Role-Driven Clustering of Stakeholders: A Study of IoT Security Improvement

1. Introduction

The exponential growth of data generated by Internet of Things (IoT) devices has resulted in a significant amount of information, making decision-making challenging and leading to missed opportunities for stakeholders [1]. Furthermore, the increasing number of connected devices and associated security risks emphasize the need for skilled stakeholders to manage IoT device security [2,3]. However, there is currently a shortage of stakeholders with the necessary skills, highlighting the requirement for a structured approach to IoT security management [4,5].

To address this gap, this research aims to cluster stakeholders based on their role in IoT security and provide a framework that connects each group with relevant features and tools to enhance decision-making and effective management of IoT device security. By categorizing stakeholders into shared groups based on their responsibilities and level of involvement, this research will provide valuable insights for stakeholders in IoT security, policymakers, and regulators to better understand the role of different stakeholder groups in IoT security and develop effective strategies to address security challenges in this domain.

The results of this research will also provide valuable guidance for IoT device manufacturers, cloud service providers, and other stakeholders to prioritize and allocate resources to address the most critical security risks and collaborate in building a secure and trustworthy IoT ecosystem. This paper is organized as follows: Section 2 provides background information, Section 3 discusses related work, Section 4 outlines the methodology, Section 5 presents a case study, Section 6 discusses the results and their implications, Section 7 concludes the paper with future work.

2. Background

The Internet of Things (IoT) is an swiftly expanding technology with the capacity to transform numerous facets of our daily lives. IoT devices are equipped with sensors and communication capabilities, enabling them to collect and transmit data over the Internet. These devices find utility across a range of uses, such as in smart residences, industrial mechanization, and transportation networks[6].

However, the increasing popularity and widespread use of IoT devices have also brought about new security challenges. IoT devices are often poorly secured, making them vulnerable to attacks [7,8]. These attacks can range from simple network-based attacks to more complex attacks that target the physical devices themselves [8].

The security of the IoT ecosystem is a intricate and interdisciplinary domain that merges cybersecurity with various engineering fields such as mechanical and electrical engineering [9,10]. It extends beyond safeguarding data, servers, network infrastructure, and information. It also encompasses the supervision and management of physical systems connected through the Internet, whether in a centralized or distributed manner [11,12].

2.1. Taxonomy

Various categories of assaults can have a substantial effect on the security of IoT devices and the information they gather and transmit [13]. It is crucial for both organizations and individuals to possess knowledge about these forms of attacks and implement suitable measures to safeguard against them. The classification is depicted in Figure 1.

2.1.1. Device Attacks in IoT

Refer to security threats targeted towards specific devices or types of devices. These attacks exploit vulnerabilities in the hardware or software of the device and can cause harm to the device or the network it is connected to [14]. Device-specific attacks include exploiting known vulnerabilities in a device’s operating system, firmware, or hardware, compromising the device through phishing attacks, or even physically tampering with the device [15,16]. With the increasing proliferation of IoT devices, it has become crucial for manufacturers to give utmost priority to device security, while users must also proactively safeguard their devices [17,18]. This can include keeping software updated, using strong passwords, and being cautious when connecting to untrusted networks.

2.1.2. Application Attacks in IoT

Refer to security threats that target the applications and software running on IoT devices. These attacks exploit vulnerabilities in the applications, such as those that exist in the code or the way in which the application interacts with other systems [19,20]. Some examples of application attacks in IoT include cross-site scripting [21], SQL injection [15], and buffer overflow attacks [22]. These attacks can compromise the device’s security and potentially allow attackers to access sensitive data or control the device. To prevent application attacks in the IoT, it is important for developers to follow secure coding practices and for users to keep their devices updated with the latest security patches and software versions. Additionally, using encryption and authentication technologies can also help protect against application attacks in the IoT.

