A Secured and Intelligent Communication Scheme for IIoT-enabled Pervasive Edge Computing

Abstract

Industrial Internet of Things (IIoT) ensures reliable and efficient data exchanges among the industrial processes using Artificial Intelligence (AI) within the cyber-physical systems. In the IIoT ecosystem, devices of industrial applications communicate with each other with little human intervention. They need to act intelligently to safeguard the data confidentiality and devices’ authenticity. The ability to gather, process, and store real-time data depends on the quality of data, network connectivity, and processing capabilities of these devices. Pervasive Edge Computing (PEC) is gaining popularity nowadays due to the resource limitations imposed on the sensor-embedded IIoT devices. PEC processes the gathered data at the network edge to reduce the response time for these devices. However, PEC faces numerous research challenges in terms of secured communication, network connectivity, and resource utilization of the edge servers. To address these challenges, we propose a secured and intelligent communication scheme for PEC in an IIoT-enabled infrastructure. In the proposed scheme, forged identities of adversaries, i.e., Sybil devices, are detected by IIoT devices and shared with edge servers to prevent upstream transmission of their malicious data. Upon Sybil attack detection, each edge server executes a parallel Artificial Bee Colony (pABC) algorithm to perform optimal network configuration of IIoT devices. Each edge server performs the job migration to their neighboring servers for load balancing and better network performance, based on their processing and storage capabilities. The experimental results justify the efficiency of our proposed scheme in terms of Sybil attack detection, the convergence curves of our pABC algorithm, delay, throughput, and control overhead of data communication using PEC for IIoT.

1. Introduction

The Industrial Internet of Things (IIoT) is a new paradigm in Information and Communication Technologies (ICTs) that enables the interconnection of existing industrial devices with additional intelligence. These devices sense, process, and communicate data with each other via the Internet [1]. For efficient data processing in IIoT, Pervasive Edge Computing (PEC) has attained significant attention in recent years. Rather than forwarding the data to the cloud for processing, it is processed at the network edge for quick responses to the IIoT devices [2]. PEC reduces the amount of required bandwidth and improves the computation, communication and storage capabilities of these resource-constrained devices [3].

In PEC, the edge servers process the data using Artificial Intelligence (AI) techniques for making certain decisions, e.g. load optimization, channel assignment, etc [4]. The AI-based techniques such as machine learning, deep learning, genetic algorithms, and evolutionary algorithms can learn from the environment by gathering the data, analyzing it, and taking intelligent decisions based on it. For efficient analysis and quicker decisions, IIoT-enabled PEC gains popularity in the use of these algorithms. The Artificial Bee Colony (ABC) [5] is an evolutionary algorithm that aims to embed intelligence and strong inference capabilities in intelligent systems. The variants of this algorithm are used in numerous industrial applications for designing complex systems. For example, in [6], the authors proposed an improved ABC algorithm and evaluated it using different benchmark functions, mainly focused on industrial applications, e.g., infinite impulse response design and industrial image segmentation testing. Authors in [7] proposed a discrete ABC algorithm for disassembling the sequences to recycle and re-manufacture the industrial products using PEC. In [8], an ensemble ABC (En-ABC) was proposed for anomaly detection in an edge-enabled IIoT environment using different datasets. In [9], the ABC algorithm was modified to achieve a QoS-aware secured scheduling in a cloud-based environment for IIoT applications. The use of ABC algorithm in an IIoT-enabled PEC has the potential to make human lives comfortable, however, at the same time, it faces threats in the context of data confidentiality and users privacy [10].

In recent years, the main focus of research for IIoT-enabled PEC has been the design of smart systems [11]. These systems are studied in the context of machine-to-machine communication [12], smart automation [13], intrusion detection [14], and bandwidth utilization [1]. However, limited attention has been given to privacy-preservation and secured communication systems for industrial applications. The low-powered IIoT devices are prone to various adversarial threats that misuse the limited resources of the devices and cause the Quality of Service (QoS) degradation. Among these threats, Sybil attack is a prominent one, in which an intruder either fabricate or steal the identities of legitimate devices to infiltrate the network [15]. These forged and stolen identities of the intruder have the ability to disrupt the operations of entire network. In [3], the authors proposed a Sybil attack detection scheme using a channel-based machine learning approach for IIoT-enabled PEC. In [16], the authors proposed a secured edge-enabled framework for industrial applications. A lightweight encryption algorithm is executed at low-powered IIoT devices to detect forged identities of Sybil devices, whereas, the resource-intensive operations are performed at the edge servers. In [17], a Blockchain-enable edge framework was proposed to secure industrial applications from Sybil attack to guarantee service availability in an IIoT network.

