Received 30 January 2024, accepted 27 February 2024, date of publication 1 March 2024, date of current version 8 March 2024.

Digital Object Identifier 10.1109/ACCESS.2024.3372187

A Situation Based Predictive Approach for

Cybersecurity Intrusion Detection and
Prevention Using Machine Learning
and Deep Learning Algorithms in
Wireless Sensor Networks of
Industry 4.0
FATIMA AL-QUAYED 1, ZULFIQAR AHMAD 2, AND MAMOONA HUMAYUN 3
1 Department of Computer Science, College of Computer and Information Sciences, Jouf University, Sakaka 72388, Saudi Arabia
2 Department of Computer Science and Information Technology, Hazara University, Mansehra 21300, Pakistan
3 Department of Information Systems, College of Computer and Information Sciences, Jouf University, Sakaka 72388, Saudi Arabia

Corresponding authors: Fatima Al-Quayed ([email protected]) and Mamoona Humayun ([email protected])

This work was supported by the Deanship of Scientific Research at Jouf University through the Fast-track Research Funding Program.

ABSTRACT Industry 4.0 is fundamentally based on networked systems. Real-time communication between
machines, sensors, devices, and people makes it easier to transmit the data needed to make decisions.
Informed decision-making is empowered by the comprehensive insights and analytics made possible by this
connectedness in conjunction with information transparency. Industry 4.0-based wireless sensor networks
(WSNs) are an integral part of modern industrial operations however, these networks face escalating cyber-
security threats. These networks are always vulnerable to cyber-attacks as they continuously collect data and
optimize processes. Increased connections make people more susceptible to cyberattacks, necessitating the
use of strong cybersecurity measures to protect sensitive data. This study proposes a predictive framework
intended to intelligently prioritize and prevent cybersecurity intrusions on WSNs in Industry 4.0. The
proposed framework enhances the cybersecurity of WSNs in Industry 4.0 using a multi-criteria approach.
It implements machine-learning and deep-learning algorithms for cybersecurity intrusion detection in WSNs
of Industry 4.0 and provides prevention by assigning priorities to the threats based on the situation and
nature of the attacks. We implemented three models, i.e., Decision Tree, MLP, and Autoencoder, as proposed
algorithms in the framework. For multidimensional classification and detection of cybersecurity intrusions,
we implemented Decision Tree and MLP models. For binary classification and detection of cybersecurity
intrusions in WSNs of Industry 4.0, we implemented Autoencoder model. Simulation results show that
the Decision Tree model provides an accuracy of 99.48%, precision of 99.49%, recall of 99.48%, and F1
score of 99.49% in the detection and classification of cybersecurity intrusions. The MLP model provides
an accuracy of 99.52%, precision of 99.5%, recall of 99.5%, and F1 score of 99.5% in the detection and
classification of cybersecurity intrusions. The implementation of Autoencoder with binary classification
yields an accuracy of 91%, a precision of 92%, a recall of 91%, and an F1 score of 91%. The benchmark
models, i.e., Random Forest (RF) for multidimensional classification and Logistic Regression (LR) for binary
classification, have also been implemented. We compared the performance of the benchmark models with
the models implemented in the proposed framework, revealing that the models in the proposed framework

The associate editor coordinating the review of this manuscript and

approving it for publication was Emanuele Lattanzi .

2024 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
34800 For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ VOLUME 12, 2024
F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

significantly outperformed the benchmark models. The framework presents an intelligent prioritizing methodology
that is significant for effectively identifying and addressing high-risk intrusions. The proposed framework imple-
ments a proactive preventive system that functions as a strong defensive wall by quickly putting countermeasures
in place to eliminate threats and increase network resilience.

INDEX TERMS Cybersecurity, WSN, detection, prediction, intrusions, machine learning and deep learning.

I. INTRODUCTION environments [15], [16]. These networks play a key role in the
Industry 4.0 denotes a paradigm shift in the manufactur- collection, transmission, and analysis of real-time data that
ing and industrial processes, defined by the combination is essential for process optimization and decision-making.
of automation, data sharing, and digital technologies [1], They serve as the industrial setup’s nerve center, gathering
[2]. It expands on previous industrial revolutions, which data from multiple locations, including motion, temperature,
included the utilization of steam power and water, electric- pressure, and other characteristics. The capacity of WSNs to
ity, and computers, and now unites the digital, biological, create smooth communication between devices, systems, and
and physical domains [2], [3]. Industry 4.0 is fundamen- people is one of its main advantages. The Industrial Internet
tally based on networked systems. Real-time communication of Things (IIoT), which provides a thorough and integrated
between machines, sensors, devices, and people makes view of the entire manufacturing or industrial environment,
it easier to transmit the data needed to make decisions. is made possible by this interconnection [17], [18]. It serves
Informed decision-making is empowered by the compre- as the cornerstone of an infrastructure that is linked and
hensive insights and analytics made possible by this con- data-driven, facilitating effective data sharing and analysis.
nectedness in conjunction with information transparency [3], WSNs make it possible for employees to monitor and control
[4]. In Industry 4.0, technological innovations like artificial industrial operations remotely, giving them greater authority.
intelligence (AI), machine learning, and augmented real- This feature is important for improving overall operational
ity are essential components [5]. These developments offer efficiency, decreasing downtime, and performing predictive
intelligent assistance, streamlining procedures and raising maintenance. The gathered information provides information
output for a range of industrial jobs. Cyber-physical systems about production procedures, resource usage, and possible
autonomously decide what to do based on the information areas for optimization, which forms the foundation for well-
they collect, which makes industrial environments respond informed decision-making [6], [13], [19], [20].
faster and more effectively [2]. Strengthened cybersecurity In contrast to conventional wired systems, WSNs provide
measures are required due to the growing connection. With more scalability and flexibility. They are easily expandable,
the growing digital infrastructure, safeguarding systems and reconfigurable, and suitable for a variety of industrial envi-
data from cyber threats becomes sensitive [5], [6], [7], [8], [9]. ronments [21]. However, there are several security challenges
According to Statista, the highest number of cyber-attacks in with these networks. Increased connection makes people
the manufacturing industry between January 2022 and March more susceptible to cyberattacks, necessitating the use of
2023 was detected in May 2022 with 32 incidents as shown in strong cybersecurity measures to protect sensitive data [22].
Figure 1. In December 2022, the sector saw four attacks, the The performance of these networks is impacted by problems
lowest number of incidents in the measured period. In January with signal interference and dependability in intricate indus-
2023, this number had an uptick, reaching 20 attacks [10]. trial environments. The use of battery-powered sensors raises
Industry 4.0 has a broad impact on many different indus- additional concerns because prolonged battery life and energy
tries. Smart factories are starting to take shape in the efficiency must be balanced for consistent and dependable
manufacturing sector, using robotics, IoT, and AI to run operation [23]. Despite security challenges, WSNs are essen-
autonomous and effective production lines [2]. Improved tial to the operation of Industry 4.0’s data-driven, networked
visibility and traceability help supply chain management by infrastructure. To fully utilize these networks in the context
streamlining logistics and cutting down on waste. Industry of the fourth industrial revolution, security problems are
4.0 is utilized by sectors such as healthcare, automotive, and required to be addressed more efficiently [1], [2], [6], [21],
agriculture [1], [2], [9], [11], [12]. IoT gadgets and data [24].
analytics enhance patient care and equipment upkeep in the Cybersecurity breaches within WSNs are a major con-
medical field [13]. In order to produce smarter and self- cern in modern industrial environments. These networks
driving cars, the automotive industry uses automation and are always vulnerable to cyber-attacks as these networks
networking [14]. Precision farming is beneficial to agricul- continuously collect data and process optimization [25].
ture because it maximizes crop yields and resource utilization The incorporation of diverse sensors and wirelessly con-
through the use of smart sensors and data analysis. The necting equipment has rendered these networks susceptible
core component of Industry 4.0 is Wireless Sensor Net- to cyber-attacks, hence posing a risk to safety in indus-
work (WSN), which is a network of interconnected sensors trial environments, disrupting operations, and compromising
and equipment that communicate wirelessly in industrial data. These wireless sensor networks are vulnerable due to

VOLUME 12, 2024 34801

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

their interconnectedness, which is also a benefit for smooth

data transfer [19], [26], [27]. Cybercriminals take advantage
of these flaws to obtain private information or take over
vital systems. Attacks of this kind have the potential to be
extremely damaging, impacting manufacturing lines, jeopar-
dizing quality, and even endangering worker safety [28], [29].
These networks are working continuously in real-time, thus
it is imperative that cyber-attacks be found and stopped as
soon as possible. Prolonged downtimes or irreversible dam-
age to industrial systems could result from operations being
negatively impacted by delayed detection or response to
intrusions [27], [30]. Thus, to safeguard these wireless sensor
networks in Industry 4.0, a strong cybersecurity framework
with an efficient prioritization process is required. It is impor-
FIGURE 1. Monthly number of cyber-attacks in automotive production
tant to create proactive cybersecurity tactics using intelligent companies worldwide [10].
algorithms and predictive models. These models monitor net-
work activity continually, searching for unusual or suspicious
patterns that could point to possible security vulnerabilities. 4.0’s fast-paced environment, where preventive actions are
Prioritizing these risks according to their possible impact significant to protect against cyber threats.
and severity enables quick and efficient actions, reducing the
effect of any prospective incursions. B. RESEARCH CONTRIBUTIONS
The proposed research presents an intelligently pri-
A. RESEARCH MOTIVATION
oritized and robust predictive framework for cyberse-
curity intrusion detection and prevention in industry
In industry 4.0, WSNs serve as the backbone of networked
4.0 based wireless sensor networks, with following research
industrial operations [2], [16]. The development of a com-
contributions.
prehensive predictive framework for cybersecurity intrusion
detection and prevention with a feature of intelligent priori- • A framework for cybersecurity intrusion detection and
tized is the significant requirement in this context [6]. WSNs prevention in industry 4.0 based wireless sensor net-
are essential communication components for real-time data works will be developed.
transfer because to the convergence of digital technologies, • An AI-based detection mechanism will be implemented
however, they are also susceptible to cyberattacks [23], [31]. that recognize and classify cybersecurity intrusions.
The understanding of the vital role these networks play in the Three distinct machine learning models (multilayer
operation of contemporary enterprises serves as the driving perceptron, autoencoder, and decision tree) will be
force. They are a prime target for cyberattacks because they implemented for cybersecurity intrusions detection and
enable the smooth flow of data that powers decision-making classification within WSNs.
and process optimization. Beyond only compromising data, • An intelligent prioritization model will be implemented
a cybersecurity breach within these networks might have that can be used to give priorities to cyber threats based
far-reaching consequences. It could cause serious financial on their nature and impact.
losses, interfere with operations, and jeopardize safety [5], • A prevention system will be implemented that can be
[16], [19]. The dynamic and ongoing nature of cyber threats used to efficiently and effectively mitigate the impact of
necessitates the creation of a framework with well-considered cybersecurity intrusions.
priorities. There is always a chance that certain incursions
may be more dangerous than others and will have a major C. PAPER ORGANIZATION
impact on operations [32]. Therefore, the driving force is The remaining part of the paper is structured as follows:
to create a system that can differentiate between various
threat levels so that a targeted and effective response may be II. LITERATURE REVIEW
made. By placing the most serious hazards at the front of the We explore and analyze the existing work in the fields of
list, their impact on industrial operations is either prevented cybersecurity, WSNs, industry 4.0, threat detection, classifi-
or minimized. A predictive framework is also intended to cation and prevention in WSNs.
establish a proactive protection mechanism. The goal is to Industrial machines have been a part of the market and
foresee and stop possible risks rather than responding to manufacturing enterprises since the First Industrial Revolu-
breaches after they happen. Through the analysis of past data tion and continue to be a part of the Fourth Industrial Rev-
and current network behavior, predictive models are able to olution, also known as Industry 4.0. An increasing number
identify patterns that indicate possible hazards before they of utilities are moving to Internet Protocol (IP)-based sys-
manifest. This proactive strategy fits perfectly with Industry tems for wide-area communication as standardized protocols

