1 Introduction

The safety and confidentiality of data must be ensured in the modern world. A variety of fields, including essential infrastructure, healthcare for all, smart cities, autonomous vehicles, etc., benefit from the use of wireless sensor networks (WSN). In the upcoming years, the WSN’s utilization will increase dramatically and it will play a significant role in new technical advancements. As a result, the WSN’s information safety has expanded along with the network’s increasing sensor node count and the amount of information it generates. In WSNs, nodes in the network (sensor nodes) continually acquire perceived information gathered from surroundings and transfer it to the central station via neighboring nodes.

Loss of information while transmission of information is possible as a result of various equipment, network, or attack flaws. More study and research in this field is required to reduce the danger of data loss as a result of security assaults in WSNs. The safeguarding of sensor nodes’ activities is necessary for WSN security. Additionally, the vast majority of sensor nodes have network-level connections to outside sources. It is discovered that many WSNs are attackable and are severely harmed. They are significantly impacted because of their lack of capacity to defend. Separately, an attacker will have penetrated the IP layer and gained authority over the WSN node, that the attacker may exploit maliciously. Alternatively, the attacker may have penetrated several security measures in various neighbouring sensor nodes connected to that. vide a broad attack vector, the Mirai botnet (Pour et al. 2020; Koroniotis et al. 2019; Chen et al. 2017) developed a list of gadgets with sensors that were vulnerable. The botnet built up a huge network and was able to generate 600 GB of data every second by installing infected bots, including routers and video cameras. As a result of the assault, several Mirai variants have appeared, taking advantage of sensor nodes’ vulnerabilities. Numerous studies on botnet detection have subsequently been reported. Identifying botnets in the WSN while they remain within the targeted node is a challenge for these research. The signature-based strategy and the data analysis-based method are the two main strategies that are commonly used to address issues in the present research. The signature-based strategy produces complexity since the abnormalities and attacks have been documented in the database (Alauthman et al. 2020; Asadi et al. 2020; Mousavi et al. 2020; Jung et al. 2020). Specialists from a variety of disciplines (Giridhar Reddy and Sai Ambati 2020) are paying close focus on computational intelligence techniques. These methods, however, need a substantial amount of tagged cases. Therefore, more research in this area is required for the most accurate identification of WSN threats. It can be susceptible to attack as a consequence. The operational method is quicker when employing an analysis of data technique than it is with existing ways, and the issue of unanticipated dangers is easily handled. Additionally, a number of machine learning methods (Azar et al. 2019; Alfan et al. 2020; Shafq et al. 2020; Cheng et al. 2020), both supervised and unsupervised, are being used to improve the accuracy of WSN detection of attacks. The labelled data is used by the machine learning with supervision methods, and each instance has a label that describes a certain sort of assault. To detect WSN attacks, supervised models for machine learning such as neural networks, K-nearest neighbour, deep learning, and support vector machines were utilized.

The primary difficulties are:

  1. 1.

    A unique intrusion detection method, as well as robust feature extraction and classification approaches, are required.

  2. 2.

    To improve the identification of attacks precision and accuracy, a model that uses deep learning is needed.

  3. 3.

    An efficient approach is required to optimize the number of filters and their size in CNN.

This method has several objectives, listed as follows:

  1. 1.

    Analyzing information from each app by combining statistical and advanced statistical characteristics with existing features during the feature extraction step.

  2. 2.

    A deep convolutional neural network (DCNN) model is used to develop the classification framework that focuses on the retrieved characteristics.

  3. 3.

    The effectiveness of the recommended approach is tested through tests, and the results show that it functions better than comparable methods already in use.

The various contributions provided by this article are outlined as follows:

  1. 1.

    A novel intrusion detection approach is as developed by connecting the DevOps architecture with two steps: feature extraction and classification. Each application’s data was processed early in the feature extraction process by integrating statistics and higher-order descriptors with the current features.

  2. 2.

    The classification algorithm is developed employing these extracted features using an enhanced DCNN technique.

  3. 3.

    A novel approach is employed to minimize the number of filters and filter size in both the fully connected layers and the input vector.

  4. 4.

    In regards to sensitivity, accuracy, and specificity, as well as TPR (True_Positive_Rate), TNR (True_Negative_Rate), PPV (Positive_Precdictive_Value ), NPV (Negative_Predictive_Value), FPR (False_Positive_Rate), FNR (False_Negative_Rate), FDR (False_Discovery_Rate), MCC (Mathews_Correlation_Coefficient), and F1-score under the GAF-GYT and Mirai attacks the suggested work does better than other standard approaches.

  5. 5.

    In application 3, the proposed methodology beats the DCNN, Innovative Gunner Algorithm, and FAE-GWO-DBN (Pijarski and Kacejko 2019) approaches by 60.14 %, 3.10 %, and 5.46 %, respectively. Furthermore, the recommended approach for application 4 has a low FPR, that is superior by 91.46 %, 67.15 %, and 98.4 %, respectively, than FAE-GWO-DBN, AIG, and DCNN approaches. The suggested strategy also beats the DCNN, Innovative Gunner Algorithm, and FAE-GWO-DBN techniques by 69.76 %, 3.27 %, and 22.68 %, respectively.

Related work is explained in Sect. 2. Section 3 presents the suggested technique. Section 4 presents the enhanced optimisation for resolving optimization problems. The evaluation and outcomes are covered in Sect. 5. The findings and future scope are included in Sect. 6, along with references at the end.

