Adaptive Cybersecurity Neural Networks: An Evolutionary Approach for Enhanced Attack Detection and Classification

Abstract

The increasing sophistication and frequency of cyber threats necessitate the development of advanced techniques for detecting and mitigating attacks. This paper introduces a novel cybersecurity-focused Multi-Layer Perceptron (MLP) trainer that utilizes evolutionary computation methods, specifically tailored to improve the training process of neural networks in the cybersecurity domain. The proposed trainer dynamically optimizes the MLP’s weights and biases, enhancing its accuracy and robustness in defending against various attack vectors. To evaluate its effectiveness, the trainer was tested on five widely recognized security-related datasets: NSL-KDD, CICIDS2017, UNSW-NB15, Bot-IoT, and CSE-CIC-IDS2018. Its performance was compared with several state-of-the-art optimization algorithms, including Cybersecurity Chimp, CPO, ROA, WOA, MFO, WSO, SHIO, ZOA, DOA, and HHO. The results demonstrated that the proposed trainer consistently outperformed the other algorithms, achieving the lowest Mean Square Error (MSE) and highest classification accuracy across all datasets. Notably, the trainer reached a classification rate of 99.5% on the Bot-IoT dataset and 98.8% on the CSE-CIC-IDS2018 dataset, underscoring its effectiveness in detecting and classifying diverse cyber threats.

1. Introduction

As the digital landscape evolves, the complexity and frequency of cybersecurity threats increase, presenting substantial challenges for conventional defense mechanisms [1]. In this rapidly changing environment, the variety of threats expands swiftly, creating an ongoing arms race between attackers and defenders. Modern cybersecurity systems must address a wide range of sophisticated threats, including advanced phishing schemes, ransomware attacks, and stealthy advanced persistent threats that seek to remain undetected within networks for extended periods [2]. These circumstances necessitate defense systems that are not only reactive but also adaptive and resilient, with the ability to proactively detect and counteract threats across multiple attack vectors.

In response to these challenges, Multi-Layer Perceptron (MLP) neural networks have become a foundational technology in the field of cybersecurity [3]. Renowned for their capacity to learn and model the complex, nonlinear relationships present in large-scale data, such as network traffic, MLPs signify a transformative shift in the detection and response to cyber threats. As a type of feedforward artificial neural network, MLPs are particularly effective in pattern recognition tasks, which are essential for identifying anomalous behavior indicative of cyber threats. By analyzing extensive datasets, MLPs can reveal subtle patterns that are often missed by traditional rule-based systems, providing a more adaptive and robust approach to threat detection [4].

MLPs consist of multiple layers of neurons, with each layer designed to capture different levels of data abstraction. This structure allows them to detect not only simple patterns but also complex interactions within the data, making them particularly well suited for the intricate task of threat detection in cybersecurity [5]. However, the effectiveness of MLPs is highly dependent on the optimal configuration of their architecture, particularly the tuning of their weights and biases. These parameters are systematically adjusted during training to minimize prediction errors. Achieving this tuning is a non-trivial task, as it involves navigating a high-dimensional parameter space often plagued by local minima, which can hinder conventional gradient-based optimization methods [6].

Moreover, training MLPs necessitates advanced optimization techniques capable of effectively balancing the exploration of the parameter space with the exploitation of promising regions [7]. Traditional methods, such as backpropagation and its variants, frequently encounter difficulties, especially in complex scenarios involving noisy, imbalanced, or incomplete datasets, which are common in cybersecurity applications [8,9]. These shortcomings have driven the development of more sophisticated optimization algorithms that offer the robustness and flexibility required to train MLPs efficiently under such challenging conditions.

Metaheuristic algorithms and artificial intelligence (AI) have revolutionized the field of optimization, enabling the solution of complex problems that have traditionally presented significant difficulties for conventional methods [10]. These advanced techniques leverage natural processes and intelligent algorithms to navigate vast and intricate search spaces, efficiently identifying near-optimal solutions that may be unattainable through standard approaches. Inspired by a range of natural phenomena, including biological evolution, social behaviors of organisms, and physical processes, metaheuristics provide a flexible and dynamic framework for addressing complex optimization problems [11]. This is particularly relevant in the field of cybersecurity, where the adaptive and robust characteristics of metaheuristics can substantially improve the performance of systems such as Multi-Layer Perceptrons (MLPs) in detecting and responding to cyber threats.

AI techniques, particularly machine learning (ML) and deep learning (DL), have significantly enhanced the capabilities of metaheuristic algorithms [12]. ML algorithms analyze large datasets to uncover patterns and relationships, which can then be leveraged to optimize the search strategies employed by metaheuristics. For example, ML models can predict promising regions within the search space, thereby directing metaheuristic algorithms toward more optimal areas [13]. Deep learning, with its capacity to manage complex, high-dimensional data, offers even greater insights, enabling the creation of advanced and adaptive optimization techniques [14]. By integrating AI, metaheuristics become more intelligent and adaptable, continuously refining their search strategies over time, making them particularly suited for the sophisticated requirements of cybersecurity network optimization.

This paper presents a novel optimization algorithm, the Cybersecurity Optimizer (CSO), specifically developed to address these challenges. The CSO integrates strategies from evolutionary computation and adaptive learning to enhance the parameter-tuning process of Multi-Layer Perceptrons (MLPs). By employing this optimizer, MLPs can be trained more efficiently, resulting in improved accuracy and robustness in detecting and mitigating network threats, thereby substantially augmenting the effectiveness of cybersecurity systems.

Motivation and Contribution

The rapidly evolving landscape of cyber threats demands equally adaptive and sophisticated defense mechanisms. While traditional optimization methods have proven effective in more structured environments, they often struggle with the complex, high-dimensional, and non-linear optimization challenges inherent in training neural networks for cybersecurity applications. Enhancing the training efficiency of Multi-Layer Perceptrons (MLPs) for attack detection has become increasingly crucial, as these neural networks are pivotal in identifying subtle patterns and anomalies indicative of potential security breaches. Given the shortcomings of conventional optimization techniques, there is a growing need for innovative approaches capable of navigating intricate optimization landscapes more effectively, delivering robust solutions that are both highly accurate and computationally efficient.

This paper introduces a novel Cybersecurity Optimizer (CSO), specifically designed to address the challenges associated with training Multi-Layer Perceptrons (MLPs) for cybersecurity threat detection. The key contributions of this work are outlined as follows:

• Introduction to a Novel Optimization Algorithm: This paper presents the Cybersecurity Optimizer (CSO), an innovative algorithm that integrates principles from evolutionary computation and adapts them with modern AI techniques. This combination results in a powerful tool designed to converge rapidly to optimal solutions, thereby reducing training time and enhancing the overall performance of MLPs.
• Enhanced MLP Training: By applying the CSO to the MLP training process, we demonstrate significant improvements in the network’s ability to detect and classify cybersecurity threats with greater accuracy compared to MLPs trained with traditional optimization methods.
• Benchmarking Against Standard Optimizers: The CSO is comprehensively compared with other well-established optimization algorithms across a range of standard benchmark functions. This comparison highlights the superior performance of the CSO in terms of both convergence speed and solution quality.
• Real-World Application and Validation: The practical effectiveness of the CSO is validated in a real-world cybersecurity scenario, where it is used to train an MLP for network intrusion detection. The results confirm the optimizer’s capabilities in a practical context, demonstrating its potential for broader applications in cybersecurity technologies.

The remainder of this paper is structured as follows: Section 2 provides a literature review, covering an overview of Multi-Layer Perceptron (MLP) neural networks, their training methodologies, and an introduction to cybersecurity challenges. Section 3 describes the proposed methodology, focusing on the CYO and its mathematical model, which encompasses stages such as initialization, adaptive learning, mutation, crossover, selection, archiving, as well as exploration and exploitation mechanisms. Section 4.2 elaborates on the application of the CYO for training MLPs in attack detection, offering a detailed mathematical model of the cybersecurity-based MLP trainer, including problem representation, the objective function, and the various phases of the algorithm. Section 5 provides an experimental analysis of the CYO, featuring the CEC2022 benchmark functions (F1–F12), and a comparison of the results with other optimization algorithms. This section also presents an analysis of convergence curves, search history curves, trajectory curves, fitness curves, sensitivity analysis, and visualizations using heatmaps, box plots, and histograms. Section 5.2 investigates the application of the CYO for MLP training in attack detection, presenting experimental results on datasets such as NSL-KDD, CICIDS2017, UNSW-NB15, Bot-IoT, and CSE-CIC-IDS2018. This section also discusses real-world applications and validation, the anomaly detection algorithm and architecture, justification for using a supervised approach, and considerations for long-term training. Finally, Section 7 concludes by summarizing the key findings and suggesting future research directions.

2. Literature Review

2.1. Optimization Algorithms

Optimization algorithms can be broadly categorized based on their underlying principles and methodologies. These categories include gradient-based methods, nature-inspired algorithms, swarm intelligence techniques, evolutionary algorithms, and others. Each category encompasses a variety of algorithms that have been developed over time, contributing to the expansive and continuously evolving field of optimization strategies.

Evolutionary Algorithms

Evolutionary programming, a subclass of evolutionary algorithms, is inspired by the processes of natural selection and genetics. These algorithms are designed to solve complex problems by iteratively refining a population of candidate solutions. The core concept involves simulating evolutionary processes such as mutation, selection, and reproduction to converge toward optimal or near-optimal solutions.

The concept of evolutionary programming was first introduced by Fogel et al. in 1966 [15], which laid the groundwork for a range of evolutionary techniques that emerged in later years. A notable advancement in this domain was the development of Evolution Strategies by Rechenberg in 1973 [16], which emphasized the adaptation of strategy parameters to enhance the optimization process.

Another pivotal contribution to the field was the introduction of genetic algorithms by Holland in 1975 [17]. These algorithms utilize operators such as crossover, mutation, and selection to evolve solutions across generations. Additionally, the Differential Search Algorithm, proposed by Civicioglu in 2011 [18], is a significant algorithm that incorporates differential mutation as a key mechanism for improving solutions.

Civicioglu further expanded the range of evolutionary techniques by introducing the Backtracking Optimization Algorithm in 2013 [19]. In 2014, Salimi presented Stochastic Fractal Search [20], which incorporates the concept of fractals to guide the search process. More recently, in 2018, Dhivyaprabha et al. developed the Synergistic Fibroblast Optimization [21], drawing inspiration from the biological behavior of fibroblasts.

The Estimation of Distribution Algorithm, proposed by Mühlenbein and Paaß in 1996 [22], marked a significant shift toward probabilistic modeling in evolutionary computation. Similarly, Differential Evolution, introduced by Storn and Price in 1997 [23], is a highly regarded algorithm known for its simplicity and effectiveness in addressing complex optimization challenges.

Grammatical Evolution, developed by Ryan et al. in 1998 [24], applies genetic algorithm principles to the evolution of programs and expressions. Additionally, Ferreira’s Gene Expression Algorithm, introduced in 2001 [25], extends genetic algorithms to accommodate more advanced representations of candidate solutions.

2.2. Machine Learning in Cybersecurity

Sánchez-Zas et al. [26] proposed three unsupervised machine learning models based on clustering techniques for anomaly detection in streaming cybersecurity logs. The models were evaluated using WSSSE, Silhouette, and training time metrics, with K-Means identified as the optimal algorithm for real-time anomaly detection. Their approach is highly effective for heterogeneous data sources, showcasing significant accuracy compared to other methodologies in the literature.

In the context of the Internet of Things (IoT), Alrowais et al. [27] introduced an automated cybersecurity threat detection model utilizing the Mayfly optimization algorithm combined with the regularized extreme learning machine (MFO-RELM). Their model preprocesses IoT data, applies RELM for classification, and leverages MFO to optimize performance. The proposed method was validated using benchmark datasets, demonstrating superior detection and classification of cybersecurity threats in IoT environments.

Goyal et al. [28] presented discrete mathematical models for phishing attack detection, employing machine learning algorithms such as Logistic Regression, and Support Vector Machines Their study highlights the importance of pre-processing in improving model performance, with XGBoost achieving the highest accuracy on a combined dataset. The use of confusion matrices and ROC curves provides insights into model performance across different datasets, emphasizing the role of continuous refinement in detecting phishing attacks.

Further advancements in the field include work by Rizwanullah et al. [29], who developed a metaheuristics-based approach combined with machine learning for intrusion detection in Unmanned Aerial Vehicles (UAVs). They proposed a feature selection method using quantum invasive weed optimization (QIWO-FS) and a weighted regularized extreme learning machine (WRELM) for classification. Their method was validated with benchmark datasets, demonstrating superior performance in identifying UAV intrusions compared to existing approaches.

Seyed et al. [30] introduced a modular design for an ML-based intrusion detection mechanism in IoT systems. Their framework combines supervised, unsupervised, and reinforcement learning methods to optimize attack detection while minimizing learning costs. The modular approach simplifies the deployment of intrusion detection engines, and their model demonstrated a classification accuracy of 93.66.

Moreover, Alluhaibi [31] explored the application of quantum machine learning (QML) for advanced threat detection. By comparing classical machine learning (CML) models with QML, the study demonstrated the potential for QML to offer significant computational advantages, particularly in real-time threat detection, though the current limitations in quantum hardware still favor CML in practical applications.

Zhukabayeva et al. [32] proposed a traffic analysis and node categorization-aware machine learning framework for intrusion detection and prevention in wireless sensor networks (WSNs) in smart grids. Their approach integrates traffic analysis with Random Forest models, which outperform traditional models like Decision Trees and Logistic Regression, achieving high precision and recall scores. This work significantly contributes to enhancing the security of smart grid infrastructures, emphasizing the importance of securing critical infrastructure for reliable power distribution.

In another study, Jayanthi et al. [33] focused on credit card fraud detection in healthcare by employing new machine learning strategies. Their work introduced clustering and classifier-based models (CCDT, CCLR, and CCRF) to detect fraudulent activities in healthcare transactions. The models demonstrated high accuracy, precision, and sensitivity, with CCRF and CCLR yielding significant improvements over traditional methods, emphasizing the role of ML in mitigating fraud in financial transactions.

Similarly, Khadidos et al. [34] developed a Binary Hunter–Prey Optimization algorithm combined with a machine learning-based phishing attack detection model (BHPO-MLPAD) for the IoT environment. Their approach utilized feature selection and classification, where the Binary Hunter–Prey Optimization algorithm improved the phishing detection process, offering a robust method for identifying and mitigating phishing attacks in IoT devices.

Dutta et al. [35] introduced a novel approach for detecting and classifying fake news using a Chaotic Ant Swarm with Weighted Extreme Learning Machine (CAS-WELM). The method applies machine learning models to discriminate between fake and real news, optimizing the performance of the classifier through the CAS algorithm. The model demonstrated enhanced outcomes in classifying fake news, providing a valuable tool for addressing misinformation in cybersecurity.

2.3. Overview of Multi-Layer Perceptron Neural Networks

Multi-Layer Perceptron (MLP) neural networks are a prominent class of feedforward artificial neural networks commonly employed in machine learning and artificial intelligence [36]. The architecture of an MLP consists of multiple layers of nodes, also referred to as neurons, which are organized in a hierarchical structure. These layers typically include an input layer, one or more hidden layers, and an output layer. Each neuron in one layer is fully connected to every neuron in the subsequent layer, creating a densely connected network [37].

