Security Establishment in Cybersecurity Environment Using PSO Based Optimization

Cybersecurity based significant data context is considered a challenge in the research community. Machine learning approaches are considered for dealing with the big data-based security problem. Here, Particle Swarm Optimization (PSO) is used for configuring a massive amount of data. This work formulates a solution for Multi-objective problems to fulfill accuracy, computational and model complexities. A novel meta-heuristic framework for multi-objective optimization is developed for dealing with lower levels and higher-level heuristics. In the former group, various rules are generated for configuring PSO, and in the latter model, search performance to control the selection process is used for newer configurations of PSO, deal with this multi-objective function. Parento-Approximation approach is used for strengthening this framework. The proposed optimization approach can be used in cybersecurity problems like anomaly classification. The proposed model is expected to provide better results in contrast to other models.


Introduction
With the growing advancements and the integration of social life and the Internet, there are substantial human activities. As the Internet is changing people by providing how to learn and work, also it leads to crucial security threats drastically [1]. Therefore, predicting various kinds of network attacks and the non-seen attacks is considered a key issue to be resolved directly [1].
Cyber-security is a process and set of technologies modeled to preserve networks, computers, data, and programs from attacks, destruction, alteration, and unauthorized access. The security system comprises of computer security and network security 1 3 system [2]. These systems mentioned above include anti-virus software, firewall, and intrusion detection system (IDS) [3]. It helps to determine, discover, and predict the unauthorized system characteristics like copying, using, modifying, and destruction.
Cyber-security is an extensive research field, and the prediction of malicious network activities is one of the standards and older issues [4]. Moreover, intrusion detection is exceptionally reactive and responsive to certain observed anomalies and patterns [5]. The successive intuitive step is the consideration of a pro-active approach, where there is a necessity to infer preemptively with the upcoming malicious activities; thus, it can reach various events before causing any harm. Research progression and efforts in forecasting and prediction in cyber-security are not so famous with attack detection [6]. Moreover, it acquires huge attention, and advancements in this field can benefit the entire cyber-security discipline.
Before commencing the prediction process of cybersecurity, there is a necessity to determine what is generally to be predicted and the obstacles that lead to challenging problems. Initially, it is probable to identify the successive steps [7]. This process is known as attack prediction. A task like this process is known as intention recognition. The investigators evaluate the adversaries' foremost objective, which can also help recognize adversaries in successive moves. The next task is to predict cyber-attacks that are initiated to occur in a particular region.
In some cases, intrusion prediction is also considered, even though there are enormous techniques to predict vulnerabilities [8]. Finally, it is exciting to perform overall statistics of attacks, threat presence, and other essential information to form a network security situation. This work concentrates on providing network security using PSO by fulfilling multi-objective problems. This work focuses on network intrusion prediction. Also, various techniques and systems are anticipated to deal with these issues as analyzed in the literature, and it shares some common theoretical background also deal with this issue. Various factors influence the cause of threat over the network. The problem formulation is discussed based on this work.

