Artificial intelligence enabled cyber security defense for smart cities: A novel attack detection framework based on the MDATA model

Smart cities have attracted a lot of attention from interdisciplinary research, and plenty of artificial intelligence based solutions have been proposed. However, cyber security has always been a serious problem, and it is becoming more and more severe in smart cities. The existing attack defense methods are not suitable for detecting multi-step attacks since the detection rules are limited and the efficiency is limited by a large number of false security alarms. Hence, an advanced solution is urgently needed to improve cyber security defense capability. In this paper, we propose a novel attack detection framework called ACAM. To better represent the cyber security knowledge, the framework is based on the MDATA model, which can represent dynamic and temporal-spatial knowledge better than the knowledge graph. The framework consists of the knowledge extraction module, the subgraph generation module, the alarm correlation module, and the attack detection module. These modules can remove false alarms and improve the detection capabilities of multi-step attacks. We implement the framework and conduct experiments on the cyber range platform, the experimental results validate the good performance of attack detection accuracy and efficiency. The framework can greatly improve the cyber security defense capabilities for smart cities.(c) 2023 Elsevier B.V. All rights reserved.