34802 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

have grown in popularity. One of the standards that enables the current intrusion detection systems inside WSN have even
industries to obtain data directly from the machines through lower detection accuracy. The authors in [27] provide a hier-
TCP/IP or RS323 communication is SECS/GEM [33]. The archical intrusion detection model that groups WSN nodes
SECS/GEM protocol is mostly utilized within factories rather based on their functional roles in order to lower the energy
than in public spaces, some businesses might overlook consumption of nodes during detection processing. By eval-
its security characteristics. SECS/GEM communication is uating and utilizing the multi-kernel function, the authors
extremely vulnerable to several types of cyberattacks. The get the best linear combination and construct a multi-kernel
potential replay-attack hacks that could affect an SECS/GEM extreme learning machine for WSN intrusion detection sys-
system are examined in [33]. This paper assumes an enemy tems. According to simulation results, the system is ideal for
who wishes to cause ongoing damage to an operation-based WSNs with limited resources because it not only significantly
control system using replay attacks. In order to inject an shortens detection times but also ensures excellent detection
external control input covertly, the adversary can intercept accuracy.
messages, watch and record their contents for a predefined Information security lapses and privacy violations are seri-
period of time, record them, and then replay them when ous problems for both individuals and businesses, according
attacking. The purpose of the paper is to demonstrate the to earlier research [34]. It is recognized that reducing risk
cyberattack vulnerability of SECS/GEM communication and in this area necessitates taking into account both the tech-
to develop a detection system to guard against replay attacks. nological and human components of information security.
The findings show that replay attacks against SECS/GEM Most of the risks to an organization’s information assets are
communications were identified and effectively stopped by caused, whether on purpose or accidentally, by its employees.
the design mechanism. The study in [34] offers a novel conceptual framework that
Technological developments in the fields of digital elec- combines preventative and deterrent strategies to reduce the
tronics, wireless communications, and electro-mechanical danger of insider attacks. Situational crime prevention factors
systems have brought about a global revolution in society motivate employees to stop information security miscon-
and economy. These developments have made it possible to duct, whereas deterrence factors dissuade them from acting
develop sensor nodes that are inexpensive, power-efficient, improperly in terms of information security within organi-
and multifunctional [27]. By utilizing the sensing, data pro- zations. The results demonstrate that people’s attitudes are
cessing, and communication capabilities inherent in these strongly influenced by their perceptions of the certainty and
nodes, sensor networks are realized. Despite the restricted severity of consequences, which serves as a deterrent to infor-
energy capacity of wireless sensor network (WSN) nodes, mation security malfeasance.

VOLUME 12, 2024 34803

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

In order to create a new conceptual model of hybrid network defense. Using an autoencoder network model and
threats that incorporates deception techniques, the study [32] an enhanced evolutionary algorithm to detect intrusions, the
investigates the cyber-deception-based approach. Preventive research used an IGA-BP network to tackle the rising problem
techniques are the main emphasis of security programs since of Internet security in the big data era. It was constructed with
they keep hackers out of the network. In an effort to identify MATLAB, which guarantees a performance ratio of 90.26%,
and thwart attackers before they can enter, these programs a detection rate of 98.98%, and accuracy of 99.29% with
detect and block malicious activity in an effort to use hard- little processing complexity. In the future, a meta-heuristic
ened perimeters and endpoint defenses. The majority of optimizer was employed to improve the system’s capacity to
businesses use layered preventive measures to strengthen predict attacks.
their networks with defense-in-depth. Detection controls are The Smart Grid uses digital information and control
not as frequently used for in-network threat detection as they technology to improve the efficiency, safety, and depend-
are to support perimeter prevention. This architecture has ability of the electric grid. Techniques for state estimation
detection gaps that are hard to cover with current security and real-time analysis are essential to guaranteeing correct
measures that are not tailored to that role. Defenders are control implementation [28]. However, because Smart Grid
implementing a more balanced approach that incorporates systems depend on communication networks, there is a seri-
detection and response in place of relying just on preven- ous risk to grid stability as a result of their susceptibility
tion, a tactic that attackers have regularly been successful to cyberattacks. Effective intrusion detection and preven-
against [32]. The majority of businesses use next-generation tion systems are crucial for reducing such risks. In order to
firewalls or intrusion detection systems (IDS) to identify identify distributed denial-of-service attacks on the commu-
known threats by identifying patterns in the data. Other nication infrastructure of the Smart Grid, the authors in [28]
detection methods make use of behavioral analysis, traffic, suggests a hybrid deep-learning approach. Our approach
or monitoring. Reactive defenses are meant to identify an combines recurrent gated unit algorithms with convolutional
attack once it occurs, however they frequently fall short. Their neural networks. Two datasets were used: a bespoke dataset
inability to detect attacks based on what appears to be autho- created with the Omnet++ simulator and the Intrusion
rized access or credential harvesting is another reason for Detection System dataset from the Canadian Institute for
their shortcomings. They contribute to analyst alert fatigue by Cybersecurity. For attack surveillance and resilience, the
being perceived as complicated and prone to false positives. authors also created a Kafka-based dashboard for real-time
Recent innovation in the security sector has concentrated on monitoring. Results from simulations and experiments show
developing more precise methods of identifying hostile activ- that our suggested method obtains a high accuracy rate of
ities using technologies like big data, artificial intelligence 99.86%.
(AI), deception, user and entity behavioral analytics (UEBA), Malware, advanced persistent threats, and distributed
and deception [32]. denial of service (DDoS) attacks all actively jeopardize the
The IoT environment is made up of dispersed nodes, security and availability of Internet services [35]. In order
servers, and software for efficient communication and it is to detect DDoS attacks, study in [35] suggests an intelligent
essential to many industries, including the automotive and agent system that uses automatic feature extraction and selec-
medical tracking sectors [29]. Existing intrusion detection tion. In our experiment, we employed a custom-generated
approaches are unable to withstand attacks that pose a threat dataset called CICDDoS2019, and we found that the system
to security and privacy, despite the fact that this IoT paradigm outperformed the state-of-the-art machine learning-based
has been plagued by such threats and attacks. In order to DDoS attack detection approaches by 99.7%. The authors
counter these dangers and attacks, the sparse convolute net- created an agent-based mechanism for this system that blends
work has been used to analyze the IoT infiltration threat. sequential feature selection with machine learning meth-
The internet is trained with sets of intrusion data, traits, ods. When the system dynamically identified DDoS attack
and questionable activities to help detect and follow attacks, traffic, the system learning phase picked the best attributes
particularly Denial of Service (DDoS) attacks. In addition, and rebuilt the DDoS detector agent. With the use of the
the network is optimized by the application of evolution- most recent CICDDoS2019 custom-generated dataset and
ary approaches that recognize and track error, regular, and automatic feature extraction and selection, our suggested
intrusion efforts under various scenarios. Neurons in the approach outperforms the current standard in processing
sparse network evaluate complex hypotheses, and the result- speed while meeting the most advanced detection accuracy.
ing event stream outputs are routed to additional hidden layer The technique of cyber-resilience in small and medium-
processes. This procedure reduces the amount of intrusion sized businesses (SMEs) is examined in [26], and a complete
involved in the transfer of IoT data. Standard and threat pat- solution is suggested for identifying newly emerging threats
terns are successfully classified in the network by the efficient that makes use of open-source tools for prescriptive mal-
use of training patterns [29]. The system’s efficacy is assessed ware analysis, detection, and response. A system that is
through the analysis of experimental findings and conversa- specifically made for SMEs with up to 250 employees is
tions. When it comes to network security, network intrusion developed by utilizing open-source software and solutions,
detection systems outperform other forms of conventional with an emphasis on the identification of new dangers. The

