Current Research Trends in IoT Security: A Systematic Mapping Study

,e smart mobile Internet-of-things (IoT) network lays the foundation of the fourth industrial revolution, the era of hyperconnectivity, hyperintelligence, and hyperconvergence. As this revolution gains momentum, the security of smart mobile IoT networks becomes an essential research topic.,is study aimed to provide comprehensive insights on IoTsecurity. To this end, we conducted a systematic mapping study of the literature to identify evolving trends in IoTsecurity and determine research subjects. We reviewed the literature from January 2009 to August 2020 to identify influential researchers and trends of keywords. We additionally performed structural topic modeling to identify current research topics and the most promising ones via topic trend estimation. We synthesized and interpreted the results of the systematic mapping study to devise future research directions. ,e results obtained from this study are useful to understand current trends in IoT security and provide insights into research and development of IoT security.


Introduction
e era of hyper-connectivity, hyper-intelligence, and hyperconvergence established by the fourth industrial revolution is continuing in earnest as smart mobile Internet-of-things (M-IoT) environments are developing.
e Internet of things (IoT) establishes a new networking paradigm in which various devices (e.g., network devices, sensors, and actuators) become essential elements for communication. Various objects can be considered as "smart" because they are equipped with microprocessors and network transceivers, enabling communication and the provision of autonomous services. IoT is a promising field of research related to building device networks connected to the Internet and promotes smart environments. IoT is associated with many research areas and new computing paradigms. e M-IoT cloud-computing domain, which lies at the intersection of the cloud, mobile, and IoT domains, provides new paradigms of fog computing, edge computing, mobile-edge computing (MEC), the semantic web of things, and mobile crowdsensing. Elazhary [1] summarized various related concepts. e Internet of mobile things (i.e., M-IoT) is a special case of IoT concerned with mobile IoT devices. Such devices include smartphones, vehicles, and wearable devices [2]. e IoT paradigm is also evolving into smart M-IoT devices, which in turn provide smart services and computing functions.
IoT-based smart systems and services are being developed in various fields, such as home automation, energy management, healthcare, and financial transaction management [3][4][5][6]. It is also branching into new domains, such as social IoT, in which smart objects are transformed into social objects; industrial IoT, which converges with different industries; smart-wearable IoT, which combines deep learning and wearable technologies; and medical IoT, which is integrated with medical applications [3][4][5][6].
Smart M-IoT provides smart convergence services to users of IoT environments. Accordingly, many researchers in various fields are now involved with IoT development. For the continued spread and development of smart M-IoT, it is necessary to consider security, as the devices and platforms of smart M-IoT mainly remain threatened [7]. e emphasis on security will increase, and both consolidated and new researchers need understanding and insights on IoT security. e remainder of this paper is organized as follows. Section 2 discusses related work about the study on IoT topics and trends. Section 3 describes the conducted systematic mapping study on IoT security. Section 4 discusses the main findings. Influential authors are identified in Section 4.1, and keyword-based clusters and keyword trends are presented in Section 4.2. Research topics related to IoT security are categorized in Section 4.3, and the trend of topics is discussed in Section 4.4. Section 4.5 provides future perspectives by synthesizing the keyword and topic trends. Finally, conclusions are drawn in Section 5.

Research Methodology.
One of the first challenges before conducting research in any field of study is identifying relevant previous studies and establishing the need for new research [8]. Secondary research analyzes existing studies (primary research) and seeks to provide relevant insights to researchers and guide the design of future research. Secondary research methodologies include the review, systematic literature review (SLR), and systematic mapping study.
In the review or survey, researchers select important literature according to their expertise. en, they synthesize and organize the contents.
e review provides new understanding and insights about the content through in-depth content comparison analyses. However, as the content should be analyzed closely, there is a limit to the number of documents that can be included in the study due to time and cost constraints [8,9]. e SLR applies an explicit and systematic protocol for collecting, selecting, and analyzing research literature [10]. It provides quantitative and statistical insights on the subject by analyzing primary studies to answer research questions while providing aggregate result data [11]. erefore, SLRs can be performed with studies that can quantitatively extract information meeting the aggregation criteria. e relatively recently developed systematic mapping study is a more open form of SLR, which aims to organize a research area [9]. is method uses the same protocol as the SLR to find and select research literature. Unlike the SLR, the systematic mapping study classifies subfields of a research area [11,12] and focuses on identifying and classifying themes by collecting as many studies as possible [13]. e categories used are generally based on publication information (e.g., author name, author affiliation, publication source, publication type, and publication date) and/or information about the adopted research method [13]. A systematic mapping study is sometimes conducted as a preliminary study before the SLR [14,15]. It classifies subject areas and identifies those requiring detailed content comparisons. Research on text mining and visualization tools that can be used to efficiently perform this type of analysis is ongoing [14,16,17]. Petersen et al. [9,15] noted that performing a systematic mapping study before an SLR provided valuable research design criteria. Kitchenham et al. [13,18] stated that systematic mapping can provide input data for subsequent studies. In other words, systematic mapping reduces the preparation time for subsequent research. In addition, it provides an overview of research areas and identifies research gaps. Moreover, it helps in identifying research trends and educational materials.

