Computers, Materials & Continua DOI:10.32604/cmc.2022.031303
Article

Hyperparameter Tuned Deep Learning Enabled Intrusion Detection on Internet of Everything Environment

Manar Ahmed Hamza1,2,*, Aisha Hassan Abdalla Hashim1, Heba G. Mohamed3, Saud S. Alotaibi4, Hany Mahgoub5,6, Amal S. Mehanna7 and Abdelwahed Motwakel2

1Department of Electrical and Computer Engineering, International Islamic University Malaysia, Kuala Lumpur, 53100, Malaysia
2Department of Computer and Self Development, Preparatory Year Deanship, Prince Sattam bin Abdulaziz University, AlKharj, Saudi Arabia
3Department of Electrical Engineering, College of Engineering, Princess Nourah Bint Abdulrahman University, P. O. Box 84428, Riyadh, 11671, Saudi Arabia
4Department of Information Systems, College of Computing and Information System, Umm Al-Qura University, Saudi Arabia
5Department of Computer Science, College of Science & Art at Mahayil, King Khalid University, Saudi Arabia
6Faculty of Computers and Information, Computer Science Department, Menoufia University, Egypt
7Department of Digital Media, Faculty of Computers and Information Technology, Future University in Egypt, New Cairo, 11845, Egypt
*Corresponding Author: Manar Ahmed Hamza. Email: ma.hamza@psau.edu.sa
Received: 14 April 2022; Accepted: 10 June 2022

Abstract: Internet of Everything (IoE), the recent technological advancement, represents an interconnected network of people, processes, data, and things. In recent times, IoE gained significant attention among entrepreneurs, individuals, and communities owing to its realization of intense values from the connected entities. On the other hand, the massive increase in data generation from IoE applications enables the transmission of big data, from context-aware machines, into useful data. Security and privacy pose serious challenges in designing IoE environment which can be addressed by developing effective Intrusion Detection Systems (IDS). In this background, the current study develops Intelligent Multiverse Optimization with Deep Learning Enabled Intrusion Detection System (IMVO-DLIDS) for IoT environment. The presented IMVO-DLIDS model focuses on identification and classification of intrusions in IoT environment. The proposed IMVO-DLIDS model follows a three-stage process. At first, data pre-processing is performed to convert the actual data into useful format. In addition, Chaotic Local Search Whale Optimization Algorithm-based Feature Selection (CLSWOA-FS) technique is employed to choose the optimal feature subsets. Finally, MVO algorithm is exploited with Bidirectional Gated Recurrent Unit (BiGRU) model for classification. Here, the novelty of the work is the application of MVO algorithm in fine-turning the hyperparameters involved in BiGRU model. The experimental validation was conducted for the proposed IMVO-DLIDS model on benchmark datasets and the results were assessed under distinct measures. An extensive comparative study was conducted and the results confirmed the promising outcomes of IMVO-DLIDS approach compared to other approaches.

Keywords: Internet of everything; deep learning; feature selection; classification; intrusion detection; cybersecurity

1  Introduction

Computing and technological advancements have heavily influenced the growth and development of a country’s economy as well as its society. Internet of Everything (IoE) is one of the technological developments that constitutes an interlinked network of persons, processes, data, and objects [1]. Big data and network intelligence are two prime components in IoE atmosphere that handle expandability, feasibility, and controllability of mounting advances in network connectivity [2]. IoE makes all the connections (new persons, processes, piece of data, and materials) that come online, more appropriate and beneficial though they have various security and privacy concerns [3]. Moreover, the fast development of big data from IoE applications, in return, adds remarkable value in terms of data transformation from context-aware mechanisms to prosecutable information. This information leads to a reasonable amount of impact on IoE atmosphere in terms of security and privacy perspectives [4]. The past few decades have acted as an evidence for mounting familiarity with Intrusion Detection Systems (IDSs), thanks to its intrinsic capability to find an intrusion on real-time basis [5]. Intrusion detection is referred to as a process that monitors and follows the events in a computer. It is commonly used in the identification of symbols related to security problems, while the activities are observed based on event-based methods and security information.

