This article has been accepted for publication in IEEE Transactions on Consumer Electronics.
This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157
Blockchain-based Authentication and Explainable
AI for Securing Consumer IoT Applications
Randhir Kumar, Danish Javeed, Ahamed Aljuhani, Alireza Jolfaei, Prabhat Kumar and A. K. M. Najmul Islam
Abstract—The consumer Internet of Things (IoT) applications
in particular smart cities are mostly equipped with Internet-
connected networked devices to improve city operations by giving
access to a massive amount of valuable information. However,
these smart devices in a smart city environment mostly use public
channels to access and share data among different participants.
This has introduced a great interest in using authentication
and key agreement (AKA) mechanisms and intrusion detection
systems (IDS) based on artificial intelligence (AI) techniques.
However, most of the AKA mechanisms have high computation
and communication costs and cannot be trusted completely.
On the other hand, the AI-based IDS are treated as blackbox
by the security analyst due to their inability to explain the
reasons behind the decision. In this direction, we have integrated
blockchain-based AKA mechanism with explainable artificial
intelligence (XAI) for securing smart city-based consumer appli-
cations. Specifically, first, the participating entities communicate
with each other in a secure manner to exchange data using a
blockchain-based AKA mechanism. On the other hand, we have
used SHapley Additive exPlanations (SHAP) mechanism to ex-
plain and interpret the prominent features that constituent most
in the decision. The practical implementation of the proposed
framework proves the efficiency over other recent state-of-the-
art techniques.
Index Terms—Blockchain, Consumer Applications, Deep
Learning, Explainable AI, Authentication and Key Agreement
I. I NTRODUCTION
T HE Internet of Things (IoT) has transformed the digital
world and information technology by providing smart,
cost-effective, resilient, and automated solutions. As such a
technology has been embedded and deployed in a wide range
of consumer applications [1]. Specifically, the IoT plays an
important role in the development of smart city-based con-
sumer applications, such as smart homes, smart health, smart
parking, smart power grids, etc [2]. At its core, the IoT aims
to connect the physical and virtual worlds through massive
amounts of consumer IoT devices distributed in homes, streets,
buildings, and a variety of other public spaces capable of
collecting, storing, and transmitting data without the need
Randhir Kumar is with Department of Computer Science and Engineering,
SRM University AP, AP 522240, India. (Email: [email protected]).
Danish Javeed is with the Software College, Northeastern University,
Shenyang 110169, China. Email: [email protected]
Ahamed Aljuhani is with the Department of Information Technology, Uni-
versity of Tabuk, Tabuk 71491, Saudi Arabia (e-mail:a [email protected]).
Alireza Jolfaei is with the College of Science and Engineering, Flinders
University, Adelaide, Australia. (Email: [email protected])
Prabhat Kumar and A. K. M. Najmul Islam are with the Department
of Software Engineering, LUT School of Engineering Science, LUT Uni-
versity, 53850 Lappeenranta, Finland (Email: [email protected], naj-
[email protected]).
Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
for human interaction [3]. The integration of IoT solutions
into smart cities improves the quality of service (QoS) and
quality of experience (QoE) for consumer IoT applications.
For example, remote patient monitoring plays a critical role in
tracking, analyzing, and monitoring patients’ status to improve
the quality of medical services in smart healthcare systems
[4]. In addition, IoT applications in smart buildings that
allow consumers to manage and control key functions such
as lighting, air conditioning, and security cameras for cost
savings, energy reduction, and safety [5].
While smart city-based consumer applications offer a vari-
ety of enticing features and a wide range of advantages and
opportunities, concerns about security and privacy have been
raised [6]. Smart city-based consumer applications need to
be secure, reliable, and trusted to ensure the confidentiality,
integrity, and availability of consumer IoT applications. As
the nature of IoT technology, which consists of heteroge-
neous, homogeneous, and ubiquitous consumer IoT devices,
cyberattacks continue to pose significant challenges for smart
city-based consumer applications [7], [8]. For example, com-
munication between smart consumer devices occurs over an
insecure public channel that is vulnerable to a variety of
security and privacy threats [9]. An attacker can exploit such a
flaw and launch a man-in-the-middle (MitM) attack, in which
the attacker intercepts and eavesdrops on communication be-
tween authentic devices [10]. The availability of consumer IoT
applications is critical for ensuring QoS and QoE for end user.
A cyberattack, such as a distributed denial of service (DDoS)
attack, renders consumer IoT applications unavailable [11].
Such an attack has a significant impact on QoS and results
in significant operational and financial loss [12]. Because
consumer IoT devices must prove their identity in order to
be authentic and trusted, authentication and identification are
critical for securely accessing and exchanging data. An attack
such as a replay attack compromises authentication when
an attacker eavesdrops and steals credential data during the
authentication process from the sender before re-sending it to
the receiver, who believes it came from the original sender
[13].
Blockchain is another emerging technology that has recently
received a lot of attention in a variety of fields. As such,
blockchain technology is being integrated into various network
structures for different purposes. The original motivation for
developing blockchain was to support digital currency systems
such as Bitcoin, which do not require a central authority to
issue, transfer, and confirm transactions [14], [15]. However,
blockchain technology, with its architecture supporting decen-
tralized and peer-to-peer network structure, offers a plethora
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157
of excellent features for the cybersecurity domain [16], [17].
Blockchain-based solutions can be used to effectively se-
cure and protect consumer IoT applications. For example, in
blockchain, transaction data is stored in a distributed ledger
that is replicated across all network nodes, and any attempt to
access or modify data is detected and rejected by blockchain,
ensuring audibility and immutability of all transactions[18]. In
addition, blockchain-based authentication solutions can be ef-
ficiently applied to securely authenticate consumer IoT devices
in such a connected network [19]. For example, Blockchain-
based authentication and key management are used to issue, re-
voke, and discard a specific key for a device to prevent attacks
such as MitM and key hijacking attacks [20]. Several works
have been proposed based on blockchain-based authentication
and key management schemes [21], [22], [23]; however, most
of them suffer from computation overhead, communication
costs, and insider attacks.
To overcome such threats in smart cities-based consumer
IoT applications, an intrusion detection system (IDS) has
been widely used and deployed to protect critical infras-
tructure from cyberattacks. An IDS monitors network traf-
fic to identify, respond to, and mitigate cyberattacks from
performing malicious activities such as unauthorized access,
eavesdropping, and service disruption. IDSs can be classified
into two types: knowledge-based and anomaly-based. The
knowledge-based IDS identifies attacks using predefined lists
stored in a database. An attack is detected and reported to
the administrator when it matches a predefined signature.
However, knowledge-based IDSs are insufficient for detecting
new attacks. The anomaly-based IDS, on the other hand,
establishes a baseline for normal traffic behavior and detects
any abnormality from normal patterns. Artificial intelligence
(AI) technology has advanced to become an integral part of
many consumer IoT applications and systems such as IDSs.
Specifically, machine learning and deep learning (ML/DL)
models have been widely used to detect various types of cyber-
attacks in a variety of critical sectors [24]. Consequently, deep
learning-based IDS approaches have the potential to provide
consumer IoT applications with the ability to detect modern
cyberattacks [25]. The authors in [26] used the CICIDS2017
dataset to train their generative adversarial networks (GAN)-
based IDS and achieved an accuracy of 88.70%. Similarly,
the authors in [27] used NSL-KDD-2015 and CICIDS2017
datasets to design and IDS for industrial cyber-physical sys-
tems (ICPS). The authors employed binary bacterial foraging
optimization (BBFO) and GRU model for efficient intrusion
detection and achieved efficient outcomes in terms of accuracy.
Further, the authors of [28] used an ensembled approach to
design an Anomaly-based IDS. They used the CICIDS2017
dataset to evaluate the performance of their proposed IDS and
achieved an accuracy of 95.80%. Although several ML/DL
models presented in [29], [30] have shown promising results
in detecting cyberattacks, the results remain as a black box.
Therefore, there is no explanation to justify how such a model
made decisions.
Explainable artificial intelligence (XAI) has been developed
to address issues such as transparency, interpretability, and
explainability for such models. XAI is a set of techniques
Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
used to explain the steps that algorithms take to reach final
decisions. Although some progress has been made toward XAI
[31], [32], [33], there is still a lack of integration of XAI with
blockchain-based authentication for smart city-based consumer
IoT applications.
A. Contributions
The main contributions of this article are as follows:
• In order to secure smart city-based consumer applications,
a new security framework by integrating blockchain-
based authentication and key agreement mechanism with
explainable artificial intelligence (XAI) is proposed.
• Second, we design new network and threat models for
smart city-based consumer applications.
• To establish secure communication, a groundbreak-
ing authentication and key agreement system built on
blockchain technology is introduced. The immutability of
the blockchain guarantees the integrity of data and fosters
trust among the parties involved in communication. The
proof-of-authority (PoA) consensus mechanism relies on
authenticated transactions to create and verify blocks,
with miner nodes on cloud servers casting their votes
for validation.
• A novel intrusion detection system (IDS) by combin-
ing an Attention mechanism with a Bidirectional gatted
recurrent unit network (BiGRU) and softmax classifier
is proposed. Furthermore, we have employed SHapley
Additive exPlanations (SHAP) mechanism to explain and
interpret the contribution of the most significant features
in attack detection using the proposed IDS.
The remainder of this article is structured as follows: In
Section II, we have outlined the framework that has been
proposed. Section III delves into the analysis of results per-
taining to the blockchain-based authentication and key agree-
ment mechanism, as well as the Intrusion Detection System
(IDS) based on Explainable Artificial Intelligence (XAI). In
conclusion, we address future avenues for research in Section
IV.
II. P ROPOSED F RAMEWORK
A. System Model
The proposed framework is designed and analyzed on the
basis of network and threat models, mentioned below:
1) Network Model: The network model of the proposed
framework is mentioned in Fig. 1. In this figure, we have
3 main entities communicating with each other: IoT devices,
a fog server, and a cloud server. The device layer consists
of various IoT devices used in smart factories, windfarm,
medical emergencies, smart houses, and smart thermostats.
These devices have limited storage and computation power and
are responsible to collect data from their surroundings. These
data are collected by the nearest fog server through some
wireless communication and then transmitted to cloud servers
for long time storage. In this model, the fog server can perform
limited computation and can send or process a limited amount
of data. The cloud servers include different data centers and
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157

