Towards an Integrated Methodology and Toolchain for Machine Learning-Based Intrusion Detection in Urban IoT Networks and Platforms
Abstract
:1. Introduction
- There are noticeable software and computational resource limitations for IoT devices, which prevents the utilization of more sophisticated security algorithms;
- The IoT devices are low-powered, which restricts the usage of more energy-intensive security best practices and also increases the risk for technical failures (e.g., loss of data);
- The highly heterogenous hardware also leads to the usage of diverse software stacks and different data formats, which increases the available attack surface.
- Analyze and identify the potential risks and available attacks against IoT- based platforms;
- Present a comprehensive set of steps and measures that aim at providing improved security and attack prevention for a particular IoT-based platform and the underlying urban data platform—in this case, the UrbanPulse [4] of [ui!] [ui!] is the abbreviation for Urban Instutute GmbH—this is the industrial partner, with whom the case studies are being investigated and researched).
1.1. Open Urban Platforms
- They assist in the implementation of logical reference architecture following design principles of open APIs that supports data flows within and across city systems as well as enriching the raw data streams to generate smart data as required by the consuming entities;
- They exploit modern technologies to harvest, collect, and analyze urban data and provide the results to citizens and enterprises, e.g., sensor nodes and other IoT devices, cloud services, mobile connectivity, machine learning for analytics, and publishing and sharing via social media and APPs;
- They provide the building blocks that enable cities to rapidly shift from fragmented and isolated operation of individual infrastructures towards an integrated approach by connecting the systems via a platform, including cross-domain data analytics for predictions, forecasts, or better insight, and novel ways of engaging and serving city stakeholders offering smart services, both public and commercial.
1.2. Urban IoT Architectures and OUP
- Data sources and Actors: IoT devices and sensors are utilized for collecting and analyzing data. The collected and analyzed data are transmitted to explicit gateways via, e.g., LoRaWAN or NB-IoT networks;
- IoT Platform and Connectivity: From the gateways, the data are forwarded across the network through different communication channels (e.g., mobile network cells) to IoT-platforms. These platforms support the management of the IoT devices through their complete operational life cycle and are usually operated by the IoT device vendors;
- Urban Data Platform (UDP) (Smart City Core Services): Connectors receive the data from the IoT-platform, normalize them, and usually enrich them by data stored in a UDP database. For example, a connector can receive a message with an IoT device ID and a date—in this case, the message on the output of the connector is extended with the geo-location of the IoT-device. In some cases, the IoT devices are connected directly to the UDP and are managed by an IoT module on the UDP. From the connectors the data are sent via a message bus to the storage and to a Complex Event Processing engine (CEP), which applies rules on the events and produces new messages. By doing this, the CEP can be considered as a virtual sensor and the new produced messages are stored in the Storage as well. The Analytics module combines analytic services and libraries. The analytic services are often machine learning/AI-based services, e.g., for predictions;
- APP/APIs: The UDP is connected to many APPs or provides outbound APIs. Dashboards or Cockpits are the most used APPs and provide information to users. Data laboratories use analytic services of the UDP and enable experts to perform sophisticated analysis. Marketplaces are used to provide data. Other data are provided by Open APIs on the outbound layer of the UDP/OUP.
1.3. Smart City Data Based Services
- Smart Government: The key difference between an e-government and a smart government is the use of intelligently networked objects and cyber–physical systems [7]. Structures such as big data and open data are included in the development strategy. The change relates either to the resulting product, the process, or the prerequisites for the creation of the administrative service in question. Smart government therefore provides the means towards a data-driven digital administration [7];
- Smart Economy: Within a smart economy, cities are able to provide important data for new business models and to create conditions for economic development;
- Smart Environment: City data and their analytics provide new terms and conditions for environmental support. Within a large number of governmental tasks—such as waste monitoring or energy efficiency in the case of street lighting—data analytics can help to reduce CO2 emissions and even provide an improved habitat for animals and humans;
- Smart Urban Society: Smart Urban Society addresses—in a data-based context—topics such as digital collective urban living and social interaction. Therefore, new incentives to live in a city can be developed and the social exchange can be supported. Topics such as smart health and education could also be the focus of this field and can be supported, e.g., through city data and self-sovereign entities;
- Smart Mobility: Smart mobility increases the use of environmentally friendly mobility options. Here, data are used to give users more information about the possibilities and benefits of using cheaper, faster, and environmentally friendly mobility solutions.
