A Novel Multi-Agent and Multilayered Game Formulation for Intrusion Detection in Internet of Things (IoT)

The current era of smart computing and enabling technologies encompasses the Internet of Things (IoT) as a network of connected, intelligent objects where objects range from sensors to smartphones and wearables. Here, nodes or objects cooperate during communication scenarios to accomplish effective throughput performance. Despite the deployment of large-scale infrastructure-based communications with faster access technologies, IoT communication layers can still be affected with security vulnerabilities if nodes/objects do not cooperate and intend to take advantage of other nodes for fulfilling their malevolent interest. Therefore, it is essential to formulate an intrusion detection/prevention system that can effectively identify the malicious node and restrict it from further communication activities—thus, the throughput, and energy performance can be maximized to a significant extent. This study introduces a combined multi-agent and multilayered game formulation where it incorporates a trust model to assess each node/object, which is participating in IoT communications from a security perspective. The experimental test scenarios are numerically evaluated, where it is observed that the proposed approach attains significantly improves intrusion detection accuracy, delay, and throughput performance as compared to the existing baseline approaches.


I. INTRODUCTION
The idea of the Internet of Things (IoT) had been envisioned in the last decade, where it was introduced as a global backbone to escalate the services of future generation wireless communications technologies such as 5G. It is considered as a promising area of research due to its potential capability to establish smarter and intelligent communication between multilayered physical and virtual nodes via cutting edge technologies [1], [2]. The conception of IoT enables things as nodes that are capable of sensing, processing, storing, and transmitting the data through the various layers of network components in a cooperative mode of communication. And the underlying definition of IoT also evolved with The associate editor coordinating the review of this manuscript and approving it for publication was Nabil Benamar . the convergence of multiple technologies and heterogeneous communication protocols which results in the formation of a de-facto network of all the smart and intelligence pervasive and ubiquitous applications. The eco-system contains IoT nodes in various sub-networks like WSN, MANET or VANET, etc. which gets connected to the gateways which push the data to the access point and further to the upper layers of edge server and finally to the cloud [3]- [6]. The prime purpose here lies in improvising the quality of lives through various applications, including smart transportation, smart city, smart industrial controls, and many others. Due to the future generation cellular network, the connectivity among IoT smart objects/devices is expected to be increased to a significant extent where the frequency band of millimeterwave, mid-bands, and low-bands increases the data transfer rate through multi-hop communications [7], [8]. VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ In the multi-hop communication paradigm, nodes cooperate to accomplish specific communication tasks. However, if nodes do not cooperate in communication and intend to use other nodes resources for passively gaining importance factor, then such nodes are often termed as 'Selfish nodes' [9]. These nodes do not impose malevolent intention to disrupt the communication process but act selfishly and only transmit their data-packets due to limited energy concern. In the long run, it affects the throughput, which is a crucial measure to ensure the overall network performance [10]. On the other hand, an IoT object/node can be malicious, which mostly intends to damage the facilities of the network with adversarial effects. If the probability of the presence of these types of node increases within an IoT network, then it negatively influences the network throughput, end-to-end delay, and energy consumption performance. The increasing complexity of IoT networks also magnifies various security vulnerabilities, and the presence of any types of malicious behavior of nodes can be identified through intrusion detection systems. Through such systems, the disruption of the network operations can be avoided to a significant extent [11], [12].
This paper explores various potential loop-holes in traditional approaches of intrusion detection. It introduces a robust multi-agent and multi-layer game-based approach to identify both the selfish (S node ) and malicious nodes (M node ) and minimizes the possibilities of attacks in IoT communication layers. The security model is constructed based on the combined paradigm of reputation-based strategy [13] and game theory modeling [14]. The prime reason behind adopting these strategies is that various research approaches in the IoT security domain directed their research approach with these strategies. Thus, considering the potential features of these approaches, the proposed strategic security modeling is formulated. The effectiveness of the proposed study is also assessed with a numerical analysis with strong hypothetical assumptions where throughput and end-to-end delay performance are tested along with intrusion detection accuracy. The numerical validation further exhibited the efficiency of the proposed approach.
The rest of the paper is organized as follows: Section II describes and outlines the most significant related works and also outlines the scope of those approaches in this current research study. Section III further illustrates the limitations of the existing approaches, and the consecutive section IV helps to formulate the proposed methodology. Section V illustrates the mathematical formulation of the multi-agent game with the combined approach followed by the result and discussion and performance validation i.e., an extensive comparative assessment in section VI. Finally, Section VII presents the contributory remarks of the formulated system.