2 Related Work

Klassen and Yang (202) proposed an anomaly-based intrusion detection employing the Bayesian classifier in WSN. They investigated an Adhoc network with three types of attacks i.e. a DoS attack, black hole attack, and malicious attack to study if any harmful activities can be detected in time. A network having 33 numbers of nodes following AODV was built and collected the traffic data. Singh and Singh (2017) offered an AHIDS (advanced hybrid intrusion detection system) using a multilayered perceptron NN (neural network) containing the supervised learning network’s feed forward neural networks and backpropagation neural network based on the fuzzy logic mechanism. The suggested mechanism identifies and defends wormhole and Sybil assaults in WSN against hello flooding. Shaon and Ferens (2015), proposed a technique for the detection of wormhole intrusions in WSN utilizing an Artificial Neural Network (ANN).

The suggested work’s primary goal is to identify wormhole assaults in both uniform and non-uniform environments. Singh et al. (2020)demonstrated a method for detecting wormhole attacks in WSNs using ANN. Sherazi et al. (2019) addressed Intrusion Prevention System (IPS)-based protection and recommended a Q-learning and fuzzy logic strategy. The investigation was conducted using a tuple of four parameters as its foundation. On a 6BR machine that continuously evaluates internet packets, the suggested technique included techniques for Q-Learning and Fuzzy Logic. They noticed that DDoS-induced communication bottleneck was caused by packets flooding. Mourabit et al. (2015) used Random Tree, NaiveBayes, K-means, and Support Vector Machine algorithms to recognize various forms of attacks, including spoofed, changed, or replayed routing data attack, Picked forwarding attack, sinkhole attack, tampering, jamming, Sybil, Hello floods, and spoofing of acknowledgement. Sandhya and Julian (2014) proposed an IDS (intrusion detection system) by using K-means. The end result was an elevated probability of identification and a low incidence of false alarms. The proposed system using K-means proved to be suitable for dynamic environments. The system intelligently analyzed the generated intrusion alerts and new attacks are also detected that lacks intrusion signature on the basis of genetic K-means algorithm. Maleh et al. (2015) proposed an SVM (Support vector machines) based hybrid IDS (intrusion detection system) for wireless sensor network. A detection technique and a learning algorithm was used based on SVM to identify intrusion based on the signatures of the attack. Ho (2018) created a methodology in 2018 that combines probabilistic assessments and SPRT packets put into industrial IoT devices to effectively and reliably discover code-reuse concerns. The suggested attack detection method was evaluated and tested in commercial Internet-of-Thing devices. Numerous tests have revealed that the suggested approach has produced averaged detection precision for both a large and small collection of coding reused packets. In 2018, Shailendra Rathore and Park (2018) introduced an attack detection technique that utilizes fog computing that relies on a recently developed ESFCM framework and fog computing hypothesis. Semi-supervised fuzzy c-means has been employed in both the ESFCM approach for processing labelled data and an ELM strategy for improving the accuracy of classification in a more rapid detection rate. The created model outperforms the centralized intrusion detection process, according to the computations using the NSLKDD database. In specifically, the devised approach attained an identification time of 11 milliseconds and an accuracy of 86.53%. To precisely recognise anomalies and attacks in IoT gadgets, Hasan et al. (2019) focused on analyzing the outcomes across multiple ML approaches. ML techniques employed in the present research were Decision Trees (DT), Linear Regression, Artificial Neural Network (ANN), Support Vector Machines, and Random Forest (RF). Note that the study’s results have been distinguished using precision, F1-score, and area beneath the Receiver Operating Characteristic Curve. A 99.4% accuracy rate was attained for DT, RF, and ANN. Overall, the analysis shows that Random forest works better than other classifiers. In 2019, Liu et al. (1989) introduced the idea of a "multiple-mix-attack approach." Then, the PD prototype perceptron and K-means approach was developed for recognizing intruders and determining the level of confidence in sensor nodes. Employing PDE, an updated perceptron modelling learning technique, the identification rate was increased. The network route was made better to do this. The exploratory investigation showed that PDE and PD had superior detection of dangerous nodes in comparison to other similar algorithms with more accuracy rates. In 2020, Baig et al. (2020) suggested a denial-of-service (DoS) assault strategy that involved sending a large number of network packets to a specific set of network node sensors. This denial-of-service assault has the potential to impair normal operations and result in devastating losses for emergency services. As a part of this experiment, an intelligent DoS detection strategy has been created, which includes components for feature ranking and creation, testing and training, and data production. For this suggested framework, an experimental evaluation was conducted using real-world IoT threat scenarios. As a consequence, the applied work has obtained higher accuracy as compared to classification techniques. To protect the health sector from harmful cyberattacks, Jung et al. (2020) plan to categorize IoT devices that are influenced by malevolent activities based on power consumption patterns in 2020. A CNN-based deep learning method, consisting of an eight layer convolutional neural network and a unit for processing of data, has been built for this goal. To help the CNN in achieving better precision, the data was segmented and normalized before it was deployed. The efficiency was calculated by running cross-device assessments, leave-one-botnet-out assessments, self-evaluation, and leave-one-device-out assessments on three common Internet-of-Things device types: routers, digital assistant systems, and security cameras, and the results showed that the efficiency seemed to be better in the accuracy rate. Nguyen et al. (2020) contributed several advances to IoT intrusion detection in 2020. A PSI-rooted functionality based on subgraphs was generally supplied to identify DDoS assaults. Second, a limited set of attributes with precise behavioral descriptors were created, requiring less processing time and less storage capacity. The resilience and efficiency of suggested characteristics over five machine learning classifiers were therefore justified by the study. As a result, each classifier does have a good suggestion with little processing time and a higher identification rate than existing techniques. In order to ascertain the Sybil assault, Murali and Jamalipour (2020) have developed an ABC-motivated, dynamic assault modeling, and a portable RPL compact intrusion prevention system. In addition, depending on their actions, three different classifications of the Sybil assault were explored. Furthermore, under this Sybil assault, the RPL efficiency was examined in terms of traffic overlay management, energy usage, and packet delivery ratio. Furthermore, the suggested study was evaluated in terms of sensitivities, precision, and specificity measurements.

