Using Supervised Learning to Detect Command and Control Attacks in IoT

The rapid proliferation of internet of things (IoT) devices has ushered in a new era of technological development. However, this growth has also exposed these devices to various cybersecurity risks, including command and control (C&C) attacks. C&C attacks involve unauthorized entities taking control of IoT devices to carry out malicious activities. Traditional cybersecurity measures often fall short in addressing these evolving threats. To enhance IoT security and counter C&C threats, this study explores the potential of supervised learning, a subfield of machine learning. Supervised learning, a method that utilizes past data to train machine learning models capable of independently identifying patterns indicative of C&C threats in real time, offers additional protection to IoT networks. This article delves into the advantages and drawbacks of this approach, considering factors such as the need for well-defined labeled datasets, resource constraints of IoT devices, and ethical considerations surrounding data security.


INTRoDUCTIoN
Internet of Things (IoT), which connects billions of devices ranging from smart household appliances to industrial sensors, has emerged as a paradigmatic technological shift that promises to revolutionize industries and everyday life (Kara, 2022).IoT device proliferation has contributed to unprecedented efficiency and convenience and ushered in a new age of cybersecurity problems.Command and Control (C&C) assaults are one of these dangers that are particularly serious and constantly changing.C&C attacks entail hostile actors taking control of IoT devices without authorization and using that access to carry out numerous destructive actions (Othman, 2023).These assaults may take many forms, such as planning massive botnets for distributed denial-of-service (DDoS) attacks or collecting private information from infected devices.C&C attacks are a focus of IoT security research due to their variety and risk of damage.
Traditional cybersecurity defenses often fall short in the face of C&C criminals' highly developed attack strategies in the IoT environment.This has prompted the investigation of cutting-edge strategies, including machine learning, to improve IoT security.In this situation, supervised learning, machine learning, has shown promise in identifying and thwarting C&C assaults (Cuadra-Sánchez & Aracil, 2015).Leveraging historical data to train machine learning models is the foundation for incorporating supervised learning into IoT security methods.After that, these models can independently recognize patterns and abnormalities suggestive of C&C threats in real-time, adding another layer of security for IoT networks (Atzori et al., 2010).IoT devices' often restricted computational resources, such as little memory and processing power, are one of their distinguishing characteristics (Abuagoub, 2022).Implementing effective security measures is made more difficult by these resource constraints.In contexts with limited resources, it may be difficult for conventional intrusion detection systems to function well, which makes machine learning-with its capacity to utilize data effectively-an appealing option.
There are two stages to the supervised learning process.First, a model is trained using examples of known C&C attacks and typical device behavior from a labeled dataset.The model learns about the distinguishing traits of C&C assaults at this phase.The model is then deployed in a real IoT context to observe device behavior once trained continually.A predetermined warning or reaction is started when the model notices behavior that resembles a C&C attack to lessen the hazard.
Although the combination of supervised learning with IoT security offers an appealing path, it is important to understand both the benefits and constraints of this strategy.The benefits include better threat detection accuracy, reduced likelihood of false positives, and flexibility of machine learning models to change attack techniques.There are obstacles to overcome, such as the need for solid labeled datasets, resource limitations on IoT devices, and ethical issues related to data protection (Ahsan et al., 2022).To identify C&C threats in IoT, this survey study article attempts to review the state of the art in this field thoroughly.The study aims to contribute significantly to the expanding body of knowledge in IoT security by analyzing lessons learned from earlier research and weighing the advantages and disadvantages of current works.Researchers, practitioners, and policymakers working in safeguarding IoT ecosystems are among its target audience members.This will help to create safer and more robust IoT environments for all stakeholders (Cioffi et al., 2020).This study's synthesis of prior research is one of its main contributions.This survey article compiles a plethora of knowledge and ideas that would otherwise be scattered throughout many academic publications and conference proceedings by methodically analyzing prior research endeavors (Wood & Slhoub, 2022).In addition to helping practitioners and policymakers obtain a comprehensive understanding of the possible solutions and their ramifications, this information consolidation is helpful to researchers looking to delve further into this specialized field.Additionally, the critical assessment of the advantages and disadvantages of previous efforts provides value by illuminating the applicability and efficiency of supervised learning techniques in C&C attack detection.This report provides decision-makers and security experts with invaluable advice on choosing and using security solutions in their IoT implementations.Making judgments about using resources and creating strategies might become more informed as a result (Vitorino et al., 2022).
The fundamental objective of this study is to evaluate the existing methods for detecting and mitigating command and control assaults on Internet of Things devices that are both effective and efficient and are based on supervised learning.To accomplish this objective, the research will concentrate on answering the following research questions: 1. How can supervised learning be used to identify C&C threats in IoT network data, and what are the most important traits to look for?
With supervised learning algorithms, this study tries to determine the most important characteristics of IoT network traffic to identify C&C threats.IoT network parameters, such as traffic type, volume, and device-to-device communication patterns, will guide the feature selection procedure.
2. What is the best-supervised learning algorithms for identifying and protecting against C&C threats on IoT gadgets?
This study aims to evaluate and contrast several supervised learning methods for protecting IoT devices from C&C assaults.Metrics will be used to assess the algorithms' effectiveness, including accuracy, precision, recall, and F1 score.
This study aims to address these issues to shed light on using supervised learning to detect C&C attacks against IoT devices.The results of this study will aid in the ongoing endeavour to strengthen the security of the IoT ecosystem by guiding the creation of new solutions for protecting connected devices.
Several areas of cybersecurity and the IoT ecosystem might benefit from this study of IoT C&C threats and how they can be detected using supervised learning techniques.The study has the potential to significantly contribute to cybersecurity and the IoT ecosystem through supervised learning techniques for detecting or mitigating IoT C&C threats.This study can also pave the way for future studies on the usefulness of supervised learning approaches for IoT security (Laouid, 2018) .Overall, this study has the potential to greatly influence the evolution of IoT security solutions in the future, strengthening the safety and reliability of the IoT ecosystem (Al-Qerem, 2020).
In conclusion, the suggested study offers great promise in boosting the IoT ecosystem's security and resilience through supervised learning techniques for identifying or mitigating IoT C&C threats.In the issue description, we saw that C&C assaults on IoT devices are becoming more commonplace, and in the research questions and goals, we saw that we needed to come up with something new to combat this.The study hypothesis proposes that supervised learning approaches help identify C&C threats on IoT devices, and the research scope has covered many facets of IoT security.Key contributions of this study have been noted in the research contributions/significance section; these include better C&C threat detection and mitigation, increased IoT security, a unique application of supervised learning techniques, a real-world assessment, and generalizability (Fawdur et al., 2022).Overall, the suggested research can pave the way for additional study in this field, leading to a more secure and robust IoT environment by providing useful insights into the efficacy of supervised learning approaches for IoT security.