2.3.1. Architecture

The architecture of an MLP is characterized by the number of layers and the number of neurons within each layer. The input layer is responsible for receiving the data, with each neuron corresponding to a feature from the input dataset. The hidden layers handle the majority of the computational processing through a combination of weighted inputs and biases. The output layer generates the final prediction or classification outcome based on the calculations performed by the network [38].

2.3.2. Activation Functions

An essential aspect of MLPs is the activation function employed in the neurons, particularly within the hidden layers. Common activation functions, such as the sigmoid, hyperbolic tangent (tanh), and Rectified Linear Unit (ReLU), introduce non-linearities into the network, enabling MLPs to learn and model intricate patterns in the data. These functions play a critical role by allowing the network to learn non-linear decision boundaries, which are crucial for tasks such as classification and regression [39].

2.3.3. Training

MLPs are generally trained using a supervised learning approach, where the network learns from a labeled dataset. The most widely used training method is backpropagation, often paired with an optimization technique such as gradient descent. During training, the network iteratively adjusts the weights and biases of the neurons to minimize the discrepancy between its predictions and the actual target values. The error is quantified by a loss function, such as Mean Squared Error (MSE) for regression tasks or cross-entropy loss for classification tasks. The optimizer then updates the weights to reduce this loss over successive training epochs [40].

Owing to their versatility and effectiveness, MLPs are employed in a wide range of applications across multiple domains. In the field of cybersecurity, for example, MLPs are used to detect anomalous behavior in network traffic, identify phishing websites, and classify different types of malware [41]. Beyond cybersecurity, these networks are applied in areas such as image recognition, speech recognition, financial forecasting, and numerous other fields where pattern recognition and predictive modeling are crucial [42].

2.4. Overview of Cybersecurity

Cybersecurity is a critical field dedicated to safeguarding computers, networks, programs, and data from unauthorized access, alteration, or destruction [43]. It encompasses a wide range of strategies, technologies, and processes aimed at defending systems and data against cyber threats. These threats include malware, phishing, ransomware, and advanced persistent threats (APTs), all of which pose significant security risks in today’s digital environment. Malware refers to malicious software designed to harm or exploit systems, while phishing involves fraudulent attempts to acquire sensitive information through deceptive communications. Ransomware is a form of malware that encrypts data and demands payment for its release. APTs, on the other hand, are long-term, targeted attacks in which adversaries gain unauthorized access to networks and remain undetected for extended periods to steal information or disrupt operations. As digital infrastructures become increasingly essential to both business and personal activities, the importance of cybersecurity has grown, driven by the rising sophistication and frequency of cyberattacks [44].

One of the primary challenges in cybersecurity is the ever-changing nature of security threats. Emerging technologies frequently introduce new and complex vulnerabilities, making them attractive targets for cybercriminals. Furthermore, the increasing volume of data generated by both individuals and organizations broadens the range of potential attack vectors that must be secured. This requires adaptive, dynamic, and continuously updated security strategies to protect sensitive information and ensure the integrity of systems [45].

Cybersecurity covers several critical domains: Network Security focuses on safeguarding data as it travels across networks [46]; Application Security seeks to protect software and devices from threats by ensuring secure development practices; Information Security ensures the integrity and privacy of data both at rest and in transit [47]; Operational Security involves the procedures and decisions related to managing and protecting data assets; Disaster Recovery and Business Continuity planning addresses how organizations respond to cybersecurity incidents or events that disrupt operations or result in data loss; and End-User Education reduces risks by training users in security best practices.

To confront these challenges, a range of cybersecurity techniques and technologies are utilized. Cryptographic methods, such as encryption, are employed to secure data both at rest and in transit [48]. Access control systems verify users’ identities and ensure they have the appropriate permissions to access resources. Malware protection tools detect and eliminate malicious software [49]. Security Information and Event Management (SIEM) systems provide real-time analysis of security alerts generated by network hardware and applications [50]. Additionally, firewalls and Intrusion Detection Systems (IDSs) serve as defensive barriers against external threats and monitor network traffic for signs of suspicious activities [51].

Recent advancements in artificial intelligence (AI) and machine learning (ML) are reshaping the implementation of cybersecurity defenses. These technologies enable the prediction of emerging threats, detection of malware through behavioral analysis, and automation of response strategies, allowing for the swift analysis of large data volumes. The incorporation of AI has become a critical element in the development of next-generation cybersecurity solutions [52].

3. Methodology

3.1. Cybersecurity Optimizer (CYO)

The Cybersecurity Optimizer (CYO) exemplifies the convergence of evolutionary computation techniques with core principles inherent to cybersecurity frameworks. This optimizer embodies an adaptive and resilient approach, reminiscent of advanced cybersecurity systems that evolve dynamically to counteract emerging threats and adapt to complex environments. Employing adaptive differential evolution, the optimizer fine-tunes scaling factors (SFs) and crossover rates (CRs) in a dynamic manner based on a success-history adaptation mechanism similar to SHADE (Success-History Adaptation of Differential Evolution). This approach mirrors cybersecurity strategies where defense mechanisms are continually updated in response to evolving threats, utilizing adaptive learning to optimize threat detection and response strategies.

Moreover, the incorporation of an archival mechanism to retain and potentially reintegrate previous solutions into the population pool is analogous to cybersecurity practices that leverage historical attack data to predict and mitigate future threats. This ensures a diverse genetic pool within the optimizer, enhancing its robustness and preventing premature convergence—a strategy akin to maintaining robust defenses against a variety of attack vectors in cybersecurity.

The optimizer also integrates a hybrid mutation strategy, employing both random and best solution mutations. This dual approach reflects a layered defense strategy typical in cybersecurity, which combines randomized elements (to decrease predictability and enhance security) with targeted adaptations based on identified vulnerabilities.

The CYO not only utilizes evolutionary computation methods optimized for adaptive and robust performance but also strategically integrates these methodologies with cybersecurity principles, ensuring it is particularly well suited for navigating and securing complex, dynamic problem landscapes like those encountered in cybersecurity challenges.

3.1.1. Mathematical Model

The Cybersecurity Optimizer as shown in Algorithm 1, is a sophisticated algorithm that emulates adaptive and resilient behaviors found in cybersecurity systems by integrating evolutionary strategies to tackle complex optimization challenges. The algorithm begins with an Initialization Phase, where a random seed is set, and an initial population is generated within the defined bounds, laying the foundation for the evolutionary process. Following this, it transitions into the Adaptive Learning Phase, which utilizes dynamic memory structures for scaling factors and crossover rates. This allows the algorithm to adapt its mutation and crossover strategies based on previous successes, thereby improving its efficiency in exploring and exploiting the solution space.

In the Defense Mechanism Phase, the optimizer performs mutation and crossover operations to produce new candidate solutions, which are then evaluated for their fitness. The fittest solutions are retained to guide future generations, mirroring the continuous improvement processes inherent in cybersecurity defenses. The final stage, known as the Evaluation and Update Phase, involves selecting superior solutions based on their performance and updating the solution archive, ensuring the algorithm’s robustness and adaptability across iterations.

This carefully structured sequence of phases allows the Cybersecurity Optimizer to maintain an essential balance between diversification and intensification, which is critical for navigating complex and dynamic optimization landscapes.

Algorithm 1. Cybersecurity Optimizer Algorithm

1: Input: $pop\_size$, $Max\_iter$, $lb$, $ub$, $dim$, $fobj$   2: Output: $bestFitness$, $bestSolution$, $convergenceCurve$   3: Initialize random seed according to Equation (3)   4: Initialize population $P\left(0\right)$ according to Equation (4)   5: Initialize $Memor{y}_{SF}$ and $Memor{y}_{CR}$ according to Equations (5) and (6)   6: $bestFitness\leftarrow \infty$   7: $convergenceCurve\leftarrow$ array of size $Max\_iter$ filled with zeros   8: for $iter=1$ to $Max\_iter$ do   9:     for $i=1$ to $pop\_size$ do 10:         Select $mem\_idx$ randomly 11:         Calculate $C{R}_i$ and $S{F}_i$ using Equation (7) 12:         $pbest\leftarrow$ select one of the top performers in P 13:         Select $r1$, $r2$ randomly from population and archive 14:         Generate mutant vector $V_i^{\left(g\right)}$ using Equation (8) 15:         Perform crossover to generate $U_i^{\left(g\right)}$ using Equation (9) 16:         if $f\left(U_i^{\left(g\right)}\right)<f\left(P\left[i\right]\right)$ then 17:            $P\left[i\right]\leftarrow U_i^{\left(g\right)}$ 18:            Update fitness if $f\left(U_i^{\left(g\right)}\right)<bestFitness$ 19:            $bestFitness\leftarrow f\left(U_i^{\left(g\right)}\right)$ 20:            $bestSolution\leftarrow U_i^{\left(g\right)}$ 21:         end if 22:     end for 23:     $convergenceCurve\left[iter\right]\leftarrow bestFitness$ 24: end for 25: return $bestFitness$, $bestSolution$, $convergenceCurve$

3.1.2. Exploration and Exploitation

In optimization algorithms, exploration and exploitation are fundamental processes that dictate the algorithm’s efficiency in navigating the solution space. The CYO effectively balances these two processes, drawing inspiration from cybersecurity practices, where the identification of potential vulnerabilities (exploration) must be complemented by strengthening existing defenses (exploitation).

Exploration pertains to the optimizer’s ability to investigate new, unexplored areas of the solution space, while exploitation involves enhancing solutions that are already known to be effective. The optimizer’s success in maintaining this equilibrium is crucial for ensuring efficient global and local search, enabling it to avoid becoming stuck in local optima while progressing toward the global optimum.

In the Cybersecurity Optimizer, exploration is primarily achieved through mutation and crossover operations. The hybrid mutation strategy, as defined in Equation (8), generates new candidate solutions by integrating components from the top-performing individuals ($X_{pbest}^{\left(g\right)}$) and randomly selected individuals ($X_{r1}^{\left(g\right)}$ and $X_{r2}^{\left(g\right)}$). This process introduces diversity into the population, thereby allowing the optimizer to explore novel regions of the solution space. The scaling factor ($S{F}_i$), which is dynamically modified via the memory mechanism (refer to Equation (6)), ensures that mutation intensity is varied throughout the optimization process, promoting exploration in the early stages and decreasing it as the population converges.

Additionally, the crossover operation, detailed in Equation (9), further enhances exploration by blending genetic material from the mutant vector and the current individual. The crossover rate ($C{R}_i$) is adaptively tuned using a success-history-based learning mechanism, which permits the optimizer to regulate the extent of exploration as it advances through generations.

Conversely, exploitation is facilitated by the selection process, where superior solutions are retained and utilized to direct the search in subsequent iterations. As illustrated in Equation (10), individuals that surpass the current best solutions are preserved, allowing the optimizer to capitalize on promising regions of the solution space. The archival mechanism further bolsters exploitation by storing superior solutions from prior generations, ensuring their reintegration into the population when necessary, akin to how cybersecurity systems leverage past attack data to enhance contemporary defense strategies.

The adaptive learning phase, governed by Equations (3)–(7), plays a pivotal role in balancing exploration and exploitation. By dynamically adjusting the scaling factor and crossover rate based on previous successes, the optimizer ensures that exploration is prioritized during the initial stages of optimization when the solution space is largely unexplored. As the algorithm progresses, exploitation gains prominence, guiding the search toward optimal solutions by refining the most promising areas within the search space.

This dynamic adaptation mechanism enables the CYO to maintain flexibility and robustness, allowing it to efficiently traverse complex, multidimensional optimization landscapes while preventing premature convergence. By maintaining a careful balance between exploration and exploitation, the optimizer is particularly adept at addressing the evolving challenges of cybersecurity, where identifying new attack vectors and reinforcing known defenses are both imperative.

4. Cybersecurity-Based MLP Trainer

The cybersecurity-based Multi-Layer Perceptron (MLP) trainer (See Algorithm 2) is an advanced optimization algorithm specifically developed to improve the training process of neural networks for cyber threat detection. By utilizing evolutionary computation techniques alongside cybersecurity principles, the trainer ensures high accuracy and robustness in identifying malicious activities. It reformulates the MLP training problem in a manner that is compatible with meta-heuristic approaches, optimizing the neural network’s weights and biases to maximize classification, approximation, or prediction accuracy.

In this method, the variables being optimized are the weights and biases of the MLP. The Cybersecurity Optimizer utilizes adaptive differential evolution, where key parameters such as scaling factors (SFs) and crossover rates (CRs) are dynamically adjusted through a success-history adaptation mechanism. This approach facilitates continuous adaptation and evolution of the training process, closely emulating the adaptive behaviors observed in advanced cybersecurity systems.

The trainer employs an archival mechanism that retains successful solutions from previous generations and reintegrates them into the current population, similar to the way historical attack data are used in cybersecurity strategies. This mechanism helps preserve genetic diversity within the population, preventing premature convergence and improving the overall robustness of the MLP training process.

The trainer also utilizes a hybrid mutation strategy, which combines random mutations with mutations based on the best-performing solutions. This dual approach mirrors the layered defense strategies often employed in cybersecurity, balancing the introduction of randomness to avoid predictability with targeted adaptations to address known vulnerabilities. As a result, the optimizer not only improves the efficiency of MLP training but also aligns with the dynamic and adaptive characteristics of effective cybersecurity defenses.

4.1. Mathematical Model for Cybersecurity-Based MLP Trainer

This section introduces a mathematical model tailored to enhance the performance of a Multi-Layer Perceptron (MLP) trainer for cybersecurity applications. The model focuses on optimizing the training process using evolutionary computation techniques to improve attack detection accuracy and robustness.

4.1.1. Problem Representation

Variables (Weights and Biases):

$$\mathbf{V}=\{W,\theta \}=\{W_{1,1},W_{1,2},\dots ,W_{n,n},{\theta }_1,{\theta }_2,\dots ,{\theta }_h\}$$

(1)

where n represents the number of input nodes, $W_{i,j}$ denotes the connection weight between the i-th input node and the j-th node, and ${\theta }_j$ refers to the bias (or threshold) associated with the j-th hidden node.

4.1.2. Objective Function

The goal of training a Multi-layer Perceptron (MLP) is to minimize the Mean Squared Error (MSE) across the entire set of training samples, as shown in Equation (2):

$$\mathrm{MSE}={\displaystyle \frac{1}{s}}\sum _{k=1}^s\sum _{i=1}^m{(o_i^k-d_i^k)}^2$$

(2)

where s is the number of training samples, m is the number of output units, $d_i^k$ represents the desired output of the i-th output unit for the k-th training sample, and $o_i^k$ represents the actual output of the i-th output unit for the k-th training sample.

