machines

Article
Cybersecurity Risk Assessment in Smart City Infrastructures †
Maxim Kalinin, Vasiliy Krundyshev * and Peter Zegzhda

Cybersecurity Department, Peter the Great St. Petersburg Polytechnic University, 195251 St. Petersburg, Russia;
[email protected] (M.K.); [email protected] (P.Z.)
* Correspondence: [email protected]
† This is an extended version of conference paper. Krundyshev, V.; Kalinin, M. The Security Risk Analysis
Methodology for Smart Network Environments. In Proceedings of the 2020 International Russian Automation
Conference (RusAutoCon), Sochi, Russia, 6–12 September 2020; pp. 437–442.

Abstract: The article is devoted to cybersecurity risk assessment of the dynamic device-to-device
networks of a smart city. Analysis of the modern security threats at the IoT/IIoT, VANET, and WSN
inter-device infrastructures demonstrates that the main concern is a set of network security threats
targeted at the functional sustainability of smart urban infrastructure, the most common use case of
smart networks. As a result of our study, systematization of the existing cybersecurity risk assessment
methods has been provided. Expert-based risk assessment and active human participation cannot be
provided for the huge, complex, and permanently changing digital environment of the smart city.
The methods of scenario analysis and functional analysis are specific to industrial risk management
and are hardly adaptable to solving cybersecurity tasks. The statistical risk evaluation methods
force us to collect statistical data for the calculation of the security indicators for the self-organizing
networks, and the accuracy of this method depends on the number of calculating iterations. In our
work, we have proposed a new approach for cybersecurity risk management based on object typing,





 data mining, and quantitative risk assessment for the smart city infrastructure. The experimental
study has shown us that the artificial neural network allows us to automatically, unambiguously, and
Citation: Kalinin, M.; Krundyshev,
reasonably assess the cyber risk for various object types in the dynamic digital infrastructures of the
V.; Zegzhda, P. Cybersecurity Risk
smart city.
Assessment in Smart City
Infrastructures. Machines 2021, 9, 78.
https://doi.org/10.3390/
Keywords: cybersecurity; dynamic network; machine learning; network attack; neural network; risk
machines9040078 assessment; smart city; quantitative risk; ANN; IoT; IIoT; VANET; WSN

Academic Editor: Pingyu Jiang

Received: 11 February 2021 1. Introduction

Accepted: 8 March 2021 The technological aspect of a smart city is reflected by IBM, the leading promoter of
Published: 4 April 2021
the smart city concept. The smart city is an instrumented, interconnected, and intellectual
environment [1]. The term instrumented means an ability to receive various data on city
Publisher’s Note: MDPI stays neutral life and digital infrastructure in real-time mode through the connected devices, measuring
with regard to jurisdictional claims in
sensors, and personal systems. The term interconnected indicates an ability to integrate data
published maps and institutional affil-
on digital platforms, sharing them with various digital city services. The term intellectual
iations.
refers to data processing by advanced analytics, modeling, optimization, and visualization
services in order to make the best decision.
By 2024, the number of smart infrastructures for digital urban services is estimated to
be around 1.3 billion. At the same time, security researchers and experts claim the need to
Copyright: © 2021 by the authors. pay notable attention to the issue of smart city cybersecurity (e.g., [2–4]). In fact, 135 billion
Licensee MDPI, Basel, Switzerland. USD will be spent on the cybersecurity of smart cities [5]. Smart cities are increasingly being
This article is an open access article
exposed to various cybersecurity impacts: complex cyberattacks on critical infrastructures
distributed under the terms and
by interrupting the automated control systems, hacking communications between the smart
conditions of the Creative Commons
IoT/IIoT devices, blocking the VANET nodes (autonomous cars, off-road infrastructure),
Attribution (CC BY) license (https://
and other connected systems using ransomware, changing the sensing data (for example,
creativecommons.org/licenses/by/
in alarm and emergency systems) [5]. The concept of a smart city involves a merger of
4.0/).

Machines 2021, 9, 78. https://doi.org/10.3390/machines9040078 https://www.mdpi.com/journal/machines

Machines 2021, 9, 78 2 of 19

digital and physical infrastructures into a single global cyberphysical system. Hacking or
infecting one network-connected device opens up the possibility of infecting many other
devices, which leads to cascading damage, causing a massive “theft of data from citizens,
patients, and consumers, personally identifiable information, etc.,” as stated by Dimitrios
Pavlakis, the analyst of ABI Research [5,6]. For example, in hacking a road-side VANET
node, the intruder may gain unauthorized access to a driverless car and then penetrate the
smart home network and disrupt the operation of the smart house gateway, breaking the
water, power, and heat supply. The high risk of an attacker obtaining financial information,
business plans, and private data as a result of hacking sensitive assets is highlighted in
the research [7]. For such a serious problem, it becomes important to choose an effective
protection strategy.
Building a large-scale infrastructure for the smart city with the application of modern
IoT/IIoT-, MANET-, VANET-, and WSN-based cyberspaces requires a thorough approach
to monitor, measure, maintain, and improve its cybersecurity. A specific characteristic
of self-organizing network infrastructure is an entire complex of processes and assets
of the smart city, the main purpose of which is to enhance the efficiency of the digital
urban services. Therefore, the resulting set of protective measures should be rationalized
by the costs–benefits ratio. To achieve this, cybersecurity standards (e.g., 27,000 and
13,335 families) propose the concept of risk-driven security management [8–10].
There are many methods for assessing the cybersecurity risks that are applicable to
an information system. As the BS 7799-3 and NIST 800-30 standards state, a large amount
of security monitoring data about the cyberattacks and the protected assets is required,
which is not always possible to implement due to the large scale of the uncontrolled
environment, the limited time available for the risk analysis and measurement, and the
limited financial, knowledge, and computing resources. In addition, there are specific
issues for the cybersecurity risk assessment in a mobile inter-device network of the smart
city:
• A huge amount of data for knowledge processing;
• An undefined number of assets: users, connected nodes, communications, etc.;
• Insufficient formalization of the risk calculus and the requirement for the regular risk
expertise;
• The inability of the detailed risk analysis in the case of the limited awareness of the
smart network hosts about the current state of the cyberattacks;
• Incomplete and inaccurate rules for statistical data calculations to obtain a probability
of the cybersecurity risk events.
For the smart city, these issues make the calculated risk estimation difficult, and it
cannot be applied to substantiate a rational set of protective measures and acts. The goal
of our research is to propose a new method corresponding to the dynamic assessment
of cybersecurity risk in the abovementioned conditions of the smart city. This work is a
continuation of our research described in a previous conference paper [11]. The novelty
lies in the fact that, for the first time, we propose to use an artificial neural network that
allows us to reasonably assess cybersecurity risks by processing big security datasets. It
allows for faster response time in critical situations and makes the decision-making more
effective due to deeper insights and visibility of the cybersecurity risks.
The paper is organized as follows: Section 2 reviews the current types of cyber threats
specific to the dynamic smart city infrastructure; Section 3 provides an overview of the
related works for cybersecurity risk assessment applicable to the smart city; Section 4
proposes an artificial neural network method for the assessment of cyber risks for the smart
city; Section 5 discusses the outputs of the experimental study of our method; and, finally,
the last section concludes our work and sets further plans.