II. RELATED WORK
This section discusses the conventional literature, which talks about security in IoT, and also proposes different mechanisms to deal with it. The conventional research approaches in intrusion detection of IoT inclines towards identifying the non-cooperative nodes, such as selfish nodes and malicious nodes. However, the study of authors in [1] introduced a multilayered security modeling to strengthen the transmission of data packets between constituent IoT objects (IoT obj ) and another cellular-connected host object. The approach applies a set of inter-locking mechanism in a vital role to provide high-end and reliable, secure connectivity solution.
In [15], authors also directed their research work to represent IoT as a convergence of diverse technology, which has unprecedented business opportunities by means of improving the quality of lifestyle of humans. The study discusses the background of IoT security challenges and also discusses why it is a crucial requirement to reshape the future generation communication paradigm. The exploration of research approaches also shows that many research studies are concerned about cooperative and non-cooperative node identification using intrusion detection systems with the most cited approaches being: i) Reputation-based approaches, ii) Creditbased approaches, iii) Acknowledgment-based policies and most importantly, iv) Game theory-based policies.
The authors in [16] introduced a reputation-based security mechanism, where IoT obj having more reputation factors gain the attention of the system and considered as more cooperative nodes. Similarly, another approach by the authors in [17] also employs watch-dog reputation managers to maintain the accountability of cooperative and non-cooperative nodes in MANET which can be referred to as a subset of dynamic IoT. There exist other trust models that are referred by the authors in [18], [19], where the mathematical approach to isolate the non-cooperative nodes in dynamic clusters are introduced based on the reputation factor.
IoT has a wide range of application areas, where one of the key application areas include smart-healthcare systems. The IoT healthcare sensor devices generate vital information related to a patient's health condition; thereby, the essentiality of the suitability of IoT architecture is also concerned with identifying the security vulnerabilities. Another study [20] also presented a security model that includes customizable analysis language to improvise the IoT security to a significant extent.
The authors in [21] also introduced a credit-based security policy to identify the selfish IoT obj here; the underlying design principle shows that nodes trade data packets among themselves through cooperative communication. After buying the data packet, it sells that packet at a higher selling price. The presented approach combines a packet formulation model and its trading approach. Similar work has been found in the studies of [22], [23], where credit-based intrusion detection modeling formulation is mostly considered.
However, as compared to the approaches discussed above, the acknowledgment-based methodologies [24]- [26] are mostly referred to ensure a higher degree of reliability in packet transmission and malicious node authentication.
The most popular approach which is claimed to be suitable for securing IoT communication is -applied game theory-based modeling. The study of authors in [14] introduces the core principle of game formulation and also derives its adaptability into future generation dynamic ad-hoc networks such as IoT. The non-cooperative game theory is mathematically derived and evaluated in the study. Their research approach is further extended by the authors in [27] and [28], where the reliable packer transmission is mostly assessed through dynamic pricing-based game theory modeling.
A controlled identical mechanism of game and also another game theory modeling to detect and isolate malicious nodes are evaluated by the studies of [29] and [30], respectively. Both the studies concluded their research scope into futuristic dynamic IoT networks. The consecutive section further illustrates the problem findings to outline the research gap in this study.

