A Novel, Efficient, and Secure Anomaly Detection Technique Using DWU-ODBN for IoT-Enabled Multimedia Communication Systems

Sathya, M.; Jeyaselvi, M.; Krishnasamy, Lalitha; Hazzazi, Mohammad Mazyad; Shukla, Prashant Kumar; Shukla, Piyush Kumar; Nuagah, Stephen Jeswinde

doi:https://doi.org/10.1155/2021/4989410

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Results and Discussion Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Internet of Things in Multimedia Communication Systems

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 4989410 | https://doi.org/10.1155/2021/4989410

A Novel, Efficient, and Secure Anomaly Detection Technique Using DWU-ODBN for IoT-Enabled Multimedia Communication Systems

M. Sathya,¹M. Jeyaselvi,²Lalitha Krishnasamy,³Mohammad Mazyad Hazzazi,⁴Prashant Kumar Shukla,⁵Piyush Kumar Shukla,^4,6and Stephen Jeswinde Nuagah⁷

Academic Editor: Paolo Barsocchi

Received19 Sept 2021

Revised28 Oct 2021

Accepted19 Nov 2021

Published14 Dec 2021

Abstract

The Internet of Things (IoT) is enhancing our lives in a variety of structures, which consists of smarter cities, agribusiness, and e-healthcare, among others. Even though the Internet of Things has many features with the consumer Internet of Things, the open nature of smart devices and their worldwide connection make IoT networks vulnerable to a variety of assaults. Several approaches focused on attack detection in Internet of Things devices, which has the longest calculation times and the lowest accuracy issues. It is proposed in this paper that an attack detection framework for Internet of Things devices, based on the DWU-ODBN method, be developed to alleviate the existing problems. At the end of the process, the proposed method is used to identify the source of the assault. It comprises steps such as preprocessing, feature extraction, feature selection, and classification to identify the source of the attack. A random oversampler is used to preprocess the input data by dealing with NaN values, categorical features, missing values, and unbalanced datasets before being used to deal with the imbalanced dataset. When the data has been preprocessed, it is then sent to the MAD Median-KS test method, which is used to extract features from the dataset. To categorize the data into attack and nonattack categories, the features are classified using the dual weight updation-based optimal deep belief network (DWU-ODBN) classification technique, which is explained in more detail below. According to the results of the experimental assessment, the proposed approach outperforms existing methods in terms of detecting intrusions and assaults. The proposed work achieves 77 seconds to achieve the attack detection with an accuracy rate of 98.1%.

1. Introduction

Considering the rapid development of IoT (Internet of Things) [1] technology, researchers and developers are urged to look at new smart services that can extract vital information from IoT data [2]. When physical objects such as mobile devices, home appliances, vehicles, and buildings are implanted with electronics, software, sensors, and network connectivity, the Internet of Things (IoT) came into effect. The Internet of Things (IoT) enables these objects to collect and exchange data with one another. By using the existing network infrastructure, the Internet of Things allows things to be detected, identified, and controlled from a distance. When the Internet of Things is combined with sensors and actuators, it becomes an example of cyber-physical systems, which also incorporate concepts such as intelligent grids, intelligent homes, intelligent cities, and intelligent transportation systems. The IoT has developed as a highly technical area in the current scenario [3]. In many applications, IoT devices have been implemented, including intelligent vehicles, healthcare, environmental monitoring, and personal wearable devices which have increased the volume, variety, speed, and veracity of data that are handled with connected systems (including sensitive data like personal information) [4–11]. The Internet of Things (IoT) builds on the idea of expanding everyday activities via computing and Internet connections to detect, compute, communicate, and control the environment [5, 6]. Along with the growth of IoT ecosystems, the extent and intensity of adverse actions have increased, focused on the resilience of the system, and thus affected latency-sensitive applications [6]. The poor physical safety of the devices [8] enables inside attacks against IoT nodes. It provides useful suggestions about the safety of industrial IoT systems [9]. As attackers tried to reveal the integrity of data and equipment [10], security issues emerged because of the rapid growth of hacking techniques. However, there will be data anomalies [11] and attacks like man-in-the-middle, message changes, authentication attacks, denial-of-service attacks, replay attacks, and eavesdropping which may threaten the viability of the Internet of Things [12]. The bulk of these attacks are slight differences in previously reported incursions (around 99 percent mutations). Security and privacy problems must be solved before IoT devices can be extensively utilized, especially in mission-critical scenarios involving sensitive data [13]. Anomalies or outliers are uncommon, but they can still be important in the event of a credit card transaction; for example, the aberrant conduct of credit card transactions may suggest that a credit card is stolen, whereas strange network traffic patterns can indicate that illegal network access is available [14]. According to the 2019 threat report SonicWALL, in 2018 in Gatlan (2019), more than 327 million threats from the Internet of Things (IoT) were detected globally [15]. As a consequence, assaults on and detection of abnormalities in IoT infrastructure in the IoT industry become an increasing cause of concern [16].