2. The Cybersecurity Threats Typical to the Smart City Network Infrastructure

The smart city concept implies the interaction of information and communication
technologies for the management of modern urban services: transportation, medical care,
Machines 2021, 9, 78 3 of 19

power planting and supplying, etc. Data processing and analysis of dataflow received from
a variety of smart sensors allow it to monitor and predict the occurrence of cyber threats
of different types [12]. Currently, intruders using network infrastructure and wireless
data transmission channels can remotely invade a target device (group of the connected
devices), intercept network traffic, launch the denial of service (DoS) attacks (including the
distributed ones), and capture IoT devices to construct a botnet of smart devices [13,14]. The
security issue for the smart city is the variety of horizontal connections, the heterogeneous
nature of the network infrastructure, and a huge number of entities at a constantly changing
topology. Making risk-based security management in real-time requires the availability of a
powerful operating center that aggregates data from many different sources with different
characteristics.
Software vulnerabilities also pose a serious problem for ensuring a high level of
security for smart city systems [15]. Connected devices implement different functions, they
have various capabilities and features, they are produced by different manufacturers, and
with different versions of hardware and software, they meet different security standards.
All of these form fertile soil for an intruder to exploit the software vulnerabilities and
applied protocols. The main problem is that attacker can make a successful attack on a
poorly protected device that can directly or through a device-to-device chain interact with
the target device (or digital service) of the attack. Software vulnerabilities can vary from
developer’s errors to backdoors, as well as from the hardware level to the city-specific
application level.
A complete enumeration of different reasons causing most of the security alerts in the
self-organizing network of the smart city includes:
• The absence of fixed network topology and central nodes makes it impossible to
organize a centralized security policy;
• There are no protective tools on each network node;
• This type of the smart networks is public, which makes it possible to spoof a message,
signal, or even a network node;
• There is a wide range of possibilities to compromise the poorly protected nodes;
• There is a huge number of connected nodes, and, correspondently, there is a require-
ment to process large data of cybersecurity;
• There is a set of channel vulnerabilities;
• The network has a limited computing power of the connected devices.
There is a large amount of research devoted to the analysis of cyber threats and the
creation of methods of protection against them in smart cities. In [16], the authors point out
that the main threats to medical applications in a smart city are threats aimed at breaching
privacy and security, including a DoS attack, MitM attack, and password sniffing. The
authors argue that when developing cybersecurity systems, it is necessary to take into
account the characteristics of the IoT, creating lightweight solutions. The work of [17–20]
highlights the danger of network threats, while two types of intruders can be distinguished:
internal and external. The work of [21] formulates security requirements, which smart
city systems must meet: authentication and confidentiality, availability and integrity,
lightweight intrusion detection and prediction, as well as privacy protection. The authors
have developed a classification of possible approaches to ensuring the cybersecurity of
the smart city infrastructures: cryptography, blockchain, biometrics, machine learning and
data mining, game theory, ontology, and non-technical supplements.
Cyberattacks on the dynamic self-organizing networks of the smart city can be divided
into passive and active ones. The passive cyberattack usually violates confidentiality. The
intruder eavesdrops on and intercepts information being transmitted over the network
without performing any destructive acts, which makes it extremely difficult to detect. The
active attack is targeted at interacting with the information flow, violating the integrity
and availability. The active intruder changes or hides/drops the data packets, violating
the logic of the network work. They can be organized either by an external or internal
attacker. Another possible classification of attacks is classification by violation of one of
Machines2021,
Machines 2021,9,9,
9,78xx FOR
FOR PEER
PEER REVIEW
REVIEW 444ofof19
of 19
19

internal
internal attacker.
attacker.Another
Anotherpossible
possibleclassification
classificationof
ofattacks
attacksisisclassification
classificationby
byviolation
violationofof
the traditional security requirements: confidentiality, integrity, and availability, as well as
one
one of the traditional security requirements: confidentiality, integrity, and availability,asas
of the traditional security requirements: confidentiality, integrity, and availability,
authentication and responsibility (Figure 1).
well
well as
as authentication
authenticationand
andresponsibility
responsibility(Figure
(Figure1).
1).

Figure
Figure 1.
1. A
Figure1. Acommon
A commonclassification
common classificationof
classification ofthe
of thecyber
the cyberthreats
cyber threatsat
threats atthe
at thesmart
the smartcity
smart cityinfrastructure.
city infrastructure.
infrastructure.

The greatest
The greatestdamage
greatest damageisis
damage iscaused
causedby
caused bynetwork
by network
network attacks since
attacks
attacks they
since
since disturb
they
they the
disturb
disturb work
thethe ofofthe
work
work of
the
entire
the smart
entire infrastructure
smart [22].
infrastructure The
[22]. larger
The the
larger area
the occupied
area by
occupied the attack,
by the
entire smart infrastructure [22]. The larger the area occupied by the attack, the more dam- the
attack,more
the dam-
more
damage
age it brings
age itit brings
brings to to system.
to the
the the system.
system. Therefore,
Therefore,
Therefore, in in further
infurther
further research,
research,
research, we we
paypay
wepay our our attention
ourattention
attentiontototheto
the
the availability
availability aspect
aspect of of
smartsmart
city city security,
security, i.e., i.e.,
the the
classclass
of of
the the cyberattacks
cyberattacks targeted
targeted
availability aspect of smart city security, i.e., the class of the cyberattacks targeted at dis- at at
dis-
disrupting
rupting a a dynamic
dynamic network
network routing
routing
rupting a dynamic network routing (Figure 2). (Figure
(Figure 2). 2).

Figure 2. A priority pyramid of attack classes at the smart city infrastructure.

Figure2.2. A
Figure A priority
prioritypyramid
pyramidof
ofattack
attackclasses
classesat
atthe
thesmart
smartcity
cityinfrastructure.
infrastructure.

2.1. The
2.1. Denial of Service (DoS) Attacks
2.1. The
The Denial
Denial ofof Service
Service (DoS)
(DoS) Attacks
Attacks
The
The intruder’s node creates a large number
number of messages,which whichcancanbe bemultiplied
multipliedasasa
The intruder’s node createsaalarge
intruder’s node creates large numberofofmessages,
messages, which can be multiplied as
a result
result ofof thebroadcasting,
the broadcasting,and andthis
this leadstoto an overload in in the data transmission channel
a result of the broadcasting, and thisleads
leads toananoverload
overload inthethedata
datatransmission
transmissionchannel
channel
and degradation
and degradation of the computing resources of the network nodes to process all of the
and degradation of the computing resources of the network nodes to process all of
of the computing resources of the network nodes to process all ofthe
the
messages
messages created by the intruder [23]. The intruder is thus able to break communication
messagescreated
createdby bythe
theintruder
intruder[23].
[23].The
Theintruder
intruderis is
thus able
thus to to
able break
breakcommunication
communication in
ain a smart
smart citycity network
network (Figure
(Figure
in a smart city network (Figure 3). 3). 3).
Machines 2021,
Machines 9, x
2021, 9, 78FOR PEER REVIEW 5 of
of 19
19
Machines 2021, 9, x FOR PEER REVIEW 55 of 19

3. A denial of
Figure 3. of service
service(DoS)
((DoS)
DoS) attack
attack case.
case.
Figure 3.AAdenial
Figure denial of service attack case.

2.2.
2.2.The
2.2. The Distributed
TheDistributed DoS
DistributedDoS (DDoS)
DoS(DDoS) Attack
(DDoS)Attack
Attack
The intruders’
The
The intruders’ nodes
intruders’ nodes start
nodes start their
start their attacks
their attacks from from rather
rather locations
locations at different times.
at different times. For
For
example, malicious
example, malicious nodes
example, nodes situated
nodes situated next
situated next to
next to the
to the target
the target node
target nodecan
node cansend
can senda stream
send aa stream of
stream of messages to
of messages
messages
it at
to
to thethe
itit at
at same
the sametime
same timeand
time thereby
and
and thereby
thereby isolate it from
isolate
isolate itit from
fromother networks
other
other networks
networks(Figure 4).4).
(Figure
(Figure 4).

Figure 4.
Figure4.
Figure 4.AA DDoS
ADDoS attack
DDoSattack case.
attackcase.
case.

2.3. The
2.3. The Black
Black Hole
Hole Attack
Attack
2.3. The Black Hole Attack
The intruder’s
The intruder’s node
node catches
catches and
and drops
drops off
off the
the received
received packets
packets that
that have
have to
to be
be trans-
trans-
The intruder’s node catches and drops off the received packets that have to be trans-
mitted
mitted to to other
to other nodes.
other nodes. This
nodes. This sort
This sort of
sort of attack
of attack is
attack is especially
is especially effective
especially effective when
effective when the
when the trust
the trust policy
trust policy
policy isis
is
mitted
compromised in the dynamic network (Figure 5).
compromised in
compromised in the
the dynamic
dynamic network
network (Figure
(Figure 5).
5).
 Machines2021,
Machines 2021,9,9,x78
FOR PEER REVIEW 6 6ofof1919
Machines 2021, 9, x FOR PEER REVIEW 6 of 19

Figure
Figure5.5.
Figure 5.The
Theblack
The blackhole
black holeattack
hole attackcase.
attack case.
case.

