Inverse chi-square-based flamingo search optimization with machine learning-based security solution for Internet of Things edge devices

1.   Introduction

Recently, the Internet of Things (IoT) has experienced enormous growth in specific domain applications like smart transportation systems, industry, the medical field, and smart agriculture for increasing socio-economic development ^[1]. These IoT systems are formed by several interconnected actuators, various network-enabled devices, and sensors, which share several types of data through both private networks and internet platforms ^[2]. The Cisco investigation group forecast an average value of 75.3 billion effectively interconnected IoT devices by 2025. The absence of human intervention in data exchange among IoT systems makes it distinctive from standard internet technology ^[3]. The development of IoT devices has also improved the data network bandwidth requirements. However, many IoT devices have resource limitations, making it difficult to implement conventional security techniques for protecting systems against cyberattacks ^[4]. Major problems can occur with IoT devices that process sensitive data. Therefore, it is crucial to introduce mobile edge computing (MEC), which allows computation that is implemented at the network end to overcome resource-limit issues in IoT systems ^[5]. MEC permits IoT devices to offload more computationally intensive tasks to the proximal edge server. As the IoT develops as an industrial revolution, and systems collect live data, cybersecurity has become essential ^[6]. As a result, it is imperative to have a network intrusion detection system (NIDS), which could identify existing and forthcoming attacks to protect the IoT network and systems made on it.

Given the dependency of IoT methods on various edge devices and the part of the IoT in producing and collecting huge amounts of core data, accurate and effective techniques for identifying anomalous behavior in IoT edge devices are required ^[7]. Machine learning (ML) has been employed from the centralized cloud. However, a structure that requires a lot of resources can be placed so that it can consistently have as much processing power, storage space, and power as it requires to process data. However, there might be further waiting time because of network delays from the device to the cloud and back, as well as the quantity of data in applications with higher traffic. This increases expenses concerning delay and financial expenditure. The basic changes are required in AI approaches and cloud-to-device intention to provide effectual, maintainable, and acceptable solutions for the predicted potential demands ^[8]. Hence, it is essential to manage the increasing processing needs and traffic, and minimize delays ^[9]. The major problem preventing edge devices from performing at their maximum potential is the lack of resources among these limited resources, and edge devices are needed by AI applications. Generally, edge devices are very small in their physical sizes, with low power capacity and processing ability ^[10]. Security solutions for IoT edge devices have several applications to safeguard a connected ecosystem. These solutions can be applied in various fields such as healthcare, critical infrastructure, and maintaining public safety; in industrial settings, to safeguard manufacturing processes and prevent unauthorized access to machinery; and in home automation, where they protect personal information and ensure the security of smart appliances and devices.

This study presents a design for an inverse chi square-based flamingo search optimization algorithm with machine learning (ICSFSO-ML) as a security solution for Internet of Things edge devices. The goal of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices. To reduce the high dimensionality problem, the ICSFSO-ML technique uses the ICSFSO algorithm for feature selection. Further, the ICSFSO-ML technique exploits the stacked bidirectional long short-term memory (SBiLSTM) model for the threat detection process. To enhance the efficacy of the SBiLSTM model, an arithmetic optimization algorithm (AOA) is applied for the hyperparameter selection process. The simulation performance of the ICSFSO-ML technique is tested using a benchmark threat database.

2.   Related works

Mishra et al. ^[11] aimed to detect potential attacks on various types of networks. The IoT anomalies are identified by inspiring message queuing telemetry transport (MQTT) across a virtual network. Dey et al. ^[12] developed a metaheuristic-based intelligent structure for cyberattack identification employing ensemble FS and a classification model. Initially, a metaheuristic-based ensemble FS method was developed utilizing binary grey wolf optimization (BGWO) and binary gravitational search algorithm (BGSA). Then, RF and AdaBoost can be utilized for detecting and classifying cyberattacks. In ^[13], the authors studied effective attack identification approaches for these software-defined IoT (SD-IoT) networks. Then, the impacts of RF and ML techniques in different feature groups (for example IPs and ports) could be analyzed for the identification accuracy of various attacks.