In this paper, we aim to integrate security, AI, and edge computing to enhance the performance of IIoT-enabled PEC. The proposed scheme uses a three layer architecture. The bottom layer is IIoT architecture layer that is composed of low-powered IIoT devices for data collection and Sybil attack detection. The middle layer comprises edge servers for load optimization and job migration using our proposed parallel ABC (pABC) algorithm. Finally, the top layer is the core layer that includes the industrial cloud for data accumulation and storage. The main contributions of this paper are as follow.

• There does not exist any scheme for a secured and intelligent IIoT-enabled PEC in the existing literature. This scheme is unique because it secures the IIoT architecture layer, and performs optimal configuration at the edge layer using pABC. This results in efficient resource utilization by improving the performance of IIoT-enabled PEC.

• To protect the low-powered IIoT devices from Sybil attack, we propose a lightweight Sybil attack detection protocol. The Sybil devices are detected by IIoT devices and the results are shared with neighboring devices and also reported to the edge servers. This ensures the blockage of upstream transmission of fabricated data towards the industrial cloud.

• For efficient utilization of the network resources, the pABC algorithm is used to optimize the core layer using PEC. Upon Sybil attack detection, the pABC algorithm is executed in parallel at each edge server to perform their optimal configuration with the IIoT devices. The heavy loaded servers mutually migrate jobs to the neighboring servers that result in efficient resource utilization and network performance.

• Finally, we perform extensive simulations in terms of accuracy, sensitivity, specificity of Sybil device detection, and convergence curves of pABC algorithm to prove the efficiency of the proposed scheme. Moreover, we evaluated delay, throughput, and control overhead of the data communication within the network.

The rest of the paper is organized as follows. The system model is discussed in Section 2. In Section 3, the proposed scheme is illustrated followed by results and discussion in Section 4. Section 5 concludes the paper with future research directions.

2. System Model

In this section, we discuss the system model of our proposed IIoT-enabled PEC scheme. The system model is composed of three layers, the IIoT architecture layer, the edge layer, and the core network layer, as shown in Fig. 1. The bottom layer is composed of low-powered systems and sensor-embedded industrial devices. These devices need to be utilized efficiently with authentic data exchanges and interoperable connectivity to the rest of network entities. The middle layer consists of edge servers (E_s) that performs different functions, e.g. data exchanges, storage, and computation. The top layer has two sub layers, i.e., core networks, and the cloud services. The core networks sub-layer is similar to a conventional network with an exception of traffic profile. It is responsible to perform routing, data exchanges, and management of network information among different sub-networks. The cloud service is responsible for hosting various applications that provide different services.

Fig. 1:

System model of the proposed scheme

In the system model, the IIoT architecture layer has no security mechanism to protect the low-powered IIoT devices from malicious threats such as DoS and Sybil attacks. The low-powered IIoT devices need to be secured, and an optimal configuration of these devices with E_ss need to be maintained for efficient resource utilization and network performance. To protect the IIoT devices, we proposed a Sybil attack detection scheme to prevent the malicious entities from the transmission of compromised data. For efficient utilization of the network resources at the edge layer, we propose a pABC algorithm. In Section 3, we discuss them in detail.

3. The Proposed Scheme

In this section, we design a Sybil attack detection protocol to securely utilize the resources of low-powered, sensor-embedded industrial devices. PEC is used to process and securely forward the data to the industrial cloud from these devices. Upon network initialization, our pABC algorithm runs in parallel at each E_s. This algorithm performs optimal configuration of IIoT devices and E_s that results in faster delivery of information to the industrial cloud. The quick delivery of information is not only due to optimal configuration but also due to Sybil attack detection, which prevents the flow of compromised data in the network. Besides optimal configuration, each E_s performs job migration when the gathered data exceed its storage and processing capability. This improves the efficient utilization of the network resources, resulting in higher throughput and minimum delay during data transmission.

3.1. Sybil Attack Detection and Prevention Model

Our proposed Sybil attack detection protocol uses signalprints, which is a vector of RSSI values received from multiple sources. Transmissions from the same location share the same channel response, i.e., the same RSSI, while it varies for transmissions coming from different locations. Like all other IIoT devices, the transmission from a Sybil device device_s is omnidirectional. Neighboring IIoT devices, e.g. device_i and device_j receive the transmission from device_s and they coordinate and evaluate the signal strength of this transmission. When the device_i and device_j receive a control signal from device_s with illicit identity h, then the received power $R_{{\mathit{\text{device}}}_i}^h$ can be computed using Eq. (1).

$$R_{{\mathit{\text{device}}}_i}^h=\frac{T_x\cdot c}{d_{{\mathit{\text{device}}}_i}^{\rho }}$$ (1)

Here, T_x is the transmitted power, c is a constant, $d_{{\mathit{\text{device}}}_i}^{\rho }$ is the Euclidean distance between sender and receiver, and ρ is the path-loss exponent and is equal to $4\pi d_{{\mathit{\text{device}}}_i}/\lambda$ [18]. In ρ, λ represents the wavelength of a radio signal. Similar to device_i, the neighboring device_j also computes its received RSSI $R_{{\mathit{\text{device}}}_j}^h$.

