DDTMS: Dirichlet-Distribution-Based Trust Management Scheme in Internet of Things

Abstract

Information security is important for the Internet of Things (IoT), the security of front-end information is especially critical. With this consideration, the integrity and authenticity of sensed information directly impacts the results of back-end big data and cloud computing. The front end of the IoT faces many security threats. In these security threats, internal attacks cannot be defended by traditional security schemes, such as encryption/decryption, authentication, and so on. Our contribution in this paper is that a DirichletDistribution-based Trust Management Scheme (DDTMS) in IoT is proposed to defend against the internal attacks. The novelty of our scheme can be summed up in two aspects. The first aspect considers the actual physical channel to extend the node behaviors from success and failure to success, failure, and uncertainty, meanwhile, the corresponding behaviors are weighted by using <w_s, w_f, w_u>, in order to limit the measurement of each behavior by custom. In the second aspect, we introduce a third-party recommendation to calculate the trust value more acurrately. The simulated results demonstrate that DDTMS is better than the other two reputation models (Beta distribution and Gaussian distribution),and can more accurately describe the reputation changes to detect the malicious node quickly.

1. Introduction

With the development of the Internet of Things (IoT) technology, the formation of relevant standards, as well as the deepening of industrialization, IoT security faces greater challenges. On the one hand, based on the analysis of the IoT security threats and security requirements, many studies put forward some ideas in the research work of the IoT security issues, and study the key technologies, products, and industrialization issues of the IoT security as soon as possible. On the other hand, for the security of system applications, considering the security of IoT based on the industry is recommended, that is, the security measures within the industry: solved internally by the industry. Self-contained protocols achieve confidentiality according to industry requirements.Its specifications refer to industry internal regulations.The overall consideration of IoT is the open security of industrial interfaces, open to designated users, and set different security levels.In addition, through information collaboration of the IoT, enhancing the relevance of information can reduce security risks [1].

The existing Internet has already carried out a series of considerations on security issues. For the IoT system, special consideration needs to be given to the security of the front-end perception system. This is due to the fact that, from the data flow, if the integrity and authenticity of the data source cannot be guaranteed, then the credibility of the back-end big data and cloud computing is ignorant. There are two main aspects of the security of the front-end perceptual system, the security of the node itself and the communication security of the perception layer, which involve the wireless sensor network (WSN) [2]. In this paper, we will focus on the security of the perception layer communication.

In the perception layer, security threats come from security attacks. Security attacks are classified into external attacks and internal attacks. The technical methods to defend against external attacks mainly include encryption/decryption, authentication, digital signature, and so on. Unfortunately, these methods cannot effectively defend against internal attacks. Conversely, some studies have shown that trust management technology can better defend against internal attacks [3]. Hereby, we will research and propose a trust management scheme based on Dirichlet distribution, and use the on-off attack as an example to verify its effectiveness simultaneously.

The rest of this paper is organized as follows. In Section 2, the trust management schemes/systems based on the Beta distribution, Gaussian distribution, and Dirichlet distribution are reviewed and discussed. TheDirichlet-Distribution-based Trust Management Scheme (DDTMS) in IoT is proposed in Section 3. Furthermore, the proposed scheme is simulated and analyzed in Section 4. Finally, the conclusions are given in Section 5.

2. Related Works

In this section, we will discuss and analyze the typical trust management schemes (TMS) based on Beta distribution, Gaussian distribution, and Dirichlet distribution, and then point out their technical characteristics. Usually, the reputation model in trust management scheme is a probabilistic and statistical model, where Beta distribution is most widely used, and the follow-ups are the Gaussian distribution.

2.1. TMS Based on Beta Distribution

Saurabh and Mani proposed a framework, namely, the Reputation-based Framework for high integrity Sensor Networks (RFSN) [4]. Furthermore, based on this framework, they proposed the Beta Reputation System for Sensor Networks (BRSN) by using the Bayesian network, combined with the Beta distribution of node reputation. In BRSN, the node’s behavior was divided into cooperation and non-cooperation. This is a traditional TMS, however, BRSN cannot defend against the high-reputation internal attacks, which were launchedby malicious nodes. Wu et al. proposed a Beta and link quality indicator (LQI)-based trustmodel (BLTM) for the WSN, in order to defend against internal attacks [5]. In BLTM, they considered communication trust, energy trust, and data trust, and then they discussed the weight of these trusts. Finally, they present a LQI analysis mechanism to maintain the accuracy and stability of the trust valuewith poor-quality links. Fang et al. proposed a Beta distribution-based Trust and Reputation Evaluation System (BTRES) for WSN [3] to solve its security problem, which was vulnerable to be attacked from compromised nodes. Based on the interaction information between the nodes, the system used the reputation of the distributed analog nodes to further calculate the trust value of the obtained nodes. In addition, weights and thresholds were used in combination to complete the construction of BTRES.

