Next Article in Journal
Protecting Sensitive Data in the Information Age: State of the Art and Future Prospects
Next Article in Special Issue
Exploiting Misconfiguration Vulnerabilities in Microsoft’s Azure Active Directory for Privilege Escalation Attacks
Previous Article in Journal
Towards Reliable Baselines for Document-Level Sentiment Analysis in the Czech and Slovak Languages
Previous Article in Special Issue
Automated Penetration Testing Framework for Smart-Home-Based IoT Devices
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Hybrid Deep Learning Model with Self-Improved Optimization Algorithm for Detection of Security Attacks in IoT Environment

1
Department of Computer Science & Applications, Maharshi Dayanand University, Rohtak 124001, India
2
Department of Information Technology, Lord Buddha Education Foundation, Kathmandu 44600, Nepal
3
School of Information, University of California, Berkeley, CA 94720-5800, USA
*
Author to whom correspondence should be addressed.
Future Internet 2022, 14(10), 301; https://doi.org/10.3390/fi14100301
Submission received: 20 September 2022 / Revised: 14 October 2022 / Accepted: 17 October 2022 / Published: 19 October 2022
(This article belongs to the Special Issue Privacy and Cybersecurity in the Artificial Intelligence Age)

Abstract

:
With the growth of the Internet of Things (IoT), security attacks are also rising gradually. Numerous centralized mechanisms have been introduced in the recent past for the detection of attacks in IoT, in which an attack recognition scheme is employed at the network’s vital point, which gathers data from the network and categorizes it as “Attack” or “Normal”. Nevertheless, these schemes were unsuccessful in achieving noteworthy results due to the diverse necessities of IoT devices such as distribution, scalability, lower latency, and resource limits. The present paper proposes a hybrid model for the detection of attacks in an IoT environment that involves three stages. Initially, the higher-order statistical features (kurtosis, variance, moments), mutual information (MI), symmetric uncertainty, information gain ratio (IGR), and relief-based features are extracted. Then, detection takes place using Gated Recurrent Unit (GRU) and Bidirectional Long Short-Term Memory (Bi-LSTM) to recognize the existence of network attacks. For improving the classification accuracy, the weights of Bi-LSTM are optimally tuned via a self-upgraded Cat and Mouse Optimizer (SU-CMO). The improvement of the employed scheme is established concerning a variety of metrics using two distinct datasets which comprise classification accuracy, and index, f-measure and MCC. In terms of all performance measures, the proposed model outperforms both traditional and state-of-the-art techniques.

1. Introduction

IoT has impacted our everyday lives due to its supreme advancement and it is a rising technology that provides an exclusive connection for making available automated operations and services in diverse fields [1]. IoT is perceived as a method with a suitable system interrelated via servers, sensors, and different software. Due to their lesser processing power, IoT appliances are deployed in several security areas. As additional devices are deployed on IoT, security and privacy issues are gaining progressive deliberation [2]. The IoT attacks are leading to implausible losses to IoT networks and even threatening human security. Moreover, IoT networks contain limited characteristics that make attack exposure more difficult. Initially, the range of platforms, hardware, software, and protocols exposes diverse vulnerabilities. Subsequently, higher-rate and lower-rate attacks are widely used by IoT hackers to hack legitimate data [3]. These lower-rate attacks are complicated to notice and reside on the network. Finally, attackers become more intelligent and can vigorously modify their attack strategies as per ecological feedback to avoid detection, making it more complex for defenders to find out consistent patterns to recognize attacks [4].
As the number of IoT devices increases, attackers have many opportunities to negotiate them through malicious email, secrecy attacks, and denial of service (DoS) attacks, amongst other types of attacks [5]. Attacks can come from the channels that unite the IoT elements. The protocols deployed in IoT systems include security issues that affect the whole system. IoT systems are also susceptible to renowned network attacks such as DoS and spoofing of software and appliances [6].
Certain reports declared that 70% of IoT devices are subjected to different network attacks that cause diverse vulnerabilities, such as encryption and password security. The domain wherein IoT is broadly used are smart homes, intellectual transport systems, agriculture, hospitals, earthquake discovery, and so on [7,8]. For the malevolent agents, IoT appliance is vulnerable making the IoT devices a launcher pad for attacks on varied domains [9]. Thereby, a protected IoT infrastructure is essential for protecting IoT devices from attacks. In this paper, a hybrid deep learning model that identifies security attacks in an IoT environment is implemented. Two deep learning model is used: GRU and Bi-LSTM, weights of Bi-LSTM are optimally tuned via a self-upgraded cat and mouse optimizer (SU-CMO) algorithm to refine classification accuracy. Furthermore, two separate datasets are utilized to compare the proposed model’s classification accuracy to other existing schemes.
The present paper follows mainly three steps which are as under:
  • Suggests a new attack detection model in IoT, where various diverse features are derived.
  • Deploys hybrid classifiers such as GRU and BI-LSTM with an optimization strategy to detect attacks.
  • Exploits an SU-CMO model to choose the optimal weights in Bi-LSTM.
Section 2 reviews the work. Section 3 briefs a stepwise description of the proposed model and Section 4 explains about the extraction of diverse features. Section 5 depicts SU-CMO-based hybrid classification. Section 6 illustrates outcomes and the conclusion is presented in Section 7.

