BHFVAL: Block chain-Enabled Hierarchical Federated Variational Auto encoder Framework for Secure Intrusion Detection in Vehicular Networks

Abstract

In modern vehicular systems, providing secure data processing with decentralized learning efficacy under limited computational resources and varying network conditions is challenging. This paper introduces an intelligent, effective, and secure learning model for the Internet of Vehicles (IoV) as a solution to the vulnerability of centralized architectures and the inefficiency of existing federated learning in adversarial environments. The Blockchain-Enabled Hierarchical Federated Variational Autoencoder Learning (BHFVAL) model uses a multilevel learning process on edge, fog, and cloud layers protected by a Reputation-Based Byzantine Fault Tolerance (RBFT) mechanism filtering out incorrect inputs during model aggregation. HFVAL is at its core, providing adaptive encoding and learning task assignments based on dynamic networks and resource status. To minimize communication latency, the platform employs a lightweight edge-computing (LEC) module to enable proximity-based processing. Hyperparameter optimization is enabled using the Osprey Optimization Algorithm (OOA) for maximum convergence effectiveness. Secure communication is achieved by implementing a Lightweight Secure Communication Protocol (LSCP) on Elliptic Curve-Based Homomorphic Encryption (ECHE) to enable encrypted V2X communication with minimal computational overhead and reduced latency. Extensive experimentation using the UNSW-NB15 and CIC-IDS-2017 datasets exhibited strong detection performance: UNSW-NB15 achieved 96.83% accuracy and 96.65% F1-score under IID, slightly declining to 95.74% accuracy and 95. 40% F1-score under non-IID conditions. The CIC-IDS-2017 achieved 97.36% accuracy, 97.2% AUROC, and 97.1% F1-score under IID, slightly declining to 96.40% accuracy and 96.20% F1-score under non-IID conditions. The results attest to the dependability, adaptability, and efficacy of the framework in decentralized privacy-sensitive vehicular networks.

Introduction

The spread of the Internet of Vehicles (IoV) has transformed intelligent transportation systems through frictionless communication between vehicles (V2V), and between vehicles and infrastructure (V2I), as shown in Fig. 1. These technologies not only improve traffic efficiency and road safety but also drive innovation in autonomous vehicles and data-enabled mobility services. However, building such an environment faces complex challenges such as secure communication, protection of users’ privacy, and system resilience in dynamic and hostile environments.

Fig. 1.

Internet of Vehicles (IoV) V2X Communication Architecture.

The increasing complexity of vehicle networks has increased the requirement for robust consensus and authentication mechanisms. Conventional mechanisms are often affected by latency and security limitations, especially in real-time communication. To address these requirements, researchers have been working to improve cryptographic solutions, especially post-quantum security-related solutions. A great example is a blockchain system utilizing Module Lattice cryptography based on Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) conjectures to achieve quantum-resistant authentication for vehicle-to-vehicle (V2V) communications. In addition, its aggregated signature scheme enhances computational efficiency, providing scalable and secure Internet of Vehicles (IoV) infrastructure¹. Concurrently, the combination of Artificial Intelligence (AI) and blockchain technology has been gaining momentum as a means of facilitating secure Vehicle-to-Everything (V2X) communication. BlockLLM, a novel framework integrating blockchain with Large Language Models (LLMs), offers adaptive decision making with decentralized trust and data integrity. This novel system addresses important problems such as node selfishness and latency and achieves stunning throughput and real-time responsiveness improvements². Even so, vehicular network security requires robust safeguarding against physical and network-layer attacks. One potential approach is to integrate physical layer security with blockchain-based authentication to ensure secure communication of On-Board Units (OBUs) through Road Side Units (RSUs) by employing synchronized noise and summed codeword encoding techniques. This process provides high transmission security with minimal loss of data efficiency³.

IoV cybersecurity is plagued by zero-day attacks and changes in the intrusion patterns. Traditional signature-based intrusion detection is insufficient, and thus hybrid and smart intrusion detection systems (IDS) have emerged. A suggested multi-stage IDS integrates anomaly- and signature-based techniques with the help of a Stacked Autoencoder (SAE), Grey Wolf Optimizer (GWO) for selecting features, and Random Forest and LightGBM classifiers for threat identification in layers. This model yielded better performance across various datasets, such as UNSW-NB15 and CIC-IDS-2017⁴. While vehicular data continues to shift to cloud-edge infrastructure, data transmission integrity protection is important. Genetic Algorithm-Random Forest (GA-RF) and Genetic Algorithm-Ensemble of Boosted Trees (GA-EBT), two GA-based ensemble learning models, have emerged to optimize the selection of features and enhance the accuracy of intrusion detection. Both models significantly alleviate false alarms while enhancing the threat identification reliability in realistic IoV use cases⁵. Blockchain-based federated learning (BCFL) frameworks have been proposed to address privacy and scalability. IoV-BCFL enables local model training by vehicles and sends only encrypted updates to RSUs, thereby supporting privacy-preserving intrusion detection. Blockchain ensures model integrity, whereas smart contracts and IPFS support tamper-resistant logging and efficient forensic analysis⁶.

In mobile vehicular environments, secure data exchange must deal with both adversarial attacks and privacy preservation. The Internet of Vehicles–Based Decision Support System model introduces a federated learning paradigm that filters vehicle involvement according to Euclidean similarity but uses a secret-sharing encryption scheme to shield gradients. Multi-Krum filtering eliminates spam updates, and the blockchain (through FISCO BCOS) safely records all parameters. The system is robust against poisoning attacks and reduces the computation overhead⁷. Rising threats such as zero-day (0-day) attacks require innovative solutions. Zero-X, a new IDS, combines Open-Set Recognition with deep neural networks and federated learning with blockchain-based decentralized training. On 5G-NIDD and VDoS datasets provide efficient detection of unknown and known threats with privacy and adaptability to non-IID data distributions⁸. Blockchain node optimization is essential for enabling a scalable security infrastructure. An algorithm for node deployment was proposed to lower the number of blockchain nodes at the expense of neither throughput nor consensus efficiency. By utilizing PBFT, this algorithm secures and lowers the cost of blockchain integration with wireless IoT and IoV networks⁹.

In cloud-based FL, the number of participating clients can reach into the millions, which can cause communication with the cloud server to become slow and unpredictable due to factors like network congestion, ultimately leading to inefficiencies in the training process. In contrast, H-FL architecture consists of a cloud server, multiple edge servers, and numerous clients. In H-FL, clients update their local parameters and send them to the nearest edge server for edge aggregations, following a similar approach as in cloud-based FL. The difference is that after several rounds of edge aggregations, multiple edge servers send their parameters to a cloud server for cloud aggregation. This design allows more clients to participate in the framework. Moreover, H-FL significantly reduces the costly communication with the cloud by leveraging efficient client–edge interactions, leading to considerable decreases in both runtime and the number of necessary local iterations.

Non-IID data occur when the training data on each client in FL vary significantly, resulting in differing data distributions among clients. In real-world applications, such data are typically non-IID because of variations in user behavior, preferences, and environments. Managing non-IID data is a major challenge in FL. However, previous works did not account for non-IID data and instead employed divisions where clients received either an equal number of samples or samples from all classes (i. e. , types of attacks). Because the Internet of Vehicles (IoV) has become an integral driver of smart transportation, the need for secure, decentralized, and latency-sensitive intrusion detection has never been greater. With the mass popularity of real-time car-to-car communications and dispersed learning infrastructure, conventional centralized detection approaches are ineffective in handling changing topologies, privacy constraints, and malicious attacks. Reliable collaboration among dispersed nodes without consuming large network resources requires state-of-the-art frameworks that balance edge computing, privacy-preserving learning, and consensus verification. This research was driven by the desire to create an effective detection system that can cope with diverse vehicular environments with low response times and high robustness under restricted conditions.

Despite various improvements in blockchain-based federated learning and privacy-conscious detection systems, current solutions tend to be plagued by trade-offs between scalability, latency, and security integrity. Previous models either prioritized cryptographic robustness at the expense of processing latency or optimized learning performance without providing fine-grained control over node-level reputation and resource-conscious task assignment. Furthermore, conventional consensus methods and fixed aggregation techniques are still not well-suited for dealing with vehicular network volatility, particularly in the presence of non-IID data distributions and high sparsity rates. A holistic architecture that dynamically adapts learning depth, enforces trust-weighted aggregation, and enables secure communication without incurring computational excess remains noticeably absent. Based on the above discussion, the contributions of this study are as follows:

• A novel BHFVAL framework was introduced by employing hierarchical federated learning with VAE encoding for scalable and privacy-aware model distribution.

• The RBFT blockchain mechanism is embedded to secure model aggregation against malicious updates and to ensure tamper-proof parameter storage.

• Lightweight Edge Computing (LEC) is deployed to minimize latency by dynamically offloading computation from vehicular nodes to nearby edge servers.

• Hyperparameter optimization was performed using the Osprey Optimization Algorithm (OOA), which improves convergence under real-time constraints.

• Secure communication is achieved through a Lightweight Secure Communication Protocol (LSCP) built on ECHE, enabling encrypted V2X communication with minimal computational overhead, as validated through latency and resource utilization analyses.

• The framework is proven using UNSW-NB15 and CIC-IDS-2017 data, with the performance quantified on terms ranging from accuracy to precision, recall, F1-score, and AUROC.

The remainder of this paper is organized as follows: Sect. “Related works” discusses the basic and latest developments in intrusion detection in the Internet of Vehicles (IoV), focusing on the contributions of federated learning, blockchain, and optimization methods. Section “Methodology” describes the proposed BHFVAL framework in detail, including the data preprocessing, hierarchical learning processes, secure aggregation methods, optimization mechanisms, and communication protocols. Section “Results and discussion” provides a detailed discussion of the experimental configuration, benchmark datasets, performance evaluation under multiple conditions, and comparative analysis. Section “Conclusion” summarizes the findings with important conclusions and identifies possible extensions to the work, such as larger deployment over heterogeneous vehicular infrastructures and combinations with advanced neural architectures.

Related works

The increasing sophistication of the Internet of Vehicles (IoV) and cybersecurity scenarios has necessitated the creation of sophisticated methods that combine blockchain, deep learning, and federated learning with privacy-protection mechanisms. These studies have mainly centered on intrusion detection, secure data exchange, authentication, and real-time vehicular communication. Class imbalance, low-latency processing, and effective threat mitigation have been core challenges in various proposals, with each work building incrementally upon the state-of-the-art.

One of the root contributions in this area is the intrusion detection framework based on deep learning, which utilizes a variety of CNN variants with extensions through LSTM and GRU in various benchmarking datasets such as UNSW-NB15, CIC-IDS-2017, 5G-NIDD, and FLNET2023. The 1D-CNN layers, along with pooling and batch normalization, formed the basic building blocks for the architecture, with SMOTE used for oversampling minority classes. The simplicity of the model was beneficial, with a performance equal to or better than deeper networks and up to 91% accuracy on augmented datasets, demonstrating the applicability of lightweight CNNs to real-time IDS applications¹³. This research has paved the way for further advances in vehicular security systems. In addition to decentralized platforms, a blockchain-based authentication protocol has been introduced for industrial IoV settings to address central authority constraints and ensure privacy protection. With distributed registration servers and the use of Pedersen secret sharing, the system eliminated third-party dependency, minimizing the latency and risks of exposure during handover authentication. The Real-Or-Random (ROR) security model confirmed its effectiveness against all attacks and guaranteed enhanced trust and communication efficiency¹⁴. This method has created a paradigm shift from centralized to distributed vehicular identity management.

