Securing the IoT System of Smart City against Cyber Threats Using Deep Learning

The idea of a smart city is to connect physical objects or things with sensors, software, electronics, and Internet connectivity for data communication through the Internet of Things (IoT) devices. IoT enhances productivity and efficacy intelligently using remote management, but the risk of security and privacy increases. Cyber threats are advancing day by day, causing insufficient measures of security and confidentiality. As the hackers use the Internet, several IoT vulnerabilities are introduced, demanding new security measures in the IoT devices of the smart city. The threads concerned with IoT need to be reduced for efficient Intrusion Detection Systems (IDSs). As a result, machine learning algorithms generate correct outputs from a large and complicated dataset. The output of machine learning could be used to detect anomalies in IoT-network systems. This paper employed several machine learning classifiers and a deep learning model for intrusion detection using seven datasets of the TON_IoT telemetry dataset. The proposed IDS achieved an accuracy of 99.7% using Thermostat, GPS Tracker, Garage Door, and Modbus datasets via voting classifier.


Introduction
A smart city is an architecture composed of data and communication technologies to create, deploy, and eventually support advancement to oversee cities and address the challenges of urbanization smartly and viably. e main focus in the smart city is to connect various objects to transmit the data intelligently. Multiple countries have presented such smart city ideas to utilize the resources and manage urbanization growth e ectively. e information and communication technologies (ICTs) can be deployed to accomplish the ful llment of smart cities, especially the Internet of ings (IoT), which is most important for effective operations [1]. IoT requires an Internet source for communication with other objects, nodes, and applications over the cloud to get information on their adjacent object. IoT devices led to extensive utilization in an advanced healthcare environment, connecting patients and doctors to extend healthcare services intelligently. In smart healthcare, mostly integration of clinical decision support systems is deployed. e IoT-based system guarantees to provide coste ective solutions to the healthcare domain [2]. Since it is used in everyday life, IoT is often referred to as the Internet of People (IoP) from individuals to organizations. As a result, the number of connected devices is increasing all over the world. Many sensors are used in embedded systems to gather real-time data from physical objects from afar. We can create intelligent decision systems and e ectively manage IoT environments using the data obtained from the sensors. e link of commonly used real-world gadgets to the Internet, on the other hand, often poses concerns about cybersecurity risks. As a result, organizations and countries are concerned about the safety of IoT devices against anomalies. e required actions must include physical and cybersecurity steps and con rmation of protection against signi cant IoT architecture attacks. To protect and guard against attacks from infected IoT devices, intelligent intrusion detection techniques for IoT devices must be designed and built. However, many intrusion detection devices require a significant amount of computing power and energy [3].

Motivation and Contributions.
New threats regularly arise because IoT devices run in an embedded and interdependent setting. Furthermore, since IoTdevices are always left unattended, a malicious attacker may gain access to them. Since IoT devices are usually connected to cellular networks [4], eavesdropping may reach privately held information from the contact platform. Aside from these security concerns, IoT systems cannot continue to have sophisticated security measures due to their limited energy and processing capacity. To secure IoT applications from cyber-attacks, another line of defense should be installed into IoT networks. AI-based systems have recently gained credibility in a common framework for detecting network attacks, such as IoT networks. IoT sensors and network traffic should be logged and analyzed to learn standard patterns. When a person's behavior deviates from the ordinary, this is a sign of irregular behavior. ese methods have also been checked to predict emerging risks, developing a set of IoT interfaces and network security protocols. e main contributions of this research are detailed as follows: (a) A deep-learning based approach with current databases is employed to categorize the attacks (b) A safeguard is introduced for the IoT network's reputation and ensures that it is only available to approved users (c) A basis for incorporating IDS into an IoT-based system as an application is proposed.

