Review The Article: Abomhara & Koien, 2015 ✓ Solved

Review the article: Abomhara, M., & Koien, G.M. (2015). Cybe

Review the article: Abomhara, M., & Koien, G.M. (2015). Cyber security and the internet of things: Vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security, 4, 65-88. Doi: 10.13052/jcsm.414 and evaluate it in approximately 800–1000 words. Address the following: What did the authors investigate, and in general how did they do so? Identify the hypothesis or question being tested. Summarize the overall article. Identify the conclusions of the authors. Indicate whether or not you think the data support their conclusions/hypothesis. Consider alternative explanations for the results. Provide any additional comments pertaining to other approaches to testing their hypothesis (logical follow-up studies to build on, confirm or refute the conclusions). Discuss the relevance or importance of the study and the appropriateness of the experimental/design approach. Include an introduction, a body with fully developed content, and a conclusion. Include a complete reference for the article and support your evaluation with at least two additional scholarly journal articles and your textbook. Use clear, concise, objective writing.

Paper For Above Instructions

Introduction

This evaluation critically reviews Abomhara and Koien’s 2015 survey of cybersecurity challenges in the Internet of Things (IoT) (Abomhara & Koien, 2015). The authors aimed to synthesize existing knowledge about IoT vulnerabilities, threat agents, intruder types, and common attack vectors. The purpose of this assessment is to summarize the article, identify the implicit research question, evaluate the evidence and arguments presented, consider alternative explanations, suggest follow-up studies, and assess the study’s relevance and methodological appropriateness.

What the Authors Investigated and How

Abomhara and Koien (2015) investigated the security landscape of IoT ecosystems. Rather than conducting primary experiments, the authors performed a narrative literature review and conceptual analysis: collating reported vulnerabilities, attacks, and threat scenarios across device layers (sensors, networks, cloud services) and classifying intruder types and attack goals. Their approach was descriptive and taxonomic, assembling examples from reported incidents and prior research to illustrate the breadth of security issues in IoT environments (Abomhara & Koien, 2015).

Hypothesis or Research Question

The paper does not state a formal hypothesis; instead, it centers on an implicit research question: What are the primary vulnerabilities, threats, intruders, and attacks affecting IoT systems, and how can these be categorized to inform security approaches? This exploratory framing is common for early-stage reviews in emerging domains (Atzori, Iera, & Morabito, 2010; Miorandi et al., 2012).

Summary of the Article

Abomhara and Koien organize the IoT security problem by device and communication layers and by attacker intent (privacy invasion, service disruption, data manipulation, resource misuse). They enumerate technical vulnerabilities (weak authentication, insecure protocols, poor bootstrapping and update mechanisms), systemic vulnerabilities (heterogeneity, lack of standards), and human/organizational factors (poor vendor practices, weak lifecycle management). The article links these vulnerabilities to representative attacks (botnets, eavesdropping, replay, physical tampering) and enumerates countermeasure categories (lightweight cryptography, secure update mechanisms, intrusion detection) while noting research and deployment gaps (Abomhara & Koien, 2015).

Authors’ Conclusions and Support

The authors conclude that IoT introduces a broad and evolving attack surface that traditional IT security controls alone cannot fully mitigate, and they call for multidisciplinary solutions including lightweight security mechanisms, better standardization, and resilience-focused design. Given the article’s role as a survey, the conclusions are supported insofar as they synthesize multiple prior reports and known incidents (e.g., device misconfiguration, Mirai-like botnets) that illustrate the stated problems (Antonakakis et al., 2017). However, because Abomhara and Koien provide a narrative rather than systematic review or empirical meta-analysis, the strength of evidence is qualitative; the conclusions are plausible and consistent with the literature but not quantitatively validated within the paper itself (Sicari et al., 2015; Roman, Zhou, & Lopez, 2013).

Alternative Explanations and Limitations

Alternative explanations for some of the identified issues could emphasize economic and market factors rather than purely technical constraints: cost-driven design decisions, time-to-market pressures, and fragmented business incentives may account for insecure IoT deployments as much as technological immaturity (Weber, 2010). Another limitation is potential selection bias in the literature and incident examples chosen; a narrative review risks over-representing high-profile attacks while undercounting less-visible mitigations. The lack of systematic inclusion criteria reduces the ability to generalize about prevalence or risk magnitude.

Suggestions for Follow-up Studies

To build on Abomhara and Koien’s taxonomy, logical next steps include: (1) systematic literature reviews or meta-analyses with predefined inclusion criteria to quantify evidence; (2) empirical measurement studies assessing the security posture of representative IoT device classes in the field (Mirai studies exemplify this approach) (Antonakakis et al., 2017); (3) threat-modeling and experiment-driven evaluations of proposed lightweight cryptographic or intrusion-detection solutions (Zarpelao et al., 2017); and (4) socio-technical research examining vendor incentives and regulatory impacts on security practices (Granjal, Monteiro, & Silva, 2015). Longitudinal studies could assess whether proposed standards and frameworks reduce incident rates over time.

Relevance and Importance

The study is highly relevant: IoT proliferation continues to expand attack surfaces across consumer, industrial, and critical infrastructure domains (Miorandi et al., 2012; Atzori et al., 2010). By synthesizing known threats and gaps, the paper helps orient researchers and practitioners to priority areas, even if it does not provide empirical validation. The work contributes to early-stage knowledge consolidation essential for setting research agendas and informing policy debates.

Appropriateness of the Design

A narrative literature review and taxonomy are appropriate for an exploratory assessment of a nascent, multidisciplinary field. For a 2015 timeframe when IoT research was rapidly emerging, the approach was justified. Nevertheless, greater methodological transparency—explicit search strategy, inclusion/exclusion criteria, and classification rules—would have improved reproducibility and reduced bias. For policy or engineering recommendations, later empirical and systematic work is required (Rose, Eldridge, & Chapin, 2015).

Conclusion

Abomhara and Koien (2015) present a clear, useful taxonomy of IoT vulnerabilities, threat actors, and attacks based on a narrative synthesis of the literature and incident reports. Their conclusions that IoT security requires tailored, multidisciplinary solutions are consistent with later empirical findings and other surveys (Sicari et al., 2015; Roman et al., 2013). The paper’s main limitations are its narrative review method and lack of explicit methodology, which constrain generalizability and quantification of risk. Follow-up empirical, systematic, and socio-technical studies are recommended to validate and extend the authors’ insights. Overall, the article is a meaningful contribution to early IoT security scholarship and remains relevant for guiding research priorities.

References

• Abomhara, M., & Koien, G. M. (2015). Cyber security and the internet of things: Vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security, 4, 65–88. doi:10.13052/jcsm.414
• Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.
• Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516.
• Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266–2279.
• Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146–164.
• Rose, K., Eldridge, S., & Chapin, L. (2015). The Internet of Things: An Overview. The Internet Society. (White paper)
• Weber, R. H. (2010). Internet of Things – New security and privacy challenges. Computer Law & Security Review, 26(1), 23–30.
• Antonakakis, M., April, T., Bailey, M., et al. (2017). Understanding the Mirai Botnet. In 26th USENIX Security Symposium (pp. 1093–1110).
• Zarpelao, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25–37.
• Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security for the Internet of Things: A survey of existing protocols and open research issues. Computer Networks, 76, 146–164.