Optimization of Intrusion Detection Using Likely Point PSO and Enhanced LSTM-RNN Hybrid Technique in Communication Networks

The intrusion detection system (IDS) is considered an essential sector in maintaining communication network security and has been desirably adopted by all network administrators. Several existing methods have been proposed for early intrusion detection systems. However, they experience drawbacks that make them subsequently inefficient against new/distinct attacks. To overcome these drawbacks, this paper proposes the enhanced long-short term memory (ELSTM) technique with recurrent neural network (RNN) (ELSTM-RNN) to enhance security in IDS. Intrusion detection technology has been associated with various problems, such as gradient vanishing, generalization, and overfitting issues. The proposed system solves the gradient-clipping issue using the likely point particle swarm optimization (LPPSO) and enhanced LSTM classification. The proposed method was evaluated using the NSL-KDD dataset (KDD TEST PLUS and KDD TEST21) for validation and testing. Many efficient features were selected using an enhanced technique, namely, the particle swarm optimization. The selected features serve for effective classification using an enhanced LSTM framework, where it is used to efficiently classify and detect the attack data from the normal data. The proposed system has been applied to the UNSW-NB15, CICIDS2017, CSE-CIC-IDS2018, and BOT _DATASET datasets for further verification. Results show that the training time of the proposed system is much less than that of other methods for different classes. Finally, the performance of the proposed ELSTM-RNN framework is analyzed using various metrics, such as accuracy, precision, recall, and error rate. Our proposed method outperformed LPBoost and DNNs methods.