34804 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

approach’s usefulness in increasing SMEs’ cyber-defense an ensemble model that uses both soft and hard voting. Three
skills and bolstering their overall cyber-resilience is proved NSL-KDD dataset variations—the original dataset, the under
through thorough testing and validation, along with effec- sampled dataset, and the oversampled dataset—were used
tive algorithms and methodologies for safety, security, and in the context the suggested study [37]. In all three dataset
anomaly detection [26]. The results demonstrate the viability modifications, the effectiveness of each individual machine
and scalability of using open-source resources to address the learning algorithm was assessed and contrasted with the vot-
particular cybersecurity issues that small and medium-sized ing ensemble methods’ effectiveness. When compared to the
businesses confront. The suggested solution finds and analy- individual models, it was discovered that both the hard and
ses harmful activity within SME networks by fusing real-time the soft voting models performed better in terms of accuracy
threat intelligence feeds with sophisticated malware analy- in the majority of cases.
sis techniques. Through the use of behavior-based analysis
and machine-learning algorithms, the system is able to A. GAP ANALYSIS
identify and categorize even the most complex strains of From SECS/GEM communication flaws to IoT infiltration
malware. Using real-world facts and scenarios, comprehen- threats and intrusion detection systems in Smart Grids, the lit-
sive testing and validation were carried out to assess the erature review highlights a wide range of cybersecurity issues
system’s efficacy [26]. The approach effectively recognizes that affect industries, businesses and technologies. However,
new threats that conventional security methods frequently it is reflected from the existing that there is a lack a robust
overlook, as evidenced by the results, which show notable and intelligently prioritized predictive framework in order
gains in malware detection rates. The suggested system is a to find and prevent cybersecurity intrusions in Industry 4.0-
workable and expandable approach that makes use of con- based WSNs. The existing studies provide discussion on the
tainerized apps and is easily implementable by small and problems that WSNs face and how important it is to have
medium-sized businesses looking to strengthen their cyber- good attack detection systems, but it does not go into great
defense capabilities. detail about a predictive framework that uses prioritization
Theft of intellectual property or security information, intelligence. Industry 4.0 depends on devices and systems that
fraud, sabotage, and other destructive acts by authorized users are linked to each other, which makes WSNs an important
are examples of insider risks [36]. Insider threats can do a part. It is important to deal with the unique problems they cre-
great deal of harm even though they are far less common than ate. To make sure that industrial WSNs are safe and reliable,
external network attacks. Insiders have intimate knowledge of the system is required to include machine learning algorithms
an organization’s systems, making it challenging to identify with the ability to find outliers, and real-time threat analysis.
their harmful activity. Conventional insider-threat detection
techniques emphasize rule-based strategies developed by III. A PREDICTIVE FRAMEWORK FOR CYBERSECURITY
subject matter experts; nevertheless, they lack both adapt- INTRUSION DETECTION AND PREVENTION IN INDUSTRY
ability and resilience. In [36], the authors offer approaches 4.0 BASED WIRELESS SENSOR NETWORKS
for insider threat identification based on anomaly detection We propose an intelligently prioritized and robust predic-
algorithms and user behavior modelling. The authors created tive framework for cybersecurity intrusion detection and
three different kinds of datasets using user log data: the user’s prevention in Industry 4.0 based wireless sensor networks.
weekly email communication history, the user’s daily activity The framework includes several essential component as
summary, and the user’s email contents subject distribution. given in Figure 2. These components include industry 4.0,
Then, in order to find malicious activity, the authors used four WSN, intrusion based cyber-attacks, AI-based detection and
anomaly detection methods and their combinations. The out- classification of cybersecurity intrusions, and intelligent pri-
comes of the experiments suggest that the suggested structure oritization and prevention system. The framework provides a
can function effectively for unbalanced datasets with little specialized system designed to identify and prevent cyberse-
insider threats and no knowledge provided by domain experts. curity intrusions in wireless sensor networks. Three different
Agriculture 4.0, the impending revolution in agriculture, machine learning models i.e., multilayer perceptron, autoen-
incorporates state-of-the-art information and communication coder, and decision tree have been used in an AI-driven
technologies into current processes. Security researchers are detection method. These models will make it possible to
becoming more and more interested in various cyber threats identify and categories various cybersecurity attacks, improv-
associated with the previously described integration [37]. ing the network’s capacity to quickly detect and address
Fighting such attacks can greatly benefit from the application threats. The framework also presents an intelligent priori-
of Machine Learning (ML) techniques for network traffic tization model, a significant component that rank various
analysis and classification. In this direction, the research work cyber threats according to their characteristics and their
presents and assesses several machine learning classifiers consequences. By focusing on and responding to high-risk
for the classification of network traffic, including Random intrusions first, this prioritization model helps the network
Forest (RF), Stochastic Gradient Descent (SGD), Decision to allocate resources more effectively to counter the most
Tree (DT), K-Nearest Neighbours (KNN), Support Vector serious attacks. In addition, a proactive preventive system will
Classification (SVC), and Random Forest (KNN), along with be included to lessen the effects of cybersecurity breaches.

VOLUME 12, 2024 34805

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

FIGURE 2. A predictive framework for cybersecurity intrusion detection and prevention in industry 4.0 based wireless sensor networks.

In addition to being able to identify threats, this system is all the way through the supply chain, cutting down on delays
built to serve as a strong defensive barrier, putting in place and enhancing inventory control [38]. IoT devices and data
countermeasures that quickly and effectively eliminate any analytics are important in the healthcare industry as well,
threats and increase the network’s overall resilience. This as they enhance patient care through individualized thera-
all-encompassing framework aims to strengthen the secu- pies, remote monitoring, and effective resource management
rity of industry 4.0-based wireless sensor networks through in hospitals [13]. Industry 4.0 is comprised of three major
the integration of AI-based detection techniques, implements sectors including smart manufacturing, supply chain man-
threat prioritization, and proactive preventive tactics. agement and healthcare. In smart manufacturing, factories
are empowered by interconnected sensors and IoT devices
that gather real-time data, enabling predictive maintenance
A. COMPONENTS OF THE PROPOSED PREDICTIVE and optimize production lines. In supply chain management,
FRAMEWORK FOR CYBERSECURITY INTRUSION IoT devices are used for inventory tracking, monitoring trans-
DETECTION AND PREVENTION IN WSN port conditions, and ensuring efficient delivery of goods.
1) INDUSTRY 4.0 In healthcare sector, hospitals utilize IoT devices for remote
The integration of modern digital technology into manu- patient monitoring, inventory management, and provision of
facturing and industrial processes is embodied in Industry healthcare services.
4.0, the fourth industrial revolution. Through the integration
of cloud computing, AI, cyber-physical systems, and the
IoT, it transforms traditional industries [5]. The IoT, a net-
work of interconnected devices with sensors and actuators 2) WSNs IN INDUSTRY 4.0
that gather and share data in real time, is a key compo- A key element of Industry 4.0 is Wireless Sensor Networks
nent of Industry 4.0. AI and advanced analytics are then (WSNs) that enable real-time monitoring and data collection
used to interpret and analyses data, allowing for autonomous across a range of industrial applications. WSNs facilitate
decision-making, optimization, and predictive analysis. This smart factories, streamline workflows, and enhance decision-
revolution has an impact on many different industries. Smart making [39], [40]. These networks are made up of spatially
factories use robotics, IoT, and data analytics to improve dispersed, autonomous sensors that work together to monitor
overall efficiency, forecast maintenance needs, and maximize and collect data in a variety of environments via wireless
productivity. IoT-enabled monitoring solutions in logistics communication [31], [41], [42]. There are following key
and supply chain management offer visibility and efficiency feature of WSNs in Industry 4.0:

34806 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

• WSNs make it easier to gather data in real time from • Grayhole Attacks: Grayhole attacks are a variation
sensors positioned across industrial environments. Tem- of blackhole attacks. Instead of dropping all pack-
perature, pressure, humidity, and other factors that are ets randomly, nodes in grayhole attacks drop packets
essential for monitoring and controlling systems are selectively. The hacker uses network manipulation to
frequently included. intercept or disrupt particular data packets. Because this
• WSNs create a network that allows sensors to commu- manipulation involves selective interference rather than
nicate to central systems and to each other. The smooth a full packet drop, it can be more difficult to identify the
conveyance of data made possible by this connection malicious nodes.
promotes intelligent decision-making and process opti- • Flooding Attacks:In a flooding attack, an excessive vol-
mization. ume of traffic is directed towards a system, preventing it
• WSNs are made to be both scalable and flexible. They from responding to valid requests. These attacks involve
are adaptable for many Industry 4.0 use cases and may be sending a lot of requests or data packets to the target,
expanded or changed to meet shifting industry require- which overloads it and makes it unresponsive. Numer-
ments. ous systems are used to flood the target, increasing the
• WSNs are built with energy efficiency in mind. In order impact of flooding attacks, such as Distributed Denial of
to provide continuous data collection and transmis- Service (DDoS) attacks.
sion, sensor nodes are frequently battery-powered and • Scheduling attacks: Scheduling attacks target the
designed to last for long periods of time without requir- time synchronization mechanisms of WSNs. The goal
ing frequent maintenance. of these attacks is to interfere with the network’s
scheduling or timing functions. Attackers affect over-
In Industry 4.0, WSNs are applied across following sectors:
all functionality and reliability network by interfering
• Smart Manufacturing: WSNs make it possible to with critical operations or creating anomalies in the
monitor manufacturing lines, inventory, and equipment, network through timing manipulation. For example,
which guarantees preventative maintenance and stream- in scheduling attacks the attacker might attempt to com-
lines workflows. promise the TDMA (Time Division Multiple Access)-
• Predictive Maintenance: Utilizing WSNs save down- based scheduling by manipulating the allocation of
time and increase operational efficiency by anticipating time slots/frames causing timing inconsistencies or
equipment breakdowns and maintenance requirements. collisions
• Environmental Monitoring: In order to ensure regula-
When considering WSNs utilized in Industry 4.0 and IoT
tory compliance and create safer working environments,
environments, each of the above intrusions presents a serious
WSNs monitor environmental conditions in industrial
risk to the security and optimal operation of systems. Strong
environments.
intrusion detection and prevention systems are required to
• Supply Chain Optimization: WSNs provide real-time
find and prevent these intrusions.
data to optimize supply chain management by tracking
inventory and transit conditions.
4) DATA COLLECTION & PREPROCESSING
3) INTRUSION-BASED CYBER-ATTACKS
Preprocessing and data collecting are important steps in data-
driven system. It entails obtaining raw data from several
Intrusion-based cyber-attacks comprise a diverse range of
sources, organizing, and cleaning it to guarantee its qual-
tactics employed to undermine the security and integrity of
ity and suitability. This stage is significant, particularly for
computer networks, systems, and information. These attacks
cybersecurity frameworks and machine learning-based sys-
are executed by taking advantage of holes or flaws in the
tems that seek to anticipate or identify attacks. Within a
systems that are being targeted. This category includes a num-
network, data can come from a number of locations. Within
ber of different intrusion types, each with a unique approach
Industry 4.0 wireless sensor networks, the data comprise
and objective. Below is the detail of common intrusion based
of sensor data, network traffic logs, system event logs, and
cyber-attacks:
pertinent information related to cybersecurity. The collected
• Blackhole Attacks: These attacks are also referred as data include a variety of formats, including text from sev-
packet drop attacks. Blackhole attacks happen when eral sources, numerical sensor readings, and category system
malicious nodes in a network discard or drop packets, records. It is imperative to have access to both real-time
preventing data from flowing normally. These nodes streaming data and historical data. Historical data is useful for
draw in network traffic, but instead of forwarding the comprehending patterns and trends, whereas, real-time data is
packets, they drop them, which causes congestion on helpful in identifying persistent risks.
the network or information loss. This attack is especially Data preprocessing involves cleaning and quality control.
harmful to WSNs because compromised nodes may drop It filling in any gaps in the data, getting rid of duplicates,
packets in an attempt to save energy, losing important and fixing any discrepancies. During this stage, anomalies
data in the process. or outliers also recognized and dealt with. In order to bring

