Binary Hunter–Prey Optimization with Machine Learning—Based Cybersecurity Solution on Internet of Things Environment

Internet of Things (IoT) enables day-to-day objects to connect with the Internet and transmit and receive data for meaningful purposes. Recently, IoT has resulted in many revolutions in all sectors. Nonetheless, security risks to IoT networks and devices are persistently disruptive due to the growth of Internet technology. Phishing becomes a common threat to Internet users, where the attacker aims to fraudulently extract confidential data of the system or user by using websites, fictitious emails, etc. Due to the dramatic growth in IoT devices, hackers target IoT gadgets, including smart cars, security cameras, and so on, and perpetrate phishing attacks to gain control over the vulnerable device for malicious purposes. These scams have been increasing and advancing over the last few years. To resolve these problems, this paper presents a binary Hunter–prey optimization with a machine learning-based phishing attack detection (BHPO-MLPAD) method in the IoT environment. The BHPO-MLPAD technique can find phishing attacks through feature selection and classification. In the presented BHPO-MLPAD technique, the BHPO algorithm primarily chooses an optimal subset of features. The cascaded forward neural network (CFNN) model is employed for phishing attack detection. To adjust the parameter values of the CFNN model, the variable step fruit fly optimization (VFFO) algorithm is utilized. The performance assessment of the BHPO-MLPAD method takes place on the benchmark dataset. The results inferred the betterment of the BHPO-MLPAD technique over compared approaches in different evaluation measures.


Introduction
The Internet of Things (IoT) allows convergence and applications between real-time substances irrespective of their geographic localities [1]. Execution of these in network management and control makes the protection and privacy approach gain great importance and challenge in this setting [2]. IoT applications should protect data privacy from fixing security problems like jamming, intrusions, DoS attacks, eavesdropping, spoofing attacks, spam, malware, and DoS attacks [3]. The safety measure of IoT gadgets relies on the type and size of the entity in which it is enforced. The user's behavior forces the security gateway to cooperate. In simple, the application, location, and nature of IoT gadgets decide the security measure [4]. For example, smart IoT security cameras can capture various 2 of 17 variables for intellectual decision making and analysis in the smart organization [5]. The utmost care is to be taken with web-related gadgets, as more IoT gadgets depend on the web. It is ubiquitous in the workplace that the IoT gadgets deployed in an entity can be utilized for applying privacy and security features [6]. For instance, wearable gadgets that send and collect users' health data to connected smartphones must avoid data leakage to ensure privacy. Nearly 25 to 30% of workforces link their personal IoT gadgets with the entity network [7]. The IoTs' expanding nature allures the attackers and the users.
The wide-ranging implementation of IoT gadgets by numerous entities, government sectors, trades, etc., is at high risk because of the devastating impact of data breaches and IoT gadget exploitation [8]. Hackers utilize the weakness of IoT gadgets, gain control over IoT gadgets, and then carry out malicious actions on confidential data with botnet attacks leading to the exposure of valuable information that causes financial loss [9]. One common threat that resulted in data breaches is phishing, a method where adversaries attempt to steal a user's credentials utilizing fraud attempts [10]. Many large companies like Companies House (UK), Facebook, UPS, WhatsApp, and Fargo have experienced phishing attacks in recent years [11]. In addition to these phishing methods that use delicate data regarding their targets, phishing emails may be modified to look like real emails for increasing the response time to attacks [12]. There has been a rise in spear-phishing and email phishing attacks nowadays since these emails were aimed to directly attack victims, with an increased possibility of getting a response. Still, with the advent of ML in different attack scenarios [13], IoT devices select a protective approach and determine the critical parameter in the security protocol for a trade-off between computation, security, and privacy [14]. This is difficult since it is hard for an IoT platform with limited resources to predict the current network and prompt attack status [15].
The study introduces a binary Hunter-prey optimization with a machine learningbased phishing attack detection (BHPO-MLPAD) method in the IoT environment. The BHPO-MLPAD technique can detect phishing attacks through feature selection and classification. In the presented BHPO-MLPAD technique, the BHPO algorithm primarily chooses an optimal subset of features. The cascaded forward neural network (CFNN) model is employed for phishing attack detection. To adjust the parameter values of the CFNN model, the variable step fruit fly optimization (VFFO) algorithm is utilized. The performance assessment of the BHPO-MLPAD method takes place on the benchmark dataset.

