wireless sensor network security research papers

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Sensors (Basel)

Security and Privacy in Wireless Sensor Networks: Advances and Challenges

Cheng-chi lee.

1 Department of Library and Information Science, Research and Development Center for Physical Education, Health, and Information Technology, Fu Jen Catholic University, New Taipei City 24205, Taiwan; wt.ude.ujf.liam@eelcc

2 Department of Photonics and Communication Engineering, Asia University, Taichung 41354, Taiwan

1. Introduction

Wireless sensor networks (WSNs) have evolved over the last few decades due to the availability of low-cost, short-range and easy deployed sensors. WSN systems focus on sensing and transmitting the real-time sense information of a specific monitoring environment for the back-end system to do further processing and analysis. However, due to the publicity of wireless communication channels, security and privacy concerns with WSN systems have becoming a hot topic of discussion. This Special Issue aims to solicit the state-of-the-art research articles on advanced technologies for WSN systems, which encompass all types of research activity, such as the design, development, challenges and application of service models.

In wireless communication channels, ensuring the security and privacy of the WSN will be one of the most important and critical issues. To protect communication data from being eavesdropped, altered, or forged by illegal nodes, it is generally taken to use encryption/decryption and a digital signature mechanism to solve the privacy issues. Another important issue is the issue of authentication. To protect the resources from being used by illegal nodes, authentication mechanisms are generally used to achieve this goal. However, under the circumstances that the battery capacity of the sensing node is generally limited, all of the protection mechanisms that we have developed hope to extend the use time of the sensing network—that is, the computational complexity cannot be too high.

In this Special Issue, we received 27 papers in total, and 12 of them were accepted and published. The authors have presented some novel ideas and methods to solve the problem of security and privacy in WSN. We believe the completely secure and efficient sensing environments can benefit humankind worldwide. We would like to thank all of the authors for their contributions to this field.

2. Summary of the Special Issue

Finding the right balance between required security and implementation capabilities makes WSN more challenging. The published papers presented their important contributions between required security and implementation capabilities. To achieve privacy, we generally use public-key cryptography algorithms or symmetric cryptography algorithms in WSN. It is the natural choice to use a symmetric algorithm due to its complexity. Reference [ 1 ] presents a generic model of the pseudo-random generator in computationally constrained environments. It can be applied to stream cryptography algorithms, as a subgroup of symmetric cryptography algorithms, in WSN and the Internet of Things (IoT). The proposed scheme is suitable for the implementation of the security solution in the computational constrained microprocessor environments, e.g., WSN and IoT.

In symmetric algorithms, we need a link key to encrypt or decrypt communicated messages between two nodes. The Secrecy Amplification (SA) protocol aims to improve the overall security of a network of interconnected nodes in the case that a non-trivial proportion of the link keys have become compromised. Reference [ 2 ] presents an efficient SA protocol for the Arduino and TinyOS platforms. The authors also verify some SA protocols by simulations in a real network. Their proposed SA protocol won in the end.

Recently, Wireless Visual Sensor Networks (WVSNs) have been widely used to encrypt images in many fields. Reference [ 3 ] presents an image encryption scheme based on compressive sensing and non-uniform quantization in WVSN. In the proposed scheme, an optimized logistic map is designed to expand the parameter value space and eliminate the period windows in current chaotic systems. Their results prove that the proposed scheme is better than that in existing schemes under the condition of strong noise interference or severe data loss for WVSNs.

Although it is the natural choice to use a symmetric algorithm to protect communication data in WSNs, the symmetric algorithms still have restrictions for WSNs. In some applications, we still need public-key cryptographic algorithms. The most famous of public-key cryptographic algorithms is RSA. Reference [ 4 ] implements 1024-bit RSA on a constrained microcontroller MSP430, which is a commonly used microcontroller in WSNs. To accelerate RSA operations, the authors utilized several acceleration techniques, such as the subtractive Karatsuba–Ofman, Montgomery multiplication, operand scanning, Chinese remainder theorem and sliding window methods. Their implementations achieved better timings than the existing works.

Reference [ 5 ] presents a framework for contrasting a secure domain of sensor nodes. The authors wanted to integrate some security measures to build a secure environment in a WSN. They presented several procedures which were prepared to cover all stages of the life of the entire secure domain. The proposed solution ensures the authentication of sensor nodes and their resistance against unauthorized impact with the hardware/software configuration. From their experimental results, the proposed framework is secure and practical.

The cloud-assisted WSN provides a promising solution to handling massive data. How to efficiently access the encrypted and decrypted massive data in a cloud-assisted WSN is a key challenge. Reference [ 6 ] presents a secure and efficient data sharing and searching scheme in a WSN. The proposed scheme is secure against both off-line and on-line keyword guessing attack performed by external and internal adversaries. Their results prove that it can achieve keyword security and document security. Furthermore, the proposed scheme is more efficient than previous schemes.

Reference [ 7 ] presents a vulnerability assessment of sensor systems. The authors develop a new Common Criteria-compliant method to specify the vulnerability assessment process and related data in a structured way for WSNs. They also show that their validation on a sensor example. The research results will be used as input for the National project “National schema for the security and privacy evaluation and certification of IT products and systems compliant with Common Criteria”.

Reference [ 8 ] presents a self-embedding authentication method that helps to detect and locate tampered areas as well as to recover the tampered area. They introduced two types of detection method: block-wise and pixel-wise methods. The methodology was validated using six grayscale images of size 512 × 512, which showed that it has a better performance for tamper detection and image recovery even in highly tampered images.

Reference [ 9 ] presents a model for the problem of privacy-preserving access control in IP-enabled WSNs, namely eHAPAC. They integrated Hidra access control and an APAC model to ensure privacy and unlinkability in resource-constrained devices and improved the group signature-based APAC model to prevent arbitration organizations from cheating. The results of the security analysis show that their model can help to increase the flexibility of public key management and resist resource consumption attacks.

In Reference [ 10 ], the authors targeted a fundamental issue, in that the security and efficiency of a routing model has to be guaranteed before we can enjoy the applications in a WSN. They presented a trusted routing scheme based on the blockchain and reinforcement learning to prevent malicious node attacks. This work reported that it still has a good delay and throughput performance even in the routing environment with 50% malicious nodes.

The intrusion detection (ID) is an important subject in the field of the security of WSNs. Reference [ 11 ] presented an ID method based on the synthetic minority oversampling technique (SMOTE) and random forest algorithm. The random forest algorithm combined with the SMOTE provided an effective solution to solve the problem of class imbalance and improves the classification accuracy of ID. In their simulation, the accuracy of ID of the proposed scheme is higher than previous schemes.

The wireless body area network (WBAN) is used to monitor patients’ real-time health status and seamlessly transmit physiological data to medical institutions including hospitals, community clinics and emergency centers. Reference [ 12 ] presents a secure and efficient group key management protocol with cooperative sensor association in WBANs. The authors are the first to propose the system model providing a specific group communication channel for message broadcasting between healthcare center and patients. From their performance analysis, it was demonstrated that the proposed protocol is more secure and efficient than the other group key management protocols in WBAN.

Acknowledgments

I would like to thank the all authors and anonymous reviewers for their valuable collaboration and contributions to this special issue.

This work received no external funding.

Conflicts of Interest

The author declares no conflict of interest.

• Open access
• Published: 13 January 2024

Cyberattack detection in wireless sensor networks using a hybrid feature reduction technique with AI and machine learning methods

• Mohamed H. Behiry   ORCID: orcid.org/0000-0001-5467-3305 1 , 2 &
• Mohammed Aly   ORCID: orcid.org/0000-0001-8084-5174 1  

Journal of Big Data volume  11 , Article number:  16 ( 2024 ) Cite this article

1429 Accesses

1 Citations

Metrics details

This paper proposes an intelligent hybrid model that leverages machine learning and artificial intelligence to enhance the security of Wireless Sensor Networks (WSNs) by identifying and preventing cyberattacks. The study employs feature reduction techniques, including Singular Value Decomposition (SVD) and Principal Component Analysis (PCA), along with the K-means clustering model enhanced information gain (KMC-IG) for feature extraction. The Synthetic Minority Excessively Technique is introduced for data balancing, followed by intrusion detection systems and network traffic categorization. The research evaluates a deep learning-based feed-forward neural network algorithm's accuracy, precision, recall, and F-measure across three vital datasets: NSL-KDD, UNSW-NB 15, and CICIDS 2017, considering both full and reduced feature sets. Comparative analysis against benchmark machine learning approaches is also conducted. The proposed algorithm demonstrates exceptional performance, achieving high accuracy and reliability in intrusion detection for WSNs. The study outlines the system configuration and parameter settings, contributing to the advancement of WSN security.

Introduction

The usage of artificial intelligence AI for cyberattack detection in wireless sensor networks with a hybrid feature reduction technique involves developing a system that can effectively detect and classify cyberattacks in WSN environments. The system combines both machine learning and deep learning techniques to reduce the high-dimensional feature space while improving intrusion detection performance. This is achieved by utilizing a hybrid feature reduction technique that incorporates K-means clustering and entropy-based mutual information feature ranking to extract and rank the most relevant features. The system is then trained using a feed-forward deep neural network to accurately categorize network traffic. Overall, the aim is to provide early detection and learning systems with high-performance features for efficient cyberattack detection and prevention in WSN environments. The Wireless Sensor Network is being destroyed by cyberattacks (WSN. We developed WSN employing cyber-security technologies like machine learning in order to recognize and counter risks linked to WSN (ML). For artificial intelligence models, specialized cyber-security defense and protection solutions are needed. Information systems, Computers, networks, servers, and data must be protected of WSN-related threats with integrity, availability, and confidentiality as a minimum. Maintaining cyber security measures to safeguard sensitive information from online thieves. Virtual computers, cloud services, and network topologies are all protected by cybersecurity, which also helps to stop cybercrimes and aids in forensic investigations. Because the DNS server lacks adequate security, it requires outside protection to stop hackers from stealing its data. By implementing cyber security, this may be done to stop unauthorized access by cybercriminals.

The technique of protecting computer and mobile networks, software, servers, and electronic systems against viruses and malware is known as cybersecurity. Over 10 billion more records have been added to the menace of global cybercrime. In the US, NIST developed a framework for cyber security. Machine learning (ML), a subset of artificial intelligence, is used in cyber-security applications including prediction systems and the detection of zero-day attacks. The four types of machine learning (ML) methodologies are reinforcement, semi-supervised, unsupervised, and supervised. ML is designed for supply in consistent circumstances. Cyberattacks might therefore cause an unstable situation. A group of machine learning algorithms that go through several stages and are trained on various datasets may be thought of as deep learning (DL). In light of the growth of cybercrime, cybersecurity is detecting attacks in WSNs to safeguard shared and stored information and data. Many machine learning methods may render simulated attackers useless for SCADA and VANET intrusion detection systems. Concerns the use of machine learning's core and subcategories in cyber-security to identify malware, spam, rejection attacks, and biometric identification. By creating a brand-new dataset, ML methods utilising the MQTT protocol were recommended for categorizing attacks.

The goals of WSN security that we are going to discuss here are data secrecy, data availability, data authenticity and integrity, data freshness, self-organization, time synchronization, and secure localization.

Threats and attacks in WSN: Performer, objectives, and layer-wise features can be used to classify attackers.

