Sivagaminathan et al.

Cybersecurity (2023) 6:27 Cybersecurity

https://doi.org/10.1186/s42400-023-00161-0

RESEARCH Open Access

Intrusion detection systems for wireless

sensor networks using computational
intelligence techniques
Vaishnavi Sivagaminathan1* , Manmohan Sharma1 and Santosh Kumar Henge1

Abstract
Network Intrusion Detection Systems (NIDS) are utilized to find hostile network connections. This can be accom-
plished by looking at traffic network activity, but it takes a lot of work. The NIDS heavily utilizes approaches for data
extraction and machine learning to find anomalies. In terms of feature selection, NIDS is far more effective. This is
accurate since anomaly identification uses a number of time-consuming features. Because of this, the feature selec-
tion method influences how long it takes to analyze movement patterns and how clear it is. The goal of the study
is to provide NIDS with an attribute selection approach. PSO has been used for that purpose. The Network Intrusion
Detection System that is being developed will be able to identify any malicious activity in the network or any unusual
behavior in the network, allowing the identification of the illegal activities and safeguarding the enormous amounts
of confidential data belonging to the customers from being compromised. In the research, datasets were produced
utilising both a network infrastructure and a simulation network. Wireshark is used to gather data packets whereas
Cisco Packet Tracer is used to build a network in a simulated environment. Additionally, a physical network consisting
of six node MCUs connected to a laptop and a mobile hotspot, has been built and communication packets are being
recorded using the Wireshark tool. To train several machine learning models, all the datasets that were gathered—cre-
ated datasets from our own studies as well as some common datasets like NSDL and UNSW acquired from Kaggle—
were employed. Additionally, PSO, which is an optimization method, has been used with these ML algorithms for
feature selection. In the research, KNN, decision trees, and ANN have all been combined with PSO for a specific case
study. And it was found demonstrated the classification methods PSO + ANN outperformed PSO + KNN and PSO + DT
in this case study.
Keywords Network intrusion detection systems (NIDS), Cisco packet tracer, Wireshark tool, Machine learning, PSO,
Cybersecurity, Optimization

Introduction HIDS seeks to keep track of internal computer system

According to Musa et al. (2021), IDSs are "active pro- activity. The NIDS’s objective is to dynamically monitor
cesses or devices that review device and connection the network traffic in real-time. In order to ascertain any
activities for unapproved and disagreeable behavior." IDS potential network intrusions, the NIDS tries to accom-
are available in three flavors. These categories include plish that. It tries to do that by using the right detection
HIDS, NIDS, and hybrid-based IDS (Waskle 2020). The techniques.
There are three distinct categories: hybrid IDS built on
*Correspondence:
an IDS, exploitation identification, and anomaly detec-
Vaishnavi Sivagaminathan tion (Ganesh and Sharma 2021). A collection of specified
vaishnavi.ganesh8@gmail.com
1
characteristics or criteria is used in the detection system
Lovely Professional University, Phagwara, India
to identify recognised hazards. The anomaly detection

© The Author(s) 2023. Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which
permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the
original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or
other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line
to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory
regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this
licence, visit http://​creat​iveco​mmons.​org/​licen​ses/​by/4.​0/.
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 2 of 15

mechanism detects unidentified attacks on a regular businesses, residential area networks, wireless sensor
basis. This is achieved by evaluating if the device’s state networks, and the Internet of Things. Securing sensitive
is normal. The IDS classification for anomaly detection is data kept in various databases is essential. Customer-
shown in Fig. 1. A hybrid IDS may be able to spot both related information, such as TINs, dates of birth, and
known and unidentified attacks. The focus of this essay is Aadhar card numbers, must be kept safe for this reason.
the NIDS. NIDS uses the entire network’s traffic charac- As a result, intrusion detection systems become neces-
teristics to detect threats. The NIDS is the subject of this sary. It is necessary to have systems for both intrusion
article. NIDS uses the whole network’s traffic character- detection and prevention (Sivagaminathan and Dr. Man-
istics to find hazards. The utilization of all capabilities is mohan Sharma. 2021a).
not necessary for attack detection. DoS attacks, Man in the Middle attacks, sinkhole
Infiltration is a notion that exists anyplace there is con- attacks, selected transmitting attacks, flooded attacks,
nectivity. Applications comprise Wifi hotspots in big worm attacks, etc. are just a few examples of the many

Fig. 1 IoT environment threat dimensions

Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 3 of 15

diverse attack types that may be used. DoS attacks can Leung 2016; Sharma and Moller 2018). Despite the fact
involve saturating a server with phony information in an that several IoT systems provide poor attack characteris-
effort to jam the networks and block actual traffic from tics, protocol-level feature implementations significantly
reaching the host. This regularly happens in the world superior than that used by all people. As a result, to pre-
of online business. It’s possible for a site to purposefully vent any sort of hazard from accessing the defined sys-
flood other site’s server with fictitious traffic. As a result, tem, a greater feature is necessary.
intrusion detection and prevention are crucial. (Bang The paper will follow the following format: The prep-
et al. 2020). aration of datasets utilising two pieces is covered in
Wireless sensors also demand penetration testing. All Sect. “Proposed methodology”. Part a involves employ-
industries, including those connected to agriculture, ing a simulation environment, such as the Wireshark and
business, building roads and traffic networks, the mili- Cisco Packet Tracer tools. The development of datasets
tary, telecommunications, and the medical and health through a real, physical network made with node MCUs
fields, employ WSNs. the tracking of patients’ locations is covered in Part b (Jing et al. 2022). Several machine
and the surveillance of elderly patients (Karimipour learning classifiers are trained in Sect. “ML classifica-
et al. 2019) are examples of how this is used in the health tion model training using a variety of methods “ utilising
world. the datasets mentioned above and PSO as an optimiza-
The following are some IPDS systems that have been tion strategy. Section “Result and discussion” includes the
created in various fields: findings and Discussions.