Aldaej et al. ^[14] examined current security and privacy issues affecting a network of drones (NoD). A hybrid ML approach of LR and RF was employed with the aim of classification of data samples for maximum efficiency. By integrating complex AI-inspired methods into the architecture, the presented approach alleviated cybersecurity vulnerabilities while creating a protected and secured NoD. In ^[15], the authors suggested a collaborative cyberattack intelligence-sharing method for allowing several organizations to combine forces in the framework, estimation, and training of a robust ML-based network IDS. This technique employs two main features for its application: the accessibility of network data traffic in a standard design and implementation of a federated learning method to prevent the need to share sensitive user data among organizations. Haddad Pajouh et al. ^[16] recommended a protected design for the IoT edge layer structure named AI4SAFE-IoT. The modules developed in the research included cyberattack allocation, intelligent web application firewall, cyberattack hunting, and cyberattack intelligence.

Mozo et al. ^[17] introduced an analysis of the incorporation of ML modules in a distributed scenario. A real-time developing attack vector (crypto-mining malware attack) was employed as a demonstration. The overall potential of recent green AI methods was integrated for optimizing the size and complexity of ML approaches to decrease their energy consumption while retaining their capability for accurately detecting possible cyberattacks. Gasu ^[18] presented an attentive literature study of ML and data mining (DM) techniques for cyber analytics in aid of cyberattack identification and intrusion detection.

3.   The proposed model

This manuscript provides an automated ICSFSO-ML-based security solution for IoT edge devices. The major aim of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices. In the proposed ICSFSO-ML algorithm, three main phases are contained: ICS-FSO-based feature selection, SBiLSTM-based detection, and AOA-based parameter tuning. Figure 1 depicts the entire flow of the ICSFSO-ML methodology.

Figure 1.  The overall flow of the ICSFSO-ML algorithm.

DownLoad: Full-Size Img PowerPoint

3.1.   Feature selection using ICS-FSO algorithm

Primarily, the ICSFSO-ML technique uses the ICSFSO algorithm for feature selection purposes. The ICS-FSO model controls the global searching space in the foraging range of flamingos to maintain a balance between the exploration and exploitation stages ^[19]. Moreover, the current chi‐square test in FSO becomes locked for the independent variable, which leads to a high error rate. To overcome these challenges, the working mechanism of ICS is paired with FSO. The proposed model takes fitness value as a better feature score and flamingo as the feature. The following steps provide a detailed description of ICS‐FSO:

Step 1: At first, the population of the flamingos was initialized in an attempt to generate the optimal performance dependent upon the data available, and then the search region was chosen, while the food accessibility was rich. Consider the Flamingo $\left({\rm{\Gamma }}_{\mathrm{j}}\right)$ having an abundance of food in the ${\mathrm{j}}^{\mathrm{t}\mathrm{h}}$ parameter.

Consider ${\rm{\Gamma }}_{\mathrm{i}\mathrm{j}}^{}$ to be the coordinates of the i^th and j^th flamingo population parameters; in this case, the flamingos' inhabitants must contend with the problems of sporadic access to food and inaccurate data transmission. This error can be estimated by the maximum distance of the flamingo's beak scan from the foraging behavior, as shown below:

In Eq (1), ${{\wp }}_{2}$ denotes a randomly generated value within $[-\mathrm{1, 1}]$, and ${\mathfrak{I}}_{1}$ refers to a figure that was unintentional to exploit the uniform distribution. In beak behavior, the range of scanning can be maintained in the range as,

Considering ${\rm{\Gamma }}_{\mathrm{j}}^{\mathrm{b}}$ as food for a large population, the flamingo distances are modified, and the traveling is calculated by ${{\wp }}_{1}\times {\rm{\Gamma }}_{\mathrm{j}}^{\mathrm{b}}$, where ${{\wp }}_{1}$ refers to a random integer within [$-\mathrm{1, 1}$]. Lastly, the foraging movement of the flamingo from the ${\mathrm{t}}^{\mathrm{t}\mathrm{h}}$ step can be estimated by the flamingo beak scan range, and the distance among the moving feet is shown as follows:

