Design of advanced intrusion detection systems based on hybrid machine learning techniques in hierarchically wireless sensor networks

Figures & data

Figure 1. Architecture of distributed (a) and hierarchical (b) WSNs.

Figure 2. Wireless sensor networks model with clustering Nodes for data aggregation to the sink node.

Figure 3. The organisation and framework of the proposed work.

Figure 4. hybrid intrusion detection model with anomaly detector and rule-based detector.

Figure 5. Block diagram for advanced and hybrid intrusion detection system.

Figure 6. Block diagram of an intrusion detection system using the flow-based technique.

Figure 7. Hierarchical hybrid intrusion detection technique in wireless sensor networks using three phases of attack detection.

Figure 8. Illustration of data aggregation and clustering in WSNs.

Figure 9. Hybrid PSO-PNN technique for attack classification and detection.

Table 1. Summary of different hybrid techniques from previous works.

Ref.	Security Technique	Research Findings
Vinitha et al. (2019)	Taylor-based Cat Salp swarm Algorithm	The LEACH protocol provides an energy-efficient multi-hop routing for reliable data transfer. Throughput, energy, and delay may all be accurately measured with this method.
Singh et al. (2023)	deep learning architecture based on a fully connected feed-forward Artificial Neural Network	R = 0.78 and RMSE = 41.15 were obtained for a Gaussian sensor distribution. In contrast, R = 0.79 and RMSE = 48.36 were found for a uniform sensor distribution, indicating that the model accurately predicts the number of k-barriers for both distributions.
Singh et al. (2021)	Machine learning approach based on Gaussian Process Regression (GPR) model	An analytical method is used to extract these characteristics. Based on the simulation results, the technique provides the most accurate prediction of the k-barrier probability, with a correlation coefficient (R) of 0.85 and a Root Mean Square Error (RMSE) of 0.095.
Singh et al. (2022a)	Automated Machine Learning using Bayesian optimisation.	Compared to other explainable machine learning models, they discovered that the Gaussian process regression performed exceptionally well, with a correlation coefficient of 1, a root mean square error of 0.007, and a bias of 0.006.
Ahmad et al. (2019)	Misdetection and K-medoid clustering	K-medoid clustering with a synthetic data set proves to be an efficient way of spotting hybrid black hole attacks.
Devi and Jaison (2020)	SDN-based Hybrid clone node detection	The hybrid clone node detection detects the cloned node using proactive and verification processes based on software-defined networking in WSNs, maintaining and enhancing the quality of service.
Singh et al. (2022b)	log transformation and feature scaling on the feature set and trained the tuned Support Vector Regression (SVR)	They discovered that the model accurately predicts the number of barriers with a correlation coefficient (R) equal to 0.98, a root mean square error (RMSE) equal to 6.47, and a bias equal to 12.35.
Davahli et al. (2020)	Genetic Algorithm (GA) and grey wolf optimiser(GWO)	Reduce the dimensionality of wireless network traffic using selective features for the Internet of Things intrusion detection system with the SVM classifier.
Sun et al. (2020)	Convolutional neural network (CNN) and long short-term memory network (LSTM)	Extracts the network data traffic features using the hybrid IDS with the CICIDS2017 dataset for evaluation and achieves an overall accuracy of 99.50% for attack type.
Biswas et al. (2019)	Kalman filter (KF) with extreme learning machine (ELM)	A hybrid classification technique to train the sink node using a predictive classifier. The scheme is evaluated using the detection of random WSN anomalies data with the normal and faulty datasets.
Ren et al. (2019)	hybrid data optimisation	The practical technique uses data sampling and feature selection using a Genetic algorithm and random forest classifiers using the optimal training UNSW-NB15 dataset.
Regan and Leo Manickam (2019)	The optimised hybrid security model	Hybrid optimised technique for detection of malicious attacks using the hybrid secured model.
Moon and Ingole (2015)	IDS-Secured hybrid approach	The scheme provides a unique security technique for preventing and detecting attacks. The scheme realises data integrity, authentication, and energy minimisation.
Deepa and Latha (2019)	Hybrid hierarchical secure routing using clustering	The scheme selects a hybrid hierarchical secure algorithm for detection and packet delivery using a coordinate cluster head.
Sakthivel and Chandrasekaran (2018)	Hybrid security using dummy packets	A secure routing framework for detecting malicious attacks using routing protocols and dummy packet optimisation.
Yang et al. (2022)	Hybrid multi-tiered IDS using machine learning	It is practical for detecting internal and external cyber-attacks targeting vehicular networks using the CICIDS 2017 dataset.
Rose et al. (2020)	Hybrid k-means and support vector machine	Reduced training and testing times with promising classification accuracy of attack detection and classification in the network.
VenkataRao and Ananth (2021)	Hybrid optimisation and secure clustering protocol	Provides better performance using hybrid secure clustering protocol and k-means clustering for attack detection.
Gupta et al. (2022)	Deep learning-based hybrid neural network	Effective detection and classification of attacks IoT enable networks to utilise the hybrid chicken swarm genetic algorithm method.
Cao et al. (2022)	Hybrid sampling method	Provides better accuracy using feature selection analysis techniques.
Das and Namasudra (2022)	Hybrid encryption method	It is better to improve security performance in IoT-based healthcare infrastructures.
Devi and Jaison (2020)	Clone detection technique	Efficient for detection and verification of cloning attacks in WSNs.
Ullah et al. (2022)	Hybrid deep learning	Proficient in the detection of malicious attacks using benchmark datasets.
Reshma et al. (2022)	The hybrid Neighbor discovery protocol	Maximizes energy efficiency and improves security performance for detecting malicious nodes based on hybrid machine learning.
Saif et al. (2022)	Hybrid IDS approach using feature selection	Utilised hybrid DT-GA to detect and classify security attacks on IoT for healthcare applications with reduced cost.

