1 Introduction

The Internet of Things (IoT) has transformed transportation systems’ efficiency, security, and conservational responsibility during rapid development and technical improvement [1]. However, these improvements also lead to significant cyberphysical risks (CPR) that must be appropriately addressed to ensure the reliability and security of such organized structures. This study considered advanced risk investigation performance to decrease these risks in IoT-enabled innovative transport organizations [2].

1.1 The development of intelligent transportation systems

The improvement of innovative transport systems is a consequence of significant variations in the transference infrastructure produced by the rapid development of technology [3]. These systems improve transference systems’ efficiency, security, and reliability by utilizing IoT classification to build a network of connected sensors. Innovative transference organizations can gather, process, and use substantial volumes of data in real time by integrating wireless sensor networks [4]. This substantially benefits analytical preservation, traffic control, and overall operating efficiency. Figure 1 shows an intelligent transport system.

Fig. 1
figure 1

Smart transport system

Full size image

1.2 Cyberphysical networks and associated risks

IoT integration in transportation organizations has many benefits but increases security vulnerabilities. Cyberphysical systems (CPS) are particularly vulnerable to attacks because they associate digital communication with physical actions [5]. Security vulnerabilities in the technological domain can have extensive physical implications because these systems are connected [6].

As more and more essential systems are adopting AI and IoT, the dangers of a successful CPS attack are becoming increasingly severe. The 2015 Ukraine blackout highlights the hazards that cyberattack vulnerabilities can possess, while the range of strikes demonstrated the degree of control that such an attacker can obtain over the system [7].

Some of the potential avenues that attacks can take include data spoofing, command injection, and denial of service.

Data spoofing is a form of attack where the attacker can root a user or a device into believing that a piece of information came from sources it did not initiate [8]. It allows the attacker to insert manipulative data into a system, which can potentially affect its functioning in severe manners, from simply establishing backdoors into the system to potentially causing it to shut down entirely.

Command injection and denial-of-service attacks are similar. Command injection attacks involve attackers sending contradictory commands to a system, disrupting its operations as it seeks to resolve the contradiction. Meanwhile, denial-of-service attacks send a system so many instructions that legitimate commands are delayed, slowing down or even preventing a system from performing its duties [9].

1.3 Insufficient control systems

Conventional risk assessment processes frequently address digital and physical components as distinct entities, ignoring the unique vulnerabilities created by their integration [10]. Because of these security vulnerabilities, IoT-enabled devices are more vulnerable to hackers. This issue is worsened because operators, civil engineers, and security designers frequently fail to include these CPRs in their risk assessments [11].

1.4 Innovative approach to risk analysis

The development of a novel method that considers the particular challenges provided by CPS is essential, given the growing reliance on IoT in transportation infrastructure and the associated risks [12]. Conventional approaches ignore the intricacy related to possible cyberthreats or the interrelated structures of these systems [13]. The authors in [14] highlight the usefulness of ML-based IDS and the weaknesses of traditional approaches to cybersecurity. The researchers note that IoT networks rely on lightweight and small sensor devices to gather and transmit data to remote facilities for processing. Such devices tend to have constraints on the resources that can be invested into them, which exposes them to routing attacks that can disrupt entire networks. Cryptography-based approaches to cybersecurity are inefficient against routing attacks, while ML-based IDS demonstrates more extraordinary ability in identifying typical and uncommon attacks of this form.

1.5 The cyberrisk assessment system becomes accessible

A comprehensive cyberrisk analysis technique was developed, particularly for transportation networks’ IoT-enabled smart grid infrastructure. By categorizing and detecting novel cybersecurity behaviors associated with threat motivations, vulnerabilities, and physical casualty stages, the model is required to provide an all-encompassing evaluation of cyberphysical risk [15]. The motivation for risk assessment is that identifying the potential causes of future cyberattacks is necessary for risk identification and mitigation. This approach classifies risks according to motives, including criminal purposes, political goals, and economic gains. Identifying and correcting vulnerabilities in the virtual and real worlds are essential to strong security techniques [16]. The model assessed the cyberattack vulnerabilities of the physical infrastructure, network components, and IoT devices. Addressing the entire range of CPR is assisted by the stages of physical causality assessment, which evaluates the possible physical effects of cyberattacks [17].

1.6 CPR evaluation

An advanced cyberrisk analysis model was developed in participants with a valuable tool for evaluating and effectively moderating CPR. This approach delivers doors for more protected and improved, innovative transference organizations by identifying the interconnectedness of contemporary transport systems and addressing both physical and digital responsibilities [18]. It contains the probable difficulty of performing the recommended context in numerous real-life conditions, the condition for constant variations in communication exchanging cyberrisks, and its requirement for accurate data efforts, which can be challenging to obtain at frequent intervals [19]. This investigation aims to create an extensive context for cyberrisk assessment that is precisely considered for IoT-allowed innovative transport organizations. This typical system contains similar numerical and physical security methods to powerfully recognize and decrease CPR, thereby improving these systems’ overall security and capability.

1.7 Ethical considerations of using AI in transportation systems

The ethical concerns of using AI have become increasingly important as AI development and usage have risen. As more and more systems have incorporated AI into themselves, there have been concerns about how AI systems are being used and the intentions of the creators of these systems. By their nature, AI systems can violate the end users’ privacy without careful consideration, as the end user’s private data is collected without their permission. Additionally, AI systems are prone to algorithm biases that can implicate innocent end users as a result of false positives, thus necessitating the use of human oversight to ensure fair judgments being made by the AI [20]. In the case of transportation systems, it is easy to see the concerns of the intended users of self-driving cars over how data on their travel routes and patterns can be used to harm them or how errors in the algorithm can result in risks to their health if the onboard AI makes an error in judgment.