2. Literature Review

2.1. Related Work

In 2020, Mandal et al. [1] stated that ML supported various fields for service betterment. Moreover, for having interaction among humans in a single device, IoT acts a major role. Moreover, due to the emergence of digital technology, conveying data with no human communication is possible. In the aspect of privacy and security patterns, ML was deployed. Here, the recognition of intrusion and the challenges of security in IoT were concentrated more. Moreover, a variety of attacks were analyzed depending on surface attacks. Here, the major aim was to develop the effectiveness of recognizing the attacks by executing the ML approach.
In 2021, Kan et al. [10] proposed an attack detection technique for an IoT system depending upon Adaptive APSO-CNN. The APSO-CNN optimized the 1-D CNN constraints. For the fitness of composing technique, the cross-entropy losses of CNN were considered. Additionally, an assessment technique was defined that measured both the prediction and predicted labels to evaluate the anticipated APSO-CNN algorithm. From the simulated outcomes, the efficiency and reliability of APSO-CNN were proven regarding attack detection.
In 2020, Nimbalkar et al. [11] explored various attacks in IoT due to the vulnerabilities in devices. They stated that recognition of attack was a dreary procedure for ML techniques due to the existence of traffic features in IoT systems. Their work offered a feature selection for intrusion detection systems for the revelation of DoS and DDoS attacks. Using the inclusion operation and union operation, the sunsets of features in the developed system were obtained. In the end, the enhancement of deployed scheme was proven.
In 2020, Pecor et al. [12] explained the contribution of IoT to the everyday lives of humans. They established the recognition of traffic in the network and the classification of the detected network. In this work, a large dataset was introduced for detecting the traffic in the network. With the aid of the DN model, they scrutinized binary and multinomial classification.
In 2020, Rahman et al. [13] developed a Scalable ML model for detecting intrusions in IoT-facilitated Smart Cities. Their work addressed the limitations of centralized IDS by proposing semi-distributed and distributed techniques. Additionally, feature extraction and feature selection were performed. For allocating the tasks, parallel ML techniques were developed. Their results obtained provided accuracy and building time performance on attack detection.
In 2020, Atul et al. [14] exposed an effective method for sharing and relocating information for digital communication. Certain system challenges were mentioned namely, failure in service, abnormality, and security barriers. This work analyzed and presented a communication pattern utilizing the EASH approach. The abnormality sources of the communiqué paradigm were differentiated by employing the ML technique. The performance, accuracy, and effectiveness were calculated for the developed method.
In 2021, Krishna and Thangavelu et al. [15] examined the DOS attack in IoT systems. The security issues and attacks, which occurred in IoT devices, were demonstrated. For detecting the attack, two algorithms such as hybrid ML-F were proposed. Here, the developed scheme has attained the utmost performance in classifying the attacks correspondingly.
In 2020, Gu et al. [16] examined the security and privacy issues in IoT with much concentration. They described that IoT attacks were causing implausible defeat to IoT networks and intimidating the security of humans. Here, a reinforcement learning-oriented attack detection scheme was proposed that detected the attack pattern and its conversion. In this work, the IoT traffic features were also explored and entropy-based metrics were used to forecast the attacks in IoT. Furthermore, widespread experiments were performed over the IoT dataset, and the efficiency of the developed model was revealed.
In 2022, Gopali et al. [17] by employing a recurrent neural network including LSTM, can identify anomalies in the Internet of Things environment. In addition, the authors evaluate and contrast deep learning strategies i.e., CNN, reporting on their effectiveness. In this study, it is observed that the LSTM model with the fastest learning rate had the highest accuracy, although it required a longer time to be trained.
In 2022, Ahmed et al. [18] offered a comprehensive analysis of numerous low-rate distributed denial of service (LDDoS) detection algorithms that are being used for SDN. The distributed denial of service (DDoS) assault has recently evolved into the LDDoS attack, which is more difficult to detect and creates more of a challenge. The authors demonstrate that techniques employing deep learning combined with a hybrid model, such as CNN-LSTM and CNN-GRU, may achieve the desired results.
In 2022, Abbas et al. [19] demonstrated that traditional approaches and technologies are ineffective in addressing new security concerns and difficulties, and how machine learning as a promising technology enables the creation of a wide variety of effective ways that can improve the safety and security of the IoT.

2.2. Review

Table 1 shows a review of the approaches used in the detection of attacks in IoT. In [1], an ML algorithm was used to find out the attacks that occurred in the IoT network. High accuracy and lower false rate are identified using the machine learning classification algorithm. However, some of the security issues are not considered in this approach. APSO-CNN was performed in [10], which performs effective and reliable detection of attack in IoT networks, but it does not differentiate the complicated task of interruption. JRip classifier was deployed in [11] and achieved a higher performance, accuracy, and detection rate, but the detection was applied for only a particular dataset. NN was exploited in [12], which offered higher accuracy and performance rate. However, layer specification was not performed using this analysis. In [13], the MLP algorithm was used to detect the attack, which provided a high level of performance and a higher feature set. Furthermore, it tests only detection rate but not efficiency. In [14] attack detection was performed using the EASH algorithm in which a higher rate of accuracy is found. ML-F was used in [15] which provided a higher detection of attacks in IoT networks. However, it does not categorize some of the attacks. The Markov Decision technique was used in [16] for the quick detection of attacks in IoT networks. This attained high accuracy for the feature set. However, ANN was not detected accurately.