Figure 10. Hierarchical topology and configuration model for secure wireless sensor networks.

Figure 11. Jamming (a) and Sinkhole (b) attacks at the physical and network layers. (a) Jamming attacks and (b) Sink hole attacks

Table 2. Frequency distribution of various attack classes in the NSL-KDD with training and testing samples for testing performance (Li et al., 2018).

samples	Normal	DoS	Probes	U2R	R2L	Total
Training samples	67,343	45,927	11,656	52	995	125,974
Testing samples	9,711	7,458	2,421	200	2,654	22,544
Total number	77,054	53,385	14,077	252	3,649	148,518

Table 3. Provides a detailed technical description of the four types of attacks in the dataset.

Attack	Attack description in the dataset
DoS	The attacker makes the network busy and denies the legitimate user access.
R2L	The intruder tries to gain access to the network or machine for a specific version of the FTP.
U2R	The attacker accesses the system's root and makes unauthorised attempts to the network.
Probe	It endeavours to assemble the data behind evading the security of the system.

Table 4. Frequency distribution of attacks in the dataset.

	Training samples		Testing samples
Attack category	weight	Percent	weight	Percent
Analysis	677	.8	2000	1.1
Backdoor	583	.7	1746	1.0
DoS	4089	5.0	12264	7.0
Exploits	11132	13.5	33393	19.0
Fuzzers	6062	7.4	18184	10.4
Generic	18871	22.9	40000	22.8
Normal	37000	44.9	56000	31.9
Reconnaissance	3496	4.2	10491	6.0
Shellcode	378	.5	1133	.6
Worms	44	.1	130	.1
Total	82333	100.0	175342	100.0

Table 5. The dataset's statistical distribution, based on a subset of its attributes.

Features	Number	Mode	Mean	Features	Number	Mode	Mean
DestinationPort	485881	4855.64	4855.64	FwdHeaderLength_A	485881	318.01	318.01
FlowDuration	485881	38856281	38856281	BwdHeaderLength	485881	350.67	350.67
TotalFwdPackets	485881	12.6	12.6	FwdPacketss	485881	15533.1	15533.1
TotalBackwardPackets	485881	14.39	14.39	BwdPacketss	485881	4910.09	4910.09
TotalLengthofFwdPackets	485881	766.63	766.63	MaxPacketLength	485881	2435.6	2435.6
FwdPacketLengthMax	485881	316.83	316.83	AveragePacketSize	485881	415.2116	415.2116
FlowBytess	485771	387017.1	387017.1	AvgFwdSegmentSize	485881	74.81795	74.81795
FlowPacketss	485771	20427.24	20427.24	FwdHeaderLength	485881	318.01	318.01
FlowIATMax	485881	31827784	31827784	SubflowFwdPackets	485881	12.6	12.6
FlowIATMin	485881	49418.34	49418.34	SubflowFwdBytes	485881	766.63	766.63
FwdIATTotal	485881	38499251	38499251	SubflowBwdPackets	485881	14.39	14.39
FwdIATMax	485881	31702017	31702017	Init_Win_bytes_forward	485881	6069.22	6069.22
BwdIATTotal	485881	19764440	19764440	Init_Win_bytes_backward	485881	1388.02	1388.02
BwdIATMax	485881	13265776	13265776	act_data_pkt_fwd	485881	8.51	8.51
BwdIATMin	485881	1321377	1321377	min_seg_size_forward	485881	26.26	26.26

Table 6. Structure of the dataset with classifications of assaults.

