A Security-Enhanced Energy Conservation with Enhanced Random Forest Classifier for Low Execution Time Framework (S-2EC-ERF) for Wireless Sensor Networks

: Wireless sensor networks (WSNs) play a pivotal role in diverse applications such as environmental monitoring, industrial automation, healthcare, and smart cities. The motivation behind the development of WSNs stems from their impact in providing real-time data on various environmental parameters. The challenge for WSNs is to achieve strong security and efficient energy saving together. Traditional methods sought to find solutions either through security or energy. In response, this study proposed a secure and energy-efficient framework for enhancing security measures in WSNs while minimizing the impact on energy resources by using the Enhanced Consumed Energy Leach (ECP-LEACH) protocol and the Enhanced Random Forest Classifier for Low Execution Time (ERF-LET) algorithm for attack detection named Security-Enhanced Energy Conservation with ERF-LET (S-2EC-ERF). The integration of the detection algorithm at the node level played a pivotal role in fortifying the security posture of individual nodes by detecting and mitigating potential security threats. Leveraging a comprehensive dataset obtained from NS3 simulations, the ERF-LET algorithm demonstrated its proficiency in differentiating between normal and attack packets, thereby laying a strong foundation for subsequent evaluations, where it achieved an accuracy of 98.193%. The proposed methodology was further validated through real-time simulations conducted on the NS3. The results demonstrated the superiority of the proposed S-2EC-ERF in terms of the packet delivery ratio (PDR), average throughput, end-to-end delay, and mean energy consumption compared to the Security-Enhanced Energy Conservation with Logistic Regression (S-2EC-LR), Security-Enhanced Energy Conservation with Decision Tree (S-2EC-DT), and Security-Enhanced Energy Conservation with AdaBoost (S-2EC-Ada) algorithms.


Introduction
WSNs have emerged as transformative systems combining advancements in wireless communication, miniaturized sensor technology, and low-power computing.Comprising small, autonomous nodes equipped with sensing, processing, and communication capabilities, WSNs are designed for collaborative data collection from the environment [1].Deployed in different applications, including monitoring the environment, as well as automation in industry [2], healthcare [3], and smart cities [4], WSNs provide real-time data on diverse parameters.This ability to monitor and respond to real-time changes in the physical world positions WSNs as invaluable tools for enhancing situational awareness and decision-making processes.
The motivation for this research stems from the dynamic landscape of WSNs, where the demand for robust security and optimal energy efficiency has reached unprecedented levels.Conventional approaches often grapple with challenges in reconciling these two critical aspects, thereby leading to compromises in either security or energy consumption [5].This study is propelled by the need for a comprehensive and innovative methodology that seamlessly integrates both elements, thereby fostering a symbiotic relationship between security and energy efficiency.
Challenges such as energy efficiency, communication protocols, security, and node localization underscore the complexity of WSN design [6].Ongoing trends involve integration with the Internet of Things (IoT), the utilization of machine learning for data analytics, and the exploration of energy harvesting technologies.WSNs continue to evolve and reshape how to monitor and comprehend the surroundings, with ongoing research aimed at enhancing their capabilities and addressing persistent challenges.However, challenges persist in the realm of WSNs, including the optimization of energy consumption [7], ensuring robust security measures, and addressing scalability concerns.Energy efficiency is a critical consideration, given that many sensor nodes operate in remote or inaccessible locations where battery replacement is impractical.Security is paramount to safeguarding the integrity and confidentiality of the transmitted data, especially in applications such as healthcare [8] and critical infrastructure monitoring.
The intricate intersection of security and energy efficiency in WSNs presents a multifaceted challenge.Achieving an optimal balance is nontrivial, as conventional strategies may inadvertently impact either security or energy efficiency, thereby hindering the overall performance of the network.To address this challenge, this study introduces a novel methodology that concurrently enhances security measures and minimizes energy consumption at the node level.
The primary objectives of this research are strategically aligned with the overarching aim of optimizing the delicate balance between energy efficiency and security within WSNs.The research aims to contribute to the field by developing an advanced Artificial Intelligence (AI)-based attack detection algorithm.This algorithm is designed to facilitate real-time threat identification and subsequent mitigation measures.
The structure of this paper is as follows: In Section 2, previous related works are reviewed.In Section 3, energy-efficient routing in WSNs is presented.In Section 4, cybersecurity in WSNs is studied.In Section 5, the proposed methodology is presented in detail.In Section 6, the results are discussed.In Section 7, the study's conclusion is presented.