Related Work
IoT networks face additional security challenges than conventional computer systems due to a variety of reasons. Firstly, IoT systems are incredibly complex in processors, platforms, communication methods, and protocols. Secondly, to bind physical objects, IoT systems comprised of Internet-connected modules and control devices are used. irdly, there are no well-established limits of IoT schemes, which often shift due to the versatility of users and computers. Fourthly, they will be physically endangered by IoT structures or a part of them. Fifthly, limited resources make it impossible to incorporate advanced security techniques and applications on IoT computers. Finally, because of the exponential expansion of IoT-based computers, those networks could be vulnerable to attacks on privacy and protection [5,6].
Several tools and applications have been created to mitigate network attacks by detecting inconsistencies in the IoT environment using machine-learning and deep-learning techniques. Several state-of-the-art strategies for classifying these anomalies using machine learning techniques in the IoT infrastructure have been reported in the literature. Nonetheless, deep learning methods have been used for the same reason by a few. Deep learning methods have proved to be the best state of the art for pattern matching, and they can detect any input in an IoT system as true or false. Signaturebased techniques, specification-based methods, anomalybased tactics, and mixed strategies are the four main types of ID attacks [1].
Signature-based methods start by looking for correlations between a set of network data and a function database. If the scanned data suits the signature record, the data would be considered illegal. It is helpful to determine the type of attack precisely. It is a low-labor-intensive project with little demand. ey encourage machine managers to define rules and thresholds in advance. e same rules will be followed. IDS detects the current system and network status. e IDS will detect an abnormal state and react appropriately once the threshold is exceeded or the rules are violated [6].
Anomaly-based methods aim to figure out which phenomena are abnormal and which are not. e main advantage of using this method is to detect potentially new intrusions. However, its one disadvantage is prone to false positives. Machine learning algorithms are currently being studied in anomaly-based intrusion detection methods to improve their advantages. Machine learning algorithms can monitor active activity and equate it to known intrusion footprints to identify potential attacks using anomaly-based intrusion detection techniques. In a hybrid approach, multiple recognition techniques are used in the same scheme. is solution would eliminate the current limitations of a single mechanism and increase the overall stability of the IoT method. e wholly developed IDS, on the other hand, would be extremely large and complicated. e technique will become more complex as a result, and more capital will be required. In addition, intrusion detection can be time and expense-consuming due to the many protocols involved [7]. Vigneswaran et al. [8] developed an anomalybased IDS that functions in traditional networks and trains and tests the model using the KDDCup99 dataset. e proposed solution has an accuracy of 95% and should be adopted. However, they use the KDDCup99 dataset, which lacks homogeneous data and few specific records, making reliable findings challenging to come by.
Ajaeiya et al. [9] advocated for anomaly-based IDS that only uses network functionality. e R-tree algorithm outperforms the other machine learning models with a 99.5 percent true positive rate and a 0.001 percent false-positive rate. eir results showed how effective mathematical algorithms like Random Forest could be. eir dataset, on the other hand, is not a test that raises questions about its validity. Abubakar et al. [10] proposed an SDN-compatible identification tool. ey had a signature-based ID and an anomaly-based ID that were trained and tested on the NSL-KDD dataset. e detection precision is higher than 97.4%. Intrusions observed solely by anomaly detection, on the other hand, cannot be distinguished from those detected by signature detection.
Tang and Kapitnov et al. [11] suggested a protocol for connected networks that uses blockchain technologies to facilitate peer-to-peer communication. e protocol ensures the communication mechanism's protection and manages 2 Discrete Dynamics in Nature and Society variability in working states. Currently, researchers are looking at turning blockchain into a multiagent system. Li et al. [12] suggested an enhanced method for extracting IoT data features to detect IDS for smart cities using deep migration learning. ey have said that their plan would compensate for the lack of an appropriate training set.
ey also claimed that their approach yielded higher detection rates at high performance than conventional approaches and signi cantly reduced clustering time.
Arshad et al. [3] suggested a new intrusion prevention scheme for IoT systems with limited resources. As a result, intrusion protection is disabled for IoT devices and the edge router. To browse network packets, IoT devices are used as IDS nodes. It can only receive raw packets from the host router node, which contain con dential data. For genuine time-destroying behavior in domestic IoT gadgets, Anthi et al. [7] proposed three-layer IDS architecture. e protection layers in this architecture de ne intrusion for IoT systems based on their normal or irregular behavior.

