An automated system of intrusion detection by IoT-aided MQTT using improved heuristic-aided autoencoder and LSTM-based Deep Belief Network

P. M. Vijayan; S. Sundar

doi:10.1371/journal.pone.0291872

Abstract

The IoT offered an enormous number of services with the help of multiple applications so it faces various security-related problems and also heavy malicious attacks. Initially, the IoT data are gathered from the standard dataset as Message Queuing Telemetry Transport (MQTT) set. Further, the collected data are undergone the pre-processing stage, which is accomplished by using data cleaning and data transformation. The resultant processed data is given into two models named (i) Autoencoder with Deep Belief Network (DBN), in which the optimal features are selected from Autoencoder with the aid of Modified Archimedes Optimization Algorithm (MAOA). Further, the optimal features are subjected to the AL-DBN model, where the first classified outcomes are obtained with the parameter optimization of MAOA. Similarly, (ii) Long Short-Term Memory (LSTM) with DBN, in this model, the optimal features are chosen from LSTM with the aid of MAOA. Consequently, the optimal features are subjected into the AL-DBN model, where the second classified outcomes are acquired. Finally, the average score is estimated by two outcomes to provide the final classified result. Thus, the findings reveal that the suggested system achieves outstanding results to detect the attack significantly.

Citation: Vijayan PM, Sundar S (2023) An automated system of intrusion detection by IoT-aided MQTT using improved heuristic-aided autoencoder and LSTM-based Deep Belief Network. PLoS ONE 18(10): e0291872. https://doi.org/10.1371/journal.pone.0291872

Editor: Mujeeb Ur Rehman, York St John University, UNITED KINGDOM

Received: May 9, 2023; Accepted: September 7, 2023; Published: October 4, 2023

Copyright: © 2023 Vijayan, Sundar. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: The dataset is available from the following URL: https://www.kaggle.com/datasets/cnrieiit/mqttset.

Funding: The authors received no specific funding for this work.

Competing interests: The authors have declared that no competing interests exist.

1. Introduction

Intrusion detection in the network is considered an essential element in mobile security nowadays. Neural network applications have become very popular for intrusion detection networks [1]. However, due to minimal IoT devices, effective intrusion detection is essential along with an effective and lightweight framework [2]. Existing neural network frameworks for intrusion detection are not suitable for IoT devices because they utilized a large number of parameters in the system [3]. IoT is a network that connects actuators, sensors and also transfers the data through the internet by utilizing a processor [4]. Most IoT applications are connected to vehicles, smart cities, intelligent buildings, retail environments, and other systems that are vulnerable to attacks [5]. Therefore, it is highly important to enhance security like device authentication, secure booting, and access control. The continuous advancement of internet technology globally has led to a constant increase in attacks on networks [6]. Attackers exploit viruses, security defects, and vulnerabilities presented in the system network and, are used for attacking the system, accessing the website data, personal information of users, and so on [7].

Especially, various expansions occurred in industrial IoT devices are vulnerable to exposing privacy and also security threats, leading to a huge number of attackers spreading malicious data. This has motivated the researchers to analyze IoT security [8]. However, it is unavoidable for inducing network security issues in the smart grid due to different connections provided over power and communication resources [9]. Intrusion detection systems are considered mitigation and detection models and they involve random uncertainty-based communication noise [10]. General issues based on network security in the smart grid framework are summarized, and different classifications of smart grid attacks are offered [11]. The grid framework clearly displayed that massive network threats bring huge losses and damage to the quality of life and security of public property. Therefore, different analysis is highly important for intrusion detection systems in abnormal network attack [12].

Most IoT communication system is developed on the basis of Hypertext Transfer Protocol (HTTP). However, these networks often experience significant latency and utilize a large amount of network resources [12]. Similarly, the MQTT protocol utilizes minimal payload overhead along with multiple Quality of Service (QoS) and uses reduced network resources to overcome the issues presented in the HTTP protocol. IBM developed and published an open-source protocol named MQTT to transfer the message over client-server transport [13]. Most of the features of MQTT are utilized in limited communication environments for applications like Machine to Machine (M2M) and IoT and it needs a reduced code footprint [14]. The MQTT protocol is referred to as a binary and lightweight protocol because small overhead packets are available to transfer the data through the wire, and they are contrasted over conventional protocols such as HTTP [15]. The subscribe/publish pattern provides different ideas to an existing client-server framework, where the client communicates with the endpoint user directly. To optimize the security of IoT devices, researchers have proposed various approaches, including the use of deep learning methods. These methods are used for user behavior analysis, privacy preservation, vulnerability detection, and intrusion detection [16]. Deep learning approaches like Convolutional Neural Networks (CNNs) are utilized to extract, identify, detect, and learn complex features as well as patterns directly from raw IoT data. The utility rate of the device is enhanced for detecting the possible threats and attacks effectively in the IoT environment [17]. Deep learning models are highly efficient at the time of performing automatic feature extraction compared to conventional machine learning approaches which require more handcrafted statistical features. In past years, professionals developed various techniques for IDS systems but they face several complexities, leading to the design of a new framework IDS system to occur an effective intrusion detection rate in IoT devices.

The main contributions of the implemented IDS framework are described as follows.

To build a novel intrusion detection model with the help of deep learning models as well as heuristic approaches to attain an efficient intrusion detection rate in IoT devices with the MQTT set for providing efficient data transmission with high security.
To assure a new classification approach termed AL-DBN to detect intrusions presented in IoT devices with parameter optimization of LSTM, DBN, and autoencoder with the help of proposed MAOA. To maximize the accuracy rate of intrusion detection.
To design a heuristic approach named MAOA to optimize the hidden neurons in LSTM and DBN and also epochs in autoencoder and DBN for maximizing the performance rate in intrusion detection effectively.
To validate the effectiveness of the suggested intrusion detection model along with different conventional approaches and classifiers.

The developed approach for the intrusion detection model can be broken down into several phases. Phase 2 elaborates on different conventional related works associated with the IDS scheme. Phase 3 describes the characteristics of the MQTT set. Phase 4 explains the structure of the developed IDS model. Phase 5 represents the improved intrusion-detected model with several classifiers. In phase 6, various experimental analyses performed in the suggested model are explained and final phase 7 concludes the intrusion detection model.

2. Literature survey

2.1 Related works

In 2022, Siddharthan et al. [18] proposed an IDS system for predicting cyber-attacks with the help of Elite Machine Learning algorithms (EML). They also utilized a lightweight protocol to manage time-constrained problems. The developed model was validated using a test-bed setup along with hardware, here, the different sensor was connected by utilizing the MQTT protocol. The developed model was classified into three different classes such as sensor data collection, generation of multi-context feature with statistical cascade feature, and validation of dataset with different approaches. Multiple analyses were performed on the developed model and it achieved effective attack classification in terms of accuracy. In 2020, Eskandari et al. [19] developed a Passban-based IDS system to protect directly connected IoT devices. The possible threats are identified and prefetched to IoT gateways, which enables easy identification of malicious traffic in the data sources. Hence, the developed model is very effective in identifying malicious traffic, specifically scanning HTTP protocol at the port level. Additionally, it is designed to handle flood attacks with superior accuracy and a high positive rate.

In 2021, Alkadi et al. [20] suggested a Deep Blockchain Framework (DBF) to provide security-related distribution intrusion detection and privacy related to blockchain presented in IoT networks. In this framework, intrusion detection was performed with the help of Bidirectional Long Short-Term Memory (BiLSTM) along with deep learning approaches to perform effectively dealing with sequential network data. Additionally, blockchain models focusing on privacy and smart contract functionalities were developed, utilizing the Ethereum library to create an effective intrusion detection engine. The developed DBF model was contrasted with existing intrusion detection models and also their validation outcome was analysed. In 2022, Prajisha and Vasudevan [21]. Proposed an effective intrusion identification framework in an MQTT-based IoT network with the help of an improved Chaotic Salp Swarm Optimization Algorithm (ECSSA) and LightGBM classifier. Conventional IDS utilized multiple unwanted data as well as irrelevant attributes, which led to large time consumption and also reduced performance rate. To address these issues, developed ECSSA to offer effective identification in terms of accuracy. Experimental analysis performed on the developed model achieved an effective intrusion detection rate compared to the existing model.

