Cybersecurity in IoT Ecosystems: Risks, Protocols, and Protection Mechanisms

Abstract: The fast development of Internet of Things (IoT) systems has brought about new challenges to the cybersecurity problem that require effective and dynamic protection measures. This is a systematic literature review that explores the risks, protocols, and protection mechanisms implemented in the IoT contexts and summarizes the results gathered in 75 scholarly publications published between 2015 and 2025. According to the review, the IoT security environment is set to evolve, with such protocols as MQTT, CoAP, Zigbee, LoRaWAN, and 6LoWPAN being actively researched in terms of their vulnerabilities and robustness. Distributed denial-of-service (DDoS), spoofing, firmware tampering, and the unauthorized access are commonly recognized threats, as such a level of risk demands the thorough risk mitigation methodology. The mechanisms of protection are varied, and the majority are device authentication (42.67%), intrusion detection systems (34.67%), and blockchain-based solutions (22.67%), which are the most central in the prevailing IoT security architectures. The majority of studies (61.33) did not have clear evaluation criteria, including latency, energy usage, or security ratings, curtailed cross-comparisons, and methodological clarity. The specific applications of the industry show strong emphasis on industrial internet of things (32.00%), smart homes (21.33%), and healthcare internet of things (17.33%), which indicates the domain sensitivity of cybersecurity policies. In spite of this improvement, the IoT ecosystems still have to deal with the heterogeneity of devices, limited resources, and partial standardization that prevent the implementation of the large-scale secure deployment. This review promotes standardized structures, slim cryptographic schemes, and experimental underpinning of suggested tools to enhance the resilience of the IoT. The next generation of research ought to focus on cross layer security solutions, industry-specific authentication and assimilation of new technology including artificial intelligence that will be proactive in dealing with any new forms of cyber threats. Keywords: internet of things, cybersecurity, iot protocols, risks, protection mechanisms, industrial internet of things, smart homes, healthcare.

摘要：物联网 IoT (Internet of Things) 系统的快速发展给网络安全问题带来了全新挑战，亟需兼具有效性与动态性的防护手段。本研究为系统性文献综述，旨在探究物联网场景下存在的风险、协议与防护机制，并汇总了2015年至2025年间发表的75篇学术文献的研究成果。根据本次综述，物联网安全环境正处于演进之中，MQTT、CoAP、Zigbee、LoRaWAN及6LoWPAN等协议的漏洞与鲁棒性均得到了广泛研究。分布式拒绝服务攻击 DDoS (Distributed Denial-of-Service)、欺骗攻击、固件篡改及未授权访问均为公认的常见威胁，鉴于此类风险已达到较高等级，亟需采用全面的风险缓解方法。防护机制种类繁多，其中占比最高的三类分别为设备认证（42.67%）、入侵检测系统（34.67%）及基于区块链的解决方案（22.67%），它们是当前主流物联网安全架构的核心组成部分。多数研究（61.33%）未明确制定评估标准（及时延、能耗或安全评级等指标），这限制了跨研究对比的可行性，并削弱了研究方法的透明度。该领域的具体应用场景高度集中于工业物联网（Industrial Internet of Things）（32.00%）、智能家居（21.33%）及医疗物联网（Healthcare Internet of Things）（17.33%），这体现了网络安全政策的领域敏感性。尽管取得了上述进展，物联网生态系统仍需应对设备异构性、资源受限及标准化程度不足等问题，这些问题阻碍了大规模安全部署的落地。本综述倡导采用标准化架构、轻量级加密方案，并为所提出的工具提供实验支撑，以提升物联网系统的韧性。下一代研究应聚焦于跨层安全解决方案、面向行业的认证技术，以及包括人工智能 AI (Artificial Intelligence) 在内的新技术融合，以主动应对各类新型网络威胁。 关键词：物联网、网络安全、物联网协议、风险、防护机制、工业物联网、智能家居、医疗物联网。