Detection of Real-Time Malicious Intrusions and Attacks in IoT Empowered Cybersecurity Infrastructures

Computer viruses, malicious, and other hostile attacks can affect a computer network. Intrusion detection is a key component of network security as an active defence technology. Traditional intrusion detection systems struggle with issues like poor accuracy, ineffective detection, a high percentage of false positives, and an inability to handle new types of intrusions. To address these issues, we propose a deep learning-based novel method to detect cybersecurity vulnerabilities and breaches in cyber-physical systems. The proposed framework contrasts the unsupervised and deep learning-based discriminative approaches. This paper presents a generative adversarial network to detect cyber threats in IoT-driven IICs networks. The results demonstrate a performance increase of approximately 95% to 97% in terms of accuracy, reliability, and efficiency in detecting all types of attacks with a dropout value of 0.2 and an epoch value of 25. The output of well-known state-of-the-art DL classifiers achieved the highest true rate (TNR) and highest detection rate (HDR) when detecting the following attacks: (BruteForceXXS, BruteForceWEB, DoS_Hulk_Attack, and DOS_LOIC_HTTP_Attack) on the NSL-KDD, KDDCup99, and UNSW-NB15 datasets. It also maintained the confidentiality and integrity of users’ and systems’ sensitive information during the training and testing phases.


I. INTRODUCTION
Deep learning (DL) methods are used with different operators, which become beneficial for distinct mechanisms, especially the artificial neural network (ANN). It comprises three layers: input, output, and hidden [2], [3]. However, in DL, each layer is in a nonlinear fashion, which sent responses based on the data provided through input layers. Recently, DL approaches have been frequently used to discover graphic recognition, image processing, signal processing, and voice and audio recognition. Substantially, DL learning approaches The associate editor coordinating the review of this manuscript and approving it for publication was Vicente Alarcon-Aquino . are widely used in medicine for genomics and diseases [4]. The structure and functionality of the DL methods use complex data organization (such as images, text, and numbers hierarchy) and illustrate how to manage big data with forward, and back backpropagation methods focused. In addition, the other question raises how devices change the values and hyperparameters with dimensions to compute the Size of samples rendering the different layers. Successful methods make a minor difference between testing and training presentation and representation. The outdated wisdom characteristics result from a minor deviation from the family's usual quality and structural approaches to training [5]. Due to the reasons assumed and adopted DL methods in many areas, privacy and security concerns are critical. In DL methods, the key issue is data movement, where data is transferred between encrypted forms in training, testing, and interface modules. In addition, the DL prevailing in all models for the training part relies on enormous data, confidential and sensitive data for the user, primarily training data [6].
Intrusion detection systems (IDS) are part of a system's subsequent protection line. [7]. IDS is an observing system that detects suspicious activities and produces alerts when they are detected and implemented in conjunction with security concerns and procedures such as authentication, security system and encryption approaches to strengthen security against cyber-attacks. Employing a variety of benign traffic/ normal flow patterns and precise attack-specific rules, IDS can distinguish between harmful and non-malicious activity [8]. Data mining is used to describe and deploy IDSs with robust behaviour with higher accuracy than traditional IDS that may impact modern, sophisticated cyber-attacks. [9]. Businesses are growing increasingly worried about securing critical infrastructure (CI), especially Internet Industrial Control Systems (IICs), as the number of devices used in IIoTbased setups is continuously rising [4]. Industrial Control Systems (ICS) are a collection of hardware, software, operators, and links that are used to manage essential control functions and accomplish complex tasks. In the literature, several intrusion detection systems (IDS) have been developed to identify online attacks on IICSs networks. However, there are some significant flaws in the methodologies and evaluation metrics of the majority of the current IDSs. To address the issues of poor detection rate and high false positive rates (FPR), this work provides an effective IDS for IIoT-powered IICs utilising deep-autoencoder-based LSTM model/method. The DL methods must not reveal essential or secret information. An intrusion detection device is frequently a software application utility or a physical device that watches for intrusions by arriving and departing community visitors for signs of malicious activity or violations of security standards. Intrusion detection systems and IDS products are sometimes compared to intruder alarms, alerting administrators of any activity that might damage data or network infrastructures. IDS tools search for unusual behaviour or indicators of a capability compromise by examining the packets that move through your community and the network visitor styles to detect any irregularities. Intrusion detection structures are primarily passive, albeit a few intrusion detection structures can intervene when they identify harmful conduct. Overall, they're mainly intended to acquire real-time visibility during times of capacity community compromises. Numerous IDS products will respond differently depending on the type of intrusion detection equipment that has been deployed. For instance, a network intrusion detection system, also known as NIDS [10], will strategically put sensors throughout the network. These sensors will then detect community visits without causing performance issues or blockages. Host-based complete intrusion detection systems (HIDS) operate on specific gadgets and servers that are only helpful in tracking visits to those specific gadgets and hosts [7].