VOLUME 12, 2024 34807

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

all features to the same scale, data need to be normalized •Flooding Attacks: Models are used for recognition of
or transformed. This is important step for machine learn- patterns involving excessive traffic designed to over-
ing algorithms that are sensitive to different data scales. whelm the network and disrupt normal operations.
Producing pertinent characteristics from unprocessed data • Scheduling Attacks: Models are used for detection of
is necessary in cybersecurity. Extracting certain information inconsistencies or manipulations in the WSNs’ timing or
from logs or sensor data is helpful to efficiently identify possi- scheduling mechanisms.
ble risks or anomalies. Reducing dimensions or getting rid of The publically available WSN dataset is structured, prepro-
features that are unnecessary or less useful increase process- cessed, and used. This include feature engineering, cleaning,
ing efficiency in big datasets without sacrificing important and dividing the dataset into subsets for testing and training.
information. In order to detect patterns in the data for the The dataset is used to train each AI model i.e., Decision Tree,
learning algorithms, it must be labelled with the relevant MLP, and Autoencoder. By exposing the models to labelled
classes or categories if the data is being used for supervised data, they are able to pick up on and recognize patterns
learning tasks like classification. The effectiveness of the linked to various kind of attack. Metrics including accuracy,
analysis is greatly impacted by data preprocessing when it precision, recall, and F1 score are used to evaluate how well
comes to cybersecurity intrusion detection. The accuracy and they detect and classify attacks. To increase the models’
efficacy of machine learning models or detection systems accuracy and resilience, their parameters are changed and
are significantly influenced by the quality, relevance, and fine-tuned. The objective is to develop a system that can pre-
organization of the data. cisely identify and categories various kinds of attacks within
WSNs by utilizing these AI models. This strengthens the
5) AI-BASED DETECTION AND CLASSIFICATION OF WSNs’ resistance to different cybersecurity intrusions and
CYBERSECURITY INTRUSIONS is one of the core components of the proposed cybersecurity
The deployment of an AI-driven intrusion detection and clas- framework for Industry 4.0.
sification system is used for safeguarding Industry 4.0 WSNs.
Three different AI models i.e., Decision Tree, Multilayer 6) INTELLIGENT PRIORITIZATION AND PREVENTION SYSTEM
Perceptron (MLP), and Autoencoder are implemented using Intelligent Prioritization and Prevention System is the core
publicly available WSN dataset. Cybersecurity intrusions are component of the proposed framework. It sorts various kinds
detected classified with a particular emphasis on flooding, of attacks (blackhole, grayhole, flooding, and scheduling) by
scheduling, blackhole, and grayhole attacks. Each of the considering their importance in Industry 4.0 environments.
selected models has a distinct function in recognizing and Blackhole attacks are considered dangerous in sectors like
categorizing cyber-attacks as given below: robotics control, supply chain security and energy man-
• Decision Tree:This model organizes data into a tree-like agement. When these attacks happen, vital systems can be
structure and it makes decisions based on conditions. seriously affected, as dropped or lost packets can make com-
It is intuitive and can handle both numerical and categor- munication difficult and even cause harm. Grayhole Attacks
ical data which makes it suitable for classifying different involve selectively changing packets and are most common
types of attacks based on specific characteristics [43], in quality assurance, asset tracking, and environmental mon-
[44]. itoring. They can have a direct effect on the accuracy of data,
• Multilayer Perceptron (MLP): The MLP is a type of which can make quality control or tracking tasks difficult to
neural network that is very good at finding complicated complete. Flooding Attacks are sensitive in situations like
patterns and connections in data. The fact that it can smart logistics, farm automation, and supply chain visibility.
learn from both structured and unstructured data makes They flood the network with too much traffic, which can
it useful for finding both simple and complicated attack seriously impede the smooth flow of data that is needed in
patterns [45], [46]. these situations. Scheduling Attacks focus on manufactur-
• Autoencoder:It is an unsupervised learning approach ing processes, fleet management, and healthcare equipment
that is applied to data compression and feature learning. because they change the timing and scheduling systems. Tim-
For anomaly detection, it is especially helpful. It recog- ing problems can make important operations in these areas
nizes anomalies or deviations from the learned patterns run late or not at all.
by recreating the input data [29], [47]. Let A be the set of attacks, ai represents an individual
attack, I (ai ) be the importance of attack ai in industry
The system is specifically trained to recognize four primary 4.0 environments, Category (ai ) be the cateogry of attack
types of common attacks in WSNs: ai , Impact (ai ) be the impact of attack ai on the system.
• Blackhole Attacks: Models aim to identify instances Then intelligent prioritization and prevention system can be
where packets are dropped or lost. It leads to data loss represented by equation 1 and 2.
or network congestion.
Attack Sorted = Sort (A, I (ai )) (1)
• Grayhole Attacks: Models are used for identification of
selective packet manipulation to disrupt specific data Impact (ai ) = f (Category (ai ) , Industry 4.0 (Applications))
flows within the WSNs. (2)

34808 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

In order to perform proactive prevention actions, we priori- IV. EXPERIMENTS, RESULTS & DISCUSSIONS
tize attacks based on their impact on Industry 4.0 scenarios. We perform the simulations and evaluate the performance
The following prevention tactics have been used to prevent of proposed framework with respect to the cybersecurity
cybersecurity threats: intrusion detection and classification.
• When the proposed framework detects blackhole
attacks, it will prevent the system by activating and set- A. EVALUATION METRICS
ting up an environment for verifying packets and making We evaluated the performance of the models implemented in
sure there are multiple paths for important communica- the proposed framework using accuracy, precision, sensitivity
tions in fields like robotics, supply chain management, (recall), F1 score, specificity, and precision-recall curve [14].
and energy management. For multidimensional classification and detection of cyber-
• When the system detects grayhole attacks, it will utilize security intrusions, we used Decision Tree and MLP models.
verification tools and data validation methods to prevent For binary classification and detection of cybersecurity intru-
selective packet manipulation in quality assurance and sions in WSNs of Industry 4.0, we used Autoencoder model.
asset tracking scenarios. We implemented the benchmark models, i.e., RF for multi-
• In order to prevent flooding attacks, traffic analysis tools dimensional classification and LR for binary classification
and rate-limiting methods will have been deployed to and compared the performance with the models implemented
keep the network from getting too busy in smart logistics in the proposed framework. Specificity and precision-recall
and supply chain visibility situations. curves are the metrics applicable to binary classification mod-
• Scheduling attack prevention includes the use of els. Therefore, for multidimensional classification through
time synchronization procedures and backup plans Decision Tree, MLP, and RF models, we used accuracy,
to keep important time frames in manufactur- precision, sensitivity, and F1 score. Whereas, for binary clas-
ing, fleet management, and healthcare equipment sification through Autoencoder and LR models, we used
environments. specificity and precision-recall curve metrics in addition to
accuracy, precision, sensitivity, and the F1 score. We calculate
The intelligent prioritization and prevention system not only these performance metrics based on the following terms:
finds potential threats and ranks them, but it also makes sure
• True Positives (TP): The number of tuples that are really
that prevention plans are tailored to the unique weaknesses of
found to be intrusive at the end of the process.
each Industry 4.0 scenario. The goal of this proactive method
• True Negatives (TN): The number of valid tuples that are
is to make WSNs safer and more reliable.
found at the end of the detection process.
• False Positives (FP): The number of safe tuples that,
B. PSEUDOCODE OF THE PROPOSED PREDICTIVE at the conclusion of the detection process, are identified
FRAMEWORK FOR CYBERSECURITY INTRUSION as intrusions.
DETECTION AND PREVENTION IN WSN • False Negatives (FN): The quantity of dangerous tuples
Algorithm 1 shows the procedure of the proposed framework. that, at the conclusion of the detection process, are found
It works with several components for cybersecurity intru- normally.
sion detection and prevention in WSNs. The fundamental
When assessing the effectiveness of classification models,
environment is Industry 4.0, which is the amalgamation of
accuracy is a commonly used parameter. It assesses the
cloud computing, AI, cyber-physical systems, and the IoT.
overall accuracy of the model predictions by figuring out
WSN is the core component of Industry 4.0 and is used
the proportion of correctly predicted cases among all the
for real-time data collection, transmission, scalability, and
instances in the dataset [46]. Mathematically, it is represented
energy efficiency across a range of industrial applications.
by A and can be calculated with the help of equation 3.
Blackhole, grayhole, flooding, and scheduling attacks are
considered intrusion-based cyberattacks that jeopardize the TP + TN
A= (3)
security of WSNs. Data collection and preprocessing is per- TP + TN + FP + FN
formed by the process of collecting, cleaning, normalizing, Precision is a way to measure how well a classification model
and feature engineering data sources. Using labeled datasets works. It checks how good the model is at making positive
and assessment criteria, AI-based detection and classification predictions by counting the number of true positives out of all
uses decision tree, multilayer perceptron, and autoencoder positive predictions, or true positives plus fake positives [46].
models to identify and classify cyberattacks. The Intelligent Mathematically, it is represented by P and can be calculated
Prioritization and Prevention system develops customized with the help of equation 4.
preventative strategies to successfully minimize danger by
TP
classifying them according to how they affect various Indus- P= (4)
try 4.0 scenarios. With the use of proactive preventive TP + FP
measures, prioritization strategies, and AI-driven detection Sensitivity is a way to measure how well a classification
techniques, the proposed framework aims to strengthen the model works. This number is also known as the recall or
security of WSNs in Industry 4.0. true positive rate. The sensitivity of the model measures how

