Blockchain-inspired distributed security framework for Internet of Things (2025)

Introduction

With the ability to enable autonomous operations and communications, Internet of Things (IoT) technology is playing a vital aspect in facilitating and advancing new services in daily human lives¹. IoT technology has found widespread application across numerous industries for effective resource assessment and ubiquitous data sensation due to the proliferation of sensor technologies^2,3. An estimated 76.88 billion devices will be linked to the internet by 2025⁴. As the number of connected devices continues to elevate, the need to safeguard them from malicious cyber activity grows in urgency^5,6. As devices may be accessed ubiquitously, and with the popularity of traditional security protection techniques, existing IoT networks are susceptible to a wide variety of security attacks^7,8. IoT security issues are significantly more severe than traditional networks because of the possibility for attackers to control and harm vital infrastructures including crucial sensors, moving vehicles, and nuclear plants. A compromised device or the whole IoT network might be subject to privacy breaches if used maliciously by an attacker^9,10. Figure 1^{Footnote 1} shows the fundamental IoT security issues persisting in the IoT environment.

Potential IoT vulnerabilities.

Full size image

Research domain

To counter the multiple attacks on the IoT network, extensive study and the development of novel security defense measures are required⁸. However, due to the dispersed IoT network, it is a vital challenge to assess historical data, making it difficult to design a security attack determination mechanism that can guarantee the best possible protection for the IoT network^11,12. In addition, designing an efficient security defense system is complicated due to the heterogeneity of IoT items and the complexity of network topologies^13,14. Several challenges make the currently available techniques for detecting security attacks in the IoT mostly useless. The bulk of current approaches to detecting security breaches depend on a centralized design, with determination software installed on a single, centralized cloud server. However, as the number of linked devices elevates in the IoT network, it is unclear whether these approaches will tackle security attacks. As a result of storage limitations, expensive processing, excessive latency, and a single point of failure, the cloud server will continue to be inefficient. Detecting security attacks is a big data challenge because it needs a significant quantity of data to be gathered in real-time from devices and the inter-linked network¹⁵. The option decision for detecting attacks may be made using data collected in real-time. But with the IoT, it will take a lot of time and energy to gather and process data in real-time. Bandwidth use and delays may be artificially inflated by malicious data injection. Because of these problems, IoT threat determination is often inaccurate¹⁶.

Research motivation

Existing attack detection and determination methods often fail to prioritize privacy, which is a critical concern in modern systems. Conventional approaches frequently collect and process user data without the explicit consent of the owner, leading to privacy violations. As a result, these methods lack access to the necessary data for making accurate and reliable attack determination decisions due to growing concerns over user privacy. This gap underscores the need for novel solutions that balance privacy preservation with effective threat detection. Emerging computing paradigms, such as edge computing, offer a promising direction by bringing processing and storage closer to the devices generating the data. Edge computing typically employs a layered architecture that complements cloud computing, enabling real-time data processing at the network edge. This paradigm facilitates high-bandwidth, low-latency services, and applications, making it ideal for scenarios requiring rapid decision-making and efficient resource utilization¹⁷. Simultaneously, blockchain networks (BCN) have garnered significant attention across various industries due to their deployment in next-generation applications. BCN enables decentralized and trust-free solutions by storing data across a distributed network in the form of online ledgers¹⁸. Unlike traditional centralized systems, BCN supports decentralized program execution, allowing peer-to-peer networks to perform verifiable data exchanges without relying on a trusted third party¹. This eliminates single points of failure, making BCN a robust and secure foundation for IoT networks. In addition, BCN facilitates secure interactions between individual edge nodes, ensuring both privacy and reliability in data exchanges. Software-defined networking (SDN), on the other hand, brings flexibility and programmability to the management of network data from remote sites. By decoupling the control plane from the data plane, SDN provides centralized control over the network while enabling dynamic and efficient resource allocation^19,20. This separation enhances the scalability and adaptability of network operations, making SDN a powerful tool for managing complex IoT environments. The convergence of edge computing, BCN, and SDN offers a unique opportunity to address the limitations of existing attack determination methods. By leveraging edge computing’s real-time processing capabilities, BCN’s decentralized trust model, and SDN’s flexible network management, it becomes possible to design a secure and privacy-preserving framework for accurate attack detection and mitigation in IoT networks. Therefore, SDN decouples the choice to transfer data from its actual implementation and the logical coordinating node. A quicker reaction time for threat determination is made possible by the SDN-enabled switch in IoT security.

State-of-the-art contribution

The proposed research makes several novel contributions that distinguish it from existing studies on IoT security frameworks. These contributions address key limitations in current approaches and offer a comprehensive solution for attack detection and mitigation in IoT networks:

1.
Hybrid approach for attack detection and determination Unlike traditional methods that rely solely on centralized or distributed architectures, this study leverages a hybrid approach combining software-defined networking (SDN), edge computing paradigms, and blockchain (BCN) technology. This integration ensures robust and scalable attack detection across the IoT network.
2.
Secure and distributed IoT framework The proposed framework integrates SDN and BCN technologies to create a secure, decentralized architecture capable of efficiently identifying threats and vulnerabilities. This approach addresses the common weakness of centralized systems, such as single points of failure, and enhances the overall resilience of IoT networks.
3.
Edge-focused threat detection and mitigation In contrast to conventional frameworks that process security threats at centralized servers, the proposed framework emphasizes threat detection and mitigation at the edge layer. SDN-enabled switches facilitate real-time data analysis, enabling the identification of vulnerable segments and the prevention of attacks by disabling compromised transmissions. This edge-centric approach ensures faster response times and localized threat management.
4.
Integration of edge computing for early detection The framework incorporates edge computing into the SDN architecture, shifting attack detection to the network’s periphery. This reduces resource wastage, minimizes network bandwidth usage, and lowers latency and storage requirements, which are critical limitations of existing centralized and distributed systems.
5.
Seamless communication via blockchain technology By utilizing BCN technology, the framework ensures seamless communication between edge nodes and the cloud server. Frequent updates to the attack detection framework enable precise and adaptive threat determination over time, providing a dynamic and evolving defense mechanism.

