1

CHAPTER 1

INTRODUCTION

1.1 OVERVIEW

Internet of Things (IoT) has been more popular in several places

across the world recently. It is estimated that there will be 125 billion IoT
devices by 2030, and the number of connected devices has already topped
27 billion this year. There are several smart city applications that connect
large IoT devices to real-world goods, which have a significant impact on
urban life. It will be challenging to administer IoT networks in the future
because of the enormous number of IoT devices across a broad variety of
technologies and protocols (Wired/Wireless, Satellite/Cellular, Bluetooth/ Wi-
Fi, etc). Consequently, residents' personal information is at risk due to serious
cyber security threats and vulnerabilities that might be exploited. Despite the
user or administrator's knowledge, these cyber dangers may get access to the
Internet of Things devices. As a result, smart city applications are vulnerable
to two key dangers. There is an initial challenge in identifying zero-day
attacks in a smart city's cloud data centere from a wide variety of IoT
protocols if the enormous assaults are hidden in IoT devices. By utilizing an
intelligent approach to identifying cyber-attacks, IoT malware assaults, for
example, may be discovered before they can affect a smart city (e.g., from the
IoT networks). Currently, IoT sensors are collecting all of the data flowing via
the massive amount of data that is currently being seen on cloud servers by
most of the sensors currently in use. Standard IDS are not appropriate for
 2

devices of this kind, which have limited resources and capabilities

(Weber et al. 2010).

1.2 THE INTERNET OF THINGS (IoT)

Devices are connected to the internet through the Internet of Things

(IoT) for the purpose of sharing information using protocols that have been
authorized (Lin et al. 2016). As a result, everything may be accessed at any
time and from any location. Tiny sensors embedded in everyday items
provide the backbone of an Internet of Things (IoT) network. Without human
intervention, IoT devices can communicate with each other. Figure 1.1
illustrates how IoT may be used in a variety of fields, including health
monitoring, smart environments, smart homes, smart cities, and wearables.

Figure 1.1 Components of IoT

In a smart city, IoT-enabled technological communications are

utilized to increase operational efficiency, improve quality of service
provided, and enhance resident quality of life (Laura Belli et al. 2020). As the
 3

use of Internet of Things (IoT) systems grows, a growing number of concerns

are being voiced. IoT security is a critical problem that must be addressed,
among many others. Sensors coupled to enormous cloud servers connect

Internet of Things (IoT) devices in smart cities, rendering them

susceptible to assault. Untrusted networks, such as the internet, may be used
to access IoT devices from anywhere. To put it in another way, the Internet of
Things (IoT) is vulnerable to a wide variety of threats. Figure 1.1 shows the
different parts of IoT.

1.3 THE SMART CITY

The smart city's technology, population, and infrastructure are all

vital aspects of a city (Nam Pardo et al. 2011). Cities may be characterized as
“digital cities”, “omnipresent cities”, or even as “smart communities”
depending on their degree of functionality. Smart cities are those that have
high levels of emphasis and operational efficiency in the three areas listed
above. Increasing human population is a major problem for governments
across the world. There must be no scarcity of resources, and the supply must
be maintained to keep up with demand. Additional criteria include a concern
for the environment and a desire to save as many resources as possible.

Efforts are made to maintain security standards and regulate traffic

congestion on highways using more controlled methods. Numerous
Information and Communication Technologies (ICTs) are used in urban
development plans in order to enhance quality of life. A healthy and positive
connection between government and citizens is fostered through the use of
Information and Communication Technology (ICT) in urban services
(British Standards Institute 2014). The integration of ICT with urban
development has resulted in the creation of "intelligent cities".
 4

Smart cities' individual dwellings would be included in the

automation system. In a home automation system, many appliances and
electrical loads react to human-created stimuli. An android smartphone or a
PC may access a single localhost server.

(Source : Adapted from chase: White paper 2014)

Figure 1.2 A smart home in a smart city with intelligent devices

An example of a smart home is shown in Figure 1.2, illustrates just

a few instances of IoT's influence on residential, domestic, and commercial
settings include home and office products, smart power management systems
and floor and building optimization software.

