The explosive growth of the Internet of Things (IoT) has expanded the attack surface across industrial systems, smart cities, healthcare, and homes, motivating a synthesis of recent advances in machine learning for IoT security and a clear statement of remaining gaps. This review conducted a systematic search of MDPI, IEEE Xplore, Nature, ScienceDirect, and SpringerLink for publications from 2023 to 2025, screening them for domain relevance and organizing findings into a taxonomy of ML methods, threat types, and deployment contexts, with particular attention to datasets, edge constraints, and privacy considerations. We find that the field is shifting from signature-based detection to supervised and deep learning approaches that report high accuracy on benchmark traffic, while federated learning enables privacy-preserving, distributed intrusion detection with near-real-time edge performance. Across domains, prevalent threats include DDoS, unauthorized access, and malware; persistent challenges include device heterogeneity, rapid exploit weaponization, nonstandardized evaluation, concept drift, adversarial/poisoning risks, and governance and privacy constraints that hinder real world rollouts. We conclude that ML materially strengthens IoT resilience but requires rigorous, industry-scale validation, lightweight and explainable models, protocol-aware designs, robust federated aggregation, and SDN/NFV orchestration; we outline benchmark and deployment priorities to translate laboratory gains into operational security.
Georgian et al. (Mon,) studied this question.