LITeRATURe ReVIew
The survey study paper's part on using supervised learning to recognize or stop C&C attacks against the IoT provides a review of the relevant literature.This section presents a comprehensive examination of the relevant scholarly research and literature.This section's goal is to evaluate the current state of the art for using supervised learning to identify or thwart C&C attacks on IoT devices.This section aims to draw attention to areas that might need further study as well as the gaps and limitations in the data already available.A section termed a literature review, which evaluates past research to provide the groundwork for the inquiry, must be included in every study publication.By reading the available literature, experts may find knowledge gaps, close them, and progress in their field.The analysis of the literature may also reveal the benefits and drawbacks of the preceding research, which might then affect the design and course of the study.

organization of Literature Review
There are six key components in this literature review.IoT and IoT security are briefly discussed in Part II, along with its architecture, security issues, and potential remedies.C&C assaults in the IoT are the topic of Part III, which also covers their definition, variations, results, and current methods of detection and avoidance.The definition, methods, benefits, and drawbacks of supervised learning for IoT security are covered in Part IV.The study on applying supervised learning to detect or thwart IoT C&C risks is examined in Part V.This subject includes studies on IoT C&C threat detection and mitigation, method comparisons, a critical analysis of previous research, and research needs.The key results, knowledge gaps, and research implications are broken down in Section VI, along with a synopsis of the literature study.