In the past, a wide variety of techniques for attack detection were proposed with various scenarios [17]. Computer algorithms based on artificial intelligence (AI) methods and machine learning (ML) have been extensively used to detect anomalous patterns of traffic in the network. While some excellent work has been done on the security issues related to the Internet of Things [18], many solutions designed to prevent security threats cannot be able to protect from new attacks [19]. Consequently, new kinds of attacks or novel variants in current attacks might not be identified [20]. In this paper, an effective anomaly detection system based on DWU-ODBN is proposed to solve the issues that presently exist. The fundamental goal of this work is to develop a new architecture for the IoTto defeat energy-related threats. A denial-of-sleep attack occurs when the nodes remain awake even when there is no traffic, resulting in the battery’s energy being depleted and the node dying as a result of the assault. The lifespan of the IoT will be reduced as a result of this action. The primary goal of this research endeavour is to develop effective defence approaches for identifying and defending against DDoS attacks to prevent them from occurring. The following are the objectives: A review of different IDS in WSN and MANET, identify the steps for launching a denial-of-service attack, and develop and deploy an innovative technique for identifying and isolating rogue agents. Intruders from inside the network are responsible for the energy drain assaults. Aa DWU-ODBN with intrusion detection and prevention was designed and implemented. Attack prevention is made possible by the introduction of a new malicious node alert (MNA). Nodes in the network are alerted using this strategy. It is necessary to build a method that comprises a lightweight monitoring system module and detector module for detecting and preventing sleep deprivation in IoT.

The rest of the paper is organized as follows: Section 3 of this article explains the proposed approach, Section 4 of the paper includes a test assessment of the proposed methodology, and Section 5 of the paper ends the study with future improvements.

2. Literature Survey

Based on the SDx paradigm, Zarei and Fotohi [21] presented a comprehensive framework for the internet of things software-defined (SD-IoT). In addition to the SD-IoT controller package, the frame contained SD-IoT switches coupled to an IoT gateway and IoT devices connected via an IoT gateway. Then, an algorithm for detecting and mitigating DDoS attacks was created utilizing the SD-IoT platform. The cosine similarity of packet-in message rate vectors at border SD-IoT switch ports has been used to evaluate if DDoS assaults have occurred in the IoT. Last but not least, test results showed that the algorithm provided was very good and the framework offered was changed to enhance security in the Internet of Things while dealing with a variety of vulnerable devices. Since it was intended to be used only with directed vectors, the cosine similarity function could not be utilized for normal values.

Liu et al. [22] presented a new safe things architecture internet, in which the ensemble machine learning technique can detect IoT sensor risks based on their results. In an Internet of Things environment, the gradient boosting technique was selected with minimum modifying hyperparameters and applied to identify discriminant attacks. In total, the system included a variety of processes, including internet data collection of the things sensor networks (IoT sensor networks), data clearing (data visualization), vectorization, ensemble learning (ensemble learning), and attack detection. First, the feature selection method was utilized to decrease the dataset size, which improved the attack and detection environment. The feature selection method was then utilized to decrease the dataset size. To get the best results, the ensemble gradient boosting technique was employed after the previous stage with only a little hyperparameter adjusting. Attacks on the environment of the IoT sensor were more correctly identified by the model with an accuracy of 99.40%, precision of 99%, and an F1 scoring of 99%, which showed that the model was more efficient. The ensemble method utilized throughout the process required more time to train for learning.

The novel lightweight random neural network (RaNN) prediction model has been suggested according to Latif et al. [23]. The collection and monitoring of datasets were the first stages in developing this architecture. The dataset was compiled and assessed according to its data type at this point. Dataset preprocessing was performed in the following step, including data cleansing, visualization, feature engineering, and vectorization. All of these techniques have been utilized to extract data from the data collection. These characteristic vectors were separated into two groups: a training set and a test set, where the two sets split 80 percent to 20 percent. The recommended random neural network was utilized to study the training set employed along with the proposed random neural network. To investigate RaNN-based prediction model performance, a variety of evaluation parameters were calculated and compared with traditional artificial neural network (ANN) performance, the support vector system (SVM), and decision-tab prediction models (DT). The results of this evaluation showed that the proposed RaNN model achieved a 99.20-percent accuracy with a learning rate of 0.01 and a prediction time of 34.51 milliseconds while training with a learning rate of 0.01. The precision of the system was hindered by the random character of the functioning of the network.

