Feature-Weighted Naive Bayesian Classifier for Wireless Network Intrusion Detection

Objective . Wireless sensor networks, crucial for various applications, face growing security challenges due to the escalating complexity and diversity of attack behaviours. Tis paper presents an advanced intrusion detection algorithm, leveraging feature-weighted Naive Bayes (NB), to enhance network attack detection accuracy. Methodology . Initially, a feature weighting algorithm is introduced to assign context-based weights to diferent feature terms. Subsequently, the NB algorithm is enhanced by incorporating Jensen–Shannon (JS) divergence, feature weighting, and inverse category frequency (ICF). Eventually, the improved NB algorithm is integrated into the intrusion detection model, and network event classifcation results are derived through a series of data processing steps applied to corresponding network trafc data. Results . Te efectiveness of the proposed intrusion detection algorithm is evaluated through a comprehensive comparative analysis using the NSL-KDD dataset. Results demonstrate a signifcant enhancement in the detection accuracy of various attack types, including normal, denial of service (DoS), probe, remote-to-local (R2L), and user-to-root (U2R). Moreover, the proposed algorithm exhibits a lower false alarm rate compared to other algorithms. Conclusion . Tis paper introduces a wireless network intrusion algorithm that not only ensures improved detection accuracy and rate but also reduces the incidence of false detections. Addressing the evolving threat landscape faced by wireless sensor networks, this contribution represents a valuable advancement in intrusion detection technology.


Introduction
In recent years, there has been a rapid development in computer communication and networking technologies, particularly with the emergence of the Internet of Tings (IoT).Tese advancements have introduced new and efective ways to facilitate interaction between human society and the physical world.Tis has led to the integration of human society, the physical world, and the computing world [1,2].Wireless sensor networks (WSNs), as a technology derived from microelectronics, play an irreplaceable role in important felds such as healthcare, trafc control, and natural disasters [3][4][5].Furthermore, they have profound impacts on daily life, such as smart homes and modern agriculture [6,7].
WSN is a distributed wireless network composed of a large number of low-power sensor nodes deployed in the sensing area, communicating through wireless links [8].Tese sensor nodes are miniaturized computing units with limited storage capacity, computational capabilities, and battery power [9,10].However, due to the openness of wireless networks and the inherent limitations of sensor nodes, WSNs face various security threats and network attacks.
To counter network attacks, existing network intrusion solutions have introduced key management and authentication mechanisms as the frst line of defence to efectively withstand attacks from outside the WSN.However, by capturing nodes, attackers can gain access to confdential information inside the nodes and launch internal attacks, rendering the frst line of defence inefective against internal attacks in WSNs.Terefore, intrusion detection technology serves as a crucial second line of defence, capable of fundamentally detecting security threats and minimizing the losses caused by attacks [11].However, due to the limitations of WSNs, traditional intrusion detection techniques cannot be directly applied to WSN environments.As a result, the research on novel intrusion detection techniques suitable for WSNs has attracted widespread attention from experts and scholars both domestically and internationally.
In order to improve the classifcation accuracy and algorithmic efciency of network intrusion detection algorithms, this paper proposes a new intrusion detection method for wireless networks, that is, an improved NB algorithm utilizing JS dispersion and inverse category frequency (ICF), i.e., JINB intrusion detection algorithm.Te algorithm reduces the limitations of the conditional independence assumption of NB by introducing a weighting factor for each feature term through JS scattering and ICF, resulting in the improved detection rate and detection accuracy.Te main innovations of this paper are as follows: (1) Te use of JS divergence to measure the weights of each feature term, highlighting the diferences between diferent feature terms.By utilizing JS divergence, we are able to better assess the contributions of feature terms to intrusion detection, thereby improving classifcation accuracy.(2) Te introduction of ICF to enhance the calculation of feature weights, further reducing the infuence of conditional independence.Traditional intrusion detection algorithms are typically based on the assumption of Naive Bayes, where features are considered mutually independent.However, in practical scenarios, there may be certain correlations among features that can impact the accuracy of classifcation.Incorporating ICF allows for more accurate calculation of feature weights, reducing the impact of conditional independence on classifcation results and enhancing detection accuracy.
Tis paper is divided into fve main sections as follows: the introduction, the literature review, the methodology, the analysis and discussion of results, and the conclusion.
Te motivation behind this study is to enhance the security of wireless sensor networks by developing an intrusion detection algorithm that improves detection accuracy and reduces false alarms.Tis research aims to contribute to the evolving feld of intrusion detection in WSNs.
In addition to introducing innovative technologies such as JS divergence and ICF, this study also incorporates a feature weighting algorithm.Tis contribution enhances the algorithm's sensitivity to diferent features, aiding in better discrimination and utilization of various features, thereby improving the accuracy of intrusion detection.Furthermore, this study combines the improved Naive Bayes (NB) algorithm with an intrusion detection model and applies it to the corresponding network trafc data processing.Tis leads to an overall performance enhancement, resulting in higher detection accuracy when facing various attack types.