overview of IoT C&C Security
Recently, there has been a lot of interest in and acceptance of the IoT, a rapidly expanding network of connected computer devices.It refers to a system in which many components connect and organize their functions online.The application of the IoT in several sectors, including industry, transportation, agriculture, and healthcare, offers immense promise (Yagoub, 2019).However, as it expands, more stringent security precautions are required to avoid potential threats.The IoT architecture is divided into four levels: applications, middleware, networks, and perception.A variety of sensors and datatransmitting devices make up the perception layer.Controlled data transit occurs between the network layer and the application layer (Gupta et al., 2020).The middleware layer stores and handles the data, while the application layer controls the user interface.Effective security measures are thus required to guard against the many risks and vulnerabilities that come along with this increase.
IoT security is limited by both long-standing and new cybersecurity problems, such as device variety, resource limitations, and interoperability problems.One of the main challenges is the lack of proper safety measures.Because many IoT devices lack reliable security measures, they are vulnerable to attacks.The majority of vulnerabilities in traditional devices are caused by their outdated firmware, security protocols, and other precautions.Interoperability issues are also frequent.Devices connected to the IoT often use different communication protocols, which makes it challenging to integrate them into a single network (Tsukerman, 2020).Implementing security measures is more difficult when devices are incompatible with one another.Another barrier is the availability of resources being constrained.Deploying robust security measures may be challenging since many IoT devices have low computing, storage, and battery capabilities.
The enormous diversity of gadgets on the market is yet another serious issue.IoT devices come in a wide variety of form factors and capacities (Gueye et al., 2022).It isn't easy to implement a unified security approach because of the large range of potential devices.Privacy issues provide further challenges.Due to the vast amounts of data that IoT devices gather, users' privacy may be in danger.Because IoT devices collect and store personal data, certain privacy requirements and safeguards are required.
To address these problems there are a number of ways to enhance IoT security.The process of encrypting data to prevent unwanted access is called encryption (Kara a, 2023).The use of encryption in IoT devices may increase the security of data sent via networks.To authenticate anything is to verify that it is indeed genuine.Using strong authentication techniques like two-factor authentication, IoT security may be increased (Kara b,2023).The IoT networks and devices should only be accessible to authorized users.Two examples of access control systems that may be used to increase the security of the IoT are firewalls and access control lists.IoT device security must be strengthened, and vulnerabilities must be fixed with frequent firmware updates.Enabling automated firmware updates may increase the security of IoT devices.Utilizing security guidelines such as ISO 27001 and the NIST cybersecurity architecture may help to increase IoT security.By teaching supervised learning algorithms to examine network data and spot anomalies, C&C threats may be identified and countered.These systems might examine historical data to find abnormalities that would indicate a live cyberattack (Gangolli et al., 2022).
A C&C attack involves the attacker seizing control of an IoT device and using it for further assaults or evil activities.Through the analysis of network data and the search for irregularities, supervised learning algorithms may be trained to recognize and stop C&C threats.Random forest, decision trees, and support vector machines (SVMs) are a few examples of these techniques.These algorithms may spot patterns since they are learning from the prior data, which may indicate an ongoing attack.SVMs may, for instance, divide network traffic into various categories like "regular" and "C&C attack" traffic.For example, a C&C attack has been located.Averting communication with the attacker's IP address or removing the infected device from the network are two safeguards that may be implemented in such a scenario.The most often compromised gadgets are shown in the following graph (Figure 1), along with their benefits (Hodge et al., 2019).

C&C Attacks in IoT
We now engage with electrical gadgets differently thanks to the IoT, which has also given fraudsters new access points.Attacks using C&C are common with the IoT.A compromised computer (bot) contacts an external adversary for malicious instructions in C&C attacks.C&C attacks include ransomware, data exfiltration, and distributed denial-of-service (DDoS).A device or network is bombarded with so many requests during a DDoS attack that it crashes.Sensitive data is sent from a compromised device to an attacker's server during data exfiltration.Data on the target device is encrypted during a ransomware attack, and the owner is kept prisoner until a ransom is paid; these attacks are illustrated in Figure 2 (Huang & Yu, 2018).A C&C attack might have disastrous financial and brand integrity ramifications.A corporation might lose a lot of money if a website or service is disrupted by a DDoS attack (Ikhsanudin et al., 2023).Trade secrets, personal information, and credit card information are just a few examples of the sensitive data types that might be exposed as a result of data exfiltration.The victim will suffer extra financial losses and reputational damage if they pay the ransom.Current techniques for detecting and guarding against C&C threats to the IoT include signature-based detection, anomaly detection, and supervised learning algorithms.Anomaly detection searches for unusual behavior patterns, whereas signature-based detection searches for known detrimental activity patterns in network data.As was previously said, supervised learning algorithms may analyze network data to find anomalies that signify active attacks.
To address these problems, researchers have suggested using phony IoT devices that mimic genuine ones in appearance and behavior.Because the false devices can establish connections with the attacker's server, security professionals can analyze the attack and develop protections.Researchers have suggested a number of machine learning techniques, such as deep learning, to enhance C&C attack detection and protection.Attacks using C&C on the IoT may have disastrous results.While there are certain techniques for identifying and countering C&C threats, they are not infallible, and attackers are always developing new techniques for evading detection (Jamali et al., 2019).A combination of multiple detection strategies, decoy devices, and machine learning algorithms may be required to enhance the detection and mitigation of C&C attacks.

