An Intrusion Detection System for Edge-Envisioned Smart Agriculture in Extreme Environment

The deployment of Internet of Things (IoT) systems in smart agriculture (SA) operates in extreme environments, including wind, snowfall, flooding, landscape, and so on for collecting and processing real-time data. The increased connectivity and broad adoption of IoT devices with low-power communications on farmland support farmers in making data-driven decisions using various artificial intelligence (AI) techniques. Furthermore, in such an environment, edge computing is also utilized to provide computationally intensive, latency-sensitive, and bandwidth-demanding services at the edge of the network. However, protecting edge-to-Things in the extreme environment of SA is challenging, due to the volume of data, and also attackers exploit network gateways to perform distributed denial of service (DDoS) attacks. Motivated by the aforementioned challenges, we develop a novel deep learning (DL)-based intrusion detection system (IDS) for edge-envisioned SA in extreme environments. Specifically, a hybrid approach is developed by combining bidirectional gated recurrent unit, long-short-term memory with softmax classifier to detect attacks at the edge of the network. To allow faster learning, the proposed IDS employs the truncated backpropagation through time (TBPTT) approach to handle lengthy sequences of network data. Furthermore, we suggest an attack scenario with deployment architecture for the proposed IDS in the extreme environment of SA. Extensive experiments using three publicly available datasets, namely, CIC-IDS2018, ToN-IoT, and Edge-IIoTset prove the effectiveness of the proposed IDS over some traditional and contemporary state-of-the-art techniques.


An Intrusion Detection System for Edge-Envisioned
Smart Agriculture in Extreme Environment Danish Javeed , Student Member, IEEE, Tianhan Gao , Muhammad Shahid Saeed, and Prabhat Kumar , Member, IEEE Abstract-The deployment of Internet of Things (IoT) systems in smart agriculture (SA) operates in extreme environments, including wind, snowfall, flooding, landscape, and so on for collecting and processing real-time data.The increased connectivity and broad adoption of IoT devices with low-power communications on farmland support farmers in making data-driven decisions using various artificial intelligence (AI) techniques.Furthermore, in such an environment, edge computing is also utilized to provide computationally intensive, latency-sensitive, and bandwidth-demanding services at the edge of the network.However, protecting edge-to-Things in the extreme environment of SA is challenging, due to the volume of data, and also attackers exploit network gateways to perform distributed denial of service (DDoS) attacks.Motivated by the aforementioned challenges, we develop a novel deep learning (DL)-based intrusion detection system (IDS) for edge-envisioned SA in extreme environments.Specifically, a hybrid approach is developed by combining bidirectional gated recurrent unit, long-short-term memory with softmax classifier to detect attacks at the edge of the network.To allow faster learning, the proposed IDS employs the truncated backpropagation through time (TBPTT) approach to handle lengthy sequences of network data.Furthermore, we suggest an attack scenario with deployment architecture for the proposed IDS in the extreme environment of SA.Extensive experiments using three publicly available datasets, namely, CIC-IDS2018, ToN-IoT, and Edge-IIoTset prove the effectiveness of the proposed IDS over some traditional and contemporary state-of-the-art techniques.