In addition, Ahmed andBhangwarproposed an improved Weight-basedProbabilistic Trust Evaluation (WPTE) scheme, based on Beta probability distribution, for evaluating the trustworthiness of nodes [6]. UmaRani et al. carried out Enhanced Beta Trust Model (EBTM) to discover a malicious attack in wireless sensor network [7]. In the EBTM, the malicious behavior could be detected quickly by considering consecutive misbehavior. Meanwhile, the collaboration among sensor nodes could be improved by trust value, and the lifetime of the network could be increased by recovery procedure.Mahmud et al. presented an adaptive neural-fuzzy inference system (ANFIS) and brain-inspired trust management model (TMM) to secure IoT devices and relay nodes [8], and to ensure data reliability. TMM utilized both node’s behavior trust and data trust, which were estimated using the Beta reputation distribution and weighted additive methods respectively, to evaluate the nodes’ trustworthiness. However, there was often a lack of consideration in terms of energy consumption, which was limited to the ideal conditions of an energy-rich IoT device. Yin et al. proposed a trust value redemption system [9]. In this system, the trust value was punished when the malicious node attacks other nodes, and with the increase of attacks, the strength of punishment for its trust value would also increase. However, its trust value could be redeemed when the node returned to normal, but the weight of redemption must less than punishment. Momani et al. extended their previously designed trust model in wireless sensor networks to include both communication trust and data trust, and then they introducea new Bayesian network trust model and Beta distribution to combine more than one trust component—communication trust and data trust in our case—to produce the overall trust [10].

2.2. TMS Based on Gaussian Distribution

The Gaussian distribution is a very common continuous probability distribution. It is often used to represent real-valued random variables whose distributions are not known. A random variable with a Gaussian distribution is said to be normally distributed and is called a normal deviate. Sinha et al. proposed a Gaussian-based trust and reputation management system to use for fading MIMO (Multiple-Input Multiple-Output) WSN [11]. They used the multivariate Gaussian distribution and Bayes’ theorem to construct this system, and furthermore, they considered the impact on the MIMO wireless fading channels. They also combined with direct and indirect reputation information, in order to calculate reputation and trust value. The simulated results demonstrated that the system could effectively isolate malicious nodes. However, the calculation process is too complex to be suitable for resource-constrained sensor nodes.

In addition, Singh and Sinha presented aframework for a time and trust aware mechanism for inference and prediction of reputation using Heteroscedastic Gaussianprocess regression (HGPR) model [12]. The model accepted as inputthe reputation feedback from third party sources and predicts the real reputation value.

In complex networks, the interactive behavior between nodes is not only cooperative and non-cooperative, but also the finer granularity of interaction behavior according to different measurement methods. For many types of such network interactions, Dirichlet distribution can better describe the reputation changes caused by the historical behavior of the nodes.

2.3. TMS Based on Dirichlet Distribution

Jung et al. proposed Dirichlet-based trust management to measure the level of trust in Intrusion DetectionSystems (IDS) according to their mutual experience [13]. Meanwhile, an acquaintance management algorithm was proposed to allow each IDS to manage its acquaintances according to their trustworthiness. Their approach achieved scalability properties and was robust against common internal threats, resulting in an effective the CollaborativeIntrusion Detection Network. Rani and Sundaram put forward a Dirichlet Distribution based Model (DDTM) to detect malicious attacks in WSN [14]. This model that included the mornitoring module and trust value module used trinomial Dirichlet distribution for trust evaluation, and used Dirichlet fusion rule to combine the opinions gathered from neighbor nodes to defend against the bad mouthing attacks and ballot attacks. They also designed a penalty scheme and a dynamic sliding window scheme to find attacks quikly and provided malicious behavior feed back to the routing model for secure data transmission. Abderrahim et al. proposed a new Dirichlet based trust management system for the IoT (DTMS-IoT) [15]. This system mitigated both on-off attacks and dishonest recommendations by detecting nodes malicious behavior. They used service levels and things capacities to reinforce security, and the computation of trust valuewas based on direct observations and recommendations.