However, each generation selects a set of different deep learning pre-trained methods such as RNN, CNN, and DL MLP. The framework used discriminative architecture, which includes convolutional neural networks (CNN), recurrent neural networks (RNN), and deep neural networks (DNN), a set of items that are included in IDS independently. As a result, one individual item indicates a possible combination of many systems that will be used to build more profound and more relevant aspects. Deep learning algorithms are trained to evaluate the model's effectiveness by simply concatenating the in-depth features. The deep feature representations are then destroyed, and the final classification results are made with a network that was made by itself and had several dense, hidden layers.
The proposed framework assessed three separate datasets (NSL-KDD, KDDCup99, and UNSW-NB15). The experimental outcomes show that the proposed framework is superior to several strong strategies, which makes it easier to deploy it in actual IICS networks. And also, compared the outcomes of the suggested state-of-the-art methods/models. The following are the key objectives and contributions of this paper: 1. Developed a novel comprehensive framework to detect cyber and malicious attacks which can collaboratively train the system on multiple data with deeper traffic analysis. 2. A proposed AI-enabled deep intrusion detection framework that employs multi-layer perceptrons (MLP), recurrent neural networks (RNN), and deep neural networks (DNN) methods to detect cyberattacks and malicious intent to capture latent data that can support effective IDS design. 3. Tests the performance of the proposed efficient IDS framework on IIoT IICs and exterior networks on the NSL-KDD, KDDCup99, and UNSW-NB15 datasets. The rest of this paper is structured as follows: Section II examines and analyses various related works and identifies research gaps. Section III highlights the proposed methodology. Section IV elaborates results and discussion. Section V concludes the paper with future scope.

II. RELATED WORK
The deep learning methods brought a big revolution in computer science with additional powerful subfields and various fields, including Natural Language Processing (NLP), machine learning, computer vision, and speech/audio processing. In visual data analytics, Convolutional Neural Networks (CNNs) have exhibited substantial gains in picture categorization, object identification, and video motion monitoring. A CNN contains a sequence of linear and nonlinear layers called a hierarchical structure, with a direct connection and shared weights. It was first proposed for simple picture VOLUME 11, 2023 recognition. LeNet-5 CNNs have two convolutional layers, each followed by a sub-sampling layer and, eventually, a convolution for class prediction. It was later widely employed in various scientific and real-world applications as hardware technology (e.g., GPUs) progressed [2], [11], [12], [13], [14], [15], [16], [17].
A study of intrusion detection datasets was recently published [16]. The research includes 34 datasets and 15 features for each of them. The traits of these are divided into five categories: (1) well-known data, (2) assessment, (3) recording environment, (4) recording volume, (5) recording type, and well-known, relevant data [8], [17], [18], [19], [20] researched intrusion detection systems' machine learning methodologies. The datasets were divided into three categories: The first category is packet-level data, then the second one is network packet data, and the last category is accessible datasets. The computational cost was also analyzed in the study (running time) of each malware detection approach that employs extraction and machine learning technology. On the interconnected internet of things (IoT), [20], [21], [22], [23], [24], [25], [26] conducted a comparative analysis of intrusion detection techniques on the IoT. The study used the detection approach, IDS placement strategy, and security threat to classify IDSs for IoT [18]. The study analyzed current systems for each primary assessment factor, including workloads, metrics, and approaches, to give common practices in cyber security intrusion detection. Deep learning algorithms for cyber security intrusion detection are the topic of our research and four other papers [23,[28][29][30][31]. On the other hand, these publications do not provide a comparison of deep learning algorithms on the datasets. Our research is the first to investigate an in-depth examination of deep learning for IDS, including methodologies, datasets, and comparative analysis, according to our awareness [30], [31], [32], [33]. Table 1 represented the comparison of related work in 2021 and 2022 of machine learning and deep learning for detecting intrusion and cyber security attacks. This survey has discussed the minimal work of deep learning and machine learning. The studies focused on the issues, challenges, and shortcomings of ML and DL techniques for detecting ICS anomalies and the current ICS-to-cloud infrastructure. ML methods secure ICT on the network and physical levels by managing the information through packets and controlling anomalies [66]. The research on ML-AIDS identifies and efficiently implements the effective and efficient anomalies of networks and computers [70]. Recently, many researchers have been dedicated to developing ML with NIDs [41], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [61], [62], [63], [64], [65], [66], [67], [68], [69], [70]. The IDS faced challenges in accuracy by reducing false alarm rates. For that reason, the DL with an IDS system was deployed as a potential solution to identify intrusion attacks [69]. Beyond that, binary and multiclass experiments were performed on the CSECIC-IDS2018 and the Bot-IoT datasets [70], [71], [72], [73], [74].

