1. Introduction
Technology and statistics advance quickly in the contemporary day, where the Internet is everywhere. The Internet is becoming increasingly important to organisations, governments, enterprises, and educational institutions. Although there may be a positive side, some of its negative aspects can not be ignored, which can seriously impact a person or an organisation. Malevolent systems are primarily responsible for tasks such as creating bogus websites, spreading infections, listening in on conversations, modification of data, etc. Some of these operations risk national security and military structure, which might result in significant losses since in IoT-enabled applications data or information mostly are transient and updated by anonymous self-governing devices. With such a large number of devices, terminals, and machines connecting to an Internet of Things (IoT) network, a huge amount of data and security vulnerability makes security a burning issue [
1,
2].
Confidentiality may be obtained through cryptography, which means “strange texts”. Cryptography has advanced to new levels in the modern world, offering businesses and people privacy to the point that only authorised staff may access the data [
3]. With a lengthy history, strong fundamentals, and ongoing development, cryptography is still evolving today. The “secret” hieroglyphics utilised by the Egyptians are one of the first instances of encryption. The most popular method used today, the Caesar cypher, was also employed by the people of Rome in ancient times [
4]. Ancient Greeks also used a scytale for cryptographic encryptions. Worldwide, people use cryptography to safeguard their data and information on a daily basis without even recognising that they are doing something so complex. While cryptography offers advantages, it also has certain disadvantages. Because cryptographic systems are so fragile, even a small alteration or mistake can have disastrous effects and result in system breaches [
5].
Even though most systems no longer know that they are using it, cryptography is used daily to safeguard information and records by billions of systems worldwide. Although it is extremely advantageous, it is also seen as being rather brittle since cryptographic systems can be broken by a programming or specification error. Different kinds of assaults on information systems that undermine security, integrity, confidentiality, and availability are the work of the hostile system.
Therefore, the security of the system or application cannot be compromised; hence, it requires implementing the optimisation algorithm into the information system to recognise requests from these dangerous nodes and assist systems in warning them before the assault.
Although other classes of optimisation techniques are accessible in the literature, DE is one of the key strategies [
6]. Numerous non-deterministic polynomial-time (NP)-complete problems in optimisation methods can be resolved using the population-based meta-heuristic method known as DE. It functions well across a variety of test areas. The optimisation method considers several operations for exploration and exploitation, such as mutation, crossover, and selection. A new vector known as the donor vector is produced during the mutation process. A crossover is then performed on the donor vector to generate a new vector known as the trailing vector. The target, donor, and trail vectors are ultimately picked as the three vectors’ most tasteful solutions. Based on the fitness value, they are then included in the population for the subsequent generations.
1.1. Problem Statement
Highlights of the problem description are as follows.
The time complexity of the existing evolutionary algorithms [
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18] is high. This is because of the several iterations to locate the ideal value. This difficulty worsens with a bigger population and a non-continuous function.
Security keeps up with the impressive advancements being made in the field of information systems [
19]. Intelligent attacks in the IoT environment are viable by sending malicious requests and responses. As a result, it is necessary to safeguard the information by recognising the assaults before they are carried out.
The following is a list of improvements over existing approaches:
Most existing techniques are based on non-continuous functions, which increases the complexity of optimisation algorithms [
10,
11,
12,
13,
20,
21,
22]. In contrast, the proposed method is based on the new automatic adaptation-based strategy, which is incorporated with DE to overcome the searching strategy, which reduces time complexity and provides diversity and convergence rate.
The methods available in the literature [
5,
19,
23,
24,
25,
26], when applied in the e-commerce application of information systems, are found to be insecure in terms of confidentiality, authenticity, availability, and integrity. In comparison, the proposed method optimises the best fitness function of the different generations of e-commerce applications, achieving better confidentiality, authenticity, availability, and integrity.