1.7.1 Key contribution

This research seeks to fill the gap by presenting a novel model for intrusion detection, with a specific focus on transportation control. The model utilizes a hybrid approach to reduce the resource costs. Feature selection is carried out using the krill herd search (KHS) algorithm, and the fine-tuned tree (FT) algorithm uses the features identified by KHS to identify CPR. The contributions of this study are as follows:

  • The incorporation of CAN into SDC-related simulations improved security and efficiency through CAN communication integration.

  • An ML-based IDS for an SDC-CPS leverages machine learning to effectively detect and mitigate attacks targeting the physical components of self-driving cars, ensuring enhanced security and operational reliability.

  • In this study, innovative ML methods, such as KHS-FT, were used to optimize systems and detect intrusions efficiently.

The remainder of this study is organized as follows: Sect. 2 presents a literature review. Section 3 provides a detailed explanation of the materials and methods. Section 4 presents the performance analysis and discussion. Section 5 presents the conclusions.

2 Related work

Recent research has explored IoT applications across transportation, healthcare, and industrial sectors, emphasizing their potential to enhance connectivity and efficiency. However, these advancements expose systems to novel security challenges, including dynamic data spoofing and distributed denial-of-service attacks. Newer frameworks, such as the CVSS v4 introduced in 2022, offer improved mechanisms for quantifying vulnerabilities and mitigating risks in IoT environment. The approach assists decision-makers in mitigating multi-hop attack routes and lowering false positives. Its effectiveness has been demonstrated through proof-of-concept implementation in the healthcare industry. The effects of cascading attacks on intelligent lighting systems in critical urban areas were investigated in [21]. This demonstrates the possible risk propagation using vulnerabilities found in commercially available systems. The investigation employed a focused risk assessment methodology and specific communication settings to estimate the risk of attacks facilitated by IoT devices [22].

Research [23] addressed an innovative method for susceptibility valuation of transport networks using a chance pointer and a Bayesian network (BN) attack structure. The examination focused on lowering risk variables and vulnerable constituents and proposed a standard vulnerability and risk calculation method for industrial Internet of Things (IIoT)-enabled thoughtful structures [24]. The system influences the Floyd–Warshall and depth-first search (DFS) processes to improve the performance of innovative attack path identification.

[25] presents machine learning and metaheuristic algorithms based on hybrid intelligent intrusion detection systems (HIIDS) for IoT-based applications. The study focused on detecting security attacks on cloud servers through anomaly-based intrusion detection. The research combined metaheuristic algorithms, such as particle swarm optimization for best feature selection, and supervised learning algorithms, such as decision trees, to reduce computational costs. A significant limitation of traditional approaches to security, such as encryption, highlighted in the study, is the delays and computational costs that encryption can introduce in situations where high-speed data flows are essential, such as in health care.

The interaction of physical and virtual spaces was the main focus of the innovative approach for identifying and evaluating the vulnerable nature of transport networks to cyberphysical attacks [26]. The technique models vulnerability states in physical and cyberdomains using BN attack visualization, assesses the effect on network efficiency, and emphasizes the growing vulnerability to these attacks. Integrating physical devices, sensors, and data through the IoT has revolutionized society, and at this point, it has also presented cybersecurity concerns. This study examined the difficulties raised by big data and intelligent materials in the IoT environment, considering concerns about supply chain integrity, communication protocols, computing power, and updates to firmware. It provides instances of actual attacks, a risk management technique, and a description of cybersecurity solutions. The objective of this study was to encourage the creation of strong IoT ecosystems [27]. Integrating IoT with CPS has transformed industries like transportation and energy and introduced new cybersecurity concerns. Recent studies have highlighted the vulnerabilities in CPS caused by outdated communication protocols and insufficient firmware updates. Emerging solutions, like predictive modeling for CPS risk management, demonstrate promise but require further scalability testing in real-world environments.

The authors in [28] present a wireless intrusion detection system (WIDS) designed and implemented to protect multi-service wireless networks. The researchers noted that the WIDS had to be low cost to allow it to be used and scaled in different situations, small enough to fit in any device, and high enough in performance to keep up with WLAN data rates. The results show that the proposed WIDS model works efficiently in the test environment.

In [29], an Embedded Cooperative-Hybrid Intrusion Detection System (ECHIDS) for solar energy-harvested road-side unit is designed and implemented. The researchers note that the nature of the ad hoc wireless network systems studied requires cooperation between the nodes and possesses a distributed nature; the ideal intrusion detection in such networks should also be distributed and cooperative. Such a system uses collaboration between the IDS of the nodes in identifying attacks when the evidence is uncertain. This improves the model’s detection ability while allowing each agent to maintain a smaller size.

Destructive assaults target CPS, essential to business, commercial, and critical infrastructure. Setting effects were possible from attacks on cyberphysical energy systems (CPES), particularly in the infrastructure of the electrical system. Laboratory abilities can be used to improve cybersecurity by simulating operational settings, identifying vulnerabilities, creating defenses, and assessing the grid performance in scenarios involving malicious or fault-induced events. Article [30] provides a detailed overview of the CPS security environment, including a CPS framework for evaluating and simulating system performance under unfavorable conditions and a threat modeling technique. The potential of IoT in-vehicle networking for traffic welfare, efficiency, and real-time forecasting was examined in [31]. It also covers several modern technologies utilized in automotive networking, including their challenges, construction, and usefulness. Additionally, the article discusses security concerns and risks related to vehicle communications and suggests remedies. The objective was to present a thorough overview of the state of the art and suggest various approaches to secure automobile communications.

