Title

Intrusion detection in Internet of Things with improved machine learning

model based on hybrid evolutionary algorithm

Abstract

Today, the field of medicine and health includes one of the most widely used
types of wireless networks. The presence of IoT networks in health applications
has improved the quality of services and patient monitoring, but these wireless
networks are very vulnerable to attack, and it is very necessary to prevent and
detect intrusion. Machine learning methods are a suitable solution in detecting
types of interferences and can be strengthened at the stage of feature selection
and classification. Intrusion detection data in wireless networks has many
advantages and you need to select the appropriate features to increase detection
accuracy in the classification stage. Heuristic algorithms are a good solution in
feature selection, and in this paper, the combined optimization algorithm of
Archimedes and cosine is used to select features, and this algorithm is also used
to adjust the weights of the multilayer neural network. The results showed that
all the tested methods have higher classification accuracy than accuracy and
sensitivity, and the sensitivity value of the proposed method is lower than the
basic method but has a higher accuracy rate, and this indicates that the proposed
method for data attack has greater sensitivity, but in the classification accuracy
in which data is detected Non-attacking and attacking, the proposed method can
improve the accuracy of intrusion detection by more than 2%.

Keywords: attack detection, cosine algorithm, Archimedes algorithm, neural

network
introduction

Pattern classification is one of the widely used areas in machine learning, and
this pattern classification can lead to its recognition in various applications. In
this paper, IoT networks are discussed, then different methods of attack in
networks, evolutionary algorithms, such as Archimedes and cosine algorithms,
as well as optimization, there is multiple construction, and we also reviewed the
research literature in this field.

Although the definition of "things" has changed with the development of

technology, their primary purpose is to obtain information for computers
without human intervention. This makes the current Internet a network of
connected and interconnected objects that not only sense and perceive
environment information and interact with the physical world, but also use
standard Internet protocols to provide services for data transmission.[ 1].

In many cases, IoT solutions consist of a combination of architectures.

Centralized control architecture is a device where data has to be stored and
processed for a long time. Therefore, a robust data framework with scalability
and appropriate processing capacity is needed. In these networks, since the
network infrastructure is unknown, wireless nodes communicate with each other
through radio links. In these networks, bandwidth is limited due to very small
transmission capacity. The hardware limitation in these networks is the storage
of energy in the objects, which is very limited and can be easily depleted.
Another hardware limitation is the limited memory in these networks [1].

There are almost unimaginable possibilities for sensing, processing, informing,

and decision-making in the Internet of Things. The scope of application of this
technology is very wide and diverse. Today, some of these cases including
smart homes, smart transportation, smart cities, and smart supply chain based on
internet technology have been very popular [2]. Cost-effective wireless
communications have been developed and a variety of applications are being
developed more and more. The Internet of Things can greatly help increase
security, service providers and protect products from fraud, for example, in the
air transport industry.

Internet of Things technology is also widely used in important applications in

the health sector, in a way that can use equipment with radio frequency sensing
capability as a framework to control and monitor patients’ condition criteria and
receive medication. In this case and in the region, various benefits can be seen
in prevention, prediction and easy monitoring, and therefore have an important
effect, and in the next stage they are used to diagnose the disease in case of
accidents and accidents. IoT wireless identification devices can lead to
intelligent health record storage which can save patients' lives in emergency
situations, especially for some diseases (cancers, diabetics, brain tumors such as
Alzheimer's, etc.) as well as complex medical equipment. Such as detecting
heart rate, joints, and transplant organs may be able to automatically
communicate with different patients [2].

Industrial Internet of Things (IIOT) is an extension of traditional Internet of

Things (IOT) applications in the industrial sector, whereby IOT augments
industry capabilities in establishing reliable and more efficient industrial
operations. In the intelligent production system [3], by integrating other
electronic physical systems and modern communication technologies, the
monitoring and control of the industrial system is greatly improved [4]. The
concept of smart manufacturing is critical to understanding the vision of the
next generation of the industrial revolution, known as Industry 4.0. Sensors and
advanced technologies are integrated into the industrial sector. According to
recent studies, the IoT device market is expected to increase by $4.75 billion by
2025 [5]. In modern industry, the ratio of reliability, response time and network
latency are very important factors. Considering all these factors, data
transmission and decision making technologies must be improved in a way
without human intervention and interaction. In recent decades, the Internet of
Things has been widely used as one of the most attractive areas of research to
connect an unlimited number of consumer devices to provide convenience and
comfort in the daily lives of consumers [6], [7].
 Figure 1: Sanati IOT System Architecture [11]