Literature Review
As IoT environments become increasingly susceptible to phishing threats, a comprehensive literature review is given to explore existing methodologies and advancements in phishing attack detection within this unique and complex ecosystem. Mughaid et al. [16] developed a detection method using an ML algorithm by splitting the data to train the recognition technique and validate the outcomes with the use of the testing dataset, to capture specific features of the emails and other characteristics to be categorized as phishing or non-phishing with three datasets, and we attained the most efficient and accurate outcomes after making a comparison between them. Abdulrahman et al. [17] introduced an effective ML-based method with the potential to find whether the website is phishing or not. Performance validation of the popular classification method was implemented and revealed Random Forest as the better classifier for the phishing data. An ML-based method for recognizing phishing attacks was constructed using RF with a wrapper based on the classifier attributes evaluator and ranker (CAER) feature selection model. Jain and Gupta [18] introduced an ML-based anti-phishing technique (PHISH-SAFE) with URL features. We have considered fourteen features from URLs for detecting a web page as phishing or non-phishing to evaluate the performance of the presented method. The presented technique is trained by around 33,000 phishing and legitimate URLs with NB and SVM classifiers. Huang et al. [19] developed a new phishing website detection method by identifying the URL websites that is proved to be an efficient and robust detection method. Specifically, the new capsule-based NN primarily involves many related branches where a single convolution layer extracted shallow features from the URL, and the succeeding two capsule layers produce precise feature representation of the URL from shallow features and discriminates the legitimacy of the URL.
The author in [20] investigated an agreement on a definitive feature that must be utilized in phishing recognition. Fuzzy Rough Set (FRS) concept selects an efficient feature from three benchmarked datasets. The features selected are given to three commonly utilized classifiers for phishing recognition. Jain and Gupta [21] developed a method to identify phishing attacks in e-banking and commercial websites through the link and visual similarity. Phishers often try to stimulate the visual design of a website, and fake websites have hyperlinks and identify keywords that point towards legitimate webpages for trapping Internet users. Thus, the presented method inspects keywords, hyperlinks, and CSS layout of websites to identify phishing attacks. Azeez et al. [22] introduced an automatic whitelist method for recognizing phishing. The whitelist can be defined by implementing a thorough review between the actual and the visual links. The similarity of the known trusted websites can be evaluated with the content of the whitelist and matching it with the IP address beforehand, making decisions and inspecting the actual and visual links by evaluating the similarity of the known trusted website. In study [23], the authors devised an email phishing detection structure CNNPD, depending on CNN. CNNPD identify incoming emails as benign or phishing.
In study [24], a novel MFO-RELM approach was presented for cyber-security threat detection and classification in the IoT platform. The proposed MFO-RELM approach achieves the effective detection of cybersecurity attacks that occur in the IoT platform. Ruiz-Villafranca et al. [25] examined MECInOT which is a structure dependent upon openLEON and able of creating test conditions for the IoT platform. The performance of this structure has been validated by generating an intelligent attack detector dependent upon tree-based algorithms, namely, RF, DT, and other ML approaches. Rookard and Khojandi [26] introduced a reinforcement learning-based network IDS for detecting attacks on IoT systems employing the TON-IoT database. Specially, the authors utilized the usage of DQN for cyber-attack detection. The authors defined that our DQN carries out an optimum for cyber-attack recognition. Mengash et al. [27] developed a novel search and rescue optimizer with ML-enabled cybersecurity method for an online social networks (SRO-MLCOSN) approach. The proposed SRO-MLCOSN approach concentrates on the detection of CB that ensued in social media.
The research gap exists in the scarcity of studies that systematically explore and optimize the highly related features specific to IoT data and the lack of comprehensive investigations into fine-tuning hyperparameters to achieve optimal performance for phishing detection in this unique and dynamic setting. Existing research often concentrates on traditional feature sets and generic hyperparameter settings, failing to address the IoT-specific challenges and intricacies that can significantly impact detection accuracy and robustness in real-world IoT scenarios. A more targeted and in-depth exploration of feature selection techniques and hyperparameter optimization tailored to the IoT environment is needed to enhance the effectiveness and reliability of phishing attack detection in IoT systems. Table 1 provides a summary of the existing works discussed in the literature.

The Proposed Model
This paper uses an automated phishing attack detection method, the BHPO-MLPAD technique, in the IoT environment. The BHPO-MLPAD technique can find phishing attacks through feature selection and classification. In the presented BHPO-MLPAD technique, a series of subprocesses are followed: BHPO-based feature subset selection, CFNN-based attack detection, and VFFO-related parameter tuning. Figure 1 depicts the workflow of the BHPO-MLPAD approach.

