Hindawi

Wireless Communications and Mobile Computing

Volume 2022, Article ID 1440538, 10 pages
https://doi.org/10.1155/2022/1440538

Research Article
Artificial Intelligence-Based Security Protocols to Resist
Attacks in Internet of Things

Rashmita Khilar ,1 K. Mariyappan ,2 Mary Subaja Christo ,3 J. Amutharaj ,4

T. Anitha ,1 T. Rajendran ,5 and Areda Batu 6
1
Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai, India
2
Department of Computer Science and Engineering, CMR University, Bangalore, India
3
Department of Computer Science, School of Computing, SRM Institute of Science and Technology, Kattankulathur, India
4
Department of Information Science & Engineering, RajaRajeswari College of Engineering, Bangalore, India
5
Makeit Technologies (Center for Industrial Research), Coimbatore, India
6
Department of Chemical Engineering, College of Biological and Chemical Engineering,
Addis Ababa Science and Technology University, Ethiopia

Correspondence should be addressed to T. Rajendran; rajendranthavasimuthuphd@gmail.com

Received 23 December 2021; Accepted 21 February 2022; Published 5 April 2022

Academic Editor: Fei Hao

Copyright © 2022 Rashmita Khilar et al. This is an open access article distributed under the Creative Commons Attribution License,
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

IoT (Internet of Things) usage in industrial and scientific domains is progressively increasing. Currently, IoTs are utilized in
numerous applications in different domains, similar to communication technology, environmental monitoring, agriculture,
medical services, and manufacturing purposes. But, the IoT systems are vulnerable against various intrusions and attacks in the
perspective on the security view. It is essential to create an intrusion detection model to detect and secure the network from
different attacks and anomalies that continually happen in the network. In this paper, the anomaly detection model for an IoT
network using deep neural networks (DNN) with chicken swarm optimization (CSO) algorithm was proposed. Presently, the
DNN has demonstrated its efficiency in different fields that are applicable to its usage. Deep learning is the type of algorithm
based on machine learning which used many layers to gradually extricate more significant features of level from the raw
inputs. The UNSW-NB15 dataset was utilized to evaluate the anomaly detection model. The proposed model obtained 94.85%
accuracy and 96.53% detection rate which is better than other compared techniques like GA-NB, GSO, and PSO for validation.
The DNN-CSO model has performed well in detecting most of the attacks, and it is appropriate for detecting anomalies in the
IoT network.

1. Introduction duce anomalies in terms of results, while attacks like probing

and flooding attacks can also cause anomalies when it comes
Recently, IoT has acquired the interest of academic groups and to security, attacks like Remote to Local (R2L) and User to
of the ICT (information and communication technology) Root (U2R) attacks [2].
industry. IoT systems take on a number of facets of our daily Anomalies may be related to performance or security-
lives, including health care, home environments, and trans- related. Anomaly identification is an extremely important task
portation. Threats to IoT protection can cause serious privacy for network operators in both situations. In particular, net-
problems and economic damage [1]. IoT’s development work operators needs an efficient method for quickly identify-
comes along with the emergence of numerous challenges. ing abnormal unknown trends in traffic data to recognize
Any of these problems also arise as exceptions to the network irregular flows of traffic or the reasons of further handling
anomalies, i.e., abnormal network traffic flow. A flash crowd, anomalies [3]. In the sense of the IoT, a general description
network failure, or variations in the network traffic may pro- of an anomaly is the observable effects of an unpredicted
2 Wireless Communications and Mobile Computing

change in the condition of a system beyond its global or local In Figure 2, the first process is to understand the type of the
norm. This description contains a number of significant dataset collected. The next process is to distinguish the type of
observations about the existence of IoT data: anomaly (i.e., point, contextual, and collective anomalies) from
a predefined collection. The last process was to understand the
(i) Most of the data collected by an IoT system could be training data availability for developing the anomaly detection
taken as “normal” since it reflects the typical operat- model [10]. The novel contributions of this paper are struc-
ing qualities for that particular system tured as follows:
(ii) The definition of a system’s “normal” operation can (i) Presented the anomaly detection model for security
change for a number of reasons over time attack detection by means of DNN with the CSO
(iii) The data produced by an IoT deployment shows algorithms. In this work, the optimization algorithm
only the actual processes that control the monitor- is proposed for optimizing the performance of the
ing system [4] CSO algorithm

