To improve spectrum utilization, cognitive radio (CR) enables unauthorized internet of thing (IoT) devices to opportunistically access the channel underutilized by the primary user (PU) in a cognitive IoT (CIoT). To this end, cooperative spectrum sensing (CSS) plays a crucial role in CR technology, which leverages the spatial diversity of corroborative IoT devices to accurately detect the PU signal. However, this open cooperative paradigm may suffer from spectrum sensing data falsification (SSDF) attack in which malicious IoT devices intentionally mislead the fusion center (FC) by providing false sensing results to make an incorrect global decision regarding the PU status. To effectively characterize the attack behavior of malicious IoT devices, we propose a massive SSDF attack model described by the attack cycle and malicious ratio within a sensing period to characterize the malicious behaviors. Additionally, we introduce a delivery evaluation mechanism and propose a dynamic sliding window‐CSS (DSW‐CSS) to mitigate the impact of massive SSDF attack. Moreover, we introduce a sequential reporting mechanism to further reduce the number of samples required by the global decision‐making of the FC. Finally, simulation results show the flexibility and aggressiveness of the proposed attack model and demonstrate the correctness and effectiveness of DSW‐CSS.