Supervised Learning
Supervised learning, a subfield of machine learning, is the process of training a model to make predictions only from annotated data.In supervised learning, the model generates predictions about a target variable based on other information after the target variable has been explicitly labeled in the data.Learning under supervision seeks to develop the capacity to transform one collection of data into another.Predictive analytics, NLP, and computer vision are just a few examples of the many fields where this approach is widely used.
IoT security often makes use of supervised learning to detect and thwart possible threats.Hostile actors might compromise IoT devices due to their internet access.IoT security may be improved by supervised learning by identifying common activity patterns and highlighting anomalies.Supervised learning is a machine-learning technique that involves training a model to generate predictions from a large amount of labeled data.A labeled data collection is used in supervised learning, from which the model predicts an unlabeled target variable.Learning under supervision seeks to develop the capacity to transform one collection of data into another.Classification, regression, and anomaly detection are supervised learning-based tasks that may be completed in the context of IoT security (Khamaiseh, 2019).
Figure 3 illustrates a supervised learning technique called classification, which divides data into categories based on common traits.The categorization might be used to differentiate between normal and suspect activity in IoT devices from a security standpoint.For example, a classification model may be trained to discriminate between good and bad network information.The model is capable of comprehending average network activities, including typical data packet volume, size, and rate.The trained algorithm may then spot unusual traffic patterns that point to a forthcoming attack.
Regression, another supervised learning method, aims to predict a continuous target variable from a collection of input data.Regression may be used to predict how different circumstances will affect the operation of devices while securing the IoT.For example, a regression model may be trained to predict how many requests a web server can handle before failing.These are only a few of the factors that the model may learn to take into consideration, along with the number of requests, the number of active users, and the server's processing power.Once trained, the model can forecast how the server will respond to different loads and modify the machine's settings appropriately, as in Figure 4 ( Khedr et al., 2023).
Anomaly detection is a kind of supervised learning that searches for unusual patterns in data.IoT devices may be monitored for unusual activity that can indicate an oncoming attack using anomaly detection.It is possible to train anomaly detection models to identify abnormal network behavior, such as that brought on by a distributed denial-of-service attack.The model is capable of comprehending average network activities, including typical data packet volume, size, and rate.After the model has been trained, it may detect unusual network traffic patterns and raise an alert in the security division (Plageras, 2018).
Using supervised learning to protect the IoT has a number of benefits.First, supervised learning may be used to identify and neutralize cyber threats in real time.Cyber assaults may occur at any moment, making their protection essential for IoT devices.Second, by drawing on prior knowledge, supervised learning may be able to adjust to new hazards.This suggests that the model may be changed to recognize new threats.Finally, supervised learning results in a reduction in both false positives and false negatives.This suggests that the model can accurately and with few false positives detect cyber hazards.
For IoT security, supervised learning offers a lot of potential advantages, but it also has certain disadvantages.The first limitation of supervised learning is the lack of a significant quantity of labeled data.This information may be difficult to acquire in the context of IoT security due to the rarity of cyberattacks.Second, supervised learning may have problems due to overfitting.When the model is extremely intricate and overfits the training data, generalization performance falls.The computational difficulty of supervised learning is the third problem (Khashab et al., 2021).This could be challenging for IoT devices with low processor and memory capacities.Many strategies may be used when using supervised learning techniques for IoT security to address these problems.Utilizing transfer learning, which includes leveraging parts from previously trained models, is one technique to reduce the amount of labeled data required for training.Using a model developed for one task to train a model for another is an example of transfer learning.This may assist with time and material savings in addition to improving the effectiveness of the model.
Second, by pooling the output of many models via ensemble learning, the risk of overfitting may be reduced.To get a conclusive result, ensemble learning integrates the predictions of several models trained on various independent data subsets.This may improve the model's stability and accuracy.
Finally, by removing useful characteristics from the data, feature engineering may be used to reduce the dimensionality of the input space.For the purpose of optimizing the output of the model, feature engineers choose, modify, and scale the input features.This may reduce the amount of labeled data required for training while improving the model's generalization performance.