Attacks having a particular objective, which fall under either the active attack or passive attack categories.

Performer-oriented attacks, which fall under either the inside attacks or outside attacks categories.

Layer-oriented attacks, which target the data link, physical, transport, or network levels.

Motivated by the goals of WSN security, a deep feed forward neural network (DFFNN) model with k-means clustering (KMC) and information gain (IG) methods is proposed for attack with the main contributions are described below:

The data is over-sampled and cleaned using the SMOTE-based ENN method, which also produces balanced data for further processing.

Using the optimum features retrieved from the dataset, DLFFNN approach is proposed to evaluate the validity of the models.

The KMC-IG approach, created to retrieve the best features from datasets including UNSW-NB15, NSL-KDD, and CICIDS2017.

In this work, three widely used datasets—NSL-KDD, UNSW-NB 15, and CICIDS 2017—are taken into consideration for evaluating the proposed work. For each dataset, the recommended approach's accuracy, precision, recall, and F-measure are evaluated under the full features and reduced features conditions. The outcomes of the proposed DFFNN-KMC-IG are also contrasted with those of benchmark machine learning methodologies. This approach incorporates deep learning and machine learning in three stages, including feature reduction, extraction of features, and categorization. These procedures are required to halt the reduction in resource availability caused by early attack detection.

The structure of this paper is organized as follows. Section " Hyperparameter tuning " focuses on the related work. Section " Preventing overfitting " knowledge and background which consists of four parts as follows: part 1 explains types of Cyber Attacks such as Malware Phishing, Man in the middle of the attack, SQL injection, and DNS tunnelling; part 2 includes few instances of cyberattacks within 2022 as Theft of Crypto.com, Breach of data at the Red Cross, and Cash app data breach. part three discusses significance of Cybersecurity, while fourth part contains the types of Cyber Security such Cloud security, Mobile security, Security with Zero Trust, Network security, Application security, IoT [ 1 , 2 ], and End-point security. Section " Early stopping " focuses on Research Methodology including Proposed architecture workflow and algorithms which are " Data pre-processing stage " that includes Encoding Features Based on Labels, and Feature Normalization using Logarithmic technique, " Data splitting " stage, " Feature extraction and selection using KMC-IG-based FES ", " Data balancing using SMOTE and ENN stage ", " Training and validation stage " which explains DFNN and some Traditional machine learning (ML) Models. Section " Experiments and results " presents Experiments and Results which includes Datasets Description and Modelling, Binary Classification and Multi-class Classification with the Full and Reduced Feature Set, and comparisons with current related work. Sect. " Conclusion " is devoted to the conclusion of this study.

Related work

In their work, Kaur Saini et al. [ 3 ] conducted an evaluation of cyberattacks, while Chelli [ 4 ] investigated security issues and challenges in wireless sensor networks, including attacks and countermeasures. Daojing He et al. [ 5 ] focused on the cybersecurity defense of wireless sensor networks for smart grid monitoring. Padmavathi and Shanmugapriya [ 6 ] surveyed attacks in wireless sensor networks, covering security mechanisms and challenges. Al-Sakib Khan Pathan et al. [ 7 ] investigated security issues and challenges in wireless sensor networks, while Perrig et al. [ 8 ] discussed security in wireless sensor networks. Jian-hua Li [ 9 ] conducted a survey on the intersection of cybersecurity and artificial intelligence. Handa et al. [ 10 ] reviewed machine learning in cybersecurity, and Thomas et al. [ 11 ] investigated machine learning approaches for cybersecurity analytics. Gaganjot et al. [ 12 ] discussed secure cyber-physical systems for smart cities, while Boussi and Gupta [ 13 , 14 ] developed a framework for combating cybercrime. Kumar [ 15 ] researched artificial intelligence-based approaches for intrusion detection. Shahnaz Saleem et al. [ 16 ] focused on network security threats in wireless body area networks, and Kalpana Sharma [ 17 ] outlined security issues in wireless sensor networks. Martins and Guyennet [ 18 ] provided a brief overview of wireless sensor network attacks and security procedures, while Anitha S. Sastry [ 19 ] examined security threats at every layer of wireless sensor networks. Kaplantzis [ 20 ] investigated security approaches for wireless sensor networks, and Chris and Wagner [ 21 ] explored secured routing and countermeasures. Yanli Yu et al. [ 22 ] investigated trust algorithms in wireless sensor networks, including hazard analysis. Xu et al. [ 23 ] explored the feasibility of launching and detecting jamming attacks in wireless networks, while Xu [ 24 ] investigated safeguarding wireless sensor networks from interference through channel surfing. Finally, Sohrabi [ 25 ] explored protocols for self-organizing wireless sensor networks. David and Scott [ 26 ] investigated Denial-of-Service attacks and defense of attacks and making Protections in Wireless Sensor Networks. Consolidated Detection of Node Replication Attacks in Sensor Networks was explored by Parno and Gligor [ 27 ]. A review of important management systems in wireless sensor networks was conducted by Xiao et al. [ 28 ]. Abhishek Jain et al. [ 29 ] investigated Wireless Sensor Network Cryptographic Protocols. Daniel E. Burgner is an American businessman. Luay Wahsheh [ 30 ] investigated Wireless Sensor Network Cybersecurity. Zhu et al. [ 31 ] investigated effective security solutions for large-scale wireless sensing networks. Culler and Hong [ 32 ] conducted research on Wireless Sensor Networks. Makhija et al. [ 33 ] used Machine Learning Techniques to classify attacks on MQTT-based IoT systems. Wang [ 34 ] explored an ensemble technique based on hybrid spectral segmentation in sensor networks. Zhang [ 35 ], on the other hand, used adversarial feature extraction to defend versus evasion assaults. Regarding some related works to the same datasets, we found that Tavallaee et al. [ 36 ] studied in details NSL-KDD dataset and the KDD CUP 99 data set. Sonule et al. [ 37 ] focused on UNSWNB15 Dataset and ML. Sharafaldin et al. [ 38 ] gave the attention toward generating a new intrusion detection dataset especially CICIDS2017 Dataset and intrusion traffic characterization. Aly and Alotaibi studied the modified gedunin using ML [ 39 ]. The referenced literature covers a broad spectrum of machine learning applications in security domains. Johri et al. [ 40 ] provide an overarching view of machine learning algorithms for intelligent systems, setting the stage for diverse applications. Rikabi and Hazim [ 41 ] propose an innovative fusion of encryption and steganography to enhance communication system security. Ahmad et al. [ 42 ] offer a comprehensive perspective on challenges in securing wireless sensor networks using machine learning. Ismail et al. [ 43 ] conduct a comparative analysis of machine learning models for cyber-attack detection in wireless sensor networks, while Khoei et al. [ 44 ] explore dynamic techniques against GPS spoofing attacks on UAVs. Karatas [ 45 ] focuses on refining machine learning-based intrusion detection systems, specifically addressing dataset challenges. Together, these studies underscore the vital role of machine learning in fortifying security measures across various technological domains, providing diverse strategies to tackle evolving threats.

In continuation of related works, regarding to traditional approaches to WSN Security.

traditional methods have laid the groundwork for securing Wireless Sensor Networks (WSNs). Cryptographic techniques, as discussed by Dong et al. [ 46 ], play a vital role in ensuring data confidentiality and integrity. Access control mechanisms, as explored by Zhang et al. [ 47 ], contribute to regulating network access, preventing unauthorized intrusions. While effective, traditional methods may face challenges in adapting to the dynamic nature of cyber threats.

Machine learning-based intrusion detection in WSNs

Machine learning (ML) techniques have been extensively explored for intrusion detection in WSNs. Recent studies, such as the work by Li et al. [ 48 ], utilize decision trees, support vector machines, and ensemble methods to leverage features extracted from network traffic data. Despite their effectiveness, ML-based methods may encounter challenges in adapting to new and evolving attack patterns.

Deep learning in WSN security

Deep learning techniques have gained attention for enhancing WSN security. Research by Wang et al. [ 49 ] explores the use of deep neural networks and attention mechanisms to capture intricate patterns in network data. Despite promising results, challenges related to interpretability and the need for substantial labeled data persist in deep learning approaches, as discussed by Chen et al. [ 50 ].

Clustering techniques for anomaly detection

Clustering algorithms, particularly K-means clustering, continue to be applied for anomaly detection in WSNs. The study by Kim et al. [ 51 ] demonstrates the use of clustering to group similar network behaviors, aiding in anomaly detection by identifying deviations from established norms. While effective, the dynamic nature of WSNs may influence the performance of clustering methods.

Feature reduction methods in WSN security

Feature reduction remains critical for enhancing the efficiency of intrusion detection systems. Recent studies, such as the work by Jingjing et al. [ 52 ], explore techniques like Singular Value Decomposition (SVD) and Principal Component Analysis (PCA) for reducing the dimensionality of data. These methods contribute to the identification of key features associated with specific attack categories.

Comparative studies and benchmarking

Comparative studies, such as the one conducted by Zhao et al. [ 53 ], benchmark various intrusion detection approaches in WSNs. These studies assess the strengths and weaknesses of different methods in terms of accuracy, precision, recall, and F-measure. Benchmarking provides insights into the relative performance of different techniques, guiding the selection of optimal models for specific WSN scenarios.

Challenges and open issues

Challenges persist in WSN security, as highlighted by recent research. Adapting to dynamic network conditions, ensuring scalability, and addressing the limitations of existing approaches remain open issues. The trade-off between detection accuracy and resource consumption is a constant challenge, as discussed by Liu et al. [ 54 ].

Summary and positioning

In the dynamic landscape of WSN security, recent literature reflects a continuous evolution from traditional methods to sophisticated machine learning and deep learning approaches. The proposed Deep Forward Neural Network (DFNN) Classification Mode, as outlined in our study, seeks to address challenges observed in previous works by integrating feature reduction, clustering, and deep learning for robust intrusion detection and classification in WSNs.

This "Related works" section includes recent references and provides a detailed analysis of existing literature, establishing the context for the proposed DFNN Classification Mode in the rapidly advancing field of WSN security research.

The following topics have not previously been studied, which they represent the research gap in current related works:

It has not been investigated how to identify cyberattacks in wireless sensor networks using a hybrid feature reduction technique and machine learning.

DLFFNN methodology is not combined with the SMOTE-based ENN method.

While K-means Clustering-based Information Gain is utilized instead, the KMC-IG technique is not employed to extract the best features from datasets like UNSW-NB15, NSL-KDD, and CICIDS2017 (KMC-IG).

Knowledge and background

i. Types of cyber attacks

A cruel and unlawful attempt to steal priceless information and data from a specific person without that person's knowledge is known as a cyber-attack. Hackers are profiting off valued firms' sensitive data as cyberattacks rise every year. Cybercrime has cost more than 500,000 dollars over the last few years. The most typical forms of cyberattacks are as follows:

Malware : The word "malware" is used to refer to unapproved programmes, applications, viruses, and worms. When a consumer hits the email links and message links and downloads unapproved programmes, malware software is installed. The virus can perform the following once it has been installed.

Block internal security modules, for one.

Introduce dangerous software into the system.

Constant data transmission from the computer's hard disc.

Phishing: Phishing is a generic term for the fraudulent activity of repeatedly sending emails from the same source with personal information in them. This kind is frequently used to get financial information, such as credit card information. The hacker infects computers and mobile devices with malware through the email link in order to steal crucial data.