Attacks	DoS Slowhttptest	Normal	slowloris	DoS GoldenEye	DoS Hulk	Heartbleed
Training set	1276.8	252382.6	1504.8	6307.2	127302.4	8
Testing set	319.2	63076.4	376.2	1576.8	31825.6	2
Overall	1596	315382	1881	7884	159128	10

Figure 12. Framework for advanced hybrid intrusion detection system (AHIDS) Block diagram using attack detection and classification Model.

Figure 13. Illustration of flow chart diagram based on various phases of the proposed system.

Figure 14. Data pre-processing, training and testing for model evaluation framework using benchmark datasets.

Figure 15. Selection of important feature technique using NSL-KDD benchmark dataset.

Figure 16. Block diagram of random forest operation for training and testing benchmark dataset.

Table 7. WSN configuration of simulation setting.

Parameter	Setting	Parameter	Setting
Base Station	1	Topology	Hierarchical
Filed size	1500 m × 1500 m	Number of attacks	2
Number of Nodes	200	Mobility Model	Random
Protocol type	Routing	Number layers	10
Cluster size	10	Max epochs	200
Attack type	wormhole	Data size	5000 Kb
Number iterations	200	Simulation Time	5 s

Figure 17. wireless sensor network deployment and routing discovery for analysing energy consumption and time elapsed. (a) Dynamic network deployment. (b) Routing discovery and feature extraction. (C) Energy consumed for nodes with time and (d) Time elapsed for each node.

Figure 18. The proposed system's performance evaluation using hybrid GA-ANN takes 100 samples and varying the number of epochs. (a) Histogram with 300 instances. (b) Histogram with 300 instances. (c) Best performance ate epoch of 7 and (d) Best performance at the epoch of 100.

Table 8. Evaluation of hybrid machine learning models on standard datasets.

	Results against the UNSW_NB15 dataset				Results against the CICIDS2017 dataset
Classifier	Accuracy	Precision	Recall	F1-Score	Accuracy	Precision	Recall	F1-Score
XGBoost	99.78	99.74	99.78	99.75	99.82	99.86	99.82	99.83
Random Forest	99.75	99.67	99.75	99.70	99.82	99.82	99.82	99.80
Decision Tree	99.68	99.63	99.68	99.66	99.82	99.91	99.82	99.85
Extra Tree	99.72	99.66	99.72	99.68	99.82	99.80	99.82	99.80
Ensemble Stacking	99.78	99.74	99.78	99.75	99.82	99.91	99.82	99.85
CLK-Means	100.00	100.00	100.00	100.00	100.00	100.00	100.00	100.00

Table 9. Comparison of various hybrid ML models using NSL-KDD dataset for attack detection and classification.

	Performance evaluation metrics
ML Classifiers	validation	Accuracy	Precision	Recall	F1-score	Training time
Naive Baye (NB)	83.94	83.71	90.35	83.71	85.68	0.025
Decision Tree (DT)	87.94	88.10	88.34	88.10	88.07	0.22
XG Boost (XGB)	99.16	99.34	99.32	99.34	99.32	1.83
Random Forest (RF)	98.66	99.46	99.44	99.46	99.45	0.17
DT-XGBoost	99.57	99.80	99.80	99.80	99.80	1.24
RF-XGBoost	99.57	99.80	99.80	99.80	99.80	1.44
RF-DT	99.57	99.79	99.79	99.79	99.79	0.327

Figure 19. Performance comparison of various machine learning models using NSL-KDD. (a) RF-based comparative analysis and (b) DT-based comparative analysis

Figure 20. Performance comparison of the proposed scheme-based hybrid machine learning techniques using benchmark datasets. (a) Comparison based on UNSW_NB15 and (b) Comparison-based CICIDS2017

Figure 21. Performance comparison of the proposed technique with other previous works. (a) Comparative analysis of the proposed scheme and (b) Comparative analysis based on recall

Figure 22. Examining the proposed system's performance of similar works using standard benchmarks. (a) Comparison of the proposed system with recent works and (b) AUC-based performance comparison using the UNSW-NB15 benchmark dataset.

