenty-nine users. The results show that the precision can
storing layer, where data can be stored in clouded or hosted be over 90%, and the precision of multilayer perceptron
servers; 5) mining and learning layer, which converts infor- based classification is higher than logistic regression based
mation to decisions or predictions using mining or machine classification.
learning algorithms.
Madeira et al. [73] described a system that can detect
the human presence using IoT devices, and do not rely on 7.2 Industrial applications
devices, like cameras and motion detectors, that explicitly
detect human presence. The system first collects interaction Patil et al. [76] proposed an agriculture system that can
data, e.g., reading and writing, with the large diversities of monitor the environment conditions of vineyard, and pre-
devices. Then using machine learning algorithms, the sys- dict the grape diseases in its early stages. The system used
tem can predict the human presence. The system was tested varieties of sensors to monitor the temperature, humidity and
using a dataset gathered during 3 days from 900 users. The moisture throughout the yards. Using ZigBee, the data will
authors also tested a set of classification methods, including be transmitted to servers, where a hidden markov model will
C4.5 decision tree, LinearSVC and random forest, to make be applied. In the hidden markov model, each state repre-
prediction. The results show that the precision ranges from sents a certain condition. The author had implemented the
50 to 99% according to the algorithm selection. system in real-world since Nov, 2015. The results show that
Pandey [74] used individual heart beat to predict whether the accuracy of the hidden markov model is 90.9%, which
a person is in stress or not in an IoT network. The author greatly improve the accuracy of statistical methods.
13