2.4.
2.4. The
2.4.The Gray
TheGray Hole
GrayHole Attack
HoleAttack
Attack
IfIf the intruder’s
intruder’s node
If the intruder’snode
the node drops
drops
dropsoff off
allofall
offall ofreceived
ofthe
the the received
received packets,
packets, it itcan
packets, itbe
canbe can be detected
detected by
bybyneigh-
detected neigh-
neighbor
bor nodes. nodes. Therefore,
Therefore, the the intruder
intruder can can partially
partially drop drop
the the packets
packets (Figure (Figure
6). 6).
bor nodes. Therefore, the intruder can partially drop the packets (Figure 6).

Figure
Figure6.6.
Figure 6.The
Thegray
The grayhole
gray holeattack
hole attackcase.
attack case.
case.

2.5.The
2.5. The SinkholeAttack
Attack
2.5. TheSinkhole
Sinkhole Attack
Theintruder’s
The intruder’s nodecan can be themost
most preferredone one forthe
the neighbornodes
nodes to arrange
The intruder’snodenode canbebethe the mostpreferred
preferred oneforfor theneighbor
neighbor nodestotoarrange
arrange
an optimal
ananoptimal route [24]. In a dynamic network, a node can send out the routing messages,
optimalroute
route[24].
[24].InIna adynamic
dynamicnetwork,
network,a anode
nodecan
cansend
sendoutoutthe
therouting
routingmessages,
messages,
informingitsitsneighbors
informing neighbors thatititisisthe
the bestnode
node forthe
the packetsending
sending to thebase
base station.
informing its neighborsthat that it is thebest
best nodefor
for thepacket
packet sendingtotothe the basestation.
station.
Thisallows
This allows theintruder
intruder to becomeaanetworknetwork huband and collectall
all thepackets
packets addressedtoto
This allowsthe the intrudertotobecome
become a networkhub hub andcollect
collect allthe
the packetsaddressed
addressed to
thebase
the base station(Figure
(Figure 7).
the basestation
station (Figure7).7).
Machines 2021, 9, 78 7 of 19
Machines 2021, 9, x FOR PEER REVIEW 7 of 19
Machines 2021, 9, x FOR PEER REVIEW 7 of 19

Figure 7.
Figure The
7. The sinkhole
The sinkhole attackcase.
sinkhole attack
attack case.
case.

2.6. The Wormhole

Wormhole Attack
Attack
intruder catches
The intruder catches the
thedata
datapackets
packetsand
andreplays
replaysthem
themtotoanother
anothermalicious
maliciousnode
nodebyby
using a wormhole
wormhole link
link (a
(a tunnel).
tunnel).This
Thisattack
attackisisharmful
harmfultotothe
theavoidance
avoidanceofofvalid
valid routes
validroutes
routes
and leakage
leakage of the data
of the data packets
packets (Figure
(Figure 8).
(Figure8).
8).

Figure 8.
8. The
The wormhole
wormhole attack
attackcase.
case.

2.7.
2.7. The Sybil Attack
Attack
2.7. The
The Sybil
Sybil Attack
The intruder
The intruder represents several
several networknodes
nodes at oncefor for othernodes
nodes [25],which
which
The intruder represents
represents severalnetwork
network nodesatatonce
once forother other nodes[25],
[25], which
becomes
becomes a security issue for the dynamic routing protocols, as it can affect the vote-based
becomes aa security
security issue
issuefor
forthe
thedynamic
dynamicrouting
routingprotocols,
protocols,asasititcan
canaffect
affectthe
thevote-based
vote-based
routing
routing and load
and load balancing
balancing algorithms
algorithms(Figure
(Figure9).
9).
routing and load balancing algorithms (Figure 9).
Machines 2021, 9, x78FOR PEER REVIEW 8 of 19
Machines 2021, 9, x FOR PEER REVIEW 8 of 19

Figure 9. The Sybil attack case.

Figure 9. The Sybil attack case.

2.8.
2.8. The
The Illusion
Illusion Attack
Attack
2.8. The Illusion Attack
The
The intruder’s node tries
tries to purposelymanipulate
manipulatethe thesensing
sensing data
to to produce falsi-
The intruder’s
intruder’s node
node triestotopurposely
purposely manipulate the sensing data
data produce
to produce falsified
falsi-
fied information
information about
about the the moving
moving nodenode [26].
[26]. TheThe impact
impact ofof this
this attack
attack is
is that
that the
the human
fied information about the moving node [26]. The impact of this attack is that the human
decision
decision and reaction is dependent on the falsified data that can cause accidents, traffic
decision and
and reaction
reaction is
is dependent
dependent on on the
the falsified
falsified data that can cause accidents, traffic
jams,
jams, and
andreduce
reducetransportation
transportation efficiency.
efficiency.TheThemessage
messageauthentication
authenticationand integrity con-
jams, and reduce transportation efficiency. The message authentication and and integrity
integrity con-
trol cannot
control protect
cannot the networks
protect the against
networks this type
against thisoftype
attack
of as the intruder’s
attack as the node directly
intruder’s node
trol cannot protect the networks against this type of attack as the intruder’s node directly
manipulates
directly the sensors
manipulates the to broadcast
sensors the wrong
to broadcast thetraffic
wrong (Figure
traffic 10).
(Figure 10).
manipulates the sensors to broadcast the wrong traffic (Figure 10).

Figure 10.
Figure The illusion
10. The illusion attack
attack case.
case.
Figure 10. The illusion attack case.
Machines 2021, 9, 78 9 of 19

The implementation of just one attack from the above list may lead to system faults,
which can cause negative consequences: a threat to human health, ecological disaster, or
industrial blackout.

3. The Security Risk Assessment Methods

The security analysis of the smart city infrastructure is the process of identifying
vulnerabilities, cybersecurity threats and security risks associated with the assets, and
counter-measures that mitigate these threats. There are three basic approaches to cyber risk
assessment: qualitative, quantitative, and mixed approaches [27].
The following methods of qualitative risk analysis are distinguished:
• Expert assessment;
• Rating estimates;
• Checklists of risk sources;
• Method of analogies.
The expert assessment is a combination of logical and mathematical procedures
to elaborate the expert’s opinion on a certain range of security issues in an inspected
system [28]. The key to this method is the ability to use the experience and intuition
of a field specialist to make the optimal decisions. There is no need for accurate data
and expensive software toolkits. However, the main drawbacks of this method are the
subjective estimations and the difficulty to attract independent and highly skilled experts.
The samples of the expert estimation technique are questionnaires, brainstorm, SWOT
analysis, SWIFT, and the Delphi method.
The rating method is based on the formalization of the ratings obtained. If specialists
are involved in this, then this method is considered a type of expert assessment. However,
recently semi-formalized procedures are often applied, and thereby this method is consid-
ered the independent one. The simplest way of rating is ranking. In this case, they use a
scoring system. The most commonly used is a five-point scale (as well as a scale of 10 or
100 points). An expert assigns a certain score to each risk depending on the influence on
the system’s security. When building a rating, the competence of each expert is taken into
account. The result of this method is a completed risk rating table.
The checklists of risk sources form a method of which the essence is to use retrospective
information of the system. It is based on the fact that risk lists compiled earlier for previous
activities are used. The security incidents in the past, risk factors, and last security attacks
are explored. This trace is constantly expanded by adding a current history of the system.
However, in time, this endless log of the system security events can lead to the loss of
control. In addition, some events may not be added to the checklist, and correspondently
they will not be explored at risk analysis. This method is useful for risk identification. The
use of a checklist of risk sources allows negative cases to be identified. This approach may
accompany other methods.
The essence of the analogy method is to look for similarities in a phenomenon, objects,
and systems. The method of analogies is widely used in assessing the risk for the typical
systems. This method is used in the case when other methods of risk assessment are
unacceptable.
For quantitative risk analysis, the following methods are applied:
• Analytical methods: sensitivity analysis, scenario analysis, method of the risk-adjusted
discount rate, and method of reliable equivalents;
• Probabilistic theoretical models: simulation (Monte Carlo method, historical simula-
tion method), simulation of situations based on the game theory, and tree constructing
methods (event trees, failure trees, events-consequences);
• Group of unconventional methods: modeling with fuzzy logic and machine learning
(neural networks, k-means, support vector machine).
The sensitivity analysis takes place with a sequentially single change in each variable:
only one of the variables changes its value, for instance, by 10%, on the basis of which
Machines 2021, 9, 78 10 of 19

