Enhanced SVM Model with Orthogonal Learning Chaotic Grey Wolf Optimization for Cybersecurity Intrusion Detection in Agriculture 4.0

"Smart agriculture" [1, 2] is a new way of farming that emphasizes individualized customer care by making use of cutting-edge information technologies including the web, big data, the internet of things, and many others. In a word, the new method is an information technology–enabled, farm–specific answer. While modern information technology offers promising avenues for the enhancement of agricultural production, it also makes considerable stresses on safety in the context of smart farming [3]. Agriculture 4.0 is more than just a trend; it's the next technological step in the industry's evolution toward smarter, more efficient, and greener practices. The massive amounts of data generated by the supply chain every day [4]. This data was before wasted, but with the advent of big data and advanced farming techniques, it can be used to significantly advance the harvest and quality of any crop.

1.1 Advantages of Agriculture 4.0

The following sections discuss the results of practicing "smart agriculture".

Production volume: When used to farming, smart technology has the potential to greatly increase output. This helps meet the challenge of feeding an expanding population.

The quality of production has far-reaching consequences for the health and nourishment of Americans of all income levels. If a country's residents have access to higher-quality food, they will be healthier and live longer, increasing their economic output.

Efficiency in agricultural methods and material consumption: Smart technology can improve the efficiency of traditional farming practices. This, in turn, indorses better utilization of agricultural capitals [5].

The ideal production cost: It occurs when the methods employed strike a good balance between quantity, quality, and efficiency. The price of agricultural products goes up as a result.

Efforts to Lessen Waste The agricultural sector, a major contributor to the economy, is mostly to fault for the enormous amounts of food and other secondary resources that go to waste every year. This waste might be monitored and reduced with the help of modern technologies.

Ecological sustainability is achieved by direct reductions in environmental and ecological footprints as a result of decreased left-over and increased agricultural procedure efficiency.

Saving Time: Smart agriculture's timely distribution of required pesticides, fertilizers, and other consequence in timely and agricultural production with fewer wounded [6].

While implementing agricultural 4.0 technology, the farming may be at risk from the following:

More computational capabilities will be built into systems as gadgets and technology evolve [7]. The goal of this sort of integration is to provide for the requirements of sustainable agriculture, mechanization, and farming methods [8]. Safeguarding sensitive information is another concern. Data privacy, data trustworthiness, and data accuracy from data production through decision making are all very vital.

• Theft of sensitive company and consumer information.
• By stealing resources managed by sensors and devices and destroying their targets.
• Reputational harm if sensitive information is leaked.

Damage to agricultural infrastructure, sensor failures in livestock breeding, scheme hacks in greenhouse farming are all potential threats to Agriculture 4.0 [9]. All of them have the potential to disrupt farming operations by damaging the hardware and software that makes up the IoT infrastructure. Malicious attacks, illegal access, privacy breaches, and other problems [10] also plague data-gathering technology.

The field has shifted, with researchers focusing on agricultural contexts including water management, livestock, and farmlands, as well as artificial intelligence and machine learning. Numerous water-saving and productivity-boosting monitoring, management, and decision-making options have been explored in the irrigation sector [11].

1.2 Research motivation

This piece was inspired by three main ideas:

1) As a response to the low output of conventional farming and the widespread adoption of information knowledge, "smart agriculture" is a novel paradigm that merges the two. It might be the breakthrough in farming that finally takes off. Therefore, outlining the existing production model and specific investigations is essential [12].

2) There has been less analysis of security issues in smart agriculture despite a lot of study in this area compared to industrial security solutions.

3) Thirdly, analyzing the worries in smart agricultural contexts is essential [13].

4) Given the aforementioned factors, it is impossible to provide an inclusive overview of the security issues posed by smart agriculture without leaving many gaps in our understanding.

These new technologies have seen extensive use in Industry 4.0, and it would be easy to adapt them for use in farming. Since the placement of IoT-based devices is in a public arena, the greatest difficulty in establishing technologies, but rather in the guarantee of privacy. The cyber security research community recommends (IDS), which are a skill for network safety that constantly monitors occurrences inside a system and assesses them in light of intrusion indication [14].