The distinctive characteristics and difficulties of the most advanced techniques are highlighted in Table 1 below.

Table 1 Contemporary techniques: characteristics and shortcomings
Full size table

3 Proposed methodology

This article presents its meaningful impact on DevOps and proposes a unique concept for ensuring security using a threat detection system. The general idea of DevOps is depicted in Fig. 1. In this proposed threat detection approach, the DevOps architecture covers both development and operations. The developmental scenario is used in the development stage, whereas the operational scenario is used in the operating section (apps). This development end handles the entire work of application security assurance, which is made possible by calculating all applications’ data. The presented WSN intrusion detection procedure manages data security-related assurance, allowing the assaults in WSN to be identified and warnings to be provided to the appropriate applications. In the next section, various steps for detecting an assault in WSN are given.

Fig. 1
figure 1

Proposed threat detection approach

Full size image

The major purpose of this analysis is on detecting WSN assaults, in which a unique intrusion checking approach comprising two steps is developed: extraction of features and classifying them. The information analysis is the first step, and it is taken from a database (archiveicsuciedu 2021) with following seven apps.

  • App1: Samsung_SNH_1011_N_Webcam

  • App2: Danmini_Doorbell

  • App3: Ecobee_Thermostat

  • App4: Ennio_Doorbell

  • App5: Philips_B120N10_Baby_Monitor

  • App6: Provision_PT_737E_Security_Camera

  • App7: SimpleHome_XCS7_1002_WHT_Security_Camera

Those acquired data \(E=\left\{ e_1,e_2,....,e_\alpha \right\} E_{\alpha \times \beta }=\left\{ \begin{array}{l} \begin{array}{cc}\;e_{11}&{}\;e_{12}\\ \;e_{21}&{}\;e_{22}\end{array}\\ \begin{array}{cc}\begin{array}{c}....\\ e_{\alpha 12}\end{array}&{}\begin{array}{c}....\\ e_{\alpha 2}\end{array} \end{array}\end{array}\right. \left. \begin{array}{r}\begin{array}{c}....e_{1\beta }\\ ....e_{2\beta }\end{array}\\ \begin{array}{c}\begin{array}{c}.....\;\;\;\;\\ ....e_{\alpha \beta }\end{array}\end{array}\end{array}\right\} \) from various applications are then subjected to pre-processing, wherein the normalizing is assessed to handle the data within the range of 0 to 1. This is then safely stored for further use. The following section depicts the normalizing procedure.

Database normalization is the process of organizing information in a database and has been performed even before extracting features. The is described in Eq. 1.

$$\begin{aligned} \begin{array}{@{}l}\delta =\displaystyle \frac{\widehat{e_{jk}}}{\displaystyle \underset{j=1\;to\;\gamma , \;k=1\;to\;\delta }{max(\widehat{e_{jk}})}}\end{array} \end{aligned}$$
(1)

The analytical and higher-order statistical characteristics are retrieved from all these normalized data \(Y=\left\{ y_1,y_2,...,y_{\ddot{\beta }}\right\} \) during the feature extraction stage. \(Gu_{1}=g_{1},g_{2},g_{3} \) refers to statistical characteristics like average, median, and standard deviation, whereas\(Gu_2=i_1,i_2,i_3 \) refers to advance statistical characteristics like kurtosis, skewness, and relatively higher-order moments (Sarma 2021; Sharma et al. 2023). Following that, those characteristics are concatenated with the normalized data \(Gu=[Y\;Gu_1\;Gu_2]\), and features are extracted are produced. The categorization process is subsequently carried out with CNN’s assistance. This study employs an optimal situation in which the number of filters, as well as the size of a filter in the convolution layers and the activation function, are ideally optimized to maintain an effective detection performance. The entire concept of the suggested threat detection technique in WSN is shown in Fig. 2.

Fig. 2
figure 2

The concept of the suggested threat detection technique in WSN

Full size image

The statistics that have been incorporated already comprise the current characteristics, as well as statistical and advanced statistical features that have been combined. Mean, median, and standard deviation are statistical properties, whereas higher-order moments, kurtosis, and skewness are advance statistical characteristics. These labels or characteristics were subjected to correlation, resulting in the associated values. Thereafter, the associated data are averaging and evaluated to the precise mean value. As a consequence, the counts of related values with a larger or comparable mean value is recorded. Figure 3 shows a model of the recommended extraction of features in operation.

