Hybrid intelligence-powered secure clustering with trust-optimized routing for next-generation MANET communication

Abstract

Mobile Ad Hoc Networks (MANETs) are highly dynamic and resource-constrained systems in which the resourceful maintenance of secure, energy-efficient, and trustworthy communication is challenging owing to frequent changes in topologies and highly malicious intrusions. To resolve these issues, this work proposes research will provide a Hybrid Intelligence-Powered Secure Clustering and Trust-Optimized Routing (HISCTR) framework that combines adaptive clustering, intelligent trust assessment, and hybrid deep-learning-based intrusion detection into a single architecture. The Geographical Adaptive Fidelity Clustering (GAFC) scheme provides stable clustering, whereas the Addax Optimization Algorithm (AOA) identifies energy-balanced Cluster Heads and Sub-Cluster Heads according to residual energy, centrality, and mobility. Fuzzy Trust Vector Computation (FTVC) and Halfway Escape Optimization (HEO) are further used to provide routing reliability, as they collaboratively determine low-delay and highly trusted communication paths. Transformer-based temporal learning and CNN-based spatial analysis allow for a dual-path anomaly detection module to ensure the complete detection of multiple attacks. The proposed model showed the best performance at a mean power use of 0.8 mJ, throughput of 0.92 Mbps, packet delivery ratio, 5300-round network life, and efficiency rate of 99.5%, as proven by extensive simulations. These findings verify that HISCTR can provide a security-conscious, scalable, and robust communication system for next-generation MANETs.

Introduction

Mobile Ad Hoc Networks (MANETs) are infrastructure-free and decentralized wireless networks of moving nodes that communicate using multihop and are characterized by their flexibility, mobility, and lack of infrastructure, which leads to certain severe limitations of MANETs such as highly dynamic topology, limited battery capacity, and susceptibility to attacks¹. These aspects become even more pronounced when considering application scenarios such as Flying Ad Hoc Networks (FANETs), Vehicular Ad Hoc Networks (VANETs), and Aeronautical Ad Hoc Networks (AANETs), where fast mobility combined with resource constraints drastically deteriorates routing reliability and network lifetime².Thus, many clustering and routing strategies in WSNs have inherent limitations. Fuzzy Chaos-based Adaptive Particle Swarm Optimization (F-CAPSO) couples fuzzy systems with chaos theory and adaptive swarm intelligence to optimize energy-aware cluster head (CH) selection. Another method is the Coverage K-Means Routing Protocol (CKRP), which uses spatial zoning and density-aware K-means clustering to stabilize communications and delays in dense topologies³.

Security and energy issues have prompted the creation of a secure energy-efficient chaotic gazelle-based optimized routing protocol (SE2CG-ORP), which combines lightweight cryptographic methods, Type-II Fuzzy C-Means clustering, and Chaotic Gazelle Optimization for secure adaptive path discovery⁴.Similarly, the multi-routing cluster protocol with deep neural intrusion detection for MANETs using Deep Operator Neural Networks (MRCP-DNID-MANET-DONN) combines trust-aware clustering and anomaly detection via deep learning with artificial rabbit optimization to strengthen the defense against multi-vector threats⁵.Newer methods have focused on smart systems that prevent intrusion. For example, the Coati Optimization Clustered Gated Graph Convolutional Network with Multi-head Self-Attention for Intrusion Detection in MANETs (COCG-MSA-GCNN-MA-ID-MANET) improves cluster formation and attack detection. This was achieved by combining energy-aware clustering with a graph-based neural model that detects complex attacks, such as denial-of-service (DoS) and zero-day attacks⁶.

In addition, some new algorithms are emerging that use different approaches to manage clusters and ensure that the data reach their destination. The serial Exponential coati optimization algorithm (SECOA) models action- and time-based information to predict connection stability and trustable nodes⁷. Next, a CCCH-based cluster head selection algorithm is proposed. It is a compromise solution that picks the best Cluster Heads in real time, so this way aims at maintaining the stability and preventing re-configuration of the entire cluster⁸. Selfish node-aware trustable and optimized clustering-based routing protocol (SN-TOCRP). This technique employs fuzzy crow search and modified worm swarm optimization for bad actor redemption and trust level upkeep⁹.In addition, machine learning was employed, and an algorithm such as a cascade backpropagation neural network (CBPNN) with particle swarm optimization (PSO), which changes the clusters on-the-fly based on how things are moving and how the network is operating, to assist in making data movement faster and reduce delay and packet loss, especially when things become crowded¹⁰.

MANETs have emerged as an integral part of mission-critical and infrastructure-less applications, due to the explosion in mobile computing and real-time connectivity requirements. With the advanced application domains (e.g., from battlefield communications to emergency disaster recovery and intelligent transportation systems), there is an urgent demand for secure, adaptive, and energy-aware communication systems. Traditional routing and clustering techniques are ineffective when node behavior becomes unpredictable, whereas the attack also changes dynamically¹¹. There is a strong imperative to design an intelligent and coherent mechanism to enhance resilient communication in the face of uncertain network states, which can also adapt to energy constraints, mobility patterns, and attack vectors without costly computational or communication costs.

While some studies considered clustering mechanisms, trust models, and optimization-based routing in MANET scenarios, there are still few fragmented attempts that emphasize only energy sustainability or security issues. Furthermore, most current solutions do not have built-in intrusion detection support, which should be able to adjust to spatial-temporal traffic irregularities on-the-fly. When they exist, intrusion detection methods are generally static and/or too rigid for detecting novel cyber threats (e.g., zero-day attacks). In addition, the cluster formation heuristic optimization criteria that focuses on minimizing control message overhead does not consider the three evaluation metrics of mobile behaviors, trust deviation, and behavior inconsistency improvement simultaneously to achieve better network performance in terms of robustness and susceptibility to internal attacks. To address these limitations, this work makes the following contributions:

• A novel hybrid intelligence-based architecture was developed to ensure secure and trust-guided data transmission in decentralized wireless networks, particularly to address the dynamic behavior of WSNs and MANETs.

• An adaptive cluster leadership model was proposed using the Addax Optimization Algorithm, ensuring a balanced energy distribution and seamless failure through intelligent CH and sub-CH role assignment.

• Trust levels were dynamically computed using a multidimensional behavioral analysis framework supported by fuzzy logic, and routing paths were optimized using a quantum-inspired algorithm that prioritized both reliability and efficiency.

• A deep intrusion prevention mechanism was incorporated by combining spatial pattern recognition from CNNs and temporal sequence modeling from transformer layers, and the system was validated under varying simulation scales using synthetically generated traffic-data.

The rest of this work is structured as follows: Section  Related works reviews the existing work in this area. Section  Overview of the HISCTR framework proposes the proposed HISCTR framework. Section  Result and discussion presents the experimental setup, simulation parameters, and datasets used, followed by a detailed performance evaluation. Section  Discussion concludes the work by summarizing the main findings and discusses future directions.

Related works

Essentially, wireless Ad-hoc Networks (WANETs) including Mobile Ad Hoc Networks (MANETs), Wireless Sensor Networks (WSNs), Unmanned Aerial Vehicle (UAV) networks and Vehicular Ad Hoc Networks (VANETs) will always be confronted with unstable topologies besides the lack of energy resources. To address these challenges, a two-dimensional categorization system that divides clustering approaches into determinate and uncertain ones is suggested. This taxonomy can extract the normalization of activities in the clustering of activities, in addition to increasing the routing flexibility and network life in the heterogeneous WANET environment¹². A reengineered K-means-based Cluster Head (CH) selection strategy is proposed to realize a fair energy distribution in WSNs. This algorithm quantifies the leftover energy, node density, closeness to the base station, and signal strength in an effort to offer fair CH rotation, which overcomes initial node failure and prolongs the average network lifetime in comparison with standard algorithms, including Low-Energy Adaptive Clustering Hierarchy (LEACH) and Hybrid Energy-Efficient Distributed Clustering (HEED)¹³.

The graph Kernel Clustering Algorithm with Link Failure Prediction (GKCA-LFP) model is a resilient solution for mobility-intensive networks. This model improves cluster formation and path choice, thereby reducing the number of packets and transmission delay owing to link failure and mobility of links in dynamic environments, as well as predicting such failures by using indicators such as density and mobility stability through graph kernel-based clustering and predicting potential link failure¹⁴. To fulfill the two prerequisites of secure and efficient routing, a hybrid protocol was developed that incorporated both the ad hoc On-Demand Distance Vector (AODV) routing protocol and the multipath Byzantine optimized link state routing protocol (MBOMRP). The framework provides fragment-wise data encryption to maintain the integrity of the data using a blend of cryptographic algorithms, namely, AES, RSA, SHA-256, and Blowfish, to guarantee confidentiality without affecting the performance of the dynamic MANET topologies¹⁵.