A comparison of 8 popular machine learning models for intelligent botnet attack detection engine (IBADE) modeling, using principal component analysis (PCA) and linear discriminant analysis for feature reduction, shows that random forest performs best when used with PCA [32].

The IoT in the small drone technology sector presents growth opportunities for defense and social enterprises. However, they create security and privacy risks because of their architecture and design. To reduce these risks, research [33] has examined the significance of safe drone networks and suggested a framework that uses powerful machine learning (ML) techniques. According to the proposed approach, cyberphysical satellite systems were made more reliable and secure. Network security risks that attack the long-term functional sustainability of smart urban infrastructure were the main focus of the article’s discussion on cybersecurity risk assessment in intelligent city networks. Although the current approaches have been systematized, the complex, dynamic digital environment cannot be appropriate for expert-based or human interaction. A novel method for automatically evaluating cyberrisk for different item types in a smart city infrastructure was suggested in a previous study [34]. This requires object typing, data mining, and a quantitative risk evaluation. An artificial neural network (ANN) was used in this process.

Smart city (SC) development has evolved from integrating IoT into urban infrastructure; however, cybersecurity remains a significant threat. For IoT-enabled SC environments, the article challenges the vulnerability assessment method (CVAT) [35], which employs IoT sensors to monitor the ecosystem and identify possible risks. The technique can reduce cybersecurity risks in IoT-enabled SC environments and has several advantages, including real-time vulnerability detection, scalability, and flexibility for different SC applications.

3 Methodology

This section covers the details of the SDC simulation, focusing on assessing the software and technology used, such as sensors and ACC. CPS, SDC-CPS integration, CAN communication networks, and the KHS-FT algorithm for maximizing the protection and efficiency of intelligent transport infrastructure are all covered in this section. By combining these techniques, the cyberphysical concerns in IoT-enabled devices were addressed.

3.1 Dataset

The 50,000-unit raw dataset was one-dimensional. The dataset is in equilibrium. Consequently, 25,000 units are attack data, and 25,000 units are standard. The four variables in the data collection are (1) the actual position of the lead vehicle, (2) the actual velocity of the ego vehicle, (3) the actual position of the lead vehicle, and (4) their combination. Table 1 lists the raw dataset, along with the corresponding components.

Table 1 Dimension dataset
Full size table

The dataset used in this study, which includes SDC data (everyday driving and simulated attack scenarios), vehicle speed, sensor data (e.g., car LIDAR, cameras), GPS coordinates, engine status (e.g., car RPM), battery status, and weather, is further enriched by the crowd-sourced nature of the intrusion detection. This collaborative approach provides labeled cyberattack instances (e.g., spoofing, CAN bus attacks), enhancing the study’s depth and breadth.

Real-world driving environments were meticulously simulated, generating data by recording sensor and system outputs and employing injections of different attack types to assess model robustness. This emphasis on real-world simulations underscores the study’s practicality, as cybersecurity models can be trained and evaluated for SDC-CPS applications in a realistic setting.

Table 1 presents the dimensions of the dataset, including critical parameters such as the real-time position and speed of the ego and lead vehicles. These features are essential for evaluating the proposed model’s effectiveness in identifying and mitigating cyberphysical risks.

3.2 Self-driving cars (SDC) system of representation

The simulation is a software-based simulation that is useful for investigating and evaluating the performance of a model before the system enters operation. A computer-generated model has several advantages over a practical approach, including lower installation, testing, and maintenance costs and simpler models. Identity infrastructure and lead smart transport infrastructure comprise this study’s self-driving automobile system simulation model. Under perfect conditions, the internal transport infrastructure uses adaptive cruise control (ACC) to maintain a safe distance from the lead transport infrastructure. The lead transports the position, which requires monitoring by ego infrastructure. The ego transport infrastructure was the primary focus of this study.

The self-driving car system simulation efficiently studies interactions between the vehicle’s components and the external transport network. Replicating real-world scenarios allows for evaluating safety and efficiency without the complexities of on-road testing.

3.2.1 Cyberphysical system (CPS)

An IoT-enabled intelligent transport infrastructure incorporating physical components and computer algorithms into a CPS optimizes security, effectiveness, and dependability. Using advanced sensors, data analytics, and real-time communication, CPS can recognize and reduce CPR, including infections, system downtime, and network interruptions. This ensures efficient traffic control, transport interaction, and infrastructure tracking.

3.2.2 SDC-CPS

SDC-CPS relates physical control mechanisms, software, and devices for flexibility as well as to gather individually. The research discovers that SDC-CPS encounters challenges with risk qualification particularly with cybersecurity threats and system reliability in an IoT smart transport system. For moderating these risks and to ensure protection and effectiveness, data reliability, secure connection, and a watch on real-time processes need to be secured. Therefore, to make SDC-CPS defendable against such attacks and sustain public trust in enhancing sovereignty intelligent vehicles in ITS, general cybersecurity measures should be adopted.

CPS enables IoT devices to share real-time data, such as traffic patterns or vehicle health, to optimize system performance. This seamless integration ensures the timely detection and mitigation of potential cyberthreats, which is critical for autonomous systems’ safe and efficient operation.