III. PROBLEM FINDINGS A. ABOUT TRUST-BASED SYSTEM
It is mostly observed by assessing the related works that despite having strength factors, most of the trust and reputation-based policies are computationally expensive and result in comparatively lower throughput and higher energy consumption. It can also be seen that these approaches do not impose a penalty on the nodes, which negatively influences the network activities and also do not encourage them with incentives. If incentives are given along with second chances, then S node and M node can cooperate with other nodes in communication and also, in the long run, assist in enhancing the network activities. In many cases, during the network operations, S node and M node can actively conspire with each other to gain other node resources unlawfully.

B. ABOUT CREDIT-BASED SYSTEM
Another approach of intrusion detection is found in a creditbased approach where nodes pay a cost amount to the system to transmit its data packet. More likely, nodes also can trade their data packet and sell it for its profit. This approach is also not that efficient as it gets affected by a collision attack and also does not encourage the profitability of the security systems with punishment and incentive-based approach. Another weakness of this approach is that it does not ensure higher detection accuracy performance.

C. ABOUT ACKNOWLEDGEMENT-BASED SYSTEM
The design principles of acknowledgment-based approaches also lack efficiency as it does not guarantee higher throughput performance and also cannot resist the network from a collision attack between selfish and malicious nodes. Another important aspect is that this approach is mostly found to generate communication overhead.

D. ABOUT GAME THEORY MODELING-BASED SYSTEM
The underlying mathematical approach of game theory modeling also attained much attention from the researchers. It models the system based on applied mathematical theory; all node activities are analyzed and based on a collaborative assessment; the best possible solution is obtained. To date, game theory-based approaches are found most suitable to identify the malicious nodes and selfish nodes with a significantly lesser false positive rate. However, still, the research effort is active to improvise the system with time-cost efficient incentive mechanisms. If the performance scenario is concerned, then delay and throughput of the traditional approaches are still not satisfactory. The next section further discusses the formulated system, which is modeled to overcome the design limitations of the traditional intrusion detection approaches.

IV. PROPOSED SYSTEM
The system incorporates a multi-agent game based modeling which takes the advantages of reputation-based mechanism and game theory modeling to identify the S node and M node in IoT effectively. The key design principle of this mechanism is analytically formulated with five different prime phases, viz. i) node/object (IoT obj ) initialization and deployment phase, ii) cluster formulation, iii) transmission of data packets with multi-agent and multilayered game modeling followed by iv) Updating the system database and v) Identification of S node and M node intrusion respectively. The joint-formulation of the reputation and game-based system is also assessed with a system representation where the possibility factor of node i IoT obj for forwarding the message (msg) is calculated and also the possibility factor of node i IoT obj for dropping the msg is also calculated.

A. NODE/OBJECT (IoT obj ) INITIALIZATION AND DEPLOYMENT PHASE
This phase of the research study deploys a set of IoT obj = {I 1 , I 2 , I 3 , . . . .I i }. Here, i Z + and perform clustering to initialize and set-up the network parameters prior to triggering the networking events.

B. CLUSTER FORMATION PHASE
In one particular cluster (C i ) of n number of nodes, there will be a gateway node acting as a group header (C h ). These IoT obj collaboratively, and intelligently communicate with each other to accomplish a specific task. The msg format in the cluster heads consist of 4-tuple attributes such as <node(id), hop(count), node(msg), status >. Here node(id) has to be 16-bit representation and hop(count) to C h should be of 8-bit representation.

C. TRANSMISSION OF DATA PACKETS WITH MULTI-AGENT AND MULTILAYERED GAME MODELING
From the distributed computing viewpoint, the approach of multi-agent game algorithm runs in each IoT obj , and depending upon the condition of execution, nodes are selected for route establishment and communication. During the communication scenario, nodes/IoT obj cooperate to transmit their own or other IoT obj data packet to C h . For this purpose, each node belonging to C i runs their multi-agent game algorithm and calculates the reputation and trust factor of the nodes which are participating in routing activities in every subsequent round of communication. The other stage of execution involves updating of the system database.