The EMAT framework presented a hybrid clustering of MANET-IoT networks with Spider Monkey Optimization (SMO) under multi-agent reinforcement learning (MA-RL) to evaluate the trust and multi-attribute cryptography (MAC) to regulate the data of secured findings. This combination decreases the routing overhead and enhances the reliability of transmission¹⁶. The K-means algorithm was enhanced with the Philippine Eagle Optimization (PEO) algorithm to develop the Modified K-means Philippine Eagle (MKMPE) routing method to enhance the trust-based routing. The two-layered model is important in energy conservation and CH choice according to the direct, indirect, and recent measures of trust, thereby providing effective communication in dynamic MANET conditions¹⁷. A suggested clustering algorithm in the urban context of vehicles involves improved tensor trace maximization (iTTM) with hypergraph spectral analysis and Gaussian Mixture Modeling (GMM). The criteria significance with the help of the inter-criteria correlation (CRITIC) technique, the criteria must be considered based on vehicle speed and connectivity and hence opens way to a consistent CH selection, which is known to provide better throughput and latency rates¹⁸.

To overcome the usual topology variations and scarce energy supply, the Enhanced Chicken Swarm Optimization-Adaptive Position Routing Protocol (ECSO-APRP) hybrid model selects CHs according to the residual energy, communication cost, and mobility behavior, and route updates according to the adaptive path changes of APRP. To a large extent, such a design can reduce the overhead of benchmarks such as the Genetic Algorithm-LEACH¹⁹.Moreover, a trust-based routing scheme applies k-means clustering and Bayesian inference to the inception of CH credibility. The suspected CHs or energy-hungry CHs are substituted in real time, and the base station feedback ensures secure data transmission, resulting in secure and energy-efficient route construction²⁰. The Fuzzy Marine White Shark Optimization (FMWSO) algorithm is a bio-inspired optimization algorithm used to select CH based on the beneficial nature of being inspired by the Marine Predator Algorithm (MPA) and White Shark Optimization (WSO). By utilizing fuzzy logic and parameters such as energy levels and delay, this technique improves the network lifetime and decreases jitter and loss of data in unstable MANETs²¹.

A two-phase clustering algorithm was used to support the heterogeneity of the heterogeneous MANETs. One-hop logical clusters were first created, and gateway nodes were then selected based on mobility and cluster coverage values. The tiered strategy reduces routing overhead and maintains throughput in mixed-node scenarios²². Particle Swarm Optimization (PSO) in the Bio-inspired Trust-based Clustering and Probabilistic Hierarchical Management (BT-CPHM) model enables the selection of the CH, while the selection of Super Cluster Heads (SCHs) is controlled by fuzzy logic. Through bandwidth- and trust-based routing, this technique enables energy-effective communication and lower drop rates compared to traditional models, such as BPSO-TORA²³. The upgraded fly algorithm for MANETs (E-MAV: MMF-MANET) pairs a Modified African Vulture Optimization Algorithm (AVOA) for the identification of CHs with a Mayfly based routing strategy supplemented by SOS-inspired mutations. Brownian motion was incorporated for the diversification of solutions, and mutualism mechanisms were used for maximum path discovery with lower energy consumption²⁴.

Dynamic Algorithm Switching (DAS) uses the Density-Based Spatial Clustering of Applications with Noise (DBSCAN) to perform adaptive clustering and change routing paths on a per-second basis depending on node traffic and energy remaining. Moreover, a lightweight anomaly detection system is useful in terms of better throughput and network lifetime than a baseline protocol, such as ANFIS-EESC²⁵.The cluster-based energy-efficient gradient swarm-gradient deep belief classifier (CEGS-GDBC) system combines Dual Network Centrality with Epsilon Greedy Swarm Optimization to generate small clusters. An attention-augmented Deep Belief Network helps to conduct intrusion detection and can deliver superior results in detecting as well as low computing expenses²⁶. The angle-based density clustering (EBDC) algorithm is used to address communication failures during mobility to utilize energy threshold monitoring during CH elections in the case of high energy consumption and invoke CH rerouting to maintain communication connectivity, thereby saving power and preventing a fragmented network²⁷.

A Secure Cryptography-based Clustering Mechanism (SCCM) was developed to achieve resilient communication in cloud-integrated MANETs. The Large-Scale Energy-Aware Trust Optimization (LS-EATO) model incorporates elliptical power to prevent malicious nodes and improve the efficiency of communications when many nodes are present in the network by combining the Sailfish Optimization (SFO) with the Whale Optimization Algorithm (WOA) to execute the routing optimization of such a network²⁸. The large-scale energy-aware trust optimization (LS-EATO) model improves security in Hierarchical WSNs through the application of a Harmonic Search-based Genetic Algorithm (HGA) for CH selection and Energy-Aware Intra and Inter-Cluster Trust (EAIICT) for trust validation. Malicious nodes are swiftly identified, ensuring that communication efficiency is maintained across diverse network loads²⁹. This approach balances energy use and congestion, improves performance when deployed in dense formations, and increases the operational life expectancy³⁰.

The ILSO model with ECC-based encryption is an optimization that improves CH selection by simulating lion pack dynamics and adding Minimum Hop Detection (MHD) in path computing. This configuration ensures black hole and sinkhole attack resistance and increases packet delivery consistency³¹.To enhance real-time emergency communication, a Blockchain-based Distributed Secure Data Aggregation (block-DSD) framework incorporates zone-based clustering with ECC encryption and Improved Elephant Herd Optimization (IEHO) routing. The Adaptive Neuro-Fuzzy Inference System (ANFIS) is employed to assign the Cluster Head duty, and a Secure Two-Step (STS) protocol detects and prioritizes emergency messages³².“.Finally, a complex multilayer structure is proposed, which has Zone-Based Clustering (ZBC), reinforcement learning-based CH Selection (RL-CHS), Quantum-Resistant Physical Unclonable Function (QR-PUF) for node authentication, and a convolutional neural network-based Trust Management System (CNN-TMS).With the assistance of a lightweight encryption algorithm (ALEA) and a Hybrid Optimization-Based Routing Protocol (HORP) that combines a Genetic Algorithm and PSO, this framework excels in data security, even for unstable mobile networks³³.

Minsoo Kim et al. proposed a blockchain-assisted maximum evacuation framework in zero trust hiking trail and mountainous terrain using Internet of Things (IoT) devices that leverages blockchain technology for enhanced security and reliability. This work devised three innovative algorithms designed to maximize the activation of evacuation nodes, ensuring rapid and efficient disaster response. In addition, extensive simulations were performed to demonstrate the performance of the proposed schemes, and the obtained outcomes were discussed³⁴.

Table 1 A comparison of existing clustering and routing approaches in MANETs.

In mobile and decentralized wireless networks, secure and energy-efficient data communication is complex owing to the instability of the topology, uncertainty in node behavior, and dynamically changing paths through which the networks operate. In the absence of a smart balancing mechanism for these components, the system is exposed to packet loss, energy drain, and compromise. The lack of a systematic framework that unifies intelligent clustering, trust routing, and real-time intrusion detection while maintaining scalability and a low computational overhead is a key gap in the current research. To address this, a comprehensive end-to-end solution should be developed that not only considers spatial and communication-based affinity when establishing a cluster but also incorporates fuzzy logic-based trust calculation, optimization-based routing, and deep learning-based threat detection to provide holistic and proactive protection of the network in the context of dynamic operations.

Further analysis of the current MANET clustering and routing methods, as shown in Table 1, reveals various gaps in the research practices of the algorithms that have prompted the further development of the HISCTR. Clustering frameworks based on fuzzy and PSO, such as F-CAPSO, FMWSO, and improved variants of K-means, are mainly designed to maximize energy efficiency and cluster stability without explicit adversarial awareness or dynamic trust evaluation, thus allowing black hole, Sybil, and trust-poisoning attacks. Routing schemes based on optimization, such as SSA-, EGSO-, and MBOMRP-based, are also shown to be better than traditional methods, but these schemes are built on fixed link or energy information, do not involve adaptive trust filtering, and do not support real-time attack isolation. Deep-learning-based intrusion detection models, such as DONN-, GCNN-, and CNN-TMS-based models, have high detection rates; however, they are implemented as independent IDS modules and are not closely linked with clustering or routing solutions, which leads to slower responses and higher overhead. Moreover, several centralized or partially centralized solutions (e.g., CCCH and RSU-based clustering) introduce single-point failures and scalability constraints, whereas many studies do not report recovery behavior, memory utilization, or convergence performance under large-scale or multi-attack MANET scenarios. In contrast, HISCTR explicitly addresses these algorithmic limitations by tightly integrating GAFC-based adaptive clustering, AOA-driven multi-objective CH selection, FTVC-based dynamic trust computation, HEO-optimized secure routing, and a hybrid transformer–CNN intrusion detection mechanism within a unified framework. This coordinated cross-layer design enables the simultaneous optimization of energy, trust, security, and routing stability, thereby overcoming the fragmented and single-objective limitations observed in existing approaches.

Overview of the HISCTR framework

A hybrid Intelligence-Driven Secure Clustering and Trust-Aware Routing (HISCTR) framework is proposed to efficiently address sophisticated security and performance challenges that are typical of decentralized and dynamic wireless network environments, such as Wireless Sensor Networks (WSNs) and MANETs. Because the absence of central control and the mobile and resource-constrained features of such networks make it difficult to provide secure communications and defend against adaptive cyber attacks, the task has become increasingly difficult. The HISCTR was developed as a comprehensive modular system aimed at delivering adaptive security, ensuring high data integrity, and maximizing resource efficiency.