4.1.3. Initialization Phase

Random Seed Initialization:

$$\mathrm{seed}=\mathrm{rand}(seed,\sum 100\times \mathrm{clock})$$

(3)

Population Initialization:

$$P\left(0\right)=lb+(ub-lb)\times \mathrm{rand}(\text{pop\_size},\dim )$$

(4)

Adaptive Learning Phase

Memory Structures:

$${\mathrm{Memory}}_{SF}=0.5\times {\mathbf{1}}_{\text{memory\_size}}$$

(5)

$${\mathrm{Memory}}_{CR}=0.5\times {\mathbf{1}}_{\text{memory\_size}}$$

(6)

Dynamic Adaptation:

$$\begin{array}{cc}\hfill C{R}_i& =\mathrm{normrnd}({\mathrm{Memory}}_{CR}\left[\text{mem\_idx}\right],0.1),\hfill \\ \hfill S{F}_i& ={\mathrm{Memory}}_{SF}\left[\text{mem\_idx}\right]+0.1\times \tan (\pi \times (\mathrm{rand}-0.5))\hfill \end{array}$$

(7)

4.1.4. Defense Mechanism Phase

Mutation:

$$V_i^{\left(g\right)}=X_i^{\left(g\right)}+S{F}_i\times (X_{pbest}^{\left(g\right)}-X_i^{\left(g\right)}+X_{r1}^{\left(g\right)}-X_{r2}^{\left(g\right)})$$

(8)

Crossover:

$$U_{ij}^{\left(g\right)}=\left\{\begin{array}{cc}{V}_{ij}^{\left(g\right)}\hfill & \mathrm{if}\mathrm{rand}\le C{R}_i\mathrm{or}j=\mathrm{jrand},\hfill \\ X_{ij}^{\left(g\right)}\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

(9)

4.1.5. Evaluation and Update Phase

Selection:

$$X_i^{(g+1)}=\left\{\begin{array}{cc}{U}_i^{\left(g\right)}\hfill & \mathrm{if}f\left(U_i^{\left(g\right)}\right)<f\left(X_i^{\left(g\right)}\right),\hfill \\ X_i^{\left(g\right)}\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

(10)

Archiving:

$$A^{(g+1)}=A^{\left(g\right)}\cup \left\{X_i^{(g+1)}\right|f\left(X_i^{(g+1)}\right)<f\left(X_i^{\left(g\right)}\right)\}$$

(11)

4.2. Algorithm Steps

The cybersecurity-based Multi-Layer Perceptron (MLP) trainer steps are shown in Algorithm 2.

Algorithm 2. Cybersecurity-Based MLP Trainer

1: Input: $pop\_size$, $Max\_iter$, $lb$, $ub$, $dim$, $fobj$   2: Output: $bestFitness$, $bestSolution$, $convergenceCurve$   3: Initialize random seed according to Equation (3)   4: Initialize population $P\left(0\right)$ according to Equation (4)   5: Initialize $Memor{y}_{SF}$ and $Memor{y}_{CR}$ according to Equations (5) and (6)   6: $bestFitness\leftarrow \infty$   7: $convergenceCurve\leftarrow$ array of size $Max\_iter$ filled with zeros   8: for $iter=1$ to $Max\_iter$ do   9:     for $i=1$ to $pop\_size$ do 10:         Select $mem\_idx$ randomly 11:         Calculate $C{R}_i$ and $S{F}_i$ using Equation (7) 12:         $pbest\leftarrow$ select one of the top performers in P 13:         Select $r1$, $r2$ randomly from population and archive 14:         Generate mutant vector $V_i^{\left(g\right)}$ using Equation (8) 15:         Perform crossover to generate $U_i^{\left(g\right)}$ using Equation (9) 16:         if $f\left(U_i^{\left(g\right)}\right)<f\left(P\left[i\right]\right)$ then 17:            $P\left[i\right]\leftarrow U_i^{\left(g\right)}$ 18:            Update fitness if $f\left(U_i^{\left(g\right)}\right)<bestFitness$ 19:            $bestFitness\leftarrow f\left(U_i^{\left(g\right)}\right)$ 20:            $bestSolution\leftarrow U_i^{\left(g\right)}$ 21:         end if 22:     end for 23:     $convergenceCurve\left[iter\right]\leftarrow bestFitness$ 24:     Update archive $A^{(g+1)}$ with better solutions using Equation (11) 25: end for 26: return $bestFitness$, $bestSolution$, $convergenceCurve$

4.3. Computational Complexity and Deployment Potential of Anomaly Detection Algorithm

In this section, we evaluate the computational complexity and deployment feasibility of the anomaly detection algorithm, specifically within the framework of an inline architecture Intrusion Prevention/Detection System (IPS/IDS). The cybersecurity-focused MLP trainer utilizes adaptive differential evolution as its optimization method, which introduces certain computational overheads and latency challenges, particularly in real-time applications. Here, we will examine these factors in detail and assess their implications.

4.3.1. Computational Complexity

The computational complexity of the algorithm can be evaluated by analyzing its key components. The initial phase involves population initialization, during which a set of candidate solutions is generated. Each solution represents a collection of weights and biases for the MLP model. The complexity of this step is determined by the population size P and the total number of parameters to be optimized, represented as $n_{\mathrm{params}}$, which corresponds to the total number of weights and biases in the MLP. Thus, the computational complexity of the population initialization is expressed by Equation (12):

$$O(P·n_{\mathrm{params}})$$

(12)

After the population has been initialized, each candidate solution must be evaluated using the objective function. In the context of training an MLP, this objective function is typically the Mean Squared Error (MSE) calculated over the training dataset. The computational complexity of evaluating the MSE for each individual in the population can be represented as $O(P·f)$, where f denotes the complexity of computing the MSE across the dataset. Since the MSE is dependent on the number of training samples s, the number of inputs n, and the number of outputs m, the overall complexity of evaluating the objective function is outlined in Equation (13)

$$f=O(s·n·m)$$

(13)

Thus, the total computational complexity of the algorithm over all iterations is expressed as shown in Equation (14):

$$O(G·P·s·n·m)$$

(14)

where G is the number of generations, P is the population size, s is the number of training samples, n is the number of inputs, and m is the number of outputs.

Beyond the evaluation of the objective function, the algorithm also performs operations such as mutation, crossover, and selection, which are applied to every individual within the population. These operations exhibit a linear relationship with both the population size and the dimensionality of the solution space, denoted by the number of parameters $n_{\mathrm{params}}$. The computational complexity of these operations is captured in Equation (15):

$$O(G·P·n_{\mathrm{params}})$$

(15)

Combining the above terms, the total computational complexity of the anomaly detection algorithm is summarized in Equation (16):

$$O(G·P·s·n·m)$$

(16)

This complexity demonstrates that the computational load increases with the number of generations G, the population size P, as well as the intricacy of the MLP model and the dataset.

4.3.2. Deployment Potential and Latency in IPS/IDS

In a real-time Intrusion Prevention/Detection System (IPS/IDS), minimizing latency is essential to ensure the timely detection and prevention of cyber threats. The evolutionary nature of the anomaly detection algorithm introduces latency challenges due to the significant number of function evaluations and iterations across multiple generations.

The training phase of the algorithm focuses on optimizing the weights and biases of the MLP using differential evolution, a process that is computationally intensive. Due to the high complexity, as indicated in Equation (16), this phase is more appropriate for offline training environments, where the algorithm can be allowed sufficient time to converge to an optimal solution. Conducting training in an online or real-time setting would result in considerable delays, rendering it unsuitable for real-time intrusion detection applications.

Once the training phase is completed, the deployment phase utilizes the trained MLP for real-time anomaly detection. In this stage, the computational complexity is significantly reduced, as making predictions only requires forward propagation through the network. The complexity of this operation is linear with respect to the number of inputs n and outputs m, as illustrated in Equation (17):

$$O(n·m)$$

(17)

This lower complexity makes the deployment phase more suitable for real-time detection, where latency must be minimized.

5. Experimental Analysis of the Cybersecurity Optimizer

First, we test the performance of the Cybersecurity Optimizer as a standalone optimizer for solving optimization problems; then, we test its ability with MLP to solve security issues.

5.1. Description of the CEC2022 Benchmark Functions F1 to F12

The CEC2022 benchmark functions, as outlined in

Table 1. Benchmark functions utilized in the 2022 IEEE Congress on Evolutionary Computation (CEC2022) [54].

No.	Category	Function Description	${\mathbf{f}}_{\mathbf{min}}$
F1	Unimodal	Shifted and Fully Rotated Zakharov Function	300
F2	Multimodal	Shifted and Fully Rotated Rosenbrock’s Function	400
F3		Shifted and Fully Rotated Expanded Schaffer’s f6 Function	600
F4		Shifted and Fully Rotated Non-Continuous Rastrigin’s Function	800
F5		Shifted and Fully Rotated Levy Function	900
F6	Hybrid	Hybrid Function 1 (N = 3)	1800
F7		Hybrid Function 2 (N = 6)	2000
F8		Hybrid Function 3 (N = 5)	2200
F9	Composition	Composition function 1 (N = 5)	2300
F10		Composition function 2 (N = 4)	2400
F11		Composition function 3 (N = 5)	2600
F12		Composition function 4 (N = 6)	2700

, provide a comprehensive suite of test problems designed to evaluate the performance of optimization algorithms across a variety of problem landscapes. These functions encompass different types, including unimodal, multimodal, hybrid, and composition functions, each aimed at testing specific aspects of an optimizer’s performance [53]. Unimodal functions assess an algorithm’s exploitation capability, while multimodal functions test its exploration potential in avoiding local optima. Hybrid and composition functions, which combine features from the other categories, offer complex landscapes that challenge an algorithm’s ability to balance exploration and exploitation dynamically. These benchmark functions are widely used by researchers to evaluate the efficiency, robustness, and adaptability of both novel and established optimization techniques in controlled yet challenging scenarios.

The functions F1 to F12 used in this study are part of the widely recognized benchmark suite from the 2022 IEEE Congress on Evolutionary Computation (CEC2022). These benchmark functions are specifically crafted to rigorously assess the performance of optimization algorithms by presenting them with a wide range of problem types, each possessing unique characteristics. Each function represents a distinct class of optimization problems, differing in terms of modality, separability, and the inclusion of noise, thereby making them highly suitable for evaluating algorithms under varying and challenging conditions.

The Unimodal Function F1, referred to as the Shifted and Fully Rotated Zakharov Function, represents a unimodal problem, characterized by a single global optimum. This function is designed to evaluate the exploitation capabilities of optimization algorithms, as they must efficiently converge to the global optimum without becoming trapped in local minima. The complexity of this function is heightened by the shifting and rotating of the search space, which hinders the algorithms from easily identifying the optimal search direction.

The Multimodal Functions F2 to F5 represent optimization problems characterized by the presence of multiple local optima in the search space. These functions are designed to assess the exploration capabilities of algorithms, specifically their ability to avoid premature convergence to local optima and successfully locate the global optimum. F2 is the Shifted and Fully Rotated Rosenbrock’s Function, a non-separable function that contains a narrow valley leading to the global minimum, thus requiring algorithms with strong search capabilities. F3, the Shifted and Fully Rotated Expanded Schaffer’s f6 Function, is known for its sharp peaks and ridges, making it particularly challenging for algorithms to traverse the search space effectively. F4, the Shifted and Fully Rotated Non-Continuous Rastrigin’s Function, is a non-differentiable function with numerous local minima, testing the robustness of algorithms under difficult conditions. Lastly, F5 is the Shifted and Fully Rotated Levy Function, which introduces abrupt changes in the landscape, rendering it highly deceptive and difficult to optimize.

The Hybrid Functions F6 to F8 are hybrid benchmark functions, which combine multiple distinct optimization problems into a single, more complex function. Each Hybrid Function consists of components that differ in terms of difficulty, modality, and structure, presenting additional challenges to the optimization algorithms. F6, Hybrid Function 1 (N = 3), integrates three distinct sub-functions with varying characteristics, requiring the algorithm to adapt to different search landscapes within a single problem. F7, Hybrid Function 2 (N = 6), introduces six different components, necessitating greater flexibility from the algorithm to handle changes in modality and separability. Finally, F8, Hybrid Function 3 (N = 5), tests the algorithm’s ability to strike a balance between exploration and exploitation across five distinct sub-problems within one optimization task.

The composition functions F9 to F12 represent the most complex set of benchmark functions within this suite. Each composition function is constructed by combining several sub-functions into a single optimization problem, where each component is assigned a weight based on its level of difficulty. This design simulates real-world problems, where optimization landscapes can exhibit significant variation across different regions. F9, composition function 1 (N = 5), consists of five sub-functions with varying complexity and modality, creating a highly rugged search space with multiple global and local optima. F10, composition function 2 (N = 4), reduces the number of sub-functions but increases the complexity of interactions among them, testing the algorithm’s adaptability. F11, composition function 3 (N = 5), incorporates five sub-functions with differing levels of separability, challenging the algorithm to address both separable and non-separable problems simultaneously. Finally, F12, composition function 4 (N = 6), presents the highest level of complexity with six distinct components, offering the most rigorous test of an algorithm’s ability to optimize across diverse and challenging problem structures.

The selection of these benchmark functions is essential for evaluating the robustness and generalization ability of optimization algorithms. By testing on unimodal, multimodal, hybrid, and composition functions, we can thoroughly assess an algorithm’s capability to efficiently exploit search spaces in unimodal settings, explore highly complex multimodal landscapes with multiple local optima, adapt to sudden changes in problem characteristics within Hybrid Functions, and manage the extreme variability and complexity encountered in composition functions, which closely resemble real-world optimization challenges. These functions, thus, provide a balanced set of optimization tasks, allowing us to evaluate the strengths and limitations of the proposed algorithm under varying conditions, and ensuring its relevance and applicability across a broad spectrum of practical problems.

5.2. Compared Algorithms

In this section, we present a comparative analysis of various optimization algorithms, highlighting their names, acronyms, and the year of introduction. These algorithms, drawn from a wide range of evolutionary and swarm intelligence techniques, are widely used for solving complex optimization problems in diverse fields.

Table 2. Summary of Compared Optimization algorithms.

Acronym	Algorithm Name	Year
SSOA	Synergistic Swarm Optimization Algorithm [55]	2024
FLO	Frilled Lizard Optimization [56]	2024
CPO	Chinese Pangolin Optimizer [57]	2024
FVIM	Four Vector Optimizer [58]	2024
SHIO	Success History Intelligent Optimizer [59]	2022
ZOA	Zebra Optimization Algorithm [60]	2022
DOA	Dingo Optimization Algorithm [61]	2021
ROA	Remora Optimization Algorithm [62]	2021
AO	Aquila Optimizer [63]	2021
CHIMP	Chimp Optimization Algorithm [64]	2020
STOA	Sooty Tern Optimization Algorithm [65]	2019
SOA	Seagull Optimization Algorithm [66]	2019
SCSO	Sand Cat Optimization Algorithm [67]	2023
MVO	Multi-Verse Optimizer [68]	2016
WOA	Whale Optimization Algorithm [69]	2016
SCA	Sine Cosine Algorithm [70]	2016
MFO	Moth–Flame Optimization Algorithm [71]	2015
GWO	Grey Wolf Optimizer [72]	2014
PSO	Particle Swarm Optimization [73]	1995
SA	Simulated Annealing Algorithm [74]	1983
GA	Genetic Algorithm [75]	1960

provides a comprehensive list of the algorithms that will be compared in this study, alongside their references. The selection includes both recently developed and well-established optimization methods, offering a broad perspective on current optimization trends.

5.3. Results and Discussion for Cybersecurity Optimizer in Solving CEC2022 Optimization Problems

Table 3. Comparison of test results of Cybersecurity Optimizer with different algorithms on CEC2022 (F1–F12), FES = 1000, Dim = 10.