1.4 INTRUSION DETECTION SYSTEM

The Internet of Things (IoT) breaks down the barrier between the
digital and physical world. Despite this, its inevitable expansion in the global
 5

economy is challenged by a lack of adequate security management. Physical

equipment security, network security, sensor security, and data transmission
security all need management. As a result of this, researchers must automate
IoT security management operations in order to detect unlawful access and
take essential steps at any time. A company's requirements should guide the
design of an IoT security management architecture. There are three
components of the IoT Security Management System (IoTSMS), which are:
the IoT reference model, the Layered functional architecture, and the Security
Management information base.

Figure 1.3 An Intrusion Detection System (IDS) Model

 6

The right IDS can protect data from illegal access, alteration, and
distribution. Clients should be informed when their software and technologies
are about to expire and they need to be updated, so they are aware of the need
to secure IoT devices and systems. Periodic password resets may be used to
prevent users from using the same password for a long period of time.
The system will be safe from physical and encryption attacks if only critical
functions can be accessed remotely. Intrusion Detection System (IDS)
appliances are used for IoT network monitoring and defense against
intruders/attackers as represented in Figure 1.3.

When faced with assaults such as the ones listed above, an

Intrusion Detection Systems (IDS) are an excellent tool to have on hand. It is
typically seen as a second line of defence when other security methods like
encryption or Access Control (AC) are unable to identify threats. The IDS
may be able to detect odd behaviour that indicates that the assaults are
continuing. Mistreatment-based identification methods use the preplanned
signatures of malicious exploits to detect intrusions (Doshi et al. 2018).
IDS that does not consider communication overhead concerns and traffic
analysis is thus preferable to an intrusion detection systems. Probing attacks,
DoS attacks, U2R attacks and R2L attacks are all examples of data
connections that fall into one of two categories: standard or intrusive.

1.5 ATTACK DETECTION

The majority of research is currently focused on Network Intrusion

Detection Systems (NIDS). The classification procedure may employ the
special characteristics extracted as an input. It is a combination of many
machine learning or deep learning algorithms' output grouping and prediction
performance. Support Vector Machine (SVM), Naive Bayes (NB), Random
Forest (RF), K-Nearest Neighbour (KNN), Multilayer perceptron, Logistic
 7

regression and decision tree algorithms may be used to identify attack and
non-attack data.

1.5.1. Support Vector Machine (SVM)

Ham et al. (2014) proposed to utilise the Support Vector Machine

(SVM) for both linear and non-linear data categorization. The margin is the
basis for SVM classification. The supporting vector machine method is
defined by a hyperplane in N-dimensional space. Hyperplanes serve as
decision-making boundaries by defining data points inside a graph. The
hyperplane divides the data into a number of distinct clusters. The essential
attributes are extracted and divided into training and testing data.

1.5.2 Naïve Bayes (NB)

Shrivastava et al. (2018) has been used Bayes theorem as a

classifier for attack detection. The frequency of data points being associated
to a certain class is used as a predictor of membership in each class. The class
with the highest probability function is the most desired. Following a
thorough analysis of the posterior probabilities of several hypotheses, they
swiftly implement it and then choose the most likely one.

1.5.3. Random Forest (RF)

In the context of attack classification, regression and other

activities, random forests or random decision-making forests represent an
ensemble learning system that produces the class mode (classification) or the
average predictor (regression) for each tree that was clearly illustrated
by Tama et al. (2018). Decisions may be made from among the tree's many
branches. Votes cast may help identify anomalous attack data.
 8

1.5.4. K-Nearest Neighbor (KNN)

For detection of the assault devised Li et al. (2014), K-Nearest

Neighbors is one of the most basic and useful Machine Learning classification
techniques. Being a supervised learning technique, it is used widely to find
patterns, detect data and identify intrusions. An algorithm known as KNN
picks the number of samples (K) closest to a query in the data set. The query
data may then be used to identify any suspicious data.

1.5.5. Multilayer Perceptron (MLP)

In the case of Hassan et al. (2020), the assault was detected using a
Multilayer Perceptron (MLP) type of Artificial Neural Network (ANN).
Many layers of perceptrons (with activation thresholds) are often referred to
as MLPs, however the word is used ambiguously to describe any feed-
forward ANN with multiple layers of perceptron’s (particularly in a single
hidden layer). Linear activation and non-linear activation may be
distinguished in MLP. Non-linear data that can be accurately characterized
but that cannot be separated.

1.5.6. Logistic Regression

During a regression analysis, logistic regression (or logit

regression) is used to estimate the parameters of the logistic model (a form of
binary regression). A value of 0 to 1 may be mapped to any number using this
S-shaped curve, but it will never be exact. Hasan et al. (2019) convincingly
illustrated the anomaly using binary value.