The architecture of HISCTR consists of three collaborative modules: intelligent clustering, trust-sensitive secure routing, and proactive intrusion detection. Each of these modules is operated to ensure maximum resilience, optimize performance, and enhance security across all network operation layers. The clustering module uses geographic and communication fidelity measures to build efficient node clusters with inherent fault tolerance using primary and backup leadership roles. Cluster Heads (CHs) and Sub-Cluster Heads (sub-CHs) are dynamically selected based on a bio-inspired optimization method ensuring longevity and energy balance in the cluster structure. Next, the trust-aware routing module emphasizes the honesty and credibility of the routes for data transmission. A fuzzy logic-based framework assesses node behavior along numerous dimensions, such as packet delivery consistency and energy behavior, to provide dynamic trust ratings. These scores are fed into a quantum-inspired optimization engine that strategically selects routing paths with optimal choices, balancing trustworthiness and transmission latency.

These layers are complemented by an intrusion detection unit, which incorporates deep learning via a hybrid transformer–CNN mechanism that bridges the power of spatial anomaly detection with global sequence learning, so that sophisticated and novel threats can be accurately detected even under non-standard or unanticipated traffic conditions. These elements have an overarching structure that dynamically adapts to environmental changes, mitigates threats, and offers the best performance in decentralized wireless networks. Figure 1 shows the collaborative interaction between clustering, trust assessment, secure routing, and intrusion detection using deep learning systems at the system level. This work was planned based on a modular and simulation-based approach to the systematic assessment of the impact of hybrid intelligence on the security of communication in MANETs. First, adaptive clustering, trust-aware routing, and hybrid deep-learning-based intrusion detection are integrated to create an architecture (HISCTR). The GAFC was used in the clustering stage, and then AOA was used to select CH and Sub-CH based on energy, centrality, and mobility. This was followed by the integration of a fuzzy trust computation model and HEO-based optimization to achieve a secure and low-latency routing path. Multiclass network attacks were then analyzed using a hybrid transformer-based CNN model that used both time-related and spatial traffic characteristics. Finally, the proposed framework was tested with large-scale simulations involving different node densities and attack conditions, and the performance of the framework was compared to the state-of-the-art protocols using standard network, security, and efficiency measures to ascertain the robustness, scalability, and reproducibility of the results.

Fig. 1

Functional architecture of the HISCTR framework.

Despite the fact that GAFC, AOA, FTVC, and HEO are already developed methods, their applications in the HISCTR framework were specifically modified to work together and not in their original form of application. First, the GAFC clustering mechanism was generalized with an aware geographic constraint of fidelity, which allowed clusters to dynamically reshape their spatial boundaries in response to node mobility and trust consistency, and minimized the resulting frequent reconfiguration of the clusters when mobile. Second, the Addax Optimization Algorithm (AOA) was modified with the addition of a multi-criteria fitness function, which combined residual energy, node centrality, and mobility variance, as well as a stability-aware penalty term to disincentivize a high frequency CH/Sub-CH switching behavior to increase the cluster longevity and energy balance. Third, the FTVC trust model was improved with time-dependent trust smoothing and attack sensitivity weighting, which enables the system to distinguish between transient misbehavior and long-lasting malicious behavior, as well as enhance trust restoration when an attack is isolated. Finally, the Halfway Escape Optimization (HEO) routing algorithm was modified to include trust-constrained escape behavior, so that exploration of routes was explicitly restricted to avoid low-trust links, with delay and hop stability being optimized. These directed modifications provide close cross-layer interactions between the routing, clustering, and security modules, which leads to enhanced scalability, resilience, and real-time adaptability that would otherwise not have been experienced with the initial algorithms separately.

Geographical adaptive fidelity clustering (GAFC)

Motivation for clustering in WSN/MANET

WSNs and MANETs are decentralized by nature, and each node is independent in unpredictable environments. Although this topology is flexible and easy to deploy, it is very restrictive in terms of energy sustainability, routing overhead, and communication reliability. To overcome these drawbacks, clustering, a mechanism of organizing nodes into hierarchies, is used, and coordination units (cluster heads) are introduced to deal with local communication and report aggregated information to the base station or other clusters. This greatly minimizes the amount of direct transmissions to the sink, saving the node energy and increasing the network life.

Fig. 2

Hierarchical clustering structure with CH and sub-CH node roles.

However, classical clustering methods do not work in mobile settings because nodes are mobile, the topology may change dynamically, communication quality may not be consistent, and a topology may be rebuilt frequently, which adds extra controller overhead and consumes node energy. To address these issues, the Geographical Adaptive Fidelity Clustering (GAFC) algorithm uses adaptive clustering based on spatial and communication quality criteria, resulting in more robust and energy-efficient clustering.

Cluster formation process

The GAFC³⁵ is used as the cluster creation and support layer of the HISCTR framework and is applied periodically to support the mobility of nodes. Nodes are aggregated based on geographic proximity, and a fidelity constraint restricts changes in the membership of a cluster unless serious mobility or trust degradation is observed. Such adaptive control of the boundary reduces the frequency of reclustering and control overhead. The GAFC offers consistent cluster designs that act as operation zones in subsequent optimization and routing operations. The GAFC mechanism clusters on a hybrid measure that reflects the physical proximity and fidelity of communication between nodes. All nodes compute an aggregate affinity score of their neighbors to select the possible formation of a cluster.

The Affinity Function between any two nodes i and j is given by.

$${\psi }_{ij}=\frac{{Q}_{ij}}{{d}_{ij}^{\alpha }}$$

(1)

Where \({\psi }_{ij}\)represents the proximity-fidelity score between node and node , \({Q}_{ij}\)denotes the communication quality or link reliability from to , d_ij​is the Euclidean distance between the two nodes,α is the path loss exponent (typically between 2 and 4 in wireless settings). Each node compiles affinity scores with its neighbors and joins the cluster with the highest cumulative affinity, forming groups that are both spatially compact and communication efficient.

Cluster head and sub-cluster head roles

The AOA is utilized in each GAFC cluster to choose the Cluster Heads and Sub-Cluster Head in terms of multi-objective fitness assessment³⁶. All candidate nodes are represented as solution vectors, and the optimizer balances exploration and exploitation, as well as optimizes the remaining energy, node centrality, and mobility variance. To avoid the high CH turnover, a stability-conscious penalty term is added to the penalty term to ensure that the leadership is energy balanced and the leaders switch every time. The AOA implementation is event-based on cluster interactions instead of operating continuously, which makes it less computationally intensive. After the clusters are constituted, the algorithm assigns leadership positions to each cluster as follows:

• Cluster Head (CH): The main controller, responsible for inter-cluster communication, data aggregation, and transmission to the sink or next-tier node.

• Sub-Cluster Head (sub-CH): A designated backup responsible for intra-cluster communication and support. If the CH fails or becomes unreachable, the sub-CH seamlessly takes over to ensure uninterrupted cluster operation.

This dual-role structure introduces fault tolerance, reduces the frequency of cluster reformation, and extends the node lifespan. To determine which nodes assume these roles, a multi-objective optimization model was applied using a nature-inspired technique. The layered communication hierarchy, featuring sensor-to-sub-CH, sub-CH-to-CH, and CH-to-base station routing, is illustrated in Fig. 2 to emphasize the fault tolerance and balanced energy distribution.

Addax optimization algorithm (AOA) for CH/sub-CH selection

When it comes to wireless sensors and mobile ad hoc networks, the selection of the best nodes to be used as CHs and sub-CHs is a task that is of utmost importance and has a direct impact on the efficiency, prolongation, and resilience of the network. It is a multi-objective and dynamic selection issue that requires a multi-objective approach that can strike a balance between energy expenditure, location fitness, and node mobility under dynamically varying circumstances. Conventional optimization algorithms, such as Particle Swarm Optimization (PSO) and genetic algorithms (GA), which work well in static scenarios, are prone to premature convergence or require a lot of tuning, especially in fast-changing network structures. To address these restrictions, this framework uses the Addax Optimization Algorithm (AOA), which is a nature-inspired algorithm based on the behavior of the Addax antelope, an animal that lives in the desert and has adapted to the hostile and changing environment through foraging. The main idea of AOA is to dynamically determine the strongest and most energy-efficient applicants to CH and sub-CH jobs by simulating decentralized, herd-driven search patterns that search the solution space in an adaptive manner. AOA offers a trade-off between exploration and exploitation unlike deterministic or greedy techniques, and thus, it can overcome local optima and can adapt to changes in the network state, making it especially well-suited to a decentralized system such as MANETs and WSNs, where the positions and energy levels of nodes are unpredictable. The evaluation of each possible candidate node i is determined based on a composite fitness measure that combines three normalized measures as follows:

1. (i)

   Residual Energy (E_r​)—ensuring the node has sufficient battery to perform extended duties.

2. (ii)

   Centrality Index (C_i​)—ensuring the node is spatially optimal within its cluster.

3. (iii)

   Mobility Degree (M_d​)—preferring nodes with lower mobility for leadership stability.

Fig. 3

Flowchart of cluster formation and CH/Sub-CH selection using AOA.

The overall fitness score F_i​ for each node i is computed as follows:

$${F}_{i}={\omega }_{1}\cdot \frac{{E}_{i}}{{E}_{max}}+{\omega }_{2}\cdot \left(1-\frac{{d}_{i}}{{d}_{max}}\right)+{\omega }_{3}\cdot \left(1-\frac{{v}_{i}}{{v}_{max}}\right)$$

(2)

where E_i​ is the current residual energy of node i; d_i​ is the average distance of node i to all other cluster members; v_i​ is the velocity or mobility index of node i; E_max, d_max, and v_max are the normalization constants (maximum observed values); and w₁, w₂, and w₃ are the weighting factors that balance the importance of each metric, such that w₁​+w₂​+w₃​=1.This multi-criteria score ensures that high-ranking nodes are not only well-powered but also centrally located and less prone to disconnect owing to excessive movement.