the new value of the criterion used (e.g., Net Present Value or Internal Rate of Return) is
recalculated. After that, the percentage change in the criterion is estimated in relation to the
basic case. The sensitivity indicator is calculated, which is the ratio of the percentage change
in the criterion to the change in the value of the variable by one percent. The elasticity of
the change in the indicator. In the same way, the sensitivity indicators are calculated for
every variable. After calculating the results, an expert ranking of the variables is carried
out according to the degree of importance and an expert assessment of the predictability
of the variable values (e.g., high, medium, low). Then, the expert can build a sensitivity
matrix, which allows us to identify the least and most risky indicators.
The scenario analysis is a method for building a forecast for the system. The prognosis
includes several possible ways for the progress of the security situation and the relative
dynamics for the key indicators of the system’s security. The pessimistic scenario of
the possible change of the indicators, the optimistic one and the most likely one, are
calculated. According to the built scenarios, new values of the performance criteria are
determined. These indicators are compared with the baseline values, and the necessary
recommendations are made. The basis of each scenario is the expert’s hypotheses about
the direction and magnitude of changes in factors for the forecasting period.
The method of risk-adjusted discount rate is the basic and most frequent method of
assessing risks. Its peculiarity is a change in the basic discount rate, assessed as minimally
risky. Regulation takes place by adding the amount of the required risk premium. The
method of reliable equivalents corrects the estimated values of cash flows by multiplying
them by special decreasing coefficients (reliability or certainty factors).
The simulation is the most accurate, complex, and expensive method of quantitative
risk analysis and is based on mathematical statistics. Some authors propose measuring the
level of risk in economic decision-making on the basis of special tools based on the concept
of the measurement theory, which includes system analysis, choosing a risk measurement
scale depending on the measurement goals and the amount of information available, and
then choosing the method for determining the values of a risk measurement indicator. They
propose to separately address issues of measuring the probabilities and socio-economic
assessment of the case situation. The scales for measuring the probabilities and magnitude
of deviations depending on the purpose of the measurement and the amount of available
data can be ordinal, nominal, scale of relations, or absolute. One of the most famous
methods of simulation is the Monte Carlo statistical test method, which allows to build
a mathematical model for a system with uncertain parameter values and, knowing the
probability distributions of the system parameters, as well as the relationship between
parameter changes, obtain the distribution of the project or transaction profitability [29].
One of the most common modeling methods for choosing a solution is game the-
ory [30]. Traditionally, choosing a solution in the face of security risks is a game with
nature. This technique begins with a construction of a payment matrix (performance
matrix or game matrix), which includes all possible outcome values. In the absence of
information about the probabilities of the state of the medium, the theory does not provide
unambiguous and mathematically rigorous recommendations for choosing the decision
criteria. This is explained to a greater extent not by the weakness of the theory but by the
uncertainty of the situation itself and the difficulty of obtaining quantitative estimates of
goals and outcomes.
However, most of the tasks require the analysis of a whole sequence of decisions and
environmental conditions when complex multi-stage decisions have to be made. If there
are two or more consecutive sets of solutions, and subsequent decisions are based on the
results of the previous and two or more sets of environmental conditions, a decision tree is
applied [31]. The decision tree is a schematic representation of a decision problem. The
branches of the decision tree represent various events (decisions), and its vertices are the
key states in which the choice has to be made. Most often, the decision tree is downward.
The basis of the simplest structure of the decision tree is the answers to the questions, yes
and no. For each arc of the tree structure, the numerical characteristics can be determined,
Machines 2021, 9, 78 11 of 19

for example, the amount of profit for a particular system and the probability of its receipt.
In this case, it helps to take into account all possible options for action and to correlate
financial results with them. Then they go on to compare alternatives. The disadvantage of
this method is the limited number of solutions for the problem. In the process of building
the decision tree, you have to pay attention to the tree size. It should not be too big to limit
your ability to generalize the analysis and provide the correct answers.
In recent years, unconventional methods for risk assessment based on artificial in-
telligence systems and models have become increasingly popular [32]. A feature of the
mathematical apparatus of fuzzy logic is that it uses fuzzy sets with incomplete, missing,
or probabilistic data [33]. For example, the authors of [34] have proposed fuzzy logic to
reduce the subjectivity of the qualitative method of the risk analysis. Fuzzy logic works
not so much with concepts that have clear semantic-quantitative boundaries but with a
lot of probabilistic data within the boundaries. The fuzzy logic does not set up the logical
relationships with specific values but with data areas with the possible updating of any
value within the boundaries of this area.
Correlations between certain risks can be evaluated by the machine learning models,
identifying connections that are not easily observable [35]. The work [36] also discusses
the important role and significance of big data and machine learning as the emerging data
analysis methods for insurance risk estimation and introduces the random forest algorithm
for the risk assessment. According to [37], artificial neural networks (ANN) are to be the
most applied machine learning method to aid in engineering risk assessment. The use of
neural network technology is appropriate in cases where the formalization of the decision
process is difficult or even impossible [38]. The ANN is a very powerful modeling tool
because it is a nonlinear calculating apparatus by nature. Linear modeling has been so
far a fundamental one in most areas of the assessment since there are a large number
of optimization methods for it. However, in the problems of the risk analysis, the linear
modeling methods in the vast majority of use cases are not applicable. In [39], it is proposed
to use artificial intelligence to analyze cyber risks during the colonization of Mars. The
authors apply the adapted version of the aggregate loss method to compound a poisson
discrete probability distribution. The following metrics are used: expected present value of
the loss, shortfall probability, shortfall of the expected present value of the loss, value at risk
(VaR), and conditional tail expectation (CTE). The mathematical formulas present a better
understanding of the cost and risk evaluation with multiple risk calculation metrics for
different cyber risk levels and tail risk under different assumptions. However, the metrics
used in this work require serious mathematical methods, which lead to a slowdown in
the risk analysis system. In the rapidly changing and moving environment of a smart city,
finding a balance is an important task; mathematical calculations should not require a huge
amount of input data and take too long.
Figure 11 denotes the taxonomy of the existing risk assessment approaches.
After analyzing the methods considered, it was concluded that risk assessment meth-
ods (Delphi method, brainstorming, SWIFT, etc.) based on an expert’s assessment and
requiring the active participation of a human cannot be applied for the dynamic infrastruc-
tures of the smart city. Methods that use scenario analysis (root cause analysis, fault tree
analysis, event tree analysis, etc.) and functional analysis (protection level analysis, hidden
defects analysis, types and consequences of failures, etc.) are industry-specific and poorly
adaptable to address cybersecurity challenges. The use of statistical models (Monte Carlo
method, Bayesian networks, etc.) is hampered by the complexity of collecting statistical
data for the calculations of the resulting indicators in networks with a peer-to-peer archi-
tecture, as well as the dependence of the accuracy of the decisions made on the number of
iterations.
Machines 2021, 9, 78 12 of 19
Machines 2021, 9, x FOR PEER REVIEW 12 of 19

Figure11.
Figure 11.The
Thetaxonomy
taxonomyof
ofthe
therisk
riskassessment
assessmentmethods.
methods.

Therefore,the
Therefore, themodern
modernmethods
methodsbasedbasedononartificial
artificial intelligence,
intelligence, duedue
to to their
their adapta-
adaptabil-
bility
ity andand predictability,
predictability, aremost
are the the most suitable
suitable approaches
approaches for assessing
for assessing the cybersecurity
the cybersecurity risks
inrisks in the dynamic
the dynamic networks networks
of the of the city.
smart smartThecity. The ability
ability to work towith
workbigwith bigfast
data, data, fast
classi-
classification speed, discovering hidden patterns, and higher accuracy—all
fication speed, discovering hidden patterns, and higher accuracy—all these advantages these ad-
vantages of machine learning are especially important in the application
of machine learning are especially important in the application field under consideration field under con-
insideration in theof
the conditions conditions of a large
a large number number ofdevices,
of connected connected devices, theand
the interaction interaction
influenceand of
influence
the devicesofonthe devices
each other,onaseach
wellother,
as theashierarchy
well as the ofhierarchy
the systems of the systems of
of different different
levels and
levels and
scales. The scales. The quantitative
quantitative approach used approach
in theused in the
neural neural sets
networks networks sets values
the exact the exactof
values
the of the probability
probability of the
of the security security
threats andthreats
possibleandconsequences,
possible consequences,
as well as as
thewell
riskas the
itself
risk
for itself
each for of
type each typeNumerical
asset. of asset. Numerical
values are values are convenient
convenient for the analysis
for the analysis and the and the
results
results
comparison.comparison.

