Energy-Efﬁcient and Secure Load Balancing Technique for SDN-Enabled Fog Computing

: The number of client applications on the fog computing layer is increasing due to ad-vancements in the Internet of Things (IoT) paradigm. Fog computing plays a signiﬁcant role in reducing latency and enhancing resource usage for IoT users’ tasks. Along with its various beneﬁts, fog computing also faces several challenges, including challenges related to resource overloading, security, node placement, scheduling, and energy consumption. In fog computing, load balancing is a difﬁcult challenge due to the increased number of IoT devices and requests, which requires an equal load distribution throughout all available resources. In this study, we proposed a secure and energy-aware fog computing architecture, and we implemented a load-balancing technique to improve the complete utilization of resources with an SDN-enabled fog environment. A deep belief network (DBN)-based intrusion detection method was also implemented as part of the proposed techniques to reduce workload communication delays in the fog layer. The simulation ﬁndings showed that the proposed technique provided an efﬁcient method of load balancing in a fog environment, minimizing the average response time, average energy consumption, and communication delay by 15%, 23%, and 10%, respectively, as compared with other existing techniques.


Introduction
The past two decades have witnessed continuous growth in the demand for greater network capacity. To cope with this growing demand, an enormous amount of research has been conducted to enhance the performance of both optical-fiber-based and wireless networks [1]. Moreover, in recent years, network traffic has been exponentially growing at an unprecedented pace. This enormous increase is mainly due to massive amounts of video streams and modern technologies such as cloud services, social networks, and the traffic generated from the IoT. Fog computing was developed to provide IoT networks with lower latency and higher-quality user services. Fog computing is a deconcentrated computing framework in which storage, data, and applications are placed between the data source and cloud. Fog is used in real-time situations, and information is required to be processed quickly. Fog computing is a hypervisor technology that provides a real-time user interference for IoT users. Fog computing provides the distribution of edge data centers, the geographical arrangement of nodes, and location awareness. Moreover, fog computing provides excellent privacy, security, bandwidth, and latency. Fog computing overcomes several issues faced by IoT users. It also solves the reoccurring issues experienced by cloud users. Nodes are spread in several formats in fog computing frameworks and can gather essential data from different IoT sensors. Real-time users obtain information after processing information in the fog-IoT framework [2]. Edge devices were developed near cloud servers after the implementation of fog computing. Unique nodes are used in fog computing to transmit data between IoT devices and convey messages. This provides a framework for techniques, features, evaluation tools used, and the drawbacks identified by authors related to load balancing in the fog computing environment. Kadhim et al. [30] worked on merging the IoT with a software-defined network (SDN) and fog computing to assist fog-IoT nodes for parked vehicles. The proposed method helped to decrease the number ofmigrated tasks and enhance the capacities of fog nodes. In addition, the load balancing method, proposed on the basis of a proactive approach, balanced the load globally and locally using SDN controllers and local fog managers. The simulation results showed that these methods were more effective than IoT-Fog-Cloud and VANET-Fog-Cloud.
Hameed et al. [23] proposed capacity-enabled and dynamic clustering load balancing techniques for energy-aware vehicular fog computing networks for IoT user requests. The authors divided a vehicular network into fog clusters to manage the fog resources and used inter-and intra-clustering load balancing for IoT jobs. The authors considered three scenarios-vehicles in an urban area, vehicles running on highways, and parked vehiclesfor investigation and evaluation. The results showed that urban areas and parked vehicles had a high potential to use fog resources, whereas vehicles on the highway consumed higher energy and exhibited lower throughput. The authors also employed learning-based strategies to increase the network's performance and energy usage.
