ABIDS-VEM: leveraging an equilibrium optimizer and data ramification in association with ensemble learning for anomaly-based intrusion detection system

The convergence of the Internet of Things (IoT) and Industrial Internet of Things (IIoT) within the Industry 4.0 paradigm leverages software-defined networking, multi-cloud architectures, and edge/fog computing to enhance industrial processes. However, this digital transformation introduces significant cybersecurity and privacy vulnerabilities within the complex, data-intensive IoT/IIoT ecosystems. To mitigate these risks, this research proposes a novel Anomaly-based Intrusion Detection System using Voting-based Ensemble Model (ABIDS-VEM) in Industry 4.0 environments. The VEM architecture synergistically combines multiple machine learning algorithms and gradient boosting frameworks, including CatBoost (CB), XGBoost (XGB), LightGBM (LGBM), Logistic Regression (LR), and Random Forest (RF), to enhance the precision and computational efficiency of intrusion detection systems (IDS) in IoT/IIoT contexts. The proposed framework incorporates a data ramification process, in which the data is divided into multiple parts, feature selection process which is optimized through the Equilibrium Optimizer (EO) algorithm, and outlier detection utilizing the Isolation Forest (IF) method. Comprehensive empirical evaluations were conducted using three benchmark datasets: XIIoTID, NSL-KDD, and UNSW-NB15, to validate the efficacy of the proposed system. The model achieves high accuracy across datasets: 98.1476% for XIIoT-ID, an impressive accuracy of 98.9671% for NSL-KDD, and 94.1327% for UNSW-NB15 dataset. These experimental results demonstrate the potential of this approach to significantly enhance the resilience of critical industrial systems and data against evolving cyber threats, thereby supporting the continued evolution of Industry 4.0 technologies and bolstering the security posture of IoT/IIoT ecosystems. This research contributes to the ongoing efforts to secure the rapidly expanding digital industrial landscape, offering a robust solution for detecting and mitigating sophisticated cyberattacks in the increasingly interconnected and data-driven industrial environments of the future.