artificial neural network (ANN) [3], K-nearest neighbor, and random forest [4]. Recently, deep learning [5], an MLbased technique, has been continuously implemented in developing IDSs. Studies have proved that deep learning methods completely outperform conventional methods.
Recently, recurrent neural network (RNN) [6] has been broadly applied in IDS among different neural networks. The framework of RNN acquires knowledge regarding available and sequence information already prevailing. However, when a vanishing gradient problem occurs in RNN, the capacity of RNN to acquire knowledge even from remote information is lost over time [7]. Long-short term memory (LSTM) is considered an advanced version of RNN, retaining the advantages of RNN and solves the vanishing gradient problem [8]. LSTM obtains the dependency of a long-term relationship. A particular life cycle is present for classifying every cyber/internet attack, and they are continuous for the time. Thus, using the temporal correlation features identifies the cyber/internet attacks. The LSTM neural networks handle issues that occur for time. The accuracy rate of such a system is increased using LSTM in intrusion detection.
Mishra et al. investigated and analyzed various ML intrusion detection techniques [9], where the classification of attacks and the features related to each attack were provided. Semi supervised learning has considered a vast amount of unlabeled and labeled samples in developing a better classification tool. ANN-based IDS was developed to identify and prevent complicated intrusion activities that are highly undetected using conventional ML approaches. Therefore, deep learning was introduced to replace outdated ML approaches. This study aims to inspect the capability of deep NN as a tool for preventing various intrusion attacks. Finally, it conducted a comparative analysis with SVM. The outcomes proved that the accuracy of IDS using DNN is plausible [10].
An IDS for the cloud using NN and ABC optimization algorithms was introduced by [11]. This system is wholly based on the combination of multilayer perceptron (MLP) network, ABC, and fuzzy-based clustering algorithms. MLP is used for identifying the normal and abnormal packets. Meanwhile, the ABC algorithm trained the MLP using optimizing linkage weights and biases. NSL-KDD and CloudSim were used to validate the model [12]. Dias et al. proposed an IDS using ANN, which was applied to the KDD CUP'99 dataset [13]. Authors in [14] developed a network-based IDS NIDS using ANN. The NIDS are either anomaly-based or signature-based. In [14] paper had focused on anomaly-based detection and hence developed Neural Network Intrusion Detection System NNIDS which ensured that, it successfully recognize malicious activities in a networking environment. Finally, NNIDS is tested for the UDP flood attack, SYN flood attack, some other scanning attack, in addition to non-malicious communication.
NSL-KDD datasets are considered as effective benchmark datasets for researchers to compare different intrusion detection methods. NSL-KDD datasets are available for download from -UNB repository at https://www.unb.ca/cic/datasets/nsl. html -kaggle repository at https://www.kaggle.com/datasets/ solarmainframe/ids-intrusion-csv -IEEE DataPort at DOI: 10.21227/425a-3e55 Authors in [15] proposed a reduced feature IDS using an ANN-based classifier, which requires essential features to be considered when reducing the dimensionality problem. Thus, they developed an intelligent system where it initially performs feature ranking on the basis of correlation and gain. The approach was used to identify the features that are useless and useful. These reduced features were transferred to FFNN to train and test the dataset. Their proposed system aimed to attain the same performance as other systems by testing and validation using five datasets. Because of the advancement in computational resources, RNNs provided remarkable growth in the deep learning sector; explored an RNN-IDS, i.e., IDSbased on deep learning with RNN.
Chawla et al. [16] proposed host-based IDS using combined CNN and RNN models. Host-based IDS prevents systems from malicious attacks. Their work uses gated recurrent units (GRU) instead of LSTM networks to acquire similar sets with minimized training times. The combination of stacked CNNs with GRUs provided a better anomaly IDS. The output from the GRU layer was handled with a softmax layer that outputs a probability distribution by calling system integers. This resulted in minimized training time while attaining comparable results. Authors in [17] developed SDN-based IDS. Though SDN had appeared as a critical point for promising network-based architecture, the flexibility provided by this network has led to new design issues for network security. Hence, to address this issue and strengthen network security, this paper proposed GRU-RNN-enabled IDS for SDNs. This approach was tested and validated using the NSL-KDD dataset and attained an accuracy of 89%. Furthermore, the developed GRU-RNN did not minimize the performance of the network. Radford et al. [18] presented an IDS for detecting anomalies using RNNs. RNNs can be used to detect intrusions in network traffic. Manual detection results in poor identification of patterns. Thus, an alternative approach that potentially detects distinct malicious activity was introduced, such that the net flow was compressed into word sequences and formed sentences. These sentences generated a system that learns syntactic and semantic grammar. STM-RNN was used for capturing complex relationships. Authors in [19] developed an LSTM based RNN approach for IDS. Since IDS is an essential milestone in information security, it detects different pattern attacks accurately in a network and extends the conventional RNN to include LSTM. This is because they used a binary classification to validate their system by comparing it with conventional RNN for the learning rates and the number of hidden nodes. They had shown that by combining LSTM, a higher accuracy detection rate can be 9470 VOLUME 11, 2023 delivered than many conventional methods. Although several related works abound, some issues were not under focus, such as higher training time, complex operation, and poor detection of newer attack patterns.
To improve IDS systems by hybridization and hyperparameter tuning, the Hybrid Nesterov-Accelerated Adaptive Moment Estimation-Stochastic Gradient Descent Ameliorated (HNADAM-SGD) Algorithm has been developed in [35]. HNADAM-SGD surpassed other classification algorithms based on hybridization and hyperparameter control, including logistic regression, ridge classifiers, and ensemble algorithms. However, this algorithm's performance is influenced by various factors, including the number of hidden layers, the number of units per layer, the regularizer learning rate, the number of failures, and weight decay. There is no established method for identifying hyperparameters; hence, the hyper-tuning approach varies based on the dataset's type, size, and nature.
PSO-LightGBM, a gradient descent algorithm based on particle swarm optimization, is applied in [36] for intrusion detection. In this technique, the data features are extracted using PSO-LightGBM, and the data is then fed into an OCSVM (one class SVM) to find and detect malicious data. The intrusion detection model is tested using the UNSW-NB15 dataset. The PSO-LightGBM algorithm is exceptionally effective at identifying both normal and malicious data, particularly small samples such as Backdoors, Shellcode, and Worms. However, it takes longer to discover and identify data, as well as to produce all of the printed findings for IoT applications. Table 1 shows the advantages and challenges of different artificial intelligence methods. Since IDS is an important milestone in information security, it detects different pattern attacks accurately in a network. Our proposed framework uses the NSL-KDD dataset (https://www.unb.ca/cic/datasets/ nsl.html) for validation and testing. Data preprocessing was performed by normalization and encoding. A huge number of features were selected using the likely point particle swarm optimization, method. The work depicted the alteration of the PSO algorithm for combating various issues like gradient vanishing, high fitness, and premature convergence [20]. Instead of pulling each particle to the best position it can discover, the proposed algorithm LPPSO moves particles toward nearby particles of higher fitness. An ELSTM-RNN based framework is used to efficiently classify, detect, and clearly distinguish between the attack and normal data after receiving the chosen features. Consequently, the following are the algorithm's major objectives: -Effectively select several features using LPPSO.
-Minimizing the training time using the enhanced LSTM method with RNN. -Accurately classifying and differentiating between the attack and normal data using the proposed framework. Several related works have been developed. However, many critical issues are not discussed in them, such as higher training time, complex operation, and poor detection of newer attack patterns. To mitigate these problems and enhance the enhanced detection of intrusions, a novel enhanced LSTM-RNN-based IDS has been proposed. We compared our results with other algorithms that had used the same dataset, such as [21].
This work is organized as follows; section II includes materials and methods. Calculations are presented in section III. Section IV shows simulation results of the proposed  Figure 1 shows the workflow of the proposed IDS using LSTM-RNN. Here, KDD TEST plus and KDD TEST 21 [22] datasets were used for training and testing. First, large data are preprocessed to remove unnecessary data from both datasets. Then, efficient features are selected using the LPPSO technique. Next, the selected features are used to effectively classify whether the data are an attack via LSTM based on the RNN framework. Results show that LPPSO with the RNN framework significantly reduced the training time compared with other conventional methods. Detailed comparisons regarding training time are introduced in section IV.