In Figure 1, IoT networks consist of less cost sensors that (ii) Deep learning is the class of machine learning algo-
were placed in three types of formats over a wide region, (1) rithms which gradually extracted high-level feature
centralized networks consisting of several, (2) decentralized from raw inputs using many layers. The UNSW-
networks, and (3) block-chain technology-based distributed NB15 dataset was utilized for assessment of the
networks. The sensors in these IoT networks perform the anomaly detection model. This introduction part
important roles in assuring the total efficiency of the IoT discusses the anomaly detection process in IoT and
network [5]. the concept of the proposed model
There are instances in real-world datasets that are differ- The remaining sections will be as follows: Section 2 dis-
ent from every other instance and called as anomalies. The cusses the relevant works on IoT anomaly detection, Section
identification of anomaly was to identify certain standards 3 discusses the proposed methodology, Section 4 presents
whose activity was deemed as abnormally correlated to nor- the performance analysis of the proposed model, and Sec-
mal nodes. The data leakage, fraud detection, and intrusion tion 5 represents the conclusion of the work.
detection system are separate causes of anomalies. Detection
of anomalies is used in a number of IoT domain regions, as
presented in Table 1 [6–8]. 2. Related Works
1.1. Intrusion Detection. IoT devices are linked to the Internet Bagaa et al. proposed a security system for IoT based on
and remain susceptible to attacks related to security. Incidents machine learning model. This system leverages both Net-
such as Denial-of-Service (DoS) and distributed DoS (DDoS) work Function Virtualization (NFV) and Software-Defined
attacks create significant damage to the network. The major Networking (SDN) enablers for reducing various threats.
problem in IoT applications is identification and protection This security system copes automatically with the expanding
from such attacks that are mentioned in Table 1. aspects of security associated with IoT domain. The system
used the distributed data mining system, supervised learn-
1.2. Fraud Detection. IoT networks are still vulnerable dur- ing, and neural network for developing this intrusion detec-
ing logins or online purchases which can result in credit card tion model. The NSL-KDD dataset used for evaluation and
details, bank data, or various sensitive details’ theft. one class SVM technique was used to detect the attacks
and obtained better detection accuracy. Overall, the perfor-
1.3. Data Leakage. Sensitive data from file servers, databases, mance was good and the results obtained were appropriate
and various sources of data could leak to any external agency for this intrusion detection model [1].
that not only contributes to data loss but further generates a Lawal et al. used different classification techniques like k-
threat which could compromise confidential system data. NN, J-48, and Naïve Bayes for classifying different attacks in
Suitable mechanisms of encryption will avoid such leaks. the IoT intrusion detection model. For training and testing,
Anomalies may be identified based on the point-wise, the UNSW-NB15 dataset was utilized. Performance analysis
collective, or contextual forms. Point-wise anomalies tend of J48, k-NN, and NB classifiers utilizing the WEKA applica-
to identify points that essentially deviate from the remaining tion was experimented on this dataset. Outcomes from the
data points and are utilized when series evolutions are not analysis demonstrated that k-NN achieved better accuracy
linear. Typically, it was utilized for detecting fraud. and low FP rate in detecting abnormal and normal traffics,
Typical patterns of the time series like repeated pattern where J48 performed better in classification than NB and
or forms from several IoT devices were identified collective k-NN based on the attack classes [2].
anomalies. Shipping delay in the supply chain is very normal Hoang and Nguyen proposed an anomaly detection
but if there are multiple delays, then it may take investiga- model for IoT network traffic using PCA method. The
tion and also collective study. Contextual anomalies are PCA method was used for reducing higher data dimension.
observed by taking into account the preceding type of infor- A new distance formula was proposed and implemented to
mation or context, like day of the week. Contexts are always derive formulas from past works. Based on those derivations,
very unique to a particular domain [9]. a new technique for anomaly detection in network traffic
Wireless Communications and Mobile Computing 3

Network in IoT

Sensors Network Router Internet

Centralized Data flow in internet of things (IoT)

network

Networks in IoT with User Analytics Big data Central server

blockchain technology

Sensors Network Router Internet

Data flow in internet of things (IoT) with blockchain technology

Decentralized Distributed
network network User
Analytics Big data Distributed
blockchain Central server

Figure 1: IoT network types [5].