Deep Learning information gathered can be exploited for executing a variety

Model
of malicious attacks, including ”Man-in-the-Middle (MiTM)
Attack
XAI Layer
Classification attacks,” ”impersonation attacks,” ”credentials guessing at-
tacks,” and ”unlawful session key computation attacks.”
Network
Traffic
Security
SHAP Interpretation Analyst
B. Blockchain-based Authentication and Key Agreement
Mechanism
Cloud Servers
This section outlines three key stages of the proposed

Cloud Layer
Blockchain Ledger
framework, all aimed at establishing secure communication
n
tio
ra

among the various entities involved. These phases include

st
gi
Re

the initial setup involving specific framework parameters, the

IDS
registration process for the entities, and the authentication
Registration procedures conducted between these entities. Furthermore, the
section provides insights into how the Proof of Authority
Certificate Fog Server
R

(PoA) consensus is employed for block creation, verification,

eg

manager
is
tra

and appending within the blockchain network. Detailed infor-

tio
n

Device Layer
Medical
mation about each of these phases is elaborated below.
Windfarm
Emergency 1) Initial Setup Phase: (i) Initial Setup Phase: The
Factory framework’s initial setup is done by a trusted entity referred
to as T S. This configuration process entails defining several
House Hardware
board parameters, as elaborated below.
Thermostat Step-1: T S chooses a large prime value P within the context
of a non-singular elliptic curve represented as EPM (l, m). This
Consumers

curve is defined by the equation p2 = q 3 +lx+(m mod PM),

where p2 belongs to the finite field ZP . The set ZP contains
integers ranging from 0 to P N − 1, and it includes a base
Fig. 1: Network model of proposed framework. point denoted as P on the elliptic curve EPM (l, m). The
term PM encompasses the infinity point O and incorporates
a one-way message digest hash function designated as H(.).
are equipped with high processing and computation power.
These servers are miners in the proposed framework and are Step-2: The trusted entity T S selects a private key,
responsible for mining and adding blocks to the blockchain T SP RK, in a random manner from the set of non-zero
ledger. However, the entire communication is performed over integers modulo P, denoted as ZP ∗ . T S then computes
an insecure open channel i.e., the Internet, and is prone an appropriate public key, T SP BK, using elliptic curve
to various attacks. As a result, we propose a novel AKA point multiplication: T SP BK = T SP RK · P. The private
mechanism based on blockchain technology. In this scheme, key T SP RK is kept confidential, while T S P BK and the
first, a certificate manager provides the public and private one-way cryptographic hash function H(.) are shared publicly
keys to the communicating entities. Then, the session key is for use in subsequent communications.
established between the IoT devices-fog server and the fog
server-cloud server through which secure communication is 2) Registration Phase: This phase registers the entities to
established. Once the data is received in the cloud, the data is ensure secure communication in the proposed system model.
mined and added to the blockchain ledger. However, this data The registration of each entity is mentioned below.
is analyzed at the XAI layer, where the proposed explainable (a) IoT Nodes Registration: The T S registers IoT nodes
IDS is designed using which security analyst analyses the (IOT N ) to enable secure sharing of data between the IoT
attack classification. Nodes. The registration process of IoT nodes is detailed below.
2) Threat Model: The proposed framework is designed STEP-1: The T S selects actual identity of IoT nodes
based on the commonly used ”Dolev-Yao (DY model).” In this (IDIOT N ) and assign the temporary identity (T IDIOT N ),
model, interactions among IoT devices, fog servers, and cloud and chooses random number (RN 1) from the finite field ZP∗ ,
servers take place over an openly insecure channel, typically to compute pseudo identity (SIDIOT N ) for IOT N using
the Internet. As a result, a potential attacker, referred to as ”A,” SIDIOT N = H(IDIOT N || RN 1 || MST S ), where MST S
has the opportunity to engage in various malicious activities is a master key of (T S).
involving the shared data. In this model, attacker ”A” has the STEP-2 : The T S chooses the private key randomly
capability to expose, delay, modify, or even erase data that is (IOT N P RK ) over finite field ZP∗ and compute the public key
being transmitted between IoT devices and fog servers, as well (IOT N P BK ) = IOT N P RK x P, and also finds the tempo-
as between fog servers and cloud servers. While fog and cloud rary credential (T CIOT N ) = H(SIDIOT N || IOT N P RK ||
servers are considered semi-trusted entities, IoT devices cannot MST S || T MPIOT N ), where T MPIOT N is a registration
be relied upon for secure communication. Consequently, the timestamp of IOT N .

Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157
STEP-3: The T S assigns entire credential to IoT nodes
(IOT N ) with { (SIDIOT N , T IDIOT N , T CIOT N ), H(.),
EPM (a,b), P, (IOT N P RK , IOT N P BK ) }. Further, T S dis-
tribute the IOT N P BK key of respective IoT nodes (IOT N )
for future use.
(b) Fog and Cloud Server Registration: The (T S) reg-
isters Fog node (FGN ) and cloud server (CSP) to ensure
secure communication. The registration process of FGN and
CSP is detailed below.
STEP-1 : The T S selects actual identity of Fog nodes
(IDF GN ) and assign temporary identity (T IDF GN ), and
picks random number (RN 1) over the finite field ZP∗ , to
find pseudo identity (SIDF GN ) for FGN using SIDF GN
= H(IDF GN || RN 1 || MST S , T MPF GN ), where MST S
is a trusted authority master key (T S) and T MPF GN is a
registration timestamp of IDF GN .
STEP-2 : The T S assigns entire credential to fog node
(FGN ) with { (SIDF GN , T IDF GN , T CF GN ), H(.),
EPM (l,m), P }. Next, FGN picks private key randomly
∗
(FGN P RK ) over the finite field ZPM and compute a
public key (FGN P BK ) = FGN P RK x P. Next, FGN
preserves (FGN P RK , FGN P BK ) credential into database
{ (SIDF GN , T IDF GN , T CF GN ), H(.), EPM (l,m), P,
(FGN P RK , FGN P BK ) } and distribute the FGN P BK key
for further use.
STEP-3: The T S selects actual identity of cloud server
(IDCSP ) and assign temporary identity (T IDCSP ) , and
selects random number secretly (RN 1) over the finite field
ZP∗ , to compute a pseudo identity (SIDCSP ) of the CSP
using SIDCSP = H(IDCSP || RN 1 || MST S , T MPCSP ),
where MST S is a master key of T S and T MPCSP is a
registration timestamp of IDCSP .
STEP-4: The T S assigns entire credential to cloud
server (CSP) with {(SIDCSP , T IDCSP , T CCSP ), H(.),
EPM (l,m), P}. Further, CSP picks private key randomly
∗
(CSP P RK ) over the finite field ZPM and computes a pub-
lic key (CSP P BK ) = CSP P RK x P. Furthermore, CSP
prserves (CSP P RK , CSP P BK ) credential into database stor-
age { (SIDCSP , T IDCSP , T CCSP ), H(.), EPM (l,m), P,
(CSP P RK , CSP P BK ) } and distribute CSP P BK key for
further use.
3) Authentication Phase: This phase detailed the authenti-
cation process of communicating entities in the framework i.e.;
IoT-to-IoT, IoT-to-FGN, and FGN-to-CSP. The entire process
of the authentication process is detailed below.
(a) IoT to IoT Authentication Phase: This phase
guarantees the establishment of secure communication among
the IOT N entities, permitting communication exclusively
for registered IOT N . The authentication process relies
on the stored credentials within the database to ensure the
security of this communication. Specifically, authentication
is carried out through a mutual authentication mechanism
based on session keys. The step-by-step procedure for this
authentication process is outlined below.
STEP-1: IOT N 1 begins by selecting an appropriate
secret value from an infinite set denoted as ZP∗ . It also
receives a timestamp denoted as T MPIOT N 1 . Subsequently,
IOT N 1 computes the value IOT N 1 as follows: IOT N 1 =
Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
H(SIDIOT N 1 ||T IDIOT N 1 ||T CIOT N 1 ||IOT N 1P RK ||T MPIOT N 1 ||R
Next, IOT N 1 generates a signature denoted as
IOT N 1SG1 using IOT N 1SG1 = (IOT N 1 ⊕
H(T IDIOT N 1 ||IOT N 1P RK ||T MPIOT N 1 )) ·
IOT N 1P RK , (modP). Further, IOT N 1 shares a
message to IOT N 2 through a secure channel,
represented as IOT N 1M SS , which includes
the following components IOT N 1M SS =
(T IDIOT N 1 ||IOT N 1SG1 ||T MPIOT N 1 ||IOT N 1P BK ).
STEP-2: Upon receiving the message IOT N 1M SS from
IOT N 1 , IOT N 2 initiates the verification process. First,
it checks the signature IOT N 1SG1 using the equation
IOT N 1SG1 * P = H(T IDIOT N 1 || IOT N 1P BK ||
T MPIOT N 1 ). Additionally, it validates the timestamp
T MPIOT N ∗1 , ensuring that T MPIOT N ∗1 − T MPIOT N 1 |
is less than or equal to the maximum allowable delay denoted
as T . If the conditions are successfully met, IOT N 2
generates a secret number, RN 2, within the finite field of
the elliptical curve ZP∗ . It also incorporates a timestamp,
T MPIOT N 2 , to compute IOT N 2 using IOT N 2 =
H(SIDIOT N 2 || T IDIOT N 2 || T CIOT N 2 || IOT N∈PRK
|| T MPIOT N 2 || RN 2). A session key, IOT N 2SSK , is
generated from IOT N 2 multiplied by P. Subsequently,
IOT N 2 creates signatures, denoted as IOT N 2SG2 , using
IOT N 2SG2 = IOT N 2 ⊕ H(T IDIOT N ∈ || T IDIOT N 1
|| IOT N 2P BK || T MPIOT N ∈ ) * IOT N 2P RK (mod
P). Finally, IOT N 2 transmits a message, denoted as
IOT N 2M SS , to IOT N 1 via a secure channel. This message
includes the following components such as IOT N 2M SS =
(T IDIOT N 2 , IOT N 2SSK , IOT N 2SG2 , T MPIOT N 2 ,
IOT N 2P BK ).
STEP-3: Upon receiving a message, IOT N 1 proceeds
with verification. First, it checks the validity of the
session key IOT N 2SSK by computing IOT N 1 *
IOT N 2SSK . Simultaneously, it validates the received
timestamp T MPIOT N ∗2 , ensuring that the difference
between T MPIOT N ∗2 and T MPIOT N 2 falls within the
permissible maximum delay, denoted as T . If these conditions
are successfully met, IOT N 1 proceeds to verify the received
signature IOT N 2SG2 . This verification is done using the
equation IOT N 2SG2 * P = H(T IDIOT N 2 || T IDIOT N 1
|| IOT N 2P BK || T MPIOT N 2 || IOT N 2SSK ). Upon
successful signature verification, IOT N 1 generates a new
timestamp, T MPIOT N N ew1 . It calculates IOT N N ew1
as H(IOT N 2SSK || T MPIOT N N ew1 ) and sends an
acknowledgment, denoted as IOT N 1ACK , to IOT N 2
through a secure channel. This acknowledgment contains the
following information IOT N 2SSK , T MPIOT N N ew1 .
STEP-4: Upon receiving a message, IOT N 2 proceeds
to perform the following verification steps. First, it checks
for the presence of the session key IOT N 2SSK by hash-
ing the combination of IOT N 2SSK and T MPIOT N N ew1 .
Additionally, it verifies the timestamp T MPIOT N ∗N ew1 by
calculating the time difference between T MPIOT N ∗N ew1 and
T MPIOT N N ew1 and ensuring that it falls within the allowed
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157
maximum delay time, denoted as T . If these conditions are
successfully met, IOT N 2 proceeds to verify a signature.
Subsequently, IOT N 1 and IOT N 2 mutually share a secret
key, denoted as IOT N 1SCK = IOT N 2SCK , to ensure secure
communication in subsequent interactions.
(b) IoT to FGN Authentication Phase: This phase is
dedicated to establishing secure communication between
an IOT N and an FGN . This secure communication is
exclusively accessible to registered IOT N and FGN . The
authentication process relies on stored credentials within a
database to ensure the security of this communication. The
authentication procedure is based on mutual authentication
using session keys. The step-by-step details of this
authentication process are explained below.
STEP-1: The IOT N begins by selecting an appropriate
secret value from an infinite set denoted as ZP ∗ .
Simultaneously, it receives a timestamp referred to as
T MPIOT N . The next step involves computing a value
denoted as mIOT N using mIOT N = H(SIDIOT N ||
T IDIOT N || T CIOT N || IOT N P RK || T MPIOT N
|| RN 1). Subsequently, IOT N generates a signature,
denoted as IOT N SG1 , using IOT N SG1 = mIOT N
⊕ [H(T IDIOT N || IOT N P RK || T MPIOT N ) *
IOT N P RK (mod P)]. Next, IOT N transmits a message
to FGN by secure channel. This message, denoted as
IOT NMSS , includes the following components IOT NMSS
= (T IDIOT N || IOT N SG1 || T MPIOT N || IOT N P BK ).
STEP-2: Upon receiving the message IOT NMSS from
IOT N , FGN proceeds with the following verification steps.
First, it verifies the signature IOT N SG1 by comparing
the result of IOT N SG1 * P with the calculated value
based on the provided information. This calculation involves
H(T IDIOT N || IOT N P BK || T MPIOT N ). Additionally,
FGN verifies the timestamp T MPIOT N by checking that
the time difference between T MPIOT N and T MPIOT N
falls within the allowed maximum delay time, denoted as
T . If the verification process is successful, FGN proceeds
to create random number secretly, RN 1, within the finite
field of elliptical curve ZP ∗ . It also includes the current
timestamp, T MPF GN , in its calculations. FGN computes
mFGN using FGN = H(SIDF GN || T IDF GN || T CF GN
|| F GN P RK || T MPF GN || RN 1). Subsequently, FGN
generates a session key, denoted as FGNSSK , using
mFGN multiplied by P. Furthermore, FGN produces a
signature, denoted as FGN SG2 , using FGN SG2 = FGN
⊕ [H(T IDF GN || T IDIOT N || FGN P BK || T MPF GN )
* FGN P RK (mod P)]. Finally, FGN sends a message,
denoted as FGNMSS , to IOT N through a secure channel.
This message includes the following components FGNMSS
= (T IDF GN , FGNSSK , FGNSG∈ , T MPF GN , FGNPBK ).
STEP-3: Upon receiving the message, IOT N proceeds with
the following verification steps. It first verifies the session key,
FGNSSK , by calculating IOT N * FGNSSK . Additionally,
it checks the timestamp, T MPF GN ∗ , by verifying that the
time difference between T MPF GN ∗ and T MPF GN falls
within the maximum allowable delay time, denoted as T . If
these conditions are met successfully, IOT N proceeds to
verify the signature, FGN SG2 , using the equation: FGN SG2
Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
* P = H(T IDF GN || T IDIOT N || FGNPBK || T MPF GN
|| FGNSSK ). For a successful match of the signature, IOT N
generates a new timestamp, denoted as T MPIOT N N ew . It
calculates IOT N N ew using the IOT N N ew = H(FGNSSK
|| T MPIOT N N ew ). Subsequently, IOT N sends an
acknowledgment, denoted as IOT NACK , to FGN through
a secure channel. This acknowledgment includes the values
FGNSSK , T MPIOT N N ew .
STEP-4: Upon receiving the message, FGN proceeds with
the following verification steps. It first verifies the session
key, FGNSSK , by evaluating the hash function H(FGNSSK
|| T MPIOT N N ew ). Additionally, it checks the timestamp,
T MPIOT N ∗N ew , by ensuring that the time difference
between T MPIOT N ∗N ew and T MPIOT N N ew falls
within the allowable maximum time delay, denoted as T . If
all of these conditions are successfully met, then IOT N and
FGN mutually share their secret key, denoted as IOT NSCK
= FGNSCK , which enables them to communicate securely in
subsequent interactions.
(c) FGN to CSP Authentication Phase: This phase is
dedicated to establishing secure communication between an
FGN and a CSP. This secure communication is exclusively
accessible to registered FGN and CSP. The authentication
process relies on stored credentials within a database to
ensure the security of this communication. The authentication
procedure is based on mutual authentication using session
keys. The step-by-step details of this authentication process
are explained below.
STEP-1: The FGN picks the appropriate secret value
over infinite set ZP ∗ and receives a timestamp T MPF GN
and computes mFGN = H(SIDF GN || T IDF GN ||
T CF GN || FGN P RK || T MPF GN || RN 1). Further,
signature gets generated FGN i.e. FGN SG1 = mFGN ⊕
H(T IDF GN || F GN P RK || T MPF GN ) * FGN P RK (mod
P). Furthermore, FGN transmits a message to CSP via
secure channel, i.e. FGNMSS = (T IDF GN || FGN SG1 ||
T MPF GN || FGN P BK ).
STEP-2: The CSP receives a message from FGNMSS and
proceeds to verify the FGN SG1 signature using the equation
FGN SG1 · P = H(T IDF GN ||FGN P BK ||T MPF GN ),
alongside verifying the timestamp T MPF GN with a
maximum allowable time difference of T , where T
represents the maximum delay time. If the verification is
successful, CSP generates random number secretly RN 1
within the finite field of the elliptic curve ZP . It also includes
the current timestamp T MPCSP and computes CSP =
H(SIDCSP ||T IDCSP ||T CCSP ||CSP P RK ||T MPCSP ||RN 1).
Subsequently, CSP derives a session key CSPSSK using
CSP multiplied by P. In addition, CSP generates a signature
CSP SG2 by performing the XOR operation of CSP with
H(T IDCSP ||T IDF GN ||CSP P BK ||T MPCSP ), which is
then multiplied by CSP P RK and taken modulo P. Finally,
CSP securely shares a message CSPMSS , consisting of
(T IDCSP , CSPSSK , CSP SG2 , T MPCSP , CSP P BK ), with
FGN using a secure channel.
STEP-3: FGN receives a message and proceeds to
validate the session key CSPSSK by comparing it to the
result of mFGN multiplied by CSPSSK . Additionally,
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157