Karthik et al. [19] studied the use of a microgrid-connected wireless sensor network to optimize and assimilate a fog computing network. The developed FGWHO fog model was applied to evaluate the power generation, demand, and grid distance within the fog network. The grid-connected energy model was formed to assess the performance of girds. The proposed model enhanced the network's performance, including improvements in the residual energy, packet delivery ratio, and throughput parameters.
Maswood et al. [31] studied the integration of a fog-cloud to reduce the cost of resources and minimize delays in real-time applications and operations. The authors proposed an optimization model to provide load balancing, reduce bandwidth cost, and evaluate the efficient use of networks and fog-server resources. The simulation results were recorded in heterogeneous and homogeneous network resources as demand, generated by means of cluster points (CPs). The performance of the proposed model was investigated in terms of links and server utilization, bandwidth cost, and several machines used.
Beraldi et al. [32] first addressed the problem related to the distribution of loads in a fog environment and proposed adaptive forwarding and sequential forwarding algorithms that aimed to balance loads within the fog computing network. The authors considered controlled, simplified, and realistic scenarios for the design of a smart city fog computing infrastructure [33]. The performance evaluation of these algorithms was based on different responsible factors, such as the response time and the drop rate. To overcome the problem of the load distribution in fog nodes, Beraldi et al. [34] also suggested a probe-based load balancing method. They were primarily concerned with picking fog nodes to distribute incoming workloads. The suggested method was based on simulation and mathematical models. The authors presented two load-sharing algorithms that aimed to offload work to nearby nodes. The authors also tested the efficiency of the algorithm in a realistic scenario based on a real-world smart city monitoring application.
Rehman et al. [35] proposed an energy-efficient resource-allocation-based dynamic load balancing technique. The authors' primary focus was on offering an energy-aware load balancing solution for edge and fog devices. They evaluated simulation results using CloudSim. To evaluate the proposed technique, the authors looked at energy efficiency and cost characteristics and found that energy was decreased by 8.67%, and the cost was lowered by 16.77% when compared to the DRAM approach.
Singh et al. [36,37] discussed different load balancing techniques, algorithms, and taxonomies by conducting a comparative investigation based on their research. The authors concluded that the round robin load-balancing algorithm was the most simplistic method to implement in a fog computing network. The IP Hash load balancing algorithm was used in the fog computing network. S.P. Singh et al. [38] proposed a fuzzy-based load balancing method. The authors created a fuzzy-based load-balancer with several levels of the fuzzy control architecture. The data center layer, fog access layer, fog device layer, and core layer were the four levels of the proposed load balancer. These athors were mainly concerned with fog network traffic splitting.
Sangaiah et al. [39] deployed intrusion detection systems (IDSs) as a protective measure in critical situations. Several metrics were utilized to assess IDSs. The most effective feature selection approach was used for identifying harmful and lawful activity. The authors designed this study to find an efficient feature selection strategy to improve the accuracy of the classifier in intrusion detection. The "Hybrid Ant-Bee Colony Optimization (HABCO)" approach was developed and compared with different techniques to turn the attribute selection issue into an optimization process. Sangaiah et al. [40] also proposed a new protocol, "CLustering Multi-Layer Security Protocol (CL-MLSP)," with "Ad-hoc On-Demand Distance Vector (AODV)", to detect malicious nodes. The clustering approach determined the shortest distance for every node, related to mobility, dispersion, and energy. The efficiency of CL-MLSP was evaluated using NS2, and the parameters included the network lifespan, packet loss, latency, and security.
Abbasi et al. [41] suggested a four-layer fog model with smart grid integration. Their effective system's primary goal was to manage the smart grid's resources, with recommended design and work dispersed around the globe, such as in six different continents. The round-robin (RR), particle swarm optimization (PSO), active virtual machine (VM), and throttled methods for load balancing were applied in this study, and their results were evaluated based on their cost.