The current study leverages SDN, edge computing, and BCN to develop a secure and decentralized framework for IoT that effectively detects attacks while addressing the limitations of existing security frameworks. By utilizing a deep learning (DL) method at the edge nodes and mitigating threats at the network’s periphery, the proposed framework is deployed on the Ethereum BCN and evaluated using the Mininet emulator for detecting IoT-based attacks. The proposed system exhibits both distributed and centralized characteristics through its integration of software-defined networking (SDN), edge computing, and blockchain network (BCN) technologies. It is distributed because threat detection and mitigation are performed at the edge layer, reducing latency, bandwidth usage, and resource wastage by processing data closer to its source. The use of edge computing ensures that computational tasks are decentralized across multiple edge nodes, while BCN facilitates seamless communication and synchronization between these nodes, enabling resilience and eliminating single points of failure. However, the system also incorporates centralized features through the SDN controller, which provides a global view of the network, manages traffic patterns, and coordinates responses to threats. The SDN control plane oversees the distributed edge nodes, ensuring efficient management and real-time identification of vulnerabilities. Additionally, the cloud server plays a centralized role in maintaining and updating the attack detection framework, ensuring all edge nodes remain synchronized and adaptive to evolving threats. This hybrid design leverages the benefits of both distributed and centralized architectures, ensuring scalability, robustness, and efficient threat detection.

Paper organization In Sect. 2, a context for IoT attack determination is presented comprehensively. Section 3 presents an overview of the proposed framework for the IoT. In Sect. 4, an experimental simulation is presented for performance assessment. Finally, Section 5 concludes the paper with future research directions.

Literature review

Several methods have been developed to identify and mitigate security attacks in IoT networks, each addressing specific challenges and introducing unique approaches. Anomaly and specification-specific techniques are discussed by Arcos et al.⁴, who also summarize potential security issues in IoT systems. However, their work lacks practical implementation and real-world validation, limiting its applicability. Banerjee et al.²¹ propose a cloud-specific, centralized determination strategy for detecting attacks. While this approach benefits from leveraging centralized resources for large-scale computation, it suffers from high latency, scalability issues, and potential privacy concerns due to the need to transmit sensitive data to a central server. Alzuabi et al.²² introduced a distributed approach utilizing novel deep learning (DL) techniques and an edge computational platform to detect cyber-attacks in decentralized networks. Although their method reduces latency and improves privacy by processing data locally, it relies heavily on the computational capabilities of edge devices, which may be insufficient in resource-constrained environments. Similarly, Derhab et al.²³ developed an intelligent technique at the edge computing level to create a distributed IoT-specific intrusion detection system (IDS). While this approach enhances scalability and decentralization, it faces challenges related to data sparsity at individual edge nodes, which can reduce the accuracy of attack detection. Chen et al.²⁴ proposed a unique classification framework to detect remote-to-local and user-to-root attacks in IoT networks. However, their framework primarily focuses on specific types of attacks, limiting its generalizability to other scenarios. Hybrid security approaches, such as the consensus-based technique by Carvalho et al.²⁵, and automatic threat forwarding methods, as discussed by Azbeg et al.²⁶, take game-theoretic and information-theoretic approaches to detect security attacks in IoT environments. While these methods provide novel insights into attack detection, they often involve high computational complexity and are challenging to implement in resource-constrained IoT networks. In addition, several works have focused on blockchain-based solutions to enhance IoT security. For example, Seok et al.²⁷ proposed a lightweight blockchain architecture tailored for IoT networks. This approach ensures data integrity and security in a decentralized manner but struggles with scalability when applied to large-scale IoT deployments. Similarly, Rathee et al.²⁸ reviewed blockchain-based intrusion detection systems (IDS) for IoT, highlighting their ability to provide decentralized trust and secure data sharing. However, these systems often require significant computational resources, making them unsuitable for resource-constrained IoT devices. Recent advancements in federated learning (FL) have also been applied to IoT security. Govindaram et al.²⁹ proposed an FL-based IDS for IoT networks, allowing edge devices to collaboratively train a global model without sharing raw data. This approach addresses privacy concerns but faces challenges related to communication overhead and heterogeneity in IoT devices. Similarly, Nazir et al.³⁰ developed a blockchain-enabled FL framework to enhance security in IoT environments. While this framework combines the strengths of FL and blockchain, its reliance on both technologies introduces additional computational and energy costs. Machine learning (ML) and deep learning (DL) techniques have also been widely explored for IoT security. For instance, Singh et al.³¹ utilized DL models to detect botnet attacks in IoT networks. While their approach achieves high accuracy, it requires a large dataset for training, which may not always be available in real-world scenarios. Similarly, Toony et al.³² proposed an ML-based intrusion detection framework for IoT. However, their centralized approach raises concerns about data privacy and scalability. Whether centralized or decentralized, intrusion detection systems (IDS) remain the standard framework for security attack determination in IoT research. As shown in Fig. 2a, a centralized IDS is deployed to detect attacks in a centralized IoT network. This approach utilizes a machine learning (ML) framework to classify attacks by processing massive amounts of data collected from the entire network. Data from heterogeneous IoT devices is transmitted to a central cloud server via a centralized station to enhance the network’s efficiency. However, this centralized design introduces several limitations. First, protecting IoT devices complicates data management, as potential data providers may hesitate to share data due to privacy concerns³³. Second, transmitting and processing vast datasets requires significant network bandwidth and computational resources, which may not always be feasible. Lastly, the reliance on a single centralized server introduces a single point of failure, making the system vulnerable to catastrophic failures. In contrast, as shown in Fig. 2b, distributed attack determination frameworks perform data gathering and processing at the edge level. Each edge node collects and processes its local data using an ML algorithm to construct its attack determination framework, which is then shared with the cloud server. This distributed approach addresses privacy concerns by ensuring that sensitive data remains at the edge and is not transmitted to the cloud. Furthermore, by training smaller data segments at the edge, this method reduces computational costs, offloads data storage requirements, and provides quicker response times as computations occur closer to the data source. However, distributed frameworks also have limitations. The centralized server, acting as the single point of control, remains a vulnerability, as it could become a bottleneck or a single point of failure. Additionally, edge nodes require sufficient data to make accurate attack determinations. When data availability is limited-either due to a small number of connected devices or privacy restrictions-the accuracy of attack detection decreases significantly. To address these challenges, the current study improves upon the distributed attack determination technique by introducing a novel decentralized attack determination framework. The proposed design eliminates the single point of failure by granting each edge node full autonomy over its threat determination framework. This framework is shared with adjacent edge nodes and the cloud server, ensuring data availability and redundancy. By doing so, the proposed solution enhances the accuracy of attack detection, even in scenarios where data availability is limited. Furthermore, the framework provides an effective solution for the edge computing paradigm by enabling reliable attack determination in resource-constrained environments with insufficient data instances.