1.4. KIVEP Project
1.5. Contribution
- We proposed an integrated methodology for setting up and continuously improving cybersecurity solutions in urban IoT networks;
- We provided an overview of potential attacks on smart city IoT networks as a motivation for the abovementioned integrated methodology;
- We exemplified parts of the integrated methodology on an urban IoT network instance, which was simulated together with industrial partners and a municipality in Germany.
1.6. Structure of the Presentation
2. Problem Statement
2.1. General Hazardous Situation
2.2. Potential Attacks in Urban IoT Networks
3. Discussion and Classification of IoT Attacks and Countermeasures
3.1. IoT Attacks
- Application Layer: The application layer serves as an interface between the end users and a given platform or service [1,2]. It provides functionalities such as authentication, authorization, data overview, and data access [2]. For this reason, the most common security vulnerabilities exploited at this layer are related to data theft and privacy violations [1]. For instance, some of the attacks performed at the application layer include the following:
- Data theft [1,2]: IoT devices are utilized in a wide range of use cases and, therefore, are involved in generating, processing, and transferring a variety of data. As pointed out by Hassija et al. [1], data that are being transferred are more vulnerable to attacks and consequently they can be stolen. At the same time, some of these data might include sensitive or private information. Therefore, if the end users cannot trust the IoT platform’s privacy-preserving capabilities, they are unlikely to store their data on this platform [2]. Some of the common approaches for providing security guarantees against data theft comprise using data encryption, isolation, and network authentication [1];
- Sniffing attacks [2] occur when an attacker monitors the network traffic in an attempt to acquire sensitive user data [1]. The attack is executed by an attacker that uses malicious software to intercept and read confidential data flowing through the IoT network [2]. Similar to data theft, the prevention against such attacks includes the utilization of secure data transfer protocols [2];
- Malicious code and database injections describe attacks that are performed with the help of malicious user inputs such as scripts and code snippets. These attacks are possible due to insufficient code checks or the lack thereof [1]. The standard attack procedure includes an attacker finding a vulnerable entry point in the application layer and injecting a harmful piece of code that compromises the system [2]. Some of the common examples for such attacks include the SQL injection [9] and the cross-site scripting (XSS) attacks [1,10].
- Network Layer: The main responsibility of the network layer is to handle the transmission of data coming from the physical layer across the IoT network [2]. Some examples of common network layer attacks include the following:
- Distributed denial of service (DDoS) is an attack that uses multiple devices or systems to flood a target service with unwanted traffic [1,11]. The main goal of the attack is to generate a massive number of requests which will either disrupt the normal functioning of the service or will completely shut it down. As pointed out by Liang and Kim [2], DDoS attacks are not specific to IoT networks. However, the large number of poorly secured IoT devices can become easy targets for a motivated perpetrator who can add the devices as a part of a botnet (e.g., Mirai [2,9,12]);
- Spoofing attacks take place when an adversary tries to fake their identity and impersonate a legitimate device or a user (e.g., by spoofing an IP address). This can give the adversary unauthorized access to certain resources or can allow them to observe and collect sensitive data transmitted over the network [1];
- Man-in-the-middle (MitM) is an attack during which an adversary is able to insert itself between two nodes in the IoT network. Consequently, the attacker is able to intercept, capture, modify, and relay data flowing between the two nodes without their knowledge [2]. More specifically, from the nodes’ perspective it seems as if they are directly communicating with each other.