Use Cases and examples of How Supervised Learning Can Be Applied in IoT Security
In IoT security, supervised learning entails training models on labeled datasets to make judgments or predictions based on previously unseen data.The following are some particular use cases and illustrations of supervised learning's application to IoT security: • Detecting intrusions: malicious activity detection in IoT networks.As an illustration, use labeled data with both normal and anomalous behavior to train a supervised learning model.After that, the model can spot departures from the learned standard behavior and sound an alarm in case there are any possible intrusions (Alsoufi, 2021).• Anomaly detection in device behavior: In this case, it is recognizing odd behavior in specific IoT devices.For example, utilizing past data on typical device behavior, train a model.The model can then identify possible security risks by identifying anomalies like strange data transmission or unexpected communication patterns (Liu, 2020).• Authentication of devices: assuring IoT devices' identities.To train a model that identifies the common data signatures and communication patterns of authorized devices, use supervised learning.Devices displaying unusual behavior, which could point to a compromised or unauthorized device, can then be flagged or blocked by the model (Mamdouh, 2021).• Traffic classification: As an illustration, teach a supervised learning model to categorize various kinds of network traffic, including firmware updates, data transfers, and command and control communications.Based on the learned categories, the model can then flag or block suspicious traffic patterns (Kumar, 2021).• Finding malware: In this scenario, the approach is determining whether IoT devices contain malicious software.For instance, utilize labeled datasets with characteristics of both malicious and benign code to train a model.In order to assist in the early detection and mitigation of security threats, the model can then analyze the code that is operating on IoT devices and classify whether it is likely to be malware (Wang, 2021).• Security for predictive maintenance: tracking down intrusions on predictive maintenance networks.During predictive maintenance, train a model to comprehend typical device behavior.
The security and dependability of maintenance procedures can then be guaranteed by the model's ability to spot anomalies that might point to a system attack (John, 2021).• Tracking while preserving privacy: maintaining user privacy while keeping an eye on network traffic for security.Without examining each communication's content, train a supervised learning model to recognize security threats.This maintains the privacy of the data transmitted by IoT devices while enabling the detection of possible threats (Hassan, 2019).
In these use cases, supervised learning can help IoT security systems become more adept at spotting and thwarting different kinds of security threats.