In further advancing decentralized communication, another study introduced a secure data-sharing mechanism for smart vehicles, with privacy-preserving authentication between the vehicle and RSU, thereby reducing tampering and enhancing data forwarding. An election mechanism for a cluster head through weighted metrics and PBFT-consensus adoption assured security, whereas on-chain hash certificates assured integrity and cancelled malicious nodes. These improvements exhibit enhanced energy efficiency and reliability¹⁵ and set the stage for trust-aware vehicular communication. In federated learning scenarios, the BPFL scheme combines homomorphic encryption and an adapted multi-Krum algorithm to provide secure model aggregation in IoV environments. Reputation-based incentives were added to promote honest participation by employing a consortium blockchain for decentralized control. The incorporation of PBFT and smart contracts provided verifiable learning updates, whereas performance assessments validated their immunity to participant and aggregator attacks¹⁶. This has led to a shift towards secure collaborative learning in connected vehicles.

In parallel, the BeACONS architecture addresses decentralized mutual authentication by combining BeMutual and BeDNS services within a multi-tiered blockchain structure. The dual-layer system manages inter- and intra-vehicle communications using RSUs and edge servers, offering real-time identity verification without relying on traditional CAs or PKI. PBFT enables RSU coordination, whereas the framework significantly mitigates DoS, spoofing, and MITM threats¹⁷, thereby ensuring uninterrupted, secure connectivity in dense traffic scenarios. To evaluate such architectures, a multilayer simulator combining SUMO and BlockSim was introduced. The proposed system captures V2X interactions using Enhanced MAX-SINR for improved retransmission efficiency, outperforming MARL-based methods with an 18.71% boost in blockchain throughput. Its three-layered architecture encompasses transportation data, RSU-satellite interactions, and blockchain validation, ensuring scalability across urban and rural contexts¹⁸. This provided a foundational simulation environment for testing blockchain-enabled vehicular networks.

With a focus on imbalanced datasets, another IDS framework applies Random Oversampling, Stacking Feature Embedding via clustering, and PCA-based dimensionality reduction to boost classification across standard benchmarks. This approach demonstrated high reliability in both binary and multiclass tasks using classifiers such as DT, RF, ET, and XGB¹⁹. These contributions reinforce the need for adaptable models in dynamic and skewed data environments. Building on imbalance handling, one model employed a hybrid sampling method (ADRDB) combining ADASYN and RENN to maintain the class balance²⁰. This was augmented by a two-level attention mechanism, P-FSA and B-FSA, to extract spatial information across varying granularities and further processed using a Sequential Spatial Reasoning component. For optimal learning, the Improved Reptile Search Algorithm (IRSA) incorporates sine–cosine and Lévy dynamics, efficiently averting convergence failure²¹. This approach demonstrated a higher detection precision with fewer false positives in complicated situations.

Focusing on proactive safety, the BCA-CAR algorithm integrates AI and blockchain to anticipate and avoid vehicular accidents. Support Vector Regression (SVR) was used to analyze real-time sensor data and smart contracts based on blockchain-initiated immediate avoidance maneuvers. This closed-loop system, validated by Cooja, established decreased traffic congestion and improved decision-making reliability²². This is a new path for combining AI and blockchain for safety automation. Security-centric federated learning frameworks, such as SecNet-FLIDS, apply SMOTE-ENN to rebalance data and a TOP-K selection mechanism to optimize node contributions²³. A Transformer network captures temporal and spatial patterns in vehicular data, while the blockchain maintains model integrity. Comparative analysis of the CAR-HACKING and UNSW-NB15 datasets confirmed their high resilience and accuracy²⁴. This progression emphasizes adaptive FL systems with a robust threat response.

For trust management, an AIMD-based approach was integrated within a three-tier edge-fog-cloud structure. Reputation scores were dynamically adjusted using a multi-criteria model and feedback from network participants. Blockchain ensures tamper-proof records via PBFT and smart contract automated evaluations. Improvements were observed in packet delivery, latency, and transaction validation²⁵, highlighting efficient, decentralized trust infrastructures²⁶. To enhance privacy in data sharing, the IoV-SFL model combines federated learning with homomorphic encryption and a blockchain. It dynamically allocates computational resources using a scaling factor and employs CNN-GRU networks to analyze real-time data. Tests have revealed improvements in accuracy, convergence speed, and protection against cyber threats²⁷, positioning it as a viable solution for secure vehicular intelligence.

Blockchain, federated learning, and optimization techniques are becoming convergent in intelligent and resource-constrained situations, according to recent research²⁸. One example of how blockchain can be used in a variety of fields where data integrity is crucial is in precision agriculture, where it has been demonstrated to greatly improve the security and transparency of distributed data sharing through the use of reinforcement learning²⁹. Similar to this, secure communication is still essential for vehicular networks, where low latency and sustainable deployment call for solutions that are both lightweight and energy-efficient. In this context, a secure communication protocol that is energy-efficient and designed for IoT-driven vehicle networks has been put forth, emphasizing the necessity of robustness and performance in vehicular communication systems³⁰.

Recent optimization-driven intrusion detection frameworks have demonstrated promising performance in IoV and IoT environments by integrating metaheuristic algorithms with machine learning models. For instance, a Blockchain-Assisted Fireworks Optimization with Machine Learning-based IDS achieved improved accuracy and reduced attack false positives through decentralized trust validation³¹. Similarly, a Seagull Optimization-based Feature Selection combined with an Optimal Extreme Learning Machine (OELM) offered high detection precision in fog-assisted WSNs³². [³⁸] In addition, an Enhanced Arithmetic Optimization Algorithm (EAOA) coupled with deep learning exhibited rapid convergence and robust anomaly detection³³, while a Barnacles Mating Optimizer (BMO) integrated with a Hopfield Neural Network enhanced detection reliability in IoT intrusion scenarios³⁴.

These studies confirm the effectiveness of metaheuristic optimization in improving IDS accuracy and convergence; however, most rely on centralized architectures or single-layer optimization^35–37, [³⁹]. In contrast, the proposed BHFVAL framework uniquely integrates multi-tier hierarchical learning, reputation-weighted blockchain consensus, and dynamic OOA tuning, offering superior scalability and adaptability in vehicular environments. The summary of related work tabulated as Table 1.

Table 1.

Comparative Analysis of Existing Techniques of IoV.

Author	Methodology	Advantages	Limitations
Yadav et al. 1	Module Lattice-Based Post-Quantum Secure Blockchain Framework for V2V communication	Provides quantum-safe authentication, improves transaction validation efficiency,	The framework’s real-world deployment in large-scale IoV networks is yet to be explored
Halim et al. 2	Blockchain-integrated LLM-based vehicular network architecture that enhances privacy, security, decision-making, and scalability in Vehicle-to-Everything (V2X) communication	Ensures data integrity, trustless communication, and efficient real-time decision-making with an 18% reduction in latency and a 12% improvement in throughput	Increased computational overhead due to LLM integration and higher energy consumption associated with blockchain transactions
Liu et al. 3	Blockchain-based authentication and physical layer security for secure data exchange in IoV	Ensures wiretap resistance through synchronized artificial noise and enhances privacy via summed codeword encoding	Limited real-world deployment and reliance on specific transmission conditions
Chatterjee et al	Multi-stage IDS using SAE, GWO, RF, and LightGBM	Detects known and zero-day attacks	Higher computational cost for real-time deployment
Xie et al. 6	IoV-BCFL: A blockchain-based federated learning framework for intrusion detection in IoV	Ensures decentralized and privacy-preserving intrusion detection while reducing communication overhead	The system has only been tested on public datasets and not in real-world IoV scenarios
Guan et al. 7	IoV-BDSS integrates blockchain and federated learning, using Euclidean distance-based filtering and secret-sharing encryption for secure data sharing	Improved privacy and security, reduced computational overhead, and resilience against poisoning attacks	Limited evaluation on real-world vehicular environments
Korba et al. 8	Blockchain-enabled open-set federated learning using Deep Autoencoder (DAE) and Deep-MCDD for zero/N-day attack detection in IoV	Detects both 0-day and N-day attacks while preserving data privacy	Slight reduction in accuracy under non-IID settings and DP noise
Lai et al. 9	Proposed a low-cost blockchain node deployment algorithm using Practical Byzantine Fault Tolerance (PBFT) to optimize transaction throughput and minimize computational overhead in wireless IoT networks	Reduces operational costs and energy consumption while maintaining high transaction throughput and consensus success	Lacks evaluation of security against adversarial attacks and real-world deployment scalability
Bouayad et al	Proposed Lightweight-Fed-NIDS using CNNs with zero-shot structured pruning in a federated setup	Reduces training time by up to 3 ×	Does not address non-IID data distributions and poisoning attacks
Shen et al. 11	Proposed AE-PBFT, a dynamic consensus algorithm integrating a gradual acceleration trust model and adaptive consensus group division for IoV	Significantly improves consensus efficiency, fault tolerance, and communication overhead	Performance under extreme adversarial conditions needs further exploration
Shen et al. 12	Proposed BCS-LPP, integrating blockchain and crowd-sensing with Geohash encoding and order-preserving encryption for location privacy protection	Ensures privacy-preserving worker participation, fair task allocation, and robust sensing data validation	High computational overhead due to blockchain processing and encryption techniques
Tian et al. 14	Blockchain-based fast handover authentication protocol using Pedersen verifiable secret sharing and distributed registration servers	Minimizes communication overhead, prevents SPoF attacks, and enables fast and secure authentication for IoV in small industrial parks	Increased computational cost due to blockchain-based cryptographic operations
Fengjun Shang et al. 15	Blockchain-based privacy protection authentication scheme using PBFT consensus, attribute-based encryption, and zero-knowledge proof for secure IoV data sharing	Enhances privacy, ensures data integrity, prevents replay and counterfeiting attacks, and reduces central failures	High computational cost due to blockchain processing, increased latency with large networks
Wang et al. 16	BPFL: Blockchain-based Privacy-Preserving Federated Learning with homomorphic encryption and Multi-Krum filtering	Secure model aggregation and filtering with distributed verification, reducing attack vulnerabilities	Filtering ratio must be optimally set; high exclusion may remove useful nodes
Qi Shi et al. 17	BeACONS: Blockchain-enabled authentication and communication network for secure IoV	Decentralized identity management reduces reliance on centralized CAs and PKI	Dynamic RSU availability may cause fluctuations in authentication efficiency
Yi-Ting Sun et al. 18	Multi-layer blockchain simulator integrating SUMO and BlockSim for SIoV performance evaluation	Enhanced blockchain transaction throughput by 18. 71% using Enhanced MAX-SINR	Performance may degrade in ultra-dense vehicular networks due to computational overhead
Talukder et al. 19	Random Oversampling + Stacking Feature Embedding + PCA + ML classifiers (DT, RF, ET, XGB)	Handles imbalanced and large-scale data effectively; reduced dimensionality with PCA; lower FP/FN rates	Deep learning and optimization techniques not explored; time complexity analysis is basic
Biyyapu et al.20	Modified feature aggregation, ADASYN-RENN hybrid sampling, MFA (P-FSA & B-FSA)	Handles class imbalance, Spatial-context learning	Limited benchmarking with fine-grained systems
Ullah et al. 24	Introduced IoV-SFL, a blockchain-integrated federated learning model with Homomorphic Encryption and a Dynamic Scaling Factor for resource optimization	Improved security, privacy, and communication efficiency in IoV environments	Computational overhead due to HE and blockchain integration
Le and Park25	Feature rearrangement in GNN: node features include IP and ports; edge features include flow statistics; uses extra embedding layer	High multi-class accuracy; utilizes both edge and node info; realistic network modeling	Increased model complexity leads to longer training and prediction time
Al-Shehari et al. 26	Blockchain-based secure data and energy trading using the Mayfly Pelican Optimization Algorithm (MPOA)	Enhanced transaction security and lower transaction costs	Requires robust IT infrastructure for deployment
Liu et al. 27	Hyperledger Fabric-Based Multi-Channel Blockchain for secure data exchange in IoV, utilizing chaincodes and cross-channel communication for privacy and efficiency	Ensures data privacy, decentralization, and improved transaction handling through multi-channel segmentation	Increased complexity in deployment and maintenance, requiring specialized expertise for integration
Choi et al. 28	Integration of homomorphic encryption with blockchain for privacy-preserving communication in IoV	Ensures data integrity with a tamper-proof rate of 99. 9%	Computational overhead due to encryption and blockchain operations
Alshahrani et al. 29	Blockchain-based IoT-enabled drug supply chain using NFTs for traceability	Enhances security, traceability, and transparency in pharmaceutical logistics	Security concerns still persist, and scalability issues remain a challenge
Mallampati et al. 30	Proposed a hybrid explainable IDS model using PCIG-SFFS-LGBM with k-Means SMOTE and SHAP-based XAI on UNSW-NB 15 and CICIDS-2017 datasets	Achieves high detection accuracy with minimal features (7 and 5 respectively), enhances interpretability with SHAP	Wrapper-based SFFS introduces higher computational cost on large-scale or high-dimensional datasets