1.5.7. Decision Tree

IoT attack detection was shown by Taghavinejad et al. (2020) with

the usage of decision trees. Using a decision tree for categorising and
 9

predicting is the most popular and efficient method. In a decision tree, each
internal node, branch, and leaf node shows a test result for an attribute, along
with a class mark (the terminal nodes). By sorting the tree from the root to
any leaf node, decision trees may classify an instance.

1.5.8. Deep Learning CNN

One of the deep learning neural networks is the Convolutional

Neural Network (CNN). Images can now be recognised and classified using
CNN, a major advancement in the field of image processing. Breaking down
visual symbolism is often mostly utilised for, and they are frequently used in
the attack characterisation and classification portrayed by Sahu et al. (2020).
There are fewer pre-processing stages in CNN than in other classification
systems. This CNN will be put to work in a number of different contexts.

1.6 SECURED DATA TRANSMISSION IN IoT

IoT security has always been a major concern, since the

introduction of the Internet of Things (IoT), placing it among the top five
security dangers in 2015. As a result, developing efficient and suitable
solutions to IoT security concerns require a collaborative approach to security
in order to realise the myriad advantages of IoT while leveraging IoT for
global growth. In light of the rise of the Internet of Things (IoT), it is critical
to recognise that IoT security is not a binary choice between safe and
unsecure. Instead, it's better to think about Internet of Things (IoT) security in
terms of a range of possible device vulnerabilities. As the Internet of Things
(IoT) expands, so are the number of possible security flaws that may be
exploited.

Traditional security breach due to leakage of confidential

information is a primary security constraint among IoT gadgets because if
 10

people do not believe that their connected devices such as smart TVs and
phones and other home appliances with their information are reasonably
secure from misuse or harm the resulting erosion of trust will cause reluctance
to accept IoT globally. As a result of the interconnected nature of IoT devices
and the inherent distributed and heterogeneous nature of IoT objects, a
security breach could occur due to interception, eavesdropping, and the
modification of confidential information by malicious individuals who gain
access to the interconnected IoT devices. Most of study outlines a security
model based on a cryptographic strategy for dealing with the problem of data
confidentiality loss in the Internet of Things. Confidential information and
data is protected from hackers by using the skill of encrypting it. However,
cryptography is the science of creating ciphers to encode communications and
information in such a manner that only the intended recipients can decode and
understand it. All IoT devices are referred to as sensors because they collect
data from their surroundings and communicate it to a central server at home.
The aforementioned security model may be broken down into the two
sections listed below; IoT devices have inherent hardware constraints, such as
limited memory, battery power restrictions, and low computational abilities,
and thus are inefficient to process computationally intensive and complex
encryption algorithms during the data transmission phase between the sensor
node and the authentication/home server.

Secure encryption technologies such as Advanced Encryption

Standard (AES) and Data Encryption Standard (DES) are used throughout the
data transfer phase between home servers and cloud services.
Data confidentiality is a concern in the Internet of Things (IoT), and the
present study addresses that concern by providing increased two-level
security. Security in smart environments is best achieved by deploying both
cryptography and attack detection mechanisms in tandem. If an encryption
technique is used, the availability of sensitive information in an encoded
 11

textual format (ciphers) may entice wrong doers to decode it, if they have
adequate time or processing power. This is the reason for this
recommendation. The inability of cryptography to hide private data from
malevolent users or attackers is so abundantly clear. To ensure safe and
secure data transport in the IoT, an attack detection mechanism may be added
to the cryptography technology.

1.7 PROBLEM STATEMENT

IoT networks and apps are susceptible to attack for a variety of

reasons. Because of their limited resources (e.g., modest processing power
and storage capacity), most IoT devices have a restricted ability to handle
data. IoT devices are also coupled to many protocols, and the ever-increasing
number of IoT devices further creates cloud centre delay. Besides, IoT
devices are often left unattended, an intruder may get physical access to them.
However, the vast majority of data exchange is done wirelessly, which makes
it vulnerable to eavesdroppers. Therefore, traditional IDS systems often fail to
identify IoT attacks. A hacker may then connect to smart city routers and
gadgets in a variety of locations, including residences, retail malls, restaurants
and hotels. An attacker who gains access to these IoT devices may be able to
collect personal information such as credit card numbers, streaming video,
and other types of private data.