- Perception/Physical/Sensing Layer: The perception layer is also known as the sensing [1] or physical layer since it is responsible for handling the physical IoT sensors and actuators. This layer is responsible for collecting data from the end devices and forwarding them to the network layer [2]. Some examples for devices that operate here include smoke detectors, camera sensors, and humidity sensors [1]. Exploiting these devices opens up opportunities for physical layer IoT attacks such as the following:
- Tampering refers to a physical intervention on the IoT device, through which the perpetrator modifies the hardware in a way that allows them to obtain sensitive information such as credentials, encryption keys, etc. [2];
- Node Jamming or radio frequency interference occurs when an attacker is near the location of the end devices and prevents them from successfully communicating with other devices on the IoT network [9]. This is achieved by sending noise signals that disrupt the wireless communication between the IoT devices [13];
- Sleep deprivation or Denial of Sleep (DoSL) is an attack during which the perpetrator targets low-powered IoT devices and tries to increase their power consumption in order to shut them down [1,14]. This is a form of DoS attack that can be achieved by injecting infinite (communication and computational) loops or modifying the hardware of the IoT device [14].
3.2. Defenses and Countermeasures
- Edge and fog computing are terms commonly used to describe two additional computational layers in the context of the cloud computing paradigm as described in Figure 3. Edge computing refers to computations taking place at the edge of the network, i.e., at the data source or very close to it instead of executing them in the cloud [11]. The main idea of edge computing is to reduce the data transfer between the cloud and the end devices. Instead, since the edge layer is in a very close proximity to and could even include IoT devices, there are faster data transfer times, low transmission costs, and near-real-time communication. This is essential for the implementation of well-established security best practices [1,15]. In addition, as pointed out by K. Sha et al. [15], the edge layer has more computational resources than the IoT end devices, which allows the utilization of more computationally expensive security mechanisms. These include not only encryption mechanisms such as homomorphic encryption, but also the implementation of firewalls, intrusion detection, and intrusion prevention systems at the edge layer, which can analyze and block incoming malicious traffic [15].
- Machine Learning and Deep Learning: In recent years, the machine learning (ML) and deep learning (DL) domains have experienced significant growth and advancement and have become integral parts of a wide variety of industries. The IoT domain is no exception and ML/DL-based approaches can be applied for preventing and mitigating attacks, as well as for improving the security and privacy of IoT-based networks [1,10,18,19,20,21]. According to a comprehensive study presented by Al-Garadi et al. [10], some of the ML/DL-based methods most commonly used in the research literature can be classified as supervised, unsupervised, semi-supervised, and reinforcement learning methods (RL) [10]. These can be summarized as follows:
- Supervised learning algorithms are trained on data samples which are labeled and provide mapping between inputs and outputs. The most widely used supervised learning methods for IoT security include decision trees, support vector machines, Naive Bayes, K-nearest neighbors, random forest, deep neural networks (DNN), convolutional neural networks (CNN), recurrent neural networks (RNN), etc. [10];
- Unsupervised learning approaches try to identify patterns (typically by clustering) within an unlabeled data set. Common unsupervised learning methods used for improving the security in IoT networks include K-means clustering, principal component analysis, deep autoencoders (AEs), restricted Boltzmann machines (RBM), and deep belief networks (DBN) [10];
- Semi-supervised learning methods utilize a data set which typically contains a low volume of labeled and a large volume of unlabeled data points. Semi-supervised algorithms use both portions of the data for training, which places them in-between supervised and unsupervised learning [18]. The main advantage of these methods is that they can have improved accuracy due to the usage of a small number of labeled samples, while simultaneously being trained on a large volume of cheap, unlabeled data. Some of the semi-supervised methods used for IoT security include generative adversarial networks (GANs) and an ensemble of DNNs [10];
- Reinforcement learning methods train an agent which is supposed to make decisions based on the conditions present in a given environment. The agent is trained by interacting with the environment and receiving rewards proportional to the “accuracy” of its decision. Based on examples from research literature provided by Al-Garadi et al. [10], in the context of IoT security RL methods (e.g., Q-learning [1,10]), they are used primarily for preventing signal jamming attacks.