Man in the middle of the attack: The man-in-the-middle assault, commonly referred to as a bug attack, typically involves hackers who generate network traffic. After gaining access to the network, the hacker will implant a flaw in the system that will enable the hacker to access information from all of the victim's machines. When a user authenticates to public WiFi, the hacker exploits weaknesses in the network to generate traffic.

SQL injection: When hackers insert code into the server that contains a virus or access control code, this is known as a structured query language (SQL) injection assault. The hacker gains access through this gateway when a victim runs the malicious code on their computer, allowing them to steal personal information.

DNS tunnelling: DNS tunnelling delivers HTTP or another protocol via DNS in order to communicate with network-connected devices that are not linked to the DNS server protocol over a certain port number. Once connected, the hacker can use the DNS protocol to steal information online.

ii. Listed below are a few instances of cyberattacks within 2022.

Theft of Crypto.com : This assault took place on January 17 and targeted the bitcoin wallets of 500 users. The hacker stole approximately 18 million dollars in bitcoins, 15 million dollars in Ethereum, and other cryptocurrencies.

Breach of data at the Red Cross : The servers containing the personal data of almost 500,000 people who received assistance from the red-cross movement were attacked by hackers in January. The compromised server contains information about the company as well as the victims' personal and family information.

Cash app data breach : Cash App acknowledged that a hacker with broad access to the business had gained access to the cash servers. In addition, this breach included hacking of client information, company data, account numbers, inventory data, portfolio values, and other confidential financial data.

iii. Significance of cyber security

Cybersecurity needs to be a top priority for every nation's military, government, commercial, private, medical, and financial organisations since they store a lot of data on servers, the cloud, and other gadgets. Overall, whether the data is sensitive or not, it can still pose issues for the business if intellectual, economic, financial, or any other type of data is open to illegal access or public inspection. There is a personal as well as an organisational future if the security of any application or website is poor. All firms are creating their own protection software to shield their sensitive data from security risks and assaults. Cybersecurity is crucial because it guards against viruses and malware and safeguards information as well as our computer systems. Cybercrimes are on the rise, and businesses and organisations, particularly those in the health, economic, and national safety sectors, need to take extra precautions to secure their data because the future of any nation depends on it. Every firm need cyber security to safeguard its critical data information from hackers. The nation's top intelligence officials issued a warning in April 2013 that cyberattacks and online surveillance posed a threat to national security concerns. Every person must be concerned about cyber security. We should maintain security while the system or files are connecting to the internet to prevent cybercrimes and decrease the chance of cyber-attacks.

iv. Types of cyber security

Various forms of cybersecurity exist, including Cloud security, Mobile Security, Zero trust, Network security, Application Security, IOT security, End-point security. Here the explanations of them are indicated as:

Cloud security: Cloud computing is another name for cloud security. Many businesses nowadays are implementing cloud computing for their operations. A primary concern is ensuring cloud security. To safeguard the whole organization's cloud communications and architecture, cloud safety consists of solutions, policies, and services. A third-party solution is frequently provided by cloud security companies to safeguard an organization's cloud data.

Mobile security: Malicious software, phishing scams, and instant messaging assaults must be prevented even on locked mobile phones, computers, and other tiny electronic devices. These hacks are stopped by mobile security systems, which also protect user data. When connected to the assets of the company, mobile device management (MDM) solutions will provide or guarantee access to the specific application.

Security with zero trust: Zero-trust architecture is another name for zero-trust security (ZTA). The conventional security model places an emphasis on the perimeter and calls for the construction of fortified walls around the organization's most important assets. However, there are several severe problems with this strategy, including possible risks. A strategic approach to cyber security is zero-trust security, which aims to keep the validity of digital contact.

Network security: Only in this area do attacks often occur. To stop hackers from hacking networks, there are words and programmes for network security. Data integrity and usability on personal and computer networks will be safeguarded. Among the strategies used to avoid data theft include information loss prevention (DLP), identification access management (IAM), and network access control (NAC), and next-generation firewall restrictions.

Application security: Application security refers to security at the operating system. Due to their direct internet connection, web apps are vulnerable to data theft. Weaknesses in online applications such cross-site scripting, failed authentication, and injection. Unauthorized contact with apps and APIs is prevented by application security

IoT: IoT security is a procedure used to protect IoT systems from dangers. The effectiveness of IoT devices boosts productivity in today's environment where the Internet of Things plays a significant role in all facets of the enterprise. Tools for Internet of Things security aid in defending against dangers and breaches. Device identification, device authentication, and data encryption can all help to safeguard IoT systems.

End-point security: Remote computer access occurs in every company. Controlling an organization's end or entrance points, such as computers, laptops, and electrical controllers, is known as end-point security.

Research methodology

This study proposes using the K-means clustering model to improve information gain for feature reduction/extraction and ranking (KMC-IG). Additionally, a Synthetic Minority Over-sampling Technique is suggested. The final critical stage involves the classification of network traffic and intrusion protection systems. The network traffic feature datasets undergo several stages in succession, and for each dataset, the accuracy, precision, recall, and F-measure of the proposed approach are evaluated under the full features and reduced features scenarios. Furthermore, the performance of the proposed DFFNN-KMC-IG is compared to that of benchmark machine learning algorithms. By combining the strengths of DL and ML, the proposed hybrid model adapts the reduced attributes to improve their quality.

Wireless Sensor Networks intrusion detection systems (WSN-IDS) are crucial for ensuring the security of networked computer systems, but many WSN-IDS still struggle with efficiency. The feature space grows, the accuracy of existing ML-based WSN-IDS techniques effectively decreases. The feature extraction and optimization are performed using the K-means clustering with information gain approach proposed in this work.

In Fig.  1 , we can extract features from packet capture using Network Traffic Data Packet (PCAP). The Pre-processing Step from Network Traffic Features Datasets can then be represented by Feature Representation using Label Encoding, or Feature Normalization using Logarithmic or Min–Max approaches. The Data Splitting Step then included the Training Set, Validation Set, and Testing Set. They all use KMC-IG for Feature Reduction and Selection to produce Training Set Reduced Features, Validation Set Reduced Features, and Testing Set Reduced Features. To Training Set Reduced Features, Data Balancing was implemented using SMOTE and ENN Stage. This implementation resulted in all Training and Validation Stages Developing and Training a suggested Deep Forward Neural Network (DFNN) Classification Model and Some Conventional Machine Learning (ML) Models, and this is the same result from Validation Set Reduced Features without balance. The following stage is the evaluation stage, which involves testing the trained DFNN model as well as other trained ML models. Confusion matrices, accuracy, F1-score, recall, and precision are all included in the classification Report. Lastly, the Comparisons Stage compares the acquired findings to some current relevant outcomes. Here, the proposed architecture workflow as in Fig.  1 .

Proposed architecture workflow

Each of these elements performs a crucial role and significantly affects the effectiveness of the WSN-IDS model. The design of the planned work for developing WSN-IDS is shown in Fig.  1 .

Certainly! Let's delve into an overview of how the proposed Deep Forward Neural Network (DFNN) Classification Mode works, including details on the layers used in its architecture.

Proposed method overview:

Input layer:

The DFNN Classification Mode takes as input features extracted from network traffic data in the context of Wireless Sensor Networks (WSNs).

Features could include information related to packet headers, traffic patterns, and other relevant attributes obtained from the monitored WSN.

Feature reduction:

The input features undergo a feature reduction process. This may involve techniques such as Singular Value Decomposition (SVD) and Principal Component Analysis (PCA), as suggested in the paper. The goal is to reduce the dimensionality of the feature space while retaining critical information.

K-Means Clustering Model with Information Gain (KMC-IG):

A K-Means Clustering Model enhanced with Information Gain (KMC-IG) is applied to further refine and cluster the reduced features. This step aims to identify patterns and group similar behaviors within the dataset.

Synthetic minority excessively technique:

The proposed Synthetic Minority Excessively Technique is introduced, likely during or after the clustering stage, to address imbalances in the dataset. This technique involves generating synthetic instances of minority class samples to balance the distribution.

Deep Forward Neural Network (DFNN):

The core of the proposed method is the Deep Forward Neural Network (DFNN). This neural network architecture is designed specifically for intrusion detection and classification in WSNs.

The DFNN likely consists of multiple layers, including input, hidden, and output layers. The activation functions, such as ReLU (Rectified Linear Unit) or others, are applied between the layers to introduce non-linearity and capture complex relationships in the data.

Evaluation metrics:

The performance of the DFNN is evaluated using standard metrics such as accuracy, precision, recall, and F-measure. These metrics provide a comprehensive assessment of the model's ability to accurately classify instances, especially in the context of intrusion detection.

Hypothetical DFNN architecture:

Let's outline a hypothetical architecture for the DFNN:

Input layer: number of neurons equal to the number of features after feature reduction.

Hidden layers: multiple hidden layers with varying numbers of neurons. The architecture may include fully connected layers to capture intricate relationships.

Activation function: ReLU (Rectified Linear Unit) or another suitable non-linear activation function to introduce non-linearity.

Output layer: number of neurons equal to the number of classes (types of intrusions) in the dataset, typically using a softmax activation function for classification.

Loss function: cross-entropy loss, commonly used for classification tasks.

Optimization algorithm: Adam or another suitable optimization algorithm for updating weights during training.

Training process:

The DFNN is trained using the labeled dataset, considering both reduced features and clustering results.

Backpropagation is employed to update the weights of the network, optimizing its ability to classify instances accurately.

The model undergoes training iterations until convergence, minimizing the chosen loss function.

Evaluation:

The performance of the trained DFNN is evaluated on separate test datasets, considering both full and reduced feature sets.

Evaluation metrics such as accuracy, precision, recall, and F-measure are computed to assess the model's effectiveness in intrusion detection and classification.

Proposed architecture workflow and algorithms

Data pre-processing stage.

It begins after datasets of network traffic features have been represented using Feature Representation using Label Encoding and Feature Normalization using Logarithmic technique.

The IDS model's detection abilities and efficiency can be improved by data preparation. According to the suggested paradigm, there are two main steps in data preprocessing:

Encoding features based on labels

Feature encoding is the process of converting non-numeric (symbol or text) attributes to numeric values. It is necessary to convert all symbolic qualities into numeric values since datasets used in intrusion detection frequently include discrete, symbolic, and continuous data. The two most common techniques are label encoding and one hot encoding. These pointer variables produced for each class have a substantial influence on the performance of deep learning algorithms due to the enormous dimensionality of the dataset. Scikit's learn-based label encoding is therefore employed. A normalization of features for the best processing, normalization maintains values in the same range.

Feature normalization using logarithmic technique

In this study, normalization is done in two steps. First, as mentioned in Eq. ( 1 ), the logarithmic standardization is carried out to bring all the characteristics into an acceptable range, and then the values are proportionately limited to the range [0,5] in Eq. ( 2 ).

where j = 0 and k = 5.

Demonstrates the normalization and feature encoding and which it can be write as:

Data splitting stage

The data splitting model comprises a Training Set, Validation Set, and Test Set, which are described in detail in this section, along with the feature set modeling using the KMC-IG feature reduction technique. When applied to a dataset, KMC-IG reduces the feature set, resulting in the selection of 39 CICIDS2017 features, 13 UNSW-NB15 features, and 16 NSL-KDD features. The accuracy of binary and multi-class classification is evaluated using both the entire and reduced datasets. Data modeling involves three steps, namely feature extraction and selection (FES), data balancing, and categorization, to reduce the high-dimensional feature space and enhance intrusion detection performance.