Chang et al. [24] presented a three-hierarchy joint local-global anomaly detection framework (HADIoT) that provides Internet of Things devices with sensory information generated and transferred to the local edge servers for local data anomaly recognition including data framing, standardization, analysis of principal components, and symbol mapping. The gated recurrent unit was used to focus local AD on the data consistency of certain devices and then sent the processed data from the edge servers for global AD to the cloud server. In the analysis of data pattern correlations between different Internet of Things devices, which were the focus of global AD, the conditional random fields were used. Simulations using a real dataset, the 2012 Information Security Center of Excellence (ISCX) dataset, were also utilized to evaluate the proposed method’s performance for the study. Compared to three benchmarking schemes, the results of the simulation indicated that the proposed framework has been more effective than the benchmarks in terms of true positive rates, false positive rates, precision, exactness, and score. Due to the low learning efficiency of the GRU, a longer training time was necessary.

Guo et al. [25] investigated uncontrolled anomaly detection on Internet multidimensional time series data of things systems and developed a Gaussian GRU-based VAE mixture technique which, in brief, was called GGM-VAE. Specifically utilized to identify correlations between time series data include the gated recurrent unit (GRU), whereas Gaussian mixture priors were used in latent space to characterize multimodal data, which is subsequently used to find correlations between time series data. During the training phase, further development was undertaken under the Bayesian inference criterion (BIC) to select the model best suited to estimate the latent distribution of the Gaussian mixture. According to the results of extensive simulations carried out on four datasets, the approach detected the latest abnormality. Due to the lack of flexibility in the Gaussian model mixing, many calculation errors occurred when creating the multimodal data.

3. Proposed Anomaly Detection System Model

Every security vulnerability of different Internet of Things devices that has been deployed in real time may be very difficult to detect and address. This is because many Internet of Things devices are designed with little attention to their safety implications. It is thus important to create ways to prevent these dangers or attacks and to protect IoT devices from malfunctioning or failure. Current IDS and other attack detection methods could not detect attacks that were started dynamically or during the online procedure. To solve the attack issues, efficient secure anomaly detection has been proposed for an IoT context, as detailed in the article. The proposed system is split into four phases: preprocessing, feature extraction, selection of features, and classification. The first of these procedures is preprocessing. Initially, the input data is handled using four steps called NaN value handling, categorical features, missing values, and an imbalanced dataset. The random sampling method is used to handle the imbalanced dataset. Then, the most important features are chosen from the preprocessed data and compared to the originals using the median absolute deviations in the mid-based Kolmogorov-Smirnov test (MAD Median-KS test). The most important properties are then selected from the gathered functions, using the optimization technique based on robust confidence interval chimp, which is explained in full below (RCI-ChOA). Once this is done, we will apply the selected features to the optimum deep faith network based on dual weight update (DWU-ODBN) to translate the categorized output into the attack and nonattack data. Figure 1 shows a block diagram with each block indicating a step.

3.1. Preprocessing

Initially, the data is preprocessed, which includes handling of NAN values, categorical features, unbalanced datasets, and missing values, which occurs both randomly and nonrandomly. After that, the data is processed further. The preprocessing step assists us in obtaining healthier data while also reducing the difficulties associated with the data, which inhibits the flow of data traffic. The following are the stages involved in the preprocessing process.

In handling NaN values, NaN is an abbreviation that stands for “Not a Number,” and it is one of the most often used symbols to indicate a missing value in data. To improve the accuracy of attack detection, the input data for an attack detection system must be devoid of NaN values. The following is the procedure for dealing with NAN values in the input data: where is the input data, is the method that handles the NaN values, and is the data obtained after handling of NaN values.

In handling categorical features, handling categorical characteristics comes next once dealing with NaN values has been completed successfully. Categorical data must be processed in this phase before it can be fed into the machine learning models, which is the last step. Because machine learning models are considered mathematical models, they will not function properly with data that is stored in the texture format. The categorical characteristics may be handled in the following ways: where denotes the method that handles the categorical data values and is the data obtained after handling of categories.

In handling of missing values, in this step, the missing value at random and the missing values not at random are handled. Missing the values from some subsamples of data is considered as missing values at random. If the missing data has a specific structure, then it is known as missing values, not at random. The missing values can be handled as where is the method that handles the missing values and is the data obtained after handling of missing values.

Thus, the final set of preprocessed data is obtained as where denotes the preprocessed data and is the number of data. Then, the ratio of attacked and nonattacked data is checked to get the balanced and imbalanced data as where shows the balanced data, shows the imbalanced data, describes the attacked data, and describes the nonattacked data. From the obtained data, the balanced data is contributed to the next phase and the imbalanced data is handled using a random over sampler.

In handling of imbalanced dataset, here, the imbalanced data is balanced with the help of a random oversampler. The random oversampler produces the balanced data using arbitrarily repeating the instances from the minority class and extreme them to the exercise input. The oversampling of data is

After that, the balanced data obtained with the help of oversampling is subjected to the feature extraction phase.