The main motive of this protocol is to detect Sybil devices using their untrusted and false RSSI values. These RSSI values mostly have limited transmission power T_x, which is related to received power R_x, as shown in Eq. (2).

$$T_x=\frac{R_x}{{\left(1/d_{{\mathit{\text{device}}}_i}\right)}^{\rho }}$$ (2)

The location of device_s with respect to device_i can be computed using Euclidean distance given in Eq. 3.

$$d_{{\mathit{\text{device}}}_i}=\sqrt{{\left(x_{{\mathit{\text{device}}}_i}-x_{{\mathit{\text{device}}}_s}\right)}^2-{\left(y_{{\mathit{\text{device}}}_i}-y_{{\mathit{\text{device}}}_s}\right)}^2}$$ (3)

Next, device_i computes and appends $R_{{\mathit{\text{device}}}_i}^h$ to its own control packet and transmits it to device_j. As discussed earlier, device_j has calculated $R_{{\mathit{\text{device}}}_j}^h$ after receiving a similar control packet from device_s at time t₁. Putting the values of Eq. (2), (3), and ρ in Eq. (1), we can write

$$\frac{R_{{\mathit{\text{device}}}_j}^h}{R_{{\mathit{\text{device}}}_i}^h}=\left(\frac{R_x\cdot c}{d_{{\mathit{\text{device}}}_j}^{\rho }}\right)/\left(\frac{R_x\cdot c}{d_{{\mathit{\text{device}}}_i}^{\rho }}\right).$$ (4)

Further solving Eq. 4 results in

$$\frac{R_{{\mathit{\text{device}}}_j}^h}{R_{{\mathit{\text{device}}}_i}^h}={\left(\frac{d_{{\mathit{\text{device}}}_i}}{d_{{\mathit{\text{device}}}_j}}\right)}^{\rho },\text{where}\text{t}={\text{t}}_1.$$ (5)

At time t₀+t₁, device_s again broadcasts control packets with a different identity ℏ. The two IIoT devices repeat the aforementioned operations and compute the RSSI ratio using Eq. 6.

$$\frac{R_{{\mathit{\text{device}}}_j}^{ħ}}{R_{{\mathit{\text{device}}}_i}^{ħ}}={\left(\frac{d_{{\mathit{\text{device}}}_i}}{d_{{\mathit{\text{device}}}_j}}\right)}^{\rho },\text{when}\text{t}={\text{t}}_0+{\text{t}}_1.$$ (6)

At this point, device_j compares the RSSI ratio of Eqs. (5) and (6), and declares if the control packet received is from device_s or not? A control packet belongs to device_s iff Eq. (7) holds.

$$\frac{R_{{\mathit{\text{device}}}_j}^h}{R_{{\mathit{\text{device}}}_i}^h}-\frac{R_{{\mathit{\text{device}}}_j}^{ħ}}{R_{{\mathit{\text{device}}}_i}^{ħ}}\approx 0.$$ (7)

An IIoT device that does not trust other IIoT devices and believes in their RSSI values (genuineness) is known as the initiator. The initiator can label other IIoT devices as Sybil or genuine IIoT devices. The initiator becomes an observer after sharing its knowledge with neighboring devices. In this way, any device is classified as Sybil if the observer and initiator have computed the same RSSI value for that device. In other words, a Sybil device device_s has presented two illicit identities, h and ℏ to its neighboring IIoT devices. The RSSI values calculated by neighboring devices are equal at different time periods that reflect the incoming transmission from the same location.

At the IIoT architecture layer , all the devices perform a similar operation to detect Sybil devices and their illicit multiple identities. Once the Sybil devices are detected, the IIoT devices share their forged or fabricated identities with their connected edge servers E_s to prevent upstream transmission of malicious data towards the core network using PEC. Once the Sybil devices and their forged identities are prevented from network participation, the IIoT devices transmit their own data upstream towards the E_s. The proposed pABC algorithm is executed in parallel at each E_s for optimal configuration of IIoT devices to each E_s. In the next section, we discuss ABC and pABC algorithms in the context of our proposed scheme.