Fig. 3
figure 3

A model of the recommended extraction of features in action

Full size image

The square root of the variance Y is the standard deviation \(\mu \), which is given in Eq. 2.

$$\begin{aligned} \begin{array}{@{}l}\mu =\sqrt{F\left[ \left( Y-\eta \right) ^{2}\right] }\end{array} \end{aligned}$$
(2)

The variance of an arbitrary parameter Y is the acceptable magnitude of the squared deviation from the average Y,\(\eta =F(Y) \), as is shown in Eq. 3.

$$\begin{aligned} \begin{array}{@{}l}Var(Y)=F\left[ \left( Y-\eta \right) ^{2}\right] \end{array} \end{aligned}$$
(3)

The arithmetic averages are calculated by adding the magnitude of each sample with the available number of samples. The assessment of average is performed utilizing Eq. 4 on a sample including collected data \(y_1,y_2,...,y_{\ddot{n}} \) entries.

$$\begin{aligned} \begin{array}{@{}l}mean(\eta )=\displaystyle \frac{1}{\ddot{\beta }}\ddot{\ddot{\beta }}{\underset{j=1}{\sum \;\;}}y_{j,}\end{array} \end{aligned}$$
(4)

The moment is a numerical measure of a function’s form. On the basis of Eq. 5, the \(\ddot{\beta } \)-th instant of a function \(f\left( \widehat{y}\right) \) of an real variable \({\ddot{d}} \) is given.

$$\begin{aligned} \begin{array}{@{}l}\eta _{\ddot{\beta }}=\int _{-\infty }^\infty (y-\ddot{d})^{\ddot{\beta }} f(y)dy\end{array} \end{aligned}$$
(5)

The merged information Gu would then be submitted to classification using the characteristics generated during in the feature extraction process.

The “tailedness” of the likelihood distribution for a real-valued randomised vector is measured by kurtosis. This is stated with the abbreviation Eq. 6.

$$\begin{aligned} \begin{array}{@{}l}Kurt(Y)=F\left[ \left( \displaystyle \frac{(Y-\eta )}{\mu }\right) ^{4}\right] \end{array} \end{aligned}$$
(6)

Skewness is a measure of asymmetrical probability distribution with a true random vector. Based on Eq. 7, the skewness \(\pi _1 \) of the random vector Y is determined.

$$\begin{aligned} \begin{array}{@{}l}{\pi }_1=F\left[ \left( \displaystyle \frac{(Y-\eta )}{\mu }\right) ^{3}\right] \end{array} \end{aligned}$$
(7)

Though after incorporating machine learning tasks into NNs, previous knowledge integration into the network design is critical for excellent generalization performance. Convolutional neural network achieve its fundamental goal of spatial information practice.

The convolution layers must employ tiny filters \(Q_t \) (e.g. 3x3 to the maximum as 5x5), depending on a \(Stride=1 \), and filling the input vector using 0 s, despite the fully connected layers not changing the given spatial size of the input. The suggested method is used to optimize the filter length \(R_T \) as well as the amount of filters \(R_O \) in this paper.

Fig. 4
figure 4

Accuracy comparisons in terms of positive measure for Mirai attack

Full size image
Fig. 5
figure 5

Precision comparisons in terms of positive measure for Mirai attack

Full size image
Fig. 6
figure 6

Sensitivity comparisons in terms of positive measure for Mirai attack

Full size image
Fig. 7
figure 7

Specificity comparisons in terms of positive measure for Mirai attack

Full size image
Fig. 8
figure 8

F\(_{1}\)-score comparisons in terms of positive measure for Mirai attack

Full size image
Fig. 9
figure 9

MCC comparisons in terms of positive measure for Mirai attack

Full size image
Fig. 10
figure 10

NPV comparisons in terms of positive measure for Mirai attack

Full size image

Suppose that the Fully connected layer is dm. As a result, the layer \(bk'u \) input comprises \(q_1^{(dm-1)} \) extracted features from the previous layers, each with a size of \(q_2^{(dm-1)}\times q_3^{(dm-1)} \). Even when\(dm=1 \), the source remains the only information dm, that is made up of one or even more streams, and which receives raw information as input to convolutional neural network. The result of the layer dm comprises \(q_1^{dm} \) characteristics maps of length \(q_2^{dm}\times q_3^{dm}.\widehat{Y}_j^{\;dm} \). The j-th characteristics maps in layer dm is delineated by \(\widehat{Y}_j^{dm} \) which is defined according to Eq. 8.

$$\begin{aligned} \begin{array}{@{}l}\widehat{Y}_j^{dm}=E_j^{(dm)}+\sum _{k=1}^{q_1^{(dm-1)}}Q_{j.k}^{(dm)}*\widehat{Y}_k^{\left( dm-1\right) }\end{array} \end{aligned}$$
(8)

Where \(E_{{}_j}^{\left( dm\right) } \) represents the biased 2D array, and \(Q_{j.k}^{(dm)} \)represents the filter of length \(2t_1^{dm}+1\times 2s_2^{dm}+1 \) coupling the \(k^{th} \) characteristics map in a layer \(dm-1 \) with the characteristics map in dm. The length of the result characteristics graph was determined using Eq. 9.

$$\begin{aligned} \begin{array}{@{}l}q_2^{dm}=q_2^{(dm-1)}-2t_1^{dm}and\;q_3^{dm}=q_3^{(dm-1)}-2t_2^{dm}\end{array} \end{aligned}$$
(9)
Fig. 11
figure 11

FDR comparisons in terms of negative measure for Mirai attack

Full size image
Fig. 12
figure 12

FNR comparisons in terms of negative measure for Mirai attack

Full size image
Fig. 13
figure 13

FPR comparisons in terms of negative measure for Mirai attack

Full size image

\(Q_{j.k}^{\left( dm\right) }=Q_{j.l}^{\left( dm\right) } \) as \(k\ne l \) are repeatedly used to measure the uniqueness of the fixed characteristic map for \(k=l \). All characteristics map \(\widehat{Y}_j^{dm} \) in the layer dm is made up of matrix of \(q_2^{dm}.q_3^{dm} \) components. Eqs. 10 and 11 show how to determine the result based upon on the component at location \(\left( h,i\right) \).