Related Work
This section focuses on the implementation of artificial intelligence in the context of WSN security.How AI addresses security needs has been studied, and its impact on network performance has been evaluated.The majority of machine learning applications in security have focused on using intrusion detection techniques to gain insight into the flow of packets within a network [9][10][11][12].These machine learning methods contribute to network security by mitigating Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks.Additional assistance is provided in examining virus behavior and mitigating potential threats to data integrity, such as ransomware attacks [13].Moreover, some machine learning algorithms help prevent authentication threats between WSN nodes.
Islam et al. in [14] discovered that more data were needed for machine learning algorithms to be effective in achieving network security and quickly identifying intrusions.Moreover, processing big amounts of data necessitated significant energy expenditures.Stated differently, there exists a trade-off between the greater computational load of the ML algorithm and the energy constraints of the WSN.In WSN settings, it has been suggested that machine learning techniques be deployed centrally to prevent this trade-off.
The two energy efficiency protocols, Energy Efficient Sensor Routing (EESR) and Low Energy Adaptive Clustering Hierarchy (LEACH), were revised in [15].In order to improve energy efficiency, a protocol based on the LEACH subset was combined with a Levenberg-Marquardt neural network (LMNN).The outcomes of the simulation showed that Sub-LEACH outperformed its competitors in terms of energy efficiency.Additionally, a support vector machine (SVM)-based intrusion detection system (IDS) was suggested for the purpose of anomaly detection.Adequate outcomes were attained in relation to energy efficiency, overall latency, and anomaly detection analysis.
The research has mostly dealt with detecting DoS intrusions or power optimization.To make the network fault-tolerant and reliable, researchers [16] presented a hybrid DoS detection algorithm based on energy conservation.Nodes created a dominant connected group to maximize data transfer and avoid packet retransmission.Simulation results revealed that the network lifetime extended to 50%, the packet drop reduced to 50%, and the power usage was less than 3%.A novel Secure Deep Learning (SecDL) approach was developed in [17] with the aim of enhancing energy efficiency.An innovative encryption technique called OT-PRESENT has been developed to ensure robust security for the gathered data.SecDL successfully attained robust security measures, high-quality service delivery, and optimal energy utilization.The NS-3.26 network architecture yielded enhanced network lifetime, packet delivery ratio, throughput, encryption time, and delay.In [18], a trust-based approach to malicious node detection (WT-MND) in clustered WSNs was proposed.Simulation results showed that the WT-MND quickly identified and isolated malicious nodes, temporarily restored the trust of faulty nodes, and calculated a distinct trust update factor for each node based on its behavior without incurring additional energy consumption costs.In [19], an improved deep neural network approach to detect DoS attacks in wireless multimedia sensor networks (WMSNs) was proposed.The necessary parameters of the adaptive particle swarm optimization technique were selected, and the efficiency of this technique was determined by analyzing the packet transmission ratio, power consumption, latency, network length, and throughput.
The ART2 neural network technology was implemented using the EESR protocol, which had been found to be a more effective approach in improving system lifetime.The main obstacle faced by current WSN technology is security.Mittal et al. [20] addressed the issue of intrusion detection in energy-efficient sensor networks by using neural perturbation technology.The algorithm explores enhancing anomaly detection systems through the use of a neurofuzzy approach.The method in [21] involves the use of an SVM for detecting cloning and jamming attacks in WSNs.The BS categorizes nodes as either cloned or normal by evaluating the distance measurements obtained from the IoT devices.Simulation findings have demonstrated that the approach attains a notable level of detection accuracy while simultaneously reducing the occurrence of false positives and minimizing energy consumption.Research [22] focused on energy and security evaluations of neural networks and machine learning in WSNs.The article began with an energy assessment.The LEACH methodology for CH head selection used the LMNN fast learning method.The Dijkstra, Belman-Ford, and BFS shortest path discovery algorithms were applied one by one to enhance the energy parameter.Using deep learning of recurrent and long-term memory, intrusions in the network were detected.The researchers in [23] aimed to dynamically learn about the network by monitoring nodes, packets, and paths to eliminate intruders and enhance data transmission and energy efficiency.Limited machines were set up to learn from rules and patterns, extend their features, and evaluate all paths by improving them and determining their validity.Intruders were eliminated using network algorithm information and LD2FA-PSO, which is an ideal efficient, secure, and energy-efficient routing method for WSNs.In [24], a method for clustering heterogeneous sensor nodes using a genetic algorithm to optimize energy consumption was presented.In DCHGA, the network frame was chosen dynamically after each message transmission round.Balanced power usage extended the life of the network and allowed the sensors to drain power gently.As network deployments become large and complex, energy-efficient methods based on intrusion detection are becoming increasingly important.
Researchers in [25] used MATLAB Simulink and an artificial neural network to improve energy-based intrusion detection.The findings showed how WSN intrusion detection was increased using the enhanced method based on the biological nervous system and how unsecured nodes impaired network behavior and performance.A handful of well-known techniques can withstand many attacks, but the majority just modified routing algorithms to defend the network against one or two.A Machine Learning-Based Energy-Efficient Weighted Clustering method (EES-WCA) was presented by researchers in [26].It blends centralized IDS powered by machine learning with EE-WCA.The technique gathered base station traffic samples and created network clusters without interfering with WSN operations.SVM and Multilayer Perceptron (MLP) machine learning algorithms were employed by the base station to classify traffic data and detect hostile nodes within the network.
Ihasan et al. in [27] proposed an efficient data aggregation method for WSNs using node clustering and extreme learning machine (ELM).Their scheme reduced redundant and erroneous data by employing the Mahalanobis distance-based radial basis function in the ELM's projection stage and the Kalman filter at sensor nodes.Through simulations with real datasets, their approach consistently outperformed existing methods in clustering accuracy and energy efficiency.
Avrajit et al. in [28] proposed an energy-efficient IoT health monitoring system using approximate computing for Wireless Body Sensor Nodes (WBSNs).These nodes are crucial for real-time health monitoring outside hospital settings, thereby employing biosensors to capture signals and wireless transmitters to send data to cloud servers.However, energy constraints limit their operational lifespan.To address this, the authors developed a real-time encoding scheme based on iterative thresholding and the approximation of wavelet coefficients to compress biosignals (such as ECG signals) while retaining clinically important features.Experimental results demonstrated a significant 96% improvement in system-level energy efficiency, with a minimal impact on signal quality (2%).
Reddy et al. in [29] addressed the importance of computer-aided patient health monitoring, thus emphasizing the role of body wearable sensor nodes and sensor networks in collecting health-related data.They highlighted the critical nature of timely data transmission in these networks and the need for efficient monitoring systems to identify diverse symptoms without invasive instruments.The proposed scheduling strategy, termed Data Aggregation and Precedence by Delay Sensitivity (DAP-DS), aims to schedule collected messages from various sensors based on the critical objective of delay sensitivity.Additionally, the study suggested methods to minimize controller waiting time.Through simulation studies, the robustness and scalability of the proposed scheduling scheme were demonstrated.
Altamimi et al. in [30] addressed the challenge of energy consumption in WBSNs by proposing an adaptive routing protocol based on ant optimization techniques.This protocol aims to efficiently distribute energy utilization among nodes, thus extending the nodes' lifecycle and preventing potential tissue damage in patients' bodies.The authors compared their proposed protocol with the conventional LEACH routing protocol to demonstrate its effectiveness in prolonging node lifespan.Experimental validation using a network setup confirmed the efficiency of the proposed algorithm, thereby showing significant reductions in energy consumption compared to conventional and developed routing protocols.
Jaber et al. in [31] proposed an adaptive rate energy-saving data collecting technique, AREDaCoT, for efficient health monitoring in WBSNs.With the aim of reducing costs in healthcare systems, WBSNs offer continuous remote monitoring of patient health.AREDa-CoT optimized data transmission by removing redundancy and adapting sampling rates based on patient risk levels.Through simulations on real health datasets, AREDaCoT demonstrated significant energy savings while preserving data accuracy and integrity compared to existing approaches.