The location of flamingo's foraging is represented as,

In Eq (4), ${\rm{\Gamma }}_{\mathrm{i}\mathrm{j}}^{\mathrm{t}}$ shows the location of the ${\mathrm{i}}^{\mathrm{t}\mathrm{h}}$ flamingo at ${\mathrm{t}\mathrm{h}\mathrm{e}\mathrm{ }\mathrm{j}}^{\mathrm{t}\mathrm{h}}$ variable in the $ith$ iteration of the flamingo's population, ${\rm{\Gamma }}_{\mathrm{j}}^{\mathrm{b}\mathrm{t}}$ indicates the ${\mathrm{j}}^{\mathrm{t}\mathrm{h}}$ flamingo size with the better fitness from the population at $\mathrm{t}$ iteration, ${\rm{\Gamma }}_{\mathrm{i}\mathrm{j}}^{\mathrm{t}+1}$ denotes the location of the ${\mathrm{i}}^{\mathrm{t}\mathrm{h}}$ flamingo at the ${\mathrm{j}}^{\mathrm{t}\mathrm{h}}$ population parameter from the $(\mathrm{t}+1)\mathrm{t}\mathrm{h}$ iteration,

In Eq (5), $\mathrm{K}$ $\left({\rm{ \mathsf{ η} }}\right)$ denotes the diffusion factor that follows in the inverse chi‐square distribution of ${\rm{ \mathsf{ η} }}$ degrees of freedom, and ${\rm{ \mathsf{ γ} }}$ represents the gamma function. The foraging range dimension has been improved, and the simulation can be done for the individual chosen, it boosted the capacity for meritocracy all over the globe. ${\mathfrak{I}}_{1} =$ $\mathrm{N}(\mathrm{O}, \mathrm{ }1)$ and ${\mathfrak{I}}_{2} = \mathrm{N}\left(\mathrm{0, 1}\right)$ a random integer generated using a uniform distribution, ${{\wp }}_{1}$ and ${{\wp }}_{2}$ are altered in [-$\mathrm{1, 1}$].

Step 2: The flamingos have migrated to the following region because of the food scarcity from the existing region. Given the fact that the region in question exhibits a significant level of dietary consumption ${\mathrm{j}}^{\mathrm{t}\mathrm{h}}$ variable is $\mathrm{A}{\mathrm{b}}_{\mathrm{j}}$, the migration of the flamingo population can be given below:

In Eq (6), ${\rm{ \mathsf{ ω} }} = \mathrm{N}(\mathrm{O}, \mathrm{ }\mathrm{n})$ indicates the randomly generated value based on the uniform distribution with n degrees of freedom, which increases the searching space and arbitrariness behavior of the specific flamingo with a particular migration method employed for inspiration. At last, the maximal iteration attained gives an optimum performance and value that can be replaced from the main function and arranged to evaluate the essential feature, and the relevant features can be framed inside the data frame employing ICS-FSO:

3.2.   Detection using SBiLSTM model

At this stage, the SBiLSTM model is used for the threat detection process. LSTM is distinct from the RNN technique, which is generally deployed to process time sequence data ^[20]. It can be established to resolve the issue of RNNs' effort in long‐term learning and dependencies. The main idea of LSTM exists from its memory cell with a gated function. Its gated method contains 3 gates: forget $\left({f}_{t}\right)$, input $\left({i}_{t}\right)$ and output gates $\left({o}_{t}\right)$. An input gate $\left({i}_{t}\right)$ controls the input of present data. Once the input data comes into the unit, an input gate carries out a computation to determine whether to input the present data. The memory gate $\left({f}_{t}\right)$ controls the maintenance of past data. Once the past data comes into the unit, the memory gate executes a computation to determine how to maintain the data. The output gate $\left({O}_{t}\right)$ manages the outcome of the present data. It is defined as outputting the present data by carrying out a computation. Furthermore, ${C}_{t}$ signifies the long‐term memory unit, whereas ${h}_{t}$ signifies the short‐term memory unit.

In the above equations, ${\rm{ \mathsf{ σ} }}$ denotes the sigmoid activation function. The variables $\mathrm{w}$ and $\mathrm{b}$ in the equations represent the weighted and intercepted, correspondingly. BILSTM is a distinct LSTM that integrates a further layer of reverse computation with the base LSTM. The original series is $({\mathrm{A}}_{0},$ ${\mathrm{A}}_{1},$ ${\mathrm{A}}_{2},$ $\dots, {\mathrm{A}}_{\mathrm{i}})$, but the reversed series is defined as $({\mathrm{A}}_{0}^{'},$ ${\mathrm{A}}_{1}^{'},$ ${\mathrm{A}}_{2}^{'},$ $\dots, {\mathrm{A}}_{\mathrm{i}}$). The last resultant value is defined by the forward as well as reverse sequences:

In this equation, ${\mathrm{v}}_{1}$ and ${\mathrm{v}}_{2}$ represent the equivalent weights linked with 2 sequences.

