Immunity-Empowered Collaboration Security Protection for Mega Smart Cities

Abstract

The cyberphysical systems of smart cities are facing increasingly severe attack situations, and traditional separate protection methods are difficult to effectively respond to. It is urgent to coordinate public safety and cybersecurity protection. However, the integration of the two faces many challenges and is a very promising research field. The aim of this study is to investigate technical approaches for the synergy between public safety and cybersecurity. This paper proposes a smart city safety protection model inspired by the human immune mechanism. It was found that through a three-line defense architecture similar to the human immune mechanism, and with the help of certain algorithms and functional middleware modules, public safety and cybersecurity protection components can be dynamically combined to achieve collaboration. This work has verified through experiments a valuable path to effectively resist complicated attack threats intertwined with public safety and cybersecurity factors.

1. Introduction

The critical infrastructure network of smart cities faces frequent complex attacks and intrusion events intertwined with network and physical space, and traditional separation protection methods are difficult to effectively cope with. Public safety and cybersecurity belong to two different fields of smart cities, which aim to solve different problems for different objects. For example, public safety mainly deals with video surveillance in physical space, monitoring and early warning of natural disasters, medical infectious diseases, and environmental ecology, while cybersecurity mainly solves the problems of attacks and protection in the virtual space of the network. With the development of smart city information physical systems and the widespread application of big data technology, the attack behaviors of public safety and cybersecurity are mutually penetrating and intertwined. For example, hackers control natural disaster sensors through attacks, thus illegally stealing geographic basic data information from opponent countries. Traditional methods of separating public safety and cybersecurity make it difficult to locate attack sources, as well as crossdomain data flow behavior. The 2023 National Security Strategy of the United States emphasizes, “One of the strategic objectives is to develop cyber security requirements that support national and public safety” [1]. The research on combining the information domain with the physical domain as a defense method is currently a hot topic, but there is a lack of feasible basic structures and methods for integrating the two. Public safety and cybersecurity correspond to the physical and information security of smart cities, thus involving different technological fields and being implemented by different technologies. Devices with different technological systems are difficult to directly interconnect. This essay aims to delve into the multifaceted dimensions of collaborative defense in the realm of public safety and cybersecurity, thereby exploring the challenges, strategies, and implications of this imperative endeavor. This essay aims to conduct in-depth research on the infrastructure, technology, and methods of collaborative defense in the fields of public safety and cybersecurity in smart cities, as well as the experiments conducted.

The collaborative integration of public safety and cybersecurity faces new technological challenges: they target different protection objects and require different technologies. The usual cybersecurity protection mainly relies on methods based on communication protocol processing, software development, and cryptographic calculations, while public safety protection involves more signal (video, audio, electromagnetic, sensor, etc.) processing technologies in addition to communication network processing mechanisms. There is no connection between them. For example, it is difficult to directly connect public video cameras to firewalls. This isolation is shown in Figure 1.

Therefore, it is difficult to synergistically integrate different technological systems using traditional methods. Lisova et al. (2019) pointed out that safety and security coanalysis is still a developing domain [2]. Cybersecurity and public safety protection technologies are independently developed, and in recent years, researchers have made some research progress in the integration of the two technologies. Suciu et al. (2021) presented a protective system, S4AllCities, that proposes advanced technological concepts and methodologies for implementing city digital intelligence that makes it accessible in real time to authorized and authenticated security practitioners (from public and private) and city executives for advancing their situation awareness on cyber and physical threats [3]. Liu et al. (2021) proposed a collaborative modeling framework that enables the coanalysis of safety and security requirements for network protocols [4]. Fan et al. (2022) proposed a simple collaborative protection system for public safety and cybersecurity based on cloud computing and big data technology [5]. Dimitrov et al. (2022) proposed a three-dimensional analysis method for smart city cybersecurity, thereby emphasizing the unified consideration of public safety and cybersecurity factors [6]. Sengan et al. (2020) proposed a method called Hybrid Smart City Cybersecurity Architecture (HSCCA) to address security issues related to the implementation of smart city technology. This approach not only protects data security but also analyzes risks [7]. Fang et al. (2020) designed a trust model that uses binomial distribution to calculate node trust values and proposed a trust management scheme to prevent switch attacks, thus ensuring that the data collection phase of smart cities can identify attack behavior from environmental interference and establish a secure data transmission path for resource-limited terminals [8]. Paul et al. (2021) [9] proposed a smart city architecture based on the Internet of Things, which protects all encryption security and privacy issues by adopting public and private chains. However, preliminary research did not focus on the specific methods and functional modules required for the collaboration of public safety and cybersecurity technology mechanisms.