III. RESEARCH METHODOLOGY
The proposed framework depicts the complete process of a working operations that includes IDS and the revolutionary process, as illustrated in Fig 1. Precisely, the designed framework consists of five levels, which shows the novelty such as 1) the initial stage of datasets under study; 2) Data preprocessing; 3) learning component; and finally, 4) results of diverse cyberattacks and malicious detection.

Data Preprocessing:
Data preprocessing is collecting and manipulating electronic data and transforming data values of a certain dataset. It is the modification of information detected by the observer, aiming to optimize the information acquisition. Generally, there is a very large difference between the minimum and maximum values in the dataset. The normalization process reduces the complexity of the algorithm and data allows an adequate benefit for the classification of algorithms related to neural networks. The basic method of normalization is data scaling, it consists of minimum and maximum algorithms. The data converting into current range typically (−1, 1) and (0, 1) interval. In addition to this, the standardization function is also used for normalizing data in advance, whereas the z-score function is used to normalize the features of the dataset with the standard distribution, as shown in Figure 1.

A. DEEP DISCRIMINATE MODELS (DDM)
In the designed framework, a deep neural network (DNN) working with multiple input and output layers. The DNN is used as a multilayer perceptron due to its properties. In a network, the multilayer features are brought advantage to represent the complex and unique methods with given parameters. The DNN network supports feature extraction and representation learning. Fundamentally, the DNN method chains three categories of layers: The first layer is made up of input layers, a concealed layer, and a convolution layer. The proposed DNN model provides a solution to network security problems for flow-based anomaly detection and analysis [50]. The simple DNN method is initially applied for network security results, with a single input layer, three hidden levels, and a final layer at the end. A few experiments are compiled on the NLS-KDD database, where the proposed model shows outstanding results for identifying zero-day attacks and outperforms the competition and conventional techniques.
Moreover, to enhance the performance of the DNN model, they developed a novel network structure named Hash-Tran D.N.N. to categorize the OS Android malware [51]. RNNs (recurrent neural networks) are a set of neural networks that allow prior outputs to be used as inputs while having hidden states, as shown in Figure 2. So, the output of CNN and DNN simply represents the current inputs' effect without considering past and future information. RNNs may achieve notable performance in recognition and classification without temporally erratic characteristics. With the help of time-dependent data, the RNN focuses on a special package for a neural network for memory function to manage the previous content. However, there are several challenges in the construction and design of RNN with intensity explosion  and extinction. The RNN does quite well with time-series information, such as design features that coincide with the notion that human cognition is founded on memories and experience [52], [53], as shown in Figure 3. Due to the time series, RRNs cause forgetfulness or long-term reliance. Thus, the researchers created the LSTM and GRU with design gates and memory cells, which have a long-term association. and the flow of information from gate to gate. At each timestep t1, the activation a (t) and the output y (t) is expressed as follows in equation 1 and 2: where Wax, Waa, Way, ba, and by are coefficients that are shared temporally and g1 and g2 are activation functions. The RNN is described by introducing an interconnection matrix V.W.M. RaMaM to layer M [1, N] to produce a layer M of the recurrent community conversation to decide in fig. 3 and grade by grade are defined in pseudocode as a set of rules in algorithm 2.