2.1.3. Network Attacks in IoT

Refer to security threats that target the network infrastructure used by IoT devices. These attacks exploit vulnerabilities in the network and can compromise the security and functionality of connected devices. Some examples of network attacks in IoT include man-in-the-middle attacks [23], denial-of-service attacks [24], and unauthorized access attacks [25]. These attacks can allow attackers to intercept and manipulate data transmitted over the network or cause disruptions to the network, impacting the availability and reliability of connected devices. To prevent network attacks in IoT, it is important for organizations to implement secure network design and deployment practices, such as using secure protocols, firewalls, and access controls. Additionally, regularly monitoring network activity and promptly addressing any security incidents can help mitigate the risk of network attacks in the IoT.

2.1.4. Physical Attacks in IoT

Physical attacks in IoT refer to security threats involving the physical manipulation of a device [15]. These attacks can range from simple tampering to more sophisticated and malicious activities, such as theft or destruction of the device [26,27]. Physical attacks can be especially harmful in critical infrastructure systems used in healthcare, transportation, or energy production [28]. To prevent physical attacks, it is important for manufacturers to design their devices with security in mind, and for users to secure their devices in physical locations that are difficult to access by unauthorized individuals. Additionally, measures such as secure enclosures, tamper-evident seals, or biometric authentication can help mitigate the risk of physical attacks.

2.1.5. Cloud Attacks in IoT

Refer to security threats that target IoT devices’ cloud infrastructure and services. These attacks exploit vulnerabilities in the cloud platform, its applications, or the communication between the cloud and IoT devices [29]. Some examples of cloud attacks in IoT include cloud data breaches, server misconfigurations, and unauthorized access to cloud resources [29,30]. Such attacks can compromise sensitive data stored in the cloud, disrupt the functioning of connected IoT devices, or allow attackers to gain unauthorized access to cloud resources. To prevent cloud attacks in IoT, organizations should adopt secure cloud deployments and management practices, such as using encryption, access controls, and monitoring tools. Regularly updating and patching cloud platforms and applications can also help mitigate the risk of cloud attacks in IoT.

3. Related Work

This section explores two aspects: clustering stakeholders and feature selection.

3.1. Clustering of Stakeholders

Clustering stakeholders is an important project management task that involves grouping stakeholders based on their needs, preferences, and characteristics. Various clustering techniques have been proposed to improve stakeholder classification in projects. In software projects, multiple stakeholders with diverse needs and requirements make stakeholder classification and conflict resolution challenging. Several studies have proposed different approaches to address these issues. For example, a fuzzy inference system using a selective Bayesian classifier (SBC) and a dynamic evolving neural-fuzzy inference system (DENFIS) was proposed to improve stakeholder classification in projects [31]. Another study used an embedded Markov framework and a mixture of Markov models to cluster career paths in the IT sector [32]. A framework for locating and resolving requirements conflicts in software-intensive systems employed expert-based and clustering strategies [33]. Furthermore, a framework that enhances the requirement prioritization process in software development projects was proposed using text mining and clustering approaches [34]. While these approaches have demonstrated potential advantages, such as improving accuracy and supporting decision-making, they also have limitations, including reliance on the performance of clustering algorithms and the need to consider additional variables such as geographical location and employer. Therefore, selecting an appropriate approach requires careful consideration of project-specific needs and requirements.

3.2. Feature Selection

The field of IoT has presented new challenges for data analysis and decision-making due to the large volume of data generated by IoT devices. Several recent studies have explored feature selection and unsupervised learning methods to address these challenges [35]. While unsupervised learning techniques such as clustering and PCA can be effective in identifying patterns in IoT data, they may not capture all relevant information. Therefore, new feature selection methods have been proposed to improve the accuracy of machine learning classifiers. These methods include CorrACC [36], information gain (IG), and gain ratio (GR) [37], which employ different approaches to select relevant features for classification. Moreover, hybrid feature selection strategies that combine filter-based and wrapper methods [38] have also been proposed to reduce the size of the feature set and improve detection accuracy. However, these methods may have limitations, such as increased computational cost or a fixed threshold for feature selection.