On the other hand, in the application of human immune theory and its cybersecurity field, Farzadnia et al. (2021) have developed a novel sophisticated hybrid method for intrusion detection using the artificial immune system [10]. Damai et al. (2021) have proposed the use of artifcial immune systems to alleviate DDoS attacks in cloud computing by identifying the most potential features of the attack [11]. Grigorieva et al. (2023) have defined the concept of cyberimmunity systems, which have some common points with the theory of biological immunity [12]. Jim et al. (2022) designed a mobile self-organizing network (MANET) security method based on an artificial immune system by simulating the mechanisms of the human immune system. This method was proven to have better packet delivery and detection rates, even in the presence of malicious nodes [13]. He et al. (2021) designed an immune-based digital virtual asset risk assessment method by simulating the mechanism of synchronized dynamic evolution between antibody concentration and invading viruses in the human immune system. This method can effectively generate high-performance immune detectors to identify attack risks and evaluate the risk of different users being attacked in real time [14]. Fotohi (2019) proposed in his research to use the human immune system to protect unmanned aerial systems from security threats [15]. Yang (2020) proposed a network layer security detection model of the Internet of Things based on the immune system [16]. He et al. (2021) proposed an immune system-based defence system of robot cybersecurity [17]. Kodati et al. (2023) described an ensemble framework of the artificial immune system (AIS) based on a network intrusion detection system [18]. Melo et al. (2022) were inspired by the human immune system and proposed an immune security model, ISM-AC, which is based on alert correlation and software-defined networking [19]. Sanders et al. (2019) mentioned in their research that traditional methods treat cybersecurity and public safety protection methods as independent of each other, managed by different departments, and responded to by different technical means [20]. The above literature mainly focuses on applications in the field of cybersecurity and does not involve applications in public safety. However, these studies did not involve the application of human immunity in the synergy of public safety and cybersecurity; furthermore, these studies have not addressed the application of human immunity in the synergy of these two different mechanisms.

This paper proposes a comprehensive immune system for smart city network information security, CPCSIS, which mainly focuses on the integration of smart city cybersecurity and public safety. Based on the complex environment of the Internet of Things in a smart city, which has network heterogeneity, device heterogeneity, data heterogeneity, and crossdomain sharing combined with the operating mechanism of the human immune system, CPCSIS has realized the perception of network information security threats and safety security risk factors throughout the entire process, all domains, and all times of the smart city. On the basis of data fusion, it has carried out risk anomaly detection and completed the identification of “self” and “non-self.” And the timely and effective response and disposal of identified security threats are carried out to achieve the goal of disrupting and repelling unwanted intrusion activities in the system, thereby forming a fully aware, adaptive, and self-feedback immune system. Naveed et al. (2020) presented a dynamic framework, Celosia, which is inspired by the immune system, and it offered good accuracy and high performance with minimal human intervention [21]. The Internet and cloud computing are equivalent to the human nervous system, thus transmitting and exchanging information to achieve precise operations in commanding and scheduling various aspects of the city. Multimodal big data are equivalent to blood and nutrients, which are used to support the normal operation of the entire ecosystem. Smart city users, managers, decision makers, and other entities are like individual cells that exist and operate continuously, thereby completing the normal operation and metabolism of the entire system. The CPCSIS is inspired by the human immune mechanism and ensures the healthy operation of the entire ecosystem of the smart city. The CPCSIS uses sensors, the Internet, cloud computing, big data, and user behavior information to identify and clean up harmful substances (such as attack threats, among others), thus helping the smart city ecosystem resist external interference and maintain its own structure and function in its original state.

2. Models and Methods

2.1. The Basic Principles of CPCSIS

The proposal of CPCSIS has a solid theoretical foundation. Research in the biomedical field indicates that the human immune system is generally composed of three lines of defense. CPCSIS draws on the hierarchical structure of the three lines of defense of human immunity, focusing on the elements of citizens, enterprises, and government affairs, and constructs three lines of defense that are similar to human immunity in terms of immune methods, immune functions, and immune components, as shown in

Table 1. Comparison of similarities between CPCSIS and human immunity.