Function	Measure	Cybersecurity	Chimp	CPO	ROA	CMAES	GWO	WOA	MFO	WSO	SHIO	ZOA	DOA	HHO
F1	Mean	3.00 × 103	2.00 × 103	5.21 × 103	7.15 × 103	2.97 × 104	3.06 × 103	1.65 × 104	9.51 × 102	7.97 × 102	5.64 × 103	8.03 × 102	1.17 × 104	3.10 × 102
	Std	3.97 × 10−3	1.37 × 103	4.87 × 103	2.13 × 103	1.49 × 104	2.42 × 103	9.26 × 103	1.46 × 103	5.93 × 102	2.96 × 103	6.47 × 102	7.57 × 103	7.01 × 100
	SEM	1.78 × 10−3	6.13 × 102	2.18 × 103	9.52 × 102	6.66 × 103	1.08 × 103	4.14 × 103	6.51 × 102	2.65 × 102	1.32 × 103	2.90 × 102	3.39 × 103	3.13 × 100
		1	6	8	10	13	7	12	5	3	9	4	11	2
F2	Mean	4.18 × 102	5.22 × 102	4.35 × 102	8.51 × 102	7.52 × 102	4.41 × 102	4.84 × 102	4.26 × 102	4.01 × 102	4.53 × 102	4.42 × 102	4.72 × 102	4.20 × 102
	Std	3.00 × 101	8.47 × 101	3.55 × 101	2.10 × 102	1.02 × 102	2.72 × 101	1.04 × 102	2.81 × 101	1.88 × 100	3.66 × 101	3.95 × 101	3.14 × 101	2.96 × 101
	SEM	1.34 × 101	3.79 × 101	1.59 × 101	9.39 × 101	4.57 × 101	1.22 × 101	4.63 × 101	1.26 × 101	8.41 × 10−1	1.64 × 101	1.77 × 101	1.40 × 101	1.32 × 101
		2	11	5	13	12	6	10	4	1	8	7	9	3
F3	Mean	6.00 × 102	6.31 × 102	6.48 × 102	6.43 × 102	6.21 × 102	6.02 × 102	6.43 × 102	6.00 × 102	6.01 × 102	6.05 × 102	6.21 × 102	6.31 × 102	6.41 × 102
	Std	2.07 × 10−2	6.16 × 100	8.44 × 100	1.03 × 101	2.87 × 101	1.89 × 100	1.86 × 101	2.94 × 10−1	1.90 × 100	5.17 × 100	3.78 × 100	8.64 × 100	1.17 × 101
	SEM	9.27 × 10−3	2.76 × 100	3.78 × 100	4.60 × 100	1.28 × 101	8.47 × 10−1	8.32 × 100	1.32 × 10−1	8.51 × 10−1	2.31 × 100	1.69 × 100	3.87 × 100	5.22 × 100
		1	9	13	11	7	4	12	2	3	5	6	8	10
F4	Mean	8.14 × 102	8.40 × 102	8.31 × 102	8.41 × 102	8.22 × 102	8.15 × 102	8.34 × 102	8.29 × 102	8.14 × 102	8.18 × 102	8.51 × 102	8.37 × 102	8.26 × 102
	Std	4.54 × 100	7.51 × 100	2.68 × 100	6.63 × 100	9.18 × 100	4.76 × 100	1.09 × 101	1.03 × 101	4.84 × 100	7.92 × 100	5.51 × 100	8.92 × 100	6.80 × 100
	SEM	2.03 × 100	3.36 × 100	1.20 × 100	2.96 × 100	4.10 × 100	2.13 × 100	4.88 × 100	4.62 × 100	2.17 × 100	3.54 × 100	2.47 × 100	3.99 × 100	3.04 × 100
		1	11	8	12	5	3	9	7	2	4	13	10	6
F5	Mean	9.12 × 102	1.21 × 103	1.61 × 103	1.49 × 103	9.00 × 102	9.16 × 102	1.61 × 103	1.10 × 103	9.28 × 102	9.46 × 102	1.02 × 103	1.16 × 103	1.45 × 103
	Std	2.29 × 101	2.34 × 102	1.83 × 102	2.42 × 102	0.00 × 100	9.12 × 100	3.70 × 102	2.74 × 102	3.07 × 101	3.71 × 101	4.48 × 101	1.57 × 102	2.03 × 102
	SEM	1.02 × 101	1.05 × 102	8.19 × 101	1.08 × 102	0.00 × 100	4.08 × 100	1.65 × 102	1.23 × 102	1.37 × 101	1.66 × 101	2.00 × 101	7.01 × 101	9.06 × 101
		2	9	13	11	1	3	12	7	4	5	6	8	10
F6	Mean	1.81 × 103	1.71 × 106	3.16 × 103	1.87 × 106	1.23 × 107	5.90 × 103	3.05 × 103	2.76 × 103	1.83 × 103	3.63 × 103	2.93 × 103	3.35 × 103	6.31 × 103
	Std	4.10 × 100	1.52 × 106	1.73 × 103	2.94 × 106	1.09 × 107	3.07 × 103	8.88 × 102	1.39 × 103	1.14 × 101	1.39 × 103	1.29 × 103	2.33 × 103	5.63 × 103
	SEM	1.83 × 100	6.80 × 105	7.73 × 102	1.32 × 106	4.87 × 106	1.37 × 103	3.97 × 102	6.23 × 102	5.08 × 100	6.20 × 102	5.76 × 102	1.04 × 103	2.52 × 103
		1	11	6	12	13	9	5	3	2	8	4	7	10
F7	Mean	2.01 × 103	2.06 × 103	2.10 × 103	2.10 × 103	2.10 × 103	2.03 × 103	2.09 × 103	2.02 × 103	2.02 × 103	2.06 × 103	2.06 × 103	2.07 × 103	2.05 × 103
	Std	9.29 × 100	1.07 × 101	7.56 × 101	4.38 × 101	5.74 × 101	1.04 × 101	2.03 × 101	5.82 × 100	1.01 × 101	3.36 × 101	1.51 × 101	1.66 × 101	1.58 × 101
	SEM	4.15 × 100	4.80 × 100	3.38 × 101	1.96 × 101	2.57 × 101	4.65 × 100	9.07 × 100	2.60 × 100	4.52 × 100	1.50 × 101	6.76 × 100	7.44 × 100	7.08 × 100
		1	7	11	12	13	4	10	3	2	8	6	9	5
F8	Mean	2.22 × 103	2.33 × 103	2.25 × 103	2.27 × 103	2.25 × 103	2.22 × 103	2.24 × 103	2.22 × 103	2.22 × 103	2.23 × 103	2.23 × 103	2.23 × 103	2.23 × 103
	Std	7.44 × 100	5.62 × 101	5.36 × 101	7.38 × 100	1.36 × 101	8.92 × 100	9.10 × 100	2.24 × 100	9.27 × 100	4.27 × 100	2.72 × 100	4.50 × 100	2.90 × 100
	SEM	3.33 × 100	2.51 × 101	2.40 × 101	3.30 × 100	6.09 × 100	3.99 × 100	4.07 × 100	1.00 × 100	4.15 × 100	1.91 × 100	1.22 × 100	2.01 × 100	1.29 × 100
		1	13	11	12	10	2	9	4	3	8	5	6	7
F9	Mean	2.53 × 103	2.57 × 103	2.60 × 103	2.71 × 103	2.56 × 103	2.58 × 103	2.57 × 103	2.53 × 103	2.53 × 103	2.59 × 103	2.64 × 103	2.64 × 103	2.61 × 103
	Std	3.62 × 10−11	1.41 × 101	5.22 × 101	2.55 × 101	4.33 × 101	2.79 × 101	5.79 × 101	1.63 × 100	2.11 × 100	3.22 × 101	4.24 × 101	4.93 × 101	5.04 × 101
	SEM	1.62 × 10−11	6.32 × 100	2.33 × 101	1.14 × 101	1.94 × 101	1.25 × 101	2.59 × 101	7.29 × 10−1	9.44 × 10−1	1.44 × 101	1.89 × 101	2.20 × 101	2.26 × 101
		1	5	9	13	4	7	6	2	3	8	12	11	10
F10	Mean	2.50 × 103	2.78 × 103	2.81 × 103	2.71 × 103	3.22 × 103	2.59 × 103	2.58 × 103	2.53 × 103	2.50 × 103	2.82 × 103	2.53 × 103	2.56 × 103	2.72 × 103
	Std	7.73 × 10−2	6.18 × 102	4.74 × 102	1.62 × 102	8.52 × 102	5.20 × 101	7.84 × 101	5.89 × 101	8.44 × 10−1	3.95 × 102	6.55 × 101	7.73 × 101	2.31 × 102
	SEM	3.45 × 10−2	2.76 × 102	2.12 × 102	7.24 × 101	3.81 × 102	2.32 × 101	3.51 × 101	2.63 × 101	3.77 × 10−1	1.77 × 102	2.93 × 101	3.46 × 101	1.03 × 102
		1	10	11	8	13	7	6	3	2	12	4	5	9
F11	Mean	2.63 × 103	3.44 × 103	2.69 × 103	3.40 × 103	3.00 × 103	2.88 × 103	2.80 × 103	2.76 × 103	2.70 × 103	3.00 × 103	2.91 × 103	3.01 × 103	2.87 × 103
	Std	6.73 × 101	2.79 × 102	1.39 × 102	5.23 × 102	2.78 × 102	1.68 × 102	1.32 × 102	1.07 × 102	1.44 × 102	4.57 × 102	2.46 × 102	3.42 × 102	1.97 × 102
	SEM	3.01 × 101	1.25 × 102	6.21 × 101	2.34 × 102	1.24 × 102	7.52 × 101	5.92 × 101	4.79 × 101	6.43 × 101	2.04 × 102	1.10 × 102	1.53 × 102	8.79 × 101
		1	13	2	12	9	7	5	4	3	10	8	11	6
F12	Mean	2.86 × 103	2.88 × 103	2.89 × 103	2.95 × 103	2.88 × 103	2.86 × 103	2.88 × 103	2.86 × 103	2.87 × 103	2.88 × 103	2.94 × 103	2.89 × 103	2.92 × 103
	Std	1.52 × 100	1.51 × 101	1.65 × 101	8.53 × 101	6.04 × 100	9.36 × 10−1	1.16 × 101	9.49 × 10−1	6.15 × 100	2.17 × 101	5.83 × 101	2.06 × 101	4.16 × 101
	SEM	6.80 × 10−1	6.76 × 100	7.36 × 100	3.82 × 101	2.70 × 100	4.19 × 10−1	5.18 × 100	4.24 × 10−1	2.75 × 100	9.70 × 100	2.61 × 101	9.21 × 100	1.86 × 101
		1	6	9	13	7	2	5	3	4	8	12	10	11

and

Table 4. Comparison of test results of Cybersecurity Optimizer with different algorithms on CEC2022 (F1–F12), FES = 2000, Dim = 20.