Another area of research in IoT data analysis is Android malware detection [39], which involves identifying malicious software that targets Android devices. Feature selection techniques have been shown to improve the accuracy of malware detection classifiers, but the effectiveness of different techniques varies based on the learning algorithm used. Additionally, the study of IoT botnet attacks has led to the development of feature selection techniques aimed at identifying bot-based attacks and post-attack identification. These techniques use filter and wrapper methods with machine learning to find optimal feature sets [40]. The results indicate that wrapper methods can provide suitable feature sets for all classification challenges, while filter methods cannot always do so. The study also suggests that host-based features are more effective for identifying bot-based attacks, while channel-based features are preferred for post-attack identification.

4. Methodology

The proposed methodology for improving IoT security involves several stages, as shown in Figure 2. First, stakeholder data is collected and weighted based on their importance. Hierarchical clustering is then used to group stakeholders based on their roles in IoT security. Features are assigned to each cluster using expert knowledge, and the best features are selected using a voting technique. Finally, the selected features are validated using cross-validation techniques. This approach can result in more efficient decision-making, better resource allocation, and a more effective approach to managing IoT device security.

4.1. The First Stage: Clustering Stakeholders

After analyzing stakeholders and their roles, weights need to be assigned to them. The following equations can be used to calculate the role weight (r) and importance weight ($Imp$):

$${\mathrm{Weight}}_{\left(\mathrm{r}\right)}=\frac{1}{\mathrm{number}\mathrm{of}\mathrm{stakeholders}\mathrm{in}\mathrm{the}\mathrm{same}\mathrm{role}+1}$$

(1)

A correlation matrix can be utilized to determine the number of stakeholders in the same role. The correlation matrix helps identify the relationships and dependencies between different stakeholder roles.

$${\mathrm{Weight}}_{\left(\mathrm{Imp}\right)}=\frac{\mathrm{importance}\mathrm{level}}{Weigh{t}_{\left(r\right)}}$$

(2)

To determine the level of importance of stakeholders, a questionnaire was used. The questionnaire results can be used to assign weights to stakeholders based on their level of importance.

Then normalize the weights by dividing each weight by the total as follows:

$$NormlizeWeight{s}_{(}{r}_{)}=\frac{Weigh{t}_{(}{r}_{)}}{TotalWeight{s}_{(}{r}_{)}}$$

(3)

$$NormlizeWeight{s}_{(}Im{p}_{)}=\frac{Weigh{t}_{(}Im{p}_{)}}{TotalWeight{s}_{(}Im{p}_{)}}$$

(4)

After assigning weights to the stakeholders, the next step is to cluster them into groups using hierarchical clustering. It involves building a hierarchy of clusters based on how similar the data points are to one another [41,42]. The algorithm is divided into two main approaches: agglomerative and divisive. The divisive strategy starts with all of the items in one cluster and splits the clusters repeatedly. In contrast, the agglomerative approach starts with each object in a distinct cluster and brings clusters together incrementally [41]. In the context of stakeholder identification, hierarchical clustering can be used to group stakeholders with similar weights into clusters.

Ward’s method is a type of hierarchical clustering algorithm that aims to minimize the sum of squared distances between the clusters; it is suitable for small and large datasets [43,44,45]. The Ward’s equation is as follows:

$$\Delta D^2=D_{ij}^2-\frac{D_i^2+D_j^2-D_{..}^2}{n-2}$$

(5)

Where $D_{ij}^2$ is the squared Euclidean distance between two clusters i and j, $D_i^2$ and $D_j^2$ are the variances of the distances within each cluster, and $D_{..}^2$ is the variance of all distances. The parameter n is the total number of observations in the two clusters.

Ward’s method works by iteratively merging the two closest clusters until only one cluster is left. The closest clusters are identified by measuring the distance between them using Ward’s equation. After each merging, the method seeks to reduce the sum of squared measurements between the clusters, ensuring that the resulting clusters are compact and similar in size [43,44].

One of the advantages of Ward’s method, as described in Algorithm 1, is that it tends to produce clusters with roughly equal variances, making it suitable for datasets with continuous variables that are normally distributed. However, the algorithm can be sensitive to outliers and noise in the data.

