A Novel Tunicate Swarm Algorithm With Hybrid Deep Learning Enabled Attack Detection for Secure IoT Environment

The Internet of Things (IoT) paradigm has matured and expanded rapidly across many disciplines. Despite these advancements, IoT networks continue to face an increasing security threat as a result of the constant and rapid changes in the network environment. In order to address these vulnerabilities, the Fog system is equipped with a robust environment that provides additional tools to beef up data security. However, numerous attacks are persistently evolving in IoT and fog environments as a result of the development of several breaches. To improve the efficiency of intrusion detection in the Internet of Things (IoT), this research introduced a novel tunicate swarm algorithm that combines a long-short-term memory-recurrent neural network. The presented model accomplishes this goal by first undergoing data pre-processing to transform the input data into a usable format. Additionally, attacks in the IoT ecosystem can be identified using a model built on long-short-term memory recurrent neural networks. There is a strong correlation between the number of parameters and the model’s capability and complexity in ANN models. It is critical to keep track of the number of parameters in each model layer to avoid over- or under-fitting. One way to prevent this from happening is to modify the number of layers in your data structure. The tunicate swarm algorithm is used to fine-tune the hyper-parameter values in the Long Short-Term Memory-Recurrent Neural Network model to improve how well it can find things. TSA was used to solve several problems that couldn’t be solved with traditional optimization methods. It also improved performance and shortened the time it took for the algorithm to converge. A series of tests were done on benchmark datasets. Compared to related models, the proposed TSA-LSTMRNN model achieved 92.67, 87.11, and 98.73 for accuracy, recall, and precision, respectively, which indicate the superiority of the proposed model.


I. INTRODUCTION
Exponential growth in the standard utilization of electronic services and applications has prompted gigantic advances in broadcast communications organizations and the development of the idea of the Internet of Things (IoT). An IoT is arising in an interchangeable worldview in which gadgets fill in as items or ''things'' that can detect their current The associate editor coordinating the review of this manuscript and approving it for publication was Kuo-Ching Ying .
circumstances, interface with one another, and trade information on the Internet [1]. The Internet of Things (IoT) worldview has recently been used in establishing smart conditions, for example, brilliant urban communities and smart homes with various application spaces and related administrations [2]. The objective of creating such brilliant conditions is to make human existence more useful and agreeable by tackling difficulties connected with the living climate, energy utilization, and modern necessities [3]. It can be seen objectively in the significant growth of available IoT-based administrations and applications across various organizations. As security will be a fundamental supporting component of most IoT applications, IoT intrusion identification frameworks will also be created to support the interchanges powered by such IoT advances. Fig. 1 demonstrates the types of IoT security attacks.
Considering the security estimates, it is fundamental to foster a security instrument for an IoT environment. An information-arrangement security system should be engaged to forestall unapproved access to information sources from malignant clients. It is fundamental to center on information secrecy and honesty, which significantly decreases the genuine security dangers in an IoT environment. Ordinary security instruments are created in light of cryptographic strategies, and they aren't broadly embraced for the IoT climate because of the enormous volume of information. The dangers should be related to in a base time frame