ABSTRACT
Smart cities work with large volumes of data from sensor networks and other sources. To prevent data from being compromised by attacks or errors, smart city IT administrators need to apply attack detection techniques to evaluate possible incidents as quickly as possible. Machine learning has proven to be effective in many fields and, in the context of wireless sensor networks (WSNs), it has proven adequate to detect attacks. However, a smart city poses a much more complex scenario than a WSN, and it has to be evaluated whether these techniques are equally valid and effective. In this work, we evaluate two machine learning algorithms (support vector machines (SVM) and isolation forests) to detect anomalies in a laboratory that reproduces a real smart city use case with heterogeneous devices, algorithms, protocols, and network configurations. The experience has allowed us to show that, although these techniques are of great value for smart cities, additional considerations must be taken into account to effectively detect attacks. Thus, through this empiric analysis, we point out broader challenges and difficulties of using machine learning in this context, both for the technical complexity of the systems, and for the technical difficulty of configuring and implementing them in such environments.
ABSTRACT
Urban areas around the world are populating their streets with wireless sensor networks (WSNs) in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.
ABSTRACT
In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens' quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN) and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%.