3.2. Feature Extraction

Following that, to gain knowledge of the balanced data, the work has developed a median absolute deviation around the median-based Kolmogorov-Smirnov test (MAD Median-KS test) that passages techniques from the net and uses arithmetical examination to detect abnormalities originating from compromised IoT devices. The MAD Median-KS test takes into account the distribution similarity and eliminates the repeated distribution data, and it applies to both continuous and discrete data. It is important to note that the current Kolmogorov-Smirnov test only focuses on the highest difference value, which is affected by outliers and decreases the accuracy of identifying the attack. To get around this, the researchers utilized median absolute deviations around the median in their research.

In the MAD median-KS test, the features for the input data is computed as where is the constant that disregards the abnormality induced by the outliers, denotes the median of the distribution functions, are the two distribution functions of the sample , is the median of which observes the features of the data. The extracted features such as duration, protocol type, service, flag, root_shell, count, server_count, and etcare denoted as where denotes the number of features extracted from the input data and denotes the feature of data.

3.3. Feature Selection

To maintain a superior computational speed and accuracy, the robust confidence interval-based chimp optimization method is used to extract and select important features after feature extraction (RCI-ChOA). The random updation of parameters in the existing chimp optimization algorithm leads to inaccurate model driving and chasing of prey, which results in the selection of features that are not relevant to the problem; therefore, to overcome this problem, the work has used robust confidence interval to update the parameters.

The ChOA algorithm simulates the social behavior of individual intelligence as well as the sexual drive of chimpanzees throughout a hunting expedition.

According to the retrieved characteristics, the chimp population that lives in a fission-fusion society is divided into four groups: (a) drivers, (b) barriers, (c) chasers, and (d) attackers (see Figure 1). This procedure is divided into two phases: the exploration stage and the exploitation stage, which are both important stages in the chimpanzees’ hunting process. The exploration stage consists of driving, blocking, and pursuing, while the exploitation stage consists of assaulting the target and completing the mission.

When driving, the drivers simply follow the prey and do not make any effort to capture them. To impede the prey’s entrance, the chimpanzees took up positions in trees and obstructed the prey’s path. If you are pursuing something, you are trying to catch that something. In exploitation, the attackers [26] forecast the most advantageous path to take to assault the victim.

The driving and chasing of the prey can be modeled mathematically as where and are the coefficient vectors , is the chaotic vector computed concerning various chaotic maps, and and are the position of the prey and a chimp at the number of current iterations . The chaotic vector expresses the effect of the sexual motivation of chimps during the hunting process. The coefficient vectors are calculated as where is the parameter that reduces nonlinearly from 2.5 to 0 in both exploration and exploitation stages and are the parameters updated using robust confidence intervals . The robust confidence intervals are calculated as where denotes the confidence coefficient, is the percentage point of the confidence interval, is the sample standard deviation, and denotes the sample median. Then, the fitness is evaluated based on the computation time and accuracy of the system.

For attacking the prey, the attackers find the position of the prey with the help of a driver, barrier, and chasers. The chimps also attack the prey based on chaotic strategy. Here, two approaches are employed as exploring the location of the prey and encircling the prey. Since the initial position of the prey was unknown, the attacker, driver, barrier, and chaser update the position of the prey. The position updation can be expressed as

The four optimal solutions are stored, and other chimps are required to update their solutions. If the random vectors of lies in , then the next position of the chimp can be at any location in the middle of its current position and the position of prey. The location of the chimp can be updated as

From the obtained locations, the position of the Chimp can be updated as

The hunting process of chimps can be affected by social benefits like support and sex. This motivates chimps to forget their contribution to the hunting process. So, the chaotic maps are used in the final stage of attacking the prey which helps chimps to lessen the local optima and slow convergence rate problems. The probability of choosing the normal position updation and chaotic map-based position updation is determined by the parameter as where denotes the chaotic map-based position updation process. Based on the updated position, the prey has been attacked by the attackers [27]. The hunting process will be stopped when the movement of the prey was stopped. The pseudocode of the RCI-ChOA method is shown in Figure 2,

Algorithm 1 explains the steps involved in the RCI-ChOA method. In the same way as the hunting behavior of the chimps, the optimal features are selected from the extracted features.

Input: Extracted features
Output: Selected features
Begin
Initialize population , coefficient vectors , maximum number of iteration

Calculate fitness for each chimps
Set
While
Update
Update position using , , ,
Evaluate fitness of the position of chimps
If {
Update position of the chimps using
Else
{
Update position of the chimps using
} End if
Update
Calculate fitness of the current position of the chimp
Set
End while
Return selected features
End

3.4. Classification

The last stage involves training and evaluating the selected features over a dual weight updation-based optimal deep belief network (DWU-ODBN) classification system to detect and classify attacks [28]. Semisupervised classification algorithms, in contrast to supervised classification techniques, are capable of coping with adversarial attacks as well as uncertain attacks, which makes them more robust. As a result of the technique’s low error rate as well as its low false alarm rate (FAR), it can detect assaults more quickly and reliably. There are two RBM layers in the DBN, each of which consists of a single observable coating and one concealed coating. There are three RBM layers in the DBN. MLP is composed of three layers: the input layer, a hidden layer, and a final output layer. The input layer is the smallest of the three layers, and it is composed of the hidden layer and the final output layer. Only between the visible layer neurons and the hidden layer neurons does the connection form in DBN; the link does not form between the visible layer neurons and the hidden layer neurons in other words. However, there is no joining amid the visible nerve cell in the brain and the hidden neurons in other parts of the body.