AOA selection dynamics

Once all fitness scores are computed, the AOA simulates the foraging behavior of the Addax species, where herd members continuously reposition based on environmental gradients, mimicking this behavior through a stochastic population-based search. At each iteration:

• Nodes with high scores influenced the direction of the virtual herd.

• The algorithm adjusts the candidate positions (in the abstract solution space) based on adaptive coefficients that emulate attraction, repulsion, and random deviations.

• The system retains the memory of the global and local best candidates to refine the search in the subsequent iterations.

The best node is the Cluster Head, and the second-best node, which is within a reasonable distance of the CH, is made to be the sub-CH. This guarantees geographical cohesiveness and its quick failure, where necessary. The sequential decision-making process for creating energy-aware clusters and deciding on the best CH and sub-CH roles through the Addax Optimization Algorithm is illustrated in Fig. 3, which guarantees the robustness and fault tolerance in the network structure.

The AOA only requires slight tuning and is self-adapted to environmental changes, unlike PSO, which is highly dependent on velocity updates and can get stuck in local minima, or Genetic Algorithms, which use crossover/mutation parameters that must be carefully tuned. It is lightweight, and its convergence is faster; therefore, it is suitable for real-time node role allocation on constrained WSN/MANET systems. In addition, its biological model is consistent with the distributed and non-deterministic behavior of wireless nodes, which increases the harmony and resilience of the systems.

Trust-aware secure routing

Decentralized wireless networks, such as WSNs or MANETs, do not have a central brain to oversee them; hence, they are susceptible to security attacks as well as irregularities in the behavior of the nodes. In this case, nodes depend on their neighbors to transmit data, thus forming a trust-based environment. A malicious or malfunctioning node may interfere with traffic, consume energy, or cause routing loops. To avert such risks, a Trust-Aware Secure Routing strategy is presented, which consists of two main modules: Fuzzy Trust Vector Conservative (FTVC) and Halfway Escape Optimization (HEO) to select the best path.

Fuzzy trust vector computation (FTVC)

The FTVC is used in the process of route discovery and data forwarding to implicate node reliability with a multidimensional fuzzy trust vector³⁷. Changes in forwarding, delay variation, and packet uniformity are aggregated using fuzzy inference rules, which provide the ability to withstand uncertainty and transient faults. Temporal smoothing is used to update trust so that it does not change drastically and falsely suggests trust. The resulting trust vectors are used as gating requirements for routing and optimization choices. The trust computation process is executed by assessing the behavior of individual nodes over time using various performance measures. Rather than binary or strict thresholds, Fuzzy Trust Vector Computation uses fuzzy explanations to make sense of uncertain or inaccurate inputs, leading to a more resilient trust assessment process. Each node maintains a trust score T_i ∈ [0,1], which is dynamically updated based on three core behavioral dimensions:

• Packet Forwarding Reliability (R_f​): The ratio of successfully forwarded packets to total packets received.

• Behavioral Consistency (B_c​): Measures deviations in node actions, such as dropping packets or unusual latency.

• Energy Utilization Efficiency (E_u​): Evaluates how economically a node uses its battery for network tasks.

These metrics are fed into a fuzzy inference system, where linguistic variables, such as High, Medium, and Low, are mapped using triangular or trapezoidal membership functions.

Fuzzy trust rule base

A simplified rule base is as follows:

• IF R_f​ is High AND B_c​ is Stable AND E_u​ is Efficient THEN Trust is High.

• IF R_f​ is Low OR B_c​ is Erratic THEN Trust is Low.

The fuzzy logic output is defuzzified (commonly using the centroid method) to yield a crisp trust score as follows:

$${T}_{i}=\frac{\underset{\alpha }{\overset{\beta }{\int }}{\mu }_{T}\left(x\right)\cdot xdx}{\underset{\alpha }{\overset{\beta }{\int }}{\mu }_{T}\left(x\right)dx}$$

(3)

Where µ_T​(x) is the aggregated membership function for the trust score, [α,β] is the trust universe of discourse (typically [0, 1])

The resulting trust vector is continuously updated over time using a temporal smoothing function.

$${T}_{i}\left(t\right)=\theta \cdot {T}_{i}\left(t-1\right)+\left(1-\theta \right) \cdot {T}_{i}^{new}$$

(4)

where θ ∈ [0,1] is a memory factor that gives weight to the past trust history.

Only nodes with trust values above a set threshold T_min​ are considered eligible for routing participation.

Route formation using halfway escape optimization (HEO)

HEO is used in the secure routing optimization phase when optimizing routes that have already met the trust constraints created by the FTVC. The routing paths are considered as solutions, and the HEO refines paths iteratively by minimizing delays and maintaining path stability, but does not attempt to use low-trust links owing to constrained escape dynamics³⁸. The optimizer has a small search space to ensure rapid convergence. Such trust-constrained optimization improves the resiliency of the routes without adding excessive latency.

Fig. 4

Flow diagram of trust-based routing and HEO optimization.

Finding the best path in a dynamic network involves more than the shortest distance; it should also consider reliability, delay, and energy usage. This results in a multi-objective trade-off. An efficient exploration of this space was performed using the Halfway Escape Optimization (HEO) algorithm. As a quantum tunneling concept, HEO proposes a special process of escaping local optima by probabilistically simulating quantum particles to tunnel across barriers.

HEO route optimization model

Let P = {P₁​, P₂​…, Pn​} be the set of candidate paths from the source to the destination, where each path P_k​ is evaluated by a fitness function F(P_k​).

The fitness function is defined as

$$F\left({P}_{k}\right)={{\upeta }}_{1}\cdot \left(1-\frac{{D}_{k}}{{D}_{max}}\right)+{{\upeta }}_{2}\cdot {\stackrel{-}{T}}_{k}+{{\upeta }}_{3}\cdot \left(1-\frac{{E}_{k}}{{E}_{max}}\right)$$

(5)

Where D_k​ is the latency (delay) of pathP_k​, \({\stackrel{-}{T}}_{k}\)is the average trust score of all nodes in P_k​, E_k​ is the cumulative energy cost along P_k​, D_max,E_max is the normalization constants, and η₁,η₂,η₃ is the weights for delay, trust, and energy (satisfying η₁​+η₂​+η₃​=1).

Quantum-inspired escaping mechanism

The HEO introduces a tunneling probability function to escape local optima:

$${P}_{escape}=exp\left(-\frac{\varDelta F}{\sigma }\right)$$

(6)

Where ΔF=F_current−F_best​,σ is the system temperature controlling exploration (analogous to simulated annealing).

If P_escape> r (where r ∈ [0,1] is a random value), the algorithm performs a tunneling move and selects an alternate candidate path that has not been explored in depth. This enables the system to avoid being trapped in suboptimal regions.

The route with the maximum F(P_k​) value after several iterations becomes the final secure path. After choosing the best route P*, the HEO completes the route by adding it to the routing table. The system still checks the node trust and network metrics and reevaluates the metrics if a critical decrease in trust or performance is observed. The two-layered routing strategy that integrates both fuzzy behavioral modeling and quantum-inspired routing optimization is a powerful tool for ensuring that all communication in decentralized networks is safe and efficient. The FTVC ensures that only trusted nodes are involved in the forwarding of data, and the HEO ensures that the paths selected by the algorithm are both reliable and optimal in terms of delay and energy. The two combined constitute an active, adaptive, and security-conscious routing protocol that is optimized to fit mobile resource-constrained settings. The entire trust-based routing architecture, including fuzzy trust computation and quantum-enhanced route optimization, is systematically presented in Fig. 4, which shows that only trustworthy nodes are involved in secure and efficient route setup.

Hybrid intrusion detection system (hybrid transformer–CNN network)

Motivation for hybrid deep learning in intrusion detection

The dual-path intrusion detection module is installed as a background security layer in continuous operation, which monitors the network traffic in active MANET operations. Incoming traffic is divided into fixed time windows and processed simultaneously by a transformer path-based temporal learning and CNN-based spatial feature extraction path. The transformer branch considers long-range dependencies and dynamic traffic patterns based on multi-head self-attention and can detect stealthy and sequential attacks early compared to the CNN branch, which considers localized packet-level and flow-pattern anomalies based on multi-scale convolutional filters³⁹. The obtained temporal and spatial representations are merged into a single feature and categorized by a lightweight MLP, which enables real-time detection of an attack and instant isolation of a node. This two-way fusion guarantees high detection rates and ensures computational tractability and compatibility with trust-based routing decisions.

Intrusion Detection Systems (IDS) in Wireless Sensor Networks (WSNs) and Mobile Ad Hoc Networks (MANETs) have traditionally been built using signature-based detection or shallow machine learning algorithms. Although effective in static and controlled environments, such approaches fail to provide consistent performance in mobile, non-stationary, and decentralized scenarios because of their inability to adapt to non-IID traffic patterns and unseen (zero-day) attack behaviors. These networks frequently experience changes in topology, bandwidth variability, and communication irregularities, rendering static models obsolete. To address this challenge, a hybrid deep learning framework combining transformer encoders and Convolutional Neural Networks (CNNs) was introduced. This architecture combines the global sequence modeling power of transformers and the local spatial sensitivity of CNNs, enabling accurate detection of complex and dynamic intrusion behaviors in network traffic.