D. UPDATING THE SYSTEM DATABASE
During the communication activities when each node is assigned with a reputation factor, then a corresponding value is assigned to each node updated to the network system database. Simultaneously, other IoT obj within that particular C i also update their database structure with the reputation values corresponding to other nodes.

E. IDENTIFICATION OF THE S node AND M node
The system defines a cut-off value of reputation (µ) in the initial stage of communication; and further it checks if node reputation is found lesser than µ, the system identifies the IoT obj as S node and M node and also restricts their participation in further communication activities in IoT.

V. MULTI-AGENT GAME FORMULATION
This study mostly focuses on designing a security approach that can be robust enough to deal with different types of S node and M node nodes. For this purpose, it is essential to effectively identify them without compromising much time so that the throughput and delay performance of the IoT network can be enhanced.

A. ADOPTION OF REPUTATION AND TRUST-BASED APPROACH
There are various research studies that are directed to design and develop a reputation-based policy to assess different node activities in IoT. Here, based on the node trust factor, the system assigns reputation value (rV) to each node. Every node within the network assesses the trust factor. The nodes having more trust values and reputation are referred to as reliable nodes; on the other hand, nodes with lower trust factor and reputation values are referred to as S node .

B. SET OF STRONG ASSUMPTIONS TAKEN DURING SYSTEM MODELING
This study enforced a set of assumptions during the formulation of the mathematical modeling that corresponds to the security approach. Those are listed as follows: • First of all, each IoT obj is aware of its adjacent neighbor nodes which come under its vicinity and also belong to the same C i .
• Each IoT obj does not have any idea of whether its adjacent neighbors are S node or M node .
• To formulate the best possible route, each node calculates its maximum available information about the other nodes and also computes the behavioral aspects of other nodes along with their expectation factor and intelligently computes the optimal strategy for route establishment.
• It is also assumed that nodes should cooperate in order as each IoT obj is mostly sensor-driven and operates with batteries and also having limited transmission frequency (T f ). During each round of communication activities, each node computes the information about its adjacent neighbors where it tries to objectify whether the trust factor of its adjacent neighbors is higher or not; that means whether that node is cooperating in most of the communication activities or the probability of dropping a packet is more for that particular IoT obj .
• The prime intention of a genuine IoT obj is to gain maximum possible pay-off so that it can get many rewards in terms of communication resources. For this purpose, the node intends to help in forwarding the data packets and also interacts with other IoT obj in order to send its data packet with the successful transmission.