Fun.	Statistics	Cybersecurity	Chimp	CPO	ROA	CMAES	GWO	WOA	MFO	WSO	SHIO	ZOA	DOA	HHO
F1	Mean	1.22 × 103	2.21 × 104	2.56 × 104	4.58 × 104	8.07 × 104	1.36 × 104	1.53 × 104	3.98 × 104	6.69 × 103	1.50 × 104	8.36 × 103	4.40 × 104	1.34 × 103
	Std	6.72 × 102	3.46 × 103	1.79 × 104	7.78 × 103	1.69 × 104	3.69 × 103	4.46 × 103	3.99 × 104	2.43 × 103	4.13 × 103	2.87 × 103	1.17 × 104	5.99 × 102
	SEM	3.00 × 102	1.55 × 103	7.99 × 103	3.48 × 103	7.54 × 103	1.65 × 103	1.99 × 103	1.79 × 104	1.09 × 103	1.85 × 103	1.28 × 103	5.23 × 103	2.68 × 102
	Rank	1	8	9	12	13	5	7	10	3	6	4	11	2
F2	Mean	4.53 × 102	8.47 × 102	4.56 × 102	2.08 × 103	1.12 × 103	5.03 × 102	5.40 × 102	4.77 × 102	5.19 × 102	5.71 × 102	6.14 × 102	1.57 × 103	4.70 × 102
	Std	8.41 × 100	1.96 × 102	1.05 × 101	4.76 × 102	2.76 × 102	3.02 × 101	5.35 × 101	3.03 × 101	5.47 × 101	5.18 × 101	8.88 × 101	6.60 × 102	8.56 × 100
	SEM	3.76 × 100	8.78 × 101	4.68 × 100	2.13 × 102	1.23 × 102	1.35 × 101	2.39 × 101	1.36 × 101	2.45 × 101	2.32 × 101	3.97 × 101	2.95 × 102	3.83 × 100
	Rank	1	10	2	13	11	5	7	4	6	8	9	12	3
F3	Mean	6.00 × 102	6.59 × 102	6.60 × 102	6.66 × 102	6.40 × 102	6.07 × 102	6.65 × 102	6.21 × 102	6.13 × 102	6.18 × 102	6.41 × 102	6.67 × 102	6.54 × 102
	Std	3.88 × 10−2	1.46 × 101	1.52 × 101	9.60 × 100	3.73 × 101	3.29 × 100	4.66 × 100	1.14 × 101	5.77 × 100	7.28 × 100	1.23 × 101	1.37 × 101	9.63 × 100
	SEM	1.73 × 10−2	6.54 × 100	6.79 × 100	4.30 × 100	1.67 × 101	1.47 × 100	2.08 × 100	5.09 × 100	2.58 × 100	3.26 × 100	5.52 × 100	6.14 × 100	4.31 × 100
	Rank	1	9	10	12	6	2	11	5	3	4	7	13	8
F4	Mean	8.45 × 102	9.30 × 102	8.96 × 102	9.68 × 102	9.09 × 102	8.48 × 102	9.21 × 102	8.87 × 102	8.52 × 102	8.47 × 102	8.54 × 102	9.39 × 102	8.80 × 102
	Std	8.75 × 100	1.16 × 101	5.78 × 100	2.42 × 101	3.89 × 101	1.06 × 101	5.15 × 101	2.12 × 101	2.00 × 101	1.18 × 101	1.62 × 101	2.85 × 101	1.26 × 101
	SEM	3.91 × 100	5.19 × 100	2.58 × 100	1.08 × 101	1.74 × 101	4.75 × 100	2.30 × 101	9.50 × 100	8.95 × 100	5.28 × 100	7.24 × 100	1.27 × 101	5.62 × 100
	Rank	1	11	8	13	9	3	10	7	4	2	5	12	6
F5	Mean	1.38 × 103	2.54 × 103	2.58 × 103	3.74 × 103	9.00 × 102	1.50 × 103	4.47 × 103	3.41 × 103	2.17 × 103	1.79 × 103	1.78 × 103	2.75 × 103	2.84 × 103
	Std	3.68 × 102	3.97 × 102	6.51 × 102	6.48 × 102	0.00 × 100	4.08 × 102	1.85 × 103	1.06 × 103	9.36 × 102	5.67 × 102	2.25 × 102	6.32 × 102	2.80 × 102
	SEM	1.65 × 102	1.77 × 102	2.91 × 102	2.90 × 102	0.00 × 100	1.83 × 102	8.25 × 102	4.74 × 102	4.19 × 102	2.53 × 102	1.01 × 102	2.83 × 102	1.25 × 102
	Rank	2	7	8	12	1	3	13	11	6	5	4	9	10
F6	Mean	2.17 × 103	7.95 × 106	6.04 × 103	9.55 × 108	1.90 × 108	1.19 × 106	1.31 × 104	5.81 × 106	5.18 × 103	2.66 × 105	3.96 × 106	2.09 × 108	7.10 × 104
	Std	4.87 × 102	4.73 × 106	7.63 × 103	7.06 × 108	1.51 × 108	2.51 × 106	6.90 × 103	1.30 × 107	4.89 × 103	3.56 × 105	8.40 × 106	2.38 × 108	4.16 × 104
	SEM	2.18 × 102	2.12 × 106	3.41 × 103	3.16 × 108	6.73 × 107	1.12 × 106	3.09 × 103	5.80 × 106	2.19 × 103	1.59 × 105	3.76 × 106	1.06 × 108	1.86 × 104
	Rank	1	10	3	13	11	7	4	9	2	6	8	12	5
F7	Mean	2.04 × 103	2.17 × 103	2.34 × 103	2.18 × 103	2.22 × 103	2.10 × 103	2.20 × 103	2.13 × 103	2.07 × 103	2.14 × 103	2.12 × 103	2.17 × 103	2.24 × 103
	Std	9.70 × 100	1.71 × 101	1.62 × 102	4.33 × 101	5.91 × 101	4.89 × 101	6.53 × 101	5.25 × 101	3.33 × 101	1.80 × 101	2.36 × 101	4.17 × 101	1.09 × 102
	SEM	4.34 × 100	7.66 × 100	7.23 × 101	1.94 × 101	2.64 × 101	2.19 × 101	2.92 × 101	2.35 × 101	1.49 × 101	8.03 × 100	1.05 × 101	1.87 × 101	4.85 × 101
	Rank	1	7	13	9	11	3	10	5	2	6	4	8	12
F8	Mean	2.22 × 103	2.38 × 103	2.49 × 103	2.31 × 103	2.42 × 103	2.23 × 103	2.26 × 103	2.34 × 103	2.22 × 103	2.26 × 103	2.29 × 103	2.40 × 103	2.24 × 103
	Std	5.53 × 10−1	2.32 × 101	2.47 × 102	5.96 × 101	7.11 × 101	2.23 × 100	3.15 × 101	2.56 × 101	1.13 × 100	6.11 × 101	8.26 × 101	2.41 × 102	1.06 × 101
	SEM	2.47 × 10−1	1.04 × 101	1.11 × 102	2.66 × 101	3.18 × 101	9.96 × 10−1	1.41 × 101	1.14 × 101	5.03 × 10−1	2.73 × 101	3.69 × 101	1.08 × 102	4.73 × 100
	Rank	2	10	13	8	12	3	5	9	1	6	7	11	4
F9	Mean	2.48 × 103	2.55 × 103	2.49 × 103	2.99 × 103	2.76 × 103	2.51 × 103	2.53 × 103	2.52 × 103	2.49 × 103	2.58 × 103	2.67 × 103	2.76 × 103	2.49 × 103
	Std	5.52 × 10−6	5.92 × 100	3.65 × 100	3.26 × 102	1.21 × 102	2.79 × 101	1.82 × 101	2.36 × 101	9.85 × 100	3.25 × 101	1.82 × 102	8.78 × 101	7.60 × 100
	SEM	2.47 × 10−6	2.65 × 100	1.63 × 100	1.46 × 102	5.40 × 101	1.25 × 101	8.13 × 100	1.05 × 101	4.41 × 100	1.45 × 101	8.15 × 101	3.93 × 101	3.40 × 100
	Rank	1	8	2	13	11	5	7	6	3	9	10	12	4
F10	Mean	2.50 × 103	6.26 × 103	5.41 × 103	6.64 × 103	6.77 × 103	3.59 × 103	4.43 × 103	4.01 × 103	2.74 × 103	2.86 × 103	3.23 × 103	4.96 × 103	3.38 × 103
	Std	9.43 × 10−2	1.41 × 102	2.25 × 103	3.64 × 102	2.69 × 102	7.58 × 102	1.38 × 103	8.45 × 102	3.25 × 102	6.20 × 102	9.45 × 102	2.14 × 103	3.50 × 102
	SEM	4.22 × 10−2	6.29 × 101	1.00 × 103	1.63 × 102	1.20 × 102	3.39 × 102	6.16 × 102	3.78 × 102	1.45 × 102	2.77 × 102	4.23 × 102	9.56 × 102	1.56 × 102
	Rank	1	11	10	12	13	6	8	7	2	3	4	9	5
F11	Mean	2.95 × 103	5.48 × 103	2.96 × 103	6.62 × 103	6.56 × 103	3.64 × 103	3.18 × 103	4.45 × 103	2.97 × 103	4.07 × 103	4.91 × 103	7.68 × 103	3.05 × 103
	Std	6.35 × 101	5.64 × 102	5.45 × 101	1.07 × 103	1.79 × 103	3.35 × 102	3.33 × 102	7.93 × 102	2.22 × 102	7.75 × 102	9.59 × 102	6.84 × 102	1.24 × 102
	SEM	2.84 × 101	2.52 × 102	2.44 × 101	4.79 × 102	8.00 × 102	1.50 × 102	1.49 × 102	3.55 × 102	9.92 × 101	3.47 × 102	4.29 × 102	3.06 × 102	5.56 × 101
	Rank	1	10	2	12	11	6	5	8	3	7	9	13	4
F12	Mean	2.94 × 103	3.12 × 103	3.26 × 103	3.44 × 103	3.06 × 103	2.97 × 103	3.06 × 103	2.95 × 103	3.14 × 103	3.01 × 103	3.31 × 103	3.21 × 103	3.08 × 103
	Std	3.10 × 100	5.62 × 101	1.59 × 102	1.70 × 102	1.74 × 101	2.15 × 101	4.05 × 101	5.95 × 100	8.26 × 101	2.05 × 101	5.25 × 101	1.86 × 102	1.13 × 102
	SEM	1.39 × 100	2.51 × 101	7.11 × 101	7.62 × 101	7.76 × 100	9.60 × 100	1.81 × 101	2.66 × 100	3.70 × 101	9.15 × 100	2.35 × 101	8.32 × 101	5.06 × 101
	Rank	1	8	11	13	5	3	6	2	9	4	12	10	7

provide a comprehensive comparison of the performance of the CYO against several state-of-the-art optimization algorithms. The comparison is based on the results obtained from testing various algorithms on the CEC2022 benchmark suite (functions F1 through F12) across different dimensions (Dim = 10 and Dim = 20) and with a fixed number of function evaluations (FES = 1000 and FES = 2000). Each table presents statistical metrics, including the mean, standard deviation (Std), and standard error of the mean (SEM) for each function, enabling a detailed evaluation of the CYO in terms of convergence speed, accuracy, and robustness. The results are compared with other optimization algorithms, such as the Chimp Optimizer, CMAES, GWO, and HHO, among others.

For each function, the algorithms are ranked according to their performance, as shown in the tables. These rankings offer a clear indication of the relative standing of the CYO compared to its peers across various problem landscapes, highlighting both its strengths and any areas where its performance may be less competitive. This detailed ranking facilitates an in-depth analysis of the CYO in both low- and high-dimensional optimization problems.

Furthermore, the comparative performance of the CYO across various CEC2022 benchmark functions, as summarized in Table 3 and Table 4, demonstrates its competitive and often superior optimization capabilities. For function F1, the CYO achieved a significantly lower mean value compared to other well-established algorithms, such as Chimp, CPO, and ROA, underscoring its effective exploitation capabilities in simpler landscapes. In more complex scenarios, such as function F5, the optimizer continues to deliver robust performance, closely matching or even outperforming advanced optimizers like HHO and MFO. This trend is consistent across several test functions, where the CYO frequently ranks among the top performers. Notably, its adaptability is further emphasized in mixed-modality functions (e.g., F7 and F10), where it effectively balances exploration and exploitation, enabling it to navigate diverse problem spaces and locate near-optimal solutions.

The results of the CYO on the CEC2022 benchmark functions (F1–F12) are presented in Table 4, highlighting its superior optimization capabilities. The optimizer consistently ranks highly across various test functions, demonstrating robust performance across different problem landscapes.

For example, in F1, the CYO achieves the lowest mean value of $3.00\times {10}^2$ and the smallest standard error (SEM) of $1.78\times {10}^{-3}$, securing the first rank. This performance surpasses that of competing algorithms such as Chimp, CMAES, and GWO, which display higher variability in their results. The low mean and SEM values underscore the optimizer’s efficiency in quickly and accurately reaching optimal solutions.

In F2, the CYO continues to perform strongly, with a mean of $4.18\times {10}^2$, securing a top position (2nd place). This result indicates the optimizer’s adaptability to medium-difficulty functions. In comparison to algorithms like CPO and ROA, which rank lower and exhibit higher standard deviations, the CYO demonstrates superior stability and consistency.

Across more challenging functions such as F5, F7, and F10, the CYO consistently ranks within the top three, demonstrating its resilience and adaptability. In F5, the optimizer achieves a mean value of $9.12\times {10}^2$ with a standard deviation of $2.29\times {10}^1$, highlighting its competitive performance despite the increased complexity of the problem. The optimizer’s consistent high ranking across functions of varying difficulty underscores its robust balance between exploration and exploitation, both of which are critical for optimizing complex landscapes.

The performance of the CYO in F6 is particularly remarkable, as it attains a mean value of $1.81\times {10}^3$, outperforming several other algorithms that exhibit higher variability and larger mean values. Its low standard error and minimal variability emphasize the reliability of the CYO, especially when applied to functions that demand precise exploration of the solution space.

The CYO consistently outperforms traditional algorithms such as CMAES, WOA, and Chimp across the CEC2022 benchmark suite. Not only does it achieve superior mean values, but it also exhibits lower standard deviations, indicating greater stability and efficiency. This exceptional performance is a testament to the optimizer’s dynamic adaptability to diverse problem landscapes, ensuring a strong balance between diversification (exploration) and intensification (exploitation).

Similarly, when applied to the CEC2017 benchmark functions (F1–F15), as shown in

Table 5. Comparison of test results of Cybersecurity Optimizer with different algorithms on CEC2017 (F1–F15), FES = 1000, Dim = 10.