Comparison with Related Reviews.
To better understand existing secondary research related to IoT, Scopus articles classified as "review" between January 2012 and October 2020 were collected, obtaining 472 review articles. ese articles were then further categorized into labels "IoT security review," "IoT application review," or "IoT review," as shown in Figure 1.
Reviews related to IoT have been increasing rapidly since 2018. IoT applications including smart cities [19,20], smart health [21,22], smart agriculture [23,24], and smart vehicles [25,26] were the most frequently reviewed. In 2020, IoT security reviews were more numerous than IoT reviews. Note that we did not classify articles that have partially discussed security under label "IoT security review." Instead, we classified the articles that exclusively focus on security under this label. Table 1 compares recent reviews on IoT security from 2017 to 2020 in terms of methodology. Most of these reviews synthesized and organized contents using a review/survey method. From them, articles similar to our study are listed in Table 2.
Existing studies have some limitations. Alaba et al. [27] focused on the classification of security threats but did not cover the overall contents and did not discuss new technologies, such as machine learning (ML). Mendez Mena et al. [28] focused on IoT architectures but did not consider applications. Obaidat et al. [32] aimed to comprehensively cover IoT security but omitted related applications. In contrast, Hassija et al. [29] did not cover IoT as a whole, focusing only on applications. Hameed et al. [31] did not deal with trust as a security requirement. e major limitation of the abovementioned reviews is that they fail to provide research trends.
Sharma et al. [7] dealt with the most recent paradigm in depth, focusing on smart M-IoT, and provided a roadmap for related surveys. However, it was not a study focused on providing early insights to researchers entering from other fields. Macedo et al. [30] focused on providing insights and research trends using an SLR, but they omitted privacy. In addition, they only selected 131 articles for review. Most of the review studies not listed in Table 2 focused on specific areas of IoT security, such as layer protocols [33], intrusion detection [34], device security [35,36], trust [37], and security of specific IoT applications [38]. us, a systematic mapping study is still required to determine research topics and trends in IoT security and gain insights on this field.

Contributions of is Study.
For the transition to a secure, smart M-IoT, we should understand the available resources on IoT security. We aimed to provide researchers interested in IoT research with early insights on IoT security by conducting a systematic mapping study. To the best of our knowledge, no such studies focused on IoT security are available. We applied big data mining tools to large volumes of literature for the systematic mapping study, which is thus unbiased and replicable. We classify research on IoT security based on keywords and topics. We also explain trends and provide new understanding about keyword evolution and promising research topics. e results from this study may be used by lecturers to teach the overview, main topics, and trends related to IoT security. In addition, a qualitative content analysis provides future research directions.
In this study, we also demonstrated the application of big data mining to a systematic mapping study. e methods and findings reported in this paper may provide research opportunities by improving the overall understanding of IoT security and its research trends. In addition, the results of this study can be useful to researchers in other fields who intend to investigate IoT convergence.

Methods
In this study, we conducted a systematic mapping study of current research related to IoT security by mixing quantitative and qualitative approaches. e quantitative approach involves collecting literature on IoT security and conducting a systematic mapping study to identify influential researchers and concurrent keywords. We then classify the topics using an ML-based structural topic model (STM). Next, we perform qualitative content analysis to devise future research directions by synthesizing and discussing the latest keyword and topic trends. Our research aims to answer the following research questions: RQ1. Who are influential researchers in IoT security? RQ2. What are the major keywords in IoT security? RQ2-1. What is the keyword-based research area? RQ2-2. How are keywords evolving? RQ3. What are the topics in IoT security field? RQ3-1. What is topic-based research classification? RQ3-2. What is the trend of topics? RQ4. What are the most influential keywords in IoT security? RQ5. What are promising research topics in IoT security? Figure 2 shows the research framework that we used to understand the current status and trends in IoT security.
We selected studies according to PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) [8]. We adopted a review protocol consisting of search terms, resources to be searched, study selection criteria, and study selection procedures, as listed in Table 3. We used Boolean operator AND to combine IoT and security-related terms (e.g., "secure," "security," "privacy," and "trust"). We filtered the data based on the document type (e.g., "article"), source (e.g., "journal"), and language (e.g., "English"). e main research question and review protocols are listed in Table 3. Our literature search was conducted using 1,365 studies published from January 2009 to August 2020. Unlike existing review studies, we analyzed a large volume of articles to obtain comprehensive insights. To process that large volume, we used big data mining tools.

