Blockchain with Explainable Artificial Intelligence Driven Intrusion Detection for Clustered IoT Driven Ubiquitous Computing System

1  Introduction

Ubiquitous computing service aims to develop the variety of sensors and networks available to provide timeless services and user location. A major challenge of ubiquitous computing can be context awareness that it can provide numerous services to end users based on potential contextual data. The physical world is converted into a ubiquitous computing environment because of the application and deployment of ubiquitous systems [1]. IoT system service can be developed by incorporating the physical world with computational abilities and decision-making through wireless devices and smart sensing units. Communication networks, Multimedia, business, healthcare, information access, and other applications for commercial and residential customers benefit from this environment [2]. Communication technologies, third-party services, applications, local and distributed resources incorporated with a pervasive computation environment, and querying requests are enhanced by satisfying the users’ requirements and providing instant responses. Fig. 1 showcases the general infrastructure of XAI.

Figure 1: General structure of XAI

Cloud and other network services are fetched by a layered technique in this environment to guarantee the IoT-enabled wearable sensor has sufficient access to resources at the user network edge [3,4]. A clustering method can partition sensors into distinct groups or clusters. Different security strategies and technologies have been developed to protect network security. Intrusion detection is a traditional network security technique [5–7]. An earlier intrusion detection system (IDS) mainly utilizes misuse detection. Misuse detection records the attack through a signature database and judges an intrusion with the data or event matching the signature. But misuse detection is non-practical since it could identify unrecorded attacks. The anomaly detection technique is currently commonly utilized [8] with machine learning (ML) advancement.

Explainable artificial intelligence (XAI) is a group of methods and processes that enables users to trust and understand the output and results generated by ML algorithms [9]. Explainable AI describes an AI technique, potential biases, and expected impact [10]. It can describe model outcomes, accuracy, fairness, and transparency in AI-assisted decision-making. Recently, the development of the blockchain (BC) technique has mentioned a path worth attempting to resolve the distributed trust issue in the IoT platform [11]. BC is a peer-to-peer distributed system with decentralization, non-tempera, system autonomy, and transparency [12], which could successfully improve network collaboration and device security.

This study designs a novel Blockchain with Explainable Artificial Intelligence Driven Intrusion Detection for IoT Driven Ubiquitous Computing System (BXAI-IDCUCS) model. The proposed BXAI-IDCUCS model initially clusters the IoT nodes using the energy-aware duck swarm optimization (EADSO) algorithm. Besides, deep neural network (DNN) is employed for detecting and classifying intrusions in the IoT network. Blockchain (BC) technology is exploited for secure inter-cluster data transmission processes. A comprehensive experimentation study is performed to ensure the productive performance of the BXAI-IDCUCS model, and the results are assessed under several aspects.

2  Related Works

Liu et al. [13] presented a cooperative intrusion detection (ID) system that offloads the trained models for distributing edge devices (for instance, related to vehicle and roadside units (RSUs). The distributing federated-based model reduces the utilization of resources of the centralized servers; however, privacy and security are assured. BC was utilized to store and share the trained methods for ensuring the security of the aggregation method. The data-driven trust process dependent upon blockchain was projected as a decentralized and energy-effectual solution to detect internal attacks from IoT-driven SN [14]. During the grey and black hole attack setting, the message overhead was enhanced utilizing the presented technique related to the present solution. In both grey and black hole attacks, the time obtained to detect malicious nodes also decreased significantly.

In [15], a block-chain-based authentication method was presented to secure routing from the WSNs. The malicious and unauthenticated nodes affected the routing procedure, and the accurate detection of routing direction developed a challenging problem. Thus, during this method, the registration of nodes was completed by Certificate Authority Node (CAN) to prevent the contribution of malicious nodes from the networks. The authors in [16] examined the possible threat in SDN-empowered WSN and detailed black hole attacks. During the case, it can also be presented a new lightweight security method which exploits the BC method that capable of protecting the flow tables from all the nodes, which is an essential target of a feasible routing attack. An unchangeable fingerprint named the signature token to the flow entry can be created with a secret key going to all the nodes.