IDS is considered as a method to track the activities of a network among various bodies, by forecasting its integrity and existing principles [6]. A classic Intrusion Detection System comprises of data source, pre-processing, and decision-making methods to recognize the susceptible elements in a network. The first and the foremost step is the collection of raw form of data from host traces or network trafficking. The second one covers the overall construction of structures that pass on to decision-making methods which is likely to find out the hazards [7]. In favour of adapting the highly advanced network technologies and ensuring network security under distinct scenarios, the generalizing capability of the classifier requires further betterment, specifically in recognizing unknown attacks. But, the generalization capability of a single classifier is restricted while the cost of training the ensemble techniques is high [8]. In order to develop a proficient IDS model, huge volumes of data are required for training and testing purposes. The quality state of the data is highly analytical and influential in nature, which is mainly based on the outcomes of IDS design [9]. The low-quality and inappropriate information, identified in data, could be removed only after the collection of statistical property from its observable attributes and components [10].

The current study develops an Intelligent Multiverse Optimization with Deep Learning Enabled Intrusion Detection System (IMVO-DLIDS) for IoT environment. The presented IMVO-DLIDS model involves data pre-processing to convert the actual data into useful format. In addition, Chaotic Local Search Whale Optimization Algorithm-based Feature Selection (CLSWOA-FS) technique is also employed to choose the optimum feature subsets. At last, MVO algorithm is exploited with Bidirectional Gated Recurrent Unit (BiGRU) model for classification process. The novelty of the work lies in using MVO algorithm for fine-tuning the hyperparameters involved in BiGRU model. The proposed IMVO-DLIDS model was validated experimentally using benchmark datasets and the results were assessed under distinct measures.

2  Related Works

Ullah et al. [11] presented a hybrid DL method for cyber-attack detection in IoV. The method was presented based on GRU and LSTM. The experimental results demonstrated that the presented method can accomplish high performance in terms of attack detection. Mehmood et al. [12] introduced a new methodology using NB classifier model with Intrusion Detection System (IDS). IDS was deployed as a multi-agent system throughout the network to sense irregular or misbehaving traffic and the activities of the nodes. In literature [13], the vulnerability of external and intra-vehicle networks is deliberated. A multi-tiered hybrid IDS, integrating anomaly-and-signature-based IDS, was presented to identify both known as well as unknown attacks on vehicular network. The experimental results illustrated that the presented technique can identify different kinds of known attacks. Liu et al. [14] developed a PSO-based Gradient Descent (PSO-LightGBM) for intrusion detection. The presented method was utilized to extract the features of the dataset. These features were then fed as input into one-class SVM (OCSVM) to identify and classify the malicious information.

Farzaneh et al. [15] projected an anomaly-based lightweight IDS-based threshold value for identification of attacks on RPL technique. As per the results, the presented method is highly effective in identifying the attacks and is suitable for largescale networks. In literature [16], Naïve Bayes and K-means clustering method were combined and applied to evaluate the unlabelled dataset and explore malicious attacks. Also, the study presented a solution to alleviate IoT attacks with the help of IDS and firewall. The authors [17] designed a two-tier scalable IDS for embedded systems to resolve the problem. The presented method depends on Spark and was deployed in cloud environment. The experiment results inferred that the presented technique can enhance the scalability and detection efficiency. Cheng et al. [18–20] presented a temporal convolution network with global attention model to develop an in-vehicle network IDS named TCAN-IDS. The feature extraction method extracts the spatial-temporal details.

3  The Proposed Model

In this study, an effective IMVO-DLIDS model has been developed for identification and classification of intrusions in IoT environment. At first, the proposed IMVO-DLIDS model pre-processes the actual data to convert it into a useful format. Besides, a novel CLSWOA-FS technique is employed to choose the optimum feature subsets. Finally, MVO-GRU model is applied for recognition and classification of intrusions. Fig. 1 illustrates the overall processes of IMVO-DLIDS technique.