I. INTRODUCTION
T HE Internet of Things (IoT) has surprisingly revolution- ized the conventional methods of network communication by enabling synchronized connectivity among heterogeneous nodes.The flourishing circle of IoT applications endorses its positive potential toward efficient communications that have led to a new spectrum of scientific innovations [1], [2].The term smart agriculture (SA) refers to a new approach to agricultural production that integrates information and data technologies with quantitative decision making and intelligent control to improve the productivity and quality of farming.On the other hand, the integration and deployment of IoT in SA, such as water, soil, and air is mostly affected by various extreme environments, including wind, snowfall, flooding, and landscape.However, such deployments are the backbone in various use cases of SA, including, water quality monitoring, precision agriculture, livestock monitoring, climate condition monitoring, and so on for collecting and processing real-time data [3].
Edge computing is considered a remarkable choice to achieve efficient communication for IoTs deployed in the extreme environment of SA.The main aim of edge computing is to process the data at the nearest place where it was actually generated [4].The edge-to-Things reduces the unnecessary flow of data over the network, which directly results in reduced latency and less consumption of network resources.In scalable, centralized extreme environments, the data needs to be stored at a central location for monitoring and reuse purposes [5].Edge computing may also serve in this regard by storing the data at a suitable local location accessible to all participant nodes.In the extreme environment of SA, edge computing can also improve communicational efficiency, load management, and network uptime, which will be a remarkable milestone toward more reliable operations [6].
The involvement of heterogeneous sensors in SA communication introduces a variety of security concerns.Especially, in large-scale networks, the abundance of heterogeneous sensors may offer welcoming environments for intruders to shake the integrity of the whole system.In an edge-to-Things system, suitable communication infrastructure is the core element that ensures smooth communication [7].The presence of malicious entities within the network can manipulate the entire communication infrastructure, resulting in random communication [6].Such challenging circumstances demand some favorable security solutions to combat emerging security challenges [8].A competent intrusion detection system (IDS) can diminish the risk of attacks by timely detecting malicious entities present in the network.Over the past decade, deep learning (DL)-based IDS have gained considerable momentum because of their quick response against anomalies [9].Second, DL-based IDS provides more meticulous results compared to machine learning techniques.In DL-driven IDS, the model is first trained on a comprehensive dataset that contains the impression of an attack happening in the targeted application area [10].After that, the system is deployed into the real-time environment, where it identifies identical attacking scenarios.DL-based IDS undoubtedly provides effective surveillance against suspected entities; however, designing a pertinent IDS is a challenging task.Several factors should be taken into account, such as compatibility, resource consumption, cost, etc., before developing a DL-inspired IDS [11].In this article, we propose a novel DL-based IDS for edge-envisioned SA in extreme environments.

A. Contribution
The main contributions of this research are summarized as follows.
1) We propose a new DL-based IDS for edge-envisioned SA in extreme environments.The proposed IDS is a hybrid approach and is developed by combining bidirectional gated recurrent unit (BiGRU), long-shortterm memory (LSTM) with softmax classifier to detect attacks at the edge of the network.The proposed model proficiently identifies various SA attack types, such as distributed denial of service (DDoS), Ransomware, man-in-the-middle (MITM), Injection, and so on.
2) The proposed IDS employs the truncated backpropagation through time (TBPTT) approach to handle lengthy sequences of SA data.This approach eliminates the need of maintaining the entire history of inputs and activations by recurrent neural network (RNN) and, thus, allows faster learning at the edge of the network.3) To mitigate the limitations of cloud-based deployment in extreme environments, we present an edge-to-Things envisioned Deployment architecture for the proposed IDS. 4) The experimental results using CIC-IDS2018, ToN-IoT, and Edge-IIoTset datasets shows a proficient performance in terms of all standard and extended evaluation metrics.Finally, to show the superiority of the proposed IDS, we evaluate and compare it with some baseline and recent state-of-the-art techniques.The remainder of this article is organized as follows.Section II discusses the existing literature.The proposed IA-based threat detection framework is described in Section III.In Section IV, we evaluate the performance of the proposed IDS and perform a comparison with state-of-the-art techniques.Finally, Section V concludes this work with future directions.