Problem and Motivations
The load balancing process in fog computing consists of three main stages: data gathering, correct choice, and data movement. In the first step of the load balancing process, the data have to be gathered for task allocation and the identification of the imbalanced load. Then, the best feasible distribution of the data is determined in the second stage. Subsequently, data are communicated from an overloaded node to an underloaded node in the final stage. In fog computing, the paradigm of an optimization approach with load balancing is applied to minimize the chances of unnecessary allocation [36].
IoT devices produce a massive quantity of data, which have to be analyzed quickly. Fog nodes require energy, both when they are active and when they are idle. Based on previous surveys, a few solutions need to be proposed to lower the energy usage of the fog-IoT-based model. An effective technique is required to aid the appropriate usage of the fog node. The end-users may experience issues when processing queries due to the overcrowded requests from a large number of IoT devices, so the fog-IoT request needs to have improved response and execution times.
The amount of electric power consumed by fog nodes is defined as the energy consumption at the fog computing layer. In the fog environment, different types of devices, such as servers, gateways, and routers, use energy when executing activities. Load balancing is primarily used to scale down the total energy consumption of the fog computing system. Other factors also contribute to the cost of sustaining resources saved by load balancing in the fog environment, including energy usage and maintenance costs. If some resources are used more heavily, but others are underused, maintenance is required for these resources. As a result, the maintenance cost will be high, and load balancing is essential to lower the maintenance and implementation costs [42].
As per the above-discussed research, we can outline our objectives in relation to load balancing in fog computing, with the overall aim of improving upon the performance of existing techniques, as follows: • To increase the performance of the fog-IoT computing architecture and develop a technique for processing end-user queries in terms of energy consumption and costeffectiveness. • To propose a load-balancing technique to improve resource utilization with SDNenabled fog computing in the fog layer and decrease task migration to the cloud layer. • To implement the intrusion detection method with fog computing to reduce communication delays in the the fog layer and the workload of fog nodes. Figure 1 shows the proposed architecture of our energy-efficient, SDN-enabled loadbalancing technique for fog computing. The system consists of a three-tier architecture model, i.e., the IoT device tier, the fog tier, and the cloud tier. In the IoT tier, different IoT devices, such as health sensors, agriculture sensors, smartwatches, smart cars, and smart home devices, interact with the fog gateway. In the fog tier, different fog nodes are connected with a fog server within one region that belongs to one geographical area. The open-flow protocols support the fog device. In each fog region, one local fog server manager is con-nected to each fog node within that region. The fog server manages each node and stores information related to each task and the available resources. The fog nodes are divided into different regions depending on the node's storage capacity, computing power, and networking strength. The fog region may contain the nodes with high storage capacity, which are combined to make storage fog regions. Similarly, one fog server or cluster manager manages nodes with high computing capacity to make computing fog regions. Mixed fog resource regions with different fog nodes contain resources related to storage, computing, and networking to handle the job requirements of these resources. The fog server manager contains each connected node's information regarding the devices' capacity. The different regions are connected by means of the SDN controller, enabling them to communicate with each other. Moreover, each fog server is also connected to an SDN controller to balance the loads of different fog regions. The SDN controller enables complete information network communication within fog regions and the fog-cloud layer. Furthermore, the fog regions are also connected with cloud services through the use of SDN controllers to communicate with the cloud tier devices with high computing requirements.

System Architecture
In our work, we make the following assumptions. (a) The fog servers at the fog layer are heterogeneous in nature. (b) The fog nodes support open-flow protocols. (c) The SDN controller and fog servers have complete information about each fog device's load, computing capacities, and task resource requirements. The IoT devices send the users' task requests for computing through the fog gateway to fog devices. The fog gateway creates a new link between the IoT and fog devices. These fog devices send information about the user's task to the nearby fog server and update the information based on the network connection within the fog region. Furthermore, they send a signal to the SDN controller to enable information updates. The clustering of the fog devices for each fog region is determined based on the Algorithm. At this point, fog servers manage the load at the fog node according to the user's task requests. The fog servers assist the fog nodes in executing the task after balancing the load within the fog region. The information about the task is updated to the SDN controller. If resources are unavailable within the fog region, the task will be migrated to another fog region with the support of fog servers and the SDN controller. The fog network's complete load is balanced with the help of the fog servers and the SDN controller [43].