Algorithm 1 The Ward method with weight(r) and weight(Imp)

Require:  A list of n stakeholders S, weights $w_r$ and $w_{\mathrm{Imp}}$ for the role and importance, respectively. Ensure:  A clustering of the stakeholders into k clusters. 1: Compute the distance matrix D between all pairs of stakeholders i and j using the formula: $d(i,j)=\sqrt{\frac{{\left(w_r\left(i\right)(r_i-r_j)\right)}^2}{w_r}+\frac{{\left(w_{\mathrm{Imp}}(I_i-I_j)\right)}^2}{w_{\mathrm{Imp}}}}$ Where $r_i$ and $r_j$ are the role values for stakeholders i and j, and $I_i$, $I_j$ are the importance values for stakeholders i and j. 2: Perform hierarchical clustering on the distance matrix D using the Ward method to obtain the dendrogram T. 3: Cut the dendrogram T into k clusters using the maximum number of clusters k and the criterion maxclust. 4: Return the k clusters.

4.2. The Second Stage: Features Assignment

Data analysis was conducted based on the mapping between roles and features. This mapping helped link stakeholders to their specific needs. This process included identifying patterns and trends within the data, and relevant features were selected for each cluster. In this step, determine the best features from the relevant features by testing features by using multiple feature selection algorithms such as chi-squared (chi2), ANOVA F-value (f_classif), mutual information, entropy, and importance random forest (importance_RF), and then use voting to get the final subset of features for each cluster as Figure 3

4.2.1. Chi-squared

chi2 is a statistical measure used to determine the association between two categorical variables. It is employed to evaluate if there exists a noteworthy correlation between the characteristics and the target category [46]. The higher the chi-squared value, the more significant the relationship between the variables. The formula for calculating chi-squared is [46]:

$${\chi }^2=\sum _{i=1}^k\sum _{j=1}^m\frac{{(O_{ij}-E_{ij})}^2}{E_{ij}}$$

(6)

Where ${\chi }^2$ is the chi-squared statistic, $O_{ij}$ is the observed frequency of cell $(i,j)$ in a contingency table, $E_{ij}$ is the expected frequency of cell $(i,j)$ assuming independence, k is the number of rows in the table, and m is the number of columns in the table.

4.2.2. ANOVA F-value

A statistical test that compares the means of two or more groups to determine whether they are significantly different from each other. It computes the F-value by assessing the significance of the variations between groups, based on the ratio of between-group variance to within-group variance[46]. The F-value for a one-way ANOVA with k groups and n observations per group is calculated as [46]:

$$F=\frac{S{S}_{between}/(k-1)}{S{S}_{within}/(nk-k)}$$

(7)

where F is the F-value, $S{S}_{between}$ is the sum of squares between groups, $S{S}_{within}$ is the sum of squares within groups, and $nk$ is the total number of observations.

4.2.3. Mutual Information

A measure of the mutual dependence between two variables. It calculates the amount of information one variable provides about the other, and vice versa, and returns a score indicating the strength of the association between them [46]. The calculation of mutual information involves quantifying the degree of information shared between two discrete random variables, denoted as X and Y[46,47]:

$$I(X;Y)=\sum _{x\in X}\sum _{y\in Y}p(x,y)log\frac{p(x,y)}{p\left(x\right)p\left(y\right)}$$

(8)

In the given context, $p(x,y)$ represents the joint probability distribution of random variables X and Y, while $p\left(x\right)$ and $p\left(y\right)$ denote the marginal probability distributions of X and Y individually.

4.2.4. Entropy

A measure of the uncertainty or randomness of a set of data. It calculates the information contained in a probability distribution and returns a score indicating the degree of disorder or unpredictability in the data [47]. The entropy of a discrete probability distribution P is calculated as [47]:

$$H\left(P\right)=-\sum _{i=1}^n{p}_{i}log{p}_i$$

(9)

Where n is the number of possible outcomes, and $p_i$ is the probability of the i-th outcome.