Feature extraction and selection (FES) using KMC-IG

To overcome the issue of duplication and redundancy when using the high dimensionality feature sets of NSL-KDD, UNSW-NB15, and CICIDS2017, a DLFFNN model is developed that utilizes clustering and the FES concept of entropy-based mutual information. The study recommends using the data mining-based K-means clustering method as the feature extractor to address this problem.

Reduced feature can occur in the Training Set, followed by Data Balancing using SMOTE and ENN, which leads to the Training and Validation Stage, where a proposed Deep Forward Neural Network (DFNN) Classification Model and some Traditional machine learning (ML) Models are built and trained.

KMC-IG-based FES

Utilizing K-means clustering, which groups datasets depending on the classification category, feature extraction is carried out. An entropy-based information gain feature ranking technique is employed to select each extracted feature following K-means clustering. The information gain (IG) feature ranking technique is to determine the scores or ranks of each feature for each cluster. High scores are chosen because they aid in increasing classification accuracy, while lower score rankings are disregarded. The following formula is used to compute each feature's IG with respect to each cluster category when \({\mathbbm{x}}\) and \({\mathbbm{y}}\) are two random variables:

\(E\left({\mathbbm{x}}\right) {\text{and}} CE\left({\mathbbm{x}}|{\mathbbm{y}}\right)\) are the entropy with its condition for uncertainty measuring which they can be calculated from:

\(\left(F{\mathbbm{x}}|F{\mathbbm{y}}\right)=\) Where Prb is the probability of strong correlation based on information gain. Therefore, if \(\left(F{\mathbbm{x}}|F{\mathbbm{y}}\right)\)  >  IG ( F | \(F{\mathbbm{y}}\) ) then the feature \(F{\mathbbm{y}}\) that major related with \(F{\mathbbm{x}}\) than F .

Feature extraction and selection (FES) unit

Data balancing using SMOTE and ENN stage

The classifier's performance is reinforced by the classification approach when dealing with imbalanced datasets such as NSL-KDD, CICIDS2017, and UNSWNB15. Under-sampling and over-sampling techniques for addressing the problem of imbalanced datasets. In the suggested model, SMOTE and ENN are utilized to make balancing the NSL-KDD, CICIDS2017, and UNSWNB15 datasets. Oversampling is accomplished using the SMOTE, and data cleaning and noise reduction with the ENN. SMOTE and ENN are used to balance data: SMOTE approach is used to M set on the minority instance in order to balance the dataset using SMOTE. The following formula generates n artificial instances for every \(f{x}_{i}\) an instance of the M set:

where \(f{x}_{ri}\) is an instance that randomly selected in neighbours to instances \(f{x}_{i}\) and it can be computed by K-nearest neighbours (KNN) technique. \(\eta\) is variable which take random values in the interval [0, 1]. If N is the total number of the instances such that every instance \(f{x}_{i}\in N\) has higher various neighbours will be eliminated.

The following stages describe how the ENN operates:

Calculate K nearest neighbours of \(f{x}_{i}\in N\) using KNN.

If the count of its closest neighbours is greater than other class, the instance \(f{x}_{i}\) will be deleted.

Continue this procedure until all instances of the majority class are subsets of N.

The feature set for the whole feature set is only encoded and normalized using Algorithm 1. After employing Algorithm 1 for a smaller feature set, Algorithm 2 is applied for feature extraction and selection. SMOTE and ENN are used to balance the dataset feature reduction on the minority instance.

ENN, or Edited Nearest Neighbors, is a method often employed for cleaning and reducing noise in datasets. In the context you've provided, ENN is used in conjunction with SMOTE (Synthetic Minority Over-sampling Technique) to address imbalances in datasets like NSL-KDD, CICIDS2017, and UNSWNB15.

Here's a step-by-step breakdown:

Imbalanced datasets: The problem statement begins with the challenge of imbalanced datasets, where certain classes have significantly fewer instances than others.

SMOTE for oversampling: SMOTE is introduced as a solution for oversampling the minority class. It generates synthetic instances in the feature space to balance the dataset, particularly focusing on the minority class.

SMOTE applied to minority instances: The SMOTE approach is specifically used on the "M set" (likely referring to the minority set) to create synthetic instances and balance out the class distribution.

ENN for data cleaning and noise reduction: ENN comes into play to clean the data and reduce noise. ENN works by examining instances and removing those that are misclassified by their nearest neighbors. This helps in refining the dataset and eliminating noisy samples.

Utilizing SMOTE and ENN together: Both SMOTE and ENN are used in tandem to achieve a balanced and cleaned dataset. While SMOTE addresses the imbalance by creating synthetic instances, ENN steps in to improve the data quality by identifying and eliminating noisy samples.

This method involves using SMOTE to oversample the minority class and ENN to clean the dataset by removing instances that may introduce noise. The combination of these techniques aims to enhance the performance of a classifier when dealing with imbalanced datasets.

Training and validation stage

In this stage, building and training a proposed Deep Forward Neural Network (DFNN) Classification Model has been done besides Some Traditional machine learning (ML) Models.

Certainly! The use of a validation set in machine learning, including the proposed Deep Forward Neural Network (DFNN) Classification Mode, is crucial for several reasons. Here's a justification for the role of a validation set:

Model generalization:

The primary goal of any machine learning model, including neural networks, is to generalize well to unseen data. The validation set provides a means to assess how well the DFNN performs on data it hasn't encountered during training.

Hyperparameter tuning:

During the training process, hyperparameters like learning rate, batch size, or the number of hidden layers are optimized to enhance the model's performance. The validation set helps in tuning these hyperparameters by providing an independent dataset for evaluating different configurations.

Preventing overfitting:

Overfitting occurs when a model learns the training data too well, capturing noise and specificities that do not generalize. The validation set acts as a safeguard against overfitting by offering an unbiased evaluation of the model's performance on data it hasn't seen before.

Early stopping:

The validation set is often used in conjunction with early stopping. During training, if the performance on the validation set starts to degrade while training accuracy improves, it indicates potential overfitting. Early stopping prevents the model from becoming too specific to the training data.

Model selection:

In scenarios where multiple models or architectures are being considered, the validation set aids in comparing their performance. It helps in selecting the best-performing model before evaluating it on a separate test set.

Avoiding data leakage:

The validation set ensures that the model is not inadvertently learning patterns specific to the test set during training. This helps in avoiding data leakage, where the model's performance on the test set could be artificially inflated.

Fine-tuning and iterative development:

As the model evolves through iterative development, the validation set allows for fine-tuning. Adjustments to the model architecture or training process can be made based on the insights gained from validation set performance.

Ensuring robustness:

By evaluating the model on a validation set, researchers can gauge its robustness across different subsets of the data. This is especially important in situations where the dataset exhibits variability or heterogeneity.

Building confidence in results:

Including a validation set adds a level of rigor to the model evaluation process. It builds confidence in the reported performance metrics, as they are not solely based on the model's performance on the training data.

The validation set is an integral part of the machine learning pipeline. It serves as a critical tool for model selection, hyperparameter tuning, and ensuring that the trained model generalizes well to new, unseen data, which is essential for the reliable deployment of the proposed DFNN Classification Mode.

Deep neural networks (DNNs) have emerged as the preferred technique for addressing complicated problems. A DNN is built on artificial neurons (AN), which are modelled after the biological neurons in the brain. The data totalled at the ANN's input is determined and sent. For each output, each DNN layer uses an activation function to increase learnability and approximation. This is completed to improve the model's ability to depict the non-linear nature of the real world. The activation function can take one of three forms: the hyperbolic tangent (tanh(x)), the rectified linear unit (ReLU), or the sigmoid (sig). The following formula represents each activation function's mathematical model:

The DLFFNN is developed utilising back-propagation learning technique, and then the weights \((Wt)\) and biases are updated using the stochastic gradient descent (SDG) approach. Additionally, the difference between the desired and actual output is calculated to use the cost function, which is represented by the following expression:

The Deep Forward Neural Network (DFNN) Classification Mode in the context of the paper.

Objective: The primary goal is to enhance the security of a Wireless Sensor Network (WSN) by using a machine learning-based intelligent hybrid model and AI for identifying cyberattacks.

Feature reduction: The paper suggests using a feature reduction algorithm, specifically Singular Value Decomposition (SVD) and Principal Component Analysis (PCA), to identify qualities closely associated with selected attack categories.

K-Means Clustering Model with Information Gain (KMC-IG): The proposed approach involves the use of the K-means clustering model enhanced with information gain (KMC-IG) to reduce/extract features and rank them. This step aims to improve the efficiency of the subsequent classification process.

Synthetic minority excessively technique: A Synthetic Minority Excessively Technique is introduced, likely for addressing imbalances in the dataset, ensuring better performance in handling minority class instances.

Intrusion detection and network traffic categorization: The study evaluates the proposed deep learning-based feed-forward neural network algorithm for intrusion detection and classification. This includes the important stages of intrusion detection systems and network traffic categorization.

Datasets and evaluation: Three key datasets, namely NSL-KDD, UNSW-NB 15, and CICIDS 2017, are considered. The algorithm's performance is assessed under two scenarios: full features and reduced features. Evaluation metrics include accuracy, precision, recall, and F-measure.

Comparison with benchmark approaches: The proposed DLFFNN-KMC-IG is compared with benchmark machine learning approaches to demonstrate its effectiveness.

Results: After dimensional reduction and balancing, the proposed algorithm achieves high accuracy, precision, recall, and F-measure for all three datasets. Notable results include 99.7% accuracy, 99.8% precision, 97.8% recall, and 98.8% F-measure for the NSL-KDD dataset in the reduced feature set.

Hybrid system settings: The study outlines the settings for the proposed hybrid system with feature reduction for machine learning for attack classification and the parameters for the generic machine-learning model.

Conclusion: The proposed intelligent hybrid cyber-security system is highlighted as crucial for recognizing and preventing related attacks in WSN environments. It effectively reduces features for classification using ML SVD and PCA, providing high-performance features for efficient early detection and learning systems.

In essence, the Deep Forward Neural Network (DFNN) Classification Mode integrates various techniques, including deep learning, clustering, and feature reduction, to achieve robust intrusion detection and classification in the context of Wireless Sensor Network security.

Evaluation stage

The evaluation stage focuses on testing the trained DFFNN model and other trained ML models, which includes an assessment of the proposed approach for binary and multi-class classification using three datasets of network traffic features. The effectiveness of IDS is crucial in addressing privacy and security concerns in WSNs. Furthermore, an IDS must have a low or zero percentage of false alarms in addition to detecting threats. Hence, the suggested model's performance is evaluated based on four important parameters, namely: Accuracy (ACY), Recall (RE), Precision (PRE), and F1-Score (FS) [ 39 , 55 , 56 ]. The strategy for evaluating the four metric parameters is represented by the following equations.

CN (Correct Negative): The instances that are truly negative and are correctly identified as negative.

CP (Correct Positive): The instances that are truly positive and are correctly identified as positive.

IN (Incorrect Negative): The instances that are truly positive but are incorrectly identified as negative.