The Basic Properties of Immunity	Human Immunity	CPCSIS
Immune mode	The immune system of the human body includes a series of processes such as the exclusion or elimination of foreign objects (such as allergic reactions, rejection reactions), as well as intervention measures such as planned immunity (vaccination).	The comprehensive prevention and control of cyber security in smart cities can also be divided into the process of discovering or disposing of cybersecurity and public safety threats (crossdomain denial of security threats, dynamic adjustment of security strategies), as well as monitoring and warning of unknown threats through behavior learning and other methods.
Immunity	The human immune function includes three main tasks: immune monitoring, immune response, and immune memory. Immune surveillance identifies pathogens such as bacteria, viruses, fungi, etc. The immune response extensively clears invading pathogens and implements precise strikes against them; immune memory exerts a stronger immune response, thus enabling complete elimination of pathogens.	The comprehensive immunity of smart city network information security has achieved security functions such as anomaly detection, threat identification, asset protection, emergency response, state recovery, and attack blocking through cybersecurity components and prevention and control measures, thus maintaining the smooth operation of the network environment.
Immune components	There are three immune defense lines in the human body: The first line of defense includes skin, mucous membranes, etc.; The second line of defense includes phagocytosis, bactericidal substances, neutrophils, etc. The first two lines of defense are natural defense functions gradually established by humans in the process of evolution. They do not target a specific pathogen and have defensive effects against multiple pathogens. The third line of defense is lymphocytes, a type of white blood cell that is responsible for combating external infections and monitoring cellular mutations in the body.	Based on the principle of human immune components, the immune components of smart cities are also composed of three lines of defense: The first line of defense emphasizes environmental awareness, scene awareness, and access control capabilities. The second line of defense completes functions such as information fusion, threat detection, and element rights confirmation. The third line of defense is equipped with safety isolation, coordinated disposal, and learning modeling.

. CPCSIS combines cyber security with biomedical research for interdisciplinary innovation, which is a fundamental research method for solving complex technical problems. Its scientificity is, as pointed out by Tache et al. (2023) in his research paper, through transdisciplinarity, wherein the aim is to highlight the nature and characteristics of the flow of information that circulates between the different branches of knowledge [22].

The basic principle of CPCSIS is shown in Figure 2.

CPCSIS has a three-line defense architecture. HWolf-Ostermann (2021) mentioned in his paper the basic concepts of three lines of defense structure of the human immune system [23]. In the corresponding CPCSIS, it is first able to achieve network and public environment perception and scene cognition. Secondly, it has basic access control capabilities, which can defend against attacks of moderate intensity in the network environment. In the paper by Robert et al. (2023), it was mentioned that bactericidal substances and phagocytic cells form the second line of defense, which has the functions of phagocytosis and digestion. They phagocytose, process antigens, and transmit antigen-specific transmission to T lymphocytes and B lymphocytes [24]. Analogous to the information fusion, threat discovery, and factor authentication mechanisms in the CPCSIS system, the fusion of public safety and cybersecurity information is similar to the phagocytic and digestive functions of phagocytic cells. Antigen specificity is similar to identifying “self” and “non-self” abnormal behaviors that already exist, thus identifying and blocking illegal access, illegal acquisition, and illegal leakage behaviors and presenting the identified information to higher-level analysis, response, and processing systems, which confirm the ownership of key data and its circulation for risk fusion analysis and response strategy generation across the entire network. In the paper by Chiara et al. (2023), it was mentioned that the third line of defense is composed of immune organs and immune cells, which constitutes an acquired defense function gradually established by the human body after birth and only works against a specific pathogen or foreign object [25]. The characteristic of specific immunity is immune memory, which is the ability of the human body to resist infections acquired through acquired infections or artificial vaccination and can acquire memory against the antigen.

In the field of cybersecurity, protective systems constructed based on algorithms such as artificial intelligence and machine learning can also achieve similar learning, recognition, memory, and feature extraction capabilities. When facing specific types of risks (such as abnormal behavior) and new threats (APT), these protective measures can establish highly specialized detection strategies, defense strategies, and isolation mechanisms, thereby making the entire immune system exhibit typical self-learning habits. This confers adaptability to achieve specific immunity for cybersecurity.

2.2. The Basic Components of CPCSIS

2.2.1. Functional Module Composition of the Three Lines of Defense

The three lines of defense of the CPCSIS system include cybersecurity and public safety protection functional components in multiple key information infrastructure areas of smart cities, such as the Internet of Things, IP Internet, and Industrial Internet, as shown in Figure 3.