that will decrease the issues in the organization, and traditional security models require more opportunity to handle such an enormous measure of information to recognize the dangers [4]. Unapproved admittance to information for a brief period is adequate for a malignant client to acquire secret information, and the change of such information has an enormous effect on the client. So it is fundamental to recognize an interloper in an IoT organization. Implementing IDS is important [2]. Intrusion detection frameworks identify gatecrashers and secure the organization and information by preventing unapproved clients from entering. With the restriction of fuel sources, carrying out IDS is a complicated cycle [5]. If this is too complicated, a central intrusion detection system could be used. This system, which monitors the organization as well as other hubs far away, looks for intrusions and tells you about them [6].
In recent years, advancements in artificial intelligence (AI) have been used to further develop IoT IDS. For example, AI and deep learning strategies have been used to further develop IoT IDS. The current necessity is to do a state-ofthe-art, careful scientific classification and a basic survey of this new work [7], [8], [9], [10], [11], [12]. Various related investigations applied different AI and profound learning procedures through different datasets to approve the improvement of IoT IDS. Yet, it's as yet not satisfactory which dataset, AI, or profound learning methods are more successful for building a proficient IoT IDS. In addition, some IDS strategies don't take into account how long it takes to build and test IoT IDSs, even though this is a key factor in the viability of ''online'' IDSs [13].
The objective of this paper is to develop a novel tunicate swarm algorithm with a Long Short-Term Memory-Recurrent Neural Network for intrusion detection in the IoT environment. As a result of this research, we have developed a unique tunicate swarm algorithm combined with a Long Short-Term Memory-Recurrent Neural Network (TSA-LSTMRNN) for intrusion detection on the Internet of Things (IoT). The TSA-LSTMRNN model that has been given is primarily intended to detect the presence of assaults. As a result, the data preparation performed by the presented model is necessary to transform the incoming data into a format that can be used. In addition, the LSTMRNN model is used for the identification and classification of threats in the Internet of Things environment, among other things. The TSA is used to properly fine-tune the hyper-parameter values involved in the LSTMRNN model to improve the detection outcomes of the model, and this is done in order to improve the detection outcomes of the model.
To sum up, this paper's primary contributions are the following: • Using TSA-LSTMRNN, we show how to use deep learning to find threats in the Internet of Things (IoT) in a way that is both effective and scalable.
• In IoTs, the LSTMRNN classifier is used for effective threat detection; • For enhancing the LSTMRNN model, the TSA algorithms is used for adapting its hyper-parameters; • For a more accurate performance evaluation under the employed data set for verification, the suggested mechanism is compared to previous research in the literature.
• In the end, we employed cross-validation to prove our results were objective by a factor of 10 in this study.
• Based on the results of the evaluation, it's clear that the suggested method can find multiple classes and is better than the competition in terms of both how well it finds classes and how hard it is to use.
The rest of this paper is arranged as follows. The related work and recent literature reviews are discussed in Section 2. The LSTM and TSA algorithms are introduced in Section 3 as preliminary. Extensive discussion of the suggested model is included in Section 4. In Section 5, we examine the TSA-LSTMRNN algorithm's simulation results and compare them to those of competing techniques. Section 6 concludes this report with a summary of its research and its proposed next directions.