Bibliometric Mapping Study on IoT Security.
In recent years, bibliometric analyses, co-citation network analyses, and keyword co-occurrence network analyses have been widely  used to determine research trends [39][40][41]. Co-citation network analysis determines the structure of scientific communications by analyzing the associations among citations.
Co-occurrence keyword network analysis allows to understand the knowledge structure underlying a technical field by analyzing links between keywords found in the literature.  Radhakrishnan et al. [41] demonstrated the role of keyword co-occurrence networks in systematic reviews. In this current study, we conducted co-citation and co-occurrence keyword mapping studies to provide answers to RQ1 and RQ2.

Co-Citation Network Analysis to Identify Authors of IoT Security
Research. By analyzing the co-citations of studies on IoT security, we can identify influential researchers and understand the research flow [42][43][44], and then we can answer RQ1. We performed author clustering by the relevance obtained from direct citation relationships.
We used the quality function proposed by Traag et al. [45] and modified by Waltman and Van Eck [42] for clustering. e quality function is given by where n is the number of studies, a ij measures the relation between studies i and j, c is a resolution parameter, and x i denotes the cluster to which study i is assigned. Function δ(x i , x j ) is 1 if x i � x j and 0 otherwise. e relation between studies i and j is measured as follows: In equation (2), if study i cites study j or vice versa, c ij is 1, whereas it is 0 otherwise. Hence, if there is no direct citation relation between studies i and j, the relation measure, c ij , is zero.
We used the CitNetExplorer tool for citation analysis [46] and set resolution parameter c to 1 and the number of parameter optimization iterations to 10.

Co-Occurrence Keyword Network Analysis to Map
Keyword Evolution on IoT Security. Keyword co-occurrence analysis is commonly used to determine research trends, and it has been used to conduct a systematic literature review in [41]. We adopted the method proposed by Van Eck and Waltman [47] to construct and analyze a co-occurrence keyword network that answers RQ2 and RQ4.
We performed co-occurrence analysis on keywords collected from different studies. A keyword may appear in various forms (e.g., "blockchain," "blockchain," "blockchain," or "blockchains"). erefore, after arranging a thesaurus, we applied it and grouped the keywords with the same meaning to then create a keyword co-occurrence matrix. Next, we generated a similarity matrix normalized according to the association strength of the keyword cooccurrence matrix [48]. Similarity s ij between items i and j according to the association strength is given by where c ij represents the number of co-occurrences of items i and j, and c i and c j represent the total number of occurrences of items i and j, respectively. Next, we visualized the similarities based on the similarity matrix by constructing a 2D map [49], where item 1, ..., n is allocated such that the distance between any pair of items i and j reflects similarity s ij as accurately as possible. Items with high similarity were grouped closely, and those with low similarity remained distant. Specifically, we minimized the weighted sum of the squared Euclidean distances between all pairs. e higher the similarity between the two items, the higher the weight of the squared distance in the sum. e objective function for minimization is given by where vector x i � (x i1 , x i2 ) represents the position of item i in the 2D map and || · || represents the Euclidean norm. From bibliometric mapping, we obtained the nodes corresponding to the keywords in the co-occurrence network, link weight, total link strength, and occurrence weights. e link weight corresponds to the number of links per node, and the total link strength is the number of links from other nodes connected to a target node. In addition, the occurrence weight represents the frequency of keyword occurrence. We then performed clustering based on the mapping results according to the method proposed by Waltman et al. [49]. To improve clustering accuracy, we applied the smart local-moving algorithm developed by Waltman and Van Eck [50].
Finally, we used the VOSviewer tool to create and visualize the bibliometric map for keyword co-occurrence Table 3: Research question and review protocol.

Research goal
What are the research trends in IoT security?

Review protocol
Search terms ("IoT" OR "Internet of things") AND ("secure" OR "security" OR "privacy" OR "trust") in title Mobile Information Systems network analysis [47]. We set the minimum number of occurrences of a keyword to 5 as a parameter in VOSviewer and set resolution c to 1 with a minimum cluster size of 5. We consulted two IoT experts to analyze the clusters regarding the similarities of the co-occurrence keyword network.