Table 1: Anomaly detection in different IoT platforms.

Area Anomaly detection Advantages

Health detection Life saving
Gas leakage To save fuel
IoT smart city Electricity leakage To save energy
Water leakages Preventing water wastage
Light bulbs broken Maintenance times reduced
Intrusion detection
Network security DDoS attacks For securing data
Fraud detections
Industries Surface inspection of devices To solve defect on devices

was implemented and obtained appropriate results using data acquired from the clustering stage was used for training
new distance formula by reducing the computational over- the CART and for classifying future unseen data. The model
head [3]. was able to automate the data labeling, which was an advan-
Sharmat et al. developed an anomaly detection model for tage to reduce human intervention [12].
IoT network using machine learning method. Artificial Deep learning methods have been utilized by some
neural network and logistic regression techniques were used researchers to detect network anomalies. The classification
for classification. The Kaggle dataset was used for perfor- results and deep learning methods were compared in the study
mance evaluation in this work. It was concluded that ANN of [13], and the findings show that the deep learning technique
was better than LR in case 1, and both have performed performed better. However, they only looked at the categoriza-
similar in case 2 [11]. tion study on PortScan and regular network traffic. The actual
Fahim and Sillitti proposed a hybrid learning anomaly network environment has many more network traffic kinds
detection using clustering and classification techniques. For than two, making identification more challenging.
clustering, Hierarchical Affinity Propagation (HAP) was used, The signature-based techniques have a high detection
and for classification, decision tree classifier CART technique accuracy and a fast detection speed; they are ineffective for
was used. The model combines the data into anomaly and detecting unknown network traffic. In comparison, anomaly-
normal clusters by using HAP clustering. Then, the labeled based methods are more adaptable and generalizable, and they
4 Wireless Communications and Mobile Computing

Start
where input sum U j was multiplied by its relative weights,
V ij . The activation is just based on the weights and the
inputs. If the identity will be the output function, hence,
Collected dataset the neuron will be considered as linear. The used output
function was sigmoid.
Identify anomaly
1
type Ri ðu, vÞ = −B
: ð2Þ
1+f ðu, vÞ
Availability of data
for training The error is weight dependent and recommended for
modifying to reduce the errors. The error functions for each
Detection learning neuron’s outputs could be set to
model
F i ðu, v, d Þ = ðRi ðu, vÞ − d i Þ2 : ð3Þ
Anomaly
detection/prediction/analysis The result would be positive, and required targets would
be bigger while the differences were bigger and smaller if the
Normal/abnormal differences were smaller. The network errors would be
behaviour simply a sum of all neuron errors in the output layer:
Figure 2: Anomaly detection flow chart.
F ðu, v, dÞ = 〠 ðRi ðu, vÞ − di Þ2 , ð4Þ
i

perform well even when faced with classification tasks on where Ri and d i were the target output; the weight modified
unknown network traffics. Deep learning approaches, as com- using the gradient descent method after finding this is the
pared to standard machine learning algorithms, have a quicker equation as follows:
processing speed when dealing with large amounts of data and
can learn the deep hidden representation of features with ∂F
greater accuracy. So, in this research, a deep learning-based Δvij = −η : ð5Þ
∂vij
model with optimization algorithm is proposed.

3. Proposed Methodology This equation can be interpreted as follows: the change

of each weight was a constant negative eta (η); thus, learning
The anomaly detection model is proposed for an IoT network rate wasη, multiplied by previous weight dependency on net-
that uses a DNN with CSO. DNN has currently demonstrated work error, which was a derivative ofFin relation tovij .
its effectiveness in numerous fields that are important to its The size of the correction would depend on η and the
implementation. In Figure 3, deep learning is the algorithm weight contribution to the function’s error. That is, if the
which gradually extricates high-level features using multi- weight provides a great deal to the error, the correction is
layers from the raw input. For data collection, the UNSW- higher than it provides to the lower amounts. Equation (5)
NB15 dataset was utilized for evaluating the proposed model. was utilized with a minimalized error before sufficient
The integration of homogenous neural network classifiers weights are established.
results in a hybrid deep neural network-CSO model. The From now on, the F derivative was discovered in respect
aggregation of classifiers is created by changing the activation of vij . This is the objective of the backpropagation algorithm
of the neural network’s weights and varying the input features. since it is important to achieve backward. Firstly, calculate
the errors according to the outputs, with the derivative ofF
3.1. Deep Neural Network. In this multilayer feed-forward
from Equations (3) and (4) in relation toRi .
DNN, the backpropagation technique is used. The backpro-
pagation technique used supervised learning, while the
approach was presented with input and output to be com- ∂F
= 2 ðR i − d i Þ: ð6Þ
puted by the network and hence, the error is computed. ∂Ri
The training started with random weight, and the purpose
was to change them to minimize the errors. A neuron’s According to activations, the output depended on
weighted sum is calculated as weights from Equations (1) and (2), respectively. That could
be noted from Equations (6) and (7):
n
Bi ðu, vÞ = 〠 U j V ij , ð1Þ ∂Ri ∂Ri ∂Bi
= = R i ð 1 − R i Þu j , ð7Þ
j−0 ∂vij ∂Bi ∂vij
Wireless Communications and Mobile Computing 5