Mahapatra et al. [17] presented a Quantum Atom Search Optimization with BC-assisted Data Transmission (QASO-BDT) method to a relay node election with security-supported data transmissions. This method contains 3 stages, namely transmission, registration, and clustering. Primarily, under the node registration stage, all sensor nodes (SNs) obtain registration from the blockchain network with Capillary Gateway (CG). Afterwards, a CH was chosen under the clustering stage, and an improved multi-view clustering method was utilized for clustering the node into distinct clusters. Wang et al. [18] utilized SHapley Additive exPlanations (SHAP) and integrated local and global details to improve the interpretation of IDS. The local explanation explains why the method creates particular decisions based on the particular input. The authors in [19] progressed a new secure unequal clustering protocol with an ID approach for achieving QoS parameters such as security, energy, and lifetime.

3  The Proposed Model

The BXAI-IDCUCS model has been developed in this study to accomplish maximum energy efficacy and security in the IoT environment. The BXAI-IDCUCS model aims to find the existence of intrusions in the clustered IoT environment and perform blockchain-driven secure data transmission. The BXAI-IDCUCS model follows a three-stage process: clustering, intrusion detection, and BC-based data transmission. Fig. 2 illustrates the workflow of the BXAI-IDCUCS algorithm.

Figure 2: Workflow of BXAI-IDCUCS technique

3.1 EADSO-based Clustering Technique

The EADSO algorithm with a fitness function involving three variables is employed for the clustering process. The EADSO algorithm is derived from the behaviour of ducks. Three major processes of the DSO algorithm are given in the following: position of duck swarm afterwards queuing (Population initialization), search for a food source (Exploration stage), and foraging in the group (Exploitation stage). Note that two rules need to be obeyed in searching for food for ducks [20].

•   While searching for food, ducks with stronger searching capacity are situated near the centre of the food source, which attracts other individuals to get close to them; the upgraded position is affected by neighbouring individuals.

•   During foraging, all the individuals approach the food; the following location is affected by nearby individuals and the leader duck or food position.

The randomly generated initial location in the D-dimension searching space can be expressed by:

Xi=Lb+(Ub−Lb)⋅0(1)

Whereas Xi signifies the spatial location of i-th duck (i=1,2,3,N), N denotes the amount of population size. Lb and Ub represent the upper and lower limits, and 0 denotes an arbitrary value within (0,1). Afterwards, the duck’s queuing behaviour arrived at a position with more food. All the individuals disperse gradually and start to search for food; this procedure is described in the following:

Xit+1={Xit+μ⋅Xit⋅sign(r−0.5),P>randXit+CF1⋅(Xleadert−Xit)+CF2⋅(Xjt−Xit),P<rand(2)

In which F1 and CF2 denote cooperation and competition coefficients among ducks in the searching process, correspondingly, sign(r−0.5) denotes an effect on the food searching process. It is fixed to −1 or 1. μ signifies the control variable of global searching, P denotes the search conversion possibility of the exploration stage, and C Xleadert characterizes the optimal duck location of the current value in t-the iteration. xjt signifies the agent around Xit looking for food by a group of ducks in the t-th iteration. Furthermore, variable μ is evaluated by:

μ=K⋅(1−ttmax)(3)

Now, K is evaluated as follows:

K=sin⁡(2⋅rand)+1(4)

After the food searching process, sufficient food satisfies the foraging of the duck. This procedure is strongly associated with the fitness of duck location, and it is described in the following:

Xit+1={Xit+μ⋅(Xleadert−Xit),f(Xit)>f(Xit+1)Xit+K1⋅(Xleadert−Xit)+KF2⋅(Xkt−Xjt),else(5)

In which KF1 and KF2 parameters signify the cooperation and competition coefficients among ducks in the exploitation stage, correspondingly μ means the control variables of global searching in the exploitation stage, Xkt and Xjt represent the agent around Xit in foraging of the duck group in the t-th iteration, Xleadert characterizes the optimal duck location of the existing value in the t-th iteration. Whereas k≠j.

Note that the parameter values CF1, CF2,KF1 and KF2 are within (0,2), and the following equation can compute it:

CFiorKFi←1FP⋅rand(0,1)(i=1,2)(6)

where FP denotes constant, it is fixed to 0.618; the rand indicates an arbitrary value within (0,1).

In the exploitation stage, the procedure of duck upgrades its location pertaining to Xi,Xj⋅,Xk and Xeader in a 2D searching space. Path 1 represents the selection of ducks with cooperation. Path 2 characterizes the competition betweenXiandXkandXj in the t-th iteration. Path 3 denotes the selection of the duck that fails to compete. The EADSO algorithm includes fitness variables such as residual energy (RE), inter-cluster distance, and intra-cluster distance.