The proposed method is incorporated into the security framework to provide security for IoT-enabled applications. These can be any modern IoT applications because in the IoT network devices work independently, hence the possibilities of security attacks increase. This method is specially designed, keeping in the mind the requirements of IoT-enabled e-commerce applications such as supply chain management, banking, retail management, inventory management, etc., rather than general applications. IoT devices exchange data with each other, which helps retail and e-commerce firms to execute their operations smoothly and efficiently. As e-commerce grows in popularity, the possibilities for IoT use in the industry expand. This application can be handy in remote access management, tracking of product in journey, enhanced personalised experience about the customers and products, etc.
With the advancement of technologies such as artificial intelligence (AI), machine learning (ML), and data analytics the possibility of security attacks in IoT-enabled applications is increasing, hence it requires an advanced-level security shield which can cope with the coming challenges. Keeping the security vulnerability of IoT-enabled applications, this work proposed a new AI-based DE method to shield from the security attacks.
1.2. Author’s Contribution
Highlights of the author’s contribution are as follows:
A novel adaption-based strategy is devised and incorporated with the DE algorithm to identify the request of the malicious node to mitigate security attacks.
The devised mutation operator considers the environment factor, i.e., an internal environment that maintains the diversity in an initial generation and gives impetus to the convergence speed of the DE algorithm.
In the performance analysis of confidentiality, integrity, authentication, and availability, the proposed approach is tested on an e-commerce application.
The observed result shows that the proposed approach obtains a better solution in terms of best, average, and worst fitness functions on a 3-dimension application-based test.
1.3. Article Organisation
The organisation of the rest of the paper is as follows:
Section 2 presents a description of existing DE variants and recent approaches devised for information security.
Section 3 describes an application for an information security-based evolutionary model.
Section 4 outlines a description of the proposed methodology.
Section 5 describes the experimental result, in which the obtained results are compared with existing DE, and related standard cost estimation approaches. Finally,
Section 6 concludes the study and paves future work paths.
2. Literature Review
The goal of the evolutionary algorithm is to solve the overall optimisation issue. The research makes it quite evident that DE has an issue with stagnation. To deal with these issues, a handful of multi-objective differential evolutionary (MODE) strategies and Pareto-based strategies have been suggested [
6,
7,
8,
9,
10,
11,
12,
27]. According to the population, the existing MODE-based technique [
11] executes mutation and crossover. Additionally, non-dominating sorting was used to reduce the temporal complexity.
The authors of [
16] proposed a homeostatic factor-based method to increase the diversity of NASA 93 projects. This method performs better than multi-objective-based software cost-estimating techniques. The authors of [
18,
19] presented a hybrid technique that controlled two distinct operators and can be applied in many applications. This method performs better than a number of earlier multi-objective algorithms. For multi-objective situations, the authors of [
10] created a brand-new Pareto-based (PBDE) differential evolution approach.
Susan et al. [
26] stated that computer security is a target that keeps evolving as time goes on. Various mathematical and algorithmic functions are significant concerns in several security tutorials, including hashing techniques and encryption. Othman O. Khalifa et al. [
23] illustrated the main components, plans, and characteristics of cryptography are security and privacy. In this era, the age of information communication has played a significant role in the evolution and development of technology. Therefore, the data must be protected and kept secure while transferring through the communication source.
Nitin Jirwan et al. [
24] stated that when the data is transmitted, the highest priority is given to data encryption among all the processes present, and an encryption algorithm is applied to data in order to reach the end-user without being interrupted or compromised. Various asymmetric and symmetric cryptographic techniques are used and demonstrated in information transmission.
Callas, J. [
25] studied and discussed matters such as privacy enhancement using cryptography, laws related to cryptography, legal changes related to cryptography, reliability of algorithms, and privacy enhancement technologies. He determined and stated that the use of cryptography by society at this time would determine the future of cryptography. This includes the current laws and regulations on cryptography and what the community wants to achieve by using cryptography. He also stated that even with the recent progress of cryptographic algorithms, the field has a lot of things to be improved and new things to be discovered for future generations. He said that the future of cryptography depends on the machines producing strong and secure keys and the rightful owners of the keys to access the information, while others without the keys should not be able to access it. He also tried to explain the view of people on the privacy of messages and security such that any unauthorised person cannot read them.