A. DATASET AND DATA PREPROCESSING
The datasets named KDD TEST plus and KDD TEST 21 were used in our proposed (ELSTM-RNN) system. They are widely used in simulations and for validating IDS-based systems. We can see several records of attack types, corresponding attributes, and classification in its complete version. Although the complete KDD dataset is large, it is refined and preprocessed. Raw data are characterized by outliers, noise, and missing values. Therefore, appropriate preprocessing was done to smooth noise, remove outliers, and input missing values to solve inconsistencies. This data preprocessing involves data encoding and normalization.

B. FEATURE SCALING USING PSO
In the training step, the extracted features were selected from KDD TEST plus and KDD TEST 21. To select the most necessary features, an PSO-based dimensionality reduction approach was proposed. The input data can be generated by computing rows and columns of the provided dataset. The PSO-based optimization technique is inspired by the behavior of flying birds, thereby defining the information exchange to rectify the optimization problems.
In a swarm, each particle represents the possible solution. In each iteration, the node is updated using global and fitness values named gbest and pbest, respectively. Every node changes its current position and velocity relative to the distance between the current position of gbest and pbest nodes. Finally, the best values of pbest nodes attain the global best. The optimized node moves toward the best solution. This technique selects the best features for adequate classification.
Every data divided using this technique differentiates one variable from another. Once the dataset is preprocessed, dimensionality reduction is accomplished. Algorithm 1 represents the entire steps performed in the algorithm by selecting appropriate features for the output data from preprocessed data. As aforementioned, the covariance matrix and Eigen set are created. Then, the best features selection is performed. From this process, the most compelling features are selected from the extracted features, making the outcome much more effective.
Initialize particles using the Best index of l_pin l_p; 14.
While Failure to meet the stop criteria do 15.
For each particle i do 16.
C ′ pi =Transform training collection C p based on particle location i; 17.
End of If 22.
End of For 23.
Update gbest; 24. if It meets the criterion of scale then 25.
Increase the initial size; 26.
End of If 28.
For each particle i do 29.
For each dimension j do 30.
Update particle i location at dimension j with Eq.(3) 31.
End of For 32.
End of For 33.
End of While 34. until It does not meet the criterion of scale; 35. Return the selected features and their l_p from the position of gbest; 36. End of Algorithm First, we take the NSL-KDD dataset as the input set. Then, all the features are gained. The threshold is set to be 0.5; then, the distance, balanced accuracy, and fitness are calculated. Subsequently, we retrieve all the entropy cut points that satisfy equation one corresponding to individual features. This process is repeated, and the particles are initialized using the best index. Next, the training collection is transformed on the basis of particle location, and each particle's fitness is calculated using equation 4. Finally, the best-selected features are obtained upon satisfying the scale criterion.