The capacity of a smart city framework and infrastructure to satisfy

the demands of current and future generations of people are one of the most
important challenges. An increasing number of sustainability projects in smart
cities rely on the Internet of Things (IoT), exposing enterprises to the risk of
network failure, security breaches, and natural catastrophe damage to IoT
infrastructure. There is a serious lack of security on most gadgets. Attackers
may readily target internet-enabled devices in these situations, making them
vulnerable. Intelligent transportation systems, smart buildings, and efficient
 12

use of resources like water and electricity, as well as waste disposal, all rely
on IoT and associated cyber-physical systems for long-term sustainability.
Sophisticated cyberattacks need more powerful security measures than those
already in place. In addition, the attackers are well-versed in current security
measures and are always looking for new methods to hack the target.

Zdn et al. (2017) reported that numerous electrical items still work
with out of date firmware. Risks associated with the deployment of these
devices cause the attacker to discover a wide range of attack surfaces, attacks
and vulnerabilities. Hackers are always seeking new methods to get into and
abuse electronics in today's modern world. Using drones in recent assaults
poses a serious concern since they are able to avoid physical restrictions and
enter the target's area undetected to carry out an attack with great accuracy.

As a result, these smart city services and resources may be better

managed autonomously, thereby enhancing sustainability and ensuring
continuous services in smart cities by assaults and intrusions on the
appropriate IoT systems. Machine and deep learning methods are applied. In
terms of security and privacy, there is a need for more study into machine,
deep learning implementation and model verification.

1.8 MOTIVATION

The security of IoT devices has become a major problem as the

number of services and consumers grows. When IoT systems and smart
environments are combined, smart objects are more effective. Security
failures in IoT systems may have catastrophic results in high-value sectors
like healthcare and industries. IoT-based smart environments put applications
and services at risk if security safeguards are not in place. Confidentiality,
integrity, and availability are three essential security principles for IoT-based
 13

smart environments, and further study into IoT information security is needed
to solve these challenges.

It is expected that IoT devices would outweigh mobile devices in

terms of use, and the most sensitive data, such as personal information, will
be accessible by them. As a consequence, the attack surface area would
expand and the risk of assaults will increase. To ensure the safety of most IoT
applications, intrusion detection solutions for the Internet of Things (IoT)
must be developed. In recent years, there has been a tremendous amount of
interest in SC. Transport, healthcare, building management, and other sectors
are all benefiting from IT-based services. IoT devices must be used sparingly
in SCs to detect and send critical information.

Smart Cities are a primary focus of the research work, which aims
to identify intrusions on Internet of Things (IoT) devices quickly.
Accordingly, studies focusing on the development of an intrusion detection
system based on techniques such as the Crow Search Optimization and Deep
Learning Modified Neural Network (DLMNN) are encouraged in order to
uncover new attack types in SCs and pave the way for future research into
attack types that may be possible in SCs. Finally, both CSO-MANFIS
and DLMNN use IRSA and KH-AES to securely communicate their data.
Precision improves as a consequence, resulting in increased system
efficiency.

1.9 OBJECTIVE

The proposed research work has been based on detecting attacks on

IoT based smart city environment by implementing the novel algorithms.
Based on that, the research work has been split into two stages. In the first
stage of work, an optimized deep learning based security enhancement and
attack detection have been implemented over IoT using Deep Learning
 14

Modified Neural Network (DLMNN) classifier. In the second stage of work,

attack detection on IoT based smart cities using IDS based MANFIS classifier
and secure data transmission using IRSA encryption have been implemented.
The primary and secondary objectives of the two stages are stated below;

The first stage of work has the following primary objectives:

1. To propose an Optimized Deep Learning Based Security

Enhancement mechanism on IoT using IDS (Intrusion
Detection System) with the capability of preventing Attacks
for Smart Cities.

2. To propose a DLMNN (Deep Learning Modified Neural

Network) for selection of features for predicting the attack
types on IoT devices.

The first stage of work has the following secondary objectives:

1. To present a SMO (Spider Monkey Optimization) algorithm

for the parameter tuning (Weight Optimization) of DLMNN.

2. To propose AES (Advanced Encryption Standard) algorithm

for encrypting user data for Secure and Efficient Data Sharing
in IoT based smart cities.