Problem Formulation
Recapitulate the open issues. This work emphasizes the following research challenges of forecasting and predictions in cybersecurity: (1) What is predicted from the cyber-security environment? Is it related to adversary appearance over incoming attack or cybersecurity from a global perspective? (2) How the prediction of cyber-security contributes the society? Whether it can be used for attack mitigation effectually? Else, it should be prepared for handling the upcoming security threats? (3) How the prediction evaluation of cyber-security and the metrics are utilized? Is that more appropriate in the assessment with testbeds and datasets or the appropriate prediction accuracy is measured with the available network settings? To deal with this, whether both practical and theoretical perspectives influence these research challenges?
Here, postulates are provided to forecast and predict the possibilities and concentrate on evaluating and applying theoretical outcomes. Figure 1 describes the generic view of IDS.
Resolve these issues as mentioned above, Machine Learning (ML) approaches are anticipated for categorizing the malicious software and unknown attacks. The utilization of ML approaches provides promising solutions to identify and categorize new malicious software. Support Vector Machines (SVMs) are amongst the standard ML algorithms and provides a great evaluation of the real-world environment. SVM's popularity is based on scalability and performance. Moreover, indeed of enormous benefits, the SVM performance is strongly influenced by the chosen configurations.
The accessible optimization techniques comprise gradient-based techniques, gridsearch techniques, and meta-heuristic optimization approaches. The grid searching methods are significantly easier to execute and give better results [8]. Moreover, they are computationally higher with constraints in significant data applicability issues. Similarly, gradient-based techniques are extremely effectual; but there are certain substantial short-comings and need an objective function to be differentiable and ultimately depend on the primary function [9]. Various meta-heuristic optimization approaches are also recommended to eliminate the drawbacks over the grid searching and gradient-based techniques. Moreover, the meta-heuristic approaches' functionality is strongly based on the chosen operators and parameters, where the selection is considered extraordinarily efficient and time-consuming.
This work concentrates on a novel Particle Swarm Optimization approach with Parento-approximation for configuring effectual optimization. This optimization process is extremely productive as they do not rely on any specific tasks and can acquire superior competitive configuration. The anticipated model merges various vital components that can differentiate it from prevailing works to find a productive cyber-security configuration. The expected model's performance is compared and validated with the prevalent approaches over cyber-security issues like malware over big-data classification and suitable for anomaly intrusion detection. The experimental outcomes were completely based on the efficiency of the anticipated model on both the problems.
This work is partitioned into five different sections. Section 2 is the problem formulation to carry out further research. Section 3 explains the background studies related to the optimization approaches. Section 4 is PSO with the Parento-optimization process for predicting intrusion in the cyber-security environment. Section 5 depicts the numerical outcomes and the appropriate discussion with prevailing methods like AASR, SRPGM, and OPTIMAL-EERP-SIGNCRYPTION. Section 6 is the conclusion and future directions.