- Blockchain: The blockchain [27] is a decentralized ledger that stores data entries in a tamper-proof manner. It consists of blocks that are uniquely identified by so-called “hashes” and linked with each other with hash pointers. Therefore, modifying information inside the block (e.g., a transaction) changes its hash identifier, which invalidates all blocks in the chain that come after. In traditional blockchain implementation, new blocks are added to the chain by solving a resource-intensive cryptographic challenge called “proof-of-work”. Since solving the challenge is computationally expensive and the blocks are secured with cryptographic hash functions, it is very unlikely that an adversary will be able to tamper with data stored in the blockchain. Additionally, each block stored in the chain is verified by all participants in the network and there is no central authority that can single-handedly alter the transaction history or prevent transactions from executing. This set of properties makes the blockchain a compelling solution for some of the security challenges present in the IoT domain [19].
- The blockchain can serve as a secure distributed data storage medium. The data stored in the blockchain are secured against tampering with the help of cryptographic hashing algorithms, and there is guaranteed data redundancy due to the absence of a single point of failure in the blockchain network.
- Nodes in the network are registered on the blockchain and therefore can be authenticated and identified, which prevents spoofing attacks.
- The blockchain serves as a decentralized alternative to traditional cloud servers. Centralized storage of information is a major target for perpetrators that want to steal sensitive data. Given that the cloud services provide shared infrastructure to many users at the same time, cloud storage can be compromised more easily compared with alternative blockchain-based approaches. Additionally, the data stored in the blockchain are distributed across all nodes in the network and signed (often also encrypted), which makes data theft attacks more difficult.
4. Methodology and Toolchain
4.1. Requirements Analysis and Risk Identification
4.2. Network Modelling (e.g., WoT Modelling)
4.3. Security Rules and Constraints: Access Control List Generation
4.4. Protocol Analysis for Intrusion Detection
4.5. Network Simulation and Testbed Evaluation
4.6. Real-World Deployment and Feedback
5. Demonstrating the Methodology
5.1. Simulation Setup
5.2. Attack Setup
5.3. Intrusion Detection
5.4. Overall Demonstrator
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Hassija, V.; Chamola, V.; Saxena, V.; Jain, D.; Goyal, P.; Sikdar, B. A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures. IEEE Access 2019, 7, 82721–82743. [Google Scholar] [CrossRef]
- Liang, X.; Kim, Y. A Survey on Security Attacks and Solutions in the IoT Network. In Proceedings of the 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), Virtua, 27–30 January 2021; pp. 853–859. [Google Scholar]
- Alaba, F.A.; Othman, M.; Hashem, I.A.T.; Alotaibi, F. Internet of Things security: A survey. J. Netw. Comput. Appl. 2017, 88, 10–28. [Google Scholar] [CrossRef]
- UrbanPulse Platform. Available online: https://www.ui.city/en/solutions (accessed on 26 August 2022).
- DIN SPEC 91357, Reference Architecture Model Open Urban Platform (OUP). Available online: https://www.din.de/en/wdc-beuth:din21:281077528 (accessed on 28 December 2022).
- Bee Smart City Indicators. Available online: https://hub.beesmart.city/en/smart-city-indicators (accessed on 28 December 2022).
- Lucke, J. Smart Government—Wie uns die Intelligente Vernetzung zum Leitbild Verwaltung 4.0“und Einem Smarten Regierungs—Und Verwaltungshandeln Führt; The Open Government Institute: Friedrichshafen, Germany, 2015. [Google Scholar]
- KIVEP Project. Available online: https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/kivep (accessed on 28 December 2022).