• Transformers can learn temporal and semantic relationships in sequences, which helps to model the evolving patterns of normal or malicious behavior over time.

• CNNs are highly effective in spotting localized anomalies, such as bursts, micropatterns, or rare deviations, which may signal packet-level attacks.

• The fusion of these two methods enables multiresolution feature extraction, resulting in a more robust, adaptable, and generalizable intrusion detection engine.

Transformer path: global contextual encoding

The Transformer-based path is designed to understand long-range dependencies within network traffic. This begins by slicing the input traffic matrix into fixed-length patches x_i​, each representing a window of time series or session-level features.

Linear Projection and Tokenization

Each patch is flattened and passed through a trainable linear projection layer to produce token embedding:

$${z}_{i}=W\cdot {x}_{i}+b$$

(7)

Where x_iis the Flattened vector for the ith patch, W is the Weight matrix, b is the Bias term and z_i is the Token representation.

Positional Encoding

To inject the sequence order (which is otherwise discarded during flattening), a positional encoding vector PE_i​ is added as follows:

$${PE}_{i}^{\left(2k\right)}=sin\left(\frac{i}{{1000}^{\raisebox{1ex}{$2k$}\!\left/ \!\raisebox{-1ex}{$d$}\right.}}\right), {PE}_{i}^{(2k+1)}=cos\left(\frac{i}{{1000}^{\raisebox{1ex}{$2k$}\!\left/ \!\raisebox{-1ex}{$d$}\right.}}\right)$$

(8)

The Transformer input becomes:

$${e}_{i}={z}_{i}+{PE}_{i}$$

(9)

Fig. 5

Hybrid transformer–CNN architecture for intrusion detection.

Self-Attention Mechanism.

To model the global dependencies across patches, the input sequence e_i​ passes through the multihead self-attention layers. The attention is computed as follows:

$$Attention\left(Q,K,V\right)=softmax\left(\frac{{QK}^{T}}{\sqrt{{d}_{k}}}\right)V$$

(10)

Where \(Q={e}_{i}{W}_{Q}, K={e}_{i}{W}_{K}, V={e}_{i}{W}_{V}\), \({W}_{Q}, {W}_{K}, {W}_{V}\) is the Learnable projection matrices and \({d}_{k}\) is the Dimensionality of the key vectors.

These outputs capture context-aware representations, which are then processed by feedforward layers and passed to an MLP Head to produce a dense vector G that summarizes the global behavioral patterns.

CNN path: local spatial anomaly detection

Parallel to the Transformer path, the raw input is also fed into a CNN branch that focuses on capturing spatial anomalies that may occur in local traffic structures.

Convolutional Processing.

Let F ⁽⁰⁾ be the initial input that is reshaped as a 2D tensor.At each layer l, the output feature map is.

$${F}^{\left(l\right)}=\sigma \left({W}^{\left(l\right)}*{F}^{\left(l-1\right)}+{b}^{\left(l\right)}\right)$$

(11)

Where\({W}^{\left(l\right)}\) is the Convolutional filters, ∗ is the Convolution operator, \({b}^{\left(l\right)}\) is the Bias term, and σ is the Activation function (ReLU). Multiple convolutional and pooling layers were stacked to extract hierarchical spatial features.Finally, these features are flattened into a single-dimensional vector S, which captures the fine-grained anomaly characteristics missed by the transformer.

Fusion and decision layer

The outputs from both paths G (transformer) and S (CNN)are concatenated into a unified vector as follows:

$$F=concat(G,s)$$

(12)

This hybrid feature vector is passed to a fully connected classifier, followed by a softmax function to generate probabilities over the intrusion classes:

$${\widehat{y}}_{j}=\frac{{e}^{{F}_{j}}}{{\sum }_{k=1}^{C}{e}^{{F}_{k}}}$$

(13)

Where \({\widehat{y}}_{j}\) is the Probability of input belonging to class j, C is the Number of possible intrusion categories (Normal, DoS, U2R, Probe).

Loss FunctionThe model is trained using the Categorical Cross-Entropy Loss:

$$\mathcal{L}=-\sum _{j=1}^{C}{y}_{j}\text{l}\text{o}\text{g}\left({\widehat{y}}_{j}\right)$$

(14)

Where \({y}_{j}\) is the true label in one-hot encoding.The dual-path intrusion detection mechanism, which integrates global contextual encoding from transformer layers with localized spatial analysis from CNN modules, is depicted in Fig. 5 to highlight its multiscale feature fusion strategy for accurate anomaly classification.

Algorithm

HISCTR_Framework().

Table 2 presents the architectural setup of the proposed Hybrid Transformer CNN-based intrusion detection model that will be utilized in the HISCTR framework. It describes the parallel time and space learning paths, number of transformer encoder layers, attention heads, and CNN kernel sizes. The classification layers and feature fusion strategies used to detect multiple attacks in the literature are also highlighted in table. Such a systematic representation enhances the clarity, reproducibility, and comprehension of the model design.

Table 2 Configuration of the hybrid transformer–CNN intrusion detection model.

Result and discussion

This section provides a detailed analysis of the introduced Hybrid Intelligence-Driven Secure Clustering and Trust-Aware Routing (HISCTR) framework and its efficiency in the dynamic environment of wireless networks and in the presence of different adversarial threats. The evaluation uses a wide range of performance metrics, such as energy consumption, data transmission, effectiveness of packet delivery, packet drop, end-to-end latency, jitter, network survivability, and bit error rate. It also discusses key parameters of the systems, such as routing efficiency, bandwidth usage, computational overhead, memory footprint, precision of attack detection, and routing control cost, which indicate the scalability and robustness of the HISCTR with different node densities. To compare HISCTR with several existing protocols, the evaluation criterion must be low-energy adaptive clustering hierarchy with Particle Swarm Optimization (GKCA-LFP), Trust and Intrusion Detection with a Residual Network (TID-ResNet), Dynamic Trust Prediction Routing with Ant Colony Optimization (DTPR-Ant), and Graph-based Trust Computation Network with Machine Learning Fusion (GTCN-MF).These protocols are characterized by different approaches to energy-conscious and trust-based routing in wireless networks. The assessment is backed by comprehensive figures and tables that depict behavioral patterns with increasing network densities and verify the strength of the framework in identifying advanced attacks and system stability. The simulation setting, configuration settings, and statistical procedures were well designed to provide homogeneous benchmarking and equal comparisons among all the tested models.

Dataset

The attack scenarios examined in this work, including blackhole, Sybil, sinkhole, wormhole, grayhole, trust poisoning, and zero-day attacks, were created based on labeled traffic patterns found in the CICDDoS2019 dataset⁴⁰, which is a realistic simulation of malicious behavior, considered as dropping packets, identity spoofing, traffic redirection, selective forwarding, flooding, and stealth-based anomalies. They mapped these attack signatures to node behaviors specific to MANET by identifying the features of the dataset related to routing disruption, manipulation of trust, packet loss, delay variation, and unusual routing paths. All types of attacks were introduced into the simulated MANET environment through the alteration of node-level actions at the route discovery and data forwarding stages, allowing for a controlled assessment of trust deviation, detection accuracy, and recovery behavior.

Experimental configuration

The experiment was conducted using a simulation-based MANET model that aimed to test the proposed HISCTR framework in a realistic and scalable network environment. The nodes were evenly distributed in a 1000 m × 1000 m square space, and the frequencies were 2.45 GHz, which met the IEEE 802.15.4 standard. All nodes were set to 2 Joules of energy and sent 1024-byte packets on a 11 Mbps wireless medium. The network was increased to 1200 nodes to determine its strength and ability to scale. In such controlled environments, HISCTR conducts adaptive clustering, trust routing, and hybrid intrusion detection, and the important performance metrics, such as energy consumption, throughput, packet delivery ratio, latency, network lifetime, and detection accuracy, are logically documented and compared with state-of-the-art protocols.

The data were analyzed in accordance with the method of evaluating the trust behavior, intrusion detection performance, and network recovery properties under various attack conditions obtained based on the CICDDoS2019 dataset. Instances of network traffic associated with blackhole, grayhole, wormhole, Sybil, trust poisoning, and zero-day-like attacks were inoculated in the MANET simulation, and node-level behavioral measures were observed. The detection rate was estimated as the percentage of correctly detected attack instances using the proposed Transformer-CNN intrusion detection module. The trust recovery time was estimated as the period during which the affected nodes reached a trust value above the defined trust threshold after mitigating an attack. To gain statistical reliability, all metrics were averaged across several simulations, and the results were aggregated to show the strength and adaptive recovery ability of the suggested framework.