Figure 1: Overall processes of IMVO-DLIDS technique

3.1 Data Pre-processing

At primary level, z-score normalization approach is used to convert the original data into useful format. In order to normalize the data by employing z-score, the mean of populations from raw data point can be subtracted and divided by SD which offers an ideal score between −3 and +3. Here, x signifies the value of a certain sample, μ represents the mean and σ denotes the SD.

z−score=(x−μ)σ(1)

3.2 Algorithmic Process of CLWOA-FS Technique

After pre-processing the data, CLWOA-FS technique is applied to derive the optimal feature subsets [21–23]. WOA comprises of shrink envelop, exploration, and exploitation. This section has three more sub-sections which detail about the processes involved and equivalent arithmetical model. Consider that the amount of whale populations that contribute to predation is N and the dimension is d. Those whale individuals, in the existing optimum location, are fixed as searching agents whereas other individuals upgrade their position within the region, in which the searching agent is situated. It is mathematically expressed as follows.

D=|CX→∗(t)−X(t)|(2)

X→(t+1)=X→∗(t)−A⋅D→(3)

whereas t denotes the existing number of iterations and A and C indicate the coefficients. X→∗(t) denotes the location vector of searching agent, and X→(t) denotes the location vector of the present whale. Both A and C coefficients are attained using the formulae given below.

A→=2a→.r1→−a→(4)

C=2r2(5)

a=2−2t/Tmax(6)

Here r1 and r2 denote the arbitrary values within (0,1). t indicates the existing number of iterations and Tmax indicates the maximal number of iterations. During exploitation stage, the whale groups are defined through the existing objective. The whole population spirally upgrades its location to attack the prey. It is arithmetically expressed as given herewith.

X→(t+1)=X→∗(t)+Dpeblcos⁡(2πl)(7)

Dp=|X→∗(t)−X→(t)|(8)

Now Dp indicates the distance between whale and the prey, X→∗(t) denotes the existing location vector of optimal whale whereas X→(t) denotes the existing location vector. l denotes an arbitrary value within (−1,1). In developmental stage, the whale population spirally upgrades its location while enclosing its prey. By following a synchronous behavior method and by mimicking the real-time attack procedure, the approach considers that the possibility of the whale population selecting the spiral upgrade location is similar to the possibility of selecting the shrinking encircling process, viz., p=0.5. It can be mathematically expressed as follows.

X→(t+1)={X→∗(t)−A⋅DP<0.5X→∗(t)+Dpeblcos⁡(2πl)P≥0.5(9)

During exploitation stage, when a differs, the value of A lies within [1,1]. Specifically, the whale individuals stay at other locations than the existing location. In order to seek a searching space, the approach arbitrarily choses an individual whale as the searching agent to guide the present whale individual. It assists the whale population to seek distance from the present location. While the above scenario is mathematically expressed as follows.

D=|C∗X→rand−X→(t)|(10)

X→(t+1)=X→−A⋅D(11)

Now X→rand indicates the place vector of the present searching agent. It is significant to observe that the presence of this phase assists the approach in avoiding local optimal efficiency. CLWOA is derived from the application of chaotic concepts to improve the performance of WOA.

Chaos is otherwise called as a random-like phenomenon that is established in non-linear and deterministic schemes. Arithmetically, chaos implements the searching process rapidly than the ergodic searching. Massive amounts of series are attained by altering the primary value. In current study, logistic map is utilized in the generation of chaotic series as given below.

os+1=Cos(1−0s)(12)

The initialized variable are C=4,0s=rand(0,1), and C1≠0.25,0.5 and 0.75. Even though the execution time is satisfactory on a small-scale for chaos optimization, once the searching space becomes huge, the execution time remains unsatisfactory. The chaotic scheme features are taken to attain a searching operator, while the operator is incorporated with metaheuristic algorithm. The solution that generates CLS is attained as follows.

Cs=(1−μ)×T+μC`i,i=1,2,…,n(13)

whereas Cs denotes the candidate solution, T indicates the targeted location and μ can be attained as given below.

μ= Max Iter−currIter+1Maxiter(14)

Now, MaxIter and currIter denote the Max  amount of iterations and the existing iteration correspondingly. To map C` into the field, 0.

C`=LB+Ci×(UB−LB)(15)

Here, UB and LB indicate the upper and lower bounds of the initialized solution.