Among them, the public safety monitoring platform module based on video surveillance, the public safety and cybersecurity strategy visualization module, the cybersecurity monitoring data collection module, the intelligent public safety gateway module, the multisource heterogeneous data collection module, the network asset mapping module, the cybersecurity vulnerability scanning module, and the public safety multirisk linkage analysis and accurate warning module (including network public opinion monitoring and content security monitoring) are included. They form the first line of defense with environmental awareness, scene awareness, and access control capabilities.

The second line of defense consists of a distributed public key infrastructure module, a fine-grained permission management module, an urban data sharing and exchange module, a multidimensional data authorization module, a multidimensional simulation module for virtual and real integration of smart cities, and a comprehensive threat detection module for smart cities. It will provide information fusion, threat discovery, and element authorization mechanisms for public safety and cybersecurity in smart cities at the level of virtual and real space.

In the third line of defense, the smart city cybersecurity and public safety situation analysis module, the smart city ultralarge capacity data flow monitoring module, the  cybersecurity and public safety linkage disposal and control module, the cybersecurity and public safety threat warning and disposal module, and the smart city cybersecurity and public safety comprehensive prevention and control platform module are combined to output security isolation, linkage disposal, and learning modeling mechanisms.

2.2.2. Analysis of the Working Principle of the First Line of Defense

The smart city cybersecurity and public safety comprehensive prevention and control platform module is the fusion processing center unit of CPCSIS. The first line of defense is displayed in the smart city cybersecurity comprehensive prevention and control platform, which includes the perception and detection of the smart city network environment, including the distribution of smart city network assets, asset attributes, and asset risk vulnerabilities: This involves understanding the operational status of smart city business systems and application scenarios, displaying the execution results of network control operations triggered by public safety incidents, etc. The first line of defense is achieved through the combination of middleware—public safety and cybersecurity strategy visualization module, intelligent public safety gateway module, and public safety monitoring platform module for video surveillance—to handle public safety events under collaborative control conditions.

In terms of interfaces for collaborative disposal, in the first line of defense, the smart city intelligent security gateway module collects data from smart city IoT sensors, reports the detected environmental data to smart city security strategy visualization module, and disposes of IoT sensors based on the disposal actions issued by smart city security strategy visualization module. The public safety monitoring module based on video surveillance monitors public safety event information through video capture and reports real-time information on possible personnel intrusion. The multirisk linkage analysis and precise warning module for public safety issue real-time alarm information based on the reported public safety event information and report it to the smart city security strategy visualization module; then, it receives and integrates alarm event data from the public safety multirisk linkage analysis and accurate warning system, as well as the smart city intelligent security gateway. The smart city security strategy visualization module reports the execution results of the security response strategy to the smart city cybersecurity comprehensive prevention and control platform module; this module processes the received alarm information and issues disposal commands and actions layer by layer. The communication interfaces between various devices in the first line of defense, and the interface with the smart city cybersecurity comprehensive prevention and control platform are shown in Figure 4:

2.2.3. Analysis of the Working Principle of the Second Line of Defense

The second line of defense mainly completes the dynamic display of the protection process in the smart city cybersecurity comprehensive prevention and control platform. Therefore, the system interaction design in the second line of defense is implemented in the form of web page URL redirection. The second line of defense displays the protection status of important business data in the smart city cybersecurity comprehensive prevention and control platform module, including the operation status of element authorization, threat detection of data flow, and dynamic operation process information of multimodal data information fusion. Among them, based on blockchain technology, element rights are mainly achieved.

2.2.4. Analysis of the Working Principle of the Third Line of Defense

The third line of defense is mainly aimed at protecting against high-level sustained attacks and other high-energy level attack activities. Through the ability to learn and model unknown attacks, it intelligently executes security isolation and linkage disposal measures. The interface and communication relationships of the various components of the third line of defense are shown in Figure 5. The third line of defense in the smart city cybersecurity comprehensive prevention and control platform module mainly displays monitoring and early warning information of unknown attack threats in smart city government information networks, multisensor networks, the Internet of Things, and corresponding cybersecurity control strategies, as well as security isolation measures and their results, against high-level attack threats.