4.2.5. Importance Random Forest

It is a feature selection method that uses a decision tree-based ensemble algorithm. It ranks the importance of each feature in the data based on their contribution to the model’s accuracy and returns a score that indicates the relative importance of each feature [48]. The importance of a feature $X_i$ in a random forest model is calculated as [48]:

$$Importance\left(X_i\right)=\frac{1}{N_{tree}}\sum _{j=1}^{N_{tree}}\sum _{t=1}^{N_{node}}\Delta Q_{t,j}\left(X_i\right)p_{t,j}$$

(10)

In the given equation, $N_{tree}$ represents the total number of trees present in the ensemble. $N_{node}$ refers to the number of nodes in each individual tree. $\Delta Q_{t,j}\left(X_i\right)$ denotes the enhancement in split quality caused by the inclusion of feature $X_i$ at node t in tree j. Lastly, $p_{t,j}$ represents the fraction of samples that reach node t in tree j.

5. Case Study on Nine Stakeholders and Two Datasets

This case study explores the interactions and perspectives of nine stakeholders in IoT security and two cybersecurity datasets: Bot-IoT [49] and UNSW-NB15 [50].

5.1. Step 1: Define Stakeholders and Their Roles

Figure 4 shows the first step: defining stakeholders and their roles.

5.2. Step 2: Weights and Normalization

During this crucial stage, the process involves calculating the weight of roles and determining the significance of nine stakeholders. Subsequently, the obtained values are normalized to ensure uniformity across the scale.

5.2.1. Weights of Roles

To demonstrate the relationship between stakeholders based on similar roles, a correlation matrix is used. The following equation shows the correlation between $R_i$ and $R_j$, for $i,j=1,2,...,n$.

$$Correlation(R_i,R_j)=\left\{\begin{array}{cc}\hfill & \mathrm{if}x=1,\mathrm{there}\mathrm{is}\mathrm{similarity}\hfill \\ \hfill & \mathrm{if}x=0,\mathrm{there}\mathrm{is}\mathrm{no}\mathrm{similarity}\hfill \end{array}\right.$$

(11)

Table 1 represents the correlation matrix. A value of 1 indicates a high degree of similarity between the two roles, while 0 indicates no similarity between them. These correlation values can be utilized to calculate the weights of the roles, with higher correlation values indicating stronger relationships between roles.

The stakeholders have the following roles: S1, S2, S3, S5, and S6 share the same role. S4 has a unique role, and the remaining stakeholders have the same role.

The weights assigned to different roles are determined by the formula denoted as Equation 1. To calculate the weights, the following approach is employed: For S1, S2, S3, S5, and S6, the weight is obtained by dividing 1 by the sum of 5 and 1, resulting in 0.16. The weight for S4 is calculated by dividing 1 by the sum of 1 and 1, which yields 0.5. Finally, for S7, S8, and S9, the weight is determined by dividing 1 by the sum of 3 and 1, resulting in 0.25.

5.2.2. Weights of Importance

In the beginning, a questionnaire was conducted to calculate the weights of importance for each stakeholder. One hundred twenty-four participants provided answers regarding the importance of the nine stakeholders. Figure 5 presents the results, where a high frequency indicates a high level of importance.

The resulting weights were calculated using Equation 2, based on the values obtained from Figure 5. These weights are summarized in Table 2. To calculate the weights of importance, the values for each role from Figure 5 were divided by their corresponding role weight, which was calculated in the previous section.

For instance, the weight of the role of the IoT security engineer (S1) is 0.16, as cited in [51], and the corresponding value from Figure 5 is 1. Therefore, the weight of importance for S1 is calculated as 1/0.16 = 6.25. Similarly, the weights of importance for the other eight stakeholder roles are calculated, ranging from 1.6 for the auditor (S9) to 6.25 for the IoT security engineer (S1). These weights will be utilized in the subsequent analyses to prioritize and allocate resources to stakeholders based on their importance.

5.2.3. Normalizing Weights

To normalize the weights of role and importance, each is divided by the sum of all weights assigned to role and importance. The resulting values represent the normalized weights for each stakeholder role. Table 2 and Table 3 display the weights of each stakeholder role before and after normalization, respectively. These normalized weights will be utilized in subsequent analyses to prioritize and allocate resources to stakeholders based on their normalized weights.

