Intelligent Network Intrusion Detection and Situational Awareness for Cyber-Physical Systems in Smart Cities

Smart cities are enabled by cyber-physical systems (CPS) which leverage the Internet of Things (IoT) to connect the physical world and information systems. Due to lack of security protection, IoT systems are vulnerable to various cyber attacks. In this paper, we investigate the network intrusion detection method for the security protection of loT edge servers or gateways in CPS of smart cities. We develop an abnormal flow detection algorithm based on deep learning (DL), where a Long Short Term Memory (LSTM) model is utilized to identify abnormal flows, followed by a Convolutional Neural Network (CNN) model to distinguish the malicious flow. Based on this framework, we construct a situational awareness system that consists of a real-time flow monitoring module running on IoT edge servers, and a situation visualization module deployed at a cloud server. The flow monitoring module is responsible for capturing, parsing, and identifying the flow of the edge server, while the situation visualization module demonstrates the security situations with charts and curves in real-time. The experimental results show that high recognition accuracy of 99.2% for the LSTM model and 97.4% for the CNN model.