Vehicular networks present a uniquely volatile and resource-constrained environment in which real-time intrusion detection must occur without compromising system privacy, scalability, or responsiveness. Current federated learning frameworks struggle to adapt to these constraints because of their static architecture, centralized model aggregation, and vulnerability to poisoning or inference attacks. The absence of intelligent scheduling across computational layers further exacerbates inefficiency, leading to delayed updates, model drift, or degraded detection performance in the face of uneven data distribution or adversarial interference.

To overcome these limitations, there is a need to design a strong framework that coordinates federated learning through adaptive tier-based coordination, coupled with trust-based validation and secure internode communication. The architecture must adaptively balance the training loads across the edge, fog, and cloud layers, impose privacy-preserving feature abstraction, and be resilient to extreme sparsity and adversarial noise. Simultaneously, the system needs to maintain lightweight cryptographic computations suitable for bandwidth-constrained V2X networks, providing timely and secure information exchange scalable across various vehicular infrastructures.

Methodology

A Blockchain-Enabled Hierarchical Federated Variational Autoencoder Learning (BHFVAL) platform is suggested to enhance the security, efficiency, and flexibility of federated learning in Internet of Vehicles (IoV) networks. The platform suggests a multilevel learning architecture that relieves the computational burden from the edge, fog, and cloud layers, thereby enabling vehicular networks to process data efficiently while maintaining privacy. Traditional federated learning architectures are under pressure to address huge communication overheads and privacy risks, and to breach the limitation of computation in dynamic vehicle environments with unreliable network conditions. BHFVAL addresses the above issues by embracing Hierarchical Federated Variational Autoencoder Learning (HFVAL), which improvises learning mechanisms under real-time network bottlenecks and available computational resources.

The integration of blockchain technology also secures the system further by adopting a Reputation-Based Byzantine Fault Tolerance (RBFT) consensus mechanism that provides secure aggregation of models and guards against malicious data tampering. In contrast to typical federated learning systems that remain exposed to adversarial attacks, the integration of blockchain guarantees tamper-proof storage of learned parameters alongside decentralized security. In addition, the Lightweight Edge Computing (LEC) module minimizes latency by offloading computational workloads from IoV nodes to edge servers, thereby facilitating real-time federated learning updates without overloading the computational loads on individual vehicles.

The BHFVAL model incorporates the Osprey Optimization Algorithm (OOA), which automatically adjusts the hyperparameters to enhance the convergence speed and model performance. In addition, the Lightweight Secure Communication Protocol (LSCP) using Elliptic Curve-Based Homomorphic Encryption (ECHE) provides secure and encrypted vehicular data communication with minimal computational overhead. This end-to-end integrated system allows IoV deployments to achieve scalable, privacy-preserving, and resource-efficient federated learning, as shown in Fig. 2. The newly formed framework prioritizes model reliability optimization, communication efficiency, and computational sustainability; therefore, it is a feasible solution for future-proof smart transportation networks.

Fig. 2.

Hierarchical Architecture of the BHFVAL Framework for Federated Learning in IoV.

Preprocessing

To ensure the learning stability and reliability of the UNSW-NB15 and CIC-IDS-2017 datasets, a specialized preprocessing pipeline was employed to clean and normalize the data before the hierarchical training process. The initial process involved handling missing or outlier values using context-sensitive imputation techniques and filtering methods to ensure that no defective or incomplete records tainted the learning process of the model. Prior to model training, a standard pre-processing pipeline was used to guarantee consistency and reproducibility across the two datasets. To prevent bias in learning, extraneous or redundant features (such as timestamps and identities) were first eliminated. Second, one-hot encoding was used to translate categorical attributes—like protocol type and service fields—into numerical representations. Using Min–Max scaling, all continuous features were standardized to a [0,1] range in order to remove scale imbalance between dimensions. Fourth, using the mean or mode, depending on the kind of attribute, missing values were examined and imputed. Fifth, the class imbalance in both datasets was addressed by eliminating biased model training by combining SMOTE’s undersampling of majority classes with oversampling of minority classes. A stratified sampling approach was then used to randomly divide the pre-processed data into training, validation, and test sets while maintaining the original class distribution. This standardized workflow ensures that results on CIC-IDS-2017 and UNSW-NB15 are entirely reproducible and consistent.

Hierarchical federated variational autoencoder learning (HFVAL) for IoV

Hierarchical Federated Variational Autoencoder Learning (HFVAL) is a new learning paradigm designed to improve federated learning (FL) in the Internet of Vehicles (IoV) network. Unlike traditional federated learning systems that employ a central aggregation server to update models, HFVAL employs a hierarchical learning process that progressively delegates learning tasks to edge nodes, fog-level roadside units (RSUs), and cloud centers. Such a systemic strategy maximizes the process of model training using resource consciousness and sensitivity to the available network traffic and computational resources. Traditional federated learning methods^26–34 are generally affected by excessive communication overhead, data bias distribution, and wasteful consumption of resources, particularly in vehicular networks that are dynamic and have spurious connectivity. HFVAL addresses such issues through a variational Autoencoder (VAE)-based hierarchical learning scheme that supports adaptive selection of feature representations while ensuring privacy and avoiding explicit data exchanges between IoV nodes.

The primary learning goal of HFVAL is to reduce the variational lower bound such that the model can efficiently learn the latent structure of vehicular data while handling uncertainties in real time. The optimization is regulated by the Evidence Lower Bound (ELBO) function as presented in Eq. (1)

1

where x is the input vehicular data, z is the latent variable, is the parameterized likelihood function, and is the posterior approximation controlled by variational parameters ϕ. The term is the Kullback–Leibler (KL) divergence which regularizes the distribution of the latent space for approximating the prior distribution p(z). This formulation enables HFVAL to obtain important latent features from IoV data while ensuring that only encoded feature representations are communicated through layers, thereby causing minimal communication overhead.

In order to dynamically adjust learning strategies in response to network congestion, HFVAL uses a real-time utility function that measures the bandwidth availability, represented in Eq. (2).

2

where ​ denotes the available bandwidth at the moment, and ​ and ​ are the lower and upper bounds of network, respectively. The utility value will be higher for prioritizing training over the cloud and lower for sending computations to the RSU (fog) or edge layers to reduce latency. Similarly, for computational resource-aware training, HFVAL incorporates a metric of computational efficiency, as expressed in Eq. (3).

3

where ​ is the available computational capacity, and ,​ are the minimum and maximum computational capacities, respectively. HFVAL uses a hierarchical scheduling algorithm that allocates federated training tasks to the most suitable computational layer based on real-time assessments of ​ and ​. In the case of network congestion, training is redirected to fog or edge layers to avoid bottlenecks and enhance the learning efficiency.

A major strength of HFVAL is its privacy-friendly architecture, which prevents vehicular nodes from sharing data directly. In contrast to conventional FL models that share raw gradient updates, HFVAL utilizes a VAE-based latent-space encoding mechanism, where every participating node shares encoded feature representations instead of real data. The secure differentially private encoding function is presented in Eq. (4)

4

where is the encoded feature vector, is the VAE feature extraction function with parameter , and adds differential privacy by adding Gaussian noise with variance to avoid adversarial model inversion attacks. This ensures that vehicular nodes can participate in federated learning without leaking sensitive user data, thereby maintaining rigorous privacy standards.

Federated learning training process

The BO-HAFEL architecture was built on a hierarchical federated learning framework that enables decentralized resource-aware model training at vehicular nodes, RSU-based fog servers, and cloud realms. Unlike conventional centralized learning designs, this approach offers every vehicular node the capability for local training independently, while preserving sensitive information locally, ensuring privacy, and reducing communication overhead. Fig. 3 shows the hierarchical model distribution and aggregation architecture. The training process was conducted using Python-based TensorFlow Federated (TFF) and PySyft, a privacy-preserving federated learning framework that enables secure model training without revealing raw data. The training mechanism is controlled by gradient descent optimization, which recursively adjusts the model parameters by calculating the gradient of the loss function over the locally accessible data. The model parameter update rule for each vehicular node is expressed by Eq. (5):

5

where ​ is the new local model parameters at vehicle node i, ​ is the past model state, η is dynamically adjusted learning rate depending on actual network congestion and computational resources available, and is the gradient of loss function calculated based on the local data set ​.

Fig. 3.

Blockchain-Assisted Federated Learning Architecture for IoV with RSU-Based Model Aggregation and Secure Model Sharing.

Because vehicular networks work in extremely dynamic and resource-scarce environments, adaptive hierarchical scheduling is utilized by the BO-HAFEL framework to optimize where training takes place. If the computational power at the vehicular node is lacking, the system offloads training on RSU-based fog-computing servers that function as intermediate processing nodes. When the network saturation or bandwidth constraint is sensed, local edge-layer updates are prioritized for the models to limit latency and avoid network congestion. Real-time adaptive allocation was implemented to provide equitable learning efficiency with the protection of computational and communication resources across distributed vehicular nodes.

Using this adaptive and hierarchical learning approach, the BO-HAFEL method limits the computational load per individual vehicular node without compromising the training accuracy or convergence speed. The dynamic optimization of tasks with local training means that even with frequent vehicular node disconnection or instability in processing resources, the model continues to remain efficient and scalable.