Hidden Layer 1 Hidden Layer 2 Hidden Layer 3

Input layer

Output Layer

Figure 3: Architecture of deep neural network.

∂F ∂F ∂Ri (3) The hierarchical structure, the close bond, and the
= = 2ðRi − di ÞRi ð1 − Ri Þu j : ð8Þ bond between the mother and child within the group
∂vij ∂Ri ∂vij
will remain constant. These conditions update many
The adjustment will begin from Equations (5) and (8) (G) timely steps
for each weight: (4) Chicken tracks the rooster of their groups’ mate to
look for foods, although they may avoid eating their
Δvij = −2ηðRi − di ÞRi ð1 − Ri Þu j : ð9Þ own food. Consider chickens poaching the best food
found by others, accidentally. The chicks search
In Equation (9), in order to train the networks with an around their mother (a hen) for food. A strong indi-
additional layer, some factors were required specifically on vidual has an upper hand in a food competition
the training period that may be impacted with network
Chickens and chicken activities with the better fitness
architectures [13].
value may look for food across a wide range of distances.
3.2. Chicken Swarm Optimization. CSO was an algorithm of The chicken’s movement ability is given in the following
bioinspired optimization. In the chicken swarm, it imitates condition:
the hierarchical orders and the chicken swarm behaviors.
The chicken swarm could be categorized as several groups,

2 
ΔAc+1
i, j = Ai, j ∗ 1 + Randn 0, σ
c
, ð10Þ
containing a rooster and various chicks and hens. Various
chickens followed various laws of movement. Under a par-
ticular hierarchical order, there are competitions between 8
different chickens. Activities of chickens are by the values >
< 1, if f i ≤ f k ,
that follow the principles. σ =
2
ð f k − f iÞ , otherwise, k ∈ ½1, N , k ≠ i,
>
: exp
j f ij + ε
(1) Several groups are present in the chicken swarm. All
groups have a predominant rooster, a few hens, and ð11Þ
chickens
where Randnð0, σ2 Þ was the Gaussian distribution with
(2) How the chicken swarm can be divided into several
mean zero and standard deviations; σ2 was utilized to pre-
classes and identification of chickens according to
vent zero-division-errors. Kis the index of rooster which
fitness value of chicken itself. The chicken with a
was selected at random from the rooster groups, and f was
higher fitness value will be carried out as rooster;
the fitness values of related A. This phenomenon is formu-
each of that would be the group’s head chicken.
lated according to the following:
The chicken with low fitness value will be marked
as chicks. The remainder is to be the hens. The hens    
choose randomly the party they want to live in. The i, j = Ai, j + S1 ∗ Rand ∗ Ai, j − Ai, j + S2 ∗ Rand ∗ Ai, j − Ai, j ,
Ac+1 c c+1 c c+1 c

mother-child link among the chickens and hens will

be settled randomly ð12Þ
6 Wireless Communications and Mobile Computing

Initialize
repeat
Employ and order the fitness values of chicken using Equations ((10)) and ((11))
Isolate groups and select relations among chickens and hen using Equations ((12)), ((13)), and ((14))
Updating the chicken’s solution till chicken’s swarm find the better solutions using Equation ((15))
Memorizing the better solutions obtained so far
Until (Cycle = Max Cycle Numbers), Save best solutions
Assigning all networks input and outputs to DNN backpropagations
Initializing each weight from step 7
repeat
Presenting the patterns to the networks
Propagating the inputs forward through the networks
for all layers in the networks
for all nodes in the layers
Compute the weighted sum of the input to the nodes
Add threshold to the sum
Compute activation for the nodes
end
end
Propagating the error backwards through the networks
for all nodes in the output layers
Compute error signals
end
for all hidden layers
for all nodes in the layers
Compute node’s signal errors
Updating every node’s weighted in the networks
end
end
Compute Global Errors
Compute the Errors Function
end
While ((max numbers of iteration < than specified))

