Abstract
This paper introduces a unique intrusion detection method that integrates developmental and operational frameworks, focusing specifically on the wireless sensor network. With the growing number of intrusions, safeguarding sensor nodes has become increasingly crucial. In addition to security breaches, unauthorized access to systems by fraudsters or intruders poses a risk to critical assets. Therefore, detecting and blocking potential threats in the wireless environment is of utmost importance. The proposed detection approach consists of two steps: feature extraction and classification. The study emphasizes the necessity of a distinct intrusion detection method and robust feature extraction and classification techniques. Incorporating a deep learning model is vital for enhancing the precision and accuracy of attack detection. Additionally, it is crucial for efficiency to optimize the CNN architecture’s filter size and filter count. The proposed DevOps-based intrusion detection technique involves feature extraction and classification. During the feature extraction stage, statistics and higher-order descriptors are combined with existing characteristics in the early processing of application data. The extracted features are then utilized by the classification method in conjunction with an improved DCNN approach. The technique optimizes the quantity and size of filters in the input vector and fully connected layers. In terms of accuracy as well as FNR, sensitivity, MCC, specificity, FDR, FPR, and NPV, F\(_{1}\)-score against GAF-GYT and other attacks, the suggested technique outperforms conventional models. Specifically, in Application 3, the technique surpasses the DCNN, Innovative Gunner Algorithm, and FAE-GWO-DBN methods by 60.14%, 3.10%, and 5.46%, respectively. Furthermore, for Application 4, the suggested model demonstrates significantly lower FPR rates (91.46%, 67.15%, and 98.4%) compared to the FAE-GWO-DBN, AIG, and DCNN methods. Additionally, the suggested approach outperforms the DCNN, Innovative Gunner Algorithm, and FAE-GWO-DBN approaches by 69.76%, 3.27%, and 22.68%, respectively.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
The safety and confidentiality of data must be ensured in the modern world. A variety of fields, including essential infrastructure, healthcare for all, smart cities, autonomous vehicles, etc., benefit from the use of wireless sensor networks (WSN). In the upcoming years, the WSN’s utilization will increase dramatically and it will play a significant role in new technical advancements. As a result, the WSN’s information safety has expanded along with the network’s increasing sensor node count and the amount of information it generates. In WSNs, nodes in the network (sensor nodes) continually acquire perceived information gathered from surroundings and transfer it to the central station via neighboring nodes.
Loss of information while transmission of information is possible as a result of various equipment, network, or attack flaws. More study and research in this field is required to reduce the danger of data loss as a result of security assaults in WSNs. The safeguarding of sensor nodes’ activities is necessary for WSN security. Additionally, the vast majority of sensor nodes have network-level connections to outside sources. It is discovered that many WSNs are attackable and are severely harmed. They are significantly impacted because of their lack of capacity to defend. Separately, an attacker will have penetrated the IP layer and gained authority over the WSN node, that the attacker may exploit maliciously. Alternatively, the attacker may have penetrated several security measures in various neighbouring sensor nodes connected to that. vide a broad attack vector, the Mirai botnet (Pour et al. 2020; Koroniotis et al. 2019; Chen et al. 2017) developed a list of gadgets with sensors that were vulnerable. The botnet built up a huge network and was able to generate 600 GB of data every second by installing infected bots, including routers and video cameras. As a result of the assault, several Mirai variants have appeared, taking advantage of sensor nodes’ vulnerabilities. Numerous studies on botnet detection have subsequently been reported. Identifying botnets in the WSN while they remain within the targeted node is a challenge for these research. The signature-based strategy and the data analysis-based method are the two main strategies that are commonly used to address issues in the present research. The signature-based strategy produces complexity since the abnormalities and attacks have been documented in the database (Alauthman et al. 2020; Asadi et al. 2020; Mousavi et al. 2020; Jung et al. 2020). Specialists from a variety of disciplines (Giridhar Reddy and Sai Ambati 2020) are paying close focus on computational intelligence techniques. These methods, however, need a substantial amount of tagged cases. Therefore, more research in this area is required for the most accurate identification of WSN threats. It can be susceptible to attack as a consequence. The operational method is quicker when employing an analysis of data technique than it is with existing ways, and the issue of unanticipated dangers is easily handled. Additionally, a number of machine learning methods (Azar et al. 2019; Alfan et al. 2020; Shafq et al. 2020; Cheng et al. 2020), both supervised and unsupervised, are being used to improve the accuracy of WSN detection of attacks. The labelled data is used by the machine learning with supervision methods, and each instance has a label that describes a certain sort of assault. To detect WSN attacks, supervised models for machine learning such as neural networks, K-nearest neighbour, deep learning, and support vector machines were utilized.
The primary difficulties are:
-
1.
A unique intrusion detection method, as well as robust feature extraction and classification approaches, are required.
-
2.
To improve the identification of attacks precision and accuracy, a model that uses deep learning is needed.
-
3.