3. A Stepwise Description of the Proposed Model

The developed attack detection model comprises three essential phases.
  • Initially, features including “kurtosis, variance, moments, mutual information, symmetric uncertainty, information gain ratio, and relief-based features” are derived.
  • These features are then subjected to optimized GRU and BI-LSTM that recognizes the presence of attacks.
  • Here, the weights of BI-LSTM are optimally tuned via SU-CMO.
Figure 1 depicts the overall framework of the proposed model below.

4. Extraction of Diverse Features

This work extracts the following features from the input data. A brief explanation of the features is as follows:
Kurtosis [20]: “It is a measure that identifies whether the data are light-tailed or heavy-tailed and related to the normal distribution”. Datasets with smaller kurtosis offer minor outliers or tails. In addition, the datasets with high kurtosis provide heavy outliers or tails. The arithmetic formulation of kurtosis KS for univariate data such as Y 1 , Y 2 , … Y k , is articulated in Equation (1).
K S = i = 1 k Y i Y ¯ 4 / k Γ 4 .
The standard deviation is calculated by k value available in the denominator whilst computing the kurtosis.
Variance [21]: It is defined as the mean squared disparity amongst every data point and the center of distribution computed by mean.
Moment [22]: It is the instant probability distribution along with arbitrary variables in probability theory and statistics. It is the ordinary value of a specified integer power difference of the arbitrary variable from the mean. The moments with higher order are related to the shape and spread distribution of the location. The m t h the moment linked to the central moment of a real-valued arbitrary variable Q is the quantity Q ¯ m = e o Q e o Q m , in which, e o stands for the expectation operator. The m t h moment regarding the mean Q ¯ is portrayed for a continuous UPD with f y PDF. The moment is given in Equation (2).
M o m e n t = Q ¯ m = e o Q e o Q m = + y Q ¯ m f y d y .
MI Features: It is defined as the calculation of exchanged information among two ensembles of random variables N and Z It is formulated as revealed in Equation (3), in which, ρ signifies probability.
M I = ρ N , Z l o g 2 ρ N , Z ρ N . ρ Z .
Symmetrical uncertainty: SU computes the features depending upon evaluated SU correlation metrics amongst the class and feature. The MI is calculated as in Equation (4), wherein, MI implies MI, f e stands for features, c l stands for class, and P implies probability function. Further, SU is formulated as in Equation (5), in which E n refers to the entropy function.
M I f e , c l = P f e , c l l o g 2 P f e , c l P f e . P c l
S U f e , c l = 2 M I f e , c l / E n f e . E n c l .
IGR [23]: It is the ratio between information gain I G and split information S I value as shown in Equation (6), where K refers to a random variable, b refers to an attribute and in equation (7) U t i refers to the number of times t i occurs, U t refers to entire event counts and t refers to event sets.
I G R K , b = I G K , b S I K
I G R K , b = i = 1 n P K log P K i = 1 n P K b log P K b i = 1 n U t i U t log 2 U t i U t .
Relief Features: It was modeled for application to binary classification issues with discrete or numerical features. It is modeled as in Equation (8), where Ε i points out the feature vector, the closer same class instance is termed “ n e a r H i t , and the closer different class instance is termed “ n e a r M i s s ”.
R i = R i Ε i n e a r H i t i 2 + Ε i n e a r M i s s i 2 .
The derived features are signified by F e , which are then subjected to hybrid classification.

5. SU-CMO-Based Hybrid Classification

5.1. Hybrid Classifiers

LSTM classifier: It [24] includes a sequence of recurring LSTM cells. Each cell of LSTM encompassed 3 units, such as “forget gate, the input gate, and the output gate”. Presume variables Ζ and D that indicate hidden and cell state in order. X t , D t 1 , Ζ t 1 and Ζ t , D t indicate input and output layers.
At time t , the output, input and forget gate implies O t , I t , F t in that order. LSTM chiefly exploits F t for sorting the data. The sorted data indicate specified partial features connected to the previous gaze direction; F t is formulated as shown in Equation (9).
F t = σ J I F X t + L I F + J Ζ F Ζ t 1 + L Ζ F .
In Equation (9), J Ζ F , L Ζ F and J I F , L I F points out weight and bias constraints to map hidden and input layers to forget gate and activation function is signified by σ .
Input gate is exploited by LSTM as revealed in Equations (10)–(12), wherein, J Ζ G , L Ζ G and J I G , L I G implies weight and bias constraints to map hidden and input layers to the cell gate respectively. J Ζ I , L Ζ I and J I I , L I I imply weight and bias constraints to map hidden and input layers to I t .
G t = tanh J I G X t + L I G + J Ζ G Ζ t 1 + L Ζ G
I t = σ J I I X t + L I I + J Ζ I Ζ t 1 + L Ζ I
D t = F t D t 1 + I t G t
O t = σ J I O X t + L I O + J Ζ O Ζ t 1 + L Ζ O
Ζ t = O t tanh D t .
In addition, the LSTM cell obtains the output hidden layer from the output gate as shown in Equations (13) and (14), in which, J Ζ O , L Ζ O and J I O , L I O represents weight and bias to map the hidden and input layer to O t . Accordingly, the weights of LSTM represented by J are optimally elected by the proposed SU-CMO model.
Bi-GRU [25]: Depending upon RNN, 3 gates named “forget gate, input gate, and output gate and memory cell” are integrated with LSTM for controlling the flow of information across LSTM cells. Similarly, GRU deploys special gates, called reset and update gates, for lessening gradient dispersal with slighter computation losses. The update gate u t substitutes forget and input gates of LSTM, portraying the retention degree of prior data as revealed in Equation (15).
u t = μ W u R t 1 , F e a t + f u .
In Equation (15), μ points out the sigmoid activation function among 0 and 1, F e a t stands for the input matrix at time step t , R t 1 stands for the hidden state at the prior time step; t 1 stands for the weight matrix of u t and f u stands for the bias matrix of u t . The reset gate r t regulates how much chronological data have to be ignored, which is revealed in Equation (16), wherein, W r characterize weight matrix of r t and f r symbolize bias matrix of r t .
r t = μ W r R t 1 , F e a t + f r .
Subsequently, the candidate’s hidden state is revealed in Equation (17), wherein, t a n h stands for t a n h activation function. f R and W R stand for bias matrix and weight matrix of new cell state, * stands for dot multiplication function. Thus, the output R t implies linear interruption amid R ˜ t   and R t 1 in Equation (18).
R ˜ t = tanh W R R t 1 r g , F e a t + f R
R t = 1 u t R t 1 + u t R ˜ t .
The forward GRU captures the previous details of input data and the backward GRU obtains the upcoming details of input data. The Bi-GRU is modeled as in Equation (19), wherein, R t and R t correspond to the hidden state of backward and forward GRU in that order, C t corresponds to combining technique of outputs at two directions.
Y t = C t R t , R t .