Conceptualized attack determination framework; (a) centralized; (b) distributed.

Full size image

Research gaps

Based on the comprehensive literature review, following research gaps have been identified.

1.
Existing solutions struggle to scale in resource-constrained IoT environments due to limited computational and energy resources.
2.
Techniques like federated learning and edge computing still risk leaking sensitive data via shared parameters or metadata.
3.
Centralized systems face single points of failure and bottlenecks, requiring fully decentralized frameworks.
4.
Edge-based methods suffer from sparse data at individual nodes, reducing detection accuracy.
5.
Current methods focus on specific attack types, lacking adaptability to dynamic and diverse IoT threats.

Proposed framework

The proposed framework, named BSIN, is designed and developed with the use of Ethereum BCN technology, which allows for decentralized and cooperative attack determination through peer-to-peer transactions across edge nodes via a smart contract. In addition, the new framework makes use of the SDN and edge computing paradigm to allow rapid reaction to threat determination and mitigation. An effective network framework is provided as a framework, which combines the benefits of BCN technology with SDSN. Security concerns in a distributed network may be reduced with the help of the proposed SDN-specific distributed framework for an edge computational framework that can enable security at the edge layer. Figure 3 shows the technical overview of the proposed framework.

Proposed framework.

Full size image

BSIN is a revolutionary distributed and cooperative attack determination framework for the IoT network. The presented BSIN framework’s architectural overview and process are detailed ahead.

BSIN overview

The suggested framework is a three-tiered framework consisting of the sensing, edge, and cloud layers. Varied smart devices and dispersed sensory nodes make up the sensing layer, which keeps tabs on public infrastructure’s varied settings and activities. Massive amounts of sensing data are generated and sent to the edge layer. At network-edge, SDN-specific switches with low power consumption and high throughput. Each SDN-enabled edge layer switch has several on-premises sensors that it is responsible for processing and analyzing. The edge layer processes data and then reports it, which is made up of many SDN controllers. Each edge layer SDN controller is linked to a group of SDN switches and can analyze data to spot patterns. The SDN controller is used for rule updation to the respective nodes based on an observed aberrant data flow, and for directing the switched nodes to identify attacks with minimal delay. In addition, for large anomaly monitoring and data assessment, every SDN controller broadcasts results to the cloud layer.

Research methodology flowchart

The suggested framework uses a bottom-up workflow, with operations beginning at the sensing layer and progressing upwards to the cloud. In the sensing layer, every SDN-enabled edge layer tracks the patterns of the IoT devices and relays that information to the corresponding node. The SDN controller learns and analyses the data traces to spot malicious data flows from the sensor nodes. To determine if incoming data is malicious, the controller assesses factors such as the number of characteristics and previously observed data patterns. Once the analysis is complete, the SDN controller is used to configure the switch’s data transmission rules. The SDN controller then dynamically assigns the flow rules to the appropriate switches. The switches perform differently based on IoT data as per rules provided by the SDN controller. These measures include slowing the flow’s speed or obstructing it entirely. In addition, each edge node periodically updates the SDN controller on the cloud computing layer if it detects any noteworthy patterns or occurrences. As a result, decisions regarding IoT data flow from anywhere may be made by the cloud-specific SDN controller, which has access to data on events and trends from several edge nodes. Therefore, the SDN controller can monitor for comparable events across clusters and make inferences about attacks on IoT devices throughout its network, while requiring no action from end users. More specifically, the suggested framework includes a BCN-specific attack determination and mitigation module, a data flow analyzer, a data flow classifier, and a data flow controller at the edge node. The first two parts help build a custom attack determination framework for the edge node by spotting suspicious data patterns, while the third part uses BCN technology to dynamically update the attack determination framework. Finally, the attack mitigation module takes advantage of the attack determination framework to prevent attacks at the edge layer.

Analyzer of data patterns

Dynamically monitoring data from a wide variety of IoT devices, the data flow analyzer logs data inculcating device utility at different periods, bandwidth utility, requests transmitted from a device, and request source. Data acquired under normal conditions is verified as “legitimate” and then used to train a system to distinguish between fake and real data. Attacks in the IoT network may be identified with the use of a data flow analyzer that includes a blacklist of source IP addresses and information about known vulnerabilities in IoT devices and attack patterns. As a result, the data flow classifier benefits from the data flow analyzer’s insights into both harmful and valid data. To categorize the attack data at the edge node, the data flow classifier must first prepare the attack determination framework. Each edge node runs an ML methodology on the data collected by its data analyzer to generate a trained framework. The suggested framework takes advantage of the ML classification method of DL.

Identifying threats

The main purpose is to perform an updation of the attack determination framework at the edge level depending on the attack determination framework from other edge nodes, using the attack determination framework received by the data flow classifier. The improved attack determination framework tells the SDN switches to identify attacks and allows efficient attack determination. A unique method, as shown in Fig. 4, is provided for dynamically updating the attack determination framework. The suggested method requires management and agents to function. The frameworks for detecting attacks in an edge network are managed by a manager. It specifies things like the format of the incoming data and the expected results from the attack determination frameworks that are data-driven. The proposed method calls for a centralized cloud server to manage the delivery of the test dataset, estimate the precision of the proposed framework from the edge node, and define the financial commitments for the proposed framework. The overall framework of the attack determination concept is suggested by the central cloud server. On the other hand, agents are the entities in charge of processing and verifying the distributed attack determination framework. In this paper’s suggested method, an edge node may perform either a processing or proofreading function. The edge node’s responsibility as a processing agent includes running an ML algorithm on its local data to build the attack determination framework. The proofing agent ensures the accuracy of the created attack determination framework via verification and testing. Transactions executed on the Ethereum BCN provide communication between the manager, processing agent, and proofing agent. The manager begins by outlining the attack determination duties that will be data-driven, including the format of input data, the expected results from attack determination frameworks, and the financial compensation that will be promised. Data-driven tasks guide the processing agents as they use an ML technique to train the private data in preparation for an attack determination framework. To ensure that the fusion of attack determination frameworks has enhanced overall attack determination job performance, the prepared attack determination is made available to proofing agents. The processing agents’ contributions are also assessed by the proofreaders. Each proofreading agent’s contribution to the whole is calculated by a majority vote. The management will pay each processing agent based on the percentage of the overall contribution. The management also rewards the proofreaders monetarily for the time. Once the management has paid the processing and proofing agents according to the smart contract on the Ethereum BCN, they will have access to the attack determination frameworks that were awarded. Later, the manager may apply the same method that the proofing agents did to generate a fused attack determination framework from the separate frameworks. The Ethereum BCN was implemented in the suggested method using the truffle development suite, the Web3.js API, and the Oraclize API. In addition, solidity-specific smart contracts were developed to execute BCN transactions across nodes in the decentralized network. The smart contracts carry out a pair of operations as shown in Fig. 5. The manager kicks off the attack determination procedure by outlining the duties that rely on data, including the format of the input data, the precision with which the output is expected to be, and the financial compensation that will be provided.