In 2021, Fatani et al. [22] Recommended an effective IDS framework for IoT systems. They leveraged advancements in heuristic approaches and deep learning models to achieve high-performance rates in addressing challenging engineering issues. Here, a feature extraction approach was developed by utilizing CNN model for acquiring accurate features, and also a novel feature selection framework was developed by using Transient Search Optimization (TSO) with Differential Evolution (DE) and named (TSODE). In TSODE, the balancing processes were enhanced with the help of DE in the exploration and exploitation stages. As a result of these innovations, the suggested model secured an enhanced detection rate when contrasted over a conventional framework. In 2022, Basati and Mehdi [23] Proposed a novel lightweight framework with the help of a Parallel Deep Auto-Encoder (PDAE). The framework incorporated nearby data and locally available information in a feature vector, allowing researchers to enhance the accuracy rate in the developed model by minimizing parameters, processing power, and footprint memory. The efficacy of the developed model was validated with the help of different datasets, and it achieved a better rate in terms of performance as well as accuracy.

In 2021, Kan et al. [24] introduced a new IDS model according to Adaptive Particle Swarm Optimization with CNN (APSO-CNN). The model utilized the PSO approach with inertia weight to tune the parameters of a one-dimensional CNN. In the validation set, the value of the cross-entropy loss function was attained from CNN’s first training and it was considered as PSO fitness value. A novel validation scheme considered the probability of prediction allocated to several types, and also prediction label was contrasted over the developed APSO-CNN model. At the same time, validation measures were performed on the developed model with three different approaches over five conventional validation indicators. The validation outcome displayed that the suggested intrusion detection attack model was highly reliable and effective. In 2022, Breitenbacher et al. [25] proposed an efficient Host-based Anomaly Detection System for IoT (HADES-IoT). The suggested models have the ability to perform proactive detection and they also offered tamper-proof protection in IoT devices. The developed model has a reduced overhead rate and also it makes highly suitable for the system related to Linux in IoT devices. Thus, the developed model was analysed in seven different IoT devices and it achieved effective malware detection rates in IoT, IoT Reaper, and Mirai malware.

2.2 Problem statement

Nowadays, intrusion detection for IoT devices is highly essential due to several attacks performed in network systems. But, these types of systems had undergone different challenges like minimal detection rate, response time, unbalanced dataset, and also false alarm rate. Some of the existing approaches utilized to perform intrusion detection in IoT systems are showcased in Table 1. MQTT [18] is an effective approach to detect various attacks in the system and attained an enhanced accuracy rate than existing models. But it didn’t support highly advanced versions like flow control. Passban IDS [19] has the capability of securing both latter and IoT devices which are directly connected with it. It has the efficacy to train the system automatically by utilizing legitimate traffic flow in the target network. At the same time, it highly affects the data rate memory at the time of handling incoming traffic. DBF [20] offers a superior privacy preservation rate in a cloud environment. It also allows interchanging the data over a cloud sampler and effectively minimizing overhead. However, it needs to concentrate on utility as well as scalability to enhance the performance rate of the system. ECSSA [21] effectively reduces the computational time complexity and it has a better scalability rate also, they are easy to implement. Moreover, it has a very low convergence rate, and it slows down the process in local optima.

Download:

Table 1. Features and challenges of existing intrusion detection in IoT devices.

https://doi.org/10.1371/journal.pone.0291872.t001

TSODE [22] enhances the searching process to avoid shortcomings attained in local optima. However, it has a poor exploitation rate and leads to several complexities in the system. PDAE [23] enhances the accuracy rate by utilizing a minimum number of parameters and it minimizes the noise effectively, offering enhanced attack detection rate. But it loses some important data at the time of processing and creates multiple challenges in the system. APSO-CNN [24] has the ability to predict the state of a hacker’s upcoming attack. At, the same time, it needs to minimize time complexity issues and need to analyze the attack stage. HADES-IoT [25] has a very less number of overhead and offers effective attack classification rates. It also offers tamper-proof security to the system for a wide range. But it is highly complex to identify the attack type and challenging due to a huge number of parameters. So, it is highly essential to develop a new automatic intrusion detection system in IoT devices.

3. Behavior and characteristics of the MQTTset and experimented dataset description

3.1 Background of MQTT set

IoT-Flock is an open-source tool used to develop the dataset and they are referred to as network traffic generator tools. To analyse IoT devices and also their network with the help of MQTT and CoAP protocol. Basically, IoT-Flock is surrounded by a network configuring environment related to node information like sensor type, listening ports, and IP addresses. Likewise, communication-related information such as time intervals is acquired to perform communication with the sensor.

With respect to MQTT and CoAP protocol and the following attacks are listed as packet crafting attacks, memory leak attacks over CoAP, publish flood, and segmentation fault attacks over CoAP. These kinds of datasets are mostly used in environments of the real world where multiple IoT sensors are connected with multiple sensors. Smart homes are needed to consider this situation and sensors are established by utilizing IP addresses to rectify information such as humidity, fan status, intensity of light, motion, door opened/closed, CO-Gas, temperature, and smoke in different temperature circumferences. Architectural views of the smart home environment are presented in Fig 1.

Download:

Fig 1. Architectural view of smart home atmosphere.

https://doi.org/10.1371/journal.pone.0291872.g001

In the initial phase, the sensor network is implemented in a limited access area for performing effective interaction with the broker with the help of sensors. They are mainly implemented without any additional elements, and traffic capturing is performed inside the broker. In the attack phase, malicious nodes are directly connected through the broker to execute a cyber-attack. Then, the entire communication characters associated with several sensors during this attack are displayed in Table 2. This table provides details on the periodic transmission of messages, as well as the random intervals at which messages are sent.

Download:

Table 2. Information of sensor nodes in IoT devices with MQTT set.

https://doi.org/10.1371/journal.pone.0291872.t002

3.2 Attacks in MQTT set

Cyber-attacks performed in the MQTT set are observed and they are included real attacks to target the required MQTT network for validating the dataset which is utilized to calculate the performance rate of the detection approaches. Here, the various types of attacks observed in MQTT set are thoroughly explained as follows.

3.2.1 MQTT publish flood.

At the time of transmission an enormous amount of MQTT set was over malicious IoT devices, this attack is suggested to contrast the source by utilizing a single connection without waiting for various connections.

3.2.2 Brute force authentication.

It has the capability to add running achievable attempts to regain the identification hired for MQTT.

3.2.3 Malformed data.

It mainly aimed to create and transfer the malformed packet to the broker which tries to enhance the exception against the targeted service.

3.2.4 Flooding DoS.

These kinds of attacks are mainly used to minimize the services offered to the client by regulating them. So, the MQTT protocols have appeared fixed in the destination to stature the broker by adding different connections over the broker.

3.2.5 SlowITe.

It is a new kind of DoS attack that is mainly developed to attack the applications of MQTT protocol and it required a minimal bandwidth consumption rate, as well as resources, needs to target the services of MQTT.

The information on sensor nodes in IoT with an MQTT set is shown in Table 3.

Download:

Table 3. Threats in MQTT set.

https://doi.org/10.1371/journal.pone.0291872.t003

3.3 Details of experimented dataset

MQTT sets are used to concentrate on different characteristics of connection and acquired them from the raw data of the network. These kinds of elements are utilized to classify the potential attack as well as their authorized attack. Then, unnecessary characters are eliminated to perform intrusion detection and they are listed as follows MQTT topic, tcp.window_size, password, MQTT client Id, username, tcp.stream, communication times, Source or destination addresses, iRTT, and ports. The above-mentioned features are removed from the dataset, to acquire the appropriate data from the network for performing effective intrusion detection. The MQTT set consists of 34 features related to the MQTT protocol, they are tabulated in Table 4.

Download:

Table 4. Features of MQTT set.

https://doi.org/10.1371/journal.pone.0291872.t004

The following features are extrapolated and provided by the MQTT set. Such features were extracted for both legitimate and malicious cases.

In the model training process, all the mentioned features play crucial roles. During the preprocessing stage, essential steps such as data cleaning are performed to eliminate inconsistencies, and normalization is applied to standardize the data. Subsequently, any missing values (NaN) are replaced with zero, and statistical features like Maximum, Mean, Median, Standard deviation, and Variance are computed. Additionally, duplicate entries are removed using the df.drop_duplicates() function. To further enhance the data, the Min, Max, and Scaler are applied to scale the values appropriately.