II. RELATED STUDY
Various DL techniques are used in literature to improve the intrusion detection capabilities of IDS.For instance, Kandhro et al. [12] proposed a DL-driven vulnerabilities assessment framework for IoT-enabled cybersecurity systems.Three state-of-the-art DL classifiers: 1) DNN; 2) CNN; and 3) RNN are employed for this purpose.The designed framework is trained on NSL-KDD, KDDCup99, and UNSW-NB15 datasets.The performance of the proposed model is evaluated on diversified performance metrics.The model has shown competitive performance against Brute Force attacks, Denial of Service (DoS) attacks, infiltration attacks, and botnet attacks.DNN is also utilized in another threat detection model designed for secure cloud communications.In [13], a game theory cloud security deep neural network (GT-CSDNN) is proposed and trained on the CIC-IDS2018 dataset.The proposed IDS has achieved higher accuracy in detecting various attacks.
In [14], a transfer learning approach is used to design an image classification-based threat investigation model for cloud IoT devices.The model is based on CNN, which provides generalized processing strength to the proposed framework.The system includes five pretrained models of CNN known as VGG16, VGG19, EfficientNets, inception, and MobileNet.The model is trained on CICIDS2017 and CIC-IDS2018 datasets and has shown effective detection performance against infiltration attacks, botnet attacks, and port scan attacks.The expanding domain of IoT applications introduces it to maritime transportation systems (MTSs), where IoT brings revolutionary transformations in intelligent communications.In [15], an effective threat detection system is proposed to investigate and classify the existence of common adversaries in such environments.The novel concepts of federated learning generically inspire the system.CNN and multilayer perception (MLP) are employed as the main classifiers, and the model is trained on the NSL-KDD dataset.The simulation results validate the performance of the proposed IDS.
Gradient boosting decision tree (GBDT) algorithm is vital in efficient computation.Light GBM is an enhanced version of GDBT and is an optimal choice for complex DL computations.Light GBM also inspires histogram-based gradient boosting (HBGB).Researchers have used the combined strength of LightGBM and HBGB to formulate a multidimensional attack detection model for IoT empowered multiattack classification environment.The system is trained on the CIC-IDS2018 dataset, where the model has shown remarkable efficiency [16].In [17], a novel anomaly detection model for next generation IoT (NGIoT) networks is proposed.Wireless spoofing attacks are one of the common categories of mostly occurring attacks.The proposed model is specifically designed to cope with such attacks.The model is equipped with deep auto encoder (DAE) classifier that provides comprehensive durability to the system.The model has shown appropriate resilience against wireless spoofing and botnet attacks.The system has effectively achieved 98.6% anomaly detection accuracy.
In [18], a blockchain-assisted and DL-empowered anomaly detection model for IIoT is proposed.The designed framework is systematically segmented into two major elements.Blockchain ensures secure communication against data poisoning attacks, whereas DL provides privacy preservation for inference attacks by employing deep variational auto encoder (DVAE).Moving forward, A-DGRNN is used to investigate suspicious activities in large-scale IIoT environments.The model is trained on the ToN-IoT and IoT-Botnet datasets.
The authors proposed a network IDS for large-scale general IoT communications.The model is inspired by DNN and is trained on the NSLKDD dataset.During the evaluation process, the model has offered significant resilience against DoS and DDoS attacking categories [19].DNN is conceptualized in another anomaly detection framework that aims to investigate the presence of suspicious entities in smart communications.The authors trained the model on the CIC-IDS2018 dataset and evaluated it in comparison with long short term memory (LSTM) classifier.Systems have shown promising results in threat detection in IoT-based smart communications [20].Researchers developed an effective IDS for generic IoT communication environments.The proposed CNN-based model is trained on BoT-IoT and MQTT-IoT-IDS2020 datasets that contain generalized impressions of commonly occurring attacks in IoT communications.The system's performance is evaluated regarding attack detection ACC, PRE, REC, and F1 [21].Table I summarizes the existing literature.

III. PROPOSED DL-BASED IDS
In this section, we discuss the main components of the proposed DL-based IDS.The proposed IDS is a hybrid model that combines BiGRU, LSTM, and softmax to detect attacks.Furthermore, a TBPTT approach is used to handle lengthy sequences of SA data.The details are explained as follows.

