Journal Pre-proof

An Effective DDOS Attack Mitigation of IoT Using

Optimization-Based Adaptive Security Model

Saurav Kumar , Ajit kumar Keshari

PII: S0950-7051(24)00686-5
DOI: https://doi.org/10.1016/j.knosys.2024.112052
Reference: KNOSYS 112052

To appear in: Knowledge-Based Systems

Received date: 24 August 2023

Revised date: 9 May 2024
Accepted date: 2 June 2024

Please cite this article as: Saurav Kumar , Ajit kumar Keshari , An Effective DDOS Attack Mitigation
of IoT Using Optimization-Based Adaptive Security Model, Knowledge-Based Systems (2024), doi:
https://doi.org/10.1016/j.knosys.2024.112052

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition
of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of
record. This version will undergo additional copyediting, typesetting and review before it is published
in its final form, but we are providing this version to give early visibility of the article. Please note that,
during the production process, errors may be discovered which could affect the content, and all legal
disclaimers that apply to the journal pertain.

© 2024 Published by Elsevier B.V.

 An Effective DDOS Attack Mitigation of IoT Using Optimization-BasedAdaptive
Security Model

Saurav Kumar*1, Ajit kumar Keshari2

*1
Computer Science and Engineering, Birla Institute of Technology,
Mesra (Ranchi) Patna Campus,
2
Associate Professor, Computer Science and Engineering,
Birla Institute of Technology, Mesra (Ranchi), Patna Campus
Email: kumarsaurav.saurav1983@gmail.com

Abstract: The Internet of Things enables the creation of transmitted use cases for
interconnected devices and complementary channels. The varied structure of it creates
additional security needs and problems. In particular, the safeguards used in the IoT should
adjust to the changing environment. One of the major dangers to the World Wide Web
(WWW) things is Distributed Denial of Service (DDoS). Therefore, in this work, an
intelligent Game Theory-based Adaptive security (GT-AS) mathematical model was
developed to maximize the effectiveness of DDoS attack mitigation. Moreover, this strategy
can strongly derive the five parameters such as energy channel, memory, intruder, and
hybrid. These all can achieve a stronger defense posture against DDoS attacks from the
newly designed IoT. Consequently, the Recurrent Bat (RB) framework is developed to
classify the nodes into two classes such as trusted node and malicious node. In addition,
the proposed frameworks analyze how protection effectiveness and energy consumption
interact when evaluating adaptive security techniques. To analyze the effectiveness of the
suggested paradigm, researchers also give the outcomes of simulation experiments.
Researchers demonstrate that, in comparison to existing models, the developed approach has
increased the lifespan of the connected objects by 47%. Also, the developed strategy has
attained better accuracy and lower error rates when comparing traditional strategies.
Moreover, the packet delivery ratio is 60KB, energy consumption is 116KJ, Mean Location
Error is 0.078 and resource usage is 148.

Keywords: DDoS attacks, Adaptive Security, Game Theory, Recurrent Neural Network and
Bat Optimization, Threat Analysis, IoT Security.

1. Introduction

Nowadays, advanced mobile networking and ubiquitous computing technologies are

incorporated with IoT-based applications [1]. Moreover, these applications can connect
humans anywhere at any time. IoT is the recent trend technology that enables all types of
systems and well-equipped devices through the efficient internet [2]. Here, the physical
devices are interconnected with smart devices and provide progressive things to the people.
Consequently, the associated smart devices are mobile devices, sensors actuators, etc. [3].
This device can collect sensitive information about the environment, the social life of people,
etc. In addition, this sensed information can be collected, combined, treated, tested, and
extracted to carry out a successful message to facilitate very universal and smart services [4].
Moreover, the IoT is an attractive posterity and emerging network paradigm for all types of
wireless applications. Consequently, IoT systems can improve efficiency and productivity
through smart industry-based remote management and decision-making systems [5].
Nevertheless, the rapid development of IoT networks can enhance privacy as well as security
challenges [6].

1
 Since, it has been utilized in many applications like human wearable equipment, cyber-
attacks, etc. in the modern era, cyber-attacks are increasing and they are important security
threats in IoT environments [7]. In terms, of device connectivity, the IoT perception can
provide a higher level of availability, reliability, confidentiality, accessibility, scalability, and
interoperability. However, strong security and privacy concerns are necessary for all IoT
devices. According to the cyber-attacks, the combination of multiple threats and their
originality is missed due to the standardization requirements [8]. Numerous types of cyber-
attacks can influence IoT-based targeting nodes. As a result, 225000 general users have faced
a power blackout issue through attackers [9]. Also, in the year 2016, the United States East
Coast testified to Distributed Daniel of Service (DDoS) attacks [10]. It is the heaviest
malicious action that simulated itself for computing, assaulting, and harming IoT devices that
are weak. Utilizing the intrusion detection security model, the cyber security industry will be
able to address the issues in security and privacy risk assessment [11]. IoT devices are
vulnerable to network security issues since the communications are performed based on
wireless mode [12]. Therefore, ever-droppable IoT elements are usually short in both
computing resources and energy for complex security implementation [13]. Furthermore, the
intrusion detection model can effectively identify malicious activities from the IoT network
and it can be classified based on the known attacks [14]. Therefore, the mitigation of security
attacks is the most important research problem for IoT enlargement [15]. Exhaustion of
resources overwhelms both network infrastructure and IoT devices, impacting bandwidth,
memory, and computational capabilities. This degradation leads to the unavailability of IoT
services [37]. Furthermore, IoT networks, which typically integrate numerous heterogeneous
devices to counter DDoS attacks, are not sustainable for prolonged periods. Additionally,
DDoS attacks are facilitated by detection latency and false positives within IoT
infrastructures [40].
The security threats in DDoS attack mitigation for IoT likely encompass vulnerabilities in
device communication, authentication weaknesses, firmware update gaps, resource
limitations, and inadequate security controls. Security-related problems in DDoS attack
mitigation for IoT may include vulnerabilities in device communication protocols, weak
authentication mechanisms, lack of timely firmware updates, resource constraints leading to
susceptibility to attacks, and insufficient implementation of security controls like firewalls or
intrusion detection systems. Security threats and differences in DDoS attack mitigation for
IoT involve vulnerabilities in device communication, weak authentication, firmware update
challenges, resource limitations, and unique attack vectors targeting IoT-specific
vulnerabilities, all of which necessitate tailored mitigation strategies compared to traditional
network environments. To tackle these problems previously several researchers have been
implemented to overcome issues in conventional Internet such as ML-based security models
[16], population optimization algorithms [17], etc. For example, an epidemic model for
analyzing malicious activities and attacks from the computerized region provides an efficient
framework apart from the attack issues [18]. Artificial intelligence (AI) models secure IoT
systems from all types of threats and attackers in terms of unusual misbehavior activities
[19]. In this work, a novel security strategy is developed to predict and evaluate security-
related problems and make an efficient solution for correspondent security threats.

The following is a Key Contribution of the proposed work:

❖ Initially, the wireless environment is designed with the required number of IoT devices
with the help of the MATLAB platform.
❖ Then, the Game theory-based Adaptive Security (GT-AS) model is proposed to model
the DDoS attacks mathematically.

2
 ❖ Here, the GT-AS model is to solve the four types of security parameters channel,
memory, energy, and intruder in terms of mathematical theorems.
❖ After, solving these parameters hybridization process is started to value the proposed
model.
❖ In that, the hybridization process Recurrent Bat (RB) framework is designed to avoid
problems like packet drop and time delay.
❖ After that, the Efficiency of the suggested model is verified in terms of Mean location
error (MLE), packet transferring ratio, energy consumption, time delay, secure range,
and resource usage.
❖ At last, the developed mathematical modeling is estimated with previously proposed
methods and attained the finest detection and security performance.

The work that remains is listed in detail below; section 2 goes into further depth on related
work, the System model and problem statement are detailed in Section 3, consequently,
section 4 defines a proposed methodology, and section 5 shows the achieved results and its
comparison. In section 6, the essay is completed.