Federated learning model aggregation

To preserve model robustness and integrity throughout vehicular networks, the BO-HAFEL approach combines a trust-optimized hierarchical aggregation strategy of model updates with global learning, such that only reliable and quality model updates are added to the global learning model. In contrast to standard federated averaging (FedAvg), which simply takes the arithmetic average of local model updates, BO-HAFEL utilizes a Hierarchical Variational Federated Learning (HVFL) strategy optimized for uncertainty-aware and privacy-preserving aggregation. Because model updates in HFVAL are also modeled as variational posterior distributions, aggregation is performed through the calculation of a weighted sum of these distributions, instead of direct averaging of the parameters. The global aggregation function is given by Eq. (6):

6

where is the collective posterior distribution of all nodes involved, ​is a trust-based weighting factor giving more weight to high-quality updates, and is the local variational posterior contributed by each vehicular node. This method ensures that more credible model updates have a stronger impact on the global learning process, thereby reducing the possibility of noisy, biased, or adversarial contributions.

For greater security and integrity, the BO-HAFEL framework has a trust verification module, in which each node is provided with a trust value depending on the quality and consistency of its historical contributions. The nodes that continually send low-quality or inconsistent updates are assigned fewer aggregation weights to prevent malicious or untrustworthy data from adversely affecting the global model. This step dramatically enhances the robustness of BO-HAFEL to enemy attacks such as data poisoning and model inversion attacks, which are prevalent in federated learning settings.

The second salient advantage of Hierarchical Variational Federated Learning (HVFL) is that privacy is maintained. Unlike traditional methods of aggregation^32–35 using the sharing of all model parameters, HVFL shares only latent feature distributions, effectively limiting data exposure and minimizing communication costs. This property is most useful in vehicle networks, where the bandwidth varies and the transmission of large quantities of model parameters leads to network latencies and congestion. Using probabilistic latent representations, BO-HAFEL provides enhanced learning efficiency with stringent privacy guarantees.

The use of trust-weighted Bayesian aggregation, uncertainty-aware inference, and privacy-preserving distributed learning allows BO-HAFEL to exhibit better model reliability, convergence rate, and security performance than conventional federated learning aggregation algorithms. Hierarchical learning and adaptive aggregation techniques allow BO-HAFEL to become scalable and versatile even in distributed, complex, and dynamic vehicular network environments.

Reputation-based byzantine fault tolerance (RBFT) blockchain consensus for secure model aggregation

The Reputation-Based Byzantine Fault Tolerance (RBFT) algorithm employed in blockchain technology is uniquely designed to enhance the security and reliability of federated learning model aggregation to offset malicious tampering and ensure tamper-proof storage of parameters while training. Traditional Byzantine Fault Tolerance (BFT) algorithms³² are mainly focused on consensus in distributed networks, irrespective of the fact that some subsets of nodes may perform malicious operations. In federated learning, an attacker may try to spread contaminated model updates or create fake gradient information with the aim of reducing global model accuracy. RBFT improves the traditional BFT framework by incorporating a reputation-based trust mechanism that provides reputation scores to the involved nodes based on their past, making it impossible for malicious nodes to control consensus decisions, as shown in Fig. 4.

Fig. 4.

RBFT-Based Blockchain-Enabled Secure Model Aggregation in IoV Federated Learning.

The Byzantine Fault Tolerance protocol is built on a chain of message exchanges to reach consensus among the nodes, even when some are acting maliciously. The process of agreement goes through multi-step verification so that at least ​ faulty nodes are not able to destabilize the system, where f is the number of malicious nodes and n is the number of the participating nodes. The agreement is made through a leader-based process where a lead node suggests a block and replicas check and accept the suggestion in accordance with a threshold agreement condition. The last decision rule in the RBFT is presented in Eq. (7):

7

where is the end-aggregated model,​ is the local update of model i from node i, is the weight given to node i based on its reputation score ​, and N is the number of nodes that reach consensus. The weighting function allows nodes with higher trust scores to have a greater impact on model aggregation, thus resisting adversarial influences.

The blockchain architecture of RBFT is intended to ensure tamper-proof storage of updated parameters using cryptographically chained blocks that log every validated model update. Every block in the blockchain has a model-update hash, reputations of the involved nodes, and cryptographic signatures that certify the authenticity of the saved parameters. The block construction is Merkle tree-based, with the hash of the model parameters recursively concatenated to produce one root hash to guarantee data integrity. The Merkle root is calculated using Eq. (8):

8

where ​ denotes the top-level Merkle root hash, and is the cryptographic hash of model parameters provided by node i. The hash function H(x) is a secure cryptographic standard, such as SHA-256, which avoids illegal changes in stored parameters. By maintaining a blockchain ledger that records all approved updates, RBFT ensures immutable, tamper-proof storage in such a way that past model updates can be made verifiable.

The transaction validation process in RBFT employs a multisignature scheme in which all nodes involved sign the model update proposal before it is committed to the blockchain. The joint signature employs the Boneh-Lynn-Shacham (BLS) signature scheme, enabling efficient verification of multiple signatures. The verification equation is expressed in Eq. (9):

9

where represents the bilinear pairing function, ​ is a generator in the elliptic curve group, ​ is the public key of node i, and is the cryptographic hash of the model update. This ensures that only authenticated model updates are recorded on the blockchain, thereby preventing tampering or unauthorized modifications.

By enforcing the RBFT consensus, the model shields global model updates from malicious nodes tampering with them through fraudulent activity. The application of blockchain cryptographic algorithms, combined with reputation-weighting, effectively warns off adversarial attacks and lends greater credibility to distributed learning. In addition, the fact that the blockchain ledger is immutable keeps each prior training parameter traceable and verifiable, so that vehicular federated learning networks provide a secure and reliable way of aggregating models.

Algorithm 1.

Reputation-Based Byzantine Fault Tolerance (RBFT) Consensus

Lightweight edge computing (LEC) module for low-latency processing

The Lightweight Edge Computing (LEC) module aims to enhance the computation efficiency of Internet of Vehicles (IoV) networks based on effective task offloading from vehicle nodes to edge servers. Compared to conventional cloud-based computing^10–13, where enormous communication overhead and delay are experienced owing to long transmission distances, the LEC module allows computationally expensive operations, such as federated learning model updates, to be performed close to data sources. This design enables real-time processing by utilizing edge servers located within the vehicular infrastructure, reducing response times, and guaranteeing critical learning updates that are effectively propagated throughout the IoV ecosystem. The efficiency of LEC is governed by a dynamic task allocation mechanism that determines the best offloading strategy based on accessible computational resources and network states. The task allocation decision is designed as an optimization problem that reduces the total latency while maintaining a balance of computational loads, as shown in Eq. (10):

10

where is the total latency incurred during federated learning updates,​ is the time taken for vehicular nodes to edge servers data transmission, considers the time for aggregating model updates prior to global synchronization. The transmission time is calculated as a function of network bandwidth and data size, as shown in Eq. (11):

11

where D is the model update data size, and B denotes the available network bandwidth. The computation processing time of the edge node depends on the task execution complexity and accessible edge resources, as formulated in Eq. (12):

12

where C is the computational complexity of the learning task in CPU cycles and F is the computational power of the edge server, expressed in cycles per second. The latency of aggregation, considering the duration of aggregating local model updates across multiple edge servers, is determined by the number of nodes involved and is estimated by Eq. (13):

13

where α is an aggregation time-scaling factor that depends on the average time for the model aggregation operation, and N is the number of involved IoV nodes. Dynamic optimization of such parameters by LEC ensures that model updates are handled with the least latency, significantly enhancing federated learning efficiency in vehicular networks.

In dynamic vehicular environments, network conditions such as bandwidth availability, vehicular mobility, and the distribution of computational resources vary rapidly. The LEC module employs an adaptive scheduling mechanism that monitors these conditions in real time and dynamically redistributes workloads across the most suitable edge nodes. The optimization model stimulates the scheduling mechanism by maximizing the overall delay and ensuring load balancing, as given by Eq. (14):

14

where is the weight given to every IoV node according to its priority,​ is the latency suffered by node i. The optimization process guarantees the immediate processing of high-priority tasks, whereas lower-priority tasks are delayed according to the available resources.

The integration of LEC into the IoV framework enhances federated learning efficiency by enabling local model updates and reducing communication with centralized cloud servers. This framework significantly reduces network congestion, lowers vehicular node energy consumption, and enhances the overall process effectiveness of vehicular networks. Through efficient handling of real-time federated learning updates, the LEC module ensures that IoV-based intelligent applications, such as autonomous driving, traffic prediction, and vehicle-to-infrastructure communication, are executed with high responsiveness and reliability.

Osprey optimization algorithm (OOA) for hyperparameter tuning

Hyperparameter tuning is a critical process in federated learning because it immediately affects the model convergence speed, generalization performance, and computational cost. For the Internet of Vehicles (IoV) application, where learning is conducted on distributed vehicular nodes with varying computation capabilities and network environments, setting appropriate hyperparameters, such as learning rate, batch size, and momentum, is critical to stabilize the learning and minimize convergence time. A poorly tuned federated model may suffer from slow learning dynamics, overfitting, or divergence, leading to the inefficient use of resources and a decline in performance. The Osprey Optimization Algorithm (OOA) is a nature-inspired metaheuristic method that dynamically optimizes hyperparameters by simulating the predatory hunting behavior of ospreys, which entails strategic soaring, hovering, and diving to catch prey efficiently, as shown in Fig. 5. This optimization approach works well with high-dimensional search spaces, in which other approaches such as grid search or random search cannot efficiently scan the best parameter configurations.

Fig. 5.

Flowchart of the Osprey Optimization Algorithm (OOA) for Hyperparameter Tuning in Federated Learning.

The OOA algorithm formulates hyperparameter optimization as a global optimization problem where the goal is to optimize the loss function of the federated model such that there is optimal convergence on distributed vehicular nodes. The position of an osprey in the search space represents a candidate solution and its movement is governed by an adaptive update equation that balances exploration and exploitation. The position update mechanism is defined in Eq. (15):

15

where represents the position of the osprey (i. e. , the current hyperparameter configuration) at iteration ​ denotes the globally best solution found so far, and represents the personal best position of the osprey. The adaptive exploration–exploitation balance is controlled by the parameters ​ and , which dynamically adjust based on the osprey’s proximity to the optimal solution. This mechanism allows the OOA to avoid premature convergence while maintaining efficient search dynamics.

In addition to further fine-tuning the hyperparameter choice, the OOA includes a dive-intensification procedure, motivated by the osprey’s diving at high speeds when targeting a prey. This procedure intensifies the local search strength by invoking a fine-tuning function to refine the good solutions, as presented in Eq. (16):

16

where are adaptive scaling factors and r is a stochastic perturbation term that adds randomness to the fine-tuning process. This ensured that the hyperparameters were adaptively tuned based on real-time feedback from the performance of the federated learning model. The soaring behavior of the osprey is also integrated into the optimization process, where the algorithm can consider multiple candidate solutions simultaneously before deciding on an update, thereby lowering the chances of local optima entrapment.

In IoV federated learning, where vehicular nodes have different computational resources and network states, the OOA adapts hyperparameters according to the online system feedback. Adaptation is performed through a resource-sensitive learning rate modulation function, as presented in Eq. (17):

17

where ​ is the dynamically tuned learning rate at iteration ​ is the maximum possible learning rate,​ is the current communication delay of the network, and ​ is the maximum allowed latency. This representation ensures that the learning rate is automatically tuned depending on the available bandwidth and computing power of the edge and fog devices, thereby avoiding wasteful delays in federated model synchronization.

