The IoT is becoming an increasingly important factor in ensuring sustainable development in various areas of human activity. When building IoT systems, the concept of a computer network of physical objects (“things”) with built-in technologies for interaction with each other and the external environment is implemented [ 1–3 ]. The implementation of such networks allows influencing economic and social processes without human participation in performing individual actions and operations. IoT technologies provide dynamic adaptation to the context of the target system, collecting through the exchange and processing of data of the subject area, changing the processes of activity and the way of our life as a whole. [ 4 ]. IoT terms and definitions are presented in the ISO/IEC 20924 standard. This standard defines IoT as “an infrastructure of interconnected objects, people, systems and information resources together with intelligent services, allowing them to process information from the physical and virtual world and react” [ 5 ].

ITU-T Y.2060 recommendation notes that “from the perspective of technical standardization, the IoT can be viewed as a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies (ICT)” [ 6 ]. IoT is a cyber-converged system [ 7 ] that includes things, communication tools, target applications, and data analysis tools that support unique identification of each object. The growing scale and complexity of IoT systems, on the one hand, and security threats, on the other, require the development of security management tools taking into account the specifics of the domain of use. In 2017 was founded IoT Security Experts Group (IoTSEC) as an information exchange platform that brings together experts to ensure the security and resilience of the entire IoT ecosystem. IoT security organization issues are addressed in a large number of publications in this field of research and engineering from different perspectives. In particular, general issues of IoT security are discussed in [ 8, 9 ]. IoT security with the focus on the impact of emerging technologies outlined in [ 10 ]. Issues of forming security requirements for IoT components examines in [ 11, 12 ]. Security measures review for IoT is presented in [ 10 ]. A special place in research on ensuring IoT security is occupied by works focused on the use of formalized knowledge and ontologies [ 13–17 ].

[ 14 ] presents a general ontological model for security services based on the convergence of threats, vulnerabilities and risks of information assets. However, the model does not take into account the specifics of Internet of Things systems.

[ 15 ] introduced cybersecurity as one of the most important aspects of the full implementation of the IoT. Although the proposed approach does not take into account the aspects of risks and vulnerabilities.

[ 16 ] offers a basic ontology for the process of identifying and analyzing information systems security requirements. Although the impact of vulnerabilities is not specified and the specifics of the IoT are not presented.

[ 17 ] proposes the integration of vulnerabilities, weaknesses, methods, tactics, and attack models into a holistic set of relationships, but does not consider risks and intrusion models for the IoT.

Therefore, it is necessary to develop an ontological security model for the IoT that takes into account various security aspects and the relationships between the architectural components of the IoT.

The aim of this study is to develop an ontological model for IoT security management, taking into account threats, risks and intrusion patterns of IoT resources. The proposed approach is based on the architectural decomposition of IoT resources and the relationships between IoT components. The developed model for security management in IoT systems is based on the semantic interrelation between IoT domains and their influence on system functioning. The core idea is to converge different aspects of systems’ safety into a single knowledge model with consideration of components and interrelations of IoT architecture.

Various sets (cases) of information, communication, and organizational technologies are used for the implementation of the IoT processes, which are necessary to solve the IoT tasks in the target subject area. The variety of components, the changeability of the problems of the system and the requirements for their solution require the task of quick adaptation of the system to solve current problems. The use of standard IoT design technologies may be unacceptable due to limited resources and the need for operational integration (convergence) of the requested IoT within the framework of a specific implementation (configuration) of the IoT ecosystem to solve current tasks.

The IoT ecosystem creates as set of independent constituent systems and technologies integrated into the principles of convergence. IoT components may be classified as architectural, process, and information.

The functional capabilities and properties of a separate IoT system configuration are determined by its architecture. System architecture is defined as a conceptual model that defines the structure, behavior and multiplicity of types (projections) of the system. Different types of system architectures are used to represent cybermatic systems, which can include IoT: software, organizational, technological, informational, process, etc. An architecture description is a formal description and presentation of a system, organized in such a way as to support conclusions (assumptions) about the structures and behavior of the system. The general description of the system architecture consists of three types of descriptions: structural, functional and organizational. Software architecture is defined as the process of defining a structured solution that meets all technical and operational requirements while optimizing common quality attributes such as performance, security, and manageability. It involves a number of decisions based on a wide range of factors, and each of these decisions can have a significant impact on the quality, performance, maintainability, and overall success of the program.

IoT reference architecture, proposed in [ 18 ] is derived from a Conceptual Model and a set of characteristics that define a Reference Model and one or more architectural views. Characteristics of IoT systems are classified by three categories: architectures, trustworthiness, and functional. The IoT reference model presented as convergence of two contexts: entity-based and domain-based. In fact the IoT architecture include devices, communications, processing platforms, and use cases of big data analytics.