Dual weight updation is used to enhance the accuracy of the classification process while simultaneously reducing the error rate of the classification process. Examples of weight updates in the proposed classification technique include stochastic gradient descent with momentum (SGDM), which has a higher convergent rate than gradient descent, and weight updates in the proposed classification technique include the best neighbor direction-based seagull optimization algorithm, which has a higher convergent rate than gradient descent (BND-SOA). Due to inaccuracy in the existing seagull optimization, the construction of the best neighbor direction results in high variance and standard deviation, which may result in poor convergence for updating weight as well as a long computation time for the update weight to be done. To overcome this barrier, the best neighbor direction based on Euclidean distance is determined.

The selected characteristics are presented as the input to the visible layer of the first RBM in DBN, which is the visible layer of the first RBM at the start of the simulation. The output of the visible layer is then mapped to the hidden layer of the first RBM, and the process is repeated until the output of the visible layer is no longer visible. These modifications to RBM weights are accomplished via the use of SGDM. where is the momentum coefficient, is the step size, is the intermediate model parameter, and is the gradient of the weight values. The output of the hidden layer is expressed as where is the activation function, represents the bias of the hidden units, is the output of the visible layer, and is the weight values between the visible and hidden neurons using the SGDM method. where is the weight values between the visible and hidden neurons of the second RBM, is the output from the previous RBM, and denotes the bias of the hidden units. Then, the output obtained from the second RBM is inputted to the MLP.

The MLP contains two weight vectors between the input and hidden layer and amid the hidden and output layer. In the MLP layer, the optimal weight values are updated using the BND-SOA method. The SOA method is the inspiration for migrating and attacking behaviors of the seagulls. During migration, a group of seagulls shifts their position to another position. In this migration process, it needs to consider three conditions which are detailed below: (i)Collision avoidance: to avoid collision between the search agents, the position of the new search agent is computed as where is the variable that represents the search agent’s movement behavior and reduces from its maximum frequency to zero, denotes the current position of new search agent, and is the position of the search agents which does not involve in collision with other search agents(ii)The movement regards the best neighbor’s direction: once the collision has been avoided, the search agents move by facing the direction of the best search agent. The movement of the search agents is expressed using the Euclidian distance as where is the random parameter and is the position of search agent towards the position of the best search agent at (iii)Endure close to the best search agent: the position of the search agent is updated regarding the position of the best search agent aswhere is the distance between and .

After that, in the attacking action, the seagulls change the speed and angle of attack continuously. The change can be done using their weights and wings and makes spiral movement behavior in the air. The spiral movement behavior is defined in and plane as where each turn in the spiral contains a certain radius and is denoted as and is the random number. Then, the fitness is evaluated based on the error rate of the MLP layer. The updated position can be calculated using the spiraling action as where is responsible for storing the best position of the search agents and updating the position of other search agents. In this way, the weight values for the MLP layer are selected.

Concerning the input values, the output of the hidden layer in MLP is denoted as where is the weight value between the input and hidden layers of the MLP, is the number of neurons in the hidden layer, and is the bias of the hidden neuron in MLP. Based on the output of the hidden layer, the output vector is calculated as where is the weight value between the hidden and output layer. The output unit contains two classes of data as attack and nonattack. The proposed system detects adversarial attacks and uncertain attacks as well. Adversarial attacks mean the data are modified in such a way that, they cannot be detectable to the human eye.

4. Results and Discussion

In this part, the efficacy of the suggested irregularity discovery outline for use in the Net of Belongings setting is assessed using case studies. The experiments for assessing the suggested system are carried out using the Python programming language’s working platform.

4.1. Database Description

The NSL-KDDCUP99 dataset is utilized in this study for experimental assessment. KDD Cup’99 is a dataset that is often used in the development of intrusion detection systems. Per network connection, the dataset includes a total of 41 characteristics. The characteristics are divided into several categories. Eighty percent of the data in the dataset is utilized for training, whereas only twenty percent of the data is used for testing.

4.2. Performance Evaluation of Feature Selection Technique

Based on the fitness vs. iteration trade-off, this section evaluates the performance of the proposed RCI-ChOA technique. The suggested technique is compared to the current SPA, SSO, particle swarm optimization (PSO), and chimp optimization algorithm (ChOA) methods to determine its suitability for the task at hand.