4.4.The
TheNeural
NeuralNetwork NetworkModel Modelfor forthetheCybersecurity
CybersecurityRisk Risk Assessment
Assessment
ItItisisproposed
proposedtotoreduce reducethe thetasktaskof ofassessing
assessing the the cybersecurity
cybersecurity risks risks to
to thethe task
task of of
classification. Let 𝑆 = 𝑆1 , … , 𝑆 n be the set of the considered states (modes
classification. Let S = { S , . . . , S } be the set of the considered states (modes of operation)
ofofaalarge-scale
large-scaledynamic dynamicnetwork, network,among amongwhich whichthere thereare areboth bothsafe safeand andunsafe
unsafestates.
states. EachEach
state
state is characterized by a certain value of the cybersecurity risk. It is required, with
is characterized by a certain value of the cybersecurity risk. It is required, with aa
minimum
minimumtime timefor foraccumulating
accumulatingstatistical information t𝑡k →
statisticalinformation → min
𝑚𝑖𝑛,, to to identify
identify the the risks
risks of of
the
thecybersecurity
cybersecurityviolations violationsof ofthethedynamic
dynamicnetwork networkwith withsufficient
sufficientaccuracy. accuracy.
AsAspart
partof ofthe thetask, task,aamethodology
methodologyfor foridentifying
identifyingthe the risks
risks of of cybersecurity
cybersecurity violations
violations
has been developed (Figure 12). The technique
has been developed (Figure 12). The technique consists of four stages: consists of four stages:
1.1. Preparatory
Preparatory stage; stage;
2.2. Formation
Formation of of training
training samples,
samples, the the basebase of of scenarios
scenarios (BS) (BS) of of the the dynamic
dynamic networks
networks
operation
operation modes; modes;
3.3. Classification;
Classification;
4.4. TheThe cybersecurity
cybersecurity risk risk assessment.
assessment.
The
The setset of typesofofthe
of types thenetwork
network nodesnodes Types
𝑇𝑦𝑝𝑒𝑠 = = 𝑇 , {𝑇T,1… , Tl }, selected
, T, 2𝑇, . ,. .selected for the
for the specific
specific
dynamic dynamic network,
network, forms a
forms time seriesa X = {{ 1 ( 1 ) series
time x t , x t
1( 2) , . . . , x 1 ( tk𝑋
)}=,
{ x2𝑥(t(𝑡
1 ),),x𝑥2 ((𝑡 . , {),x𝑥m ((𝑡t1 )),, …xm, 𝑥(t(𝑡
t2 )),, .…. ., ,𝑥x2(𝑡(tk))}, ,𝑥. . (𝑡 2 ), ) , x,m𝑥(tk(𝑡
. . ,.… )}}),, 𝑥 which(𝑡 ), … , 𝑥are(𝑡 )the, which time-
synchronized network characteristics (interaction
are the time-synchronized network characteristics (interaction and influence coefficients,and influence coefficients, probability of
cyberattacks, etc.) from various devices D = { D
probability of cyberattacks, etc.) from various devices 𝐷 = 𝐷 , 𝐷 , … , 𝐷 located on the 1 , D 2 , . . . , D m } located on the controlled
node of the node
controlled dynamic of the network.
dynamic network.
Machines 2021, 9, 78 13 of 19
Machines 2021, 9, x FOR PEER REVIEW 13 of 19

Figure
Figure 12.12.The
Theproposed
proposedmethodology
methodology for the cybersecurity
cybersecurityrisk
riskassessment.
assessment.

Thekey
The keyindicators
indicators in in assessing cybersecurity
cybersecurityrisks risksarearethethelikelihood
likelihood of of
a cyberattack
a cyberattack
occurringand
occurring andthethedamage
damage caused, usually usuallyexpressed
expressedininmonetary
monetaryterms. terms. However,
However, when
when
assessingrisks
assessing risksin inthe
thesmart
smart city networks,
networks, ititisisimportant
importanttotounderstand
understand that
thatnotnot
only thethe
only
integrity,confidentiality,
integrity, confidentiality, and and availability
availabilityofof data
databutbutalsoalso
the the
life and
life health of people
and health are
of people
are at risk. Typically, the cybersecurity risk assessment is a classification problemre-
at risk. Typically, the cybersecurity risk assessment is a classification problem and a and
a gression
regression treetree
thatthat
either classifies
either the current
classifies cybersecurity
the current risk level
cybersecurity riskas level
acceptable or un-
as acceptable
oracceptable
unacceptable or predicts classesclasses
or predicts based on paston
based data.
pastAlthough traditionaltraditional
data. Although statistical analysis
statistical
and mathematical models are widely used in various
analysis and mathematical models are widely used in various cybersecurity cybersecurity risk assessment anal-
risk assessment
ysis scenarios, the artificial neural network models are more flexible
analysis scenarios, the artificial neural network models are more flexible and capable of and capable of mod-
eling more
modeling complex
more complex nonlinear functions
nonlinear than than
functions classical statistical
classical models
statistical such assuch
models linearasdis-
linear
discriminant analysis and logistic regression. For example, for a neural networkusing
criminant analysis and logistic regression. For example, for a neural network model model
a logistic
using function,
a logistic its more
function, itshidden
more hiddenlayers allow
layerstheallow
studytheof complex
study ofnonlinear
complexrelation-
nonlinear
ships. In addition, the advantage of the ANNs is that they do not require an explicit indi-
relationships. In addition, the advantage of the ANNs is that they do not require an explicit
cation of the functional relationship between the dependent and independent variables.
indication of the functional relationship between the dependent and independent variables.
The ANN weighing process simply assigns less weight to variables that it predicts will be
The ANN weighing process simply assigns less weight to variables that it predicts will be
less important.
less important.
Based on the analysis of the problem, it has been decided to use the perceptron model
Based on the analysis of the problem, it has been decided to use the perceptron model
and the backpropagation algorithm as a training one. This type of ANN is pretty well
and the backpropagation algorithm as a training one. This type of ANN is pretty well
researched and described in scientific reports [40]. The advantage of a multilayer percep-
researched and described in scientific reports [40]. The advantage of a multilayer perceptron
tron is the ability to solve the linearly inseparable problems, high classification accuracy
iswith
the ability to solve the linearly inseparable problems, high classification accuracy with a
a small dimension of the input data [41]. Each ANN’s element builds a weighted sum
small dimension
of its inputs, adjustedof thein input dataof
the form [41]. Eachand
a term, ANN’s element
then passes thisbuilds a weighted
activation sum of its
value through
inputs,
the transfer function, thus obtaining the output value of this element. Elements are orga-the
adjusted in the form of a term, and then passes this activation value through
transfer
nized in function,
a layered thus obtaining
topology withthedirect
output value
signal of this element.
transmission. SuchElements
an ANNare canorganized
easily be in
a interpreted
layered topology with direct signal transmission. Such an ANN
as an input-output model, in which weights and threshold values (offsets) can easily be interpreted
are
asthe
anfree
input-output model,
parameters of the model. in which weights and threshold values (offsets) are the free
parameters of the
A typical model.
backpropagation neural network consists of a three-layer structure: input
A typical
nodes, outputbackpropagation
nodes, and hiddenneural nodes.network
To solveconsists
the problem of a three-layer
of assessing structure:
cybersecurityinput
nodes,
risks, output
the networknodes, and hidden
parameters of thenodes.
smartTocity
solve
nodesthe (such
problem of interaction
as the assessing cybersecurity
with other
risks,
nodes)theand
network
economic parameters
indicatorsof(fortheexample,
smart city thenodes
value (such as theare
of an asset) interaction
used as inputwithvar-
other
nodes)
iables,and economic
and the assessmentindicators (for example,
result (acceptable the value ofisan
or unacceptable) asset)
used are used
as output as input
variables.
variables, and the assessment
The unacceptable level of risk result (acceptable
suggests or unacceptable)
that measures need to be is used
takenastooutput
improve variables.
the
The unacceptable level of risk suggests that measures need to be taken to improve the
security of the large-scale smart city network. The input layer is used to enter the training
Machines 2021, 9, 78 14 of 19

data, the hidden layers transform the raw data into multidimensional nonlinear objects,
and the output layer classifies the data. The input layer consists of neurons that take
cybersecurity risk measurement indicators as the input vector. Low-level elements from the
original input are abstracted into the high-level elements through multiple hidden layers.
There is only one neuron in the output layer, representing the level of the cybersecurity
risk (acceptable—0 and unacceptable—1).
One of the most important steps in training a neural network is preparing datasets. To
solve the problem of assessing cybersecurity risks, datasets collected in smart city networks
and containing various types of assets, network traffic, and the level of cybersecurity
risks are needed. The analysis showed that today there are no datasets that meet such
requirements, so it was decided to build our datasets in a synthetic manner applying the
network simulator NS-3. In the NS-3 environment, a large-scale dynamic network was
built, and such smart city systems as VANET, MANET, IoT, and IIoT were simulated in a
single complex. During the simulation, the following network attacks were implemented
in the NS-3 network model: black hole (BH), gray hole (GH), DoS, DDoS, and wormhole
(WH). This choice is due to the fact that in dynamic networks with peer-to-peer architecture,
the problem of attacks aimed at disrupting the dynamic routing is acute [42]. All of these
intrusion test cases are related to the types of devices that they can affect. Table 1 shows
the features that were extracted during the modeling and included in the datasets.