it checks the timestamp T MPCSP ∗ against T MPCSP Algorithm 1 Algorithm for Block Verification and Creation
within a time difference limit of T , where T represents 1: State: CSPk ∈ IDCSP miners,
the maximum allowable delay. If these conditions are 2: CBi = (SBi , T Bi ) SBi is local blockchain of peer T Bi
met successfully, FGN proceeds with the verification 3: brc → Block records
4: previous block → previous node of brc
of the signature, using the equation CSP SG2 · P = 5: miner → mines and verify block brc
H(T IDCSP ||T IDF GN ||CSP P BK ||T MPCSP ||CSPSSK ). 6: numbers → index of block
Upon successful signature verification, FGN generates 7: weight → weight of block
a new timestamp T MPF GN N ew and computes 8: blocktime → timestamp between two different blocks
mFGN N ew = H(CSPSSK ||T MPF GN N ew ). Subsequently, 9: default time is 5 second.
10: vote, |miner+1|
FGN sends an acknowledgment message FGNACK 11:
2
minerlimit → among various successive blocks in which the
containing CSPSSK , T MPF GN N ew to CSP using a secure miner can pick only one and sign it.
communication channel. 12: steps → addition of new block in the network
STEP-4: CSP receives a message and proceeds to validate 13: function LATESTSIGN(CSPSGk ,ZP)i
the session key CSPSSK by computing the hash of 14: γ ← miner limit
15: resultflag=false
the concatenation of CSPSSK and T MPF GN N ew . 16: for x= ZP-γ . . . ZP do
Additionally, it verifies the timestamp T MPF GN ∗N ew 17: if (brci .number mod |miner| == i) then
against T MPF GN N ew within a time difference limit of 18: status=true
T , where T represents the maximum allowable time delay. 19: end if
If condition met successfully, FGN and CSP mutually 20: end for
21: return status
exchange their secret key FGNSCK = CSPSCK for their 22: end function
subsequent communication. 23: function INITIALIZE()w
4) Consensus for Block Creation and Addition: This phase 24: while (True) do
details the block creation and verification by CSP miners. 25: ZP ← previous block(CSPSGk ). number
The current blockchain is denoted as CBi which includes 26: wait until latest sign(CSPSGk ,ZP)
27: TP ← previous-timestamp (CSPSGk )
two parameters such as SBi and T Bi . The SBi denotes local 28: wait until clock >= TP + block time
blockchain of individual peer T Bi which is shared over the 29: if (CSPk + i mod |miner| ==i) then
FGN and CSP. The block records are denoted as brc. For 30: brc.weight=2
every successful verification of block records the CSP assign 31: else
block weight as 2, whereas for every unsuccessful block record 32: delay(0,500)* |vote|
33: brc.weight=1
verification CSP assign 1 value. The unsuccessful verification 34: end if
is estimated by the maximum time delay set as 5 sec. Next, 35: brc.number= ZP + 1
for every successful verification of block records CSP sign 36: brc.previousblock= previous block(CSPSGk )
CSPSGk the block by keeping all valid records inside the 37: brc.miner=CSPSGk
block. Further, the CSPSGk gets verified by successive miners 38: CSPSGk ← (SBi ∪ brc, T Bi ∪ brc.previousblock )
39: end while
CSP of the network. Furthermore, the vote is computed and 40: distribute (CSPSGk )
if the required vote satisfies vote, |miner+1|
2 then the latest 41: end function
block gets disseminated over the ledger CBi and the same 42: function W PEIGHT S UM(SBj , T Bj )
gets reflected over the individual peer ledger T Bi . The detailed 43: return ∀brc∈SB˙j brc.weight
block creation and verification are illustrated in Algorithm 1. 44: end function
45: function C REATE(SBj , T Bj )
46: if (WeightSum(SBj , T Bj ) > WeightSum(SBi , T Bi )) then
C. eXplainable AI for Intrusion Detection System 47: WeigthSum(SBi , T Bi ) ← WeightSum(SBj , T Bj )
48: end if
1) Attention-based BiGRU: The GRU is an RNN variation 49: end function
that can address the problems of vanishing gradients. Unlike 50: function IS C ERTIAN(brc)k
a conventional RNN, GRU can learn both long- and short- 51: VT ← {brci.CSP˙k —brci ∈ SB˙i}
term dependencies. Bi-GRU comprises two layers of GRU, 52: return (|V T | > |vote|)
one runs in the forward direction, while the other in backward. 53: end function
Two gates regulate the information flow in the GRU unit, such
that Update (Vt ) and reset gate (St ). The (Vt ) regulates how
much past knowledge is kept in the present state, while the (St ) where α is the sigmoid function, Et is the input and WtV , WtS
decides the number of irrelevant sequence bytes to be ignored. and Wt represents the weight matrices. Moreover, the Ht −1 is
The following equations are used for such operations: the hidden state of the previous state, while Ht is the hidden
−−→ state at each time stamp t .
Vt = α(WtV [Ht −1 , Et ]) (1) Moreover, we have utilized an attention layer for BiGRU
−−→ which learns a weight αt for the Ht at t . The following
St = α(WtS [Ht −1 , Et ]) (2)
equation computes the attention Vector AVec for the Ht :
−−→
H̃t = tanh(Wt [St Ht −1 , Et ]) (3) N
X
−−→ AVec = αt HT (5)
Ht = (1 − Vt )Ht −1 + Vt H̃t (4) t=1

Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157
where N is the number of the Ht and αt is its weight. Further,
the equation 6 calculates the weighting factors αt :
Exp(QtT Qwt )
αt = P T
t Exp(Qt Qwt )
Qt = tanh(Wtw Ht + Bw )
where Wtw and Qwt represents the weight matrices and Bw is
its respective bias.
2) Multi-class classification: This work considers a multi-
class approach for class identification. We employed the Soft-
Max (SM ) regressor for such a purpose. It is provided by the
Sklearn library. Additionally, it can interpret model coefficients
as measures of a feature’s significance. As a result of the input
E, the goal is to determine the likelihood of the Y label in each
probable class, P ( Y = C |E). It takes a vector j of the arbitrary
values of K and converts them to the following probability
distribution:
Exp(ji )
SM (ji ) = PK (8)
z=1 Exp(jz )
However, in our case, the weight vector Wt and input vector
E together with a bias B for each of the K classes will make
up the input to the SM .
Exp(WtC Ė + BC )
P (Y = C |E) = PK
z=1 Exp(Wtz Ė + Bz )
3) X-IDS: AI is becoming more well-known in modern
times due to its exceptionally accurate predictions. Although
these models are effective but they are tricky to comprehend.
DNN is referred to as a black-box model. AI-based models
primarily modify various aspects through trial and error until
they find the optimal solution, making their decision-making
process difficult to understand due to a black box. If such mod-
els are used for designing an IDS, a network administrator may
find it challenging to comprehend the logic of such a DNN-
based IDS. Every IDS must make decisions in a transparent
manner. For more trust and dependability, the XAI needs to
be integrated with traditional IDS. In this research work, we
employed the SHapley Additive exPlanations (SHAP ) [34]
mechanism to explain and interpret the IDS results in a multi-
class attack detection scenario. The SHAP is based on the
game theory approach. Following conventional wisdom, this
theory includes both a game and players. Still, in this instance
of XAI, the objective is to duplicate the projected result of
the pre-trained model, and the players are the features of the
dataset. As a result, the SHAP -based explanation of AI models
quantifies the influence of each dataset characteristic and aids
in identifying both their positive and negative contributions.
Estimating the contribution of each feature to the final judg-
ment or prediction, it explains the predictions of an instance.
SHAP ’s main virtue is that it may be used with any DL or
ML-based models rather than being limited to linear models
and classifiers. The following equation is used to calculate the
explanation of the SHAP for a single instance:
N
X Evidently, the size of off-chain storage grows in correlation
G(s) = Uo + Ui si
i =1
Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
where s stands for the new features that are comparable to
the original ones but have been simplified, N is the maximum
size, and the Ui denotes the Shapely value (SV ).
(6) Further, the following equation is used for selecting the
important features:
(7) n
X
ImpFs j = ||Uj (Xi )|| (11)
i =1
where n represents the total no. of data samples and the
average SV of the ith input feature is represented by ImpFs j .
III. P ERFORMANCE A NALYSIS
Simulations were conducted on a Windows server PC with
the following specifications: a processor running at 2.6 GHz,
256GB of RAM, and a GPU with 80GB of storage. The
deep learning-based Intrusion Detection System (IDS) was
implemented using the Keras and Tensorflow libraries, while
IDS results were interpreted using the SHapley Additive
exPlanations (SHAP) library version 0.41.0. The analysis of
the blockchain was carried out on the Ethereum ropsten
network. For the dataset and evaluation metrics, we utilized
the CICIDS2017 dataset, which is IoT-based, as referenced
in [35]. This dataset encompasses various attack classes.
(9) However, due to limited instances in some attack classes, our
focus in this work was on six specific attack classes and one
benign class. These include Bot, FTP, SSH-Patator, as well as
three types of DoS attacks (Slowloris, Hulk, and Goldeneye).
Additionally, the dataset was split into training and testing sets
in a 70:30 ratio. The proposed IDS is comprehensively and
exhaustively evaluated using conventional evaluation metrics,
including Accuracy, Recall , Precision and F1 − score. Further,
we provide the confusion matrix of the proposed IDS. It is
calculated by adding together all of the true classifications
and false for each class.
A. Analysis of Blockchain-based Authentication and Key
Agreement Mechanism
Fig. 2 and Fig. 3 provide a visual representation of the anal-
ysis of blockchain performance in terms of various parameters.
These parameters include the execution time for transaction
(Tx) upload, the mining process for block creation, the actual
block creation time, and the size of transactions uploaded into
off-chain storage (measured in KB). The transaction upload
time in Figure 3 reflects the original transactions shared across
the off-chain storage layer. Meanwhile, Figure 4, labeled as
”Fig. 2b” and ”Fig. 3a,” illustrates the time taken for mining a
block and creating a block, respectively, using different sets of
transactions and peers. Notably, the analysis of execution time
reveals an upward trend as both the number of transactions and
the number of peers within the network increase. Additionally,
Fig.3b, referred to as ”Fig. 3b,” offers insights into the
size of off-chain storage (measured in KB) across the off-
chain storage layer for varying sets of transactions and peers.
(10)
with the increasing number of transactions in the network.
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157