VOLUME 12, 2024 34809

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

Algorithm 1 A Predictive Framework for Cybersecurity Intrusion Detection and Prevention in WSNs
1. Begin
2. Input: D0 : Industry 4.0 based WSNs Data
3. Output: IDPA: Intrusion Detection and Preventive Action
4. Procedure:Cybersecurity intrusion detection and prevention (D0 )
5. Industry 4.0 (I-4.0) Environment:
I-4.0 = {cloud computing, AI, IoT, WSNs}
6. Wireless Sensor Networks (WSNs):
WSNs = {Real time data collection, communication, scalability, energy efficiency}
7. Intrusion-based Cyber Attacks (IBCA):
IBCA = {Blackhole, Grayhole, Flooding, Scheduling}
Attack Sorted = Sort (A, I (ai ))
8. Data Collection & Preprocessing (S):
← DCollected&Preprocessing = {data source, cleaning, normalization, feature engineering
9. AI-based Detection & Classification (AIDC):
while (Intrusion (I), WSNs (W)) do
10. AIDC = {DT, MLP, AE, Evaluation Metrics, S}
end while
11. Intelligent Prioritization and Prevention:
12. if (Threats Detected (TD)) do
13. Prioritized Threat based on Industry 4.0 Environments (IE)
Impact (ai ) = f (Category (ai ) , Industry4.0 (Applications))
while (TD, IE) do
Preventive Actions
end while
14. end if
15. ReturnIDPA
16. end

well it can find every single positive case in the dataset [46]. B. DATASET
Mathematically, it is represented by R and can be calculated In order to evaluate the working of proposed framework,
with the help of equation 5. WSN-DS: A dataset for intrusion detection systems in wire-
less sensor networks [48], a publically available dataset
TP
R= (5) on a Kaggle website has been used. The dataset repli-
TP + FN cates many Denial-of-Service (DoS) attacks on WSN using
The F1 score demonstrates how well classification models the LEACH (Low Energy Adaptive Clustering Hierarchy)
perform when selecting between two choices. The F1 score protocol. It includes Blackhole, Grayhole, Flooding, and
is useful when there is a difference between accuracy and Scheduling attacks, which are four different categories of
recall [46]. Mathematically, it is represented by F1-S and can attacks. The goal of these attacks is to determine how they
be calculated with the help of equation 6. affect network performance and what effects they have on the
LEACH protocol. In the Blackhole attack, at the beginning
P×R of a round, an attacker assumes the identity of a Cluster
F1 − S = 2 × (6)
P+R Head (CH). When nodes connect to this fake CH, they
unintentionally submit their data packets to it, which are
Specificity is the performance metric specifically used in the then transmitted to the Base Station (BS). Data loss results
evaluation of binary classification. It is used to measure the from the Blackhole attacker’s dropping or discarding of these
ability of a model to correctly identify negative instances out packets rather than transmitting them. As with the Black-
of all actual negatives. Mathematically, it is represented by S hole attack, attackers assume the identity of CHs in the
and can be calculated with the help of equation 7. Grayhole assault. These attackers may do this on the basis
TN of the sensitivity of the data included in the packets they
S= (7) drop or delete. The goal of the flooding attack is to flood
TN + FP
the network with too many high-transmission-power adver-
A precision-recall curve is a graphical representation of the tising CH messages. The sensor nodes’ energy is depleted
trade-off between precision and recall for different classifi- as they process the barrage of messages and choose which
cation thresholds. The precision-recall curve is created by CH to join. The Scheduling attack takes place in the setup
varying the classification threshold of the model and deter- stage of the LEACH protocol. Assuming the role of CHs,
mining the precision and recall at each threshold. A higher attackers provide every node the same time slot for data trans-
area under the precision-recall curve (AUC-PR) indicates mission, which causes packet collisions and eventual data
better performance for the model. loss.

34810 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

C. EXPERIMENTAL DESIGN positives. With precisions of 98.82% and 97.89%, respec-

The models implemented in the proposed framework have tively, the model also performs well for the ‘‘Blackhole’’ and
been evaluated with ‘‘WSN-DS,’’ a dataset for intrusion ‘‘Grayhole’’ classes, demonstrating its efficacy in correctly
detection systems in wireless sensor networks. The dataset classifying them. The ‘‘Flooding’’ class observes 95.17%
has been divided into two parts: the training set and the test accuracy. For the ‘‘TDMA’’ class, the precision is 91.51%,
set. The training set comprised 80% of the total records in indicating a little higher chance of false positives. The
the dataset. It was used to train the proposed models. On the decision tree model performs well in all the classes, demon-
other hand, the test set comprised 20% of the total number of strating its effectiveness. Figure 4 shows recall score per
records. It was used to test and validate the proposed model. class, which indicates that the decision tree model performs
Cross-validation was performed for Decision Tree and MLP well to accurately classify classes. With notable values for
through the ‘‘cross_val_score’’ function from scikit-learn. ‘‘Normal’’ (99.74%) and ‘‘Blackhole’’ (98.78%), the model
However, for Autoencoder, we validated the model using a demonstrates good recall across most classes, suggesting that
train-test split with an 80:20 ratio since cross-validation is it can catch most real occurrences for these classes. With
not applicable due to its unsupervised learning nature. All recall score of 93.66% and 93.89%, respectively, ‘‘Flooding’’
experiments are implemented in Python on a GPU based envi- and ‘‘TDMA’’ perform well, while the ‘‘Grayhole’’ class also
ronment with 1.8 GHz CPU and 12 GB of RAM. Predefined exhibits great recall of 97.89%. These findings imply that the
machine learning packages and libraries, namely Pandas, model minimizes false negatives by efficiently identifying
Numpy, Seaborn, Sklearn, LabelEncoder, OneHoTencoding instances of network penetration. Figure 5 shows the F1
and Matplotlib have been implemented. score per class, which indicates a thorough assessment of the
performance of the Decision Tree model. The results show
a commendable balance between precision and recall across
D. RESULTS AND EVALUATION
several classes. The model notably attains high F1-scores for
The experiments were performed by implementing three AI
‘‘Blackhole’’ (98.80%) and ‘‘Normal’’ (99.75%), indicating
models, i.e., Decision Tree and MLP for multidimensional
a successful trade-off between reducing false positives and
classification and the Autoencoder for binary classification.
false negatives for these classes. With a balanced F1-score
We also implemented the benchmark models, i.e., Random
of 97.89%, the ‘‘Grayhole’’ class exhibits good recall and
Forest (RF) [49] for multidimensional classification and
accuracy performance. The F1-scores of 94.41% and 92.68%
Logistic Regression (LR) [50] for binary classification and
for ‘‘Flooding’’ and ‘‘TDMA,’’ respectively, show how well
compared the performance with the models implemented in
the model balances recall and precision for these classes. This
the proposed framework. The evaluation results are high-
well-balanced performance highlights that the model detects
lighted below:
cybersecurity intrusions and handles failures in a comprehen-
sive way. The efficacy of model in enhancing cybersecurity
1) DECISION TREE AND RF within the WSN is demonstrated by its capacity to effectively
The Decision Tree model is used to detect cybersecurity intru- distinguish between typical and intrusive network activity.
sions with essential Python libraries and modules including The confusion matrix of Decision Tree is given by Figure 6
Pandas and Sklearn. The Decision Tree approach performs illustrates the performance of the classification model in
well in classifying different kinds of WSN intrusions and differentiating among five discrete classes, namely TDMA,
achieve the accuracy of 99.48% as compared with Random Blackhole, Flooding, Grayhole, and Normal. In this matrix,
Forest with an accuracy of 98%. Table 1 shows the values of each row shows the real instances of a certain class, and
accuracy, precision, recall, and F1 score of different kinds of each column shows the predicted value of that class. The
attacks. The Decision Tree performs better at correctly identi- model is good at finding instances of the ‘‘Normal’’ class; it
fying typical behavior, which is essential for cybersecurity. Its correctly predicted 67787 cases. However, it shows difficulty
accuracy in differentiating between various intrusion kinds is in accurately distinguishing between classes like Blackhole
strong. The macro average and weighted average rows show and Grayhole, as well as between Normal and TDMA due to
the overall model performance, which is consistently high the similarities in their features or actions.
across the dataset for Decision Tree model. This indicates a Figure 7 shows a graph indicating the true positive rate
robust performance of Decision Tree in classifying instances and false positive rate of the Decision Tree model for various
within this multiclass classification problem. attack types. It is represented by the ROC (Receiver Oper-
In identifying typical network behavior, the Decision Tree ating Characteristic) curve. The true positive rate is plotted
model performs significantly well by attaining high precision, on the y-axis, while the false positive rate is plotted on the
recall, and F1-scores as shown by Figures 3, 4 and 5. Figure 3 x-axis. The area under the ROC curve is a measure of the
shows precision score per class, in which the decision tree overall performance of the model for the given attack types:
model performs robustly in classifying all the instances. The blackhole, grayhole, flooding, TDMA, and normal. Higher
model achieves a significant 99.77% precision for the ‘‘Nor- values for all the classes indicate that the decision tree model
mal’’ class, which is noteworthy. This suggests a high degree performs significantly well in the identification and classifi-
of precision in detecting typical occurrences, reducing false cation of cybersecurity intrusions.

VOLUME 12, 2024 34811

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

TABLE 1. Accuracy, precision, recall and F1 score for decision tree and RF models.

FIGURE 3. Precision score per class for decision tree model. FIGURE 4. Recall score per class for decision tree model.

2) MLP AND RF between precision and recall, as evidenced by their high F1-
The MLP model is used to detect cybersecurity intrusions Score values of MLP model. The ‘Macro Avg’ and ‘Weighted
with essential Python libraries and modules including Pandas Avg’ rows show the overall MLP model performance, which
and Sklearn. The MLP approach performs well in classifying is consistently high across the dataset as compared with RF
different kinds of WSN intrusions and achieve the accuracy model. This indicates a robust performance of MLP model
of 99.52% as compared with RF model with an accuracy of in classifying instances within this multiclass classification
98%. Table 2 shows the values of accuracy, precision, recall, problem.
and F1 score of different kinds of attacks. The MLP model The MLP model ability to correctly identify instances
exhibits noteworthy precision rates, especially for the Normal within the Blackhole, Flooding, Grayhole, Normal, and
and TDMA classes, suggesting a high degree of accuracy in TDMA categories is indicated by the Figures 8, 9 and 10.
the positive predictions. The TDMA class, on the other hand, Figure 8 shows the precision score per class for the MLP
shows a slight lower recall rate, indicating that some real model, which indicates that the ‘‘Normal’’ class has excep-
TDMA instances are absent from the MLP model. The Black- tional precision of 99.7%, suggesting that 99.7% of the time
hole, Flooding, and Grayhole classes show a good balance the model correctly predicts an instance to be ‘‘Normal.’’ For

34812 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

FIGURE 7. Decision tree receiver operating characteristic curve.

the majority of actual instances in this category. The ‘‘Nor-

FIGURE 5. F1 score per class for decision tree model. mal’’ class achieves an exceptional recall of 99.9%, indicating
its ability to identify the vast majority of actual ‘‘Normal’’
instances with minimal false negatives. The ‘‘Blackhole’’
class follows closely with a recall of 99.2%, demonstrating
the high sensitivity of the model. The ‘‘Grayhole’’ class also
displays a strong recall of 96.8%, indicating the proficiency
of the model in capturing the majority of actual instances in
this category. The ‘‘Flooding’’ class achieves a good recall of
95.1%, and the ‘‘TDMA’’ class demonstrates a slightly lower
recall of 90.4%. Figure 10 shows the F1 score per class for the
MLP model, which indicates that with an F1-Score of 99.8%,
the ‘‘Normal’’ class stands out as having a precisely balanced
recall and precision for correctly identifying instances. Strong
F1-Scores of 97.6% and 97.5%, respectively, are also dis-
played by the ‘‘Blackhole’’ and ‘‘Grayhole’’ classes, demon-
strating the capacity of the model to successfully minimize
both kinds of mistakes. Even though the F1 scores for ‘‘Flood-
ing’’ and ‘‘TDMA’’ are a little bit lower at 94.3% and 94.8%,
respectively, these numbers still show a well-rounded perfor-
mance in keeping the balance between precision and recall.
Figure 11 illustrates the confusion matrix for the MLP
FIGURE 6. Confusion matrix for decision tree model. model, which indicates the performance in differentiating
among five separate classes, i.e., TDMA, Blackhole, Flood-
ing, Grayhole, and Normal. With no misclassifications, the
each of these categories, the ‘‘TDMA’’ class similarly reaches model shows excellent prediction power for Blackhole, cor-
a precision of 99.7%, demonstrating the resilience of the rectly recognizing 2022 instances. It also does a good
model in reducing false positives. With a precision of 98.1%, job at identifying grayhole instances, correctly predicting
the ‘‘Grayhole’’ class comes in close behind, indicating the 2765 instances, though with a little misperception. The model
ability of the model to correctly categorize this category. does a fair job of identifying instances of the Flooding and
The precision for the ‘‘Blackhole’’ (96.1%) and ‘‘Flooding’’ TDMA classes, but it has trouble telling normal instances
(93.6%) classes is still strong, although slightly lower. This apart from the other classes. In particular, it incorrectly
suggests that the model effectively reduces false positives for labels cases of flooding as normal and normal instances as
these types of network intrusions. Figure 9 shows the recall grayhole, TDMA, and flooding. The model shows a good
score per class for the MLP model, which indicates that the capacity to find instances within each class, although it strug-
model exhibits strong recall values of 96.8% for the ‘‘Gray- gles to differentiate between flooding, normal, and grayhole
hole’’ class. It shows the proficiency of the model in capturing classes.

