Detecting compromised IoT devices: Existing techniques, challenges, and a way forward.

IoT devices, whether connected to the Internet or operating in a private network, are vulnerable to cyber attacks from external or internal attackers or insiders who may succeed in physically compromising an IoT device. Once compromised, the IoT device can join a botnet to participate in large-scale distributed attacks (potentially recruiting additional nodes), exfiltrating confidential data or injecting false data into critical data sets, corrupting subsequent data analytics. Although various device attestation techniques are available to detect malicious IoT devices, these methods do not fully address all aspects of a poten-tially compromised node. This study explores current state-of-the-art approaches for detecting a mali-cious/compromised node in the network, highlights related challenges, and proposes a way forward for developing secure and economical attestation protocols.& COPY; 2023 Elsevier Ltd. All rights reserved.