According to the Industry 4.0 vision, the use of IoT in the industrial sector
improves production, efficiency, and security of industrial processes [8]. In
short, the Internet of Things is specifically related to the effective use of the
Internet of Things in industrial processes. IOT can be briefly described as a
four-layer architecture. In industry, this architecture includes physical, network,
middleware, and application layers, as shown in Figure 1. The physical layer
includes a large number of installed physical devices, sensors, computing
devices, mobile phones and other objects, and monitoring and automation
devices. The network layer includes many communication networks such as
wireless sensor networks, mobile networks, machine-to-machine interfaces, etc.
The middleware layer provides communication between the network layer and
the application layer. It contains cloud storage, application interface, and web
services. The application layer is the top layer of the IoT architecture. Its
mission is to facilitate industrial and service operations including smart
factories, smart buildings, smart healthcare, smart vehicles, robots, etc.

IOT is a complete architecture with many individual and industrial applications.

However, it faces many challenges in terms of security, privacy, legal and social
life. Addressing these issues requires highly scalable solutions. IoT devices are
resource-limited devices that require security solutions and have features such
as low storage space, low power, and low cost. These solutions must be
compatible with standard communication protocols. IoT devices generate a lot
of data during industrial operations, and this can make the IoT system a favorite
target for attackers [9] [10]. Due to the large amount of data, traditional data
processing technologies are not suitable for IOT and IOT applications.
Therefore, machine learning is one of the most suitable computing models for
providing information embedded in IoT devices.
Methods of attack detection

When reviewing the comparison of detection (IDS) and prevention (IPS)

techniques, different techniques were used in the research. Similar to antivirus
systems, IDS tools analyze traffic and compare each packet of information
against a database of known attack profiles. When attacks are detected, these
tools are activated. IDS tools notify administrators that an attack has occurred;
Intrusion prevention tools go one step further and automatically block the
malicious agent. Intrusion detection systems and intrusion prevention systems
share many characteristics. In fact, most intrusion prevention systems have an
intrusion detection system at their core. The main difference between these
technologies is that intrusion detection system products only detect the
malicious agent, while intrusion prevention systems prevent such agent from
entering the network [11, 12].

The effectiveness of an intrusion detection and intrusion prevention system

depends on parameters such as the technology used in the intrusion detection
system, its location in the network, and its configuration. Intrusion detection and
intrusion prevention system technologies can be classified into signature-based
detection techniques, anomaly detection, and artificial intelligence-based
detection technologies.

Signature-based attack detection attempts to define a set of rules (or signatures)

that can be used to determine whether or not a particular pattern is an attacker's
detection. As a result, signature-based systems are able to achieve high levels of
accuracy in detecting attacks. If the detection system is not configured correctly,
a small change in known attacks may affect its analysis. Therefore, signature-
based detection cannot detect unknown attacks or modify known attacks. One of
the reasons for using signature-based detection is the ease of maintaining and
updating pre-made rules [12].

Anomaly detection is related to identifying events that appear to be abnormal

according to the behavior of a normal system. A variety of techniques such as
data mining, statistical modeling, and hidden Markov models have been
investigated as different approaches to solve the anomaly detection problem.
The deviance-based approach involves collecting data over a period of time and
then applying statistical tests to the observed behavior to determine whether the
behavior is legitimate. [12].
In research, AI-based attack detection techniques include attack detection
system based on artificial neural network, algorithms based on fuzzy logic,
based on association rules, support vector based algorithms, evolutionary
algorithms and their combination.

The purpose of using neural networks for attack detection is the ability to
generalize data (from incomplete data) and the ability to classify data as normal
or unreadable. An intrusion detection system based on neural networks is an
effective solution to unstructured network data. The attack detection accuracy of
this solution depends on the number of hidden layers and the training phase of
the neural network. [13] Fuzzy logic can be used to deal with inaccurate
descriptions of attacks, and to reduce the training time of a neural network,
fuzzy logic can be used with a neural network to quickly detect attacks. [13]
Some attacks are based on specific attacks. Association rules can be used to
create new signatures. With the newly generated signatures, specific attack
types can be recognized instantly. [13] A support vector machine is used to
detect attacks based on limited sample data, where the dimensions of the data
will not affect the accuracy. Evolutionary algorithms are used to define network
properties (to select optimal parameters) that can be applied in other techniques
to optimize and improve the accuracy of intrusion detection systems. Which can
be used to improve training of neural networks and tuning support vector device
parameters. [14,13]