Related Works
This section discusses certain related works on malware detection techniques and optimization techniques. Also, it includes optimization to perform a classification crisis.
A recent study by Yu et al. [10] classifies malware detection techniques into three kinds: pattern-based detection, signature-based detection, and cloud-based detection techniques. The most prevailing detection approaches utilize a signature to identify malware software. It is a unique short string byte for known malware software; therefore, it is utilized to identify potential unknown software [11]. But, signature-based detection techniques can identify malware software; they need consistent revision over newer malware software signature into the signature database. It is simply evaded by malware developers using polymorphism, encryption. Moreover, signature databases are generally produced through the manual processing by diverse domain experts, and it is considered a time-consuming task [11].
Patterns-based detection approaches validate whether the provided malware software comprises a set of patterns. These patterns are extracted using domain experts to differentiate non-benign files and malware software [12]. Moreover, the malware software analysis and pattern extraction are performed by domain experts who are error-prone and need a huge amount of time. This specifies that manual analysis and extraction are crucial issues in constructing pattern-based detection techniques as malware software grows extremely faster.
Cloud-based detection approaches utilize the server for preserving detection software; therefore, malware detection is performed with the client-server process with a cloudbased framework [13]. Moreover, these detection techniques are extremely influenced by the available number of clustered nodes and the detection processes running time. It can slow down the detection process, and therefore multi-able malware software cannot be recognized easily.
In general, due to the economic advantages, malware software acquires extreme complexity, and the malware developer's use automated malware development toolkits for writing malware codes to avoid detection techniques [14]. Also, existing approaches are not scalable to handle these big data and less responsive to some threats due to the quick changes in malware software nature. ML algorithms are recommended to be utilized as malware detection methods to identify the malware software automatically [15]. Moreover, modeling an effectual detection process uses an ML process that is a confronting task due to the massive number of possible design options and lacks an appropriate intelligent manner to select and merge prevailing possibilities [16]. This work helps to resolve the various challenges by anticipating PSO based Parento-optimization process to search space and to design the options with diverse values. It iteratively integrates and uses different options for diverse problem instances.
A conventional SVM possess diverse tunable factors that have to be required to be optimized to acquire higher-quality outcomes. Meta-heuristic techniques extensively utilized determine the finest parameter finest combination of parameters and SVM values. It is an approach that targets understanding the problem features and the finest algorithm that fits it. Specifically, it attempts to learn and identify the problem elements merge to algorithm performance and evaluate suitable algorithms for this crisis. In Vladimir [17] anticipated meta-learning techniques to determine parameter values of the Gaussian kernel for SVM to resolve the regression problem. The author utilized k-NN as ranking techniques to choose the finest value for the kernel width parameter.
Lin et al. [18], anticipated a meta-learning and case-based reasoning to produce initial starting solutions. The expected genetic algorithm is utilized to determine suitable parameter values to address the problem instance. Huang et al. [19], uses a heuristic model to suggest kernel techniques for SVM. In He et al. [20] anticipated a hybrid technique that merges the meta-learning and searching process to choose parameter values.
Even though meta-learning techniques have been provided to be efficient in tuning SVMs parameter values, they still face the enormous over-fitting problem. This is due to the extracted problem features that capture instances that are utilized during the training process. As well, most existing techniques are utilized to tune single kernel techniques and were validated on small scale instances. The anticipated model uses kernel-based techniques and selection procedures, which are modeled with bi-objective optimization to handle the big data issues effectually.
Various heuristic algorithms are considered an emergent searching technique that determines the automated combination processor produces an effectual problem solver. The conventional hyper-heuristic models are completely modeled with an option as input and then decide which processes have to be used. The outcomes of a diverse hyper-heuristic structure are a problem solver indeed of its solution. Bao et al. [21] anticipated the hyperheuristic model to produce a set of attributes that characterizes the given instances for onedimensional bin-packing issues. The author's utilized the hyper-heuristic model to identify which heuristic should be utilized to address the present problem instance.
Iqbal et al. [22], anticipated learning vector quantization NN-based hyper-heuristics structure for addressing constraint satisfaction crisis. The hyper-heuristic structure was trained to determine which heuristic needs to be chosen based on given instances of hand. Ahmed et al. [23], offered a stochastic hyper-heuristic approach for unsupervised matching towards partial information. This framework is implemented as a feature selection approach to demonstrate the feature sub-set that has to be chosen. Zhao et al. [24] anticipate the hyper-heuristic model to deal with decision-tree for predicting software efforts.

Methodology
This section discusses a novel Meta-heuristic framework for multi-objective optimization problems with lower-level and higher-level heuristics. In the former level, various rules are generated for configuring PSO, and in the latter model, search performance to control the selection process is used for newer configurations of PSO. Deal with this multi-objective function. An approximation approach is used for strengthening the proposed framework. The flow diagram of the anticipated model is given in Fig. 2.

Standard Particle Swarm Optimization (PSO)
Generally, PSO is depicted as a parallel evolutionary computational approach modeled by Eberhart and Kennedy [25]. This is developed based on the social behavior of particles. It is greatly influenced by the tuning parameters known as exploitation and exploration. The former depicts the ability to concentrate on searching the candidate solution's vicinity for locating the optimal solution quickly and faster. The latter defines the ability to evaluate diverse regions of problems to optimum, which is preferably a global solution. However, the selections of parameters are considered to be empirical to more extent. The objective function is utilized to compute solutions and operate based on fitness values. Every particle has to save its position, composed of a candidate solution, and to calculate velocity and fitness. It is used in various applications to address many problems. The velocity and position based modifications is a process for attaining optimal solution at all iterations based on Eqs. (1) and (2): The position and velocity of particles are specified as vectors x i = (x i1 , … , x id ) and v k = (v k1 , … , v kd ) respectively. Here x vectors are specified as the best global and local positions. c 1 and c 2 are accelerating factors termed as cognitive and social parameters, r 1 and r 2 are a random number that ranges from 0 and 1, k is iteration index, w is inertia weight parameters and update x i for particle.