An SBiLSTM has an NN structure that contains stacking multi-layers of BiLSTMs on top of one another. Figure 2 depicts the framework of stacked BiLSTM. The outcome of the 1st BiLSTM layer serves as the input to the 2nd BiLSTM layer, etc. All the subsequent layers capture a high-level representation of input data, potentially contributing to a more expressive and greater model for sequence processing tasks.

Figure 2.  The architecture of Stacked BiLTSM.

DownLoad: Full-Size Img PowerPoint

3.3.   AOA-based hyperparameter tuning

The hyperparameters related to the SBiLSTM approach are elected by the AOA. AOA is based on the searching process for the potential region from the candidate solution based on subtraction, division, multiplication and addition operators ^[21]. The efficiency of the optimization approach is measured with two search processes called exploitation and exploration. The process conducts the local search in the exploitation phase, concentrating on promising regions to search for a better solution. During the exploration phase, the process performs a global search to prevent local solutions. In this work, division $(\div)$ and multiplication $(\times)$ take the larger steps from the searching space and are thereby employed for exploratory search. Addition $(+)$ and subtraction $(-)$ operators can find capable areas by taking smaller steps from the searching space, which provides the best exploitation search. The AOA begins with an arbitrary candidate solution ($\mathrm{X}$). A better solution should be found through exploration and exploitation. Among the ${\mathrm{X}}_{\mathrm{n}}$ candidate solutions. MOA is used to define whether to implement an exploitation or exploration search as follows:

In Eq (15), ${\mathrm{t}}_{\mathrm{C}\mathrm{U}\mathrm{R}\mathrm{R}\mathrm{E}\mathrm{N}\mathrm{T}}$ indicates the existing iteration ranges from 1 to ${\mathrm{r}}_{\mathrm{M}\mathrm{A}\mathrm{X}}$ (maximal iteration), and $\mathrm{M}\mathrm{O}{\mathrm{A}}_{\mathrm{m}\mathrm{a}\mathrm{x}},$ and $\mathrm{M}\mathrm{O}{\mathrm{A}}_{\mathrm{m}\mathrm{i}\mathrm{n}}$ determine the minimal and maximal values of MOA. The AOA algorithm utilizes the 3 randomly generated values $(\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{1},$ $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{2}$ and $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{3})$ between zero and one. Once an arbitrary number $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{1}$ is bigger than MAO, AOA enters the exploration stage. Now, if $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{2} > 0.5$, the place of the ${\mathrm{s}}^{\mathrm{t}\mathrm{h}}$ solution can be upgraded by the division operators. Else, if $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{2}$ is lesser than 0.5, then the AOA model exploits the multiplication operator for updating the position of the ${\mathrm{s}}^{\mathrm{t}\mathrm{h}}$ outcome.

where ${\mathrm{S}}_{\mathrm{s}, \mathrm{l}}\left({\mathrm{t}}_{\mathrm{C}\mathrm{U}\mathrm{R}\mathrm{R}\mathrm{E}\mathrm{N}\mathrm{T}}+1\right)$ denotes the $\mathrm{s}‐$ th solution in the ${\mathrm{l}}^{\mathrm{t}\mathrm{h}}$ location, and $\mathrm{b}\mathrm{e}\mathrm{s}{\mathrm{t}}_{{\mathrm{x}}_{1}}$ shows the best performance from the ${\mathrm{l}}^{\mathrm{t}\mathrm{h}}$ place. ${\rm{ \mathsf{ ε} }}$ indicates the integer with a smaller value. and ${\rm{ \mathsf{ μ} }}$ represents the control parameter characterized by predetermined or fixed values of 0.5 for updating the exploration search. The upper and lower boundaries are characterized as the $\mathrm{U}{\mathrm{B}}_{\mathrm{l}}$ and $\mathrm{L}{\mathrm{B}}_{\mathrm{l}}$ parameters.