The collected MQTT set to perform the efficient analysis is termed as and they are provided as the input for pre-processing phase. Here, the term z = 1,2,…,Z and the total number of data is given as Z.

3.4 Pre-processing of data

Initially, the acquired data from the MQTT set is used as the input for pre-processing phase. Here, pre-processing is performed with the help of data cleaning and transformation are performed. The major aim of pre-processing is to replace the nan values as well as to remove the duplicate data presented in the input data. Data cleaning is achieved to attain clean data to perform further processes and also data cleaning is referred to as a process that has the capability to fix corrupt, duplicate, incorrect, incomplete data and incorrectly formatted data presented in the dataset. Once, the data is cleaned then, data transformation is carried out on the cleaned data. Data transformation is defined as the process of modifying the structure, design, values, and format of data and also it can enhance the efficacy rate of the analytical process. Here, the pre-processed data are attained by utilizing data cleaning as well as data normalization, and they are indicated as , which are further used in the feature extraction phase.

4. Architecture of proposed intrusion detection model in IoT using MQTTset with the meta-heuristic concept

4.1 Architecture of MQTT-based IoT intrusion detection

IoT is considered as enhancing technology that mainly connects different devices like smartphones, IP cameras, wireless sensor nodes, and household applications like fridges, TVs, and so on with the internet without human help. IoT is detected as a highly susceptible network that is attacked both externally and internally by attackers. The major goal of external attackers is to corrupt the entire system by utilizing an outside network. Similarly, internal attackers do violence to the system by inserting a threat inside the network. So, the internal attacker easily accesses the information of the network when compared with external attackers. Mostly, attackers collect different information about the system for checking the vulnerability with the help of various tools like shodan, Masscan, and Network Mapper (NMAP).

Then, to offer secured and effective data exchange over IoT nodes, multiple protocols related to messaging and communication have been enhanced. Some of the developed protocols are MQTT, Advanced Message Queuing Protocol (AMQP), and Constrained Application Protocol (CoAP). In smart homes, industrial applications, and agricultural IoT, mostly MQTT is utilized because they highly support different communication with low bandwidth, minimized pocket loss, and minimal memory. However, this MQTT protocol did not have any kind of security settings and the major reason for this complication is the occupation of resources. IDS ensures the real-time monitoring of network activities, identifying and thwarting any unauthorized access or malicious activities. Additionally, strong authentication protocols provide an extra layer of security by verifying the identities of both clients and brokers, preventing unauthorized entities from exploiting vulnerabilities in MQTT communication. Commonly, Intrusion Detection Systems and authentication mechanisms are widely employed to safeguard the MQTT protocol, yielding effective outcomes even in complex scenarios. However, their extensive use is hindered by their inherent complexity, as they may be tailored for specific narrow conditions, posing challenges during implementation. Therefore, it becomes imperative to devise a new intrusion detection model tailored for IoT devices. The developed IDS are represented in Fig 2.

Download:

Fig 2. Architectural view developed intrusion detection model for IoT device.

https://doi.org/10.1371/journal.pone.0291872.g002

A novel intrusion detection model has been developed with the help of deep learning approaches for IoT devices. Initially, MQTT set was acquired from standard benchmark sources and offered as input to pre-processing phase. In this phase, the input data are pre-processed with the help of data cleaning and data transformation techniques.

The major aim for performing pre-processing is to replace the nan values and remove duplicate data that occurred in the network. Then, the pre-processed data are offered in the feature extraction phase. Here, two types of feature extraction have occurred which are autoencoder-based DBN features and LSTM-based DBN features.

The pre-processed data are offered as the input for the autoencoder-based feature extraction phase. The epochs of the autoencoder are optimized with the help of developed MAOA and secured autoencoder features. The attained autoencoder features are provided as the input for the DBN detection phase, and the DBN parameters like epochs and hidden neurons are tuned with the help of the developed MAOA. They secured the DBN score of 1. Further, the pre-processed data are offered as the input for the LSTM-based feature extraction phase and also the hidden neuron count of LSTM is tuned with the help of developed MAOA. The secured LSTM features are obtained. In the DBN detection phase, LSTM features are offered as the input and the parameters of DBN like hidden neuron count as well as epochs are optimized by utilizing developed MAOA to obtain the DBN score 2. The two different scores attained from AL-DBN are averaged and offer the final classified outcome. Finally, the rate of accuracy is enhanced to offer a highly accurate intrusion detection rate.

4.2 Proposed MAOA

A novel optimization approach named MAOA has been developed and implemented in the intrusion detection model to optimize different parameters like epochs count in autoencoder and DBN and also hidden neuron count in LSTM and DBN to offer an effective intrusion detection rate. AOA [26] has very low computation cost when contrasted with conventional approaches, and it has the ability to offer effective outcomes by resolving optimization issues. However, it has very low search and exploring capability and also it falls on the local optima phase. To overcome the above-listed complexities, a new scheme named MAOA is designed. The density decreasing factor is computed by Eq (1).

(1)

Here, the term FT denotes the transfer operator, and the term D indicate the density-decreasing factor.

AOA is an approach developed based on population, where the population individuals are considered objects. Like conventional approaches, AOA performs searching with the initial object population along with random densities, volumes, and acceleration. Initially, several objects are utilized with random populations in the fluid. AOA is a global optimization approach that contains two different phases exploitation as well as exploration.

Phase 1: Initialization.

The positions of the entire object are initialized with the help of Eq (2).

(2)

Here, the term C_v indicates v^th the population which is presented in I the object. The upper bound of the search space is given as ka_v and the lower bound of the search space is indicated as ja_v. Then, initialization is performed for volume as well as density in several v^th objects and it is represented in Eq (3).

(3)

Here, the term Den_v indicates the object density, Vol_v denote the volume of the object, and also Rnd is defined as the dimensional vector which randomly produces the random number in the range of [0,1]. The acceleration initialization for v^th the object is attained based on Eq (4).

(4)

Here, the term Ace_v denotes the acceleration of v^th the object. Then, validations are performed on the initial population and choose the object based on fitness value and determine the values of Den_bst, Ace_bst, Vol_bstand y_bst, respectively.

Phase 2-volume and density update.

In this phase, the density as well as volume v^th object is updated for the iteration s+1 and they are updated by Eq (5).

(5)

Here, the term Vol_bst denotes the volume of the best object and Den_bst denotes the density of the best term, and random numbers which are uniformly distributed are given as Rnd.

Phase 3-Density factor and transfer operation.

Initially, collision is performed among the object after a certain time period both the object tries to secure the equilibrium phase. This condition is included in the AOA approach with the help of the transfer operator FT which has the capability to transfer the search from the phase exploration to exploitation and it is indicated in Eq (6).

(6)

Here, the term v denotes the iteration number and v_mx indicate the maximum iteration. The term FT improved slowly until it reaches condition 1. Likewise, decreasing density factor D helps AOA in global and local search that is formulated adaptively with the transfer operator in the proposed MAOA, but in the conventional algorithm, it is considered as the random variable. The timing is minimized by utilizing Eq (7).

(7)

Here, the term D^v+1 minimized with time and offered the capability for meeting the already detected area.

Phase 4.1-Exploration.

In this phase, collision is occurring between two different objects. If it satisfies the condition FT≤0.5, then a collision is attained between the object. Then, random material as well as object acceleration is attained for iteration v+1 with the help of Eq (8).

(8)

Here, the random material is termed as za, the object acceleration for s^th the object is indicated as Ace_s, Vol_s, Den_s and also density, volume, and acceleration for random material are given as Den_za, Vol_za, Ace_za, respectively. Then, FT≤0.5 allow exploration when it achieves one-third of iteration and also applies the value other than 0.5 and shift from the exploration stage to the exploitation stage.

Phase 4.2-Exploitation.

In this phase, no collision occurred between the object for the condition FT>0.5 and the acceleration object is updated for the iteration v+1 by utilizing Eq (9).

(9)

Here, the term Ace_bst denotes the best object acceleration.

Phase 4.3-Acceleration normalization.

