A Systematic Review on IoT Security (Threats, Mitigations) Strategies and Future Directions

Abstract

This systematic review explores the progression of Internet of Things (IoT) security research between 2015 and 2025, with a focus on emerging threats, mitigation strategies, and future security directions. As IoT technologies have become integral across sectors such as healthcare, manufacturing, transportation, agriculture, and smart cities, security challenges have intensified due to device heterogeneity, constrained resources, and decentralized architectures. The review categorizes security threats based on IoT architecture layers—perception, network, and application—and outlines specific attacks, including physical tampering, DDoS, and data breaches. It evaluates a wide range of mitigation strategies proposed over the last decade, including lightweight encryption, anomaly-based intrusion detection systems (IDS), machine learning, and blockchain-based trust frameworks. Additionally, it addresses domain-specific security concerns, highlighting the need for adaptive, scalable, and standardized solutions in critical applications such as Industrial IoT and remote healthcare systems. The review identifies existing gaps in regulation, real-world validation, and cross-layer security integration, proposing future research directions toward building resilient, context-aware, and interoperable IoT security frameworks.