C. ENHANCED LSTM-RNN
LSTM is a renowned deep learning model and neural network used for identifying text and images to provide better performance [1]. Even with numerous advantages, a major drawback is holding long-term dependencies where this task gets connected with older tasks under the fading of gradient descent. Subsequently, LSTM is used for capturing these dependencies. The goal is to attain the vanishing gradients, find an optimizing algorithm for evaluating the weights in RNN, and avoiding the issues from long-term dependencies. The RNN network has cyclic connections, which make the network powerful for modeling sequences. Every LSTM cell has three primary gates: input, forget, and output gates of time t. σ represents the logistic sigmoid function. The input gate handles the new values entering the cell; forget gate handles the cell's remaining values, and the output gate tunes the value used for computing the cell output of LSTM. The first stage contains the sigmoid layer's decision of removing information from the cell. Thus, the output will be either 0 or 1 for removal or retaining, respectively. In the LSTM-RNN network, the recurrent hidden layer is replaced by the LSTM cell. Figure 2 shows the LSTM framework.

III. CALCULATION
A decision is made based on the new data maintained in the cell state. There are two major components to this step: 1) The sigmoid layer decides which value has to be updated.
2) The tanh () layer produces the weights of the vector in the cell state.
Then, the states are updated by combining these two parts. The previous cell can be denoted as Ct-1, which is updated into a new cell Ct. Then, the product of Ct-1 and forget gate ft will be summed up to its product and tanh()'s to get the new sets in each update state. The final step is to regulate the output, which ultimately depends on the selected version of the cell's state. The equations for computing the previous values are as follows: At time step greater than T: The calculation process of time greater than (T) is estimated in m and D layers by the following formulas.
The calculation process of time which is greater than m is estimated as the following equations.
W denotes the weight between the individual gating unit and the depth-LSTM block output in the upper layer grid. V denotes the weight between time-LSTM output at the last moment and the grid-gating unit, and U denotes the weight between LSTM blocks cell states in all dimensions of the neighboring grid. The rationale behind choosing the LSTM technique in IDS is because LSTM works excellently, whenever the data are in time series or sequential form. After all, LSTM cells have a memory that stores the previous time step information, which is how it learns. In this study, LSTM is used to detect intrusion using intrusion sequence data from NSL-KDD and is compared with CSE-CIC-IDS2018, BOT _DATASET, UNSW-NB15, and CICIDS2017 datasets.
The k-NN technique employs every labeled training instance in the NSL-KDD dataset to create a model of the intended function. In order to find a local optimum hypothesis function, k-NN employs a similarity-based search technique during the classification phase.
In CICIDS2017, Feature selection based on the Fisher Score algorithm resulted in 94.5% accuracy obtained by using MLP solely. Using MLP and Payload Classifier together, a 95.2% accuracy rate is detected. On another side, the BOT dataset gives the highest accuracy from the SVM model about 98% detection rate [38], [39].