a A commercially available NIDS tool called Snort was Proposed methodology

used to compare an intrusion detection network sys- The proposed Methodology is as follows:
tem’s effectiveness (IDPS) that has been described. A variety of machine learning (ML) models, including
All Snort rules Utilize the prefix in the suggested Linear Regression, SVM, Decision Trees, Random For-
system and randomized indexes techniques, and as est, k nearest neighbor (knn), Artificial Neural Networks,
during periods of intense network connections, key Adaboost, Naive Bayes classifier, and Bayesian classifiers,
sequences are developed to decrease the duration of among others, are trained using the selected features, as
packet sniffing and the probability of false positives shown in Fig. 2, and their prediction accuracy is deter-
(Almomani and M. AL-Akhras 2016). mined (Zhao et al. 2022; Zhang et al. 2022a). To further
b Synchronized phasor systems may now identify mali- improve the effectiveness of ML classifiers, PSO has also
cious intrusions with the use of a tool called System been used as an optimization strategy.
for detecting intrusions specific to synchro phasors
(SSIDS). It combines a behaviour patterns strategy a) Creating datasets with the wireshark tool using a
and a diverse whitelist to detect both known and uni- cisco packet tracer simulated network
dentified attacks. (Abdulaziz et al. 2019).
c To avoid intrusion, a solution known as home region The technique used in our proposed study was to
network using ZigBee could use HANIDPS as just an first construct the network system with the appro-
intrusion protection and monitoring system has been priate node layout, as illustrated in Flowchart Fig. 3
developed (Firoz Kabir and Sven Hartmann 2018). (Mushtaq et al. 2022). This node was created using
d An IDPS has also been created to safeguard linked a distinctive network design (Transfer learning-
automobiles’ Controller Area network (CAN) buses. based multi-adversarial detection of evasion attacks
Real-time vehicle data may be provided through the against network intrusion detection systems 2022).
Controller Area Network interface, which links sens- We set up Cisco Packet Tracer to initialize a model
ing devices and controlling devices in a network for of the whole network architecture for this purpose.
control applications (Yang et al. 2020). A serial auto- We have created a test network environment for this
mobile bus network is involved. system with 5 source IP addresses, 13 destination IP
addresses, and 9 protocols. ARP, BROWSER, DHCP,
Threats to IoT settings come in many forms, both phys- ICMPV6, IGMPV3, LLMNR, MDNS, NBNS, and
ical and virtual. Figure 1 demonstrates the many forms SSDP were among the network protocols used (Ravi
of cyber security included in the IoT process, including et al. 2022). Using the Cisco packet tracer simulator,
cloud services with multiple-system creation, and attack the protocol was started for a duration of 10 min.
level. All of the above-mentioned categories have a high There were no run time errors while the simulation
degree of assault; hence these procedures demand high- was running since the run time was properly setup
security characteristics on several dimensions (Jokar and (Mokhtar Mohammadi et al. 2021; Lo et al. 2022)
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 4 of 15

through. Once the simulation model was fully mod-

elled, we utilized the Wireshark system to gather data
packet values for source, destination IP, and protocols
with respect to time, allowing us to initialize the time
domain model and create a more accurate and reli-
able prediction model.

Proposed algorithm
The suggested approach is made to lessen the features of
network incursion for effective management of source
and destination protocols on the available network band-
width. Any network, including Bluetooth, 3G, 4G, 5G,
Wi-Fi 2.4Ghz or Wi-Fi 33 5Ghz, may use this method.
Understanding the method for determining the histori-
cal features of incursion flow on the specific network is
necessary (Wang et al. 2022a). In order to comprehend
the future mutation in the infiltration over any network
bandwidth, this analysis is being taught utilizing neural
networks (Wang et al. 2020). The method begins with the
function A (x, y, z), where x, y, and z represent source IP,
destination IP, and intrusion protocols, respectively.
Fig. 2 Operating a better IDS system We have I as a variable that identifies the features of
an intrusion, j as the likelihood that the intrusion would
be discovered, and x, y, and z as parameters that rely on
the simulation model’s functions (Saba et al. 2022; Mal-
donado et al. 2022).
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 5 of 15

Fig. 3 Demonstrates the entire process of data collecting for any network simulation model