Literature Review
In the existing literature, various intrusion detection models and algorithms have been proposed for diferent network environments and challenges.Zhao et al. proposed an intrusion detection model based on a deep artifcial neural network with backpropagation (DAN-BP) [12].It is tailored for handling massive, complex, and multidimensional network data.Te primary aim is to address the need for efective intrusion detection in such environments.Similarly, Maheswari and Arunesh present a new hybrid multilevel intrusion detection model that focuses on improving the detection rate of specifc attack behaviours, including probe, U2R, and R2L [13].Te model combines the K-nearest neighbor (KNN) outlier detection algorithm with network trafc similarity to achieve accurate detection without interference from anomalous behaviours.
In the context of resource-constrained intrusion detection systems (IDS) in wireless sensor networks (WSNs), Huang and Zhu proposed a dynamic multistage intrusion detection model with a game-theoretic approach [14].Tis model predicts the most vulnerable nodes to intrusion and incorporates Bayesian rule analysis to identify malicious nodes.Another improvement in intrusion detection is presented by Wang et al. [15], where an algorithm based on integration learning is introduced.Tis algorithm addresses the limitations of integrated learning intrusion detection methods, such as loss of edge information and timeconsuming model fusion.By transforming the original problem into multiple binary classifcation problems and incorporating probabilistic prediction results, the algorithm achieves better performance.
While deep neural networks and integrated learning methods [16,17] may not be suitable for certain network structures and computational limitations [18], alternative approaches have been explored.For example, Jaber and Rehman proposed a cloud computing-based intrusion feature extraction method for ship communication networks [19].Tis method utilizes signal processing techniques and a feature detection framework to extract relevant features.A network intrusion detection method based on an improved random forest classifer is introduced by Zhang et al. [20].Te method utilizes Gaussian mixture models and random forest classifers to extract intrusion features.
Ling et al. used a rough set theory to enhance intrusion detection models based on artifcial immunity [21].Tis method combines anomaly detection and misuse detection, achieving vaccine injection without terminating the intrusion detection behavior.In addition, Ling et al. introduced a K-means algorithm to address the clustering issue and local optima problems [22].Although these methods demonstrate improvement in detection performance, challenges related to outliers and unbalanced clustering remain.
To tackle the issue of low efciency caused by a large amount of data, Wang et al. combined adaptive afnity propagation (AP) clustering with intrusion detection [23].Tis adaptive AP clustering algorithm reduces the number of samples to be clustered, resulting in decreased clustering time and continuous model adjustment.Duan and Xiao proposed an improved fuzzy C-means clustering algorithm, which uses the Mercer kernel and Lagrange multiplier method for enhanced optimization and convergence speed [24].However, the impact of unbalanced clustering and noise points on clustering results is not addressed.