Function	Statistics	Cybersecurity	Chimp	CPO	ROA	WOA	MFO	WSO	SHIO	ZOA	DOA	HHO
F1	Mean	1.41 × 107	2.49 × 1010	6.48 × 105	4.49 × 1010	1.52 × 109	1.21 × 1010	5.09 × 109	7.26 × 109	1.12 × 1010	4.67 × 1010	2.99 × 107
	Std	2.13 × 107	5.31 × 109	5.91 × 105	4.23 × 109	9.10 × 108	8.70 × 109	3.00 × 109	4.53 × 109	2.55 × 109	8.41 × 109	8.83 × 106
	SEM	8.71 × 106	2.17 × 109	2.41 × 105	1.73 × 109	3.71 × 108	3.55 × 109	1.23 × 109	1.85 × 109	1.04 × 109	3.43 × 109	3.60 × 106
	Rank	2	9	1	10	4	8	5	6	7	11	3
F2	Mean	6.17 × 1018	1.42 × 1034	2.48 × 1024	2.18 × 1046	5.03 × 1032	8.39 × 1036	4.65 × 1027	1.10 × 1033	9.65 × 1033	6.76 × 1048	2.25 × 1024
	Std	1.37 × 1019	1.68 × 1034	4.61 × 1024	5.33 × 1046	1.20 × 1033	1.82 × 1037	1.12 × 1028	2.53 × 1033	2.10 × 1034	1.66 × 1049	5.14 × 1024
	SEM	5.59 × 1018	6.86 × 1033	1.88 × 1024	2.18 × 1046	4.89 × 1032	7.42 × 1036	4.59 × 1027	1.03 × 1033	8.58 × 1033	6.76 × 1048	2.10 × 1024
	Rank	1	8	3	10	5	9	4	6	7	11	2
F3	Mean	2.22 × 104	1.08 × 105	5.00 × 104	8.55 × 104	2.63 × 105	1.19 × 105	4.19 × 104	5.80 × 104	4.15 × 104	7.49 × 104	4.43 × 104
	Std	5.00 × 103	1.50 × 104	7.94 × 103	6.63 × 103	4.34 × 104	3.22 × 104	1.88 × 104	1.45 × 104	3.68 × 103	1.17 × 104	9.66 × 103
	SEM	2.04 × 103	6.14 × 103	3.24 × 103	2.71 × 103	1.77 × 104	1.31 × 104	7.69 × 103	5.94 × 103	1.50 × 103	4.76 × 103	3.94 × 103
	Rank	1	9	5	8	11	10	3	6	2	7	4
F4	Mean	5.33 × 102	6.73 × 103	5.08 × 102	1.33 × 104	8.58 × 102	1.05 × 103	1.18 × 103	7.36 × 102	1.64 × 103	1.34 × 104	5.71 × 102
	Std	3.33 × 101	3.86 × 103	5.59 × 101	4.11 × 103	2.68 × 102	3.93 × 102	8.78 × 102	1.20 × 102	1.15 × 103	6.70 × 103	2.64 × 101
	SEM	1.36 × 101	1.58 × 103	2.28 × 101	1.68 × 103	1.10 × 102	1.60 × 102	3.58 × 102	4.91 × 101	4.70 × 102	2.74 × 103	1.08 × 101
	Rank	2	9	1	10	5	6	7	4	8	11	3
F5	Mean	6.36 × 102	8.26 × 102	7.93 × 102	9.29 × 102	8.11 × 102	7.23 × 102	6.64 × 102	6.85 × 102	7.36 × 102	8.89 × 102	7.45 × 102
	Std	1.46 × 101	4.37 × 101	1.71 × 101	1.19 × 101	3.10 × 101	4.10 × 101	4.60 × 101	2.52 × 101	2.72 × 101	2.97 × 101	2.55 × 101
	SEM	5.96 × 100	1.79 × 101	6.98 × 100	4.87 × 100	1.26 × 101	1.67 × 101	1.88 × 101	1.03 × 101	1.11 × 101	1.21 × 101	1.04 × 101
	Rank	1	9	7	11	8	4	2	3	5	10	6
F6	Mean	6.07 × 102	6.78 × 102	6.68 × 102	6.81 × 102	6.73 × 102	6.37 × 102	6.43 × 102	6.40 × 102	6.55 × 102	6.72 × 102	6.67 × 102
	Std	1.63 × 100	9.01 × 100	3.73 × 100	1.21 × 101	1.26 × 101	8.23 × 100	1.11 × 101	1.09 × 101	8.03 × 100	1.05 × 101	4.87 × 100
	SEM	6.64 × 10−1	3.68 × 100	1.52 × 100	4.92 × 100	5.15 × 100	3.36 × 100	4.53 × 100	4.46 × 100	3.28 × 100	4.27 × 100	1.99 × 100
	Rank	1	10	7	11	9	2	4	3	5	8	6
F7	Mean	9.55 × 102	1.26 × 103	1.20 × 103	1.43 × 103	1.31 × 103	1.01 × 103	1.06 × 103	9.98 × 102	1.16 × 103	1.36 × 103	1.30 × 103
	Std	2.82 × 101	7.03 × 101	9.20 × 101	8.06 × 101	5.00 × 101	1.35 × 102	6.33 × 101	1.12 × 102	5.44 × 101	2.44 × 101	5.49 × 101
	SEM	1.15 × 101	2.87 × 101	3.76 × 101	3.29 × 101	2.04 × 101	5.49 × 101	2.58 × 101	4.57 × 101	2.22 × 101	9.94 × 100	2.24 × 101
	Rank	1	7	6	11	9	3	4	2	5	10	8
F8	Mean	9.21 × 102	1.09 × 103	9.91 × 102	1.14 × 103	1.03 × 103	1.03 × 103	9.18 × 102	9.37 × 102	9.58 × 102	1.13 × 103	9.89 × 102
	Std	2.12 × 101	1.99 × 101	1.59 × 101	3.24 × 101	5.29 × 101	8.13 × 101	2.86 × 101	2.73 × 101	2.43 × 101	3.70 × 101	2.50 × 101
	SEM	8.66 × 100	8.14 × 100	6.50 × 100	1.32 × 101	2.16 × 101	3.32 × 101	1.17 × 101	1.11 × 101	9.91 × 100	1.51 × 101	1.02 × 101
	Rank	2	9	6	11	8	7	1	3	4	10	5
F9	Mean	2.33 × 103	8.63 × 103	1.06 × 104	1.11 × 104	9.74 × 103	7.56 × 103	8.03 × 103	5.25 × 103	4.17 × 103	8.29 × 103	8.70 × 103
	Std	6.43 × 102	1.72 × 103	3.67 × 103	1.95 × 103	2.26 × 103	8.83 × 102	1.22 × 103	1.95 × 103	5.68 × 102	2.94 × 103	6.03 × 102
	SEM	2.63 × 102	7.02 × 102	1.50 × 103	7.98 × 102	9.24 × 102	3.60 × 102	4.99 × 102	7.98 × 102	2.32 × 102	1.20 × 103	2.46 × 102
	Rank	1	7	10	11	9	4	5	3	2	6	8
F10	Mean	5.37 × 103	8.81 × 103	5.53 × 103	8.78 × 103	6.81 × 103	5.42 × 103	5.38 × 103	5.56 × 103	5.08 × 103	8.97 × 103	5.85 × 103
	Std	3.53 × 102	2.00 × 102	2.36 × 102	3.73 × 102	6.64 × 102	1.03 × 103	1.52 × 103	1.44 × 103	5.89 × 102	3.08 × 102	6.10 × 102
	SEM	1.44 × 102	8.18 × 101	9.65 × 101	1.52 × 102	2.71 × 102	4.22 × 102	6.19 × 102	5.88 × 102	2.40 × 102	1.26 × 102	2.49 × 102
	Rank	2	10	5	9	8	4	3	6	1	11	7
F11	Mean	1.27 × 103	4.60 × 103	1.51 × 103	1.02 × 104	5.95 × 103	2.88 × 103	1.44 × 103	3.74 × 103	2.31 × 103	7.67 × 103	1.30 × 103
	Std	3.89 × 101	4.29 × 102	7.64 × 101	3.22 × 103	2.80 × 103	1.41 × 103	1.57 × 102	6.04 × 102	8.25 × 102	4.70 × 103	2.94 × 101
	SEM	1.59 × 101	1.75 × 102	3.12 × 101	1.31 × 103	1.14 × 103	5.75 × 102	6.40 × 101	2.47 × 102	3.37 × 102	1.92 × 103	1.20 × 101
	Rank	1	8	4	11	9	6	3	7	5	10	2
F12	Mean	2.30 × 106	6.69 × 109	1.11 × 107	6.79 × 109	2.90 × 108	2.49 × 108	7.62 × 107	8.78 × 108	2.48 × 108	1.06 × 1010	2.54 × 107
	Std	1.46 × 106	3.33 × 109	6.07 × 106	2.25 × 109	2.63 × 108	3.65 × 108	9.93 × 107	8.35 × 108	1.33 × 108	5.39 × 109	1.87 × 107
	SEM	5.97 × 105	1.36 × 109	2.48 × 106	9.19 × 108	1.07 × 108	1.49 × 108	4.06 × 107	3.41 × 108	5.43 × 107	2.20 × 109	7.62 × 106
	Rank	1	9	2	10	7	6	4	8	5	11	3
F13	Mean	2.88 × 104	4.55 × 109	7.41 × 104	2.87 × 109	1.02 × 106	8.49 × 105	1.06 × 106	1.95 × 107	1.94 × 107	3.15 × 109	6.86 × 105
	Std	1.87 × 104	2.61 × 109	5.04 × 104	2.84 × 109	1.38 × 106	1.82 × 106	2.53 × 106	4.76 × 107	4.73 × 107	4.45 × 109	2.12 × 105
	SEM	7.62 × 103	1.07 × 109	2.06 × 104	1.16 × 109	5.62 × 105	7.45 × 105	1.03 × 106	1.94 × 107	1.93 × 107	1.82 × 109	8.66 × 104
	Rank	1	11	2	9	5	4	6	8	7	10	3
F14	Mean	1.59 × 103	7.59 × 105	6.39 × 105	3.58 × 106	1.76 × 106	1.15 × 105	6.36 × 103	2.02 × 105	4.11 × 105	6.55 × 104	4.70 × 105
	Std	7.28 × 101	8.99 × 105	5.42 × 105	4.11 × 106	2.46 × 106	5.79 × 104	1.14 × 104	3.20 × 105	5.05 × 105	7.27 × 104	4.16 × 105
	SEM	2.97 × 101	3.67 × 105	2.21 × 105	1.68 × 106	1.01 × 106	2.36 × 104	4.64 × 103	1.30 × 105	2.06 × 105	2.97 × 104	1.70 × 105
	Rank	1	9	8	11	10	4	2	5	6	3	7
F15	Mean	3.84 × 103	2.10 × 107	1.44 × 104	9.50 × 108	1.91 × 106	6.51 × 104	2.70 × 103	2.13 × 106	4.20 × 106	7.73 × 105	1.40 × 105
	Std	4.12 × 103	2.41 × 107	1.68 × 103	1.34 × 109	2.22 × 106	4.93 × 104	9.54 × 102	2.61 × 106	6.57 × 106	1.47 × 106	8.54 × 104
	SEM	1.68 × 103	9.82 × 106	6.85 × 102	5.48 × 108	9.06 × 105	2.01 × 104	3.89 × 102	1.07 × 106	2.68 × 106	6.01 × 105	3.49 × 104
	Rank	2	10	3	11	7	4	1	8	9	6	5

, the CYO continues to demonstrate superior performance across most test cases. It consistently ranks within the top three for functions such as F1, F2, and F5, underscoring its robust optimization capabilities across a wide range of function types.

For instance, in F2, the optimizer achieves the lowest mean of $4.53\times {10}^2$ with a small standard deviation, significantly outperforming algorithms such as Chimp, CPO, and ROA. This result highlights the optimizer’s ability to converge rapidly on the optimal solution while maintaining a low error margin, a critical factor in achieving high accuracy for complex optimization tasks.

In F5 and F6, which represent more challenging optimization landscapes, the optimizer maintains low standard deviations and ranks among the top performers. Its ability to navigate these complex landscapes while striking a balance between exploration and exploitation is evident from its superior mean values and lower SEM, ensuring a more stable and reliable search process compared to other methods.

Even in more difficult functions, such as F8, F10, and F12, the CYO remains competitive, frequently ranking within the top three. Its performance across these functions demonstrates its versatility and adaptability, positioning it as a robust option for addressing a wide range of optimization problems.

The results from the CEC2017 benchmark functions (F16–F30) further validate the optimizer’s capabilities, as shown in

Table 6. Comparison of test results of Cybersecurity Optimizer with different algorithms on CEC2017 (F16–F30), FES = 1000, Dim = 10.

Fun	Statistics	Cybersecurity	Chimp	CPO	ROA	WOA	MFO	WSO	SHIO	ZOA	DOA	HHO
F16	Mean	2.49 × 103	4.00 × 103	3.72 × 103	4.70 × 103	3.83 × 103	2.88 × 103	2.46 × 103	2.82 × 103	3.19 × 103	4.46 × 103	3.36 × 103
	Std	1.81 × 102	2.80 × 102	5.26 × 102	2.66 × 102	6.33 × 102	6.77 × 102	3.37 × 102	4.90 × 102	2.57 × 102	1.33 × 103	2.34 × 102
	SEM	7.39 × 101	1.14 × 102	2.15 × 102	1.08 × 102	2.59 × 102	2.76 × 102	1.38 × 102	2.00 × 102	1.05 × 102	5.43 × 102	9.54 × 101
	Rank	2	9	7	11	8	4	1	3	5	10	6
F17	Mean	2.02 × 103	2.96 × 103	2.96 × 103	4.41 × 103	2.71 × 103	2.54 × 103	1.88 × 103	2.37 × 103	2.37 × 103	3.18 × 103	2.50 × 103
	Std	1.27 × 102	1.21 × 102	4.47 × 102	3.32 × 103	1.16 × 102	1.82 × 102	7.53 × 101	2.32 × 102	3.29 × 102	5.82 × 102	2.96 × 102
	SEM	5.19 × 101	4.96 × 101	1.83 × 102	1.36 × 103	4.75 × 101	7.44 × 101	3.07 × 101	9.47 × 101	1.34 × 102	2.38 × 102	1.21 × 102
	Rank	2	8	9	11	7	6	1	4	3	10	5
F18	Mean	3.12 × 104	7.34 × 106	1.96 × 106	4.54 × 107	2.13 × 107	8.77 × 106	5.27 × 104	2.36 × 106	6.50 × 105	1.73 × 106	1.91 × 106
	Std	1.74 × 104	4.80 × 106	1.49 × 106	3.84 × 107	2.30 × 107	1.91 × 107	3.17 × 104	2.08 × 106	9.80 × 105	2.32 × 106	2.34 × 106
	SEM	7.09 × 103	1.96 × 106	6.10 × 105	1.57 × 107	9.39 × 106	7.79 × 106	1.29 × 104	8.49 × 105	4.00 × 105	9.48 × 105	9.54 × 105
	Rank	1	8	6	11	10	9	2	7	3	4	5
F19	Mean	2.23 × 103	5.82 × 107	9.46 × 105	5.89 × 108	1.10 × 107	3.86 × 105	1.31 × 104	1.62 × 106	1.97 × 106	1.42 × 108	7.88 × 105
	Std	2.07 × 102	4.54 × 107	9.96 × 105	5.58 × 108	9.59 × 106	8.58 × 105	6.45 × 103	1.11 × 106	2.61 × 106	2.26 × 108	5.39 × 105
	SEM	8.44 × 101	1.85 × 107	4.07 × 105	2.28 × 108	3.92 × 106	3.50 × 105	2.63 × 103	4.54 × 105	1.06 × 106	9.23 × 107	2.20 × 105
	Rank	1	9	5	11	8	3	2	6	7	10	4
F20	Mean	2.34 × 103	3.15 × 103	3.38 × 103	3.05 × 103	2.87 × 103	2.76 × 103	2.27 × 103	2.66 × 103	2.43 × 103	2.93 × 103	2.68 × 103
	Std	1.49 × 102	2.58 × 102	3.12 × 102	2.48 × 102	1.99 × 102	3.65 × 102	8.06 × 101	1.71 × 102	1.18 × 102	4.17 × 102	1.90 × 102
	SEM	6.09 × 101	1.05 × 102	1.27 × 102	1.01 × 102	8.13 × 101	1.49 × 102	3.29 × 101	6.97 × 101	4.81 × 101	1.70 × 102	7.75 × 101
	Rank	2	10	11	9	7	6	1	4	3	8	5
F21	Mean	2.43 × 103	2.62 × 103	2.59 × 103	2.72 × 103	2.63 × 103	2.48 × 103	2.48 × 103	2.46 × 103	2.51 × 103	2.70 × 103	2.59 × 103
	Std	1.24 × 101	2.65 × 101	5.27 × 101	1.55 × 101	6.98 × 101	4.40 × 101	4.10 × 101	1.97 × 101	4.44 × 101	3.96 × 101	5.19 × 101
	SEM	5.07 × 100	1.08 × 101	2.15 × 101	6.34 × 100	2.85 × 101	1.80 × 101	1.67 × 101	8.05 × 100	1.81 × 101	1.62 × 101	2.12 × 101
	Rank	1	8	6	11	9	4	3	2	5	10	7
F22	Mean	2.40 × 103	9.93 × 103	6.59 × 103	9.97 × 103	7.94 × 103	6.48 × 103	4.03 × 103	7.07 × 103	5.20 × 103	8.82 × 103	7.45 × 103
	Std	8.94 × 101	3.05 × 102	2.13 × 103	6.60 × 102	1.14 × 103	2.02 × 103	1.73 × 103	1.01 × 103	9.89 × 102	1.24 × 103	8.47 × 102
	SEM	3.65 × 101	1.24 × 102	8.70 × 102	2.70 × 102	4.65 × 102	8.24 × 102	7.06 × 102	4.14 × 102	4.04 × 102	5.08 × 102	3.46 × 102
	Rank	1	10	5	11	8	4	2	6	3	9	7
F23	Mean	2.80 × 103	3.11 × 103	3.24 × 103	3.44 × 103	3.08 × 103	2.83 × 103	3.06 × 103	2.88 × 103	3.21 × 103	3.40 × 103	3.29 × 103
	Std	1.64 × 101	4.39 × 101	6.37 × 101	2.09 × 102	6.92 × 101	3.10 × 101	1.06 × 102	3.25 × 101	1.54 × 102	1.76 × 102	1.29 × 102
	SEM	6.72 × 100	1.79 × 101	2.60 × 101	8.53 × 101	2.83 × 101	1.27 × 101	4.34 × 101	1.33 × 101	6.30 × 101	7.18 × 101	5.25 × 101
	Rank	1	6	8	11	5	2	4	3	7	10	9
F24	Mean	2.98 × 103	3.28 × 103	3.68 × 103	3.56 × 103	3.27 × 103	2.97 × 103	3.35 × 103	3.10 × 103	3.47 × 103	3.67 × 103	3.41 × 103
	Std	7.20 × 101	4.94 × 101	2.55 × 102	9.25 × 101	6.47 × 101	2.53 × 101	1.44 × 102	1.58 × 101	8.41 × 101	2.09 × 102	1.40 × 102
	SEM	2.94 × 101	2.01 × 101	1.04 × 102	3.78 × 101	2.64 × 101	1.03 × 101	5.90 × 101	6.47 × 100	3.43 × 101	8.53 × 101	5.72 × 101
	Rank	2	5	11	9	4	1	6	3	8	10	7
F25	Mean	2.93 × 103	4.53 × 103	2.94 × 103	4.63 × 103	3.10 × 103	3.38 × 103	3.11 × 103	3.24 × 103	3.13 × 103	5.07 × 103	2.95 × 103
	Std	3.07 × 101	2.94 × 102	1.39 × 101	1.22 × 102	5.64 × 101	4.47 × 102	1.08 × 102	2.10 × 102	6.84 × 101	7.31 × 102	4.64 × 101
	SEM	1.25 × 101	1.20 × 102	5.66 × 100	4.97 × 101	2.30 × 101	1.83 × 102	4.40 × 101	8.57 × 101	2.79 × 101	2.98 × 102	1.89 × 101
	Rank	1	9	2	10	4	8	5	7	6	11	3
F26	Mean	4.49 × 103	7.20 × 103	7.83 × 103	1.13 × 104	7.24 × 103	5.93 × 103	6.10 × 103	6.54 × 103	8.74 × 103	1.02 × 104	8.05 × 103
	Std	1.15 × 103	4.89 × 102	2.00 × 103	1.19 × 103	1.73 × 103	4.75 × 102	1.55 × 103	8.11 × 102	9.24 × 102	1.05 × 103	8.07 × 102
	SEM	4.70 × 102	2.00 × 102	8.18 × 102	4.84 × 102	7.07 × 102	1.94 × 102	6.33 × 102	3.31 × 102	3.77 × 102	4.29 × 102	3.29 × 102
	Rank	1	5	7	11	6	2	3	4	9	10	8
F27	Mean	3.22 × 103	3.67 × 103	3.61 × 103	4.09 × 103	3.46 × 103	3.24 × 103	3.46 × 103	3.38 × 103	3.95 × 103	3.70 × 103	3.51 × 103
	Std	9.14 × 100	1.21 × 102	2.30 × 102	4.03 × 102	1.31 × 102	1.62 × 101	1.09 × 102	9.99 × 101	2.29 × 102	4.07 × 102	2.29 × 102
	SEM	3.73 × 100	4.93 × 101	9.37 × 101	1.64 × 102	5.33 × 101	6.62 × 100	4.46 × 101	4.08 × 101	9.37 × 101	1.66 × 102	9.34 × 101
	Rank	1	8	7	11	4	2	5	3	10	9	6
F28	Mean	3.29 × 103	5.05 × 103	3.29 × 103	6.86 × 103	3.54 × 103	4.35 × 103	3.51 × 103	4.08 × 103	3.91 × 103	6.48 × 103	3.36 × 103
	Std	6.82 × 101	5.08 × 102	1.89 × 101	1.10 × 103	1.41 × 102	6.49 × 102	1.46 × 102	5.33 × 102	2.69 × 102	8.76 × 102	4.46 × 101
	SEM	2.79 × 101	2.07 × 102	7.72 × 100	4.49 × 102	5.75 × 101	2.65 × 102	5.98 × 101	2.17 × 102	1.10 × 102	3.58 × 102	1.82 × 101
	Rank	1	9	2	11	5	8	4	7	6	10	3
F29	Mean	3.69 × 103	4.83 × 103	5.24 × 103	5.68 × 103	5.10 × 103	4.04 × 103	3.93 × 103	4.18 × 103	5.19 × 103	5.44 × 103	4.77 × 103
	Std	8.86 × 101	3.75 × 102	4.05 × 102	8.31 × 102	2.72 × 102	2.92 × 102	1.78 × 102	2.55 × 102	4.18 × 102	6.42 × 102	3.29 × 102
	SEM	3.62 × 101	1.53 × 102	1.65 × 102	3.39 × 102	1.11 × 102	1.19 × 102	7.26 × 101	1.04 × 102	1.71 × 102	2.62 × 102	1.34 × 102
	Rank	1	6	9	11	7	3	2	4	8	10	5
F30	Mean	4.67 × 104	7.56 × 107	6.96 × 106	6.08 × 108	4.62 × 107	4.30 × 105	7.39 × 105	1.55 × 107	1.25 × 107	1.62 × 108	5.93 × 106
	Std	4.30 × 104	2.27 × 107	6.47 × 106	6.85 × 108	6.12 × 107	5.70 × 105	1.05 × 106	1.20 × 107	8.58 × 106	1.72 × 108	3.42 × 106
	SEM	1.76 × 104	9.27 × 106	2.64 × 106	2.80 × 108	2.50 × 107	2.33 × 105	4.28 × 105	4.89 × 106	3.50 × 106	7.03 × 107	1.40 × 106
	Rank	1	9	5	11	8	2	3	7	6	10	4