3.3 CAN communication system

A fundamental characteristic of a competent transference organization using IoT is the CAN communication network through which data transfer occurs concurrently from the motors, monitoring units, and devices. Security and steady strength of the CAN systems should be language to lower CPR rates.

Regarding the improvement of CAN system security’s performance, this study can change CPR in IoT-based novel innovative transport organizations. It can employ means of encryption to ensure that the data it wishes to protect does not make any unwanted contact, verification techniques that enable it to authenticate communication reliability and receiver sole entity, and recognition technologies to sort and address the data as a problem or an attack, irregularity.

The CAN communication system facilitates secure and seamless interaction between components of the self-driving vehicle, enabling real-time data exchange to adapt effectively to dynamic environments. By protecting against cyberthreats such as spoofing and denial-of-service attacks, the CAN system ensures the safety and efficiency of vehicle operations.

This study employs a simulation model to evaluate system performance before deployment. The software-based simulation offers significant advantages, including reduced installation, testing, and maintenance costs and the ability to analyze complex scenarios efficiently. The simulation incorporates adaptive cruise control (ACC) to maintain safe distances between vehicles, with the ego transport infrastructure serving as the primary focus of this research.

3.4 System configuration and integration

Here, we discuss the inclusion of self-driving cars (SDCs) from the perspective of a cyberphysical system (CPS) system environment. The SDC which has sensors for real-time collection of environmental data for self-control is reliable and efficient. Such sensors allow the vehicle to maneuver and adapt to change within the environment by integrating actuators including the steering and braking mechanisms. The foundation of this system is the durable, fast messaging channel, the controller area network (CAN), that links together the vehicle’s internal computers.

As this study is to show, the SDC-CPS network is not restricted to vehicles only. It is integrated into a more complex system so that it can communicate with other systems in the outside world, including traffic control and infrastructure sensing systems. This interaction unveils a set of opportunities where through an exchange of messages the vehicle can logically interact with the other CPS structures in the broader urban environment for getting data. Such a possibility holds a lot of potential for the development of safer, more efficient functioning within the smart city environment.

Integration into smart city infrastructure enables self-driving vehicles to communicate with traffic systems and external networks, improving navigation in urban environments. However, this connectivity introduces cybersecurity risks, necessitating robust defenses like the proposed KHS-FT model.

3.4.1 Vulnerability detection and cybersecurity in SDC-CPS

This paper also assesses the threats and weaknesses that are present in the SDC-CPS system because of the CAN bus communication—an essential channel of vehicle control. In order to demonstrate the potential of the threats, we mimic several cyberphysical threats for targeting the communication network between internal aspects of the car and the external system and attacks within the SDC-CPS architecture.

Therefore, the discovery of intrusion attempts and bizarre patterns in SDC-CPS networks employs smoothed decision trees in conjunction with krill herd search (KHS). Such example of ‘abnormal behavior’ may be fluctuations of the speed or rotations of the vehicle without any obvious cause or abnormal interaction without of the car outside systems. Through this way, weakness within internal structure of SDC can be identified and SDC could be managed in a way that it is continuously observing with appropriate external architectures for explaining presence and exactness of threat.

This section also provides a detailed and clear description of the SDC, CPS, CAN, and SDC–CPS architecture together with the SDC and CPS and the SDC–-CPS components and their uses in autonomous driving and cybersecurity risk mitigation. This include how the SDC interfaces with CPS networks and elaboration of how the vehicle requires internal and external communication networks in order to operate safely and efficiently.

3.5 Smart transport infrastructure using krill herd search-driven fine-tuned tree (KHS-FT)

In IoT-enabled classifications, the overall CPR is reduced, and the performance of the intelligent transport infrastructure is optimized with the help of the KHS-FT method. This knowledge services FT approaches to develop security and productivity by utilizing effect of physical KHS performance. Through the minimization of risks and improvements of the general performance of intelligent infrastructure systems, KHS-FT can improve and develop well-established and effective transport links that could depend on threats and operating conditions.

Information about utilization of KHS and FT: the KHS-FT method in this work involves the use of KHS to determine the most important features and the FT algorithm to determine the attacks. As a result, this method is beneficial because it can reduce resource cost while not greatly decreasing the quality of the models. The accounting models developed are KHS and FT. Below is detailed information on the models AACs steps In details.

The KHS-FT approach combines two robust methodologies: feature selection using the krill herd search (KHS) algorithm and anomaly detection using the fine-tuned tree (FT) algorithm. KHS identifies critical variables influencing detection accuracy and reducing computational overhead, while FT classifies the data as everyday or attack scenarios with high precision. This hybrid model ensures computational efficiency and exceptional detection accuracy, making it ideal for resource-constrained IoT environments.

3.5.1 Inputs to KHS and FT models

Inputs to KHS: The krill herd search (KHS) algorithm, a metaheuristic optimization algorithm, plays a crucial role in selecting the most valuable features for the model. The primary inputs to KHS include:

Feature set Sensor and operational data collected from the smart transport infrastructure, such as vehicle speed and GPS coordinates, sensor readings, weather conditions, and control system metrics.

Objective function A mathematical function that evaluates the importance and quality of features as measured by how much vulnerability is minimized and how each feature maximizes total system performance.

Inputs to FT The fine-tuned decision tree model, a robust component of our system, is trained to classify the attack scenarios based on the feature set utilized by KHS. The key inputs to FT include:

Optimized feature set KHS features are the most relevant to security and system performance.

Labeled data A database of labeled everyday and attack scenarios to train the decision tree for attack detection.