Residual Energy

CH performs several activities: data communication, gathering, sensing, aggregation, and so on. Consequently, CH intakes the highest energy compared to others. Then, it is essential to describe an FF that shares the loads between every sensor in the network. The following equations show the fitness parameter utilized for effective network usage.

Re=e(ni)

Aνge=1n∑i=0ne(ni)

f1=CHopt∗ReAvge=CHopt∗e(ni)1n∑i=0ne(ni)∀CHopt=5% of n, e(ni)

=0.5 J or1.25 J or 1.75 J(7)

Re, Aνge, & ni represent the network’s residual node energy, normal energy, and the total number of sensors in the network. CHopt specifies the optimum percentage of CH. A value of f1 demonstrates the ratio of Aνgeand Re.

Intra-Cluster Distance: SNs transfer the information to CH. When the CHs are farther from CM, then the sensor depletes energy. In case when CHs are nearer to the member sensor, it employs the lowest energy.

f2=1nsτ∑i=0nsrdisT(CH,i)∀dist(CH,i)=1to35m,nsr=1to100(8)

Here, nsr & dist(CH,i) indicates the number of SNs and Euclidean distance from CH and node in the sensing sequence. Therefore, the values of f3 should be lesser while reducing the intracluster transmission energy.

Inter-Cluster Distance: While performing CH selection, the distance between BS and CH is essential. When the chosen CH is farther from the sink, it employs energy quickly and is assessed in the equation,

f3=1CH∑i=0CHdist(BS,CHi)∀dist(BS,CHi)=1to70m,CH=1to15(9)

where dist(BS,CHi) represents the Euclidean distance between BS and CHi. The value of f3 is minimized, meaning the selected CH is not far from the BS.

When f1,f2,andf3 are calculated, the cost function named FF can be defined,

F=MaximizeFitness=α∗f1+β∗1f2+γ∗1f3(10)

Let α,β,γ be the weight coefficients of f1,f2,f3, and FF variables. The weight coefficient ranges from zero to one.

3.2 Intrusion Detection Process

In this phase, the DNN model is employed to detect and classify intrusions in the IoT system. The DNN method comprised hidden, input, and resultant layers. In the training phase, DNN increases the node weight in the hidden layer [21]. Due to the gradual increase in training iteration, the NN often fits the labelled training information solution boundary. DNN, classifier accuracy, and 2 hidden layers were introduced to increase the training method's speed. In the hidden layer, entire nodes are described in the following.

n=a+b+c(11)

The number of input layers is characterized by a, and the amount of resultant layers is represented as b, the amount of hidden layers is symbolized as n, and a constant value from [1, 10] is indicated as c.

S=11+e−x(12)

The input dataset of the system is called x, which can be assisted by a mapping function Mf.

Mf=sigm(ωix+βi)(13)

Ω and β denote the weight matrix and a bias between resultant and hidden layers. As well it is developed by labelled data samples (x,l) for the hidden layer, and a loss structure can be defined by,

S(Ws,bs;x,l)=12m∑j=1m‖hj(Ws,bs;x)−lj‖22(14)

Now Ws and bs determine a subset of bias, and m represents the number of neurons in a hidden layer.

Cross entropy (CE) is employed as a loss function of DNN, regarded as the testing and training configuration. The application of CE doesn’t employ the function of the sigmoid and softmax output framework. It can be expressed as follows

CE=1n∑k=1n[YklogY^k+(1−Yk)log⁡(1−Y^k)](15)

where n denotes the amount of training sample, Yk denotes the kth original training set results, and Y^k represents the kth determined testing set results.

3.3 Blockchain-Driven Secure Data Transmission

In this work, blockchain technology is exploited for secure inter-cluster data transmission. Generally, BC meant that group of blocks. In these blocks, a single block comprises 4 segmented data concerning the transaction (Bitcoin, Ethereum), Hash value of the existing block, Timestamp, and Previous block [22]. In addition, the BC was determined as distributed, and the usual digital ledger was utilized to save the transaction data in the diverse point. Therefore, when an attacker tries to derive information, it can be difficult as all blocks have the cryptographic value of preceding blocks. Fig. 3 defines the framework of BC. At this point, every transaction was reached in the application of cryptographic hash value verified by all the miners. It can be taken with the same value as a completed ledger and contains blocks of every transaction. The decentralized saved is another source from BC, and a superior count of data was saved and connected in the existing block for the preceding block utilizing smart contract code. Swarm, SiacoinDB, BigchainDB, LitecoinDB, MoneroDB, Interplanetary File System (IPFS), and several other factors are presently executed to the decentralized database.