2. Related works

A large flow of data complications disturbs the IoT networks through multimedia
applications. Because the mutable behavior of DDoS attacks is increasing day by day. So,
Gobi, et al. [20] has proposed an Artificial Neural Network (ANN) to mitigate DDoS attacks.
Moreover, ANN-based defense methods are incorporated with mathematical formulations
and constraints. This combination has provided normal and abnormal results for infected
packets. Nevertheless, the computational cost is the main problem concerning this approach.
Antivirus software installation cannot be ensured since IoT devices primarily come with
lightweight operating systems. To identify IoT assaults, intrusion detection systems are
created. To get over these problems Ganesh Karthik, et al. [21] have developed a random
forest-based minority overs sampling method to predict the attack present in the IoT network.
NSL-KDD and N-BaIoT datasets were to be taken to the complete implementation process.
In a binary classification 7.35% for maximum accuracy and 0.04 % for minimum accuracy.
Moreover, the proposed attack helps to decrease false positive, false negative, and delay
rates. The data packets escape during the procedure.
One of the most difficult security risks to the IoT application's digital domain is the DDoS
attack. Shalaka Mahadik, et al. [22] have developed the convolution-based HeIoT model to
detect and control the attack in a variety of infrastructures. To evaluate the viability ofthe new
suggested HetIoT-CNN IDS, binary and multi-class (8- and 13-classes) designations are
taken into account. This technique includes data cleaning, feature scaling, memory
optimization, and feature selection. Moreover, binary and multi-classification are processed
for performance analysis.
SDNs are subject to assaults that might lead to potentially fatal scenarios because of their
centralized nature. SDN-based VANET security is crucial and necessitates the application of
Artificial Intelligence (AI) solutions. To overcome these issues Goodness Oluchi Anyanwu et
al. [23] have introduced an intrusion detection model (IDM) to predict the DDoS in vehicular
regions. Moreover, support vector classifiers, kernel functions, and radial functions are used
to classify the attacks. Here, onboard units are incorporated with this framework to receive
vehicular information. Based on this, DDoS attacks are detected before classifying the
message sequence.
Because IoT devices are weaker protected and frequently function unsupervised, they
properly illustrate the need for a hacker to create a botnet army to launch a major Denial of

3
Service assault. To overcome these issues Gupta, et al. [24] have analyzed the malicious
traffic in Consumer IoT using a machine detection of attacks using the learning method
(CIoT). This solution leverages local IoT network-specific features to empower the local
router to detect threats through the use of simplified machine learning classifiers. The testing
findings demonstrated the suggested technique's robustness and dependability in IoT
networks, with a maximum accuracy of 0.99.
Considering all of its potential uses, IoT, is a recent revolution in interaction. DDoS
assaults on the IoT are growing more common, and the need for solutions to stop them is
rising. To overcome these issues Yousuf, et al. [25] have utilized the idea of a recurrent
neural network and the Open Daylight platform, and a unique method called DALCNN
(Using a Live Streaming Neural Network to identify an attack) for detecting DDoS assaults in
IoT has been developed. A three-tier design is also suggested for classifying and identifying
DDoS assaults. The suggested approach outperforms other known algorithms, according to
the simulation findings.
The security risks and flaws related to this source of energy IoT devices grow as IoT
device usefulness rises. DDoS is a significant threat to Internet-connected devices. Regular
observation, early identification, and effective decisionsare necessary for IoT device safety
to be robust and successful. To get over these problems Bhayo, et al. [26] have suggested a
revolutionary Internet security strategy based on SDN that searches for IoT device
vulnerabilities Using IP Packet interpretation and session IP counters, they can detect
malicious traffic sent by IoT devices. The platform's DDoS attack detection module can
detect attacks despite high traffic levels, which are composed of recommended procedures,
and can swiftly identify an SD-IoT system under a DDoS attack by looking at numerous
specifications.
Alweshah, et al. [38] have developed an Emperor Penguin Colony (EPC) feature selection
model that presents an innovative approach to mitigating challenges inherent in IoT data by
integrating the EPC method with a KNN classifier. While the specifics of the EPC method
remain undisclosed, the model demonstrates notable advantages, including its tailored focus
on IoT data intricacies, achieving high classification accuracy (98%), and outperforming
existing methods like MOPSO and MOPSO-Lévy. Additionally, its flexibility in
accommodating various filter methods provides valuable insights into feature selection
strategies for IoT datasets. Nonetheless, challenges such as the lack of detailed method
description, potential overfitting, and computational complexity suggest cautious
consideration of the model's applicability and reliability in broader IoT contexts.
Alzubi, et al. [39] have proposed a technique for electronic health record privacy-
preservation that combines deep learning with blockchain technology. Initially, a CNN is
utilized to classify normal and abnormal users based on processed healthcare data.
Subsequently, Blockchain technology combined with a federated learning module based on
encryption is used to exclude aberrant users from the database and limit access to their
medical records. Implemented in Python, experimental results suggest superior classification
accuracy and performance compared to existing techniques, offering enhanced security and
privacy for healthcare data. However, challenges may include implementation complexity,
scalability concerns with blockchain technology, and potential limitations in handling diverse
healthcare datasets. The challenges of the existing works are mentioned in the table 1.

4
 Table 1. Challenges of the existing works
SI No: Author Name Method Advantages Disadvantages
Gobi, et al. Artificial Provided Computational
1 [20] Neural normal and cost is high.
Network abnormal
(ANN) results of
infected
packets.
2 Ganesh Random Reduce the The data
Karthik, et al. Forest-based positive test, packets are
[21] minority overs negative test, leaked.
sampling and delay
method. rates.
3 Shalaka Convolution- Reduces the Extremely
Mahadik, et based HeIoT amount of time reliant on the
al. [22] model. and effort Internet.
required from
humans.
4 Goodness Oluchi Intrusion It can identify The malicious
Anyanwu etal. Detection Model and block several traffic is not
[23] (IDM) assaults that stopped by the
firewalls cannot IDS.
automatically
identify.

5 Gupta, et al. Machine Enable the local The likelihood of

[24] learning-based router toidentify mistake or fault
attack detection attacks. is higher and
method. Data needsare
greater.
6 Yousuf, et al. DALCNN It has a higher Absence of data
[25] (Detecting detection rate security and
Attack usingLive privacy, The
CaptureNeural existence of
Network) malware and
computer
viruses.
7 Bhayo, et al. SDN-based Can quickly Failed to classify
[26] secure IoT identify a DDoS thenormal and
framework. assault. malicious
activities
8 Alweshah, etal. Emperor Penguin High Computational
[38] Colony (EPC) classification complexity
accuracy (98%)
9 Alzubi, et al.[39] Electronic Health superior implementation
Record classification complexity
accuracy and
performance

3. System Model and Problem Statement

5
This proposed work has been motivated to discover the security threats in IoT devices based
on the variety of applications. The IoT network has been frequently arranged in aggressive
and unattended environments. Avoiding unknown nodes is an important task because that
might produce security threats and communication problems. Also, the IoT nodes are
classified as known and unknown IoT nodes so that unknown IoT nodes are easily affected
by DDoS attacks. Consequently, integrity and confidentiality are the major IoT requirements
that are responsible for DDoS attacks in normal service accessibility. Considering these
problems protecting the IoT network is a more important task for the finest data transferring.
So, the current research aims to propose mathematical modeling to predict and enhance the
security concerns of IoT networks. Figure 1 shows the System model and problem statement
for the proposed work.

i (t ) D(t )C (t )  bC (t ) Qn R(t )
D(t ) C(t ) E(t ) M(t )

E( t )
i D(t )C (t )

qC(t )
q D C

qD qC(t )

Figure 1. System model and problem statement for the suggested method

In Figure 1, IoT nodes are depicted as individual entities within the network. Known
nodes are represented by solid circles, indicating their established identity and trustworthiness
within the IoT ecosystem. Conversely, unknown nodes are depicted by hollow circles,
signifying their unidentified or unverified status, making them susceptible to potential
security threats and attacks. Considering the critical role of integrity and confidentiality in
ensuring the secure operation of IoT networks, safeguarding against DDoS attacks becomes
paramount for maintaining optimal data transfer capabilities. Thus, the current research
endeavors to propose a mathematical model aimed at predicting and enhancing the security
posture of IoT networks. By leveraging mathematical modeling techniques, the proposed
approach aims to provide proactive measures for detecting and mitigating security threats,
thereby fortifying the resilience of IoT infrastructures against potential cyber threats.

4. Proposed methodology

This section introduces a new mathematical modeling, neural network, and optimization
approach to secure the IoT network. A game theory-based Adaptive security (GT-AS)
mathematical model is developed to locate the DDoS assault in an IoT setting. This is the
simple protection approach and it is incorporated with Nash equilibrium for analyzing the
utility function of the adaptive security policy. Then the adaptive security policy is derived
from energy, channel, memory, and intruder functions. Here, the GT-AS is defined by the

6
two transition probabilities states secure mode and insecure mode. Then Recurrent Bat (RB)
framework is developed to classify the nodes into two classes such as trusted node and
malicious node. Here, the Bat Optimization Algorithm (BOA) is combined with the RNN.
The fitness function of the bat simplification is initiated to the covert layer of the RNN to
classify the attacks. In that fitness function is set as the threshold function of Integrated
Nodes (IT). If the node's value is more than or equal to the criterion value, it is referred to as
a trustworthy node; otherwise, it is a malicious node (DDoS attacks). Figure 2 presents the
suggested architecture of (GT-AS).
IoT network model
GT-AS model

A protection
strategy

Energy Channel Memory Intruder Hybrid

// lithium- // Finite-State
// Susceptible- // Nash
ion Markov // Batch Markov
Infective-Recovered Bargainin
rechargeabl Chain Arrival Process
with Maintenance g model
e battery (FMSC) (BMAP)
(SIR-M) model
method

Attack model Performance

RB framework analysis

Launch
DDoS attack // predict and classify

Figure 2. Proposed Methodology of (GT-AS).