Improved Particle Swarm Optimization
Here, an optimization approach known as Improved Particle Swarm Optimization (IPSO) is used to address the problem identified in Cyber-Physical system based intrusion detection. This method helps to recognize the malicious user (attack scenario) is encountered in cyber-systems. This is done to improve the performance of the system. It comprises of two phases known as the ranking phase (RP) and Grouping phase (GP). The ranking phase is used for a classifier from well-known (labeled) network traffic data. The Grouping phase is applied for classifying incoming patterns (unlabelled or labeled) using Particle Swarm Optimization. The grouping phase makes the classifier more dynamic.

Ranking Phase
This phase is used for determining the attributes of labeled patterns (fields). This is because there are several available features. Here, classification is considered to be a time-consuming process. Time-consuming is due to a larger number of patterns. The ranking phase has to choose only the attributes subset with sampling approaches or Principle Component Analysis to mitigate computational load. The ranking process is explained in Algorithm 1. The initial process is done to perform classification based on a set of available labeled patterns. All the designs are labeled in prior. It is known that the accuracy is improved by ranking and with the use of algorithms like IPSO.

Grouping Phase
Here, IPSO is applied for the grouping process. It is utilized to identify the unknown and known network traffic patterns more dynamically. Based on the prior evaluation, the standard PSO uses clustering to emulate the social characteristics. Every particle's velocity and position give a grouping solution (centroids) and searching mechanism, respectively. The speed and work at all iterations t + 1 is depicted as in Eqs. (3) and (4): here, pb t i it is the best particle position; gb t it is in the global best part; it is inertial weight; 1 2 it is distributed uniformly to determine gbpb i a 1 a 2 and two constant values. The PSO based grouping process is adjusted dynamically by IDS classifiers. The concept behind this grouping is simpler. It encodes k-centroids as particle position p i = (c i 1 , c i 2 , … , c i k )c i j jth s. Where is centroid encoded in ith particle. The particle fitness is depicted as in Eq. (5): here k i the number of clusters in ith particle; i j is jth a cluster of ith particle. The process is to initialize particles with the use of 'perturbed' outcomes. It can increase the population diversity. Perform the initial process, and the assignment process is used to determine the types of attacks from input patterns dependent on threshold values. The threshold is d i the average distance among the cluster centroid and patterns that comes under the cluster i attained from the grouping phase. The successive threshold values are dynamically adjusted. With these threshold values, the anticipated algorithm is competent to verify whether the patterns can be allocated to every cluster or newer class has to be generated. Therefore, it automatically determines the number of attacks. Eliminate the anticipated approach from creating more number of clusters from the smaller number of patterns; this process is applied. Next, the IPSO grouping uses the outcome of the initially assigned procedure to generate particles first and create successive particles like p b particles that comprise k max the maximal number of clusters from the assignment process. Here k min = k max ; the value k max is set as k min + 2 . The standard PSO is used to search optimization solutions. Provide better PSO solutions. The k-centroid is utilized as a local search operator. Here, two processes comprise the core algorithm process, which shows solutions and thus attains better IDS performance to predict whether the incoming traffic is normal or abnormal.
To validate and analyze the new incoming traffic that enters the cyber-system. Also, prior works cannot re-train some classifiers by performing grouping algorithms for overall data when a new pattern enters the IDS. It will take a huge amount of computational time. Thereby, it slows down the system performance. To resolve this crisis, the anticipated model initially verifies the incoming patterns of the existing group (classifier) or checks whether it is a new type of traffic. It compares the distance of incoming ways with the threshold T d . When space is comparatively smaller than the threshold (d x < T d ) where the incoming patterns belong to the prevailing classifier. Else, it is considered as a new type of traffic. Therefore, the new classifier is added to IDS. When a certain amount of incoming patterns (25%) of labeled patterns are belonging to newer classifiers, it is added to the IDS. The IPSO is used to perform pattern grouping to adjust IDS classifier. Therefore, it resolves the problem identified during clustering and reduces the computation complexity identified during IDS performance.

Multi-objective Optimization
As a multi-objective problem to be resolved in cyber-system by analyzing the huge incoming data as below in Eq. (6): here, x = x 1 , … , x n T the design variable vector and X the set of feasible solutions. In general, unlike conventional optimization approaches with a single objective function, there prevails an optimal solution that reduces all objective functions f i (x), i = 1, ..., m simultaneously. Therefore, the idea behind an optimal solution is related to Parento dominance.