Algorithm 1

exp ð f i − f r1 Þ chicks, and the mother hens; then, set determined identities
S1 = + ε, ð13Þ for every chick; thirdly, set up the mathematical model by
ðabsð f i Þ
the identities of the chickens and their foraging laws; and
ΔS1 = exp ð ð f r2 − f i ÞÞ: ð14Þ finally, set a specific interval to update the relationship of
chickens frequently. In the group, the number of roosters
The greater the difference between the fitness values of and chicks is smaller than that of hens, and their structures
the two chicken, the lesser the S2 and the greater the dis- are generally simple. The number of hens is the largest,
tance between the positions of the two chickens. So the hens and the hens’ structure is the most difficult in the group.
will not eat the food provided by other chickens quickly. The In this way, the hen model will directly impact the perfor-
formula structure of S1 was different from S2 where there mance of the CSO [15].
are competitions in a group. The chicks travel to search for
food around their mother’ it is expressed as
3.3. DNN-Based CSO Algorithm. Steps 3–5 develop the CSO
  algorithm and satisfy Equations (10)–(15) to enhance the
i, j = Ai, j + FL ∗ Am, j = Ai, j ,
Ac+1 ð15Þ
c c c
weights in DNN.

i, j represents the location of the i chick’s mom ð

th
where Ac+1 4. Performance Analysis
m ∈ ½1, NÞ. FL (FL ∈ ð0, 2Þ) was the parameter, meaning
the chicks will follow his mom to search foods. The differ- Performance analysis and implementation of the proposed
ences were treated individually; the FL of every chick could model are performed on a computer with Core i5
select at random among zero and two [14]. 3.20 GHz CPU and 4 GB RAM in MATLAB 2017a. The pro-
The mathematical model of CSO could be compre- posed approach would be assessed using the output param-
hended in an accompanying manner: initially, verify the eters such as accuracy, recall, precisions, F1-score, and
group structure, in particular the total of roosters, hens, detection rates [16–20]. The analysis of the performance of
Wireless Communications and Mobile Computing 7

Table 2: Selected features of the dataset.

Term Types Description

Srrcip Nominals IP addresses of sources
Dstipp Nominals IP addresses of destinations
Dsports Integers Ports numbers of destinations
Protol Nominals Protocols for transactions
Dura Float Overall duration records
Dbytess Integers Transactional byte of destinations to sources
iss_ftpp_login Binary If ftp sessions were accessed by users and passwords, hence 1 else 0.
Total link that includes the similar services (14) and addresses of destinations (3) in 100 links depended
cts_srsv_dsst Integers
on last times (26)
cts_dsst_ltsm Integers Total links of same addresses of destinations (3) in 100 links depended on the previous times (26)
cts_src_ ltsm Integers Total link of same addresses of sources (1) in 100 links depended on the previous times (26)
Total link of same addresses of sources (1) and destination ports (4) in 100 links according to the past
cts_ssrc_dsport_ltsm Integers
times (26)

Table 3: Dataset traffic distributions.

Training Testing
Traffic label Description/characteristic
record record
Worm Intruder replicates itself to spread to other computers 130 44
Shellcodes A small part of the code utilized as the payload in the exploitation of software vulnerability 1133 378
Backdoors A method in which a system security is bypassed stealthily to access a computer or its data. 1746 583
Analyses It includes various attacks of port scan, spam, and html file penetrations 2000 677
Reconnaissance Contains all strikes that can simulate attacks that collect data 10491 3496
A malicious effort to make a network or server resource unavailable to users, usually by
DoS 12264 4089
temporarily suspending or interrupting the host’s services connected to the Internet
Fuzzer Attempting to cause a network or program suspended by feeding it the randomly generated data 18184 6062
The attacker knows of a security issue within an OS or a part of software and leverages that
Exploit 33393 11132
knowledge by exploiting the vulnerability
Generics A method works against each block cipher, without considering about the block-cipher structure 40000 18871
Normal Natural transaction data 56000 37000
Total 175341 82322