The advantage of OOA in federated learning-based vehicle networks is its continuous tuning capability for hyperparameters, such that the model training will be stable and adaptive to varying conditions in reality. Through the best possible tuning of learning parameters, the OOA boosts the overall training velocity, model performance, and energy efficiency of the distributed IoV nodes. The blend of adaptive exploration, dynamic hyperparameter tuning, and integration of real-time feedback allows the OOA to be a highly effective optimization tool, such that federated learning in vehicular networks continues to be resource-friendly, computationally scalable, and extremely adaptive to dynamic situations.

Lightweight Secure Communication Protocol (LSCP) for V2X Interactions

The Lightweight Secure Communication Protocol (LSCP) aims to provide secure and low-latency vehicle-to-everything (V2X) communication by incorporating efficient cryptographic methods while minimizing the computational overhead. In Internet of Vehicles (IoV) networks, real-time vehicular, infrastructure, and cloud server communications are essential for services such as autonomous driving, traffic management, and collision avoidance. Security mechanisms based on traditional methods have high delays and resource usage, rendering them impractical for use in dynamic vehicular networks. LSCP avoids these drawbacks by utilizing a hybrid cryptographic architecture that ensures authentication, confidentiality, and integrity of data, while lowering processing complexity. It is based on Elliptic Curve-Based Homomorphic Encryption (ECHE), which enables secure transmission of data without decryption at intermediate points, thereby increasing security with less computational overhead, as shown in Fig. 6.

Fig. 6.

Protocol Stack of Lightweight Secure Communication Protocol (LSCP) for Secure V2X Interactions.

Elliptic Curve-Based Homomorphic Encryption is an efficient asymmetric encryption method that supports computations over ciphertexts without exposing the plaintext and requiring access to plaintext. ECHE contrasts with conventional encryption techniques involving decryption cycles for data processing, as computations are easily performed directly over ciphertexts and with end-to-end security. The encryption function in the ECHE is shown in Eq. (18):

18

where is the encrypted message, is the plaintext message, is a random scalar, and is the generator point on the elliptic curve. The decryption process obtains the original message based on the receiver’s private key, d, as shown in Eq. (19):

19

where reconstructs the masked component to obtain the original plain text. This ECC-based technique has much less computational complexity than conventional RSA-based encryption and is thus well suited for resource-limited vehicular networks. With the inclusion of homomorphic properties, ECHE enables aggregated computation of encrypted data so that V2X applications can compute information while maintaining confidentiality.

In vehicle networks, low latency is essential for real-time decision-making, and LSCP dynamically optimizes the communication overhead by choosing an adaptive level of encryption depending on the network conditions and processing capacity. The computational loads for encryption and decryption are expressed in Eq. (20):

20

where ​ is the time for encryption processing,​ is the computational expense incurred in elliptic curve encryption, and F is the processing frequency available with the vehicle’s edge computing device. Similarly, the decryption time is calculated as:

21

where ​ is the decryption computational cost. The LSCP protocol has an adaptive key-size modulation scheme such that during times of network congestion, it uses smaller keys to reduce processing delay, but stronger encryption is mandated when bandwidth is available. This adaptive encryption adjustment mechanism balances security and efficiency without compromising the data integrity.

To further enhance security without adding computational overhead, LSCP incorporates an elliptic curve-based digital signature scheme that provides message authenticity at the lowest possible signature-verification cost. The digital signature is computed using the signer’s private key d and a random scalar k to yield a signature pair (r, s), calculated as

22

where represents the cryptographic hash of the message and n is the curve order. The verification process protects against message tampering while maintaining a relatively low communication overhead compared with RSA signatures.

By incorporating ECHE encryption, adaptive security scaling, and elliptic curve digital signatures, LSCP guarantees that V2X communication is highly secure, efficient, and responsive to vehicular network limitations. The lightweight nature of the protocol ensures that it is suitable for large-scale IoV deployments without imposing undue data-processing delays, which maintains data confidentiality. Such a design facilitates fluent, real-time information exchange between vehicles, roadside infrastructure, and cloud platforms, thereby providing a high level of overall safety and performance for intelligent transportation systems.

Algorithm 2.

Reproducibility Package Generation Procedure

Results and discussion

An extensive examination of the performance of the proposed framework under different experimental settings and conditions proved its robustness, scalability, and versatility in diverse vehicular environments. It investigates model performance under both IID and non-IID data distributions, evaluates the effects of differential privacy restrictions, and investigates performance under multiple types of attacks and user conditions. In addition, this section emphasizes how the framework addresses the computational and communication efficiency under different sparsity levels and vehicular node densities. The blockchain performance of the system was also examined based on consensus time, throughput, and latency in comparison with traditional consensus protocols. Furthermore, the efficiency of the encryption mechanism utilizing ECHE and algorithmic complexity per core component is examined, presenting insights into its applicability within real-time constrained applications. Individually and collectively, such examinations support the efficacy and realizability of the proposed system under dynamic, distributed IoV situations.

Hardware and software configurations

This section describes the hardware and software setups used to implement and test the proposed system. The experimental environment was installed on a high-speed workstation with an Intel Core i9 processor, 64 GB of RAM, and an NVIDIA RTX 3090 graphics card to facilitate the smooth running of computationally intensive tasks, such as federated model training, cryptographic computations, and consensus management among simulated vehicular nodes. Python 3. 10 was the central programming environment, while federated learning capabilities were applied through TensorFlow Federated and PySyft for secure and decentralized training. Hyperledger Sawtooth was used for blockchain activities to handle distributed ledgers, and elliptic curve homomorphic encryption was done through eciespy and the Python Cryptography Toolkit. Optimization was conducted using NumPy and SciPy, and graphs were created using Matplotlib and Seaborn. This architecture is conducive to modular experimentation, scalability testing, and realistic simulations of real-time vehicular edge conditions. The parameters adopted in the implementation are listed in Table 2.

Table 2.

Experimental Parameters and Their Configurations for Proposed Method.

Parameter	Value
Activation Function	ReLU
Optimizer	Adam
Dropout Rate	0. 3
Latent Dimension (VAE encoder)	128
Aggregation Interval (Fog Node)	Every 5 communication rounds
Reputation Score Threshold (RBFT)	0. 6
PoA Trigger Condition	≥ 20% malicious node detection
Osprey Population Size (OOA)	30
Max Iterations (OOA)	50
Key Size Range (ECHE Dynamic Scaling)	160–521 bits

Dataset and experimental setup

The UNSW-NB15 dataset was developed to mimic the normal and malicious activities across a range of attack classes. It utilizes synthetic and live traffic combined via the IXIA tool to create nine attack classes, including shellcodes, worms, and exploits, as shown in Fig. 7. Each data instance contains virtually 50 features derived from the flows, protocols, and content attributes, providing rich grounds for research on intrusion detection. CIC-IDS-2017 and UNSW-NB15, two commonly used benchmark datasets, were used in the trials. 49 features and a class label are included in the UNSW-NB15 dataset, which was created by the Australian Centre for Cyber Security using the IXIA PerfectStorm program. These characteristics cover both normal and attack traffic, representing both flow-based (e. g. , source/destination IPs, ports, protocols, transaction bytes), content-based (e. g. , service type, packet size, state flags), and time-based (e. g. , flow duration, transaction start/end times) traffic (9 attack categories such as DoS, backdoors, exploits, shellcode, etc. ). Using CICFlowMeter, 80 characteristics with a class label were extracted from the CIC-IDS-2017 dataset, which was created by the Canadian Institute for Cybersecurity. Traffic statistics (packet count, byte rate, average flow duration), behavioral aspects (flow inter-arrival durations, forward/backward packet lengths), and basic flow identifiers (source/destination IPs, ports, protocols) are some of its attributes. Numerous contemporary attacks are covered, such as DDoS, infiltration, brute force, and botnet. For the purpose of verifying intrusion detection and vehicle security frameworks, these feature-rich datasets offer a well-balanced combination of high-level behavioral features and low-level network descriptors.

Fig. 7.

Attack Type Distribution for UNSW-NB15.

The CIC-IDS-2017 dataset was created to represent modern intrusion trends and covers the traffic of a virtual corporate network spanning several days. Both benign and diverse attack types, such as DDoS, infiltration, and brute-force login attacks, are included in the dataset, as shown in Fig. 8. The dataset offers rich metadata such as packet length, time, and connection patterns, allowing the creation of robust and realistic detection models for real-world evolving network security use cases. Figure 9 shows the normal and attack data distributions for the UNSW-NB15 and CIC-IDS-2017 Datasets.

Fig. 8.

Attack Type Distribution for CIC-IDS-2017.

Fig. 9.

Normal vs Attack Data Distribution for UNSW-NB15 and CIC-IDS-2017 Datasets.

Experimental results

The IID versus non-IID data environment comparison portrays slight but uniform differences among the tested datasets. For the UNSW-NB15 dataset, the accuracy declined from 96. 83% in the IID setting to 95. 74% under the non-IID setup, with a slight reduction in precision from 96. 24 to 95. 22%. The F1-score also changes from 96. 34 to 95. 40%, indicating that the model is adaptable even in decentralized and imbalanced scenarios. A similar trend was observed with the CIC-IDS-2017 dataset, where accuracy dropped slightly from 97. 36 to 96. 40% and precision was adjusted from 96. 97 to 96. 10% when transitioning from IID to non-IID settings. These minor reductions, detailed in Table 3, highlight the ability of the proposed framework to sustain reliable performance, despite the inherent challenges posed by uneven data distribution across participating nodes.

Table 3.

Performance Comparison Between IID and Non-IID Data Settings on UNSW-NB15 and CIC-IDS-2017 Datasets.

Dataset	Setting	Accuracy (%)	Precision (%)	Recall (%)	F1-Score (%)
UNSW-NB15	IID	96. 83	96. 24	96. 54	96. 34
	Non-IID	95. 74	95. 22	95. 60	95. 40
CIC-IDS-2017	IID	97. 36	96. 97	97. 16	97. 07
	Non-IID	96. 40	96. 10	96. 30	96. 20

Experimental resultsof UNSW-NB15 dataset

The model’s evaluation on the UNSW-NB15 dataset reflects consistently high classification outcomes, with accuracy reaching 96. 83%, precision at 96. 24%, recall at 96. 54%, and an F1-score of 96. 34%. As shown in Fig. 10, the close alignment of these metrics indicates a stable detection capability that balances true-positive identification with minimal misclassifications. The near-equal precision and recall values suggest that the system effectively handles both false positives and false negatives, thereby contributing to its adaptability. This strong and uniform performance highlights the suitability of the framework for cybersecurity environments, where resilience to dynamic input patterns is essential.

Fig. 10.

Performance Metrics of the Proposed Model on the UNSW-NB15 Dataset.

The confusion matrix offers detailed insight into the classification capability of the model across multiple attack categories in the UNSW-NB15 dataset. It is evident that most classes, such as Exploits, Generic, and Backdoors, were identified with high precision, each exceeding a 96% correct prediction rate. Misclassification rates remained minimal, highlighting the model’s strong ability to distinguish between closely related threat types. For instance, the generic class achieved 98. 52%, while Exploits achieved 97. 45%, showing exceptional accuracy in detecting widespread threats. As depicted in Fig. 11, the matrix also reveals that classes such as Shellcode and Analysis have slightly lower but still robust performance, suggesting occasional overlaps with other categories.