In addition, Li et al. proposed a Dirichletbaseddetection scheme to address such opportunistic attacks(DDOA) [16]. In this scheme, a Dirichlet-based probabilisticmodel was built to assess the reputation levels of local agents. Initial reputationlevels of the local agents were first trained using the proposed model, based on their historical operating observations. An adaptivedetection algorithm with reputation incentive mechanism was thenemployed to detect opportunistic attackers. Huang and Nan presented a reputation computing framework based on Dirichlet distribution in WSN [17]. The proposed framework involved the detection module and reputation module. The detection module determined each node’s outlier degree using the Local Outlier Factor (LOF) algorithms. The reputation module included obtaining the reputation information of its neighbor nodes, establishing the reputation function based on Dirichlet distribution.

3. Dirichlet-Distribution-Based Trust Management Scheme (DDTMS)

3.1. Design of DDTMS

In this section, the Dirichlet-Distribution-based Trust Management Scheme (DDTMS)will be designed. First of all, the reputation distribution of the node interaction process will be modeled on the basis of the Dirichlet distribution. The corresponding node reputation changes are obtained by the similarities and differences of direct interaction behavior between nodes and the characteristics of the Dirichlet distribution. Secondly, the joint historical interactive information and the custom parameters calculate the trust value of the nodes in the cluster, and better adjust the change of the related results to meet the security requirements for trust values. Finally, the overall trust value is obtained through third-party recommendation for trust decision to meet the scalability and availability of the trust management scheme.This is because, as a necessary and effective external trust factor, the third-party recommendation makes up for the shortcomings of self-evaluation in traditional trust management, and plays an irreplaceable role in promoting trust integrity. The flow chart of design for DDTMS is shown in Figure 1.

3.2. Dirichlet-Based Reputation Distribution Model

3.2.1. Dirichlet Distribution

The binomial distribution is the probability distribution of the number of positive occurrences in an independent repeated n-time Bernoulli experiment.The polynomial distribution, as an extension of the binomial distribution, describes the joint probability distribution of the number of occurrences of each variable.We suppose $X=(x_1,x_2,\dots x_n)$, where, $x_i$ represents the probability that the experimental result is the i-th type, and $x_i\in \{0,1\}$. The variable i represents the n types that may occur, namely, $i=1,2,3,\dots ,n$. So the probability distribution for x is

$$p(x|\mu )={\displaystyle \prod _{i=1}^n{\mu }_i{}^{x_i}}$$

(1)

where, $\mu =({\mu }_1,{\mu }_2,{\mu }_3,\dots ,{\mu }_n)$ and ${\displaystyle \sum _{i=1}^n{\mu }_i=1}$. If we repeat N observation experiments, then ${\displaystyle \sum _{i=1}^n{x}_i=N}$. Since the Dirichlet distribution and the polynomial distribution belong to the same conjugate distribution family, the conjugate prior to the polynomial distribution has the following expression

$$p(\mu |\alpha )\propto {\displaystyle \prod _{i=1}^n{\mu }_i{}^{{\alpha }_i-1}}$$

(2)

Therefore, we normalize the above formula, and the probability density function of the Dirichlet distribution is

$$Dirichlet(\mu |\alpha )=\frac{1}{B(\alpha )}{\displaystyle {\prod }_{i=1}^n{\mu }_i^{{\alpha }_i-1}}$$

(3)

Based on the observation sequence of n-type output and its corresponding output value, the Dirichlet distribution represents the a priori physical count of n variables. B(a) is a polynomial extension of the Beta function, and the form that is normalized as constant is

$$B(\alpha )=\frac{{\displaystyle \prod _{i=1}^n\Gamma ({\alpha }_i)}}{\Gamma ({\displaystyle \sum _{i=1}^n{\alpha }_i})}$$

(4)

We use the prior distribution and posterior parameter $y_i+{\alpha }_i$, the posterior distribution of Dirichlet can be obtained as

$$Dirichlet(\mu |y+\alpha )=\frac{1}{B(y+\alpha )}{\displaystyle \prod _{i=1}^n{\mu }_i^{y_i+{\alpha }_i-1}}$$