The aim of CLWOA-FS technique is to identify the optimum set of features for a given data set that has minimal features and high classification accuracy. These two indicators exert a distinct effect upon classification accuracy. So, both are integrated together using a single weighted indicator whereas a similar Fitness Function (FF) is employed as follows.

fitness=ω1×acc(classifier)+ω2×(1−sp)(16)

Now s characterizes the quantity of the selected features, and p represents the entire count of features. Here, ω1 and ω2 values are 1 and 0.001, correspondingly. acc(classifer) signifies the classification accuracy obtained from BiGRU classification model as shown below.

acc(classifier)=ncnc+ni×100% (17)

Now, nc and ni denote the number of accurately-and inaccurately-classified instances, correspondingly. The fitness value achieves the objective i.e., the selected feature has maximum classification accuracy along with minimal amount of features.

3.3 BiGRU Based Classification

In this study, intrusions are recognized and classified with the help of BiGRU model [21]. GRU employs two gated components to adjust the cell state. It has various advantages such as less parameters, low computation difficulty and good efficacy compared to LSTM model in NLP. Especially, during time t, embedded vector wt∈Rdw is attained for the existing input vector E and the aspect embedded vector va∈Rda from A, the existing hidden state vector ht in GRU can be upgraded as follows.

zt=σ(Wzht−1+Uz[wt,va]+bz),(17)

rt=σ(Wrht−1+Ur[wt,va]+br)(18)

ht~=tanh⁡(Wh(ht−1⊙rt)+Uh[wt,va]+b),(17)

ht=ht−1⊙(1−zt)+zt⊙ht~,(17)

whereas z and r denote the update and reset gates, correspondingly; the sigmoid function σ(⋅) is utilized to control the preservation of effective data and remove the redundant data; Wz, Wr, Wh∈Rdh×dh, Uz, Ur, Uh∈Rdh×(dw+da), bz, br, b∈Rdh represents the weight and bias learned in GRU training method; ⊙ represents elementwise multiplication; [wt,va] denotes the splicing vector of the embedding word wt and the embedding aspect va. Fig. 2 illustrates the framework of BiGRU.

Figure 2: Structure of BiGRU

Later, the hidden layer [h1,h2,…,hN] of the sentence with length N is considered by the last contextual word depiction. Here, BiGRU has been adapted to acquire the context depiction of a sentence. In comparison to one-way GRU, BiGRU involves backward hidden state hit←∈Rdh and forward hidden state hit→∈Rdh during time t, whereas dh characterizes the number of hidden layers. Next, the backward hidden layer hit← and forward hidden layer hit→ are interconnected with last contextual hidden depiction hit=[hit→;hit←]∈R2dh.

3.4 MVO Based Hyperparameter Optimization

In this final stage, MVO algorithm is introduced as a hyperparameter optimizer for BIGRU model [24]. MVO approach is inspired by the concepts that theoretically exist in astronomy. It includes white holes that form a major component in the creation of universe and no one has observed it in the whole universe. The abovementioned process depends on evolving population. Multiple candidate solutions assist one another and share data among themselves to move towards the promising areas. In order to integrate the solution, black and white holes are arbitrarily generated in universe and the movement of objects is created. MVO employs both black as well as white holes to exploit the searching space, whereas it employs wormholes to explore the searching space.

The component of object exchange, throughout the universe, is that the higher-inflation universe often tries to discard the objects and transmits them into receiving universe with lower inflation. Eventually, the inflation rate in every universe is balanced and remains in a stable state. In this method, the universe is initialized and arranged, according to inflation as given in the following equation.

Xij={{χj+TDR∗r1(rd1)<WEPxj−TDR∗r1(rd1)≥WEP(rd2)<WEP,Xij(rd2)≥WEP(19)

Here xj represents the jth unit in the formed universe; xij specifies the jth unit from ith universe; Worm hole Existence Probability (WEP) and Traveling Distance Rate (TDR) are two major coefficients; the values of rd1, rd2 and rl denote the random variables within [0,1]. It is described as follows.

TDR=1−(l1pL1p)(20)

WEP=min− l∗(min−maxL)(21)

whereas p(=6) refers to the accuracy of exploitation over iteration, max indicates the upper limits of WEP and min represents the lower limit of WEP, l refers to the present iteration and L indicates the maximal number of iterations.