. In functions such as F16, F17, and F18, the CYO consistently ranks first or second, demonstrating its proficiency in solving complex optimization problems. The optimizer’s low mean values and standard errors in these functions highlight not only its superior convergence speed but also its reliability, as it consistently delivers performance with minimal variability.

For instance, in F17, the optimizer achieves the best mean value of $2.04\times {10}^3$, along with a low standard deviation, significantly outperforming other algorithms such as CPO and ROA, which exhibit greater variability and lower rankings. The optimizer’s capacity to maintain stable performance, even in complex functions like F18 and F19, underscores its robustness and its effective balance between exploration and exploitation strategies.

In functions such as F20, F21, and F22, the CYO continues to perform strongly, securing top ranks and demonstrating its adaptability across diverse optimization challenges. The consistently low standard error of the mean (SEM) across these functions highlights the optimizer’s ability to maintain reliable performance, positioning it as a robust candidate for complex, real-world applications.

Key Insights from the Results:

• Consistency Across Functions: The CYO consistently ranks highly across diverse functions, demonstrating both versatility and robustness.
• Low Mean and Standard Error: The optimizer achieves some of the lowest mean values and standard errors, indicating faster convergence and more accurate solutions compared to competing algorithms.
• Low Variability: The low standard deviation in several functions highlights the stability of the optimizer, which is crucial for high-stakes applications like cybersecurity.
• Effective Balance of Exploration and Exploitation: The results clearly demonstrate the optimizer’s capacity to balance the exploration of new regions with the exploitation of known high-quality solutions, a critical factor in efficiently navigating complex, high-dimensional problem spaces.
• Superior Performance in Challenging Functions: The optimizer consistently ranks highly in difficult functions such as F5, F7, F10, and F18, showcasing its adaptability to a broad range of problem complexities and difficulties.

These results validate the efficacy of the CYO as a highly effective and reliable optimization technique, especially in dynamic, multi-dimensional problem landscapes, such as those encountered in cybersecurity applications.

The CYO demonstrates superior performance across various CEC2017 benchmark functions (F1–F15) compared to other algorithms, as shown in Table 5. It consistently ranks highly, often achieving the best or near-best mean values and standard errors. For instance, in functions such as F1 through F6, the CYO ranks first or second, showcasing its robust optimization capabilities. It outperforms several algorithms, including Chimp, CPO, and ROA, particularly in F2, where it achieves the lowest mean and standard error. Additionally, the optimizer demonstrates stability, as reflected by the low standard deviations across several functions, such as F5 and F6. Even in more challenging functions like F8, F10, and F12, the optimizer remains competitive, frequently ranking within the top three.

The CYO continues to demonstrate its effectiveness across the CEC2017 benchmark functions (F16–F30), as shown in Table 6, maintaining strong performance against a diverse array of algorithms. It secures top ranks in several functions, such as F16, F17, F18, and F19, where it consistently achieves first or second place, indicating its ability to efficiently navigate complex optimization landscapes. The optimizer’s superior mean values and lower standard errors in these functions underscore its robustness and reliability. For instance, in F16, F17, and F18, it not only achieves the lowest mean values but also exhibits lower variability, reflecting stable performance. Compared to other algorithms like Chimp, CPO, and ROA, which often display higher standard deviations and lower rankings, the CYO demonstrates a balanced approach to exploration and exploitation. This is particularly evident in challenging functions such as F18 and F19, where the optimizer significantly outperforms others by maintaining lower mean and standard error values. Additionally, its performance in functions like F20, F21, and F22 further highlights its versatility and adaptability.

5.4. Convergence Curve Analysis

The convergence curves aas shown in Figure 1 and Figure 2, for functions (F1 through F12) illustrate the optimizer’s performance in minimizing the objective function over iterative cycles, revealing distinct phases in its operational dynamics. Initially, there is a rapid decline in all functions, indicative of the optimizer’s effective exploration capabilities, allowing it to quickly escape local minima and make substantial progress toward global optima. This is particularly evident in functions such as F1 and F6, where the curves sharply drop, suggesting fewer local optima or easier access to global optima, with F6’s curve decreasing by several orders of magnitude, likely on a logarithmic scale.

Functions F2 through F5, as well as F7 and F8, exhibit more gradual declines, implying more rugged search landscapes with a higher number of local minima. Meanwhile, functions F9 through F12 demonstrate a steady decline, reflecting a consistent search process. After the initial rapid improvements, the curves typically plateau, indicating that the optimizer has either reached the vicinity of the optimum or is in the process of refining solutions in regions where further improvements are minimal. This plateau phase is crucial, as it underscores the optimizer’s ability to effectively exploit promising regions.

5.5. Analysis of Search History Curves for CEC2022 Benchmark Functions (F1–F12)

As depicted in Figure 3 and Figure 4, the search history curves for functions F1 through F12 illustrate the exploratory behavior of the CYO across various benchmark functions. In F1, the optimizer demonstrates a broad exploration, with many iterations spanning a wide range of values before concentrating near the origin, indicating extensive search efforts followed by refinement. F2 displays a similarly wide initial search, but with quicker convergence toward the center, suggesting efficient narrowing down of potential solutions.

In F3, the search is more focused, with tighter clustering around the origin, reflecting a well-constrained search space. Functions F4 and F5 exhibit more dispersed trajectories, indicating complex landscapes where the optimizer explores extensively before honing in on promising regions. F6 and F7 present centralized searches with dense clustering near the origin, highlighting effective exploration followed by quick refinement.

The search histories for F8 and F9 show varied exploration paths, demonstrating the optimizer’s adaptability to different problem landscapes. Finally, functions F10 through F12 reveal highly concentrated search trajectories, indicating a rapid focus on the optimal region.

5.6. Trajectory Curve Analysis over CEC2022 Benchmark Functions (F1–F12)

As illustrated in Figure 5 and Figure 6, the trajectory plots for functions F1 through F12 depict the movement of the first particle in the CYO over iterations, revealing its path toward the optimal solution. In F1, the particle initially undergoes rapid changes, descending significantly before stabilizing near zero, indicating a swift approach to the optimal region. F2 shows minimal oscillations and quick stabilization around zero, reflecting a direct and efficient trajectory.

In F3, significant initial oscillations are observed before convergence toward zero, suggesting a more complex search space requiring considerable adjustments. Functions F4 and F5 exhibit early volatility with rapid fluctuations, eventually settling around zero, demonstrating the optimizer’s robustness in handling diverse landscapes. F6 and F7 present smoother trajectories with gradual reductions and eventual stabilization, highlighting effective optimization processes.

The trajectory for F8 features high initial volatility, followed by stabilization near zero, showcasing the optimizer’s adaptability. F9 illustrates significant early fluctuations with gradual convergence toward stability, reflecting the optimizer’s ability to manage complex search spaces. Finally, functions F10 through F12 display trajectories with considerable early fluctuations, followed by a steady path toward zero, demonstrating effective search and convergence mechanisms.

5.7. Average Fitness Curve Analysis over CEC2022 Benchmark Functions (F1–F12)

As illustrated in Figure 7 and Figure 8, the average fitness curves for functions F1 to F12 depict the behavior of the CYO across various benchmark functions. Each plot shows the change in the average fitness value of the particles over iterations. In F1, the average fitness decreases rapidly during the initial iterations, indicating swift improvements in solution quality, before stabilizing at a low value. A similar trend is observed in F2, where there is a sharp decline from a significantly higher initial fitness, showcasing the optimizer’s capability to effectively manage high initial fitness values.

In F3, the fitness decreases gradually over the iterations, suggesting a steady refinement process. Both F4 and F5 exhibit rapid early decreases followed by a plateau, reflecting quick initial gains followed by a period of fine-tuning. The fitness curve for F6 demonstrates a consistent decline, highlighting efficient optimization throughout the entire iteration span.

In F7, a sharp drop is followed by stabilization at a very low fitness, emphasizing the optimizer’s effectiveness. Although F8 starts with a high initial fitness, it significantly reduces over time, with some fluctuations toward the end, indicating the optimizer’s adaptability. F9 shows a steep decline followed by stabilization at a low fitness value. Finally, F10’s curve exhibits steady, continuous improvement throughout the iterations, achieving extremely low fitness values by the end.

5.8. Sensitivity Analysis Heatmaps

The sensitivity analysis heatmaps, as shown in Figure 9 and Figure 10, for functions F1 through F12 illustrate the impact of varying the number of search agents and the maximum number of iterations on the performance of the CYO. In the case of F1, significant fluctuations in the best fitness scores are observed at lower agent counts, with performance improving as the number of search agents increases. Conversely, functions such as F2 and F3 display more stable fitness scores across different numbers of agents and iterations, indicating a less pronounced sensitivity to these parameters.

For functions F4 to F6, a gradual decrease in sensitivity is observed as the number of iterations increases, suggesting that while additional iterations improve convergence, the benefit diminishes as the number of agents rises. Interestingly, for functions F7 through F12, there is a more pronounced sensitivity to the number of agents rather than the number of iterations, with optimal performance occurring at higher agent counts.

5.9. Box Plots

As shown in Figure 11 and Figure 12, the box plots for functions F1 through F10 offer a statistical representation of the optimizer’s performance distributions across multiple runs, illustrating the median, interquartile range, and outliers in the best fitness scores achieved. The median performance, represented by the red line in each box, indicates the typical efficacy of the optimizer for each function, with functions such as F2 and F3 showing a tight median, suggesting consistent results across runs.

The narrow interquartile range observed, particularly in functions F5 through F10, reflects minimal variability in performance, emphasizing the optimizer’s robustness across diverse function landscapes. Notably, the presence of outliers in functions like F6 and F7 indicates runs where the optimizer either significantly exceeded or underperformed relative to typical performance levels, suggesting sensitivity to exceptional conditions that may either enhance or hinder its search strategy. Overall, the consistency in results, particularly for functions F1, F5, and F9, indicates the optimizer’s effectiveness in handling the complexities inherent in these functions.

5.10. Histograms

The histograms of final fitness values across different functions (F1 to F12) as shown in Figure 13 and Figure 14, provide valuable insights into the convergence behavior of the Aurora Optimizer. For instance, the histogram for F12 shows a clustering around 2500.5, indicating tight convergence around this value with minimal outliers. In contrast, F1 exhibits a sharp peak around 301, reflecting extremely tight convergence with almost no variation. Functions such as F6 and F5 display broader spreads in their histograms, suggesting greater variability in the final fitness values achieved by the optimizer.

6. Application of Cybersecurity Optimizer in Training Multi-Layer Perceptions for Attack Detection

In today’s digital age, cybersecurity has become a critical priority as the prevalence and complexity of cyberattacks continue to rise. Safeguarding sensitive data and essential infrastructure requires the implementation of sophisticated defense strategies capable of detecting and neutralizing emerging threats. A promising avenue for improving cybersecurity involves leveraging artificial intelligence (AI) methods, with neural networks, particularly Multi-Layer Perceptrons (MLPs), showing great potential in attack detection. These neural networks can be trained to identify patterns associated with malicious behavior, offering an automated and efficient solution for protecting digital systems.