Parento Optimal Solution
In MOP, x ∈ X is considered as a Parento Optimal solution; when there is no x ∈ X such that; The optimal parent solution is set to attain an objective solution known as Parento frontier. The solution for the multi-objective problem may be attained from a set of solutions in existing approaches. Using multi-objective problems, two or three objectives are fulfilled using Parento frontiers and assists in decision making and to make preferable solutions. It is easier to make better analysis by visualizing the problem. For the construction of Parento Optimal solutions, various meta-heuristic approaches like PSO and GA have been extended. More specifically, meta-heuristic processes are observed from all cases to attain two or more functionalities. There are some essential factors to be analyzed: (1) How to assist population-based on Parento boundaries faster and closer (convergence rate). The Parento optimal solution is to determine self-adaptive parameters and to enhance the convergence by attaining better solutions. The general multi-objective optimization problem is of minimization type, which is specified as in Eqs.
i compared based on dominance. Consider two solutions x and y which is said to dominate y . When x is superior or equal to y in all common objectives, and it is strictly superior to all other variables b with least one goal.
here x is a parento optimal solution when there is no dominant solution. Based on the ser of parento optimal solutions, it is known as Pareto-optimal set, and the objective space is known as Pareto front or parento frontier. The ultimate goal is to attain an optimization algorithm for finding a solution.
In PSO's case, the accuracy is measured with the complexity of the position and velocity of particles. A larger number of particles leads to an over-fitting problem when the value of C is increased due to the generalized ability that leads to inappropriate classification for every sample. This is managed by controlling the selection of particles (kernel parameters and kernel type). Here, accuracy and complexity are considered as major training instances.
The accuracy specifies the classification performance of the instance. The PSO is trained K-times. In all iterations, K − 1 sets are considered for training, and others are used for testing. The error specifies the average number of misclassification set with training iterations.
Similarly, complexity specifies particles or upper bound with the expected number of errors. The configuration comprises of decision variables (velocity and positions). The bounding of all decision variables lies in the range of possible items. The optimization is done for two objectives thus (m = 2) . It is formulated as in Eq. (13): here the error is due to the number of misclassified datasets, and the number of variables is specified as the variables related to PSO configuration. The instances are partitioned into K disjoint sets of the same size, and the heuristic framework is applied for lower-level and higher-level strategies. The former selects heuristics from existing lower-level heuristics where the higher level works on heuristic space indeed of solution space.
Resolve the multi-objective problem. This work uses PSO with Pareto-optimal solutions. It works based on the population of solutions and utilizes archive to store the non-dominate solutions. The anticipated model merges Pareto dominance and decomposition to approximate the configuration set effectually. The concept is to connect the diversity ability with a decomposition approach with immense convergence power. It operates on a population solution, and the framework generates a newer solution using an older population. It facilitates appropriate balance among diversity and convergence. When the finest intersection is used to reduce the distance among solutions, it provides higher diversity involvement towards distribution maximization with the appropriate solution.