Table 1. Neural network input parameters.

Parameter Description
Device number Device ID (0–10,000)
Device type Mobile, vehicle, traffic light, smart door lock, medical sensor, . . . (0–n; n = 10)
QTk Device cost in U.S. dollars (100–50,000)
Associated with Ti (n times) The device is associated with Ti (0 or 1)
Probability of BH Probability of black hole attack (0–100)
Probability of GH Probability of gray hole attack (0–100)
Probability of DoS Probability of DoS attack (0–100)
Probability of DDoS Probability of DDoS attack (0–100)
Probability of WH Probability of wormhole attack (0–100)
ITiTk (n times) Coefficient of influence of devices of the type Ti ∈ T on devices of the type Tk ∈ T (0–1)
Coefficient showing the number of devices of type Tk ∈ T with which device of type Ti ∈
CTiTk (n times)
T interacts (0–N)
Device number Device ID (0–10,000)
Device type Mobile, vehicle, traffic light, smart door lock, medical sensor, . . . (0–n; n = 10)
QTk Device cost in U.S. dollars (100–50,000)
Associated with Ti (n times) The device is associated with Ti (0 or 1)

The device types were identified, and this allows us to avoid the exact enumeration
of the ever-growing number of connected devices. Types of devices accumulate devices
that perform the same functions in the system, as well as interact and exchange messages
with the same number of devices of another type. For a risk assessment, the types T = {Ti }
of the smart devices were obtained, where 1 ≤ i ≤ n, n is a number of the allocated
types of devices. |Ti | = nTi is a number of devices of type Ti . For each device, its cost
was determined. The parameter QTk shows the size of the possible damage during the
implementation of the threat. The amount of damage is expressed in monetary units.
The cybersecurity threats for the smart network environment U = {Uj }, 1 ≤ j ≤ m, also
were denoted, where m is a number of the identified security threats. It is also necessary to
determine the correspondence of Uj ∈ U threats with the types of Ti ∈ T devices that are
the subject of these threats.
To correspond to the specific features of the dynamic networks, the special coefficients
ITiTk and CTiTk are used. ITiTk is the coefficient of influence of the devices of the type Ti ∈ T
on the devices of the type Tk ∈ T. To calculate it, the communications are analyzed between
Machines 2021, 9, 78 15 of 19

the device of the type Ti ∈ T and the device of the type Tk ∈ T. Based on this, the formula
is derived to calculate the coefficient of Influence (1):

Nsign
I= , (1)
Ntotal

where Nsign is a number of the significant messages exchanged between the device of the
type Ti ∈ T and the device of the type Tk ∈ T; Ntotal is a number of all messages sent from
the device of the type Ti ∈ T to the device of the type Tk ∈ T. Significant messages are
the large volume messages via the TCP/UDP protocols when a node purposefully sends
information to another node. The influence coefficient can take a value from [0; 1]. If I = 0,
the devices are not connected. If C = 1, the devices affect themselves.
CTiTk is the coefficient showing the number of the devices of the type Tk ∈ T with
which the device of type Ti ∈ T interacts, i.e., the nodes exchanged the messages at least
once. This coefficient can take the values [0; nTi ]. nTi is a number of the devices of the
type Ti .
Thus, as a result of modeling, a vector is formed containing 38 parameters. The
developed ANN was trained on the marked dataset. Table 2 presents the thresholds for the
unacceptable risk.

Table 2. The thresholds for the unacceptable risk.

Asset Type Network Type Permissible Probability of Node Failure

Smart phone MANET <1%
Laptop MANET <0.5%
Vehicle VANET <0.01%
Traffic light VANET <0.1%
Road-side unit VANET <1%
Smart door lock IoT <3%
Medical sensor IoT <0.03%
Temperature sensor IIoT <0.01%
Database server IIoT <0.1%
Smart robot IIoT <0.1%

The thresholds were set by the author independently according to the following
principle: assets, the failure of the functioning of which can directly refuse to affect the
life and health of people, have the least probability of acceptable risk (vehicles, medical
sensors, etc.). Assets that can indirectly cause harm to human health (traffic lights, smart
robots, etc.) have an average risk tolerance level of around 0.1%. In case of a cyberattack
on a smartphone, laptop, etc., if there is no threat to human life, and the cost of the assets is
usually small, these assets have a threshold of 1% and 0.5%, correspondently. In the future,
it is planned to develop an approach to calculate the permissible probability thresholds of
the unaccepted risks.
For instance, the following vector was obtained for node 1 (vehicle). The values of the
vector parameters are presented in Table 3. This script was run 10,000 times to determine
the level of the risk how often this node will fail. As a result of the study, it was determined
that this node fails five times, the probability of such an event is 0.05%, which exceeds the
established threshold of acceptable risk set in Table 2. The risk for such a vector is marked
as unacceptable—1.
Figure 13 shows the scheme of the experimental setup configuration. Using the NS-3
simulator, we simulate the environment of a smart city, during which files with network
information are logged, which are subsequently converted into vectors and fed to the input
of the developed neural network risk assessment system.
 Table 3. Vector example.

Parameter Value
Device number 1
Device type Vehicle
Machines 2021, 9, 78 16 of 19
QT1 10,000
Associated with T1 1
Table 3. Vector Associated
example. with T10 0
Probability of BH 20
Parameter Value
Probability of WH 5
Device number 1
DeviceIT1T1
type 1
Vehicle
Q
IT1T10
T1 10,000
0
Associated with T1 1
CT1T1
Associated with T10 010
Probability
CT1T10of BH 200
Probability of WH 5
IT1T1 1
Figure 13 shows the scheme of the experimental setup configuration.
IT1T10 0 Using the NS-
3 simulator, we simulate
CT1T1 the environment of a smart city, during which
10 files with network
information are logged,
CT1T10which are subsequently converted into vectors
0 and fed to the in-
put of the developed neural network risk assessment system.

Figure 13.
Figure 13. The
The experimental
experimental setup.
setup.