existing Research
The term "supervised learning" refers to the method through which the system learns from labeled input.From the input information, the algorithm learns to predict the output label.Input characteristics and output labels make up the labeled data.In cybersecurity, supervised learning is often used to detect risks and create defenses.By learning the distinctions between usual and suspect network data, supervised learning may be utilized to identify and mitigate IoT C&C risks.A lot of research has been done on the use of supervised learning to identify and stop IoT C&C risks.Here, we will review some of the ground-breaking research that has been done in this area.
Many academics have studied supervised learning techniques for detecting IoT C&C attacks.The method used by Mishra and Pandya (2021) to recognize IoT botnets using deep learning is one instance (Figure 5).The strategy uses a long short-term memory (LSTM) network to model the sequences after initially using a convolutional neural network (CNN) to extract characteristics from the network traffic.The method has a detection rate of 99.98% and a false positive rate of 0.001%.Mishra et al. (2022) suggested using machine learning to analyze DNS traffic in order to find IoT botnets.Several classifiers, including decision trees, K-nearest neighbors, and random forests, are used to categorize DNS traffic as botnet or ordinary traffic.With this approach, a 99.4% success rate was achieved.Narendraekokar et al. (2023) recommended using supervised learning to detect C&C traffic in IoT botnets.This technique uses a decision tree classifier to divide normal and botnet categories for incoming data flows.With a 0.1% false positive rate, the approach has a 99.9% detection rate.Gopal et al. ( 2021) described a similar deep learning-based method for recognizing C&C traffic in IoT botnets.To comprehend the cyclical nature of network activity, a multi-attention recurrent neural network (MARNN) is used.This method has a 98.5% accuracy rate and a false positive rate of 0.02%.Machine learning approaches have been widely used in IoT C&C threat detection.To uncover Hajime botnet assaults, for instance, which are notorious for their stealth and resistance to standard detection techniques, Karthika and Arockiasamy (2023) developed a decision tree-based method.The method employed decision trees to evaluate DNS traffic and determine if it was malicious or genuine.The trials' 99.98% detection rate and 0.001% false positive rate demonstrated the technique's accuracy.
In 2022, Reynvoet et al. did a second analysis to determine IoT C&C risks.The authors provided instructions on how to use network traffic records analysis to find C&C chats.The approach has a detection rate of 98.5% and a false positive rate of 0.47%, properly classifying traffic as C&C or non-C&C.It has also been tried to use deep learning models for IoT C&C threat detection.For instance, Karim and Razzaque (2019) suggested using a deep-belief network (DBN) to recognize Mirai botnet attacks.To identify communications between Mirai command and control, the DBN looked at packet length and direction.With only a 0.2% false positive rate throughout their tests, the scientists were able to identify 99.7% of the occurrences.Negera et al. (2022) recommended utilizing a combination of deep Q-network (DQN) and DBN to recognize and stop Mirai botnet attacks.The DQN analyzed network traffic to find C&C discussions, while the DBN reduced botnet activity by filtering out hazardous packets.In their testing, the authors achieved a 99.9% detection rate and a 99.8% mitigation rate.Machine learning and deep learning techniques have also been employed to mitigate IoT C&C threats.For instance, Mohammed and Alheeti (2021) proposed a method using a decision tree classifier to detect and halt illicit communications associated with Mirai botnet attacks.The method examined data moving via a network and used a decision tree to categorize packets as Mirai-related or not.In their tests, the authors lowered the danger by 97%, demonstrating the effectiveness of their approach.It is important to recognize C&C concerns, but it s also important to take precautions against them.Numerous research projects have focuised on using supervised learning approaches to defend against IoT C&C threats.In order to combat IoT botnets, Vasques and Gondim (2020) suggested a deep reinforcement learning-based strategy.The most effective method for reducing botnet traffic is found using a DQN.By up to 99.9%, the technique decreased botnet traffic.
Using SDN, Zagrouba and AlHajri ( 2022) presented a machine learning-based approach for minimizing IoT botnets.A support vector machine (SVM) classifier is used to categorize network traffic as botnet or normal.The classifier changes the flow rules in the SDN controller to lessen botnet traffic.Using this method, up to 97% of botnet traffic was stopped.Additionally, Saravanan et al. (2023) proposed a deep learning strategy based on DQN and DBN for preventing and removing IoT botnets.We were able to reduce botnet traffic by up to 98.7 percent by using this method.

Critical Analysis of existing Research
According to the studies mentioned above, supervised learning techniques may successfully detect and stop C&C threats on the IoT.However, there are a number of limitations and challenges that must be solved.The majority of research has been on detecting and thwarting certain IoT botnets, such as Mirai and Hajime.But when new botnet variations emerge, each with its own characteristics and attack strategies, it becomes difficult to develop standardized methods for detection and prevention.
Second, a number of studies used a variety of features to detect and classify network traffic.For instance, Sharma and Singh (2023) only took packet length and direction into account while assessing DNS traffic.These traits could be useful in detecting certain assault types, but they might not be sufficient to recognize more sophisticated attack types.Finally, some researchers employed labeled datasets to train their algorithms.However, labeled datasets could be difficult to locate, particularly for new and emerging threats.Unsupervised learning techniques could be more effective in certain situations, even when labeled data might not always be accessible.It has shown great promise in detecting and stopping C&C attacks on the IoT using supervised learning techniques.The articles examined in this article benefit from a variety of supervised learning techniques, including decision tree classifiers, deep learning models, and reinforcement learning techniques.There are still challenges to overcome despite the significant progress that has been accomplished.They include the development of novel botnet architectures, the accessibility of labeled datasets, and the need for larger feature sets.Therefore, researchers must endeavor to enhance supervised learning techniques in order to recognize and stop different IoT C&C risks in the future.
However, the literature review studies in the field of IoT have been illustrated in Table 1.This table shows the results of these studies.The study suggests identifying attacks on IoT networks using supervised machine learning.