the proposed DNN-CSO approach will be compared with 175341 instances, and testing sets include 82332 instances
the other techniques such as GA-NB, GSO, and PSO. from various attack types and normal. In this analysis, just
12 attributes were chosen for performing the analysis from
49 attributes. The attributes chosen were cts-srv-dsst, scrips,
4.1. Description of Dataset. The IXIA PerfectStorm applica- cts-dsst-ltsm, cts-ssrc-dsport-ltsm, cts-ssrc-ltsm, dur, cts-
tion creates the raw network packet of the UNSW-NB15 dsst-ssrc-ltsm, dssport, dsbytes, dsstip, protos, and iss-ftps-
dataset in the Cyber Range Labs of Australian Centre for logins as seen in Table 2. The traffic distributions of the
Cyber Security (ACCS) to create the integration of true dataset are represented in Table 3.
modern general operation and synthetic modern attack
behaviors. Tcp_dump application was utilized to collect 4.2. Performance Metrics. The accuracy was simply a subset
raw traffics over 100 GB (i.e., Pcap file). This dataset of the model’s performances. It is one of the performance
included nine attack types like Backdoor, Analysis, Exploits, indicators used to assess classification approaches. The
Fuzzer, Shellcodes, DoS, Generics, Worm, and Reconnais- following expression was used to compute the accuracy:
sance. Bro-IDS and Argus were utilized, and 12 approaches
were generated for producing 49 attributes overall [21]. The TPV + TNV
dataset was accessible from https://www.unsw.adfa.edu.au/
Accuracy = : ð16Þ
TPV + TNV + FPV + FNV
unsw-canberra-cyber/cyb-ersecurity/ADFA-NB15-Datasets/.
For training and testing, the dataset is divided into 70% Precision was defined as the positive prediction rates. It
for training and 30% for testing. The training sets contain was described as proportions of correctly predicted positive
8 Wireless Communications and Mobile Computing

Table 4: Comparison of each attack by classifiers. 100

90
Attack class GA-NB GSO PSO DNN-CSO
80
Worms 58.21 62.83 65.50 80.53
70
Shellcode 85.96 88.93 91.67 93.05
60

Accuracy
Backdoors 48.29 52.84 54.27 59.47
50
Analysis 41.40 39.12 55.08 68.14
40
Reconnaissance 56.90 85.36 88.71 90.01
30
DoS 66.10 83.94 85.51 89.82
20
Fuzzers 50.57 66.23 54.18 70.36
10
Exploits 45.85 50.63 48.20 69.15
0
Generic 89.53 90.08 93.46 96.52 GA-NB GSO PSO DNN-CSO
Normal 70.32 82.27 85.86 90.79
Worms ShellCode
Backdoors Analysis
observation to totally predicted positive values. The follow- Figure 4: Accuracy comparison of attacks classified.
ing expression is used to compute precision:

TPV Table 5: Performance analysis comparison.

Precision = : ð17Þ
TPV + FPV
Method Accuracy Precision Recall F1-score
The recall was also known as the sensitivity. It was the GA-NB 82.35 75.63 90.40 82.51
ratio of each observation in the actual classes to the correctly
GSO 86.04 78.27 92.15 85.29
predicted positive values. The following equation was used
to compute recall: PSO 89.20 80.41 94.00 88.40
DNN-CSO 94.85 85.59 95.53 90.72
TPV
Recall = : ð18Þ
ðTPV + FNVÞ
100
90
The detection rate was the measure of the numbers of
intrusion incidents. It reflects the total number of appropri- 80
ate positive class predictions produced as the percentage of 70
all predictions made. The DR was calculated by using
Percentage

60
50
TPV
DR = : ð19Þ 40
TPV + FNV
30
F1-score was the harmonic mean estimation of precision 20
and recall. This metric, which was connected to accuracy, 10
was ideal for measuring the performance detection of unbal- 0
anced data. GA-NB GSO PSO DNN-CSO