$$\begin{aligned} \begin{array}{@{}l}\begin{array}{l}(\widehat{Y}_j^{dm})_{h,i}=(E_l^{(dm)})_{h,i}+\\ \sum _{k=1}^{q_1^{(dm-1)}}\;(q_{j,k}^{(dm)}\;\;*\;\;\widehat{Y}_k^{(dm-1)})_{h,i}\end{array}\end{array} \end{aligned}$$
(10)
$$\begin{aligned} \begin{array}{@{}l}\begin{array}{l}=(E_j^{(dm)})_{h,i}+\\ \sum _{k=1}^{q_1^{(dm-1)}}\;\sum _{e=-t_1^{dm}} ^{t_1^{dm}}\;\sum _{f=-t_2^{dm}}^{t_2^{dm}}\;(Q_{j,k}^{(dm)})_{e,f}(\widehat{Y}_k^{(dm-1)})_{h+e,i+f}\end{array}\end{array} \end{aligned}$$
(11)

In this case, \(Q_{j,k}^{\left( dm\right) } \) is the connection’s adaptable load, and \(E_j^{dm} \) is the biased 2D array. Subsampling is used to assess the \(v_1^{dm} \) and \(v_2^{dm} \) skipping coefficients. Before applying the filter, the basic concept is to set the pixel count in both the longitudinal and transverse directions. While utilizing the skip rate, Eq. 12 is utilized to compute the dimension of the output feature maps.

$$\begin{aligned} \begin{array}{@{}l}\begin{array}{l}q_2^{dm}=\displaystyle \frac{q_2^{(dm-1)}-2t_1^{dm})}{v_1^{dm}+1}\;\;and\\ \;\;q_3^{dm}=\displaystyle \frac{q_3^{(dm-1)}-2t_2^{dm}}{v_2^{dm}+1}\end{array}\end{array} \end{aligned}$$
(12)

If dm be a non-linearity layer, with \(\widehat{Y}_j^{dm} \) 1 feature maps as input and \(q_1^{dm}\;=q_1^{\left( dm-1\right) } \) feature maps as output, with \(q_2^{\left( dm-1\right) }\times q_3^{\left( dm-1\right) } \) as the dimension of each, as stated in Eq. 13.

$$\begin{aligned} \begin{array}{@{}l}\widehat{Y}_j^{dm}=g\left( \widehat{Y}_j^{\left( dm-1\right) }\right) \end{array} \end{aligned}$$
(13)

The activation function in layer dm is denoted by the letter g, and it operates on a point-by-point basis. The suggested modified optimization method is used in this paper to efficiently tuning the activation function. Equation 14 is used to calculate the additional gain coefficient.

$$\begin{aligned} \begin{array}{@{}l}\widehat{Y}_j^{dm}=hb_jg\left( \widehat{Y}_j^{\left( dm-1\right) }\right) \end{array} \end{aligned}$$
(14)

Consider the correction layer to be dm. With the feature maps, each element does have an exact value and therefore is assessed using Eq. 15 with \(q_1^{(dm-1)} \) feature map each of size \(q_2^{(dm-1)}\times q_3^{(dm-1)} \) as an input.

$$\begin{aligned} \begin{array}{l}\widehat{Y}_j^{dm}=\left| \widehat{Y}_j^{dm}\right| \end{array} \end{aligned}$$
(15)

The output has the \(q_1^{dm}=q_1^{(dm-1)} \) feature maps without any change in size because the absolute value is assessed an order to enhance.

Using dm as the pooling layer, and results consisting of \(q_1^{dm}=q_1^{(dm-1)} \) feature maps with the smallest size. Pooling allows for the subsampling of feature maps by positioning the viewing windows at distinct places on every characteristic map and keeping a single value for each window. This layer distinguishes between two types of pooling as following.

When the boxcar filter is used, the procedure is known as Average Pooling and is denoted by the letters \(R_{average} \)

Every window’s maximum value is considered to still be in max-pooling and is represented utilizing \(R_{maximum} \)

Suppose that dm is the convolutional layer. If the level \(dm-1 \) is not properly configured, the layer dm receives input apart from \(q_1^{(dm-1)} \) feature maps with sizes of \(q_2^{\left( dm-1\right) }\times q_3^{\left( dm-1\right) } \), and the k level having \(j^{th} \)-th unit is assessed according to Eq.  16.

$$\begin{aligned} \begin{array}{@{}l}\begin{array}{l}\widehat{y}_j^{dm}=g\left( w_j^{dm}\right) \;with\;w_j^{dm}\\ =\sum _{k=1}^{q_1^{dm-1}}\sum _{h=1}^{q_2^{dm-1}} \sum _{i=1}^{q_3^{dm-1}}X_{j,\;k,\;h,\;i}^{dm}\left( \widehat{Y}_k^{\left( dm-1\right) }\right) \end{array}\end{array} \end{aligned}$$
(16)

4 Optimized performance to Resolve Difficulties with Optimization

4.1 The Solution Encode

The paper offers a new revolutionary updated technique that fine-tunes specific Convolutional Neural Network parameters in order to achieve accurate identification of an attack. Here, \(Q_\delta \) denotes the number of filtering in the convolution level, \(Q_T \) is the size of the filter, and g is the transfer function. \(Q_\delta \) and \(Q_T \) are almost certainly in the 1 to 25 range. This activation function varies depending on the performance of each of the nine apps employed in this study.

$$\begin{aligned} \begin{array}{@{}l}objective=min(error)\end{array} \end{aligned}$$
(17)

4.2 Method for Improved Optimization

Imagine a projectile going in a homogeneity, directed gravity field, with a non-zero beginning velocity in the horizontal direction, according to Newton’s law. The projectile that was ejected at an edge \(\varOmega \) has supplied the velocity g (the stagnation point and the gravity gradient direction are perpendicular to one another) and is starting to move in the parabolic direction as shown in Eq. 18, within the coordinate \(\left( m,c\right) \), where the acceleration due to gravity is embodied as hs.

$$\begin{aligned} \begin{array}{@{}l}c=uh\varOmega .m-\displaystyle \frac{hs.m^{2}}{2.w_0^{2}.\cos ^{2}\varOmega }\end{array} \end{aligned}$$
(18)

For just a clear answer, the suggested modified optimization algorithm has the following steps:

  1. 1.