The experimental implementation of the HISCTR framework was conducted using a simulation environment built on Python 3.11, with the integration of TensorFlow 2.x and Scikit-learn libraries for deep learning and machine learning operations.Model training and trust evaluation were executed on a system equipped with an AMD Ryzen 9 5900X processor running at 3.7 GHz, 64 GB of DDR4 RAM, and an NVIDIA RTX 3090 GPU featuring 24 GB of VRAM to support parallel computation and accelerated deep learning inference.Network simulations, including packet transmission, routing, and node behaviormodeling, were developed using a combination of custom Python scripts and NS3-based APIs, allowing the detailed control of mobility patterns, traffic generation, and trust metrics.The operating environment was configured on Ubuntu 22.04 LTS to ensure compatibility with advanced kernel-level networking features and to optimize the simulation performance.All the experimental runs were conducted under controlled network loads with randomized seed initialization for statistical robustness, enabling consistent benchmarking across competing protocols.The experimental framework was designed with carefully selected simulation parameters, including frequency, data packet size, and node energy level, which were optimized for high-performance wireless communication, as summarized in Table 3, ensuring alignment with practical deployment scenarios in dynamic IoT environments.

Table 3 Network simulation parameters used for experimental configuration.

Experimental result validation

A comparison of the energy use in different protocols proved that there was a noticeable efficiency in the use of resources in the case of the proposed HISCTR framework. With scalation to 1000 nodes, the GKCA-LFP and TID-ResNet traditional schemes demonstrate exponential energy costs with energy costs of 1.40 mJ and 1.38 mJ, respectively, at 1000 nodes. In comparison, the proposed HISCTR technique requires 1.00 mJ with the same network density, which is much lower. In particular, HISCTR saves on average 28.35% of energy when compared with GKCA-LFP, 27.26% when compared with TID-ResNet, 16.83% when compared with DTPR-Ant, and 13.22% when compared with GTCN-MF, in all node configurations. This constant trend of efficiency using larger node sizes, as demonstrated in Fig. 6, emphasizes the higher energy-handling capacity of the proposed model, which allows it to be more sustainable for large-scale implementation without degrading network performance. This experiment evaluated the energy efficiency of the proposed HISCTR framework under increasing node density, which is critical for prolonging the operational lifetime of the MANET. The consistently lower energy consumption of HISCTR demonstrates the effectiveness of GAFC-based stable clustering and AOA-driven CH/Sub-CH selection, which reduce redundant transmissions and re-clustering overheads. This confirms that the proposed design scales efficiently, without excessive energy depletion.

Fig. 6

Energy consumption comparison across different protocols.

Fig. 7

Throughput comparison under varying node densities.

The throughput performance of increasing node densities demonstrates the resilience of the proposed HISCTR framework to ensure high rates of data transmission, even in a congested case. Although competing approaches, including GKCA-LFP and TID-ResNet, decline faster above 400 nodes, the proposed approach maintains rates of at least 0.88 Mbps. With an average HISCTR scheme, the throughput improvements were 71.4, 56.5, 30.6, and 17.2% for GKCA-LFP, TID-ResNet, DTPR-Ant, and GTCN-MF, respectively, at all node densities. This consistent advantage can be observed in Fig. 7, where the proposed approach retains its performance close to constant, even when the network load is higher, which highlights its scalability and bandwidth-saving efficiency. Throughput analysis determines the capability of routing and clustering to maintain the transmission of reliable data during network resource congestion. The HISCTR has a superior throughput with an increase in node density owing to the selection of routing by trust and optimization of the forwarding paths to bypass unreliable and malicious nodes. This explains why the framework can maintain bandwidth efficiency in a dense MANET.

The ability of the proposed HISCTR protocol to deliver packets with the growth of the number of nodes in the network is quite noticeable and distinguishes the resilience of the proposed protocol from that of the traditional schemes. Although the GKCA-LFP and TID-ResNet experienced a significant decline in delivery efficiency to 82% and 83%, respectively, at 1000 nodes, the proposed approach provided a stable rate of 95, and thus, there was a small degradation. The HISCTR framework represented, on average, a 14.3% improvement over the GKCA-LFP, 11.8% over the TID-ResNet, 6.9% over the DTPR-Ant, and 4.3% over the GTCN-MF, confirming its strength across heavy and dynamically changing network structures. As shown in Fig. 8, this constant high retention of packets at different scales reflects the efficiency of the protocol in maintaining the flow of reliable data under the pressure of an overloaded network. In this experiment, the reliability of communication was determined by quantifying the successful delivery of packets through dynamic topology and conditions of attacks. The high PDR maintained by the HISCTR verifies the strength of its trust-based routing and attack-aware path optimization, in which there are minimal packet drops in large-scale and adversarial networks.

Fig. 8

Packet delivery ratio comparison at varying network sizes.

The comparison of the packet loss ratios showed that the proposed HISCTR scheme is much more reliable than the other routing schemes in the case of a continuous increase in the network load. Although the GKCA-LFP and TID-ResNet have loss rates of 17.5 and 16.0, respectively, with 1000 nodes, the HISCTR framework has a significantly lower loss rate of 5.2, on average, across all data points, which again substantiates the effectiveness of the trust-based and optimization-driven routing schemes. The loss ratio of HISCTR, as shown in Fig. 9, is always low and does not decrease with node density, which is remarkably robust in wide-scale delay-sensitive wireless systems. The packet-loss test measures the resilience of routing decisions to congestion, link failures, and maliciousness. The significantly lower loss rate with the HISCTR proves the efficiency of not utilizing low-trust nodes and having stable routing routes, which justifies the framework to be useful in delay- and loss-sensitive applications.

Fig. 9

Packet loss ratio comparison across node densities.

A numerical work of the network lifetime of different populations of nodes revealed that the HISCTR framework is much more efficient than traditional protocols in ensuring a long operation. In contrast to the GKCA-LFP and TID-ResNet, where the lifetime sharply dropped to 3600 and 3900 rounds, respectively, in 1000 nodes, the HISCTR model maintained the same 4700 rounds. The framework showed a 38.7% enhancement on average across all levels of nodes over GKCA-LFP, 22.9% over TID-ResNet, 12.4% over DTPR-Ant, and 7.3% over GTCN-MF, as shown in Fig. 10, an endurance benefit that can be seen as evidence of the capacity of the framework to balance the utilization of energy and minimize node failures, which makes it suitable for applications that require long deployment times. In this experiment, the time elapsed before the network could not operate any longer owing to the depletion of the energy of nodes was used to gauge long-term sustainability. HISCTR provides a balance between energy usage in the network by using optimized routing and clustering, which proves it to be an appropriate network for long-term MANET deployment.

Fig. 10

Network lifetime comparison with increasing node density.

The delay performance of different network sizes underscores the capability of the proposed HISCTR protocol in reducing latency, even in high node densities. Traditional approaches such as GKCA-LFP and TID-ResNet have a high peak delay of 10.0 s and 9.8 s, respectively, at 1000 nodes, and HISCTR at 1000 nodes only has 6.2 s. For mean scaling of all scales, HISCTR had a smaller delay reduction than GKCA-LFP (39.4), TID-ResNet (34.7), DTPR-Ant (30.5), and GTCN-MF (21.4), indicating that HISCTR was able to provide timely data transmission. The regularly lower tendency of delay, as demonstrated in Fig. 11, highlights the effectiveness of HISCTR trust-based routing and hybrid learning systems of HISCTR, which is why it can be considered when time concerns are vital in wireless applications. Delay analysis was used to measure the responsiveness of the network in terms of data delivery time with an incremental load on the net. This is explained by the decreased delay in the HISCTR owing to the optimized choice of paths and minimized retransmissions, proving that security improvements do not deteriorate the demand for real-time communication.

Fig. 11

End-to-end delay comparison across node densities.

Jitter, which indicates the differences in the arrival time of the packets, is a crucial factor in ensuring consistency in the performance of delay-sensitive networks. Unlike other recent algorithms, including GKCA-LFP and TID-ResNet, the more nodes the higher the jitter level, up to 49 and 48 ms, respectively, which indicated poor timing stability. Conversely, the timing behavior of the proposed HISCTR model is much more stable, with jitter reaching no higher than 36 ms, even with 1000 nodes. This stable performance is not only smoother among all densities but also averages 26.4% lower than GKCA-LFP, 24.6% lower than TID-ResNet, 21.2% lower than DTPR-Ant, and 17.2% lower than GTCN-MF. The HISCTR approach, as shown in Fig. 12, is highly effective in increasing the predictability of the time of sending and receiving the packet, which is particularly vital in video streaming, real-time monitoring, and industrial automation applications. Jitter analysis is used to work the stability of the time of arrival of packets, which is essential in applications that require real-time performance. Lower jitter values indicate that the HISCTR has a stable routing behavior and controlled traffic flow, which guarantees its predictable communication behavior under dynamic conditions.

Fig. 12

Jitter comparison across increasing network sizes.

The evaluation of the Bit Error Reason (BER) as the node densities increase clearly shows how well the proposed HISCTR framework could have worked in maintaining signal integrity as the network load increases. Although the existing approaches, such as GKCA-LFP and TID-ResNet, have BERs of up to 24% 23%, respectively, the proposed system has a very low BER of 7% and progressively improves with an increase in the number of nodes. The mean of all measurements showed that the HISCTR protocol decreased the BER by approximately 74.2% compared with the GKCA-LFP, 71.3% compared with TID-ResNet, 54.8% compared with DTPR-Ant, and 38.2% compared with GTCN-MF. As illustrated in Fig. 13, the lowering of the BER shown in the mean of all measurements indicates the high transmission accuracy of the proposed method and makes it specifically suitable for applications with high error sensitivity, such as industrial or medical sensor networks. The BER test evaluates the reliability of transmission and signal integrity in a dense network. The inferior BER of HISCTR proves that stable clustering and trust-aware routing decrease retransmissions and channel contention, which leads to data accuracy enhancement in general.