IV. RESULTS
NSL-KDD CUP (KDD TEST 21 and KDD TEST PLUS) datasets (https://www.unb.ca/cic/datasets/nsl.html) are commonly used for validating and testing the performance of RNNs. The database was developed in the Lincoln lab at MIT. The data are processed and converted with 42 digital features, 38-dimensional features, and four symbol features. Every register is labeled as attack and normal data. We classified 39 subtypes into four categories: DoS, Probe, R2L, and U2R attacks [23], which are explained in detail as follows: 1) DoS Attack − It happens when the attacker attempts to disturb some system resources by making them very busy, such that the appropriate users are not granted access into the network. An example is Neptune.
2) Probe − The attacker tries getting information about the CN or attempt to find the weakness in the network topology and discover the attack point. An example is Nmap.
3) R2L Attack − Here, the attacker sends packets to the system via a network without any authority. Then, the vulnerability is assessed by the attackers. An example is the Multihop.
4) U2R Attack − The attacker has local access and, via some vulnerabilities, access the system: for example, load module.
Each dataset record has 41 parameters, such as protocoltype, duration, flag, and service, obtained from network connections and a label that indicates them as normal or attack data type.
Various performance metrics, such as accuracy, precision, F-measure and recall, have to be evaluated with the provided dataset to assess the performance of the proposed (ELSTM-RNN) system. Table 2 illustrates the confusion matrix.
TP and TN denote ''normal'' when it is normal data and ''attack'' when for the attack data, respectively. However, FP and FN denote ''attack'' for the normal data and ''normal'' for the attack data, which can be formulated as below equations as proved in [36] and [37]:  • FN = false negative • TP = true positive By dividing the number of normal records that are incorrectly identified as intrusions by the total number of normal records, the False Positive Rate (FPR) is obtained. The degree to which a positive prediction is correct is determined by precision. In other words, it examines how certain you can be that a result is positive if expected to be positive. Recall, often known as the true positive rate, is a metric measuring how many of the dataset's positives are indeed true positives. Sensitivity is also another term for it. The number of accurate predictions your model made throughout the entire test dataset is known as accuracy.

A. ACCURACY COMPARISON
The accuracy of the proposed (ELSTM-RNN) model was compared with other conventional methods and represented graphically in Figure 3. The figure represents the accuracy comparison between the proposed system and other systems, such as the static and adaptive method.
From Figure 3, the static and adaptive methods hold accuracies of 59.7% and 77.99%. However, the proposed (ELSTM-RNN) method provides 96.89% accuracy. These statistical measures proved that the proposed method outperformed other mentioned methods in terms of accuracy.
The performance metrics, earlier discussed, of the proposed ELSTM-RNN system were compared with KDD TEST plus and KDD TEST 21 datasets as graphically represented in Figure 4.

B. DATASET COMPARISON BASED ON PERFORMANCE METRICS
The performance measures such as accuracy, recall, precision, and error rate were under review in the comparison. Despite good efficiency with both datasets, results showed that performance measures were highly effective with the KDD test plus dataset.

C. INDICATOR OUTCOMES-[24] VS PROPOSED FOR KDD TEST PLUS (KTP) AND KDD TEST 21(KT-21)
We compared the outcome of indicators with DoS, Probe, U2R, R2L, and normal of the IBWNIDM [24] and the   proposed ELSTM-RNN system, as shown in Table 3. The matrix is the test classification with the five labelled samples in which the bold numbers denote the sample category that was correctly identified.