Proposed BCN-inspired IoT attack determination.

Full size image

Workflow of the proposed framework.

Full size image

Processing agents become ready for data-driven activities by training threat determination frameworks off-chain using local data. In addition, they store the hash values representing the parameters of their threat determination frameworks on the decentralized IFPS file system. To publicize the finished frameworks, the IPFS hash values are brought into the application. After receiving the attack determination frameworks that have been broadcast, the proofing agents will evaluate them off-chain before announcing their findings in the application. The second step involves the usage of the Web3.js API to collect the proofing agents’ evaluations, followed by a comparison of those evaluations to the manager-specified minimized fitness ratio. The payment function on the Ethereum BCN is used to send the Ethers for most assessments that are greater than MAFR directly to the accounts of the related processing agency. The overall steps are depicted as Algorithm 1. The general complexity of the procedure is represented as

$$\begin{aligned} O(N \cdot n_i \cdot \text {MLC} + M \cdot N \cdot |T| + N) \end{aligned}$$

Dynamic attack determination framework updation.

Full size image

The Dynamic attack determination framework updation algorithm is a decentralized approach to building a robust attack detection system by leveraging multiple agents-processing agents and proofing agents. The process begins with task initialization, where the manager defines key parameters such as the format of input data (D), expected precision ($P_{\text {expected}}$), and financial rewards ($C_p$ for processing agents and $C_{pr}$ for proofing agents). These parameters, along with the task specifications, are broadcast to all edge nodes to ensure clarity and readiness for the task. In the next step, processing agent framework creation, each processing agent independently trains a local attack determination framework ($F_i$) using machine learning on its private data ($L_i$). These locally trained frameworks are hashed ($H(F_i)$) and stored on a decentralized storage system like IPFS to ensure transparency and immutability. The hashes are then published, enabling proofing agents to retrieve the frameworks for validation. During the proofing agent validation step, each proofing agent retrieves the frameworks from IPFS and evaluates their precision ($P_i$) using a centralized test dataset (T). The precision is compared against a predefined Minimum acceptable fitness ratio ($\text {MAFR}$) to determine the validity of each framework ($\text {Valid}(F_i)$). The validation results are then broadcast to the system, ensuring accountability and quality control. Following validation, the manager evaluation and fusion step involves collecting the validation results and fusing all valid frameworks ($F_i$ with $\text {Valid}(F_i) = 1$) into a single framework ($F_{\text {fused}}$). The manager ensures that the fused framework meets the expected precision threshold ($P_{\text {fused}} \ge P_{\text {expected}}$), guaranteeing its effectiveness for real-world application. Subsequently, during the financial compensation step, the manager calculates and distributes rewards to both processing and proofing agents. Processing agents are compensated based on their framework’s contribution to the fused model, while proofing agents are rewarded based on the time spent validating the frameworks. These payments are executed via Ethereum smart contracts, ensuring transparency and automation. Finally, in the deployment phase, the fused framework ($F_{\text {fused}}$) is deployed to SDN (software-defined networking) switches for real-time attack detection. The algorithm is characterized by its decentralization, transparency, quality assurance, incentivization, and robustness. The use of multiple agents ensures scalability and reliability, while the fusion of frameworks creates a highly accurate attack detection system. Additionally, the use of IPFS and Ethereum smart contracts enhances trust and accountability throughout the process.

Framework fusion

The development of the suggested technique necessitates a reliable methodology to fuse the vulnerability of the various computing node to generate a highly effective attack determination framework. Each node in the processing chain uses its private data to create a DL technique to identify attacks. Managers and proofreaders alike need a model-fusing method they can trust. There is an ongoing investigation into multi-framework fusion in the area of machine learning. Multiple DL framework fusion algorithms have been suggested in the research literature. Score fusion relies on the predictive measures from the trained framework to produce a fused framework, while feature fusion uses latent attributes produced by each framework to perform the fusion. Early fusion was determined as the best strategy as it demonstrated enhanced effectiveness in accumulating DL frameworks. This is because DL provides outstanding performance at attribute representation. In addition, DL enables the training of big data by mapping the raw data to a more abstract attribute set, while keeping CPU and memory overhead to a minimum. DL achieves high performance in vulnerability determination in IoT networks. The suggested method takes advantage of DL’s early fusion under the following conditions:

1.
The computing nodes are rational and will use consistent data with manager-specific attributes.
2.
The attack determination procedure is a DL categorization task.
3.
Every computing node prepares its categorization technique as per the manager-specific vulnerability determination task.

Mathematical analysis

With data elements denoted by b as b₁,b₂,...,b_m for DL framework B_l, where m input neuron denotes the encoding procedure as

$${\text{g}}_{{\text{1}}} {\text{ = H (x}}_{{\text{1}}} {\text{b + c)}}$$

where H() indicates the activator function and x₁ and c indicates the corresponding weight and bias respectively. The sigmoid function is used as the activator function and is described as

$${\text{H}}({\text{a}}) = \frac{1}{{[1 + e^{{( - {\text{a}})}} ]}}$$

In a DL framework, the network parameters x₂ and c₂ are trained using the first hidden layer’s output, or g₁, as an input to the second hidden layer, or g₂. The feature that was recovered from the second hidden layer is shown as g₂. To train network parameter x_m, the training method is repeated until the provided m^th hidden layer, g_m. Moreover, the network parameters are updated using the graded decedent procedure. Following the aforementioned technique, each attack determination framework B_l is trained, and the features of all frameworks (g₁,..., g_n) are then retrieved from the final hidden layer of each framework. The early fusion of all attack determination frameworks B₁, B₂,..., B_m is carried out based on the extracted features, as shown in Fig. 6. A weighted sum is calculated to acquire respective measures of the adjacent layer. In Fig. 6, the feature vectors of each l^th framework are concatenated to create a concatenated feature g_d, which is then used to fuse the n shared frameworks. The hidden layer G with the size is then determined using the weighted sum of the concatenated feature vector g_d. The hidden layer output G and the final output Z are determined by two completely linked weight matrices X₁ and X₂, respectively. Both weight matrices are first initialized randomly, and the back-propagation technique is used to determine the optimal values for both matrices.