Fig. 13

Bit error rate comparison across network scales.

The trends in the efficiency rates of the different numbers of nodes are good indicators of how the proposed HISCTR framework can utilize all available resources to the fullest to run its network under different loads. All the compared protocols became increasingly advanced after 100 to 1000 nodes, but HISCTR remained slightly ahead of the others, reaching 99.95% at the maximum load, and the others were far behind it. It is interesting to note that despite having a low network size, the suggested approach initiated at 99.0%, which is significantly lower than the other best competitor, GTCN-MF, which initiated at 98.8%, indicating that HISCTR has internal optimization mechanisms and consistent control overhead management that make it suitable for networks where high efficiency and precision are important operational characteristics. This measure is used to assess the efficiency of network resource usage in comparison with the provided performance. As shown in Fig. 14, the HISCTR has a high efficiency rate, indicating that it has an optimized control overhead and balanced processing, which justifies the accuracy and scalability of the framework.

Fig. 14

Efficiency rate comparison with respect to node growth.

The effectiveness of the protocol in exchanging control messages rather than actual data transmission is the routing overhead ratio. With the addition of more nodes, both conventional models, GKCA-LFP and TID-ResNet, experienced a physical increase in overhead that hit its plateau with 1000 nodes (0.47 and 0.44, respectively). The proposed HISCTR protocol, in turn, had a much lower overhead of 0.19 under the same conditions. This is an average of 59.6% routing overhead reduction over that of GKCA-LFP, 56.3% routing overhead reduction over TID-ResNet, 47.3% routing overhead reduction over DTPR-Ant and 40.4% routing overhead reduction over GTCN-MF. Figure 15 demonstrates that the flatter slope and the persistently lower curve of the HISCTR method add weight to the efficiency of the methodology in reducing the amount of unneeded control traffic and, therefore, is quite appropriate for scalable and constrained wireless implementation. Routing overhead analysis evaluates the control message load in comparison to the traffic of the data. The lower overhead of HISCTR proves that intelligent clustering and trust-based decisions restrain unnecessary control interactive activities and enhance scalability in large networks.

Fig. 15

Routing overhead ratio comparison at different node densities.

The key aspect of decentralizing network security against invasions by hostile parties is the timely and precise identification of attacks. The developed HISCTR architecture could be improved with the density of nodes and identified threats with detection rates of over 95% and 98.9% under maximum load. Conversely, the baseline models, GKCA-LFP and TID-ResNet, recorded 91.5% and 93.5%, respectively, at 1000 nodes. On average, HISCTR showed an improvement of 8.3%over GKCA-LFP, 6.5% over TID-ResNet, 5.4% over DTPR-Ant, and 4.1% over GTCN-MF, proving it to be resilient against advanced cyber-attacks. It can be observed that this benefit is evident in Fig. 16 where the proposed model is always on the highest trajectory, which supports the fact that the hybrid transformer-CNN-based intrusion detection engine is effective in dynamic and complex network conditions. This experiment tested the power of the hybrid intrusion detection system under various attack conditions. High detection rates consistently attest to the fact that the Transformer-CNN architecture manages to capture both temporal and spatial attack patterns, confirming the security soundness of the HISCTR.

Fig. 16

Attack detection rate comparison at varying node levels.

The period of security analysis is directly related to the complexity of the calculations of the capability to track and indicate potential threats in real time, which is more significant when the nodes are densely arranged. The HISCTR framework proposed in this work was more processing-loaded, and the time required for the analysis was higher at 2.7 s with 100 nodes and 4.4 s with 1000 nodes. This was much greater than that of GKCA-LFP and TID-ResNet, whose values were 3.4 s and 3.6 s, respectively. Although the growth of the time of analysis may not be so advantageous, judging by the raw latency, the added time demonstrates the enhanced investigation procedures in HISCTR: the transformer-CNN hybrid framework performs both temporal and spatial pattern recognition. The given trend, as shown in Fig. 17, validates the presence of a trade-off between the analytical depth of the HISCTR being enhanced and the time spent on computing as an indicator of higher threat detection rates, higher levels of reliability, and greater adaptability in security management, which are the key features of any deep-learning-based defense module. This measure is used to evaluate the computational cost of the real-time intrusion detection process. In fact, the proposed HISCTR will lead to a slightly longer analysis time; however, its detection accuracy and adaptive security management will be much higher, showing that the design is also well balanced to combine security and performance.

Fig. 17

Security analysis time comparison across node scales.

As node density increases, memory efficiency becomes increasingly important in a wireless network, particularly in a resource-intensive application such as a WSN or MANET. As plotted in this figure, more nodes are added, which in turn reduces the memory footprint of the proposed HISCTR framework with a baseline of 640 KB and a slight increase of 750 KB. However, other conventional models consume much more memory; GKCA-LFP and TID-ResNet reach 920 and 900 KB, respectively. Therefore, HISCTR saves approximately 18.5% of memory usage compared to the most memory-intensive base. Figure 18 shows that the HISCTR curve does not increase with the node level, demonstrating that the HISCTR is an efficient architecture, even following the addition of sophisticated security layers. This finding is significant because HISCTR uses deep-learning-based intrusion detection and trust-ware routing, indicating that intelligent optimization methods can deliver a high level of security without any additional memory consumption. Memory analysis is a consideration of the potential for implementing the proposed framework on resource-limited MANET nodes. Because the comparatively low memory footprint indicates that the HISCTR incorporates state-of-the-art security measures without any serious storage needs, it also proves architectural effectiveness.

Fig. 18

Memory utilization comparison across increasing network sizes.

As the network size increases, the reduction in computation time becomes extremely relevant to ensure that the systems are responsive and use less energy. All numbers of nodes had their minimum computation time of 1.3 ms at 100 nodes, followed by a gradual increase of up to 3.2 ms at 1000 nodes owing to the HISCTR framework. Comparatively, the other models, TID-ResNet and GKCA-LFP, required 3.8 ms and 3.5 ms, respectively, to achieve the same conditions. This demonstrates that HISCTR has a clear performance edge over the others in the time-critical environment and an overall average gain in the efficiency of the computation of approximately 18–22% respectively. Combining deep learning with trust operations in the architecture does not require an excessive amount of time because the architecture is modularly optimized and lightweight. Figure 19 shows how the proposed system has a better temporal scalability and lower processing overhead as opposed to that of the current benchmarks. The computational time assessment measures the processing scalability of the computation time with an increase in the network size. Overall, the shorter computation time of the HISCTR proves that it is a modular and optimized architecture for the integration of clustering, routing, and security without causing significant delays in processing.

Fig. 19

Computational time comparison across different network sizes.

Overall, bandwidth management is important for ensuring communication performance in dense and resource-constrained wireless networks. As shown in the proposed HISCTR architecture, the lowest bandwidth overhead is always achieved at all node sizes with 4.6% bandwidth overhead when using 100 nodes and 6.0% when using 1000 nodes. Comparatively, the bandwidth requirements of the traditional schemes GKCA-LFP and TID-ResNet amount to up to 9.5% and 8.7%, respectively, at the same scale, indicating that both schemes are very heavy on communications. The HISCTR reduces the bandwidth overhead by approximately 30–40% on average compared with most traditional baselines. This is primarily because adaptive clustering, trust-aware routing, and compact model inference reduce unnecessary transmissions and manage message exchange, as illustrated in Fig. 20, hence supporting the effectiveness of the framework in communication scenarios with dynamic network load conditions. The bandwidth overhead test measures the additional communication overhead initiated by the protocol’s control activities. The reduction in overhead was observed to confirm that adaptive clustering and trust-aware routing reduced unnecessary transmissions, thereby saving bandwidth efficiency.

Fig. 20

Bandwidth overhead comparison across varying node counts.

The responsiveness of delay-sensitive wireless real-time applications depends on the latency overhead as a major factor. According to the graphical trend, the proposed HISCTR model has the most efficient latency attributes, with a range of 0.18 s at 100 nodes to 0.24 s at 1000 nodes. This overhead is very small compared to other competing algorithms such as GKCA-LFP (0.45 s) and TID-ResNet (0.41 s) at high node density. The HISCTR model possesses the strengths of smart clustering, routing optimization, and parallelized intrusion detection, which eventually lowers the delay time incurred in the process of forwarding packets and security checks. Based on Fig. 21, it is clear that the proposed strategy is consistent in the low-latency regime, where it positions itself optimally in the time-constrained WSN/MANET system, where the delay in communications is to be reduced to a minimum. Latency overhead analysis was used to measure the extra delay of the security and routing operations. The latency overhead suggests that HISCTR does not compromise fast response times but provides strong security; hence, it would be applicable in time-sensitive MANET.

Fig. 21

Latency overhead comparison across node scales.