BHPO-Based Feature Selection
Here, the BHPO algorithm primarily chooses an optimal subset of features and reduces the computation complexity. HPO is a newly developed metaheuristic approach to resolving the optimization problem [28]. This model is stimulated by predatory behavior between predator animals, like leopards, lions, and wolves, and prey, including gazelles, deer, and stags. The calculation method and principles are referred to as Naruei.
As per Naruei, the typical HPO technique performs be er in resolving continuity issues but because of the uniqueness of discrete problems, the continuous HPO technique could not a ain the best solutions. The "0 − 1" problem can be an integer programming problem, mathematically expressed below: ∈ {0, 1}, = 1,2, ⋯ , .

BHPO-Based Feature Selection
Here, the BHPO algorithm primarily chooses an optimal subset of features and reduces the computation complexity. HPO is a newly developed metaheuristic approach to resolving the optimization problem [28]. This model is stimulated by predatory behavior between predator animals, like leopards, lions, and wolves, and prey, including gazelles, deer, and stags. The calculation method and principles are referred to as Naruei.
As per Naruei, the typical HPO technique performs better in resolving continuity issues but because of the uniqueness of discrete problems, the continuous HPO technique could not attain the best solutions. The "0-1" problem can be an integer programming problem, mathematically expressed below: In Equation (1), D denotes the overall amount of items, χ i indicates the i-th items chosen by the travelers, the respective weight is ω i , the value is q i , and V signifies the maximal load.
Since the "0-1" problem restricts all the dimensions of the parameter to 0 or 1, it was not appropriate to apply the continuous method to resolve the problem; a binary discrete algorithm was used to resolve these problems. A binary HPO technique is developed that could efficiently resolve the "0-1" issues making the typical HPO method inappropriate for resolving discreteness [29].
The generation model of the initial population is given below: In Equation (2), x i shows the location of i t s dimensions in all the individuals, and R 1 means the randomly generated value within [0-1]. The location of every individual's dimensions in the population comprises 0 or 1 once the population is initialized. Whether this location is 0 or 1 is defined by the random value within [0, 1] produced by this location. When the randomly generated value is more extensive than 0.5, this location is 1; or else, this location is 0.The metaheuristics approach has different ways to expand the continuity model into a binary model; however, it is the most effective and easiest way to utilize the transfer function. A transfer function mapped the continuous real value of inputs to values within [0,1]. There are different types of transfer functions; here, we apply the more often used transformation function, that is, Sigmoid function: In Equation (3), x(t + 1) denotes the prey location or hunter for the following iteration. Even though the individual in the population was normalized through the transformation function, it is still essential to transform the mapped value from zero to one: In Equation (4), R 2 denoted the randomly generated constant within [0, 1]. Once the typical HPO approach upgrades the location of prey or hunter, the binary solution is effectively attained by discrete processing [30]. The binary Hunter-prey optimization (BHPO) technique maintains the features of the typical HPO method.

Phishing Attack Detection
At this stage, the phishing attack detection process is performed by the CFNN model. CFNN is a kind of NN that performs similarly to an FFNN. The major difference between FNN and CFNN is that it has a link with the prior HLs and input that provides the benefits of integrating the nonlinear relationships without eliminating the linear relationships between output and input [31]. Furthermore, it is a standard network since it needs fewer neurons to resolve the problems than FNN, making it efficient and compact. It includes hidden, input, and output layers. All the layers have different neurons and each layer is connected. Figure 2 illustrates the infrastructure of CFNN. Utilizing the data from the input layer ( ), a weighted sum can be defined by a biased value ( ), and the summation function, that is commonly an endless number, is included to alter the outputs. The activation function ( ) was leveraged for transferring the weighted sum to the output value [32]. Here, activation functions are applied for output, and hidden layers are pure linear ( ) and tangent sigmoid ( ), formulated as follows: The calculation at single hidden neuron (H) and output neuron (Out) are given below: where denotes the hidden neuron, , , and represent the weight vector, and indicates the biased value. Utilizing the data from the input layer (I i ), a weighted sum can be defined by a biased value (b i ), and the summation function, that is commonly an endless number, is included to alter the outputs. The activation function ( f act ) was leveraged for transferring the weighted sum to the output value [32]. Here, activation functions are applied for output, and hidden layers are pure linear (a 2 ) and tangent sigmoid (a), formulated as follows: The calculation at single hidden neuron (H) and output neuron (Out) are given below: Out k = f act where H j denotes the hidden neuron, W ij , W jk , and W ik represent the weight vector, and b k indicates the biased value.