VOLUME 12, 2024 34813

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

TABLE 2. Accuracy, precision, recall, and F1 score for MLP and RF models.

FIGURE 10. F1 score per class for MLP model.

FIGURE 8. Precision score per class for MLP model.

FIGURE 9. Recall score per class for MLP model.

FIGURE 11. Confusion matrix for MLP model.

3) AUTOENCODER AND LR
The Autoencoder model is used to detect cybersecurity intru- Pandas and Sklearn. The results, as given in Table 3, indicate
sions with essential Python libraries and modules, including the performance metrics of a binary classification model

34814 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

distinguishing between normal and anomalous instances. The

precision for both normal and anomalous instances is high at
0.95, and 0.88, respectively, for Autoencoder model. It sig-
nifies that when the model predicts an instance as normal
and anomalous, it is correct 95% and 88% of the time,
respectively. The LR model, on the other hand, performs
exceptionally well in identifying the normal instances with
a precision of 1.00; however, it struggles hard to identify the
anomalous instances with a precision score of just 0.39. The
recall for normal and anomalous instances is 0.88 and 0.95 for
the Autoencoder model, indicating that the model captures
88% and 95% of the actual normal and anomalous instances,
respectively. The recall values for the LR model are 84% FIGURE 12. Classification metrics histogram of autoencoder Model.
and 99% for normal and anomalous instances, respectively,
which are comparatively low in capturing the normal and
slightly high in capturing the anomalous instances. The F1-
score for the Autoencoder model stands at 0.91 and 0.92 for
normal and anomalous instances, respectively. It signifies a
good balance between the ability of the model to correctly
identify normal and anomalous instances as compared with
the LR model, with F1 scores of 0.91 and 0.55 for normal and
anomalous instances, respectively. The overall accuracy of
the Autoencoder model is 0.91, representing the proportion of
correctly identified instances out of the total instances. It indi-
cates that the overall performance of the model in classifying
it as either anomalous or non-anomalous is 91% accurate
as compared with the LR model, which has an accuracy
of 85%. The sensitivity of the Autoencoder model is 88%,
as compared with the LR model, which has a sensitivity value
of 83%. It indicates that the Autoencoder model performs
well in identifying positive instances out of all actual positive
instances. On the other hand, the specificity of the Autoen- FIGURE 13. Confusion matrix of autoencoder model.
coder model is 95% as compared with the LR model, which
has a specificity value of 99%. It indicates that the LR model
performs slightly well in identifying negative instances out
of all actual negative instances. However, if we consider the
sensitivity and specificity values of the Autoencoder model,
it shows that the Autoencoder model has the great ability to
correctly identify negative instances out of all actual negative
instances and positive instances out of all actual positive
instances.
The results given in Figure 12 suggest that the model shows
better performance in identifying both normal and anomalous
instances. While it maintains a high precision for normal
instances, the recall for anomalous instances is comparatively
higher, indicating that the model can identify a larger propor-
tion of actual anomalous instances. The confusion matrix of
Autoencoder model is given in Figure 13, which illustrates its
performance in binary classification. The model accurately
classified 6,072 instances as normal, with a small fraction
of 866 normal instances as anomalies. This suggests that FIGURE 14. Autoencoder precision-recall curve.
there are a very small number of false negatives, or cases
where ‘‘normal’’ data is mistakenly classified as abnormal.
The model identified 325 cases of anomalies as ‘‘normal’’ model. The higher percentage of true positives in both classes
while properly identifying 6,575 incidents. This suggests that suggests that the model has the ability to correctly identify
there are very few false negatives in the Anomaly class for the both ‘‘normal’’ and ‘‘anomaly’’ classes.

VOLUME 12, 2024 34815

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

TABLE 3. Accuracy, precision, recall and F1 score for Autoencoder and LR models

E. DISCUSSIONS ON RESULTS
The proposed framework enhances the cybersecurity of
WSNs in Industry 4.0 using a multi-criteria approach.
It implements machine-learning and deep-learning algo-
rithms for cybersecurity intrusion detection in WSNs of
Industry 4.0 and provides prevention by assigning priorities
to the threats based on the situation and nature of the attacks.
• In order to show the effectiveness of the proposed
framework, we implemented three models, i.e., Decision
Tree, MLP and Autoencoder, as proposed algorithms in
the framework. For multidimensional classification and
detection of cybersecurity intrusions, we implemented
Decision Tree and MLP models. For binary classifica-
tion and detection of cybersecurity intrusions in WSNs
of Industry 4.0, we implemented Autoencoder model.
Simulation results show that the Decision Tree model
FIGURE 15. Autoencoder receiver operating characteristic curve.
provides an accuracy of 99.48%, precision of 99.49%,
recall of 99.48%, and F1 score of 99.49% in the detec-
tion and classification of cybersecurity intrusions. The
The effectiveness of autoencoder model is assessed by pre- MLP model provides an accuracy of 99.52%, precision
cision and recall curve as given in Figure 14, a graph showing of 99.5%, recall of 99.5%, and F1 score of 99.5% in the
the precision and recall values for various threshold settings. detection and classification of cybersecurity intrusions.
Precision is plotted on the y-axis while recall is plotted on The implementation of Autoencoder with binary classi-
the x-axis. The average precision of model is represented by fication yields an accuracy of 91%, precision of 92%,
the area under the curve. The precision of the graph falls as recall of 91%, and F1 score of 91%.
the recall rises from its initial high precision and lower recall. • To the best of our knowledge and as reflected in the
With a high recall and low precision, the line terminates. The literature review, no existing studies have implemented
range of potential precision-recall curves for the autoencoder a multi-criteria approach for cybersecurity intrusion
model is shown by the area under the curve. The model has detection and classification in WSNs of Industry 4.0.
a lower precision for high recall values and a high precision Therefore, we implemented the benchmark models, i.e.,
for low recall values. Random Forest (RF) for multidimensional classification
Figure 15 shows a graph indicating the true positive rate and Logistic Regression (LR) for binary classifica-
and false positive rate for various threshold values for the tion. We compared the performance of the benchmark
Autoencoder model. The true positive rate is plotted on the models with the models implemented in the proposed
y-axis, while the false positive rate is plotted on the x-axis. framework, revealing that the models in the proposed
The area under the ROC curve is a measure of the overall framework significantly outperformed the benchmark
performance of the model. A curve value of 0.97 indicates models.
that the Autoencoder model performs well in finding the The Decision Tree model exhibits a notable capacity to accu-
normal and anomaly classes. rately classify instances as ‘Normal,’ which is a significant

34816 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

component in context with cybersecurity, at a rate of 99.48%. curity threats within Industry 4.0 environments. There is also
It does have trouble in classifying the difference between the challenge of obtaining relevant and diverse datasets. This
some types of attacks, such as ‘‘Blackhole’’ and ‘‘Grayhole.’’ can be solved by defining the strategies required to ensure
Even though the accuracy is better, there are small devia- the continuous supply of high-quality data for retraining.
tion in the recall and precision rates between classes. This Retraining costs are another issue that needs to be resolved;
suggests that it is difficult to find certain types of intrusions however, the incorporation of edge computing aims to dis-
accurately. The model is not very good at telling the dif- tribute the computational load efficiently, making constant
ference between different types of intrusions, as shown by retraining more practical and cost-effective. Although the
the small fluctuations in accuracy, recall, and F1-scores for use of AI-powered cybersecurity solutions raises a num-
classes like ‘‘TDMA’’ and ‘‘Blackhole.’’ The MLP model has ber of ethical considerations, privacy issues, and potential
a more equal performance across different classes, boasting biases. However, we thoroughly scrutinized the models for
an impressive accuracy of 99.52%. With respect to accurately any biases, implemented privacy-preserving techniques to
identifying ‘Normal’ and ‘Blackhole’ situations, it excels in safeguard sensitive information, and ensured transparency in
precision and recall rates. It does, however, have significant the decision-making process. We established a robust and
difficulty correctly distinguishing ‘Normal’ instances from responsible framework with AI-enabled cybersecurity intru-
other classes, as evidenced by some misclassifications in the sion detection and prevention mechanisms in line with the
confusion matrix. A reduced recall rate for ‘‘TDMA’’ cases ethical standards required in Industry 4.0 environments.
indicates that the model missed some instances in its predic-
tions. The Autoencoder model achieves an overall accuracy V. CONCLUSION
of 91% by using a binary classification approach. It obtains The proposed predictive framework is an intelligent and smart
a good balance between precision and a recall trade-off for way to find and prevent cybersecurity attacks in WSNs based
anomalous occurrences. Its strength is also its high preci- on Industry 4.0. The proposed framework combines impor-
sion for non-anomalous instances. Confusion matrix of the tant components including Industry 4.0, WSN, AI-driven
Autoencoder shows a minor percentage of misclassifications, detection, smart prioritization, and proactive safety measures.
particularly in differentiating between ‘Normal’ and ‘Anoma- Using three different machine learning models i.e., Decision
lies’ cases. Tree, MLP and the Autoencoder, we make it possible to find
Integration of the strengths of the Decision Tree, MLP, and and group different cybersecurity intrusions, which makes it
Autoencoder models could lead to a more complete solution easier for the network to quickly find and deal with these
for building a smartly prioritized and strong predictive. The possible risks. Simulation results show that the Decision Tree
goal of the study is to find intelligent ways to prioritize model provides an accuracy of 99.48%, precision of 99.49%,
things, and the Decision Tree is very good at finding ‘‘Nor- recall of 99.48%, and F1 score of 99.49% in the detec-
mal’’ situations. The even success of MLP model across tion and classification of cybersecurity intrusions. The MLP
different classes gives us a full picture of intrusions. But it model provides an accuracy of 99.52%, precision of 99.5%,
is important to talk about their own problems with telling recall of 99.5%, and F1 score of 99.5% in the detection
the difference between different types of intrusion. A hybrid and classification of cybersecurity intrusions. The implemen-
model that combines these strengths and makes up for their tation of Autoencoder with binary classification yields an
weaknesses by using feature engineering, ensemble methods, accuracy of 91%, precision of 92%, recall of 91%, and F1
or even the Autoencoder binary classification strategy can score of 91%. The framework also includes an intelligent
be used to make the system much better at making predic- prioritization model that is key to quickly identifying and
tions. The goal of this combination should be to create a responding to high-risk intrusions by allocating resources in
strong multiclass classification system that can quickly tell the best way to stop the worst attacks. Having a proactive
the difference between normal and abnormal cases. It is very preventive system in place makes the network more secure
important for Industry 4.0-based WSNs to have an adaptive by quickly taking action to stop threats and making the whole
and proactive cybersecurity strategy that uses real-time threat thing more resistant to damage. The proposed framework is
intelligence and models that are constantly retrained and meant to make Industry 4.0-based WSNs safer by adding
evaluated using new data. The proposed framework has the AI-based detection methods, ranking threats, and putting in
ability to be implemented in the real world through edge place proactive defense strategies.
computing. Edge computing is a scalable distributed com- The proposed study is limited to the specific domain of
puting paradigm that provides computing and data storage WSNs in Industry 4.0 for detection and prevention cyberse-
services closer to the source of data generation. Since the pro- curity intrusions. In order to safeguard the communication
posed framework involves Industry 4.0 and IIoT, edge nodes networks of other industries require further analysis. This
implemented with WSNs in Industry 4.0 are the best choice study can be further enhanced through implementation of
for data processing, and cloud datacenters will be used for hybrid and customized AI models by considering the con-
data storage and high-performance processing. We also made sequences of various types of attack. We aim to integrate
the assumption of constant model retraining in the proposed Industry 4.0 standards including ISO/IEC 27001, NIST
framework, which is based on the dynamic nature of cyberse- Cybersecurity Framework, and IEC 62443 with the proposed