3.2. Artificial Bee Colony Algorithm

The ABC algorithm is a probabilistic searching evolutionary algorithm used to solve optimization problems. It has three basic components, food sources, employed foragers, and unemployed foragers [5]. The food sources refer to solutions in the optimization problems that depend on proximity, richness, and ease of extraction, i.e., the objective function. The quality of food is considered as a fitness value. The employed foragers are responsible for collecting honey, which refers to finding an optimal solution for solving the optimization problems. The unemployed foragers are categorized into onlookers and scouts bees. The onlooker bees observe the employed bees on the dancing area to know about a food source (solution set), whereas the scout bees perform random search about a food source.

The ABC algorithm has numerous advantages over other intelligent evolutionary algorithms. For example, it has better exploration ability as the scout bees always generate new solutions that are different than the previous ones. In this way, a diverse set of solutions is produced that can prevent the premature convergence issue in the network. The ABC algorithm is extremely simple as it uses only two control parameters. It is also efficient in local search as compared to GA, ACO, and PSO, due to its simplicity. However, its search time is longer and new solutions are generated based on the old solutions, which reduce the local optimization accuracy and convergence time. The process of collecting honey and optimization problems are given in Table 1. In the following sections, we describe the mapping of ABC algorithm to our proposed system model, the phases of this algorithm, and our proposed pABC algorithm that runs in parallel at E_s.

TABLE 1:

Honey collection vs optimization problems

Bees collect honey	Optimization problem
Proximity of the food source	Possible solution
Abundance of the food	Number of solutions
Ease of extraction	Easiness in getting a possible solution
Quality of the food	Fitness value
Maximum quality food	Optimum solution

3.2.1. Mapping

The applications of ABC algorithm need the design of chromosomes, which is a set of parameters required to solve a particular problem. In other words, the chromosomes is a possible arrangement to find an optimal solution. In our proposed scheme, we have represented chromosomes with scalar values. In this section, we map the decision variables of our objective function to solve the target problem. The decision variables, i.e., chromosomes, below are used to find an optimal solution.

• S_c: Storage capacity of the edge server

• P_c: Processing capability of the edge server

• L_c: Location of the edge server

Like other evolutionary algorithms, in our scheme, a population is a large set of individuals, where each individual is represented by E_s. The E_s uses chromosomes for reaching to an optimal solution.

3.2.2. Population Initialization

Before initializing the population of ABC algorithm, we need to define the swarm size S, the number of cycles T, and the limit variable. We determine the food sources F_s, the number of employed bees E_b, the onlooker bees O_b using S, i.e., $F_s=E_b=O_b=\frac{S}{2}$. Next, we initialize random solutions for the population within the boundaries of our objective function, as shown in Eq. (8).

$$x_i^j=x_{lb}^j+\mathit{\text{rand}}(0,1)\left(x_{ub}^j-x_{lb}^j\right)$$ (8)

Here, $x_{lb}^j$is the lower bound and $x_{ub}^j$ is the upper bound of x_i in the j^th direction. Now, the fitness values of each solution can be computed using Eq. (9).

$$fit=\{\begin{array}{ll}\frac{1}{1+\mathit{\text{obj}}()},\hfill & \text{if}\text{obj}()\ge 0\hfill \\ 1+abs(\mathit{\text{obj}}()),\hfill & \text{if}\text{obj}()<0\hfill \end{array}$$ (9)

In this equation, obj() is the objective function as defined in Eq. (10).

$$obj()=\sum _{i=1}^n{x}_i$$ (10)

Here, x_i is the decision variable. We also generate the initial trial vector that is used during the scout phase.

3.2.3. Employed Bee Phase

In the population initialization, a set of random solutions is generated using Eq. 8. From the generated solution set, choose the first solution (candidate solution) and a partner solution from the remaining solution set. Select a decision variable in the first chosen solution to generate a new solution using Eq. (11)

$$x_{\mathit{\text{new}}}^j=x_{\mathit{\text{min}}}^j+{\varphi }_i^j\left(x_{\mathit{\text{min}}}^j-x_p^j\right)$$ (11)

where, $x_{new}^j$is the new generated decision variable, x^j is the old decision variable, ϕ is a function that generates the random numbers ∈ [−1,1], and $x_p^j$ is the corresponding decision variable in the partner solution. The employed bees check the bounds of $x_{new}^j$, evaluates the fitness using Eq. (9), and updates the solution using a greedy selection procedure, given in Eqs. (13) and (14). If $x_{new}^j$ violates the bounds, then apply Eq. (12). The pseudo code of E_b phase is provided in Algorithm 1.