3.5.1.1 Process

First, the KHS algorithm searches and selects the key features of the intelligent transport infrastructure that affect its performance. The FT decision tree model is then fine-tuned for accuracy in detecting attacks using these features. This combined approach reduces resource consumption and offers effective attack detection, leading to higher infrastructure resilience to cyberthreats.

3.5.2 Krill herd search (KHS)

KHS is a metaheuristic optimization algorithm based on the collective behavior of krill swarms. It can effectively minimize CPR in IoT-enabled smart transport infrastructure. This algorithm replicates krill’s social interaction and movement behaviors to identify the optimum responses to challenging conditions. These three actions essentially define the time-reliant setting.

  1. 1.

    Searching for movement

  2. 2.

    Movement is affected by other krill

  3. 3.

    Transmission develops technically.

The regular KHS technique uses the distribution model, as demonstrated in Eq. (1).

$$\frac{{cw_{j} }}{{c_{s} }} = M_{j} + E_{j} + C_{j}$$
(1)

\(M_{j} , E_{j} , {\text{and}} C_{j}\) indicate search movements driven by the physical spreading of organisms and additional krill \(j\), respectively. The initial movement \(E_{j}\) includes both the data position and the information concerning the previous positioning. For each \(j\), the action follows Eqs. (2) and (3).

$$E_{j} = U_{e} \beta_{j} + \omega_{e} E_{j}^{{{\text{old}}}}$$
(2)
$$\beta_{j} = \beta_{j}^{{{\text{food}}}} + \beta_{j}^{{{\text{best}}}}$$
(3)

In this equation, \(U_{e}\) represents the search movement. Intelligent transport systems enabled by the IoT present significant CPR because of their interconnected structure and dependence on data transmission. A KHS can support this situation by optimizing the location of IoT devices and increasing network security protocols and data encryption techniques. The direction determined by the second movement, \(M_{j}^{ }\), \(b_{j}\) is evaluated using the following variables: target impact, local impact, and attractive impact. Krill \(j\) a is formulated as Eq. (4).

$$M_{j}^{{{\text{new}}}} = M^{{{\text{max}}}} b_{j} + \omega_{m} M_{j}^{{{\text{old}}}} M_{j}^{{{\text{new}}}} = M^{{{\text{max}}}} b_{j} \omega_{m} M_{j}^{{{\text{old}}}}$$
(4)

Here, \(M^{{{\text{max}}}}\) is the highest generated velocity. In reality, the physical transmission of the \(j^{th}\) Ll is a random process. A directed vector and the maximum diffusion speed contributed to this motion. Equation (5) describes the physical transmission.

$$C_{j} = C^{{{\text{max}}}} \delta$$
(5)

where \(\delta\) is the generated vector and \(C^{{{\text{max}}}}\) is the most excellent possible diffusion speed. Its value is a random integer between −1 and 1. By applying the KHS, participants managed and minimized risks, including illegal entry, data leaks, and system malfunctions. Equation (6) can be used to obtain the time-relied position from time \(s\) to \(s + \Delta s\) Ed on the three activities that were previously analyzed.

$$W_{j} \left( {s + \Delta s} \right) = W_{j} \left( s \right) = \Delta s\frac{{cw_{j} }}{cs}$$
(6)

The decentralized nature of the algorithm and its capacity to investigate many solution spaces make it appropriate for addressing the complex and ever-changing difficulties presented by CPR in intelligent transportation infrastructure. Innovative transport operations can be improved to be more secure and reliable by implementing KHS, which can enhance the resilience and reliability of IoT systems. Algorithm 1 describes the KHS procedure. Begin by defining the iteration time Smax​ and group size OOO. Random programming is then performed. The execution number setting is J1, and a population is initially established. The casting velocity, the most excellent generated temperature, Jmax, and the highest dissemination speed, Cmax, are also established. Next, the fitness of each Krill member is assessed separately. At the same time, Smax​ arranges individuals or krill according to their fitness from most significant to lowest.

figure a

Procedure of KHS

3.5.3 Fine-tuned tree (FT)

The fine-tuned tree (FT) algorithm is a form of the decision tree classification algorithm that distributes votes to the classes that appear most frequently in the input data. FT is used in the combined model to identify incoming cyberattacks and potential CPR. The FT algorithm performs better than other ML techniques when handling large datasets with many categories. Regression, feature selection, and classification methods are used in the classification process. By using bagging, or bootstrap aggregation, to train the algorithm, the decision tree variance and overfitting of data are minimized. Bagging creates multiple subsets of the training data using random sampling with replacement, allowing for precise and reliable predictive models without prohibitively large datasets.

FT uses robust feature selection techniques to identify essential components influencing system dependability and cybersecurity. The classification outcome is determined using Eq. (7) below.

$$D\left( s \right) = \begin{array}{*{20}c} {{\text{max}}} \\ O \\ \end{array} F_{s} \mathop \sum \limits_{j = 1}^{L} (d_{j} \left( S \right) = O)$$
(7)

SE represents the instruction set derived from the initial input. Selections from the \(S\) Collections are indicated by \(L\). This approach used a random vector to create automatically. \(L\) decision trees for each subgroup. Here, \(d_{j} \left( S \right)\) indicates the classification outcome of the \(j^{th}\) decision tree and \(D\left( s \right)\) represents the outcome of classification. \(O\) is the intended group. Many random forest hyperparameters were employed to improve the model’s prediction ability or the procedure.