Numerical Results and Discussion
Here, simulations are performed using Network Simulator-NS2, and the results are mentioned in the below table. Mainly the performance and effectiveness of the proposed Secure-PSO algorithm are analyzed in the simulator. Two protocols, namely AASR, SRPGM, and OPTIMAL-EERP-SIGNCRYPTION, are also studied in this experiment and represented through graphs. The below parameters are being analyzed in the conducted simulation study: Packet Delivery Ratio (PDR), Average Delay, Average Energy Consumption, Packet loss, and Detection ratio, respectively.
From Table 1, it is known that random node placement topology is considered for node placement with 50 nodes. Here, a wireless physical model is used with the Omni antenna. 802.11 MAC protocol standard is considered with a secure-PSO routing algorithm.  Table 2 depicts the delay comparison of anticipated Secure PSO with AASR, optimal EERP, and SRPGM, respectively. Here 5 to 30 nodes are considered where the anticipated model shows reduced delay than other approaches, while AASR shows higher delay than optimal EERP, SRPGM, and secure PSO. Table 3 depicts the attack detection ratio comparing anticipated Secure PSO with AASR, optimal EERP, and SRPGM, respectively. The proposed secure PSO gives a higher detection rate towards the attackers than SRPGM, optimal EERP, and AASR methods. It gives 99% detection towards the malicious nodes, which is 6% higher than SRPGM, 2% higher than optimal EERP, and 5% higher than AASR. Table 4 depicts the energy consumed by malicious nodes and the comparison of anticipated Secure PSO with AASR, optimal EERP, and SRPGM. The proposed secure PSO consumes less power of 2.90 J with five nodes than SRPGM, optimal EERP, and AASR methods. It consumes 2.90 J energy towards node placement, which is 1 J lesser than SRPGM, 3 J lesser than optimal EERP, and 4 J lesser than AASR. Table 5 depicts the packet loss comparison of anticipated Secure PSO with AASR, optimal EERP, and SRPGM. The proposed secure PSO lesser packet loss during identifying attackers compared to SRPGM, optimal EERP, and AASR methods. It gives 1.11 bytes loss towards the malicious nodes, which is 1 byte lesser than SRPGM, 2 bytes lesser than optimal EERP, and 5 bytes lesser than AASR, respectively. Table 6 depicts the packet delivery ratio comparison of anticipated Secure PSO with AASR, optimal EERP, and SRPGM. The proposed secure PSO shows a higher delivery ratio during identifying attackers than SRPGM, optimal EERP, and AASR methods. It gives 99.96% delivery towards the malicious nodes, which is 0.38% higher than SRPGM, 1.38% higher than optimal EERP, and 2.38% higher than AASR, respectively. Table 7 depicts the throughput comparison of anticipated Secure PSO with AASR, optimal EERP, and SRPGM. The proposed secure PSO shows higher throughput during identifying attackers than SRPGM, optimal EERP, and AASR methods. It gives 112.90 bits/s towards the malicious nodes, which is 3 bits higher than SRPGM, 4 bits higher than optimal EERP, and 10.79 bits higher than AASR. Figures 6, 7, 8, 9, 10, and 11 depicts the performance metrics comparison of Secure PSO with other models. From the above analysis, it is known that the anticipated Secure PSO with Parento optimization gives better results with metrics like throughput, loss, PDR, delay, and detection ratio. This proves that this model works effectually in predicting the malicious nodes over the cybersecurity network than the other models like SRPGM, EERP, and AASR, respectively.

Conclusion
The proposed model concentrates on handling the cyber-security framework issues that occur due to the malicious nodes. The challenges are addressed using Machine Learning techniques to enhance security. Here, Improved Particle Swarm Optimization (IPSO) is applied for configuring the number of incoming data packets to the network. The proposed Meta-Heuristic model is used for improving the performance measures compared to other existing approaches. The proposed meta-heuristic framework for addressing multi-objective optimization is developed for dealing with lower-level and higher-level heuristics. In lower-level heuristics, various rules are generated for configuring PSO, while in higherlevel heuristics, the control selection process is applied for PSO configurations. Also, the multi-objective problems are handled by the Parento-approximation approach for strengthening the proposed framework. Also, metrics like throughput, PDR, packet loss, detection ratio, and energy consumption are measured. With this observation, it is known that the anticipated model works well compared to other approaches. In the future, hybrid optimization approaches are used and tested with security measures.      Ramakrishnan is a versatile educator as well as an internationally recognised researcher with a focus on cryptography and network security. He is currently working as a Professor and Head, Chairperson in the School of Information Technology and Department of Computer Applications at Madurai Kamaraj University in India. He has also been entrusted with a number of additional positions, including University Syndicate Member, authoring two books, publishing over 100 research papers in reputable international journals, contributing about many book chapters, and presenting at least 150 technical papers at international/national conferences. He has received a number of national and international awards in recognition of his academic and research achievements