MVO technique, for hyper-parameter optimization, calculates FF as the minimized classifier error rate which is demonstrated below. An optimal solution holds lesser error value and conversely.

fitness(xi)=Classifier Error Rate(xi)=number of misclassified samplesTotal number of samples∗100(22)

4  Experimental Validation

In this section, a detailed investigation was conducted to validate the intrusion detection performance of the proposed method using CICIDS-2017 benchmark datasets. At first, IMVO-DLIDS model selected a total of 47 features out of 80 features from CICIDS-2017 dataset.

Fig. 3 illustrates the confusion matrices generated by IMVO-DLIDS model on test CICIDS 2017 dataset. The figure report that the proposed IMVO-DLIDS model classified all the samples under seven class labels effectively.

Figure 3: Confusion matrix of IMVO-DLIDS technique on CICIDS 2017 dataset

Tab. 1 and Fig. 4 highlight the overall classification outcomes accomplished by IMVO-DLIDS model on CICIDS-2017 dataset. The experimental values indicate that the proposed IMVO-DLIDS model produced effectual classification outcomes under distinct aspects. For instance, on entire dataset, IMVO-DLIDS model produced accuy, recal, precn, and Fscore values such as 99.71%, 83.01%, 90.08%, and 86.17% respectively. Also, on 70% of TRS dataset, the presented IMVO-DLIDS model yielded accuy, recal, precn, and Fscore values such as 99.71%, 83.01%, 90.08%, and 86.17% respectively. In addition, on 30% of TSS dataset, the proposed IMVO-DLIDS model accomplished accuy, recal, precn, and Fscore values such as 99.71%, 83.01%, 90.08%, and 86.17% respectively.

Figure 4: Results of the analysis of IMVO-DLIDS technique on CICIDS-2017 dataset

The results from Training Accuracy (TA) and Validation Accuracy (VA), attained by IMVO-DLIDS model, on CICIDS-2017 dataset are demonstrated in Fig. 5. The experimental outcomes imply that the proposed IMVO-DLIDS model gained maximum TA and VA values. To be specific, VA seemed to be higher than TA.

Figure 5: TA and VA analyses results of IMVO-DLIDS technique on CICIDS-2017 dataset

The results from Training Loss (TL) and Validation Loss (VL), achieved by the proposed IMVO-DLIDS model on CICIDS-2017 dataset, are showcased in Fig. 6. The experimental outcomes infer that the proposed IMVO-DLIDS model accomplished the least TL and VL values. To be specific, VL seemed to be lower than TL.

Figure 6: TL and VL analyses results of IMVO-DLIDS technique on CICIDS-2017 dataset

A brief precision-recall analysis was conducted upon IMVO-DLIDS model using CICIDS-2017 dataset and the results are portrayed in Fig. 7. From the figure, it can be understood that IMVO-DLIDS model accomplished the maximum precision-recall performance under all classes.

Figure 7: Precision-recall analysis results of IMVO-DLIDS technique on CICIDS-2017 dataset

Tab. 2 and Fig. 8 show the comparative study results achieved by IMVO-DLIDS and other recent models on CICIDS-2017 dataset [25]. The experimental results imply that EM and DBSCAN methods exhibited the least classification performance. KODE system tried to achieve a slightly improved performance with accuy, recal, precn, and Fscore values such as 88.51%, 88.54%, 81.84%, and 88.91% respectively. Though K-means and one-class SVM models accomplished reasonable performances, the proposed IMVO-DLIDS model achieved the maximum performance with accuy, recal, precn, and Fscore values such as 99.71%, 90.08%, 83.01%, and 86.17% respectively.

Figure 8: Comparative analysis results of IMVO-DLIDS technique on CICIDS-2017 dataset

Brief Training Time (TRT) and Testing Time (TST) investigation were conducted between IMVO-DLIDS model and the existing models while the results are shown are given in Tab. 3 and Fig. 9. The results infer that K-means, one-class SVM, and KODE model showcased poor outcomes with maximum TRT and TST values. Followed by, DBSCAN approach achieved somewhat higher outcomes with a TRT of 186 s and a TST of 32.10 s. Next, EM model resulted in a considerable TRT of 119 s and a TST of 31.20 s. However, the proposed IMVO-DLIDS model outperformed all other methods with the least TRT of 31.24 s and a TST of 29.38 s respectively.