Siryani et al. [77] used machine learning to improve the in real IoT world, more data exist with unstructured for-
efficiency of smart meter operation. With the tremendous mat. It is worth further investigation on how to use machine
increasing number of smart meters, administrators need learning based on these data.
to guarantee the cost efficiency of their operations. In this Real-time and online analysis In many IoT applications,
paper, the authors used varieties of machine learning meth- like health and industrial monitoring, the devices need to
ods, to predict whether to send a technician to a customer compute on-line and give feedback in real-time. Thus, the
location. With higher accuracy, the system can reduce much requirement for better security, QoS and computation com-
travel expense and human resources. plexity is higher than other applications. These problems
The models were tested using data from a commercial need to be further addressed in the future.
network. Different classification algorithms, including
bayesian network, naive bayes, decision tree and random
forest, were tested. Finally, the results show that random 8 Conclusion
forest achieve the highest accuracy, which is 96.69%, and
the expected saving cost is about 1 million US dollars for Machine learning has a great potential to be the key technol-
the commercial network. ogy for IoT. Machine learning trends to provide analytics
Ling et al. [78] designed an IoT-based system, that can for the IoT applications. Despite the recent wave of success
detect occupancy of parking spaces automatically. The sys- of machine learning for networking, there is a scarcity of
tem first uploads the collected images. Then a vehicle recog- machine learning literatures about its applications for IoT
nition function is used to learn the parking spot. After that, services and systems, which this survey aims to address.
a feature clustering algorithm based on Mean-shift, is used This paper is different from the previously published sur-
to find the most frequently parked locations. vey papers in terms of focus, scope, and breadth; we have
The authors test the system on a Raspberry Pi 3 model. written this paper to emphasize the application of machine
Camera data are collected on a local street near university of learning for IoT and the coverage of recent advances. Due
Washington campus. The Raspberry Pi board is connected to the versatility and evolving nature of IoT, it is impossible
to AWS IoT for restoring and observing. The results show to cover each and every application. However, this paper has
that the real-time accuracy can achieve 97%. made an attempt to cover the major applications of machine
Guo et al. [79] proposed an innovative method for detect- learning for IoT and the relevant techniques, including traffic
ing the characterization of flowering dynamics of rice. The profiling, IoT device identification, security, edge computing
method first collect time series of images from the rice infrastructure, network management based on SDN, and typ-
fields. Secondly, the method extract local feature points from ical IoT applications. We have presented a thorough study on
the images. During the third step, the method will gener- the recent researches about the application of machine learn-
ate visual words as the object-recognition approach. The ing for IoT, its technical progress, and application domains.
method will use SVM to classify the time series of images, We have also presented concise research challenges and
and detect the flowering part. For evaluation, the authors open issues, which are critical to the application of machine
collected image data during different time with different rice learning for IoT.
varieties. The results show that the method perform well
for counting number of flowering panicles. The accuracy Acknowledgements This work is partly supported by the National
of classification can be over 80% when proper training data Natural Science Foundation of China(Grant Nos. 61772345, 61402294,
61672358 and 61502314), the Major Fundamental Research Pro-
are chosen. ject in the Science and Technology Plan of Shenzhen(Grant
Nos. JCYJ20150324140036842, JCYJ20160310095523765,
7.3 Challenges and open issues JCYJ20160307111232895 and JCYJ20160307115030281), the Science
and Technology Research Project of Chongqing Municipal Education
Commission of China(The Research on Data Integrity Detection based
Saving computing resources Most IoT devices are equipped on the Cloud Storage, No. KJ1601401), and a grant from Innovation
with lower battery and micro-controllers, even the gateway and Technology Fund of Hong Kong (Project No. ITS/304/16).
is limited by battery and computing resources. However,
some machine learning method, e.g., DNN, needs lots of
computing resources and is power hungry. Thus, how to dis- References
tribute the tasks among different computing nodes, to save
power and computing resources and achieve near-optimal 1. IoT Analytics. Why the internet of things is called internet of
accuracy, is an important research direction for IoT network things: Definition, history, disambiguation. https://iot-analytics.
com/internet-of-things-definition/
applications.
2. Gartner Research. Gartner says 6.4 billion connected things will
Unstructured data sources Most works use structured be in use in 2016, up 30 percent from 2015. http://www.gartn
data sources, such as sensors, images and records. However, er.com/newsroom/id/3165317
13
3. Juniper Research. Internet of things connected devices to almost 21. Iliofotou M, Gallagher B, Eliassi-Rad T, Xie G, Faloutsos M
triple to over 38 billion units by 2020. http://www.juniperres (2010) Profiling-by-association: a resilient traffic profiling solu-
earch.com/press/press-releases/iot-connected-devices-to-tripl tion for the internet backbone. In: Proceedings of the 6th Interna-
e-to-38-bn-by-2020 tional Conference. ACM, New York, p 2
4. The Statistics Portal. Internet of things (iot): number of connected 22. Iliofotou M, Kim H-C, Faloutsos M, Mitzenmacher M, Pappu
devices worldwide from 2012 to 2020 (in billions). http://www. P, Varghese G (2011) Graption: A graph-based p2p traffic clas-
statista.com/statistics/471264/iot-number-of-connected-devices- sification framework for the internet backbone. Comput Netw