Load-Balancing Mechanism
The IoT devices send the request through the fog gateway and connect to the upper fog layer to send task requests to fog nodes. The load-balancing technique is implemented on the fog layer with the help of a fog server or cluster head within the fog region or outer regions. First IoT devices send the requests to the fog node through the fog gateway. At the fog level, various heterogeneous resources, such as memory, CPU computation, networks, and storage, are accessible in order to satisfy user resource requirements. According to the proposed architecture, the fog server manager or cluster head is responsible for assigning resources according to the demands of the user tasks within the fog region. To balance the load of IoT requests, we first determine the resource requirements of each task, and classification and machine learning techniques are applied as already implemented in previous work [44]. After the identification of the task's resource requirements, the load balancer sends a request to the fog region regarding the demand. The fog region or cluster head is selected based on the available free resources and the task's resource demands. The fog regions are divided into high-storage-capacity regions, high-computing-capacity regions, and mixed-resource-capacity regions. For example, if the tasks require more computation, then the tasks are sent to the nearby computation fog region to complete the job. On the other hand, if the tasks require more storage, then the task is sent to the storage fog region.
After selecting the fog region, the fog gateway node connects to fog servers based on the calculated threshold value. The deadline of the task is considered the threshold value. In the selected fog region, the fog server manager connects to other fog nodes within the fog region to balance the loads of the tasks. The fog server manager keeps track of all available free resources within the fog region and provides the updated information required by the load balancer and the SDN controller [45]. The load balancer and SDN check the available fog regions to schedule the tasks. According to the network conditions and the number of nodes available, multiple fog regions are connected through the SDN controller. The fog servers and the SDN controller have complete information about the available resources and task requests, which plays an essential role in load balancing and the energy conservation for the complete system. The fog server manager or cluster head distributes the tasks to fog nodes within the region based on the capability of the fog nodes.
The task requests are further shifted from one fog region to another if the ideal load is achieved at the fog cluster head region. SDN also manages all fog region communication processes and connects to cloud services [46,47].
The prediction of the current-stage load was already achieved by Sharma et al. [48] based on the use of an artificial neural network (ANN). The ANN method is a fundamental and easy-to-implement machine-learning approach for predicting a fog node's current stage. This approach helps in distributing the workload to multiple fog nodes when one fog node is in an idle state or overloaded. The back-propagation learning algorithm (BPLA) has also been used to distribute the workloads on all fog nodes uniformly. This approach requires the availability of an adequate training set in order to manage the fog nodes effectively. The ANN can find out the present demands of different tasks and allocate resources accordingly. Load-balancing plays an active role in improving the energy consumption and throughput of the overall fog computing process. The input layer, hidden layer, and output layer are the three layers that the proposed approach works upon. The input layer processes the immediate load of 'm' fog nodes.
The computation of the instant load is expressed as in Equation (1): Here, S(t) represents the size of the task, and "t" is the time of the simulation. N is the number of tasks processed at the individual fog node F m . The average load is computed as per Equation (2): In the above equation, RT j represents the remaining time of an instantly processed execution at the node. M is the number of fog nodes currently used at the instant "i". TET(N) is the execution time of all tasks. According to the present workload, the weight value is processed in the hidden layer of each fog node. The balanced workload for all M fog nodes is predicted at the output layer.
Algorithm 1 shows the clustering mechanism and selection procedure for the fog region or cluster head F CH in the fog layer. The initialization of fog nodes, the fog gateway, fog node capacity type, and fog region or cluster head is presented in the first five lines of the algorithm, and further steps show the selection procedure of F CH . The minimal Euclidean distance between the fog gateway and the fog nodes is calculated. The selection criteria of F CH are defined based on the following conditions: (a) if the fog node's distance D is inside the fog gateway's range, (b) verifying time T through a comparison with the threshold value. Furthermore, we check the capacity types of fog nodes in terms of storage, computing, and mixed resources. Furthermore, the fog cluster head (F CH ) is associated with the neighbor fog nodes to build the new cluster or fog region. This process is necessary to handle the dynamic nature of fog because the fog region/fog cluster head members may change in the fog layer.
The fog gateway receives the task from the IoT layer after selecting the fog cluster head and then transmits the request to the fog server manager to balance the loads of IoT user tasks. Algorithm 2 shows the load-balancing technique in the fog layer. First, we initialize the number of fog cluster regions as F CR , the head cluster region as H cr , the neighbors of fog regions as N cr , the capacity of F CR as C, and distance as D. The procedure of the algorithm starts with a cluster (F CR ) up to a number of clusters from (n) to F CR ). If the capacity of the task is greater than C(H cr ), then it is necessary to find the neighboring region having the minimum Euclidean distance (D). The task is assigned to the region where the task capacity is less than that of the neighboring region cluster and which has a minimum Euclidean distance. The proposed technique manages the state of the ideal load and overloaded fog nodes to reduce the network congestion and resource/energy consumption level. The algorithm exhibits the load-balancing process within the fog region. Moreover, in the case in which the load is at the ideal level on the selected fog cluster/region head, requests are migrated to the nearest neighboring fog region as per the information available at the SDN controller. Table 2 represents the list of notations used in Algorithms.  The workflow of the load-balancing process in the fog layer is shown in Figure 2. It explains the steps from deploying the IoT and fog nodes to completing the task execution process in the fog layer. The primary process of the fog nodes starts with deploying IoT devices and fog nodes to handle user requests. The IoT devices send the user task requests through a fog gateway. Then, a DBN-based intrusion detection method is implemented to reduce the workload and delay. The fog gateway also connects the nearby fog region through the use of the SDN. The fog cluster heads are selected within the fog region, and clustering is proposed based on the clustering technique. After this, the fog region's capacity is checked, and the load distribution is implemented per the task request within one or more fog regions. In the fog region, cluster heads or fog servers are already in place to handle task requests. The load-balancing technique can check the capacity of a fog region to handle requests; if it does not have sufficient capacity, the request is transferred to a nearby fog region. The execution of the task is completed in that region, and the response is sent back to the user. In the fog layer, the resources are dynamic, and devices can move from one location to another. In fact, sometimes problems occur when the task request is sent to a node that is moving from one fog region to another fog region. In that situation, there is always a need to complete the task without any failure. To handle these problems, troubleshooting is required in order to regularly check and update the information at the fog server manager and the load balancer. The load balancer and SDN controller immediately shift the task to other available fog nodes or regions in that situation. Our proposed technique also handles the abovementioned troubleshooting problem and helps to balance the load within the fog layer.