- Rizvi, S.; Kurtz, A.; Pfeffer, J.; Rizvi, M. Securing the internet of things (IoT): A security taxonomy for IoT. In Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018; pp. 163–168. [Google Scholar]
- Al-Garadi, M.A.; Mohamed, A.; Al-Ali, A.K.; Du, X.; Ali, I.; Guizani, M. A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security. IEEE Commun. Surv. Tutor. 2020, 22, 1646–1685. [Google Scholar] [CrossRef] [Green Version]
- Xiao, Y.; Jia, Y.; Liu, C.; Cheng, X.; Yu, J.; Lv, W. Edge Computing Security: State of the Art and Challenges. Proc. IEEE 2019, 107, 1608–1631. [Google Scholar] [CrossRef]
- Antonakakis, M.; April, T.; Bailey, M.; Bernhard, M.; Bursztein, E.; Cochran, J.; Zhou, Y. Understanding the mirai botnet. In Proceedings of the 26th USE-NIX Security Symposium (USENIX Security 17), Berkeley, CA, USA, 16–18 August 2017; pp. 1093–1110. [Google Scholar]
- Deogirikar, J.; Vidhate, A. Security attacks in IoT: A survey. In Proceedings of the 2017 International Conference on I-SMAC (IoT in Social, Mo-bile, Analytics and Cloud) (I-SMAC), Palladam, India, 10–11 February 2017; pp. 32–37. [Google Scholar]
- Abosata, N.; Al-Rubaye, S.; Inalhan, G.; Emmanouilidis, C. Internet of Things for System Integrity: A Comprehensive Survey on Security, Attacks and Countermeasures for Industrial Applications. Sensors 2021, 21, 3654. [Google Scholar] [CrossRef] [PubMed]
- Sha, K.; Yang, T.A.; Wei, W.; Davari, S. A survey of edge computing-based designs for IoT security. Digit. Commun. Netw. 2019, 6, 195–202. [Google Scholar] [CrossRef]
- Atlam, H.F.; Walters, R.J.; Wills, G.B. Fog Computing and the Internet of Things: A Review. Big Data Cogn. Comput. 2018, 2, 10. [Google Scholar] [CrossRef] [Green Version]
- Alrawais, A.; Alhothaily, A.; Hu, C.; Cheng, X. Fog Computing for the Internet of Things: Security and Privacy Issues. IEEE Internet Comput. 2017, 21, 34–42. [Google Scholar] [CrossRef]
- Hussain, F.; Hussain, R.; Hassan, S.A.; Hossain, E. Machine Learning in IoT Security: Current Solutions and Future Challenges. IEEE Commun. Surv. Tutorials 2020, 22, 1686–1721. [Google Scholar] [CrossRef] [Green Version]
- Park, J.H.; Singh, S.K.; Salim, M.M.; Azzaoui, A.E.L.; Park, J.H. Ransomware-based Cyber Attacks: A Compre-hensive Survey. J. Internet Technol. 2022, 23, 1557–1564. [Google Scholar] [CrossRef]
- Keegan, N.; Ji, S.-Y.; Chaudhary, A.; Concolato, C.; Yu, B.; Jeong, D.H. A survey of cloud-based network intrusion detection analysis. Human-centric Comput. Inf. Sci. 2016, 6, 1–16. [Google Scholar] [CrossRef] [Green Version]
- Jose Costa Sapalo Sicato, S.K.S.; Rathore, S.; Park, J.H. A Comprehensive Analyses of Intrusion Detection System for IoT Environment. J. Inf. Process. Syst. 2020, 16, 975–990. [Google Scholar] [CrossRef]
- Shi, C.; Liu, J.; Liu, H.; Chen, Y. Smart user authentication through actuation of daily activities leveraging WiFi-enabled IoT. In Proceedings of the 18th ACM International Symposium on Mobile Ad Hoc Networking and Computing, Seoul, Republic of Korea, 17–20 October 2017; pp. 1–10. [Google Scholar]
- Yousefi-Azar, M.; Varadharajan, V.; Hamey, L.; Tupakula, U. Autoencoder-based feature learning for cyber security applications. In Proceedings of the 2017 International Joint Conference on Neural Networks (IJCNN), Anchorage, AK, USA, 14–19 May 2017; pp. 3854–3861. [Google Scholar]
- Cil, A.E.; Yildiz, K.; Buldu, A. Detection of DDoS attacks with feed forward based deep neural network model. Expert Syst. Appl. 2021, 169, 114520. [Google Scholar] [CrossRef]
- McLaughlin, N.; Martinez del Rincon, J.; Kang, B.; Yerima, S.; Miller, P.; Sezer, S.; Joon Ahn, G. Deep android malware detec-tion. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, New York, NY, USA, 22–24 March 2017; pp. 301–308. [Google Scholar]
- Yadav, S.; Subramanian, S. Detection of Application Layer DDoS attack by feature learning using Stacked AutoEncoder. In Proceedings of the 2016 International Conference on Computational Techniques in Information and Communication Technologies (icctict), New Delhi, India, 11–13 March 2016; pp. 361–366. [Google Scholar]
- Copigneaux, B.; Vlasov, N.; Bani, E. Blockchain for Supply Chains and International Trade; European Parliamentary Research Service: Brussels, Belgium, 2020. [Google Scholar] [CrossRef]
- Dorri, A.; Kanhere, S.S.; Jurdak, R.; Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. In Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kona, HI, USA, 13–17 March 2017; pp. 618–623. [Google Scholar]
- Kullig, N.; Lämmel, P.; Tcholtchev, N. Prototype Implementation and Evaluation of a Blockchain Component on IoT Devices. Procedia Comput. Sci. 2020, 175, 379–386. [Google Scholar] [CrossRef]
- Khan, M.A.; Salah, K. IoT security: Review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 2018, 82, 395–411. [Google Scholar]
- INET Framework. Available online: https://inet.omnetpp.org/ (accessed on 28 December 2022).