Back trace to find the sequence of Intrusion 2. Using the Wireshark tool, 10 min worth of activity
The probability of the ideal sequence for source, des- on our laptop system, including the aforementioned
tination, protocols, incursion, and values attributes is conversation, is captured in the packets that were
stored in the array Network Intrusion (X, Y, Z, I j). Cer- transmitted. The Wireshark tool is used to recover
tain network features will be given probability and weight the protocols utilised, source IP addresses, destina-
in C(T) functions (Wang et al. 2022b). tion IP addresses, and the length of communication
between specified sources and specific destinations
1. Using Cisco Packet Tracer, a network made up of (Detecting botnet by using particle swarm optimiza-
PCs, switches, and routers connected by LAN is built tion algorithm based on voting system 2020).
in the simulated scenario. Figure 4 illustrates that 3. In order to determine which destination takes the
(Selection and for Intrusion Detection System et al. longest, filters are now being used, graphs are being
2020). displayed, and each protocol is being examined indi-
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 6 of 15

Fig. 4 Showing the test network architecture in Cisco packet tracer

ff02::1:3(desnaon IP)
0.0005
0.00045
0.0004
0.00035
0.0003
0.00025
0.0002
0.00015
0.0001
0.00005
0

Fig. 5 Shows protocols vs (ff02::1:3) destination IP

Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 7 of 15

Fig. 6 Shows protocols vs (192.168.239.1) Source IP

vidually (Chohra et al. 2022). The area that is most Protocols involved, and the length of time it takes for a
affected is the one that occupies the majority of the certain Protocol to have an effect on a certain Destina-
graph’s time. When a destination’s maximum time tion IP before having an impact on a particular Source
is shown, it means the location offered the greatest IP. The parameters are shown below:
degree of defense against any odd incoming packets Figure 4 depicts the network architecture utilised in
from a source. Consequently, this odd package that our testing environment, and Table 3 shows the Source,
just arrived could be an intrusion. Destination, and Protocol Dataset in relation to it.
4. We next try to identify the source from where this Figure 8 shows the development of wireless sensor net-
packet originated to the place where it experienced works made up of NS2 nodes.
the most resistance by applying filters to that par- According to varied data bandwidth communications,
ticular destination. Once more, by finding the source it has been discovered that the processing time line for
that takes up the greatest space in the graph, the IP various communication protocols on the specified test
address of the suspected intrusion source may be environment varies from 0.002 to a maximum of 40 s
determined. (Cui et al. 2019). Our research has documented the dura-
tion of data packet transmission, which is a result of com-
The information is shown in the following R-plotted munication protocols. This observation directly relates
graphs, Figs. 5, 6, and 7. (Part a’s findings). to the reliability of intrusion to time and the processing
The many criteria by which the above graphs are power of the network design, network nodes, or network
shown include the different Source IPs, Destination IPs, cloud.
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 8 of 15

Fig. 7 Shows protocols vs (192.168.239.255) destination IP

b) The development of datasets from a physical network sive ON orders followed by two seconds later by two
made using five node MCUs, a laptop, and a mobile OFF commands. Using the normal and intrusion-
device induced datasets from each of these datasets, the
neural network model was trained. Some datasets
The following was done during the experiment. An were created from scratch, while others come from
internet connection based on a mobile hotspot was UNSW and other Kaggle and GitHub sources (Hem-
made possible by the development of a network of masian et al. 2022).
laptops and six node MCUs. The matching node
MCUs were then connected to six LEDs. First, nor- A physical network was constructed utilising a lap-
mal on and Off buttons from a mobile device with top, a mobile device, and five node MCUs, as illus-
IoT programming were used to switch on and off trated in Fig. 9. Additionally, the dataset was obtained
the LEDs (Gölcük et al. 2020). The Normal Dataset via both harmful and lawful means. These datasets
was compiled using the Wireshark software. The IP are those that we presently have (Balamurugan et al.
address of one of the nodes’ MCUs was afterwards 2022).(v). Several types of data caused by viruses are
modified to an extremely long string, allowing some included in a UNSW dataset from GitHub.(vi). The
type of intrusion to be introduced (Alazzam et al. dataset Kddcup 99
2020; Kitali et al. 2021; Lima et al. 2020). Another (i). A typical dataset created with the Wireshark pro-
dataset—this time an intrusion-induced dataset— grammed and a simulated Cisco Packet Tracer net-
was also created using the Wireshark programme. work.
This moment, the node MCU received two succes-
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 9 of 15

Fig. 8 Creation of wireless sensor networks consisting of nodes in NS2

Fig. 9 A physical network made up of a mobile device, a laptop, and five node MCUs was created

(ii). Using node MCUs in wireless networks, a typical (iv). The perturbed dataset was created by adding tur-
dataset for an IoT context was obtained. bulence within the network we built using IoT
(iii). The NSDL dataset from Kaggle is used to train the (Qazi et al. 2022; Zhu et al. 2022).
neural network (which consists of details about
various types of attacks)
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 10 of 15

Fig. 13 Receiver operating characteristic (ROC) for KNN

Fig. 10 Confusion matrix plotting for Logistic Regression

Table 1 Classification report for logistic regression

Precision Recall f1-score Support

0 0.98 0.99 0.99 19,368

1 1 0.99 1 79,436
Accuracy 0.99 98,804
Average macro 0.99 0.99 0.99 98,804
Avg. weighted 0.99 0.99 0.99 98,804

Table 2 Classification report for KNN

Precision Recall f1-score Support

0 1 1 1 19,368
Fig. 11 Receiver operating characteristic (ROC)for logistic regression 1 1 1 1 79,436
Accuracy 1 98,804
Macro avg 1 1 1 98,804
Weighted Avg 1 1 1 98,804