Energy-Efficient Routing in WSN
In a WSN, the finite energy [32] resources available to nodes necessitate strategic energy conservation measures to extend the network's overall lifetime.The challenge lies in determining when to transition nodes into a sleep state during periods of inactivity to minimize power consumption.To address this, the ECP-LEACH protocol [33] has been developed for WSNs.The protocol employs a threshold mechanism to determine the opportune moments for transitioning nodes into sleep mode.At each round, the consumed energy of nodes is compared to a predetermined threshold value, and nodes exceeding this threshold are put to sleep.
The sleep scheduling module and the threshold monitoring module form the foundation of the ECP-LEACH protocol.Figure 1 describes the workflow of the ECP-LEACH protocol.By closely monitoring each node's power usage during a duty cycle, the threshold monitoring module serves as a monitor for the network's nodes.This module assesses each node's power consumption with a predetermined threshold.The module puts the node to sleep if its power consumption rises above this threshold.The main goal of this method is to figure out how much energy each node uses in each duty cycle.At the same time, the sleep scheduling module plays a role in coordinating the sleep of the nodes.This module employs a scheduling technique when it receives sleep signals from the threshold monitoring module.The nodes' current power levels and communication histories are used to determine which nodes will enter sleep mode and remain there until the duty cycle concludes.This method of controlling a node's sleep and active states helps to save power usage without sacrificing operational effectiveness.
The ECP-LEACH protocol's adaptation to noncluster master nodes is one of its most notable features.This strategy's justification stems from the function of cluster master nodes in controlling network traffic and data distribution.Applying sleep modes to these nodes arbitrarily may result in poor network performance and connectivity problems.Therefore, the protocol strikes a compromise between energy conservation and a reliable network connection by only applying the threshold and sleep scheduling method to noncluster master nodes.This helps keep the network from being congested and makes sure everything works properly.
ECP-LEACH is a paradigm shift in WSN energy consumption management.The protocol creates a balance between node states by combining a sleep scheduling module and a threshold monitoring module and applying it consistently to noncluster master nodes.It guarantees substantial energy savings and prolongs the life of the network without sacrificing performance or connectivity.Notably, the ECP-LEACH works well for applications that require energy efficiency like environmental monitoring and forest fire detection [34].

Cybersecurity in WSN
WSNs represent a crucial technology in various applications ranging from environmental monitoring to healthcare and industrial automation.As these networks become increasingly integral to our interconnected world, the need for robust cybersecurity measures becomes paramount [35].
DDoS attacks in WSNs have emerged as a critical concern [36] due to the unique characteristics of these networks.WSNs are designed to operate in resource-constrained environments where sensor nodes are equipped with limited computational power, energy resources, and communication bandwidth.The cooperative nature of sensor nodes, which collaborate to collect and disseminate information, renders the network susceptible to malicious exploitation.DDoS attacks in WSNs typically involve the coordinated inundation of the network with a high volume of spurious data, thus causing congestion, communication bottlenecks, and resource exhaustion [37].The consequences of such attacks are far-reaching, as they can disrupt the normal functioning of the WSN, compromise data integrity, and render the sensor nodes ineffective in fulfilling their designated sensing and communication tasks.
Given the inherent vulnerabilities of WSNs, addressing the challenges posed by DDoS attacks requires a multidimensional approach.The design of energy-efficient and resilient communication protocols is crucial to ensuring the serviceability of the network under adversarial conditions.Additionally, strategies for secure node authentication, anomaly detection, and adaptive routing algorithms are being explored to fortify WSNs against the evolving landscape of DDoS threats.As WSNs continue to find applications in diverse domains such as environmental monitoring, healthcare, and industrial automation, safeguarding their functionality from malicious disruptions becomes paramount for ensuring the reliability and efficacy of these critical systems.
The Enhanced Random Forest Classifier Achieving the Best Execution Time (ERF-ABE) algorithm [38] has emerged as a specialized solution meticulously crafted to safeguard the intricate landscape of the Internet of Medical Things (IoMT) from the menace of DDoS and Delay attacks.Unveiling a nuanced approach, the algorithm introduces the ERF-ABE.This classifier is ingeniously designed to not only identify but also effectively counteract these sophisticated attacks prevalent in healthcare scenarios.
The algorithm's design involves careful consideration, as it adeptly navigates the challenging terrain of the IoMT, where data integrity and patient safety are paramount.
ERF-ABE demonstrates a remarkable equilibrium between high accuracy and sensitivity, which is critical for discerning subtle attack patterns, while concurrently prioritizing minimized execution time.Notably, the incorporation of Principal Component Analysis (PCA) further enhances the algorithm's prowess by streamlining feature selection, reducing dimensionality, and optimizing overall performance.
In its role as a sentinel for IoMT networks, the ERF-ABE algorithm stands as a beacon of resilience against cyber threats, thus ensuring the robustness and reliability of medical data transmission.The research's meticulous delineation of the algorithm's features, coupled with its emphasis on fortifying the IoMT landscape, offers valuable insights for both current and future endeavors in the dynamic realm of medical cybersecurity.As the healthcare sector continues to evolve, the ERF-ABE algorithm paves the way for novel approaches and sets a precedent for advanced, efficient, and secure solutions in the protection of sensitive medical data.
On the other hand, there are common security algorithms that are considered competitors to the ERF-ABE.The following are among the algorithms that are considered common in terms of security: • Logistic Regression (LR): A statistical technique for binary categorization.It estimates the likelihood that an event will occur by modeling the connection between a dependent binary variable and one or more independent factors [39].• Decision Tree (DT): Applied to both regression and classification, a decision tree is an algorithm that resembles a tree.It divides a dataset into more manageable subsets according to several standards, thus forming a tree structure with each leaf node denoting the ultimate choice or result [40].• AdaBoost: AdaBoost is an ensemble learning method that builds a strong learner by aggregating the predictions of several weak learners.By giving distinct weights to each instance in the dataset and highlighting the incorrectly categorized examples in every iteration, it enhances the overall performance of the algorithm [41].