5.2. SU-CMO Model

The extant CMBO [26] model gives optimal solutions; still, it tolerates low accuracy. For the aim of overcoming the drawbacks of conventional CMBO, specific improvements were made. The steps in the SU-CMO model and flowchart (Figure 2) are given below.
Step 1:
The initial population of B search agents is initialized.
Step 2:
The parameters of B , B c , B m , T are initialized. Here, B is the count of members in the population matrix A .
Step 3:
The initial population is created as per Equation (20).
A = A 1 A 2 A B B m = y 1 , 1 y 1 , d y 1 , m y i , 1 y i , d y i , m y B , 1 y B , d y B , m B m
Here, y i , d is the d t h problem variable.
Step 4:
The fitness of the search agents is computed as per Equation (21).
O b j = min ( E r r )
Step 5:
Using Equations (22) and (23), update the sorted population matrix A S . Here, the i t h   population of the sorted population matrix is denoted as y i , d S . In addition, O b j S is the sorted objective function-based vector.
A S = A 1 S A 2 S A B S B m = y 1 , 1 S y 1 , d S y 1 , m S y i , 1 S y i , d S y i , m S y B , 1 S y B , d S y B , m S B m
O b j S = O b j 1 S O b j 2 S O b j B S min ( O b j ) min ( O b j ) min ( O b j ) B 1
Step 6:
Using Equation (24), the mice population is chosen.
M = M 1 = X 1 S M i = X i S M B m = X B m S B m m = y 1 , 1 S y 1 , d S y 1 , m S y i , 1 S y i , d S y i , m S y B m , 1 S y B m , d S y B m , m S B m m
Step 7:
Using Equation (25), the cat population is selected.
C = C 1 = X B m + 1 S C i = X B m + j S C B c = X B m + B c S B c m = y B m + 1 , 1 S y B m + 1 , d S y B m + 1 , m S y B m + j , 1 S y B m + j , d S y B m + j , m S y B m + B c , 1 S y B m + B c , d S y B m + B c , m S B c m ;
Step 8:
Here, M , B m , M i , C , B c , C j points to the mice population, count of mice, j t h mice, cat population, count of cats and the i t h cat, respectively.
Step 9:
The position update of cats is modeled as in Equation (26), where C j n e w new points to the new position of the j t h cat and C j , d is the new value for d t h problem. In addition, the random value r is estimated randomly within the limit [0, 1]. Here, I is computed as in Equation (27), where r a n d is a random integer.
C j n e w = C j , d + r M k , d I C j , d
Here ,   I = r o u n d 1 + r a n d ;
Step 10:
If j = B c
If the above condition is satisfied then H i is created using Equation (28).
H i = h i , d = y l , d   &   i = 1 : B m , d = 1 : m , l 1 : B ;
Step 11:
Then, position update of mice takes place based on Equations (29) and (30). Conventionally, M i is updated as shown in Equation (30), however, as per the SU-CMO model, M i is updated based upon random integers r a 1 and r a 2 as in Equations (31) and (32). Here, r a 1 and r a 2 are assigned values of 1.25 and 1.75.
M i n e w : m i , d n e w = m i , d + r h i , d I m i , d + S i g n F i m F i H & i = 1 : B m , d = 1 : m
M i = M i n e w   F i m , n e w < F i m M i   e l s e
M i = M i n e w   F i m , n e w . r a 1 < F i m M i   e l s e
M i = M i n e w   F i m , n e w . r a 2 < F i m M i   e l s e ;
Step 12:
 
(a)
In case the above condition is not satisfied, then increase j by 1, and again update C j .
(b)
Terminate the if condition.
Step 13:
If i = B m then
(a)
if the above condition is satisfied, then check if t = T .
(b)
if the above condition is not satisfied, then increase i by 1.
(c)
End if.
Step 14:
If t = T , then the best solution acquired so far is returned.
Step 15:
If t T , then increase i by 1 and move back to step 8.
Step 16:
Terminate.