A. Bidirectional Gated Recurrent Unit
The RNN and DL architecture with gating properties is called a GRU.It can effectively handle the tasks related to time sequence since it is a connectionist approach along with a selfconnected hidden layer and the precise time-series properties of the IoT data.The RNN extracts hierarchical representations from the unprocessed data using a gating function.Although the fundamental RNN model may theoretically store historical data indefinitely, in practice it has the issue of exploding or disappearing gradients [22].
With significant modeling capabilities for long-term dependencies, the GRU and LSTM are upgraded RNN models.Due to its simpler structure and lower computational complexity, GRU is a less complicated variant of LSTM.A BiGRU has the capacity to integrate the cell and hidden states, i.e., to combine the forget and input gates into a single update gate.Furthermore, it consists of an update gate, reset gate, candidate cell, and final state denoted by The → represents the forward process, while ← represents the backward process, respectively.
GRU can only access old data; it cannot access future data.In an attempt to alleviate this issue, a BiGRU technique is proposed.In BiGRU, one GRU moves in the forward direction, and the other moves in the backward direction, calculating the forward hidden state ( − → y 1 , − → y 2 , − → y 3 ,. . ., − → y n ) as well as backward hidden state ( ← − y 1 , ← − y 2 , ← − y 3 ,. . ., ← − y n ), respectively.The following are the transition functions for BiGRU hidden units [23]: Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
where, the input's ( − → D t , ← − D t ) weight matrix for the forward process is represented by We c represents the weight matrix for the backward process.The hidden state of the prior block is denoted by −→ Bs c the bias weights for forward process and ← − b z , ← − Bs r , ←− Bs c for the backward process.Moreover, the sigmoid operator is represented by σ , tanh is the nonlinear pointwise AF and represents the pointwise multiplication between two vectors ( Finally, the concatenation of the results of the backward and forward process is denoted by y t .
where ⊕ represents the elementwise summation.

B. Long-Short-Term Memory
LSTM solved the gradient vanishing problem of RNN by using a gating mechanism, i.e., input, forget, and output gate represented by I t , F t , and O t .The updates to the cell state are handled by the I t .The steps for updating the cell state are as follows [24]: ( The Ct represents the new memory content and the LSTM maintains memory D t at each timestamp t The F t use the current input Z t and the prior stage hidden state y t−1 as an inputs.The bias from the bias vector is applied after the input values have been multiplied by the weight matrices The O t is responsible for regulating the hidden state y t .Given that it contains all data on prior inputs, the y t is necessary in order to make predictions.The following steps are involved for finding the y t for the next timestamp: where σ represents the sigmoid operator and tanh is the activation function.Moreover, the weight matrices and their respected biases are denoted by We I , We F , We C , We O and Bs I , Bs F , Bs C , Bs O , respectively.We have further employed the TBPTT algorithm to handle the lengthy sequence of the network data.The edge nodes execute the proposed IDS in the SA network.For a given SA system with state (Ste), parameter (ϑ), input (D), the transition function is [25] Ste The objective is to find a ϑ, which reduces the total loss (Loss T ) at each time step (t) with regard to the desired outputs In the case of BiGRU-LSTM, the Ste t =(Ot t , H t ), where the Ot t represents the output's layer activation function and H t is the hidden recurrent layer activation.Consequently, the system adopts the following form: we have the parameters ϑ=(W d , W h , Bs).The goal is to compute the δLoss T /δϑ.The backpropagation through time (BPTT) method can be used to perform this calculation.When excessively lengthy sequences are processed using massive networks, the full sequence is processed at each gradient step, which slows the learning.

C. Connected Layers
The proposed IDS is furnished with Bi-GRU-LSTM having two Bi-GRU layers with 200 and 100 neurons followed by two LSTM layers of 100 and 50 neurons with 0.3% dropout rate.Moreover, RELU and Softmax functions are used as activation functions, while we have utilized categorical cross-entropy (CC-E) as a loss function.For optimization purposes, we have employed the ADAM optimizer.Finally, the experimentation is conducted for ten epochs with a batch size of 32.Fig. 1 depicts the complete architecture, while the working of the proposed IDS is given in Algorithm 1.

D. Softmax Classifier
Depending on the number of outputs, the BiGRU-LSTM iterates the preceding steps (1)-( 9) in various timesteps.Further, the result generated from the BiGRU-LSTM layers is passed to the output layer, i.e., Softmax for the evaluation of the required decision.This is performed by estimating the Thus, the proposed IDS framework detects different types of attacks.