Normalize the acceleration value to validate the percentage variation by utilizing Eq (10).

(10)

Here, the range of normalization is indicated as y, x, and their value is fixed as 0.9 and 0.1, respectively. The term indicates the step percentage of the entire agent. If the object value s is away from the global optimum, then the value of acceleration is comparatively high and the object has remained in the exploration phase otherwise the object presented in the exploitation phase. Normally, the acceleration factor starts from a large number and minimized with time and it helps the search agent to travel over the global best solution but they are destructed from the local solution in the normal phase. So, AOA attained a balanced state between exploration and exploitation.

Phase 5-Position updating.

If the condition FT≤0.5 is fulfilled then the position of s^th an object is updated for upcoming iteration v+1 with the help of Eq (11).

(11)

Here, the term W₁ denotes the constant and it is equal to 2 and the term D is updated by Eq (1). For the satisfaction of the condition FT>0.5 then, object positions are updated by utilizing the Eq (12).

(12)

Here, the term W₂ indicates the constant which equals to the number 6, and the term D is updated by Eq (1). The term Ti enhanced along with time and they are directly propositional to FT and are equated as Ti = W₃×FT. The term Ti enhanced with the time range as [W₃×0.3,1] and the percentage is attained from the best position. The term Fg is the flag that is used to modify the motion direction by utilizing Eq (13).

(13)

Here, the term P is given as P = 2×rnd−W₄.

Phase 5-Validation.

Validate the values of several objects by utilizing the objective function and also retain the best solution and allocates I_bst, Ace_bst, Vol_bst and Den_bst. The pseudo-code for the developed MAOA is represented by Algorithm 1.

Algorithm 1: Developed MAOA

Initialize the random population

Validate the initial population

Select the best fitness value

Set the iteration count v = 1

While v≤v_mx do

For entire object s do

Upgrade several object volume and density by Eq (5)

Upgrade transfer factor by Eq (6)

Upgrade density decreasing factor D by Eq (1)

If FT≤0.5 then, exploration phase

Upgrade acceleration by Eq (8)

Upgrade normalize acceleration by Eq (10)

Position update by Eq (11)

Else reach exploration phase

Acceleration update by Eq (9)

normalized acceleration upgrade by Eq (10)

Direction flag by Eq (13)

Position update by Eq (12)

End if

End for

Validate the object and choose best fitness value

End while

Return optimal best solution

The flowchart for the developed MAOA is represented in Fig 3.

Download:

Fig 3. Flowchart for developed MAOA.

https://doi.org/10.1371/journal.pone.0291872.g003

5. Development of autoencoder and LSTM-based Deep Belief Network for improved IoT intrusion detection

5.1 Model 1: Autoencoder with Deep Belief Network

The pre-processed data is provided as the input for the autoencoder to select the deep features from the feature extraction phase. Autoencoder [27], as well as CNN, share the same framework design in a network system, and also these models have similar features such as convolution filter, pooling layer, and basic component. In this architecture, the input node and the outcome node have similar measurements and it is considered as an essential character. But, when the learning process is performed, the system offered different information about the node, and they are not labeled as a dependent system. Moreover, the autoencoder structure didn’t pursue any special approach to performing the process. Thus, the feature map of b^th the inactive layer represented is offered in Eq (14).

(14)

Here, the input attained from mono-channel is indicated as w, convolution for two-dimensional is given as *, and activation function is denoted as σ. Then, reconstruction performed in the decoder is achieved by Eq (15).

(15)

Latent feature map for the group is given as J and bias per input channel is indicated as i, respectively.

The acquired features from the autoencoder are indicated as and they are offered to the DBN network. DBN [28] is considered as a productive Deep Neural Network (DNN) framework. The Restricted Boltzmann Machine (RBM) is an integral component of the Deep Belief Network (DBN) framework. The DBN is a productive Deep Neural Network (DNN) architecture that combines a stacked RBM along with a sigmoid belief network. The DBN model utilized in this study consists of three different stacked Restricted Boltzmann Machines (RBM), denoted as RBM-1, RBM-2, and RBM-3. Additionally, it incorporates three hidden layers represented as A1, A2, and A3, respectively. The input layer is denoted as Q = A₀, and connected to the first hidden layer A1, which represents the productive artificial neural network (ANN) that functions as RBM-1. During the training phase of the first layer, DBN employs a single layer with RBM-1, trained using the constructive divergence approach. In the second training phase, DBN adds two different layers to its structure. The upper layer is referred to as RBM-2, while the lower layer is termed SBN. During this phase, the weights of C₁

SBN (lower layer) are frozen. Similarly, in the third training phase, DBN incorporates another layer, where the weights of C₁, C₂ RBM-3 are fixed. The mathematical representation of the DBN is represented in Eq (16), outlining the entire architecture and training process of the network. The acquired features from the autoencoder are passed on to this DBN network, contributing to the overall performance of the intrusion detection system.

(16)

The probability rate R(A^(m−1)|A^(m)) is performed with RBM with Eq (17) and Eq (18).

(17)

(18)

Here, the greedy training model is utilized to train the RBM presented in DBN and also the RBM has the capability to develop features as well as reconstruct the input data. The structural view of the autoencoder with DBN is presented in Fig 4.

Download:

Fig 4. Representation of autoencoder with DBN.

https://doi.org/10.1371/journal.pone.0291872.g004

5.2 Model 2: LSTM with Deep Belief Network

The pre-processed data is provided as the input to LSTM to attain deep features from the feature extraction phase. LSTM [29] is considered as a unique Recurrent Neural Network (RNN) and it has the capability to offer highly precise time series-based prediction outcomes. In this LSTM framework, data information of existing neurons is linked with current neurons with the help of the LSTM unit. Then, major contractions are attained in-between LSTM and RNN in their memory cell. Later, long-term sequence predictions are improved by utilizing three multiple gates such as forget gate, output gate, and input gate. The input gate generates input by considering the new data which needs to recollect in the cell state. In forget state, it effectively eliminates the unused data stored in the cell state. So, finally, the output gate generates the data which is acquired in the cell state and the input gate is represented in Eq (19).

(19)

In Eq (20), the equation for forget gate is presented.

(20)

Units of LSTM are represented in Eq (21), Eq (22) and Eq (23).

(21)

(22)

(23)

In Eq (24), the equation for the output gate is represented.

(24)

Here, the weight is denoted as M, bias attained in the training model is given as g, hidden states are indicated as l, and the cell state are represented as y. Finally, LSTM can resolve several gradient vanishing issues attained in conventional RNN structures. The acquired features from LSTM are represented as and they are offered to the DBN network and attained score 2. The diagrammatic presentation of LSTM-based DBN is presented in Fig 5.

Download:

Fig 5. Representation of LSTM with DBN-based intrusion detection approach.

https://doi.org/10.1371/journal.pone.0291872.g005

5.3 Proposed AL-DBN with network optimization

Combination of Autoencoder and LSTM: The combination of autoencoding and LSTM in an intrusion detection system can result in a more robust and accurate system. Autoencoder helps in learning informative representations from the IoT data, while LSTM takes advantage of these representations to model the sequential patterns and detect anomalies. This combination enables the classifier to capture both the inherent structure and temporal dynamics of the IoT data. The resulting intrusion detection system is more robust and accurate.

The major aim of the developed AL-DBN is to offer an efficient intrusion detection rate in IoT devices. Autoencoders are mainly utilized to minimize the noise presented in the data and also to minimize the input size. But they are not effective to reconstruct the data and also it has a low number of training data. So, to tackle the above-mentioned complexities an effective LSTM is utilized. LSTM offered enhanced learning percentages in terms of learning rate and they are highly suitable for detection purposes.

Thus, to secure an effective intrusion detection rate in IoT devices a novel fusion of AL-DBN is utilized. The diagrammatic presentation developed AL-DBN-based IDS is presented in Fig 6.