An efficient approach is required to optimize the number of filters and their size in CNN.
This method has several objectives, listed as follows:
-
1.
Analyzing information from each app by combining statistical and advanced statistical characteristics with existing features during the feature extraction step.
-
2.
A deep convolutional neural network (DCNN) model is used to develop the classification framework that focuses on the retrieved characteristics.
-
3.
The effectiveness of the recommended approach is tested through tests, and the results show that it functions better than comparable methods already in use.
The various contributions provided by this article are outlined as follows:
-
1.
A novel intrusion detection approach is as developed by connecting the DevOps architecture with two steps: feature extraction and classification. Each application’s data was processed early in the feature extraction process by integrating statistics and higher-order descriptors with the current features.
-
2.
The classification algorithm is developed employing these extracted features using an enhanced DCNN technique.
-
3.
A novel approach is employed to minimize the number of filters and filter size in both the fully connected layers and the input vector.
-
4.
In regards to sensitivity, accuracy, and specificity, as well as TPR (True_Positive_Rate), TNR (True_Negative_Rate), PPV (Positive_Precdictive_Value ), NPV (Negative_Predictive_Value), FPR (False_Positive_Rate), FNR (False_Negative_Rate), FDR (False_Discovery_Rate), MCC (Mathews_Correlation_Coefficient), and F1-score under the GAF-GYT and Mirai attacks the suggested work does better than other standard approaches.
-
5.
In application 3, the proposed methodology beats the DCNN, Innovative Gunner Algorithm, and FAE-GWO-DBN (Pijarski and Kacejko 2019) approaches by 60.14 %, 3.10 %, and 5.46 %, respectively. Furthermore, the recommended approach for application 4 has a low FPR, that is superior by 91.46 %, 67.15 %, and 98.4 %, respectively, than FAE-GWO-DBN, AIG, and DCNN approaches. The suggested strategy also beats the DCNN, Innovative Gunner Algorithm, and FAE-GWO-DBN techniques by 69.76 %, 3.27 %, and 22.68 %, respectively.
Related work is explained in Sect. 2. Section 3 presents the suggested technique. Section 4 presents the enhanced optimisation for resolving optimization problems. The evaluation and outcomes are covered in Sect. 5. The findings and future scope are included in Sect. 6, along with references at the end.
2 Related Work
Klassen and Yang (202) proposed an anomaly-based intrusion detection employing the Bayesian classifier in WSN. They investigated an Adhoc network with three types of attacks i.e. a DoS attack, black hole attack, and malicious attack to study if any harmful activities can be detected in time. A network having 33 numbers of nodes following AODV was built and collected the traffic data. Singh and Singh (2017) offered an AHIDS (advanced hybrid intrusion detection system) using a multilayered perceptron NN (neural network) containing the supervised learning network’s feed forward neural networks and backpropagation neural network based on the fuzzy logic mechanism. The suggested mechanism identifies and defends wormhole and Sybil assaults in WSN against hello flooding. Shaon and Ferens (2015), proposed a technique for the detection of wormhole intrusions in WSN utilizing an Artificial Neural Network (ANN).
The suggested work’s primary goal is to identify wormhole assaults in both uniform and non-uniform environments. Singh et al. (2020)demonstrated a method for detecting wormhole attacks in WSNs using ANN. Sherazi et al. (2019) addressed Intrusion Prevention System (IPS)-based protection and recommended a Q-learning and fuzzy logic strategy. The investigation was conducted using a tuple of four parameters as its foundation. On a 6BR machine that continuously evaluates internet packets, the suggested technique included techniques for Q-Learning and Fuzzy Logic. They noticed that DDoS-induced communication bottleneck was caused by packets flooding. Mourabit et al. (2015) used Random Tree, NaiveBayes, K-means, and Support Vector Machine algorithms to recognize various forms of attacks, including spoofed, changed, or replayed routing data attack, Picked forwarding attack, sinkhole attack, tampering, jamming, Sybil, Hello floods, and spoofing of acknowledgement. Sandhya and Julian (2014) proposed an IDS (intrusion detection system) by using K-means. The end result was an elevated probability of identification and a low incidence of false alarms. The proposed system using K-means proved to be suitable for dynamic environments. The system intelligently analyzed the generated intrusion alerts and new attacks are also detected that lacks intrusion signature on the basis of genetic K-means algorithm. Maleh et al. (2015) proposed an SVM (Support vector machines) based hybrid IDS (intrusion detection system) for wireless sensor network. A detection technique and a learning algorithm was used based on SVM to identify intrusion based on the signatures of the attack. Ho (2018) created a methodology in 2018 that combines probabilistic assessments and SPRT packets put into industrial IoT devices to effectively and reliably discover code-reuse concerns. The suggested attack detection method was evaluated and tested in commercial Internet-of-Thing devices. Numerous tests have revealed that the suggested approach has produced averaged detection precision for both a large and small collection of coding reused packets. In 2018, Shailendra Rathore and Park (2018) introduced an attack detection technique that utilizes fog computing