Initially, the wireless environment is designed with the required number of IoT devices
with the help of the MATLAB platform. Then, the Game theory-based Adaptive Security
(GT-AS) model is proposed to model the DDoS attacks mathematically. Many of the IoT
networks are designed with improper usernames and passwords, which are simply altered by
third parties. Therefore, attackers can easily use these default authorizations to access the IoT
networks and launch DDoS attacks in that infrastructure. Moreover, insecure communication
protocols can lead to IoT devices without any manipulated attackers. So, these vulnerabilities
injected in malicious activities as well as DDoS attacks presence. Attackers may be able to
undermine device security and initiate DDoS attacks by gaining physical access to IoT
devices. Consequently, the GT-AS model is to solve the four types of security parameters
channel, memory, energy, and intruder in termsofmathematical theorems. After, solving these
parameters hybridization process is started to value the proposed model. In that, the
hybridization process Recurrent Bat (RB) framework is designed to avoid problems like
packet drop and time delay. After that, the effectiveness of the presented model is confirmed
in terms of Mean location error (MLE), packet transferring ratio, energy consumption, time
delay, secure range, and resource usage. At last, the developed mathematical modeling is
estimated with previously proposed methods and attained the finest detection and security
performance.

4.1. Design process of the proposed framework

Create a system based on game theory to simulate how attackers and defenders interact in

7
Internet of Things networks. Next, identify the participants, tactics, and rewards in the
security game while taking into account variables like the strength of the attack, efficient use
of resources, and efficacy of defense. Subsequently, put into place adaptive security measures
that dynamically modify defense plans in response to observed threat levels and adversarial
strategy exchanges. Use the optimization algorithm RB to improve the adaptive security
framework's decision-making. Set up the RB model such that, in response to feedback from
the game theory-based security framework, defense tactics, resource allocation, and response
actions are iteratively optimized in real time. To recognize and attribute DDoS assaults
directed towards IoT devices and infrastructure, incorporate sophisticated detection methods
within the security architecture.

4.2. Recurrent Neural Network (RNN)

An exclusive variety of neural networks called an RNN [27] has been used to track
subsequent data. It originated from the concept of a full graph structure, in which the nodes
are divided into two distinct sets and every pair of nodes in both sets is close to the other. The
RNN includes three layers input, hidden, and output, and two phases training and testing.
Basic RNN is exemplified by the hidden layer, which is made up of the context layer and the
covert layer and takes inputs from the hidden units as well as the input levels. The chosen
characteristics in this case serve as the RNN's input. The weight of each characteristic is
determined at the input layer. Periodically, all of the measurements are updated. The typical
data and the attacked data are classified at the hidden node based on the selection of weights
greater than one. The typical data is also provided as output units.

4.3. Attack detection using RB framework

Following the procedure, RB is used to do the classification [28]. It is one of the unique
varieties of neural networks (NN) and is mostly used for recognition, prediction, and
classification. The RNN receives the chosen characteristics as input. W11 ,W12 ,W1n and
W21 ,W22 ,..., and W2n are used to represent the weights of the hidden layer's input layer.
The outlet layer's neuron and the repetition layer's stochastic weights are generated
throughout a predetermined range [Wmin ,Wmax ] . The weight of the input node neuron is set to
1. The Bat optimization technique, which is determined by the forward and backward passes,
is used to train the RNN. These steps are described below:

Step 1:

Initially assign the weights of the chosen attributes (S i ) to the input layer.

Step 2:

Equation (9) and (10), where x i and Vij describe the weight values are modified together
with the neuron's current activity state may be used to depict RNN. The network and
otherbackground layers' inputs affect the activation function Ai .

y i (t ) =  x j (t )Vij (t ) (1)
x j (t ) = Ai ( yi (t )) (2)

8
Step 3:

To identify the decision vector, the buried sigmoid activation function, which is
provided, is used to activate nodes by Equation (11), where, for a single output system,
i = 1,2,..., n and the output of RNN is X act = V2i Ai

1
Ai = (3)
1 + e − yi
Step 4:

Equations are used to assess each neuron's output during the forward-back propagation step.
(12), (13) where, H , C, I and f stand for the values of the converted state, incoming neuron
values, and activation function, respectively, and store information from the final network
stage. The input to the j th neuron is then Yi , and Sij is an integer that refers to the the
recurring communication has been moved.
x j (t ) = Ai (Yi (t ), Di (t )) (4)
Yi (t ) =  x j (t )Vij +  y j (t )Vij +  x j (t − Sij )Vij (5)

Step 5

Inaccuracy in t h e training algorithm is represented by Equation (6) The Bayesian

Regulationtechnique can reduce the inaccuracy [29].

M e = X tar − X act (6)

4.4. Bat Optimization algorithm

The BAT algorithm relies on the amplitude and transmission characteristics of bats'
echolocation. It hunts and discovers its victim. Once the prey is located, the parameters
frequency, loudness, and pulse emission rate are updated. A local stochastic walk reinforces
the search process. Continue choosing the finest bat until certain halting criteria are satisfied.
The values are updated by using equation 7, and for updating the weights equation 8 can be
used,

Eb =
1 N

N i =1
(
(M e ) 2 ) (7)

Bw = Eb+M w (8)
❖ Testing Phase

Since it is unfamiliar with the incoming data during testing, The Internet Service Provider
(CSP) determines if the information is legitimate or not. Use the RNN classifier in this testing
phase; it is given a set of data with fewer features. The matching trained RNN weights are
used in the testing process. Next, the score value is ascertained. The categorization choice is
decided using the RNN score value; one may determine whether the testing data is valid or
intrusive. To categorize the data, Eq. (17) is utilized to evaluate the acquired score value.

9
 k  score
Re sult =  (9)
k  score
Where k represents the threshold value, the data is considered normal if the threshold
benefit is more than or equal to the score value Or if the date is lower than the score value the
data is identified as intrusion data.
4.5. Dynamic Context Mathematical Modeling

A mathematical model of the environment in which the intelligent objects function is

presented in this section. The amount of memory, the communication infrastructure, the
energy minimization model, and the threat of the four major models are characteristics taken
into consideration to depict the context.

❖ Energy Model

Take into consideration a lithium-ion rechargeable battery and a model of linear discharge
having a relaxing effect. The battery depletion process is described by this model as follows
[42]:
to +t

BD = p ' −  IC (t )dt
t0
0
(10)

Where, p ' denotes the prior energy level and IC (t0 ) denotes the smart thing's
circuit's current usage in real-time t 0 . The dispersion mechanism that enables adjusting for
diminished capacity is referred to as the relaxation effect. The likelihood of regaining
the battery'scapacity in a single time slot was determined to be equal to,

e −  (BC − BD )− (BD ) (11)

If p  BC or 0 , where  (BD ) is a stairway function,  is the decomposition of
the discharge process and BC is the battery capacity.

❖ Communication Model

Researchers employ a Nakagami-m fading connect, which has the benefit of simulating
fading dependency, to mimic the interaction between the smart devices. The Signal-to-
Noise Ratio (SNR) data obtained at portion are thought to be divided into intervals of
M + 1Si , Si +1  where 1  i  M using a Finite-State Markov Chain (FMSC) method [30].
The FSMC's state transition matrix is represented by ST = (T ) where,
t. i+1
Ti ,i+1 = i = 0,......... ., M −1
p(i )
(12)

t.
Ti.i−1 = i i = 1,......... ., M
p(i )
(13)

1 − Ti ,i +1 − Ti ,i −1 ,0  i  M

Ti ,i = 1 − T0,1, , i = 0 (14)
1 − T
 M , M −1 , i = M

Where, i the threshold for level crossing and p(i ) is how likely it is that the

10
channel will be in state i . An entry Ti , j typically denotes the likelihood that the route will
change from conclude i to state j .

❖ Memory Model

The batch Markov arrival process is thought to be sufficient to model the clever
queuing procedure item because of the interactions inside the BAN, according to research
(BMAP) [31]. This is true because the interaction using transaction processing within the
BAN necessitates a delay before the detection algorithms employed by the smart objects can
analyze the accumulated gathered data. The smart objects process this info and then send it
via streaming communication. The transition probability matrices Sm , (0  m  S ) , which
correspond to the arrival of m packets, are used to represent the BMAP. S stands for the
largest permitted batch size. These matrices' analytical model for generating their elements
may be found in.