II. RELATED WORK
This section introduces the recent literature on anomaly detection. Roy et al. [14] presented an IDS which employs ML to efficiently identify anomalies and cyberattacks in VOLUME 10, 2022 resource-limited IoT networks. Utilizing a set of optimizations that include dimensionality reduction, extracting multicollinearity, and sampling, their method could recognize the vital features to identify intrusion with minimum training time and data. In [15], they proposed an IDS based on the concept of the Exact Greedy Boosting ensemble model for device application in the fog node due to precise recognition of malicious activity and protection of crucial structures. Liu et al. [16] presented a particle swarm optimization-based gradient descent (PSO-LightGBM) for the IDS. In their study, PSO-LightGBM was utilized for extracting the characteristics of the information and inputting them to a one-class SVM (OCSVM) for discovering and identifying malicious information. The UNSW-NB15 data set is employed for verifying the IDS. Tharewal et al. [17] introduced a near-end optimization technique for the IIoT-IDS-based This approach integrates DL observation ability with reinforcement learning (RL) decision-making ability to enable effective detection of various types of cyber-assault on the IIoT. De Souza et al. [18] introduced a two-step technique for identifying and detecting intrusions. The initial phase implements a traffic analysis with Extra Tree binary classification. The events recognized as intrusive are analyzed in the next phase by an ensemble method comprised of RF, DNN, and Extra Tree.
As a result, a number of forensic frameworks for the Internet of Things (IoT) have been developed [19], [20], [21], [22]. ProbeIoT and FIF-IoT, two models that handle the acquisition of evidence from IoT devices in a forensically sound fashion to ensure integrity and chain of custody without infringing on users' privacy, were proposed by Hossain et al. [21] and Hossain et al. [20]. FSAIoT is a framework for collecting state data from IoT devices introduced by Meffret et al. [19]. Following that, Cebe et al. [22] built a Block4Forensic acquisition model that was specifically tailored for the collection of vehicle data. Probe-IoT, FIF-IoT, and Block4Forensic are all based on the blockchain scheme. An open, distributed public ledger was set up for Probe and FIF-IoT, while Block4Forensic relied on a fragmented ledger to decrease storage requirements for its ledger. Information regarding IoT devices and their interactions with other network entities is kept in the blockchain in all of the aforementioned cases. FSAIoT, on the other hand, makes use of local networks with centralized controllers to keep track of device states and data flows.
There is evidence that many traditional machine learning algorithms do not separate the difficult work of intrusion detection; identifying anomalous data and preprocessing the data set are both complex and time-consuming processes [21], [22], [23]. When used with traditional machine-learning classification models to speed up preprocessing, deep learning [24] can map features to a more multidimensional and easily distinguishable feature space because it has already learned the non-linear mixture of features from the original data set, so it can do this better.
Meanwhile, some researchers have tested their methodology using the botnet viral data set. Using feature selection in [26], it is able to reduce the number of features needed to detect IoT bots with more accuracy while still allowing for interpretable findings to be produced by a decision tree for modern intrusion detection. It is possible to identify botnetrelated distributed denial of service (DDoS) attacks using a detection method based on anomalous traffic and a deep automated encoder [27], [28]. Anomaly detection can considerably improve the detection accuracy of aberrant traffic, according to experiments. According to [29], and improved deep learning method, the cloud-based LSTM model makes use of more powerful computing resources to execute tasks like anomaly detection. Each assault is treated as aberrant traffic to be separated from regular traffic and implemented several binary classification tasks, even though they take numerous network attacks into account.
As discussed, although much effort has been dedicated to solve anomaly detection in the IoT environment, the noted algorithms suffer from the following limitations and challenges.
• Because of the advancement of sensor monitoring technologies, low-cost solutions, and high impact in a variety of application domains, anomaly detection has gotten a lot of attention from the research community in the last few years.
• While monitoring physical spaces and objects, sensors generate a large amount of data. These massive data streams can be analyzed to uncover unhealthy habits. It has the potential to reduce functional risks, avoid problems that aren't visible, and prevent system downtime.
• Defining the boundaries between normal and abnormal behavior is difficult. A few anomalies are available to train models. Real-life abnormal behavior is rare compared to normal behavior. In avionics systems, we have a lot of normal flight data, but unusual data is rare. In many applications, it's difficult or impossible to generate anomalous behavior due to resource waste or system constraints.
• The majority of models used in anomaly detection are based on time series patterns observed in the wild. An anomaly is defined as anything that doesn't fit the mound. Detecting anomalies in historical data, performing real-time analyses, and forecasting unusual behavior in an IoT environment have all been accomplished by researchers. As part of our research, it's important to look at how the Internet of Things (IoT) is creating new ways to find, analyze, and predict anomalies.
• To meet these challenges, it is important to give clear information about the methods that have been developed and how they should be used in different situations. In this study, a novel tunicate swarm algorithm with longterm short-term memory-recurrent neural network for ID in the IoT environment was developed. The presented TSA-LSTMRNN model majorly intends to identify the presence of attacks. In order to achieve this, the presented model initially undergoes data preprocessing to transform the input data into a useful format. Besides, the LSTMRNN model is utilized for the identification and classification of attacks in the IoT environment. The TSA is applied to properly adjust the hyper-parameter values involved in the LSTMRNN model for improving the detection outcomes. A series of experimental analyses are performed on benchmark datasets.