Once the automatic \(F_{S}\) process is completed, the FT achieves higher-level efficiency while dealing with high-dimensional data. The Gini significance can be applied as a metric for determining the feature relevance within the FT. These relevance scores can be considered an extension of assistance in deciding which decision trees are essential to the classification in Eq. (8).

$$j\left( s \right) = 1 - e_{1}^{2} - e_{0}^{2}$$
(8)

This enables the symbol to represent each node from an FT decision tree. \(S\). To estimate the amount of randomness, one uses the Gini impurity to calculate the optimal split. Detection methods are also included to quickly detect and address strange activities or possible cyberthreats within a network. Equation (9) shows that \(i = 0,1\) denotes the class, and that \(e_{i}\) is the proportion of \(m_{i}\) samples relative to the total number of samples \(m\).

$$e_{i} = \frac{{m_{i} }}{m}$$
(9)

Reducing \(\delta j\) can be accomplished by dividing and sending products to two distinct sub-notes (\(e_{o}\)& \(e_{r}\)) based on the limit of parameter \({\Theta }\). Equation (10) illustrates this process.

$$\delta j\left( s \right) = j\left( s \right) - e_{{o^{j} }} \left( {s_{o} } \right) - e_{{r^{j} }} \left( {s_{r} } \right)$$
(10)

Moreover, accessibility elements are integrated into the FT, providing insights into the decision-making processes that promote vulnerability identification and security measure optimization. FT increases the efficiency and robustness of forecasting algorithms by utilizing collaborative learning techniques, thereby providing more dependable real-time detection of irregularities and cyberattacks.

$$J_{H} \left( {\Theta } \right) = \mathop \sum \limits_{q} \mathop \sum \limits_{r} \delta j_{{\Theta }} \left( {s,S} \right)$$
(11)

Subsequently, when the overall node thresholds contain ample values of Θ, a detailed examination proceeds efficiently. Equation (11) is then used to store the (decreases in Gini impurity values) of each feature held individually while considering all nodes. S. In IG, the frequency with which features Θ En will appear in a split, and also find significant within the classifier for a specific problem. This developed capacity contributes to the security of IoT devices, voice communication channels, and data integrity inside innovative transport systems, enhancing security stances across the structures for the consistent safe execution of tremendous infrastructures. This methodology also increases safety in smart transportation systems and the SDC-CPS structure. It counteracts the weaknesses in CAN communication that was established earlier to replace the Local Interconnect Network (LIN). Observation of improved security measures and acquiring better intrusion detection is achievable in the proposed krill herd search-driven fine-tuned tree (KHS-FT) method. It is possible to mention that implementing this can be helpful in achieving stable and reliable smart transportation system.

3.6 Study objective

The primary objective of this study is to validate the effectiveness of the KHS-FT approach in mitigating cyberphysical risks in IoT-enabled smart transport infrastructure. The proposed model aims to achieve high accuracy, precision, and recall while integrating advanced feature selection and classification methods while maintaining computational efficiency. While this study relies on simulated data, future work will focus on validating the model using real-world datasets to assess its broader applicability and practical relevance.

3.6.1 Experimental setup

A preliminary test bed is designed to assess the FT model against actual and emulation data with regards to cyberattack identification. Data collection begins where it is made possible by pre-configuring the systems hardware as well as the software. Then, information is retrieved from live and simulated environments. It is then cleaned, normalized, and is ready for training in the FT decision tree model. In an endeavor to get enhanced model results, we use the kernel Hilbert space (KHS) optimization technique, which is used for feature selection. This step involves feeding the preprocessed data to the ‘FT decision tree’ to train. Each of the mentioned attack scenarios is then injected into the model to evaluate its effectiveness. Likelihood and accuracy are employed to establish how accurately the FT model can predict a particular geoid excitation owing to changes in density or temperature, against baseline models. Cyberattack alerts and response effectiveness are tested by accuracy, precision, recall, F1 metrics, VDR, and RDA. In addition, the attack detection evaluation supports the assessment of the model’s performance and the feedback loop enhances the optimization for high efficiency. This setup aims to optimize the FT model for better detection under different attack conditions. The experimental setup and design are presented in Fig. 2 below.

Fig. 2
figure 2

Experimental setup for evaluating the feature transfer model in cyberattack detection using actual and simulated data

Full size image

4 Results and discussion

Python 3.8 was used to generate the simulations in this research. All experiments were run on Windows 10 using a Core i7 processor and 16 GB RAM. The performance uses vital measurements, such as accuracy, precision, recall, and F1 Score. This study compares existing classifiers such as support vector machines (SVM) [36], decision trees (DT) [37], K-nearest neighbor (KNN) [36], and random forest [37] to the proposed KHS-FT method. Using these procedures and classifiers, the aim was to assess the efficiency of the proposed method for enhancing CPR in IoT-enabled smart transport infrastructure. This comparison provides insights into the possible assistance of KHS-FT over standard methods in personalized smart transport infrastructures.

4.1 Accuracy

Accuracy in reducing CPR in IoT-enabled effective transport networks is related to recognizing, evaluating, and managing risk accurately and dependably. Improved precision provides safe and effective infrastructure functioning by reducing false alerts, accurately identifying actual risks, and protecting both electronic and physical elements. Table 2 and Fig. 3 show the accuracy of the results. KNN (97.4%), DT (96.38%), SVM (96.5%), and RF (97.92%) were the existing results for accuracy. When comparing the results of the existing method, the KHS-FT method achieved a superior accuracy outcome (98.4%).