worldwide/ 55(8):1909–1920
5. Sharma SK, Wang X (2017) Live data analytics with collaborative 23. Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K (2012)
edge and cloud processing in wireless iot networks. IEEE Access Anomaly extraction in backbone networks using association rules.
5:4621–4635 IEEE ACM Trans Netw (TON) 20(6):1788–1799
6. Chau DH, Kittur A, Hong JI, Faloutsos C (2011) Apolo: Making 24. Huang N-F, Jai G-Y, Chao H-C, Tzang Y-J, Chang H-Y (2013)
sense of large network data by combining rich user interaction and Application traffic classification at the early stage by character-
machine learning. In: Proceedings of the SIGCHI conference on izing application rounds. Inf Sci 232:130–142
human factors in computing systems, CHI ’11, Vancouver, BC, 25. Glatz E, Mavromatidis S, Ager B, Dimitropoulos X (2014) Visual-
pp 167–176 izing big network traffic data using frequent pattern mining and
7. Klaine PV, Imran MA, Onireti O, Souza RD (2017) A survey hypergraphs. Computing 96(1):27–38
of machine learning techniques applied to self-organizing cel- 26. Bakhshi T, Ghita B (2015) User traffic profiling in a software
lular networks. IEEE Commun Surv Tutor 19(4):2392–2431 defined networking context. In: International conference on inter-
(Fourthquarter) net technologies and applications, Wrexham, UK, September
8. Suthaharan S (2014) Big data classification: problems and chal- 8–11, pp 91–97. https://doi.org/10.1109/ITechA.2015.7317376
lenges in network intrusion prediction with machine learning. 27. Kirchler M, Herrmann D, Lindemann J, Kloft M (2016) Tracked
SIGMETRICS Perform Eval Rev 41(4):70–73 without a trace: linking sessions of users by unsupervised learn-
9. Usama M, Qadir J, Raza A, Arif H, Yau KA, Elkhatib Y, Hussain ing of patterns in their dns traffic. In: Proceedings of the 2016
A, Al-Fuqaha AI (2017) Unsupervised machine learning for net- ACM Workshop on Artificial Intelligence and Security. ACM,
working: techniques, applications and research challenges. CoRR. New York, pp 23–34
arXiv:1709.06599 (Online) 28. Das AK, Pathak PH, Chuah C-N, Mohapatra P (2017) Privacy-
10. Ayoubi S, Limam N, Salahuddin MA, Shahriar N, Boutaba R, aware contextual localization using network traffic analysis. Com-
Estrada-Solano F, Caicedo OM (2018) Machine learning for cog- put Netw 118:24–36
nitive network management. IEEE Commun Mag 56(1):158–165 29. Stolfo SJ, Hershkop S, Wang K, Nimeskern O, Hu CW (2003)
11. Fadlullah ZM, Tang F, Mao B, Kato N, Akashi O, Inoue T, Behavior profiling of email. In: Chen H, Miranda R, Zeng DD,
Mizutani K (2017) State-of-the-art deep learning: evolving Demchak C, Schroeder J, Madhusudan T (eds) Intelligence and
machine intelligence toward tomorrow’s intelligent network traf- security informatics, ISI 2003, Lecture notes in computer science,
fic control systems. IEEE Commun Surv Tutor 19(4):2432–2455 vol 2665. Springer, Berlin, Heidelberg, pp 960–960
(Fourthquarter) 30. Stöber T, Frank M, Schmitt J, Martinovic I (2013) Who do you
12. Wang M, Cui Y, Wang X, Xiao S, Jiang J (2017) Machine learn- sync you are?: smartphone fingerprinting via application behav-
ing for networking: Workflow, advances and opportunities. IEEE iour. In: Proceedings of the sixth ACM conference on security
Netw 32(2):92–99 and privacy in wireless and mobile networks. ACM, Budapest,
13. Hammerschmidt CA, Garcia S, Verwer S, State R (2017) Reliable Hungary, pp 7–12
machine learning for networking: key issues and approaches. In: 31. Das A, Borisov N, Caesar M (2014) Do you hear what i hear?:
2017 IEEE 42nd conference on local computer networks (LCN), fingerprinting smart devices through embedded acoustic compo-
Singapore, pp 167–170 nents. In: Proceedings of the 2014 ACM SIGSAC conference on
14. Casas P, Vanerio J, Fukuda K (2017) Gml learning, a generic computer and communications security. ACM, Scottsdale, Ari-
machine learning model for network measurements analysis. In: zona, pp 441–452
2017 13th international conference on network and service man- 32. Bojinov H, Michalevsky Y, Nakibly G, Boneh D (2014) Mobile
agement (CNSM), Tokyo, pp 1–9 device identification via sensor fingerprinting. arXiv:1408.1416
15. Claffy KC, Braun H-W, Polyzos GC (1995) A parameterizable 33. Patel HJ, Temple MA, Baldwin RO (2015) Improving zigbee
methodology for internet traffic flow profiling. IEEE J Sel Areas device network authentication using ensemble decision tree clas-
Commun 13(8):1481–1494 sifiers with radio frequency distinct native attribute fingerprinting.
16. Krishnamurthy B, Sen S, Zhang Y, Chen Y (2003) Sketch-based IEEE Trans Reliab 64(1):221–233
change detection: methods, evaluation, and applications. In: Pro- 34. Huynh M, Nguyen P, Gruteser M, Vu T (2015) Poster: Mobile
ceedings of the 3rd ACM SIGCOMM conference on Internet device identification by leveraging built-in capacitive signature.
measurement. ACM, New York, pp 234–247 In: Proceedings of the 22nd ACM SIGSAC conference on com-
17. 1. Lakhina A, Crovella M, Diot C (2004) Diagnosing network- puter and communications security. ACM, Denver, Colorado, pp
wide traffic anomalies. In: ACM SIGCOMM Computer Commu- 1635–1637
nication Review, vol 34, no 4. ACM, New York, pp 219–230 35. Tuama A, Comby F, Chaumont M (2016) Camera model identifi-
18. Lakhina A, Crovella M, Diot C (2004) Characterization of net- cation based machine learning approach with high order statistics
work-wide anomalies in traffic flows. In: Proceedings of the 4th features. In: 2016 24th European signal processing conference
ACM SIGCOMM conference on Internet measurement. ACM, (EUSIPCO). IEEE, Budapest, pp 1183–1187
New York, pp 201–206 36. Kurtz A, Gascon H, Becker T, Rieck K, Freiling F (2016) Finger-
19. Xu K, Zhang Z-L, Bhattacharyya S (2008) Internet traffic behavior printing mobile devices using personalized configurations. Proc
profiling for network security monitoring. IEEE ACM Trans Netw Priv Enhanc Technol 2016(1):4–19
16(6):1241–1252 37. Baldini G, Dimc F, Kamnik R, Steri G, Giuliani R, Gentile C
20. Hu Y, Chiu D-M, Lui JC (2009) Profiling and identification of p2p (2017) Identification of mobile phones using the built-in mag-
traffic. Comput Netw 53(6):849–863 netometers stimulated by motion patterns. Sensors 17(4):783
13