III. PRELIMENARIES
To train with sequence data, the most popular model is the Recurrent Neural Network (RNN). When trained with a large step size, the standard RNN has issues. The vanishing problem and RNN's formalization are briefly discussed in this section. To remedy this, we'll go over something called ''Long-Short Term Memory.''

A. RECURRENT NEURAL NETWORK
A feed-forward neural network has been extended to include recurrent neural networks (RNNs). An RNN's cyclic connections allow it to simulate complex sequences more effectively than feedforward networks. X, H, and Y are used to signify a series of inputs, a hidden vector, and an output vector. X = (x 1 , x 2 , . . . , x T ) provides the input sequence. Hidden vector sequence (H = (h 1 , h 2 , . . . , h T )) and output vector sequence (Y = (y 1 , y 2 , . . . , y T )) with t = 1 to T are calculated in a standard RNN as follows: where W is a weight matrix and b is a bias component, and function σ is a nonlinearity function. The RNN protocol for dealing with a variable-length sequence input is Back Propagation Training Time (BPTT) [30]. Models are built using data initially in BPTT. Then, each time step's output error gradient is recorded. The RNN is difficult to train, yet when using the BPTT algorithm, it causes the gradient to explode or vanish. This issue was brought up and resolved by Bengio et al. in [31].

B. LONG SHORT TERM MEMORY
A recurrent neural network classifier known as Long Short-Term Memory (LSTM) LSTM cells is shown in Fig. 2 [32]. We also go over the equations for calculating the three gates' values and the current state of the cell.
f , i, c, o are the forget gate, input gate, cell state and output gate and σ refer to the logistic sigmoid function. Weight matrices for peephole interconnections are designated as W ci , W co and W cf . The information flow in LSTM is controlled by three gates (i, f , o). The ratio of input is determined by the input gate. This ratio affects the equation used to calculate cell state (5). The prior memory h t−1 is either passed through the forget gate or it isn't. It is determined in the equation (3) and utilized in the equation (4) to determine the ratio of the prior memory. Passing or rejecting data from the memory cell is determined by an input gate. Eq. (6) demonstrates how this procedure works. The three gates of the LSTM allow us to address the vanishing and bursting gradient problems. The recurrent hidden layer in LSTM-RNN architecture is replaced by an LSTM cell.

C. TUNICATE SWARM ALGORITHM
Tunicates are cylindrical-shaped animals that have one of their two ends open, and they travel through the water with a jet-like velocity [33]. It is possible for them to look for food in the sea, even if they have no prior knowledge of where to find it. The tunicates' jet-like propulsion and swarm intelligence are the basis for the TSA optimization technique. When it comes to TSA's optimization dilemma, the food supply serves as the best answer. Some conditions must be met in order to accurately depict TSA jet propulsion movements. Two things must happen before anything else can happen: First of all, the tunicates need to avoid confrontation, and second of all, they need to keep moving towards their best search agent. Finally, they need to remain near that agent. The swarm intelligence of the other tunicates in the mathematical model is used to update their positions in relation to the optimal solution. According to [29], the mathematical system is specified as follows [33]: Condition 1: There must be no conflicts among search agents No conflict between search agents can be avoided by employing the following vector to compute their respective positions [33], [34].
where the gravitational force is denoted by G and F is the change in temperature of the water flow in the deep ocean.
To calculate the social forces, represented by vector − → M , between tunicates, we use the following formula: c 3 , c 2 and c 1 are random variables whose values range from 0 to 1.

− →
P min and P max represent the initial and subordinate speeds, respectively, of social interaction. In most cases, 1 and 4 are the default numbers for them.
Condition 2: Orientation towards optimal search agent According to [33], this phase of optimization requires ensuring that the tunicate is moved in a specific direction.
where the current iteration is denoted by x, the distance between the food source and search agent is denoted by the VOLUME 10, 2022 vector − → PD, location of search agents is represented by −−→ P p (x), the position of food source is referred by − → FS and in a range from zero to one, the value of a random variable r and is used.
Condition 3: Moving in the direction of the best search agent: In order to accomplish this, search agents are reordered as follows [34]: − −−− → P p x represents the search agent's current location in relation to the food supply. The first best two solutions are stored and used to change the placements of other tunicates in order to replicate swarm behavior. Mathematically, this is what a swarm looks like: The important steps to demonstrate the flow of the original TSO are presented below for clarification of the TSO. The TSO algorithm's flowchart is shown in Fig. 3 [34].
1 Set the initial population of tunicates P p to its default value. 2 Set the parameter's initial value and the maximum number of iterations. 3 Every exploration agent's fitness value should be calculated. 4 Finally, the best-fitting agent is inspected in the search space provided after evaluating its fitness. 5 Explore agents should be upgraded. It is time to put the newly enhanced agent back in his or her place of origin. 6 Calculate the fitness cost of a more advanced search agent. 7 The best answer X best is stored and P p is upgraded when the prior solution is no longer optimal.

IV. DESIGN OF TSA-LSTMRNN MODEL
In this study, a novel tunicate swarm algorithm with LSTM-RNN for ID in the IoT environment is proposed. The presented TSA-LSTMRNN model applies the LSTMRNN model for the identification and classification of attacks in the IoT environment. To improve the detection outcomes of the LSTMRNN model, the TSA is applied to properly adjust the hyper-parameter values involved in it. Fig. 4 showcases the overall process of the TSA-LSTMRNN technique.