that relies on a recently developed ESFCM framework and fog computing hypothesis. Semi-supervised fuzzy c-means has been employed in both the ESFCM approach for processing labelled data and an ELM strategy for improving the accuracy of classification in a more rapid detection rate. The created model outperforms the centralized intrusion detection process, according to the computations using the NSLKDD database. In specifically, the devised approach attained an identification time of 11 milliseconds and an accuracy of 86.53%. To precisely recognise anomalies and attacks in IoT gadgets, Hasan et al. (2019) focused on analyzing the outcomes across multiple ML approaches. ML techniques employed in the present research were Decision Trees (DT), Linear Regression, Artificial Neural Network (ANN), Support Vector Machines, and Random Forest (RF). Note that the study’s results have been distinguished using precision, F1-score, and area beneath the Receiver Operating Characteristic Curve. A 99.4% accuracy rate was attained for DT, RF, and ANN. Overall, the analysis shows that Random forest works better than other classifiers. In 2019, Liu et al. (1989) introduced the idea of a "multiple-mix-attack approach." Then, the PD prototype perceptron and K-means approach was developed for recognizing intruders and determining the level of confidence in sensor nodes. Employing PDE, an updated perceptron modelling learning technique, the identification rate was increased. The network route was made better to do this. The exploratory investigation showed that PDE and PD had superior detection of dangerous nodes in comparison to other similar algorithms with more accuracy rates. In 2020, Baig et al. (2020) suggested a denial-of-service (DoS) assault strategy that involved sending a large number of network packets to a specific set of network node sensors. This denial-of-service assault has the potential to impair normal operations and result in devastating losses for emergency services. As a part of this experiment, an intelligent DoS detection strategy has been created, which includes components for feature ranking and creation, testing and training, and data production. For this suggested framework, an experimental evaluation was conducted using real-world IoT threat scenarios. As a consequence, the applied work has obtained higher accuracy as compared to classification techniques. To protect the health sector from harmful cyberattacks, Jung et al. (2020) plan to categorize IoT devices that are influenced by malevolent activities based on power consumption patterns in 2020. A CNN-based deep learning method, consisting of an eight layer convolutional neural network and a unit for processing of data, has been built for this goal. To help the CNN in achieving better precision, the data was segmented and normalized before it was deployed. The efficiency was calculated by running cross-device assessments, leave-one-botnet-out assessments, self-evaluation, and leave-one-device-out assessments on three common Internet-of-Things device types: routers, digital assistant systems, and security cameras, and the results showed that the efficiency seemed to be better in the accuracy rate. Nguyen et al. (2020) contributed several advances to IoT intrusion detection in 2020. A PSI-rooted functionality based on subgraphs was generally supplied to identify DDoS assaults. Second, a limited set of attributes with precise behavioral descriptors were created, requiring less processing time and less storage capacity. The resilience and efficiency of suggested characteristics over five machine learning classifiers were therefore justified by the study. As a result, each classifier does have a good suggestion with little processing time and a higher identification rate than existing techniques. In order to ascertain the Sybil assault, Murali and Jamalipour (2020) have developed an ABC-motivated, dynamic assault modeling, and a portable RPL compact intrusion prevention system. In addition, depending on their actions, three different classifications of the Sybil assault were explored. Furthermore, under this Sybil assault, the RPL efficiency was examined in terms of traffic overlay management, energy usage, and packet delivery ratio. Furthermore, the suggested study was evaluated in terms of sensitivities, precision, and specificity measurements.
The distinctive characteristics and difficulties of the most advanced techniques are highlighted in Table 1 below.
3 Proposed methodology
This article presents its meaningful impact on DevOps and proposes a unique concept for ensuring security using a threat detection system. The general idea of DevOps is depicted in Fig. 1. In this proposed threat detection approach, the DevOps architecture covers both development and operations. The developmental scenario is used in the development stage, whereas the operational scenario is used in the operating section (apps). This development end handles the entire work of application security assurance, which is made possible by calculating all applications’ data. The presented WSN intrusion detection procedure manages data security-related assurance, allowing the assaults in WSN to be identified and warnings to be provided to the appropriate applications. In the next section, various steps for detecting an assault in WSN are given.
The major purpose of this analysis is on detecting WSN assaults, in which a unique intrusion checking approach comprising two steps is developed: extraction of features and classifying them. The information analysis is the first step, and it is taken from a database (archiveicsuciedu 2021) with following seven apps.