C. CONVOLUTIONAL NEURAL NETWORKS (CNNS)
The CNN is also termed as ConvNet, The CNN contains a deep and hierarchical structure, and it encompasses high computation for processing complex data, which is normally represented in the deep learning domain in the form of cascading linear and nonlinear fashion. The CNN used independent features and less preprocessing to contain prior knowledge. [54] The ConvNet layers are the basic building blocks of a convolutional neural network, and these layers take the computation burden and carry the data from one layer to another, as shown Figure 4. CNN uses a modified design of multilayer perceptron for minimal processing with local connectivity and weight sharing. For self-learning, the CNN layers take the dot product of data in matrix form [55]. The

Algorithm 2 RNN Pseudocode for Number of Attacks Detection The input Training R(t), S(t) h(t)=r(t) ∀t ∈ [1,tf]; Normalize the dataset (Di) between (0,1) Select training (Tw and Di) Outer loop k= 1 to Size of samples do Inner loop t= 1 to tf do Gm(t) = WM * HM-1 (t) (Therefore: WM = Weight Matrix and HM = Hidden Matrix) plus VWMX HM (t1-1)+ Bm. hM(t)= αM(gM(t)); Run Predictions using L End Inner Loop End Outer Loop
learning is based on learnable parameters and various kernels. Structure-wise, the CNN network has three layers: 1) input, 2) hidden, and 3) output. The hidden layer uses different filters such as kernel, max, and min pooling, and a complete connection layer, as shown in fig 4, in network data passes through each step either backward or forwards. The kernel slides with a certain height and width in each network layer and representation are shown in the receptive region. In one more step, CNN produces a 2-dimensional vector of image known as the activation layer, which response to the kernel at each position. Each sliding layer is also called a striding. The equations 3 show the Wout computation: The output extent of length is Wout x Wout x Dout. If we have an entry of length W X W X D and Dout wide variety of kernels with a spatial length of F with aspect S and a quantity of padding p, then the dimensions of the output extent may be determined.

IV. EXPERIMENTS AND RESULTS
With the rapid growth of applications and network uses, security has become a significant concern for network systems. Numerous IoT devices rely on the self-created system, which is susceptible to diverse attacks. The network layer issues denial of service (DoS) assaults, gateway attacks, sniffers and illegal access. IDS are improved along with the emergence of large-scale, high-dimension IoT and computer networks. However, in this section, we evaluated the results of the proposed framework. To elaborate on the effectiveness of a Deep learning-based approach for enterprise network environment solutions for edge IoT device security. Table 3 shows the results of Deep Learning discriminative methods for various attacks and the type and nature of attacks and benign. It is shown that deep neural networks give outstanding results on the performance metrics of true negative rate (TNR) (attack) with an accuracy of 96.915%. The recurrent neural networks and their variants archive good results on seven different models and attacks.    Table 4 shows that the UNSW-NB15 database helps to achieve the best overall performance compared to the other seven well-known models, except for the overall recall rate with five different attacks (DNN (in generic attack) performs slightly higher as compared to others, such as 96.99%, whereas CNN in Normal Attack performs lower than 83.01%). UNSW-NB15 reaches the highest detection rate on the Normal, Generic, DoS, Analysis, and Exploits.
In this section, we explained metrics and performance measurement (07) equations such as ACC (Attack), Precision (attack), true positive attack TPR (attack), true negative rate TNR(attack), recall RE(attack), false positive rate FPR (attack), F1 Score (attack), we express various substances where positive FP (attack) are false and true positive TP (attack) are related to attack data appropriately or incorrectly, the measurement true positive TP (attack) and false-positive FP (attack) is used to classify the normal data, and attacks. Subsequently, the performance measurement equations (01-07) are defined as: The ACC (attack) is a classical metric for evaluating the accuracy of classification models, in which ACC denotes the fraction of the total number of assaults accurately VOLUME 11, 2023  categorized. Fig 5 depicts that each epoch processes the actual data from the system, either backwards or forward. The RE (attack) or TPR (attack) measurement focuses on the proportion of predicated attacks from the entire attack data, the PR (Attack) is only interested to determine the fraction of attack data accurately categorized from all data, indicating how many assaults are genuinely predicated as actual attacks. Maximizing PE (attack) will minimize the number of FP, whereas maximizing RE (attack) will minimize the number of FN FNR (attack) and estimates the percentage of the number of attacks and the number of miscounted average data from the entire sample. The second name of FPR (attack) is a FAR (attack) measure, and it is based on the fraction of innocuous incidents that are mistakenly categorized as attacks. TNR (attack) may be predicted as the fraction of attack samples in the total samples. The F1-Measure, or F1-score (attack), The F1 score is a cumulative total of PR and RE, which equally represents the precision and recall, the variant most often used when imbalanced data and exemplifies accuracy both in recognition rate.