Methodology
In this section, the study delved into the methodological framework underpinning this study's research endeavors.The methodology boiled down to three main stages: dataset collection and ERF-LET training, the proposed S-2EC-ERF framework, and simulation experiments.

Dataset Collection
The process of data collection involved executing five distinct scenarios within the NS3 simulator, which facilitated the examination of network behaviors under different attack configurations.In each scenario, a carefully calibrated mix of normal and attack nodes was employed to simulate varying cyberthreat landscapes.The scenarios were strategically designed with incremental increases in the number of attack nodes and corresponding decreases in the number of normal nodes, thereby creating a spectrum of network scenarios to analyze.The orchestrated simulations allowed for the observation of packet transmission dynamics among nodes.
During the simulations, each node actively participated in sending packets to other nodes, and a plethora of crucial parameters were systematically recorded.These parameters included the source and destination IP addresses, thus reflecting the communication paths within the simulated network.The data rate denoted the speed at which packets were transmitted, while the metrics of total the transmitted and received packets and bytes captured the volume of information exchanged between nodes.Additionally, the simulations meticulously tracked the number of packets and bytes dropped, lost packets, and delays associated with the transmission process.One noteworthy aspect of the recorded information was the assignment of labels to each node.These labels served as a critical attribute indicating whether a particular node was classified as normal (assigned a label of 0) or an attacker (assigned a label of 1).This labeling mechanism was pivotal for subsequent analysis, thus enabling the differentiation between benign and malicious nodes in the dataset.Table 1 shows the dataset features.Upon the completion of all five scenarios, the individual datasets were aggregated into a comprehensive dataset encompassing 15,217 samples.Each sample was characterized by 14 columns representing the diverse set of parameters recorded during the simulations.This amalgamated dataset now serves as a robust foundation for in-depth analyses, thus offering insights into the intricate dynamics of network behavior under varying cyberthreat scenarios.
This study made modifications to the ERF-ABE algorithm by tailoring it to better suit the specific characteristics of the dataset.Notably, adjustments were made to key parameters, such as setting the max_features parameter to four and the random_state to 14.These alterations resulted in a refined version of the algorithm called ERF-LET, which was optimized to accommodate the nuances of the dataset and enhance its performance.
The training of ERF-LET, DT, LR, and AdaBoost is described in Figure 2. A meticulous preprocessing phase was undertaken on the comprehensive dataset obtained from the orchestrated NS3.27 simulations.The initial step involved separating the label column from the dataset, which is a critical task to distinguish between normal and attacker nodes during the training process.To streamline the input features, the 'destinationAddress' and 'DataRate' columns were dropped, thus focusing on essential parameters for training.Given the categorical nature of the 'sourceAddress' column, a label encoder was applied to encode the information for ensuring compatibility with the algorithm.Subsequently, the MinMaxScaler was employed to normalize the dataset to bring it within a standardized range of (−1, 1).This step is instrumental in mitigating the impact of varying scales among different parameters, thereby facilitating a more uniform learning process for ERF-LET, DT, LR, and AdaBoost.To assess the classifier's generalization performance, the dataset was divided into training (80%) and testing (20%) sets, with 12,174 samples for training and 3043 samples for testing.The ERF-LET, DT, LR, and AdaBoost algorithms were then trained on the designated training set, thus leveraging the preprocessed data to learn the intricate patterns of normal and malicious network behaviors.The evaluation on the test set demonstrated the efficacy of ERF-LET, thereby achieving a commendable accuracy of 98.193%.DT, LR, and AdaBoost obtained accuracies of 88.531%, 87.742%, and 93.033% respectively.This rigorous training and evaluation process establishes the classifier's proficiency in discerning cyberthreat scenarios within WSNs, thereby laying the foundation for robust intrusion detection capabilities.