related work

In this section, some research has been mentioned, especially in the field of
security in the Internet of Things. In fact, the effective routing and control of
large-scale systems in an IOT is a complex and challenging task. Computing
operating systems must be able to process and analyze big data securely and in a
timely manner [15], [16]. In addition, the system must have high capacity and
throughput to transmit data with minimal delay time and high reliability.
Algorithms and machine learning models have greatly improved the
performance of the industrial sector in terms of percentage reliability and safety.
These algorithms have great potential for investigating security challenges in
IoT systems [17], [18]. In the following, some recent research work related to
machine learning-based security schemes for IoT and IoT are presented.
Farhanakian and Haikonen [19] proposed a deep self-encryption model for
network attack detection. The researchers used the KDD-CUP 99 dataset to
evaluate their proposed scheme. Attack detection accuracy is 94.71%. Their
experimental results prove that their model performs better than that of the deep
belief network. [20] proposed an asymmetric deep encoder (NDAE) that learns
features in an unsupervised manner. The authors applied their proposed model
to a tensor-based graphics processing unit (GPU) and evaluated the model using
the NSL-KDD dataset. The attack detection accuracy was 89.22%. Ali and
colleagues [21] introduced a fast learning network by combining a particle
swarm optimization method. The authors implemented their proposed scheme
using the KDD 99 dataset. The attack prediction accuracy of the proposed
model was 98.92%. Although their model provides satisfactory performance,
the complexity of their model is high and is not suitable for devices with limited
resources. Al-Makhafi and colleagues [22] presented a new hybrid genetic
algorithm and support a vector machine with a scheme based on particle swarm
optimization for DoS attack detection. The researchers implemented their
proposed scheme using the KDD 99 dataset and achieved an accuracy of
96.38%.

Vajayanand et al [23] improved classification accuracy by proposing a support

vector machine (SVM) based model. They performed their experiments using
the ADFA-LD dataset and achieved an accuracy of 94.51%. to. Khlooti and
colleagues [24] succeeded in identifying and classifying IoT attacks using SVM
and Bayesian algorithm. They implemented their model using the KDD CUP 99
dataset and achieved an accuracy of 91.50%. James and colleagues (25)
presented a model based on a deep neural network and a shortwave transducer
to detect false data injection attacks. The researchers implemented their
proposed scheme using the IEEE 118 dataset. The attack detection accuracy of
the proposed model was 91.80%. Qureshi and colleagues [26] proposed an
anomaly-based intrusion detection scheme. Their approach was able to
successfully detect DoS and man-in-the-middle attacks in IoT and IoT
applications. The researchers evaluated their proposed scheme using the NSL-
KDD dataset and the accuracy of attack detection in their model was 91.65%.

Bara and colleagues [27] presented a cloud-based deep learning framework for
phishing and secondary attacks. For phishing attacks and secondary attacks,
their empirical results were 94.30% and 94.80% accurate values, respectively.
Zeng and colleagues [28] presented an extreme learning method based on linear
diagnostic analysis for IoT interference detection. The researchers evaluated the
accuracy of the proposed scheme using the NSL-KDD dataset. The accuracy of
their approach was 92.35%. Singh and colleagues [29] presented a comparative
analysis of machine learning-based wavelet techniques for IoT attack detection.
Iracitano and colleagues [30] presented an intelligent intrusion detection scheme
based on self-encoding. The researchers evaluated their scheme using the NSL-
KDD dataset. Their experimental results provide better performance than
conventional deep shallow networks.

Yan and colleagues [31] proposed a new hinge classification algorithm for
detecting cyberattacks. The researchers compared the performance of the
proposed scheme with decision tree algorithms and logistic regression model.
Eskandari and colleagues [23] presented a smart scheme for intrusion detection.
They provided discussions about publishing the plan in IOT portals. Using their
proposed scheme, they successfully detected the malicious traffic, port
scanning, and exhaustive search attack. Saharkhaizan et al [33] proposed a
mixed IDS model for remote local (R2L) and user root (U2R) attacks. They
successfully detected both attacks in IoT networks using the NSL-KDD dataset.

Vinayakumar et al [32] proposed a two-level deep learning framework for

ByteNet discovery. Using a domain generation algorithm, the researchers
successfully categorized the attacks and the regular traffic. Their experimental
results proved to improve the efficiency of their proposed scheme in terms of
accuracy, F1 score, and recognition speed. Ravi and colleagues [21] proposed a
new semi-supervised learning algorithm for DDoS attack detection. They
successfully detect DDoS attacks with an accuracy of 96.28%.