Cryptography wants to achieve two primary goals: authenticity and privacy, as outlined by different authors [
26,
28,
29,
30,
31]. The amount of security provided can be expressed in terms of the theoretical secrecy of Shannon and the theoretical authenticity of Simmon.
Schneier [
32] stated that topics such as security should not be kept secret as they can be very brittle, and security secrecy is a matter to be made known and not kept secret. If by any means secrecy is lost or inaccessible, then getting it back would be nearly impossible. Schneier cited that encryption and decryption using more minor keys can be transmitted easily and must use a principle. The algorithm used for cryptography must be secure enough to be displayed to the public and still offer such security that no one can crack it. Public scrutiny is the only reliable method to be followed to make more and more improvements in security.
Cloud computing can be used for the secure transmission of cryptography, as cited by Chachapara K. et al. [
33,
34,
35] and illustrated the frameworks such as AES and RSA. AES is, to date, one of the most robust cryptographic algorithms. Users using the cloud have the accessibility to generate various keys for different users and allow different types of permissions to access the files.
As stated in [
36], many discussions about cryptography are being developed. The author mentioned that the hash function plays a significant role in cryptography, generating numbers for any piece of data. As the years passed, the weakness of MD5’s algorithm became known, and now a situation arose about how to create secure hash functions.
Gennaro, R. [
37,
38] cited the role of randomness in cryptography. A random process is one whose outcome or result is unknown and can vary from time to time. He stated that randomness is necessary for cryptography so that the output cannot be predicted, or any user cannot learn the pattern.
Preneel, B. [
39] stated how cryptography was after the Snowden era was over. He discussed practices such as the security of ICT systems, surveillance of systems as a whole, and the methods through which the cryptographic systems could be attacked. From the literature study, various types of security taxonomy have been identified. These security threats can be classified into different groups, as depicted in
Figure 1.
From the literature review, the following shortcomings have been identified, as shown in
Table 1.
The modern information system not only requires the robust protection of data but also needs to identify the malicious attacks that will breach security.
The optimisation technique-based threat identification systems are now evolving. This technique can be used in information systems to maintain the integrity, authenticity, confidentiality, and availability of data. However, the existing methods suffer from the diversity issue in finding the optimal solution (threats) to secure the system.
The second issue with the existing optimisation technique is the non-constraints solution, hence delaying the search capability to identify the optimal solution. It also causes the local optimal problem in finding the optimal solution.
The tuning of security parameters in optimisation techniques is complex when identifying malicious attacks on data.
3. Related Terminologies of the Proposed Work
This section presents the different terminologies related to the proposed work and IoT-enable applications.
3.1. Deployment Scenario
The proposed method incorporated the security framework to check the validity of data from e-commerce sites. The proposed framework of the security model is designed according to the deployment scenario of different objects, as shown in
Figure 2. In this figure, different components (along with attackers) are mounted in different locations and environments to access services. The attackers can disrupt the normal services of a user or devices, hence needs to prevent these attacks. This model represents the confidentiality of data according to the visit to an e-commerce site. Therefore, the optimisation-based security framework checked the confidentiality and integrity of data: these checks, the acceptance rate of different authenticated users and hackers, and the confidentiality and integrity level of requests, and the response of data for different users and malicious systems.
3.2. Layered Stack of Information Security Model
The layered protocol stack of modern IoT-based information security systems is depicted in
Figure 3. This layered architecture is proposed keeping in mind the security management requirements of different components. In modern IoT-enabled applications, individual devices request multiple services and need to respond independently without interaction with a human. The top-most layer of this architecture provides smart collaboration and coordination between the different applications and services.
The confidentiality, integrity, availability, and authenticity of service requests are managed by the security management layer. This layer is in charge of accurately mapping, evaluating, and processing service requests prior to execution in order to achieve the necessary level of security to serve a request. Consequently, this layer handles the generation, administration, and implementation of service requests as well as object virtualisation. The major methods used to ensure security include optimisation, surveillance, translation, coordination, etc. This layer employs a more expressive security policy for use control, which allows event-based authorisations and responsibilities with temporal operators.