2.3. The Collaborative Protection Method of CPCSIS

The human immune system has an adaptive regulatory mechanism to maintain immune balance. CPCSIS adopts an elastic protection mechanism for attacks and invasions of different intensities, which can be adjusted through changes in the operating status of the three lines of defense to achieve this elastic protection. The defense of the human immune system is a limited defense, and the immune process of the three lines of defense of the human immune system is a hierarchical and evolutionary process rather than a simultaneous initiation process. Therefore, in the context of a wide variety and distribution of smart city Internet and IoT devices, as well as regarding complex and diverse attack and intrusion pathways, in order to prevent situations where the three lines of defense are “under protected” or “over reinforced”, CPCSIS needs to design an elastic adjustment algorithm to dynamically control the operation process of the three lines of defense. About the Dynamic Arrangement of Security Resources, Shao et al. (2020) proposed a resource optimization allocation strategy based on particle swarm optimization [26]. Mahfouzi et al. (2019) proposed a security-aware methodology for routing and scheduling for control applications in Ethernet networks [27]. Based on the protection characteristics of smart city network security and public safety, CPCSIS has designed a dynamic allocation method of security resources based on threat index; the protection control process based on the CPCSIS elastic adjustment defense algorithm is divided into four steps:

Step 1: Calculation of Smart City Cyberthreat Index Based on Information Entropy:

Jing et al. (2024) proposed a resilience-oriented planning strategy for the cyberphysical active distribution network (ADN) under malicious attacks [28]. Ibrahim et al. (2022) proposd an efficient protection mechanism against entropy deception, which is based on the analysis of changes in different entropy types, namely Shannon, Renyi, and Tsallis entropies, and monitoring the number of distinct elements in a feature distribution as a new detection metric [29]. Yang et al. (2021) proposed a dynamic spatiotemporal causality modeling approach to analyze traffic causal relationships for the large-scale road network [30]. Numerous studies have shown that Shannon entropy can be used to discover changes in the normal distribution of network traffic, thereby identifying security anomalies. By monitoring the flow entropy of the smart city network through the functional modules of the first and second lines of defense of CPCSIS, the network status and security status of the smart city can be detected. For traffic samples in cyberspace, the probability distribution of public safety and cybersecurity attributes of traffic packets can reflect the characteristics of traffic, and information entropy can measure any variable, which is a feature quantification method.

Implement real-time detection of malicious attack threats based on the smart city cyber security situation awareness method of scanning traffic entropy, with specific methods: Assuming that the cyberspace of smart cities is represented by a random variable s, we define its set of values as $\{s=s_1,s_2,\cdots ,s_n\}$. The probability distribution of values is defined as $\{p=p_1,p_2,\cdots ,p_n\}$. Therein, ${\sum }_{i=1}^n{p}_i=1$, $p_i$ indicate the probability of 1 to n network anomalies occurring, where $0<p_i<1$. The information entropy of variable can be expressed as follows:

$$H=-\sum _{i=1}^n{p}_{i}log{p}_i.$$

(1)

The H value determines the degree of attack on the system network. The lower the value, the more stable the system is; the higher the value, the more chaotic the system is. Chen et al. (2022) proposed an improved Technique for Order Preference by Similarity to Ideal Solution, called CPR-TOPSIS, which is based on information Communication Probability and Relative Entropy (CPR) and presented for identifying influential nodes in complex networks from the view of global, local, and location information dimensions [31]. In the CPCSIS, relative entropy is equivalent to the information entropy of two probability distributions, which can characterize the similarity between the two probability distributions. For the distribution of two discrete probabilities, we have $\{P=p_1,p_2,\cdots ,p_n\}$ and $\{Q=q_1,q_2,\cdots ,q_n\}$, where

$$\sum _{i=1}^n{p}_i=\sum _{i=1}^n{q}_i=1.$$

(2)

Overall, the formula for calculating relative entropy for P and Q is

$$D\left(P\right|\left|Q\right)=-\sum _{i=1}^n{p}_{i}log\frac{p_i}{q_i}.$$

(3)

where D represents the difference in probability distribution between P and Q; when D is 0, this indicates that P and Q belong to the same distribution, because $D\left(P\right|\left|Q\right)\ne D\left(Q\right|\left|P\right)$. In order to accurately and stably depict the distribution of P and Q, we expand relative entropy to scan flow entropy:

$$D(P,Q)=-\sum _{i=1}^n{p}_i\{p_i-q_i\}log\frac{p_i}{q_i}.$$

(4)

Based on the above, it can be concluded that when the cyberspace domain of the smart city that needs to be protected is divided into $n_s$ blocks within the t time cycle, the summary of failed application messages is $N_{fail}$, and the number of failed network space application messages in the i block is $N_i^{fail}$. We use Equation (5) to obtain $P_i^{src}\left(\pi \right)$, which is the probability distribution of failed application source addresses within a time cycle. Therein, the probability distribution of destinations can be expressed as $P_i^{Dst}\left(\pi \right)$, thus setting $jϵ\{Src,Dst\}$.

$$p_i^j\left(\pi \right)=\pi ·\left(\sum _{i=1}^{N_{fail}}{\pi }_i\right).$$

(5)

The above methods can better grasp the current operation status and environment of protected networks in smart cities and perceive various attackers and their attack activities, such as zombie networks, malicious websites, and denial of service.