C. GAME FORMULATION
In the context of formulating multi-agent game development, the game (g) is formulated as g : g → IoT obj A j u j where A refers to the set of actions associated with each IoT obj and u corresponds to the functionality which is derived from the outcome of individual players in one round. Here, j refers to the number of rounds, and A j is the set of node actions within the round j for i → IoT obj node. A j is defined in a way where for each node i, it corresponds to either 0 or Pow u (i). Here, Pow u (i) indicates the maximum power which is utilized by node i to transmit the data packet. The set of actions is formulated for different games in each round of communication activities among IoT obj . This study also assesses the node p with respect to two different aspects during the game, whether it accepts the request and forwards the data with cooperation (f c ), or it declines the data reception of the data packet and also does not cooperate in the routing (r c ). The node p can be a function of these two attributes such as p → f c |r c . Each IoT obj should employ any of these strategies during route establishment and communication in each round of j. By means of these strategies, each player (IoT obj ) attains a value of profit, which is computed with the set of u j . Here the u j for node i is computed with the following eq. (1) In (1), u j (i) is computed where c is a constant and nC h (i) refers to the number of msg that has been received by node i from C h of C i . Also, nf c (p → i) j refers to the number of forwarded packets by i for p which also resides in C i for the specific communication round j. n(i) j also refers as i nodes msg, which is sent to the destination during round j. Fig. 1 shows an overview of the mix-mode multi-agent game security modeling.
The system formulation refers to the mix-mode strategy of multi-agent game formulation based on both the i) reputation-based modeling and ii) game theory. If a node p wants to transmit msg to destination node i and according to route establishment scenario as (p → i) j , the msg gets transmitted to the recipient node i. Here comes a probabilistic scenario where it is uncertain whether i will further forward the data packet or drop it. One important point to be noted here is that the destination node also can be a 1-hop neighbor or intermediate node when multi-hop communication is concerned. Therefore, the proposed system also computes the expectation values for exp (f c ) and also for exp (r c ) to ensure whether the intermediate node intends to send the data packets, or it intends to drop the msg by not cooperating in communication. Here, the strategy s → f c |r c . According to the formulated theory, the intermediate node can take any actions A j with any strategy s with a probability factor ρ(s). In the context of the formulated approach, assessing cooperative and non-cooperative metric for each individual node is important. The multi-agent game modeling is designed from the perspective of making the S node cooperative in the communication requirement basis. After setting up the nodes in IoT scenario, the nodes are further clustered and here each node tries to find its reliable adjacent neighbor nodes. For this purpose, it broadcasts control message (msg). This study also incorporates IoT gateways to collect data from C h . The system is also designed in a way where member nodes can transmit msg to the C h through multi-hop communication. This study incorporates the multi-agent multilayered game for each active node. And through the game, nodes determine which is the best possible solution for forwarding their own respective msg or forwarding other node data. While the system executes the game, each node will choose its adjacent neighbor as an intermediate node to forward the data to the destination. With the adjacent neighbor, the node will play the game and here it will learn the status from the neighbor node and update itself. This phase also includes selection of appropriate features from the neighbor nodes. If a node is found to be cooperating in the communication, then the system provides a higher trust factor with optimized probability to the node. In case of malicious node or selfish node, a cooperation procedure is evaluated to understand their intention in the game whether that node intentionally delays the routing, or it directly drops the data packet. Then the system assigns a lesser reputation factor to that particular node if appropriately identified. This way each node, through the cooperative game, understands and assess other nodes and update their reputation matrix r[]. For this purpose, the learning model is evaluated to understand the pattern of activities by each node about other nodes within the IoT network model. Through multilayered game, information regarding nodes is updated in every stage for the purpose of detecting the possibility of increasing non-cooperative nodes. The system here also incorporates penalty and reward factors. If intrusion takes place within the network through a particular S node or M node for j round of communication, then the system imposes a penalty on them and minimizes the possibility of packet forwarding through that node, and nodes are restricted from transferring their data packets as well. On the other hand, if the non-cooperative S node or M node is identified through the learning model accurately, the system stimulates them to cooperate in authorized route establishment and packet forwarding as a penalty factor.