-
App1: Samsung_SNH_1011_N_Webcam
-
App2: Danmini_Doorbell
-
App3: Ecobee_Thermostat
-
App4: Ennio_Doorbell
-
App5: Philips_B120N10_Baby_Monitor
-
App6: Provision_PT_737E_Security_Camera
-
App7: SimpleHome_XCS7_1002_WHT_Security_Camera
Those acquired data \(E=\left\{ e_1,e_2,....,e_\alpha \right\} E_{\alpha \times \beta }=\left\{ \begin{array}{l} \begin{array}{cc}\;e_{11}&{}\;e_{12}\\ \;e_{21}&{}\;e_{22}\end{array}\\ \begin{array}{cc}\begin{array}{c}....\\ e_{\alpha 12}\end{array}&{}\begin{array}{c}....\\ e_{\alpha 2}\end{array} \end{array}\end{array}\right. \left. \begin{array}{r}\begin{array}{c}....e_{1\beta }\\ ....e_{2\beta }\end{array}\\ \begin{array}{c}\begin{array}{c}.....\;\;\;\;\\ ....e_{\alpha \beta }\end{array}\end{array}\end{array}\right\} \) from various applications are then subjected to pre-processing, wherein the normalizing is assessed to handle the data within the range of 0 to 1. This is then safely stored for further use. The following section depicts the normalizing procedure.
Database normalization is the process of organizing information in a database and has been performed even before extracting features. The is described in Eq. 1.
The analytical and higher-order statistical characteristics are retrieved from all these normalized data \(Y=\left\{ y_1,y_2,...,y_{\ddot{\beta }}\right\} \) during the feature extraction stage. \(Gu_{1}=g_{1},g_{2},g_{3} \) refers to statistical characteristics like average, median, and standard deviation, whereas\(Gu_2=i_1,i_2,i_3 \) refers to advance statistical characteristics like kurtosis, skewness, and relatively higher-order moments (Sarma 2021; Sharma et al. 2023). Following that, those characteristics are concatenated with the normalized data \(Gu=[Y\;Gu_1\;Gu_2]\), and features are extracted are produced. The categorization process is subsequently carried out with CNN’s assistance. This study employs an optimal situation in which the number of filters, as well as the size of a filter in the convolution layers and the activation function, are ideally optimized to maintain an effective detection performance. The entire concept of the suggested threat detection technique in WSN is shown in Fig. 2.
The statistics that have been incorporated already comprise the current characteristics, as well as statistical and advanced statistical features that have been combined. Mean, median, and standard deviation are statistical properties, whereas higher-order moments, kurtosis, and skewness are advance statistical characteristics. These labels or characteristics were subjected to correlation, resulting in the associated values. Thereafter, the associated data are averaging and evaluated to the precise mean value. As a consequence, the counts of related values with a larger or comparable mean value is recorded. Figure 3 shows a model of the recommended extraction of features in operation.
The square root of the variance Y is the standard deviation \(\mu \), which is given in Eq. 2.
The variance of an arbitrary parameter Y is the acceptable magnitude of the squared deviation from the average Y,\(\eta =F(Y) \), as is shown in Eq. 3.
The arithmetic averages are calculated by adding the magnitude of each sample with the available number of samples. The assessment of average is performed utilizing Eq. 4 on a sample including collected data \(y_1,y_2,...,y_{\ddot{n}} \) entries.
The moment is a numerical measure of a function’s form. On the basis of Eq. 5, the \(\ddot{\beta } \)-th instant of a function \(f\left( \widehat{y}\right) \) of an real variable \({\ddot{d}} \) is given.
The merged information Gu would then be submitted to classification using the characteristics generated during in the feature extraction process.
The “tailedness” of the likelihood distribution for a real-valued randomised vector is measured by kurtosis. This is stated with the abbreviation Eq. 6.
Skewness is a measure of asymmetrical probability distribution with a true random vector. Based on Eq. 7, the skewness \(\pi _1 \) of the random vector Y is determined.
Though after incorporating machine learning tasks into NNs, previous knowledge integration into the network design is critical for excellent generalization performance. Convolutional neural network achieve its fundamental goal of spatial information practice.
The convolution layers must employ tiny filters \(Q_t \) (e.g. 3x3 to the maximum as 5x5), depending on a \(Stride=1 \), and filling the input vector using 0 s, despite the fully connected layers not changing the given spatial size of the input. The suggested method is used to optimize the filter length \(R_T \) as well as the amount of filters \(R_O \) in this paper.
Suppose that the Fully connected layer is dm. As a result, the layer \(bk'u \) input comprises \(q_1^{(dm-1)} \) extracted features from the previous layers, each with a size of \(q_2^{(dm-1)}\times q_3^{(dm-1)} \). Even when\(dm=1 \), the source remains the only information dm, that is made up of one or even more streams, and which receives raw information as input to convolutional neural network. The result of the layer dm comprises \(q_1^{dm} \) characteristics maps of length \(q_2^{dm}\times q_3^{dm}.\widehat{Y}_j^{\;dm} \). The j-th characteristics maps in layer dm is delineated by \(\widehat{Y}_j^{dm} \) which is defined according to Eq. 8.
Where \(E_{{}_j}^{\left( dm\right) } \) represents the biased 2D array, and \(Q_{j.k}^{(dm)} \)represents the filter of length \(2t_1^{dm}+1\times 2s_2^{dm}+1 \) coupling the \(k^{th} \) characteristics map in a layer \(dm-1 \) with the characteristics map in dm. The length of the result characteristics graph was determined using Eq. 9.