Download:

Fig 6. Structural view of developed AL-DBN-based intrusion detection architecture in IoT devices.

https://doi.org/10.1371/journal.pone.0291872.g006

The developed AL-DBN offered two different scores, score 1 and score 2 which are attained when feature selection is performed in deep features. These two scores are averaged to attain the final intrusion detection rate along with an enhanced accuracy rate. Different parameters such as number of epochs in autoencoder and DBN as well as hidden neutron count in LSTM and DBN are tuned by utilizing the proposed MAOA among different tuning limits. The epochs of autoencoder and DBN are tuned in the range of [50,100] and also hidden neuron count in LSTM and DBN are tuned in the range of [5,255]. The fitness function for the suggested AL-DBN-based intrusion detection model is given in Eq (25).

(25)

Here, the term indicates the hidden neurons of LSTM, denote the hidden neurons of autoencoder, refers to the epochs count in LSTM, and represents the epochs of the autoencoder. The term ACy indicates accuracy and it is defined as validation of closeness for a specific value and is represented in Eq (26).

(26)

Here, the term yb denotes the true positive values, yc indicate the true negative value, yd determine the false positive value, and ye represents the false negative value.

6. Results and discussions

6.1 Experimental results

A novel intrusion detection model for IoT devices was implemented in the Python platform and also different analyses were performed to validate their efficacy rate over conventional classifiers and algorithms. In this analysis, the effective performed rate is attained with the help of maximum iteration 25 and population rate 10. Multiple contrasting approaches like Sunflower Optimization (SFO) [30], Jaya (JA) [31], Elephant Herding Optimization (EHO) [32], and AOA [26] along with classifiers like Random Forest with Support Vector Machine (RF+SVM) [33], DBN [28], LSTM [29], AL-DBN [34] were used for the calculation.

6.2 Performance metrics

The developed intrusion detection model for IoT devices is validated with several quantitative measures.

(a) Specificity (spc) is termed as the portion of negative value identified correctly and denoted in Eq (27).

(27)

(b) Sensitivity (DB) is determined as the positive ratio that are find out exactly and given in Eq (28)

(28)

(c) MCC (JF) is referred to as the binary quality analysis categorization and it is provided in Eq (29).

(29)

(d) F1-score (KS) is termed as the accuracy calculation outcome and it is represented in Eq (30)

(30)

(e) FNR (NT) is described as the portion of positive occurred negative analysis outcome and it is offered in Eq (31).

(31)

(f) FPR (RE)is mentioned as a fraction between negative events and they are categorized wrongly as positive. So, the whole commonly available negative event is termed in Eq (32).

(32)

(g) NPV (YW) is referred to as the sum of whole individuals which are presented without any kind of defect when time analysis is achieved and they are represented in Eq (33).

(33)

6.3 Evaluation of the developed model with multiple classifiers and algorithms

Employing multiple deep learning models in the limited resources IoT environment offers benefits such as enhanced accuracy, robustness, feature complementarity, resource optimization, and adaptability. These advantages contribute to the overall effectiveness and efficiency of intrusion detection in IoT systems, improving the security posture of connected devices and networks.

Different kind of analysis performed on classifiers and approaches using the developed MAOA-AL-DBN-base intrusion detection in IoT devices are represented in Figs 7 and 8. In the accuracy analysis performed 1^st test case of the developed intrusion detection model secured 10.3% enhanced than RF+SVM, 12.1% better than DBN, 11.26% greater than LSTM, 10.75% superior to AL-DBN and 6.7% improved than IVS-AVOA-HC in the learning percentage 65. Similarly, NVP analysis performed on conventional approaches, the developed model secured 8.16%, 10.54%, 5.2% and 3.24% higher than SFO-AL-DBN, JA-AL-DBN, EHO-AL-DBN and AOA-AL-DBN, respectively in learning percentage 55. Thus, the suggested intrusion detection model achieved significantly better performance rates than existing intrusion detection approaches.

Download:

Fig 7.

Analysis of developed intrusion detection model with multiple classifiers over (a) accuracy of test case 1 (b) NPV of test case 1(c) accuracy of test case 2 (d) NPV of test case 2 (e) accuracy of test case 3 and (f) NPV of test case 3.

https://doi.org/10.1371/journal.pone.0291872.g007

Download:

Fig 8.

Analysis of developed intrusion detection model with several approaches over (a) accuracy of test case 1 (b) NPV of test case 1(c) accuracy of test case 2 (d) NPV of test case 2 (e) accuracy of test case 3 and (f) NPV of test case 3.

https://doi.org/10.1371/journal.pone.0291872.g008

6.4 K-fold analysis of the developed model with several classifiers and approaches

In Figs 9 and 10 various observations performed on the suggested MAOA-AL-DBN-based intrusion detection model along with several classifiers and approaches are showcased. The developed model MAOA-AL-DBN secured highly accurate intrusion detection rates for various classifiers like RF+SVM, DBN, LSTM, AL-DBN, and IVS-AVOA-HC in the rate of 7.7%, 6.67%, 4.6%, 2.20%, and 1.45%, in 3^rd fold. Similarly, NPV analysis performed on the developed model achieved 5.4%, 4.2%, 2.9%, and 1.9% higher than SFO-AL-DBN, JA-AL-DBN, EHO-AL-DBN, and AOA-AL-DBN, respectively in 2^nd fold. Thus, this analysis displayed that the suggested model performed well than existing models and also detect the multiple intrusion in IoT devices.

Download:

Fig 9.

K-fold analysis on developed intrusion detection model with several classifiers over (a) accuracy of test case 1 (b) NPV of test case 1(c) accuracy of test case 2 (d) NPV of test case 2 (e) accuracy of test case 3 and (f) NPV of test case 3.

https://doi.org/10.1371/journal.pone.0291872.g009

Download:

Fig 10.

K-fold analysis on developed intrusion detection model with several approaches over (a) accuracy of test case 1 (b) NPV of test case 1(c) accuracy of test case 2 (d) NPV of test case 2 (e) accuracy of test case 3 and (f) NPV of test case 3.

https://doi.org/10.1371/journal.pone.0291872.g010

6.5 Overall evaluation of algorithms and classifier on the developed model

Overall analysis performed on the developed MAOA-AL-DBN-based intrusion detection model in IoT devices are represented in Tables 5 and 6 with several heuristic approaches and classifiers.

Download:

Table 5. Evaluation of developed intrusion detection model with different heuristic algorithms.

https://doi.org/10.1371/journal.pone.0291872.t005

Download:

Table 6. Evaluation of proposed intrusion detection model in IoT devices with several existing classifiers.

https://doi.org/10.1371/journal.pone.0291872.t006

In this study, the entire dataset is split into three equal test cases: test case 1, test case 2, and test case 3. Preprocessing is applied to each of these cases, resulting in preprocessing_1, preprocessing_2, and preprocessing_3. Similarly, the corresponding target labels are separated into target_1, target_2, and target_3. Finally, using fivefold cross-validation, each test case is validated. This approach ensures generalization and helps reduce overfitting. Here, the suggested model achieved as well as conventional approaches secured full sensitivity rate. Accuracy analysis performed on the developed intrusion detection model achieved 5.9% higher than SFO-AL-DBN, 6.42% better than JA-AL-DBN, 3.49% more effective than EHO-AL-DBN and 4.06% enhanced than AOA-AL-DBN in test case 1. Likewise, specificity analysis performed on the developed model achieved 6.8%, 6.04%, 4.6%, 3.2%, and 0.35% better than RF+SVM, DBN, LSTM, AL-DBN, and IVS-AVOA-HC, respectively. Here, proposed method achieves somewhat better accuracy compared to the IVS-AVOA-HC method due to parameter optimization in both the autoencoder and LSTM methods.

IVS-AVOA-HC.

The algorithm is implemented based on the foraging and navigation behaviors of "African vultures" and consists of multiple phases like determining the best vulture, rate of vulture starvation, exploration, and exploitation. And, it is utilized to enhance the model’s efficacy by optimally selecting the optimal features and optimizing weight in the feature fusion phase.

MAOA-AL-HC.

MAOA is implemented to optimize different parameters like epochs count in autoencoder and DBN, and hidden neuron count in LSTM and DBN for effective intrusion detection rate. The MAOA algorithm follows the AOA approach and involves initialization, volume, and density update, transfer operation, exploration, and exploitation phases.

Overall, both IVS-AVOA-HC and MAOA-AL-HC are adapted or developed to enhance the intrusion detection model’s performance. IVS-AVOA-HC focuses on feature selection and weight optimization, while MAOA-AL-HC addresses parameter optimization. The choice of which approach to use would depend on specific requirements, the complexities of the problem, and the desired balance between exploration and exploitation capabilities.