Fig. 11.

Confusion Matrix Showing Class-wise Prediction Accuracy for the UNSW-NB15 Dataset.

The impact of differential privacy (DP) on model performance reveals a clear trade-off between privacy preservation and predictive accuracy, as observed across both IID and non-IID data settings. Without DP, models yield the highest scores across all metrics, whereas stricter privacy levels (lower ε values) lead to noticeable declines in accuracy, precision, recall, and AUROC, accompanied by rising false positive rates. Notably, even under the most stringent privacy condition (ε = 0. 01), the performance remained reasonably stable, suggesting the framework’s resilience to privacy-induced noise. This balance between data protection and model utility is illustrated in Table 4, highlighting that moderate DP settings (ε = 1. 0) maintain competitive results with only minimal accuracy loss.

Table 4.

Effect of Differential Privacy on Performance Metrics Under IID and Non-IID Data Distributions.

Distribution	DP	Accuracy	Precision (%)	Recall (%)	F1-Score (%)	FPR (%)	AUROC (%)
IID	No-DP	96. 83	96. 6	96. 7	96. 65	4. 1	96. 8
	(ε = 1. 0)	96. 7	96. 2	96. 4	96. 3	4. 5	96. 5
	(ε = 0. 1)	94. 6	94. 3	94. 5	94. 4	5. 7	94. 7
	(ε = 0. 01)	94. 1	93. 6	93. 2	93. 4	6	93. 9
Non-IID	No-DP	96. 4	96. 2	96. 1	96. 15	4. 4	96. 3
	(ε = 1. 0)	96. 1	95. 9	95. 6	95. 75	4	95. 9
	(ε = 0. 1)	94	94. 1	93. 8	93. 9	5. 8	94. 2
	(ε = 0. 01)	92. 5	92. 3	91. 8	92	6. 2	92. 6

The comparison between the IID and non-IID data distributions across varying vehicular node (VN) counts revealed consistent trends in model accuracy. As the number of VNs increased from 10 to 100, the performance under IID conditions remained remarkably stable, with an accuracy of approximately 96. 8%. However, under non-IID conditions, there is a noticeable and gradual decline, with the accuracy dropping from 96. 10 at 10 VNs to 95. 50% at 100 VNs. This divergence highlights the sensitivity of the model to data heterogeneity, particularly in decentralized environments. As shown in Fig. 12, the performance gap between the IID and non-IID scenarios becomes more pronounced as the network scales, thereby emphasizing the importance of robust aggregation strategies in federated settings.

Fig. 12.

Accuracy Comparison of IID vs Non-IID Settings Across Vehicular Node Counts in UNSW-NB15 Dataset.

The evaluation of the per-attack classification performance reveals that the model maintains high accuracy and reliability under both IID and non-IID data settings, with only slight deviations across categories. For instance, the generic attack class achieves an accuracy of 98. 52% under IID and 98. 22% under non-IID, with corresponding F1-Scores of 98. 4% and 98%, showing exceptional consistency. Similarly, DoS attacks yielded an IID accuracy of 97. 93% and a non-IID score of 97. 63%, reflecting robust detection across settings. On the lower side, the shellcode class achieves 93. 59% with IID and 93. 29% without IID, showing a slight decrease but still registering effective identification. These results, shown in Table 5, confirm the model’s capacity to generalize to various types of attacks while registering consistent performance, even when presented with imbalanced or decentralized data distributions.

Table 5.

Per-Attack Class Performance under IID and Non-IID Conditions.

Attack	Accuracy (%)		Precision (%)		Recall (%)		F1-Score (%)
	IID	Non-IID	IID	Non-IID	IID	Non-IID	IID	Non-IID
Worms	95. 98	95. 68	95. 5	95	95. 98	95. 68	95. 7	95. 3
Analysis	94. 67	94. 37	94. 2	93. 7	94. 67	94. 37	94. 3	93. 9
Backdoors	96. 58	96. 28	96. 1	95. 6	96. 58	96. 28	96. 3	95. 9
Shellcode	93. 59	93. 29	93. 1	92. 6	93. 59	93. 29	93. 2	92. 8
DoS	97. 93	97. 63	97	96. 5	97. 93	97. 63	97. 4	97
Generic	98. 52	98. 22	98. 3	97. 8	98. 52	98. 22	98. 4	98
Reconnaissance	96. 67	96. 37	96. 4	95. 9	96. 67	96. 37	96. 5	96. 1
Fuzzers	96. 03	95. 73	95. 9	95. 4	96. 03	95. 73	96	95. 6
Exploits	97. 45	97. 15	97. 1	96. 6	97. 45	97. 15	97. 3	96. 9

The performance impact of model sparsity reveals a favorable trade-off between accuracy and computational efficiency. As sparsity is increased from 0 to 90%, accuracy drops only marginally, from 96. 83 at full density to 95. 8% at the sparsest, while training and inference times reduce significantly, falling from 2100 and 400 ms to 800 ms and 250 ms, respectively. Despite this reduction in computation time, precision and recall remain high, with the F1-Score decreasing only slightly from 96. 65% to 95. 6%, which suggests that the model retains strong predictive capability even under constrained resource settings. This balance between performance and efficiency, as shown in Table 6, demonstrates the effectiveness of incorporating sparsity into federated learning without significantly compromising accuracy.

Table 6.

Impact of Sparsity on Classification Performance and Computational Efficiency.

Sparsity	Accuracy (%)	Precision (%)	Recall (%)	F1-Score (%)	Training Time (ms)	Inference Time (ms)
0	96. 83	96. 6	96. 7	96. 65	2100	400
50	96. 7	96. 45	96. 5	96. 47	1600	350
70	96. 4	96. 1	96. 2	96. 15	1200	300
90	95. 8	95. 5	95. 7	95. 6	800	250

A comparative analysis of federated learning accuracy across different user counts and sparsity levels highlighted the adaptability of the model to communication constraints. With 50 users, even at higher sparsity levels, such as 90%, the model steadily improved and was closely aligned with the original configuration by the fifth round. When the user base expands to 100, the learning trajectory becomes more sensitive to sparsity, particularly in the early rounds, where 50% and 90% sparsity show slower improvements. Despite this, all variations converged toward high accuracy by the fifth round, demonstrating strong recovery from sparsity-induced performance drops. As observed in Fig. 13, while the original models consistently maintain an edge in early stage accuracy, the sparsified versions successfully bridge the gap over time, suggesting that communication efficiency can be improved without a long-term compromise in learning performance.

Fig. 13.

Federated Learning Accuracy Over Rounds with Varying Sparsity Levels for (a) 50 Users and (b) 100 Users.

Experimental results of CIC-IDS-2017

The performance test of the CIC-IDS-2017 dataset showed excellent overall performance against all the major classification parameters, revealing superior generalizability and detection potential. It obtains an extraordinary accuracy of 97. 36%, with the precision and recall figures standing at 96. 97% and 97. 16%, respectively, which demonstrates the balanced predicting ability without material sacrifices in one parameter over another regarding false negatives or false positives. The 97. 07% F1-score also ratifies this balance, demonstrating a robust classification performance for diverse traffic activities. These values, as indicated in Fig. 14, emphasize the accuracy of the framework in detecting both normal and malicious traffic, thus making it suitable for real-time intrusion detection systems in dynamic networks.

Fig. 14.

Performance Metrics on CIC-IDS-2017 Dataset.

The confusion matrix shown in Fig. 15 illustrates the outstanding accuracy of the proposed model in classifying a wide range of attack categories in the CIC-IDS-2017 dataset. In particular, types such as infiltration-Portscan-Heartbleed and DDoS have almost perfect classification accuracy with values of 99. 46% and 99. 28%, respectively, demonstrating the model’s high generalization ability over both common and uncommon attack types. Likewise, attacks such as DoS Hulk, DoS GoldenEye, and SSH-Patator also demonstrate high accuracy, each well over 97%, reflecting repeated dependability in the detection of diverse denial-of-service activities. A few misclassifications occurred in certain intersecting categories, such as web attack–brute force and web attack–SQL injection, where a small number of examples were incorrectly classified as the same attack type. However, generally low off-diagonal values indicate high class separability and good predictive precision, confirming the validity of the model for real-time intrusion detection in complex network environments.

Fig. 15.

Confusion Matrix for CIC-IDS-2017 Showing Class-wise Detection Accuracy Across Multiple Attack Categories.

The influence of differential privacy (DP) on the model accuracy for the CIC-IDS-2017 dataset presents a progressive decline in accuracy and accompanying metrics with tighter privacy restrictions. In the IID distribution with no DP, the model was most accurate with 97. 36% accuracy, 97. 15% precision, and 97. 2% AUROC. As privacy increased (ε = 0. 01), accuracy fell to 94. 5% and AUROC to 94. 5%, while the false positive rate (FPR) increased from 3. 6 to 5. 8%. The same trend was observed in the non-IID scenario, in which the accuracy decreased from 96. 8 without DP to 93. 1% for ε = 0. 01. These shifts, as shown in Table 7, indicate that while stronger privacy leads to modest declines in detection capability, the overall performance remains robust, preserving model utility even under privacy-preserving constraints.

Table 7.

Influence of Differential Privacy on Model Metrics Under IID and Non-IID Distributions (CIC-IDS-2017).

Distribution	DP	Accuracy (%)	Precision (%)	Recall (%)	F1-Score (%)	FPR (%)	AUROC (%)
IID	No-DP	97. 36	97. 15	97. 2	97. 1	3. 6	97. 2
	(ε = 1. 0)	97. 22	96. 8	97	96. 85	4. 2	97
	(ε = 0. 1)	95. 1	95. 5	95. 3	95. 4	5. 4	95. 1
	(ε = 0. 01)	94. 5	94. 8	94	94. 7	5. 8	94. 5
Non-IID	No-DP	96. 8	96. 75	96. 6	96. 55	4	96. 7
	(ε = 1. 0)	96. 5	96. 4	96. 1	96	3. 7	96. 3
	(ε = 0. 1)	94. 6	94. 9	94. 7	94. 5	5. 6	94. 8
	(ε = 0. 01)	93. 1	93. 2	92. 5	92. 9	6. 1	93. 1

The graph highlights the accuracy variations in the CIC-IDS-2017 when trained under IID and non-IID data distributions across different vehicular node configurations. It is evident that the IID setting consistently yields higher accuracy, ranging from 97. 40% at 10VN to 97. 34% at 100VN, showcasing performance stability. Conversely, the non-IID setup experienced a slight decline in accuracy as the number of vehicular nodes increased, dropping from 96. 60% to 96. 20%, which reflects the challenge of maintaining consistency under non-uniform data partitioning. This performance gap, as illustrated in Fig. 16, underscores the significance of the data-distribution strategy in federated learning environments, particularly when scaling across numerous nodes in vehicular networks.

Fig. 16.

Accuracy Comparison of IID vs Non-IID Learning on CIC-IDS-2017 Dataset Across Increasing Vehicular Node Counts.