Figure 3: Structure of blockchain

4  Performance Validation

In this section, a detailed validation of the BXAI-IDCUCS model is carried out under distinct IoT nodes. Table 1 provides a comprehensive PDR and PLR examination of the BXAI-IDCUCS method with recent models. Fig. 4 portrays a close PDR inspection of the BXAI-IDCUCS technique under different IoT nodes. The results implied that the BXAI-IDCUCS approach had gained maximum PDR values over the other models. On 100 IoT nodes, the BXAI-IDCUCS technique has accomplished a maximum PDR of 98.71%, whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have obtained reduced PDR of 93.95%, 93.37%, 94.64%, 97.55%, and 97.84% correspondingly. Furthermore, on 500 IoT nodes, the BXAI-IDCUCS approach has reached a high PDR of 98.95%, whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have obtained lesser PDR of 80.55%, 83.28%, 81.92%, 87.75%, and 88.75% correspondingly.

Figure 4: PDR analysis of BXAI-IDCUCS technique under dissimilar IoT nodes

A detailed PLR assessment of the BXAI-IDCUCS model with existing approaches is performed in Fig. 5. The outcome shows that the BXAI-IDCUCS model has gained effectual outcomes with minimal values of PLR. On 100 IoT nodes, the BXAI-IDCUCS model has offered a reduced PLR of 1.29%, whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have gained higher PLR of 6.05%, 6.63%, 5.36%, 2.45%, and 2.16% respectively. Furthermore, on 500 IoT nodes, the BXAI-IDCUCS model has an accessible reduced PLR of 1.05%. In contrast, GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have reached superior PLRs of 19.45%, 16.72%, 18.08%, 12.25%, and 11.25% correspondingly.

Figure 5: PLR analysis of BXAI-IDCUCS technique under dissimilar IoT nodes

Table 2 and Fig. 6 demonstrate a comparative throughput (THPT) analysis of the BXAI-IDCUCS method under different IoT nodes. The results implied that the BXAI-IDCUCS approach had gained maximal THPT values over the other methods. On 100 IoT nodes, the BXAI-IDCUCS system has achieved enhanced THPT of 92.95 Mbps whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have obtained lower THPT of 67.57, 68.69, 71.7, 76.59, and 82.44 Mbps correspondingly. In addition, on 500 IoT nodes, the BXAI-IDCUCS technique has achieved a maximum THPT of 81.88 Mbps. In contrast, GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG techniques have reduced THPT of 53.58 and 56.48 Mbps, respectively 61.84, 61.38, and 72.97 Mbps correspondingly.

Figure 6: Throughput analysis of BXAI-IDCUCS technique under dissimilar IoT nodes

With recent approaches, a brief ECM assessment of the BXAI-IDCUCS technique is performed in Table 3 and Fig. 7. The experimental outcome indicated that the BXAI-IDCUCS system had gained effectual outcomes with minimal values of ECM. On 100 IoT nodes, the BXAI-IDCUCS system has accessible lower ECM of 0.0891 mJ whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG methodologies have gained maximal ECM of 0.2234, 0.2044, 0.1753, 0.1566, and 0.1183 mJ respectively. Besides, on 500 IoT nodes, the BXAI-IDCUCS model has offered a reduced ECM of 0.3257 mJ whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have gained maximum ECM of 0.4391, 0.4219, 0.3964, 0.3798, and 0.2825 mJ correspondingly.

Figure 7: ECM analysis of BXAI-IDCUCS technique under dissimilar IoT nodes

Table 4 and Fig. 8 illustrate a comparative NLT analysis of the BXAI-IDCUCS system under different IoT nodes. The results exposed that the BXAI-IDCUCS model has gained maximum NLT values over the other models. On 100 IoT nodes, the BXAI-IDCUCS model has achieved higherNLT of 2025 rounds, whereas GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG models have obtained reduced NLT of 1318, 1366, 1305, 1351, and 1713 rounds correspondingly. Eventually, on 500 IoT nodes, the BXAI-IDCUCS methodology has achieved a maximum NLT of 3529 rounds. In contrast, GAOC, MS-GAOC, DL-Leach, FAMACROW, and CTEEDG approaches have obtained reduced NLT of 2483, 2308, 2537, 2670, and 3354 rounds correspondingly.

