Umar Kabir Umar* 5
In recent years, wireless sensor networks (WSNs) have attracted considerable interest from both researchers and industry professionals due to their ability to monitor environmental conditions effectively. Their cost-effectiveness, ease of installation, and user-friendly attributes make them a promising alternative to conventional sensory systems. These benefits have led to their widespread adoption in numerous fields, including healthcare, telecommunications, military applications, environmental observation, and medical research [1]. WSNs function through interconnected sensor nodes, which are arranged in various topologies such as star, tree, or mesh structures [2]. These nodes play a critical role in detecting data transmission and managing communication within the network. Their primary operations include sensing, data processing, computation, and communication [3, 4]. WSNs are commonly deployed in remote and inaccessible regions to monitor natural disasters such as floods, storms, wildfires, volcanic eruptions, and earthquakes. Additionally, they are used in more routine applications, such as tracking patient health metrics, developing smart environments and cities, optimizing logistics and flow management, and enabling Internet of Things (IoT) functionalities [5, 6]. Despite their advantages, WSNs also face several limitations, particularly in terms of security. These networks are vulnerable to various security threats and attacks due to their constrained resources, such as limited battery life, memory, storage, communication bandwidth, and processing power [3]. Furthermore, since WSNs are often deployed in unattended environments, their sensing components are susceptible to significant interference and potential cyber threats. Their accessibility increases the risk of malicious attacks, which can compromise network integrity and disrupt communication. These attacks can be classified into external and internal threats. External attacks involve the introduction of a rogue node that infiltrates the closed network, whereas internal attacks occur when an authorized node is compromised and manipulated by an attacker. The nature and severity of these attacks depend on their intent and the targeted network layer [7]. Among the numerous security threats faced by WSNs, Distributed Denial-of-Service (DDoS) attacks pose a significant challenge. These attacks come in various forms but share the common objective of depleting the energy of sensor nodes, thereby preventing them from performing their designated functions. Different types of DDoS attacks include blackhole, grayhole, flooding, and scheduling attacks. In a blackhole attack, a malicious node falsely claims the role of a cluster head (CH), responsible for forwarding data from sensor nodes to the base station. Instead of relaying the collected data, the attacker intercepts and discards it. Similarly, in a grayhole attack, a malicious node acts as a cluster head but selectively drops data packets at random, forwarding only a portion of the received packets to the base station. In a flood attack, the malicious node transmits excessive cluster head advertisement messages (ADV_CH) at high power levels, causing other sensor nodes to rapidly deplete their energy reserves [8]. This forces distant nodes to use more energy to communicate with the cluster head. In a scheduling attack, the malicious node allocates overlapping data communication slots to multiple sensor nodes, resulting in packet collisions and subsequent data loss. To enhance WSN security and mitigate DDoS attacks, various machine learning and deep learning techniques have been utilized in developing Intrusion Detection Systems (IDS). Algorithms such as Support Vector Machine (SVM) [9], K-Nearest Neighbor (KNN) [10], Perceptron [11], Long Short-Term Memory (LSTM) [12], Recurrent Neural Network (RNN) [13], Convolutional Neural Network (CNN) [14], and Artificial Neural Network (ANN) [15] have demonstrated high accuracy in detecting malicious activities. However, there remains a need for more robust, interpretable, and efficient models that can provide improved security across diverse applications. This paper presents a novel approach for detecting and classifying DDoS attacks in wireless sensor networks using a hybrid model that combines Particle Swarm Optimization (PSO) with the Kolmogorov-Arnold Network (KAN). The proposed system enhances KAN’s ability to optimize univariate functions and parameters by considering each particle in the swarm as a potential solution representing a set of KAN parameters. Initially, PSO generates a population of particles with randomly assigned KAN parameters, such as weights and coefficients for univariate functions. The performance of each particle is assessed by training KAN on the dataset and evaluating its classification accuracy. The particles then refine their positions iteratively based on their own best performance and the best solution found globally, following predefined velocity and position update formulas. This optimization process steers the search towards the most effective KAN parameters, enabling the network to learn optimal function transformations for precise classification. By utilizing PSO’s global search capability, KAN effectively selects the best univariate functions and parameters to strengthen DDoS attack detection in wireless sensor networks.
The objectives of the paper are summarized as follows.
- To develop a hybrid PSO-KAN model that uses Particle Swarm Optimization (PSO) to optimize the selection and parameters of the Kolmogorov-Arnold Network’s (KAN) univariate functions. This ensures the best transformation of raw wireless sensor network (WSN) traffic data into meaningful representations that enhance classification accuracy for DDoS attack detection.