Intrusion Detection
In the system architecture proposed above, intrusion detection is performed between the IoT and the fog layer after receiving the user requests. The data are exchanged among several detection nodes to complete the detection operation. Algorithm 3 describes the basic steps involved in the intrusion detection method. In the first step, the data requests are received through the IoT-fog gateway and the deep belief network (DBN) and revamped DBN model are implemented to detect an intrusion in the IoT-fog computing environment [49]. The primary goal of the DBN is to find the DBN structure that provides the best rate of precision in the system. In the next step, the gateway sends the standard flag to the DBN and analyzes the data request. The control system manages the DBN outcomes and assesses the data to make a decision. In the next step, the gateway receives the results from the system to remove the false-flag data and takes the accurate flagged output of the data. Finally, it sends the actual flagged data to the load balancer and the fog server manager. We divided this categorization process into three parts to obtain the necessary level of accuracy. The training and testing datasets are created in the first stage by capturing incoming user requests. In the second stage, the incursion features are extracted. Finally, the DBN is used to classify the results. RBM is a crucial component of a deep belief network and this helps with pattern detection, data reconstruction, and data categorization. An undirected graph model's hidden and visible layers are used in RBM. The layers are not linked at the same level but are linked with separate layers.

Implementation and Evaluation
The implementation and evaluation of the proposed work were carried out based on the two scenarios discussed below. In Scenario I, the main focus was on implementing load-balancing techniques to evaluate the results. In Scenario II, the implementation of the proposed intrusion detection was carried out on the UNSW-NB15 dataset to reduce the workload.

Scenario I
We used the COSCO [50] simulator to set up a fog environment to implement the proposed work. This is a coupled simulation and container orchestration framework that works for integrated fog-cloud computing environments. It is a straightforward Python-based software solution that allows researchers to create, test, simulate, and deploy scheduling policies to balance the load. The proposed technique is Implemented with the seamless integration of load balancing and simulated back-ends for improved decision creating. Using a custom Stats logger, the simulation support system monitors metrics in real-time, logs them, and generates consolidated graphs. To implement the proposed technique, the object-oriented programming model is used in Python. A complete overview of different classes used in the implementation process is provided in Figure 3, and these work together to complete the simulation cycle. The Simulator class defines Balancer, Stats, host list, and taskList objects, which are further connected to the Task, Host, Stats, and Balancer classes. The different functions related to setting up the simulation, allocating tasks, migrating tasks, destroying tasks, and task placement are defined in the simulator class. The datacenter class is used to simulate the hosts that give the host's object list to the simulator. The workload class is used to generate the workload with the support of static application trace data. The user has control over the number of jobs created during each pause. To complete the simulation, RAM, IPS, Bandwidth, and Disk classes are required to provide the Simulator class resources. The Host class is used to create virtual host objects with capacity and utilization metrics for RAM, IPS, Bandwidth, and Disk space. The Host class is further connected to the PowerModel class to measure the power consumption. Furthermore, the Load Balancer class provides for task selection and placement functions that help make effective load balancing decisions in the simulation process. The Simulator class is the central access point for running the simulation, which simulates fog jobs using a pre-implemented balancer, datacenter setups, workload model, and resource modules. The simulator class also allocates new workloads, determines if allocation or migration is required, runs event-driven simulations, and destroys finished workloads. The Stats class is used to monitor and obtain the log data from hosts, workloads, and containers during the complete execution of the simulation process.