Experimental study
It presents a machine learningbased approach for detecting IoT network attacks, which can be used to detect and mitigate IoT attacks.
Developed a DDoS attack detection system using machine learning Mitigating dos attacks in IoT using supervised and unsupervised algorithms -A survey (Gopal, 2021) 2021 This paper provides a comprehensive overview of the current supervised and unsupervised methods for protecting the Internet of Things from denial-of-service assaults.

Literature review
It explains how supervised and unsupervised algorithms are currently being used to reduce the impact of denial-of-service attacks on the Internet of Things.

Explored different algorithms for DoS attack mitigation
Cyber threat intelligence for IoT using machine learning (Mishra, 2022) 2022 The article suggests using a machine learning-based strategy for cyber threat intelligence in the Internet of Things.

Literature review
To detect and prevent IoT-based assaults, it introduces a machine learning-based strategy for cyber threat intelligence in the IoT.

Reviewed IoT security challenges and solutions
Review of Botnet attack detection in SDN-enabled IoT using machine learning (Negera, 2022) 2022 In this study, we look at how machine learning can be used to spot botnet attacks in SDNenabled Internet of Things networks.

Literature review
It explains how machine learning may be used to spot botnet assaults in SDN-enabled IoT, which can then be mitigated.A machine learningbased attack detection and mitigation using a secure SaaS framework (Reddy, 2022) 2022 The research suggests a secure SaaS platform using machine learning for attack detection and mitigation.

Experimental study
IoT attacks can be detected and prevented with the help of this paper, which proposes a machine learning-based solution to attack detection and mitigation that uses a secure SaaS framework.

Reviewed IoT security attacks and challenges
A survey on machine learning techniques for cybersecurity in the last decade 2020 The study provides a decade-long overview of machine-learning approaches to cybersecurity.

Literature review
Knowing the current state of the art in machine learning techniques for cybersecurity is useful for detecting and preventing attacks against the Internet of Things.
Explored cyber threat intelligence for IoT using ML A comparative analysis of machine learning techniques for IoT intrusion detection (Vitorino, 2022) June 15, 2022 In this study, we examine the relative merits of the decision tree, the random forest, and the support vector machine when detecting intrusions into the Internet of Things (SVM).To assess the efficacy of each method, the authors employ a dataset that features both innocuous traffic and a wide variety of attacks, such as Command-and-Control (C&C) attacks.

Literature review
This paper may be useful in deciding the machine learning technique for this purpose.
Reviewed security challenges for the Internet of Things DDoS attack detection system using semisupervised machine learning in SDN (Etman, 2021) 2021 The study proposed a DDoS attack detection system using semisupervised machine learning in SDN.The system can achieve high accuracy and reduce false positives.
Semisupervised machine learning The paper discusses the application of machine learning in detecting DDoS attacks, which can benefit my project on detecting and mitigating IoT C&C attacks.

Reviewed botnet attack detection using machine learning
Detecting and mitigating jamming attacks in IOT networks using self-adaptation (Reynvoet, 2022) 2022 The study proposed a framework for detecting and mitigating jamming attacks in IoT networks.The framework uses self-adaptation to identify and mitigate jamming attacks.

Selfadaptation
The paper discusses a different approach to mitigating attacks in IoT networks, which can be useful in my project.

Identification of Research Gaps
Many concerns remain unresolved despite the vast literature on IoT C&C threats and supervised learning in cybersecurity.First, although identifying IoT C&C risks has received a lot of attention, effective mitigation strategies have received less focus.Additionally, the effectiveness of supervised learning for detecting and reducing IoT C&C risks has not been thoroughly examined in earlier studies on the subject.Instead, many investigations have concentrated on certain threat types, such as malware or phishing.The majority of supervised learning models used in earlier research were trained and evaluated using publicly accessible datasets, which may not accurately reflect real-world scenarios.