\(Q_{j.k}^{\left( dm\right) }=Q_{j.l}^{\left( dm\right) } \) as \(k\ne l \) are repeatedly used to measure the uniqueness of the fixed characteristic map for \(k=l \). All characteristics map \(\widehat{Y}_j^{dm} \) in the layer dm is made up of matrix of \(q_2^{dm}.q_3^{dm} \) components. Eqs. 10 and 11 show how to determine the result based upon on the component at location \(\left( h,i\right) \).
In this case, \(Q_{j,k}^{\left( dm\right) } \) is the connection’s adaptable load, and \(E_j^{dm} \) is the biased 2D array. Subsampling is used to assess the \(v_1^{dm} \) and \(v_2^{dm} \) skipping coefficients. Before applying the filter, the basic concept is to set the pixel count in both the longitudinal and transverse directions. While utilizing the skip rate, Eq. 12 is utilized to compute the dimension of the output feature maps.
If dm be a non-linearity layer, with \(\widehat{Y}_j^{dm} \) 1 feature maps as input and \(q_1^{dm}\;=q_1^{\left( dm-1\right) } \) feature maps as output, with \(q_2^{\left( dm-1\right) }\times q_3^{\left( dm-1\right) } \) as the dimension of each, as stated in Eq. 13.
The activation function in layer dm is denoted by the letter g, and it operates on a point-by-point basis. The suggested modified optimization method is used in this paper to efficiently tuning the activation function. Equation 14 is used to calculate the additional gain coefficient.
Consider the correction layer to be dm. With the feature maps, each element does have an exact value and therefore is assessed using Eq. 15 with \(q_1^{(dm-1)} \) feature map each of size \(q_2^{(dm-1)}\times q_3^{(dm-1)} \) as an input.
The output has the \(q_1^{dm}=q_1^{(dm-1)} \) feature maps without any change in size because the absolute value is assessed an order to enhance.
Using dm as the pooling layer, and results consisting of \(q_1^{dm}=q_1^{(dm-1)} \) feature maps with the smallest size. Pooling allows for the subsampling of feature maps by positioning the viewing windows at distinct places on every characteristic map and keeping a single value for each window. This layer distinguishes between two types of pooling as following.
When the boxcar filter is used, the procedure is known as Average Pooling and is denoted by the letters \(R_{average} \)
Every window’s maximum value is considered to still be in max-pooling and is represented utilizing \(R_{maximum} \)
Suppose that dm is the convolutional layer. If the level \(dm-1 \) is not properly configured, the layer dm receives input apart from \(q_1^{(dm-1)} \) feature maps with sizes of \(q_2^{\left( dm-1\right) }\times q_3^{\left( dm-1\right) } \), and the k level having \(j^{th} \)-th unit is assessed according to Eq. 16.
4 Optimized performance to Resolve Difficulties with Optimization
4.1 The Solution Encode
The paper offers a new revolutionary updated technique that fine-tunes specific Convolutional Neural Network parameters in order to achieve accurate identification of an attack. Here, \(Q_\delta \) denotes the number of filtering in the convolution level, \(Q_T \) is the size of the filter, and g is the transfer function. \(Q_\delta \) and \(Q_T \) are almost certainly in the 1 to 25 range. This activation function varies depending on the performance of each of the nine apps employed in this study.
4.2 Method for Improved Optimization
Imagine a projectile going in a homogeneity, directed gravity field, with a non-zero beginning velocity in the horizontal direction, according to Newton’s law. The projectile that was ejected at an edge \(\varOmega \) has supplied the velocity g (the stagnation point and the gravity gradient direction are perpendicular to one another) and is starting to move in the parabolic direction as shown in Eq. 18, within the coordinate \(\left( m,c\right) \), where the acceleration due to gravity is embodied as hs.
For just a clear answer, the suggested modified optimization algorithm has the following steps:
-
1.
Pick an angle value of \(\varOmega _0 \) at randomly.
-
2.
Adjust the count of iterations to \(j=0 \) and substitute \(\varOmega ^{j}=\varOmega _0 \)for the goal function value \(G_{object}\left( \varOmega _0\right) \)
-
3.
Draw a correction angle: \(\lambda ^{j}\lambda ^{j}>0,\;hs(\lambda ^{j})=\left( \cos \left( \lambda ^{j}\right) \right) ^{-1} \) for \(\lambda ^{j}\le 0,hs\left( \lambda ^{j}\right) =\cos \left( \lambda ^{j}\right) \).
-
4.
Sketch a correction angle \(\rho ^{j} \), for \(\rho ^{j}>0,\;hs\left( \rho ^{j}\right) =\left( \cos \left( \rho ^{j}\right) \right) ^{-1}, \) for \(\rho ^{j}\le 0,\;hs\left( \rho ^{j}\right) =\cos \left( \rho ^{j}\right) \)
-
5.