Table 10. Performance evaluation of the proposed system using the NSL-KDD benchmark dataset.

	Proposed AIDS-HML approach			Intelligent fuzzy-based IDS			ECABC-BPNN
Class of attacks	Precision	Recall	F1-Score	Precision	Recall	F1-Score	Precision
DOS	99.89	99.93	99.91	99.99	97.23	98.72	98.56
Probes	99.30	98.87	99.08	92.67	97.97	93.34	86.70
R2L	98.91	97.84	98.38	57.39	28.32	42.97	97.20
U2R	80.00	66.66	72.72	95.23	63.56	59.03	83.67

Vinitha, A., Rukmini, M. S. S., & Dhirajsunehra. (2019). Secure and energy aware multi-Hop routing protocol in WSN using Taylor-based hybrid optimization algorithm. Journal of King Saud University - Computer and Information Sciences (xxxx). https://doi.org/10.1016/j.jksuci.2019.11.009.

 Google Scholar

Singh, A., Amutha, J., Nagar, J., & Sharma, S. (2023). A deep learning approach to predict the number of K-barriers for intrusion detection over a circular region using wireless sensor networks. Expert Systems with Applications, 211(July 2021), 118588. https://doi.org/10.1016/j.eswa.2022.118588

 Google Scholar

Singh, A., Nagar, J., Sharma, S., & Kotiyal, V. (2021). A Gaussian process regression approach to predict the K-barrier coverage probability for intrusion detection in wireless sensor networks. Expert Systems with Applications, 172(October 2020), 114603. https://doi.org/10.1016/j.eswa.2021.114603

 Google Scholar

Singh, A., Amutha, J., Nagar, J., Sharma, S., & Lee, C. C. (2022a). AutoML-ID: Automated machine learning model for intrusion detection using wireless sensor network. Scientific Reports, 12(1), 1–14. https://doi.org/10.1038/s41598-021-99269-x

 PubMed Web of Science ®Google Scholar

Ahmad, B., Jian, W., Ali, Z. A., Tanvir, S., & Ali Khan, M. S. (2019). Hybrid anomaly detection by using clustering for wireless sensor network. Wireless Personal Communications, 106(4), 1841–1853. https://doi.org/10.1007/s11277-018-5721-6

 Web of Science ®Google Scholar

Devi, P. P., & Jaison, B. (2020). Protection on wireless sensor network from clone attack using the SDN-enabled hybrid clone node detection mechanisms. Computer Communications, 152(January), 316–322. https://doi.org/10.1016/j.comcom.2020.01.064

 Google Scholar

Singh, A., Amutha, J., Nagar, J., Sharma, S., & Lee, C. C. (2022b). LT-FS-ID: Log-transformed feature learning and feature-scaling-based machine learning algorithms to predict the k-barriers for intrusion detection using wireless sensor network. Sensors, 22(24), 3. https://doi.org/10.1109/JSEN.2022.3226962

 Google Scholar

Davahli, A., Shamsi, M., & Abaei, G. (2020). Hybridizing genetic algorithm and grey wolf optimizer to advance an intelligent and lightweight intrusion detection system for IoT wireless networks. Journal of Ambient Intelligence and Humanized Computing, 11(11), 5581–5609. https://doi.org/10.1007/s12652-020-01919-x

 Web of Science ®Google Scholar

Sun, P., Liu, P., Li, Q., Liu, C., Lu, X., Hao, R., & Chen, J. (2020). DL-IDS: Extracting features using CNN-LSTM hybrid network for intrusion detection system. Security and Communication Networks, 2020. https://doi.org/10.1155/2020/8890306

 Web of Science ®Google Scholar

Biswas, P., Charitha, R., Gavel, S., & Raghuvanshi, A. S. (2019). Fault detection using hybrid of KF-ELM for wireless sensor networks. Proceedings of the International Conference on Trends in Electronics and Informatics, ICOEI, 2019(Icoei), 746–750. https://doi.org/10.1109/ICOEI.2019.8862687

 Google Scholar

Ren, J., Guo, J., Qian, W., Yuan, H., Hao, X., & Jingjing, H. (2019). Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Security and Communication Networks, 2019. https://doi.org/10.1155/2019/7130868