Framework fusion strategy.

Full size image

$${\text{G}}_{{\text{j}}} = \sum\nolimits_{{l = 1}}^{{g_{{\text{d}}} }} {X_{{{\text{kj}}}}^{{\text{Q}}} .g_{{\text{d}}} }$$

where g_d is attribute vector and X₁ is weighted matrix. To compute the final output Z, the function of softmax is used as shown ahead.

$${\text{Z}}_{{\text{j}}} = \frac{{e^{{{\text{X}}_{{2{\text{lj}}}}^{{\text{Q}}} .{\text{G}}_{{\text{l}}} }} }}{{\sum\nolimits_{{l = 1}}^{f} {e^{{{\text{X}}_{{{\text{2lj}}}}^{{\text{Q}}} .{\text{G}}_{{\text{l}}} }} } }}$$

where X₂ is the weighted matrix.

Attack mitigation

This security component is in charge of notifying the switch to take necessary action in the event of an unusual event by establishing appropriate flow rules dynamically through the SDN controller, based on the attack determination framework from the preceding component. In the IoT, there are 3 main categories of anomalous events. The types of attacks are: Remote to local (an attacker poses as a local user to gain access to the victim network or host machine); User to root (a malicious user might escalate his/her privilege from limited access to root user access using various traditional exploitation techniques), and denial of service (the attacker uses the local user’s network access to make the service unavailable). The input attributes used by the proposed attack determination framework help us create the best flow rules for preventing and responding to these out-of-the-ordinary occurrences. Table 1 shows the 4 types of characteristics, and the data types as specified by the NSL-KDD dataset used in the current study. It is possible to divide the rule-setting work into three categories, depending on the input features. The SDN controller applies a set of rules when data is identified as suspicious or an attack flow, and sets the rules for notifying the switch to pass the data flow without interruption if the attack determination framework classifies the data flow as normal data. At first, the switch is programmed to immediately and completely halt any suspect communications. The second step is to block the attacker’s IP address. As an added layer of protection, the cloud-specific SDN controller is informed of the blacklisted source and applies the blacklisting. It makes it impossible for the attacker to spread the malicious code to additional nodes in the IoT network. The updated rules in the cloud-specific SDN controller aid in preventing attacks on specific types of devices. When the pattern of the data flow is not detected by the attack determination framework, the SDN controller instructs the switch to reduce the rate of data to mitigate the impact of vulnerable data.

Full size table

Experimental simulation

The computational performance of the proposed BSIN framework is evaluated. The vSwitches and computational nodes were emulated using the Mininet emulation environment for the assessment. Mininet was installed on a Linux server comprising 16 workstations, each equipped with an Intel Core i9-11900K CPU, 32GB of DDR4 RAM, and a 1TB NVMe SSD. POX was used as SDN controller to build the machine learning (ML) classification used to analyze data behavior and determine potential attacks. The edge node controllers were hosted on virtual machines running Ubuntu 20.04 LTS on the Linux server. For cloud infrastructure, Amazon’s EC2 cloud data center was utilized, with instances configured as t3.large, featuring 2 vCPUs and 8GB of RAM. The proposed framework integrates Ethereum Blockchain Network (BCN) technology, including an oracle operating on the private chain through the Ethereum Bridge’s broadcast mode. The blockchain network was configured with a block gas limit of 12,500,000 and a block time of 15s. The application was compiled and deployed using the Truffle development suite (v5.6.0) and Solidity (v0.8.17) for smart contract development. This setup ensures a robust and scalable environment for evaluating the framework’s performance under realistic conditions.

Assumption

In the experimental assessment, it is assumed that the manager would launch data-driven activities and the individual processing agents would build attack determination frameworks using DL algorithms applied to the private data. At certain intervals, the processing agents would notify the proofing agents with the latest attack determination framework. The management compensated the processing agents monetarily based on the evaluation’s findings and used the agent’s attack determination framework. For simulations, confidential information from the intrusion determination dataset NSL-KDD^{Footnote 2} is incorporated into each processing agent. The confidential information revealed typical and malicious patterns emanating from IoT gadgets. Furthermore, 10 edge nodes are assumed to serve as processing agents, and the remaining 5 serve as proofreading agents. The training and test sets for each processing agent totaled 600 instances. To ensure consistency, the management sent an identical data set to each proofreading agent. Table 2 displays the breakdown of information among our processing and proofreading agents.

Full size table

Computational parameters

Accuracy, positive predictive value, F-measure, determination time, mean correlation coefficient, determination rate, and the area under the curve were used to evaluate the performance of the proposed framework. Using these criteria, the presented decentralized framework is compared to 2 established techniques including the cloud-specific centralized and edge-specific dispersed framework to determine overall effectiveness.

Analysing the relative efficiency

The cloud-centric centralized framework and the edge-specific distributed framework were contrasted with the suggested decentralized framework. DL methodology is used for detecting attacks on the Amazon EC2 cloud as part of the centralized framework. To execute attack determination in a distributed framework, DL methodology at the edge node. A comparison of the proposed decentralized framework’s performance to that of the centralized and distributed frameworks in terms of standards evaluation metrics is shown in Fig. 7. Figure 7 shows that the distributed framework performed better than the centralized framework and that the decentralized framework performed better. attack determination is handled differently between centralized and distributed frameworks. In the former, the cloud server processes data from IoT devices, while the latter performs attack determination at the edge level by processing data from IoT devices connected to each edge node. On the other hand, the proposed framework uses BCN technology to dynamically update the attack determination framework on each edge node, resulting in enhanced attack determination capabilities. In addition, a plot of the determination time fluctuations vs the total data flow is shown in Fig. 8. All three techniques suffer from the same issue, where determination time grows as data rises. The decentralized design consistently outperformed the dispersed and centralized designs in terms of determination speed. Because the edge node, closer to the IoT devices, develops the attack determination framework and routinely changes the flow rule in the SDN switch at the edge for attack determination, the decentralized design reduces the time it takes to detect an attack. Figures 9 and 10 also plot accuracy changes vs total data flow. More information is available for the attack determination DL classification job as data volumes rise, improving the efficacy of all designs. In contrast to the distributed and centralized systems, the decentralized framework makes use of BCN technology to dynamically update the threat determination framework at each edge node. Overall, the decentralized framework outperforms the centralized and distributed frameworks when it comes to detecting security attacks in the IoT network, suggesting that decentralized attack determination utilizing BCN technology is an effective approach for detecting attacks in smart IoT networks like the self-driving car, where more precise and timely decisions are required.