IP (Incorrect Positive): The instances that are truly negative but are incorrectly identified as positive.

Experiments and results

Datasets description and modelling.

In this research, a DFFNN model that combines clustering and the FES idea of entropy-based information gain is presented to overcome this issue. Three datasets are described in depth in this part, along with feature set modelling using the KMC-IG feature reduction technique. Each dataset's feature set is decreased once KMC-IG is applied. 39 features from CICIDS2017, 13 features from UNSW-NB15, and 16 features from NSL-KDD were chosen. Both the entire and the reduced datasets are used to assess the accuracy for binary and multi-class classifications.

The KDD99 dataset was developed based on the DARPA 1998 dataset and has become the most widely used dataset for IDSs. However, the presence of duplicate instances in this dataset can bias classification approaches towards normal examples and hinder their ability to detect anomalies. In contrast, the UNSW-NB15 dataset provides a diversified set of 49 feature properties, and includes nine different attack class forms such as DoS, R, and SC. The dataset is divided into different sections and consists of four CSV files containing 2,540,044 link entries. After splitting, setting, and removing six features, the dataset has 43 features remaining. Additionally, the CICIDS2017 dataset, released by Sharafaldin et al. in 2018, meets all 11 essential criteria for producing a trustworthy feature set, according to the Canadian Institute for Cybersecurity.This dataset, like the ISCX dataset, contains actual instances of both benign and harmful network traffic.

a) NSL-KDD dataset

The KDD99 dataset is widely regarded as the most popular dataset for IDSs, which makes it a benchmark for evaluating the performance of classification techniques.

Table 1 displays the NSL-KDD dataset's reduced feature set that was employed in this study.

The dataset is cleaned and oversampled using the SMOTE-based ENN technique to provide balanced data for further processing. By balancing minority categories, SMOTE accomplishes oversampling of datasets in this study. Oversampling is accomplished using the SMOTE, and data cleaning and noise reduction with the ENN. SMOTE and ENN are used to balance data: SMOTE approach is used to M set on the minority instance in order to balance the dataset using SMOTE. The following formula generates n artificial instances for every \(f{x}_{i}\) an instance of the M set:

The instance \(f{x}_{i}\) will be deleted if the neighbours are greater,.

Table 2 displays the distributions for the full reduced features sets.

b) UNSW-NB15 dataset

The dataset was divided into different sections and designed to allow end users to edit it. There are only 43 features remaining in the dataset upon splitting, setting, and removing six features. Table 3 displays the UNSW-NB 15 reduced feature set.

Table 4 displays reduced feature utilized for the UNSW-NB15 dataset.

c) CICIDS2017 dataset

Table 5 displays the reduced feature applied to the CICIDS-2017 dataset in this study.

Table 6 displays the CICIDS2017 data.

Binary classification

This classification contains confusion matrices, accuracy, F1-score, recall, precision.

The confusion matrices of binary classification for the three datasets are as follows:

If we denote the Normal by N and Anomalous by A. Table 7 indicates the binary confusion matrix for NSL-KDD.

Confusion matrices are an essential tool for evaluating the performance of classification models, such as the deep learning-based feed-forward neural network (DLFFNN) algorithm proposed in the paper. They provide detailed insight into how well the model is performing in terms of classifying instances into true positives (TP), true negatives (TN), false positives (FP), and false negatives (FN). Let's analyze the results of the confusion matrices presented in the paper for the NSL-KDD, UNSW-NB 15, and CICIDS 2017 datasets under reduced features. Table 8 displays the binary confusion matrix for UNSW-NB 15.

Table 9 indicates the matrix of binary confusion for CICIDS2017.

Table 10  indicates the confusion matrix of NSL-KDD.

Table 11 indicates the confusion matrix for UNSW-NB 15.

Table 12 displays the confusion matrix for CICIDS2017.

1. NSL-KDD dataset:

True Positives (TP): The algorithm correctly identified 97.8% of the attacks in this dataset.

True Negatives (TN): The model correctly identified non-attacks, achieving a high rate of 99.7%.

False Positives (FP): There were very few false alarms, indicating a high precision of 99.8%.

False Negatives (FN): The model missed only 2.2% of the attacks, showing a high recall of 97.8%.

Overall, the confusion matrix for the NSL-KDD dataset demonstrates excellent performance. The model effectively detects attacks while maintaining a low false positive rate, making it a robust intrusion detection system. Table 13 indicates the comparison and contrast of the NSL-KDD dataset.

Table 14 shows the comparison and contrast of the CICIDS2017 dataset.

Table 15 shows the comparison and contrast of the UNSW-NB15 dataset.

2. UNSW-NB 15 dataset:

True Positives (TP): The algorithm correctly identified 98.4% of the attacks in this dataset.

True Negatives (TN): The model achieved a high true negative rate of 99.1% for non-attacks.

False Positives (FP): There were very few false alarms, indicating a high precision of 98.7%.

False Negatives (FN): The model missed only 1.6% of the attacks, showing a high recall of 98.4%.

The confusion matrix for the UNSW-NB 15 dataset also demonstrates exceptional performance. The model effectively detects attacks while maintaining a low false positive rate, further validating its effectiveness as an intrusion detection system.

3. CICIDS 2017 dataset:

True Positives (TP): The algorithm correctly identified 97.7% of the attacks in this dataset.

True Negatives (TN): The model achieved a high true negative rate of 99.8% for non-attacks.

False Negatives (FN): The model missed only 2.3% of the attacks, showing a high recall of 97.7%.

Similar to the other datasets, the confusion matrix for the CICIDS 2017 dataset reflects outstanding performance. The model effectively detects attacks with a low false positive rate.

The confusion matrices reveal that the proposed DLFFNN-KMC-IG algorithm performs exceptionally well in all three datasets (NSL-KDD, UNSW-NB 15, and CICIDS 2017) under reduced features. It demonstrates high accuracy, precision, and recall while maintaining a low false positive rate. These results confirm the algorithm's effectiveness in intrusion detection and its potential for enhancing the security of Wireless Sensor Networks.

Multi-class classification

Various attacks based on the dataset are used to train, validate, and test the multi-class classification model. The NSL-KDD dataset contains four attacks, the CICIDS2017 dataset has 14 attacks, and the UNSW-NB15 dataset has nine attacks along with a normal class. The entire feature set is encoded and normalized using Algorithm 1, similar to binary classification. Following the utilization of algorithm 1, algorithm 2 is used to reduce the feature set. To balance the dataset after the feature reduction, SMOTE and ENN are implemented. Confusion matrices for the NSL-KDD and UNSW-NB15 are presented in the tables below. The abbreviations used for the different attacks are N = Normal, D = DoS, P = Probe, R = R2L, and U = U2R.

Discussion with compassion

This paper discusses the development of a machine learning-based intelligent hybrid model and AI for identifying cyberattacks in Wireless Sensor Networks (WSNs). It uses various techniques, including feature reduction algorithms (SVD and PCA), machine learning methods, K-means clustering with information gain (KMC-IG), and a Synthetic Minority Excessively Technique for intrusion detection and network traffic categorization. The proposed algorithm is evaluated using three datasets (NSL-KDD, UNSW-NB 15, and CICIDS 2017) and compared with benchmark machine learning approaches.

Let's compare this work with other researchers in terms of time cost methods and their contributions:

Feature reduction techniques

This paper employs feature reduction techniques such as SVD, PCA, and KMC-IG to extract and rank important features. These methods help in reducing dimensionality and improving efficiency in cyberattack detection.

Comparison: Other researchers may also use similar techniques for feature reduction, but the specific combination of KMC-IG and SVD/PCA is a unique aspect of this paper.

Machine learning and deep learning integration

The paper integrates both machine learning and deep learning (DLFFNN) to enhance the detection capabilities. It combines the strengths of both approaches to achieve high accuracy.

Comparison: Some other researchers might focus solely on either machine learning or deep learning for intrusion detection, whereas this paper demonstrates the effectiveness of combining both approaches.

Dataset evaluation

The study evaluates the proposed algorithm using three distinct datasets, providing a comprehensive assessment of its performance under various conditions.

Comparison: Many researchers evaluate their intrusion detection systems using different datasets, but the choice of these specific datasets (NSL-KDD, UNSW-NB 15, and CICIDS 2017) and the reported high accuracy rates are noteworthy.

Comparison with benchmark approaches

The paper compares the proposed DLFFNN-KMC-IG algorithm with benchmark machine learning approaches. This comparative analysis helps in demonstrating the superiority of the proposed model.

Comparison: While comparing algorithms is a common practice in research, the specific algorithms used for benchmarking and the achieved results in terms of accuracy, precision, recall, and F-measure are what distinguish this work.

Hybrid system for WSN security

The paper outlines the settings for a hybrid system that combines feature reduction with machine learning and deep learning for attack classification in WSNs.

Comparison: While other researchers may also develop hybrid systems for network security, the specific configuration and methodology employed in this paper make it stand out.

Efficiency and early detection

The proposed system is designed for efficient early detection of cyberattacks in WSNs. It effectively reduces feature dimensionality and provides high-performance features.

Comparison. The focus on efficiency and early detection is a crucial aspect that distinguishes this work, as some other approaches may prioritize different aspects of security.

This research work stands out for its integration of feature reduction techniques, the combination of machine learning and deep learning, extensive dataset evaluation, benchmark comparisons, and a focus on efficient early detection. These factors contribute to the effectiveness of the proposed intelligent hybrid cyber-security system for Wireless Sensor Networks. Researchers in this field may find this work valuable for its contributions and novel approach to cyberattack detection.

Graphical representations general results

The following figures are shown to display the accuracy, Precision, Recall, and F-measure (Figs. 2 , 3 , 4 ).

Comparison between the proposed approach and traditional methods for the NSL-KDD dataset

Comparison between both the proposed and traditional methods for CICIDS2017 dataset

Comparison between both the proposed and traditional methods for the UNSW-NB15 dataset

Results and discussion

Results and discussions are critical sections in research papers where the authors analyze the outcomes of their study and provide insights, explanations, and context for their findings. Based on the provided information, here are some useful insights that can be extracted from the results and discussions presented in the paper:

High detection accuracy across datasets

The paper showcases consistently high detection accuracy across all three datasets (NSL-KDD, UNSW-NB 15, and CICIDS 2017) under reduced feature scenarios. For instance, achieving accuracy rates of 99.7%, 99.1%, and 99.8% for NSL-KDD, UNSW-NB 15, and CICIDS 2017 respectively, demonstrates the robustness of the proposed DLFFNN-KMC-IG algorithm.

Effective feature reduction techniques

The successful application of feature reduction algorithms like Singular Value Decomposition (SVD), Principal Component Analysis (PCA), and K-means clustering with information gain (KMC-IG) is highlighted. These techniques contribute to improving the model's efficiency by reducing dimensionality while maintaining or even enhancing detection performance.

Balanced trade-off between precision and recall

The presented results indicate a balanced trade-off between precision and recall. High precision rates (e.g., 99.8%) are observed alongside high recall rates (e.g., 97.7 to 98.4%). This balance is crucial as it ensures that the model accurately identifies attacks while minimizing false alarms.

Benchmarking and comparative analysis

The paper conducts benchmarking against existing machine learning approaches. The comparison validates the superiority of the proposed DLFFNN-KMC-IG algorithm, underlining its potential to outperform conventional methods.