Thus, the proposed MAOA-AL-DBN-based intrusion detection model MAOA-AL-DBN secured a developed intrusion detection rate in IoT devices more than conventional models and also it gained an effective attack detection rate in IoT-based devices.

7. Conclusion

A new intrusion detection framework was developed based on deep learning structures to offer an efficient detection rate in IoT devices. Several data utilized for the analysis were acquired from the MQTT set and they are offered to pre-processing phase. Here, the input data were pre-processed by utilizing data cleaning and data transformation. Then, the pre-processed data were offered a feature extraction phase and acquired deep features from autoencoder and LSTM here two different features were attained. Later, two sets of the score were secured, the score 1 features were acquired from autoencoder, and also score 2 features were acquired from LSTM along with DBN, and their parameters were optimized with the help of developed MAOA. Then the acquired two different scores were offered to AL-DBN and averaging was performed to secure the intrusion detected outcome. Accuracy analysis performed on the developed intrusion detection model achieved 5.9% higher than SFO-AL-DBN, 6.42% better than JA-AL-DBN, 3.49% more effective than EHO-AL-DBN and 4.06% enhanced than AOA-AL-DBN in test case 1. Similarly, NPV analysis performed on the developed model achieved 5.4%, 4.2%, 2.9%, and 1.9% higher than SFO-AL-DBN, JA-AL-DBN, EHO-AL-DBN, and AOA-AL-DBN, respectively in 2^nd fold. Thus, the suggested intrusion detection model attained an effective intrusion detection rate than the existing model.

Future scope

Further advancements in intrusion detection models.

To enhance the proposed intrusion detection model, there is potential for exploring additional deep learning models and heuristic approaches. Researchers can investigate the effectiveness of advanced models such as convolutional neural networks (CNNs), recurrent neural networks (RNNs), or ensemble learning techniques. By incorporating these models, the performance of intrusion detection in IoT devices can be further improved.

Exploration of diverse datasets.

While the research utilizes the MQTT set, exploring and incorporating other diverse and real-world IoT datasets would be beneficial. By working with different datasets, researchers can evaluate the generalizability and robustness of the proposed model across various IoT scenarios. This exploration will enable the identification of any limitations or challenges associated with different IoT data sources.

MQTT set

In this study, a Kaggle public dataset containing records of assaults on the MQTT Protocol for IoT systems was utilized. The dataset used in the research can be accessed through the provided link.URL: https://www.kaggle.com/datasets/cnrieiit/mqttset

References

1. Zhong W.; Yu N. and Ai C. Applying big data based deep learning system to intrusion detection," Big Data Mining and Analytics, 2020, 3(3), 181–195.
- View Article
- Google Scholar
2. Yu T and Wang X. Topology Verification Enabled Intrusion Detection for In-Vehicle CAN-FD Networks," IEEE Communications Letters, 2020, 24(1), 227–230.
- View Article
- Google Scholar
3. Hu W.; Hu W. and Maybank S. AdaBoost-Based Algorithm for Network Intrusion Detection, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 2008, 38(2), 577–583. pmid:18348941
- View Article
- PubMed/NCBI
- Google Scholar
4. Siddiqi M. A.; and Pak W. An Agile Approach to Identify Single and Hybrid Normalization for Enhancing Machine Learning-Based Network Intrusion Detection," IEEE Access, 2021, 9, 137494–137513.
- View Article
- Google Scholar
5. Miao Y.; Tang Y.; Alzahrani B. A.; Barnawi A.; Alafif T.; and Hu L. Airborne LiDAR Assisted Obstacle Recognition and Intrusion Detection Towards Unmanned Aerial Vehicle: Architecture, Modeling and Evaluation, IEEE Transactions on Intelligent Transportation Systems, 2021; 22(7), 4531–4540.
- View Article
- Google Scholar
6. Zhang J.; Zulkernine M. and Haque A. Random-Forests-Based Network Intrusion Detection Systems, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2008, 38(5), 649–659.
- View Article
- Google Scholar
7. Yang H. and Wang F. Wireless Network Intrusion Detection Based on Improved Convolutional Neural Network, IEEE Access, 2019, 7, 64366–64374.
- View Article
- Google Scholar
8. Hu Z.; Wang L.; Qi L.; Li Y.; and Yang W. A Novel Wireless Network Intrusion Detection Method Based on Adaptive Synthetic Sampling and an Improved Convolutional Neural Network, IEEE Access, 2020, 8, 195741–195751.
- View Article
- Google Scholar
9. Sedjelmaci H.; Senouci S. M. and Ansari N. Intrusion Detection and Ejection Framework Against Lethal Attacks in UAV-Aided Networks: A Bayesian Game-Theoretic Methodology, IEEE Transactions on Intelligent Transportation Systems, 2017, 18(5), 1143–1153.
- View Article
- Google Scholar
10. Gong X.; Chen X.; Zhong Z. and Chen W. Enhanced Few-Shot Learning for Intrusion Detection in Railway Video Surveillance," IEEE Transactions on Intelligent Transportation Systems, 2022, 23(8), 11301–11313.
- View Article
- Google Scholar
11. Sadreazami H.; Mohammadi A.; Asif A. and Plataniotis K. N. Distributed-Graph-Based Statistical Approach for Intrusion Detection in Cyber-Physical Systems, in IEEE Transactions on Signal and Information Processing over Networks, 2018, 4(1), 137–147.
- View Article
- Google Scholar
12. Qi L.; Yang Y.; Zhou X.; Rafique W. and Ma J. Fast Anomaly Identification Based on Multiaspect Data Streams for Intelligent Intrusion Detection Toward Secure Industry 4.0, IEEE Transactions on Industrial Informatics, 2022, 18(9), 6503–6511.
- View Article
- Google Scholar
13. Khan I. A.; Pi D.; Khan Z. U.; Hussain Y. and Nawaz A. HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems, IEEE Access, 2019, 7, 89507–89521.
- View Article
- Google Scholar
14. Siddiqi M. A. and Pak W. Tier-Based Optimization for Synthesized Network Intrusion Detection System," IEEE Access, 2022, 10, 108530–108544.
- View Article
- Google Scholar
15. Wang W.; Du X.; Shan D.; Qin R and Wang N. Cloud Intrusion Detection Method Based on Stacked Contractive Auto-Encoder and Support Vector Machine, IEEE Transactions on Cloud Computing, 2022, 10(3), 1634–1646.
- View Article
- Google Scholar
16. Zhou M.; Li Y.; Xie L and Nie W. Maximum Mean Discrepancy Minimization Based Transfer Learning for Indoor WLAN Personnel Intrusion Detection," IEEE Sensors Letters, 2019, 3(8), 1–4.
- View Article
- Google Scholar
17. Zhang Y.; Li P and Wang X. Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network, IEEE Access, 2019, 7, 31711–31722.
- View Article
- Google Scholar
18. Siddharthan H.; Deepa T and Chandhar P. SENMQTT-SET: An Intelligent Intrusion Detection in IoT-MQTT Networks Using Ensemble Multi Cascade Features, IEEE Access, 2022, 10, 33095–33110.
- View Article
- Google Scholar
19. Eskandari M.; Janjua Z. H.; Vecchio M. and Antonelli F. Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices," IEEE Internet of Things Journal, 2020, 7(8), 6882–6897.
- View Article
- Google Scholar
20. Alkadi O.; Moustafa N.; Turnbull B. and Choo K. -K. R. A Deep Blockchain Framework-Enabled Collaborative Intrusion Detection for Protecting IoT and Cloud Networks, IEEE Internet of Things Journal, 2021, 8(12), 9463–9472.
- View Article
- Google Scholar
21. Prajisha C.; and Vasudevan A. R. An efficient intrusion detection system for MQTT-IoT using enhanced chaotic salp swarm algorithm and LightGBM, International Journal of Information Security, 2022, 21, 1263–1282.
- View Article
- Google Scholar
22. Fatani A.; Elaziz M. A.; Dahou A.; Al-Qaness M. A. A. and Lu S. IoT Intrusion Detection System Using Deep Learning and Enhanced Transient Search Optimization, IEEE Access, 2021, 9, 123448–123464.
- View Article
- Google Scholar
23. Basati A.; and Faghih M. M. PDAE: Efficient network intrusion detection in IoT using parallel deep auto-encoders," Information Sciences, 2022, 598, 57–74.
- View Article
- Google Scholar
24. Kan X.; Fan Y.; Fang Z.; Cao L.; Xiong N. N.; Yang D.; et al. A novel IoT network intrusion detection approach based on Adaptive Particle Swarm Optimization Convolutional Neural Network, Information Sciences, 2021, 568, 147–162.
- View Article
- Google Scholar
25. Breitenbacher D.; Homoliak I.; Aung Y. L.; Elovici Y and Tippenhauer N. O. HADES-IoT: A Practical and Effective Host-Based Anomaly Detection System for IoT Devices (Extended Version), IEEE Internet of Things Journal, 2022, 9(12), 9640–9658.
- View Article
- Google Scholar
26. Hashim Fatma A., Hussain Kashif, Houssein Essam H., Mabrouk Mai S. and Walid Al-Atabany, Archimedes optimization algorithm: a new metaheuristic algorithm for solving optimization problems," Applied Intelligence, 51, 1531–1551, 2021.
- View Article
- Google Scholar
27. Lee H.; Kim J.; Kim B. and Kim S. Convolutional Autoencoder Based Feature Extraction in Radar Data Analysis," 2018 Joint 10th International Conference on Soft Computing and Intelligent Systems (SCIS) and 19th International Symposium on Advanced Intelligent Systems (ISIS), 2018, 81–84.
- View Article
- Google Scholar
28. Babu M. R and Veena K.N. Implementing optimized classifier for distributed attack detection and BAIT-based attack correction in IoT, International Journal of System Assurance Engineering and Management, 2021.
- View Article
- Google Scholar
29. Li R.; Li Q.; Zhou J. and Jiang Y. ADRIoT: An Edge-assisted Anomaly Detection Framework against IoT-based Network Attacks, IEEE Internet of Things Journal, 2021.
- View Article
- Google Scholar
30. Shaheen M. A. M.; Hasanien H. M.; Mekhamer S. F.; and Talaat H. E. A. Optimal Power Flow of Power Systems Including Distributed Generation Units Using Sunflower Optimization Algorithm, IEEE Access, 2019, 7, 109289–109300.
- View Article
- Google Scholar
31. Mishra S. and Ray P. K. Power Quality Improvement Using Photovoltaic Fed DSTATCOM Based on JAYA Optimization, IEEE Transactions on Sustainable Energy, 2016, 7(4), 1672–1680.
- View Article
- Google Scholar
32. Ismaeel A. A. K.; Elshaarawy I. A.; Houssein E. H.; Ismail F. H and Hassanien A. E. Enhanced Elephant Herding Optimization for Global Optimization, IEEE Access, 2019, 7, 34738–34752.
- View Article
- Google Scholar
33. Bedi P.; Mewada S.; Vatti R. A; Singh C.; Dhindsa K. S.; Ponnusamy M. and et al. Detection of attacks in IoT sensors networks using machine learning algorithm, Microprocessors and Microsystems, 2021, 82.
- View Article
- Google Scholar
34. Li W.; Dou Z. and Qi L. Communication Protocol Classification Based on LSTM and DBN, IEEE Access, 2020, 8, 91818–91828.
- View Article
- Google Scholar
35. Vijayan P.M.; Sundar S. Hybrid MQTTNet: An Intrusion Detection System Using Heuristic-Based Optimal Feature. Integration and Hybrid Fuzzy with 1DCNN. Cybern. Syst. 2022,
- View Article
- Google Scholar