The Proposed S-2EC-ERF Framework
In response to the dual challenges of security and optimizing energy consumption in WSNs, this study introduces the S-2EC-ERF framework.This innovative approach combines the strengths of the ERF-LET algorithm for node-level security and the ECP-LEACH for network-level energy efficiency.The S-2EC-ERF framework addresses the inherent challenges faced by WSNs by concurrently fortifying the security posture of individual nodes and optimizing energy consumption at the network level.This section presents a comprehensive solution that leverages the unique capabilities of S-2EC-ERF, thereby ensuring a delicate balance between security and energy efficiency.
Applying security algorithms at the edge level offers several benefits: • Security algorithms deployed at the edge can analyze and respond to security threats in real-time without needing to send data to centralized servers for processing.This reduces the latency associated with sending data to a remote location for analysis and decision making.• By processing sensitive data locally at the edge, security algorithms can help maintain data privacy by reducing the need to transmit sensitive information to centralized servers.This minimizes the risk of data breaches and unauthorized access during data transmission.

•
Edge devices can distribute the computational load of security algorithms, thus allowing for the scalable and efficient processing of security tasks across a distributed network.This scalability is particularly beneficial in large-scale deployments where centralized processing may become a bottleneck.

•
Edge-based security algorithms can continue to operate even in the event of network failures or disruptions.By decentralizing security processing, the network becomes more resilient to outages, thereby ensuring continuous protection against security threats.
Machine learning algorithms played a pivotal role at the node level, thus serving as an advanced defense mechanism against potential security threats.Tailored to detect and counteract sophisticated attacks, the ERF-LET algorithm works at the node level in real-time, thereby identifying DDoS attacks efficiently.The ERF-LET algorithm's resource-efficient design is well-suited for WSNs, thereby enhancing the security posture by minimizing the risk of single points of failure and ensuring timely identification and response to malicious activities.The ERF-LET algorithm was applied to every node in the network.Each node examined all the data received from the rest of the nodes to determine whether there was an attack or not.If an attack was diagnosed, the sending node was identified as an attack node, and the data received from the attack node were dropped.The operation of the S-2EC-ERF framework involves the following steps, as shown in Figure 3: The integration of the ERF-LET algorithm and ECP-LEACH within the S-2EC-ERF framework creates a holistic approach to WSN security and efficiency.The ERF-LET algorithm focuses on node-level security through real-time threat detection, while ECP-LEACH contributes to network-level energy conservation.This collaborative implementation ensures a balanced and resilient WSN architecture, thereby effectively addressing both security and energy efficiency challenges.

Simulation Experiments
NS3 is an essential for network research and development, especially when it comes to simulating intricate networks like Mobile Ad Hoc Networks (MANETs).NS3 is well known for its extensive emulation features, which let researchers precisely simulate and examine the behavior of different kinds of networks in many scenarios.Its significance is further shown by the fact that NS3 is widely used in academia to test network protocols, create network topologies, and carry out performance assessments.NS3 can model network traffic and topology realistically and implements networking protocols in great detail.Its adaptable architecture also makes it possible to incorporate actual devices and applications into the simulation environment, thus offering a strong foundation for in-depth network research.Thus, NS3 can make solutions by creating a more dependable and efficient network in addition to facilitating a greater understanding of network dynamics.
NetAnim is an essential part of the NS3 simulator, which acts as a GUI tool.Ne-tAnim improves the analysis and comprehension of network simulations.Its main task is to graphically depict the movements and network protocol dynamics in a variety of simulated environments.
The NS3.27 simulator was used to perform the simulation.The network is configured to replicate the dynamics of a WSN comprising 100 nodes for 50 s, with each initially equipped with 200 joules of energy.The energy consumption is set at 0.00174 joules per transmitted packet, thereby reflecting the realistic constraints and considerations inherent in WSNs, where the energy resources available to nodes are restricted.To optimize energy efficiency within the network, the ECP-LEACH routing protocol was employed.The ECP-LEACH routing protocol utilizes a threshold mechanism to identify opportune moments for transitioning nodes into a sleep state during periods of inactivity.This strategic approach significantly contributes to extending the overall lifetime of the network.
The network configuration also incorporated a base station.The nodes send packets to the base station.Each node is assigned a mobility characteristic known as a Random Rectangle Position, with a speed of 20 m/s, within an area of 1000 m × 1000 m.The simulation encompasses five scenarios, detailed in Table 2, which aim to comprehensively examine the network's behavior under varying cyber threat landscapes.These scenarios progressively adjust the ratio of normal nodes to attack nodes, thus creating a spectrum of network configurations for analysis.The network parameters are shown in Table 3. Figure 4 shows the designed simulation network.The simulation was generated graphically using the NetAnim tool, where the blue color represents the normal nodes, and the red color represents the attack nodes.Four experiments were performed at the node level to choose the best framework for security and energy efficiency.These experiments are the following:

•
First experiment: The ERF-LET algorithm was used in the proposed framework for attack detection; this experiment is referred to as the S-2EC-ERF framework.

•
Second experiment: The LR algorithm was applied in the proposed framework; this experiment is referred to as the S-2EC-LR framework.

•
Third experience: The DT algorithm wasdeployed in the proposed framework; this experiment is referred to as the S-2EC-DT framework.

•
Fourth experience: The AdaBoost algorithm performed in the proposed framework; this experiment is referred to as the S-2EC-Ada framework.

Results
In this section, the study presents a comprehensive set of metrics selected to evaluate the efficacy and performance of the S-2EC-ERF framework in comparison with other existing frameworks.These metrics were meticulously chosen to provide a holistic assessment of the S-2EC-ERF framework's capabilities and to facilitate a meaningful comparison with related works in the field of wireless communication and machine learning.The evaluation encompassed key performance indicators, including accuracy, packet delivery ratio, average throughput, and mean energy consumption, which collectively offered insights into the framework's reliability, efficiency, and resilience in diverse operating conditions.Additionally, a comparison was conducted between the S-2EC-ERF and relevant existing works, thereby aiming to elucidate the distinguishing features, strengths, and potential limitations of the proposed framework.By scrutinizing these metrics and conducting comparative analyses, the study aimed to contribute to a deeper understanding of the S-2EC-ERF framework's contributions and its comparative effectiveness within the broader landscape of machine learning-based solutions for wireless communication systems.