5.
5. The
The Experimental
Experimental Study Results
In
In the
thesimulation
simulationenvironment,
environment,two twodatasets
datasetswere
weregenerated:
generated:a training one
a training consisting
one consist-
of
ing10,000 vectors
of 10,000 andand
vectors a test oneone
a test consisting ofof
consisting 10,000.
10,000.The
Thetraining
trainingwas
wasbased
based on labeled
data,
data, and
and the
the vector
vector size
size was
was 3838 elements.
elements. When developing the ANN, ANN, Tensorflow and
Keras frameworks were
Keras frameworks were used. used. The neural network model has:
•• Input
Input layer
layer with
with 3838 neurons;
neurons;
•• One One hidden layer with
hidden layer with 2020 neurons
neurons and
and relu
relu activation
activation function;
function;
•• Output layer with one neuron and Softmax activation
Output layer with one neuron and Softmax activation function. function.
As
Asaaresult
resultofofexperimental
experimentalstudies,
studies,it itwas
was determined
determined that
thatthethe
maximum
maximum classification
classifica-
accuracy
tion accuracy of 97% was achieved with the following neural network parameters:layers,
of 97% was achieved with the following neural network parameters: three three
40 epochs
layers, 40 of training,
epochs a trainingaset
of training, equal to
training set10,000,
equal and Adamand
to 10,000, optimizer.
Adam Figure 14 presents
optimizer. Figure
the results ofthe
14 presents comparing
results ofthe quality ofthe
comparing thequality
ANN classification and classification
of the ANN classification according
and classifica-
to Formula (2).
tion according to Formula (2).

n
R Uj Ti = P Uj ∑k=1 ITi Tk CTi Tk × Q Tk , (2)

𝑅 𝑈 𝑇 = 𝑃(𝑈 ) ∑ 𝐼 𝐶 ×𝑄 , (2)
where R Uj Ti is the security risk when implementing the threat Uj ∈ U for the device
𝑅 𝑈 Ti𝑇∈isT;the


where
of the type P Usecurity
j is the risk when implementing
probability theofthreat
of realization Uj U U
the threat j ∈
for the
U;device
ITi Tk isofa
the type TiofT;influence
coefficient 𝑃(𝑈 ) is of
thethe
probability
connectedofdevices
realization of the
on each threat
other; CTU j U;
i Tk
𝐼 coefficient
is the is a coeffi-of
the number
cient of the device
of influence interactions
of the connected with each
devices other;
on each and Q
other; 𝐶 Tk is is
the amount
the of possible
coefficient of the
number of the device interactions with each other; and 𝑄 is the amount of possible
damage.
When analyzing the confusion matrixes, a significant superiority of the neural network
damage.
method over the method using Formula (2) was established. Such results can be explained
by the fact that the neural network is able to establish hidden patterns and select optimal
weights.
Machines 2021, 9, 78 17 of 19
Machines 2021, 9, x FOR PEER REVIEW 17 of 19

Figure 14.
Figure 14. Comparison
Comparison of
of the
the neural
neural network
network approach
approach with
with the
the traditional.
traditional.

6. Discussion and Future

When analyzing the Perspectives
confusion matrixes, a significant superiority of the neural net-
workAn method
analysisover thesecurity
of the methodand using
riskFormula
management(2) was established.
research for theSuch results
dynamic can be
networks
explained
of the smart bycity
the fact
has that
shown the that
neuralthenetwork
current is able to
works establish
actively hiddennew
propose patterns and select
approaches to
optimal
risk weights.as the traditional methods are unable to operate with the specifics of the
assessment,
rapidly changing network assets.
6. Discussion
The machine andlearning
Future Perspectives
methods have already shown their effectiveness in tasks that
require
An analysis of the security and
working with big data hidden
and risk dependencies.
management researchOurfor work presents networks
the dynamic a neural
network
of the smart approach
city hasto shown
assessingthatcybersecurity risks. Using
the current works actively thepropose
network newsimulator,
approachesit wasto
possible to recreate the dynamic network infrastructure of a smart city.
risk assessment, as the traditional methods are unable to operate with the specifics of the Modeling scenarios
were
rapidlydeveloped,
changingand five types
network of network attacks were implemented. From the data ob-
assets.
tained in the course of modeling,
The machine learning methods a dataset
havewas prepared,
already shown including network characteristics
their effectiveness in tasks that
and economic characteristics. All assets were typed,
require working with big data and hidden dependencies. Our work presents and a threshold of thea acceptable
neural net-
level
workof risk wasto
approach determined for each asset risks.
assessing cybersecurity type. Using
A neural thenetwork
networkmodel was developed,
simulator, it was pos-
namely
sible to recreate the dynamic network infrastructure of a smart city. Modelingthe
a three-layer perceptron, which was trained on labeled data, and then classi-
scenarios
fication quality was
were developed, andassessed
five types onofunlabeled data. The
network attacks weretestimplemented.
results showed an accuracy
From the data ob-of
98–99%, which speaks of the promise of the proposed approach. The main advantages of
tained in the course of modeling, a dataset was prepared, including network characteris-
the proposed approach are the ability to work in rapidly changing conditions, high classifi-
tics and economic characteristics. All assets were typed, and a threshold of the acceptable
cation accuracy when working with big data, the possibility of dynamic risk assessment, as
level of risk was determined for each asset type. A neural network model was developed,
well as the ability to work in conditions of limited awareness of the state of the entire smart
namely a three-layer perceptron, which was trained on labeled data, and then the classi-
city network.
fication quality was assessed on unlabeled data. The test results showed an accuracy of
In practice, to ensure high accuracy, the central node calculating the cyber risks has
98–99%, which speaks of the promise of the proposed approach. The main advantages of
to collect data on the controlled network in real-time, constantly update the probabilities
the proposed approach are the ability to work in rapidly changing conditions, high clas-
of network attacks, the interaction coefficients, and the influence of nodes on each other.
sification accuracy when working with big data, the possibility of dynamic risk assess-
In addition, the operation of a neural network requires significant computing power: the
ment, as well as the ability to work in conditions of limited awareness of the state of the
more nodes are in the controlled network, the more computing resources are required.
entire smart city network.
Nevertheless, despite the mentioned limitations, the proposed approach is more flexible
than In
thepractice,
existing to ensure high
approaches accuracy,
discussed in the central
Section node
3. The calculating
ability the cyber
to constantly risks has
supplement
to collect data on the controlled network in real-time, constantly update
the training set, dynamically monitor the level of cyber threats in the smart city network, the probabilities
of network
and update attacks, the interaction
the parameters of nodescoefficients,
all favorably and the influence
distinguish of nodes on
the proposed each other.
method from
In addition,
existing the operation of a neural network requires significant computing power: the
analogs.
moreInnodes are initthe
the future, controlled
is planned network,our
to continue theresearch
more computing resources are required.
in these areas:
Nevertheless, despite the mentioned limitations, the proposed approach is more flexible
• Add new features to datasets (for example, various network indicators: the ratio of
than the existing approaches discussed in Section 3. The ability to constantly supplement
sent and lost packets, throughput, number of hops, etc., as well as economic indicators:
the training set, dynamically monitor the level of cyber threats in the smart city network,
ROI, ROA, and ROE);
and update the parameters of nodes all favorably distinguish the proposed method from
• Compare the proposed neural network approach with other existing cybersecurity
existing analogs.
risk assessment methods.
In the future, it is planned to continue our research in these areas:
Machines 2021, 9, 78 18 of 19

Author Contributions: Conceptualization, M.K., V.K., and P.Z.; methodology, M.K. and V.K.; soft-
ware, V.K.; validation, V.K. and P.Z.; formal analysis, V.K.; investigation, V.K.; resources, M.K. and
V.K.; data curation, V.K.; writing—original draft preparation, V.K.; writing—review and editing M.K.,
V.K., and P.Z.; visualization, V.K.; supervision, M.K., V.K., and P.Z.; project administration, M.K., V.K.,
and P.Z.; funding acquisition, M.K., V.K., and P.Z. All authors have read and agreed to the published
version of the manuscript.
Funding: The reported study was funded by RFBR according to research project No.19-37-90001
(Sections 1, 3, 5 and 6). The reported study was funded as part of the State Task for Basic Research
(code of theme: 0784-2020-0026); suppl. agreement to the agreement for the financial support
No.075-03-2020-158/2, 17.03.2020 (internal No.075-GZ/SCH4575/784/2) (Sections 2 and 4).
Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.
Data Availability Statement: Not applicable.
Acknowledgments: Project results are achieved using the resources of the supercomputer center of
Peter the Great St. Petersburg Polytechnic University—SCC “Polytechnichesky” (www.spbstu.ru
accessed on 4 April 2021).
Conflicts of Interest: The authors declare no conflict of interest.