From a mathematical perspective, based on the completion of information entropy calculation, the average number of scans of each partitioned address space in a specified time period is $\frac{N_{fail}}{n_s}$. But in reality within a divided time period, the likelihood of completing a random scan is relatively low. In a failed application message within a time period, it is easier to directly calculate the probability distribution of the obtained IP address and the $\frac{N_{fail}}{n_s}$ scan traffic entropy in engineering. Therefore, this situation can be adjusted through the criterion of Formula (6):

$$\frac{N_{fail}-\frac{N_{fail}}{n_s}}{\frac{{\left(n_s\right)}^2}{12}}<-\delta .$$

(6)

Step 2—Classification of Cybersecurity Threats in Smart Cities Based on the Threat Level: Formula (7) is used to calculate the probability distribution of IP addresses in failed application packets within the time period and the corrected average probability distribution of the scan traffic entropy. By comparing it with the set threshold, the degree of attack threat can be determined.

$$R_s=D_{KL}(P_t^{Src}\left(\pi \right)\Vert \frac{N_{fail}}{n_s})=-\sum _{t=1}^n(P_t^{Src}\left(\pi \right)-\frac{N_{fail}}{n_s})log\frac{P_t^{Src}\left(\pi \right)}{\frac{N_{fail}}{n_s}}.$$

(7)

$R_s$ represents the cyberspace security threat index. The overall algorithm process can be found in Algorithm 1.

Algorithm 1 Part of the Smart City Cybersecurity Threat Level

1: Input: Probability of IP address segment distribution $\{P=p_1,p_2,\cdots ,p_n\}$ 2: Output: The degree of attack threat $R_s$ 3: $\{Q=q_1,q_2,\cdots ,q_n\}$ ← Average probability distribution $\{X=x_1,x_2,\cdots ,x_n\}$ 4: for $i=1,2,\dots ,n$ do 5:    Relative entropy $A\leftarrow \mathrm{Relative}\mathrm{entropy}D\left(P\right|\left|Q\right)$ 6: end for 7: for $i=1,2,\dots ,n$ do 8:    Scan traffic entropy $B\leftarrow \mathrm{Scan}\mathrm{entropy}D(P,Q)$ 9: end for 10: if checkentropyverity(A,B) then 11:    $R_s\leftarrow$calculatethreatlevel() 12: else 13:    return Unreasonable scanning flow entropy 14: end if

Step 3—The Classification of Security Threat Levels for Smart Cities using CPCSIS: This should include both public safety and cybersecurity factors. In the third step, the cybersecurity threat level index is calculated using information entropy. According to the research of Guo et al. (2020), the level of public safety threat is generally divided according to the regulations of government management departments for various types of public threats [32]. For the convenience of research, this article only focuses on threats related to smart city video surveillance and network public opinion content security and divides them into four levels: $R_p$ represents the public safety threat index, $R_{pϵ(1,2,3,4)}$. We calculate the threat level of smart cities using weighted processing algorithms, as shown in Formula (8):

$$I_s\left(t\right)=\alpha R_p+\beta R_s.$$

(8)

In the formula, $\alpha$ is the public safety factor, $\beta$ is the cybersecurity factor, and $\alpha +\beta =1$. According to the requirements of CPCSIS application scenarios, it can be divided into three situations:

(a)

$\alpha$ > $\beta$: Public safety disposal or scenarios with high attention, such as natural disasters;

(b)

$\alpha$ = $\beta$: Scenarios where public safety factors are of equal concern to cybersecurity factors, such as handling public health incidents, among others;

(c)

$\alpha$ < $\beta$: Scenarios with high cybersecurity disposal or attention, such as being subjected to organized large-scale network attacks, among others.