Calculate the adjusted angle of the solution. A new plan is used in this step: firstly, a random vector s is given, as well as a threshold lets say, 0.5. If s increases a certain given threshold value, the adjusted angles is estimated using Eq. 19. In all other cases, the estimate of the adjusted angle is relied on Eq. 20.
6. Asses the objective function value \(G_{object}\left( \varOmega ^{j+1}\right) \).
7. The calculation is completed if \(\vert G_{object}\left( \varOmega ^{j+1}\right) \;-\;G_{object}\left( \varOmega _0\right) \vert <\zeta \) Alternatively, proceed to step 3, where the condition utilized to finish the computation is known as \(\zeta \).
8. \(\varOmega _t=\varOmega ^{j+1} \) is the optimum angle.
5 Results and analysis
Python was used to implement the proposed attack detection system. archiveicsuciedu (2021) was used to download the seven programmes used in this study. Under Mirai and GAF-GYT attacks, two different calculations were done. The efficiency of the proposed approach was also compared to those of other existing approaches like FAE-GWO-DBN, AIG (Pijarski and Kacejko 2019), and DCNN (Li et al. 2020). Furthermore, the discussion included both positive and negative measures. Reliability, sensitivities, clarity, and specificity, as well as NPV, MCC, and F\(_{1}\)-score, are positive measurements, while FPR, FNR, and FDR are negative measures.
The proposed method is assessed using positive performance indicators under the observation of the Mirai assault for seven applications (Figs. 4, 5, 6, 7, 8, 9, 10). In actuality, the performance is said to be greater if they retain optimum value in comparison to other existing models. The proposed method for application 3 obtains improved accuracy, with 60.14%, 3.10%, and 5.46% higher consistency than DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN, correspondingly. Similarly, in terms of accuracy measurement, the proposed technique outperforms traditional models such as DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN by 69.76%, 3.27%, and 22.68% accordingly. The recognized model’s sensitivity spans between 98% to 99.9%, whereas other existing methods have a smaller containing compounds. Furthermore, for application 2, the established model is 11.06%, 3.72%, and 78.47% better than FAE-GWO-DBN, AIG, and DCNN accordingly, in terms of F\(_{1}\)-score in Figs. 8, 9 and 10. In terms of MCC, the suggested model outperforms previous comparable models, with a result of 98%-\(-\)99.9%. So far, the findings have been positive for other important outcomes and are examined for superior performance, validating the suggested work’s improved performance.
The suggested model’s performance is compared to that of standard models with respect to of negative metrics. Figures 11, 12 and 13 demonstrates that. The effectiveness of the constructed model is scrutinized in light of several negative measures during the Mirai attack. It is noticed that the smallest value of positive measurements demonstrates simple capital detection mechanism, that the suggested work satisfies. According to this, When the FPR is taken into account, the suggested layout for application 4 has the lowest FPR, which is 98.4%, 67.15%, and 91.46% higher than DCNN, Algorithm of the Innovative Gunner, and FAE-GWO-DBN, accordingly. In this proposed work, the FPR estimate under the Mirai assault has obtained the lowest magnitudes in terms of error, that are in the range of 0.00%–0.01%. The FNR and FDR error measures are also analyzed and examined for each of the nine instances. As a consequence, the desired outcomes are realized. As a consequence, the results show that previous work on these low error metrics has improved.
Figures 14, 15, 16, 17, 18, 19 and 20 show the performance of the community center during the identification of the GAF-GYT assault. For each of the seven applications, the suggested work is evaluated against standard terms. The greatest value of a positive measure automatically indicates that the system’s situation has improved. Under these settings, the established model for classification accuracy is 65.34%, 3.02%, and 4.14% better than the standard model for application 1 from DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN, accordingly. However, using the sensitive measurement, the suggested work’s effectiveness in applications 5 is 24.09%, 4.98%, and 22.34% better than DCNN, Algorithm of the Innovative Gunner, and FAEGWO-DBN, accordingly. In terms of precision, the created model achieves higher average value than other standard terms, ranging from 97% to 99.99%. For all the other applications requiring positive measures, the entire performance is evaluated, and the resulting charts are produced. Overall, the findings show that the suggested approach outperforms other conventional approaches on all good criteria.
Figures 21, 22 and 23 depicts the suggested work’s effectiveness against other comparable method in terms of some unfavorable measures. For all nine applications using the negative measure, the existing study is assessed under the identification of the GAF-GYT assault. For the FDR measure of application 3, the proposed model outperforms the comparison methods with the lowest FDR value, which are 87.91%, 57.40%, and 88.67% greater to DCNN, Algorithm of the Innovative Gunner, and FAE-GWO-DBN, respectively. Furthermore, the FPR magnitude of the suggested approach is modest, averaging around 0.01%, whereas other existing methods perform poorly with higher FPR values. Overall, the suggested method outperforms the competition in terms of preventing malicious involving negative indicators.