Anomaly-based intrusion detection systems (deep-learning techniques) are the subject of this study. However, in the area of Agriculture 4.0, there are eight significant obstacles to overcome: Challenges include [[IIoT data collection]], [[less training data]], [[non-representative training data]] [15]. These glitches are solved by our suggested model. Our article makes use of widely-used, up-to-date datasets that have been put to good use by the research community in the creation of intrusion schemes for IIoT systems.

Our aids in this work are:

We provide an evolutionary algorithm-based machine learning system for improving IDS models.

We analyze and compare several machine learning strategies for cyber safety in agriculture 4.0 and offer an evaluation of their efficacy.

Using the TON_IoT dataset, two brand-new real-world traffic datasets, we investigate the performance of each model across two categorization types (binary and multiclass).

We pay special attention to the ROC Curve, the False Acceptance Rate (FAR), the True Negative Rate (TNR), the Detection Rate (DR), and the Precision.

1.3 Organization of the paper

Here is how the rest of this piece is laid out. In Part 2, we'll examine the relevant literature. The use of IDSs is described in Section 3. A comparison of several IDS for Agriculture 4.0 is providing in Section 4. Section 5 accomplishes the paper.

In this section, interest to security researchers who work to ensure the safety of the scheme. we suggest machine learning-based cyber-attacks that is explained in the following sub-sections.

3.1 Network model

Three levels, or "layers," make up the Agriculture 4.0 network model given here: (1) Agricultural sensors; (2) Fog computing; and (3) Cloud computing. Data collected by drones and other Internet of Things sensors is used in the agriculture sector. In the agricultural sensors layer, actuators are triggered by data that meets predetermined criteria. The agricultural sensors layer incorporates new energy technologies and smart grid design to power Internet of Things gadgets. Each fog node has an intrusion detection system powered by deep learning. Cloud computing nodes offer storage services, while the fog computing layer analyzes the IoT data with machine learning algorithms after receiving it from the agricultural sensors layer. Intrusion detection systems that rely on deep learning to process data do their calculations in the fog nodes. We assume that there is a malicious party intent on disrupting the network's operations in order to compromise food security, the efficacy of the agri-food supply chain, and agricultural production.

3.2 Dataset description

In particular, we used the CIC-DDoS2019 dataset [23] and the TON dataset [24]—two recently released real-world traffic datasets. There are three criteria for picking them: Agriculture 4.0 is like these networks because (1) they were designed for a TCP/IP communication stack, (2) they feature DDoS assaults, and (3) they are representative of the nature of the industry.

The TON_IoT dataset was developed to mimic the functioning of actual operational IoT/IIoT networks through the use of interacting network parts and IoT/IIoT systems across the Edge, Fog, and Cloud. To help with the administration of the interplay between these three levels, the NSX-VMware platform was used (NFV) technologies. The experiment is coded in Python 3 on a GPU using TensorFlow, and it is run on Google Colaboratory (https://colab.research.com). To be more specific, there are four stages to the method: There are four stages: (1) gathering datasets, (2) pre-processing, (3) training, and (4) testing.

3.3 Pre-processing of the CIC-DDoS2019 dataset

There are a CIC-DDoS2019 dataset [23], including 50,006,249 rows related to DDoS assaults and 56,863 rows related to normal traffic. Each column has 86 characteristics. Table 1 summarizes the attack statistics for dataset. The training dataset includes 12 DDoS attacks, including NTP, DNS, LDAP, Microsoft SQL Server, NetBIOS, SNMP, SSDP, User Datagram TFTP.