The stats in Table 5 provide thorough information on attack detection on deep learning methods such as RNN, CNN, and DNN, as explained in the methodology section. Of the listed methods, most of them work on malware detection and intrusion detection. In this paper, we emphasize imbalances in results between researchers and dataset-wise. The different authors adopt distinct databases, settings, and measures. In this paper, we used quality measurements to analyze the results and compare and contrast the accuracy of listed methods such as RNN, CNN, and DNN with the help of measurement metrics such as F1 score, accuracy, precision, and FPR.
Furthermore, Table 2 also roughly summarizes and highlights the deep learning methods for detecting different types of attacks. Figures 5 and 6 depict the proposed framework accuracy and loss with 25 epochs, in graphs representing the system's performance drastically changing at specific points and with distinct hyperparameters. As shown in Table  4, the advised performances of numerous types of assault detection structures are different from each other. According to the authors, all four (CNN, AE, DBN, and LSTM) provide the best overall identification accuracy in the order of decreasing. The hybrid approaches are inconsistent, as their performances show that they are linked with classifiers in groups.
In addition, DBN is the top performer because of its intrinsic characteristics of more than one layer in processing large amounts of unlabeled data. In addition, LSTM, by utilizing connected temporal assets for more detailed simulation, may outperform in terms of results compared to CNN. AE can also be plagued by a large amount of unlabeled data that lacks adequate understanding or layers to understand the complexity buried. Generally, it's far more fascinating to notice that AE and RBM are better and more famous for instruction and cyber threat identification by using unlabeled points and fine-tuning some label points. The results in Table 4 summarized the results of ID, MD with quantitative evaluation using various deep learning for analyzing the types of attacks, cyber-attacks and malware detection, correspondingly, discovering that the high-quality overall performance completed via assault detection techniques on KDDCup ninety-nine datasets by ACC values obtained via indexed techniques as the primary assessment index, significantly, 99.8%, performed with the aid. The samples of 9144 VOLUME 11, 2023 the NSLKDD database are more significant than others, and the accuracy (98.3%) performed with the aid demonstrates that the NSLKDD database is far more challenging than the KDDCup99 dataset due to the inclusion of uncertain times in the testing database. Another relevant element is that all CNN-primarily based techniques avoid using the KDD-Cup 89 and NSLKDD datasets because of their restricted sample size. I could not help demonstrating the noticeable strength of CNN for developing distinctive descriptors with lots of details. Therefore, several deep learning approaches, mainly unsupervised learning techniques, should expose the scarcity of sufficient schooling samples. We can see that the general performance of AE-primarily based strategies is unequal, with the most advanced AE-primarily based strategies being unquestionably superior to the traditional methods. The AE form may lose critical records during the compression process. However, with new designs, enhanced AE might better understand critical and informative components of the source file. Likewise, LSTM-primarily based and GRU-based strategies exceed RNN-primarily based techniques regarding gate efficiency and memory cell shape architecture. Such creative designs boost the capability to retain long-term period information, resulting in a more significant long-term connection, as shown in Figures 5  and 6.
Recently, researchers proposed various DBN and RNNbased methods for attacks and intrusion detection in image and text processing. To classify the DBN and RNN, traditional supervised and unsupervised methods are used, correspondingly compared, and elucidate the benefits and disadvantages of both groups. The RNN is an Essential and essence unit. It recalls information from the previous store moment, uses it in the current calculation as input, and keeps storing temporal information for more transparent and authentic classifications. Moreover, with enough instances, the RNN has an effective structure in the situation of old and new cyber-attacks; on the other hand, DBN is capable of automatically detecting features and patterns from the input.