ML classification model training using a variety

of methods
These datasets were used to train the various ML classifi-
ers mentioned above, and their rates of accurately detect-
ing hazardous behavior were calculated (Joon and Tomar
2022). Following that, PSO was combined with each of
these various ML classifiers, and a comparison study is
provided in Results.
Figures 10, 11, 12, and 13 below illustrate the confusion
matrix, classification report, and receiver operating char-
acteristic for logistic regression and KNN (Tables 1 and
2).
Fig. 12 Plotting confusion matrix for KNN
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 11 of 15

Table 3 Shows the source, destination and protocol dataset Result and discussion
with respect to our test environment of network topology as After utilising the aforementioned datasets to train
shown in Fig. 4 multiple ML classifiers, PSO was used in conjunction
Source Destination Protocol with each of these classifiers. A comparison of PSO
in conjunction with three of the classifiers—k Near-
192.168.239.1 192.168.239.1 ARP
est Neighbor, Artificial Neural Networks, Decision
192.168.239.254 192.168.239.254 BROWSER Trees, are listed here (Tables 3, 4, 5 and 6).
fe80::f9fc:ad11:1e14:b75 192.168.239.255 DHCP The following was noted when the proposed IDS sys-
VMware_c0:00:08 224.0.0.22 ICMPv6 tem and the present IDS were contrasted from various
VMware_fc:23:ae 224.0.0.251 IGMPv3 research studies:
224.0.0.252 LLMNR Therefore, it can be stated that, when compared to
239.255.255.250 MDNS other systems, the suggested IDS, PSO + ANN provides
Broadcast NBNS the best accuracy and the lowest FPR (A survey on fire-
ff02::1:3 SSDP fly algorithms et al. 2022; Judy Simon et al. 2022).
ff02::16 Below are some benefits of the various algorithms and
ff02::fb technologies used for this study endeavor:
VMware_c0:00:08
VMware_fc:23:ae i. Advantages of particle swarm optimization (PSO)

Popular optimization methods include Particle

Table 4 Performance metrics for proposed classifiers Swarm Optimization (PSO). The concept behind it
Measure PSO + DT (%) PSO + KNN (%) PSO + ANN (%) is to simulate the behaviour of a flock of birds, with
each bird standing in for a particle that seeks for the
Predictability 98.7 99.6 99.7
global optimum. Finding the best answer requires,
Accuracy 75.2 88.4 90.2
the method utilises a swarm of particles that fly
Low predictive 99.5 99.8 99.8
value (NPV) (Sindhu across the solution space and investigate various
et al. 2012) options (Ganesh and Sharma 2021).
F1 rank 81.7 92.1 94.1
PSO continues to be a popular option for many opti-
mization issues despite the development of several
other optimization techniques throughout the years.
Table 5 Assessment of suggested classifications This is because PSO provides a number of benefits
Measures PSO + DT (%) PSO + KNN (%) PSO + ANN (%) over other optimization methods, including: Simple
and straightforward to use: PSO is an easy-to-imple-
Precision 98.5 99.5 99.77
(Hoque et al.
ment optimization method that works with any com-
2012) puter language (Guilherme Ramos et al. 2022).
DR 89.5 96.1 97.2
FPR 1.2 0.3 0.02 • Efficient in terms of computations PSO is a quick
and effective optimization approach because it
doesn’t call for complicated or time-consuming
calculations.
Table 6 Comparison evaluation of the current system
• Effective performance for complicated issues PSO
Authors Algorithm Accuracy (%) FPR (%) has been demonstrated to be effective for difficult
optimization issues with high-dimensional search
Sindhu, Geeta & Kan- DT 98.2 0.016
nan (Guo 2007) spaces.
Mohammad Sazzadul GA 96.4 0.05 • Robustness PSO is a robust optimization method,
Hoque (Preeti et al. which means it can deal with erratic or noisy
2022) objective functions (Wang et al. 2021).
Guo KNN 98.45 0.048
TCM + KNN 99.4 0.1
PSO, a well-liked optimization method, has been
Proposed classifier PSO + DT 98.5 0.011
extensively applied in many different applications, includ-
PSO + KNN 99.6 0.004
ing feature selection (Meysam Valueian et al. 37 2022;
PSO + ANN 99.78 0.003 Abdallah and Wafa’ Eleisah et al. 2022). The approach
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 12 of 15

offers various benefits over other optimization methods, implies that a sizable user base exists that can offer
including resilience, strong performance for complicated the tool resources and assistance (Al-Anzi 2022).
problems, and simplicity and computing economy. • Advanced functions Wireshark has a number of
Different performance measures have been used in advanced functions.
studies on numerous contemporary intrusion detec- • Additional features Wireshark has a number of
tion systems (Sivagaminathan and Dr. Manmohan advanced capabilities that make it a strong tool for
Sharma. 2021b). A number of machine learning algo- network analysis and troubleshooting, including
rithms have been studied, including K-Nearest Neigh- packet filtering, protocol analysis, and exporting of
bors, SVM, Discriminant Analysis, Naive Bayes Model, recorded data.
Logistic Regression, Ridge Classifier, and Decision Trees.
The functioning of computational intelligence meth- Due to its interoperability, user-friendly interface,
ods including Grey Wolf Optimization (GWO), Firefly open-source status, and extensive functional-
Optimization (FFA), Genetic Algorithms, and numerous ity, Wireshark is a recommended tool for collect-
evolutionary algorithms was also thoroughly researched ing active communication packets (Hassan et al.
(Pampapathi et al. 2022). 2022). These elements make it a flexible and effec-
tive tool for network traffic analysis and problem-
ii. Advantages of wireshark tool solving.

