Detecting security attacks in cyber-physical systems: a comparison of Mule and WSO2 intelligent IoT architectures

José Roldán-Gómez; Juan Boubeta-Puig; Gabriela Pachacama-Castillo; Guadalupe Ortiz; Jose Luis Martínez

doi:10.7717/peerj-cs.787

Detecting security attacks in cyber-physical systems: a comparison of Mule and WSO2 intelligent IoT architectures

PeerJ Comput Sci. 2021 Nov 23:7:e787. doi: 10.7717/peerj-cs.787. eCollection 2021.

Authors

José Roldán-Gómez¹, Juan Boubeta-Puig², Gabriela Pachacama-Castillo³, Guadalupe Ortiz², Jose Luis Martínez¹

Affiliations

¹ Research Institute of Informatics (i3a), Universidad de Castilla La Mancha, Albacete, Spain.
² Department of Computer Science and Engineering, University of Cadiz, Cadiz, Spain.
³ School of Engineering, University of Cadiz, Cadiz, Spain.

Abstract

The Internet of Things (IoT) paradigm keeps growing, and many different IoT devices, such as smartphones and smart appliances, are extensively used in smart industries and smart cities. The benefits of this paradigm are obvious, but these IoT environments have brought with them new challenges, such as detecting and combating cybersecurity attacks against cyber-physical systems. This paper addresses the real-time detection of security attacks in these IoT systems through the combined used of Machine Learning (ML) techniques and Complex Event Processing (CEP). In this regard, in the past we proposed an intelligent architecture that integrates ML with CEP, and which permits the definition of event patterns for the real-time detection of not only specific IoT security attacks, but also novel attacks that have not previously been defined. Our current concern, and the main objective of this paper, is to ensure that the architecture is not necessarily linked to specific vendor technologies and that it can be implemented with other vendor technologies while maintaining its correct functionality. We also set out to evaluate and compare the performance and benefits of alternative implementations. This is why the proposed architecture has been implemented by using technologies from different vendors: firstly, the Mule Enterprise Service Bus (ESB) together with the Esper CEP engine; and secondly, the WSO2 ESB with the Siddhi CEP engine. Both implementations have been tested in terms of performance and stress, and they are compared and discussed in this paper. The results obtained demonstrate that both implementations are suitable and effective, but also that there are notable differences between them: the Mule-based architecture is faster when the architecture makes use of two message broker topics and compares different types of events, while the WSO2-based one is faster when there is a single topic and one event type, and the system has a heavy workload.

Keywords: Complex event processing; Internet of things; Machine learning; Pattern detection; Security attack.

Grants and funding

This work was supported by the Spanish Ministry of Science, Innovation and Universities and the European Union FEDER Funds [grant numbers FPU 17/02007, RTI2018-093608-B-C33, RTI2018-098156-B-C52 and RED2018-102654-T]. This work was also supported by the JCCM [grant number SB-PLY/17/180501/ 000353] and the Research Plan from the University of Cadiz and Grupo Energetico de Puerto Real S.A. under project GANGES [grant number IRTP03’ UCA]. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.