Topic Mapping Study to Identify Topics in IoT Security.
Regarding RQ3 and RQ5, we conducted text mining to categorize research related to IoT security and identify its trends. Text mining, also known as knowledge discovery from text, relies on various text analyses and processes to extract meaningful information from unstructured text data using natural language processing [51,52]. In this study, we conducted STM-based topic modeling.

STM-Based Topic Extraction to Classify Topics in IoT
Security. Topic modeling is an unsupervised learning method to determine and classify topics underlying textual data. e STM proposed by Roberts et al. [53] is a modified and extended version of the latent Dirichlet allocation, the most widely used topic modeling method. e STM determines the distribution of words constituting a topic based on the frequency of words in a document along with metadata (e.g., author's gender and age, publication year). e STM estimates the correlation between topics using the covariance matrix of the corresponding logistic normal distribution [53]. Figure 3 illustrates the STM, which can be divided into three components: a topic prevalence model that controls how words are allocated to topics as a function of covariates; a topical content model that controls the frequency of the terms in each topic as a function of the covariates; and a core language model [54].
According to Roberts et al. [53], given the number of topics (K), observed words and design matrices w d,n , topic prevalence (X), topical content (Y), and K-dimensional hyperparameter vector (σ), data generation for document d can be modeled as where Γ � [c 1 | . . . |c K ] is a P × (K − 1) matrix of coefficients for the topic prevalence model specified by equations (5) and (6), and K (t) .,. , K (c) .,. , K (i) .,. is a collection of coefficients for the topical content model specified by equation (9). Equations (7) and (8) constitute the core language model.
In topic extraction, it is essential to determine the optimal number of topics (K) for the STM [55,56]. To this end, the STM provides useful indicators, with the most widely used being the held-out likelihood and semantic coherence. From Figure 4, as the number of topics gradually increases from 5 to 20, we can determine the point where both the held-out likelihood and semantic coherence have high values [56], obtaining 12 as the optimal number of topics.
To interpret the topics derived according to their optimal quantity in the STM, main words representing each topic can be analyzed. We selected the main words of a topic according to four criteria: highest probability, frequency and exclusivity, lift weight, and score. Highest probability words are the upper words in the topic-word distribution. Frequency and exclusivity words are those derived using the weighted harmonic mean of the word rank, which reflects frequently used and exclusive words in a topic. Lift-weight words are derived by assigning high weights to less frequent words in other topics. e score is obtained by dividing the log frequency of a specific word in a specific topic by the log frequency of that word in other topics. To extract and analyze latent topics related to IoT security from the abstracts of the analyzed articles, we implemented the STM on the R software [55].

STM-Based Trend Estimation of Topics in IoT Security.
We identified hot topics with uptrends and cold topics with downtrends in IoT security. e trend of a topic was estimated by setting the publication year as the covariate for that topic.

Identification of Leading Researchers in IoT Security.
e results from the co-citation network analysis are shown in Figure 5. We analyzed and visualized the co-citation network using CitNetExplorer, obtaining 8 clusters of 52 frequently cited publications. In the co-citation network, highly relevant clusters are located close together. us, the 8 clusters are closely related, as can be seen from the unseparated location of the nodes in the cluster. e articles on IoTsecurity by Heer et al. [57] and Roman et al. [58] received high attention in the research community since 2011. e study with the highest citation score was authored by Sicari et al. [59] and published in 2015.    Mobile Information Systems occurrences of a keyword to 5, and the keyword co-occurrence network analysis was performed on 146 keywords, excluding IoT, which was present in all the studies given its use with Boolean operation AND during the search. Figure 6 shows the obtained keyword co-occurrence network with 10 clusters, and Table 4 summarizes the network and cluster information. In Figure 6, the node size is proportional to the number of occurrences of the corresponding keyword, and the link thickness is proportional to the weight of the links connecting the nodes. e node color represents the cluster containing that node. e main keywords of cluster 1, represented by red nodes, are "sdn," "machine learning," "trust," "attacks," "ddos," and "secure routing." is cluster was summarized as the study on the introduction of artificial intelligence (e.g., ML and deep learning) to improve IoTsecurity performance.