In discussion, fitness versus iteration is used to assess the performance of the proposed and current techniques, as shown in Table 1. The number of iterations required for the analysis is shown in Table 1 and ranges from 10 to 50. The suggested technique has a fitness value of 129 for the 10 number iterations that are included in the analysis. For 10 iterations, the current SSO and PSO techniques have fitness values of 82 and 86, respectively, while the existing SPA and ChOA methods have fitness values of 73 and 110, respectively. When the suggested technique is evaluated for its fitness throughout the remaining number of iterations, it scores 152 for 20 iterations, 178 for 30 iterations, 198 for 40 iterations, and 210 for 50 iterations, according to the findings. According to the suggested approach, current methods have poorer fitness for the number of iterations in comparison to the new method. The discussion demonstrates that the suggested approach outperforms the current methods in terms of overall performance. Figure 2 depicts a graphical depiction of the fitness versus iteration analysis in terms of fitness,

4.3. Performance Evaluation of Classification Technique

The accuracy, sensitivity, specificity, precision, measure, FPR, FNR, and MCC of the proposed DWU-ODBN technique are compared to the current ENN, CNN, SVM, and DBN methods in this section, as well as the existing ENN, CNN, SVM, and DBN methods. Following that, a comparison of the calculation time and attack detection time of the proposed and current techniques is provided.

In discussion, several quality indicators are used to assess the presence of the planned and current techniques, which are summarised in Table 2. For a classifier to be efficient, its accuracy, sensitivity, specificity, precision, measure, and MCC values should all be greater than their current levels. The FPR and FNR are negative numbers that are often lower to achieve better categorization. As seen in the above table, the current SVM achieves low-level performance. Additionally, the current ENN, CNN, and DBN techniques have medium-level performance, according to the researchers. However, the suggested DWU-ODBN approach outperforms all other methods in terms of performance measures. In addition, it should be highlighted that the suggested approach exhibits improvement across all measures and outperforms the current ENN, CNN, SVM, and DBN methods in terms of overall performance.

In discussion, in the above Figure 3, the accuracy, sensitivity, specificity, and precision of the proposed and current techniques are evaluated about one another. The proposed method achieves classification accuracy of 97.34 percent, whereas the existing ENN, CNN, SVM, and DBN methods achieve accuracy of 92.14 percent, 91.51 percent, 94.84 percent, and 93.26 percent, respectively, which is lower than the proposed DWU-ODBN method. The proposed method outperforms the existing methods by a wide margin. The suggested approach also has better sensitivity, specificity, and precision than the current methods, with 95.61 percent, 93.42 percent, and 97.43 percent, respectively, compared to the existing methods. It is apparent from the above study that the suggested DWU-ODBN technique outdoes the other current methods in terms of overall performance.

In discussion, on the right, you can see how the proposed and current techniques compare in terms of measure, FPR, FNR, and MCC in Figure 4. While the proposed method has an FPR of 11.04 percent and an FNR of 8.39 percent, existing ENN, CNN, SVM, and DBN methods have FPRs of 46.46 percent, 44.25 percent, 59.42 percent, and 31.51 percent, respectively, and FNRs of 42.93 percent, 49.64 percent, 56.58 percent, and 38.58 percent, respectively, which are higher than the proposed DWU-ODBN method. Similarly, the measure and MCC of the suggested approach are 97.72 percent and 94.65 percent, respectively, which are greater than those of the current methods. According to the findings of the preceding study, the suggested approach produces superior outcomes for all metrics than the current methods.

In discussion, Figure 5 compares the detection rates of the proposed and current techniques for detecting attacks. This study estimates the rate at which attacks are detected for two types of information: attack data and nonattack data. For the assault data, the proposed approach achieves a detection rate of 98.06 percent, while the current methods achieve a detection rate of 76.25 percent for ENN, 88.29 percent for CNN, 77.15 percent for SVM, and 86.36 percent for DBN, respectively. The suggested approach obtains a detection rate of 99.88 percent in the case of data that is not subjected to an assault. In comparison, the current ENN, CNN, SVM, and DBN techniques obtained rates of 77.76 percent, 87.56 percent, 78.65 percent, and 90.60 percent in the study, respectively. According to the results of the study, the suggested approach achieved the greatest detection rate for both attack data and nonattack data, whereas the detection rates of the current methods were much lower than the proposed method’s detection rate. According to the results of the study, the suggested approach outperforms the current methods in terms of performance.

In discussion, Figure 6 compares the calculation times of the proposed DWU-ODBN technique with those of the current ENN, CNN, SVM, and DBN methods, among others. The study is carried out on several different datasets, including KDD99, NSL-KDDCUP99, CIDDS-001, and UNSW-NB15. The calculation time should be kept to a minimum for an efficient classifier. The suggested approach takes 77 seconds to compute for the KDD99 dataset, 78 seconds to compute for the NSL-KDDCU99 dataset, 71 seconds to compute for the CIDDS-001 dataset, and 62 seconds to compute for the UNSW-NB15 dataset. When compared to the suggested approach, the current methods need a longer calculation time for all datasets. The results of the study indicate that the suggested approach is more effective at detecting assaults than the already available techniques.