VFFO-Based Parameter Tuning
Finally, the VFFO algorithm is used to adjust the parameter values of the CFNN model. The FFO algorithm is a recent approach to search for global optimization depending on foraging behaviors of FFs [33]. The optimization method is split into two stages. Firstly, the FF population exploits an olfactory search to discover the optimum solution, and later, other FFs exploit a visual search to determine the optimum individual and fly toward the direction. This can be repetitive until the fittest solution is found.
The primary steps of the FFO are given below: Step 1: Randomly initialize the location of the FF population: Step 2: An FF performs a random search for generating a new location: Step 3: Compute the distance between the origin and the individual FF and later attain the taste judgment value S i : Step 4: The taste judgment values substituted with the judgment function for obtaining fitness) value of the FFs: Step 5: Retain optimum fitness fruit fly: Step 6: Record the fitness value and location of the better individuals. Next, each of the flies fly toward the location using a visual search: Step 7: In an iterative operation, repeat steps 2 to 6; the optimum FF is output once the maximal iterative value is obtained.
The FFO algorithm has the lesser control parameter, usability, and simple structure, and its running speed was very fast [34]. But the FFO has related problems to other SI techniques. The optimization can be disorderly and blind, and the search range was smaller, which leads to local optimal solutions and lower optimization accuracy that are easier to fall into local optima because of the random search step sizes leveraged in the process of iterative optimization. In the VFFO method, a dynamic search step size was exploited to enhance the optimization method of the FFO in response to this deficiency, using the ordered convergence features of function to optimize the algorithm efficacy and balance the local optimization and global search abilities: (16) where i characterizes the existing FF individual, gen denotes the existing amount of iterations, and w shows the weight factor of 0 to 1. To explain the search curve, every generation of search steps has taken a minimal value. The population size was 50, and the maximal amount of iterations was 500 once the weight factor was fixed at 0.8. The variable step sizes enhance the range of search step sizes which change in the original model, considerably extending an efficient searching space of the model and enhancing a variety of solutions. Moreover, the search step size could attain a convergence rate with the rise in iteration, which makes the algorithm's resolving procedure effective and orderly, efficiently enhancing the optimization performance and resolving the drawbacks of random search step size [35]. The fitness selection was a crucial factor in the VFFO approach. Solution encoding was utilized for assessing the goodness of solution candidate. The accuracy value was the major condition used to devise a fitness function: where FP and TP indicate the false and true positive values.