The coefficients in the context of math optimizer probability (MOP) serve a specific purpose and are explicitly defined in the ${\mathrm{t}}^{\mathrm{t}\mathrm{h}}$ iteration. The AOA model enters into the exploitation stage if $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{1} < \mathrm{M}\mathrm{O}\mathrm{A}$ function. Moreover, the model updates the position of $\mathrm{t}\mathrm{h}\mathrm{e}\mathrm{ }\mathrm{s}‐$ th solution using subtraction. If $\mathrm{r}\mathrm{a}\mathrm{n}{\mathrm{d}}_{3} > 0.5$. Otherwise, the place of the ${\mathrm{s}}^{\mathrm{t}\mathrm{h}}$ solution can be upgraded by addition $(+)$ operator as follows:

Fitness choice is a key feature of the AOA methodology. An encoded outcome was deployed to assess better candidate performances. Presently, the accuracy value is the major condition deployed to design an FF.

where FP and TP denote the false and true positive values.

4.   Result and discussion

The performance of the ICSFSO-ML technique was tested on the anomaly database ^[22,23]. The database has 20000 instances and 2 class labels as represented in Table 1. Among the available 13 features, the ICSFSO algorithm has chosen 8 features.

Table 1.  Description of the dataset.

Class	No. of Samples
Normal Status	10000
Anomalies	10000
Total Samples	20000

---

 | Show Table

DownLoad: CSV

The anomaly detection results of the ICSFSO-ML technique are depicted in Figure 3. The confusion matrices demonstrate the effectual recognition of the normal and anomalous samples under all classes ^[24,25,26].

Figure 3.  Confusion matrices of (a-b) 80:20 of TR set/TS set and (c-d) 70:30 of TR set/TS set.

DownLoad: Full-Size Img PowerPoint

The anomaly identification results of the ICSFSO-ML technique are tested with 80:20 of TR set/TS set as shown in Table 2 and Figure 4. The outcome showed that the ICSFSO-ML system recognized the normal and anomaly classes. On 80% of the TR set, the ICSFSO-ML algorithm offers average $\mathrm{a}\mathrm{c}\mathrm{c}\mathrm{u}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{y}$, $\mathrm{p}\mathrm{r}\mathrm{e}{\mathrm{c}}_{\mathrm{n}}$, $\mathrm{r}\mathrm{e}\mathrm{c}\mathrm{a}\mathrm{l}\mathrm{l}$, $\mathrm{F}-\mathrm{s}\mathrm{c}\mathrm{o}\mathrm{r}\mathrm{e}$ and ${\mathrm{G}}_{\mathrm{m}\mathrm{e}\mathrm{a}\mathrm{s}\mathrm{u}\mathrm{r}\mathrm{e}}$ of 97.68%, 97.71%, 97.68%, 97.67% and 97.68%, respectively. Also, on 20% of the TS set, the ICSFSO-ML method achieves average $\mathrm{a}\mathrm{c}\mathrm{c}\mathrm{u}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{y}$, $\mathrm{p}\mathrm{r}\mathrm{e}{\mathrm{c}}_{\mathrm{n}}$, $\mathrm{r}\mathrm{e}\mathrm{c}\mathrm{a}\mathrm{l}\mathrm{l}$, $F-score$, and ${\mathrm{G}}_{\mathrm{m}\mathrm{e}\mathrm{a}\mathrm{s}\mathrm{u}\mathrm{r}\mathrm{e}}$ of 98.22%, 98.25%, 98.22%, 98.22% and 98.23%, correspondingly.

Table 2.  Anomaly identification outcome of ICSFSO-ML technique on 80:20 of TR set/TS.

Class	$\boldsymbol{A}\boldsymbol{c}\boldsymbol{c}{\boldsymbol{u}}_{\boldsymbol{y}}$	$\boldsymbol{P}\boldsymbol{r}\boldsymbol{e}{\boldsymbol{c}}_{\boldsymbol{n}}$	$\boldsymbol{R}\boldsymbol{e}\boldsymbol{c}{\boldsymbol{a}}_{\boldsymbol{l}}$	${\boldsymbol{F}}_{\boldsymbol{S}\boldsymbol{c}\boldsymbol{o}\boldsymbol{r}\boldsymbol{e}}$	${\boldsymbol{G}}_{\boldsymbol{M}\boldsymbol{e}\boldsymbol{a}\boldsymbol{s}\boldsymbol{u}\boldsymbol{r}\boldsymbol{e}}$
TR set (80%)
Normal Status	99.02	96.42	99.02	97.70	97.71
Anomalies	96.33	99.00	96.33	97.65	97.65
Average	97.68	97.71	97.68	97.67	97.68
TS set (20%)
Normal Status	99.30	97.22	99.30	98.25	98.26
Anomalies	97.14	99.28	97.14	98.20	98.21
Average	98.22	98.25	98.22	98.22	98.23

---

 | Show Table

DownLoad: CSV

Figure 4.  Average outcome of ICSFSO-ML technique on 80:20 of TR set/TS set.