38. Miettinen M, Marchal S, Hafeez I, Asokan N, Sadeghi A-R, 54. Azimi I, Anzanpour A, Rahmani AM, Pahikkala T, Levorato
Tarkoma S (2017) Iot sentinel: automated device-type identifica- M, Liljeberg P, Dutt N (2107) HiCH: Hierarchical fog-assisted
tion for security enforcement in IoT. In: 2017 IEEE 37th inter- computing architecture for healthcare IoT. ACM Trans Embed
national conference on distributed computing systems (ICDCS). Comput Syst 16(5s):174
IEEE, Atlanta, GA, pp 2177–2184 55. Grassi G, Sammarco M, Bahl P, Jamieson K, Pau G (2015)
39. Meidan Y, Bohadana M, Shabtai A, Guarnizo JD, Ochoa M, Poster: Parkmaster: Leveraging edge computing in visual ana-
Tippenhauer NO, Elovici Y (2017) Profiliot: a machine learning lytics. In: Proceedings of the 21st Annual International Confer-
approach for IoT device identification based on network traffic ence on Mobile Computing and Networking, ser. MobiCom ’15.
analysis. In: Proceedings of the symposium on applied computing. ACM, New York, pp 257–259. https://doi.org/10.1145/27891
ACM, Marrakech, Morocco, pp 506–509 68.2795174 (Online)
40. Kotenko I, Saenko I, Skorik F, Bushuev S (2015) Neural network 56. Wang S, Zhao Y, Huang L, Xu J, Hsu CH (2017) Qos prediction
approach to forecast the state of the internet of things elements. for service recommendations in mobile edge computing. J Paral-
In: 2015 XVIII international conference on soft computing and lel Distrib Comput. https://doi.org/10.1016/j.jpdc.2017.09.014
measurements (SCM), May 2015, St. Petersburg, pp 133–135 57. Zissis D (2017) Intelligent security on the edge of the cloud. In:
41. Baldini G, Giuliani R, Steri G, Neisse R (2017) Physical layer International conference on engineering, technology and inno-
authentication of internet of things wireless devices through per- vation. IEEE, Funchal, pp 1066–1070
mutation and dispersion entropy. In: 2017 global internet of things 58. Schneible J, Lu A (2017) Anomaly detection on the edge. In:
summit (GIoTS), Geneva, pp 1–6 MILCOM 2017—2017 IEEE Military Communications Confer-
42. Sharaf-Dabbagh Y, Saad W (2017) Demo abstract: cyber-physical ence (MILCOM), pp 678–682
fingerprinting for internet of things authentication. In: 2017 IEEE/ 59. Abeshu A, Chilamkurti N (2018) Deep learning: the frontier for
ACM second international conference on internet-of-things design distributed attack detection in fog-to-things computing. IEEE
and implementation (IoTDI), Pittsburgh, PA, pp 301–302 Commun Mag 56(2):169–175
43. Jeong HJ, Lee HJ, Moon SM (2017) Work-in-progress: cloud- 60. Yang M, Zhu T, Liu B, Xiang Y, Zhou W (2018) Machine learn-
based machine learning for iot devices with better privacy. In: ing differential privacy with multifunctional aggregation in a
2017 international conference on embedded software (EMSOFT), fog computing architecture. IEEE Access 6:17119–17129. https
Seoul, pp 1–2 ://doi.org/10.1109/ACCESS.2018.2817523
44. Jincy VJ, Sundararajan S (2015) Classification mechanism for 61. Hogan M, Esposito F (2017) Stochastic delay forecasts for edge
iot devices towards creating a security framework. In: Buyya R, traffic engineering via bayesian networks. In: IEEE international
Thampi SM (eds) Intelligent distributed computing. Springer symposium on network computing and applications. IEEE,
International Publishing, Cham, pp 265–277 Cambridge, MA, pp 1–4
45. Nobakht M, Sivaraman V, Boreli R (2016) A host-based intru- 62. Kim H, Feamster N (2013) Improving network manage-
sion detection and mitigation framework for smart home iot using ment with software defined networking. Commun Mag IEEE
OpenFlow. In: 2016 11th international conference on availability, 51(2):114–119
reliability and security (ARES), Salzburg, pp 147–156 63. Kim HJ, Jung MY, Chin WS, Jang JW (2017) Identifying service
46. Caedo J, Skjellum A (2016) Using machine learning to secure IoT contexts for qos support in iot service oriented software defined
systems. In: 2016 14th annual conference on privacy, security and networks. In: Bouzefrane S, Banerjee S, Sailhan F, Boumerdassi
trust (PST), Auckland, pp 219–222 S, Renault E (eds) Mobile, secure, and programmable network-
47. Do VT, Engelstad P, Feng B, van Do T (2016) Strengthening ing. MSPN 2017, Lecture notes in computer science, vol 10566.
mobile network security using machine learning. In: Younas M, Springer, Cham, pp 99–108
Awan I, Kryvinska N, Strauss C, Thanh DV (eds) Mobile web and 64. Vukobratovic D, Jakovetic D, Skachek V, Bajovic D, Sejdinovic
intelligent information systems. Springer International Publishing, D, Kurt GK, Hollanti C, Fischer I (2016) Condense: a reconfigur-
Cham, pp 173–183 able knowledge acquisition architecture for future 5g iot. IEEE
