Inverse chi-square-based flamingo search optimization with machine learning-based security solution for Internet of Things edge devices

: Internet of Things (IoT) edge devices are becoming extremely popular because of their ability to process data locally, conserve bandwidth, and reduce latency. However, with the developing count of IoT devices, threat detection, and security are becoming major concerns. IoT edge devices must avoid cyber threats and protect user data. These devices frequently take limited resources and can run on lightweight operating systems, which makes them vulnerable to security attacks. Intrusion detection systems (IDS) can be run on edge devices to recognize suspicious actions and possible risks. These systems monitor traffic patterns, and behavior, and identify attack signatures to detect and report on possible attacks. This study presents a design for an inverse chi square-based flamingo search optimization algorithm with machine learning (ICSFSO-ML) as a security solution for Internet of Things edge devices. The goal of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices. To reduce the high dimensionality problem, the ICSFSO-ML technique uses the ICSFSO algorithm for feature selection purposes. Further, the ICSFSO-ML technique exploits the stacked


Introduction
Recently, the Internet of Things (IoT) has experienced enormous growth in specific domain applications like smart transportation systems, industry, the medical field, and smart agriculture for increasing socio-economic development [1].These IoT systems are formed by several interconnected actuators, various network-enabled devices, and sensors, which share several types of data through both private networks and internet platforms [2].The Cisco investigation group forecast an average value of 75.3 billion effectively interconnected IoT devices by 2025.The absence of human intervention in data exchange among IoT systems makes it distinctive from standard internet technology [3].The development of IoT devices has also improved the data network bandwidth requirements.However, many IoT devices have resource limitations, making it difficult to implement conventional security techniques for protecting systems against cyberattacks [4].Major problems can occur with IoT devices that process sensitive data.Therefore, it is crucial to introduce mobile edge computing (MEC), which allows computation that is implemented at the network end to overcome resource-limit issues in IoT systems [5].MEC permits IoT devices to offload more computationally intensive tasks to the proximal edge server.As the IoT develops as an industrial revolution, and systems collect live data, cybersecurity has become essential [6].As a result, it is imperative to have a network intrusion detection system (NIDS), which could identify existing and forthcoming attacks to protect the IoT network and systems made on it.
Given the dependency of IoT methods on various edge devices and the part of the IoT in producing and collecting huge amounts of core data, accurate and effective techniques for identifying anomalous behavior in IoT edge devices are required [7].Machine learning (ML) has been employed from the centralized cloud.However, a structure that requires a lot of resources can be placed so that it can consistently have as much processing power, storage space, and power as it requires to process data.However, there might be further waiting time because of network delays from the device to the cloud and back, as well as the quantity of data in applications with higher traffic.This increases expenses concerning delay and financial expenditure.The basic changes are required in AI approaches and cloud-to-device intention to provide effectual, maintainable, and acceptable solutions for the predicted potential demands [8].Hence, it is essential to manage the increasing processing needs and traffic, and minimize delays [9].The major problem preventing edge devices from performing at their maximum potential is the lack of resources among these limited resources, and edge devices are needed by AI applications.Generally, edge devices are very small in their physical sizes, with low power capacity and processing ability [10].Security solutions for IoT edge devices have several applications to safeguard a connected ecosystem.These solutions can be applied in various fields such as healthcare, critical infrastructure, and maintaining public safety; in industrial settings, to safeguard manufacturing processes and prevent unauthorized access to machinery; and in home automation, where they protect personal information and ensure the security of smart appliances and devices.
This study presents a design for an inverse chi square-based flamingo search optimization algorithm with machine learning (ICSFSO-ML) as a security solution for Internet of Things edge devices.The goal of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices.To reduce the high dimensionality problem, the ICSFSO-ML technique uses the ICSFSO algorithm for feature selection.Further, the ICSFSO-ML technique exploits the stacked bidirectional long short-term memory (SBiLSTM) model for the threat detection process.To enhance the efficacy of the SBiLSTM model, an arithmetic optimization algorithm (AOA) is applied for the hyperparameter selection process.The simulation performance of the ICSFSO-ML technique is tested using a benchmark threat database.