In short, most of the researchers presented their schemes for detecting attacks
targeting some specific IoT applications. They mostly evaluated their models
using the KDD Cup 99 and NSL-KDD wave datasets. These datasets have been
in use for a long time and are targeted at specific IoT applications. Therefore,
according to the modern security needs of IOT networks, new data sets are
needed. One limitation of the research described is that most researchers did not
discuss the compatibility of their proposed models with devices with limited
resources. The main objective of this thesis is to overcome these challenges by
presenting a new machine learning-based scheme for attack detection using an
emerging dataset related to IoT security.
The following is a summary of intrusion detection and intrusion prevention
system technologies, noting some of the features and limitations.

Table 1: Summary of intrusion detection and prevention system

technologies
IDS / IPS technology Features / benefits Limitations/challenges
• Detecting the attack by • Inability to detect new
matching the obtained known attack types
patterns with the pre-made • High rate of false alarms for
knowledge base unknown attacks
Signature detection
• High accuracy in detecting
already known attacks
• Low computational cost

• Use of statistical tests on • Need more time to discover

collected behavior to identify attacks
attacks • Accuracy of the diagnosis
anomaly diagnosis • Ability to reduce false based on the amount of
alarm rates for unknown behavior or characteristics
attacks collected

• Effective classification of • Need more time and

unstructured network packets training phase for more
Diagnostics based on a • Several hidden layers in the examples.
neural network neural network increase the • Less flexible.
classification efficiency.

• Used for quantitative • The accuracy of the

characteristics diagnosis is less than the
Diagnosis relies on fuzzy
• Provide better resilience to accuracy of the neural
logic
some uncertain issues network.

• Used to discover specific • The inability to detect

attack signatures or related completely unknown attacks
Diagnosis based on attacks in exploit discovery • You need more database
associative rules scans
• Only used to detect misuse.

Support for vector machine- • Attacks can be properly • Only separate features can
based detection classified if limited sample be categorized. Therefore,
data are given. pre-processing of these
• It can handle a huge features is required.
number of features.
 • Used to select the best • It's a complicated method.
Diagnosis is based on
features for detection.
evolutionary algorithms
• It is an effective solution • It has a high computational
hybrid technologies for the correct classification cost.
of rules.

Archimedes optimization algorithm

One newly emerging evolutionary method is the Archimedes algorithm which is

inspired by Archimedes' law. Archimedes' principle simulates the upward
buoyant force on a partially or fully submerged object. In a liquid, it is displaced
proportionally to the weight of the liquid. Archimedes' principle is summarized
in the following form:

Figure 2: A view of the concept of Archimedes' law

Archimedes' principle states that when an object is in a liquid and is fully or

partially immersed in a liquid, an upward force equal to the weight of the liquid
is exerted on the object, which, when immersed in a fluid, pushes the body
upwards: a force called buoyancy is equal to the weight of the liquid and is
applied.
The steps of this algorithm are as follows:

Step 1: Initialize the objects using the following relation [34]:

Oi=lb i+rand∗( ubi −Lbi ) ; i=1.2.000 . N (1)
In this relation, Oiis the i object in set N, and ubi and Lbiare the upper and lower
limits of the search range. The rand is also randomly selected between 0 and 1.

Step 2: Update the size and density based on the following relationship [34]:

i ¿ deni + rand∗( denbest −deni )(2)

den t+1 t t

i ¿ vol i +rand∗( vol best −vol i )(3)

vol t+1 t t

where volbest and denbest represent the size and density associated with the
best body found up to that point, and the rand is a uniformly distributed random
number.

Step 3: Conversion factor and density coefficient

This operator is responsible for examining collisions of objects on the surface of

a liquid, which is represented by TF and is calculated by the following equation:
t−t max
TF=exp( t ) (4)
max

The TF is gradually increased over time until it reaches one. Here, t and tmax
are the number of iterations and the maximum number of iterations. This
parameter affects the exploration and extraction process in this algorithm.

t +1
d =exp ( t max −t
t max
−)( )
t
t max
(5)

In the above relationship, d^(t + 1) decreases with time, which increases the
mining power.

Step 4: Exploration phase (things bump into each other):

If TF < 0.5, a collision occurs between objects, and a random object (the
master) is selected and generated.
denmr + vol mr∗acc mr
acc ti +1= t+1 t +1 (6)
den i ∗vol i
where deni, voli, and acci are the density, magnitude, and acceleration of object
i. While accmr, denmr, and volmr are the acceleration, density, and volume of
the random object.

