By: Gonipalli Bharath, Vel Tech University, Chennai, India, International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan; gonipallibharath@gmail.com
Abstract:
The internet of things has changed industries, society and economies but it has also created considerable issues like phishing attacks. Phishing attacks inside the internet of things applications is the focus of this article through threat modeling. Looking at weaknesses and points of attacks, we highlight methods of improving the security of IoT environments. This paper sets out to apply the threat modeling techniques considering the period 2015 to 2024 with the overall goal of protecting IoT devices from phishing attacks.
Introduction:
IoT has expanded greatly in the past ten years and working together with millions of devices from industries in health care, smart cities as well as industrial automation. The downside to such interconnectivity is also that it has opened up greater potential of cyber-attacks particularly phishing. This is done whereby attackers trick users into disclosing a sensitive piece of information or control of devices. IoT has grown highly in the last decade, connecting billions of devices ranging from industries in healthcare and smart cities to industrial automation. The beauty of such interconnectivity has also widened space for cyberattacks, particularly phishing. This is done whereby attackers deceive users into disclosing sensitive data or access to devices. Given the IoT’s sparse architecture and resource constraints, conventional security techniques are likely not to be very appropriate. It is here that threat modeling provides the most promising solution to this problem-a systematized process for identifying and mitigating security risks.

Literature Review:
Multiple works conducted from 2015 to 2024 identified the vulnerability of IoT systems to phishing attacks. For instance researchers discussed the use of unprotected communication protocols of IoT devices and the need of machine learning technology in phishing detection, considered the types of phishing threats in the IoT environment and the need for proactive approaches in their modelling [[2]].
Different threat modelling approaches like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) are employed to ascertain various attack scenarios as well as reduce the causes risks[[3]].
Further, the studies also authenticate the need for combining threat model with automated detection systems capable of monitoring network activity for the presence of any phishing indicators in real time [[4]].
Methodology:
Threat Modeling,
STRIDE Framework,
Machine Learning,
Automated Detection Systems.
- Threat Modeling: It has identified threat modeling techniques for the detection and mitigation of phishing attacks in IoT applications. This technique focuses on structured identification of vulnerabilities and attack vectors within IoT ecosystems.
- STRIDE Framework: The article has referred to a framework known as STRIDE, standing for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, in forecasting attack scenarios to reduce risks.
- Machine Learning: The paper identifies the integration of machine learning techniques for phishing attempts detection.
- Automated Detection Systems: It also emphasizes that threat modeling combined with automated detection systems is necessary in order to monitor in real time for phishing indicators in IoT networks.
Conclusion:
IoT applications are highly susceptible to phishing attacks that could affect system functionality, user privacy, and data integrity. Through the identification of potential risks and the implementation of mitigation strategies, threat modeling is a structured method in alleviating such issues. Considering the need for robust security measures as IoT systems advance, threat modeling is something that must be incorporated into the design and development processes. These principles are vital for engineers to understand and apply if the future of IoT technology is to be safeguarded.
References:
- Abbas, Syed Ghazanfar, Ivan Vaccari, Faisal Hussain, Shahzaib Zahid, Ubaid Ullah Fayyaz, Ghalib A. Shah, Taimur Bakhshi, and Enrico Cambiaso. “Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach.” Sensors 21, no. 14 (January 2021): 4816. https://doi.org/10.3390/s21144816.
- Alzaabi, Fatima Rashed, and Abid Mehmood. “A Review of Recent Advances, Challenges, and Opportunities in Malicious Insider Threat Detection Using Machine Learning Methods.” IEEE Access 12 (2024): 30907–27. https://doi.org/10.1109/ACCESS.2024.3369906.
- Hossain, Md Ismail, and Ragib Hasan. “Enhancing Security in Ambient Intelligence: A STRIDE Threat Modeling Perspective.” In 2023 IEEE 9th World Forum on Internet of Things (WF-IoT), 1–6, 2023. https://doi.org/10.1109/WF-IoT58464.2023.10539377.
- Marengo, Prof Agostino, and Dr Alessandro Pagano. “MACHINE LEARNING FOR CYBERSECURITY FOR DETECTING AND PREVENTING CYBER ATTACKS.” Machine Intelligence Research 18, no. 1 (August 17, 2024): 672–89.
- AlZu’bi, S., Shehab, M., Al-Ayyoub, M., Jararweh, Y., & Gupta, B. (2020). Parallel implementation for 3d medical volume fuzzy segmentation. Pattern Recognition Letters, 130, 312-318.
- Mirsadeghi, F., Rafsanjani, M. K., & Gupta, B. B. (2021). A trust infrastructure based authentication method for clustered vehicular ad hoc networks. Peer-to-Peer Networking and Applications, 14, 2537-2553.
- A. Dahiya (2021), Integration of Cloud and Fog Computing for Energy Efficient and Scalable Services, Insights2Techinfo, pp.1
Cite As
Bharath G. (2025) Detecting and Preventing Phishing Attacks in IoT Applications Through Threat Modeling, Insights2Techinfo, pp. 1