For 10 minutes, the packets sent through the laptop

system were captured using the Wireshark Tool, iii. Advantages of cisco packet tracer
and a simulation of a LAN server, PCs, and rout-
ers was built using Cisco Packet Tracer. We used A network simulation programme called Cisco
this information to build our own dataset, which Packet Tracer offers a visual interface for net-
had protocols, source and destination IP addresses, work design and setup. It is a graphical user
and—most importantly—the amount of time interface (GUI)-based programme that enables
needed to communicate between each source and users to effortlessly drag and drop elements
each destination. We then plotted several graphs to to construct a virtual network environment,
study these interdependencies (Zhang et al. 2022b). such as PCs, switches, routers, and servers.
Users may experiment with various setups,
Popular software for recording and examining net- test out network situations, and debug network
work data is called Wireshark. To monitor and fix problems with the help of the tool, which is
network issues, network administrators, security intended to mimic a real-world network envi-
experts, and network engineers frequently utilize ronment (Pingale et al. 2022; Choudhary and
it. Wireshark is a recommended tool for collecting Kesswani 2020).
active communication packets for a number of rea-
sons, including: On the other hand, NS2 is a discrete event
simulator that gives network simulations a
• Compatibility windows, Linux, and macOS are command-line interface. In order to construct
just a few of the many operating systems that and configure network components in the vir-
Wireshark supports. Additionally, it supports a tual environment, users must write code. This
large number of networking protocols, giving it necessitates a better comprehension of net-
a flexible tool for examining various kinds of net- work protocols, coding principles, and some
work data. degree of programming expertise (Rintyarna
• User-friendly interface The Wireshark interface et al. 2019).
is user-friendly, making it simple to explore and
analyses network traffic. Additionally, it offers a Cisco Packet Tracer and NS2 vary primarily in
number of visualization tools, including packet that the former offers a graphical interface for
decoding, protocol dissectors, and graphs, to network simulations while the later necessi-
make it simpler to comprehend the data being tates user-written code. Cisco Packet Tracer is
gathered. therefore a more approachable choice for folks
• Open-source because Wireshark is an open- who are unfamiliar with network simulations
source programme, it is available for free and or who lack a solid experience in programming
may be altered to suit certain requirements. This (Alzubaidi et al. 2020).
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 13 of 15

Conclusions experience delivering lectures, comprised of nearly 8 years of international