Step 5: Exploitation or extraction stage (without bumping into things):

If TF > 0.5, there is no collision between the objects, then the following relation
is used, where accbest is the acceleration of the best object.

t +1 denbest + volbest ∗acc best

acc i = (7)
denti +1∗vol ti +1

Step 6: Speed up normalization

Acceleration adjustment is calculated to calculate the percentage changes using

the following equation [36]:

u∗acc ti +1−min ( acc )

acc ti−norm
+1
= + L (8)
max ( acc )−min ( acc )

where u and l are the normalized range and are set to 0.9 and 0.1, respectively.
acc i is also the percentage of the step that changes each step.
t +1

If body i is far from the global optimum, then the acceleration will be large -
this means that the acceleration will be in the exploration phase; Otherwise, in
the exploitation phase, the exploration and exploitation phase will fluctuate. In
the normal operating phase, the acceleration coefficient starts out with a large
value and decreases over time.

Step 7: Update the positions

To update Hershey's position, there are two relationships, related to exploration

phase and exploitation phase [34]:

If Tf < 0.5:

i−norm∗d∗( x rand −x i ) (9)

x ti +1=x ti +C 1∗rand∗acc t+1 t

If Tf > 0.5:

x i =x best + F∗C2∗rand∗acci −norm∗d∗( T∗x best −x i )(10)

t +1 t t+1 t
In these relations, c1 = 2 and c2 = 6 are taken by default.

T increases with time and is directly related to the transfer factor and is defined
using T = C3 * Tf. T increases with time in the range [C3 × 0.3, 1], taking the
best position as the initial value. T starts with a low ratio, which leads to a large
difference between the best position and the current position, so the random
movement step size will be large. As research continues, this percentage is
gradually increased to reduce the difference between the best position and the
current position. This leads to striking the right balance between exploration and
exploitation. F is a flag that shows the direction of motion and is calculated
from the following equation [36]:

{
F= +1 if p ≤ 0.5
−1if p> 0.5
where P=2*rand- C4(11)

Step 8 - Hershey's assessment is stored with the fitness function xbest, denbest,
volbest and accbest.

Step 9- If the iterations are completed, the end of the algorithm and the best
answer in step 6 are stored in memory, then go to step 2 and the iterations are
numbered.

Archimedes' algorithm is a random algorithm inspired by Archimedes' law that

simulates the balance of bodies in water for optimization. Compared with other
algorithms, the Archimedes optimization method has unique features [34], for
example:

(a) Using the best solutions during the optimization steps

(b) Pay special attention to the initial values to avoid local preference and better
convergence

(c) Balance between exploration and exploitation

(d) No need for gradation (derivation) information for the search space
cosine sine improvement algorithm to be

The sine and cosine optimization algorithm was designed with inspiration from
the motion of sine and cosine waves and was able to show that it can have
problems of exploration and extraction in optimization and global optimization
of the problem. This algorithm has a strong extraction mechanism because the
best solution always represents the destination of the search waves, so the
search waves do not deviate from the original optimal of the problem. In fact,
the oscillating behavior of the cosine algorithm allows it to search the search
space on the optimal problem in high dimensions and to obtain a good precision
for the best [35]:

The steps of this algorithm are as follows:

Step 1: Generate search waves

Do the following steps until you reach the final number of repetitions:

Step 2: Each wave is evaluated using the problem function.

Step 3: Show the best answer found.

Step 4: Update the variables r 1 ‫ و‬r 2 ‫ و‬r 3 ‫ و‬r 4

a
r 1=a−t (12)
T

a is a constant variable, t is the current frequency, and T is the final frequency

step 5 : update the new coordinates of the waves.

{ x i +r 1 ×sin ( r 2 ) ×|r 3 pi −xi|r 4 < 0.5

t t t
t +1
x =
i (13)
x i + r 1 × cos ⁡(r 2)×|r 3 pi −x i|r 4 ≥ 0.5
t t t

In the operator of this algorithm, the variables include:

x ti +1The coordinates of a new search wave

x i is the previous coordinate of the search wave

t

The coordinates of pti for the best solution found, considered as the destination.
 If r 1is less than 1, then the movement is performed towards the destination
point, and if it is greater than 1, then the movement is performed away from the
destination point.