Keyword Clustering and Evolution of Research on IoT
ere is increasing interest in research to improve security by introducing ML or deep learning to detect DDoS (distributed denial-of-service) attacks, malicious code, abnormal behavior, and abnormal energy consumption for IoT devices [60][61][62][63][64][65][66].
ere was also a study aimed to ensure secure content-sharing in an IoT environment by applying ML to explore the social trust of smart device users [67,68].
Cluster 2, represented by green nodes, consists of main keywords "ecc," "encryption," "cryptography," "aes," "energy efficiency," and "lightweight cryptography." is cluster is associated with lightweight encryption for resource-constrained IoT devices, such as those with a small size, limited computing power, and low-power consumption. Research on lightweight encryption algorithms has been conducted in relation to data and personal information security in a resourcelimited environment of smart devices. e advanced encryption standard (AES) and error-correcting codes (ECC) are mainly used as basic lightweight encryption elements. Various studies have been aimed to optimize lightweight encryption while balancing security and performance management [69][70][71][72][73][74][75][76].
In cluster 3, represented by blue nodes, "privacy preservation," "cloud computing," "fog computing," "edge computing," "data privacy," and "differential privacy" are the main keywords. is cluster can be summarized with the topic of privacy preservation in IoT devices. e crowdsensing mode of smart M-IoT, a new paradigm of IoT, collects and delivers more privacy data.
us, privacy preservation is becoming more important [77][78][79]. In addition, intelligent IoT applications enhanced with cloud, edge, and fog computing increasingly deal with personal information to provide intelligent services, and many studies on personal information protection and data protection are being conducted [80][81][82][83]. Among the personal information protection approaches, differential privacy is gaining attention as a mechanism to provide intelligent services by grasping user behavior patterns without infringing on personal information by adding noise to prevent the identification of personal information [81,[84][85][86][87][88].
Cluster 4, represented by yellow nodes, consists of main keywords, "wsn," "cps," "coap," "6lowpan," "smart object," and "sensor node." is cluster is related to studies on secure communication of smart objects in wireless sensor networks (WSNs). To transmit the information measured by sensor nodes in smart M-IoT, security is essential [89][90][91]. In this regard, studies on the use of IPSec/IPv6 and OpenSSL in virtual private networks have been performed to protect smart objects and provide end-to-end security [92]. e same is true for studies on end-to-end security framework development of the Constrained Application Protocol (CoAP) [93][94][95] and on frameworks in which smart-object users designate privacy preferences to protect personal information generated and consumed by smart objects [96]. Smart objects that have recently attracted attention are vehicles that are equipped with various sensor devices, actuators, GPS (global positioning system) receivers, and micro-embedded computers to collect, process, and transmit vast amounts of data [97,98]. Vehicular sensor networks provide connected sensor devices that collect data and enable safer and more fluid road traffic [99]. e Internet-ofvehicles concept supports real-time vehicle-to-everything (V2X) wireless communication based on fog and edge computing [100][101][102]. erefore, safe data transmission and privacy protection in vehicles, which are now smart objects, play an essential role in their development.
In cluster 5, represented by purple nodes, the main keywords are "key management," "signcryption," "elliptic curves," and "digital signature." is cluster is thus related to digital signcryption. Digital signature encryption has been investigated on algorithms, such as the elliptic curve digitalsignature algorithm, digital-signature mobile applications, and digital-signature systems, to achieve document integrity and provide nonrepudiation security services in a distributed computing environment [103][104][105][106][107]. It is also important to satisfy reliability and confidentiality requirements of crowdsourced data [108,109]. Cluster 6, represented by cyan nodes, comprises keywords "smart home," "raspberry pi," "arduino," and "face detection." is cluster can be described as building safe smart homes in an IoT environment. Wireless communications and sensor technologies, key components of IoT applications, are prerequisites for the security and confidentiality of smart homes [110,111]. Before data transmission through the Session Initiation Protocol (SIP) in a home network, mutual safety verification should be conducted between devices to block advance devices that may cause risks. To this end, a secure trust relationship should be established between smart home devices, external smart devices, and other IoT devices [112][113][114]. A study has been conducted to design a secure IoT microcontroller module using the Raspberry Pi platform and various IoT sensors [115][116][117]. To achieve flexible device utilization, heterogeneous device interoperability, security enhancement of smart homes, and software-defined networks (SDN) have been applied [118,119].
In cluster 7, represented by orange nodes, the main keywords are "privacy," "healthcare," "information security," "e-health," and "wban." is cluster can be related to IoT-based healthcare system security. As medical information systems manage patient data, data security and privacy protection are important. In IoT-based healthcare, studies on encryption and authentication protocols for user  authentication [120][121][122][123] and data encryption for patient privacy protection [124][125][126][127] are relevant. Safe and efficient medical data retrieval is important for remote medical monitoring. Given the difficulty to collect medical data safely and efficiently owing to the resource limitations of IoT devices, various studies on providing medical services by combining IoT and edge clouds have been conducted [128,129]. In addition, to collect data, aggregate them safely and efficiently, and transmit them to a server, a study has been conducted on a system leveraging fog computing [130,131]. ere is also a growing interest in introducing unmanned aerial vehicles (UAVs) as smart objects for collecting health data. In fact, UAVs can collect health data, encrypt them, and transmit them to authenticated body sensor hives using low-power secure communications [132].
In cluster 8, represented by brown nodes, the main keywords are "blockchain," "iiot," "safety," "smart contract," and "industry 4.0." is cluster can be described as a blockchain applied to IoT applications. It is essential to ensure the integrity of data generated in IoT environments. In this regard, research on blockchain-based encryption has been conducted [133][134][135][136]. Trust relationships must be established between disparate entities in the IoT ecosystem [137]. An analysis on the combination of blockchain and trust evaluation technologies has been conducted accordingly [138,139]. Regarding Industry 4.0, the interest in industrial IoT (IIoT) is increasing. In particular, blockchainbased smart contracts have been studied. In addition, blockchains that provide transaction transparency, immutability, auditability, and high security for IoT-based international trade have been proposed [140,141]. In recent years, the interest in decentralized security mechanisms based on blockchain has increased regarding the storage of important data generated by IoT systems [142,143]. Cluster 9, represented by pink nodes, consists of main keywords "authentication," "rfid," "mutual authentication," "key agreement," and "user authentication." is cluster is thus related to multiple forms of authentication. Smart M-IoT environments establish networks that provide smart services based on user information. erefore, the privacy of users and the confidentiality of sensitive data must be guaranteed. Device authentication, radio-frequency identification (RFID), and user authentication are security functions that must be provided in any IoT environment [144][145][146][147][148][149][150][151].
Cluster 10, represented by coral-pink nodes, has main keywords "smart city," "pls," "cybersecurity," "middleware," and "mobile-edge computing." is cluster can be summarized by security related to IoT-based smart cities. A smart city is an IoT application that manages a city with minimal or without human intervention and provides smart services. Beyond the smart home, it connects all sensors and smart objects at the city level to provide real-time smart services. erefore, research on the protection of citizens' personal information [152][153][154], management of IoT devices in heterogeneous device network environments [155,156], and integrated security solutions considering the entire security stack [157,158] has been conducted.
We also conducted a co-occurrence keyword network considering the year of publication to find answer RQ2-2. Figure 7 shows the obtained network with temporal information (publication year) encoded as a color map. Until 2017, there were many keywords related to networks, such as "6lowpan," "dtls," "m2m communications," "ips," "rfid," "sensor networks," and "middleware." During the first half of 2018, many studies included keywords related to the security of data delivered over IoT applications, such as "privacy preservation," "authentication," and "data Note. Column keywords contain the four most representative words (from most to least important) for each cluster. Columns X and Y indicate the coordinates in the corresponding axes of the keyword node on the network shown in Figure 6.