 Web of Science ®Google Scholar

Regan, R., & Leo Manickam, J. M. (2019). An optimized energy saving model for hybrid security protocol in WMN. National Academy Science Letters, 42(6), 489–501. https://doi.org/10.1007/s40009-019-0789-4

 Web of Science ®Google Scholar

Moon, P. S., & Ingole, P. K. (2015). An overview on: Intrusion detection system with secure hybrid mechanism in wireless sensor network. Conference Proceeding - 2015 International Conference on Advances in Computer Engineering and Applications, ICACEA, 2015, 272–277. https://doi.org/10.1109/ICACEA.2015.7164714

 Google Scholar

Deepa, C., & Latha, B. (2019). HHSRP: A cluster based hybrid hierarchical secure routing protocol for wireless sensor networks. Cluster Computing, 22(s5), 10449–10465. https://doi.org/10.1007/s10586-017-1065-3

 Google Scholar

Sakthivel, T., & Chandrasekaran, R. M. (2018). A dummy packet-based hybrid security framework for mitigating routing misbehavior in multi-Hop wireless networks. Wireless Personal Communications, 101(3), 1581–1618. https://doi.org/10.1007/s11277-018-5778-2

 Web of Science ®Google Scholar

Yang, L., Moubayed, A., & Shami, A. (2022). MTH-IDS: A multitiered hybrid intrusion detection system for Internet of vehicles. IEEE Internet of Things Journal, 9(1), 616–632. https://doi.org/10.1109/JIOT.2021.3084796

 Web of Science ®Google Scholar

Rose, T., Kifayat, K., Abbas, S., & Asim, M. (2020). A hybrid anomaly-based intrusion detection system to improve time complexity in the Internet of energy environment. Journal of Parallel and Distributed Computing, 145, 124–139. https://doi.org/10.1016/j.jpdc.2020.06.012

 Web of Science ®Google Scholar

VenkataRao, S., & Ananth, V. (2021). A hybrid optimization algorithm and shamir secret sharing based secure data transmission for IoT based WSN. International Journal of Intelligent Engineering and Systems, 14(6), 498–506. https://doi.org/10.22266/ijies2021.1231.44

 Google Scholar

Gupta, S. K., Tripathi, M., & Grover, J. (2022). Hybrid optimization and deep learning based intrusion detection system. Computers and Electrical Engineering, 100(May), 107876. https://doi.org/10.1016/j.compeleceng.2022.107876

 Google Scholar

Cao, B., Li, C., Song, Y., Qin, Y., & Chen, C. (2022). Applied Sciences Network Intrusion Detection Model Based on CNN and GRU.

 Google Scholar

Das, S., & Namasudra, S. (2022). A novel hybrid encryption method to secure healthcare data in IoT-enabled healthcare infrastructure. Computers and Electrical Engineering, 101(September 2021), 107991. https://doi.org/10.1016/j.compeleceng.2022.107991

 Google Scholar

Ullah, S., Khan, M. A., Ahmad, J., Jamal, S. S., Huma, Z. E., Hassan, M. T., Nikolaos Pitropakis, A., & Buchanan, W. J. (2022). HDL-IDS: A hybrid deep learning architecture for intrusion detection in the Internet of vehicles. Sensors, 22(4), 1–20. https://doi.org/10.3390/s22041340

 Web of Science ®Google Scholar

Reshma, V. K., Khan, I. R., Niranjanamurthy, M., Aggarwal, P. K., Hemalatha, S., Almuzaini, K. K., & Amoatey, E. T. (2022). Hybrid block-based lightweight machine learning-based predictive models for quality preserving in the Internet of Things- (IoT-) based medical images with diagnostic applications. Computational Intelligence and Neuroscience, 2022. https://doi.org/10.1155/2022/8173372

 PubMed Web of Science ®Google Scholar

Saif, S., Das, P., Biswas, S., Khari, M., & Shanmuganathan, V. (2022). HIIDS: Hybrid intelligent intrusion detection system empowered with machine learning and metaheuristic algorithms for application in IoT based healthcare. Microprocessors and Microsystems, 104622. https://doi.org/10.1016/j.micpro.2022.104622

 Google Scholar

Li, L., Yu, Y., Bai, S., Cheng, J., & Chen, X. (2018). Towards effective network intrusion detection: A Hybrid Model Integrating Gini Index and GBDT with PSO. 2018.

 Google Scholar