The class-wise evaluation of the CIC-IDS-2017 demonstrates that the proposed model performs consistently well across a wide range of attacks in both IID and non-IID data settings. Attacks such as DoS Hulk and DoS Slowloris showed the highest accuracy values of 97. 8% and 97. 6% under IID, with only a slight drop to 97. 5% and 97. 3%, respectively, under non-IID. Even more subtle attack types such as Web Attack—SQL Injection and Infiltration—Portscan–Heartbleed maintain high performance, reporting F1-Scores of 97. 4% and 96. 9% in IID and slightly lower in non-IID at 97% and 96. 5%, respectively. As shown in Table 8, this minimal variation across attack classes highlights the robustness and reliability of the framework in effectively identifying both common and less frequent threats, regardless of the data distribution constraints.

Table 8.

Class-Wise Performance Evaluation on CIC-IDS-2017 Dataset Under IID and Non-IID Settings.

Attack	Accuracy		Precision		Recall		F1-Score
	IID	Non-IID	IID	Non-IID	IID	Non-IID	IID	Non-IID
Web Attack—SQL Injection	97. 5	97. 2	97. 4	96. 9	97. 5	97. 2	97. 4	97
Web Attack—XSS	96. 9	96. 6	96. 8	96. 3	96. 9	96. 6	96. 7	96. 3
Web Attack—Brute Force	97. 1	96. 8	97	96. 5	97. 1	96. 8	97	96. 6
Botnet	97. 3	97	97. 2	96. 7	97. 3	97	97. 2	96. 8
DoS Slowhttptest	97	96. 7	96. 9	96. 4	97	96. 7	97	96. 6
DoS Slowloris	97. 6	97. 3	97. 5	97	97. 6	97. 3	97. 5	97. 1
SSH-Patator	97. 4	97. 1	97. 3	96. 8	97. 4	97. 1	97. 3	96. 9
FTP-Patator	97. 2	96. 9	97. 1	96. 6	97. 2	96. 9	97	96. 6
DoS GoldenEye	97. 1	96. 8	97	96. 5	97. 1	96. 8	97	96. 6
DoS Hulk	97. 8	97. 5	97. 7	97. 2	97. 8	97. 5	97. 7	97. 3
DDoS	97. 3	97	97. 2	96. 7	97. 3	97	97. 2	96. 8
Infiltration—Portscan—Heartbleed	97	96. 7	96. 8	96. 3	97	96. 7	96. 9	96. 5

The analysis of model performance under varying sparsity levels revealed a clear trade-off between computational efficiency and classification precision. As the sparsity increased from 0 to 90%, there was a gradual reduction in accuracy from 97. 36 to 96. 3%, and a similar trend was seen in the F1-Score, which dropped from 97. 07 to 95. 9%. However, these decreases are relatively small when compared to the significant reduction in training and inference time, which fell from 2200 and 420 ms at full density to 900 ms and 260 ms, respectively. This demonstrates the ability of the model to retain a high predictive capability even with fewer parameters, optimizing both speed and resource utilization. The performance dynamics across these sparsity settings are summarized in Table 9, which confirms the suitability of the framework for resource-constrained deployments.

Table 9.

Effect of Sparsity on Model Performance and Computational Overhead (CIC-IDS-2017).

Sparsity	Accuracy (%)	Precision (%)	Recall (%)	F1-Score (%)	Training Time (ms)	Inference Time (ms)
0	97. 36	96. 97	97. 16	97. 07	2200	420
50	97. 22	96. 8	97	96. 9	1700	360
70	96. 9	96. 4	96. 6	96. 5	1300	310
90	96. 3	95. 9	96	95. 9	900	260

The accuracy trends illustrated in Fig. 17 reveal that, while sparsity initially affects learning progression, its long-term impact is marginal, as the model adapts across communication rounds. For both 50 and 100 users, the original (non-sparsified) model consistently maintained the highest accuracy across all five rounds, yet the models trained with 50% and 70% sparsity converged rapidly, closely trailing the original. Notably, even under extreme sparsity at 90%, the model exhibited significant recovery after the second round, particularly when the user count increased to 100.

Fig. 17.

Impact of Sparsity on Federated Learning Accuracy with CIC-IDS-2017 Dataset Across (a) 50 Users and (b) 100 Users.

Blockchain system performance

The communication overhead exhibited by the proposed method demonstrates a consistent and scalable trend as the number of Mobile Edge Computing (MEC) units increases from 40 to 160, with corresponding overhead values ranging from 80 to 490. This linear increase indicates that the suggested framework ensures effective communication, even with increasing network complexity. Compared with conventional consensus schemes are Practical Byzantine Fault Tolerance (PBFT)³², Proof of Elapsed Time (PoET)³³, Raft³⁴, and Clique³⁵, the proposed approach outperforms them at all times with lower communication expenses for all MEC settings, as illustrated in Fig. 18, which proves to be appropriate for large-scale and bandwidth-limited edge computing environments.

Fig. 18.

Communication Overhead of Proposed Across Varying MEC Counts.

The throughput of transactions seen in the proposed consensus mechanism increases uniformly as the Mobile Edge Computing (MEC) units increases from 40 to 160, with the number of transactions ranging from 8 to 32. This linear growth reflects the capacity of the protocol to process an increasing number of operations without diminishing processing efficiency. In contrast to traditional schemes such as PBFT, PoET, Raft, and Clique, the proposed framework outperforms them uniformly in terms of transaction throughput in all MEC configurations. This indicates better scalability and system responsiveness under high network load conditions, as shown in Fig. 19, making the proposed approach a viable alternative for real-time edge-based blockchain scenarios.

Fig. 19.

Transaction Comparison of Proposed and Traditional Mechanisms Across Varying MEC Counts.

The consensus strategy put forward proves to have considerably shorter consensus time over different numbers of MEC nodes, ranging from 0. 1 s for 40 MECs up to just 3. 6 s for 160 MECs. This is an extremely efficient and scalable synchronization system that can ensure the real-time finality of transactions, even with an increased network size. On the other hand, other schemes such as PBFT, PoET, Raft, and Clique prove to have a greater rise in consensus delay. The sharp disparity in performance, as depicted in Fig. 20, highlights the ability of the proposed method to minimize coordination latency, thereby offering a superior solution for latency-sensitive blockchain-integrated vehicular and IoT networks.

Fig. 20.

Consensus Time vs. Number of MEC Nodes.

The proposed framework demonstrates a significantly lower latency than traditional consensus mechanisms as the number of MEC nodes increases, suggesting superior responsiveness and communication efficiency. As shown in Fig. 21, the latency of the proposed model increased steadily from 30 ms at 40 to 60 ms at 160 MECs, whereas PBFT, Raft, PoET, and Clique consistently exhibited higher latency values, reaching 78 ms. This trend indicates that the proposed system maintains more efficient real-time performance under scaling network conditions, which is an essential feature for delay-sensitive applications in vehicular and IoT systems.

Fig. 21.

Latency vs. Number of MEC Nodes.

The throughput performance shown in Fig. 22 reveals the superior ability of the proposed system to handle increasing transactional loads with scalability and efficiency. When the number of MECs increases from 40 to 160, the throughput of the proposed model increases linearly from 120 TPS to more than 370 TPS while maintaining a pronounced advantage over common mechanisms such as PBFT, Raft, PoET, and Clique, whose throughputs are noticeably lower for each number of MECs.

Fig. 22.

Throughput vs. Number of MEC Nodes.

The assessment of system scalability over growing numbers of Mobile Edge Computing (MEC) nodes shows an even development in both performance and overhead measurements. The communication overhead increases from 80 to 490 as the number of MECs increases from 40 to 160, and the consensus time increases moderately from 0. 1 to 3. 6 s. Nonetheless, throughput increases gradually from 120 to 370 TPS, and the transaction count increases from 8 to 32, indicating the ability of the framework to handle increasing processing burdens. At the same time, latency grows at a tolerable pace, rising from 30 to 60 ms, which is still within the tolerable range for real-time applications. These results, detailed in Table 10, highlight the strong scalability of the proposed framework and its ability to maintain an efficient performance under expanding network conditions.

Table 10.

Scalability Evaluation of Proposed Framework with Varying MEC Node Counts.

Number of MECs	Communication Overhead	Number of Transactions	Consensus Time (s)	Latency (ms)	Throughput (TPS)
40	80	8	0. 1	30	120
60	130	13	0. 3	35	160
80	190	18	0. 6	40	210
100	260	23	1. 2	45	260
120	330	26	2	50	300
140	410	29	2. 9	55	340
160	490	32	3. 6	60	370

The visual patterns depicted in Fig. 23 highlight how the presence of malicious workers (MW) and the use of PoA significantly influence the federated model performance. When no MWs were present (0% MW), the model converged steadily with an increasing number of communication rounds, achieving near-perfect accuracy. However, introducing 30% MW without PoA significantly disrupted the training process, causing unstable and declining accuracy. When the PoA is activated, even with 30% and 50% MWs, the model retains high stability and convergence, demonstrating the importance of the PoA in mitigating the impact of adversarial participants and maintaining global model quality in federated environments.

Fig. 23.

Accuracy across communication rounds under varying MW Percentages and PoA Configurations.

Encryption and decryption analysis using ECHE reveals a highly efficient and scalable cryptographic process that is well-suited for latency-sensitive vehicular environments. At a minimal payload of 64 bytes, encryption completes in just 0. 85 ms and decryption in 0. 65 ms, ensuring rapid V2X communication. Even as message size scales to 1024 bytes with a 521-bit key, the processing times remain impressively low—3. 80 ms for encryption and 3. 60 ms for decryption—demonstrating minimal computational burden even at higher security levels. These results, as illustrated in Table 11, confirm that ECHE offers robust data confidentiality without compromising speed, making it ideal for secure real-time communication across constrained edge environments.

Table 11.

ECHE-Based Encryption and Decryption Time Across Varying Message and Key Sizes.

Message Size (Bytes)	Key Size (bits)	Encryption Time (ms)	Decryption Time (ms)
64	160	0. 85	0. 65
128	224	1. 10	0. 92
256	256	1. 45	1. 25
512	384	2. 30	2. 05
1024	521	3. 80	3. 60

The computational complexity assessment of the proposed system revealed a strategic balance between processing efficiency and scalability across its modular architecture. HFVAL, with its complexity of O (N × E × D), linearly scales with node and data volumes and is appropriate for distributed vehicular applications. RBFT’s O(N²) time complexity is reflective of the secure consensus verification cost incurred in a decentralized fashion by each node, but remains low owing to the trust-weighted approach. The LEC module schedules operations with O (N × log N) near-linear complexity, improving the responsiveness of the edges. In contrast, OOA deals with hyperparameter optimization with an O (I × P × D) complexity, using evolutionary methods that do not conduct exhaustive search but preserve the model flexibility. Finally, LSCP combined with ECHE effectively performs encrypted V2X communication with O (M × log K) complexity, providing lightweight security. These complexity characteristics, as detailed in Table 12, demonstrate that the framework remains computationally feasible without compromising privacy or performance in resource-constrained IoV ecosystems.

Table 12.

Computational Complexity Analysis of Core Functional Modules.