$$x_{new}^j=\{\begin{array}{ll}\mathit{\text{max}}\left(x_{new}^j,l{b}^i\right),\hfill & \text{for}\text{lower}\text{bound}\text{violation}\hfill \\ \mathit{\text{min}}\left(x_{new}^j,u{b}^i\right),\hfill & \text{for}\text{upper}\text{bound}\text{violation}\hfill \end{array}$$ (12)

$$x_{new}^j=\{\begin{array}{ll}x=x_{new}^j,\hfill & {\text{if}\text{fit}}_{new}\ge \text{fit}\hfill \\ x=x,\hfill & {\text{if}\text{fit}}_{new}<\text{fit}\hfill \end{array}$$ (13)

$$\mathit{\text{obj}}{()}_{new}=\{\begin{array}{ll}\mathit{\text{obj}}()=\mathit{\text{obj}}{()}_{new},\hfill & {\text{if}\text{fit}}_{new}\ge \text{fit}\hfill \\ \mathit{\text{obj}}()=\mathit{\text{obj}}(),\hfill & {\text{if}\text{fit}}_{new}<\text{fit}\hfill \end{array}$$ (14)

3.2.4. Onlooker Bee Phase

The onlooker bee phase resembles the employed bee phase as shown in Algorithm 2. In this phase, we need the probability of each solution Prob_i, which is calculated using Eq. (15),

$${\mathit{\text{Prob}}}_i=0.9\times \left(\frac{fi{t}_i}{\mathit{\text{max}}(fit)}\right)+\mathrm{0.1.}$$ (15)

After obtaining the probabilities of every solution, the onlookers select the first F_s, and compare the probability of first solution with a random number r ∈ [0,1]. If r > Prob_i, then the onlookers do not generate a new F_s, and they repeat this process continuously. If r < Prob_i, generate a new F_s by selecting a random decision variable in the current F_s using Eq. (11). Check bounds of the new F_s and fix it using Eq. (12), evaluate fitness using Eq. 9, and update the solution using greedy selection given in Eqs. (13) and (14).

3.2.5. Scout Bee Phase

The employed bees whose F_s are abandoned are known as the scout bees. Each scout bee uses a trail vector that is generated during the initialization phase. The trail vector keeps track of how many times it failed to generate a better solution in comparison to the existing solution. During the scout bee phase, new solutions are generated using Eq. (8). The previous best solutions stored in trial vector are compared with the newly generated solution based on its fitness value. The solution with the best fitness value is maintained in the trial vector. The pseudocode of the scout bee phase is provided in Algorithm 3.

3.2.6. Parallel Artificial Bee Colony Algorithm

The issues in the traditional ABC algorithm are its long search time, slow convergence rate, and proneness to local optimum on a large number of decision variables. To overcome these issues, we have made changes to all the three phases, i.e., employed bee, onlooker bee, and scout bee. The employed and onlooker bee phases use Eq. (11) to generate a new solution and a new F_s, respectively. These newly generated solutions are not much different from the previous solutions, resulting in the least improvements after many iterations. It causes premature convergence when the optimal solution is not detected, which shows the inefficiency of the traditional ABC algorithm. To overcome this issue, we modify Eq. (11) to generate new solutions with a good convergence rate using Eq. (16).

$$x_{\mathit{\text{new}}}^j=x_i^j\mathit{\text{rand}}()+{\varphi }_i^j\left(x_i^j-x_k^j\right)+{\left({\psi }_i^j-0.5\right)}^2\left(y_i^j-x_i^j\right)$$ (16)

where, ${\left({\psi }_i^j-0.5\right)}^2\left(y_i^j-x_i^j\right)$ is the gbest that helps in efficient optimal convergence, and ${\psi }_i^j$ is the new mutation step size, calculated in Eq. (17).

$${\psi }_i^j=1-\frac{t}{T}$$ (17)

where, t is the current iteration, and T is the total number of iterations. Furthermore, we modified Eq. (8) for the scout phase, as shown in Eq. (18). This equation generates a better solution than the original scout bee phase solution. Here, $x_{\mathit{\text{best}}}^j$ is the previous best term saved.

$$x_{new}^j=\{\begin{array}{ll}{x}_{\mathit{\text{min}}}^j+\mathit{\text{rand}}()*{\psi }_i^j*\left(x_{\mathit{\text{best}}}^j-x_i^j\right),\hfill & \text{for}\text{rand}()\le 0.5\hfill \\ x_{\mathit{\text{min}}}^j+\mathit{\text{rand}}()*{\psi }_i^j*\left(y_{\mathit{\text{best}}}^j-x_i^j\right),\hfill & \text{for}\text{rand}()>0.5\hfill \end{array}$$ (18)

Our proposed pABC algorithm needs to be executed simultaneously by all edge servers for optimal configuration of IIoT devices to the E_s. Each E_s needs a random selection of a group of networks, and evaluate their fitness and objective functions using pABC, respectively. Then, using Algorithms 1, 2, and 3, the new best solutions can easily be computed. Finally, these algorithms search the local best solution and decide to migrate the solution with the neighboring servers based on a user-defined threshold value (λ). After finding the best solution and optimal configuration, the E_s performs job migration to the neighboring E_ss if the gathered data from IIoT devices is larger than its storage and processing capabilities. The pseudo-code of the pABC is given in Algorithm 4.