- Scikit-Learn. Available online: https://scikit-learn.org/stable/ (accessed on 28 December 2022).
- Yuan, Y.; Wu, L.; Zhang, X. Gini-Impurity Index Analysis. IEEE Trans. Inf. Forensics Secur. 2021, 16, 3154–3169. [Google Scholar] [CrossRef]
Attack Type | Possible Defenses or Architectural Measures | IoT Layer Classification |
---|---|---|
Data Theft | Blockchain, Edge and Fog Computing | Application Layer |
Sniffing Attacks | Edge and Fog Computing | Application Layer |
Malicious Code and Database Injections | Edge and Fog Computing | Application Layer |
Distributed Denial of Service (DDoS) | Machine Learning and Deep Learning, Edge and Fog Computing | Network Layer |
Spoofing Attacks | Machine Learning and Deep Learning, Edge and Fog Computing | Network Layer |
Man-in-the-middle (MitM) | Machine Learning and Deep Learning, Edge and Fog Computing | Network Layer |
Tampering | Edge and Fog Computing | Perception/Physical/Sensing Layer |
Node Jamming or Radio Frequency Interference | Edge and Fog Computing | Perception/Physical/Sensing Layer |
Sleep Deprivation or Denial of Sleep (DoSL) | Edge and Fog Computing | Perception/Physical/Sensing Layer |
Parameter | Value |
---|---|
n_estimators | 100 |
criterion | “gini” |
max_depth | None |
min_samples_split | 2 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Rangelov, D.; Lämmel, P.; Brunzel, L.; Borgert, S.; Darius, P.; Tcholtchev, N.; Boerger, M. Towards an Integrated Methodology and Toolchain for Machine Learning-Based Intrusion Detection in Urban IoT Networks and Platforms. Future Internet 2023, 15, 98. https://doi.org/10.3390/fi15030098
Rangelov D, Lämmel P, Brunzel L, Borgert S, Darius P, Tcholtchev N, Boerger M. Towards an Integrated Methodology and Toolchain for Machine Learning-Based Intrusion Detection in Urban IoT Networks and Platforms. Future Internet. 2023; 15(3):98. https://doi.org/10.3390/fi15030098
Chicago/Turabian StyleRangelov, Denis, Philipp Lämmel, Lisa Brunzel, Stephan Borgert, Paul Darius, Nikolay Tcholtchev, and Michell Boerger. 2023. "Towards an Integrated Methodology and Toolchain for Machine Learning-Based Intrusion Detection in Urban IoT Networks and Platforms" Future Internet 15, no. 3: 98. https://doi.org/10.3390/fi15030098
APA StyleRangelov, D., Lämmel, P., Brunzel, L., Borgert, S., Darius, P., Tcholtchev, N., & Boerger, M. (2023). Towards an Integrated Methodology and Toolchain for Machine Learning-Based Intrusion Detection in Urban IoT Networks and Platforms. Future Internet, 15(3), 98. https://doi.org/10.3390/fi15030098