Performance Metrics
• Energy Consumption: This is a critical parameter, particularly in resource-constrained environments.This metric gauges the energy expended by network devices during communication processes.The efficient management of power consumption is essential for extending the operational lifespan of battery-powered devices and reducing the overall environmental impact associated with energy usage.• Throughput: This is a fundamental measure of network performance representing the volume of data successfully transmitted over the network within a specified timeframe.Higher throughput values indicate improved network capacity and efficiency in handling data transfer, thereby contributing to enhanced overall performance.The equation for throughput is shown in Equation ( 2): • End-to-End Delay: This is a temporal metric that evaluates the total time taken for a packet to travel from its source to its destination.This metric encompasses both transmission and processing delays and is particularly relevant for applications with stringent latency requirements, such as real-time communication or multimedia streaming.Minimizing the end-to-end delay is crucial for ensuring timely and seamless data delivery.The equation for end-to-end delay is shown in Equation • Accuracy: This is a metric used to evaluate the performance of a classification algorithm.It is defined as the ratio of correctly predicted instances to the total instances in a dataset.In the context of machine learning, accuracy is often expressed as a percentage.The formula for accuracy is shown in Equation ( 4):

Simulation Experiments Results
In this section, simulation experiments are conducted for four types of frameworks named S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada.The utilization of multiple algorithms within the S-2EC framework allows for a comprehensive exploration of its capabilities across various learning algorithms.This study aimed to evaluate the effectiveness and performance of the S-2EC-ERF framework on real time accuracy, packet delivery ratio, average throughput, mean power consumption, and end-to-end delay to shed light on its robustness and applicability.Through these simulation experiments, this study seeks to gain insights into the comparative strengths and weaknesses of each framework, thereby contributing to a deeper understanding of the overall efficacy in practical applications.
The comparison in terms of accuracy in real-time simulation across different numbers of attack nodes for S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada provides valuable insights into the performance, as shown in Figure 5. Initially, it is notable that S-2EC-ERF consistently achieved high accuracy levels across all scenarios, thereby maintaining a near-perfect accuracy rate of 99% for most scenarios.This consistency suggests that S-2EC-ERF is robust in accurately detecting and mitigating attacks in real-time simulations across varying numbers of attack nodes.However, the performance of the other methods, S-2EC-LR, S-2EC-DT, and S-2EC-Ada, exhibited more variability.While S-2EC-LR and S-2EC-DT started with relatively high accuracy levels at 96% and 93%, respectively, for five attack nodes, their accuracy decreased as the number of attack nodes increased.Particularly, S-2EC-LR showed a gradual decline in accuracy with increasing attack nodes, reaching 81% accuracy for 20 attack nodes.S-2EC-DT followed a similar trend, thereby dropping to 86% accuracy for 25 attack nodes.This indicates that these methods may struggle to maintain consistent accuracy levels as the complexity of the attack scenario increases.On the other hand, S-2EC-Ada exhibited slightly lower accuracy compared to the other methods, with accuracy ranging from 95% to 90% across different numbers of attack nodes.While its accuracy was generally lower compared to S-2EC-ERF, S-2EC-Ada showed more stability in performance across different attack scenarios compared to S-2EC-LR and S-2EC-DT.These results highlight the importance of robustness and consistency in intrusion detection, particularly in real-time simulations where accuracy is crucial for timely threat mitigation.In terms of packet delivery ratios, the study evaluated the S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada across varying numbers of attack nodes (5, 10, 15, 20, and 25), wherein discernible trends emerged, as shown in Figure 6.S-2EC-ERF consistently demonstrated the highest packet delivery ratios among all the algorithms.At 5 attack nodes, S-2EC-ERF achieved a packet delivery ratio of 93%, which gradually decreased to 76% as the number of attack nodes increased to 25.Similarly, S-2EC-LR and S-2EC-DT exhibited declining packet delivery ratios as the number of attack nodes increased, but they generally maintained lower delivery ratios compared to S-2EC-ERF.S-2EC-Ada consistently yielded the lowest packet delivery ratios across all scenarios, with values ranging from 78% at 5 attack nodes to 61% at 25 attack nodes.These findings underscore the superior resilience of S-2EC-ERF in maintaining packet delivery in the presence of attacks compared to S-2EC-LR, S-2EC-DT, and S-2EC-Ada.
When the average throughput performance was compared between S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada across different numbers of attack nodes, distinct trends emerged, as shown in Figure 7. S-2EC-ERF consistently maintained relatively high average throughput values across all scenarios, thereby indicating its efficiency in data transmission even under adversarial conditions.At 5 attack nodes, S-2EC-ERF exhibited an average throughput of 177.739KBPS, which remained consistently high as the number of attack nodes increased, reaching 167.429KBPS at 25 attack nodes.Similarly, S-2EC-LR, S-2EC-DT, and S-2EC-Ada demonstrated comparable average throughput values, with marginal variations observed across different numbers of attack nodes.However, these frameworks generally exhibited slightly lower average throughput rates compared to S-2EC-ERF.S-2EC-LR, S-2EC-DT, and S-2EC-Ada exhibited average throughput values ranging from 177.485 KBPS to 167.11 KBPS at 5 attack nodes and from 187.191 KBPS to 166.947 KBPS at 25 attack nodes.These findings suggest that while S-2EC-ERF excels in maintaining high data transmission rates, the other frameworks may experience slight reductions in throughput under similar attack conditions.