Figure 8: NLT analysis of BXAI-IDCUCS technique under dissimilar IoT nodes

Next, the performance of intrusion detection of the BXAI-IDCUCS model is validated using two benchmark datasets, as given in Table 5. Fig. 9 portrays a pair of confusion matrices offered by the BXAI-IDCUCS model on the test dataset. On NSL-KDD 2015 dataset, the BXAI-IDCUCS model has identified 66855 samples under the normal class and 291 samples under the anomaly class. Besides, on CICIDS 2017 dataset, the BXAI-IDCUCS approach has identified 2238867 samples under the normal class and 548041 samples under the anomaly class.

Figure 9: Confusion matrix of BXAI-IDCUCS technique under two datasets

Table 6 reports a brief IDS outcome of the BXAI-IDCUCS model on two datasets. With the NSL-KDD2015 dataset, the BXAI-IDCUCS model has offered average accuracy of 99.38%, precision of 99.37%, DR of 99.39%, TNR of 99.39%, F-score of 99.38%, AUC of 99.39%, and the error rate of 0.62. Moreover, with CICIDS 2017 dataset, the BXAI-IDCUCS system has obtainable average accuy of 98.53%, precn of 97.11%, DR of 98.35%, TNR of 98.35%, Fscore of 97.71%, AUC of 98.35%, and the error rate of 1.47.

A brief comparative study of the BXAI-IDCUCS with recent models is made in Table 7 [23–26]. Fig. 10 inspects a comparative accuracy examination of the BXAI-IDCUCS with recent models. The figure indicated that the SVM system had offered a lower accuy of 87.16%. Followed by the NN and DNN-SVM approaches have obtained somewhat enhanced accuy of 90.99% and 92.03%, correspondingly. In line with this, the GA-Fuzzy and CNN models have correspondingly resulted in accuy of 96.53% and 96.75%. The RF and TR-IDS models have also accomplished reasonable accuy of 98.21% and 99.10%. But the BXAI-IDCUCS model has obtained the highest accuy of 99.38%.

Figure 10: Accuracy analysis of BXAI-IDCUCS technique with recent algorithms

Fig. 11 demonstrates a comparative DR examination of the BXAI-IDCUCS approach with recent models. The figure revealed that the SVM method offered a lower DR of 80.48%. Followed by the NN and DNN-SVM methods have obtained somewhat higher DR of 92.17% and 95.32%, correspondingly. Also, the GA-Fuzzy and CNN models have resulted in DR of 97.38% and 97.61%, correspondingly. Along with that, the RF and TR-IDS techniques have accomplished reasonable DR of 97.81% and 99.25%. But the BXAI-IDCUCS method has gained maximum DR of 99.39%. Afterward inspecting the results and discussion, it is confirmed that the BXAI-IDCUCS model has accomplished maximum energy efficacy and security.

Figure 11: DR analysis of BXAI-IDCUCS technique with recent algorithms

5  Conclusion

In this study, the BXAI-IDCUCS model has been developed to accomplish maximum energy efficacy and security in the IoT environment. The BXAI-IDCUCS model follows a three stage process namely clustering, intrusion detection, and blockchain based data transmission. For clustering process, the EADSO algorithm with fitness function involving three variables is employed. In addition, DNN model was utilized for the detection and classification of intrusions that exist in the IoT network. Lastly, BC technology is exploited for secure inter-cluster data transmission process. To assure effectual performance of the BXAI-IDCUCS model, a comprehensive experimentation study is applied and the outcomes are assessed under several aspects. The comparison study highlighted the superiority of the BXAI-IDCUCS approach over the recent state of art approaches with packet delivery ratio of 99.29%, packet loss rate of 0.71%, throughput of 92.95 Mbps, energy consumption of 0.0891 mJ, lifetime of 3529 rounds, and accuracy of 99.38%. In the future, multihop route selection models can be developed for optimal load balancing in the IoT environment.

Funding Statement: This research work was funded by Institutional Fund Projects under grant no. (IFPIP: 624-611-1443). Therefore, the authors gratefully acknowledge technical and financial support provided by the Ministry of Education and Deanship of Scientific Research (DSR), King Abdulaziz University (KAU), Jeddah, Saudi Arabia.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.