E. Deployment Architecture for Proposed IDS
In this section, we have discussed the attack scenario and the deployment/working architecture of the proposed IDS in the extreme environment of SA.
1) Attack Scenario: In the SA environment, most of the IoT devices use a default username or password and sometimes are also used without any passwords.Furthermore, there is also a possibility to perform node-capturing attacks, as IoT devices operate in extreme environments, including wind, snowfall, flooding, landscape, and so on.Thus, they are left unattended for longer periods of time.In such cases, the botmaster, i.e., the attacker who intends to exploit the system vulnerabilities to launch attacks on the target server, installs, or insets malware.Once the IoT system has been compromised, it joins the bot army under the command of its master and can communicate with it for additional guidance.As a result, the hacked IoT devices create a botnet network that is exploited to spread malware [27].Finally, DDoS attacks are launched against the target edge servers installed in the SA environment using the botnet network.
2) Deployment and Working of Proposed IDS: The deployment architecture and working of the proposed IDS are shown in Fig. 2. In the SA environment, we have multiple entities, such as IoT devices, edge servers, IDS, and cloud servers working together to collect and process SA data.The proposed IDS is RNN-based IDS and, therefore, to enhance the training procedure we have initially used the TBPTT approach to train the model.Moreover, on regular network flow, i.e., when the system is operating under the attack-free mode, the Add BiGRU layers and perform encoding Concatenate the output of the backward and forward process Add LSTM layers Train classifier using TBPTT approach to handle the lengthy sequence of SA data

12:
Evaluate performance using various metrics 13: end procedure training stage of the proposed IDS can be completed.The trained model can be stored/deployed in the internal memory of the gateway, i.e., edge servers, and can be customized according to commercial vendors.Whenever the network configuration changes, a user can start a new training session to keep the trained model informed (e.g., after the provision of new IoT devices).The Web-based management interface, offered by the edge service providers [e.g., SaaS, Infrastructure as a Service (IaaS)] can be used to keep the retraining process simple.Thus, the proposed IDS works on the ingress edge servers and monitors the incoming packets coming from IoT devices, and generates alerts when any malicious activities are seen.Moreover, the deployment of the proposed IDS on an edge server addresses the challenges related to low latency, geo-distribution, mobility support, and location awareness.

IV. PERFORMANCE ANALYSIS
In this section, we describe the experimental setup.We then discuss the dataset details, preprocessing steps, and metrics used for evaluation.Then, we discuss the proposed IDS's performance by employing all evaluation metrics.Further, the Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.proposed IDS's performance is compared against the traditional modules along with the recent detection schemes from the literature.

A. Experimental Setup
The proposed IDS is designed on Lenovo Legion PC With 24-GB RAM and a HexaCore Processor operating at 2.60 GHz with NVIDIA GEFORCE RTX 2060, 8-GB GPU.Further, Keras, Numpy, Pandas, etc., libraries based on Python are employed for DL techniques.

B. Dataset and Preprocessing
The IoT-based datasets CIC-IDS2018 [28], ToN-IoT [29], and Edge-IIoTset [30] datasets are used to evaluate the performance and efficacy of the proposed IDS.These datasets comprise real-world IIoT network characteristics and attack instances, such that DDoS, XSS, FTP-Patator, SSH-Patator, Botnet, MITM, Injection, Ransomware, Password, Injection, Backdoor, and DoS and its subclasses, i.e., DoS Goldeneye, Hulk, Slowloris, Portscan, DDoS_ICMP, DDoS_TCP, and Vulnerability_Scanner along with Benign instances for assessing artificial intelligence (AI) and cybersecurity systems in applications, such as IDS, adversarial machine learning (AML) [31], and threat intelligence (TI).This work is concerned with ten classes of CIC-IDS2018, nine classes of ToN-IoT and eight classes of Edge-IIoTset datasets as they are the most frequent attacks in such an environment.Finally, preprocessing and data normalization is employed based on [32].