Workload
The results are obtained using Bitbrain traces to generate the workload for the training and testing of the proposed technique in comparison baseline techniques [51]. This workload was considered due to its non-stationarity, its extremely fluctuating workload, and its resemblance to several real-world applications. The dataset contains realistic traces of resource utilization statistics from 1750 virtual machines (VMs) working on BitBrain's distributed data center. The workload applications operating on each of these systems come from a wide range of industries, such as computational statistical programs used by banks, insurers, and credit operators, which are utilized for evaluating fog-cloud modeling techniques. The dataset contains workload parameters for every timestamp, separated by five minutes, including CPU cores on-demand, CPU used in million instructions per second (MIPS), and RAM on demand with networking and read/write disc bandwidth features. These various types of workload traces are used to produce the trained data and run the simulation process. The files of Bitbrain traces are organized by traces: Rnd and fast storage. The first trace, fast storage, is made up of 1250 VMs, which are linked to high-speed storage area network (SAN) devices. The second trace, Rnd, is made up of 500 VMs linked to rapid SAN equipment or slower network attached storage devices. Because of the increased performance of the storage connected to the fast storage devices, the fast storage traces contain a greater proportion of compute nodes than the Rnd traces. In contrast, the Rnd traces show a higher proportion of management machines that only involve space, with reduced performance and far less frequent availability.

Experimental Setup
The simulation setup was carried out using the following hardware and software, in order to conduct the experiments. The results used in this paper were obtained based on the following setup. In the simulation environment, the experiments were run based on 50 host machines, which represented a scaled-up version of ten machines. On a considerably larger scale, the fog computing environment was scrutinized as per a previous study [52], in which each category had five times the number of instances, resulting in a total of fifty machines. Because we could not install simulated nodes in far-flung places, we represented their networking features and latency as shown in Table 3, which was used in the simulator. The experiments were conducted for a total of 100 scheduled intervals, each of which was 300 s long.

Scenario II
The main focus in implementing the proposed intrusion detection mechanism was reducing the workload and communication delays. The UNSW-NB15 [53] dataset contains assaults that are both routine activities and synthetic contemporary assaults. The Tcpdump instruments were used to create a bundle of the dataset's rudimentary system, which included 49 characteristics. Twelve algorithms, including Bro-IDS and Argus, were used to generate the class marks. There were 25,400,443 records in total. Various leveling approaches were used to partition the whole dataset into training and test sets. There were 175,341 entries in the preparation dataset. The testing dataset contained 82,332 entries. The allocated information collection had 43 features, with six highlights from the whole dataset, and was divided into 10 categories. Among the nine attacks were worms, secondary passages, shellcode, DoS, inspection, observation, abuse, nonexclusive, and fuzzes. The new training records for balancing the UNSWNB15 dataset are shown in Figure 4.
Due to unbalancing difficulties in the training instances, oversampling was necessary for the UNSW-NB15 data. An oversampling strategy was used to balance the training data. To balance the training data, new entries were created. Figure 4 depicts the balanced training data achieved via an oversampling method. To assess the effectiveness of the planned and current approach, a total of 20 snort nodes were placed in the network. Snorting alerts may be used to extract a set of eight characteristics (destination and source port no., destination and source Internet Protocol (IP) address, priority, categorization, description, and packet type). Wang et al. [54] (ML-EdgeIDS) conducted similar experiments to investigate differences in delay and workload.

Performance Evaluation Metrics
The experimentation was carried out using the COSCO simulation platform to compare the performance of the proposed technique with the baseline methods. To evaluate the performance of the proposed technique, we focused on the response time and energy consumption within the fog computing environment.