Tables 2, 3, 4, 5, 6, 7 and 8 and Fig. 24, 25, 26, 27 , 28, 29 and 30 shows the comparisons of the performances of mean, median, standard deviation, Kurtosis and Skewness when used as feature selection for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for GAFGYT attack.
Tables 9, 10, 11, 12, 13, 14 and 15 and Figs. 31, 32, 33, 34, 35, 36 and 37 shows the comparisons of the performances of mean, median, standard deviation, Kurtosis and Skewness when used as feature selection for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for Mirai attack.
Tables 16, 17, 18, 19, 20, 21 and 22 and Figs. 38, 39, 40, 41, 42, 43 and 44 shows the comparisons of the performances of without normalization and feature selection, Mutual_Info_Classif (Only Mutual_Info_classif feature selection but no normalization method), N and Mutual_Info_classif (Info_classif feature selection with Normalization) for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for GAFGYT attack.
Tables 23, 24, 25, 26, 27, 28 and 29 and Figs. 45, 46, 47, 48, 49, 50 and 51 shows the comparisons of the performances of without normalization and feature selection, Mutual_info_classif (Only Mutual_info_classif feature selection but no Normalization method), N and Mutual_Info (F_classif feature selection with Normalization) for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for Mirai attack.
6 Conclusions and future scope
A unique intrusion detection method was introduced in this work by interlinking the DevOps architecture with 2 steps: extraction of features and classifying of them. The data processing from each application was done in the early stages of feature extraction by combining the statistics and higher-order descriptors with the existing features. Moreover, an optimized DCNN approach was used to develop the classification process using these retrieved features. Furthermore, a unique method was used to optimize the number of filtering and size of the filters in the fully connected layers, also the input vector. This study describes a method for detecting attacks on WSN. A unique method is used to deal with the optimization concerns. Furthermore, the adopted work’s performance is much better in comparison to that of other traditional models in terms of accuracy, FNR, sensitivity, MCC, specificity, FDR, FPR, and NPV, F\(_{1}\)-score under the GAF-GYT as well as Mirai attacks. In terms of negative measurements, it can be demonstrated that the model developed performs more effectively when contrasting the suggested approach to the latest techniques for recognizing assaults. This is due to the suggested algorithm’s quick pace in tackling diverse optimization problems. It also has a high level of quality. This paper compares the performances of without normalization and feature selection, F_Classif (Only F_classif feature selection but no Normalization method), N and F_classif (F_classif feature selection with Normalization) for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for GAF-GYT and Mirai attacks. In the case of application 3, the developed approach outperforms the DCNN, Algorithm of the Innovative Gunner, and FAE-GWO-DBN methods by 60.14%, 3.10%, and 5.46%, accordingly. Furthermore, the suggested model for applications four achieves a low FPR, which is better than FAE-GWO-DBN, AIG, AND DCNN techniques by 91.46%, 67.15%, and 98.4%, respectively. Furthermore, the proposed technique outperforms the DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN methods by 69.76%, 3.27%, and 22.68%, respectively. As a result, the improved results demonstrate the proposed algorithm’s superiority to previous designs. Other deep learning approaches and metaheuristics algorithms may be applied in the future to increase the performance of intrusion detection systems.
References
Alauthman M, Aslam N, Al-kasassbeh M, Suleman Khan KK, Choo R (2020) An efficient reinforcement learning-based Botnet detection approach. J Netw Comput Appl 150(15):102479
Alfan G, Syafrudin M, Farooq U, Ma’arif MR, Rhee J (2020) Improving efficiency of RFID-based traceability system for perishable food by utilizing IoT sensors and machine learning model. Food Control 110:107016
archiveicsuciedu (2021) archive.ics.uci. https://archive.ics.uci.edu/ml/datasets/detection_of_IoT_botnet_attacks_N_BaIoT#
Asadi M, Ali M, Jamali J, Parsa S, Majidnezhad V (2020) Detecting botnet by using particle swarm optimization algorithm based on voting system. Futur Gener Comput Syst 107:95–111
Azar J, Makhoul A, Barhamgi M, Couturier R (2019) An energy efficient IoT data compression approach for edge machine learning. Futur Gener Comput Syst 96:168–175
Baig ZA, Sanguanpong S, Naeem Firdous S, Nhan Vo V, So-In C (2020) Averaged dependence estimators for DoS attack detection in IoT networks. Futur Gener Comput Syst 102:198–209
Chen Y, Kintis P, Antonakakis M, Nadji Y, Farrell M (2017) Measuring lower bounds of the financial abuse to online advertisers: a four year case study of the TDSS/TDL4 Botnet. Comput Secur 67:164–180