2TPV Accuracy Recall

F1 Score = : ð20Þ Precision F1-Score
2TPV + FPV + FNV
Figure 5: Comparison of performance analysis.
The attack detected performance was assessed using
the proposed approach and correlated with the various
existing approaches like Genetic Algorithm with Naïve attacks in the input dataset. Accuracy was the appropriate
Bayes (GA-NB), Glowworm Swarm Optimization (GSO), detection range with each instance; detection rate was the
and Particle Swarm Optimization as seen in Table 4. Ten types detection ratio of classifier attacks; F1-score described the
of attacks comprising normal attack labels were utilized for estimate of unbalanced samples; and recall reflected how
these performances of attack identification. The proposed many attacks the system returned. Precision referred to
approaches detected every attacking labelled with higher how many of the returning attacks were right. To validate
detection rates. The least performance model is GA-NB, and the proposed DNN-CSO approach, the performance of sev-
GSO and PSO were close and equivalent in the performances eral outcome parameters was assessed, as seen in Table 5.
shown in Figure 4. The proposed method’s performance was assessed by
According to these characteristics, the proposed accuracy, detection rates or recall, precision, and F1-scores.
approach’s assessment was based on the identification of As shown in Figure 5, the comparison of every performance
Wireless Communications and Mobile Computing 9

assessment of the approach was shown by demonstrating the References

difference among every classifier.
The DNN-CSO technique outperformed all other assess- [1] B. Miloud, T. Tarik, B. B. Jorge, and S. Antonio, “A machine
ment criteria, comprising accuracy and detection rates. The learning security framework for IoT systems,” IEEE Access,
DNN-CSO attained an accuracy of 94.85 percent, which vol. 8, pp. 114066–114077, 2020.
was 5.6 percent to 12.5 percent greater than the other evalu- [2] A. L. Muhammad, A. S. Riaz, and R. H. Syed, “Security analysis
ated approaches. The proposed approach achieves a detec- of network anomalies mitigation schemes in IoT networks,”
tion rate of 96.53 percent, which was 1.5 percent to 5.13 IEEE Access, vol. 8, pp. 43355–43374, 2020.
percent greater than other compared approaches. [3] H. H. Dang and H. D. Nguyaen, “A PCA-based methods for
IoT networks traffics anomaly detections,” in International
Conferences on Advance Communications Technology,
5. Conclusion pp. 381–386, Chuncheon, South Korea, 2018.
[4] C. Andrew, M. Goksel, and F. Zhong, “Anomaly detection for
Anomaly detection in IoT networks using deep neural net- IoT time-series data: a survey,” IEEE Internet of Things Jour-
works with chicken swarm optimization algorithm was pro- nal, vol. 7, no. 7, pp. 6481–6494, 2020.
posed. The DNN technique was used for feature selection [5] G. Anuroop, W. Tim, and A. Maia, “Anomaly detections
and extraction of the dataset. The UNSW-NB15 dataset model for detecting sensors fault and outlier in the IoT – a sur-
was used for generating the combinations of actual modern vey,” in International Conferences on Sensing Technology
normal performances and synthetic modern attack behav- (ICST), pp. 1–6, Chuncheon, South Korea, 2019.
iors in this model. Out of 49 features from the dataset, only [6] T. Yu, Y. Sun, S. Nanda, V. Sekar, and S. Seshan, RADAR: a
12 features were selected for the performance evaluation. robust behavioral anomaly detection for IoT devices in enter-
Ten types of attacks comprising normal attack labels were prise networks (CMU-CyLab-19-003), 2021.
utilized for these performances of attack identification. The [7] E. Apostol, C. Truică, F. Pop, and C. Esposito, “Change point
proposed approach detected every attack label with higher enhanced anomaly detection for IoT time series data,” Water,
detection rates compared with other techniques. The fea- vol. 13, no. 12, p. 1633, 2021.
tures of the dataset are effectively extracted by the DNN, [8] V. Mothukuri, P. Khare, R. M. Parizi, S. Pouriyeh,
and the CSO was used to classify and detect the attacks. A. Dehghantanha, and G. Srivastava, “Federated learning-