A. PREPROCESSING PHASE
The quality of the data used in data mining operations must be high in order to achieve a high level of performance at a cheap cost. Anomaly type characteristics will be converted to numeric in the preprocessing step.

1) MISSING VALUES
Many of the variables in most datasets are missing, necessitating the handling of missing values in order to improve accuracy. The mode method is used to replace the empty value with the attribute's maximum frequency when a value is lacking. Attributes can be univariate, monotonous in their missing values, or arbitrary. If at least three attributes have missing values, the model is said to be monotonous. If the missing values are of random characteristics, then it is arbitrary [45].

2) DATA NORMALIZATION
There are numerous approaches to data normalization. Keep the data in a range for each input feature in order to reduce the neural network's preference for one feature over another. Training time can be reduced by normalizing data such that all features are trained at once. It is particularly beneficial for modelling applications when the inputs are often on a wide range of scales. The features or outputs are rescaled using the Min-Max normalizing method from one range of values to another. Most of the time, the features are rescaled to fall between 0 and 1 or −1 and 1. It is common to perform the rescaling by applying a linear interpretation formula like: where (max value − min value ) = 0. when (max value − min value ) = 0 for a feature, it shows that that feature in the data has a constant value. Feature values having a constant value should be deleted from the data set because they do not contribute any useful information to the neural network. Min-max normalization maintains the same range of values for each feature when it is applied. The advantage of using min-max normalization is that it keeps all of the data's relationships intact.

B. PROCESS INVOLVED IN LSTMRNN MODEL
The presented TSA-LSTMRNN model applied the LSTM-RNN model for the identification and classification of attacks in the IoT environment. LSTM is introduced for solving the issue of gradient vanishing by making novel path wherein the gradient flow is implemented for a protracted duration.
Firstly, input, output, and forget gates are the main key utilized for managing data flows. Once there is an input, a forget gate chooses long-term memory data for removing the cell, and retrieving the input is noted in protracted memory by allotting a weight for each individual. In forward propagation, the input gate is utilized for estimating to allow the received memory unit. The output gate suggests the activation time.
In the event of backpropagation, the output gate defines during input gate and error flow measurement whereas assigning the flow out of memory unit. Now, o t , f t , i t , and c t determines the cell vector, output, forget, and input gates similarly. An LSTM is defined below [35], [36]: whereas W i , W f , W o , and W c shows the input connection along with recurrent connection of the input, forget, output gates, and cell, next U i , U f , U o , and U c are determined by peephole connection. b i , b f , b o , and b c indicates the bias weight. σ (·) represent a sigmoid function. Tanh(·) and σ (·) indicate gate activation function.
Here, LSTM-RNN was employed to classify the financial position of the information. The LSTM-RNN using LSTM hidden layer was designed. The count of units hidden for each hidden layer is carefully chosen on a trial-and-error basis. The resulting layer is comprised of 5 neurons to categorize 4 kinds of sound and defects regions. The sample information is distributed into validation and training sets for encompassing an LSTM-RNN. Henceforth, the trained performance is minimal that denotes under-fitting. It turns out to be very complex while the sum total of hidden layers is improved. Maximal training performance with minimum validation performance characterizes that a system is overfitting. Consequently, the LSTM-RNN method experiences training with huge areas. The training loss is minimized.

C. HYBER-PARAMETERS TUNING USING TSA
For improvising the detection outcomes of the LSTMRNN model, the TSA is applied to properly adjust the hyper parameter values involved in it. The TSO was encouraged by the abnormal actions of tunicates in ocean, particularly, the SI and jet drive of foraging process. An arithmetical technique of jet propulsion is innovative in 3 limits [34]: follows the location of maximal qualified agent, remaining nearby the optimum agent, and avoids conflicts among the exploration agents. For avoiding inter agent conflicts while looking for an optimum position, the novel agent position is assessed as follows: Here G specifies the gravity force, A represents a vector of agent location, c 1 , c 2 and c 3 characterizes 3 arbitrary amounts and F indicates the water flow in the deep ocean. The social forces amongst the agents are stored in a vector − → M , as: In which P min = 1 and P max = 4 defines the 1st and 2nd subordinates, representative of the speed of emerging social connection. Consequently, make certain that no conflict occurs amongst adjacent agents, the optimum position of optimum agent is estimated as: In the equation, the vector −−→ P p (x) has the location of the tunicate in iteration x.
− → PD save the length amongst the optimal agent and food origin, X best specifies optimum position, and r rand, characterizes a stochastic value within [0,1] For guarantying that searching agent is close to the optimum agent, its positions are estimated as follows: Now, −−→ P p (x) represents the upgraded location in iteration x relative to the optimum scored position X best . For modeling the swarming behaviors of tunicate, the location of the existing agent is upgraded according to the location of 2 agents: Algorithm 1 shows the overall TSA process. For better exploration and exploitation [37], TSA requires time complexity for jet propulsion and swarm behavior. As a result, the TSA algorithm's overall time complexity is defined as: To find the most optimal food source for tunicate, n, d, and N are used to define population size, jet propulsion, and swarm behavior, respectively.