In theory, the values of relative entropy and flow entropy can be infinitely large, and the value of $R_s$ is infinite. However, the actual situation is not like this. According to the research of Imanbayeva et al. (2020), when the system becomes chaotic to a certain extent, it will become unusable as a whole [33]. As a result, the value of $R_s$ will never be infinite: there always exists an upper limit value $\gamma$. The range of values for $I_s\left(t\right)$ is 0 $\le I_s\left(t\right)<3+\gamma$. By dividing the interval of $[0,3+\gamma )$ into 5 segments, 5 threat levels can be formed. The classification of attack threat levels can be calculated, as shown in

Table 2. Threat level classification.

Grade	${\mathit{R}}_{\mathit{s}}$ Value Range	Threat Level
1	$[0,\frac{3+\gamma }{5})$	Normal
2	$\left[\frac{3+\gamma }{5},\frac{2\times (3+\gamma )}{5}\right)$	Low
3	$\left[\frac{2\times (3+\gamma )}{5},\frac{3\times (3+\gamma )}{5}\right)$	Medium
4	$\left[\frac{3\times (3+\gamma )}{5},\frac{4\times (3+\gamma )}{5}\right)$	High
5	$\left[\frac{4\times (3+\gamma )}{5},(3+\gamma )\right)$	Extremely high

.

Step 4—Three Lines of Defense Operation Control Based on Threat Level Classification: According to the attack threat level of protected objects in smart cities, the activation status design of the functional components of the three lines of defense of CPCSIS is shown in

Table 3. The activation status of the first line of defense functional components.

Functional Module	Grade 1	Grade 2	Grade 3	Grade 4	Grade 5
Cybersecurity monitoring data collection module	•	•	•	•	•
Intelligent public safety gateway module				•	•
Multisource heterogeneous data collection module			•	•	•
Network asset mapping module					•
Cybersecurity vulnerability scanning module			•	•	•
Public safety multirisk linkage analysis and accurate warning module		•	•	•	•
Public safety monitoring platform module based on video surveillance		•	•	•	•
Public safety and cybersecurity strategy visualization module	•	•	•	•	•

,

Table 4. The activation status of the second line of defense functional components.

Functional Module	Grade 1	Grade 2	Grade 3	Grade 4	Grade 5
Urban data sharing and exchange module		•	•	•	•
Distributed public key infrastructure module					•
Fine-grained permission management module			•	•	•
Multidimensional data authorization module				•	•
Smart city cybersecurity simulation and verification module					•
Comprehensive threat detection module for smart cities		•	•	•	•

and

Table 5. The activation status of the third line of defense functional components.

Functional Module	Grade 1	Grade 2	Grade 3	Grade 4	Grade 5
Smart city ultralarge capacity data flow monitoring module				•	•
Cybersecurity and public safety linkage disposal and control module					•
Cybersecurity and public safety threat warning and disposal module			•	•	•
Smart city cybersecurity and public safety situation analysis module		•	•	•	•
Smart city cybersecurity and public safety comprehensive prevention and control platform module	•	•	•	•	•

.

The collaborative protection principle of CPCSIS proposed by this innovative research work is in line with the current trend of smart city information infrastructure development and the common research practice of researchers in this field. Kaššaj et al. (2024) highlighted the importance of cooperation between city authorities, local communities, and European institutions to achieve successful digital urban development [34]. Rizwan et al. (2023) have proposed safety and security as examples of issues and obstacles that smart cities confront [35]. Sha et al. (2022) suggested that it is clear from this that the key to urban security lies in the construction of a relatively stable system that brings together the various urban elements [36]. Accordingly, CPCSIS will promote cooperation between public safety management departments and cybersecurity management departments in smart cities.

3. Experiment and Analysis of Models

3.1. Experimental Purpose

By using different network attack methods and public video surveillance images with different levels of danger, experiments were conducted to test the ability of the CPCSIS to synergistically protect public safety and cybersecurity. The effectiveness of collaborative protection was evaluated in two dimensions: detection and disposal rates. Meanwhile, we compared the disposal efficiency of traditional methods and the CPCSIS under different threat levels.

3.2. Experimentation

(1)

Implement the functional module structure of the CPCSIS through open source software and programming development. Use four common public safety protection devices—video cameras, temperature sensors, position sensors, access control sensors, and gas sensors—to build a public safety experimental environment. Build a cybersecurity experimental environment using firewalls, routers, switches, and intrusion detection systems.

(2)

Public safety dataset: Use the CIFAR-10 dataset and label the images in the dataset with different labels representing different levels of threat to public safety: 1, 2, 3, and 4. Then, send the image data to the CPCSIS for testing.