The main sense of IoT usage is decision-making on different layers of activity. Devices and objects with built-in sensors are connected to the IoT platform, which integrates data from various devices and applies analytics to share the most valuable information with applications created to meet specific needs. Powerful IoT platforms can determine exactly which information is useful and which can be safely ignored. The resulting information can be used to identify patterns, make recommendations, and identify potential problems before they occur.

As a constituent of decision-making processes IoT are implemented within the perceptual cycle and include stages of empirical awareness of the environment (target area), building and applying its model in the formation of rational behavior in the environment based on periodic updates of awareness of the current environment. Awareness of the state of the environment and the formation of rational behavior on its basis are carried out using the mechanisms of logical inference, corresponding to the stages of the perceptual cycle. Such mechanisms of logical inference in the cycle of situational interaction with the environment are abduction, induction, deduction and case based reasoning (CBR).

The formal description of the subject area of the IoT, for which a problem-oriented IoT is created, is a hierarchy of concepts (notions) and functional transformations that will be operated by users. The formal description of the subject area should also contain a generalized description of the IoT process model. The composition of IoT technologies should be carried out taking into account the architecture of the IoT [ 19–22 ].

Thus, the main task of the composition of components within the framework of the convergent architecture of the IoT can be defined as establishing the correspondence between the formal description of the application area and the means of information technologies:

B : (O ,   ( D )→  ( K ,  ) L , M ) (1) where B is the function of mapping model O of the subject area and model of requirements D to the problem-oriented IoT on the set of technological means (alphabet) of the IoT K and the set of control functions L of these technological means on the set M of admissible situations in the subject area.

The peculiarity of information technology is that its input and output is information that differs only in category, purpose, structure and content. Based on the category and purpose of input and output information of information technologies, it is possible to build their classification. In particular, information technologies can be distinguished by purpose:  

The general approach to security management outlined in the standards is a risk-based approach. Therefore, the main goal of security management is to minimize risks. The ISO/IEC 27005 standard defines risk as “the impact of uncertainty on targets”, and note 6 to this definition states: “information security risk is related to the potential opportunity for threats to exploit the vulnerability of an information asset or information assets and, therefore, cause damage to the organization”. Furthermore, in the standard context of ISO/IEC 27005, “vulnerabilities may be associated with the properties of an asset that can be used in a manner or for a purpose other than that intended when the asset was acquired or manufactured”. Simply put, a vulnerability is a weakness in an asset or group of assets that can be exploited by one or more threats, but a threat that does not have the corresponding vulnerability cannot cause a risk. And finally, “a risk assessment determines the value of information assets, the relevant threats and vulnerabilities that exist (or may exist), the controls in place and their impact on the identified risk, the potential consequences and, finally, the priorities of new risks and classify them according to risk assessment criteria established in the context of creation” [ 23 ]. The diagram shown in Figure 1 represents the dependencies between risks, threats, vulnerabilities, and information assets.

Risk assessment is the basis of security management and the use of an adequate set of security models. Information assets are parts of the IT architecture. Therefore, when evaluating information assets, we consider these assets as an instance (variant) of the IT architecture. The model describes risk factors related to threats, vulnerabilities and IT architecture [ 14 ].

The convergent knowledge model of information security management is implemented based on the knowledge models of risk components (Figure 1). The ontological model of knowledge of the subject area allows describing the main concepts (propositions) of the subject area and defines the relations between them. The process of building ontologies includes:   classes and their properties (classes, properties). properties of each concept, which describes various functional capabilities and attributes of the concept (clots (slots), sometimes called roles). slot restrictions (also known as slot facets, sometimes called role restrictions). The ontology together with many individual instances of classes make up the knowledge base.

The proposed ontological model of IoT security converge different aspects of safety in context of components IoT architecture. The diversity, heterogeneity, complexity and spatial distribution of IoT systems cause corresponding difficulties in building their security systems. The application of a knowledge-oriented approach allows you to speed up the process of designing security tools for IoT, taking into account the specifics of their field of application based on a generalized ontology. The proposed framework defines the components of the IoT model as generalized classes that can be detailed by specific scope concepts. Generalized ontological classes of architecture, processes, information, and risks are used to represent the IoT ecosystem. Each of the generalized classes can be specified by appropriate target subclasses and domain concepts. The developed framework can be used when building a target IoT with appropriate security means.

Declaration on Generative AI While preparing this work, the authors used the AI programs Grammarly Pro to correct text grammar and Strike Plagiarism to search for possible plagiarism. After using this tool, the authors reviewed and edited the content as needed and took full responsibility for the publication’s content.