VOLUME 12, 2024 34817

 F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

framework in future to make it more comprehensive and [13] S. Kumar and R. R. Mallipeddi, ‘‘Impact of cybersecurity on operations
effective. We intend to strengthen the proposed framework and supply chain management: Emerging trends and future research direc-
tions,’’ Prod. Oper. Manage., vol. 31, no. 12, pp. 4488–4500, Dec. 2022,
in the future by incorporating dynamic threat intelligence doi: 10.1111/poms.13859.
tools. Dynamic threat intelligence tools are cybersecurity [14] W. M. S. Yafooz, Z. B. A. Bakar, S. K. A. Fahad, and A. M. Mithun, ‘‘Busi-
solutions designed to provide real-time, up-to-date informa- ness intelligence through big data analytics, data mining and machine
learning,’’ in Data Management, Analytics and Innovation, vol. 1016. VIT
tion about potential and existing cybersecurity threats. These Vellore, India: Springer, Jan. 2024, pp. 217–230, doi: 10.1007/978-981-
tools have the ability to continuously analyze and interpret 13-9364-8_17.
data from various sources. However, these tools require more [15] A. M. Riad, A. S. Salama, A. Abdelaziz, and M. Elhoseny, ‘‘Intelligent
systems based on loud computing for healthcare services: A survey,’’ Int.
expert power, high-performance computational resources, J. Comput. Intell. Stud., vol. 6, nos. 2–3, p. 157, 2017, doi: 10.1504/ijcis-
and continuous training on updated datasets. By incorporat- tudies.2017.10010029.
ing these tools, the system will be able to handle complex [16] S. Zahoor and R. N. Mir, ‘‘Resource management in pervasive Internet of
Things: A survey,’’ J. King Saud Univ. Comput. Inf. Sci., vol. 33, no. 8,
and new threats. By integrating advance behavioral analysis
pp. 921–935, Oct. 2021, doi: 10.1016/j.jksuci.2018.08.014.
and anomaly detection methods, we intend to improve the [17] B. Diène, J. J. P. C. Rodrigues, O. Diallo, E. H. M. Ndoye, and
framework performance and enable it to successfully manage V. V. Korotaev, ‘‘Data management techniques for Internet of Things,’’
new and complex cyberattacks. Mech. Syst. Signal Process., vol. 138, Apr. 2020, Art. no. 106564, doi:
10.1016/j.ymssp.2019.106564.
[18] G. Fortino, A. Guerrieri, P. Pace, C. Savaglio, and G. Spezzano,
ACKNOWLEDGMENT ‘‘IoT platforms and security: An analysis of the leading indus-
This work was funded by the Deanship of Scientific Research trial/commercial solutions,’’ Sensors, vol. 22, no. 6, p. 2196, Mar. 2022,
doi: 10.3390/s22062196.
at Jouf University through the Fast-track Research Funding [19] I. H. Sarker, M. H. Furhad, and R. Nowrozy, ‘‘AI-driven cybersecurity:
Program. An overview, security intelligence modeling and research directions,’’
Social Netw. Comput. Sci., vol. 2, no. 3, p. 173, May 2021, doi:
10.1007/s42979-021-00557-0.
REFERENCES [20] A. Corallo, M. Lazoi, M. Lezzi, and P. Pontrandolfo, ‘‘Cybersecurity
[1] R. S. Peres, X. Jia, J. Lee, K. Sun, A. W. Colombo, and J. Barata, challenges for manufacturing Systems 4.0: Assessment of the business
‘‘Industrial artificial intelligence in Industry 4.0—Systematic review, chal- impact level,’’ IEEE Trans. Eng. Manag., vol. 70, no. 11, pp. 3745–3765,
lenges and outlook,’’ IEEE Access, vol. 8, pp. 220121–220139, 2020, doi: Nov. 2021, doi: 10.1109/TEM.2021.3084687.
10.1109/ACCESS.2020.3042874. [21] S. H. Zhu and P. Tang, ‘‘A design and implementation of water
[2] M. Ghobakhloo, ‘‘Industry 4.0, digitization, and opportunities for sus- surveillance system based on wireless sensor networks,’’ Appl.
tainability,’’ J. Cleaner Prod., vol. 252, Apr. 2020, Art. no. 119869, doi: Mech. Mater., vols. 602–605, pp. 2305–2307, Aug. 2014, doi:
10.1016/j.jclepro.2019.119869. 10.4028/www.scientific.net/amm.602-605.2305.
[3] M. van Geest, B. Tekinerdogan, and C. Catal, ‘‘Design of a [22] T. Ali, M. Irfan, A. Shaf, A. S. Alwadie, A. Sajid, M. Awais, and M. Aamir,
reference architecture for developing smart warehouses in Industry ‘‘A secure communication in IoT enabled underwater and wireless sensor
4.0,’’ Comput. Ind., vol. 124, Jan. 2021, Art. no. 103343, doi: network for smart cities,’’ Sensors, vol. 20, no. 15, p. 4309, Aug. 2020, doi:
10.1016/j.compind.2020.103343. 10.3390/s20154309.
[4] P. Pop, B. Zarrin, M. Barzegaran, S. Schulte, S. Punnekkat, J. Ruh, and [23] M. Hanif, H. Ashraf, Z. Jalil, N. Z. Jhanjhi, M. Humayun, S. Saeed, and
W. Steiner, ‘‘The FORA fog computing platform for industrial IoT,’’ Inf. A. M. Almuhaideb, ‘‘AI-based wormhole attack detection techniques in
Syst., vol. 98, May 2021, Art. no. 101727, doi: 10.1016/j.is.2021.101727. wireless sensor networks,’’ Electronics, vol. 11, no. 15, p. 2324, Jul. 2022,
[5] H. Singh, ‘‘Big data, Industry 4.0 and cyber-physical systems inte- doi: 10.3390/electronics11152324.
gration: A smart industry context,’’ Mater. Today: Proc., vol. 46, [24] D. Popescu, F. Stoican, L. Ichim, G. Stamatescu, and C. Dragana,
pp. 157–162, 2021, doi: 10.1016/j.matpr.2020.07.170. ‘‘Collaborative UAV-WSN system for data acquisition and processing
[6] A. Corallo, M. Lazoi, and M. Lezzi, ‘‘Cybersecurity in the context in agriculture,’’ in Proc. 10th IEEE Int. Conf. Intell. Data Acquisition
of Industry 4.0: A structured classification of critical assets and busi- Adv. Comput. Systems: Technol. Appl. (IDAACS), vol. 1, Sep. 2019,
ness impacts,’’ Comput. Ind., vol. 114, Jan. 2020, Art. no. 103165, doi: pp. 519–524, doi: 10.1109/IDAACS.2019.8924424.
10.1016/j.compind.2019.103165. [25] K. Shaukat, S. Luo, V. Varadharajan, I. Hameed, S. Chen, D. Liu, and
[7] J. Hajda, R. Jakuszewski, and S. Ogonowski, ‘‘Security challenges in J. Li, ‘‘Performance comparison and current challenges of using machine
Industry 4.0 PLC systems,’’ Appl. Sci., vol. 11, no. 21, p. 9785, Oct. 2021, learning techniques in cybersecurity,’’ Energies, vol. 13, no. 10, p. 2509,
doi: 10.3390/app11219785. May 2020, doi: 10.3390/en13102509.
[8] M. Humayun, N. Jhanjhi, B. Hamid, and G. Ahmed, ‘‘Emerging [26] L. F. Ilca, O. P. Lucian, and T. C. Balan, ‘‘Enhancing cyber-resilience for
smart logistics and transportation using IoT and blockchain,’’ IEEE small and medium-sized organizations with prescriptive malware analysis,
Internet Things Mag., vol. 3, no. 2, pp. 58–62, Jun. 2020, doi: detection and response,’’ Sensors, vol. 23, no. 15, p. 6757, Jul. 2023, doi:
10.1109/IOTM.0001.1900097. 10.3390/s23156757.
[9] M. Humayun, M. S. Alsaqer, and N. Jhanjhi, ‘‘Energy optimization for [27] W. Zhang, D. Han, K.-C. Li, and F. I. Massetto, ‘‘Wireless sensor network
smart cities using IoT,’’ Appl. Artif. Intell., vol. 36, no. 1, Dec. 2022, intrusion detection system based on MK-ELM,’’ Soft Comput., vol. 24,
Art. no. e2037255, doi: 10.1080/08839514.2022.2037255. no. 16, pp. 12361–12374, Aug. 2020, doi: 10.1007/s00500-020-04678-1.
[10] A. Petrosyan. Global Monthly Number of Cyber Attacks in Automotive [28] U. AlHaddad, A. Basuhail, M. Khemakhem, F. E. Eassa, and K. Jambi,
Sector 2022–2023. Accessed: Nov. 14, 2023. [Online]. Available: ‘‘Ensemble model based on hybrid deep learning for intrusion detection in
https://www.statista.com/statistics/1374790/biggest-automotive-cyber- smart grid networks,’’ Sensors, vol. 23, no. 17, p. 7464, Aug. 2023, doi:
attacks-worldwide/ 10.3390/s23177464.
[11] N. Verba, K.-M. Chao, J. Lewandowski, N. Shah, A. James, and F. Tian, [29] M. H. Ali, M. M. Jaber, S. K. Abd, A. Rehman, M. J. Awan,
‘‘Modeling Industry 4.0 based fog computing environments for appli- R. Damaševičius, and S. A. Bahaj, ‘‘Threat analysis and distributed denial
cation analysis and deployment,’’ Future Gener. Comput. Syst., vol. 91, of service (DDoS) attack recognition in the Internet of Things (IoT),’’
pp. 48–60, Feb. 2019, doi: 10.1016/j.future.2018.08.043. Electronics, vol. 11, no. 3, p. 494, Feb. 2022, doi: 10.3390/electron-
[12] I. Hussain, S. Tahir, M. Humayun, M. F. Almufareh, N. Z. Jhanjhi, ics11030494.
and F. Qamar, ‘‘Health monitoring system using Internet of Things [30] S.-F. Lokman, A. T. Othman, and M.-H. Abu-Bakar, ‘‘Intrusion detec-
(IoT) sensing for elderly people,’’ in Proc. 14th Int. Conf. Math., tion system for automotive controller area network (CAN) bus system:
Actuarial Sci., Comput. Sci. Statist. (MACS), Nov. 2022, pp. 1–5, doi: A review,’’ EURASIP J. Wireless Commun. Netw., vol. 2019, no. 1, p. 184,
10.1109/MACS56771.2022.10023026. Dec. 2019, doi: 10.1186/s13638-019-1484-3.