- To enhance detection accuracy and efficiency by leveraging PSO to fine-tune KAN’s parameters. The proposed system enhances KAN’s ability to optimize univariate functions and parameters by considering each particle in the swarm as a potential solution representing a set of KAN parameters.
- To reduce computational complexity through the integration of PSO with KAN, which helps in finding optimal parameters without exhaustive manual tuning
The rest of this paper is organized as follows: Section II of the paper presents the summary of the state-of-the-art approaches. Section III presents the proposed PSO-KAN framework for detection and classification of DDoS in WSN. Section IV presents the presents the experiment and results obtained. Lastly, section VI concludes the work and its findings.
LITERATURE REVIEW
This section explores and evaluates advanced techniques for detecting and predicting DDoS attacks in Wireless Sensor Networks (WSNs). To enhance node security and ensure safe communication within WSNs, researchers from both academia and industry have proposed various methods. For instance, the study in [16] assessed the effectiveness of three algorithms (Deep Neural Network (DNN), Self-Taught Learning (STL), and Recurrent Neural Network (RNN)) in identifying four types of security threats. Their evaluation, based on accuracy, precision, recall, and F1 score, utilized the KDD and NSL-KDD datasets for training and testing. Results indicated that the STL approach achieved the highest accuracy compared to the benchmarked LSTM model. In [17], researchers developed Scale-Hybrid-IDS-AlertNet, a scalable hybrid DNN framework for real-time network traffic analysis and host-level event detection to proactively identify cyber threats. Initially fine-tuned with the KDD-99 dataset, the model was later validated using multiple benchmark datasets, such as NSL-KDD, UNSW-NB15, Kyoto, WSN-DS, and CICIDS2017. The framework demonstrated a higher accuracy for binary classification as compared to multiclass classification when applied to the WSN-DS dataset. The study in [18] introduced a Deep Learning-based Defense Mechanism (DLDM) designed to detect and mitigate DoS attacks during the Data Forwarding Phase (DFP). This method enhances detection reliability for various DoS attacks, including fatigue, jamming, homing, and flooding. Extensive simulation studies showed that the approach effectively distinguished between legitimate and malicious activities, achieving high detection accuracy, improved throughput, enhanced packet delivery ratio, and optimized overall performance, while also reducing energy consumption and minimizing false alarms. Furthermore, the authors in [19] employed Long Short-Term Memory (LSTM) networks to detect different types of cyber threats, such as DDoS attacks, command injection, and network malware, achieving an accuracy of 86.9%. Their findings demonstrated that LSTM outperformed other traditional machine learning techniques, particularly in identifying untrained malware threats, highlighting its superior ability to detect previously unseen attacks. To evaluate the efficiency of machine learning algorithms in identifying and predicting DDoS attacks in WSNs, the authors of [20] implemented a Random Forest (RF) classifier to detect different types of DoS attacks within the WSN-DS dataset. Their approach yielded high F1-scores for Blackhole, Flooding, Grayhole, Normal, and Scheduling (TDMA) attacks, respectively, with a promising classification accuracy. In [21], a comparative analysis was conducted on five major machine learning classification techniques alongside one deep learning algorithm. The researchers trained an Artificial Neural Network (ANN) and five machine learning models using the dataset, applying K-fold cross-validation to enhance predictive performance. The results confirmed that machine learning techniques like Random Forest and Support Vector Machines, along with deep learning approaches such as ANN, were effective in detecting network intrusions. In [22], the Random Forest algorithm was applied to the NSL-KDD dataset, achieving a maximum accuracy of 85.34%. This classification focused on identifying various attack types, including unauthorized remote access, DoS attacks, remote superuser access, and port scanning. The study in [23] analyzed the WSN-DS dataset, a widely recognized dataset in the WSN field, using seven distinct machine learning models. Among them, the Random Forest algorithm exhibited the highest accuracy in comparison to the other algorithms. Similarly, Okur and Dener [24] investigated IoT botnet attack traffic using machine learning techniques, where the Decision Tree algorithm achieved an outstanding accuracy. In [25], researchers further analyzed the WSN-DS dataset by implementing multiple learning models and classifying data based on attack types while also documenting the False Positive Rate and False Negative Rate percentages. To further enhance the performance of Machine Learning and Deep Learning-based Intrusion Detection Systems, several studies have combined the strengths of multiple algorithms to achieve optimal detection and classification accuracy. For instance, in [26], the authors proposed a CNN-LSTM approach to detect and classify DoS intrusion attacks, including Flooding, Blackhole, Normal, TDMA, and Grayhole. Their study utilized the computer-generated WSN-DS dataset for wireless sensor network intrusion detection. The proposed model showed promising results, achieving an accuracy of 97% in detecting and classifying the attacks. In [27], the researchers introduced a hierarchical neural network model named LuNet, which integrates multiple layers of CNN and RNN to jointly learn from input data. The model was tested on both the NSL-KDD and UNSW-NB15 datasets for binary and multiclass classification tasks. On the NSL-KDD dataset, LuNet achieved a higher accuracy rates for binary classification as compared to multiclass classification.