• An NTP-based attack is a (DDoS) attack in makes advantage of a compromised Network Time Protocol (NTP) server to overwhelm a targeted client-server or other network with an excessive amount of UDP data traffic. This type of attack has the possible to render the target and its associated network unreachable to legitimate traffic.
• An attack that leverages the Domain Name System (DNS) to flood a target IP address with resolution requests is called a reflection-based DDoS assault.
• By sending queries to a publicly accessible susceptible LDAP server, an attacker can create huge replies (amplified), which are then reflected to a target server, causing a distributed denial of service (DDoS) attack.
• An MSSQL- DDoS attack in which the attacker forges an IP address to make scheduled requests seem to originate from the target server, thereby overwhelming its resources.
• An attacker conducting a reflection-based DDoS assault against NetBIOS can trick a target computer into rejecting all incoming NetBIOS communication by sending a faked "Name Release" or "Name Conflict" message.
• To jam the target's network pipes, an SNMP-based assault will produce attack volumes in the hundreds of gigabits per second using the Simple Network Management Protocol (SNMP).
• An SSDP-based assault is a reflection-based distributed denial of service attack in which the attacker uses UPnP protocols to send a victim an amplified quantity of data.
• Attacks based on User Datagram Protocol (UDP) lag try to disrupt the targeted host by flooding it with IP packets containing UDP datagrams.
• To compromise a Web server or application, a WebDDoS-based attack will use seemingly innocuous HTTP GET or POST requests.
• By mimicking the normal sending SYN-ACK (synchronize-acknowledge), and responding with an ACK (acknowledge), a SYN-based attack might starve the victim server of its resources and render it inoperable.
• The Trivial File Transfer Protocol (TFTP) may be exploited in this assault, which makes use of online TFTP servers. The attacker file, and the victim TFTP server returns the data to the attacker's target host.
• A port scan can be performed on a single computer or on a whole network as part of a port scan-based assault. Scanning is performed by inquiring as to what services are active on a remote server.

Table 1. Attack categories in CICDDoS2019 dataset

Classification problems including two classes and classification errands involving more than two classes (multi-class classification) are studied in order to assess the efficacy of machine learning algorithms. We generate data sets with class labels of Dataset_2_class, Dataset_7_class, and Dataset_13_class. Table 2 shows, for instance, the data used in training and testing the Dataset_2_class.

Table 2. Attack categories in Dataset_2_class

3.4 Pre-processing of dataset

Data from networks, operating systems, and telemetry devices make up the TON_IoT dataset, a novel testbed for an IIoT network. IoT and IIoT sensor telemetry data is provided in 7 separate formats.

These files include the following information:

• Data types found in File 1: "Train_Test_IoT_Weather" include: Normal (35,000 rows), DDoS (5,000 rows), Injection (5,000 rows), Password (5,000 rows), Backdoor (5,000 displays the Internet of Things data from a networked weather sensor, including temperature, pressure, and humidity values.
• File 2: "Train_Test_IoT_Fridge" has the following categories of rows: Normal (35,000), DDoS (5,000), Injection (5,000), Password (5,000), Backdoor (5,000), Ransomware (2902), and XSS (2942). Data from a networked refrigerator sensor, including temperature readings and ambient variables, are presented in this file.
• File 3: "Train_Test_IoT_Garage_Door" includes the following categories of data: Normal (70,000 rows), DDoS (10,000 rows), (10,000 rows), Password. Data from a networked door sensor is shown in the file, showing whether the door is open or closed.
• File 4: "Train_Test_IoT_GPS_Tracker" includes the following categories of data: Normal (35,000 rows), DDoS (5,000 rows), Injection (5,000 rows), Password (5,000 rows), Backdoor (5,000 rows), Ransomware (2,833 rows), XSS (577 rows), and Scanning (550 rows). Data from a networked GPS tracker sensor, including its latitude and longitude coordinates, is presented in the file.
• You'll find the following data types in File 5: "Train_Test_IoT_Modbus": Normal. IoT data file containing Modbus function code for reading an input register.
• You'll find the following categories in File 6: "Train_Test_IoT_Motion_Light" and Scanning (3550 rows). The data in the file is the Internet of Things readings from a switched-on or -off light sensor.
• Included in File 7 "Train_Test_IoT_Thermostat" are the following types of data: Normal (35,000 rows), Injection (5,000 rows), Password (5,000 rows). The file contains Internet of Things data showing the current temperature as measured by a thermostat sensor on the network.