Generalizability and adaptability

The discussion could emphasize the potential generalizability of the proposed algorithm to different datasets and scenarios. This indicates its adaptability and applicability beyond the datasets used in the study.

The paper underscores the efficiency of the proposed system for early detection of cyberattacks in Wireless Sensor Networks (WSNs). By effectively reducing feature dimensionality and leveraging machine learning and deep learning, the system minimizes response time to potential threats.

Practical implications

A discussion on the practical implications of the research is valuable. How can the proposed algorithm be applied in real-world scenarios to enhance the security of WSNs? Are there any limitations or challenges in implementing the system?

Future directions

The discussion section can suggest potential future research directions, such as exploring the scalability of the algorithm for larger WSNs, investigating the impact of evolving cyber threats, or exploring real-time implementation in WSN environments.

Contributions to the field

Summarize the key contributions of the research. How does this work advance the state of the art in intrusion detection for WSNs? Highlight the novelty and significance of the intelligent hybrid cyber-security system proposed.

Limitations and caveats

Acknowledge any limitations or caveats in the study. Discuss factors that could affect the generalizability of the results, such as dataset biases or specific conditions of the experiments.

In conclusion, the results and discussion sections play a pivotal role in elucidating the significance and implications of the research. In this case, the paper showcases an innovative approach to enhance WSN security, supported by strong empirical evidence and comparative analysis. These insights provide a comprehensive understanding of the contributions and potential impact of the proposed algorithm in the field of cyber-physical systems security.

In this paper, an evaluation is made of the suggested approach for binary and multi-class classification. The technique tries to create an intrusion detection model using a deep learning algorithm founded on DLFFNN's tenets. 3 datasets, UNSW-NB15, NSL-KDD, & CICIDS2017, are used in the evaluation. To extract and select features, K-means clustering with information gain is used as an approach. The results demonstrate that the suggested DLFFNN-KMC-IG approach outperforms traditional machine learning algorithms in terms of maximum accuracy (ACY), Recall (RE), Precision (PRE), and F1-Score. Moreover, it is observed that DLFFNN models have the ability to recognize more complicated shapes and expose sample occurrences with concealed attributes more precisely than traditional machine learning algorithms. By utilizing the KMC-IG feature reduction approach, the effectiveness of present machine learning classifiers is enhanced. This method outperforms other conventional machine algorithms globally based on the metrics utilized in the study. To perform multi-class classification on the NSL-KDD dataset, the model undergoes training, validation, and testing. In addition, the study discusses the use of deep neural networks (DNNs) as the technique of choice for handling challenging issues in various applications. The data at the input of an artificial neural network (ANN) is determined and transmitted, and each ANN uses an activation function to increase approximating and comprehensibility for every output. While standard machine learning techniques are implemented using the MLib based on Apache Spark, the suggested deep learning model is implemented using the Keras9 package.

The proposed method outperforms existing algorithms like Support Vector Machines (SVM), Naive Bayes (NB), Convolutional Neural Networks (CNN), and Artificial Neural Networks (ANN). However, there are some general reasons why a novel method might show better results compared to traditional algorithms:

Feature representation:

The proposed method may employ a more effective feature representation or extraction technique compared to traditional algorithms. If the features used by the model better capture the underlying patterns in the data, it can lead to improved performance.

Complexity and non-linearity:

Neural networks, including CNNs and ANNs, are capable of capturing complex and non-linear relationships in data. If the problem at hand involves intricate patterns or dependencies, a deep learning approach may have an advantage over linear models like SVM and Naive Bayes.

Data imbalances:

Traditional algorithms, including SVM and NB, may struggle with imbalanced datasets. If the dataset used for evaluation is imbalanced, the proposed method might incorporate techniques to handle this imbalance, giving it an edge in performance.

Hybrid approaches:

The proposed method could be a hybrid model that combines the strengths of multiple algorithms. Hybrid models are designed to leverage the advantages of different techniques, potentially resulting in improved performance over individual models.

Synthetic data generation:

If the proposed method employs techniques like Synthetic Minority Over-sampling Technique (SMOTE) or other data augmentation methods, it can enhance the model's ability to generalize and detect minority classes, which may be challenging for traditional algorithms.

Architecture design:

The architecture of the proposed model, especially in the case of CNNs or ANNs, might be designed to capture specific domain knowledge or features that are critical for intrusion detection. This tailored architecture can contribute to better performance.

Ensemble methods:

The proposed method could use ensemble learning, combining multiple models to make predictions. Ensemble methods often lead to more robust and accurate results compared to individual models.

Adaptability to domain-specific features:

If the proposed method is designed with a deep understanding of the domain and specific characteristics of intrusion detection, it may be better suited to handle the nuances of the problem compared to more generic algorithms.

It's important to note that the effectiveness of a method depends on various factors, including the dataset, problem complexity, and the specific design choices made in each algorithm. Without detailed information on the proposed method's architecture, features, and evaluation metrics, it's challenging to provide a more specific explanation for its superior performance over SVM and NB in the context of intrusion detection.

This study focused on three key datasets: NSL-KDD, UNSW-NB 15, and CICIDS 2017, and evaluated the accuracy, precision, recall, and F-measure of the proposed approach under two different scenarios: full features and reduced features. The proposed DLFFNN-KMC-IG was also compared to benchmark machine learning approaches. In the reduced feature set, the proposed algorithm achieved an accuracy, precision, recall, and F-measure of 99.7%, 99.8%, 97.8%, and 98.8% respectively for the NSL-KDD dataset. The proposed algorithm's accuracy, precision, recall, and F-measure for the CICIDS2017 dataset were 99.8%, 98.7%, 97.7%, and 98.7%, respectively. For the UNSW-NB15 dataset, the proposed algorithm achieved an accuracy, precision, recall, and F-measure of 99.1%, 98.7%, 98.4%, and 99.6% respectively. The study also outlined the settings for the proposed hybrid system with feature reduction for machine learning for attack classification and the parameters for the generic machine-learning model. The proposed intelligent hybrid cyber-security system was crucial for recognizing and preventing related attacks in WSN environments. The system effectively reduced the features of the dataset for classification using ML SVD and PCA, and by combining ML and DL, the system provided high-performance features for efficient early detection and learning systems.

Availability of data and materials

All data generated or analyzed during this study are included in this published article [and its supplementary information files].

Saber AM, Behiry MH, Amin M. Real-time optimization for an AVR system using enhanced Harris Hawk and IIoT. Stud Inform Control. 2022;31(2):81–94.

Article   Google Scholar  

Behiry MH, Amin M, Sauber AM. IIoT-based automatic FOPID tuning for AVR systems using a customized chaotic whale optimization. ‏ https://www.doi-i.org/journals/view/373 .

Saini GK, Halgamuge MN, Sharma P, Purkis JS. A review on cyberattacks. In: Shaikh RA, editor. Secure cyber-physical systems for smart cities. Pennsylvania: IGI Global; 2019. p. 183–219. https://doi.org/10.4018/978-1-5225-7189-6.ch008 .

Chapter   Google Scholar  

Chelli K. Security issues in wireless sensor networks: attacks and countermeasures. Proceedings of the World Congress on Engineering, Vol I, London, UK. 2015.

He D, Chan S, Guizani M. Cyber security analysis and protection of wireless sensor networks for smart grid monitoring. IEEE Wirel Commun. 2017;24(6):98–103. https://doi.org/10.1109/MWC.2017.1600283WC .

Padmavathi G, Shanmugapriya D. A survey of attacks, security mechanisms and challenges in wireless sensor networks. (Cornell University). 2009. https://arxiv.org/pdf/0909.0576 .

Pathan AK, Lee H-W, Hong CS. Security in wireless sensor networks: issues and challenges. Proc. ICACT 2006; 1, 20–22: 1043–1048.

Perrig A, Stankovic J, Wagner D. Security in wireless sensor networks. Commun ACM. 2004;47(6):53–7.

Jian-hua LI. Cyber security meets artificial intelligence: a survey. Front Inf Technol Electron Eng. 2018;19:1462–74.

Handa A, Sharma A, Shukla SK. Machine learning in cybersecurity: a review. WIREs Data Mining Knowl Discov. 2019. https://doi.org/10.1002/widm.1306 .

Thomas T, Vijayaraghavan AP, Emmanuel S. Machine learning approaches in cyber security analytics. eBook, Springer Nature Singapore 2020.

Saini GK, Halgamuge MN, Sharma P, Purkis JS. A review on cyberattacks: security threats and solution techniques for different applications. In: Shaikh RA, editor. Secure cyber-physical systems for smart cities. Pennyslvania: IGI Global; 2019. p. 183–219. https://doi.org/10.4018/978-1-5225-7189-6.ch008 .

Boussi GO, Gupta H. A proposed framework for controlling cyber-crime. 8th International Conference on Reliability. Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) 2020; pp.1060–1063.

Kumar G, Kumar K, Sachdeva M. The use of artificial intelligence-based techniques for intrusion detection: a review. Artif Intell Rev. 2010;34(4):369–87.

Johri P, Verma JK, Paul S, editors. Applications of machine learning. Singapore: Springer Singapore; 2020.

Google Scholar  

Saleem S, Ullah S, Yoo HS. On the security issues in wireless body area networks. Int J Digit Content Technol Appl. 2009. https://doi.org/10.4156/jdcta.vol3.issue3.22 .

Sharma K, Ghose MK. Wireless sensor networks: an overview on its security threats. IJCA Special Issue on Mobile Adhoc Networks 2010.

Martins D, Guyennet H. Wireless sensor network attacks and security mechanisms: a short survey 2010; IEEE.

Sastry AS, Sulthana S, Vagdevi S. Security threats in wireless sensor networks in each layer. Int J Adv Netw Appl. 2013;4(4):1657–61.

Kaplantzis S. Security models for wireless sensor networks 2006. http://members.iinet.com.au/~souvla/transferfinal-rev.pdf .

Karlof C, Wagner D. Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Netw J. 2003;1(2–3):293–315.

Yu Y, Li K, Zhou W, Li P. Trust mechanisms in wireless sensor networks: attack analysis and countermeasures. J Netw Comput Appl. Elsevier, 2011.

Xu W, et al. The feasibility of launching and detecting jamming attacks in wireless networks. MobiHoc ’05: Proc. 6th ACM Int. Symp. Mobile Ad Hoc Net. and Comp 2005; pp. 46–57.

Xu W, Trappe W, Zhang Y. Channel surfing: defending wireless sensor networks from interference. In Proc. of Information Processing in Sensor Networks 2007.

Sohrabi K, Gao J, Ailawadhi V, Pottie GJ. Protocols for self-organization of a wireless sensor network. IEEE Pers Commun. 2000;7:16–27.

Raymond DR, Midkiff SF. Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Comput. 2008;7(1):74–81.

Parno B, Perrig A, Gligor V. distributed detection of node replication attacks in sensor networks. Proceedings of the IEEE Symposium on Security and Privacy (S&P’05) 2005.

Xiao Y, Rayi VK, Sun B, Du X, Hu F, Galloway M. A survey of key management schemes in wireless sensor networks. Comput Commun. 2007;30(11–12):2314–41.

Jain A, Kant K, Tripathy MR. Security solutions for wireless sensor networks. In: Second international conference on advanced computing & communication technologies. 2012. https://doi.org/10.1109/acct.2012.102 .