    Pick an angle value of \(\varOmega _0 \) at randomly.

  2. 2.

    Adjust the count of iterations to \(j=0 \) and substitute \(\varOmega ^{j}=\varOmega _0 \)for the goal function value \(G_{object}\left( \varOmega _0\right) \)

  3. 3.

    Draw a correction angle: \(\lambda ^{j}\lambda ^{j}>0,\;hs(\lambda ^{j})=\left( \cos \left( \lambda ^{j}\right) \right) ^{-1} \) for \(\lambda ^{j}\le 0,hs\left( \lambda ^{j}\right) =\cos \left( \lambda ^{j}\right) \).

  4. 4.

    Sketch a correction angle \(\rho ^{j} \), for \(\rho ^{j}>0,\;hs\left( \rho ^{j}\right) =\left( \cos \left( \rho ^{j}\right) \right) ^{-1}, \) for \(\rho ^{j}\le 0,\;hs\left( \rho ^{j}\right) =\cos \left( \rho ^{j}\right) \)

  5. 5.

    Calculate the adjusted angle of the solution. A new plan is used in this step: firstly, a random vector s is given, as well as a threshold lets say, 0.5. If s increases a certain given threshold value, the adjusted angles is estimated using Eq. 19. In all other cases, the estimate of the adjusted angle is relied on Eq. 20.

Fig. 14
figure 14

Accuracy comparisons in terms of positive measure for GAF-GYT attack

Full size image
Fig. 15
figure 15

Precision comparisons in terms of positive measure for GAF-GYT attack

Full size image
Fig. 16
figure 16

Sensitivity comparisons in terms of positive measure for GAF-GYT attack

Full size image
$$\begin{aligned} \begin{array}{@{}l}\varOmega ^{j+1}=\varOmega ^{j}.hs\left( \lambda ^{j}\right) .hs\left( \rho ^{j}\right) \end{array} \end{aligned}$$
(19)
$$\begin{aligned} \begin{array}{@{}l}\varOmega ^{j+1}=y_{best}+\left( s\;x\;\varOmega ^{j}\right) \end{array} \end{aligned}$$
(20)

6. Asses the objective function value \(G_{object}\left( \varOmega ^{j+1}\right) \).

7. The calculation is completed if \(\vert G_{object}\left( \varOmega ^{j+1}\right) \;-\;G_{object}\left( \varOmega _0\right) \vert <\zeta \) Alternatively, proceed to step 3, where the condition utilized to finish the computation is known as \(\zeta \).

8. \(\varOmega _t=\varOmega ^{j+1} \) is the optimum angle.

Fig. 17
figure 17

Specificity comparisons in terms of positive measure for GAF-GYT attack

Full size image
Fig. 18
figure 18

F\(_{1}\) comparisons in terms of positive measure for GAF-GYT attack

Full size image
Fig. 19
figure 19

MCC comparisons in terms of positive measure for GAF-GYT attack

Full size image
Fig. 20
figure 20

NPV comparisons in terms of positive measure for GAF-GYT attack

Full size image

5 Results and analysis

Python was used to implement the proposed attack detection system. archiveicsuciedu (2021) was used to download the seven programmes used in this study. Under Mirai and GAF-GYT attacks, two different calculations were done. The efficiency of the proposed approach was also compared to those of other existing approaches like FAE-GWO-DBN, AIG (Pijarski and Kacejko 2019), and DCNN (Li et al. 2020). Furthermore, the discussion included both positive and negative measures. Reliability, sensitivities, clarity, and specificity, as well as NPV, MCC, and F\(_{1}\)-score, are positive measurements, while FPR, FNR, and FDR are negative measures.

The proposed method is assessed using positive performance indicators under the observation of the Mirai assault for seven applications (Figs. 4, 5, 6, 7, 8, 9, 10). In actuality, the performance is said to be greater if they retain optimum value in comparison to other existing models. The proposed method for application 3 obtains improved accuracy, with 60.14%, 3.10%, and 5.46% higher consistency than DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN, correspondingly. Similarly, in terms of accuracy measurement, the proposed technique outperforms traditional models such as DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN by 69.76%, 3.27%, and 22.68% accordingly. The recognized model’s sensitivity spans between 98% to 99.9%, whereas other existing methods have a smaller containing compounds. Furthermore, for application 2, the established model is 11.06%, 3.72%, and 78.47% better than FAE-GWO-DBN, AIG, and DCNN accordingly, in terms of F\(_{1}\)-score in Figs. 8, 9 and  10. In terms of MCC, the suggested model outperforms previous comparable models, with a result of 98%-\(-\)99.9%. So far, the findings have been positive for other important outcomes and are examined for superior performance, validating the suggested work’s improved performance.

