Smart lighting systems (SLS) are essential to smart cities, offering enhanced energy efficiency and public safety. However, they are susceptible to security threats, potentially leading to safety risks and service disruptions, making the protection of this infrastructure critical.This paper presents an anomaly-based Intrusion Detection System (IDS) designed for a real-world operational SLS. As commercial deployments vary in components, protocols, and functionalities, IDSs must be tailored to the characteristics of each deployment to perform effectively. Our anomaly IDS has been specifically defined based on the properties of available data and the types of attacks we aim to detect, providing explainability and exhibiting low complexity. The proposed system identifies anomalies in seven features of network traffic and telemetry data received at the central control (O&M) server. For the latter, we designed three customized anomaly detectors to identify abnormal data points, persistent deviations in power consumption of street lamps, and abnormal power value based on the time of day. Validation with real-world data and simulated attacks demonstrates the effectiveness of our approach. Network attacks (e.g., DoS, scanning) were detected by at least one of the seven flow-related anomaly detectors, while simulated data poisoning attacks and operational technology (OT) issues were detected with nearly 90% accuracy. The datasets used in this work are publicly available and may serve as a reference for the design of future IDS. While our detectors were designed specifically for our dataset, the variables examined and vulnerabilities addressed are common in most commercial SLSs.
Read full abstract