A. DATASET DESCRIPTION
The TSA-LSTMRNN model's performance is tested using the KDD Cup99 Dataset [38], which contains data in five categories: DoS, R2L, normal, U2R, and Probe.
Many studies have used the KDD Cup99 dataset to evaluate the performance of IDS. Even though the dataset is outdated, it is still helpful to examine the IDS models. Because the same dataset yields a plethora of performance measurement findings. We choose the KDD Cup99 dataset primarily for this reason.
The dataset contains 4,898,431 network traffics, each with 41 unique attributes. In addition, there are 22 distinct types of attacks. Table 1 categorizes the assaults. When a DoS attack is launched, the target servers' resources are depleted, preventing any service from being provided. It is possible to gain remote access to a computer without authorization when using an R2L attack. An attack known as U2R aims to gain control of the system's superuser privileges. The purpose of a  probing attack is to determine whether the targeted server is vulnerable.
We utilize KDD Cup9910 percentage data for testing and training because the original dataset has an excessive number of records. The data proportion of the attacks, on the other hand, leans heavily toward denial-of-service attacks. Only 1% of the population is made up of the rest. Figure 2 depicts the situation. IDS will be trained unjustly as a result. Thus, DoS assaults are easy to identify, but other attacks remain undetected.

B. PERFORMANCE METRICS
One-half of the data is used to train the model, and the other half is used to test the model's predictions on the data. For testing, the data out from the second portion is used (30 percent of the time). Six performance metrics are used to analyze and validate the proposed model. Sensitivity, Precision, Accuracy, and F-Measure [34], [39] is an examples of one of these characteristics. Contrast matrices quantify the performance of classification algorithms by assessing performance metrics. Methodological performance was evaluated using the following metrics.
True Positive (TP): This denotes instances of correctly classified positive outputs.
True Negatives (TN): These denote instance of correctly classified negative output.
We use the term ''False positive'' (FP) for negative outcomes that are wrongly deemed positive. Good events that were incorrectly labelled as negative in the report are known as false negatives (FN). For an image to be considered Algorithm 1 Tunicate Swarm Algorithm (TSA) Accuracy measures are very near to the true value and are processed as a give perfect of the outcomes.
To be sensitive, a person is said to be sensitive, as in the adjective ''sensitive.'' Sensitivity or recall is the ability to correctly recognize people who are suffering from a specific disease (True Positive Rate). As a result, the following can be said: People who don't have the condition can be correctly identified with a test that has excellent specificity (True Negative Rate). The following is what it means by that definition: Accuracy is measured by the Predictive Value (PPV) or Precision. We arrived to this conclusion using the following formula: It is possible to determine the harmonic mean of recall and precision using the following formula:  Table 2 and Fig. 7 investigate brief classification outcomes of the TSA-LSTMRNN model on test dataset. The experimental outcomes indicated that the TSA-LSTMRNN model has resulted in maximum performance. For instance, with entire dataset, the TSA-LSTMRNN model has attained average accu y of 98.57%, prec n of 85.59%, reca l of 92.80%, and F score of 87.73%. Concurrently, with 70% of training dataset, the TSA-LSTMRNN technique has reached average accu y of 98.50%, prec n of 84.97%, reca l of 92.92%, and F score of 87.17%. Simultaneously, with 30% of testing dataset, the TSA-LSTMRNN approach has reached average accu y of 98.73%, prec n of 87.11%, reca l of 92.67%, and F score of 89.01%.
The TSA-LSTMRNN model's precision-recall curve analysis for the full dataset is depicted in Fig. 8. A statistical analysis of the results showed that the TSA-LSTMRNN model was successful across all five categories.  In Fig. 9, we see the TSA-LSTMRNN method's precisionrecall curve analysis using only 70% of the training dataset. The data demonstrated that the TSA-LSTMRNN method produced reliable results across all five categories.