MATERIALS AND METHODS
In this section, the conventional Particle Swarm Optimization, Kolmogorov Arnold Network and the hybrid Particle Swarm Optimization and Kolmogorov Arnold Network (PSO-KAN) for Detection DDoS attacks in Wireless Sensor Networks (WSN) is presented.
- Particle Swarm Optimization
Particle Swarm Optimization (PSO) is an optimization technique inspired by the collective movement of birds or fish in search of food. Developed by Kennedy and Eberhart in 1995, PSO has been extensively used to solve optimization problems across different fields. It operates as a population-based method, where multiple candidate solutions, known as particles, navigate the search space to locate the best possible outcome. Each particle's position and velocity are continuously adjusted based on its own past performance and the experience of the entire group. The algorithm aims to direct particles toward the most promising solutions while preserving exploration to prevent convergence to suboptimal points.
- Initialization and Particle Representation
Each particle i in the swarm represents a potential solution to the optimization problem in an n-dimensional search space. Each particle has a position Xi?, which indicates its current location within the search space, and velocity Vi?, which determines the direction and speed of its movement. The position and velocity of each particle is given in equation 1 and 2 below.
Xi=(Xi,1, Xi,2, ………Xi,n) 1
Vi=(Vi,1, Vi,2, ………Vi,n) 2
Initially, particles are distributed randomly throughout the search space, and their velocities are assigned random values within set limits. Each particle maintains a record of its personal best position Pb, which represents the most optimal location it has reached based on the objective function. Alongside this, the global best position Gb is determined as the most favorable position discovered by any particle within the swarm.
- Velocity and Position Update
The velocity and positions of the particles are continuously updated to guide the particle toward an optimal solution based on both individual performance and the swarm’s collective intelligence. The particles' movement is controlled by (3) and (4), which update their velocity and position:
Vit+1=wVit+ c1r1Pb- Xit+ c2r2Gb- Xit 3
Xit+1=Xit+ Vit+1 4
Where the parameter w, known as the inertia weight, regulates the influence of a particle's previous velocity on its current movement. A larger inertia weight fosters broader exploration of the search space, whereas a smaller value enhances exploitation by refining solutions near the best-known positions. The coefficients c1 and c2 serve as acceleration factors, controlling the balance between a particle’s tendency to move toward its personal best position and the global best position identified by the swarm. The variables r1 and r2 are randomly generated within the interval [0, 1], introducing a degree of randomness to enhance the diversity of the search process and Pb represents the best position that particle i has achieved so far, while Gb denotes the optimal position found by any particle in the swarm.
- Stopping Criteria
The PSO algorithm continues to run until a specified stopping condition is satisfied, which could be reaching a set number of iterations or attaining a predefined fitness value.
Algorithm 1 presents the Particle Swarm Optimization Algorithm
Algorithm 1: Particle Swarm Optimization Algorithm (PSO)
1 Initialization
2 For Iteration = 1 to Maximum_iteration do
3 For particle =1 to Maximum_particle do
4 Update the particles velocity and their velocity bounds
5 Update the particles positions
6 Evaluation of positions of particles by evaluation function
7 If PAccuracyit > Pbestit
8 Update particle personal best
9 If Pbestit > Gbestt
10 Update global best
11 end
12 end
13 end
14 Update global best accuracy
15 end
Kolmogorov Arnold Network
Kolmogorov-Arnold Networks (KANs) are a type of neural network grounded in the Kolmogorov-Arnold Representation Theorem, which asserts that any continuous function with multiple variables can be expressed as a combination of univariate functions [29]. Unlike conventional feedforward neural networks that depend on weighted sums and activation functions, KANs creates intricate mappings through a structured hierarchy of simple univariate functions. This distinct architecture enhances their efficiency in approximating functions, especially in high-dimensional settings.