4. Experimental Results and Discussion

In this section, the proposed scheme is analyzed using simulation-based results. We have compared our Sybil attack detection protocol with [19], [20], and [21] using the confusion matrix given in Table 2. On the other hand, the convergence of our pABC algorithm is compared against Genetic Algorithm [22], Artificial Bee Colony [5], and Particle Swarm Optimization [23] using mean values of different benchmark functions. Finally, the delay, throughput, and control overhead are compared with [1] and [5].

TABLE 2:

Confusion Matrix

	Positive	Negative
Positive	TP	FN
Negative	FP	TN

4.1. Sybil Attack Detection

The performance of our Sybil attack detection scheme is compared using Table 2, where the true positive T_P reflects the occurrence of Sybil attack that was detected instantly, while true negative T_N shows no attack and correctly detected. A false-positive F_P is the case when a genuine activity is detected as an attack and F_N is the case when an attack is detected as a genuine activity. The IIoT-enabled PEC uses the performance metrics such as accuracy, sensitivity, and specificity for comparison. Accuracy is the probability of accurate detection as shown in Eq. (19). Sensitivity is the percentage of positive events as shown in Eq. (20), whereas Specificity is the adverse events correctly detected as shown in Eq. (21).

$$\mathit{\text{Accuracy}}=\frac{T_P+T_N}{T_P+T_N+F_P+F_N}$$ (19)

$$\mathit{\text{Sensitivity}}=\frac{T_P}{T_P+F_N}$$ (20)

$$\mathit{\text{Specificity}}=\frac{T_N}{F_P+T_N}$$ (21)

In Figs. 2, 3, and 4, the effect of Sybil devices on the aforementioned performance metrics is highlighted. The number of forged or fabricated identities of each device varies between 10 and 26. In comparison to the existing schemes, our scheme performs better in terms of these performance metrics for a varying number of forged identities. The values on the y-axis for all metrics increase by increasing the number of forged identities. The higher number of Sybil nodes increase the chances of their detection due to their increased fabricated identities. The main reason for better performance of our scheme is the use of RSSI values from multiple sources. The RSSI-enabled detection of our scheme allows it to detect even the smallest of fluctuation in the signal strength coming from the same physical location. The performance of [19–21] is slightly lower than our proposed scheme because they have used a single RSSI value for Sybil attack detection and also there is high fluctuation in these values experienced at IIoT devices.

Fig. 2:

Accurate detection of Sybil devices

Fig. 3:

Sensitivity of Sybil devices detection

Fig. 4:

Specificity of Sybil devices detection

4.2. Optimization using Parallel ABC

In this section, we discuss the effectiveness of pABC algorithm using benchmark functions [24] of Table 3. These functions are used to compare our pABC algorithm with conventional ABC [5], PSO [23], and GA [22] as shown in Fig. 5, 6, and 7, respectively. In these figures, the values on y-axis decrease by increasing the number of iterations. The convergence curves of pABC are better because of the improved step size. Moreover, it has better new solutions every time in comparison to the previous solutions. The modifications at every phase of pABC result in faster convergence that gives an optimal network configuration in a shorter time. It has also a good effect on achieving a higher QoS of the network. Moreover, our proposed pABC algorithm runs in parallel at each E_s, and shares the results with neighboring E_ss that helps in the learning process and faster convergence.

TABLE 3:

Benchmark Functions

Name	Formula	Range
Sphere function	$f(X)={\sum }_{j=1}^D{X}_j^2$	[–100,100]
Griewank function	$f(X)=\frac{1}{4000}{\sum }_{j=1}^D{\left(X_j-100\right)}^2-{\Pi }_{j=1}^D\mathit{\text{cos}}\left(\frac{X_j=100}{j^{\frac{1}{2}}}\right)+1$	[–600,600]
Schafer function	$f(X)=\frac{1}{2}+\left({\left(\mathit{\text{sin}}\left({\sum }_{j=1}^D{X}_j^2\right)\right)}^2-\frac{1}{2}\right)/{\left(1+\frac{1}{1000}\left({\sum }_{j=1}^D{X}_j^2\right)\right)}^2$	[–100,100]

Fig. 5:

Convergence curves the Sphere function

Fig. 6:

Convergence curves for the Schaffer function

Fig. 7:

Convergence curves for the Griewank function

4.3. Network Performance Metrics

In this section, we demonstrate various performance metrics, e.g. end-to-end delay, throughput, and control overhead of our IIoT-enabled PEC.