❖ Intruder Model

To show how the invasion procedure spreads within the BAN, studies use the Susceptible-
Infective-Recovered with Maintenance (SIR-M) model, [32] which was developed in. The
random variables E (t ) , D(t ) and E (t ) Stand for the number of exposed, diseased, and
repaired(maintenance-pending) nodes, respectively. The accompanying derivatives provide
knowledge about some of these random variables' dynamics.

dC(t )
= i D(t )c(t ) +  (1 − D(t ) − C (t ) − E (t )) (15)
dt
dD(t )
=  i D(t )c(t ) −  b C (t ) (16)
dt
dE(t )
=  b C (t ) −  n E (t ) (17)
dt
dM (t )
= i (1 − c(t ))c(t ) − (q +  )c(t ) (18)
dt

Where, i represents the infection rate as measured by communications between a

poor and a susceptible node, the susceptible node's rate of recovery is c . The
transition rates between the energetic and maintaining modes are represented by b and n .
C (t ) Represents the BAN's degree of connection and f is the percentage of contaminated
connections that undergo maintenance. Depending on these elements, construct the setting as
Y = E , F , G, H  where E denotes the battery level, F denotes the channel state, G denotes
the memory state, and H denotes the invasion procedure state. By design, this environment is
a progression and captures the interaction of the competing goals that should be considered
while developing security measures.

4.6. Adaptive Security And protection Game Model

This portion proposes a novel game-theoretic method to deal with the dispute among power
limitations and protection. A fundamental protection strategy-based adaptive security policy
is the first. After that, the game's benefit functions are established, and the Condition is looked

11
at.

4.7. Flexible security measures

Researchers create a simple, adaptable security policy that is spread across smart devices to
prevent an attack from spreading through the BAN's flimsy radio networks. Because the rules
are arbitrarily implemented according to a set of transformation probabilities, the policy is
adaptive the primary modification support is for a relay to verify the origin of the traffic it is
relaying. Naturally, this significantly reduces the likelihood that a weakened junction will
transmit false information. Nevertheless, because it necessitates more processing and
communication, it also shortens the lifespan of the relay nodes. Based on these
straightforward criteria, the next section introduces four adaptive ways for creating
straightforward adaptive security policies. The three initial techniques each adjust to the
elements of the setting described in the preceding section on an individual basis. presume that
a smart item has two possible states: secure mode and passive mode. While no security
checks are made in passive mode, it consistently verifies the forwarded packets in protected
mode. The probability of transition between these two states serves as the basis for an
adaptive security strategy [41]. The prediction results are defined as follows where the battery
state is e , the route state is f , the queue state is g , and the safety level is d :

A → (e, f , g, d ) = TP( (t ) = passive) (t −1) = secure (19)

A →  (e, f , g , d ) = TP ( (t ) = sec ure) (t − 1 = passive) (20)
Strategy 1- Regarding energy

If the battery capacity falls below a certain threshold, h the smart item enters the relaxed
state, and if the energy capacity is more than h , it enters the secure mode [41]. In other
words,
1, e C  h
A → (e, f , g , d ) =  (21)
0, otherwise
1, e C  h
A → (e, f , g , d ) =  (22)
0, otherwise

Where e represents the current energy capacity of the smart item (likely its battery
level).  represents a certain threshold value. (e, f , g , d ) are likely parameters or
coefficients associated with the smart item's energy management strategy.

Strategy 2 - Converging on the Channel

Transmission costs rise and power conservation takes precedence as the channel status
deteriorates. Let's assume, for simplicity:
1, f = 0
A → (e, f , g , d ) = 
0, f  0 (23)
0, f = 0
A → (e, f , g , d ) = 
0.5, f  0
here f is a favorable metric that indicates how well the communication channel is
working.

12
Strategy 3 - Adapting to memory

The quantity of packets in the queue is another factor that might influence whether the node
decides to impose packet verification or not. When this quantity is high, authentication is
probabilistically  1 disabled since there is a greater chance of blocking genuine packets. On
the other hand, the smart object with probability  1 shifts when the queue length exceeds a
minimal threshold, the mode from the passive to the dynamic g [41].

 , g  g
A → (e, f , g , d ) =  1
1 −  2 , otherwise (24)
 2 , g  g
A → (e, f , g , d ) = 
1 −  2 , otherwise

Strategy 4 - Changing to fit the invader

The intelligent objects can determine the rate of termination or the proportion of
contaminated connections that are revoked for each time frame using witness-based detection
techniques. To calculate the revocation rate, represented by the Symbol u , it employs
the suggested method. A high threshold u and a low threshold u are defined in such a way,
 , u  u
A → (e, f , g , d ) =  3
1 −  3 , otherwise (25)
 , u  u
A → (e, f , g , d ) =  4
1 −  4 , otherwise

Strategy 5 - hybrid amplification

To determine whether to activate security or not, this technique depends on integrating two or
more variables Dependent on the destination user's priority set, several combinations are
conceivable. For instance, in the example that follows, design a plan that causes security to
activate in response to both the channel status and the remaining battery capacity [41].

1, e C  e,. f = 1
A → (e, f , g , d ) = 
0, otherwise
(26)
0, e C  e,. f = 0
A → (e, f , g , d ) = 
0, otherwise
4.8. Utility features

According to the modeling techniques covered in the portion above, researchers develop a
game-theoretic framework to define the effective security approach's variables. The utility
features take into account a node's capacity to validate or not the traffic that is transmitted as
well as its impact on packet blocking and security policy violations. Take into account a
damage function, represented by  , which measures how well the security policy mitigates
the intrusion, as well as a function that shows how the security methods affect the network's
lifetime. The utility functions are expressed as follows using the sigmoid function.

13
  (Asp ) = 1 + e
(
− S sp  Asp − Fsp )−1 (27)
 (Abp ) = 1 − 1 + e ( (
− Sbp  Abp − Fbp )
)
−1
(28)

Where Fbp and Fsp are the centers of the sigmoid functions, S sp and S bp
determine the utility functions' sensitivity, Asp and Abp are, respectively, the likelihood
that a network security will be disobeyed and packet blocking. Arriving packets are not
checked for compliance with the security policy while the security queue is full, which results
in security policy violation. When a smart thing's battery runs low and it enters sleep mode
to recharge, packet blockage happens. The utility features indicated above offer a
compromise between adhering to the policy (at the cost of reducing battery life) and
delivering possibly forwarded containers without completing the verification process (at the
risk of going against the security measures). Create a Nash Bargaining model [33] based on
this trade-off, where the equilibrium may be found to maximize both utilities. The energy
degradation process and the adaptive security strategy are the participants in this game. To
create an equilibrium where security efficacy and energy efficiency are balanced, they
implement random techniques. The vector  = (1, 2 , 3 , 4 ) is the decision variable in this
game. This vector’s components can be changed to affect the likelihood of violating policies
and packet decreasing, which affects the harm and lifespan functions. Additionally, the key
aspect in our scenario is the disagreement's conclusion (0,0) . This idea when there is no
consensus reflects the harm and lifespan values may be agreed upon by the players.

4.9. Nash equilibrium

The following optimization problem must be solved to determine the equilibrium of the
( )
game   ,  , which is shown by,

Max(1 −  (Asp )  (Abp )) (29)



The suggested game has a Nash equilibrium due to the goal function specified by which
(1 −  (Asp ) (Abp )) exists. It is simple to demonstrate in our situation that continuous and
defined on a compact. The estimation of the probabilities Asp and Abp is necessary for the
analysis of the Nash equilibrium. The security policy's state transition matrices should be
constructed for this reason. Initially integrate the channel and battery-related transition
operations. RT ( p ) = C ( p ) • F is the transition matrix that is produced where [41],

 C ( p ,0 ) C ( p , 0 ) .......... .. C ( p , 0 ) 
 
Cˆ ( p) =  C ( p ,1) C ( p ,1) .......... .. C ( p , 0 ) .  (30)
 C ( p , NE ) C ( p , NE ) .......... C ( p , NE ) 


14
  e((0p,,0f) ) e((0p,1, )f ) 
 
 
 e( p , f ) e((1p,1,)f ) e((1p, 2, )f ) 
 (1, 0 )  (31)
 . . . 
 