The evaluation of different attack scenarios concerning trust-based resilience demonstrated the robustness of the HISCTR framework in preserving network integrity. Specifically, it achieved a high detection rate for all investigated attacks, and Blackhole, Sinkhole, and Sybil attacks were identified with accuracy rates of more than 97%. Notably, even advanced threats, such as Trust Poisoning and Zero-Day attacks, which are intrinsically stealthier, show commendable detection rates of 94.2% and 92.9%, respectively. The average trust deviation describes the amount of disturbance in trust; the highest deviation is caused by zero-day attacks and trust poisoning owing to their stealthy and deceptive behaviors. Moreover, the times of recovery of the system trust after the attack are relatively low, remaining within the window of 2.1–4.5 s. As shown in Table 4, the consistent recovery performance combined with reliable detection accuracy validates the adaptability and real-time responsiveness of the proposed trust computation mechanism.

Table 4 Attack-Wise Trust Deviation, Detection Rate, and Trust Recovery Time.

The statistical aspects of different routing security schemes are compared, attacks by the proposed system achieved a mean of 98.7%, outperforming all baseline models, followed by GTCN-MF at 95.0%. The detection rate of and the superior performance, in terms of detection accuracy and communication overhead, narrow 95% confidence interval [98.1,99.3] show the precision and reliability of detection technique. Similarly, the HISCTR the throughput results also show the same trend, in which the proposed model also achieves up to 0.91 Mbps with very narrow confidence bands and is the other schemes in terms of average rate better than all and variance among different flows. As shown in Table 5, these results emphasize the dual strength of the HISCTR: achieving robust anomaly detection while maintaining high-quality data transmission, a balance that is often challenging in decentralized and adversarial environments. This analysis evaluates trust resilience and recovery under diverse and sophisticated attack types. The observed trust deviation and rapid recovery times confirm that the proposed trust computation mechanism adapts effectively to both known and zero-day attacks, ensuring network stability and a rapid restoration.

Table 5 Statistical summary of detection rate and throughput for competing methods.

The computational profiles of HISCTR and other benchmark models detail how the algorithmic efficiency varies significantly depending on the design priorities, such as clustering stability, routing adaptability, and intrusion detection granularity. In this regard, HISCTR achieves a very important balance by using a clustering mechanism at O (n log n) and a routing scheme at O(n²), which allows this solution to operate on large node populations without excessive resource strain. Its hybrid intrusion detection component, with a complexity of O(n•d²), improves threat recognition by integrating both spatial and temporal data perspectives. When compared with frameworks such as GKCA-LFP and TID-ResNet, which demonstrate quadratic behavior across clustering and routing but use less computationally intense intrusion detection (O(n•d) and O(n•d²), respectively), the increased overhead in HISCTR is justified by its superior threat-handling capability. As shown in Table 6, lighter alternatives such as DTPR-Ant have better performance in terms of routing and clustering, obtaining O (n log n) but at the cost of inferior detection accuracy owing to their simpler IDS mechanisms (O(n•d)). Conversely, more complex models, such as GTCN-MF, which merge graph-based processing with multi-feature fusion, exhibit higher cumulative complexity O (n² log n + n•d), potentially limiting their deployment in highly dynamic environments. Overall, HISCTR’s computational complexity of HISCTR is well matched to its advantages in terms of performance, making it scalable and security-conscious for decentralized wireless networks. Finally, statistical and complexity analyses confirmed the reliability of the results and the scalability of the algorithms. Low variance, narrow confidence intervals, and manageable computational complexity confirm that the improvements in performance with the HISCTR are consistent, scalable, and not scenario-dependent.

Table 6 Computational complexity analysis of HISCTR and benchmark models.

Table 7 Ablation work.

The ablation results in Table 7 quantitatively demonstrate the contribution of each HISCTR component by comparing the performance variations relative to the full framework. Removing GAFC increases energy consumption from 0.80 mJ to 1.05 mJ (≈ 31% increase) and routing overhead from 0.19 to 0.31, confirming that GAFC stabilizes cluster formation and minimizes frequent re-clustering, which otherwise introduces excessive control traffic and energy expenditure. When GAFC is disabled, the throughput decreases from 0.92 to 0.78 Mbps (≈ 15% reduction) and the PDR drops from 98.0 to 90.6%, indicating that energy-unbalanced CH/Sub-CH selection leads to inefficient forwarding paths and increased packet loss. The exclusion of FTVC results in the most severe reliability degradation, with the PDR declining to 93.1% and the attack detection rate dropping sharply from 98.7 to 90.5%, demonstrating that trust-aware validation is critical for excluding malicious or unreliable nodes from routing decisions. Without the HEO, the throughput decreased from 0.92 to 0.86 Mbps, and the routing overhead increased from 0.19 to 0.24, highlighting its role in fine-grained path optimization and traffic load balancing under dynamic network conditions. Finally, disabling the transformer–CNN module reduces the attack detection accuracy from 98.7% to 89.6%, confirming that deep spatiotemporal feature learning is essential for identifying complex and evolving attack patterns that cannot be captured through heuristic or trust-based mechanisms alone. Overall, the quantified performance degradation observed in each ablation setting verifies that HISCTR’s superior performance of the HISCTR arises from the complementary interaction of energy-aware clustering, adaptive optimization, trust validation, heuristic routing refinement, and deep-learning-based security analysis.

Discussion

The proposed HISCTR framework was tested under controlled variations of node specifications: packet size, initial energy, communication range, node density, and deployment strategy were varied, whereas the IEEE 802.15.4 constraints remained fixed. Performance trends for short- to extended-range communication scenarios, as well as for sparse-to-dense node deployments, have been studied. Given the nature of network environments, one may easily observe that this type of adaptation of performance provides good proof that the HISCTR generalizes well outside the fixed parameter settings. However, trust establishment in HISCTR does not rely on such static node attributes or predefined transmission ranges; instead, it is a result of the FTVC-based behavioral trust evaluation, which continuously updates the assessment of forwarding reliability, delay consistency, and interaction history. Temporal smoothing and trust decay mechanisms prevent abrupt trust fluctuations caused by transient range-induced link alterations. In conjunction with trust-constrained routing optimization and intrusion-aware isolation, this design provides reliable trust establishment and maintenance, even in dynamically changing communication ranges and topological changes.

The research outcomes indicate that integrating hybrid intelligence into MANET clustering, routing, and intrusion detection significantly impacts the development of future decentralized wireless systems. Notable enhancements in energy efficiency, route selection, and attack detection accuracy suggest that multilayer intelligent collaboration, encompassing clustering, trust modeling, and deep learning-based anomaly analysis, can significantly enhance network resilience in highly dynamic settings. These findings suggest that MANETs can be made more dependable for mission-critical applications, such as disaster response, tactical communication, remote IoT monitoring, and autonomous vehicle coordination, where security and stability are crucial. Additionally, the scalability observed in large node densities demonstrates that hybrid intelligence can effectively handle network complexity without compromising performance, paving the way for its use in emerging 6G, UAV swarms, and large-scale IoT ecosystems.

The shortcomings of the proposed HISCTR framework are discussed in this section. Although substantial improvements in security, energy efficiency, and routing reliability were achieved, certain limitations remain in the proposed framework. First, the introduction of the hybrid Transformer–CNN intrusion detection module at the CH/Sub-CH level adds a computational load, which may not be suitable for extremely resource-constrained MANET nodes. Second, AOA-based CH/Sub-CH selection and HEO-driven route optimization rely on periodic updates of metrics (e.g., energy, mobility, and trust). High-mobility scenarios may trigger more frequent recomputations, which slightly increases the control overhead. Third, the model was evaluated in a simulation environment with synthetic traffic data. Real deployments of MANET may experience unpredictable variations in hardware, heterogeneous device capabilities, and non-stationary attack behaviors that may affect performance. Finally, although the trust computation mechanism is robust, it may still require further adaptation to counter highly sophisticated zero-trust adversaries or coordinated, multi-vector attacks. These issues will be mitigated in future extensions using lightweight IDS architectures, adaptive optimization scheduling, and real-world validation of testbeds.

Conclusion

The HISCTR framework is a thorough and flexible approach for decentralized wireless networks that focuses on both effectiveness and robustness. It combines GAFC-based clustering with Addax optimization to assign primary and secondary cluster heads, thereby facilitating smart role allocation in changing network environments. Additionally, the use of fuzzy logic for trust evaluation and HEO-based secure routing enhances communication reliability and security in highly dynamic environments. When integrated with a hybrid transformer–CNN intrusion detection system, the proposed framework exhibited strong and reliable performance. Tests revealed a threat detection accuracy of 98.9% while maintaining an average energy use of only 1.00 mJ. The framework also achieves a packet delivery rate of 95% with a latency of 6.2 s, making it ideal for applications that are sensitive to delays. Moreover, network stability was demonstrated by low packet loss (5.2%), reduced jitter (36 ms), a minimal bit error rate of 7%, and efficient use of memory and bandwidth. Future research will aim to confirm the practical use of the HISCTR framework by deploying it in real-world IoT testbeds for performance evaluation. The architecture can also be expanded to support heterogeneous multihop scenarios with dynamic traffic patterns and diverse hardware configurations. To further improve adaptability to evolving cyber threats, decentralized learning models such as edge-based or federated learning will be investigated. Additionally, implementing the HISCTR in realistic MANET test settings will allow for a thorough evaluation under mobility and interference challenges to be conducted. Finally, developing lightweight Transformer–CNN IDS variants and adaptive optimization scheduling strategies is anticipated to lower computational demands, making the framework more suitable for resource-constrained nodes while maintaining strong security performance.