The data generated from various sources are stored in the cloud/middle layer. To deliver effective services, this layer manages, purifies, transforms, and analyses data. The communication between the devices is established via the perception and communication layers.
4. Materials and Methods
4.1. Materials
This section describes the data sets used for the experimental evaluation of the proposed work. The data set used for evaluation consists of requests from different sources, including malicious requests to access the information system’s data. An automatic request generator system generates these requests [
21,
22]. The data sets are taken over a two-month time period. These requests are passed to our proposed optimisation technique to identify malicious requests. These malicious request attacks can be related to authenticity, integrity, confidentiality, or data availability.
4.2. Proposed Method
This section presents the detailed work of the proposed optimisation technique. The DE algorithm is a global optimisation algorithm that tackles constraint and unconstrained issues. However, solving real-world application-based problems with evolutionary algorithms such as DE, particle swarm optimisation (PSO), whale optimisation (WOA) algorithm, and artificial bee (ABCO) colony optimisation is challenging.
Therefore, it is inevitable to design a new evolutionary algorithm that must protect real-world information from malicious attacks. Hence, this work outlines a novel agile adaption-based operator (AABO). This operator automates the adaptation technique to select the best vector from the global search space. It enhances the maintenance of diversity and convergence speeds. This paper presents a better environment for automatically adapting to the environment. The proposed work creates a feasible solution for global search space according to agile adaption-based selection. The process of selection strategy is explained step by step, as given below:
4.2.1. Initialisation
This section outlines random population members of the particular problem or application. This application randomly initialised population members with tuning parameters of problem specification. This problem lies between the lower and upper bound values. Let
=
,
,
,
, …,
be the
vector, where individual component
values are assigned using Equation (
2). After that, the vector can be re-formulated as follows:
The starting population is selected randomly between lower and upper bound
where
depicts the variable’s value of the upper bound according to the taken problem area and
denotes the lower bound value of the variable according to the taken problem. These vectors are used in application-based problems.
4.2.2. Agile Adaption-Based Operators (AABO)
This section presents the design of a modified version of the original mutation operator of the DE algorithm. This operator modifies the best vector of the standard DE algorithm. This operator incorporates the agile-based adaption techniques according to the feasible search area. The agile adaption-based fitness function to select the best vector and the process is explained in Equation (
3):
where
denotes the feasible solution of the current environment, and
Automatic random vector denotes the selection random best vector according to the lower bound and upper bound.
4.2.3. Generation of New Donor Vector(DV)
The DE method is used to construct a DE/BEST/1 mutation scheme. The scheme incorporates the agile adaption vector for a specific mutation, which provides sufficient diversity. Equations (
5) and (
6) define the donor vector and the viable environment, respectively.
Update the adaption operator:
where
represents the donor vector used in the agile adaption concept for heuristic search and
G is iteration or generation.
represents the agile adaption-based vector, which is selected according to the best fitness value.
is a mutant factor; it selects a random value between 0.1 to 1.8. This value helps the optimum search from the difference vector of the mutation operator.
,
,
, and
denote the difference vector of mutation strategy. These mutation strategies (Equations (
5) and (
6)) provide sufficient diversity for the donor vector and also enhance the convergence rate.
4.3. The Proposed Algorithm
The pseudo-code of the proposed algorithm is shown in the Algorithm 1. This algorithm will be incorporated into the e-commerce-based application to enhance security by considering the set objective functions.
Crossover: It applies the crossover operator after completing the mutation operator. The operator compares the mutant vector to the original vector to find the best adaption value and selects the best ideal value of the search space. It can stop iterating when it finds the best search space value.
Selection: After completing the crossover operator, AAOB applies the selection process of the best optimum vector. This operator compares mutant and offspring vectors. AAOB selects the best optimum vectors or values according to the fitness function. In the operator selection, the concept of the survival of the fittest is generally used. This idea is used in choosing the best optimum value. Still, if it does not produce an optimal value, then this operator finally chooses the original vectors. The whole process is outlined using Algorithm 1 and a flowchart, as shown in
Figure 4.