Cheng JCP, Chen W, Chen K, Wang Q (2020) Data-driven predictive maintenance planning framework for MEP components based on BIM and IoT using machine learning algorithms. Autom Construct 112:103087
Giridhar Reddy B, Sai Ambati L (2020) A novel framework for crop pests and disease identification using social media. In: MWAIS 2020 proceedings 9
Hasan M, Islam M, Zarif I, Hashem MMA (2019) Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 7:100059
Ho J (2018) Efficient and robust detection of code-reuse attacks through probabilistic packet inspection in industrial IoT device. IEEE Access 6:54343–54354
Jung W, Zhao H, Sun M, Zhou G (2020) IoT botnet detection via power consumption modelling. Smart Health 15:100–103
Klassen M, Yang N (2012) Anomaly based intrusion detection in wireless networks using Bayesian classifier. In: 2012 IEEE fifth international conference on advanced computational intelligence (ICACI)
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Futur Gener Comput Syst 100:779–796
Li Y, Yingying X, Liu Z, Hou H, Cui L (2020) Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Measurement 154(15):107450
Liu L, Ma Z, Meng W (1989) Detection of multiple-mix-attack malicious nodes using perceptron-based trust in IoT networks. Futur Gener Comput Syst 101:865–879
Maleh Y, Ezzati A, Qasmaoui Y, Mbida M (2015) A global hybrid intrusion detection system for wireless sensor networks. Procedia Comput Sci 52:1047–1052. https://doi.org/10.1016/j.procs.2015.05.108
Mourabit YE, Toumanari A, Bouirden A, Moussaid NE (2015) Intrusion detection techniques in wireless sensor network using data mining algorithms: comparative evaluation based on attacks detection. Int J Adv Comput Sci Appl. https://doi.org/10.14569/IJACSA.2015.060922
Mousavi SH, Khansari M, Rahmani R (2020) A fully scalable big data framework for Botnet detection based on network trafic analysis. Inf Sci 512:629–640
Murali S, Jamalipour A (2020) A lightweight intrusion detection for Sybil attack under mobile RPL in the Internet of Things. IEEE Internet Things J 7(1):379–388
Nguyen HT, Ngo QD, Nguyen DH, Le Van-Hoang (2020) PSI-rooted subgraph: a novel feature for IoT botnet detection using classifier algorithms. ICT Express 6(2):128–138. https://doi.org/10.1016/j.icte.2019.12.001
Pijarski P, Kacejko P (2019) A new metaheuristic optimization method: the algorithm of the innovative gunner (AIG). Eng Optim 51(12):2049–2068
Pour MS, Mangino A, Friday K, Rathbun M, Ghan N (2020) On data-driven curation, learning and analysis for inferring evolving internet-of-things (IoT) botnets in the wild. Comput Secur 91:101707
Sandhya G, Julian A (2014) Intrusion detection in wireless sensor networks using genetic K-means algorithm. In: 2014 IEEE international conference on advanced communications, control and computing technologies
Sarma SK (2021) Optimally configured deep convolutional neural network for attack detection in internet of things: impact of algorithm of the innovative gunner. Wireless Pers Commun 118:239–260
Shafq M, Tian Z, Sun Y, Xiaojiang D (2020) Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Futur Gener Comput Syst 107:433–442
Shailendra Rathore J, Park H (2018) Semi-supervised learning based distributed attack detection framework for IoT. Appl Soft Comput 72:79–89
Shaon MNA, Ferens K (2015) Wireless sensor network wormhole detection using an artificial neural network. In: International conference of wireless networks. Las Vegas, USA, pp 115–120
Sharma S, Singh H, Sarkar M, A (2023) Detection of Mirai and GAF-GYT attack in wireless sensor network. In: Hemanth, J, Pelusi, D, Chen, IZ J (eds) Cyber physical systems and internet of things. ICoICI 2022. Engineering cyber-physical systems and critical infrastructures, Springer, vol 3
Sherazi HHR, Iqbal R, Ahmad F, Khan ZA, Chaudary MH (2019) DDoS attack detection: a key enabler for sustainable communication in internet of vehicles. Sustain Comput Inf Syst 23:13–20. https://doi.org/10.1016/j.suscom.2019.05.002
Singh M, Dutta N, Singh TR, Nandi U (2020) A technique to detect wormhole attack in wireless sensor network using artificial neural network. In: Suma V, et al (eds) Evolutionary computing and mobile sustainable networks, Lecture notes on data engineering and communications technologies, Springer, Singapore, vol 53, pp 297–307, https://doi.org/10.1007/978-981-15-5258-8_29
Singh R, Singh J (2017) Fuzzy based advanced hybrid intrusion detection system to detect malicious nodes in wireless sensor networks. Wirel Commun Mobile Comput. https://doi.org/10.1155/2017/3548607
Funding
There is no funding involve in this research.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
No conflict of Interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sharma, H.S., Sarkar, A. & Singh, M.M. An efficient deep learning-based solution for network intrusion detection in wireless sensor network. Int J Syst Assur Eng Manag 14, 2423–2446 (2023). https://doi.org/10.1007/s13198-023-02090-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-023-02090-0