Figure 9: TRT and TST analyses results of IMVO-DLIDS technique on CICIDS-2017 dataset

5  Conclusion

In this study, an effectual IMVO-DLIDS model has been developed for identification and classification of intrusions in IoT environment. The proposed IMVO-DLIDS technique primarily carries out data pre-processing to convert the actual data into useful format. Besides, a novel CLSWOA-FS technique is employed in the selection of optimum feature subsets. Finally, MVO-GRU technique is implemented for recognition and classification of intrusions. The proposed IMVO-DLIDS method was experimentally validated on benchmark datasets and the results were assessed under distinct measures. An extensive comparative study was conducted and the results attained by IMVO-DLIDS method were promising than the compared approaches under different aspects. Thus, IMVO-DLIDS technique can be utilized as an effectual tool for intrusion detection in IoT environment. In future, outlier removal approaches can also be included to improve the detection efficiency of IMVO-DLIDS model.

Funding Statement: The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work through Large Groups Project under grant number (46/43). Princess Nourah bint Abdulrahman University Researchers Supporting Project number (PNURSP2022R140), Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia. The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code: (22UQU4210118DSR13).

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.

References

 1.  D. E. Comer, The Internet book: Everything you need to know about computer networking and how the Internet works. UK, Chapman and Hall/CRC, 2018. [Google Scholar]

 2.  S. P. Mohanty, V. P. Yanambaka, E. Kougianos and D. Puthal, “PUFchain: A hardware-assisted blockchain for sustainable simultaneous device and data security in the internet of everything (IoE),” IEEE Consumer Electronics Magazine, vol. 9, no. 2, pp. 8–16, 2020. [Google Scholar]

 3.  D. Zhang, J. Hu, F. Li, X. Ding, A. K. Sangaiah et al., “Small object detection via precise region-based fully convolutional networks,” Computers, Materials and Continua, vol. 69, no. 2, pp. 1503–1517, 2021. [Google Scholar]

 4.  J. Wang, Y. Wu, S. He, P. K. Sharma, X. Yu et al., “Lightweight single image super-resolution convolution neural network in portable device,” KSII Transactions on Internet and Information Systems (TIIS), vol. 15, no. 11, pp. 4065–4083, 2021. [Google Scholar]

 5.  J. Wang, Y. Zou, P. Lei, R. S. Sherratt and L. Wang, “Research on recurrent neural network based crack opening prediction of concrete dam,” Journal of Internet Technology, vol. 21, no. 4, pp. 1161–1169, 2020. [Google Scholar]

 6.  J. Zhang, J. Sun, J. Wang and X. G. Yue, “Visual object tracking based on residual network and cascaded correlation filters,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 8, pp. 8427–8440, 2021. [Google Scholar]

 7.  S. He, Z. Li, Y. Tang, Z. Liao, F. Li et al., “Parameters compressing in deep learning,” Computers, Materials & Continua, vol. 62, no. 1, pp. 321–336, 2020. [Google Scholar]

 8.  S. R. Zhou and B. Tan, “Electrocardiogram soft computing using hybrid deep learning CNN-ELM,” Applied Soft Computing, vol. 86, no. 4, pp. 105778, 2020. [Google Scholar]

 9.  M. Nasir, A. R. Javed, M. A. Tariq, M. Asim and T. Baker, “Feature engineering and deep learning-based intrusion detection framework for securing edge IoT,” Journal of Supercomputing, vol. 78, no. 6, pp. 8852–8866, 2022. [Google Scholar]

10. A. R. Javed, S. ur Rehman, M. U. Khan, M. Alazab and G. T.R., “CANintelliIDS: Detecting in-vehicle intrusion attacks on a controller area network using CNN and attention-based GRU,” IEEE Transactions on Network Science and Engineering, vol. 8, no. 2, pp. 1456–1466, 2021. [Google Scholar]