[ref1] 1. Zhong W.; Yu N. and Ai C. Applying big data based deep learning system to intrusion detection," Big Data Mining and Analytics, 2020, 3(3), 181–195.
View Article
Google Scholar

[2] View Article

[3] Google Scholar

[ref2] 2. Yu T and Wang X. Topology Verification Enabled Intrusion Detection for In-Vehicle CAN-FD Networks," IEEE Communications Letters, 2020, 24(1), 227–230.
View Article
Google Scholar

[5] View Article

[6] Google Scholar

[ref3] 3. Hu W.; Hu W. and Maybank S. AdaBoost-Based Algorithm for Network Intrusion Detection, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 2008, 38(2), 577–583. pmid:18348941
View Article
PubMed/NCBI
Google Scholar

[8] View Article

[9] PubMed/NCBI

[10] Google Scholar

[ref4] 4. Siddiqi M. A.; and Pak W. An Agile Approach to Identify Single and Hybrid Normalization for Enhancing Machine Learning-Based Network Intrusion Detection," IEEE Access, 2021, 9, 137494–137513.
View Article
Google Scholar

[12] View Article

[13] Google Scholar

[ref5] 5. Miao Y.; Tang Y.; Alzahrani B. A.; Barnawi A.; Alafif T.; and Hu L. Airborne LiDAR Assisted Obstacle Recognition and Intrusion Detection Towards Unmanned Aerial Vehicle: Architecture, Modeling and Evaluation, IEEE Transactions on Intelligent Transportation Systems, 2021; 22(7), 4531–4540.
View Article
Google Scholar

[15] View Article

[16] Google Scholar

[ref6] 6. Zhang J.; Zulkernine M. and Haque A. Random-Forests-Based Network Intrusion Detection Systems, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2008, 38(5), 649–659.
View Article
Google Scholar

[18] View Article

[19] Google Scholar

[ref7] 7. Yang H. and Wang F. Wireless Network Intrusion Detection Based on Improved Convolutional Neural Network, IEEE Access, 2019, 7, 64366–64374.
View Article
Google Scholar

[21] View Article

[22] Google Scholar

[ref8] 8. Hu Z.; Wang L.; Qi L.; Li Y.; and Yang W. A Novel Wireless Network Intrusion Detection Method Based on Adaptive Synthetic Sampling and an Improved Convolutional Neural Network, IEEE Access, 2020, 8, 195741–195751.
View Article
Google Scholar

[24] View Article

[25] Google Scholar

[ref9] 9. Sedjelmaci H.; Senouci S. M. and Ansari N. Intrusion Detection and Ejection Framework Against Lethal Attacks in UAV-Aided Networks: A Bayesian Game-Theoretic Methodology, IEEE Transactions on Intelligent Transportation Systems, 2017, 18(5), 1143–1153.
View Article
Google Scholar

[27] View Article

[28] Google Scholar

[ref10] 10. Gong X.; Chen X.; Zhong Z. and Chen W. Enhanced Few-Shot Learning for Intrusion Detection in Railway Video Surveillance," IEEE Transactions on Intelligent Transportation Systems, 2022, 23(8), 11301–11313.
View Article
Google Scholar

[30] View Article

[31] Google Scholar

[ref11] 11. Sadreazami H.; Mohammadi A.; Asif A. and Plataniotis K. N. Distributed-Graph-Based Statistical Approach for Intrusion Detection in Cyber-Physical Systems, in IEEE Transactions on Signal and Information Processing over Networks, 2018, 4(1), 137–147.
View Article
Google Scholar

[33] View Article

[34] Google Scholar

[ref12] 12. Qi L.; Yang Y.; Zhou X.; Rafique W. and Ma J. Fast Anomaly Identification Based on Multiaspect Data Streams for Intelligent Intrusion Detection Toward Secure Industry 4.0, IEEE Transactions on Industrial Informatics, 2022, 18(9), 6503–6511.
View Article
Google Scholar

[36] View Article

[37] Google Scholar

[ref13] 13. Khan I. A.; Pi D.; Khan Z. U.; Hussain Y. and Nawaz A. HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems, IEEE Access, 2019, 7, 89507–89521.
View Article
Google Scholar

[39] View Article

[40] Google Scholar

[ref14] 14. Siddiqi M. A. and Pak W. Tier-Based Optimization for Synthesized Network Intrusion Detection System," IEEE Access, 2022, 10, 108530–108544.
View Article
Google Scholar

[42] View Article

[43] Google Scholar

[ref15] 15. Wang W.; Du X.; Shan D.; Qin R and Wang N. Cloud Intrusion Detection Method Based on Stacked Contractive Auto-Encoder and Support Vector Machine, IEEE Transactions on Cloud Computing, 2022, 10(3), 1634–1646.
View Article
Google Scholar