5.3. Step 3: Clustering of Stakeholders

A scatter plot for dendrograms is a visualization technique used to represent hierarchical clustering. In Figure 6 the data points are plotted on a two-dimensional plane using their respective coordinates obtained from a dendrogram. Each data point represents a leaf node in the dendrogram, and its position in the scatter plot is determined by its distance from other leaf nodes in the dendrogram.

5.4. Step 4: Select the Relevant Features

After Step 3, employ expert knowledge to select the relevant feature. Figure 7 illustrates the features for three groups (clusters). The relevant feature is defined as any feature with a score of 7 or higher.

5.5. Step 5: Select the Best Features from the Relevant Features

The process is divided into two steps to select the best features for each group. First, five models are used. Second, a voting system is employed.

5.5.1. Five Models on Two Datasets

Based on Table 4 and Table 5, which display the results for the Bot-IoT and UNSW-NB15 datasets, respectively, various feature selection methods were applied. The recorded metrics for each method include classification accuracy, precision, recall, F1 score, and the time taken. The table is divided into three groups, all of which underwent the same feature selection methods. Within each group, five feature selection methods were employed: chi2, ANOVA F value, mutual info, entropy, and importance random forest. Additionally, the selected feature IDs for each method are provided.

5.5.2. Votes to Select the Best Features

Feature selection by vote refers to selecting the features that are most frequently used across all the models. This is typically done by counting the number of times each feature is used in the different models and selecting the ones with the highest counts. The advantage of using this method for feature selection is that it can help identify the most important features that contribute the most to the model’s overall performance. By focusing on these important features, the model can be simplified and made more efficient without sacrificing predictive accuracy. The outcomes of this approach are presented in Table 6

5.6. Validation of Results

To ensure the correctness of the features, cross-validation was employed in every model. Before, the best features were determined using votes. To evaluate the performance of the best features, the logic regression model was trained and tested. Figure 8 and Figure 9 present the outcomes of the validation procedure. As depicted in these figures, the accuracy of the logic regression model improved significantly after using the best features. This validates that the feature selection procedure effectively recognized the pertinent and significant features for the classification objective.

6. Discussion

The results in Table 4 and Table 5 demonstrate the effectiveness of various feature selection methods in improving the classification performance of the Bot-IoT and UNSW-NB15 datasets, respectively. This section discusses the key observations and insights derived from the experimental results. First, the chi2 and f_classif methods consistently selected the same subset of features with similar classification performance in the Bot-IoT dataset and convergent features in the UNSW-NB15 dataset. This implies that the statistical methods used for feature selection are successful in recognizing the relevant features that play a role in the classification accuracy.

Second, the mutual_info method performed poorly in selecting relevant features for the Bot-IoT dataset, whereas it performed well for the UNSW-NB15 dataset. This result indicates that the performance of mutual information depends on the dataset characteristics and the relationships between the features. Third, the entropy-based feature selection method selected more features than the other methods for both datasets. This result may be because the entropy-based method considers the joint information gain of features, which can lead to redundancy and inclusion of irrelevant features. However, the selected features achieved comparable classification performance to the other methods.

Fourth, the importance_RF method, which utilizes the random forest classifier’s feature importance scores, identified a smaller subset of features for both datasets. This method achieved comparable classification performance to the other methods, indicating that the importance_RF method is an effective feature selection method. Fifth, the time taken for feature selection varies significantly between the different methods. The chi2 and f_classif methods are the fastest, while the mutual_info method is the slowest due to its dependence on the number of features. The entropy-based and importance_RF methods took longer than the statistical methods, but their performance is comparable. Therefore, the selection method for features relies on the computational resources accessible and the preferred classification performance.