The result and analysis consider the feature selection, classification based on the performance metrics such as accuracy, sensitivity, specificity, precision, measure, FPR, FNR, and MCC, attack detection rate, and computation time. These parameters were broadly compared against existing techniques. Further, the parameters would be designed based on the real-time scenario. This will be incorporated in the future work of this article.

5. Conclusion

Typically, IoT devices are resource-constrained, and those that do have the limited onboard capability for security operations may result in data breaches due to a lack of available functionality. In turn, it makes it more difficult for the system to detect cyberattacks from the network promptly before they impair smart city operations. This article presents a dual weight updating-based optimum deep belief network for attack detection to protect Internet of Things devices from a variety of security threats. The suggested technique is divided into four stages. It is essential to evaluate the presentation of the suggested system in command to use the KDD99 dataset. It is determined how well the suggested RCU-ChOA and DWU-ODBN techniques perform when compared to the already available methods. Although the suggested DWU-ODBN technique is more accurate than the current methods, the accuracy of the proposed method is greater than that of the existing methods. The suggested system has a calculation time of 77 seconds, which is much shorter than the current techniques. In this way, it is concluded that the suggested method outstrips the present approaches in footings of performance. The proposed system attains a 98% accuracy rate in detecting the attack from the malicious node. As we compared various dataset analyses through our proposed work, the proposed work detects the attack within 71 seconds. The proposed method achieves classification accuracy of 97.34 percent, whereas the existing ENN, CNN, SVM, and DBN methods achieve accuracy of 92.14 percent, 91.51 percent, 94.84 percent, and 93.26 percent, respectively, which is lower than the proposed DWU-ODBN method.

Data Availability

The data that support the findings of this study are available on request from the corresponding author.

Conflicts of Interest

The authors of this manuscript declared that they do not have any conflict of interest.

Acknowledgments

King Khalid University Researchers Supporting Project Number (R. G. P. 2/150/42), King Khalid University, Saudi Arabia, supported this work.