11. S. Ullah, M. A. Khan, J. Ahmad, S. S. Jamal, Z. Huma et al., “HDL-IDS: A hybrid deep learning architecture for intrusion detection in the internet of vehicles,” Sensors, vol. 22, no. 4, pp. 1340, 2022. [Google Scholar]

12. A. Mehmood, M. Mukherjee, S. H. Ahmed, H. Song and K. M. Malik, “NBC-MAIDS: Naïve bayesian classification technique in multi-agent system-enriched ids for securing IoT against DDOS attacks,” The Journal of Supercomputing, vol. 74, no. 10, pp. 5156–5170, 2018. [Google Scholar]

13. L. Yang, A. Moubayed and A. Shami, “MTH-IDS: A multitiered hybrid intrusion detection system for internet of vehicles,” IEEE Internet of Things Journal, vol. 9, no. 1, pp. 616–632, 2022. [Google Scholar]

14. J. Liu, D. Yang, M. Lian and M. Li, “Research on intrusion detection based on particle swarm optimization in IoT,” IEEE Access, vol. 9, pp. 38254–38268, 2021. [Google Scholar]

15. B. Farzaneh, M. A. Montazeri and S. Jamali, “An anomaly-based ids for detecting attacks in RPL-based internet of things,” in 2019 5th Int. Conf. on Web Research (ICWR), Tehran, Iran, pp. 61–66, 2019. [Google Scholar]

16. R. K. Shrivastava, S. Ramakrishna and C. Hota, “Game theory based modified naïve-bayes algorithm to detect DOS attacks using honeypot,” in 2019 IEEE 16th India Council Int. Conf. (INDICON), Rajkot, India, pp. 1–4, 2019. [Google Scholar]

17. M. Liu, Z. Xue and X. He, “Two-tier intrusion detection framework for embedded systems,” IEEE Consumer Electronics Magazine, vol. 10, no. 5, pp. 102–108, 2021. [Google Scholar]

18. P. Cheng, K. Xu, S. Li and M. Han, “TCAN-IDS: Intrusion detection system for internet of vehicle using temporal convolutional attention network,” Symmetry, vol. 14, no. 2, pp. 310, 2022. [Google Scholar]

19. M. A. Alohali, F. N. Al-Wesabi, A. M. Hilal, S. Goel, D. Gupta et al., “Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment,” Cognitive Neurodynamics, vol. 42, no. 3, pp. 16, 2022. [Google Scholar]

20. A. M. Hilal, M. A. Alohali, F. N. Al-Wesabi, N. Nemri, J. Hasan et al., “Enhancing quality of experience in mobile edge computing using deep learning based data offloading and cyberattack detection technique,” Cluster Computing, vol. 76, no. 4, pp. 2518, 2021. [Google Scholar]

21. M. Li, G. Xu, Q. Lai and J. Chen, “A chaotic strategy-based quadratic opposition-based learning adaptive variable-speed whale optimization algorithm,” Mathematics and Computers in Simulation, vol. 193, no. 8, pp. 71–99, 2022. [Google Scholar]

22. A. G. Hussien and M. Amin, “A self-adaptive Harris Hawks optimization algorithm with opposition-based learning and chaotic local search strategy for global optimization and feature selection,” International Journal of Machine Learning and Cybernetics, vol. 13, no. 2, pp. 309–336, 2022. [Google Scholar]

23. X. Li, L. Ding, Y. Du, Y. Fan and F. Shen, “Position-enhanced multi-head self-attention based bidirectional gated recurrent unit for aspect-level sentiment classification,” Frontiers in Psychology, vol. 12, pp. 1–11, 2022. [Google Scholar]

24. I. Benmessahel, K. Xie and M. Chellal, “A new competitive multiverse optimization technique for solving single-objective and multiobjective problems,” Engineering Reports, vol. 2, no. 3, pp. e12124, 2020. [Google Scholar]

25. M. S. A. Daweri, K. A. Z. Ariffin, S. Abdullah and M. F. E. M. Senan, “An analysis of the KDD99 and UNSW-NB15 datasets for the intrusion detection system,” Symmetry, vol. 12, no. 10, pp. 1666, 2020. [Google Scholar]

This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.