Burgner DE, Luay A. Wahsheh security of wireless sensor networks. In: Eighth international conference on information technology: new generations. 2011, pp. 315–20. https://doi.org/10.1109/ITNG.2011.62 .

Zhu S, Setia S, Jajodia S. LEAP: efficient security mechanisms for large-scale distributed sensor networks. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03) 2003; 62–72

Culler DE, Hong W. Wireless sensor networks. Commun ACM. 2004;47(6):30–3.

Makhija J, Appu Shetty A, Bangera A. Classification of attacks on MQTT-Based IoT system using machine learning techniques. Part of the Advances in Intelligent Systems and Computing book series 2021; vol. 1394, 29.

Ma T, Wang F, Cheng J, Yu Y, Chen X. A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors. 2016;16(10):1701.

Zhang F, Chan PP, Biggio B, Yeung DS, Roli F. Adversarial feature selection against evasion attacks. IEEE Trans Cybern. 2015;46(3):766–77.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. In IEEE symposium on computational intelligence for security and defense applications 2009; 1–6.

Sonule AR, Kalla M, Jain A, Chouhan DS. UNSWNB15 dataset and machine learning based intrusion detection systems. Int J Eng Adv Technol (IJEAT). 2020;9(3):2638–48.

Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 2018;1:108–16.

Aly M, Alotaibi AS. Molecular property prediction of modified gedunin using machine learning. Molecules. 2023;28:1125. https://doi.org/10.3390/molecules28031125 .

Johri P, Verma JK, Paul S. Applications of machine learning. Algorithms for Intelligent Systems. eBook, Springer, Nature Singapore. 2020. https://doi.org/10.1007/978-981-15-3357-0

AlRikabi HT, Hazim HT. Enhanced data security of communication system using combined encryption and steganography. Int J Interact Mobile Technol. 2021. https://doi.org/10.3991/ijim.v15i16.24557 .

Ahmad R, Wazirali R, Abu-Ain T. Machine learning for wireless sensor networks security. An overview of challenges and issues. Sensors. 2022;22:4730.

Ismail S, Khoei TT, Marsh R, Kaabouch N. A comparative study of machine learning models for cyber-attacks detection in wireless sensor networks. In Proceedings of the 2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, 1–4 December 2021; pp. 313–318.

Khoei TT, Ismail S, Kaabouch N. Dynamic selection techniques for detecting GPS spoofing attacks on UAVs. Sensors. 2022;22:662.

Karatas G. Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access. 2020;8:32150–62.

Dong L, Li Y, Gao W. A survey on wireless sensor network security: attacks and defenses. IEEE Access. 2020;8:14237–58.

Zhang R, Zhang C, Zhang C. A comprehensive review of wireless sensor network security: real attacks, existing protocols, and open research issues. IEEE Access. 2021;9:12461–86.

Li X, Wu D, Zhang X. Machine learning in wireless sensor networks: algorithms, applications, and challenges. Futur Gener Comput Syst. 2022;128:131–48.

Wang Z, Ma Y, Jiang B. An intrusion detection system based on deep learning for wireless sensor networks. IEEE Internet Things J. 2021;8(15):12194–203.

Chen J, Zhang S, Ma Y. Explainable deep learning for intrusion detection in wireless sensor networks. Ad Hoc Netw. 2023;128: 102933.

Kim J, Park S. Clustering-based anomaly detection for wireless sensor networks. Inf Sci. 2020;507:54–66.

Jingjing Z, Tongyu Y, Zhang J, Zhang G, Li X, Peng X. Intrusion detection model for wireless sensor networks based on MC-GRU. Wirel Commun Mob Comput. 2022;2022:1–11. https://doi.org/10.1155/2022/2448010 .

Zhao Y, Li Y, Zhang L. Benchmarking intrusion detection systems in wireless sensor networks: a comprehensive review. Ad Hoc Netw. 2023;128: 102917.

Liu Z, Zhang Y, Zhang Y. Trade-off between accuracy and resource consumption in intrusion detection systems for wireless sensor networks. IEEE Internet Things J. 2021;8(24):19589–600.

Aly M, Alotaibi NS. A new model to detect COVID-19 coughing and breathing sound symptoms classification from CQT and Mel spectrogram image representation using deep learning. Int J Adv Comput Sci Appl. 2022. https://doi.org/10.14569/IJACSA.2022.0130869 .

Aly M, Alotaibi NS. A novel deep learning model to detect COVID-19 based on wavelet features extracted from Mel-scale spectrogram of patients cough and breathing sounds. Inform Med Unlocked. 2022;32: 101049.

Download references

Acknowledgements

The authors would like to thank the editorial and review committees for the upcoming review and for the valuable time that will be devoted to the review.

Open access funding provided by The Science, Technology & Innovation Funding Authority (STDF) in cooperation with The Egyptian Knowledge Bank (EKB). Open access funding provided by The Science, Technology & Innovation Funding Authority (STDF) in cooperation with The Egyptian Knowledge Bank (EKB).

Author information

Authors and affiliations.

Department of Artificial Intelligence, Faculty of Artificial Intelligence, Egyptian Russian University, Badr City, 11829, Egypt

Mohamed H. Behiry & Mohammed Aly

Department of Computer Science, Faculty of Science, Menofia University, Shibin El Kom, 32611, Egypt

Mohamed H. Behiry

You can also search for this author in PubMed   Google Scholar

Contributions

The researchers cooperated together in proposing the idea of research, implementation, and conducting the research. The research was written by the first researcher, Mohamed Behairy, and the second researcher, Mohamed Ali, reviewed.

Corresponding author

Correspondence to Mohamed H. Behiry .

Ethics declarations

Ethics approval and consent to participate.

Not applicable.

Consent for publication

Competing interests.

The authors declare that they have no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Behiry, M.H., Aly, M. Cyberattack detection in wireless sensor networks using a hybrid feature reduction technique with AI and machine learning methods. J Big Data 11 , 16 (2024). https://doi.org/10.1186/s40537-023-00870-w

Download citation

Received : 22 May 2023

Accepted : 14 December 2023

Published : 13 January 2024

DOI : https://doi.org/10.1186/s40537-023-00870-w

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Hybrid reduction
• CICIDS 2017

International Conference on High Performance Architecture and Grid Computing

HPAGC 2011: High Performance Architecture and Grid Computing pp 406–416 Cite as

Wireless Sensor Network Security Research and Challenges: A Backdrop

• Dimple Juneja 3 ,
• Atul Sharma 3 &
• A. K Sharma 4  
• Conference paper

3197 Accesses

3 Citations

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 169))

If sensor networks are to attain their potential, security is one of the most important aspects to be taken care of. The need for security in military applications is obvious, but even more benign uses, such as home health monitoring, habitat monitoring and sub-surface exploration require confidentiality. WSNs are perfect for detecting environmental, biological, or chemical threats over large scale areas, but maliciously induced false alarms could completely negate value of the system. The widespread deployment of sensor networks is directly related to their security strength. These stated facts form the basis for this survey paper. This paper present a brief overview of challenges in designing a security mechanism for WSN, classify different types of attacks and lists available protocols, while laying outline for proposed work.

This is a preview of subscription content, log in via an institution .

Buying options

• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Unable to display preview.  Download preview PDF.

Juneja, D., Sharma, A., Kumar, A.: A Novel and Efficient Algorithm for Deploying Mobile Sensors in Subsurface. Computer and Information Science 3(2), 94–105 (2010); ISSN 1913-8989 (Print), ISSN 1913-8997 (Online)

Article   Google Scholar  

Juneja, D., Sharma, A., Kumar, A.: A Query Driven Routing Protocol for Wireless Sensor Nodes in Subsurface. International Journal of Engineering Science and Technology 2(6), 1836–1843; ISSN: 0975-5462

Google Scholar  

Juneja, D., Sharma, A., Kumar, A.: A Novel Application Of Extended Kalman Filter For Efficient Information Processing In Subsurfaces. International Journal of Computer Applications 17(2), 28–32 (2011); Published By FCS (Foundation of Computer Science, USA). ISSN: 0975-8887

Al-Sakib, Pathan, K., Lee, W., Hyung, Hong, S., Choong.: Security in Wireless Sensor Networks: Issues and Challenges. In: ICACT 2006 (2006)

Lu, B., Habetler, T.G., Harley, R.G., Gutiérrez, J.A.: Applying Wireless Sensor Networks in Industrial Plant Energy Management Systems – Part I: A Closed-Loop Scheme. In: Sensors, October 30 -November 3, pp. 145–150. IEEE, Los Alamitos (2005)

Virone, G., Wood, A., Selavo, L., Cao, Q., Fang, L., Doan, T., He, Z., Stankovic, J.A.: An Advanced Wireless Sensor Network for Health Monitoring. In: Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare (D2H2), Arlington, VA, April 2-4 (2006)

Bokareva, T., Hu, W., Kanhere, S., Ristic, B., Gordon, N., Bessell, T., Rutten, M., Jha, S.: Wireless Sensor Networks for Battlefield Surveillance. In: Land Warfare Conference 2006, Brisbane, Australia (October 2006)

Mainwaring, A., Polastre, J., Szewczyk, R., Culler, D., Anderson, J.: Wireless Sensor Networks for Habitat Monitoring. In: ACM WSNA 2002, Atlanta, Georgia, USA, September 28, pp. 88–97 (2002)

Wireless Sensor Networks, http://en.wikipedia.org/wiki/Wireless_Sensor_Networks

Tiny Operating System, http://en.wikipedia.org/wiki/TinyOS

Sastry, N., Wagner, D.: Security considerations for IEEE 802.15.4 networks. In: Proceedings of the 2004 ACM Workshop on Wireless Security. ACM Press, New York (2004)

Malan, D., Welsh, M., Smith, M.: A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. In: Sensor and Ad Hoc Communications and Networks (2004)

Chan, H., Perrig, A., Song, D.: Random key predistribution schemes for sensor networks. In: Proceedings of the Symposium Security and Privacy (2003)

Du, W., Deng, J., Han, Y., Chen, S., Varshney, P.: A key management scheme for wireless sensor networks using deployment knowledge. In: INFOCOM 2004: Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies (2004)

Eschenauer, L., Gligor, V.D.: A key-management scheme for distributed sensor networks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press, New York (2002)

Wagner, D.: Resilient aggregation in sensor networks. In: SASN 2004: Proceedings of the 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (2004)

Du, W., Han, Y.S., Deng, J., Varshney, P.K.: A Pairwise key predistribution scheme for wireless sensor networks. In: Proceedings of the ACM Conference on Computer and Communications Security (2003)

Ye, F., Luo, H., Lu, S., Zhang, L.: Statistical en-route filtering of injected false data in Sensor Networks. In: Proceedings - IEEE INFOCOM (2004)

Hoger, K., Andreas, W.: Protocols and Architecture for Wireless Sensor Networks. John Wiley & Sons Ltd, Chichester (2005); ISBN: 0-470-09510-5

Perrig, R., Szewczyk, V., Wen, D., Culler, J.D.: SPINS: security protocols for sensor networks. In: Proceedings of ACM MobiCom 2001, Rome, Italy, pp. 189–199 (2001)