The second stage of work has the following primary objectives:

1. To propose an Attack Detection On IoT Based Smart Cities

Using IDS (Intrusion Detection System) with the capability of
preventing Attacks for Smart Cities.

2. To propose a Chaotic Mapping (CM) based Crow Search

Optimization (CM-CSO) algorithm for selection of features
for predicting the attack types on IoT devices.
 15

The second stage of work has the following secondary objectives:

1. To present a MANFIS (Modified Adaptive Neuro Fuzzy

Inference System) for the Classification of Attacks.

2. To propose IRSA (Improved RSA) algorithm for encrypting

user data for Secure and Efficient Data Sharing in IoT based
smart cities.

1.10 RESEARCH CONTRIBUTION

The contribution has been based on detecting attacks in a smart city

environment by implementing the novel algorithms. Based on that, the
research work has been classified into two stages. In the first stage of work,
deep learning methodology has been implemented over IoT intrusion
detection system using DLMNN classifier. In the second stage, the attack
detection on IoT environment has been done using the MANFIS Classifier.
The two stages contributions are illustrated as below,

a. Optimized Deep Learning-Based Security Enhancement and

Attack Detection on IoT Using IDS

The goal of this study is to increase the rate of security and attack
detection as soon as possible. The primary challenges in the existing
techniques are the accuracy of the attack detection rate and security. To
address these shortcomings, this research work presents an Intrusion
Detection System (IDS) for detecting IoT assault in a city based on the
DLMNN classification. The sensor values from a smart city are first delivered
to the IDS system (training phase), which is then used to test the values. After
that, the preprocessing step is completed, followed by feature selection using
the Entropy-HOA approach.
 16

Then, a classification using DLMNN is used to detect IoT assaults. The

classification findings are then examined, and the attack is pinpointed. The
Krill Herd with Advanced Encryption Standard (KH-AES) method is used to
conduct a secure data sharing task and finally, the data is forecasted. The
DLMNN's weights for each layer take a significant effect on the classifier's
output. The experimental results of the suggested techniques in feature
selection, classification, and secure data transmission are compared to existing
methods.

b. Attack Detection on IoT Based Smart Cities using IDS Based

MANFIS Classifier

IoT-centered systems' security vulnerabilities raises security threats

that influence smart environment applications. As a result, a Modified
Adaptive Neuro-Fuzzy Inference System (MANFIS) based Intrusion
Detection System (IDS) is developed for detecting attacks on IoT based Smart
Cities. The proposed approach is divided into two phases, namely training and
testing. Initially, three steps of training phase are preprocessing, feature
selection, and classification, that are used to train the Intrusion Detection
System (IDS). The suggested technique uses data from the NSL-KDD dataset
for training. The values of IoT sensors are then tested using the same
training methods. The testing yielded a total of '2' models and are called
attacked data and non-attacked data. The non-attacked data is safely
transmitted to the user by using the Improved Rivest Shamir Adleman (IRSA)
technique. The data is then received and decrypted by the end-user. The
decrypted information is then predicted for further study. When the existing
technique and the new technique are compared in terms of feature selection,
categorization, and secure data exchange, the proposed technique comes out
on top.
 17

1.11 ORGANIZATION OF THE THESIS

The organization of the thesis is as follows:

Chapter 1 provides the concept of Smart Cities and an introduction

to IDS. This chapter gives the evolution of IoT, and describes the operating
systems and hardware requirements required to setup an IoT platform.
Various references models, applications of IoT and the association of IoT
with smart city environment are also discussed in this chapter. Finally,
Security challenges in IoT are also discussed.

Chapter 2 presents a review of relevant literature. The previous

work related with the IoT attack over smart cities and various IDS
approaches and countermeasures are reviewed.

Chapter 3 discusses the suggested model of Intrusion Detection

and Prevention system for Internet of Things (IoT) based smart cities. A novel
method introduces a unique algorithm called DLMNN classifier with KH-
AES for detecting attacks and transferring data securely.

Chapter 4 presents the novel algorithm called CSO-MANFIS has

been implemented to securely transfer data using IRSA. The suggested
approaches are used to share data more effectively and securely.

Chapter 5 presents exhaustive experimental results and a

comparison of performances of Fitness Value, Accuracy, Sensitivity, F-Score,
and the Security Level is done to establish the relative improvements made,
with existing algorithms.

Chapter 6 summarizes the work and also suggests the scope for
further work that could be carried out in the continuation of this research.