References

Y. Cheng, X. Yan, H. Zhong, and Y. Liu, “Leveraging semi-supervised hierarchical stacking temporal convolutional network for anomaly detection in IoT communication,” IEEE Internet of Things Journal, vol. 99, pp. 1–11, 2021.
View at: Google Scholar
X. Rongbin, Y. Cheng, Z. Liu, Y. Xie, and Y. Yang, “Improved long short-term memory based anomaly detection with concept drift adaptive method for supporting IoT services,” Future Generation Computer Systems, vol. 112, pp. 228–242, 2020.
View at: Publisher Site | Google Scholar
M. Roopak, G. Y. Tian, and J. Chambers, “Multi-objective-based feature selection for DDoS attack detection in IoT networks,” IET Networks, vol. 9, no. 3, pp. 120–127, 2020.
View at: Publisher Site | Google Scholar
G. De La Torre, P. R. Parra, K.-K. R. Choo, and N. Beebe, “Detecting Internet of Things attacks using distributed deep learning,” Journal of Network and Computer Applications, vol. 163, p. 102662, 2020.
View at: Publisher Site | Google Scholar
P. Dymora and M. Mazurek, “Anomaly detection in IoT communication network based on spectral analysis and Hurst exponent,” Applied Sciences, vol. 9, no. 24, pp. 5319-5320, 2019.
View at: Publisher Site | Google Scholar
A. Protogerou, S. Papadopoulos, A. Drosou, D. Tzovaras, and I. Refanidis, “A graph neural network method for distributed anomaly detection in IoT,” Evolving Systems, vol. 12, no. 1, pp. 19–36, 2021.
View at: Publisher Site | Google Scholar
A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things,” Future Generation Computer Systems, vol. 82, pp. 1–12, 2018.
View at: Google Scholar
D. B. Gothawal and S. V. Nagaraj, “Anomaly-based intrusion detection system in RPL by applying stochastic and evolutionary game models over IoT environment,” Wireless Personal Communications, vol. 110, no. 3, pp. 1323–1344, 2020.
View at: Publisher Site | Google Scholar
C. Wang, “IoT anomaly detection method in intelligent manufacturing industry based on trusted evaluation,” The International Journal of Advanced Manufacturing Technology, vol. 107, no. 3, pp. 993–1005, 2020.
View at: Publisher Site | Google Scholar
M. Keshk, E. Sitnikova, N. Moustafa, H. Jiankun, and I. Khalil, “An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems,” IEEE Transactions on Sustainable Computing, vol. 6, no. 1, pp. 66–79, 2021.
View at: Publisher Site | Google Scholar
W. Di, Z. Jiang, X. Xie, X. Wei, Y. Weiren, and R. Li, “LSTM learning with bayesian and gaussian processing for anomaly detection in industrial IoT,” IEEE Transactions on Industrial Informatics, vol. 16, no. 8, pp. 5244–5253, 2019.
View at: Google Scholar
Z. A. Baig, S. Sanguanpong, S. N. Firdous, V. N. Vo, T. G. Nguyen, and C. So-In, “Averaged dependence estimators for DoS attack detection in IoT networks,” Future Generation Computer Systems, vol. 102, pp. 198–209, 2020.
View at: Publisher Site | Google Scholar
A. Y. Khan, R. Latif, S. Latif, S. Tahir, G. Batool, and T. Saba, “Malicious insider attack detection in IoTs using data analytics,” IEEE Access, vol. 8, pp. 11743–11753, 2019.
View at: Google Scholar
I. Razzak, K. Zafar, M. Imran, and X. Guandong, “Randomized nonlinear one-class support vector machines with bounded loss function to detect of outliers for large scale IoT data,” Future Generation Computer Systems, vol. 112, pp. 715–723, 2020.
View at: Publisher Site | Google Scholar
R. Vangipuram, R. K. Gunupudi, V. K. Puligadda, and J. Vinjamuri, “A machine learning approach for imputation and anomaly detection inIoTenvironment,” Expert Systems, vol. 37, no. 5, pp. 1–16, 2020.
View at: Publisher Site | Google Scholar
M. Hasan, M. Milon Islam, M. I. I. Zarif, and M. M. A. Hashem, “Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches,” Internet of Things, vol. 7, p. 100059, 2019.
View at: Publisher Site | Google Scholar
D. H. Hoang and H. D. Nguyen, “A PCA-based method for IoT network traffic anomaly detection,” in International Conference on Advanced Communications Technology (ICACT), Chuncheon, Korea (South), 2018.
View at: Google Scholar
Y. An, F. Richard YuJianqiang Li, J. Chen, and V. C. M. Leung, “Edge intelligence (EI)-enabled http anomaly detection framework for the internet of things (IoT),” IEEE Internet of Things Journal, vol. 8, no. 5, pp. 3554–3566, 2020.
View at: Google Scholar
V. Kumar, A. K. Das, and D. Sinha, “UIDS a unifed intrusion detection system for IoT environment,” Evolutionary Intelligence, vol. 14, no. 1, pp. 47–59, 2019.
View at: Publisher Site | Google Scholar
Y. Ebazadeh and R. Fotohi, “A reliable and secure method for network-layer attack discovery and elimination in mobile ad-hoc networks based on a probabilistic threshold,” Security and Privacy, no. article e183, 2021.
View at: Publisher Site | Google Scholar
S. M. Zarei and R. Fotohi, “Defense against flooding attacks using probabilistic thresholds in the internet of things ecosystem,” Security and Privacy, vol. 4, no. 3, article e152, 2021.
View at: Publisher Site | Google Scholar
Y. Liu, S. Garg, J. Nie et al., “Deep anomaly detection for time-series data in industrial IoT: a communication-efficient on-device federated learning approach,” IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6348–6358, 2021.
View at: Google Scholar
S. Latif, Z. Zou, Z. Idrees, and J. Ahma, “A novel attack detection scheme for the industrial internet of things using a lightweight random neural network,” IEEE Access, vol. 4, pp. 1–14, 2016.
View at: Google Scholar
H. Chang, J. Feng, and C. Duan, “HADIoT a hierarchical anomaly detection framework for IoT,” IEEE Access, vol. 4, pp. 1–10, 2016.
View at: Google Scholar
Y. Guo, T. Ji, Q. Wang, Y. Lixing, G. Min, and P. Li, “Unsupervised anomaly detection in IoT systems for smart cities,” IEEE Transactions on Network Science and Engineering, vol. 7, no. 4, pp. 2231–2242, 2020.
View at: Publisher Site | Google Scholar
B. Butani, P. K. Shukla, and S. Silakari, “An exhaustive survey on physical node capture attack in WSN,” International Journal of Computer Applications, vol. 95, no. 3, pp. 32–39, 2014.
View at: Publisher Site | Google Scholar
A. K. Saxena, S. Sinha, and P. Shukla, “Design and development of image security technique by using cryptography and steganography: a combine approach,” Graphics and Signal Processing (IJIGSP), vol. 10, no. 4, pp. 13–21, 2018.
View at: Publisher Site | Google Scholar
A. Kothari, P. Shukla, and R. Pandey, “Trust centric approach based on similarity in VANET,” in 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), pp. 1923–1926, Paralakhemundi, India, 2016.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 M. Sathya et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

730

Downloads

575

Citations