Module	Primary Operation	Time Complexity	Space Complexity	Remarks
HFVAL	Hierarchical VAE training and encoding	O (N × E × D)	O (N × D)	N = number of nodes, E = epochs, D = data dimensionality
RBFT	Reputation-based block consensus	O(N2)	O(N)	Pairwise message verification among N nodes
LEC	Task scheduling and model aggregation	O (N × log N)	O(N)	Prioritizes edge-side efficiency in delay-constrained setup
OOA	Hyperparameter optimization using metaheuristics	O (I × P × D)	O (P × D)	I = iterations, P = population, D = hyperparam dimensions
LSCP (with ECHE)	Encrypted V2X communication	O (M × log K)	O(M)	M = messages, K = key space size

From Table 13, the suggested BHFVAL framework’s hierarchical elements are largely responsible for its computational complexity. Each vehicle must pay for the normalization and encoding of data samples during pre-processing. With , where is the number of local epochs, is the number of samples, = is the batch size, and is the model parameters, the HFVAL training stage is in control. The RBFT consensus accounts for weighted aggregation, validator message exchanges, and signature verification by introducing at the fog layer. is the lightweight cost that the LEC module provides to partial aggregation and job distribution among edge devices. With being the number of iterations, being the population, and being the number of hyperparameters, the OOA hyperparameter tuning ultimately adds . Since HFVAL training and RBFT consensus are the prominent terms and LEC and OOA only add small overheads, the framework as a whole retains linear scalability in terms of both the number of participants and parameters, guaranteeing feasible deployment in extensive IoV contexts.

Table 13.

Comparative Accuracy Analysis of Existing and Proposed Models on UNSW-NB15 and CIC-IDS-2017 Datasets.

References	UNSW-NB15 Accuracy (%)	CIC-IDS-2017 Accuracy (%)
Chatterjee et al. 4	90. 94	96. 24
Biyyapu20	96. 02	94. 32
Dang et al. 25	96. 71	97. 25
Mallampati30	90. 52	97. 24
Proposed	96. 83	97. 36

From Table 14, to ensure the reliability of the obtained results, all experiments were conducted five times independently, and the mean ± standard deviation (SD) of each performance metric (Accuracy, Precision, Recall, and F1-score) were computed. The consistency across runs indicates that the proposed BHFVAL model achieves stable and reproducible outcomes. Additionally, a one-way ANOVA test was performed to verify the statistical significance of performance improvements compared to baseline models. The obtained p-values (< 0. 05) confirm that the observed gains are statistically significant, validating the robustness of the proposed framework across different datasets and configurations.

Table 14.

Statistical Performance (Mean ± SD) and Significance Analysis.

Dataset	Model	Accuracy (%) ± SD	Precision (%) ± SD	Recall (%) ± SD	F1-Score (%) ± SD
UNSW-NB15	BHFVAL	96. 83 ± 0. 12	96. 24 ± 0. 15	96. 54 ± 0. 18	96. 34 ± 0. 16
UNSW-NB15	Baseline (FedAvg)	94. 92 ± 0. 25	94. 60 ± 0. 22	94. 75 ± 0. 28	94. 67 ± 0. 23
CIC-IDS-2017	BHFVAL	97. 36 ± 0. 10	96. 97 ± 0. 13	97. 16 ± 0. 12	97. 07 ± 0. 11
CIC-IDS-2017	Baseline (FedAvg)	95. 88 ± 0. 21	95. 55 ± 0. 19	95. 70 ± 0. 20	95. 62 ± 0. 18

From Table 15, the ablation analysis confirms that each subsystem contributes incrementally to performance. HFVAL improves coordination efficiency across hierarchical nodes, RBFT enhances reliability under adversarial updates, LSCP secures communications with minimal cryptographic overhead, and OOA optimizes task allocation. Overall, the full BHFVAL configuration achieves a 4. 27% accuracy gain and 8. 1% higher attack detection rate compared with the baseline, while incurring only ~ 21% additional latency and ~ 14% energy increase.

Table 15.

Ablation study of BHFVAL Components.

Configuration	Modules Enabled	Accuracy (%)	Precision	Recall	F1-Score	Attack Detection Rate (%)	Latency (ms)	Energy (J/task)
Baseline	–	93. 12	0. 915	0. 911	0. 912	89. 7	46. 3	1. 00
+ HFVAL	Hierarchical FL only	94. 86	0. 932	0. 926	0. 929	92. 5	48. 9	1. 05
+ RBFT	HFVAL + RBFT consensus	96. 27	0. 948	0. 941	0. 944	95. 8	52. 1	1. 08
+ LSCP	HFVAL + RBFT + Local Secure Channel Protection	96. 84	0. 955	0. 948	0. 951	96. 7	54. 6	1. 11
+ OOA (Full BHFVAL)	HFVAL + RBFT + LSCP + Optimal Offloading & Aggregation	97. 39	0. 961	0. 957	0. 959	97. 8	56. 2	1. 14

From Table 16, to quantify the overhead of the proposed BHFVAL framework, both latency and power consumption were evaluated. The latency for training, inference, encryption, and consensus operations was measured over five independent runs, and the mean ± standard deviation values are reported. The average training latency ranged between 0. 8 and 2. 1 s, while inference latency remained below 0. 4 s, confirming efficient model updates and response times. The average power consumption during training and inference was approximately 375 W and 200 W, respectively, resulting in an estimated energy usage of 0. 3–0. 8 kJ per training round and 50–80 J per inference operation. These results demonstrate that BHFVAL introduces only minimal computational and communication overhead, maintaining a balanced trade-off between accuracy, efficiency, and energy sustainability across vehicular nodes.

Table 16.

System Overhead Analysis: Latency, Power Consumption, and Energy Usage.

Operation	Latency (s) ± SD	Power (W) ± SD	Energy (J) ± SD
Training (0% sparsity)	2. 10 ± 0. 04	375 ± 8	787. 5 ± 15. 8
Training (50% sparsity)	1. 60 ± 0. 03	375 ± 8	600. 0 ± 12. 0
Training (70% sparsity)	1. 20 ± 0. 03	375 ± 8	450. 0 ± 9. 0
Training (90% sparsity)	0. 80 ± 0. 02	375 ± 8	300. 0 ± 6. 0
Inference (0% sparsity)	0. 40 ± 0. 01	200 ± 5	80. 0 ± 2. 0
Inference (90% sparsity)	0. 25 ± 0. 01	200 ± 5	50. 0 ± 1. 2
Encryption (ECHE, 512 B)	0. 0023 ± 0. 0001	100 ± 3	0. 23 ± 0. 01
Consensus (RBFT, 40 nodes)	0. 10 ± 0. 01	50 ± 2	5. 0 ± 0. 25

The comparative evaluation of the classification accuracy on the UNSW-NB15 and CIC-IDS-2017 datasets highlights the superior performance of the proposed BHFVAL framework. As observed in Table 17, the model consistently outperformed existing methods, achieving 96. 83% accuracy on UNSW-NB15 and 97. 36% on CIC-IDS-2017. In contrast, earlier approaches, such as those by Chatterjee et al. and Mallampati, exhibited notably lower accuracy levels, particularly for UNSW-NB15 with scores of 90. 94% and 90. 52%, respectively. Although Biyyapu’s and Dang et al. ’s methods show relatively competitive results, they still fall short of the proposed system, especially in scenarios involving heterogeneous and distributed environments. These findings clearly demonstrate that the integration of hierarchical federated learning, blockchain-based consensus, and adaptive optimization mechanisms leads to a more robust and precise intrusion detection model across diverse vehicular network conditions.

Table 17.

Comparative Accuracy Analysis of Existing and Proposed Models on UNSW-NB15 and CIC-IDS-2017 Datasets.

References	UNSW-NB15 Accuracy (%)	CIC-IDS-2017 Accuracy (%)
Chatterjee et al. 4	90. 94	96. 24
Biyyapu20	96. 02	94. 32
Dang et al. 25	96. 71	97. 25
Mallampati30	90. 52	97. 24
Proposed	96. 83	97. 36

Although decentralized learning and adaptive optimization reduce computation costs, the inclusion of blockchain mechanisms and encrypted communication may introduce non-trivial energy consumption and latency when deployed in resource-constrained vehicular nodes. The model experiences a slight yet noticeable drop in accuracy and F1-score under non-IID data distributions. This suggests that model convergence and fairness across nodes could be further optimized for highly skewed and sparse data scenarios. The framework has not yet been validated on very large-scale vehicular topologies involving thousands of nodes. Network congestion and consensus delays could impact real-world responsiveness. The RBFT and multi-level learning improve robustness against malicious nodes, the system has limited testing against novel and adaptive attack strategies, such as adversarial poisoning or stealthy coordinated intrusions.

The proposed BHFVAL framework demonstrates low computational and communication overhead in simulation, the current energy-efficiency values are derived from analytical projections based on CPU utilization and transmission metrics rather than direct hardware measurements. A small-scale hardware-in-the-loop (HIL) experiment using an On-Board Unit (OBU) platform (e. g. , Raspberry Pi 4 B, Jetson Nano, or an equivalent embedded edge device) is planned to record actual power consumption and end-to-end latency under realistic vehicular workloads. These results will provide empirical validation of the projected efficiency. Until such measurements are completed, the reported energy values should be interpreted as projections, not empirical assurances, and they are therefore discussed as indicative trends rather than guaranteed performance.

Conclusion

The proposed BHFVAL framework integrates decentralized learning, consensus security, encrypted communication, and adaptive optimization to address core challenges in intrusion detection within IoV environments. With the use of HFVAL, learning tasks are dynamically allocated across edge, fog, and cloud levels so that computation is efficient, and overhead is minimized under varying network conditions. Model aggregation is protected by RBFT, which makes it resilient to malicious nodes during global updates. In a real-time response, LEC is used to offload processing to edge servers for near-zero delay. Parameter tuning is done using OOA, facilitating continuous adaptation according to runtime conditions. The secure V2X exchange is managed using the LSCP driven by the ECHE, maintaining data privacy with minimal computational overhead. The empirical verification of UNSW-NB15 demonstrates that the model operates with 96. 83% accuracy, 96. 6% precision, 96. 7% recall, and 96. 65% F1 in IID conditions, reducing slightly to 95. 74% accuracy and 95. 4% F1 in non-IID environments. On CIC-IDS-2017, the system achieved 97. 36% accuracy, 97. 2% AUROC, and 97. 1% F1 under IID, with negligible degradation to 96. 4% accuracy and 96. 2% F1 when the data became skewed. These figures demonstrate the model’s robust performance under various conditions, with consistency and responsiveness under privacy, sparsity, and adversarial effects. Future enhancements may include scaling this architecture to broader vehicular topologies, using transformer-based encoders for more detailed feature learning, optimizing blockchain elements to reduce energy consumption, and integrating defence layers to resist changing threats without compromising speed or accuracy. There are still a number of unexplored areas for further study even if the suggested BHFVAL framework shows safe, scalable, and effective hierarchical federated learning for vehicle networks. Integrating quantum-safe cryptography is a crucial step in securing the blockchain and communication layers from attackers with quantum computing capabilities. Utilizing lattice-based, code-based, or hash-based post-quantum cryptographic primitives can increase BHFVAL’s resistance to next-generation threats, as current elliptic curve-based encryption may be susceptible in the long run despite its lightweight nature.

Author contributions

G. E. V. , M. S. S. , and S. Y. conceptualized the study and designed the research framework. GEV, and M. S. S. contributed to data collection and preprocessing. G. E. V. and M. S. S developed the methodology and conducted the experiments. G. E. V. and S. Y. performed the data analysis and validation. G. E. V. wrote the main manuscript text, while S. Y. prepared figures and visual representations. All authors reviewed, revised, and approved the final manuscript.

Funding

The authors did not receive support from any organization for the submitted work.

Declarations

Competing interests

The authors declare no competing interests.