6. Results and Discussion

6.1. Simulation Setup

The presented HC + SU-CMO scheme for the detection of attacks was experimented with in “Python”. The effectiveness of the newly proposed method was evaluated over HC + ALO [27], HC + AO [28], HC + BOA [29], HC + CMBO [26], HC + SSA [30], NN [31], RNN [32], Bi-GRU [25], SVM [33] and KNN [33] concerning popularly used metrics such as NPV, accuracy and FPR along with other widely used metrics. The convergence study was carried out by experimenting with several iterations, which ranged from 0 to 25 with an interval of 5. The datasets from [34,35] were used for the analysis; they are represented as datasets 1 and 2 in the description part. Dataset 1 has only a single category, which is DDoS, but dataset 2 has multiple attack categories such as backdoor, DDoS, exploit, fuzzes, reconnaissance, shellcode, and worms, however, these attack categories are under single classification output i.e., “Attack”.

6.2. Performance Analysis

The performances of the suggested HC + SU-CMO are computed over extant classification models and optimization models regarding varied metrics. Moreover, evaluations were set up using datasets [34,35] respectively, and relevant outcomes are plotted in Figure 3, Figure 4, Figure 5, Figure 6 and Figure 7. Analysis of suggested HC + SU-CMO model is analyzed and compared with HC + ALO, HC + AO, HC + BOA, HC + CMBO, HC + SSA, NN, RNN, Bi-GRU, SVM, and KNN for LPs which ranges from 60 to 80 with an interval of 10. Further, the assessment of the adopted scheme over the traditional approaches for accuracy and MCC is signified in Figure 3 and Figure 5 along with an assessment of the adopted scheme over traditional approaches for F-measure and rand index is signified in Figure 4 and Figure 6 for dataset 1 and dataset 2 respectively. In the case of this estimation, the HC + SU-CMO model has grown superior results when compared to other schemes. On looking through Figure 3a and Figure 5a, the accuracy of the HC + SU-CMO model raise compared to other schemes for dataset 1 and dataset 2. Especially, better outputs are attained at the 60th and 70th LP for the proposed scheme regarding accuracy for both datasets. The superiority of the developed model is proven over HC + ALO, HC + AO, HC + BOA, HC + CMBO, HC + SSA, NN, RNN, Bi-GRU, SVM, and KNN models.
The proposed model shows a good accuracy level at the 60th and 70th learning rates; however, at the 80th learning rate, it shows less accuracy level compared to the lower learning rate. Bi-GRU performs poorly on both metrics, accuracy, and MCC.
F-measure is a classification evaluation measure defined as the harmonic mean of recall and precision. Figure 4a depicts the f-measure of the adopted model, producing a positive outcome at learning rate 60th and 70th.
The Rand Index is another widely used measure. It is a measurement of the degree to which two data clusters are like one another. The adopted model’s rand index for dataset 1 is illustrated in Figure 4b. The measure is nearly constant across all learning rates which is preferable to other existing schemes.
The metrics findings for dataset 2 are likewise satisfactory. Figure 5a,b demonstrates the accuracy and MCC of the model used for dataset 2. Accuracy is almost consistent for all given learning rates, whilst MCC also outperforms other known techniques at all learning rates in the graph. SVM, on the other hand, exhibits worse accuracy than other approaches across all learning rates, as well as very poor outcomes in the MCC measure.
After the proposed model, KNN and NN also perform well for dataset 2 in both metrics, i.e., accuracy and MCC.
Figure 6a,b illustrates the F-measure and rand index for the adopted model, as well as other known techniques for dataset 2. The adopted model also performs well in these metrics over the whole learning rate. SVM performs very poorly at the 60th learning rate and improves at the 80th learning rate for the f-measure metric.
All the techniques show outcomes over 60%, the adopted model having results above 80%, outperforming the other known techniques in the paper. Furthermore, we can see that no techniques underperform in the rand index metric.

6.3. Convergence Study

The convergence study of the suggested SU-CMO scheme in contrast with traditional schemes such as ALO, AO, BOA, CMBO, and SSA for ranging iterations is illustrated in Figure 7. In this scenario, estimation is computing by varying iterations. While examining the outcomes, the suggested SU-CMO has increased the slightest cost values which is ranging from the 13th–the 25th iteration in the comparison with others. In the same manner, the recommended SU-CMO has grown slightly higher cost from the 0th–12th iterations; although, values are lower than those of those being compared such as ALO, AO, BOA, CMBO, and SSA. While, the existing CMBO has demonstrated the worse outcome i.e., high-cost value in almost all iterations when contrasted with the several alternative schemes such as ALO, AO, BOA, CMBO, and SSA. Therefore, improved convergence is achieved by SU-CMO over alternate schemes.

6.4. Accuracy Analysis

The accuracy of the developed HC+SU-CMO scheme in contrast with conventional approaches such as ALO, AO, BOA, CMBO, SSA, NN, RNN, Bi-GRU, SVM, and KNN for 60, 70, and 80 learning rates is demonstrated in Table 2 and Table 3 for dataset 1 and dataset 2 respectively. HC+SU-CMO shows the highest accuracy for learning rate 70 in dataset 1 and dataset 2. The results have summarized that the adopted hybrid classifier + SU-CMO performance is enhanced over the existing models. The phase of feature extraction makes a significant contribution to improving the accuracy rate. A loss of accuracy is possible if features aren’t extracted. Furthermore, hyperparameter tuning plays an essential part in ensuring the validity of the model. Tuning is a method of improving a model’s performance by selecting appropriate parameters without overfitting or producing an excessive amount of variation in the data.