Security and Communication Networks
Moreover, recent research has explored innovative approaches for intrusion detection.For instance, a vehicularedge computing fogging scheme is proposed by Mourad et al. [25], which ofoads intrusion detection tasks to federated vehicles, considering their high mobility and resource availability.Rahman proposes a privacy-preserving joint learning scheme for IoT intrusion detection [26], where devices train their own models to maintain privacy and security-aware data.Deep learning models with recurrent neural network (RNN) with long short-term memory (LSTM) and gated recurrent unit (GRU) frameworks were developed by Gautam et al. [27].Tis model can overcome the problem of longer dependencies in RNN models.However, the efectiveness of these models in classifying certain types of attacks remains a challenge.
Te Naive Bayesian classifer (NBC) [28] has gained popularity in intrusion detection due to its simplicity and efectiveness.Various enhancements for the NB algorithm have been proposed.For instance, Alsaadi et al. efectively applied the NB model in IDS and established a framework for the primary intrusion detection process [29].Alsharif adopted a PCA-based NB algorithm that reduces data redundancy and improves detection efciency [30].Zhang et al. constructed a network intrusion detection model based on the NB algorithm and the quantum particle swarm optimization (QPSO) algorithm [31], which performs feature selection and parallelized NB classifcation.However, the detection rate of low-frequency and small-sample type data still needs improvement in this method.Panigrahi et al. proposed an extension of the NB algorithm that combines feature simplifcation and decision tree techniques to improve classifcation efciency and accuracy [32].Nevertheless, this approach introduces interference in the classifcation of anomalous events.A semisupervised NB algorithm is introduced by Hara and Shiomoto [33], which leverages parallel computing to handle large amounts of network data.However, this algorithm exhibits shortcomings in detecting anomalous data in small-sized and medium-sized local area networks.Addressing the need for efcient intrusion detection, Li et al. presented the locally weighted Naive Bayesian (LWNB) algorithm [34].Tis algorithm gradually reduces the feature space and divides it into subspaces for classifcation using a NB classifer.While this design improves classifcation speed and correctness, it requires complex preprocessing and increases time and space complexity.Jiang et al. proposed a novel weight calculation method based on the original NB approach [35].Tis method estimates feature values derived from network data and signifcantly eliminates interference data, leading to improved classifer accuracy and recall rate.However, the algorithm still faces challenges related to feature attribute value extraction and the stability of classifer performance.
In summary, the literature review highlights various approaches to intrusion detection, including DAN-BP-based models, hybrid multilevel models, dynamic multistage models, integration learning algorithms, cloud computingbased methods, improved random forest classifers, rough set-based models, and extensions of the NB algorithm.While these methods demonstrate advancements in intrusion detection, challenges such as outliers, unbalanced clustering, computational limitations, and classifcation of specifc attack types still persist.Future research should focus on addressing these challenges to further enhance intrusion detection techniques.

Methodology
A feature weighting algorithm is employed to enhance the classifcation accuracy by assigning weights to diferent feature terms based on their relevance to the situation.Tis approach calculates each feature's weight by deriving a weighting factor through JS divergence and ICF.
Te JINB algorithm is used to obtain the classifcation results of network events by performing a series of processes on the corresponding network trafc data (Figure 1).