Identification of Topics in IoT Security.
Information about the identified topics is summarized in Table 5. For each topic, 10 top words were considered under four criteria: highest probability, frequency and exclusivity, lift weight, and score. e three most meaningful keywords per criterion are included in Table 5. We also created a label explaining each topic by analyzing the five studies with the highest proportion of contents related to that topic and containing its top words. We discussed with two IoT experts the selection of the top words and topic labels. Topic 1 is related to understanding the characteristics of IoT across a variety of aspects and the analysis and discussion of security issues and solutions for the layers of IoT networks [159][160][161][162][163][164][165][166][167][168][169].
Topic 2 is related to encryption and authentication for securely sharing data in an IoT-based healthcare environment considering detailed access control. With the spread of IoT applications, smart health is becoming an attractive paradigm. As it deals with user information and sensitive medical information, the security and mutual authentication of medical sensor devices for personal information protection, encryption, and real-time monitoring are key elements [125,[170][171][172][173][174][175][176][177][178][179][180][181].
Topic 3 is related to secure and lightweight encryption designs tailored for IoT applications. Lightweight encryption with low processing time and low power consumption is required to protect and secure data transmissions of resource-constrained IoT devices. Block encryption, such as AES and S-box, Galois Counter Mode, and physical unclonable functions, are being utilized, evaluated, and proposed [70,72,73,[182][183][184][185][186][187][188].
Topic 4 is related to security using ML. Considering the heterogeneity of IoT networks and devices, it has become more common for SDN technologies to be integrated into IoT applications to form flexible and manageable architecture. When a network attack occurs in an SDN, ML can be introduced as a detection technology to dynamically control and route the communication flow. Recently, studies using ML to detect and automatically respond to DDoS attacks, abnormal patterns, and data leaks against IoT networks and devices have increased [60,[189][190][191][192][193][194][195][196][197][198][199].
Topic 5 is related to risk assessment and prioritization of IoT security threats. For a secure IoT environment, various studies have prioritized security threats by applying approaches such as product-development life cycle, decisionmaking trial-and-evaluation laboratory, analytic network processing, and graph theory to develop risk assessment and management frameworks [200][201][202][203][204][205][206][207].
Topic 9 is related to secure home automation systems toward automation, safety, and security through the control of home appliances and sensors. Research on this subject has two main subtopics. e first subtopic is related to security against cyberattacks in the home network [112,[254][255][256][257][258][259], and the second one is related to home automation providing safety against external physical intrusion [260][261][262][263][264][265][266].
Topic 11 concerns privacy decisions and privacy preservation in the value chain of IoT data in environments where IoT devices collect personal data and forward them to third parties. Research on this subject has two main subtopics. e first subtopic is related to personal information security [280][281][282][283]. e second subtopic is related to the data value chain, including information related to the owner's perception of privacy protection and the right to make decisions about personal information protection [96,[284][285][286][287].
Topic 12 includes studies on transport protocols for endto-end security [288][289][290]. To achieve end-to-end secure communication between an IoT back end and resourcelimited smart things, various studies on communication protocols such as DTLS and CoAP [291,292] and key setting protocols such as EDHOC have been conducted [293,294].