The system is also formulated in a way where it encourages S node to cooperate with other nodes during the communication scenario. The key idea of the game-theoretical approach is that each node closely monitors the activities of other nodes and also evaluates whether a node is forwarding the respective msg of other nodes or it drops the packet within a specified time-slot (T slot ). The combined approach of game theory and reputation is applied here in a way where it clearly states that if a node is found not cooperating much in msg forwarding and mostly deviates from the communication activities, then it means their reputation factor will go down. The respective C h collects all the information about its respective member nodes. For this purpose, it checks the reputation factor from the database of each member nodes. If the reputation factor is found below a threshold, then the system reports to C h about their intention and activities that means whether the nodes are S node or M node . Here in this scenario, the C h will broadcast about the S node status to other member nodes so that they can make use of the selfish node during the routine activities. This is the way a non-cooperative node can be engaged in communication where it assists in packet forwarding to gain a higher reputation and reward. The following algorithm shows the execution steps of the formulated approach. The notation of important parameters that have been considered in the proposed algorithm formulation are highlighted in Table 1.
The algorithm is analytically designed and modeled in a way where the first stage includes the deployment of IoT objects within a network that can be patterned or random. Here, each IoT object is assigned with a unique RFID tag and assumed to get connected with the cloud without having a dependency on the internet protocols. This is the way the system also minimizes the possibility of energy consumption during the overall network operations. During the network set-up and connectivity and coverage estimation, each IoT obj broadcasts a control message to confirm their adjacent neighbors and also maintains its database with the information corresponding to the status of each neighbor. The clustering algorithm is designed to adopt the principle of the hierarchical dynamic clustering principle, which is found quite suitable for the dynamic IoT. After performing the clustering, each node transmits their respective msg bits, and also forwards the data packets between sources to destination considering the multi-agent game. The networking scenario is designed and formulated in a way that the possibility of communication among IoT obj tends to increase. The transmission of msg is considered between source and destination and also between the forwarding participants, which cooperate in communication. Each of the players take their individual decision during the multi-agent game and attempt to maximize their profit in terms of reputation and resources, subject to their probability of cooperating in communication activities as high as possible.
And similarly, each node will have the intention not to lose the profit or reputation. This approach applies to different use-cases of IoT. The multi-agent game is mainly multilayered; so, understanding the activities of each node within the IoT takes a progressive amount of time. Here the control packets basically consist of 'HELLO' and 'ACK' which are meant for establishing the communication in the initial round of execution work-flow model.
Here, the game is considered dynamic -the reason behind this is in the initial phase of the game; one player might cooperate in the first place, and other players can choose their actions depending upon the actions being taken by the first player. As in the initial stage, no node will have information about the S node or M node , thus the game initially gets activated with incomplete information and with learning and cooperative way of communication corresponds to the updating of reputation factor and node status. One plays the game, and with the outcome of the game, the proper evaluation takes place which progressively updates the reputation table. This study designs a learning scenario that is modeled based on the individual node's experiences about other nodes, and the activity information, which includes the probabilistic factors corresponding to the successful and unsuccessful transmission and packet forwarding status. The game is also modeled in a way where depending upon the actions of the opponent node, the pay-off matrix is calculated, which assists another node in optimizing its action with the best possible strategy. The incorporation of established Nash Equilibrium theory assists in making each node to take the best possible actions against its opponent nodes. This game theoretic approach considers an infinite game which is repeated, and decisional analysis considers past behavioral aspects of each node for the assessment during the progressive intrusion detection modeling.
This way, the system identifies whether S node , M node nodes are present in the network. If found, then the C h gets an alert msg about suspicious intrusion by that particular thing or object and makes that suspicious object cooperating in the communication activities. The proposed system utilizes the established theoretical principle of Nash Equilibrium modeling, the probability distribution of nodes are computed where it also assists in formulating the expectation metrics which indicates the possibility and willingness of a node in forwarding the data packet or not forwarding the data packet [31], [32].
The computation of the expectation metric to indicate the possibility of willingness of a node in forwarding the data packet is shown as follows: And also, willingness of a node in not forwarding the data packet as follows: Here, S indicates the strategy the node is going to attain during the communication scenario and prob is the estimation of the possibility of the willingness of the node to participate in communication. Further, this way, the study intends to optimize the communication performance with higher throughput and a very lesser end to end delay performance, which is exhibited in the subsequent section.