3.5 Classification using Enhanced multiclass SVM (EMSVM) model

To model intricate connections between variables, SVM is well recognized as a statistical ML technique. The power to generalize and the capacity to deal with the curse of dimensionality are excellently combined in SVM. Typically, DM and ML algorithms suffer from the curse of dimensionality, which reduces their effectiveness. However, SVM has proven itself to be a gifted method that can achieve remarkable results despite the limited data available for training the algorithm. When used to non-linearly separable problems, kernel functions allow SVMs to effectively translate them into higher dimensions, where they may be separated with more ease. The vast majority of widely-applied models can have a common foundation thanks to kernel mapping. The training dataset's original dimension-space is transformed to higher dimensionality in order to map non-linear separable samples into separable ones That can be readily differentiated. Although SVM was originally designed for use in classification, it has now been shown to be effective in regression as well. The scenario studied here is categorized as a research challenge. It is well knowledge, however, that a model's generalizability increases as its ability to increase the margins between classes does. To achieve generalization in SVM, it is common practice to generate a collection of vectors that is sparse but yet capable of definitively distinguishing between classes. Boundary examples capture the information required to partition the classes, and hence may be used to categorize new data.

The primary objective of any classification problem is to establish a correlation between a given set of input features (also called predictors) and a given set of class variables (also called training instances) in a given input features (also called predictors) and m training instances. Note that whereas XR in regression issues, YR in classification difficulties. As an example, consider a classification problem with a training dataset.

T=x_ij, x_(i+1, j+1),...,x_nm, $c_{-} 1, c_{-} 2, \ldots c_{-} t$, where t >=1. An ''Optimal Separating Hyperplane (OSH)'' is generated by minimizing are then applied to the training dataset to produce accurate results.

$\operatorname{sgn}\left(\sum_{i=1}^n y_i \propto_i \cdot K\left(x_i \cdot x_j\right)+b\right)$        (1)

where, $x_j=1,2, .3 \ldots, Z$ are the so-called the '' (SV)''. The ''lagrange dual equation,'' denoted by Eq. (2) and sometimes is used to get the coefficient _i and the bias b.

$\operatorname{MAX}\left(\sum_{i=1}^n \propto_i-\frac{1}{2} \sum_{i=1}^n \sum_{j=1}^n \propto_i \propto_j \cdot y_i y_j . K\left(x_i, x_j\right)\right)$    (2)

where:

$\sum_{i=1}^n \propto_i y_i=0$      (3)

Only if 0_iC, can we say that x_j is a support vector. In where C is issue that determines the misclassification error vs margin tradeoff. In other words, C controls the price at which you must choose between simplifying your model and reducing your training errors. It's worth noting that the SVM has a significant penalty for points, therefore if C is SVM could create an over-fitted model. However, a model may be under-fitted if C is too low. However, the dataset is transformed into hyperplanes via the kernel function K.

SVM may make use of a wide variety of kernel function types. Polynomial and Radial Basis Function (RBF) are the two most used methods. Degree d polynomial function is found using Eq. (4):

   $K\left(x_i, x_j\right)=\left(x_i^T \cdot x_j+1\right)^d$      (4)

Note that the additive constant in the equation disappears when d = 1, transforming the polynomial function back into a linear one. This allows us to derive Eq. (5), which yields the linear kernel function:

$K\left(x_i, x_j\right)=x_i^T x_j$      (5)

However, the RBF (or Gaussian kernel) is determined by the following Eq. (6):

$K\left(x_i \cdot x_j\right)=\exp \left(-\gamma x_i-x_j^d\right)$      (6)

In which the Gaussian width is determined by. To put it another way, it functions similarly to d in Polynomial kernel in that it determines the degree of adaptability of the final classifier. Here, $\gamma=\frac{1}{2 \sigma^2}$ and $\sigma$ is a free parameter.

Sigmoid kernel is another type of Neural Network-related kernel function. This kernel function, which has been in use since 1995, may be computed with the help of the following Eq. (7):

$K\left(x_i, x_j\right)=\tan h\left(\gamma x_i^T x_j+r\right)$      (7)

where, $\gamma$ and $r$  are kernel influences.