DISCUSSIoN AND ANALySIS
The review of the literature underlines the need for more research to close the knowledge gaps.IoT C&C threat detection technologies are crucial, but future research should also concentrate on developing efficient countermeasures.Experts in the sector should also consider how well-supervised learning can detect and stop IoT C&C attacks.Future research should also use real-world datasets to train and evaluate supervised learning models in order to validate their precision and effectiveness in real-world conditions.The most recent supervised learning techniques, such as deep learning and reinforcement learning, may potentially be the subject of future investigations.These approaches have been successful in other cyber fields, and they might improve the way supervised learning models identify and stop C&C threats on the IoT.The literature review for this research paper provides readers with an introduction to IoT C&C attacks, their categories, and the need to take precautions to avoid them.The importance The role of supervised learning in preventing and responding to C&C attacks against the IoT is well covered in the literature review in this research.The evaluation emphasizes the need to take precautions against IoT C&C threats since they constitute a severe danger to the security of IoT devices and networks and may jeopardize customer and business data.The review recognizes the importance of supervised learning for cybersecurity as well as its ability to deter and respond to attacks using command and control on the IoT.However, there are a few open scientific questions that need further research (Shukla et al., 2023).Because it sets the background and points out areas that need more investigation, the literature review is crucial.The paper emphasizes the need for further investigation into the use of real-world datasets for supervised learning model training and testing, the invention of innovative supervised learning methodologies, and the development of effective IoT C&C threat mitigation measures.
The literature review establishes the foundation for the investigation, making it a crucial part of the research report.A thorough analysis of the literature may make it easier to comprehend the state of the field's research as well as its shortcomings.The study topic, the research questions, and the research methodology are all influenced by the literature review.In order to evaluate the status of the subject, identify any knowledge gaps, and propose prospective future study topics, IoT security studies must undertake an extensive literature analysis.As IoT security evolves quickly, the literature review is useful for keeping academics abreast of the most recent advancements (Ye & Liu, 2022).Additionally, the review of the literature reveals areas that need further study, as well as those in which the use of previously created tools and procedures may improve IoT security.

CoNCLUSIoN
In conclusion, this survey paper on supervised learning for C&C attack detection in IoT devices presents several key findings and contributions.First, the study explores the effectiveness of supervised learning in enhancing IoT security by autonomously identifying patterns indicative of C&C threats in real-time.It emphasizes the advantages and drawbacks of this approach, addressing considerations such as the necessity for well-labeled datasets, resource constraints of IoT devices, and ethical implications related to data security.
Second, the paper provides a comprehensive analysis of the current state of the art in the field, summarizing prior research and highlighting relevant results.By doing so, it offers valuable insights into the strengths and weaknesses of existing approaches, aiding researchers in understanding the landscape and informing future directions for exploration.
Furthermore, the survey paper identifies research gaps, guiding future efforts and encouraging exploration of untried directions in the realm of supervised learning for C&C attack detection in IoT.This contribution is particularly beneficial for researchers seeking to expand the knowledge base and contribute to advancements in the field.For practitioners, the survey consolidates earlier research to assist in comprehending and implementing security solutions for IoT deployments.The critical evaluation of prior initiatives offers practical advice for decision-makers, helping them navigate the selection and implementation of security measures to safeguard their IoT ecosystems.
Last, the study emphasizes the ethical aspects of IoT security, stressing the importance of aligning security measures with moral principles and cultural norms.This consideration benefits policymakers by providing insights into the ethical dimensions of implementing security measures in the rapidly evolving IoT landscape.In summary, this survey paper serves as a valuable resource for researchers, practitioners, and policymakers alike.It contributes to the existing knowledge base, guides future research efforts, aids in practical decision-making for security implementations, and underscores the ethical considerations essential for policymakers shaping regulations and policies in the IoT domain.

AUTHoR NoTe
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Data Availability Statement: The original contributions presented in the study are included in the article/supplementary material; further inquiries can be directed to the correspondence author.

Figure
Figure 1.Most hacked devices

Figure
Figure 3. Classification method

Table 1 . Continued
in recognizing and combating cyberattacks like IoT C&C threats is underlined in this discussion as well.There are still a number of research gaps in this area, so future work should focus on creating IoT C&C attack mitigation strategies, assessing the effectiveness of supervised learning specifically for C&C attacks, using real-world datasets to train and test supervised learning models, and exploring advanced supervised learning techniques.The results of this study have important ramifications for academics, cybersecurity professionals, and IoT security.