NB Classifer. Given a training sample set
represents each data record and g x denotes the x-th feature.G x denotes the x-th attribute variable of the sample set.Consider a test sample set , and the mapping function f: Ten, the maximum element u n in set U is further obtained, and the test instance is fnally classifed as c n .
(1) We calculate the occurrence of category c in the sample set U as follows: where c x is the category to which the sample I x belongs to and a(c, c x ) is the symbolic function for determining c and c x .(2) We compute feature g y for sample category c in the set P. If attribute G y is discrete, then we have where g xy is the y-th feature of the training sample instance I x .If the attribute g y is a continuous value, then we have Security and Communication Networks (3) Ten, we count the occurrence of feature g y in U as follows: (4) We calculate the probability that J ′ belongs to category c x as (5) Among them, J ′ is the sample to be measured and w is the sample size.(5) From equation (7), it is possible to calculate for sample Te z probability values are normalized and sorted to obtain the similarity of the sample J ′ .Te maximum posterior probability WU is thus obtained as follows: (6) Te defnition of the NB classifer can be calculated from the abovementioned results as 3.2.JS Divergence.Weight (x, y) is the weight of g y in c x ; that is, it measures the signifcance of the feature g y to category c x in classifcation.Te NB equation is thus improved as shown in the following equation: Te diference between the probability distribution of c x and the probability distribution in the sample set with feature g y can be considered.According to literature [36], the KL (Kullback-Leibler) divergence is used to indicate the importance of the features.
Te limitations are evident from the KL divergence calculation in equation ( 9), which cannot be regarded as a metric in the true sense.Second, the range of its results is not bounded.In this paper, JS divergence [37] is introduced to make up for defciencies.Since JS divergence possesses symmetry, it serves as a true distance metric.Moreover, its values range from 0 to 1, making it more precise and convenient for similarity assessment.Terefore, employing JS divergence to compare the diference in distance between two probability scenarios assigns appropriate weights to 4 Security and Communication Networks feature items, enabling a better evaluation of the contribution of feature items to intrusion detection.
W JS (x, y) is the JS weighting factor of g y in category c x .Te calculation of W JS (x, y) can be derived by subsuming equation ( 9) into equation (10).From equation (11), it can be observed that if the distribution of feature g y is more dispersed, the JS weighting factor for c x becomes smaller.
3.3.Anticategory Frequency.Since feature terms representative of a particular category occur in a small number of classes, it can be further improved by using ICF [38].
Te inverse category frequency and feature entropy are introduced into the calculation of feature weights in sample classifcation.Te category frequency (CF) is the number of categories in which feature g y occurs.
Te calculation equation of anticategory frequency ICF is similar to IDF, which can be represented as follows: Te introduction of ICF in feature weighting is based on the assumption that the fewer the number of categories in which a feature g y appears, the greater the amount of category information it carries.Tis assumption is called the ICF assumption, which focuses on low-and mediumfrequency features at the category level while suppressing high-frequency features.However, ICF only considers the distribution of features between categories and does not consider the distribution of features within each category.If a feature term exhibits a more balanced distribution within a class, it signifes greater representativeness of that class.Tis indicates a higher capability for class diferentiation, warranting a larger weight assignment across all samples belonging to that class.Conversely, if a feature term is concentrated in only a few samples within a class, it does not efectively capture the characteristics of the class.Feature terms with low category diferentiation ability should be assigned lower weights.Te analysis shows that the size of the entropy value of the distribution of feature terms within a class is consistent with the amount of categorical information that the feature term can provide.
Te term entropy of the feature g y in the class c x is defned as follows: where TF(g y , c x ) represents the total number of frequencies of feature g y occurring in the samples of class c x .TE (g y , c x ) well refects the distribution of feature terms within the class, and its value is proportional to the category diferentiation ability of the feature.Based on the abovementioned analysis, this section introduces the XCF and te factors into the feature weight calculation and proposes two new feature weight calculation schemes, namely, TF.XCF

Security and Communication Networks
where g is the number of samples in which feature g y appears in the positive class.c is the number of samples in which feature g y appears in the negative class.It can be seen that the TF.RF.XCF.TE scheme contains four factors.Te TF is the original feature frequency.Te RF factor measures the distribution of feature g y between positive and negative correlation categories.Te XCF factor measures the distribution of feature g y between categories.Te TE factor is a measure of the distribution of features within classes.

Algorithm Description.
By combining the aforementioned weighting factors, W JS and W ICF , the feature weights, denoted as weight, can be calculated.
Te steps of the JINB algorithm are as follows.
Referring to the process outlined in Algorithm 1, we can analyze the time and spatial complexity of the JINB algorithm proposed in this paper.Te time complexity of the JINB algorithm can be approximated as O (z + z * z + z * w + z * w), which can be simplifed to O (z * z + z * w).Regarding the space complexity, it refers to the additional storage space required during the execution of the algorithm, primarily for storing the training sample set U and variables used for calculations.Assuming that the sizes of other variables are negligible compared to z, the space complexity of the JINB algorithm can be approximated as O (z).