Experimental Evaluation
The proposed model is simulated using the Python 3.6.5 tool. The outcomes of the BHPO-MLPAD technique can be investigated on the UNSW dataset [36], which holds 6000 samples and six classes, as provided in Table 2.   Figure 3d shows the ROC study of the BHPO-MLPAD method. The figure depicted that the BHPO-MLPAD algorithm has productive outcomes with higher ROC values under six class labels.
In Figure 4, the detection outcomes of the BHPO-MLPAD technique are clearly stated under 70% of TRP. The experimental outcomes highlighted that the BHPO-MLPAD technique recognized six types of classes. In the normal class, the BHPO-MLPAD technique attains accu y of 99.38%, prec n of 98.30%, reca l of 98.02%, F score of 98.16%, and AUC score of 98.84%. Also, in the Fuzzers class, the BHPO-MLPAD method reaches accu y of 99.33%, prec n of 97.69%, reca l of 98.26%, F score of 97.98%, and AUC score of 98.90%. Additionally, in the DoS class, the BHPO-MLPAD approach reaches accu y of 99.02%, prec n of 97%, reca l of 97.40%, F score of 97.20%, and AUC score of 98.38%. Lastly, in the Generic class, the BHPO-MLPAD algorithm achieves accu y of 98.93%, prec n of 97.11%, reca l of 96.42%, F score of 96.76%, and AUC score of 97.92%.  The overall performance of the BHPO-MLPAD technique is revealed in Table 3.    In Figure 5, the detection outcomes of the BHPO-MLPAD method are clearly stated under 30% of TSP. The outcomes emphasized that the BHPO-MLPAD algorithm recognized six types of classes. In the normal class, the BHPO-MLPAD method reaches of 99.  Figure 6 inspects the accuracy of the BHPO-MLPAD method in the training and validation of the test database. The result specifies that the BHPO-MLPAD method reaches greater accuracy values over higher epochs. As well, the greater validation accuracy over training accuracy displays that the BHPO-MLPAD method learns productively on the test database. The overall performance of the BHPO-MLPAD technique is revealed in Table 3. In Figure 5, the detection outcomes of the BHPO-MLPAD method are clearly stated under 30% of TSP. The outcomes emphasized that the BHPO-MLPAD algorithm recognized six types of classes. In the normal class, the BHPO-MLPAD method reaches an accu y of 99.61%, prec n of 98.31%, reca l of 99.32%, F score of 98.81%, and AUC score of 99.49%. Similarly, in the Fuzzers class, the BHPO-MLPAD method attains accu y of 99.28%, prec n of 97.75%, reca l of 98.06%, F score of 97.91%, and AUC score of 98.80%. Furthermore, in the DoS class, the BHPO-MLPAD method attains accu y of 99.06%, prec n of 97.37%, reca l of 96.28%, F score of 96.82%, and AUC score of 97.91%. Lastly, in the Generic class, the BHPO-MLPAD approach attains an accu y of 99%, prec n of 97.65%, reca l of 96.36%, F score of 97%, and AUC score of 97.95%.   Figure 6 inspects the accuracy of the BHPO-MLPAD method in the training and validation of the test database. The result specifies that the BHPO-MLPAD method reaches greater accuracy values over higher epochs. As well, the greater validation accuracy over training accuracy displays that the BHPO-MLPAD method learns productively on the test database.
The loss analysis of the BHPO-MLPAD method in training and validation is shown on the test database in Figure 7. The result indicates that the BHPO-MLPAD algorithm reaches adjacent training and validation loss values. The BHPO-MLPAD method learns productively on the test database.
A detailed comparative result of the BHPO-MLPAD technique is reported in Table 4 and Figure 8. The results stated that the GA-LR and TS-RF models have revealed worse results over other models.    A detailed comparative result of the BHPO-MLPAD technique is reported in Table 4 and Figure 8. The results stated that the GA-LR and TS-RF models have revealed worse results over other models.

Technology
Computational Time (s) GA-LR 0.30 Along with the aforementioned, the LSO-FNN and SCM3-RF models have obtained poor performance. On the contrary, the RHF-ANN and EAFS-RF models attained slightly improved results. However, the BHPO-MLPAD technique stated the maximum performance of the BHPO-MLPAD technique over other models with accu y of 99.11%, prec n of 97.35%, reca l of 97.33%, and F score of 97.33%.
Finally, the brief computation time (CT) results of the BHPO-MLPAD method are compared with other models in Table 5 and

Conclusions
In this paper, an automated phishing a ack detection technique, named BHPO-MLPAD technique, has been used in the IoT environment. The BHPO-MLPAD technique is able to detect phishing a acks through feature selection and classification. In the presented BHPO-MLPAD technique, a series of subprocesses are followed: BHPO-based feature subset selection, CFNN-based a ack detection, and VFFO-based parameter tuning. Here, the BHPO algorithm primarily chooses an optimal subset of features and reduces the computation complexity. Next, the phishing a ack detection process is performed by the CFNN method. Finally, the VFFO algorithm is utilized to adjust the parameter values of the CFNN method. The performance assessment of the BHPO-MLPAD method takes place on the benchmark dataset. The outcomes inferred the be erment of the BHPO-MLPAD method over compared approaches in terms of various evaluation measures.

Conclusions
In this paper, an automated phishing attack detection technique, named BHPO-MLPAD technique, has been used in the IoT environment. The BHPO-MLPAD technique is able to detect phishing attacks through feature selection and classification. In the presented BHPO-MLPAD technique, a series of subprocesses are followed: BHPO-based feature subset selection, CFNN-based attack detection, and VFFO-based parameter tuning. Here, the BHPO algorithm primarily chooses an optimal subset of features and reduces the computation complexity. Next, the phishing attack detection process is performed by the CFNN method. Finally, the VFFO algorithm is utilized to adjust the parameter values of the CFNN method. The performance assessment of the BHPO-MLPAD method takes place on the benchmark dataset. The outcomes inferred the betterment of the BHPO-MLPAD method over compared approaches in terms of various evaluation measures.