Trend Estimation of Topics in IoT
Security. To answer RQ5, we estimated the trends over time for each topic by setting the year as a covariate, obtaining the results shown in Figure 8. Topics with an upward trend (increasing influence) are topics 4 (security through ML), 7 (MEC security), 8 (energy-efficient routing protocols), and 10 (blockchain and IoT integration). On the other hand, topics 1 (IoT security issues), 5 (risk assessment), 6 (mutual authentication protocol), and 12 (end-to-end security)show a decreasing trend.

Challenges and Future Perspectives.
We identify the evolution of keywords in Section 4.2. Figure 9 shows the part of Figure 6 containing the keywords (colored nodes) of clusters closely related to "blockchain," which is the core of keyword evolution, as identified in Figure 7.
In Figure 9, "blockchain" is connected to "machine learning," "deep learning," "ai," and "sdn" at the bottomright area. us, there is a relation to topic 4. Node "edge computing" shown above "blockchain" can be linked to topic 7. In addition, "efficiency," which is connected to the upper-left area of "blockchain," and "rpl," which is connected at the bottom of the center area, can be related to topic 8. ese results indicate that the trends obtained from keywords and topics suitably agree. Based on the analyzed studies and discussions, we summarize below challenges and future perspectives related to secure distributed smart M-IoT applications.
Medhane et al. [295] proposed a blockchain-enabled distributed security framework for next-generation IoT applications by implementing an edge cloud security framework using an SDN. e proposed framework consists of an IoT device layer, an edge cloud layer, and a blockchainenabled SDN. Gateway nodes in the edge cloud layer act as access points for the distributed SDN and quickly detect attacks by analyzing real-time data received from IoT devices. All roaming IoT devices and SDN servers share data through blockchain technology. e proposed security framework shows improved results in terms of packet delivery rate, throughput, and delay compared with frameworks without blockchain, edge cloud, and SDN. e framework is also effective for data confidentiality, integrity, and availability. However, energy consumption has increased. e blockchain-based decentralized security architecture proposed by Rathore et al. [298] is a layered model consisting of sensing, edge computing, fog computing, and cloud layers. e sensing layer comprises many smart devices and widely distributed sensing nodes that monitor various environments and activities in public infrastructure. e edge computing layer consists of low-power highperformance SDN switches at the edge of the network. Each SDN switch at the edge computing layer connects to multiple sensors, and the switch processes and analyzes the data traffic of sensors. e fog computing layer with several SDN controllers is connected to the SDN switch cluster at the edge computing layer and analyzes the processed data. e SDN controller of a fog computing node consists of four components: traffic flow analyzer, traffic flow classifier, blockchain-based attack detection module, and attack mitigation module. Learning attack detection in the fog computing layer can be distributed to reduce the computational overhead and provide a fast response through simultaneous computations. Moreover, the fog computing layer transmits the traffic analysis results to the cloud layer.
is decentralized architecture improves the attack detection performance by dynamically updating the attack detection model of each fog computing node using blockchain technology. It also prevents single points of failure inherent to centralized architecture. However, there is an overhead for blockchain operations.
It remains necessary to develop a secure distributed IoT framework that integrates fog and edge computing, ML-Mobile Information Systems 13 based SDN, and blockchain technology. Using fog and edge computing, the fog computing layer must analyze malicious traffic flows using ML algorithms to construct an intelligent attack detection model and dynamically update and manage traffic rules at edge computing nodes. is way, an ML-based SDN controller can enable fast attack detection. In addition, data privacy at the fog node level must be considered. e decentralized nature of blockchain supports secure distributed computing through the distributed trust concept. IoT devices and SDN servers can safely share data using blockchain [270,[295][296][297][298]. erefore, a secure and energyefficient blockchain-enabled architecture of ML-based SDN controllers for IoT networks is still required [303]. As new devices and applications are connected to IoT applications over time, unknown attacks can be developed. ML-based security is important to detect unknown attacks and respond properly in real time. In addition, in a secure distributed framework, IoT devices with limited resources can support routing protocols with high throughput, low latency, and low energy consumption. us, it remains necessary to develop a blockchain-based lightweight security protocol [281,303].