References
1. Palmisano, S. A Smarter Planet Building a Smarter Planet, City by City: Keynote Address at the Smarter Cities Forum. Shanghai.
2010. Available online: https://www.ibm.com/smarterplanet/us/en/smarter_cities/article/shanghai_keynote.html (accessed
on 16 October 2020).
2. Demidov, R.; Zegzhda, P.; Kalinin, M. Threat analysis of cyber security in wireless adhoc networks using hybrid neural network
model. Autom. Control Comput. Sci. 2018, 52, 971–976. [CrossRef]
3. Zhang, K.; Ni, J.; Yang, K.; Liang, X.; Ren, J.; Shen, X. Security and Privacy in Smart City Applications: Challenges and Solutions.
IEEE Commun. Mag. 2017, 55, 122–129. [CrossRef]
4. Pavlenko, E.; Zegzhda, D. Sustainability of Cyber-Physical Systems in the Context of Targeted Destructive Influences; IEEE Industrial
Cyber-Physical Systems (ICPS): St. Petersburg, FL, USA, 2018; pp. 830–834.
5. ABI Research. Lack of Critical Infrastructure Cybersecurity Investments in Smart Cities Will Seed the Future IoT Vulnerabilities;
2019. Available online: https://www.abiresearch.com/press/lack-critical-infrastructure-cybersecurity-investments-smart-cities-
will-seed-future-iot-vulnerabilities/ (accessed on 16 October 2020).
6. Ometov, A.; Bezzateev, S.; Voloshina, N.; Masek, P.; Komarov, M. Environmental Monitoring with Distributed Mesh Networks:
An Overview and Practical Implementation Perspective for Urban Scenario. Sensors 2019, 19, 5548. [CrossRef] [PubMed]
7. Chakraborty, T.; Jajodia, S.; Katz, J.; Picariello, A.; Sperli, G.; Subrahmanian, V. FORGE: A Fake Online Repository Generation
Engine for Cyber Deception. In IEEE Transactions on Dependable and Secure Computing; IEEE: New York, NY, USA, 2019.
8. ISO/IEC 27001:2013. Information technology. In Security Techniques. Information Security Management Systems. Requirements; ISO:
Geneva, Switzerland, 2013; p. 30.
9. PCI DSS Risk Assessment Guidelines; PCI Security Standard Council: Wakefield, MA, USA, 2012; p. 24.
10. The Risk IT Framework based on COBIT. In Rolling Meadows; ISACA: Schaumburg, IL, USA, 2009; p. 40.
11. Krundyshev, V.; Kalinin, M. The Security Risk Analysis Methodology for Smart Network Environments. In Proceedings of the
2020 International Russian Automation Conference (RusAutoCon), Sochi, Russia, 6–12 September 2020; pp. 437–442.
12. Kalinin, M.; Zegzhda, P.; Zegzhda, D.; Vasiliev, Y.; Belenko, V. Software defined security for vehicular ad hoc networks. In
Proceedings of the International Conference on Information and Communication Technology Convergence (ICTC), Jeju, Korea,
19–21 October 2016; pp. 533–537.
13. Zegzhda, D.; Stepanova, T. Achieving Internet of Things security via providing topological sustainability. In Proceedings of the
Science and Information Conference (SAI), London, UK, 28–30 July 2015; pp. 269–276.
14. Kolias, C.; Kambourakis, G.; Stavrou, A.; Voas, J. DDoS in the IoT: Mirai and Other Botnets. Computer 2017, 50, 80–84. [CrossRef]
15. Edwards, J.; Kashani, A.; Iyer, G. Evaluation of Software Vulnerabilities in Vehicle Electronic Control Units; IEEE Cybersecurity
Development (SecDev): Cambridge, MA, USA, 2017; pp. 83–84.
16. Alromaihi, S.; Elmedany, W.; Balakrishna, C. Cyber Security Challenges of Deploying IoT in Smart Cities for Healthcare
Applications. In Proceedings of the 2018 6th International Conference on Future Internet of Things and Cloud Workshops
(FiCloudW), Barcelona, Spain, 6–8 August 2018; pp. 140–145.
17. Bernardes, M.; De Andrade, F.; Novais, P. Smart cities, data and right to privacy: A look from the Portuguese and Brazilian
experience. In Proceedings of the 11th International Conference on Theory and Practice of Electronic Governance, Galway,
Ireland, 4–6 April 2018; pp. 328–337.
Machines 2021, 9, 78 19 of 19

18. Alandjani, G. Features and potential security challenges for IoT enabled devices in smart city environment. Int. J. Adv. Comput.
Sci. Appl. 2018, 9, 231–238. [CrossRef]
19. Chatterjee, S.; Kar, A.; Gupta, M. Critical success factors to establish 5G network in smart cities: Inputs for security and privacy. J.
Glob. Inf. Manag. 2017, 25, 15–37. [CrossRef]
20. Awad, A.; Furnell, S.; Hassan, A.; Tryfonas, T. Special issue on security of IoT-enabled infrastructures in smart cities. Ad Hoc Netw.
2019, 92. [CrossRef]
21. Cui, L.; Xie, G.; Qu, Y.; Gao, L.; Yang, Y. Security and Privacy in Smart Cities: Challenges and Opportunities. IEEE Access 2018, 6,
6134–46145.
22. Malla, A.; Sahu, R. Security Attacks with an Effective Solution for DOS Attacks in VANET. Int. J. Comput. Appl. 2013, 66, 45–49.
23. Sumra, I.; Ahmad, I.; Hasbullah, H.; Manan, J. Classes of attacks in VANET. In Electronics, Communications and Photonics Conference
(SIECPC); IEEE Access: New York, NY, USA, 2011; pp. 1–5.
24. Ngai, E.; Jiangchuan, L.; Lyu, M. On the Intruder Detection for Sinkhole Attack in Wireless Sensor Networks. IEEE Int. Conf.
Commun. 2006, 8, 3383–3389.
25. Douceur, J. The Sybil Attack, in Peer-to-Peer Systems; Springer: Berlin/Heidelberg, Germany, 2002; pp. 251–260.
26. Al-kahtani, M. Survey on security attacks in Vehicular Ad hoc Networks (VANETs). In Proceedings of the 6th International
Conference on Signal Processing and Communication Systems (ICSPCS), Kyoto, Japan, 23–24 August 2012; pp. 1–9.
27. Valis, D.; Koucky, M. Selected overview of risk assessment techniques. Probl. Eksploat. 2009, 75, 19–32.
28. Zhang, R.; Li, D. Development of risk assessment model in construction project using fuzzy expert system. In Proceedings of the
2nd IEEE International Conference on Emergency Management and Management Sciences, Beijing, China, 8–10 August 2011; pp.
866–869.
29. Platon, V.; Constantinescu, A. Monte Carlo Method in Risk Analysis for Investment Projects. Procedia Econ. Financ. 2014, 15,
393–400. [CrossRef]
30. Cox, J. Game Theory and Risk Analysis. Risk Anal. 2009, 29, 1062–1068. [CrossRef]
31. Ellison, M. Quantified tree risk assessment used in the management of amenity trees. J. Arboric. 2005, 31, 57–65.
32. Kara, M.; Fırat, S. Supplier Risk Assessment Based on Best-Worst Method and K-Means Clustering: A Case Study. Sustainability
2018, 10, 1–25.
33. Zhou, J.; Reniers, G.; Zhang, L. A weighted fuzzy Petri-net based approach for security risk assessment in the chemical industry.
Chem. Eng. Sci. 2017, 174, 136–145. [CrossRef]
34. Lo, C.; Chen, W. A hybrid information security risk assessment procedure considering interdependences between controls. Expert
Syst. Appl. 2012, 39, 247–257. [CrossRef]
35. FERMA. Artificial Intelligence Applied to Risk Management; FERMA: Brussels, Belgium, 2019.
36. Liu, Q. Research on Risk Management of Big Data and Machine Learning Insurance Based on Internet Finance. J. Phys. Conf. Ser.
2019, 1345, 052076. [CrossRef]
37. Hegde, J.; Rokseth, B. Applications of machine learning methods for engineering risk assessment—A review. Saf. Sci. 2020, 122,
104492. [CrossRef]
38. Leo, M.; Sharma, S.; Maddulety, K. Machine Learning in Banking Risk Management: A Literature Review. Risks 2019, 7, 29.
[CrossRef]
39. Radanliev, P.; De Roure, D.; Page, K. Design of a dynamic and self-adapting system, supported with artificial intelligence, machine
learning and real-time intelligence for predictive cyber risk analytics in extreme environments—cyber risk in the colonisation of
Mars. Saf. Extreme Environ. 2021, 1–12.
40. Gallant, S. Perceptron-based learning algorithms. IEEE Trans. Neural Netw. 1990, 1, 179–191. [CrossRef]
41. Rezaei, J.; Liu, X. Deep Learning for Encrypted Traffic Classification: An Overview. IEEE Commun. Mag. 2019, 57, 76–81.
[CrossRef]
42. Butun, I.; Österberg, P.; Song, H. Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures. IEEE Commun.
Surv. Tutor. 2019, 22, 616–644. [CrossRef]