level teaching experience and more than 8 years of national level experience,
In the modern world, network intrusion detection is conducting training programs, supervising projects, collecting and processing
quite important. Every network is vulnerable to differ- technical data and conducting research. He was awarded a Ph.D. degree
ent kinds of assaults. Using the Wireshark tool, data from the Department of Computer Science, Kakatiya University. His research
specializations are artificial intelligence, machine learning, medical image
packets were recorded during live communication in processing and cyber security which are mainly emphasis on neural-fuzzy
the system where a simulation network was built uti- hybrid systems, machine learning algorithms, image processing, data mining
lising Cisco Packet Tracer, as well as in a real network and wide data analysis. He is also actively serving several AI and cyber security
related journals and conferences as editorial board member, organizing com-
built using five node MCUs, a laptop, and a mobile mittee member, workshop organizer and reviewer.
device. Datasets caused by intrusions were also gath-
ered from this setup. Along with some standard data- Funding
There are no funding resources for this research work.
sets from UNSW, Kaggle, and GitHub, the acquired
datasets were utilised to train numerous ML models. As Availability of data and materials
an optimization method, PSO was used with these ML Data is available with the author; it will be made available to researchers as per
demand.
classifiers. PSO+ANN, PSO+KNN, and PSO+DT were
carefully watched and investigated in a case study. With
Declarations
a best accuracy of 99.78 and a lowest FPR of 0.003%, it
was discovered that PSO+ANN surpasses PSO+KNN, Ethics approval and consent to participate
PSO+DT, and other current IDS. The authors declare that they have no known competing financial interests
or personal relationships that could have appeared to influence the work
Potential datasets when trained to the proposed IDS, reported in this paper. And the work shown in the paper is original.
may employ deep learning approaches for giving better
efficient results. Competing interests
The authors declare that they have no known competing financial interests
or personal relationships that could have appeared to influence the work
reported in this paper.
Author contributions
All authors have equally contributed to the research work. All authors read
and approved by the final manuscript.
Received: 28 December 2022 Accepted: 22 April 2023
Authors’ information
Astt. Proff. Vaishnavi Sivagaminathan working as Assistant Professor in Priya-
darshini College of Engineering, Nagpur is undergoing her PhD from Lovely
Professional University, Punjab, India in Computer Science and Engineering
References
discipline. As a highly skilled Assistant Professor with more than 12 years of
Abdallah EE, Otoom AF (2022) Intrusion detection systems using supervised
experience delivering lectures, conducting training programs, supervising
machine learning techniques: a survey. Procedia Comput Sci 1(201):205–
projects, collecting and processing technical data and conducting research.
212. https://​doi.​org/​10.​1016/j.​procs.​2022.​03.​029
Her research specializations are artificial intelligence, machine learning, image
Abdulaziz I Al-issa1, Mousa Al-Akhras1+2, Mohammed S ALsahli1, Moham-
processing, cyber security and Networking and Security.
med Alawairdhi1 (2019) “Using machine learning to detect DoS attacks in
Dr. Manmohan Sharma presently serving as Professor in School of Com-
wireless sensor networks.” In: IEEE jordan international joint conference on
puter Applications, Lovely Professional University, Punjab, INDIA has a vast
electrical engineering and information technology
experience of more than 24 years in the field of academics, research and
Al-Anzi FS (2022) Design and analysis of intrusion detection systems for wire-
administration with different Universities and Institutions of repute such as
less mesh networks. Digit Commun Net. https://​doi.​org/​10.​1016/j.​dcan.​
Dr. B.R. Ambedkar University, Mangalayatan University etc. Dr. Sharma has
2022.​05.​013
been awarded with his Doctorate degree from Dr. B.R. Ambedkar University,
Alazzam H, Sharieh A, Sabri KE (2020) A feature selection algorithm for intru-
Agra in 2014 in the field of Wireless Mobile Networks. His areas of interest
sion detection system based on pigeon inspired optimizer. Expert Syst
include Wireless Mobile Networks, Adhoc Networks, Mobile Cloud Comput-
Appl 148:113249. https://​doi.​org/​10.​1016/j.​eswa.​2020.​113249
ing, Recommender Systems, Data Science and Machine Learning etc. More
Almasoudy FH, Al-Yaseen WL, Idrees AK (2020) Differential evolution wrapper
than 50 research papers authored and co-authored, published in International
feature selection for intrusion detection system. Procedia Comput Sci
or National journals of repute and conference proceedings comes under his
167:1230–1239. https://​doi.​org/​10.​1016/j.​procs.​2020.​03.​438
credits. He is currently supervising six doctoral theses. Three Ph.D. and three
Almomani B, Al-Kasasbeh and M AL-Akhras, (2016) “WSN-DS: a dataset for
M.Phil. degrees has already awarded under his supervision. He has guided
intrusion detection systems in wireless sensor networks. J Sensors.
more than 600 PG and UG projects during his service period under the aegis
https://​doi.​org/​10.​1155/​2016/​47319​53
of various Universities and Institutions. He worked as reviewer of many confer-
Alzubaidi A, Tepper J, Lotfi A (2020) A novel deep mining model for effective
ence papers and member of the technical program committees for several
knowledge discovery from omics data. Artif Intell Med 104:101821.
technical conferences. He is also actively serving several journals related to
https://​doi.​org/​10.​1016/j.​artmed.​2020.​101821
the field of wireless, mobile communication and cloud computing as editorial
Asadi M, Jamali MAJ, Parsa S, Majidnezhad V (2020) Detecting botnet by using
board member. He is also member of various professional/technical Societies
particle swarm optimization algorithm based on voting system. Future Gen-
including Computer Society of India (CSI), Association of Computing Machines
erat Comput Syst 107:95–111. https://​doi.​org/​10.​1016/j.​future.​2020.​01.​055
(ACM), Cloud Computing Community of IEEE, Network Professional Associa-
Balamurugan E, Mehbodniya A, Kariri E, Yadav K, Kumar A, Haq MA (2022) Net-
tion (NPA), International Association of Computer Science and Information
work optimization using defender system in cloud computing security
Technology (IACSIT), and Computer Science Teachers Association (CSTA).
based intrusion detection system withgame theory deep neural network
Dr. Santosh Kumar Henge working as Associate Professor in the School of
(IDSGT-DNN). Pattern Recognition Lett 156:142–151. https://​doi.​org/​10.​
Computer Science and Engineering, Lovely Professional University, Punjab,
1016/j.​patrec.​2022.​02.​013
India. As a highly skilled Associate Professor with more than 16 years of
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 14 of 15