Table 2 Numerical outcomes of accuracy
Full size table
Fig. 3
figure 3

A visual depiction of accuracy

Full size image

4.2 Precision

Correctly detecting and rectifying vulnerability to avoid possible risks is usually called precision in minimizing CPR in IoT-enabled innovative transportation systems. To ensure reliability and safety, minimize disruptions, and improve the obstruction of transport networks against cyberattacks, accurate threat identification, real-time monitoring, and targeted responses are required. Table 3 and Fig. 4 show the precision results. KNN (96.26%), DT (94.18%), SVM (95.30%), and RF (95.12%) were the existing results for Cohen’s kappa. The KHS-FT model demonstrates consistent superiority over baseline methods, with metrics such as 98.4% accuracy and 98.3% F1-score, indicating its robustness in intrusion detection for IoT-enabled smart transport systems.

Table 3 Numerical outcomes of precision
Full size table
Fig. 4
figure 4

A visual depiction of precision

Full size image

The ablation study presented in Table 4 systematically evaluates the proposed KHS-FT model by progressively removing key components to assess their contribution to overall performance. Using the complete dataset and employing all features, the model achieved the highest metrics: 98.4% accuracy, 98.3% precision, 97.8% recall, and 98.3% F1 score. These results validate the robustness and efficiency of the KHS-FT method. When sensor data was excluded, a noticeable performance decline occurred, with accuracy dropping by 2.2% and F1-score by 3.2%, indicating the significance of sensor features in identifying cyberphysical risks. Similarly, removing GPS coordinates reduced accuracy by 1.9%, underscoring the importance of location-based data for precise attack detection. Further, removing the krill herd search (KHS) optimization caused a performance dip of 1.6% in accuracy and 2.0% in F1-score, highlighting the necessity of KHS for feature selection and overall model performance.

Table 4 Ablation Study Results for KHS-FT Model
Full size table

The ablation results demonstrate that each component contributes significantly to the model’s effectiveness. The study reinforces the criticality of using a hybrid approach combining advanced optimization and diverse features. This ablation analysis directly addresses the reviewer’s expectation, providing clear evidence that the components of the KHS-FT model are indispensable for achieving superior intrusion detection performance.

4.3 Recall

Recall is the capacity to precisely locate and recognize significant incidents of CPR in managing cyberphysical concerns in IoT-enabled intelligent transportation facilities. By ensuring that all real risks are identified, a high recall reduces the possibility that vulnerabilities in the intelligent transport system could continue to be detected. Table 5 and Fig. 5 show the accuracy of the results. KNN (96.3%), DT (93.54%), SVM (95.35%), and RF (94.96%) were the existing results for accuracy. When comparing the results of the existing methods, the KHS-FT method achieved superior accuracy (with a score of 97.8%).

Table 5 Numerical outcomes of recall
Full size table
Fig. 5
figure 5

A visual depiction of recall

Full size image

4.4 F1-score

Regarding the decrease in CPR in IoT-enabled digital transport systems, the F1-score evaluates the variance between the predictive model recall and precision. It is imperative to consider security appliances to identify and address threats in real time, providing a strong defense against cyberphysical vulnerabilities in intelligent transportation systems. Table 6 and Fig. 6 show the results of the F1-score. The existing scores were KNN (96.75%), DT (94.07%), SVM (97.8%), and RF (95.05%). The KHS-IRF method achieves (with a score of 98.3%) a better F1 score when comparing the results of the existing process.

Table 6 Numerical outcomes of f1-score
Full size table
Fig. 6
figure 6

A visual depiction of the f1-score

Full size image

The evaluation metrics of a model in Fig. 7 in the scope of vulnerability detection and cybersecurity risk mitigation are vulnerability detection rate (VDR), risk detection accuracy (RDA), false positive rate (FPR), and true positive rate (TPR), as shown in the figure. The model possesses a high VDR, which suggests that this model can identify the system vulnerabilities. The RDA was robust, and the model can accurately distinguish everyday and attack scenarios. Furthermore, the high TPR, a testament to the model’s effectiveness, indicates that our model can detect most cyberattacks, providing reassurance about its performance. Nevertheless, the model also incorrectly classifies some non-attack instances as attacks, resulting in unnecessary alerts, according to the FPR. This demonstrates that further optimization to mitigate false positives is required. Overall, the results illustrate that the model works well in increasing cybersecurity. Still, there is a need to minimize false alarms to improve operational efficiency and avoid resource misuse in real-world deployments.

Fig. 7
figure 7

Evaluation metrics for vulnerability detection and cybersecurity risk mitigation

Full size image

Figure 8 presents the evaluation metrics results of deep learning-based cyberattack detection employing a fine-tuned decision tree model. Such evaluation scores are risk detection accuracy, vulnerability detection rate, F1-score, recall, precision, and accuracy. These metrics are indispensable to evaluating the model’s potential to categorize distinct scenarios, mainly to distinguish between attacks and attacks. High accuracy is about how well the measurements are correct, while high precision is focused on how little the model wrongfully predicted for positive cases. The F1-Score is an average of precision and recall, and recall examines the capability to foresee true positives. While using the RDA, one can understand how the model performs regarding the overall risk. In contrast, the VDR enables one to compare how effectively the vulnerabilities are being identified. The features of the decision tree model mean that the number of false negatives can be reduced, and the total number of successful predictions also rises, making decision tree models suitable for application in cybersecurity. With these scores’ metrics, one can notice the importance of remoteness/accuracy for the final model implementation in real environments.