C ( p, F ) = . . . 
 e((ep, e, f−1) ) e((ep, e, f) ) e((ep, e, f+1) ) 
 
 . . 
 . . 
 
 e((Cp,,Cf −) 1) e((Cp,,Cf −) 1) 
 

And the probability of migration among battery capacity e , while the p channel state
and memory contain packets. f are represented by the (C + 1) (C + 1) matrix e((ep,e, f) ) . The '

likelihoods of transitioning from the previous state, wherein i packets were authenticated, and
the present state, when j packets have undergone authentication, are represented by the
( )
transition matrix A = ai , j . The probability Asp and Abp are calculated in light of this finding.
N Q  Z 
   j  a i   i 
 
 k =1   , + j  
Asp =
i =1 j = Z − p +1
 z z  
(32)
G ( A)
Abp =   (e, f , g , i ) (33)
(e , f , g ,i )
Where,  is the likelihood matrix for the steady state? That is discovered by solving the
equations  . A =  and  .1 = 1, where 1a matrix of ones is. To make the calculation of the
Nash equilibrium easier, researchers limit the choices in our search for the best answer to
those that are Pareto-efficient. The answers determine where each player gets the most
benefit. The Nash equilibrium must therefore be a part of this collection. The simulations ran
to gauge the effectiveness of our plan are discussed in the sections that follow, along with the
key findings. Algorithm 1 shows the Pseudocode format of suggested approach.

Algorithm1. Pseudocode format of proposed methodology

Start

Input parameters

//Initialize the required number of devices

Initialize IOT Network

15
//Initialize IOT devices with initial settings and configurations

Develop GT-AS Model

//Define the parameters and variables for the GT-AS model

Max(1 −  (Asp )  (Abp ))



//Nash equilibrium for analyzing the utility function of the adaptive security
policy
//Adaptive security policy based on energy, channel, memory and intruder
functions.
}

Construct RB Framework

//Set fitness function as a threshold function of Integrated Nodes for

classifying nodes as trustworthy or malicious.
Optimize Defenses

//Optimize defense tactics, resource allocation and response actions based on

Dynamic Context Modeling

// int B,D,I,C,p

to +t

BD = p ' −  IC (t )dt
t0
0

1 − Ti ,i +1 − Ti ,i −1 ,0  i  M

Ti ,i = 1 − T0,1, , i = 0
1 − T
 M , M −1 , i = M

//Dynamic context mathematical modeling including energy, communication,

memory and intruder models.

16
 }

Performance analysis

//evaluate the effectiveness of the proposed methodology

End

5. Result and Discussions

Experiments are described in this research to evaluate how well the suggested Optimization-
Based Adaptive Security Model mitigates DDoS attacks in Internet of Things environments.
The objectives center on evaluating the model's performance concerning defense posture,
system resilience, and DDoS attack mitigation. The experimental setup is meticulously
detailed, encompassing the simulation environment, parameters, and metrics utilized for
comprehensive evaluation. Additionally, a evaluation of performance is carried out on the
suggested methodology and experimental configuration. The efficacy of the system is gauged
using various criteria, including accuracy, precision, recall, and time, employing
mathematicalmodeling integrated with neural networks for thorough assessment.

5.1. Experimental setup

The suggested model is programmed by using a MATLAB, Intel I5 processor, Windows 10

computer, and 8 GB RAM.

5.2. Dataset description

The NSL-KDD data set has the following benefits over the original KDD data collection.
Since redundant data are excluded from the Train table, the classifications won't be skewed in
favor of more often occurring entries. Due to the absence of duplicate data in the
recommended test sets, methods with higher efficiency of the learners are unaffected by
predictive value for frequent records. The amount of each group's records is arranged
inversely proportional to the percentage of records in the original KDD data set that is chosen
from each group of difficulty levels As a result, there is a wider fluctuation in the
categorization rates throughout a wide range of different machine-learning algorithms,
making it simpler to appropriately assess different learning approaches. Because the amount
of records in the train and test sets is controlled, research can be conducted on the entire set
without needing to select a random subset. Therefore, evaluation outcomes from various
research endeavors will be similar and comparable.

5.3. Performance Estimation

17
The proposed method is planned for implementation in the MATLAB framework and the
efficiency score was justified by comparing the metrics with the other existing techniques in
terms of Precision, Recall, Accuracy, F-measure, Time consumption, and Energy
consumption. In addition, the existing approaches like Risk-based Adaptive Security Controls
[34], Optimized Framework to Combat Volumetric DDoS Attacks [35], and Moving Target
Defence Approach [36].

❖ Accuracy

It represents a percentage of equation's (34) total expectations compared to the total of two
right guesses. A ratio of accuracy of one denotes perfect accuracy, while a ratio of 0 denotes
a random guess.
TP  + TN 
Accuracy = (34)
TP  + TN  + FP  + FN 

Where, TP  indicates the True positive, FP  indicates the false positive, TN  indicates the
True Negative and FN  indicates the False Negative.

❖ Precision

Equation defines specificity as the proportion of normal data identified to all other realistic
and unusual data discovered (35).
TP 
precision =  (35)
TP + FP 
❖ Re-call

Recall is expressed in Equation (36) as a ratio of the proportion of normal data found to all
the data available in the dataset.
TP 
Re − call =  (36)
TP + FN 
❖ F-Score

The symmetrical mean of the accuracy and recall metrics is described in Equation 37.
2( precision Re − call ) (37)
F − Score =
P + R

5.3.1. Local stability of the epidemic model

To illustrate the scenario graphically in Figure 3, It has been statistically calculated that the
stabilization point is locally stable. Here, the starting point is, X=0.9, Y=0.07, Z=0.03 using
the subsequent argument are C (t ) = 0.2 , E (t ) = 0.1, D(t ) = 0.7, c(t ) = 0.5 with the
following variables values i = 0.4 , b = 0.35 ,  n = 0.4,  = 0.3, q = 0.15. R0a is obtained as
0.97 i.e. condition. R0  1 . At the equilibrium point, the IoT nodes
are turne d into stable.

18
 Figure 3. Local stability of the epidemic model

5.3.2. Local stability of susceptible and infected targets

The behavior of the system (3) is analyzed by taking contaminated target nodes C (t ) target
nodes were retrieved E (t ) plane. Figure 4 illustrates that every single contaminated nodes
heal completely when R0a  1 . However, the data indicates that in the end, 60.27 percent of
the impacted nodes when R0a  1 .

Figure 4. Local stability of susceptible and infected targets

5.3.3. Local stability of susceptible and infected and maintained

Figure 5 depicts a numerical simulation of an unsuccessful attack. The beginning point in this
case is taken to be 0.7, 0.2, 0.1, and 0.5, along with the parameter values 0.4, 0.35, 0.4, 0.3,
0.15, and 0.3. The assaulting population's basic reproductive rate is calculated as 0.889 and
with Ra  1 , Figure 5 demonstrates the stability of the zero-infection equilibrium for the
susceptible, infected, and the maintenance.

19
Figure 5. Local stability of susceptible and infected and maintained

20
5.3.4. Comparison of the proposed Game-theory Adaptive strategy in terms ofprecision

Figure 6 indicates the comparison of the suggested Game-theory based adaptive strategy in
terms of precision. In the figure, the total number of iterations is 1000. In iteration 100 the
precision is 0.9228 and in iteration 200 the precision is 0.9227. From iteration 100 to 200 it
slightly increases. In the iterations 300,400 and 500, the precision of the proposed model is
0.9027, 0.9475, and 0.9549. While comparing these three iterations, in the 500th iteration
the precision increases. By comparing from the first 500 iterations the precision is increasing
greatly in the 500th iteration. In the 600, 700, 800, and 900th iterations the precision is 0.948,
0.9193, 0.9577, and 0.9511. Finally, in the iteration 1000th the precision is 0.9657. By
contrasting the total amount of iterations the precision of the proposed model is increasing. In
iterations 100 and 200 the values of precision for the proposed GT-AS decrease minutely, but
compared with iteration 300 it decreases by 0.02 and it increases by 0.0475 in iteration 300.
By contrasting the total number of iterations the 1000th iteration attains a higher value and
the precision for the proposed method GT-AS gradually increases when compared to the
other.

Figure 6. Comparison of the suggested model's precision

5.3.5. Comparison of the proposed Game-theory based Adaptive strategy in terms ofRe-call

21
 Figure 7. Comparison of the suggested model in terms of Re-call

Figure 7 shows the comparison of the suggested Game-theory-based Adaptive strategy in

terms of Re-call. In the figure, t he total number of iterations is 1000. In iteration 100 the
Re-call is 0.9232 and in iteration 200 the Re-call is 0.9223. From iteration 100 to 200 it
slightly decreases. In the iterations 300,400 and 500, the Re-call of the proposed model is
0.9023, 0.9474 and 0.9549. While comparing these three iterations, in the 500th iteration the
Re-call increases. By comparing from the first 500 iterations the Re-call is increasing greatly
in the 500th iteration. In the 600, 700, 800, and 900th iterations the Re- call is 0.949, 0.9203,
0.9578, and 0.9507. Finally, in the iteration 1000th the Re-call is 0.9652. By comparing the
total amount of iterations the Re-call of the proposed model is increasing.