3.5.1 Parameter settings in EMSVM

Research and finding the optimal standards of the most critical limits is necessary when constructing any classification model to ensure successful training and then reasonable testing of the created classification perfect(s). The present study employs a technical parameter exploration strategy to ensure that the best parameter values picked, as the parameters of an SVM model, '' in QP'' (k), and ''the kernel'' (K). An additional factor to think about is e (''Epsilon,'' for short), which determines the mistake margin before punishment kicks in. Choosing these criteria is typically a time-consuming and exhausting trial-and-error procedure. In this research, a "improved GWO" is used to the provided dataset in order to fine-tune all the aforementioned parameters necessary for developing a reliable SVM model.

3.5.2 Parameter tuning with chaotic grey wolf optimization (CGWO)

To avoid becoming stuck in a rut of local optimization, we provide the Optimization for feature learning. The traditional GWO takes its cues for its optimal selection of SVM models from the ranking and hunting methods used in this study.

Grey wolves may be divided into four distinct subspecies. Alpha (the leader), beta (one who contributes to decision making), delta (one who defers to alphas and omegas), and omega (the wolf pack's subservient member) are the four positions. The hunting group exhibits numerous social qualities in addition to the distinct ones associated with socioeconomic status. There are three distinct features of the hunting phase: First, there is the pursuit and approach; second, there is the pursuit and encirclement; and third, there is the attack to the target. The CGWO perfect is a mathematical framework inspired on the social structure of wolves.

3.5.3 Orthogonal learning-based CGWO (OLCGWO)

Orthogonal CGWO is an ‘intelligent drive mechanism’ for making a provisional position like $r=\left(r_1, r_2, \ldots, r_n\right)^T \quad$ and $\quad h=\left(h_1, h_2, \ldots, h_n\right)^T$ for altogether particles. It is uttered as in Eqs. (8)-(9):

$h_j=x_{i, j}+w v_{i, j}+c_1 r_{1, j}\left(x_{i, j}^{p b e s t}-x_{i, j}\right)$       (8)

$r_j=x_{i, j}+w v_{i, j}+c_2 r_{2, j}\left(x_j^{g b e s t}-x_{i, j}\right)$（9）

Social learning and individual cognition are represented by 'r' and 'h' in this context. Next position 'x' is obtained by applying the OLCGWO over 'r' and 'h', and the particle's velocity is calculated by taking the absolute value of the difference among the particle's present location and its future position, 'x'.

The OLCGWO mechanism for motion combines 'r' and 'h' data effectively to determine the next particle's location. Particles generate their current velocity and position via a moving mechanism throughout the searching process. The mobile mechanism for determining both the particle and population optimal solution. Particle searching is performed using x_iol, which is a replacement for x_ipbest and x_gbest in the orthogonal learning strategy's implementation of the moving mechanism. Eq. (10) represents a revised expression for the particles' velocities.

$v_{i, j}=w v_{i, j}+c_1 r_{1, j}\left(x_{i, j}^{o l}-x_{i, j}\right)$      (10)

In this case, the x_iol stores encouraging data, such as x_ipbest and x_gbest, to counteract the oscillation observed when learning from an exemplar with a lot of abrupt changes in direction. In terms of the generations required to get the optimal particle configuration, x_iol serves as a benchmark.

A new learning example is produced once the exemplar approaches the maximum mobility strategy. Stagnation is assumed to occur at generation k_i. When the particles' best-case scenario isn't changed, we add 1 to k_i. A new learning example is created whenever k_i > K. Best searching efficiency is improved by avoiding oscillation using this approach.

In order to keep the most important data from the particles intact, this study explores dimensional learning, which is motivated by OLCGWO. Here, the learning exemplar x_i_ol is built by transferring knowledge from x_i_pbest, which in turn was learned from x_gbest. This opens the door for xgbest to become the standard. An example is given to show how it works. Let's pretend we're trying to find the global minimum of a five-dimensional sphere using the function f(x) = x_12+x_22+x_32+x_42+x_52T. x_ipbest= (1,0,3,2,4)T is the best possible position. Similarly, xgbest = (2,4,2,0,T) is the best possible location right now. According to the illustration, x_ipbest = 30, and f(xgbest) = 28. Next, x_i_pbest uses the global features of x_gbest as a model for improvement. The xtemp vector is a temporary one, i.e., $x^{\text {temp }}=x_i^{\text {pbest }}=(1,0,3,2,4)^{\mathrm{T}}$.