- Kolmogorov Arnold Representation Theorm
The core principle behind Kolmogorov-Arnold Networks (KANs) is the Kolmogorov-Arnold Representation Theorem, which establishes that any continuous function can be represented as a combination of univariate functions. This theorem serves as the basis for KANs, allowing them to approximate complex mappings through a structured hierarchy of simpler functions rather than relying on traditional weighted sums and activation functions.
Given a function f: Rn →R , f can be expressed as follows
fx1, x2, …, xn= q=12n+1Φqp=1nψpq(xp) 5
In this context, Φq and ψpq represent continuous univariate functions. The theorem suggests that instead of using conventional multilayer perceptrons (MLPs), functions can be approximated solely through sums and compositions of univariate functions. This approach provides an alternative to traditional neural networks, enabling more efficient and interpretable function approximate.
- Kolmogorov Arnorld Network Architecture
A Kolmogorov-Arnold Network (KAN) is structured with two functional layers. The first layer, known as the inner transformation layer, applies univariate transformations ψpq to the input variables. The second layer, called the outer combination layer, processes the sum of these transformed inputs using another set of univariate functions Φq. This hierarchical composition enables KANs to effectively approximate complex functions without relying on traditional weighted sums and activation functions. In KAN, univariate functions ψpq and Φq are commonly represented using neural networks, polynomials, or spline-based models. In practical applications, these functions are often initialized with straightforward linear mappings as follows:
ψpqxp=apqxp+ bpq 6
Φqy= cqy+ dq 7
Here, apq, bpq, cq, and dq represent learnable parameters that are adjusted during training. These parameters are optimized using gradient-based techniques to improve the model’s performance. The forward pass computation of the KAN employs two-layer transformations to compute its output. Given an input X=(x1, x2, …, xn) , the KAN compute the first layer transformation as follows:
yq=p=1nψpq(xp) 8
KAN applies the second layer transformation as follows.
z=q=12n+1Φq(yq) 9
This structured approach enables KANs to effectively capture complex, high-dimensional functions by relying solely on compositions of univariate functions. The parameters of ψpq and Φq are optimized through gradient descent with backpropagation. The gradients of the loss function LL concerning these functions are determined using the chain rule.
∂L∂ψpq=q=12n+1∂L∂Φq . ∂Φq∂yq . ∂yq∂ψpq 10
Because all transformations are univariate, the resulting gradients are more stable than those in traditional deep networks, helping to mitigate problems such as vanishing or exploding gradients.
- PSO-KAN Framework
In this section, the proposed hybrid particle swarm optimization with Kolmogorov Arnold network for detection of DDoS attack in wireless sensor network is presented. The proposed method consists of various phases that includes data collection, data preprocessing, data sampling, PSO_KAN model development and training and the evaluation of the trained model as depicted in figure 1.
Figure 1PSO-KAN Framework
- WSN Dataset Collection
In this work, we employed the dataset developed by the authors of [30], specifically designed to improve the detection and classification of DDoS attacks in Wireless Sensor Networks (WSNs). The dataset was generated using Network Simulator 2 (NS-2) and includes four types of DDoS attacks: Blackhole, Grayhole, Flood, and Scheduling attacks. It was created based on the LEACH protocol, a widely used hierarchical routing protocol in WSNs. Each data instance consists of 19 features, as outlined in Table 1, while the class distribution is depicted in Figure 2.
Table 1 WSN-DS Dataset Attribures and Descriptions
|
S/No |
Attribute |
Description |
|
1 |
Node ID |
Unique ID number of a node |
|
2 |
Time |
Node runtime |
|
3 |
Is CH |
Used to represent a Cluster Head Node |
|
4 |
Who CH |
Cluster Head ID |
|
5 |
Distance to CH |
The distance between a node and a Cluster Head |
|
6 |
ADV CH Sent |
The count of broadcast messages sent by the advertise CH to the nodes |
|
7 |
ADV CH received |
The total number of advertise CH messages received from cluster heads (CHs) |
|
8 |
Join REQ sent |
The total number of join request messages transmitted by the nodes to the cluster head (CH) |
|
9 |
Join REQ received |
The total number of join request messages received by the cluster head (CH) from the nodes |
|
10 |
ADV SCH sent |
The total number of TDMA schedule broadcast messages sent by the cluster head (CH) to advertise the join schedule |
|
11 |
|
10.5281/zenodo.17637354