5.3.6. Comparison of the Game-theory Adaptive strategy in terms of F-measure

Figure 8. Comparison of the proposed model in terms of F-measure

Figure 8 shows the contrast of the suggested Game-theory-based Adaptive strategy in

terms of F-measure. In the figure, the total number of iterations is 1000. In iteration 100 the
F- F-measure is 0.923 and in iteration 200 the F-measure is 0.9225. From iteration 100 to 200
it slightly decreases. In the iterations 300,400 and 500, the F-measure of the suggested model
is 0.9025, 0.9474 and 0.9549. While comparing these three iterations, in the 500th iteration
the F-measure increases. By comparing from the first 500 iterations the F-measure is
increasing greatly in the 500th iteration. In the 600, 700, 800, and the 900th iteration the
F-measure is 0.949, 0.9203, 0.9578 and 0.9507. Finally, in the iteration 1000th the F-measure
is 0.9652. By comparing the total amount of iterations the F-measure of the proposed design
is increasing. In the proposed Game-theory based Adaptive strategy the F-measure of the
proposed design is partially increasing and decreasing. By comparing the total number of
iterations the 300th and the 700th iteration the F-measure decreases and the remaining
iterations increase gradually. By comparing the proposed model the F-measure increases
gradually.

5.3.7. Comparison of the suggested model GT-AS in terms of Train Accuracy

22
 Figure 9. Comparison of the suggested model in terms of Train Accuracy

The suggested Game-theory-based adaptive method is compared in terms of Train

Accuracy in Figure 9. The total number of iterations in the figure is 1000. , In iteration 100
the F-measure is 0.923 and in iteration 200 the F-measure is 0.9225. From iteration 100 to
200 it slightly decreases. In the iterations 300,400 and 500, the Train Accuracy of the
proposed model is 0.9025, 0.9474, and 0.9549. While comparing these three iterations, in the
500th iteration the Train Accuracy increases. The F-measure is significantly rising in the
500th iteration when compared to the first 500 iterations. In the 600, 700, 800, and the 900th
iteration the F-measure is 0.949, 0.9203, 0.9578, and 0.9507. Finally, in the iteration 1000th
the F-measure is 0.9652. By comparing the total amount of iterations the Train Accuracy of
the proposed model is increasing. The F-measure of the suggested model is partially
increasing and lowering in the proposed Game-theory based adaptive approach. By
comparing the total amount of iterations the 300th and the 700th iteration the Train Accuracy
decreases and the remaining iterations increase gradually.

5.3.8. Comparison of the proposed GT-AS in terms of Time Consumption

Figure 10. Comparison of the proposed model in terms of Time Consumption

23
 Figure 10 shows the comparison of the proposed Game-theory-based adaptive strategy in
terms of Time Utilization. In the figure, the total amount of iterations is 1000. In iteration 100
the Time Utilization is 1s and in iteration 200 the Time Consumption is 2s. From iteration
100 to 200 it slightly increases. In the iterations 300,400 and 500, the Time Consumption of
the proposed model is 4s, 6s, and 6s. While comparing these three iterations, in the 500th
iteration the Time Consumption increases. By comparing from the first 500 iterations the
Time Consumption is increasing greatly in the 500th iteration. In the 600, 700, 800, and
900th iterations the Time Consumption is 7s, 9s, 10, and 12s. Finally, in the iteration 1000th
the precision is 13s. By comparing the actual number of iterations the Time Consumption of
the suggested model is increasing. In iterations 100 and 200 the values of precision for the
proposed GT-AS decrease minutely, but compared with iteration 300 it increases by 2s and it
increases by 4s in iteration 300. When comparing the total number of repeats, the time
required grows gradually rather than rapidly. The precision of the suggested approach GT-AS
steadily improves when compared to the other and, when the total number of iterations is
compared, the 1000th iteration achieves a higher value.

5.3.9. Comparison of the proposed GT-AS in phrases of Test Accuracy

Figure 11. Comparison of the suggested model in phrases of Test Accuracy

The suggested Game-theory-based Adaptive method is compared in terms of Test

Accuracy in Figure 11. In the figure total number of iterations is 1000. In iteration 100 the
Test Accuracy is 92.96 and in iteration 200 the Test Accuracy is 91.96. From iteration 100 to
200 it slightly decreases. In the iterations 300,400 and 500, the Test Accuracy of the proposed
model is 89.95, 94.98, and 93.47. While comparing these three iterations, in the 500th
iteration the Test Accuracy increases. By comparing from the first 500 iterations the Test
Accuracy is increasing greatly in the 500th iteration. In the 600, 700, 800, and 900th
iterations the Test Accuracy is 93.97, 89.95, 93.97, and 94.47. Finally, in the iteration 1000th
the Test Accuracy is 95.46. By comparing the total amount of iterations the Test Accuracy of
the suggested model is increasing. In the proposed Game-theory-based Adaptive strategy the
Test Accuracy of the suggested design is partially increasing and decreasing. By comparing
the total number of iterations the 300th and the 700th iteration the Test Accuracy decreases
and the remaining iterations increase gradually. By comparing the proposed method the Test
Accuracy increases gradually. The accuracy of the proposed method GT-AS is gradually
increasing and decreasing, but in the final stage the test accuracy is increased by 95.46 while
compared to the others.

24
5.3.10. Comparison of the suggested model GT-AS in phrases of Error Rate

Figure 12. Comparison of the proposed in terms of Error Rate

The suggested Game-theory-based Adaptive method is compared in terms of Error Rate in

Figure 12. In the figure, the total number of iterations is 1000. In iteration 100 the Error Rate
is 0.162 and in iteration 200 the Error Rate is 0.0925. From iteration 100 to 200 it slightly
decreases. In the iterations 300,400 and 500, the Train Accuracy of the proposed model is
0.0471, 0.08241, and 0.0625. While comparing these three iterations, in the 500th iteration
the Error Rate increases. By comparing from the first 500 iterations the Error Rate is
increasing greatly in the 500th iteration. In the 600, 700, 800, and the 900th iteration the Error
Rate is 0.0777, 0.063, 0.0979, and 0.0531. Finally, in the iteration 1000th the Error Rate is
0.0934. By comparing the total amount of iterations the Error Rate of the suggested design is
increasing. In the proposed Game-theory-based Adaptive strategy the Error Rate of the
suggested design is partially increasing and decreasing. By comparing the total number of
iterations the 300th and the 700th iteration the Error Rate increases and the remaining
iterations increase gradually. By comparing the proposed method the Test Accuracy increases
gradually. The accuracy of the proposed method GT-AS is gradually increasing and
decreasing, but in the final stage, the test accuracy is increased by 95.46 when compared to
the others.

5.3.11. Comparison of the suggested method GT-AS in phrases of other existingmethods

25
 Figure 13. Comparison of the suggested phrases of Time Delay with existing methods
The suggested Game-theory-based Adaptive technique is compared with various current
approaches in Figure 13 with respect to Time Delay. The figure shows the total 1000
iterations. In the 100th iteration, the Time Delay for the proposed GT-AS is 1.01, for
RBAC the time delay is 1.15, for VMFCVD the time delay is 1.25 and for the MTD the time
delay is 1.287. by comparing these methods the proposed GT-AS attains lesser time
consumption. In the iterations 200, 300, and 400, the time delay for the proposed GT-AS,
RBAC, VMFCVD,and MTD is 1.99, 2.11, 2.78, 2.88 and 4.1, 4.85, 5.14, 5.53 and for 400the
iteration 6.23, 6.99, 7.19 and 7.29. By comparing the three iterations the proposed GT-AS
attains lesser time consumption. In iterations 500, 600, and 700 the time delay for the
proposed GT-AS, RBAC, VMFCVD, and MTD is 6.99, 7.59, 7.99, 8.43, and 7.12, 7.99,
8.65, 8.98, and 8.83, 9.15, 9.8, 9.97. in the three iterations, by comparing the time delay the
proposed GT-AS attains lesser time consumption. The time delay for the proposed GT-AS,
RBAC, VMFCVD, and MTD for the 800, 900 and 1000 is 9.93, 10.22, 10.77, 11.08 and
12.01, 12077, 13.77, 13.13 and 12.21, 13.05, 14.15, 14.45. By comparing these three
iterations of the proposed with existing methods the proposed GT-AS attains lesser time
delay. In the total 1000 iterations, the proposed GT-AS attains lesser time delay compared to
the other existing methods.