In Fig. 10, we have a study of the TSA-LSTMRNN technique's precision-recall curve using only 30% of the testing dataset. All five categories showed improvement thanks to the TSA-LSTMRNN model, as seen by the numbers.
For ensuring the supremacy of the TSA-LSTMRNN model, a comparative study with existing methods is made  in Table 3 [40]. Fig. 11 (a) investigates the comparison study of the TSA-LSTMRNN model with recent models. The figure indicated that the Gaussian NB model has resulted in lower precision of 87.94%. In line with, the LR, QDA, and LDA models have accomplished moderately improved precision of 93.01%, 93.04%, and 91.56% respectively. Though the Adaboost model has resulted in reasonable precision of 96.10%, the presented TSA-LSTMRNN model has outperformed the other methods with maximum precision of 98.73%. Fig. 11 (b) examines the comparison study of the TSA-LSTMRNN model with recent models. The figure VOLUME 10, 2022   referred that the Gaussian NB model has resulted in lower recall of 87.09%. Along with that, the LR, QDA, and LDA models have accomplished moderately improved recall of 83.09%, 83.20%, and 82.13% respectively. In addition, the Adaboost model has resulted in reasonable recall of 85.55%, the presented TSA-LSTMRNN model has outperformed the other methods with maximal recall of 87.11%. Fig. 11 (c) inspects the comparison study of the TSA-LSTMRNN model with recent models. The figure indicated that the Gaussian NB model has resulted in lower accuracy of 88.11%. Also, the LR, QDA, and LDA models have accomplished moderately improved accuracy of 90.93%, 91.75%, and 92.54% correspondingly. But, the Adaboost model has resulted in reasonable accuracy of 91.07%, the presented TSA-LSTMRNN model has outperformed the other methods with maximum accuracy of 92.67%.
After observing the above mentioned tables and discussion, it can be ensured that the TSA-LSTMRNN technique has been able reasonable performance over the other methods.
As can be seen in the table, the proposed model is evaluated in comparison to a number of other models, some of which are the Ada Boost Model, the Logistic Regression Model, the Quadratic Discriminant Analysis, the Linear Discriminant Analysis, and the Gaussian NB Model, respectively that can be applied in our practical section. The TSA-LSTMRNN model outperforms every other model that was investigated and evaluated, making it the clear winner of this round of comparisons. The TSA-LSTMRNN model is put through a series of experimental evaluations using benchmark datasets. The results of these analyses show that the TSA-LSTMRNN model possesses superior properties. When compared to previous models, the TSA-LSTMRNN model that was proposed had superior results in terms of accuracy (92.67%), recall (87.11%), and precision (98.73%). One of the shortcomings of the model that was proposed is that it can only be utilized with datasets that contain a non-uniform distribution of class labels. This is one of the limitations of the model. In addition to that, there is a rule that states that no metaheuristic algorithm can solve all problems. Because of this rule, the TSA is unable to consistently guarantee the best performance. This rule was made to take into account the fact that no metaheuristic algorithm can solve all of the problems in the world.

VI. CONCLUSION
As a result of this research, a novel TSA-LSTMRNN model for detecting the presence of attacks in the IoT environment has been developed. As a result, the data preprocessing performed by the presented model is used to convert the input data into a format that can be used. In addition, the LSTMRNN model is used for the identification and classification of attacks in the Internet of Things environment, as previously stated. The TSA is used to properly adjust the hyper-parameter values involved in the LSTMRNN model to improve the detection outcomes of the model. A series of experimental analyses are carried out on benchmark datasets, with the results demonstrating that the TSA-LSTMRNN model has superior characteristics. In terms of accuracy (92.67%), recall (87.11%), and precision (98.73%), the proposed TSA-LSTMRNN model did better than other models. In the future, feature selection models can be used to improve the performance of the proposed model. Moreover, new metaheuristic algorithms can be used for better performance with new datasets. For anomaly detection, a new hybrid algorithm may be useful for algorithm exploration and exploitation.