Comparison with Related Work
This study compared S-2EC-ERF with EES-WCA-SVM and EES-WCA-MLP in [26].
When analyzing the packet delivery ratio in the shade of varying numbers of attack nodes ranging from 5 to 25, significant disparities became apparent among S-2EC-ERF, EES-WCA-SVM, and EES-WCA-MLP, as depicted in Figure 10.S-2EC-ERF consistently demonstrated higher packet delivery ratios across varying numbers of attack nodes.When confronted with five attack nodes, S-2EC-ERF achieved a packet delivery ratio of 93%, thereby surpassing EES-WCA-SVM by 14 percentage points and EES-WCA-MLP by 11 percentage points.This trend persisted as the number of attack nodes increased, with S-2EC-ERF maintaining higher packet delivery ratios of 89%, 85%, 81%, and 76% compared to EES-WCA-SVM and EES-WCA-MLP in all scenarios.These findings underscore the robustness of S-2EC-ERF in mitigating the adverse effects of malicious nodes on packet delivery, thereby suggesting its potential effectiveness in ensuring reliable communication in the presence of network attacks.When examining the mean energy consumption across different numbers of attack nodes (5, 10, 15, 20, and 25), significant differences in energy efficiency emerged between S-2EC-ERF, EES-WCA-SVM, and EES-WCA-MLP, as depicted in Figure 12.S-2EC-ERF consistently demonstrated significantly lower mean energy consumption values compared to both EES-WCA-SVM and EES-WCA-MLP across all scenarios.At five attack nodes, S-2EC-ERF exhibited a mean energy consumption of 10.3505 J, while EES-WCA-SVM and EES-WCA-MLP consumed substantially higher energy, with values of 21 J and 18 J, respectively.As the number of attack nodes increased, S-2EC-ERF maintained relatively low mean energy consumption values, ranging from 10.3505 J to 10.8479 J. Conversely, both EES-WCA-SVM and EES-WCA-MLP demonstrated increasing energy consumption as the number of attack nodes increased, with EES-WCA-SVM consuming energy ranging from 21 J to 29 J, and EES-WCA-MLP ranging from 18 J to 28 J.These findings underscore the superior energy efficiency of S-2EC-ERF compared to EES-WCA-SVM and EES-WCA-MLP.Table 4 shows a comparison between the related works and S-2EC-ERF in terms of energy remaining and accuracy, thereby highlighting the effectiveness of S-2EC-ERF compared to existing approaches.Looking at the energy remaining, the related works exhibited varying levels ranging from 50% to 96%.These values suggest that some existing methods are relatively effective in conserving energy, while others may have limitations in this regard.In contrast, S-2EC-ERF demonstrated notably higher energy remaining at 94.7%, thereby indicating its efficiency in energy management and surpassing most of the related works.When considering accuracy, a similar pattern emerged.The related works showed a range of accuracy percentages from 31.5% to 92%.This wide variance underscored the diversity in the effectiveness of different approaches in accurately detecting and mitigating attacks.S-2EC-ERF, on the other hand, boasted a significantly higher accuracy of 98.193%, thereby surpassing the accuracy levels of all the related works.
These results suggest that S-2EC-ERF exhibits high percentages of energy remaining and accuracy.Its superior performance indicates better energy efficiency and more reliable attack detection capabilities, thus positioning it as a leading solution.

Related Works
Energy-Remaining (%) Accuracy (%) [27] 80 79 [28] 96 92 [29] 50 31.5[30] 67 62 [31] 76 70 S-2EC-ERF 94.7 98.193 While the S-2EC-ERF framework displayed potential in simulations, accurately replicating real-world complexities in such environments proved challenging due to various resource constraints, including financial, security, and time limitations.However, the components of the proposed framework consistently exhibited behavior in both simulated and real-world settings, thereby mitigating the impact of differences between simulation and reality on evaluating the system's effectiveness.

Conclusions
In conclusion, this study introduced a framework for enhancing security measures in WSNs while minimizing the impact on energy resources by utilizing the ECP-LEACH protocol and ERF-LET algorithm, referred to as S-2EC-ERF.The integration of the ERF-LET algorithm at the node level played a pivotal role in fortifying the security posture of individual nodes, thus achieving an exceptional accuracy of 98.193% in detecting and mitigating potential security threats.Leveraging a comprehensive dataset obtained from orchestrated NS3 simulations, the ERF-LET algorithm demonstrated its proficiency in differentiating between legitimate and malicious packets, thereby laying a strong foundation for subsequent evaluations.The proposed framework was further validated through real-time simulations conducted on NS3.The results demonstrated the superiority of the proposed framework in terms of the packet delivery ratio, average throughput, end-to-end delay, mean energy consumption, and accuracy.The commendable performance in the average throughput and end-to-end delay highlights the efficiency of S-2EC-ERF in maintaining data transfer rates and communication latency, even in adversarial conditions.Additionally, S-2EC-ERF exhibited lower average energy consumption compared to other frameworks, thus emphasizing its energy-efficient nature.These findings collectively position the proposed framework as a promising and resilient solution for securing WSNs under diverse attack scenarios.The ERF-LET algorithm's accuracy in detecting security threats contributes significantly to the robustness of the overall approach, thereby providing a harmonious balance between security and energy efficiency.This research significantly advances the discourse on securing WSNs and sets the stage for further developments in the field, thereby contributing to the ongoing evolution of WSNs.

