Abstract
The advent of smart cities has revolutionized urban living by providing innovative solutions, such as smart homes, smart hospitals, and smart parking. These smart applications have made life easier for people by improving infrastructure and accessibility. However, the development of smart cities also poses significant challenges for cybersecurity. The smooth operation of smart applications is essential to ensure the well‐being of users, and any disruption caused by cyber‐attacks can lead to critical situations. Malware, malicious software that can cause harm to devices or systems, is the most common type of cyber‐attack. Smart applications may consist of various heterogeneous devices, each with different security requirements and specifications, making it difficult to present an efficient mechanism against malicious software for all devices within different smart applications. Hence, developing a flexible and efficient solution to overcome this challenge is vital. This research presents a framework termed as Secure Software Update for the Internet‐of‐Things (SSUIT), which is designed to protect IoT devices from malicious software updates. This framework includes three primary components: publishers hosted on the cloud platform, an intelligent broker implemented on edge devices, and IoT devices as the subscribers. The publishers send software updates to the intelligent broker, which detects whether the update is malicious or not. The intelligent broker includes a secure software engine that integrates a disassembler, a preprocessor, and predictive models to detect malicious software. The predictive models are designed by taking into account the resource‐constrained nature of IoT systems. The end‐to‐end time taken for complete execution of a software update is also reported.