7. Conclusions

A new hybrid model for the IoT environment is developed using deep learning models such as GRU and Bi-LSTM, where features such as “higher-order statistical features (kurtosis, variance, moments), mutual information, symmetric uncertainty, information gain ratio, and relief-based features” were derived. Further, GRU and BI-LSTM were deployed, where weights of BI-LSTM were optimally chosen via SU-CMO for detecting the attacks. The graph shows that the proposed hybrid classifier + SU-CMO achieves greater accuracy, i.e., ~0.84 for dataset 1 and dataset 2, which is higher than the accuracy of other classic and state-of-the-art models such as hybrid classifier + WOA, hybrid classifier + GWO, hybrid classifier + SLnO, NN, SVM, and DT. The SVM model has accomplished worse outputs than other schemes such as HC + ALO, HC + AO, HC + BOA, HC + CMBO, HC + SSA, NN, RNN, and KNN. Although the suggested model shows a higher accuracy level than other models, there are still improvements to be made in terms of accuracy. It is feasible to enhance the accuracy of the model by using the proposed approach in conjunction with several different kinds of deep learning models. In dataset 2, there are several different kinds of attacks; however, in the present paper, all of these types of attacks are grouped under a single category simply referred to as “attack”. We are considering including the multiclassification of such attacks as part of our future work along with using various kinds of deep learning models.

Author Contributions

Conceptualization, A.S.; methodology, A.S., N.S.G. and P.G.; formal analysis, A.S.; resources, A.S.; writing—original draft preparation, A.S.; writing—review and editing, A.S., N.S.G., P.G. and I.P.; supervision, N.S.G., P.G., J.M.C. and I.P. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data are available on request from the submitting author.