48. Stroeh K, Mauro Madeira ER, Goldenstein SK (2013) An Access 4:3360–3378
approach to the correlation of security events based on machine 65. Jagadeesan LJ, Mendiratta V (2016) Programming the network:
learning techniques. J Internet Serv Appl 4(1):7 application software faults in software-defined networks. In: 2016
49. Rathore H, Jha S (2013) Bio-inspired machine learning based IEEE international symposium on software reliability engineering
wireless sensor network security. In: 2013 world congress on workshops (ISSREW). IEEE, Ottawa, ON, pp 125–131
nature and biologically inspired computing. IEEE, Fargo, ND, 66. Taneja M (2016) A framework for traffic management in iot net-
pp 140–146 works. In: 2016 2nd international conference on contemporary
50. Davis A, Parikh J, Weihl WE (2004) Edge computing: extending computing and informatics (IC3I). IEEE, Noida, pp 316–323
enterprise applications to the edge of the internet. In: International 67. Uwagbole SO, Buchanan WJ, Fan L (2017) An applied pattern-
conference on World Wide Web—Alternate track papers & post- driven corpus to predictive analytics in mitigating sql injection
ers, WWW 2004. ACM, New York, NY, pp 180–187 attack. In: 2017 seventh international conference on emerging
51. Grewe D, Wagner M, Arumaithurai M, Psaras I, Kutscher D security technologies (EST). IEEE, Canterbury, pp 12–17
(2017) Information-centric mobile edge computing for connected 68. Ahmed ME, Kim H, Park M (2017) Mitigating dns query-based
vehicle environments: challenges and research directions. In: The ddos attacks with machine learning on software-defined network-
workshop on mobile edge communications. ACM, Los Angeles, ing. In: MILCOM 2017—2017 IEEE military communications
CA, pp 7–12 conference (MILCOM). IEEE, Baltimore, MD, pp 11–16
52. Borthakur D, Dubey H, Constant N, Mahler L, Mankodiya K 69. Bhunia SS, Gurusamy M (2017) Dynamic attack detection and
(2017) Smart fog: fog computing framework for unsupervised mitigation in iot using sdn. In: 2017 27th international telecom-
clustering analytics in wearable internet of things. In: 2017 munication networks and applications conference (ITNAC). IEEE,
IEEE global conference on signal and information processing Melbourne, VIC, pp 1–6
(GlobalSIP). IEEE, Montreal, QC, pp 472–476 70. Asthana S, Megahed A, Strong R (2017) A recommendation sys-
53. Drolia U, Guo K, Narasimhan P (2017) Precog: prefetching for tem for proactive health monitoring using IoT and wearable tech-
image recognition applications at the edge. In: ACM/IEEE sym- nologies. In: 2017 IEEE international conference on AI mobile
posium on edge computing. ACM, San Jose, California, pp 1–13 services (AIMS). IEEE, Honolulu, HI, pp 14–21
13
71. Walinjkar A, Woods J (2017) ECG classification and prognostic 76. Patil SS, Thorat SA (2016) Early detection of grapes diseases
approach towards personalized healthcare. In: 2017 international using machine learning and IoT. In: 2016 second international
conference on social media, wearable and web analytics (Social conference on cognitive computing and information processing
Media). IEEE, London, pp 1–8 (CCIP). IEEE, Mysore, pp 1–5
72. Nguyen HH, Mirza F, Naeem MA, Nguyen M (2017) A review on 77. Siryani J, Tanju B, Eveleigh TJ (2017) A machine learning deci-
iot healthcare monitoring applications and a vision for transform- sion support system improves the internet of things smart meter
ing sensor data into real-time clinical feedback. In: 2017 IEEE operations. IEEE Internet Things J 4(4):1056–1066
21st international conference on computer supported cooperative 78. Ling X, Sheng J, Baiocchi O, Liu X, Tolentino ME (2017) Identi-
work in design (CSCWD). IEEE, Wellington, pp 257–262 fying parking spaces detecting occupancy using vision-based IoT
73. Madeira R, Nunes L (2016) A machine learning approach for devices. In: 2017 global internet of things summit (GIoTS). IEEE,
indirect human presence detection using IoT devices. In: 2016 Geneva, pp 1–6
eleventh international conference on digital information manage- 79. Guo W, Fukatsu T, Ninomiya S (2015) Automated characteriza-
ment (ICDIM). IEEE, Porto, pp 145–150 tion of flowering dynamics in rice using field-acquired time-series
74. Pandey PS (2017) Machine learning and iot for prediction and rgb images. Plant Methods 11(1):7
detection of stress. In: 2017 17th international conference on com-
putational science and its applications (ICCSA). IEEE, Trieste, pp Publisher’s Note Springer Nature remains neutral with regard to
1–5 jurisdictional claims in published maps and institutional affiliations.
75. Kwapisz JR, Weiss GM, Moore SA (2011) Activity recogni-
tion using cell phone accelerometers. SIGKDD Explor Newsl
12(2):74–82
13