Result Analysis and Discussion
4.1.Experimental Dataset.Te NSL-KDD dataset is used for the experiments in this paper.Te NSL-KDD dataset is a modifed version of the KDD Cup 1999 dataset, which was created for the purpose of evaluating intrusion detection systems.It was developed to overcome some of the limitations and issues found in the original KDD Cup 1999 dataset, which had problems related to redundancy and repetitive data records.It provides a diverse set of network trafc data with various types of attacks, making it a valuable resource for researchers and practitioners in the feld of cybersecurity.Te distribution of NSL-KDD across diferent attack categories is illustrated in Table 1.
Te experimental setup involved a Windows 10 PC equipped with an Intel Core i7-9750H CPU running at 2.60 GHz and 8 GB of RAM.Te algorithms proposed in this paper were implemented using Python 3.7.3.Te simulation experiments were conducted using the publicly available NSL-KDD dataset, which served as the dataset for this study.Te experimental parameters of the algorithm in this paper are set as follows.Te number z of categories C is set to 5, due to the 4 attack types (DoS, Probe, R2L, and U2R) and normal state.Te number w of sample instances is shown in Table 1, and the number of sample J is 132427.
Te steps for data preprocessing are as follows: (1) Data collection: frst, the NSL-KDD dataset was obtained for the experiments (2) Data cleaning: the data were cleaned to check for missing values, duplicate records, or inconsistencies (3) Data exploration: exploratory data analysis (EDA) techniques were employed to gain in-depth insights into the dataset's features and the distribution of attacks across diferent categories.(4) Data partitioning: the dataset was divided into a training set and a testing set, with the partitioning carried out using the KDD Train +_20Percent.TXT and KDD Test +.TXT fles, respectively.

Experimental Evaluation Methods.
Te intrusion detection system evaluation index is calculated by the confusion matrix, and its main evaluation index is divided into accuracy rate (Acc), detection rate (DR), false alarm rate (FAR), and missing alarm rate (MAR).
Acc is a measure of overall performance that takes into account all samples correctly classifed, but it does not provide detailed information about the accuracy of intrusion detection.DR focuses on intrusion detection accuracy, which measures the extent to which the classifer correctly detects actual intrusions.FAR and MAR are associated with false positives and false negatives and typically exhibit a negative correlation.Reducing FAR may lead to an increase in MAR, and vice versa, representing a trade-of.When evaluating intrusion detection systems, it is common to strike a balance between FAR and MAR to reduce false positives while minimizing false negatives, thereby enhancing DR and accuracy.
Teir calculation equations are as follows: where NU is the number of abnormal trafc data samples classifed as abnormal.NT is the number of normal trafc data samples classifed as normal.FU is the number of normal trafc data samples classifed as abnormal.FT is the number of abnormal trafc data samples classifed as normal.Te confusion matrix is shown in Table 2.
Te main types of attacks in WSN networks are black hole attacks, gray hole attacks, fooding attacks, replay routing attacks, and wormhole attacks [39].Te following four types of attacks are included in the NSL-KDD dataset: denial of service attacks (DoS) [40], snifng attacks (probe) [41], unauthorized access from a remote machine to a local machine (R2L) [42], and unauthorized access to local superuser (root) privileges (U2R) [43].