5.3.12. Comparison of the suggested method GT-AS in phrases of packet transferring

ratio with other existing methods

Figure 14. Comparison of the suggested in terms of packet transferring ratio with existing
methods
In terms of packet transfer ratio, Figure 14 compares the suggested Game-theory-based
Adaptive strategy with other methods already in use. The figure shows the total 1000
iterations. In the 100th iteration, the Time Delay for the proposed GT-AS is 10, for RBAC the
packet transferring ratio is 9.63, for VMFCVD the time delay is 9.45 and for the MTD the
time delay is 9.11. by comparing these methods the proposed GT-AS attains a lesser packet
transferring ratio. In iterations 200, 300, and 400, the time delay for the proposed GT-AS,
RBAC, VMFCVD, and MTD is 20, 19.77, 19.59, 18.66 and 30, 29.35, 29.25, 28.15 and
for 400 the iteration 39.98, 36.5, 34.57 and 33.59. By comparing the three iterations the
proposed GT-AS attains lesser packet transferring ratio. In the iterations 500, 600, and 700
the time delay for the proposed GT-AS, RBAC, VMFCVD, and MTD is 49.97, 47.53, 45.75,
44.88, and 59.99, 57.44, 54.42, 56.65 and 69.97, 66.97, 65.97, 64.67. In the three iterations,
by comparing the time delay the proposed GT-AS attains lesser packet transferring ratio. The
time delay for the proposed GT-AS, RBAC, VMFCVD, and MTD for the 800, 900, and
1000 is 79.96, 73.96, 75.96, 72.86 and 89.96, 85.96, 83.99, 82.59 and 99.95, 95.95, 92.95,

26
91.95. By comparing these three iteration of the proposed with existing methods the
proposed GT-AS attains lesser packet transferring ratio. In the total 1000 iterations, the
suggested GT-AS attains a lesser packet transferring ratio compared to the other existing
methods.

5.3.13. Comparison of the suggested method GT-AS in phrases of mean location errorwith
other existing methods

Figure 15. Comparison of the suggested in terms of mean location error with existing
methods
The comparison between the proposed Game-theory-based Adaptive strategy and other
current methods in terms of mean location error is depicted in Figure 15. The figure shows
the total 1000 iterations. In the 100th iteration, the mean location error for the proposed GT-
AS is 0.162, for RBAC the time delay is 0.175, for VMFCVD the mean location error is
0.199 and for the MTD the time delay is 0.2. by comparing these methods the proposed GT-
AS attains lesser time consumption. In iterations 200, 300, and 400, the mean location error
for the proposed GT-AS, RBAC, VMFCVD, and MTD is 0.0925, 0.1, 0.125, 0.173 and
0.0471, 0.0563, 0.0667, 0.0698 and for 400 iterations 0.0824, 0.0827, 0.0973, and 0.113. By
comparing the three iterations the proposed GT-AS attains lesser mean location error. In
iterations 500, 600, and 700 thetime delay for the proposed GT-AS, RBAC, VMFCVD, and
MTD is 0.0628, 0.0725, 0.0765, 0.0798 and 0.0777, 0.085, 0.099, 0.112 and 0.063, 0.076,
0.079, 0.089. In the three iterations, by comparing the mean location error the suggested GT-
AS attains a lesser mean location error. The mean location error for the proposed GT-AS,
RBAC, VMFCVD, and MTD for the 800, 900, and 1000 is 0.0979, 0.1, 0.133, 0.173 and
0.0513, 0.067, 0.087, 0.098 and 0.0434, 0.0555, 0.0593, 0.0834. When these three iterations
of the proposed GT-AS are compared to current techniques, the suggested GT-AS achieves a
lower mean location error.

5.3.14. Analysis of the suggested approach in terms of energy consumption with other
existing methods

27
 Figure 16 Examination of the recommendation in terms of energy consumption with the existing
method
The comparison of the suggested Game-theory-based Adaptive strategy's energy usage
with other current approaches is shown in Figure 16. The figure shows the total 1000
iterations. In the 100th iteration, the energy consumption for the proposed GT-AS is 30.01,
for RBAC the time delay is 35.15, for VMFCVD the energy consumption is 37.83 and for the
MTD the time delay is 39.12. by comparing these methods the proposed GT-AS attains lesser
energy consumption. In iterations 200, 300, and 400, the time delay for the proposed GT- AS,
RBAC, VMFCVD, and MTD is 60.64, 62.52, 65.882, 69.73 and 75.71, 77.17, 79.77, 85.37
and 92.82, 95.88, 97.12, 101.14. By comparing the three iterations the proposed GT-AS
attains lesser energy consumption. In the iterations 500, 600, and 700 the time delay for the
proposed GT-AS, RBAC, VMFCVD, and MTD is 108.11, 113.55, 116.82, 119.17 and
113.53, 119.47, 121.57, 122.75 and 115.21, 122.29, 125.62, 128.71. By comparing the
iteration of the time delay the proposed GT-AS attains energy consumption. The energy
consumption for the proposed GT- AS, RBAC, VMFCVD, and MTD for the 800, 900, and
1000 is 118.77, 123.12, 129.51, 133.27 and 118.93, 125.77, 133.62, 134.77 and 119, 127.15,
135.23, 138.254. By comparing these three iterations of the proposed with existing methods
the proposed GT-AS attains lesser energy consumption.

5.3.15. Comparison of the proposed method in terms of resource usage with other
existing method

28
 Figure 17. An analysis of the suggested in terms of resource usage with existing methods

Figure 17 displays the contrast of the suggested Game-theory Adaptive strategy in terms
of resource usage with other existing methods. In the 10^3 load, the resource usage for the
proposed GT-AS is 0.03, for RBAC the resource usage is 0.03, for VMFCVD the resource
usage is 0.04 and for the MTD the resource usage is 0.05. By comparing these methods the
proposed GT-AS attains lesser time consumption. In load 10^4, 10^5, and 10^6, the resource
usage for the proposed GT-AS, RBAC, VMFCVD, and MTD is 0.04, 0.04, 0.04, 0.08, and
0.03, 0.04, 0.04, 0.08, and for 10^6 the load 0.04, 0.04, 0.05 and 0.1. By comparing the three
loads the proposed GT-AS attains lesser resource usage. In loads 10^7, 10^8, and 10^9 the
resource usage for the proposed GT-AS, RBAC, VMFCVD, and MTD is 0.05, 0.05, 0.1,
0.1, and 0.05, 0.07, 0.15, 0.2 and 0.06, 0.08, 0.2, 0.23. In the three iterations, by comparing
the resource usage the proposed GT-AS attains lesser resource usage. The suggested GT-AS
uses fewer resources than the other approaches that are currently in use.

5.3.16. Comparison of the proposed method in terms of secure Range

Figure 18. Comparison of secure range in terms of existing techniques

A comparison of the suggested GT-AS's secure range with that of other current techniques
is presented in Figure 18. The secure range for the proposed GT-AS is 145 feet the secure
range for the RBAC is 200 feet and the secure range for the VMFCVD is 225 feet and the
secure range for the MTD is 248 feet. Therefore, the proposed GT-AS is very secure when
compared to the other methods.

6. Conclusion

In conclusion, the Optimization-Based Adaptive Security Model outlined in this paper offers
a potent solution for mitigating DDoS attacks in IoT environments. Through dynamic
adjustment of security measures based on real-time threat analysis, the model exhibits robust
defense posture and resilience against a variety of DDoS attack scenarios. Integrated with
MATLAB and employing optimization techniques, this model demonstrates promising
results in bolstering IoT security. Extensive experimentation and evaluation, encompassing
assessment of defense posture, system resilience, and DDoS attack mitigation, confirm the

29
effectiveness of our approach in safeguarding IoT deployments. Furthermore, ongoing
research and validation endeavors are essential to validate the model's performance across
diverse IoT scenarios and ensure its scalability and adaptability to evolving security
threats.Our findings indicate significant improvements compared to existing models, with a
notable 47% increase in the lifespan of connected objects. Additionally, our strategy
achieves superior accuracy and lower error rates compared to traditional approaches.
Furthermore, we observed a packet delivery ratio of 60KB, energy consumption of 116 KJ,
Mean Location Error of 0.078, and resource usage of 148.

Compliance with Ethical Standards

Funding: No funding is provided for the preparation of manuscript.

Conflict of Interest: Authors declare that they have no conflict of interest.
Ethical Approval: This article does not contain any studies with human participants or
animals performed by any of the authors.
Consent to participate: All the authors involved have agreed to participate in this submitted
article.
Consent to Publish: All the authors involved in this manuscript give full consent for
publication of this submitted article.
Authors Contributions: All authors have equal contributions in this work.
Data Availability Statement: Data sharing not applicable to this article.