[45] View Article

[46] Google Scholar

[ref16] 16. Zhou M.; Li Y.; Xie L and Nie W. Maximum Mean Discrepancy Minimization Based Transfer Learning for Indoor WLAN Personnel Intrusion Detection," IEEE Sensors Letters, 2019, 3(8), 1–4.
View Article
Google Scholar

[48] View Article

[49] Google Scholar

[ref17] 17. Zhang Y.; Li P and Wang X. Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network, IEEE Access, 2019, 7, 31711–31722.
View Article
Google Scholar

[51] View Article

[52] Google Scholar

[ref18] 18. Siddharthan H.; Deepa T and Chandhar P. SENMQTT-SET: An Intelligent Intrusion Detection in IoT-MQTT Networks Using Ensemble Multi Cascade Features, IEEE Access, 2022, 10, 33095–33110.
View Article
Google Scholar

[54] View Article

[55] Google Scholar

[ref19] 19. Eskandari M.; Janjua Z. H.; Vecchio M. and Antonelli F. Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices," IEEE Internet of Things Journal, 2020, 7(8), 6882–6897.
View Article
Google Scholar

[57] View Article

[58] Google Scholar

[ref20] 20. Alkadi O.; Moustafa N.; Turnbull B. and Choo K. -K. R. A Deep Blockchain Framework-Enabled Collaborative Intrusion Detection for Protecting IoT and Cloud Networks, IEEE Internet of Things Journal, 2021, 8(12), 9463–9472.
View Article
Google Scholar

[60] View Article

[61] Google Scholar

[ref21] 21. Prajisha C.; and Vasudevan A. R. An efficient intrusion detection system for MQTT-IoT using enhanced chaotic salp swarm algorithm and LightGBM, International Journal of Information Security, 2022, 21, 1263–1282.
View Article
Google Scholar

[63] View Article

[64] Google Scholar

[ref22] 22. Fatani A.; Elaziz M. A.; Dahou A.; Al-Qaness M. A. A. and Lu S. IoT Intrusion Detection System Using Deep Learning and Enhanced Transient Search Optimization, IEEE Access, 2021, 9, 123448–123464.
View Article
Google Scholar

[66] View Article

[67] Google Scholar

[ref23] 23. Basati A.; and Faghih M. M. PDAE: Efficient network intrusion detection in IoT using parallel deep auto-encoders," Information Sciences, 2022, 598, 57–74.
View Article
Google Scholar

[69] View Article

[70] Google Scholar

[ref24] 24. Kan X.; Fan Y.; Fang Z.; Cao L.; Xiong N. N.; Yang D.; et al. A novel IoT network intrusion detection approach based on Adaptive Particle Swarm Optimization Convolutional Neural Network, Information Sciences, 2021, 568, 147–162.
View Article
Google Scholar

[72] View Article

[73] Google Scholar

[ref25] 25. Breitenbacher D.; Homoliak I.; Aung Y. L.; Elovici Y and Tippenhauer N. O. HADES-IoT: A Practical and Effective Host-Based Anomaly Detection System for IoT Devices (Extended Version), IEEE Internet of Things Journal, 2022, 9(12), 9640–9658.
View Article
Google Scholar

[75] View Article

[76] Google Scholar

[ref26] 26. Hashim Fatma A., Hussain Kashif, Houssein Essam H., Mabrouk Mai S. and Walid Al-Atabany, Archimedes optimization algorithm: a new metaheuristic algorithm for solving optimization problems," Applied Intelligence, 51, 1531–1551, 2021.
View Article
Google Scholar

[78] View Article

[79] Google Scholar

[ref27] 27. Lee H.; Kim J.; Kim B. and Kim S. Convolutional Autoencoder Based Feature Extraction in Radar Data Analysis," 2018 Joint 10th International Conference on Soft Computing and Intelligent Systems (SCIS) and 19th International Symposium on Advanced Intelligent Systems (ISIS), 2018, 81–84.
View Article
Google Scholar

[81] View Article

[82] Google Scholar

[ref28] 28. Babu M. R and Veena K.N. Implementing optimized classifier for distributed attack detection and BAIT-based attack correction in IoT, International Journal of System Assurance Engineering and Management, 2021.
View Article
Google Scholar

[84] View Article

[85] Google Scholar

[ref29] 29. Li R.; Li Q.; Zhou J. and Jiang Y. ADRIoT: An Edge-assisted Anomaly Detection Framework against IoT-based Network Attacks, IEEE Internet of Things Journal, 2021.
View Article
Google Scholar

[87] View Article

[88] Google Scholar

[ref30] 30. Shaheen M. A. M.; Hasanien H. M.; Mekhamer S. F.; and Talaat H. E. A. Optimal Power Flow of Power Systems Including Distributed Generation Units Using Sunflower Optimization Algorithm, IEEE Access, 2019, 7, 109289–109300.
View Article
Google Scholar

[90] View Article

[91] Google Scholar

[ref31] 31. Mishra S. and Ray P. K. Power Quality Improvement Using Photovoltaic Fed DSTATCOM Based on JAYA Optimization, IEEE Transactions on Sustainable Energy, 2016, 7(4), 1672–1680.
View Article
Google Scholar

[93] View Article

[94] Google Scholar

[ref32] 32. Ismaeel A. A. K.; Elshaarawy I. A.; Houssein E. H.; Ismail F. H and Hassanien A. E. Enhanced Elephant Herding Optimization for Global Optimization, IEEE Access, 2019, 7, 34738–34752.
View Article
Google Scholar

[96] View Article

[97] Google Scholar

[ref33] 33. Bedi P.; Mewada S.; Vatti R. A; Singh C.; Dhindsa K. S.; Ponnusamy M. and et al. Detection of attacks in IoT sensors networks using machine learning algorithm, Microprocessors and Microsystems, 2021, 82.
View Article
Google Scholar

[99] View Article

[100] Google Scholar

[ref34] 34. Li W.; Dou Z. and Qi L. Communication Protocol Classification Based on LSTM and DBN, IEEE Access, 2020, 8, 91818–91828.
View Article
Google Scholar

[102] View Article

[103] Google Scholar

[ref35] 35. Vijayan P.M.; Sundar S. Hybrid MQTTNet: An Intrusion Detection System Using Heuristic-Based Optimal Feature. Integration and Hybrid Fuzzy with 1DCNN. Cybern. Syst. 2022,
View Article
Google Scholar

[105] View Article

[106] Google Scholar

Figures

Abstract

1. Introduction

2. Literature survey

2.1 Related works

2.2 Problem statement

3. Behavior and characteristics of the MQTTset and experimented dataset description

3.1 Background of MQTT set

3.2 Attacks in MQTT set

3.2.1 MQTT publish flood.

3.2.2 Brute force authentication.

3.2.3 Malformed data.

3.2.4 Flooding DoS.

3.2.5 SlowITe.

3.3 Details of experimented dataset

3.4 Pre-processing of data

4. Architecture of proposed intrusion detection model in IoT using MQTTset with the meta-heuristic concept

4.1 Architecture of MQTT-based IoT intrusion detection

4.2 Proposed MAOA

Phase 1: Initialization.

Phase 2-volume and density update.

Phase 3-Density factor and transfer operation.

Phase 4.1-Exploration.

Phase 4.2-Exploitation.

Phase 4.3-Acceleration normalization.

Phase 5-Position updating.

Phase 5-Validation.

5. Development of autoencoder and LSTM-based Deep Belief Network for improved IoT intrusion detection

5.1 Model 1: Autoencoder with Deep Belief Network

5.2 Model 2: LSTM with Deep Belief Network

5.3 Proposed AL-DBN with network optimization

6. Results and discussions

6.1 Experimental results

6.2 Performance metrics

6.3 Evaluation of the developed model with multiple classifiers and algorithms

6.4 K-fold analysis of the developed model with several classifiers and approaches

6.5 Overall evaluation of algorithms and classifier on the developed model

IVS-AVOA-HC.

MAOA-AL-HC.

7. Conclusion

Future scope

Further advancements in intrusion detection models.

Exploration of diverse datasets.

MQTT set

References