Performance comparison.

Full size image

Performance comparison: data vs determination delay.

Full size image

Performance comparison: data vs accuracy.

Full size image

Performance comparison: determination of TCP flood attack.

Full size image

Scenario analysis

Three types of attacks are investigated as use case scenarios to gauge the efficacy of the proposed framework for attack determination and mitigation including ICMP, TCP, and DDoS attacks.

TCP flooding attack: The attacker node targets the IoT device in a TCP flooding attack. In this case, the node is attempting a DoS attack using TCP flooding on the target device. The centralized and distributed methods are used along with the suggested decentralized method to identify and mitigate the TCP flooding attack in this situation. In the scenario, bandwidths are computed for devices. The performance of the device decreases as the bandwidth usage increases due to a large number of TCP-SYN packets. As can be shown in Fig. 11, the presented decentralized method restores bandwidth to the device after detecting suspicious activity at t=16s and blocking the suspicious flow at t=13s. As a result, the attack is neutralized and the system is back to normal in around 5s. When compared to the recovery times of 5s and 8s for the centralized and distributed systems, respectively, the suggested framework is shown to be faster at mitigating the TCP flooding attack.

Performance comparison: determination of ICMP flood attack.

Full size image

ICMP flooding attack An attacker hacks an IoT device and then uses it to conduct an attack in the IoT network using an ICMP flooding attack. In the proposed framework, a malicious node infects an IoT device, which then causes a flood of data and unexpected behavior. As a result, an ICMP flooding attack is attempted using the device. Devices get and share 2 Mbps of bandwidth. Bandwidths of 0.6 Mbps and 0.4 Mbps are used by devices. IoT device begins sending a barrage of ICMP packets to a predetermined destination after a delay. The abnormally large number of ICMP packets indicates that the IoT device has been breached since it reduces the throughput of device B even more. In Fig. 12, it can be seen that the presented decentralized method successfully detected the hacked device at t=6s and that the ICMP data was completely halted by t=10s. In addition, valid TCP data has been restored to the device, and the recovery duration is around 6s. Both the centralized and distributed designs were 9s and 10s slower than the suggested decentralized strategy while protecting against the ICMP flooding attack.

Performance comparison: determination of DDoS flood attack.

Full size image

DDoS attack Multiple hacked IoT devices conduct a DDoS attack. In the experiment, an attacker node compromise other devices. The two infected machines now function as a botnet and launch a distributed denial-of-service attack. At first, the bandwidth of IoT devices rises from 0.3 to 0.5Mbps at t=13s, as shown in Fig. 13. Then, at t=13s, a second device is breached, increasing its bandwidth from 0.3 to 0.9Mbps. The presented distributed system quickly identified the hacked devices after detecting the sudden spike in data. At times t=9s and t=16s, data was stopped on devices, respectively. In this case, hacked device launches a DDoS attack but is eventually discovered and shut down. Unfortunately, the infected device begins attacking after a short delay. Thus, the system is returned to its usual condition after being temporarily disrupted by two consecutive attacks. In Fig. 12, we can see that the typical recovery time for the distributed system is 4s. However, restoring the system to normalcy in a centralized design takes 5s on average, but in a distributed framework it takes 7s and 13s, respectively. Table 3 displays our findings that, across all three attack scenarios, decentralized frameworks need less time to mitigate attacks. This may be because the decentralized framework uses BCN technology to dynamically update the attack determination framework at each edge node, allowing for more precise and faster updating of the flow rule in the SDN switch at the edge for attack mitigation. In conclusion, when speedy mitigation of an attack is essential, as it is in a smart IoT network like that of a self-driving vehicle, the decentralized design offers an efficient means.

Computational complexity.

Full size image

Full size table

Costs associated with BCN operations

We used BCN functionality to assess the proposed framework’s overall complexity. Additional overhead is introduced into the suggested framework due to the BCN operation compared to both centralized and distributed alternatives. In Fig. 13, we can see how much average CPU and memory the edge nodes used while running the BCN. To commit and pack the transactions into new blocks in the BCN, edge nodes need somewhat more memory and CPU resources than regular nodes. It is acceptable to tolerate some additional cost if it means that the suggested decentralized design can outperform both centralized and distributed systems in terms of accuracy and determination time.

Delay analysis

This section presents the delay analysis of the proposed BSIN framework, focusing on the key components: edge nodes, blockchain, SDN, and machine learning (ML) in a single integrated scenario. The analysis evaluates the time taken by each component to process and transmit data, contributing to the overall system delay. The results provide insights into the performance of the framework under realistic conditions.

1.
Edge node processing delay Edge nodes are responsible for collecting and preprocessing data before transmitting it to the blockchain and SDN controllers. The average delay observed during data preprocessing and transmission was 12.3 ms. This delay includes data collection from sensors, initial filtering, and forwarding to the next layer. The low latency is attributed to the proximity of edge devices to the data sources and the efficient utilization of local computational resources.
2.
Blockchain transaction delay The blockchain component introduces a delay due to the time required for transaction validation, block creation, and propagation. Using Ethereum BCN technology with a private chain configured via the Ethereum Bridge, the average transaction delay was measured at 57.8 ms. This includes the time for smart contract execution, oracle communication, and block confirmation. The delay is relatively low for a blockchain system, as the private chain avoids the congestion typical of public networks while maintaining security and transparency.
3.
SDN controller delay The SDN controller, implemented using POX, manages traffic flow and attack determination based on the ML classification. The delay introduced by the SDN controller was measured at 21.4 ms, including the time for packet inspection, flow rule generation, and communication with vSwitches. The delay remains within acceptable limits due to the lightweight nature of POX and the efficient integration with the Mininet emulation environment.
4.
Machine learning classification delay The machine learning model, deployed for attack detection, introduces a computational delay due to feature extraction and classification. The ML model, trained using a supervised learning algorithm, achieved an average classification delay of 9.6 ms. This low delay is a result of optimized model inference and the use of high-performance hardware, including Intel i9 CPUs and ample RAM.
5.
Total system delay The cumulative delay of the entire system, combining edge node processing, blockchain transaction, SDN controller operation, and ML classification, was calculated as 101.1 ms as shown in Fig. 14. The breakdown of delays is as follows:
- Edge node processing: 12.3 ms
- Blockchain transaction: 57.8 ms
- SDN controller: 21.4 ms
- ML classification: 9.6 ms

The total delay demonstrates the efficiency of the proposed BSIN framework in handling real-time attack detection and mitigation. The delay remains well within the acceptable range for time-sensitive applications, ensuring that the framework is suitable for deployment in dynamic and distributed environments. The delay analysis highlights the effectiveness of the BSIN framework in integrating edge computing, blockchain, SDN, and ML for real-time attack detection. Each component contributes minimally to the overall delay, ensuring a fast and reliable response to potential threats. The results validate the scalability and practicality of the proposed framework in real-world scenarios.