reats in IoT.
IoT signi es a heterogeneous environment of sensing devices connecting over the Internet [13]. e threads associated with IoT di er from the conventional networks because it has limited computational power and memory. Furthermore, IoT devices utilize insecure wireless communication media, that is, 802.15.4, LoRa, ZigBee, and 802.11ac. Moreover, IoT devices lack standard operating systems, di erent formats, and application-speci c functionality, due to which standard security protocol is di cult to develop [14]. All these shortcomings cause various types of security and privacy threats.
In addition, the communicating IoT devices are mostly multivendor, demanding a reliable tool to act as a bridge [15]. Various research works have highlighted the issue of software updates to billions of IoT devices [16]. erefore, the detection of threats and challenges associated with IoTbased systems is signi cant during the design and implementation of the security measures for IoT machines. Internet Engineering Task Force (IETF) has recognized various IoT threats [17], such as man-in-the-middle (MiTM) attack, Denial of Service (DoS) attack, replacement of rmware with malicious code, privacy threats, and eavesdropping attacks. e basic ideas of security and privacy rotate about the Availability of the network, Con dentiality, and Integrity of data. Any unauthorized access of data may cause a breach of availability, con dentiality, or integrity. us, privacy threat is a concern with the privacy of the data, while security threads in uence the integrity of the data and availability of the network. Figure 1 illustrates di erent privacy and security threats associated with IoT devices.

Denial of Service (DoS).
DoS is a common and basic implementation of security threats that could be utilized against an IoT device. DoS attack is a preferred tool for intruders due to the low-security features in many IoT devices. DoS attack happens when the attackers take control to make a device unavailable. e main aim of a DoS attack is to down the network by sending illegal requests. e advanced type of the DOS is referred to as Distributed DoS (DDoS), where several attacks are involved in a single target [18]. Di erent kinds of DDoS attacks are used, but all of them have the same objective. e most common of attack's type is a Botnet attack in an IoT network [19].

Man-in-the-Middle (MiTM).
ese attack approaches are considered old enough in the cyber world [20]. Sybil attacks, message tamper, and spoo ng can be classi ed as MiTM attacks. IP spoo ng, DNS spoo ng, ARP Spoo ng, and HTTPS spoo ng are the common attacks of spoo ng.

Malware.
Malicious software is also known as malware. It exists either in the trojan horse, worm, spyware, virus, malvertising, or rootkit [21]. A few examples that are su ered from malware are healthcare devices, vehicular sensors, and smart home products.

Privacy reats.
e users and their data are comprised in the IoT devices are inference attacks, sni ng, and deanonymization.

Man-in-the-Middle (MiTM).
As we know, there are two types of MITM attacks, one is active and the other is passive.
e passive MiTM attacks silently listen to the transfer of data among two devices. is attack does not change the data but violates privacy only. After accessing a device, an intruder can watch silently for a couple of days before attempting the attack. e increasing numbers of IoT devices such as smartphones, toys, and wristwatches produce a high impact of passive MiTM attack sni ng and eavesdropping. Similarly, active MiTM attacks are included in harming the data. For example, a client will communicate with the server, possibly connecting with the MiTM attacker, who is personating to be the server, as illustrated in Figure 2.

Data Privacy.
It is concerned with data leakage [22], identity theft, data tampering, and reidenti cation [23]. Data tempering is used to alter the data and it can be categorized To summarize, an IoT-based system is not fully secure because it facilitates the users to access their data without any trouble. But on the other side, it provides an insecure atmosphere for the attackers to access any network segment. Various ways of the threats are depicted in Figure 3, through which IoT-based systems may compromise.
us, users should be aware of all these security weaknesses to protect themselves from cyber threats. Various methods are employed to reduce cyber threats. Most recently, AI-based system has been used to classify network tra c on a large setup.

Materials and Methods
Various machine learning algorithms, including deep learning models, are utilized to nd network attacks. In the proposed system, the rst data balancing is performed through the Minority Oversampling Technique (SMOTE) method [24] to avoid over tting. en, random forest, voting classi er (ensemble of logistic regression, random forest, and Gaussian Naive Bayes), arti cial neural network (ANN), and 1D CNN (convolutional neural network) are applied to nd the normal and abnormal tra c in IoT environments. Figure 4 demonstrates the proposed IDS for the IoT network.