A Survey On Application of Machine Learning For Internet of Things

Uploaded by

Document Informationclick to expand document informationJournal

Document Informationclick to expand document information

Copyright:

Available Formats

A Survey On Application of Machine Learning For Internet of Things

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Survey On Application of Machine Learning For Internet of Things

Uploaded by

Copyright:

Available Formats

International Journal of Machine Learning and Cybernetics (2018) 9:1399–1417

A survey on application of machine learning for Internet of Things

Keywords Machine learning · IoT · Networking · Application

Internet of Things (IoT) is becoming a new pervasive and

backbone data capture: traffic paerns

Fig. 1 Traffic profiling model

Table 1 Recent machine learning based traffic profiling works

PC / laptop data capture: unique device

Fig. 2 Device identification model

Table 2 Recent machine learning based device identification works

2013 [30] Android kNN, SVM Network traffic 90 Median

network because of the characteristics of IoT devices and 4.1 Device security

Fig. 3 IoT security model

Table 3 Recent machine learning based security mechanism works

data capture: machine learning intrusion detecon

Fig. 4 Edge computing in IoT network model

Table 4 Recent machine learning based edge computing works

data capture: intrusion detecon

Fig. 5 Software-defined networking in IoT network model

Table 5 Recent machine Work Problem Technique Data/signal Accuracy (%)

learning based method outperform traditional mean shift 7 IoT applications

data capture: machine learning human health

Fig. 6 IoT application model

Table 6 Recent machine learning based IoT application works

You might also like

backbone data capture: traffic paerns

Fig. 1 Traffic profiling model

Table 1 Recent machine learning based traffic profiling works

Fig. 2 Device identification model

Table 2 Recent machine learning based device identification works

network because of the characteristics of IoT devices and 4.1 Device security

Fig. 3 IoT security model

Table 3 Recent machine learning based security mechanism works

data capture: machine learning intrusion detecon

Fig. 4 Edge computing in IoT network model

Table 4 Recent machine learning based edge computing works

data capture: intrusion detecon

Fig. 5 Software-defined networking in IoT network model

Table 5 Recent machine Work Problem Technique Data/signal Accuracy (%)

learning based method outperform traditional mean shift 7 IoT applications

Fig. 6 IoT application model

Table 6 Recent machine learning based IoT application works