Delay assessment.

Full size image

Reliability

This section presents the reliability analysis of the proposed BSIN framework, comparing its performance with three other state-of-the-art models, including Chen et al.²⁴, Carvalho et al.²⁵, and Azbeg et al.²⁶. Reliability is evaluated based on metrics such as detection accuracy, false positive rate (FPR), and overall system robustness under varying attack scenarios. The results demonstrate that the proposed framework outperforms existing models in all key metrics, highlighting its effectiveness in real-world applications. The reliability of the models is assessed using the following:

1.
Detection accuracy: The percentage of correctly identified attacks.
2.
False positive rate (FPR): The percentage of benign traffic misclassified as attacks.
3.
System robustness: The ability to maintain performance under high network traffic and large-scale attack scenarios.

The results for each model, including the proposed framework, are summarized in Table 4.

Full size table

Analysis

1.
Detection accuracy The proposed BSIN framework achieves the highest detection accuracy of 98.7%, outperforming Carvalho et al.²⁵ (95.6%), Azbeg et al.²⁶ (94.8%), and Chen et al.²⁴ (93.5%). This improvement is due to the integration of optimized ML classification and blockchain-based data validation, which enhances the ability to detect diverse attack patterns effectively.
2.
False positive rate (FPR) The BSIN framework records the lowest FPR at 1.2%, significantly lower than Chen et al.²⁴ (4.8%), Carvalho et al.²⁵ (3.2%), and Azbeg et al.²⁶ (3.5%). This reduction is attributed to the use of advanced ML models trained on a comprehensive dataset and the inclusion of SDN-based flow monitoring, which minimizes misclassifications.
3.
System robustness Under high traffic loads and large-scale attack scenarios, the BSIN framework demonstrates superior robustness, with only 5% performance degradation. In contrast, Chen et al.²⁴ and Azbeg et al.²⁶ exhibit moderate robustness with 15% and 12% degradation, respectively, while Carvalho et al.²⁵ suffers from high degradation of 20%. The improved robustness of the BSIN framework is a result of its efficient resource utilization at the edge nodes and its decentralized architecture, which reduces bottlenecks.

The reliability analysis confirms that the proposed framework outperforms the latest related works in terms of detection accuracy, false positive rate, and system robustness. By leveraging the integration of edge computing, blockchain, SDN, and ML, the proposed framework ensures a more reliable and efficient solution for real-time attack detection and mitigation in dynamic network environments. These results validate the superiority of the proposed model and its potential for deployment in practical scenarios.

Conclusion

This research presents a distributed security framework for IoT networks, designed to effectively detect and prevent security breaches. The proposed framework introduces three key innovations to enhance IoT security. First, the framework uses software-defined networking (SDN) to continuously monitor and analyze data across the entire IoT network, addressing the issue of insufficient data for security assessment and ensuring robust defense against breaches. Second, to overcome the shared vulnerability of centralized and distributed architectures to single points of failure, the framework incorporates blockchain (BCN) technology. This enables decentralized attack detection, enhancing resilience and reliability. Finally, the framework adopts a layered architecture, where attacks are initially detected at edge nodes and subsequently mitigated. This approach significantly reduces detection and response times. Experimental analysis demonstrates that the proposed decentralized security framework outperforms traditional centralized and distributed systems in terms of detection accuracy (98.7%), flase positive rate (1.2%) and response time (101.1ms). The results highlight the framework’s potential to be integrated into IoT networks as a security determination component, capable of monitoring, analyzing, and mitigating potential threats in real time.

Data availability

The data used to support the findings of this study are available from the corresponding author upon request.