The suggested model’s performance is compared to that of standard models with respect to of negative metrics. Figures 11, 12 and 13 demonstrates that. The effectiveness of the constructed model is scrutinized in light of several negative measures during the Mirai attack. It is noticed that the smallest value of positive measurements demonstrates simple capital detection mechanism, that the suggested work satisfies. According to this, When the FPR is taken into account, the suggested layout for application 4 has the lowest FPR, which is 98.4%, 67.15%, and 91.46% higher than DCNN, Algorithm of the Innovative Gunner, and FAE-GWO-DBN, accordingly. In this proposed work, the FPR estimate under the Mirai assault has obtained the lowest magnitudes in terms of error, that are in the range of 0.00%–0.01%. The FNR and FDR error measures are also analyzed and examined for each of the nine instances. As a consequence, the desired outcomes are realized. As a consequence, the results show that previous work on these low error metrics has improved.

Figures 14, 15, 16, 17, 18, 19 and 20 show the performance of the community center during the identification of the GAF-GYT assault. For each of the seven applications, the suggested work is evaluated against standard terms. The greatest value of a positive measure automatically indicates that the system’s situation has improved. Under these settings, the established model for classification accuracy is 65.34%, 3.02%, and 4.14% better than the standard model for application 1 from DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN, accordingly. However, using the sensitive measurement, the suggested work’s effectiveness in applications 5 is 24.09%, 4.98%, and 22.34% better than DCNN, Algorithm of the Innovative Gunner, and FAEGWO-DBN, accordingly. In terms of precision, the created model achieves higher average value than other standard terms, ranging from 97% to 99.99%. For all the other applications requiring positive measures, the entire performance is evaluated, and the resulting charts are produced. Overall, the findings show that the suggested approach outperforms other conventional approaches on all good criteria.

Figures 21, 22 and 23 depicts the suggested work’s effectiveness against other comparable method in terms of some unfavorable measures. For all nine applications using the negative measure, the existing study is assessed under the identification of the GAF-GYT assault. For the FDR measure of application 3, the proposed model outperforms the comparison methods with the lowest FDR value, which are 87.91%, 57.40%, and 88.67% greater to DCNN, Algorithm of the Innovative Gunner, and FAE-GWO-DBN, respectively. Furthermore, the FPR magnitude of the suggested approach is modest, averaging around 0.01%, whereas other existing methods perform poorly with higher FPR values. Overall, the suggested method outperforms the competition in terms of preventing malicious involving negative indicators.

Fig. 21
figure 21

FDR comparisons in terms of negative measure for GAF-GYT attack

Full size image

Tables 2, 3, 4, 5, 6, 7 and 8 and Fig.  24, 25, 26, 27 , 28, 29 and 30 shows the comparisons of the performances of mean, median, standard deviation, Kurtosis and Skewness when used as feature selection for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for GAFGYT attack.

Table 2 TPR comparisons of GAFGYT attack
Full size table
Table 3 TNR comparisons of GAFGYT attack
Full size table
Fig. 22
figure 22

FNR comparisons in terms of negative measure for GAF-GYT attack

Full size image
Fig. 23
figure 23

FPR comparisons in terms of negative measure for GAF-GYT attack

Full size image
Table 4 PPV comparisons of GAFGYT attack
Full size table
Table 5 NPV comparisons of GAFGYT attack
Full size table
Table 6 FPR comparisons of GAFGYT attack
Full size table
Fig. 24
figure 24

TPR comparisons graph of GAFGYT attack

Full size image
Fig. 25
figure 25

TNR comparisons graph of GAFGYT attack

Full size image
Fig. 26
figure 26

PPV comparisons graph of GAFGYT attack

Full size image
Fig. 27
figure 27

NPV comparisons graph of GAFGYT attack

Full size image
Table 7 FNR comparisons of GAFGYT attack
Full size table
Table 8 FDR comparisons of GAFGYT attack
Full size table
Fig. 28
figure 28

FPR comparisons graph of GAFGYT attack

Full size image
Fig. 29
figure 29

FNR comparisons graph of GAFGYT attack

Full size image
Fig. 30
figure 30

FDR comparisons graph of GAFGYT attack

Full size image

Tables 9, 10, 11, 12, 13, 14 and  15 and Figs. 31, 32, 33, 34, 35, 36 and 37 shows the comparisons of the performances of mean, median, standard deviation, Kurtosis and Skewness when used as feature selection for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for Mirai attack.

Table 9 TPR comparisons of Mirai attack
Full size table
Table 10 TNR comparisons of Mirai attack
Full size table
Table 11 PPV comparisons of Mirai attack
Full size table
Table 12 NPV comparisons of Mirai attack
Full size table
Fig. 31
figure 31

TPR comparisons graph of Mirai attack

Full size image
Fig. 32
figure 32

TNR comparisons graph of Mirai attack

Full size image
Fig. 33
figure 33

PPV comparisons graph of Mirai attack

Full size image
Fig. 34
figure 34

NPV comparisons graph of Mirai attack

Full size image
Table 13 FPR comparisons of Mirai attack
Full size table
Table 14 FNR comparisons of Mirai attack
Full size table
Table 15 FDR comparisons of Mirai attack
Full size table
Fig. 35
figure 35

FPR comparisons graph of Mirai attack

Full size image
Fig. 36
figure 36

FNR comparisons graph of Mirai attack

Full size image
Fig. 37
figure 37

FDR comparisons graph of Mirai attack

Full size image

Tables 16, 17, 18, 19, 20, 21 and 22 and Figs. 38, 39, 40, 41, 42, 43 and 44 shows the comparisons of the performances of without normalization and feature selection, Mutual_Info_Classif (Only Mutual_Info_classif feature selection but no normalization method), N and Mutual_Info_classif (Info_classif feature selection with Normalization) for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for GAFGYT attack.