Bang R, Manish P, Vasu G, Vishal K, Jyoti M, and Sambhaji S (2020) "Redefining representation of in-vehicle network traffic. Vehic Commun 35:100471.
smartness in township with internet of things & artificial intelligence: https://​doi.​org/​10.​1016/j.​vehcom.​2022.​100471
Dholera city." In: E3S web of conferences, vol 170, p 06001. EDP Sciences Maldonado J, Riff MC, Neveu B (2022) A review of recent approaches on wrap-
Chohra A, Shirani P, Karbab E, Debbabi M (2022) Chameleon: optimized feature per feature selection for intrusion detection. Expert Syst Appl 18:116822.
selection using particle swarm optimization and ensemble methods for https://​doi.​org/​10.​1016/j.​eswa.​2022.​116822
network anomaly detection. Comput Sec 117:102684. https://​doi.​org/​10.​ Mokhtar Mohammadi, Tarik A. Rashid, Sarkhel H.Taher Karim, Adil Hussain
1016/j.​cose.​2022.​102684 Mohammed Aldalwie, Quan Thanh Tho, Moazam Bidaki, Amir Masoud
Choudhary S, Kesswani N (2020) Analysis of KDD-Cup’99, NSL-KDD and Rahmani, Mehdi Hosseinzadeh, A comprehensive survey and taxonomy
UNSW-NB15 datasets using deep learning in IoT. Procedia Comput Sci of the SVM-based intrusion detection systems. J Net Comput Appl 178:
1(167):1561–1573. https://​doi.​org/​10.​1016/j.​procs.​2020.​03.​367 102983 https://​doi.​org/​10.​1016/j.​jnca.​2021.​102983
Cui G, Liu B, Luan W (2019) Neural network with extended input for estimat- Musa US, Chakraborty S, Abdullahi MM, Maini T. A review on intrusion detec-
ing electricity consumption using background-based data generation. tion system using machine learning techniques. In2021 International
Energy Procedia 158:2683–2688. https://​doi.​org/​10.​1016/j.​egypro.​2019.​ conference on computing, communication, and intelligent systems
02.​022 (ICCCIS) 2021 Feb 19 (pp. 541-549). IEEE https://​doi.​org/​10.​1109/​ICCCI​
Debicha I, Bauwens R, Debatty T, Dricot J-M, Kenaza T, Mees W (2022) and TAD: S51004.​2021.​93971​21.
transfer learning-based multi-adversarial detection of evasion attacks Mushtaq E, Zameer A, Khan A (2022) A two-stage stacked ensemble intrusion
against network intrusion detection systems. Future Generat Comput detection system using five base classifiers and MLP with optimal feature
Syst. https://​doi.​org/​10.​1016/j.​future.​2022.​08.​011 selection. Microproc Microsyst. https://​doi.​org/​10.​1016/j.​micpro.​2022.​
Deep K (2022) A random walk Grey wolf optimizer based on dispersion factor 104660
for feature selection on chronic disease prediction. Expert Syst Appl Pampapathi BM, Guptha N, Hema MS (2022) Towards an effective deep
206:117864 learning-based intrusion detection system in the internet of things.
Firoz Kabir M, Sven Hartmann”(2018) Cyber security challenges: an efficient Telemat Inform Reports 7:100009. https://​doi.​org/​10.​1016/j.​teler.​2022.​
intrusion detection system design”. In : IEEE international young 100009
engineers forum Paria J, Victor C M Leung (2016) “Intrusion detection and prevention for
Ganesh V, Sharma M (2021) Intrusion detection and prevention systems: a ZigBee-based home area networks in smart grids”. In: IEEE Transaction
review. In: Ranganathan G, Chen J, Rocha Á (eds) Inventive communi- on Smart Grid
cation and computational technologies. Lecture notes in networks and Pingale SV, Sutar SR (2022) Remora whale optimization-based hybrid deep
systems, https://​doi.​org/​10.​1007/​978-​981-​15-​7345-3_​71 learning for network intrusion detection using CNN features. Expert
Guo YL (2007) An active learning-based TCM-KNN algorithm for supervised Syst Appl 210:118476. https://​doi.​org/​10.​1016/j.​eswa.​2022.​118476
network intrusion detection. Comput Secur 26:459–467 Priyanka S, Dietmar PF Moller (2018)“Protecting ECUs and vehicles internal
Gölcük İ, Ozsoydan FB (2020) Evolutionary and adaptive inheritance networks”. In IEEE conference
enhanced grey wolf optimization algorithm for binary domains. Ramos G, Aguiar AP, Pequito S (2022) An overview of structural systems
Knowledge-Based Syst 194:105586. https://​doi.​org/​10.​1016/j.​k nosys.​ theory. Automatica 140:110229
2020.​105586 Ravi V, Chaganti R, Alazab M (2022) Recurrent deep learning-based feature
Hassan IH, Abdullahi M, Aliyu MM, Yusuf SA, Abdulrahim A (2022) An fusion ensemble meta-classifier approach for intelligent network intru-
improved binary manta ray foraging optimization algorithm based sion detection system. Comput Electric Eng 102:108156. https://​doi.​org/​
feature selection and random forest classifier for network intrusion 10.​1016/j.​compe​leceng.​2022.​108156
detection. Intell Syst Appl 1(16):200114 Rintyarna BS, Sarno R, Fatichah C (2019) Evaluating the performance of sen-
Hemmasian A, Meidani K, Mirjalili S, Farimani AB (2022) VecMetaPy: a vector- tence level features and domain sensitive features of product reviews on
ized framework for metaheuristic optimization in Python. Adv Eng supervised sentiment analysis tasks. J Big Data 6:1–19
Software 1(166):103092 Saba T, Rehman A, Sadad T, Kolivand H (2022) Anomaly-based intrusion detec-
Hoque M S, Mukit M, Bikas M, & Naser A (2012) An implementation of an tion system for IoT networks through deep learning model. Comput Elec-
intrusion detection system using a genetic algorithm. arXiv preprint tric Eng 99:107810. https://​doi.​org/​10.​1016/j.​compe​leceng.​2022.​107810
arXiv:​1204.​1336 Simon J, Kapileswar N, Polasi PK, Elaveini MA (2022) Hybrid intrusion detection
Imran M, Haider N, Shoaib M, Razzak I (2022) An intelligent and efficient system for wireless IoT networks using deep learning algorithm. Comput
network intrusion detection system using deep learning. Comput Electric Eng 102:108190. https://​doi.​org/​10.​1016/j.​compe​leceng.​2022.​
Electric Eng 1(99):107764. https://​doi.​org/​10.​1016/j.​compe​leceng.​2022.​ 108190
107764 Sindhu SSS, Geetha S, Kannan A (2012) Decision tree-based lightweight intru-
Jing Yu, Ye X, Li H (2022) A high precision intrusion detection system for sion detection using a wrapper approach. Expert Syst Appl 39(1):129–141
network security communication based on multi-scale convolutional Subhash W, Lokesh P and Upendra S (2020) Intrusion detection system using
neural network. Future Generat Comput Syst 129:399–406. https://​doi.​ PCA with random forest approach international conference on electron-
org/​10.​1016/j.​future.​2021.​10.​018 ics and sustainable communication systems (ICESC)
Joon R, Tomar P (2022) Energy aware Q-learning AODV (EAQ-AODV) routing Vaishnavi Sivagaminathan, Dr. Manmohan Sharma. “Dynamic communication
for cognitive radio sensor networks. J King Saud Univ Comput Inform protocol modelling for intrusion traces using cisco packet tracer integra-
Sci. https://​doi.​org/​10.​1016/j.​jksuci.​2022.​03.​021 tion with wireshark”. Design engineering, Aug. 2021a, pp 4583–99, http://​
Karimipour H, Dehghantanha A, Parizi RM, Choo K-KR, Leung H (2019) ‘A thede​signe​ngine​ering.​com/​index.​php/​DE/​artic​le/​view/​3853
deep and scalable unsupervised machine learning system for cyber- Vaishnavi S, Dr. Manmohan S (2021b)“Dynamic communication protocol
attack detection in large-scale smart grids.’ IEEE Access 7:80778–80788 modelling for intrusion traces using cisco packet tracer integration with
Kitali AE, Mokhtarimousavi S, Kadeha C, Alluri P (2021) Severity analysis of wireshark”. Design Engineering, Aug. 2021b, pp. 4583–99, http://​thede​
crashes on express lane facilities using support vector machine model signe​ngine​ering.​com/​index.​php/​DE/​artic​le/​view/​3853
trained by firefly algorithm. Traffic Injury Prevent 22(1):79–84 Valueian M, Vahidi-Asl M, Khalilian A (2022) SituRepair: incorporating machine-
Li J, Wei X, Li Bo, Zeng Z (2022) A survey on firefly algorithms. Neurocom- learning fault class prediction to inform situational multiple fault auto-
puting 500:662–678. https://​doi.​org/​10.​1016/j.​neucom.​2022.​05.​100 matic program repair. Int J Critic Infrastruct Protect 1(37):100527
Lima FS, Alves VM, Araujo AC. Metacontrol (2020) A Python based applica- Wang W, Jian S, Tan Y, Qingbo Wu, Huang C (2022b) Representation learning-
tion for self-optimizing control using metamodels. Comput Chem Eng based network intrusion detection system by capturing explicit and
140: 106979 implicit feature interactions. Comput Sec 112:102537. https://​doi.​org/​10.​
Lo W, Alqahtani H, Thakur K, Almadhor A, Chander S, Kumar G (2022) A hybrid 1016/j.​cose.​2021.​102537
deep learning based intrusion detection system using spatial-temporal
Sivagaminathan et al. Cybersecurity (2023) 6:27 Page 15 of 15