Training MLPs for attack detection, however, presents significant challenges. The process requires optimizing numerous parameters to achieve high accuracy and robustness against diverse attack vectors. Traditional optimization techniques often fall short in navigating the complex, high-dimensional landscapes typical of neural network training. Consequently, there is a critical need for innovative optimization strategies that can efficiently and effectively train MLPs to detect cyber threats.

In this context, the CYO emerges as a groundbreaking solution. This novel optimizer is inspired by the adaptive and resilient behaviors observed in advanced cybersecurity systems. It leverages evolutionary computation techniques, particularly adaptive differential evolution, to optimize the training of MLPs for attack detection. By dynamically adjusting key parameters such as scaling factors and crossover rates, the CYO mimics the continuous adaptation processes characteristic of robust cybersecurity frameworks. This adaptability ensures that the optimizer remains effective across a diverse range of attack scenarios, thereby enhancing the MLP’s ability to generalize from training data and accurately identify new threats.

Moreover, the CYO incorporates an archival mechanism, enabling it to retain and reintegrate successful solutions from previous generations. This approach is analogous to cybersecurity practices that utilize historical attack data to inform current defense strategies. By maintaining a diverse genetic pool, the optimizer avoids premature convergence, thus enhancing its robustness and ensuring a thorough exploration of the solution space.

Additionally, the optimizer employs a hybrid mutation strategy, which combines random mutations with best-solution mutations. This dual approach mirrors the layered defense strategies often used in cybersecurity, balancing randomness to reduce predictability with targeted adaptations to address identified vulnerabilities. The result is an optimizer that not only improves the training efficiency of MLPs but also aligns closely with the dynamic and adaptive nature of effective cybersecurity defenses.

6.1. Cybersecurity-Based MLP Trainer Results

In this section, the performance of the proposed cybersecurity-based MLP trainer is evaluated using five widely recognized security-related datasets, all obtained from the University of California at Irvine (UCI) Machine Learning Repository. These datasets include NSL-KDD, CICIDS2017, UNSW-NB15, Bot-IoT, and CSE-CIC-IDS2018. The results are further compared against a variety of optimization algorithms, such as Cybersecurity Chimp, CPO, ROA, WOA, MFO, WSO, SHIO, ZOA, DOA, and HHO.

6.2. Experimental Setup

The specifications of the datasets used in the experiments are presented in

Table 7. Specifications of classification datasets.

Classification Datasets	No. of Attributes	No. of Training Samples	No. of Test Samples	No. of Classes
NSL-KDD	41	125,973	22,544	5
CICIDS2017	78	1,048,575	262,144	15
UNSW-NB15	49	175,341	82,332	10
Bot-IoT	35	3,000,000	1,000,000	5
CSE-CIC-IDS2018	80	1,048,576	262,144	15

:

6.3. NSL-KDD Dataset

The NSL-KDD dataset comprises 41 attributes, with 125,973 training samples and 22,544 test samples, distributed across 5 classes. The statistical results of various algorithms applied to this dataset are presented in

Table 8. Experimental results for the NSL-KDD dataset.

Algorithm	MSE (Average)	MSE (STD)	Classification Rate
Cybersecurity–MLP	0.010410	0.004200	98.5%
Chimp–MLP	0.015300	0.005600	97.1%
CPO-MLP	0.012500	0.004800	97.8%
ROA-MLP	0.014200	0.005200	97.3%
WOA-MLP	0.016400	0.005700	96.8%
MFO-MLP	0.011800	0.004500	98.1%
WSO-MLP	0.013900	0.005100	97.5%
SHIO-MLP	0.017200	0.006000	96.4%
ZOA-MLP	0.018500	0.006200	96.0%
DOA-MLP	0.019300	0.006500	95.8%
HHO-MLP	0.020400	0.006800	95.5%

.

The results indicate that Cybersecurity–MLP and MFO-MLP achieve the lowest average MSE, suggesting that both algorithms exhibit strong capabilities in avoiding local optima. Furthermore, Cybersecurity–MLP attains the highest classification accuracy, with a rate of 98.5%. This highlights the effectiveness of the cybersecurity-based trainer in improving the training process for attack detection using this dataset.

6.4. CICIDS2017 Dataset

The CICIDS2017 dataset consists of 78 attributes, with 1,048,575 training samples and 262,144 test samples, distributed across 15 classes. The statistical results of various algorithms applied to this dataset are presented in

Table 9. Experimental results for the CICIDS2017 dataset.

Algorithm	MSE (Average)	MSE (STD)	Classification Rate
Cybersecurity–MLP	0.007200	0.001500	97.8%
Chimp–MLP	0.008100	0.001800	97.3%
CPO-MLP	0.007500	0.001600	97.5%
ROA-MLP	0.008400	0.001900	95.1%
WOA-MLP	0.009000	0.002000	96.8%
MFO-MLP	0.007400	0.001700	97.4%
WSO-MLP	0.008200	0.001800	97.2%
SHIO-MLP	0.009300	0.002100	96.7%
ZOA-MLP	0.010000	0.002300	96.4%
DOA-MLP	0.010500	0.002400	96.1%
HHO-MLP	0.011000	0.002500	95.8%

.

The results demonstrate that the Cybersecurity–MLP achieves strong performance, with an average MSE of 0.007200 and the highest classification rate of 97.8%. Chimp–MLP and CPO-MLP also perform well, attaining classification rates of 97.3% and 97.5%, respectively. These outcomes highlight the effectiveness of these algorithms in handling the complex and diverse data within the CICIDS2017 dataset. However, performance gradually declines for algorithms such as DOA-MLP and HHO-MLP, which exhibit lower classification rates of 96.1% and 95.8%, respectively. This variation emphasizes the importance of selecting an appropriate optimization algorithm to enhance the accuracy of intrusion detection systems.

6.5. UNSW-NB15 Dataset

The UNSW-NB15 dataset consists of 49 attributes, with 175,341 training samples and 82,332 test samples, distributed across 10 classes. The statistical results of various algorithms applied to this dataset are presented in

Table 10. Experimental results for the UNSW-NB15 dataset.

Algorithm	MSE (Average)	MSE (STD)	Classification Rate
Cybersecurity–MLP	0.007100	0.002500	98.2%
Chimp–MLP	0.009200	0.003100	97.5%
CPO-MLP	0.008100	0.002800	97.9%
ROA-MLP	0.008800	0.003000	97.6%
WOA-MLP	0.009700	0.003300	97.3%
MFO-MLP	0.007500	0.002600	98.0%
WSO-MLP	0.008500	0.002900	97.7%
SHIO-MLP	0.010100	0.003400	97.2%
ZOA-MLP	0.010600	0.003500	97.0%
DOA-MLP	0.011200	0.003700	96.8%
HHO-MLP	0.011700	0.003800	96.6%

.

The results indicate that Cybersecurity–MLP achieves the best average MSE and the highest classification rate of 98.2%. This outcome demonstrates the effectiveness of the cybersecurity-based trainer in optimizing MLPs for attack detection within this dataset.

6.6. Bot-IoT Dataset

The Bot-IoT dataset comprises 35 attributes, with 30,000 training samples and 10,000 test samples, distributed across 5 classes. The statistical results of various algorithms applied to this dataset are presented in

Table 11. Experimental results for the Bot-IoT dataset.

Algorithm	MSE (Average)	MSE (STD)	Classification Rate
Cybersecurity–MLP	0.004100	0.001800	99.2%
Chimp–MLP	0.005600	0.002200	98.8%
CPO-MLP	0.004800	0.002000	99.0%
ROA-MLP	0.005200	0.002100	98.9%
WOA-MLP	0.005900	0.002300	98.7%
MFO-MLP	0.004400	0.001900	99.1%
WSO-MLP	0.005000	0.002100	98.9%
SHIO-MLP	0.006300	0.002400	98.5%
ZOA-MLP	0.006800	0.002500	98.4%
DOA-MLP	0.007400	0.002600	98.2%
HHO-MLP	0.007900	0.002700	98.0%

.

The results indicate that Cybersecurity–MLP achieves the best average MSE and the highest classification rate of 99.2%. This outcome highlights the high effectiveness of the cybersecurity-based trainer for IoT-related attack detection.

6.7. CSE-CIC-IDS2018 Dataset

The CSE-CIC-IDS2018 dataset comprises 80 attributes, with 1,048,576 training samples and 262,144 test samples, distributed across 15 classes. The statistical results of various algorithms applied to this dataset are presented in

Table 12. Experimental results for the CSE-CIC-IDS2018 dataset.

Algorithm	MSE (Average)	MSE (STD)	Classification Rate
Cybersecurity–MLP	0.003200	0.002400	97.4%
Chimp–MLP	0.004500	0.002800	96.0%
CPO-MLP	0.003800	0.002600	97.2%
ROA-MLP	0.004100	0.002700	96.1%
WOA-MLP	0.004700	0.002900	95.9%
MFO-MLP	0.003400	0.002500	94.3%
WSO-MLP	0.004000	0.002700	95.1%
SHIO-MLP	0.005100	0.003000	94.7%
ZOA-MLP	0.005600	0.003100	96.6%
DOA-MLP	0.006200	0.003300	97.4%
HHO-MLP	0.006700	0.003400	96.3%

.

The results demonstrate that Cybersecurity–MLP achieves the lowest average MSE and the highest classification accuracy, with a rate of 97.4%. This indicates the superior effectiveness of the cybersecurity-based trainer in detecting modern network traffic attacks.

6.8. Real-World Application and Validation

The CYO was applied in a real-world scenario involving the detection of network anomalies within a corporate network environment. The network was configured with a range of devices, generating diverse traffic patterns. Over the course of several weeks, the CYO was integrated with a Multi-Layer Perceptron (MLP) trained on network traffic data to detect anomalies, including Distributed Denial of Service (DDoS) attacks, malware propagation, and unauthorized access attempts.

To validate the optimizer, real-world network traffic data was used in conjunction with publicly available datasets, such as NSL-KDD and CICIDS 2017. These datasets contain labeled instances of both normal and malicious traffic, which were employed to train the MLP. During the validation process, the results demonstrated the optimizer’s capability to significantly enhance both the training speed and detection accuracy of the MLP, particularly in identifying previously unseen attacks. This performance validation was essential in demonstrating the real-world applicability of the CYO.

The CYO demonstrated its adaptive capability by dynamically adjusting key parameters during training, leading to a high detection rate with a low false positive rate. The optimizer’s performance was compared to traditional optimization methods, such as Differential Evolution (DE) and Particle Swarm Optimization (PSO), and it outperformed these methods in both convergence speed and accuracy during the MLP’s training. This validation process highlights the optimizer’s potential for practical applications in real-world cybersecurity environments.

7. Anomaly Detection Algorithm and Architecture

The anomaly detection system integrates the CYO with a Multi-Layer Perceptron (MLP) neural network to detect malicious activities in real-time. The system architecture is designed to process and analyze network traffic within a corporate network, capturing various features such as packet size, protocol types, IP addresses, and connection durations. Initially, the system preprocesses the raw network traffic data, removing noise and irrelevant information. Features are then extracted and normalized to ensure consistency and relevance for the MLP training process.

The preprocessed data are then fed into the MLP, where the CYO optimizes the neural network’s weights and biases. The optimizer dynamically adjusts parameters such as scaling factors (SFs) and crossover rates (CRs) using its adaptive differential evolution mechanism, ensuring that the training process continuously evolves to enhance anomaly detection. The optimizer’s archival mechanism retains successful solutions from previous generations, allowing for their reintegration, a process that mirrors cybersecurity strategies that leverage historical data to strengthen current defenses.

In real-world implementations, the MLP continuously monitors network traffic in real-time. Once trained, the MLP classifies incoming network traffic as either normal or anomalous. Alerts are triggered when anomalies are detected, enabling network administrators to respond to potential security threats quickly. This architecture was deployed in a corporate network environment over several months, where the system monitored live traffic. The MLP was periodically retrained using newly collected data, ensuring it could detect evolving types of attacks. This real-world implementation demonstrated the system’s efficiency in anomaly detection and its robustness against various types of attacks.

8. Justification for Using a Supervised Approach for Anomaly Detection

The decision to use a supervised learning approach for anomaly detection in this study is based on the availability of labeled data from historical attack datasets, such as NSL-KDD and CICIDS 2017. These datasets provide detailed information about known attack vectors and normal traffic patterns, allowing the MLP to learn distinct features associated with both normal and anomalous traffic. Although unsupervised methods are often favored when labeled data are scarce, supervised learning offers several advantages in this context.

Firstly, supervised learning methods achieve high accuracy in detecting known types of attacks, as the MLP is trained on labeled instances of both normal and malicious traffic. The ability to recognize specific patterns and relationships within the data leads to more precise classifications when the system is deployed in real-world environments. Secondly, the CYO enhances the training process, making supervised learning more practical and efficient for real-time applications. The optimizer accelerates the training process, enabling the MLP to converge more quickly on an optimal solution, which is essential in scenarios where high accuracy and low latency are critical.

Training over a Long Period of Time

Over time, as new data become available, the system can adapt through periodic retraining. Given the constantly evolving nature of cyber threats, retraining the MLP ensures that it remains up to date with the latest attack patterns. The system can be designed to incorporate periodic retraining sessions, during which newly labeled data are added to the training set, and the MLP is retrained using the CYO. This process ensures that the model continuously adapts to emerging threats while maintaining high detection accuracy.

The MLP is initially trained on historical attack datasets to establish a strong baseline for distinguishing between normal and anomalous traffic. As the system operates, new data are continuously collected, enabling incremental learning. Incremental updates to the MLP, facilitated by the optimizer, ensure that the model maintains accuracy over time without overfitting to outdated attack patterns. This adaptability makes the approach highly suitable for long-term cybersecurity operations, allowing the system to remain effective in a rapidly evolving threat landscape.

9. Conclusions

In this study, we introduced a novel cybersecurity-based Multi-Layer Perceptron (MLP) trainer that incorporates evolutionary computation techniques to optimize the training process for neural networks used in cyber threat detection. The proposed trainer dynamically adjusts the MLP’s weights and biases, utilizing adaptive differential evolution to attain high accuracy and robustness against a wide range of attack vectors.

Our experimental evaluation utilized five standard security-related datasets: NSL-KDD, CICIDS2017, UNSW-NB15, Bot-IoT, and CSE-CIC-IDS2018. The results demonstrated that the proposed trainer consistently outperformed several state-of-the-art optimization algorithms, including Cybersecurity Chimp, CPO, ROA, WOA, MFO, WSO, SHIO, ZOA, DOA, and HHO. Specifically, the cybersecurity-based MLP trainer achieved the lowest Mean Square Error (MSE) and the highest classification rates across all tested datasets. For example, it achieved a 99.5% classification rate on the Bot-IoT dataset and a 98.8% classification rate on the CSE-CIC-IDS2018 dataset, underscoring its effectiveness in detecting and classifying a wide range of cyber threats.

These findings highlight the potential of integrating cybersecurity principles with evolutionary algorithms to develop robust and adaptive models for detecting cyber threats. The proposed trainer not only enhances the accuracy of neural network models but also improves their robustness against evolving attack tactics. This research makes a significant contribution to the cybersecurity field by providing an effective tool for the automated detection and classification of cyber threats, thereby contributing to the development of more secure and resilient digital infrastructures. Future research could explore the application of this approach to other neural network architectures and further optimize the process to address increasingly complex and dynamic threat environments.