Figure 3 Effect of coefficient r 1on wave motion in sine and cosine algorithm
[35].

r 2 is used to model oscillatory motion and ranges from 0 to 360 degrees.

Figure 4: The effect of the coefficient r 2on the motion of waves in the sine
and cosine algorithm [35].

r 3 is the weight of the destination. If it is considered to be greater than 1, a

larger movement step is performed towards the destination. If it is less than 1,
then the movement is performed with a smaller step. r 4A random variable
between 0 and 1 to switch between sine and cosine motion.
feature selection

Defines a feature in four general classes including wrapper methods, filter

methods, inline methods, and built in methods.

In rapper methods, the goal is to identify subsets of features that improve the
performance of a predetermined learning model. These methods have two
phases. Phase 1: The feature selection phase in which subsets of the main
feature set are selected using the accuracy of the classifier on the training data
as the criterion. Phase 2: Learning and testing, where the classifier is learned
using the best subset of features and training data, and tested using the test data.
Therefore, the Rapper method uses the predictive power of machine learning to
calculate the usefulness of a subset of features.

Instead of using the power of a specific classifier, filtering methods operate on

the basis of the properties inherent in the data, and the basis of these methods is
to find relevant properties and remove irrelevant attributes. Filtering methods
also involve two steps: The first step involves selecting features using criteria
such as information, distance, dependency, or compatibility. At this point, the
floor is not in use. The second stage is similar to Rapper's methods, where the
classifier is trained and tested based on existing features.

In combined methods, in order to obtain a subset of features that are most

suitable, the advantages of both aggregation and filtering methods are used, in
particular, these methods involve a hierarchical process (for example, two steps)
where the first step is based on the filtering method to reduce the number of
features studied in the second stage. With this miniature set of features, in the
second step, the rapper method is used to obtain the required number of
features. In the inline methods, the process of feature selection is included in the
learning process of the model. Therefore, feature selection is made as part of the
floor design process.
 Fig. 5 - Layer of Bandi Rosh¬Hai different election and Wizhegy[17]

There are a number of different regulations in this field, which may be subject
to an open title for the purpose of selecting and making use of it. Please note
that these regulations are based on the best accounting considerations in Table
2. Enumerate the batches of the competition for individuals and in the manner
of the cluster in its parameters Nc enumerate the cluster of these, C of the
envelopes of each of the ast and two in all of the procedures Np of the collection
of the assemblage. [36]

Table 2: Comparison of medical practices [36]

Algorithm Complexity order

Clearing O (C × N P 2 )

Deteministic crowding O ( NP)

Probabilistic crowding O ( NP)

Fitness Sharing O ( N P2)

Restricted Tournament Selection O ( N P ×W )

Clustering O (C × N C × N P)

Species Conservation O ( N 2 ) Best case O ( N P )، Worst case

P

Sequential Niching O ( NP)

There is a significant comparison of scores that may be met in order to be
considered according to the provisions of Table 3 as follows:

Table 3: Comparison of clinical trials

Basic methods Advantages Disadvantages

Simple settings to run - Processing to identify
High convergence speed the optimum from the
Low complexity O(N_ ) output populations
- Dependence on the
criterion of the distance
Congestion
between the two
optimums
- Low accuracy in
finding all the optima

High accuracy in finding - Dependence on the

all optima criterion of the distance
between the two
optimums
Clearing
- Low convergence
speed
- high complexity
O(N_^2)
Simple settings to run - Processing to identify
High accuracy in finding the optimum from the
all optima output populations
- Dependence on the
Share the goodness criterion of the distance
between the two
optimums
- high complexity
O(N_^2)
Limited tournament Simple settings to run - Dependence on the
selection Low complexity criterion of the distance
O(N_×W) between the two
optimums
- Low convergence
 speed
High accuracy in finding - Dependence on the
all optima criterion of the distance
between the two
Clustering optimums
- High execution time
- high complexity
O(N_^2)
High accuracy in finding - Processing to identify
all optima the optimum from the
In the best case, low output populations
complexity O(N_ ) - Dependence on the
Protection of species criterion of the distance
between the two
optimums
- In the worst case, high
complexity O(N_^2)

Also, in Table 4 below, a comparison of different types of evaluation functions

has been made, regardless of the type of generator function used. The
parameters used for comparison are as follows [17 and 18]:

1. Generalization: to be able to use the specified subset for different

workbooks.