Smart Objects in Smart M-IoT Applications.
IoT devices can detect valuable data to build many intelligent applications. In addition, they can make important decisions to control their surroundings. Several IoT applications rely on end-to-end security between IoT devices and the cloud. However, realizing end-to-end security in IoT applications is difficult due to the wide variety of devices. In addition, most IoT devices have limited resources and cannot support heavy security applications such as firewalls. In [1], the introduction of edge computing into IoT device security for various applications is analyzed. Firewalls, intrusion detection systems, distributed traffic monitoring, attributebased access control, and authentication protocols are analyzed at the edge computing layer for resource-limited IoT devices. To integrate edge computing, an algorithm and a lightweight secure communication protocol to establish trust between IoT devices and the edge should be first developed.
Talavera et al. [2] investigated security issues between the sensing layer and IoTdevices and those at the IoTapplication layer, which involves smart homes, smart meters, smart cities, smart grids, and other solutions that directly handle end users and provide services. erefore, unique security issues occur at this layer, such as data theft and privacy issues. us, a method to quantify and manage risk levels through rigorous penetration testing of IoT devices is required. Whenever IoT devices interact, a seamless authentication process must be implemented. To protect the user and environment data from being captured, mechanisms based on cryptographic techniques such as RSA, SHA256, or hash chain are needed. In addition, to increase the security level, Talavera et al. [2] recommend further development of recent technologies such as blockchain, fog and edge computing, and ML-based solutions.
Shin and Byun [3] proposed a privacy protection method for IoT devices in a smart city by applying edge computing. By processing data in near real time at the edge, they solve the heterogeneity problem of IoT devices and improve the overall performance, resulting in faster response times. erefore, their method provides better quality of service for IoT applications.
To achieve smart applications, numerous IoT devices deployed around the world should generate large amounts of user and environment data. Consequently, much personal information can be leaked, posing a threat to individuals and the society as a whole. erefore, IoT applications and their smart objects must be stable, secure, and robust. Smart objects that have attracted increasing interest in recent years include autonomous vehicles and UAVs. ey have been combined with IoT to establish V2X communication and the Internet of drones. However, security concerns such as personal information protection, data encryption, and authentication remain to be addressed. Fog and edge computing, blockchainbased and SDN-enabled V2X communication, and Internet of drones can complete the available range of smart M-IoT services that include smart health, smart homes, smart cities, smart factories, smart agriculture, and smart transportation. As a result, more diverse smart services should be proposed, and the convergence of various fields will be promoted [101,102,132,221,302].

Conclusions
For the successful introduction and spread of smart M-IoT applications, security is an essential requirement. Many review studies have been conducted to understand IoT security. However, many of them have focused on specific areas of IoT security. In addition, existing studies have primarily provided in-depth professional content analysis. In contrast, we provide comprehensive initial insights in a different approach than previous studies. Our study provides IoT security keyword clusters, keyword trends, topic classification, and topic trends to interested researchers. en, we synthesize and explain keyword evolution and topics with increasing influence. We recommend pursuing research on the development of a secure decentralized framework integrating edge computing, ML-based SDN, and blockchain, as well as research on vehicles and UAVs as smart M-IoT objects.
Our research has various limitations. For instance, when collecting articles to be analyzed, a keyword search was performed on the article titles. erefore, articles implicitly related to IoT security may be omitted from this study. Nevertheless, our study provides new researchers with comprehensive initial insights on the security required for smart M-IoT. In addition, this study has demonstrated the application of a method to perform a systematic mapping study using big data mining to process many documents.
is method can be applied to systematic reviews in other fields.
Data Availability e list of the 1,365 research articles used in this study is available upon request to the corresponding author, at j.ann.lee@yonsei.ac.kr.