Figure 2 .
Figure 2. Training ERF-LET, DT, LR, and AdaBoost on the generated data from NS3.

Figure 3 .
Figure 3.The proposed S-2EC-ERF framework.• ERF-LET Initialization: The ERF-LET algorithm is trained using relevant data to distinguish between normal behavior and potential security threats, particularly DDoS attacks.The algorithm is designed to capture patterns indicative of various attacks, thus making it a robust defense mechanism.• Deploying ERF-LET on each Node: The trained ERF-LET algorithm is deployed to every node within the WSN.Each node is equipped with the ERF-LET to enable local analysis and decision making.• Sending Data Between Nodes using the ECP-LEACH Protocol: Data are exchanged between nodes using the ECP-LEACH protocol, because it achieves the task of saving energy for each node.The ECP-LEACH strategically manages the sleep states of nodes, thereby utilizing a sophisticated threshold mechanism to transition nodes into a sleep state when their energy consumption surpasses predefined levels.The sleep scheduling module optimizes energy usage, thereby extending the overall network lifetime and ensuring efficient resource utilization.• Data Processing: When data arrive at a node, the data are processed to be entered into ERF-LET, and a statement of the data's status is given.Processing includes encoding operations for categorical values and standardization operations.• Attack Detection: The ERF-LET algorithm uses its learning from the training phase to detect patterns associated with security attacks, especially DDoS attacks.If the ERF-LET identifies a specific node's behavior as indicative of an attack, that node is labeled as an "attack node" and drops or discards data originating from it.If the ERF-LET detects no attack, no action will be taken on the data.

•
Packet Delivery Ratio (PDR): This is a vital metric in WSNs that quantifies the proportion of successfully delivered packets to the total packets transmitted.It serves as a key indicator of the network's reliability and effectiveness in ensuring the accurate transfer of data from source to destination.The equation for the PDR is shown in Equation (1): Packet Delivery Ratio = Number o f Packets Received Total Number o f Packets * 100

(
Packet Receive Time n − Packet Send Time n )

Figure 7 .
Figure 7.Comparison of average throughput between S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada.During the assessment of the mean energy consumption across varying numbers of attack nodes, distinct trends surfaced regarding the energy efficiency of S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada, as illustrated in Figure8.S-2EC-ERF consistently demonstrated the lowest mean energy consumption values among the methods considered, thus indicating its effectiveness in managing energy resources efficiently.At five attack nodes, S-2EC-ERF exhibited a mean energy consumption of 10.3505 J, which remained relatively consistent across different numbers of attack nodes, with values ranging from 10.3505 J to 10.8721 J. Conversely, S-2EC-LR, S-2EC-DT, and S-2EC-Ada displayed higher mean energy consumption values, with varying degrees of fluctuations observed across different attack scenarios.While S-2EC-LR and S-2EC-DT generally exhibited similar mean energy consumption patterns, with values ranging from 11.8705 J to 12.3921 J and 11.6405 J to 12.1621 J, respectively, S-2EC-Ada demonstrated slightly lower mean energy consumption, with values ranging from 11.6405 J to 12.1621 J.These findings suggested that while S-2EC-ERF excelled in energy efficiency, the other methods may have incurred relatively higher energy costs in detecting and mitigating attacks.

Figure 9
Figure 9 presents the evaluation of the end-to-end delay performance of S-2EC-ERF, S-2EC-LR, S-2EC-DT, and S-2EC-Ada across varying numbers of attack nodes (5, 10, 15, 20, and 25).S-2EC-ERF consistently demonstrated lower end-to-end delay values compared to the other frameworks, thereby indicating its efficiency in minimizing communication latency.At five attack nodes, S-2EC-ERF exhibited an end-to-end delay of 17.8231 MS, which remained relatively stable across varying numbers of attack nodes, with values ranging from 16.294 MS to 20.5767 MS.Conversely, S-2EC-LR, S-2EC-DT, and S-2EC-Ada displayed higher end-to-end delay values, with noticeable fluctuations observed across different attack scenarios.While S-2EC-LR and S-2EC-DT generally exhibited similar endto-end delay patterns, with values ranging from 23.8412 MS to 26.8209 MS and 25.2798 MS to 28.2501 MS, respectively, S-2EC-Ada demonstrated slightly higher end-to-end delay, with values ranging from 25.5866 MS to 29.4453 MS.

Figure 11
Figure11depicts a comparison of S-2EC-ERF with EES-WCA-SVM and EES-WCA-MLP concerning average throughput across different numbers of attack nodes(5, 10, 15, 20,  and 25).S-2EC-ERF consistently demonstrated significantly higher average throughput values compared to both EES-WCA-SVM and EES-WCA-MLP across all scenarios.At five attack nodes, S-2EC-ERF achieved an average throughput of 177.739KBPS, while EES-WCA-SVM and EES-WCA-MLP exhibited substantially lower throughputs of 110 KBPS and 122 KBPS, respectively.As the number of attack nodes increased, S-2EC-ERF maintained relatively high average throughputs, thus ranging from 187.87 KBPS to 167.429 KBPS.In contrast, both EES-WCA-SVM and EES-WCA-MLP demonstrated decreasing throughput values as the number of attack nodes increased, with EES-WCA-SVM yielding throughputs ranging from 100 KBPS to 83 KBPS and EES-WCA-MLP ranging from 110 KBPS to 95 KBPS.These findings underscore the superior efficiency of S-2EC-ERF in data transmission under adversarial conditions compared to EES-WCA-SVM and EES-WCA-MLP.

Table 3 .
The simulation parameters.

Table 4 .
Comparison between S-2EC-ERF and related works in terms of energy remaining and accuracy.