D. Performance Analysis of Proposed IDS Against Traditional Detection Schemes
We examine the efficiency of the proposed IDS in this section.Due to its architecture, the proposed IDS framework is a good choice for time-series data analysis.The evaluation findings on ACC versus loss using the CIC-IDS2018, ToN-IoT, and Edge-IIoTset datasets with ten epochs clearly illustrate this in Figs.3-5.The proposed IDS achieved a validation loss of 0.0032% and validation ACC of 99.82% on the CIC-IDS2018 dataset and validation ACC and validation loss of 99.55% and 0.0028%, respectively, with the ToN-IoT dataset, while it achieved 98.32% validation ACC and 0.0023 under Edge-IIoTset dataset, respectively.
We have also used the CNM and the ROC curve to further assess the efficiency of the BiGRU-LSTM-based scheme.The CNM summarizes the number of records detected successfully or inaccurately by the proposed technique.In CNM, each column signifies events in a predicted class while each row represents events of a class in a given class.Table II represents the CNM of the BiGRU-LSTM-based framework on the CIC-IDS2018 dataset, whereas Tables III and IV depicts the CNM on the ToN-IoT dataset and Edge-IIoTset dataset.The tables portray that the majority of the occurrence in these datasets       Additionally, a complete performance evaluation of the proposed scheme is conducted by comparing its performance with some traditional threat detection schemes, i.e., RF.LSTM, and GRU.Tables V-VII present the classwise detection ACC achieved by the proposed threat detection scheme with the CIC-IDS2018, ToN-IoT, and Edge-IIoTset datasets and their comparison with the traditional intrusion detection frameworks in recognizing various types of attacks.The Bi-GRU-LSTM-based scheme achieved detection ACC of 100% for normal class, while for other classes it achieved 99.51% to 99.91% accuracy under the CIC-IDS2018 dataset.For the ToN-IoT dataset, the proposed scheme achieved almost 99% to 100% detection ACC, while for the Edge-IIoTset dataset, it achieved values between 94% to 99.99%.On the other hand, the RF, LSTM, and GRU have shown a bad performance in detecting some attack types, i.e., DoS-Goldeneye, DoS, MITM, and achieved a low detection accuracy for other classes as well as against our proposed scheme.Furthermore, a threat detection scheme is considered proficient if it has high ACC, PRE, REC, and F1 values.An overall comparison of the proposed scheme in terms of the aforementioned evaluation metrics against these traditional schemes can be witnessed in Fig. 7(a)-(c).The proposed scheme achieved a 99.82% ACC, 99.62% PRE, 99.59% REC, and F1 of 99.67% for the CIC-IDS2018 dataset and an ACC, PRE, REC, and F1 of 99.55%, 99.31%, 99.24%, and 99.39% for ToN-IoT dataset, while it achieved a 98.32% ACC, 98.78% PRE, 97.22% REC, and 97.82% F1 under EDGE-IIoTset dataset, respectively.On the other hand, RF, LSTM, and GRU have shown a low performance.This comparison is evident that the BiGRU-LSTM-based threat detection scheme outclassed the traditional schemes by achieving higher values in the aforementioned evaluation metrics.
For further performance evaluation, we have provided the FPR, FNR, FDR, and FOR of the proposed scheme with traditional schemes in Fig. 8    and 0.017% for the CIC-IDS2018 dataset.Similarly, for ToN-IoT, the proposed scheme has an FPR, FNR, FDR, and FOR of 0.0031%, 0.0021%, 0.0024%, and 0.0027%, respectively.Moreover, the proposed IDS achieved an FPR of 0.0462% with FNR, FDR, and FOR of 0.03896%, 0.0354%, and 0.0291% under the Edge-IIoTset dataset, respectively.On the other hand, the LSTM shows a better performance than RF and GRU with the CIC-IDS2018 dataset while under the ToN-IoT dataset, the GRU performed better than RF and LSTM in terms of these metrics.This comparison further proves the efficacy of our proposed threat detection framework by showing higher performance than the traditional detection schemes.
Finally, we have also compared the performance in terms of TPR, TNR, and MCC.Fig. 9(a)-(c) depicts the comparison of the proposed BiGRU-LSTM-based scheme with the aforementioned threat detection schemes.The proposed framework has shown comparatively better performance than these schemes with a TPR of 99.86%, TNR of 99.84%, and MCC of 99.89%, respectively, with the CIC-IDS2018 dataset.For the ToN-IoT dataset, the proposed threat detection framework achieved TPR, TNR, and MCC values of 99.23%, 99.34%, and 99.12%.However, the proposed IDS achieved 98.39% TPR, 98.88% TNR, and 97.23% MCC under the Edge-IIoTset dataset, which is comparatively higher than the other schemes, thus, proving its proficiency.As a result of the findings, we may conclude that the proposed IDS outclassed the baseline threat detection schemes and proves that the proposed BiGRU-LSTM-based scheme is more effective than other techniques at detecting various types of threats.Finally, we provide the testing time of the proposed threat Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.detection framework and the baseline detection schemes in Fig. 10.We have not considered the training time as it is mostly done offline.Fig. 10(a) depicts the testing time of the proposed IDS and baseline techniques under the CIC-IDS2018 dataset.It can be seen that the proposed IDS has achieved a testing time of 14 s with the TBPTT approach and 76 s without it.Further, Fig. 10(b) depicts the testing time under the ToN-IoT dataset, where the model has a testing time of only 21 s with the TBPTT approach.However, without the TBPTT approach, the model is having a testing time of 83 s.Moreover, for the Edge-IIoTset dataset, we provide the testing time in Fig. 10(c), where the model achieved a testing time of only 11 s with the TBPTT approach, while without it, the model achieved a testing time of 69 s.