D. COMPREHENSIVE PERFORMANCE METRICS EVALUATION WITH DIFFERENT DATASETS
Three neural networks, namely, IBWNIDM, DBN, and RNN [24] detection methods in IDS, were tested to predict the efficiency of the proposed algorithm in the intrusion detection system. Table 4 presents the test results, which prove that the proposed system's accuracy and true positive rate (TPR) percentage are higher than those of IBWNIDM, DBN, and RNN detection models. The false positive rate (FPR) percentage is considerably low, proving the proposed system's high effectiveness. The results in Table 4 show that FPR of the proposed model is lower than those of the other three models. Consequently, TPR and accuracy (A) are considerably more significant than other models based on KD-P and KT-21 datasets, resulting in the proposed system outperforming other existing methods.
For the verification and validation of the proposed system model, testing and training experiments were conducted on IDABCNN, NIDMBCNN [25], IBWNIDM [24], and [26] NSL-KDD datasets, respectively. Table 5 presents the comparison of some performance metrics with respect to the CICIDS2017 dataset, applied to the different existing methods, such as DNN (Yang and Wang  Results from Table 5 proved that the proposed method has higher accuracy than other methods with accuracy, precision, recall, F1-measure, FAR, sensitivity, specificity, error rate, negative precision, BDR, and BTNR. The excellent accuracy of the proposed method (in the second column) results from using LPPSO and the LSTM-RNN framework.
Moreover, the proposed (ELSTM-RNN) method achieved good training and testing time compared to other methods, as shown in Table 5. Also, the nominal error rate is obtained by the proposed method, among the other mentioned methods. From another side, the training and execution time of the proposed method outperformed traditional LSTM and DBN methods and still in suitable range with DNN algorithm. The best values are highlighted in         Figure 6 shows that the proposed (ELSTM-RNN) method has a reasonable training time among the other methods in that it achieved the shortest training time in 75% of the total cases and achieved reasonable training times compared with other methods in the remaining 25% of the cases. Figure 7 shows the accuracy of the deep discriminative models in terms of hidden nodes (HNs) and various learning rates (LRs) for BOT_IOT datasets.
The proposed method shows higher accuracy than the existing DNN, RNN, and CNN models for the BOT_IOT datasets. Moreover, Figure 8 illustrates that the proposed (ELSTM-RNN) method has a reasonable training time compared with other methods in that it achieved the shortest training time in 58% of the total cases and achieved reasonable training times compared with other methods in the remaining 42% of the cases.

E. COMPARATIVE ANALYSIS OF THE PROPOSED AND THE EXISTING METHODS WITHOUT AND WITH TRADEOFF PARAMETER OPTIMIZATION
The proposed (ELSTM-RNN) algorithm was compared with the LPBoost algorithm used in [28], which uses a  [28] and proposed (ELSTM-RNN) system performance without tradeoff parameter optimization.

FIGURE 9.
Comparative analysis in terms of detection rate model without optimization of tradeoff parameters [28]. combination of the LPBoost algorithm and chi-square feature selection [28]. Authors in [28] used the UNSW-NB and NSL-KDD datasets to test the algorithm. Thus, the proposed algorithm was applied on the same datasets in terms of detection and false alarm rates to validate its efficiency without parameter optimization, as shown in Table 7 and Figures 9 and 10, respectively.
The intrusion detection rate percentage of the proposed ELSTM-RNN system is 98.8%, whereas the LPBoost system [28] exhibits 97.78% without parameter optimization, as shown in Figure 9. Similarly, on the UNSW-NB dataset, the LPBoost algorithm [28] and the proposed ELSTM-RNN produce an intrusion detection rate percentage of 96.21% and 97.04%, respectively, with the latter outperforming the former.
On the other side, the false alarm rate of both methods is compared on the aforementioned datasets, as shown in Table 7 and Figure 10. The proposed ELSTM-RNN algorithm, when applied to the NSL-KDD and UNSW-NB datasets, gives a lower false alarm rate than the LPBoost  Comparative analysis for the model optimization of tradeoff parameters in terms of detection rate [28]. algorithm [28], ensuring the effectiveness of the proposed methodology in the intrusion detection process.
Additionally, a comparative analysis was performed after tradeoff parameter optimization, as presented in Table 8. The proposed NSL-KDD dataset exhibits a 99.95% detection rate percentage, whereas the LPBoost [28] records 99.83%. While using the UNSW-NB dataset, LPBoost showed a detection rate of 98.04% [28] compared with 99.4% obtained from the proposed ELSTM-RNN algorithm. Thus, the proposed system outperformed the LPBoost system in terms of detection rate, as shown in Figure 11.
Additionally, the performance of the proposed (ELSTM-RNN) method and the LPBoost with chi-square feature selection algorithm are compared in terms of the false alarm rate after optimizing the tradeoff parameters, as shown in Figure 12 and Table 8. The proposed system showed a significantly lower false alarm rate than LPBoost for both datasets, thereby increasing the detection rate. Consequently, the overall efficiency of the proposed system is better and VOLUME 11, 2023 FIGURE 12. Comparative analysis for the model with optimization of tradeoff parameters in terms of false alarm rate [28].  [29] in terms of various classes. effective in the detection rate and false alarm rate compared with the LPBoost systems in [28].