This experiment is performed on Google colab with python 3 with GPU (Graphics processing unit) and TPU. (Tensor processing unit) with distinct settings. The system is tested on various hyper parameters such as regularization, activation (hard sigmoid, nadam, Adamax and Adam) and optimization (relu, sigmoid, softplus and softmax). The system's performance is greater than 95% in terms of accuracy with mentioned hyperparameters in Table 6. VOLUME 11, 2023

V. CONCLUSION AND FUTURE SCOPE
This paper discusses the involving challenges and limitations in previous studies, which have been investigating how to use deep learning in the early detection and eradication of cyber threats. These highlighted issues pose serious issues in today's world scenario. Many problems still exist that require investigation. And so, it is also quite challenging to amend DL methods for attack detection as a real classifier. As mentioned previously, the deep learning approaches reduce the features, pattern dimensions, and evaluation costs throughout the feature extraction. This study employs deep learning techniques for cyber-attack malware detection, such as identification and discriminative. However, the paper summarized the seven approaches, i.e., deep learning (RNN, CNN, and DNN) and generative models/methods (RBN, DBN, DBM., and DA). In addition, this research investigation focuses on accuracy and provided dictionaries in the research field. The experimentation of this study demonstrates IDS and Cybersecurity attacks, which are detected successfully using a collaborative technological environment. Also, we have investigated to find which DL techniques performed better among the others. According to this analysis, the use of deep learning methods increases the investigational rate of classification intrusion while providing a robust performance of state-of-the-art supervised systems. In this scenario, a part of future work, this study extended to include advanced deep learning methods and transfer learning approaches. Moreover, the robustness of the supervised system is validated using IDS training. Moreover, this proposed approach may not always be sufficient for all attacks. Therefore, this is a need to investigate other possible ways. Thus, when designing a newfangled Intrusion Detection System (IDS), the properties can be used in the real-time system to detect internal and external intruders and their malicious behaviors. This research will validate IDS and, in the future, identify the internal and external intruder's accurately in real-time and be used by several firms and MNCs to protect their value.
IRFAN ALI KANDHRO received the Master of Science degree in computer science from Mohammad Ali Jinnah University, Karachi, Pakistan, in 2019. He is currently pursuing the Ph.D. degree in computer science with Sindh Madressatul Islam University, Karachi. He has worked for more than seven years as a Lecturer and a Software Engineer. He has published multiple research papers in international and ISI indexed journals, conferences, and workshops. His research interests include programming languages machine learning, deep learning, computer vision, and natural language processing. SULTAN M. ALANAZI received the master's degree in IT and the Ph.D. degree in computer science from The University of Nottingham, U.K. He worked as a Teaching Assistant at The University of Nottingham. He has more than ten years of experience in the IT field. He is currently an Assistant Professor with the Department of Computer Science, Northern Border University, Saudi Arabia. He has published several research papers in reputed international journals and conferences. His research interests include cybersecurity, machine learning, NLP, social network analysis (mining), user-modeling, and recommender systems.
FAYYAZ ALI received the bachelor's degree in computer engineering from the Sir Syed University of Engineering and Technology, Karachi, and the Master of Science degree in software engineering from the University of Hertfordshire, U.K. He has worked for more than three years as a Lecturer and 11 years in industry on different positions in various companies. He has published multiple research papers in international and ISIindexed journals, conferences, and workshops. His research interests include software methodologies, business processes, ERP systems, programming languages, machine learning, deep learning, computer vision, and natural language processing. ASADULLAH KEHAR received the Ph.D. degree from Shah Abdul Latif University, Khairpur, Pakistan. He is currently working as an Assistant Professor at the Institute of Computer Science, SALU, Pakistan. His research interests include software engineering, digital image processing, and data sciences. He has supervised several postgraduate level students. He has published various research articles on state-of-the-art technologies.
KANWAL FATIMA is currently pursuing the bachelor's degree in computer science with Sindh Madressatul Islam University, Karachi, Pakistan. She has more than two years of experience creating blogs, articles, and other content for content writer in Pakistan. She has experience working on many websites as a Researcher and a Content Writer. Her research interests include programming languages, deep learning, computer vision, and natural language processing.
MUEEN UDDIN received the Ph.D. degree from Universiti Teknologi Malaysia (UTM), in 2013. He is currently working as an Associate Professor in data and cybersecurity at the University of Doha for Science and Technology, Qatar. He has published more than 130 international journals and conference papers in highly reputed journals with a cumulative impact factor of over 300. His research interests include blockchain, cybersecurity, the IoT security, and network and cloud security.