4.3.1. End-to-End Delay

The End-to-End Delay (E2E) is the total delay incurred by a packet from its transmission to its final reception at the industrial cloud. In Fig. 8, the E2E delay against the number of transmitting devices for different schemes is depicted. The largest delay is incurred when the network is under a Sybil attack. Moreover, each packet experiences a higher delay under normal network operations, i.e., without optimization. The delay of ABC algorithm is better than [1] due to its efficient convergence and in finding optimal solutions. In [1], authors have performed optimal configuration of IIoT devices with edge servers using PSO. They have also used high-bandwidth communication channels in the licensed band using cognitive radio. Our proposed scheme outperforms all these schemes because it efficiently detects the Sybil attack at the IIoT architecture layer, and achieves an optimal network configuration at the Edge layer using pABC. Besides, pABC executes simultaneously at different E_s that causes minimum delay and performs efficient job migration under heavy load.

Fig. 8:

End-to-End Delay vs. Number of IIoT Devices

4.3.2. Throughput

Throughput is defined as the number of data packets correctly transmitted over a network in a particular period. In Fig. 9, the throughput of different schemes against the number of transmitting devices is shown. The throughput is degraded when the network is under a Sybil attack. The throughput of [1] is better against the network without optimization due to the optimal device-to-gateway configuration and the use of high-bandwidth licensed channels. The ABC algorithm performs better than [1] due to efficient convergence and the fast optimal solution. Our pABC algorithm outperforms all these schemes due to Sybil attack detection, and optimal network configuration.

Fig. 9:

Throughput vs. Number of IIoT Devices.

4.3.3. Control Overhead

Fig. 10 compares the control overhead of different schemes, which is the ratio of the control packet to data packets transmitted. During Sybil attack, the data is not successfully transmitted resulting in a higher overhead. In [1], the overhead is smaller when running PSO and it increases while detecting licensed channel in a spectral band. It is because the licensed channel detection needs various control messages. The pABC algorithm has higher control overhead in comparison to ABC because the proposed scheme transmits the control messages during Sybil device detection.

Fig. 10:

Control Overhead vs. Number of IIoT Devices

5. Conclusion

In this paper, we proposed a secured and intelligent communication scheme for the Industrial Internet of Things (IIoT)-enabled Pervasive Edge Computing (PEC). The proposed scheme relies on Sybil attack detection, Artificial Intelligence (AI)-based optimal configuration, and edge computing. Using a lightweight detection protocol, the Sybil devices were detected by the IIoT devices. After Sybil devices detection, their illicit identities are shared with the neighbors and edge servers to prevent upstream transmission of malicious data towards the industrial cloud. At the edge server, an optimal configuration of IIoT devices was achieved by executing a parallel Artificial Bee Colony (pABC) algorithm. This algorithm identified an optimal configuration of edge servers to the IIoT devices, and shared the results with the neighbors. Each edge server performed job migration to its neighbors when the incoming data from IIoT devices exceeded its processing and storage capabilities. The experiments results showed that our scheme is resilient against Sybil attack in terms of accuracy, sensitivity, specificity, and detection rate. Moreover, it has better convergence curves against the existing approaches for various benchmark functions and achieved higher Quality of Service (QoS) of the network. In the future, we aim to perform mutual authentication among edge servers and IIoT devices prior to communication. Also, we aim to improve the performance of pABC by regulating the traffic from industrial cloud via Software-defined Networks (SDNs) controller.

Biographies

Dr. Fazlullah Khan is a faculty member at the Department of Computer Science, Abdul Wali Khan University Mardan, Pakistan. He had been the recipient of various prestigious scholarships during his PhD studies and has been awarded the best researcher awarded for the year 2017. His research interests are Intelligent and robust protocol designs, Security and Privacy of Wireless Communication Systems, Internet of Things, Machine Learning, Artificial Intelligence. Recently, he has been involved in latest developments in the field of Internet of Vehicles security and privacy issues, Software-defined Networks, Fog Computing and Big Data Analytics. He has published his research work in top-notch journals and conferences. His research has been published in IEEE Transactions on Industrial Informatics, IEEE Internet of Things, IEEE Access, Elsevier Computer Networks, Elsevier Future Generations Computer Systems, Elsevier Journal of Network and Computer Applications, Elsevier Computers and Electrical Engineering, Springer Mobile Networks and Applications. He has served over 10 conferences in leadership capacities including General Chair, General co-Chair, program co-Chair, track Chair, session Chair, and Technical Program Committee member, including IEEE TrustCom 2017, 2018, EuroCom, GCCE 2019, ITNG 2018, Future5V 2017, CCODE-2017, IoT-BC2 2016. He has been an active reviewer for high-cited and highly ranked international journals, including IEEE Transactions on Dependable and Secure Computing (TDSC), Elsevier Computer Networks, Springer Mobile Networks & Applications and Wiley Concurrency and Computation: Practice and Experience.