In conclusion, it is important to emphasize that feature selection plays a vital role in machine learning tasks by enhancing classification performance and minimizing computational expenses [52]. Nonetheless, the effectiveness of feature selection techniques relies heavily on the specific characteristics of the dataset, the relationships between the features, and the classification model used. Therefore, evaluating multiple feature selection methods and selecting the one that achieves the best classification performance for a specific dataset and model is essential. Figure 8 and Figure 9 show the accuracy percentage achieved by different groups (G1, G2, and G3) in two datasets (Bot-IoT and UNSW-NB15) using different sets of features.

Both datasets show that using only the best features results in a higher accuracy than using all features except the best one. This implies that the best features play a significant role in accurately predicting the outcome. In UNSW-NB15, G3 achieved the highest accuracy (83%) when using only the best features. However, the accuracy achieved by using only the best features is lower than using all features except the best one, suggesting that other features also contribute significantly to the accuracy.

In Bot-IoT, G3 achieved the highest accuracy (98%) when using all features except the best, while G2 achieved the highest accuracy (95%) when using only the best features. This suggests that the best features is more important for G2 compared to G3. The reason why G3 achieved the highest accuracy in Bot-IoT when using all features except the best one could be because they have identified and included the most relevant features for their specific use case. It is possible that the features that were excluded as not being the best were not very relevant for their use case, and therefore including them did not significantly improve the accuracy of their model.

On the other hand, G2 achieved the highest accuracy when using only the best features. This could be because the best features are highly relevant and provide crucial information for their use case. The other excluded features were not as important and may have even introduced noise or reduced the overall performance of their model. It is also worth noting that the results for G1 are consistently lower than the other two groups. This could be due to various reasons, such as the quality of the data they used, their feature selection process, or their modeling technique.

In UNSW-NB15, the results show a similar trend where the accuracy is generally higher when using the best features than all features except the best one. However, the overall accuracy is lower than Bot-IoT, possibly due to the differences in the datasets and the nature of the attacks being detected. These results suggest that the best features are highly relevant and provide significant information for the classification task, and including other less relevant features may not improve the model’s performance. However, it is important to carefully select the features based on the specific use case and the nature of the data being analyzed to achieve the best possible performance.

7. Conclusions

In this paper, a novel approach has been presented to improve decision-making in IoT security by clustering stakeholders based on their roles. This clustering of stakeholders offers various potential benefits for organizations and individuals. By accurately identifying and grouping stakeholders in IoT security, relevant features can be studied more effectively, and data can be divided according to their roles, leading to improved decision-making.

Furthermore, development and utilization of novel equations to assign weights to stakeholders in the IoT security context. These equations provide a customized approach to stakeholder weighting in the field of IoT security, enhancing the accuracy and effectiveness of decision-making processes.

Through the analysis of stakeholders and expert knowledge, relevant features that contribute to effective management of IoT device security have been identified. This research not only clusters stakeholders but also provides a structured framework for categorizing them, allowing for a better understanding of the diverse responsibilities and involvement levels of different stakeholder groups.

In conclusion, the findings of this research have implications for stakeholders involved in IoT security, as well as policymakers and regulators. By leveraging the insights gained from clustering stakeholders, stakeholders can make more informed decisions, allocate resources effectively, and implement targeted security measures to protect IoT devices. Ultimately, these efforts will contribute to the construction of a more secure and trustworthy IoT environment that fosters innovation and benefits society as a whole.

This study’s use of simulated data rather than data from actual scenarios has some limitations. Although the simulation was carefully designed and validated by experts, it may not fully capture the complexity and variability of real-world IoT systems. Future work in the field of clustering stakeholders based on their role in IoT security could include several directions. Some possible areas of investigation include expanding the scope of the research to include additional stakeholder groups, such as service providers and consumers, to provide a more comprehensive understanding of the role of different stakeholders in IoT security.

Exploring the potential for using the clustering approach to develop new security solutions, such as threat intelligence platforms or risk management tools, specifically tailored to different stakeholder groups’ needs. By addressing these areas in future research, it will be possible to enhance the effectiveness of the clustering approach further and provide stakeholders in IoT security with the tools and guidance they need to manage security risks better and ensure the safe and secure use of connected devices.