DownLoad: Full-Size Img PowerPoint

The anomaly identification outcome of the ICSFSO-ML methodology was tested with 70:30 of the TR set/TS setting as portrayed in Table 3 and Figure 5. The simulation values depicted that the ICSFSO-ML algorithm recognized the normal and anomaly classes. On 70% of the TR set, the ICSFSO-ML system had average accu_y, prec_n, reca_l, F_score, and G_measure of 96.97%, 96.98%, 96.97%, 96.96% and 96.97% correspondingly. Then, on 20% of the TS set, the ICSFSO-ML methodology achieved average accu_y, prec_n, reca_l, F_score, and G_measure of 97.03%, 97.06%, 97.03%, 97.03% and 97.04%, respectively.

Table 3.  Anomalies identification outcome of ICSFSO-ML technique on 70:30 of TR set/TS.

Class	$\boldsymbol{A}\boldsymbol{c}\boldsymbol{c}{\boldsymbol{u}}_{\boldsymbol{y}}$	$\boldsymbol{P}\boldsymbol{r}\boldsymbol{e}{\boldsymbol{c}}_{\boldsymbol{n}}$	$\boldsymbol{R}\boldsymbol{e}\boldsymbol{c}{\boldsymbol{a}}_{\boldsymbol{l}}$	${\boldsymbol{F}}_{\boldsymbol{S}\boldsymbol{c}\boldsymbol{o}\boldsymbol{r}\boldsymbol{e}}$	${\boldsymbol{G}}_{\boldsymbol{M}\boldsymbol{e}\boldsymbol{a}\boldsymbol{s}\boldsymbol{u}\boldsymbol{r}\boldsymbol{e}}$
TR set (70%)
Normal Status	96.14	97.77	96.14	96.94	96.95
Anomalies	97.80	96.19	97.80	96.98	96.99
Average	96.97	96.98	96.97	96.96	96.97
TS set (30%)
Normal Status	96.02	97.98	96.02	96.99	97.00
Anomalies	98.04	96.13	98.04	97.07	97.08
Average	97.03	97.06	97.03	97.03	97.04

---

 | Show Table

DownLoad: CSV

Figure 5.  The average outcome of the ICSFSO-ML technique on 70:30 of the TR set/TS set.

DownLoad: Full-Size Img PowerPoint

Figure 6 illustrates the training accuracy TR_accu_y and VL_accu_y of the ICSFSO-ML methodology on 80:20 of the TR set/TS set. The TL_accu_y was determined by the evaluation of the ICSFSO-ML method on the TR dataset, whereas the VL_accu_y was computed by evaluating the performance on a separate testing dataset. The outcome exhibits that TR_accu_y and VL_accu_y upsurge with a rise in epochs. Therefore, the performance of the ICSFSO-ML method increased on the TR and TS datasets with an upsurge in several epochs.

Figure 6.  Accu_y curve of ICSFSO-ML technique on 80:20 of TR set/TS set.

DownLoad: Full-Size Img PowerPoint

In Figure 7, the TR_loss and VR_loss results of the ICSFSO-ML approach on 80:20 of the TR set/TS set are shown. The TR_loss defines the error among the predictive outcome and original values on the TR data. The VR_loss signifies the measure of the performance of the ICSFSO-ML technique on individual validation data. The outcomes point out that the TR_loss and VR_loss tend to reduce with rising epochs, portraying the higher performance of the ICSFSO-ML system and its ability to produce an accurate classification. The lesser values of TR_loss and VR_loss establish the improved performance of the ICSFSO-ML methodology in capturing patterns and relationships.

Figure 7.  Loss curve of ICSFSO-ML technique on 80:20 of TR set/TS set.

DownLoad: Full-Size Img PowerPoint

In Figure 8, a comprehensive precision-recall (PR) investigation of the ICSFSO-ML approach is shown for 80:20 of the TR set/TS set in Figure 8. The simulation values demonstrated that the ICSFSO-ML system led to enhanced PR outcomes. Further, it was obvious that the ICSFSO-ML method has greater PR outcomes in the 2 classes.