E. Performance Comparison With Recent Intrusion Detection Approaches From Existing Literature
Finally, we made the performance comparison of the proposed IDS with recent threat detection approaches from the existing literature such that [13], [16], [19], [20].A complete comparison is depicted in Table VIII regarding ACC, PRE, and REC.The table is evident that the proposed IDS achieved better results than the existing threat detection frameworks under both datasets and proves its efficacy by outclassing the baseline and recent detection approaches.Thus, ensure the security of IoT devices in such an environment.

V. CONCLUSION
Most of the current IoT devices works in various extreme environment to collect, process, and send real-time data.In this article, we considered edge-to-Things SA scenario in extreme environments and developed a DL-based IDS.The proposed IDS was designed by combining BiGRU, and LSTM with Softmax classifier to detect attacks at the edge of the network.
Further, to enhance the training time of the RNN-based IDS, we employed TBPTT mechanism.Thus, the proposed approach eliminates the requirement for a full retrace over the entire data stream at each level.We also designed an attack scenario and deployment architecture for the proposed IDS in the extreme environment of SA.Finally, the proposed IDS outperformed some baselines and state-of-the-art techniques and achieved 99.82%, 99.55%, and 98.32% accuracy and reduced FPR of 0.0369%, 0.0031%, and 0.0426% using CIC-IDS2018, ToN-IoT, and Edge-IIoTset datasets, respectively.Future research will include integrating blockchain and explainable AI techniques with the proposed IDS to enhance the security and privacy of SA in extreme environments.

Fig. 2 .
Fig. 2. Deployment architecture for proposed IDS in the extreme environment of SA.
(a) for the CIC-IDS2018 dataset, Fig. 8(b) for the ToN-IoT dataset, and Fig. 8(c) for Edge-IIoTset dataset.The proposed IDS achieved an FPR of 0.0369% with FNR, FDR, and FOR of 0.0295%, 0.0245%, Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

TABLE V PER
-CLASS DETECTION RATE OF THE PROPOSED IDS AGAINST TRADITIONAL SCHEMES UNDER CIC-IDS2018 DATASET

TABLE VI PER
-CLASS DETECTION RATE OF THE PROPOSED IDS AGAINST TRADITIONAL SCHEMES UNDER TON-IOT DATASET

TABLE VII PER
-CLASS DETECTION RATE OF THE PROPOSED IDS AGAINST TRADITIONAL SCHEMES UNDER EDGE-IIOTSET DATASET of 1 for the CIC-IDS2018 and ToN-IoT datasets.However, for Edge-IIoTset dataset, it has a micro and macro average of 0.99 and 0.97, respectively.

TABLE VIII COMPARISON
WITH RECENT IDS