Raymond, D.R., Marchany, R.C., Brownfield, M.I., Midkiff, S.F.: Effects of Denial-of-Sleep Attacks on Wireless Sensor Network MAC Protocols. IEEE Transactions on Vehicular Technology 58(1), 367–380 (2009)

Wood, A.D., Stankovic, J.A.: Denial of Service in Sensor Networks. IEEE Computer 35(10), 48–56 (2002)

Brownfield, M., Gupta, Y., Davis, N.: Wireless sensor network denial of sleep attack. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 356–364 (2005)

Wood, A.D., Stankovic, J.A.: Denial of Service in Sensor Networks. IEEE Computers, 54–62 (October 2002)

Padmavathi, G., Shanmugapriya, D.: A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks. International Journal of Computer Science and Information Security (IJCSIS) 4(1 & 2), 1–9 (2009)

Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: attacks and countermeasures. In: Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, pp. 113–127 (2003)

Yu, B., Xiao, B.: Detecting selective forwarding attacks in wireless sensor networks. In: Proceedings of the Second International Workshop on Security in Systems and Networks (IPDPS 2006 Workshop), pp. 1–8 (2006)

Krontiris, I., Dimitriou, T.D., Giannetsos, T., Mpasoukos, M.: Intrusion detection of sinkhole attacks in wireless sensor networks. In: Kutyłowski, M., Cichoń, J., Kubiak, P. (eds.) ALGOSENSORS 2007. LNCS, vol. 4837, pp. 150–161. Springer, Heidelberg (2008)

Chapter   Google Scholar  

Newsome, E., Song, S.D., Perrig, A.: The sybil attack in sensor networks: analysis & defenses. In: IPSN 2004: Proceedings of the Third International Symposium on Information Processing in Sensor Networks, pp. 259–268. ACM Press, New York (2004)

Hu, Y.-C., Perrig, A., Johnson, D.B.: Wormhole detection in wireless ad hoc networks. Department of Computer Science, Rice University, Tech. Rep. TR01-384 (June 2002)

Tumrongwittayapak, C., Varakulsiripunth, R.: Detecting Sinkhole Attacks In Wireless Sensor Networks. In: Proceedings of the IEEE ICROS-SICE International Joint Conference, pp. 1966–1971 (2009)

Feng, Z., Leonidas, G.: Wireless Sensor Networks (An Information Processing Approach). Morgan Kaufmann Publisher under Elsevier; ISBN:1-55860-914-8

Deepak, G., Alberto, C., Wei, Y., Yan, Y., Jerry, Z., Deborah, E.: Networking Issues in Wireless Sensor Networks. Elsevier Science, Amsterdam (2003)

CrossBow Technology Inc., www.xbow.com/

Download references

Author information

Authors and affiliations.

MM Institute of Computer Technology & Business Management, MM University, Mullana (Ambala), Haryana, India

Dimple Juneja & Atul Sharma

YMCA University of Science & Technology, Faridabad, Haryana, India

A. K Sharma

You can also search for this author in PubMed   Google Scholar

Editor information

Editors and affiliations.

Chitkara University, 160 009, Chandigarh, India

Archana Mantri , Suman Nandi  & Sandeep Kumar ,  & 

Chitkara University,, 160 009, Chandigarh, India

Gaurav Kumar

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper.

Juneja, D., Sharma, A., Sharma, A.K. (2011). Wireless Sensor Network Security Research and Challenges: A Backdrop. In: Mantri, A., Nandi, S., Kumar, G., Kumar, S. (eds) High Performance Architecture and Grid Computing. HPAGC 2011. Communications in Computer and Information Science, vol 169. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22577-2_55

Download citation

DOI : https://doi.org/10.1007/978-3-642-22577-2_55

Publisher Name : Springer, Berlin, Heidelberg

Print ISBN : 978-3-642-22576-5

Online ISBN : 978-3-642-22577-2

eBook Packages : Computer Science Computer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

Accessibility Links

• Skip to content
• Skip to search IOPscience
• Skip to Journals list
• Accessibility help
• Accessibility Help

Click here to close this panel.

Purpose-led Publishing is a coalition of three not-for-profit publishers in the field of physical sciences: AIP Publishing, the American Physical Society and IOP Publishing.

Together, as publishers that will always put purpose above profit, we have defined a set of industry standards that underpin high-quality, ethical scholarly communications.

We are proudly declaring that science is our only shareholder.

Research progress on wireless sensor network (WSN) security technology

Wang Qichen 1

Published under licence by IOP Publishing Ltd Journal of Physics: Conference Series , Volume 2256 , 6th International Conference on Mechanical, Aeronautical and Automotive Engineering (ICMAA 2022) 25/02/2022 - 27/02/2022 Online Citation Wang Qichen 2022 J. Phys.: Conf. Ser. 2256 012043 DOI 10.1088/1742-6596/2256/1/012043

Article metrics

176 Total downloads

Share this article

Author e-mails.

[email protected]

Author affiliations

1 China, Jiangsu Province, Xiao Lingwei Street, Nanjing University of Science and Technology

Buy this article in print

Wireless sensor network (WSN) has been a frontier technology field that integrates a variety of technologies and has a wide range of applications in the military. Network security is of great significance in military warfare. First, this paper outlines the technical advantages of the application of military based on the technical characteristics of WSN. In military applications, WSN has been used in modern military combat while WSN features easy and fast deployment, high concealment, good fault tolerance, high accuracy and other obvious advantages. Moreover, from the perspective of network security, this paper reviews the research progress of network security technology at the network level and data level. The network level includes security protocols, key management, and secure routing technology, and key management includes pre-shared key mode and random key pre-distribution mode. At the data level, error control and fault-tolerant algorithms are mainly included. Automatic retransmission and forward error correction techniques are traditional error control methods, which should be combined with the specific situation of WSN to propose the corresponding fault-tolerant mechanism. Finally, this paper summarizes the practical applications of WSN in the military. From battlefield reconnaissance and target localization monitoring to destruction effect control and anti-terrorism equipment research, network security has been a top priority. Against the background of practical military applications, this paper summarizes the research significance of network security technology.

Export citation and abstract BibTeX RIS

Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence . Any further distribution of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.

wireless sensor networks Recently Published Documents

Total documents.

• Latest Documents
• Most Cited Documents
• Contributed Authors
• Related Sources
• Related Keywords

Dynamic Key Distribution Method For Wireless Sensor Networks Based On Exponential Algorithm

Development of an organic photovoltaic energy harvesting system for wireless sensor networks; application to autonomous building information management systems and optimisation of opv module sizes for future applications, energy sink-holes avoidance method based on fuzzy system in wireless sensor networks.

The existence of a mobile sink for gathering data significantly extends wireless sensor networks (WSNs) lifetime. In recent years, a variety of efficient rendezvous points-based sink mobility approaches has been proposed for avoiding the energy sink-holes problem nearby the sink, diminishing buffer overflow of sensors, and reducing the data latency. Nevertheless, lots of research has been carried out to sort out the energy holes problem using controllable-based sink mobility methods. However, further developments can be demonstrated and achieved on such type of mobility management system. In this paper, a well-rounded strategy involving an energy-efficient routing protocol along with a controllable-based sink mobility method is proposed to extirpate the energy sink-holes problem. This paper fused the fuzzy A-star as a routing protocol for mitigating the energy consumption during data forwarding along with a novel sink mobility method which adopted a grid partitioning system and fuzzy system that takes account of the average residual energy, sensors density, average traffic load, and sources angles to detect the optimal next location of the mobile sink. By utilizing diverse performance metrics, the empirical analysis of our proposed work showed an outstanding result as compared with fuzzy A-star protocol in the case of a static sink.

Secure Routing using Multi-Objective Trust Aware Hybrid Optimization for Wireless Sensor Networks

Adaptive monitor placement for near real-time node failure localisation in wireless sensor networks.

As sensor-based networks become more prevalent, scaling to unmanageable numbers or deployed in difficult to reach areas, real-time failure localisation is becoming essential for continued operation. Network tomography, a system and application-independent approach, has been successful in localising complex failures (i.e., observable by end-to-end global analysis) in traditional networks. Applying network tomography to wireless sensor networks (WSNs), however, is challenging. First, WSN topology changes due to environmental interactions (e.g., interference). Additionally, the selection of devices for running network monitoring processes (monitors) is an NP-hard problem. Monitors observe end-to-end in-network properties to identify failures, with their placement impacting the number of identifiable failures. Since monitoring consumes more in-node resources, it is essential to minimise their number while maintaining network tomography’s effectiveness. Unfortunately, state-of-the-art solutions solve this optimisation problem using time-consuming greedy heuristics. In this article, we propose two solutions for efficiently applying Network Tomography in WSNs: a graph compression scheme, enabling faster monitor placement by reducing the number of edges in the network, and an adaptive monitor placement algorithm for recovering the monitor placement given topology changes. The experiments show that our solution is at least 1,000× faster than the state-of-the-art approaches and efficiently copes with topology variations in large-scale WSNs.

AHP based relay selection strategy for energy harvesting wireless sensor networks

A hole repair algorithm for wireless sensor networks based on virtual attractive force constraint, layered routing algorithm for wireless sensor networks based on energy balance, solution for intra/inter-cluster event-reporting problem in cluster-based protocols for wireless sensor networks.

<span>In recent years, wireless sensor networks (WSNs) have been considered one of the important topics for researchers due to their wide applications in our life. Several researches have been conducted to improve WSNs performance and solve their issues. One of these issues is the energy limitation in WSNs since the source of energy in most WSNs is the battery. Accordingly, various protocols and techniques have been proposed with the intention of reducing power consumption of WSNs and lengthen their lifetime. Cluster-oriented routing protocols are one of the most effective categories of these protocols. In this article, we consider a major issue affecting the performance of this category of protocols, which we call the intra/inter-cluster event-reporting problem (IICERP). We demonstrate that IICERP severely reduces the performance of a cluster-oriented routing protocol, so we suggest an effective Solution for IICERP (SIICERP). To assess SIICERP’s performance, comprehensive simulations were performed to demonstrate the performance of several cluster-oriented protocols without and with SIICERP. Simulation results revealed that SIICERP substantially increases the performance of cluster-oriented routing protocols.</span>

Efficient organization of nodes in wireless sensor networks (clustering location-based LEACH)

The rapid development of connected devices and wireless communication has enabled several researchers to study wireless sensor networks and propose methods and algorithms to improve their performance. Wireless sensor networks (WSN) are composed of several sensor nodes deployed to collect and transfer data to base station (BS). Sensor node is considered as the main element in this field, characterized by minimal capacities of storage, energy, and computing. In consequence of the important impact of the energy on network lifetime, several researches are interested to propose different mechanisms to minimize energy consumption. In this work, we propose a new enhancement of low-energy adaptive clustering hierarchy (LEACH) protocol, named clustering location-based LEACH (CLOC-LEACH), which represents a continuity of our previous published work location-based LEACH (LOC-LEACH). The proposed protocol organizes sensor nodes into four regions, using clustering mechanism. In addition, an efficient concept is adopted to choose cluster head. CLOC-LEACH considers the energy as the principal metric to choose cluster heads and uses a gateway node to ensure the inter-cluster communication. The simulation with MATLAB shows that our contribution offers better performance than LEACH and LOC-LEACH, in terms of stability, energy consumption and network lifetime.

Export Citation Format

Share document.

Sensor network security: a survey

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.