VI. COMPARATIVE PERFORMANCE ANALYSIS
The game theory has a significant contribution in the past few years as a new technique on the security systems in MANET and mobile wireless sensor network (MWSN) due to its potential accuracy and computational efficiency during threat computing and analysis [33], [34]. However, as of now, there are few analytical models developed for studying security problems with a focus on including multiple types of defenders and offenders (collaborative, erroneous/selfish and malicious nodes) simultaneously [19], [28]. This study considered the most significant and related existing works such as (Zhang et al., 2018) [19] and (Sun et al., 2013) [28] for benchmarking. The duo has also equivalently worked on a similar line of research, i.e. not limiting the regular nodes to absolutely cooperate. Furthermore, they have been extensively cited by the recent Intrusion Detection and Prevention approaches. Thereby it is quite imperative and logical to justify the importance of the baselines from the comparative assessment and validation viewpoint.
For experimental outcome, which is obtained after simulating the formulated intrusion detection and prevention mechanism in a numerical computing tool. The system evaluation with the experimental approach considers 500-800 number of nodes where the number of S node = 25 or M node = 5. For a different combination of scenarios, a more or less similar trend of outcome is obtained, as shown below. Table 2 shows that with the increasing number of S node from 5 to 25, the proposed formulated system attains better intrusion detection accuracy, which is found to attain a maximum 99% as compared to the baseline approaches of [28] and [19]. Another test scenario evaluation is performed where the impact of the increasing number of M node is observed on ID-A, as shown in Fig. 2. Here also, the interpretation shows that the ProP approach accomplishes better, and consistent performance as compared to the related baseline approaches. Table 3 shows that in both the proposed and trust-based approach of [19], throughput outcome marginally differs, and the formulated approach attains superior throughput outcome where the maximum value is found 95 percent for 25 number of selfish nodes. The analysis also exhibited that as the formulated system also considers the notion of dynamic higher hierarchical clustering where C h gets selected dynamically and even as it evaluates suspicious intrusion level with the multi-agent game approach where the S node are bound to cooperate in message forwarding to gain reputation and M node , will either forward the authorized data packet once it is trapped or it will leave the IoT zone, to save its resources. The outcome clearly shows that the throughput shows a significant increase despite the presence of S node and M node , which means the occurrence of packet drops is significantly lesser as forwarding events are increased.  From Table 4, it is observed that the proposed system also exhibits better delay performance, which is approximately 50% improvement over the delay performance of [28]. Out of all the approaches, the delay performance in [19] is found to be quite insignificant.  Fig. 4 shows that with the increasing number of M node , the proposed system delay performance does not get much affected if the number of M node and S node gets increased. And, the closer interpretation reveals the fact that the proposed system significantly outperforms the other two approaches.
The analysis of the false-positive rate in Table 5 also shows that the proposed system effectively identifies the selfish nodes with improvised learning strategies. In contrast, the performance of FPR is quite inferior in the other two cases. The prime reason for the proposed system to attain much reduced FPR is that it considered an infinite game model for n number of players where the game is simplified and modeled in a way where it converges towards the best possible outcome in each and every iterative step of execution. Whereas in the case of [19], a similar trend of FPR is followed which have got marginal difference with the proposed approach but FPR is quite higher in the case of [28]. The visual comparative outcome is illustrated in Fig. 5 where the interpretation can clearly show the significance of the proposed approach. From the analysis of FPR in Fig. 5, it is seen that the proposed system identifies the M node within the IoT with higher accuracy. In contrast, the outcome of the other two approaches reflects inferior FPR values as compared to the proposed system.
The analysis outcome clearly shows that the proposed approach not only poses efficiency in terms of security but also stimulates the nodes in cooperative packet forwarding which has a significant impact on increasing the throughput and also the involvement of simplified computational steps makes it more computationally efficient which enhances the overall delay performance to a significant extent.

VII. CONCLUSION
The study introduces a novel combined approach of intrusion detection techniques to strengthen information security in IoT layers. The novelty of the approach is that it is not only robust against different types of attacks but also does not compromise with the IoT communication performance in terms of both delay and throughput. Another contributory aspect includes that it not only identifies the M node and S node but stimulates them to cooperate in regular communication activities for a higher degree of packet forwarding. Eventually, the experimental outcome shows that the proposed approach is quite effective and significantly outperforms the conventional baseline modeling. However, the limitation of the proposed approach is that it adopted a complete theoretical study where the system design modeling is emphasized only for targeted use-cases in ad-hoc networks. Our future direction of research will investigate the data complexity management and dynamic traffic management in a secure environment for providing more reliable operation in cyber-physical systems and Industry 4.0.