(3)

Cybersecurity dataset: Use the IoT-23 dataset to simulate DDoS attacks, IoT botnet attacks, and other attack methods.

(4)

Based on testing the information entropy of the experimental environment, the $\gamma$ value in Table 2 comes out to 135.

3.3. Experimental Result

A total of 310 experiments were conducted on the CPCSIS using public safety and cybersecurity datasets. The detection and disposal rates of the CPCSIS under five different threat levels are shown in Figure 6. The detection rate refers to the proportion of successful detection of attack threats, while the disposal rate refers to the proportion of successful disposal (including network isolation and IoT device control) using cybersecurity protection equipment and public safety equipment after discovering attack threats.

During the experiment, a comparison was made between the CPCSIS and traditional defense methods. The traditional method refers to using public safety and cybersecurity methods separately to deal with attack threats, without any cooperative relationship between them, but with different processing orders. When public safety and cybersecurity threats arise, the traditional defense method is to use independent mechanisms for defense and record the control operation time of operating the four sensors, which we defined as $T_p$. The time for operating firewalls, routers, switches, and intrusion detection systems separately was recorded as $T_c$. The time for traditional operations was recorded as $T_1=T_p+T_c$. The response time of the CPCSIS was recorded as $T_2$. We then made a comparison between $T_1$ and $T_2$, which reflects the difference in processing efficiency between traditional methods and the CPCSIS. Also, we compared the defense success rates of the CPCSIS and traditional methods in 310 attack tests, as shown in Figure 7.

During the experiment, the processing orders for the four types of sensors, as well as the processing orders for operating firewalls, routers, switches, and intrusion detection systems, were exchanged, and the resulting differences in processing efficiency showed the same trend.

4. Discussion and Conclusions

Prior work has documented the research on the overall safety of smart cities, such as S4AllCities, for example. When compared with the S4AllCities project proposed by Suciu et al. (2021) [3], the similarity is that both papers propose the architecture of smart city security protection. The previous paper proposed a smart city defense architecture, called SoS, which consists of a three-layer digital twin structure (DecIoT, MAIDS, and ACMS). This article proposed an architecture inspired by human immune mechanisms—the CPCSIS. The difference is that the focus of the SoS architecture was focused on risk-based open smart spaces security management; cybersecurity shielding; and behavior tracking; as well as the real-time estimation of cyberphysical risks in multiple locations, and it measured activation for effective crisis management. In contrast, the CPCSIS combines public safety and cybersecurity technology mechanisms that make it more targeted, and it has stronger defense capabilities against complex and unknown security risks. The above experiment confirms the collaborative protection capability provided by the CPCSIS. Figure 4 reflects the relatively stable and balanced response ability of the CPCSIS when facing different threat levels from the dimensions of detection rate and disposal rate. Figure 5 shows that as the threat level increased, the average disposal time of the traditional method of separating public safety and cybersecurity gradually increased, while the CPCSIS showed better protection capabilities. Meanwhile, Figure 5 also demonstrates that, with the changing intensity of public and cybersecurity attack threats, the defense capability of the CPCSIS was significantly stronger than that of traditional methods. Therefore, when dealing with complex threat scenarios, such as unknown attack threats, the superiority of the CPCSIS will be more prominent. At the same time, this study reveals that when it is necessary to consider a mixed protection scenario of cybersecurity and public safety factors in smart cities by referring to the inherent logic of environmental perception, anomaly detection, and antibody learning in the three lines of human immunity, as well as by designing certain middleware and orchestration algorithms, the two can be organically combined. On the other hand, the research practice of this article has demonstrated the crossapplication of biomedical concepts in the field of cybersecurity in smart cities; moreover, through an architecture similar to the three lines of defense for human immunity and an elastic defense logic driven by attack threats, public safety and cybersecurity mechanisms of different technological systems can be combined. Collaborating on public safety and cybersecurity protection resources is the development trend of future smart city security defense, and the CPCSIS is an effective method. However, alongside these promising results, challenges arose. The research experiment in the paper only involved four types of public safety devices and four types of cybersecurity devices. In the next stage, more devices need to be added for experiments to verify the correctness of the research conclusions. Furthermore, the value $\gamma$ in Formula (8) above will exhibit different values with different network scenario conditions. In the future, it is necessary to study the $\gamma$ values under various different network entropy conditions and establish corresponding relationship tables. The CPCSIS must be tested using as many attack datasets as possible in various complex smart city network environments to ensure its wide applicability and effectiveness.