INTERNATIONAL JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES

Abstract

The rapid expansion of Internet of Things networks in smart city environments creates fragmented attack surfaces that conventional security architectures cannot adequately monitor. Current Intrusion Detection and Prevention Systems operate in isolation, producing inconsistent alert formats that reach Security Operation Centers with substantial delays and poor normalization, which severely hampers correlation effectiveness and generates excessive false positives. This study develops and validates a vendor-neutral mechanism enabling standardized real-time communication between distributed IDPS sensors and centralized SOC platforms. Our methodology combines analytical review of standards including STIX, TAXII, and ISO/IEC 27001 with prototype implementation using Suricata and Zeek sensors, Apache Kafka message bus, and Elastic SIEM integration. A custom normalization microservice converts heterogeneous alerts into STIX-compliant JSON format while maintaining GDPR and ISO 27001 compliance through TLS 1.3 encryption. Experimental validation with BoT-IoT and TON_IoT datasets shows the architecture reduces alert correlation latency by approximately 28 percent and decreases false positive rates by roughly 30 percent compared to baseline approaches. The bidirectional feedback mechanism allows SOC analysts to propagate updated detection rules to edge sensors, enabling adaptive threat response. Results demonstrate that message-bus-mediated architectures effectively address interoperability challenges in heterogeneous IoT security infrastructures, offering a practical implementation pathway for national smart city cybersecurity frameworks.