Abstract
The internet of things (IoT) technology presents an intelligent way to improve our lives and contributes to many fields such as industry, communications, agriculture, etc. Unfortunately, IoT networks are exposed to many attacks that may destroy the entire network and consume network resources. This paper aims to propose intelligent process automation and an auto-configured intelligent automation detection model (IADM) to detect and prevent malicious network traffic and behaviors/events at distributed multi-access edge computing in an IoT-based smart city. The proposed model consists of two phases. The first phase relies on the intelligent process automation (IPA) technique and contains five modules named, specifically, dataset collection and pre-processing module, intelligent automation detection module, analysis module, detection rules and action module, and database module. In the first phase, each module composes an intelligent connecting module to give feedback reports about each module and send information to the next modules. Therefore, any change in each process can be easily detected and labeled as an intrusion. The intelligent connection module (ICM) may reduce the search time, increase the speed, and increase the security level. The second phase is the dynamic adaptation of the attack detection model based on reinforcement one-shot learning. The first phase is based on a multi-classification technique using Random Forest Trees (RFT), k-Nearest Neighbor (K-NN), J48, AdaBoost, and Bagging. The second phase can learn the new changed behaviors based on reinforced learning to detect zero-day attacks and malicious events in IoT-based smart cities. The experiments are implemented using a UNSW-NB 15 dataset. The proposed model achieves high accuracy rates using RFT, K-NN, and AdaBoost of approximately 98.8%. It is noted that the accuracy rate of the J48 classifier achieves 85.51%, which is lower than the others. Subsequently, the accuracy rates of AdaBoost and Bagging based on J48 are 98.9% and 91.41%, respectively. Additionally, the error rates of RFT, K-NN, and AdaBoost are very low. Similarly, the proposed model achieves high precision, recall, and F1-measure high rates using RFT, K-NN, AdaBoost, and Bagging. The second phase depends on creating an auto-adaptive model through the dynamic adaptation of the attack detection model based on reinforcement one-shot learning using a small number of instances to conserve the memory of any smart device in an IoT network. The proposed auto-adaptive model may reduce false rates of reporting by the intrusion detection system (IDS). It can detect any change in the behaviors of smart devices quickly and easily. The IADM can improve the performance rates for IDS by maintaining the memory consumption, time consumption, and speed of the detection process.