TABLE I: Per-class Performance Analysis of the Proposed IDS

Parameters Benign Bot DoS-Slowloris Dos-Hulk DoS-Goldeneye FTP-Patator SSH-Patator
Accuracy 99.70 98.20 98.73 97.82 99.35 99.27 99.61
Recall 99.81 99.78 97.14 98.72 96.42 97.88 99.70
Precision 99.70 98.20 98.73 98.82 99.35 99.27 99.61
F1 − Score 99.76 98.98 97.93 96.73 98.87 99.57 99.65

63.98
58.84
Execution Time in Milliseconds

53.44
2.5 2.38 60
Execution Time in seconds

42.39
1.89
1.74

1.73

35.93
1.73

1.72
1.26 1.8

33.91
1.08 1.62

32.78
31.49

31.39
1.55

1.53

30.37
1.6

40

29.25
27.22
26.55
1.37

25.44
1.27

22.36
1.22
1.19

1.5

21.41
1.18

20.01
1.11

18.27
17.24
15.01
20
0.72

1
300 Tx 500 Tx 700 Tx 900 Tx
0.5 300 Tx 500 Tx 700 Tx 900 Tx
0
0 10 IoT 20 IoT 30 IoT 40 IoT 50 IoT
10 IoT 20 IoT 30 IoT 40 IoT 50 IoT Number of IoT Nodes
Number of IoT Nodes
(b) POA Consensum Mining Time
(a) off-chain Tx upload time Analysis
Fig. 2: Analysis of a blockchain-empowered authentication system in relation
to transaction uploading and the duration for mining a block.
Fig. 4: Confusion Matrix of the Proposed IDS
72.97

384

80
67.78
Execution Time in Milliseconds

400
41.29 54.92
51.42

Storage Size in KB
49.65

49.59
47.91

60
36.2146.77

300
41.42

40.24
39.35
41.5
35.67
35.34
31.38

187
28.18

40
26.23

200
24.14

92

20 100
45

300 Tx 500 Tx 700 Tx 900 Tx

0 0
10 IoT 20 IoT 30 IoT 40 IoT 50 IoT 300 Tx 500 Tx 700 Tx 900 Tx
Number of IoT Nodes Number of IoT Nodes

(a) Time Analysis of Block Cre- (b) Transactions storage size in (KB)-
ation offchain
Fig. 3: Analysis of of a blockchain-driven authentication scheme concerning
the time it takes to create a block and the storage of transactions (tx). Fig. 5: Overall Performance Analysis of the Proposed IDS

B. Analysis of eXplainable AI for Intrusion Detection classifiers’ predictions, a decision plot DP was utilized to
In the subsection, we discuss the performance of the pro- illustrate local explanation findings. In addition to hierarchical
posed XAI-based IDS. The confusion matrix displays the cluster feature ordering and feature importance ordering, the
number of incidents that the model predicts. Fig 4 represents DP plot supports user-defined attribute ordering. Fig. 6 depicts
the confusion matrix of our proposed IDS, where it is clear the DP plot. The x-axis, in particular, represents the model
that the proposed IDS recognized all the classes efficiently. output, while its characteristics are presented on the y-axis.
However, a significant portion of normal occurrences are mis- Each observation’s projected value corresponds to a line
takenly categorized as other attack classes due to the enormous crossing the x-axis at the top of the graphic. Moreover, We
quantity of samples, leading to an overall increased false utilized the summary plot SP to combine the relevance of
rate. Further, the fundamental analytical parameters (Accuracy, the characteristic with its implications. Each point on the SP
Recall , Precision and F1 − score) are also employed. The results plot represents a Shapley value for a feature and a sample.
obtained for such metrics are presented in Fig 5, where the The SP plot is presented in Fig. 7, where we might apply the
model achieved an Accuracy of 99.53% along with a Recall of average absolute value of SHAP values to each feature. The
98.49%, and Precision and F1 − score of 98.53% and 98.50% x-axis values show the size of the change in log odds.
respectively. The figure clearly presents that our proposed
IDS achieved values near to 100 and shows a dominant C. Comparison with state-of-the-art techniques
performance. Moreover, we have also provided the per-class Finally, the performance of the proposed XAI-based IDS
performance of the designed IDS in Table I in terms of these is compared with state-of-the-art threat detection schemes
evaluation metrics. from the current literature. Table II provides the comparison
Further, we provide local explanations. It uses SHAP values of the proposed IDS with [28], [26] and [27]. We can see
through each SHAP value to show why the model makes its the proposed approach has several advantages compared with
choice and the contributions of the features. To explain the its recent competitor models. Moreover, the proposed IDS

Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157

         IV. C ONCLUSION
'HVWLQDWLRQ3RUW  In this article, we integrated blockchain-based authentica-
3DFNHW/HQJWK9DULDQFH 
tion and key agreement mechanism with explainable AI to
%ZG3DFNHW/HQJWK6WG 
design a security framework for smart consumer applications.
,QLWB:LQBE\WHVBIRUZDUG 
Specifically, we first registered and then performed authenti-
3DFNHW/HQJWK6WG 
cation between the participating entities in the network. Then,
6<1)ODJ&RXQW 
we used a PoA-based consensus mechanism for block creation
%ZG3DFNHWVV 
and verification on authenticated data. Further, to enhance the
)ZG36+)ODJV 
security model, we designed a deep learning-based IDS by
)ORZ,$70HDQ 
combining an attention mechanism with a bidirectional gate
)ORZ,$70LQ 
recurrent unit network and softmax classifier for attack detec-
$YJ%ZG6HJPHQW6L]H 
tion. In order to interpret the results of our black box IDS, we
,GOH0HDQ 
employed Shapley additive explanations mechanism to explain
,GOH0D[ 
and interpret the most important features that contributed to
,GOH0LQ 
detecting attacks. Future research will include, implementing
3DFNHW/HQJWK0HDQ 
the proposed IDS with different datasets and performing a
%ZG,$76WG 
thorough security analysis of the proposed framework.
)ZG,$70D[ 
%ZG,$70D[ 
)ZG3DFNHW/HQJWK0D[  R EFERENCES
%ZG3DFNHW/HQJWK0D[  [1] A. Aljuhani, P. Kumar, R. Kumar, A. Jolfaei, and A. K. M. N. Islam,
         “Fog intelligence for secure smart villages: Architecture, and future
0RGHORXWSXWYDOXH challenges,” IEEE Consumer Electronics Magazine, pp. 1–9, 2022.
[Online]. Available: https://doi.org/10.1109/MCE.2022.3193268
Fig. 6: Shap values for CICIDS2017 dataset using decision plot.
[2] S. H. Alsamhi, O. Ma, M. S. Ansari, and F. A. Almalki, “Survey on
collaborative smart drones and internet of things for improving smartness
of smart cities,” IEEE Access, vol. 7, pp. 128 125–128 152, 2019.
[Online]. Available: https://doi.org/10.1109/ACCESS.2019.2934998
'HVWLQDWLRQ3RUW [3] C. D. McDermott, J. P. Isaacs, and A. V. Petrovski, “Evaluating
%ZG3DFNHW/HQJWK0LQ awareness and perception of botnet activity within consumer internet-
3DFNHW/HQJWK9DULDQFH of-things (iot) networks,” in Informatics, vol. 6, no. 1. MDPI, 2019,
p. 8. [Online]. Available: https://doi.org/10.3390/informatics6010008
%ZG3DFNHW/HQJWK6WG [4] M. A. Sayeed, S. P. Mohanty, E. Kougianos, and H. P. Zaveri, “eseiz: An
PLQBVHJBVL]HBIRUZDUG edge-device for accurate seizure detection for smart healthcare,” IEEE
0LQ3DFNHW/HQJWK Transactions on Consumer Electronics, vol. 65, no. 3, pp. 379–387,
2019. [Online]. Available: https://doi.org/10.1109/TCE.2019.2920068
3DFNHW/HQJWK6WG
[5] M. Jia, A. Komeily, Y. Wang, and R. S. Srinivasan, “Adopting internet
,QLWB:LQBE\WHVBIRUZDUG of things for the development of smart buildings: A review of enabling
$YHUDJH3DFNHW6L]H technologies and applications,” Automation in Construction, vol. 101,
pp. 111–126, 2019.
)ORZ,$70HDQ
[6] D. A. Hahn, A. Munir, and S. P. Mohanty, “Security and privacy
36+)ODJ&RXQW issues in contemporary consumer electronics [energy and security],”
)ZG36+)ODJV IEEE Consumer Electronics Magazine, vol. 8, no. 1, pp. 95–99, 2019.
[Online]. Available: https://doi.org/10.1109/MCE.2018.2867979
$YJ%ZG6HJPHQW6L]H
[7] P. Datta and B. Sharma, “A survey on iot architectures,
)ORZ,$70LQ protocols, security and smart city based applications,” in 2017
'RZQ8S5DWLR 8th International Conference on Computing, Communication and
%ZG3DFNHW/HQJWK0D[
Networking Technologies (ICCCNT), 2017, pp. 1–5. [Online]. Available:
https://doi.org/10.1109/ICCCNT.2017.8203943
%ZG,$76WG %HQLJQ [8] S. K. Ram, B. B. Das, K. Mahapatra, S. P. Mohanty, and U. Choppali,
'R66ORZORULV
)ZG,$70D[ %RW “Energy perspectives in iot driven smart villages and smart cities,”
6<1)ODJ&RXQW
66+3DWDWRU IEEE Consumer Electronics Magazine, vol. 10, no. 3, pp. 19–28, 2021.
'RV+XON [Online]. Available: https://doi.org/10.1109/MCE.2020.3023293
%ZG,$70D[ )733DWDWRU
'R6*ROGHQH\H [9] R. Kumar, A. Aljuhani, P. Kumar, A. Kumar, A. Franklin,
        
and A. Jolfaei, “Blockchain-enabled secure communication for
PHDQ_6+$3YDOXH_DYHUDJHLPSDFWRQPRGHORXWSXWPDJQLWXGH unmanned aerial vehicle (uav) networks.” New York, NY, USA:
Association for Computing Machinery, 2022. [Online]. Available:
Fig. 7: Shap values for CICIDS2017 dataset using summary plot. https://doi.org/10.1145/3555661.3560861
[10] Z. Mohammad, T. A. Qattam, and K. Saleh, “Security weaknesses
and attacks on the internet of things applications,” in 2019 IEEE
TABLE II: Comparison with state-of-the-art techniques Jordan International Joint Conference on Electrical Engineering
Authors Year Dataset Method Explainable IDS Blockchain Accuracy and Information Technology (JEEIT), 2019, pp. 431–436. [Online].
Proposed 2023 CICIDS2017 XAI-based IDS ✓ ✓ 99.53%
[28] 2022 CICIDS2017 Ensembled Model × × 95.80% Available: https://doi.org/10.1109/JEEIT.2019.8717411
[26] 2021 CICIDS2017 GAN × × 88.70% [11] F. Loi, A. Sivanathan, H. H. Gharakheili, A. Radford, and V. Sivaraman,
[27] 2021 CICIDS2017 BBFO-GRU × × 98.45%
“Systematically evaluating security and privacy for consumer iot
devices.” New York, NY, USA: Association for Computing Machinery,
2017. [Online]. Available: https://doi.org/10.1145/3139937.3139938
[12] M. H. Syed, E. B. Fernandez, and J. Moreno, “A misuse pattern for ddos
outclassed the current security frameworks by achieving the in the iot.” New York, NY, USA: Association for Computing Machinery,
highest accuracy with explainability. 2018. [Online]. Available: https://doi.org/10.1145/3282308.3282343

Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2023.3320157

10

[13] A. A. Elsaeidy, N. Jagannath, A. G. Sanchis, A. Jamalipour, and Transactions on Intelligent Transportation Systems, vol. 24, no. 1,
K. S. Munasinghe, “Replay attack detection in smart cities using deep pp. 1000–1014, 2023. [Online]. Available: https://doi.org/10.1109/TITS.
learning,” IEEE Access, vol. 8, pp. 137 825–137 837, 2020. [Online]. 2022.3188671
Available: https://doi.org/10.1109/ACCESS.2020.3012411 [32] Z. A. El Houda, B. Brik, and S.-M. Senouci, “A novel iot-based
[14] G. Chen, B. Xu, M. Lu, and N.-S. Chen, “Exploring blockchain explainable deep learning framework for intrusion detection systems,”
technology and its potential applications for education,” Smart Learning IEEE Internet of Things Magazine, vol. 5, no. 2, pp. 20–23, 2022.
Environments, vol. 5, no. 1, pp. 1–10, 2018. [Online]. Available: https://doi.org/10.1109/IOTM.005.2200028
[15] J. L. Zhao, S. Fan, and J. Yan, “Overview of business innovations [33] M. M. Alani, E. Damiani, and U. Ghosh, “Deepiiot: An explainable
and research opportunities in blockchain and introduction to the special deep learning based intrusion detection system for industrial iot,” in
issue,” pp. 1–7, 2016. 2022 IEEE 42nd International Conference on Distributed Computing
[16] S. Shi, D. He, L. Li, N. Kumar, M. K. Khan, and K.-K. R. Choo, Systems Workshops (ICDCSW), 2022, pp. 169–174. [Online]. Available:
“Applications of blockchain in ensuring the security and privacy of https://doi.org/10.1109/ICDCSW56584.2022.00040
electronic health record systems: A survey,” Computers & security, [34] L. S. Shapley et al., “A value for n-person games,” 1953.
vol. 97, p. 101966, 2020. [35] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating
[17] R. Kumar, P. Kumar, M. Aloqaily, and A. Aljuhani, “Deep- a new intrusion detection dataset and intrusion traffic characterization.”
learning-based blockchain for secure zero touch networks,” IEEE ICISSp, vol. 1, pp. 108–116, 2018.
Communications Magazine, vol. 61, no. 2, pp. 96–102, 2023. [Online].
Available: https://doi.org/10.1109/MCOM.001.2200294
[18] U. Bodkhe, S. Tanwar, K. Parekh, P. Khanpara, S. Tyagi, N. Kumar,
and M. Alazab, “Blockchain for industry 4.0: A comprehensive review,”
IEEE Access, vol. 8, pp. 79 764–79 800, 2020. [Online]. Available:
https://doi.org/10.1109/ACCESS.2020.2988579
[19] C. Zhang, L. Zhu, and C. Xu, “Bpaf: Blockchain-enabled reliable
and privacy-preserving authentication for fog-based iot devices,” IEEE
Consumer Electronics Magazine, vol. 11, no. 2, pp. 88–96, 2022.
[Online]. Available: https://doi.org/10.1109/MCE.2021.3061808
[20] A. Attkan and V. Ranga, “Cyber-physical security for iot networks: a
comprehensive review on traditional, blockchain and artificial intelli-
gence based key-security,” Complex & Intelligent Systems, vol. 8, no. 4,
pp. 3559–3591, 2022.
[21] S. Aghapour, M. Kaveh, M. R. Mosavi, and D. Martı́n, “An
ultra-lightweight mutual authentication scheme for smart grid two-way
communications,” IEEE Access, vol. 9, pp. 74 562–74 573, 2021.
[Online]. Available: https://doi.org/10.1109/ACCESS.2021.3080835
[22] S. Jiang, X. Zhu, and L. Wang, “An efficient anonymous batch
authentication scheme based on hmac for vanets,” IEEE Transactions
on Intelligent Transportation Systems, vol. 17, no. 8, pp. 2193–2204,
2016. [Online]. Available: https://doi.org/10.1109/TITS.2016.2517603
[23] S. Challa, M. Wazid, A. K. Das, N. Kumar, A. Goutham Reddy,
E.-J. Yoon, and K.-Y. Yoo, “Secure signature-based authenticated
key establishment scheme for future iot applications,” IEEE Access,
vol. 5, pp. 3028–3043, 2017. [Online]. Available: https://doi.org/10.
1109/ACCESS.2017.2676119
[24] T. Alatawi and A. Aljuhani, “Anomaly detection framework in fog-
to-things communication for industrial internet of things,” CMC-
COMPUTERS MATERIALS & CONTINUA, vol. 73, no. 1, pp. 1067–
1086, 2022.
[25] C. D. McDermott, F. Majdani, and A. V. Petrovski, “Botnet detection
in the internet of things using deep learning approaches,” in 2018
International Joint Conference on Neural Networks (IJCNN), 2018, pp.
1–8. [Online]. Available: https://doi.org/10.1109/IJCNN.2018.8489489
[26] H. Jeong, J. Yu, and W. Lee, “Poster abstract: A semi-supervised
approach for network intrusion detection using generative adversarial
networks,” in IEEE INFOCOM 2021 - IEEE Conference on Computer
Communications Workshops (INFOCOM WKSHPS), 2021, pp. 1–2.
[Online]. Available: https://doi.org/10.1109/INFOCOMWKSHPS51825.
2021.9484569
[27] M. M. Althobaiti, K. Pradeep Mohan Kumar, D. Gupta, S. Kumar,
and R. F. Mansour, “An intelligent cognitive computing based intrusion
detection for industrial cyber-physical systems,” Measurement, vol.
186, p. 110145, 2021. [Online]. Available: https://www.sciencedirect.
com/science/article/pii/S0263224121010642
[28] R. Lalduhsaka, N. Bora, and A. K. Khan, “Anomaly-based intrusion
detection using machine learning: An ensemble approach,” International
Journal of Information Security and Privacy (IJISP), vol. 16, no. 1, pp.
1–15, 2022.
[29] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-
Nemrat, and S. Venkatraman, “Deep learning approach for intelligent
intrusion detection system,” IEEE Access, vol. 7, pp. 41 525–41 550,
2019.
[30] V. Ravi, R. Chaganti, and M. Alazab, “Recurrent deep learning-based
feature fusion ensemble meta-classifier approach for intelligent network
intrusion detection system,” Computers and Electrical Engineering, vol.
102, p. 108156, 2022.
[31] A. Oseni, N. Moustafa, G. Creech, N. Sohrabi, A. Strelzoff, Z. Tari,
and I. Linkov, “An explainable deep learning framework for resilient
intrusion detection in iot-enabled transportation networks,” IEEE

Authorized licensed use limited to: Northeastern University. Downloaded on November 12,2023 at 18:20:05 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.