ToN-IoT Telemetry Dataset.
In this work, we used a dataset known as the ToN-IoT Telemetry dataset [25], which can be retrieved at the ToN-IoT repository [26]. is dataset was gathered from various sources through Telemetry of IoT devices plus logs of operating systems and network tra c of IoT-based systems.
e ToN-IoT datasets were categorized with a label of normal or attack for binary classi cation. ey also included a type of subclasses: DDoS, backdoor, injection, normal, password cracking, ransomware, and Cross-site Scripting (XSS). In the Train_Test_datasets folder [26], the total number of seven datasets were evaluated for IoT devices, including Weather, ermostat, GPS Tracker, Fridge, Garage Door, Modbus, and Motion Light. e distribution of attacks for each dataset is presented in Figure 5. A brief description of these cyber-attacks is provided in Table 1.

Data Balancing.
e Synthetic Minority Oversampling Technique (SMOTE) method [24] is usually employed for data balancing. e main idea of SMOTE is to create new minority cases by incorporating various minority cases that remain together. Initially, the k-nearest neighbors of all minority cases are identi ed. en, minority cases are initiated on the positions among the minority cases and their knearest neighbors till the database is balanced.
us, the problem of over tting is avoided.

Classi cation.
e proposed model is evaluated through various machine learning algorithms and deep learning models: random forest, voting classi er, ANN, and 1D CNN. e following parameters are used during the training of classi ers, as presented in Table 2.

Evaluation Criteria.
e main purpose of this model is to classify the normal and abnormal attacks based on the following outcomes, as illustrated in Table 3. e following formulae are evaluated based on TP, TN, FP and FN as reported in Table 4. Also, confusion matrix is evaluated to demonstrate how much data is correctly and wrongly classi ed.

Results and Comparisons
e experiments are carried out using machine learning and a deep learning model on the ToN-IoT datasets. Metrics used to evaluate the performance are accuracy, precision, recall, and F-score [31]. e highest result achieved through different classi ers for each dataset is presented in Table 5. For example, the result shows that the voting classi er has achieved the highest accuracy of 99.7% for the ermostat, GPS Tracker, Garage Door, and Modbus dataset. Furthermore, these results are presented in the form of a confusion matrix, as illustrated in Table 6. e accuracy obtained through the employed classi er against each dataset is presented in Table 7. e random  Discrete Dynamics in Nature and Society Table 1: Cyber-attacks description.

Cyber-attacks Description
Port scanning [27] Before initiating the actual attack, it is applied to get information about a target machine such as available services and opening ports. For this purpose, the attackers use di erent scanning tools such as nessus [28] Distributed denial of service (DDoS) It is a ooding attack where an intruder usually initiates a series of malicious attempts to exhaust the system resources

Ransomware
It is a complex type of malware that disallows legitimate users' access to services or systems through encryption. e attacker tries to sell the decryption key to the access system Backdoor [29] It is a passive attack type that allows an attacker to get unauthorized access to the infected IoTdevices through backdoor malware Injection attack [30] is attack is usually used to inject malicious data or execute malicious codes into IoT-based systems Cross-site scripting (XSS) [30] is attack is usually used to inject malicious commands on a web server Password cracking attack [24] e attacker uses password cracking techniques such as dictionary attacks or brute force to predict IoT machines' passwords     Discrete Dynamics in Nature and Society  Several ways are used to protect communication protocols [32,33] and devices [34]. e summary of existing methods based on IDS for IoT is reported in Table 8 for comparing purposes.

Conclusion and Future Work
Currently, several cybersecurity checks are implemented to maintain the security and privacy of IoT networks. Hence, this paper has presented an AI-based model for intrusion detection using seven datasets of TON-IoT telemetry datasets for IoT networks to include the contribution in this regard. e proposed model observes traffic across the IoT-based system and forecasts any possible intrusion using embedded artificial intelligence. e proposed model is trained and tested on seven datasets ( ermostat, GPS Tracker, Garage Door, and Modbus datasets) from the ToN-IoT dataset and achieved 99.7% accuracy using a voting classifier.
Many efforts are still required to develop a smart city fully equipped with IoT-based sensors for secure and significant monitoring of all threats. Designing and building such security and privacy procedures for IoT appliances is necessary, making it a core element of any network. We propose to fuse the seven datasets of the TON-IoT dataset with various deep learning models as future work.

Data Availability
For experiments, in this work, we used a dataset known as the ToN-IoT Telemetry dataset [25], which can be retrieved at the ToN-IoT repository [26].

Conflicts of Interest
e authors declare that there are no conflicts of interest.