Related works
Mishra et al. [11] aimed to detect potential attacks on various types of networks.The IoT anomalies are identified by inspiring message queuing telemetry transport (MQTT) across a virtual network.Dey et al. [12] developed a metaheuristic-based intelligent structure for cyberattack identification employing ensemble FS and a classification model.Initially, a metaheuristic-based ensemble FS method was developed utilizing binary grey wolf optimization (BGWO) and binary gravitational search algorithm (BGSA).Then, RF and AdaBoost can be utilized for detecting and classifying cyberattacks.In [13], the authors studied effective attack identification approaches for these softwaredefined IoT (SD-IoT) networks.Then, the impacts of RF and ML techniques in different feature groups (for example IPs and ports) could be analyzed for the identification accuracy of various attacks.Aldaej et al. [14] examined current security and privacy issues affecting a network of drones (NoD).A hybrid ML approach of LR and RF was employed with the aim of classification of data samples for maximum efficiency.By integrating complex AI-inspired methods into the architecture, the presented approach alleviated cybersecurity vulnerabilities while creating a protected and secured NoD.In [15], the authors suggested a collaborative cyberattack intelligence-sharing method for allowing several organizations to combine forces in the framework, estimation, and training of a robust ML-based network IDS.This technique employs two main features for its application: the accessibility of network data traffic in a standard design and implementation of a federated learning method to prevent the need to share sensitive user data among organizations.Haddad Pajouh et al. [16] recommended a protected design for the IoT edge layer structure named AI4SAFE-IoT.The modules developed in the research included cyberattack allocation, intelligent web application firewall, cyberattack hunting, and cyberattack intelligence.
Mozo et al. [17] introduced an analysis of the incorporation of ML modules in a distributed scenario.A real-time developing attack vector (crypto-mining malware attack) was employed as a demonstration.The overall potential of recent green AI methods was integrated for optimizing the size and complexity of ML approaches to decrease their energy consumption while retaining their capability for accurately detecting possible cyberattacks.Gasu [18] presented an attentive literature study of ML and data mining (DM) techniques for cyber analytics in aid of cyberattack identification and intrusion detection.

The proposed model
This manuscript provides an automated ICSFSO-ML-based security solution for IoT edge devices.
The major aim of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices.In the proposed ICSFSO-ML algorithm, three main phases are contained: ICS-FSO-based feature selection, SBiLSTM-based detection, and AOA-based parameter tuning.Figure 1 depicts the entire flow of the ICSFSO-ML methodology.