6
Security and Communication Networks

Algorithm Comparison Experiment.
Te experiments in this section are conducted using the LIB MATLAB simulation platform.To validate the performance of the JINB intrusion detection algorithm, a series of simulation experiments are conducted.Tese experiments involve a comparative analysis between the algorithm proposed in this paper and other existing algorithms.Furthermore, the proposed misuse detection module and anomaly detection module are individually simulated to evaluate their efectiveness in detecting specifc types of attacks.Te experiments in this subsection test the NSL-KDD dataset using OAA (one against all) [44], SVM (support vector machine), IBT (improved binary tree), HNB (hidden Naive Bayesian) [45], XLSTM [46], and the proposed algorithm.Each group of experiments uses the ten-fold crossover method to fnd the Acc, DR, FAR, and MAR of diferent attack types and fnally takes the corresponding average value as the experimental result.Te fnal experimental results are shown in Table 3. Te JINB algorithm is compared with other mainstream algorithms (OAA, SVM, IBT, HNB, and XLSTM) in terms of intrusion detection, and the results are measured using accuracy, DR, FAR, and MAR (see Figure 2).
As seen in Figure 2(a), the detection accuracy of the JINB algorithm has improved more signifcantly.From Figure 2(b), we can see that in terms of the detection rate, the detection rate of various intrusion types has been improved except for DoS, which is slightly lower than that of the HNB method.Figure 2(c) illustrates that the JINB algorithm has signifcantly reduced the false alarm rate compared to each of the other intrusion types, except for DoS and R2L. Figure 2(d) illustrates that the JINB algorithm has a signifcantly lower false alarm rate for each intrusion type than the other compared algorithms.
To assess the growth ratio, which refects the relationship of detection rates between the JINB algorithm and various algorithms for diferent types of network attacks, Table 4 demonstrates the proportional comparison of the JINB algorithm with the OAA, SVM, IBT, HNB, and LSTM algorithms.Here, the growth ratio is calculated by comparing the detection rate of the JINB algorithm to that of various reference algorithms in the context of diferent network Input: training sample set U, sample instances to be classifed      Security and Communication Networks attack types.Te calculation involves determining the difference between the detection rate of the JINB algorithm and the detection rate of each reference algorithm.Tis diference is then divided by the detection rate of the reference algorithm, and the result is multiplied by 100 to obtain a percentage representation.
By looking at Table 4, it is clear that (1) In the detection of normal and R2L attacks, the growth ratio is not much diferent.(2) Te growth ratio reaches the maximum when detecting probe attacks, reaching 46.5%.Tis shows a very large growth ratio compared to the detection of normal, DoS, R2L, and U2R, and the growth ratio increases as the number of samples is smaller than the sample set.However, it decreases in U2R, which may be caused by the small percentage and insufcient data samples.
Normal detection and DoS, probe, R2L, and U2R attack types are compared under these fve algorithms, and the ROC curve of experimental results is obtained, as shown in Figures 3(a)-3(e).
Te variation of DR and FAR of the fve algorithms for diferent kinds of attacks can be more intuitively seen by observing Figure 3. Te detection efect of the proposed algorithm is signifcantly higher than the other four compared algorithms as shown by the ROC graph.Te detection efect of the algorithm in this paper is more intuitively shown as the data imbalance rate increases.
Finally, an observation of the detection times recorded for the fve algorithms (as shown in Table 5) reveals that the proposed algorithm has signifcantly reduced the time complexity.In particular, the reduction in time is larger when testing, and the exact calculation yields a 52% reduction in testing time relative to OAA.Compared to XLSTM, the training time and detection time of the algorithm in this paper are reduced by 48.9% and 55.5%, respectively.
Te time complexity includes the training time for the classifer corresponding to the algorithm and the detection time for the algorithm to perform the attack detection, and the time complexity is expressed as shown in the following equation: Time complexity � training time + testing time. ( Based on the abovementioned simulation environment, intrusion detection is simulated using NS2.NS2 records the actions of each packet at every link and node during the simulation using a specifc format trace fle.It is instrumental in simulating probabilistic broadcast schemes for conventional ad hoc networks, intelligent routing protocols for wireless sensor networks, and routing protocols for fying ad hoc networks (FANETs).
As the quantity of malicious nodes in the network grows, the network topology becomes more intricate and the network is subjected to more DoS attacks, causing the detection rates of various algorithms to decline.Te proposed algorithm resolves diversity and outlier sensitivity issues.Tis enhances its generalization capacity, making it outperform other comparative algorithms in this paper.Even when there are more malicious nodes, the algorithm in this paper has a good performance (as shown in Figure 4).