2. Time complexity: the time required to find the answer subset of features.

3. Accuracy: Prediction accuracy using the chosen subgroup.

The “---” in the last column means we can't say anything about accuracy. With
the exception of classifier error, the accuracy of other evaluation functions
depends on the data set used and the classifier used after the feature is defined
to classify the classes.
 Table 4Comparison of different Erysipelas [18]

Evaluation
the generality Time complexity precision
function type
Distance criterion has it down ---
Information
has it down ---
standard
Dependency
has it down ---
criteria
Compatibility
has it medium ---
criteria
Classifier error does not have Top Very much

References
[1] Nguyen, H.-D., Pham, V.-D., Nguyen, Q.-H., Pham, V.-M., Pham, M. H., Vu, V.
M., & Bui, Q.-T,” An optimal search for neural network parameters using the
Salp swarm optimization algorithm”, a landslide application. Remote Sensing
Letters, 11(4), 353–362.2020.
[2] Tubishat, M., Idris, N., Shuib, L., Abushariah, M. A. M., & Mirjalili,
S,” nImproved salp swarm algorithm based on opposition based learning and
novel local search algorithm for feature selection”, Expert Systems with
Applications, 113122.2019.
[3] H. Shah-Mansouri and V. W. Wong, "Hierarchical fog-cloud computing for IoT
systems: A computation offloading game," IEEE Internet of Things Journal, vol.
5, no. 4, pp. 3246-3257, 2018.
[4] N Cheng, F Lyu, W Quan, C Zhou,” Space/aerial-assisted computing offloading
for IoT applications: A learning-based approach”, IEEE Journal on Selected
Areas in Communications vol. 3, no. 3, pp. 56-s70, 2019.
[5] H Guo, J Liu, J Zhang, W Sun,” Mobile-edge computation offloading for
ultradense IoT networks”, IEEE Internet of Things, vol. 8, no. 1, p. 11-22, 2018.
[6] W Du, Z Ren, A Chen, H Liu,” A Knowledge Transfer-Based Evolutionary
Algorithm for Multimodal Optimization”, in: Evolutionary Computation ,pp.
207–234,2021.
[7] PR Sekhar, B Sujatha,” A Literature Review on Feature Selection using
Evolutionary Algorithms7 2020,” th International Conference on Smart
Structures and Systems ( CSSS) ,pp. 14–21,2020.
[8] N Neggaz, AA Ewees, M Abd Elaziz,” Boosting salp swarm algorithm by sine
cosine algorithm and disrupt operator for feature selection”, Expert
Systems,pp. 57–68,2020.
[9] L Abualigah, AJ Dulaimi,” A novel feature selection method for data mining
tasks using hybrid sine cosine algorithm and genetic algorithm”, Cluster
Computing,pp. 301–321,2021.
[10] Y Wan, A Ma, Y Zhong, X Hu,” Multiobjective hyperspectral feature selection
based on discrete sine cosine algorithm”,IEEE Transactions,pp. 14–21,2020.
[11] Mainetti L, Patrono L, Rametta P .” Capturing behavioral changes of elderly
people through unobtrusive sensing technologies”. In: 2016 24th International
conference on software, telecommunications and computer networks
(SoftCOM). IEEE.S2016.
[12] Chavda P et al ,” Early detection of cardiac disease using machine learning”.
Available at SSRN S3370813.S2019.
[13] Hamim M et al .”IoT based remote health monitoring system for patients and
elderly people”. In: 2019 International conference on robotics, electrical and
signal processing techniques (ICREST). IEEE.S2019.
[14] JianingChen,JunWu ,HaoranLiang,ShahidMumtaz,JianhuaLi,Kostromitin
Konstantin, Ali Kashif Bashir, and Raheel Nawaz. Collaborative trust
blockchain based unbiased control transfer mechanism for industrial
automation. IEEE Transactions on Industry Applications, 5: 85–91,2019.
[15] William Grant Hatcher and Wei Yu. A survey of deep learning: platforms,
applications and emergingre search trends. IEEEAccess,6: 24411–24432, 2018.
[16] Mehrzad LavaDAni, Stefan Forsström, Ulf Jennehag, and Tingting Zhang.
Combining fog computing with sensor mote machine learning for industrial iot.
Sensors, 18(5): 1532, 2018.
[17] Fahimeh Farahnakian and Jukka Heikkonen. A deep auto-encoder based
approach for intrusion detection system. In 2018 20th International Conference