Average Energy Consumption (A EC )
The average energy consumption was formalized as the energy consumption of different fog and IoT devices at any interval of time T that is normalized by the maximum power of the nodes. Equation (3) is defined as follows at the instant T : Here, Power d i (T) denotes the power function of device host(s) d i at period interval T, and Power max d i denotes the maximum potential power of host d i and D is the set of host(s) in the resource layer.

Average Response Time (A RT )
The average response time for all departing tasks (D t ), normalized by the maximal response time up to the present interval, was defined as the average response time for an interval T I . Equation (4) was defined as follows:

Cost per Container on Average
The performance was also evaluated based on the average cost per container in the simulation setup. Equation (5) defines the average cost per container on different tasks: C d i (T) denotes the cost function of the device host d i at time interval T.

Results and Discussion
In this section, we examined the outcomes of the proposed technique using simulations. Figure 5 illustrates the average energy consumption with 50 hosts, demonstrating the differences between balanced and imbalanced loads. The energy consumption increased in both balanced and imbalanced loads when the number of SIM intervals increased. Overall, it was seen that both imbalanced loads consumed more energy compared to balanced loads in the entire chart as the number of SIM interval values increased. The average energy consumption of the balanced load technique was lower compared to the imbalanced technique. Figure 6 illustrates the average execution time with the simulation of 50 hosts. The figure represents the different results obtained when the balanced and imbalanced load techniques were implemented in the simulation. In summary, when the number of SIM interval values increased, balanced and imbalanced load techniques showed an increasing trend across the entire chart. Compared to unbalanced load techniques, balanced load techniques took less time to execute. Figure 7 illustrates the average response time with a 50-host simulation setup, desmonstrating the results of the balanced and imbalanced load techniques. The balanced load technique took a shorter response time to complete the task than the imbalanced load technique. The graph also shows that the response time increased up when the number of SIM intervals increased for the balanced and imbalanced loads. In summary, balanced load approaches were more time-efficient compared to imbalanced load approaches, as shown by the increased SIM values required to complete the tasks. Figure 8 illustrates the average cost per container on the simulator with 50 hosts. The bar chart indicates the differences between the balanced and imbalanced load balancing techniques. It can be seen that both balanced and imbalanced loads showed an upward trend in the entire chart when the simulation intervals were increased. The average cost of the balanced approach was slightly higher at 10 SIM intervals, but it decreased when the SIM intervals were increased. Overall, the imbalanced load techniques had a higher average cost as compared to the balanced techniques.     We compared the proposed intrusion detection method to the most closely related research to assess the performance. Wang et al. [54] improved on this research by incorporating machine learning into the edge-fog computing environment. Figure 11 presents a comparison between the workload reduction and communication delay improvement based on network interactions and the available data. In comparison to ML-EdgeIDS [54], the proposed method was able to reduce the workload by up to 7% and improve delays by up to 5% with an equal processing capacity. The reason for this enhancement is resource stability, as fog-IoT computing devices connect to the network on an ad hoc basis. Another major challenge with fog computing is network capacity. The experimental assessment revealed that the suggested method was capable of improving the false alert rate with DBN, as well as reducing delays and workload reductions in the fog-IoT environment.

Conclusions
In this paper, we have proposed the energy-efficient and secure load balancing technique in an SDN-enabled fog computing environment. Due to the massive increase in IoT devices and user applications, balancing the load in the fog layer is essential. We proposed the energy-aware fog-IoT-based computing architecture and load-balancing technique to improve resource utilization by means of SDN-enabled fog computing at the fog layer and to reduce task migration at the cloud layer. Moreover, we implemented an intrusion detection method to reduce the workload and communication delays in the fog layer. Experiments were conducted in a simulation environment, and the method's performance was assessed considering the energy consumption, average cost, workload reduction, and average response time as metrics. The results were compared with the imbalanced and balanced load balancing techniques. The balanced technique showed improvements in terms of the energy consumption, cost, and average response time. The results of the proposed technique were also compared with those of other baselines methods implemented by other authors. The simulation experiments showed improvements in the average response time, average energy consumption, and communication delays of 15%, 23%, and 10%, respectively. In future works, we propose to extend this work with more security and performance parameters. To address the limitations of the proposed technique, this can be implemented with a real test-bed environment and optimization techniques. In addition, there is a need to improve the integration of IoT, edge, dew, fog, and cloud environments to reduce the workload and delays of the overall network.