Figure 8.  PR curve of ICSFSO-ML technique on 80:20 of TR set/TS set.

DownLoad: Full-Size Img PowerPoint

In Figure 9, an ROC analysis of the ICSFSO-ML system is demonstrated on 80:20 of the TR set/TS set. The simulation results show that the ICSFSO-ML approach led to greater values of ROC. Also, it was apparent that the ICSFSO-ML methodology achieved better ROC outcomes in the 2 classes.

Figure 9.  PR curve of ICSFSO-ML technique on 80:20 of TR set/TS set.

DownLoad: Full-Size Img PowerPoint

Table 4 and Figure 10 illustrate the comparison outcomes of the ICSFSO-ML approach with other models in terms of different metrics ^[27,28,29]. The table values portrayed the ineffectual performance of the AE model, whereas the SVM and Anomaly-IDS models have shown somewhat better results over the AE model. Along with that, the DEA and LR approaches have exhibited close results. However, the DT and RF systems have accomplished considerable results, the ICSFSO-ML technique ensured better performance with maximum $pre{c}_{n}$, $acc{u}_{y}$, ${F}_{score}$ and $rec{a}_{l}$ of 98.25%, 98.22%, 98.22% and 98.22%, respectively. These outcomes show the better performance of the ICSFSO-ML algorithm.

Table 4.  Comparative outcome of ICSFSO-ML technique with other approaches.

Model	$\boldsymbol{P}\boldsymbol{r}\boldsymbol{e}{\boldsymbol{c}}_{\boldsymbol{n}}$	$\boldsymbol{A}\boldsymbol{c}\boldsymbol{c}{\boldsymbol{u}}_{\boldsymbol{y}}$	${\boldsymbol{F}}_{\boldsymbol{S}\boldsymbol{c}\boldsymbol{o}\boldsymbol{r}\boldsymbol{e}}$	$\boldsymbol{R}\boldsymbol{e}\boldsymbol{c}{\boldsymbol{a}}_{\boldsymbol{l}}$
ICSFSO-ML	98.25	98.22	98.22	98.22
DT Model	95.40	96.70	92.10	93.30
LR Model	93.10	94.50	91.70	92.50
SVM Model	92.60	95.30	90.00	91.00
RF Model	95.50	97.20	93.20	94.40
Deep Autoencoder	93.79	94.71	92.71	93.46
Autoencoders	89.81	84.86	90.85	91.90
Anomaly-IDS	92.65	91.65	93.16	92.24

---

 | Show Table

DownLoad: CSV

Figure 10.  Comparative outcome of ICSFSO-ML technique with other approaches.

DownLoad: Full-Size Img PowerPoint

5.   Conclusions

This manuscript has provided an automated ICSFSO-ML-based security solution for IoT edge devices. The major aim of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices. In the proposed ICSFSO-ML algorithm, three major phases are contained: ICS-FSO-based feature selection, SBiLSTM-based detection and AOA-based parameter tuning. Primarily, the ICSFSO-ML approach uses the ICSFSO algorithm for feature selection purposes, which reduces the computation complexity and boosts the classification results. In addition, the ICSFSO-ML technique makes use of the SBiLSTM model for the threat detection process. To enhance the efficacy of the SBiLSTM model, AOA is applied for the hyperparameter selection process. The simulation value of the ICSFSO-ML technique is made on the benchmark threat database. The performance showed the benefits of the ICSFSO-ML approach compared to existing methods with a maximum accuracy of 98.25%. In the future, the ICSFSO-ML technique holds significant potential for further advancements and applications in the field of IoT security. Additional research could focus on refining and optimizing the technique to address emerging IoT security threats and vulnerabilities. This might involve extending the methodology to accommodate a broader range of IoT devices and communication protocols. Furthermore, integrating real-time monitoring and response capabilities, as well as considering the scalability of the solution for large-scale IoT deployments, could be valuable avenues of exploration.

Use of AI tools declaration

The authors declare they have not used Artificial Intelligence (AI) tools in the creation of this article.

Funding

This research has been funded by the Deanship for Research & Innovation, Ministry of Education in Saudi Arabia, through project number: IFP22UQU4281768DSR205.

Acknowledgments

The authors extend their appreciation to the Deanship for Research & Innovation, Ministry of Education in Saudi Arabia, through project number: IFP22UQU4281768DSR205.

Conflict of interest

The authors declare no conflict of interest.