on Advanced Communication Technology (ICACT) , pages 178–183. IEEE,
2018.
[18] Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. A deep learning
approach to network intrusion detection. IEEE Transactions on Emerging
Topics in Computational Intelligence, 2(1): 41–50, 2018.
[19] Mohammed Hasan Ali, Bahaa Abbas Dawood Al Mohammed, Alyani Ismail,
and Mohamad Fadli Zolkipli. A new intrusion detection system based on fast
learning network and particle swarm optimization. IEEE Access, 6: a20255–
20261, 2018.
[20] Mehdi Moukhafi, Khalid El Yassini, and Seddik Bri. A novel hybrid ga and svm
with pso feature selection for intrusion detection system. Int. J. Adv. Sci. Res.
Eng. , 4: 129–134, 2018.
[21] R Vijayanand, D Devaraj, and B Kannapiran. A novel intrusion detection
system for wireless mesh network with hybrid feature selection technique based
 on ga and mi. Journal of Intelligent & Fuzzy Systems, 34(3): 1243– 1250,
a2018.
[22] L Khalvati, M Keshtgary, and N Rikhtegar. Intrusion detection based on a novel
hybrid learning approach. Journal of AI and data mining, 6(1): 157– 162, 2018.
[23] JQ James, Yunhe Hou, and Victor OK Li. Online false data injection attack
detection with wavelet transform and deep neural networks. IEEE Transactions
on Industrial Informatics, 14(7): 3271–3280, 2018.
[24] Hadi Larijani, Abbas Javed, Nhamoinesu Mtetwa, Jawad Ahmad, et al.
Intrusion detection using swarm intelligence. In2019UK/ChinaEmerging
Technologies (UCET) , pages 1–5. IEEE, a2019.
[25] Gonzalo De La Torre Parra, Paul Rad, Kim-Kwang Raymond Choo, and Nicole
Beebe. Detecting internet of things attacks using distributed deep learning.
Journal of Network and Computer Applications, page 102662, a2020.
[26] Dehua Zheng, Zhen Hong, Ning Wang, and Ping Chen. An improved ldaba
sedelm classification for intrusion dete ctionalg orithminiot application.
Sensors, 20(6): 1706-1712 2020.
[27] Taranveer Singh and Neeraj Kumar. Machine learning models for intrusion
detection in iot environment: A comprehensive review. Computer
Communications,15-24. 2020.
[28] Cosimo Ieracitano, Ahsan Adeel, Francesco Carlo Morabito, and Amir
HuDAin. A novel statistical analysis and autoencoder driven intelligent
intrusion detection approach. Neurocomputing, 387: 51–62, 2020.
[29] Xiaodan Yan, Yang Xu, Xiaofei Xing, Baojiang Cui, Zihao Guo, and
TaibiaoGuo. Trust worthy network anomaly dete ction based on an adaptive
learning rate and momentum in IOT. IEEE Transactions on Industrial
Informatics, a31–42,2020.
[30] Mojtaba Eskandari, Zaffar Haider Janjua, Massimo Vecchio, and Fabio
Antonelli. Passban ids: An intelligent anomaly based intrusion detection system
for iot edge devices. IEEE Internet of Things Journal, 47–53, 2020.
[31] Mahdis Saharkhizan, Amin Azmoodeh, Hamed HaddadPajouh, Ali
Dehghantanha, Reza M Parizi, and Gautam Srivastava. A hybrid deep
generativelocalmetriclearningmethodforintrusiondetection. InHandbookof Big
Data Privacy. 343–357, 2020.
[32] R Vinayakumar, Mamoun Alazab, Sriram Srinivasan, Quoc-Viet Pham, Soman
Kotti Padannayil, and K Simran. A visualized botnet detection system based
deep learning for the internet of things networks of smart cities. IEEE
Transactions on Industry Applications, 46–57, 2020.
[33] Nagarathna Ravi and S Mercy Shalinie. Learning driven detection and
mitigation of ddos attack in iot via sdn-cloud architecture. IEEE Internet of
Things Journal, 112–124, 2020.
[34] Hashim, F. A., Hussain, K., Houssein, E. H., Mabrouk, M. S., & Al-Atabany, W.
(2020). Archimedes optimization algorithm: a new metaheuristic algorithm for
solving optimization problems. Applied Intelligence, 273, 114287.
[35] Seyedali Mirjalili. (2016). SCA: A Sine Cosine Algorithm for solving
optimization problems”, Knowledge-Based Systems , pp. 1–6.
[36] R Hans, H Kaur,” Hybrid binary Sine Cosine Algorithm and Ant Lion
Optimization (SCALO) approaches for feature selection problem”,Journal of
Computational Materials Science ,pp. 6–21,2020.