Network Energy Efciency Analysis.
As shown in Figures 5 and 6, the average remaining energy of the network nodes and the number of surviving nodes change over time for OAA, SVM, IBT, HNB, XLSTM, and the proposed algorithm.Te network survival time is the longest for OAA defence because there is no additional energy consumption.HNB defence requires two modules to be turned on at the same time, which leads to a sharp increase in the energy consumption of the cluster head nodes and reduces the survival time of the network.In contrast, JINB defence only turns on one detection module at a time.SVM defence, IBT defence, and XLSTM defence activate a similar number of intrusion and misuse detection modules during network attacks and defence.Tis leads to comparable energy consumption and similar average energy and survival number curves of network nodes.
Experiments have proven that the JINB defence strategy efectively extends the survival time of the network and balances the accuracy and energy efciency of the intrusion detection system.
Te proposed intrusion detection algorithm based on feature-weighted NB improves the detection accuracy of   Security and Communication Networks network attacks in wireless sensor networks.By integrating a feature weighting algorithm, Jensen-Shannon divergence, and inverse category frequency, the algorithm enhances the performance of the Naive Bayes classifer.Tis allows for realtime processing of network events using the corresponding network trafc data, resulting in a signifcant improvement in the detection accuracy for various attack types.Terefore, the proposed model provides practicality for real-time network intrusion detection.Furthermore, the proposed intrusion detection algorithm based on feature-weighted NB ofers cost-efectiveness in network security.By improving the detection accuracy and reducing false detections, the algorithm enhances the efectiveness of network attack detection.Tis leads to cost savings by minimizing expenses related to false alarms and mitigating potential losses from undetected attacks.In addition, the algorithm utilizes existing network trafc data and incorporates weighting factors without imposing signifcant resource requirements.Tis makes it cost-efective to implement and integrate into existing systems.Te algorithm's real-time event processing capability further contributes to its cost-efectiveness by enabling prompt responses to detected attacks.Overall, the proposed model provides a cost-efective solution for enhancing the security of wireless sensor networks.

Conclusion
Te security of wireless sensor networks is facing various challenges.To improve the detection accuracy of network attacks, an improved intrusion detection algorithm based on feature-weighted NB is proposed in this paper.A feature weighting algorithm is proposed by assigning corresponding weights to diferent feature terms according to the situation.Te Jensen-Shannon (JS) divergence is combined with feature weighting and inverse category frequency (ICF) to improve the Naive Bayes algorithm.In the experimental session, the algorithm of this paper is compared and analyzed with other algorithms on the NSL-KDD dataset.Te results show that the wireless network intrusion algorithm proposed in this paper can ensure improved detection accuracy and detection rate, while reducing the false detection rate.Te limitations of this study are related to the algorithm's performance in the data preprocessing stage.Specifcally, (1) the discretization and normalization abilities of the algorithm require improvement.To enhance the algorithm's stability and adaptability, future work should focus on analyzing and implementing more efective data preprocessing methods.(2) Te study acknowledges the need to develop a threat model for evaluating the algorithms' performance in reducing system threat metrics.Tis development will comprehensively assess the algorithms' efectiveness in real-world threat scenarios.In the future, we will comprehensively discuss realtime computing efciency checks and possibilities, including an exploration of the applicability in broader network environments and large-scale deployments.

Figure 1 :
Figure 1: Intrusion detection model based on the JINB algorithm.

Figure 2 :
Figure 2: Comparison of the performance of each classifcation algorithm.(a) Comparison of accuracy.(b) Comparison of DR.(c) Comparison of FAR.(d) Comparison of MAR.

Figure 4 :
Figure 4: Relationship between number of malicious nodes and detection rate.

Table 1 :
Distribution of NSL-KDD training data.

Table 3 :
Comparison of detection performance (%) before and after algorithm improvement.

Table 4 :
Detection rate growth ratio of this algorithm to other algorithms.

Table 5 :
Time complexity of the fve algorithms.