Acknowledgments

The first author acknowledges the university grants commission (UGC) India for providing senior research fellowship (SRF) to carry out this research work.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Mandal, K.; Rajkumar, M.; Ezhumalai, P.; Jayakumar, D.; Yuvarani, R. Improved security using machine learning for IoT intrusion detection system. Mater. Today Proc. 2020. [Google Scholar] [CrossRef]
  2. Khan, A.Y.; Latif, R.; Latif, S.; Tahir, S.; Batool, G.; Saba, T. Malicious Insider Attack Detection in IoTs Using Data Analytics. IEEE Access 2019, 8, 11743–11753. [Google Scholar] [CrossRef]
  3. Jia, Y.; Zhong, F.; Alrawais, A.; Gong, B.; Cheng, X. FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks. IEEE Internet Things J. 2020, 7, 9552–9562. [Google Scholar] [CrossRef]
  4. Yoon, J. Deep-learning approach to attack handling of IoT devices using IoT-enabled network services. Internet Things 2020, 11, 100241. [Google Scholar] [CrossRef]
  5. Sagu, A.; Gill, N.S.; Gulia, P. Hybrid Deep Neural Network Model for Detection of Security Attacks in IoT Enabled Environment. Int. J. Adv. Comput. Sci. Appl. 2022, 13, 120–127. [Google Scholar] [CrossRef]
  6. Shafiq, M.; Tian, Z.; Sun, Y.; Du, X.; Guizani, M. Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Future Gener. Comput. Syst. 2020, 107, 433–442. [Google Scholar] [CrossRef]
  7. Zhi, T.; Liu, Y.; Wu, J. A Reputation Value-Based Early Detection Mechanism Against the Consumer-Provider Collusive Attack in Information-Centric IoT. IEEE Access 2020, 8, 38262–38275. [Google Scholar] [CrossRef]
  8. Rani, D.; Gill, N.S. Review of Various IoT Standards and Communication Protocols. 2019. Available online: http://www.irphouse.com (accessed on 10 September 2022).
  9. Aboelwafa, M.M.N.; Seddik, K.G.; Eldefrawy, M.H.; Gadallah, Y.; Gidlund, M. A Machine-Learning-Based Technique for False Data Injection Attacks Detection in Industrial IoT. IEEE Internet Things J. 2020, 7, 8462–8471. [Google Scholar] [CrossRef]
  10. Kan, X.; Fan, Y.; Fang, Z.; Cao, L.; Xiong, N.N.; Yang, D.; Li, X. A novel IoT network intrusion detection approach based on Adaptive Particle Swarm Optimization Convolutional Neural Network. Inf. Sci. 2021, 568, 147–162. [Google Scholar] [CrossRef]
  11. Nimbalkar, P.; Kshirsagar, D. Feature selection for intrusion detection system in Internet-of-Things (IoT). ICT Express 2021, 7, 177–181. [Google Scholar] [CrossRef]
  12. Pecori, R.; Tayebi, A.; Vannucci, A.; Veltri, L. IoT Attack Detection with Deep Learning Analysis; IEEE Computational Intelligence Society; International Neural Network Society; Institute of Electrical and Electronics Engineers; IEEE World Congress on Computational Intelligence. In Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN): 2020 Conference Proceedings, Online, 19–24 July 2020; 2020. [Google Scholar]
  13. Rahman, A.; Asyhari, A.T.; Leong, L.; Satrya, G.; Tao, M.H.; Zolkipli, M. Scalable machine learning-based intrusion detection system for IoT-enabled smart cities. Sustain. Cities Soc. 2020, 61, 102324. [Google Scholar] [CrossRef]
  14. Atul, D.J.; Kamalraj, R.; Ramesh, G.; Sankaran, K.S.; Sharma, S.; Khasim, S. A machine learning based IoT for providing an intrusion detection system for security. Microprocess. Microsyst. 2021, 82, 103741. [Google Scholar] [CrossRef]
  15. Krishna, E.S.P.; Thangavelu, A. Attack detection in IoT devices using hybrid metaheuristic lion optimization algorithm and firefly optimization algorithm. Int. J. Syst. Assur. Eng. Manag. 2021, 1–14. [Google Scholar] [CrossRef]
  16. Gu, T.; Abhishek, A.; Fu, H.; Zhang, H.; Basu, D.; Mohapatra, P. Towards Learning-automation IoT Attack Detection through Reinforcement Learning. In Proceedings of the 21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, Cork, Ireland, 31 August–3 September 2020; pp. 88–97. [Google Scholar] [CrossRef]
  17. Gopali, S.; Namin, A.S. Deep Learning-Based Time-Series Analysis for Detecting Anomalies in Internet of Things. Electronics 2022, 11, 3205. [Google Scholar] [CrossRef]
  18. Alashhab, A.A.; Zahid, M.S.M.; Azim, M.A.; Daha, M.Y.; Isyaku, B.; Ali, S. A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks. Symmetry 2022, 14, 1563. [Google Scholar] [CrossRef]
  19. Abbas, G.; Mehmood, A.; Carsten, M.; Epiphaniou, G.; Lloret, J. Safety, Security and Privacy in Machine Learning Based Internet of Things. J. Sens. Actuator Netw. 2022, 11, 38. [Google Scholar] [CrossRef]
  20. Measures of Skewness and Kurtosis. Available online: https://www.itl.nist.gov/div898/handbook/eda/section3/eda35b.htm#:~:text=Skewness%20is%20a%20measure%20of,relative%20to%20a%20normal%20distribution (accessed on 10 September 2022).
  21. Pantic, I.; Pantic, S.; Paunovic, J.; Perovic, M. Nuclear entropy, angular second moment, variance and texture correlation of thymus cortical and medullar lymphocytes: Grey level co-occurrence matrix analysis. An. Acad. Bras. Ciências 2013, 85, 1063–1072. Available online: http://www.scielo.br/scielo.php?script=sci_arttext&pid=S0001-37652013000301063 (accessed on 10 September 2022). [CrossRef] [Green Version]
  22. Central Moment. Available online: https://en.wikipedia.org/wiki/Central_moment#:~:text=In%20probability%20theory%20and%20statistics,random%20variable%20from%20the%20mean (accessed on 10 September 2022).
  23. Information Gain Ratio. Available online: https://en.wikipedia.org/wiki/Information_gain_ratio (accessed on 10 September 2022).
  24. Zhou, X.; Lin, J.; Zhang, Z.; Shao, Z.; Chen, S.; Liu, H. Improved itracker combined with bidirectional long short-term memory for 3D gaze estimation using appearance cues. Neurocomputing 2020, 390, 217–225. [Google Scholar] [CrossRef]
  25. Li, X.; Ma, X.; Xiao, F.; Xiao, C.; Wang, F.; Zhang, S. Time-series production forecasting method based on the integration of Bidirectional Gated Recurrent Unit (Bi-GRU) network and Sparrow Search Algorithm (SSA). J. Pet. Sci. Eng. 2022, 208, 109309. [Google Scholar] [CrossRef]
  26. Dehghani, M.; Hubálovský, Š.; Trojovský, P. Cat and Mouse Based Optimizer: A New Nature-Inspired Optimization Algorithm. Sensors 2021, 21, 5214. [Google Scholar] [CrossRef]
  27. Okwu, M.O.; Tartibu, L.K. Studies in Computational Intelligence 927 Metaheuristic Optimization: Nature-Inspired Algorithms Swarm and Computational Intelligence, Theory and Applications. Available online: http://www.springer.com/series/7092 (accessed on 10 September 2022).