Dr. Mian Ahmad Jan is an assistant professor at the department of computer science, Abdul Wali Khan University Mardan, Pakistan. He completed his PhD at the University of Technology Sydney (UTS), Australia. He had been the recipient of various prestigious scholarships during his PhD studies. He was the recipient of International Research Scholarship (IRS), UTS and Commonwealth Scientific Industrial Research Organization (CSIRO) scholarships. He has been awarded the best researcher awarded for the year 2014 at the University of Technology Sydney Australia. His research interests include energy-efficient and secured communication in Wireless Sensor Networks and Internet of Things. Recently, he has been actively involved in machine learning, big data analytics, smart cities infrastructure and vehicular ad hoc networks. His research has been published in IEEE Transactions on Mobile Computing, IEEE Transactions on Cloud Computing, IEEE Transactions on Industrial Informatics, IEEE Transactions on Network Science and Engineering, IEEE Internet of Things Journal, IEEE Journal of Selected Areas of Communications and ACM Computing Surveys are few to mention. He has been guest editor of numerous special issues in various prestigious journals such as IEEE Transactions on Industrial Information, Springer Neural Networks and Applications, and Elsevier Future Generation Computer Systems etc.

Dr. Ateeq ur Rehman is Assistant professor of Computer Science at Abdul Wali Khan University Mardan, Pakistan. He received his BEng degree in Computer Science and Information Technology from the Islamic University of Technology Dhaka, Bangladesh, in 2009. He got his PhD degree in wireless communications from the University of Southampton in January 2017. His major research interests are next generation wireless communications and cognitive radio networks, Cooperative communication, Resource allocation, particularly cross layer approach and Hybrid ARQ. Currently, he is working on security and privacy of Internet of Things using machine learning algorithms. He published 20 quality scholarly articles. His most recent research achievements have been published in several highly cited IEEE Transactions and Elsevier journals including IEEE Internet of Things journal, Future Generation Computer Systems, and Computer Networks. His research contribution on network security is internationally recognized.

Dr. Spyridon Mastorakis is an Assistant Professor in Computer Science at the University of Nebraska Omaha. He received his Ph.D. in Computer Science from the University of California, Los Angeles (UCLA) in 2019. He also received an MS in Computer Science from UCLA in 2017 and a 5-year diploma (equivalent to M.Eng.) in Electrical and Computer Engineering from the National Technical University of Athens (NTUA) in 2014. His research interests include network systems and protocols, Internet architectures, IoT and edge computing, and security.

Dr. Mamoun Alazab is an Associate Professor at the College of Engineering, IT and Environment at Charles Darwin University, Australia. He received his PhD degree in Computer Science from the Federation University of Australia, School of Science, Information Technology and Engineering. He is a cyber security researcher and practitioner with industry and academic experience. AlazabâĂŹs research is multidisciplinary that focuses on cyber security and digital forensics of computer systems with a focus on cybercrime detection and prevention. He has more than 150 research papers in many international journals and conferences, such as IEEE transactions on Industrial Informatics, IEEE Transactions on Industry Applications, IEEE Transactions on Big Data, IEEE Transactions on Vehicular Technology, Computers & Security, and Future Generation Computing Systems. He delivered many invited and keynote speeches, 24 events in 2019 alone. He convened and chaired more than 50 conferences and workshops. He works closely with government and industry on many projects, including Northern Territory (NT) Department of Information and Corporate Services, IBM, Trend Micro, the Australian Federal Police (AFP), the Australian Communications and Media Authority (ACMA), Westpac, United Nations Office on Drugs and Crime (UNODC), and the Attorney GeneralâĂŹs Department. He is a Senior Member of the IEEE. He is the Founding chair of the IEEE Northern Territory (NT) Subsection.

Prof. Paul Watters is Adjunct Professor of Cybersecurity at La Trobe University, and Honorary Professor at Macquarie University. He is a Chartered IT Professional, a Fellow of the British Computer Society, a Senior Member of the IEEE, and a Member of the Australian Psychological Society. Professor Watters is Academic Dean at Australasian Academies Polytechnic, an ASX-listed education provider. He is also Australia’s leading trusted cybersecurity advisor, thought leader, and founder of Cyberstronomy Pty Ltd, home of the www.100pointcybercheck.com.