Algorithm 1: Proposed DE-Based Evolutionary Algorithm |
|
4.4. Algorithm of Information Security Model
As shown in Algorithm 1, the proposed method is used in an IoT-enabled e-commerce application to estimate data during data requests and responses to multiple users to improve the system’s security. Various constraint functions, such as secrecy and integrity, were added to this technique. This e-commerce-based technique is discussed step-by-step in Algorithm 2. The objective functions such as and were optimised using this proposed technique. The following is a complete description in the form of pseudo-code of the new algorithm:
In step 1, the initial input of data requests and data responses of the e-commerce-based application are determined.
In the second step, the newly obtained vector from various constraint functions is added to the population.
Afterward, weights assigned to each objective function are done using Equation (
13).
Finally, Step x.1 to Step x.6 are iterated to find optimum solution for , , etc.
Algorithm 2: Proposed Information Security-Based Evolutionary Algorithm |
|
4.5. System Model: Objectives Function of Information Security Model
This section presents five different types of objectives function used for the information service framework, i.e., confidentiality (CONF), integrity (INT), authentication (AUTH), and information request and response
metrics. These are used to evaluate the proposed algorithm’s effectiveness. The detailed specifications of these objectives are available in [
3,
8]:
- (I)
Confidentiality of Data (CONF): The first objective (C1), the confidentiality of the system is represented as
CONF(
,
). Information requests
and data responses
are transmitted between requesting and responding nodes. The C1 in terms of cost is obtained by applying Equation (
9):
where
denotes information request and
denotes information respond and service cost calculated by
CONF(
,
) during the data transmission.
- (II)
Integrity of Data (INT): The second objective (C2) is calculated in terms of modifying data communication per unit time of node using Equation (
10):
where
denotes the integrity or rate of data modification between insecure nodes
i and
j,
denotes the modified transmitted and responded on devices(systems), and
CONF(
,
) denotes the confidentiality of nodes in the information system.
- (III)
Availability of Data (AVL): The third objective is the availability of data services within the e-commerce framework. In terms of the availability of data from the server or cloud, the third objective (C3) is computed as follows: Equation (
11):
where
is respond data for
to different request information system (
).
denotes modified data per unit time between different nodes
i and
j.
- (IV)
Authentication of Data (AUTH): The third objective is the authenticity of data services within the e-commerce framework. In terms of the authenticity of data from nodes, the third objective (C4) is computed as follows: Equation (
12):
where
is respond data for
to different request information systems (
).
denotes modified data per unit time between different nodes
i and
j.
denotes the number of requests for nodes, and
denotes the number of responses (the connection between nodes) for nodes from the system.
4.6. Formulation of Fitness Function of Information System
The fitness functions of the IoT-enabled services obtained by applying Equations (
9)–(
12) are non-contradictory. Hence, a summation of the weighted approach is applied using Equation (
13), for all the objectives (
and
) and these objectives are turned into a single function to evaluate the final performance.
where values of
,
,
, and
are the weights assigned to each of the objective functions. The weight factor is crucial to evaluate the performance from one to another objective in multi-objective problems. The proposed IoT-enabled system is compared based on the fitness function with PSO, DE, and the whale optimisation method (WOA).
6. Conclusions
Nearly all industries have some sort of operation on the Internet and with that arises a need for basic security features such as confidentiality, authenticity, availability, and integrity. Cryptography aims to achieve these features with the help of evolutionary algorithms. This paper introduced a new variant of the mutation operator that provides sufficient diversity for the DE algorithm and enhances the optimal convergence rate for confidentiality, authenticity, availability, and integrity. In addition, the introduced approach is also used to evaluate security problems for enhanced confidentiality, authenticity, availability, and data integrity and accurately predicts the security fitness cost by optimizing the tuning parameters. The findings on several benchmark functions show that the proposed technique performs much better than previous DE algorithm versions on maximal variants, which is very encouraging. The proposed method is applied and tested in IoT-enabled e-commerce applications but in future it can be extended into other applications by incorporating the input parameters according to the requirements.