Feature selection using ICS-FSO algorithm
Primarily, the ICSFSO-ML technique uses the ICSFSO algorithm for feature selection purposes.The ICS-FSO model controls the global searching space in the foraging range of flamingos to maintain a balance between the exploration and exploitation stages [19].Moreover, the current chi-square test in FSO becomes locked for the independent variable, which leads to a high error rate.To overcome these challenges, the working mechanism of ICS is paired with FSO.The proposed model takes fitness value as a better feature score and flamingo as the feature.The following steps provide a detailed description of ICS-FSO: Step 1: At first, the population of the flamingos was initialized in an attempt to generate the optimal performance dependent upon the data available, and then the search region was chosen, while the food accessibility was rich.Consider the Flamingo (Γ j ) having an abundance of food in the j th parameter.
Consider Γ ij to be the coordinates of the i th and j th flamingo population parameters; in this case, the flamingos' inhabitants must contend with the problems of sporadic access to food and inaccurate data transmission.This error can be estimated by the maximum distance of the flamingo's beak scan from the foraging behavior, as shown below: In Eq (1), ℘ 2 denotes a randomly generated value within [−1,1], and ℑ 1 refers to a figure that was unintentional to exploit the uniform distribution.In beak behavior, the range of scanning can be maintained in the range as, Considering Γ j b as food for a large population, the flamingo distances are modified, and the traveling is calculated by ℘ 1 × Γ j b , where ℘ 1 refers to a random integer within [−1,1].Lastly, the foraging movement of the flamingo from the t th step can be estimated by the flamingo beak scan range, and the distance among the moving feet is shown as follows: The location of flamingo's foraging is represented as, In Eq (4), Γ ij t shows the location of the i th flamingo at the j th variable in the ℎ iteration of the flamingo's population, Γ j bt indicates the j th flamingo size with the better fitness from the population at t iteration, Γ ij t+1 denotes the location of the i th flamingo at the j th population parameter from the (t + 1)th iteration, In Eq (5), K ( η) denotes the diffusion factor that follows in the inverse chi-square distribution of η degrees of freedom, and γ represents the gamma function.The foraging range dimension has been improved, and the simulation can be done for the individual chosen, it boosted the capacity for meritocracy all over the globe.ℑ 1 = N(O, 1) and ℑ 2 = N(0,1) a random integer generated using a uniform distribution, ℘ 1 and ℘ 2 are altered in [-1,1].
Step 2: The flamingos have migrated to the following region because of the food scarcity from the existing region.Given the fact that the region in question exhibits a significant level of dietary consumption j th variable is Ab j , the migration of the flamingo population can be given below: In Eq (6), ω = N(O, n) indicates the randomly generated value based on the uniform distribution with n degrees of freedom, which increases the searching space and arbitrariness behavior of the specific flamingo with a particular migration method employed for inspiration.At last, the maximal iteration attained gives an optimum performance and value that can be replaced from the main function and arranged to evaluate the essential feature, and the relevant features can be framed inside the data frame employing ICS-FSO:

Detection using SBiLSTM model
At this stage, the SBiLSTM model is used for the threat detection process.LSTM is distinct from the RNN technique, which is generally deployed to process time sequence data [20].It can be established to resolve the issue of RNNs' effort in long-term learning and dependencies.The main idea of LSTM exists from its memory cell with a gated function.Its gated method contains 3 gates: forget (  ), input (  ) and output gates (  ).An input gate (  ) controls the input of present data.Once the input data comes into the unit, an input gate carries out a computation to determine whether to input the present data.The memory gate (  ) controls the maintenance of past data.Once the past data comes into the unit, the memory gate executes a computation to determine how to maintain the data.The output gate (  ) manages the outcome of the present data.It is defined as outputting the present data by carrying out a computation.Furthermore,   signifies the long-term memory unit, whereas ℎ  signifies the short-term memory unit.
In the above equations, σ denotes the sigmoid activation function.The variables w and b in the equations represent the weighted and intercepted, correspondingly.BILSTM is a distinct LSTM that integrates a further layer of reverse computation with the base LSTM.The original series is (A 0 , A 1 , A 2 , … , A i ), but the reversed series is defined as (A 0 ′ , A 1 ′ , A 2 ′ , … , A i ).The last resultant value is defined by the forward as well as reverse sequences: In this equation, v 1 and v 2 represent the equivalent weights linked with 2 sequences.An SBiLSTM has an NN structure that contains stacking multi-layers of BiLSTMs on top of one another.Figure 2 depicts the framework of stacked BiLSTM.The outcome of the 1st BiLSTM layer serves as the input to the 2nd BiLSTM layer, etc.All the subsequent layers capture a high-level representation of input data, potentially contributing to a more expressive and greater model for sequence processing tasks.