Table 16 Normalization and feature selection-guided TPR comparisons of GAFGYT attack
Full size table
Table 17 Normalization and feature selection-guided TNR Comparisons of GAFGYT attack
Full size table
Table 18 Normalization and feature selection-guided PPV comparisons of GAFGYT attack
Full size table
Fig. 38
figure 38

Normalization and feature selection-guided TPR comparisons graph of GAFGYT attack

Full size image
Fig. 39
figure 39

Normalization and feature selection-guided TNR comparisons graph of GAFGYT attack

Full size image
Fig. 40
figure 40

Normalization and feature selection-guided PPV comparisons graph of GAFGYT attack

Full size image
Fig. 41
figure 41

Normalization and feature selection-guided NVP comparisons graph of GAFGYT attack

Full size image
Table 19 Normalization and feature selection-guided NPV comparisons of GAFGYT attack
Full size table
Table 20 Normalization and feature selection-guided FPR comparisons of GAFGYT attack
Full size table
Table 21 Normalization and feature selection-guided FNR comparisons of GAFGYT attack
Full size table
Table 22 Normalization and feature selection-guided FDR comparisons of GAFGYT attack
Full size table
Fig. 42
figure 42

Normalization and feature selection-guided FPR comparisons graph of GAFGYT attack

Full size image
Fig. 43
figure 43

Normalization and feature selection-guided FNR comparisons graph of GAFGYT attack

Full size image
Fig. 44
figure 44

Normalization and feature selection-guided FDR comparisons graph of GAFGYT attack

Full size image

Tables 23, 24, 25, 26, 27, 28 and 29 and Figs. 45, 46, 47, 48, 49, 50 and 51 shows the comparisons of the performances of without normalization and feature selection, Mutual_info_classif (Only Mutual_info_classif feature selection but no Normalization method), N and Mutual_Info (F_classif feature selection with Normalization) for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for Mirai attack.

Table 23 Normalization and feature selection-guided TPR comparisons of Mirai attack
Full size table
Table 24 Normalization and feature selection-guided TNR comparisons of Mirai attack
Full size table
Table 25 Normalization and feature selection-guided PPV comparisons of Mirai attack
Full size table
Table 26 Normalization and feature selection-guided NPV comparisons of Mirai attack
Full size table
Table 27 Normalization and feature selection-guided FPR comparisons of Mirai attack
Full size table
Table 28 Normalization and feature selection-guided FNR comparisons of Mirai attack
Full size table
Fig. 45
figure 45

Normalization and feature selection-guided TPR comparisons graph of Mirai attack

Full size image
Fig. 46
figure 46

Normalization and feature selection-guided TNR comparisons graph of Mirai attack

Full size image
Table 29 Normalization and feature selection-guided FDR comparisons of Mirai attack
Full size table
Fig. 47
figure 47

Normalization and feature selection-guided PPV comparisons graph of Mirai attack

Full size image
Fig. 48
figure 48

Normalization and feature selection-guided NPV comparisons graph of Mirai attack

Full size image

6 Conclusions and future scope

Fig. 49
figure 49

Normalization and feature selection-guided FPR comparisons graph of Mirai attack

Full size image
Fig. 50
figure 50

Normalization and feature selection-guided FNR comparisons graph of Mirai attack

Full size image
Fig. 51
figure 51

Normalization and feature selection-guided FDR comparisons graph of Mirai attack

Full size image

A unique intrusion detection method was introduced in this work by interlinking the DevOps architecture with 2 steps: extraction of features and classifying of them. The data processing from each application was done in the early stages of feature extraction by combining the statistics and higher-order descriptors with the existing features. Moreover, an optimized DCNN approach was used to develop the classification process using these retrieved features. Furthermore, a unique method was used to optimize the number of filtering and size of the filters in the fully connected layers, also the input vector. This study describes a method for detecting attacks on WSN. A unique method is used to deal with the optimization concerns. Furthermore, the adopted work’s performance is much better in comparison to that of other traditional models in terms of accuracy, FNR, sensitivity, MCC, specificity, FDR, FPR, and NPV, F\(_{1}\)-score under the GAF-GYT as well as Mirai attacks. In terms of negative measurements, it can be demonstrated that the model developed performs more effectively when contrasting the suggested approach to the latest techniques for recognizing assaults. This is due to the suggested algorithm’s quick pace in tackling diverse optimization problems. It also has a high level of quality. This paper compares the performances of without normalization and feature selection, F_Classif (Only F_classif feature selection but no Normalization method), N and F_classif (F_classif feature selection with Normalization) for calculating TPR, TNR, PPV, NPV, FPR, FNR, and FDR respectively for GAF-GYT and Mirai attacks. In the case of application 3, the developed approach outperforms the DCNN, Algorithm of the Innovative Gunner, and FAE-GWO-DBN methods by 60.14%, 3.10%, and 5.46%, accordingly. Furthermore, the suggested model for applications four achieves a low FPR, which is better than FAE-GWO-DBN, AIG, AND DCNN techniques by 91.46%, 67.15%, and 98.4%, respectively. Furthermore, the proposed technique outperforms the DCNN, Algorithm of the Innovative Gunner and FAE-GWO-DBN methods by 69.76%, 3.27%, and 22.68%, respectively. As a result, the improved results demonstrate the proposed algorithm’s superiority to previous designs. Other deep learning approaches and metaheuristics algorithms may be applied in the future to increase the performance of intrusion detection systems.