For performance analysis, various parameters like accuracy, based anomaly detection for IoT security attacks,” IEEE Inter-
recall, precision, detection rates, and F1-score were evalu- net of Things Journal, vol. 9, no. 4, 2021.
ated. The DNN-CSO approach obtained the best perfor- [9] G. Jyotheesh, “Detecting sensors fault, anomaly, and outlier in
mances in every evaluation term comprising detection rate the IoT: a survey on the challenge and solution,” Electronic,
and accuracy. DNN-CSO obtained 94.85% accuracy which vol. 9, no. 511, pp. 1–15, 2020.
was 5.6% to 12.5% improved than various compared [10] A. Junaid, M. A. Azad, R. Amad, K. Salah, M. Alazab, and
approaches. The detection rates obtained by the presented R. Iqbal, “A review of performances, energies, and privacies
approach was 96.53%, which was 1.5% to 5.13% greater than of intrusions detections system for IoTs,” Electronic, vol. 9,
no. 629, pp. 1–24, 2020.
compared approaches. In the future, the proposed anomaly
detection model can be used for detecting various attacks [11] S. Bhawana, S. Lokesh, and L. Chhagan, “Anomaly detections
using different datasets for different network platforms like technique using deep learnings in IoT: a survey,” in 2019 Inter-
national Conference on Computational Intelligence and Knowl-
WSN, Cloud, and ad hoc networks.
edge Economy (ICCIKE), pp. 146–149, Dubai, United Arab
Emirates, 2019.
[12] F. Muhammad and S. Alberto, “Anomaly detection, analysis
Data Availability and prediction techniques in iot environment: a systematic lit-
The datasets used and/or analyzed during the current study erature review,” IEEE Access, vol. 7, pp. 81664–81681, 2019.
are available from the corresponding author on reasonable [13] K. S. Nilesh and M. Indrajit, “Machine learnings based anom-
request. aly detections for IoT Networks,” in Proceeding of the Fourth
International Conferences on Trend in Electronic and Infor-
matics (ICOEI 2020), pp. 787–794, Tirunelveli, India, 2020.
Conflicts of Interest [14] A. Ashikin, S. Norhalina, and T. R. Y. Iwan, “Designing deep
neural network with chicken swarm optimization for violence
There is no conflict of interest. video classification using VSD2014 dataset,” Recent Advances
on Soft Computing and Data Mining, vol. 978, pp. 47–56, 2020.
[15] M. Xianbing, L. Yu, G. Xiaozhi, and Z. Hengzhen, “A new bio-
Authors’ Contributions inspired algorithms: chicken swarm optimizations,” in
Advanced in Swarm Intelligences, ICSI, Y. Tan, Y. Shi, and C.
Authors, Rashmita Khilar, K. Mariyappan, Mary Subaja A. C. Coello, Eds., vol. 8794 of Lectured note in computer sci-
Christo and J Amutharaj are responsible for surveys and ences, pp. 86–94, 2014.
content writing and proofreading. Authors, Anitha T, Rajen- [16] R. S. Kumar, R. Mohandas, and J. Christhudass, “A Brief Over-
dran T and Areda Batu are responsible for algorithm design, view of Context Aware System,” Journal of Computational Sci-
development, and proofreading. ence and Intelligent Technologies, vol. 2, no. 2, pp. 17–23, 2021.
10 Wireless Communications and Mobile Computing

[17] R. Jayamma, “Improving The Performances of WSN Using

Data Scheduler and Hierarchical Tree,” Journal of Computa-
tional Science and Intelligent Technologies, vol. 2, no. 2,
pp. 07–16, 2021.
[18] R. Mugesh, “A Survey on Security Risks in Internet of Things
(IoT) Environment,” Journal of Computational Science and
Intelligent Technologies, vol. 1, no. 2, pp. 01–08, 2020.
[19] A. Nusaybah, A. Reem, and M. B. Seyed, “HLMCC: a hybrid
learning anomaly detection model for unlabeled data in Inter-
net of Things,” IEEE Access, vol. 7, pp. 179492–179504, 2019.
[20] T. V. Khoa, Y. M. Saputra, D. T. Hoang et al., “Collaborative
learning models for cyberattack detection system in IoT Indus-
try 4.0,” in 2020 IEEE Wireless Communications and Network-
ing Conference (WCNC), pp. 1–6, Seoul, South Korea, 2020.
[21] H. S. Iqbal, B. A. Yoosef, A. Fawaz, and I. K. Asif, “IntruDTree:
a machine learning-based cyber security intrusion detection
model,” Symmetry, vol. 12, no. 754, pp. 1–15, 2020.