AOA-based hyperparameter tuning
The hyperparameters related to the SBiLSTM approach are elected by the AOA.AOA is based on the searching process for the potential region from the candidate solution based on subtraction, division, multiplication and addition operators [21].The efficiency of the optimization approach is measured with two search processes called exploitation and exploration.The process conducts the local search in the exploitation phase, concentrating on promising regions to search for a better solution.During the exploration phase, the process performs a global search to prevent local solutions.In this work, division (÷) and multiplication (×) take the larger steps from the searching space and are thereby employed for exploratory search.Addition (+) and subtraction (−) operators can find capable areas by taking smaller steps from the searching space, which provides the best exploitation search.The AOA begins with an arbitrary candidate solution (X).A better solution should be found through exploration and exploitation.Among the X n candidate solutions.MOA is used to define whether to implement an exploitation or exploration search as follows: In Eq (15), t CURRENT indicates the existing iteration ranges from 1 to r MAX (maximal iteration), and MOA max , and MOA min determine the minimal and maximal values of MOA.The AOA algorithm utilizes the 3 randomly generated values (rand 1 , rand 2 and rand 3 ) between zero and one.Once an arbitrary number rand 1 is bigger than MAO, AOA enters the exploration stage.Now, if rand 2 > 0.5, the place of the s th solution can be upgraded by the division operators.Else, if rand 2 is lesser than 0.5, then the AOA model exploits the multiplication operator for updating the position of the s th outcome.
where S s,l (t CURRENT + 1) denotes the s-th solution in the l th location, and best x 1 shows the best performance from the l th place.ε indicates the integer with a smaller value.and μ represents the control parameter characterized by predetermined or fixed values of 0.5 for updating the exploration search.The upper and lower boundaries are characterized as the UB l and LB l parameters.
The coefficients in the context of math optimizer probability (MOP) serve a specific purpose and are explicitly defined in the t th iteration.The AOA model enters into the exploitation stage if rand 1 < MOA function.Moreover, the model updates the position of the s-th solution using subtraction.If rand 3 > 0.5.Otherwise, the place of the s th solution can be upgraded by addition (+) operator as follows: Algorithm 1: Pseudocode of AOA.Initialize the parameters α, μ, Max iter , MOA max , MOA min Initialize the position of each solution randomly as s = 1, … , n while (t CURRENT < t Max ) do Compute the Fitness Function (FF) (Fitness F ) to provide a solution Define the best solution Upgrade the value of MOA based on Eq (15).Upgrade the value of MOP based on Eq (17).for (s = 1 to Solution) do for (l = 1 to Location) do Produce an arbitrary value within [0,1](rand 1 , rand 2 , and rand 3 ) if rand 1 > MOA then Exploration stage if rand 2 > 0.5 then Apply the Division operator Upgrade position l of s th solution based on condition1 in Eq (17) else Apply the Multiplication operator Upgrade position l of s th solution based on condition2 in Eq (16) end if else Exploitation stage if rand 3 > 0.5 then Apply the Subtraction operator.Upgrade place l of s th solution based on condition1 in Eq (18) else Apply the Addition operator Upgrade position l of s th solution based on condition2 in Eq (18) end if end if end for end for CURRENT = t CURRENT + 1 end while Return the best solution (S best ).
Fitness choice is a key feature of the AOA methodology.An encoded outcome was deployed to assess better candidate performances.Presently, the accuracy value is the major condition deployed to design an FF.
where FP and TP denote the false and true positive values.