Wang Z, Li Z, He D, Chan S (2022a) A lightweight approach for network intru-

sion detection in industrial cyber-physical systems based on knowledge
distillation and deep metric learning. Expert Syst Appl 206:117671.
https://​doi.​org/​10.​1016/j.​eswa.​2022.​117671
Wang S, Wang Q, Bailey N, Zhao J (2021) Deep neural networks for choice
analysis: a statistical learning theory perspective. Transp Res Part B: Meth-
odol 148:60–81. https://​doi.​org/​10.​1016/j.​trb.​2021.​03.​011
Wang M, Yiqin Lu, Qin J (2020) A dynamic MLP-based DDoS attack detection
method using feature selection and feedback. Comput Sec 88:101645.
https://​doi.​org/​10.​1016/j.​cose.​2019.​101645
Yang Y, McLaughlin K, Sezer S, Littler T, Pranggono B, Brogan P, Wang HF
(2020) Intrusion detection system for network security in synchrophasor
systems
Zhang C, Jia D, Wang L, Wang W, Liu F, Yang A (2022b) Comparative research
on network intrusion detection methods based on machine learning.
Comput Sec 121:102861. https://​doi.​org/​10.​1016/j.​cose.​2022.​102861
Zhang Z, Zhang Y, Guo Da, Yao L, Li Z (2022a) SecFedNIDS: robust defense for
poisoning attack against federated learning-based network intrusion
detection system. Future Generat Comput Syst 134:154–169. https://​doi.​
org/​10.​1016/j.​future.​2022.​04.​010
Zhao Xu, Huang G, Jiang J, Gao L, Li M (2022) Task offloading of cooperative
intrusion detection system based on deep Q network in mobile edge
computing. Expert Syst Appl 206:117860. https://​doi.​org/​10.​1016/j.​eswa.​
2022.​117860
Zhu J, Wang G, Li Y, Duo Z, Sun C (2022) Optimization of hydrogen liquefac-
tion process based on parallel genetic algorithm. Int J Hydrogen Energy.
https://​doi.​org/​10.​1016/j.​ijhyd​ene.​2022.​06.​062

Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in pub-
lished maps and institutional affiliations.