34818 VOLUME 12, 2024

F. Al-Quayed et al.: Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention

[31] M. Rabbat and R. Nowak, ‘‘Distributed optimization in sensor networks,’’ [48] I. Almomani, B. Al-Kasasbeh, and M. Al-Akhras, ‘‘WSN-DS: A dataset
in Proc. 3rd Int. Symp. Inf. Process. sensor Netw., Apr. 2004, pp. 20–27, for intrusion detection systems in wireless sensor networks,’’ J. Sensors,
doi: 10.1145/984622.984626. vol. 2016, pp. 1–16, Jan. 2016, doi: 10.1155/2016/4731953.
[32] W. Steingartner, D. Galinec, and A. Kozina, ‘‘Threat defense: Cyber [49] N. Farnaaz and M. A. Jabbar, ‘‘Random forest modeling for network
deception approach and education for resilience in hybrid threats model,’’ intrusion detection system,’’ Proc. Comput. Sci., vol. 89, pp. 213–217,
Symmetry, vol. 13, no. 4, p. 597, Apr. 2021, doi: 10.3390/sym13040597. Jan. 2016, doi: 10.1016/j.procs.2016.06.047.
[33] M. A. Al-Shareeda, S. Manickam, S. A. Laghari, and A. Jaisan, ‘‘Replay- [50] T. G. Nick and K. M. Campbell, ‘‘Logistic regression,’’ in Topics in
attack detection and prevention mechanism in Industry 4.0 landscape Biostatistics (Methods in Molecular Biology), vol. 404. Springer, 2007,
for secure SECS/GEM communications,’’ Sustainability, vol. 14, no. 23, pp. 273–301, doi: 10.1007/978-1-59745-530-5_14.
p. 15900, Nov. 2022, doi: 10.3390/su142315900.
[34] N. S. Safa, C. Maple, S. Furnell, M. A. Azad, C. Perera, M. Dabbagh, and
M. Sookhak, ‘‘Deterrence and prevention-based model to mitigate infor-
mation security insider threats in organisations,’’ Future Gener. Comput.
Syst., vol. 97, pp. 587–597, Aug. 2019, doi: 10.1016/j.future.2019.03.024. FATIMA AL-QUAYED is currently an Assistant Professor with the College
[35] R. Abu Bakar, X. Huang, M. S. Javed, S. Hussain, and M. F. Majeed, of Computer and Information Sciences, Jouf University, Saudi Arabia. She
‘‘An intelligent agent-based detection system for DDoS attacks using auto- has multiple publications in WoS/ISI/SCI/Scopus. She has vast experience in
matic feature extraction and selection,’’ Sensors, vol. 23, no. 6, p. 3333, academic qualifications. Her research interests include cyber security, wire-
Mar. 2023, doi: 10.3390/s23063333. less sensor networks (WSN), the Internet of Things (IoT), and knowledge
[36] J. Kim, M. Park, H. Kim, S. Cho, and P. Kang, ‘‘Insider threat detection management.
based on user behavior modeling and anomaly detection algorithms,’’ Appl.
Sci., vol. 9, no. 19, p. 4018, Sep. 2019, doi: 10.3390/app9194018.
[37] N. Peppes, E. Daskalakis, T. Alexakis, E. Adamopoulou, and
K. Demestichas, ‘‘Performance of machine learning-based multi-model ZULFIQAR AHMAD received the M.Sc. degree
voting ensemble methods for network threat detection in Agriculture 4.0,’’
(Hons.) in computer science from Hazara Univer-
Sensors, vol. 21, no. 22, p. 7475, Nov. 2021, doi: 10.3390/s21227475.
sity, Mansehra, Pakistan, in 2012, the M.S. degree
[38] L. S. Vailshery. Industry 4.0 Technologies to Have Greatest Impact on
Organizations Worldwide 2020. Accessed: Oct. 30, 2023. [Online]. Avail-
in computer science from COMSATS University
able: https://www.statista.com/statistics/1200006/industry-40-technology- Islamabad, Abbottabad, Pakistan, in 2016, and
greatest-impact-organizations-worldwide/ the Ph.D. degree in computer science from the
[39] F. A. Saputra, M. U. H. A. Rasyid, and B. A. Abiantoro, ‘‘Prototype of Department of Computer Science and Information
early fire detection system for home monitoring based on wireless sensor Technology, Hazara University, in 2022. He is
network,’’ in Proc. Int. Electron. Symp. Eng. Technol. Appl. (IES-ETA), the author of several publications in the fields of
Sep. 2017, pp. 39–44, doi: 10.1109/ELECSYM.2017.8240373. fog computing, cloud computing, artificial intel-
[40] K. Akkaya, M. Younis, and W. Youssef, ‘‘Positioning of base stations ligence, high-performance computing, and scientific workflow scheduling
in wireless sensor networks,’’ IEEE Commun. Mag., vol. 45, no. 4, and management. His current research interests include scientific workflow
pp. 96–102, Apr. 2007, doi: 10.1109/MCOM.2007.343618. management in cloud computing, the Internet of Things, fog computing,
[41] L. Yunhong and Q. Meini, ‘‘The design of building fire monitoring system edge computing, artificial intelligence, cybersecurity, and wireless sensor
based on ZigBee-WiFi networks,’’ in Proc. 8th Int. Conf. Measuring networks (WSNs).
Technol. Mechatronics Autom. (ICMTMA), Mar. 2016, pp. 733–735, doi:
10.1109/ICMTMA.2016.180.
[42] A. Alkhatib, ‘‘Sub-network coverage method as an efficient method of
wireless sensor networks for forest fire detection,’’ in Proc. ACM Int. Conf.,
vols. 22–23, Mar. 2016, pp. 1–7, doi: 10.1145/2896387.2896450. MAMOONA HUMAYUN is currently an Assis-
[43] H. Dabiri, V. Farhangi, M. J. Moradi, M. Zadehmohamad, and tant Professor with the College of Computer
M. Karakouzian, ‘‘Applications of decision tree and random forest as tree- and Information Sciences, Jouf University,
based machine learning techniques for analyzing the ultimate strain of Saudi Arabia. She has highly indexed publications
spliced and non-spliced reinforcement bars,’’ Appl. Sci., vol. 12, no. 10, in WoS/ISI/SCI/Scopus and her collective research
p. 4851, May 2022, doi: 10.3390/app12104851. impact factor is more than 200 plus points. Her
[44] G. S. Fischer, R. D. R. Righi, G. D. O. Ramos, C. A. D. Costa, and Google Scholar H-index is 28 and I-10 Index is
J. J. P. C. Rodrigues, ‘‘ElHealth: Using Internet of Things and data close to 78, with more than 150 publications on
prediction for elastic management of human resources in smart hospi- her credit. She has several international patents
tals,’’ Eng. Appl. Artif. Intell., vol. 87, Jan. 2020, Art. no. 103285, doi: on her account, including U.K. and Japanese. She
10.1016/j.engappai.2019.103285. has edited/authored over five research books published by World-Class
[45] N. Mozaffaree Pour and T. Oja, ‘‘Prediction power of logistic regression Publishers. She has excellent experience in supervising and co-supervising
(LR) and multi-layer perceptron (MLP) models in exploring driving forces
postgraduate students and more than 13 postgraduate scholars graduated
of urban expansion to be sustainable in Estonia,’’ Sustainability, vol. 14,
under her supervision. She has completed more than 15 funded research
no. 1, p. 160, Dec. 2021, doi: 10.3390/su14010160.
[46] A. Kumari, R. K. Patel, U. C. Sukharamwala, S. Tanwar, M. S. Raboaca,
grants successfully. She has vast experience in academic qualifications,
A. Saad, and A. Tolba, ‘‘AI-empowered attack detection and prevention including ABET and NCAAA. Her research interests include cyber security,
scheme for smart grid system,’’ Mathematics, vol. 10, no. 16, p. 2852, wireless sensor networks (WSN), the Internet of Things (IoT), requirement
Aug. 2022, doi: 10.3390/math10162852. engineering, global software development, and knowledge management. She
[47] Y. Song, S. Hyun, and Y.-G. Cheong, ‘‘Analysis of autoencoders for has served as a keynote/invited speaker for many international conferences
network intrusion detection,’’ Sensors, vol. 21, no. 13, p. 4294, Jun. 2021, and workshops. She serves as a reviewer for several reputable journals.
doi: 10.3390/s21134294.

VOLUME 12, 2024 34819