Fig. 8
figure 8

Performance metrics of a fine-tuned decision tree model for deep learning-based cyberattack detection

Full size image

Figure 9 presents a comparative heatmap that evaluates the performance of the proposed KHS-FT model against established machine learning methods, including random forest, SVM, KNN, and decision tree, across four key metrics: accuracy, precision, recall, and F1-Score. The color gradient visually highlights performance variations, with lighter shades indicating higher values. The KHS-FT model demonstrates superior performance across all metrics, achieving 98.4% accuracy, 98.3% precision, 97.8% recall, and 98.3% F1 score. This performance outpaces all competing methods, particularly decision tree, which records the lowest values (e.g., 94.18% precision and 93.54% recall). Random forest and KNN exhibit competitive results but consistently lag behind KHS-FT, especially in recall and precision. The KHS-FT model demonstrates significant strength in handling complex tasks such as intrusion detection in IoT systems. Its optimized feature selection and finely tuned classification mechanisms offer a distinct advantage, enhancing its effectiveness and reliability in intelligent transport infrastructure applications.

Fig. 9
figure 9

Evaluation of results against state of the art

Full size image

4.5 Discussion

The proposed KHS-FT model has shown exceptional performance in simulated environments; however, further validation using real-world data is essential to strengthen its applicability. This will help ensure the model’s adaptability and resilience in dynamic and complex operational environments. Detection using KNN [37] is technically intricate, particularly when handling large datasets. Its performance and accessibility are affected by its sensitivity to insignificant factors, careful distance metric selection, and optimal K value. The proposed KHS-FT method demonstrates significant advantages over existing methods, addressing key limitations in traditional approaches such as SVM, DT, and RF. For instance, while SVM [37] can be computationally intensive for large datasets and dependent on kernel selection, the KHS-FT approach is computationally efficient and robust against variations. Similarly, the proposed method resolves challenges faced by DT [38], such as overfitting and sensitivity to minor data variations, through its advanced hybrid design. RF [38], although highly accurate, can sometimes lack interpretability; however, the KHS-FT model provides clarity and precision in decision-making, making it ideal for critical applications. By optimizing system design and resource allocation, the KHS-FT method enhances the overall accessibility, security, and efficiency of intelligent transport systems.

One of the remarkable strengths of machine learning models like KHS-FT is their ability to provide consistent and explainable results. This fosters trust and enhances their adoption across different domains. Skilled experts in machine learning and cybersecurity will play a vital role in maximizing the deployment potential of methods like KHS-FT.

Additionally, distributed computing methods, specifically edge computing, hold exciting potential for improving AI-driven cybersecurity solutions. Edge computing can complement the KHS-FT method by addressing privacy concerns, improving real-time decision-making, and lowering computational resource demands. Future studies will explore the integration of edge computing to further enhance the effectiveness of the proposed model.

The KHS-FT framework offers exceptional adaptability across various domains beyond innovative transport systems. For example, health care can detect unauthorized access or data tampering in connected medical devices, ensuring patient safety. In industrial IoT environments, it can safeguard critical infrastructure by identifying malicious activities in real time, minimizing downtime, and preventing disruptions. Additionally, it can be adapted for energy optimization tasks, fraud detection in financial systems, and anomaly detection in other IoT-enabled environments. These applications highlight the versatility and transformative potential of KHS-FT, establishing it as a powerful tool for enhancing security in diverse cyberphysical systems. The proposed KHS-FT method achieved 98.3% precision, 97.8% recall, 98.3% in f1-score, and 98.4% accuracy. Compared to models such as SVM and RF, the KHS-FT method exhibits higher recall and precision, addressing the limitations of traditional methods by achieving balanced performance across diverse datasets. This advantage is critical for real-world applicability in resource-constrained IoT environments.

By achieving high performance in key metrics such as accuracy, precision, recall, and F1-score, the proposed KHS-FT method sets a new benchmark for intrusion detection systems. Its scalability and robustness ensure its relevance to intelligent transport systems and a wide range of IoT-enabled applications. This demonstrates the universal applicability of KHS-FT as an innovative and impactful solution for modern cybersecurity challenges.

5 Conclusion

This research addresses and mitigates CPR in IoT-enabled intelligent transport infrastructure and mainly concentrates on self-driving cars (SDCs). It presents an ML-based IDS targeting an SDC-CPS that can recognize attacks on the associated physical elements in SDCs. SDC-CPS designs integrate the controller area network (CAN) into SDC-related simulators. Initially, a one-dimensional raw dataset was gathered. Subsequently, the self-driving car (SDC) simulation scheme, cyberphysical system (CPS), and CAN communication network are described. The KHS-FT technique processes the data in a smart transport infrastructure. The proposed KHS-FT technique improves the accuracy and effectiveness of the IDS. This study analyzes the results using precision, recall, f1-score, and accuracy. The proposed KHS-FT method achieved 98.3% precision, 97.8% recall, 98.3% in f1-score, and 98.4% accuracy. The proposed method yielded better results. The versatility of the proposed KHS-FT model makes it adaptable to other IoT-enabled systems beyond transportation, such as competent health care, industrial IoT networks, and energy management systems. Future work will explore these broader applications to demonstrate their full potential in securing diverse cyberphysical environments. The limitations of this study include its dependence on computer-generated information, which may fail to reflect the complexity and variety of the real world accurately. Future studies could incorporate additional ML techniques and evaluate the proposed KHS-FT method using real-world datasets to improve CPR mitigation in IoT-enabled smart transport infrastructure.