References

1. M. Calvo, B. Marta. A Model for Risk-based Adaptive Security Controls. Computers &
Security 2022; 115: 102-612.
2. Y. Zhou, C. Guang, Y. Shui. An SDN-Enabled Proactive Defense Framework for DDoS
Mitigation in IoT Networks. IEEE Transactions on Information Forensics and
Security 2021; 16: 5366-5380.
3. I. Singh, W.L. Seok. Self-adaptive and secure mechanism for IoT based multimedia
services: a survey. Multimedia Tools and Applications 2022; 81.19: 26685-26720.
4. A. Prasad, C. Shalini. VMFCVD: An Optimized Framework to Combat Volumetric
DDoS Attacks using Machine Learning. Arabian Journal for Science and Engineering
2022; 1- 19.
5. V. Gaur, K. Rajneesh. Analysis of machine learning classifiers for early detection of
DDoS attacks on IoT devices. Arabian Journal for Science and Engineering 2022; 47.2:
1353- 1374.
6. G. Liu, et al. Efficient DDoS attack mitigation for stateful forwarding in the Internet of
Things. Journal of Network and Computer Applications 2019; 130: 1-13.
7. Y. Zhou, et al. Toward Proactive and Efficient DDoS Mitigation in IIoT Systems: A
Moving Target Defense Approach. IEEE Transactions on Industrial Informatics 2021;
18.4: 2734-2744.
8. T.A.S. Srinivas,S.S. Manivannan. Prevention of hello flood attack in IoT using a
combination of deep learning with improved rider optimization algorithm. Computer
Communications 2020; 163: 162-175.
9. N.N.M. Yungaicela, V.R. Cesar, A.P. D. Jesus. SDN-based architecture for transport and
application layer DDoS attack detection by using machine and deep learning. IEEE
Access 2021; 9: 108495-108512.
10. T.G. Nguyen, et al. Search: A collaborative and intelligent NIDS architecture for sdn-
based cloud IoT networks. IEEE Access 2019; 7: 107678-107694.

30
11. V. Gaur, K. Rajneesh. Analysis of machine learning classifiers for early detection of
DDoS attacks on IoT devices. Arabian Journal for Science and Engineering 2022; 47.2:
1353- 1374.
12. X. Luo, et al. Using MTD and SDN-based honeypots to defend against DDoS attacks in
IoT. 2019Computing, Communications and IoT Applications (ComComAp). IEEE, 2019.
13. Q.He , et al. A game-theoretical approach for mitigatingedgeddos attack. IEEE
Transactions on Dependable and Secure Computing (2021).
14. S. Rathore, W.K. Byung, H.P. Jong. BlockSecIoTNet: Blockchain-based decentralized
security architecture for IoT network. Journal of Network and Computer
Applications 2019; 143: 167-177.
15. M.V.O. de Assis, et al. Near real-time security system applied to SDN environments in
IoT networks using convolutional neural network. Computers & Electrical Engineering
2020; 86: 106738.
16. A. Makkar,S. Garg, N. Kumar, M.S. Hossain, A. Ghoneim, M. Alrashoud, An efficient
spam detection technique for IoT devices using machine learning, IEEE Trans. Ind.
Informat Feb 2021; 17(2): 903–912.
17. K.D. Lu, G.Q. Zen, X. Luo, J. Weng, W. Luo, Y. Wu. Evolutionary deep belief network
for cyber-attack detection in industrial automation and control system, IEEE Trans. Ind.
Informat Nov 2021; 17(11): 7618–7627.
18. M.J. Farooq, Z. Quanyan. Modeling, analysis, and mitigation of dynamic botnet
formation in wireless IoT networks. IEEE Transactions on Information Forensics and
Security 2019;14.9: 2412-2426.
19. H.H.R. Sherazi, et al. DDoS attack detection: A key enabler for sustainable
communication in internet of vehicles. Sustainable Computing: Informatics and Systems
2019; 23: 13-20.
20. R. Gopi , et al. Enhanced method of ANN-based model for detection of DDoS attacks on
multimedia internet of things. Multimedia Tools and Applications 2022; 81.19: 26739-
26757.
21. M.G. Karthik, M.B. Krishnan. Hybrid random forest and synthetic minority over-
sampling technique for detecting Internet of things attacks. Journal of Ambient
Intelligence and Humanized Computing 2021; 1-11.
22. S. Mahadik, M.P. Pranav, M. Raja (HetIoT). Journal of Network and Systems
Management 2023; 31.1: 1-27.
23. G.O. Anyanwu, et al. Optimization of RBF-SVM Kernel using Grid Search Algorithm for
DDoS Attack Detection in SDN-based VANET. IEEE Internet of Things Journal (2022).
24. B.B. Gupta, C. Pooja, C. Xiaojun, N. Nadia. Smart defense against distributed Denial of
service attack in IoT networks using supervised learning classifiers. Computers &
Electrical Engineering 2022; 98: 107-726.
25. O. Yousuf,R.N. Mir. DDoS attack detection in the Internet of Things using recurrent
neural network. Computers and Electrical Engineering 2022; 101: 108-034.
https://doi.org/10.1016/j.compeleceng.2022.108034.
26. J. Bhayo,J. Riaz, A. Awais, H. Sufian, A.S. Syed. A time-efficient approach toward
DDoS attack detection in IoT network using SDN. IEEE Internet of Things Journal 2021;
9(5): 3612-3630.
27. Yousuf, Omerah, Roohie Naaz Mir.DDoS attack detection in the Internet of Things using
recurrent neural network.Computers and Electrical Engineering 2022;101: 108034.
28. Alharbi, Abdullah, et al.Botnet attack detection using local global best bat algorithm for
the industrial internet of things. Electronics 2021;10.11: 1341.
29. Abubakar, Rana, et al.An effective mechanism to mitigate real-time DDoS attacks.IEEE
Access2020; (8): 126215-126227.

31
30. V. Shanmuganathan and Annamalai Suresh.LSTM-Markov-based efficient anomaly
detection algorithm for IoT environment.Applied Soft Computing 2023;136: 110054.
31. Lu, Guanyu and Xiuxia Tian.An efficient communication intrusion detection scheme in
AMI combining feature dimensionality reduction and improved LSTM.Security and
Communication Network2021;1-21.
32. M.N. Srinivas, et al.A review article on wireless sensor networks given e-epidemic
models.Wireless Personal Communications2021;120: 95-111.
33. Barik, Debdas, Judhajit Sanyal, and Tuhina Samanta.Denial-of-service attack mitigation
in multi-hop 5G D2D wireless communication networks employing double auction
game." Journal of Network and Systems Management2023; 31(1): 1.
34. B.K. Mishra, K.K. Ajit,K.M.Dheeresh.Binay KM.Mathematical model on distributed
denial of service attack through the Internet of things in a network. Nonlinear
Engineering 2019;8(1): 486-495.
35. Y.S. Rao,K.K. Ajit,K.M. Bimal, C.P. Tarini.Distributed denial of service attack on
targeted resources in a computer network for critical infrastructure: A differential e-
epidemic model. Physica A: Statistical Mechanics and Its Applications,2020, 540: 123-
240.
36. A. Arfaoui, K.Ali, M.S. Sidi, H. Mohamed.Game-based adaptive anomaly detection in
wireless body area networks. Computer Networks, 2019,163: 106-870.
37. O.A. Alzubi, J.A. Alzubi, O. Dorgham and M. Alsayyed. Cryptosystem design based on
Hermitian curves for IoT security. The Journal of Supercomputing 2020;76(11):pp.8566-
8589.
38. M. Alweshah, A. Hammouri, S. Alkhalaileh and O. Alzubi. Intrusion detection for the
Internet of Things (IoT) based on the emperor penguin colony optimization algorithm.
Journal of Ambient Intelligence and Humanized Computing 2023;14(5), pp.6349- 6366.
39. J.A. Alzubi, O. A. Alzubi, A. Singh and M. Ramachandran. Cloud-IIoT-based electronic
health record privacy-preserving by CNN and blockchain-enabled federated learning.
IEEE Transactions on Industrial Informatics 2022;19(1):pp.1080-1087.
40. J.A. AlzubI, R. Manikandan, O. A. Alzubi, I. Qiqieh, R. Rahim, D. Gupta and A. Khanna
.Hashed Needham Schroeder industrial IoT-based cost-optimized deep secured data
transmission in the cloud. Measurement 2020;150:p.107077.
41. A.Arfaoui,A.ben Letaifa, A. Kribeche, S. M. Senouci and M.A. Hamdi. stochastic game
for adaptive security in constrained wireless body area networks. In 2018 15th IEEE
Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-7). IEEE.
42. A. Arfaoui, A. Kribeche, S. M. Senouci and M.Hamdi. Game-based adaptive anomaly
detection in wireless body area networks. Computer Networks 2019;163:p.106870.

Declaration of Interest Statement

The author does not provide any Declaration of Interest Statement in this journal

32