Result and discussion
The performance of the ICSFSO-ML technique was tested on the anomaly database [22,23].The database has 20000 instances and 2 class labels as represented in Table 1.Among the available 13 features, the ICSFSO algorithm has chosen 8 features.The anomaly detection results of the ICSFSO-ML technique are depicted in Figure 3.The confusion matrices demonstrate the effectual recognition of the normal and anomalous samples under all classes [24][25][26].The anomaly identification results of the ICSFSO-ML technique are tested with 80:20 of TR set/TS set as shown in Table 2 and Figure 4.The outcome showed that the ICSFSO-ML system recognized the normal and anomaly classes.On 80% of the TR set, the ICSFSO-ML algorithm offers average accuracy, prec n , recall , F − score and G measure of 97.68%, 97.71%, 97.68%, 97.67% and 97.68%, respectively.Also, on 20% of the TS set, the ICSFSO-ML method achieves average accuracy, prec n , recall,  − , and G measure of 98.22%, 98.25%, 98.22%, 98.22% and 98.23%, correspondingly.The anomaly identification outcome of the ICSFSO-ML methodology was tested with 70:30 of the TR set/TS setting as portrayed in Table 3 and Figure 5.The simulation values depicted that the ICSFSO-ML algorithm recognized the normal and anomaly classes.On 70% of the TR set, the ICSFSO-ML system had average accu_y, prec_n, reca_l, F_score, and G_measure of 96.97%, 96.98%, 96.97%, 96.96% and 96.97% correspondingly.Then, on 20% of the TS set, the ICSFSO-ML methodology achieved average accu_y, prec_n, reca_l, F_score, and G_measure of 97.03%, 97.06%, 97.03%, 97.03% and 97.04%, respectively.Figure 6 illustrates the training accuracy TR_accu_y and VL_accu_y of the ICSFSO-ML methodology on 80:20 of the TR set/TS set.The TL_accu_y was determined by the evaluation of the ICSFSO-ML method on the TR dataset, whereas the VL_accu_y was computed by evaluating the performance on a separate testing dataset.The outcome exhibits that TR_accu_y and VL_accu_y upsurge with a rise in epochs.Therefore, the performance of the ICSFSO-ML method increased on the TR and TS datasets with an upsurge in several epochs.In Figure 8, a comprehensive precision-recall (PR) investigation of the ICSFSO-ML approach is shown for 80:20 of the TR set/TS set in Figure 8.The simulation values demonstrated that the ICSFSO-ML system led to enhanced PR outcomes.Further, it was obvious that the ICSFSO-ML method has greater PR outcomes in the 2 classes.In Figure 9, an ROC analysis of the ICSFSO-ML system is demonstrated on 80:20 of the TR set/TS set.The simulation results show that the ICSFSO-ML approach led to greater values of ROC.Also, it was apparent that the ICSFSO-ML methodology achieved better ROC outcomes in the 2 classes.10 illustrate the comparison outcomes of the ICSFSO-ML approach with other models in terms of different metrics [27][28][29].The table values portrayed the ineffectual performance of the AE model, whereas the SVM and Anomaly-IDS models have shown somewhat better results over the AE model.Along with that, the DEA and LR approaches have exhibited close results.However, the DT and RF systems have accomplished considerable results, the ICSFSO-ML technique ensured better performance with maximum   ,   ,   and   of 98.25%, 98.22%, 98.22% and 98.22%, respectively.These outcomes show the better performance of the ICSFSO-ML algorithm.

Conclusions
This manuscript has provided an automated ICSFSO-ML-based security solution for IoT edge devices.The major aim of the ICSFSO-ML technique is to apply ML and metaheuristics for threat recognition in IoT edge devices.In the proposed ICSFSO-ML algorithm, three major phases are contained: ICS-FSO-based feature selection, SBiLSTM-based detection and AOA-based parameter tuning.Primarily, the ICSFSO-ML approach uses the ICSFSO algorithm for feature selection purposes, which reduces the computation complexity and boosts the classification results.In addition, the ICSFSO-ML technique makes use of the SBiLSTM model for the threat detection process.To enhance the efficacy of the SBiLSTM model, AOA is applied for the hyperparameter selection process.The simulation value of the ICSFSO-ML technique is made on the benchmark threat database.The performance showed the benefits of the ICSFSO-ML approach compared to existing methods with a

Figure 1 .
Figure 1.The overall flow of the ICSFSO-ML algorithm.

Figure 5 .
Figure 5.The average outcome of the ICSFSO-ML technique on 70:30 of the TR set/TS set.

Figure 10 .
Figure 10.Comparative outcome of ICSFSO-ML technique with other approaches.

Table 1 .
Description of the dataset.

Table 2 .
Anomaly identification outcome of ICSFSO-ML technique on 80:20 of TR set/TS.

Table 3 .
Anomalies identification outcome of ICSFSO-ML technique on 70:30 of TR set/TS.

Table 4 and
Figure

Table 4 .
Comparative outcome of ICSFSO-ML technique with other approaches.