Notes

References

Abbassi, Y. & Benlahmer, H. BCSDN-IoT: Towards an IoT security architecture based on SDN and blockchain. Int. J. Electr. Comput. Eng. Syst. 13(2), 155–163 (2022).
MATH Google Scholar
Al-Barazanchi, I. et al. Blockchain-technology-based solutions for IoT security. Iraqi J. Comput. Sci. Math. 3(1), 53–63 (2022).
Google Scholar
Salunke, M. B. Review of authentication algorithms for physical layer attacks. In 2021 6th International Conference on Inventive Computation Technologies (ICICT), 126–134 (IEEE, 2021).
Arcos, J., Morejón, E., Martínez, D., Parra, C. & Cruz, J. Use of blockchain in IoT devices security: A systematic mapping study. Lect. Notes Netw. Syst. 405, 83–98 (2022).
Google Scholar
Deng, Y., Wang, Y., He, X., & Feng, H. An inter-domain transmission path selection approach of multi-controller sdn network based on fpga. In 2018 14th International Conference on Computational Intelligence and Security (CIS), 66–70 (IEEE, 2018).
Abdulqadder, I. H., Zhou, S., Zou, D., Aziz, I. T., & Akber, S. M. A. Bloc-sec: Blockchain-based lightweight security architecture for 5G/B5G enabled SDN/NFV cloud of IoT. vol. 2020, 499–507 (2020).
Salameh, A. I. & El Tarhuni, M. From 5G to 6G-challenges, technologies, and applications. Futur. Internet 14(4), 117 (2022).
MATH Google Scholar
Alfandi, O., Khanji, S., Ahmad, L. & Khattak, A. A survey on boosting IoT security and privacy through blockchain: Exploration, requirements, and open issues. Clust. Comput. 24(1), 37–55 (2021).
MATH Google Scholar
Ali, F. & Mathew, S. An efficient multilevel security architecture for blockchain-based IoT networks using principles of cellular automata. PeerJ Comput. Sci. 8, e989 (2022).
PubMed PubMed Central MATH Google Scholar
Shibly, K. H., Dey, S. K., Islam, M.T.-U. & Rahman, M. M. Covid faster R-CNN: A novel framework to diagnose novel coronavirus disease (covid-19) in x-ray images. Inform. Med. Unlocked 20, 100405 (2020).
PubMed PubMed Central Google Scholar
Jamal, M. S., Hirwe, A., & Kataoka, K. VIBHAJAN: A lightweight and scalable control plane management for multi-controller SDN. In 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 1–7 (IEEE, 2018).
Alshamrani, S. S. & Basha, A. F. IoT data security with DNA-genetic algorithm using blockchain technology. Int. J. Comput. Appl. Technol. 65(2), 150–159 (2021).
MATH Google Scholar
Lai, F., Dai, Y., Singapuram, S., Liu, J., Zhu, X., Madhyastha, H., & Chowdhury, M. Fedscale: Benchmarking model and system performance of federated learning at scale. In International Conference on Machine Learning, 11814–11827 (PMLR, 2022).
Pawar, P., Yadav, S. M. & Trivedi, A. Performance study of dual unmanned aerial vehicles with underlaid device-to-device communications. Wirel. Pers. Commun. 105(3), 1111–1132 (2019).
MATH Google Scholar
Rahman, A., Hasan, K., & Jeong, S. -H. An enhanced security architecture for industry 4.0 applications based on software-defined networking. In 2022 13th International Conference on Information and Communication Technology Convergence (ICTC), 2127–2130 (IEEE, 2022).
Al-Madani, A. M., & Gaikwad, A. T. IoT data security via blockchain technology and service-centric networking, 17–21 (2020).
Gonzalez-Amarillo, C., Cardenas-Garcia, C., Mendoza-Moreno, M., Ramirez-Gonzalez, G. & Corrales, J. C. Blockchain-IoT sensor (Biots): A solution to IoT-ecosystems security issues. Sensors 21(13), 4388 (2021).
ADS PubMed PubMed Central MATH Google Scholar
Du, M. et al. Spacechain: A three-dimensional blockchain architecture for IoT security. IEEE Wirel. Commun. 27(3), 38–45 (2020).
MATH Google Scholar
Dorri, A., Kanhere, S. S., Jurdak, R., & Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. 618–623 (2017).
El Aidi, S., Hamza, F.Z., Beloualid, S., Bajit, A., Chaoui, H., & Tamtaoui, A. Applying advanced wireless network cluster-tree topology to optimize COVID-19 sanitary passport blockchain-based security in a constrained IoT platform. In Internet of Things, 323–338 (2022).
Banerjee, M., Lee, J., Chen, Q., & Choo, K. -K. R. Blockchain-based security layer for identification and isolation of malicious things in IoT: A conceptual design. vol. 2018 (2018).
Alzuabi, W., Ismail, Y., & Elmedany, W. Privacy and security issues in blockchain based IoT systems: Challenges and opportunities, 258–265 (2022).
Derhab, A. et al. Blockchain and random subspace learning-based ids for SDN-enabled industrial IoT security. Sensors (Switzerland) 19(14), 3119 (2019).
ADS Google Scholar
Chen, C.-L., Lim, Z.-Y. & Liao, H.-C. Blockchain-based community safety security system with IoT secure devices. Sustainability (Switzerland) 13(24), 13994 (2021).
MATH Google Scholar
Carvalho, K. & Granjal, J. Security and privacy for mobile IoT applications using blockchain. Sensors 21(17), 5931 (2021).
ADS PubMed PubMed Central MATH Google Scholar
Azbeg, K., Ouchetto, O. & Jai Andaloussi, S. Blockmedcare: A healthcare system based on IoT, blockchain and IPFS for data management security. Egypt. Inform. J. 23(2), 329–343 (2022).
MATH Google Scholar
Seok, B., Park, J. & Park, J. H. A lightweight hash-based blockchain architecture for industrial IoT. Appl. Sci. 9(18), 3740 (2019).
MATH Google Scholar
Rathee, G., Kerrache, C. A. & Ferrag, M. A. A blockchain-based intrusion detection system using viterbi algorithm and indirect trust for iiot systems. J. Sens. Actuator Netw. 11(4), 71 (2022).
Google Scholar
Govindaram, A. Flbc-ids: A federated learning and blockchain-based intrusion detection system for secure IoT environments. Multimed. Tools Appl. https://doi.org/10.1007/s11042-024-19777-6 (2024).
Article Google Scholar
Nazir, A., He, J., Zhu, N., Anwar, M. S. & Pathan, M. S. Enhancing IoT security: A collaborative framework integrating federated learning, dense neural networks, and blockchain. Clust. Comput. 27, 1–26 (2024).
MATH Google Scholar
Singh, N. J., Hoque, N., Singh, K. R. & Bhattacharyya, D. K. Botnet-based IoT network traffic analysis using deep learning. Secur. Priv. 7(2), e355 (2024).
MATH Google Scholar
Toony, A. A., Alqahtani, F., Alginahi, Y. & Said, W. Multi-block: A novel ml-based intrusion detection framework for SDN-enabled IoT networks using new pyramidal structure. Internet Things 26, 101231 (2024).
Google Scholar
Ge, C. et al. A verifiable and fair attribute-based proxy re-encryption scheme for data sharing in clouds. IEEE Trans. Dependable Secur. Comput. 19(5), 2907–2919 (2021).
MATH Google Scholar

Download references

Acknowledgements

The authors extend their appreciation to Prince Sattam bin Abdulaziz University for funding this research work through the project number PSAU-2024-01-78902.

Author information

Authors and Affiliations

College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Al Kharj, Saudi Arabia
Abdullah Aljumah

Authors

Abdullah Aljumah
View author publications
You can also search for this author inPubMedGoogle Scholar

Contributions

Conceptualization, methodology, validation, investigation, writing—the original draft was written by Abdullah Aljumah.

Corresponding author

Correspondence to Abdullah Aljumah.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.

Reprints and permissions

About this article

Cite this article

Aljumah, A. Blockchain-inspired distributed security framework for Internet of Things. Sci Rep 15, 10066 (2025). https://doi.org/10.1038/s41598-025-93690-2

Download citation

Received: 17 April 2024
Accepted: 10 March 2025
Published: 24 March 2025
DOI: https://doi.org/10.1038/s41598-025-93690-2

Keywords

Edge computing
Intrusion detection system
Internet of Things