  28. Abualigah, L.; Yousri, D.; Elaziz, M.A.; Ewees, A.A.; Al-Qaness, M.A.; Gandomi, A.H. Aquila Optimizer: A novel meta-heuristic optimization algorithm. Comput. Ind. Eng. 2021, 157, 107250. [Google Scholar] [CrossRef]
  29. Arora, S.; Singh, S. Butterfly optimization algorithm: A novel approach for global optimization. Soft Comput. 2018, 23, 715–734. [Google Scholar] [CrossRef]
  30. Mirjalili, S.; Gandomi, A.H.; Mirjalili, S.Z.; Saremi, S.; Faris, H.; Mirjalili, S.M. Salp Swarm Algorithm: A bio-inspired optimizer for engineering design problems. Adv. Eng. Softw. 2017, 114, 163–191. [Google Scholar] [CrossRef]
  31. Sagu, A.; Gill, N.S.; Gulia, P. Artificial Neural Network for the Internet of Things Security. Int. J. Eng. Trends Technol. 2020, 68, 129–136. [Google Scholar] [CrossRef]
  32. Kao, L.-J.; Chiu, C.C. Application of integrated recurrent neural network with multivariate adaptive regression splines on SPC-EPC process. J. Manuf. Syst. 2020, 57, 109–118. [Google Scholar] [CrossRef]
  33. Ye, J.; Cheng, X.; Zhu, J.; Feng, L.; Song, L. A DDoS Attack Detection Method Based on SVM in Software Defined Network. Secur. Commun. Netw. 2018, 2018, 9804061. [Google Scholar] [CrossRef]
  34. The UNSW-NB15 Dataset. Available online: https://research.unsw.edu.au/projects/unsw-nb15-dataset (accessed on 10 September 2022).
  35. CloudStor, Research Data Storage and Collaboration. Available online: https://cloudstor.aarnet.edu.au/plus/s/umT99TnxvbkkoE (accessed on 10 September 2022).
Figure 1. The overall framework of the adopted model.
Figure 1. The overall framework of the adopted model.
Futureinternet 14 00301 g001
Figure 2. Flowchart of suggested SU-CMO.
Figure 2. Flowchart of suggested SU-CMO.
Futureinternet 14 00301 g002
Figure 3. Performance of the adopted model over other existing schemes for dataset 1 (a) Accuracy (b) MCC.
Figure 3. Performance of the adopted model over other existing schemes for dataset 1 (a) Accuracy (b) MCC.
Futureinternet 14 00301 g003
Figure 4. Performance of the adopted model over other existing schemes for dataset 1 (a) F-measure (b) Rand Index.
Figure 4. Performance of the adopted model over other existing schemes for dataset 1 (a) F-measure (b) Rand Index.
Futureinternet 14 00301 g004
Figure 5. Performance of the adopted model over other existing schemes for dataset 2 (a) Accuracy (b) MCC.
Figure 5. Performance of the adopted model over other existing schemes for dataset 2 (a) Accuracy (b) MCC.
Futureinternet 14 00301 g005
Figure 6. Performance of the adopted model over other existing schemes for dataset 2 (a) F-measure (b) Rand Index.
Figure 6. Performance of the adopted model over other existing schemes for dataset 2 (a) F-measure (b) Rand Index.
Futureinternet 14 00301 g006
Figure 7. Convergence Analysis.
Figure 7. Convergence Analysis.
Futureinternet 14 00301 g007
Table 1. Reviews on conventional IoT attack detection models.
Table 1. Reviews on conventional IoT attack detection models.
AuthorDeployed SchemesFeaturesChallenges
Mandal et al. [1]ML algorithmHigh accuracy
Lower false rate
Some security issues were not considered
Kan et al. [10]APSO-CNNEffective and reliableDo not differentiate complicated tasks from interruption
Pushparaj et al. [11]JRip classifierHigher performance
Improved accuracy
High detection rate
Only a particular dataset is preferred
Pecor et al. [12]NNHigher accuracy and performanceLayers specification is not provided
Arafatur et al. [13]MLPHigh level of performance
High ranking of feature
Test only for attack detection but not efficiency
Jyoti et al. [14]EASHAttain a higher accuracy rateTested for detection rate only
Krishna et al. [15]ML-FHigh accuracy
Low detection time
Two attack categories were not considered
Gu et al. [16]Markov DecisionHigh accuracy for a feature setANN was not detected accurately
Gopali et al. [17]LSTM, CNNHigher accuracy rateHigher training time
Ahmed et al. [18]CNN, GRU, LSTMHigher detection rateSupplementary details issues are not provided.
Abbas et al. [19] Random Forest, Knn Offers extensive review Comparison results are not provided
Table 2. Accuracy Analysis of the proposed model over other methods for dataset 1.
Table 2. Accuracy Analysis of the proposed model over other methods for dataset 1.
Learning RateHC+ALOHC+AOHC+BOAHC+CMBOHC+SSOANNRNNBi-GRUSVMKNNHC+SU-CMO
600.666250.578750.633750.58750.576250.70750.626250.5416670.711250.750.8375
700.8050.7883330.5833330.6066670.6250.8183330.5883330.50.5850.6944440.848333
800.64250.57250.6550.61250.67250.68750.63250.50.57250.5416670.7725
Table 3. Accuracy Analysis of the proposed model over other methods for dataset 2.
Table 3. Accuracy Analysis of the proposed model over other methods for dataset 2.
Learning RateHC+ALOHC+AOHC+BOAHC+CMBOHC+SSOANNRNNBi-GRUSVMKNNHC+SU-CMO
600.616250.678750.721250.666250.650.786250.6250.63750.506250.80750.8365
700.6750.7850.7633330.5950.6583330.7666670.6383330.680.5916670.7933330.847333
800.8050.56750.72750.7550.60250.78750.6850.66250.570.75250.8175
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Sagu, A.; Gill, N.S.; Gulia, P.; Chatterjee, J.M.; Priyadarshini, I. A Hybrid Deep Learning Model with Self-Improved Optimization Algorithm for Detection of Security Attacks in IoT Environment. Future Internet 2022, 14, 301. https://doi.org/10.3390/fi14100301

AMA Style

Sagu A, Gill NS, Gulia P, Chatterjee JM, Priyadarshini I. A Hybrid Deep Learning Model with Self-Improved Optimization Algorithm for Detection of Security Attacks in IoT Environment. Future Internet. 2022; 14(10):301. https://doi.org/10.3390/fi14100301

Chicago/Turabian Style

Sagu, Amit, Nasib Singh Gill, Preeti Gulia, Jyotir Moy Chatterjee, and Ishaani Priyadarshini. 2022. "A Hybrid Deep Learning Model with Self-Improved Optimization Algorithm for Detection of Security Attacks in IoT Environment" Future Internet 14, no. 10: 301. https://doi.org/10.3390/fi14100301

APA Style

Sagu, A., Gill, N. S., Gulia, P., Chatterjee, J. M., & Priyadarshini, I. (2022). A Hybrid Deep Learning Model with Self-Improved Optimization Algorithm for Detection of Security Attacks in IoT Environment. Future Internet, 14(10), 301. https://doi.org/10.3390/fi14100301

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop