Abstract

Internet of Things (IoT) communication networks have been growing rapidly, which exposes security threats to the heterogeneity of the devices, changing circumstances, and changing attack patterns. Classical Role-Based Access Control (RBAC) and attribute-based access control (ABAC) models are not flexible and do not give real-time risk indicators and responsiveness to decision making. In this paper, a risk-adaptive attribute-based access control (RAd-ABAC) framework based on machine learning is proposed as a part of a secure IoT communication system. The model combines the modeling of subject, object, and environmental attribute with dynamic risk scoring performed by a supervised machine learning model. A ternary authorization scheme, Permit, Review, and Deny, is presented to enhance the decision granularity as well as be able to respond to borderline access requests better than binary authorization schemes. IoT23 and TON IoT benchmark datasets containing 45,000 samples converted into ABAC compatible feature vectors were used in the proposed framework evaluation. The experimental findings indicate that the proposed RAd-ABAC framework with a proposed accuracy of 94.6 percent, macro-average AUC of 0.97 and a false positive rate of 4.2. The false positive rate decreased by 8.3 percentage points, reaching 4.2%, which corresponds to a 66.4% relative reduction than the Static ABAC and is considered an absolute change of 8.3 and a relative change of 66.4. The scalability analysis also demonstrated near-linear scaling in processing performance of average latency of less than 5.4 ms per request. Results show that risk scoring using ML has the potential of enhancing the accuracy, flexibility, and reliability of authorization in distributed IoT communication systems.

Keywords

Attribute-Based Access Control (ABAC), Risk-Adaptive Access Control, Internet of Things (IoT), Machine Learning, Secure IoT Networks, Context-Aware Security, Zero Trust Architecture,

Downloads

Download data is not yet available.

References

  1. H. Namdari, V.M. Avalos, A. Alshehri, C. Tunc, R. Dantu, Enhanced trust in IoT environments: utilizing perfect Bayesian equilibrium, exponential smoothing, and machine learning. Cluster Computing, 28(572), (2025). https://doi.org/10.1007/s10586-024-05050-w
  2. S. Rahman, Y. Wang, B. Wei, Trust at the Edge: ABAC-Secured Federated Learning for Smart Home Access Control Using Blockchain. IEEE Access, 13, (2025) 175094-175108. https://doi.org/10.1109/ACCESS.2025.3618270
  3. W.J. Khan, W. Sun, M.H. Alanazi, M.S. Anwar, M. Uddin, N. Younas, Hybrid Attribute-Based Access Control Framework for Intelligent Computing in Consumer IIoT. IEEE Transactions on Consumer Electronics, 72(1), (2026) 1615 – 1622. https://doi.org/10.1109/TCE.2025.3647569
  4. M.A.T. Ayedh, A.W.A. Wahab, M.Y.I. Idris, Enhanced adaptable and distributed access control decision-making model based on machine learning for policy conflict resolution in BYOD environment. Applied Sciences, 13(12), (2023) 7102. https://doi.org/10.3390/app13127102
  5. Y. Zhao, M. Su, J. Wan, J. Hou, D. Mei, Access control policy maintenance in IoT based on machine learning. Journal of Circuits Systems and Computers, 30(10), (2021) 2150189. https://doi.org/10.1142/S0218126621501899
  6. A. Liu, X. Du, N. Wang, Efficient access control permission decision engine based on machine learning. Security and Communication Networks, 2021, (2021) 3970485. https://doi.org/10.1155/2021/3970485
  7. S. Essafi, A. El-Yahyaoui, A. Ouacha, I. Lahsen-Cherif, AI-Driven hybrid batch authentication for UAV-Assisted mobile IoT networks. International Journal of Interactive Mobile Technologies (iJIM), 20(2), (2026). https://doi.org/10.3991/ijim.v20i02.58623
  8. O. Berraadi, H.G. Tani, M.B. Ahmed, An Energy-Efficient framework for Real-Time anomaly detection and threat mitigation in IoT traffic streams. Studies in Systems, Decision and Control, (2025) 93–108. https://doi.org/10.1007/978-3-032-04114-2_6
  9. V.K. Matter, M.G. Martins, J.L.V. Barbosa, Context-aware security and machine learning for access control: A systematic mapping and taxonomies. Computer Science Review, 60, (2025) 100880. https://doi.org/10.1016/j.cosrev.2025.100880
  10. R.S. Anusha, S.P.S. Prakash, K. Krinkin, Behaviour-Driven real-time risk assessment for secure fusion of social IoT and digital twins. IEEE Internet of Things Journal, 13(10), (2026) 20600 – 20618. https://doi.org/10.1109/JIOT.2026.3665536
  11. L. Alajramy, M. Simoni, M. Rasori, A. Saracino, P. Mori, On-device derivation of IoT usage control policies: Automating U-XACML policy generation from natural language with LLMs in smart homes environments. Future Generation Computer Systems, 175, (2025) 108067. https://doi.org/10.1016/j.future.2025.108067
  12. M. Anjum, N. Kraiem, H. Min, A.K. Dutta, Y.I. Daradkeh, S. Shahab, Opportunistic access control scheme for enhancing IoT-enabled healthcare security using blockchain and machine learning. Scientific Reports, 15(1), (2025) 7589. https://doi.org/10.1038/s41598-025-90908-1
  13. M.A. Siam, K.Y. Lucky, S.N. Hasan, J. Kaur, H. Kaur, M.S. Uddin, M.M.T.G. Manik, Cybersecure Intelligent Sensor Framework for Smart Buildings: AI-Based Intrusion Detection and Resilience Against IoT Attacks. Sensors, 25(24), (2025) 7680. https://doi.org/10.3390/s25247680
  14. J. Saleem, U. Raza, M. Hammoudeh, W. Holderbaum, Machine Learning-Enhanced Attribute-Based Authentication for Secure IoT Access Control. Sensors, 25(9), (2025) 2779. https://doi.org/10.3390/s25092779
  15. R. Dhakal, W. Raza, V. Tummala, L.N. Kandel, (2024). Enhancing intrusion detection in IoT networks through federated learning. IEEE Access, 12, 167168–167182. https://doi.org/10.1109/access.2024.3495702
  16. M. Kokila, S.K. Reddy, Authentication, access control and scalability models in Internet of Things Security–A review. Cyber Security and Applications, 3, (2024) 100057. https://doi.org/10.1016/j.csa.2024.100057
  17. P. Piruthiviraj, P. Pitchandi, S. Sharma, B. Saroja, G. Rajesh, P.V. Nandankar, Automatic access control solution in smart homes using IOT and AI. AIP Conference Proceedings, 2821, (2023) 080004. https://doi.org/10.1063/5.0150614
  18. H. Attar, Joint IOT/ML Platforms for Smart Societies and Environments: A Review on Multimodal Information-Based Learning for Safety and Security. Journal of Data and Information Quality, 15(3), (2023) 1-26. https://doi.org/10.1145/3603713
  19. Y.W. Ma, P.H.Chiu, A novel risk-based access control engine in zero trust architecture for IoT network. International Journal of Information Security, 24(124), (2025). https://doi.org/10.1007/s10207-025-01030-2
  20. S. Inshi, R. Chowdhury, H. Ould-Slimane, C. Talhi, Secure Adaptive Context-Aware ABE for smart environments. IoT, 4(2), (2023) 112–130. https://doi.org/10.3390/iot4020007
  21. M. Usman, M.S. Sarfraz, U. Habib, M.U. Aftab, S. Javed, Automatic hybrid access control in SCADA-Enabled IIoT networks using machine learning. Sensors, 23(8), (2023) 3931. https://doi.org/10.3390/s23083931
  22. D. Piriaei, A. Rezakhani, H. Haj Seyyed Javadi, L. Rikhtechi, Real-Time Risk-Adaptive Access Control With DRCFM: A Scalable BERT-LSTM-GRU Framework for Secure Systems. Security and Privacy, 8(6), (2025) e70114. https://doi.org/10.1002/spy2.70114
  23. R. Krishna Vanakamamidi, L. Ramalingam, N. Abirami, S. Priyanka, C.S. Kumar, S. Murugan, (2023) IoT Security Based on Machine Learning. Second International Conference on Smart Technologies for Smart Nation (SmartTechCon), IEEE, Singapore. https://doi.org/10.1109/SmartTechCon57526.2023.10391727
  24. A. Pathak, I. Al-Anbagi, H.J. Hamilton, (2023). TABI: Trust-Based ABAC Mechanism for Edge-IoT using Blockchain Technology. IEEE Access, 11, 36379–36398. https://doi.org/10.1109/access.2023.3265349
  25. S.Y. Chen, S.W. Jiang, W.E. Chen, ACStalk: Design and Implementation of An Access/Entry Control System using an Internet of Things (IoT) Platform. Journal of Internet Technology, 24(6), (2023) 1353-1360. https://doi.org/10.53106/160792642023112406017
  26. R. Kalaria, A.S.M. Kayes, W. Rahayu, E. Pardede, A. Salehi Shahraki, Adaptive context-aware access control for IoT environments leveraging fog computing. International Journal of Information Security, 23, (2024) 3089–3107. https://doi.org/10.1007/s10207-024-00866-4
  27. T.A. Rath, J.N. Colin, (2017) Adaptive Risk-Aware Access Control Model for Internet of Things. In 2017 International Workshop on Secure Internet of Things (SIoT), IEEE, Oslo, Norway. https://doi.org/10.1109/SIoT.2017.00010
  28. H.F. Atlam, M.A. Azad, M.O. Alassafi, A.A. Alshdadi, A. Alenezi, Risk-Based Access Control Model: A Systematic Literature review. Future Internet, 12(6), (2020) 103. https://doi.org/10.3390/fi12060103
  29. Z. Yang, X. Chen, Y. He, L. Liu, Y. Che, X. Wang, K. Xiao, G. Xu, An attribute-based access control scheme using blockchain technology for IoT data protection. High-Confidence Computing, 4(3), (2024) 100199. https://doi.org/10.1016/j.hcc.2024.100199
  30. R. Trabelsi, G. Fersi, M. Jmaiel, Access control in Internet of Things: A survey. Computers & Security, 135, (2023) 103472. https://doi.org/10.1016/j.cose.2023.103472
  31. B. Li, F. Yang, S. Zhang, Context-Aware risk attribute access control. Mathematics, 12(16), (2024) 2541. https://doi.org/10.3390/math12162541
  32. M. Burakgazi Bilgen, O. Abul, K. Bicakci, Authentication-enabled attribute-based access control for smart homes. International Journal of Information Security, 22(2), 479-495. https://doi.org/10.1007/s10207-022-00639-x
  33. S.F. Aghili, M. Sedaghat, D. Singelée, M. Gupta, MLS-ABAC: Efficient Multi-Level Security Attribute-Based Access Control scheme. Future Generation Computer Systems, 131, (2022) 75-90. https://doi.org/10.1016/j.future.2022.01.003
  34. L. Song, M. Li, Z. Zhu, P. Yuan, Y. He, Attribute-Based Access Control Using Smart Contracts for the Internet of Things. Procedia Computer Science, 174, (2020) 231-242. https://doi.org/10.1016/j.procs.2020.06.079
  35. S. García, A. Parmisano, M.J. Erquiaga, (2020) IoT-23: A labeled dataset with malicious and benign IoT network traffic. Zenodo. https://doi.org/10.5281/zenodo.4743746
  36. J.P. Díaz, F.A. Mendoza, Authorization models for IoT environments: A survey. Internet of Things, 29, (2024) 101430. https://doi.org/10.1016/j.iot.2024.101430
  37. K.A. Abuhasel, (2023). A Zero-Trust Network-Based Access Control Scheme for Sustainable and Resilient Industry 5.0. IEEE Access, 11, 116398–116409. https://doi.org/10.1109/access.2023.3325879
  38. M. Calvo, M. Beltrán, A Model for Risk-Based adaptive security controls. Computers & Security, 115, (2022) 102612. https://doi.org/10.1016/j.cose.2022.102612
  39. N. Moustafa, A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets. Sustainable Cities and Society, 72, (2021) 102994. https://doi.org/10.1016/j.scs.2021.102994