F. COMPARATIVE ANALYSIS OF THE PROPOSED (ELSTM-RNN) WITH CHI-SQUARE FEATURE SELECTION AND MULTICLASS SVM METHOD USING VARIOUS PARAMETERS
This section compares the proposed (ELSTM-RNN) algorithm with another system using the chi-square feature selection and multiclass SVM [29]. The comparison highlighted the following classes: TPR and FPR, precision, recall, F-measure, and ROC area. Table 9 shows that the TPR is very high, whereas the false positive rate is very low. This result is an essential criterion for any intrusion detection modelThe portion of retrieved instances that are relevant is called precision, which is also known as positive predictive value. The portion of relevant retrieved instances is called precision, also known as positive predictive value. The proportion of pertinent instances successfully retrieved is known as recall, also known as sensitivity. A common evaluation metric that connects recall and precision is called F-measure. On an excellent mode, all three derived metrics should converge to 1, as shown in Figure 13. We observed that the proposed ELSTM-RNN outperformed the other conventional models in all classes based on the normal, R2L, and U2R datasets,   [30] in terms of various metrics. as shown in Table 9 and Figure 10. The red cells in Table 9, which are significantly fewer (approximately 13%) of total comparisons, are the only ones where the proposed model was not better than other models. Thus, the proposed models outperformed others in 87% of the comparison criteria and classes, reflecting their effectiveness.

G. COMPARATIVE ANALYSIS OF THE CONFUSION MATRIX OF THE PROPOSED ALGORITHM AND SOME OTHER ALGORITHMS
Additionally, the proposed ELSTM-RNN algorithm was compared with dDNN algorithms [30]. Both algorithms were applied to the NSL-KDD dataset. The performance results are shown in Table 10, and Figure 14 declares that the proposed method produced much better results in all metrics (precision, recall, accuracy and F-score). The promising results obtained by the proposed ELSTM-RNN algorithm are attributed to feature selection based on optimizing PSO.

V. CONCLUSION
In this study, we constructed an IDS model using an enhanced technique, namely, LPPSO for feature selection and enhanced LSTM based on RNN for classification. The selected features are passed onto the proposed framework, where the attack data were accurately classified and detected from the normal data. Results show that the proposed IDSbased model has a greater detection rate than other ML and RNN based approaches. Intrusion detection technology has been associated with various problems, such as gradient vanishing, generalization, and overfitting issues. However, the proposed system solves the gradient vanishing issue with LPPSO and RNN-LSTM classification named, ELSTM-RNN. Massive data size from the NSL-KDD dataset was preprocessed using normalization and encoding.
Furthermore, we verified the efficiency of the proposed system in terms of accuracy, recall, error rate, precision, TPR, and FPR compared with other existing systems. Also, recent datasets, such as the BOT_IOT and CSE_CIC_IDS2018 datasets were used to compare the proposed ELSTM-RNN algorithm with the LPBoost-based and DNNs algorithms. The proposed ELSTM-RNN method outperformed the mentioned algorithms in terms of accuracy, precision, recall, F-score, and execution time.
In future works, we look forward to extending this study to investigate other classifier variants on numerous modern communication and network application datasets. The use of XAI algorithms to interpret and develop the provided PSO-driven strategy, as suggested in [31], [32], and [33], is another promising direction. By improving the Hierarchical Hybrid Intrusion Detection Approach as presented in [34] for IoT applications. Reference [39]. Therefore, our future step shall be to enhance deep learning algorithms for better IoT security and determine the most effective approach for implementing intrusion detection systems [39].

VI. CONFLICTS OF INTEREST
• Not Applicable (NA)

Funding' and/or 'Competing interests
-The authors did not receive support from any organization for the submitted work. -The authors have no relevant financial or non-financial interests to disclose.