(5)

When all categories are at the beginning of the event, namely, there is no any physical count of a priori observation, we set ${\alpha }_i=1(1\le i\le n)$, then the expected value for each probability ${\mu }_i$ in the Dirichlet distribution is

$$E({\mu }_i)=\frac{{\alpha }_i}{{\displaystyle \sum _{j=1}^n{\alpha }_j}}$$

(6)

The above equation expresses the relative probability of occurrence of a certain type i event, and expects are taken as the occurrence probability of these events in the next interaction. Therefore, when the observedvalue of the next round of experiment is x, the Equation (3) can be rewritten $Dirichlet(\mu |x+1)$ to indicate the posterior distribution of the above-mentioned a prior observation event, and then the corresponding expected value is

$$E({\mu }_i)=\frac{x_i+1}{n+{\displaystyle \sum _{j=1}^n{\alpha }_j}}$$

(7)

Generally, in a Beta-based model, events are divided into two categories for processing. However, in many cases, this is far from meeting the requirements of complex application scenarios. By contrast, the use of Dirichlet distribution to describe the reputation distribution of nodes in IoT through interactive behavior is often more practical. This is because the question is whether the interaction between two nodes is successful or notis transformed into a process in which a normal node interacts with multiple different types of malicious nodes. This process can use the Dirichlet distribution model to simulate the relevant reputation distribution, and eventually, to detect or defend against many different types of attacks by using trust values.

3.2.2. Trust Value Based on Dirichlet Distribution

In this model, the calculation of the trust value is processed by the direct observation trust value and the third party recommendation trust value.

A. Trust ValueunderDirect Observation

Different from the categoriesof cooperation and non-cooperation of behavior types in Beta distribution and Gaussian distribution, in DDTMS, the interactive behaviors of sensor nodes are divided into three types: success, failure, and uncertainty. The uncertain type of behavior is caused by uncontrollable factors, which involve the occasional network noise, the instantaneous transmission delay, and so on. Here, we use $D{T}_{i,j}$ to represent the trust value by the direct observation of node j to node i, and use <S_ij, f_ij, u_ij> to representthe observation of node ito node j, which including the success, failure, and uncertainty type behavior, respectively.

In order to satisfy the principle of trust value, that is, “hard to get, easy to lose”, first of all, the corresponding behaviors will be weighted <w_s, w_f, w_u> to limit the measurement of each behavior by custom. Secondly, the variation of the failed interaction in the historical interaction behavior is used as one of reference for the evaluation of the current trust value. Finally, the trust value of the node j is

$$D{T}_{i,j}=\frac{(w_s{s}_{ij}+1)\cdot \left(1-{\mu }_{history}\right)}{w_s{s}_{ij}+w_f{f}_{ij}+w_u{u}_{ij}+3}$$

(8)

where

$${\mu }_{history}=\frac{{\displaystyle \sum _{k=1}^n{(f_{ij})}_k}-{\displaystyle \sum _{k=1}^{n-1}{(f_{ij})}_k}}{s_{ij}+f_{ij}+u_{ij}}$$

(9)

where, ${\mu }_{history}$ is the ratio of the failure number to the total interactions number in the current round process. We take this parameter into the calculation of $D{T}_{i,j}$. It can increase the impact of the failure number on the reduction of the trust value. This can better agree with the principle of trust value, that is, ‘hard to get’. Meanwhile, the setting of various types of parameters in $D{T}_{i,j}$ intensifiesthe impact of the failure behavior on the reduction of the trust value, while the successful behavior needs to be accumulated to a certain magnitude to enhance the trust value. For example, the <w_s, w_f, w_u> weights are set to <1, 1.5, 0.3>, and then the increase in the number of failures can directly lead $D{T}_{i,j}$ to a rapid decline. Therefore, compared with the increasing node trust value of normal interaction, the occurrence of failure behavior is more likely to impact on the change of trust value.

B. Third-Party Recommended Trust Value Calculation

The trust value of neighbor nodes can directly be observed and calculate through direct interaction, meanwhile, the trust values from third-party recommendations can increase the trustworthiness of a node based on this. The hierarchical routing protocols usually organize wireless sensor networks in a cluster structure, as key nodes for data transmission and data compression, the cluster head should also provide the recommended the trust values of their neighbor nodes for other nodes within the cluster.

Assuming that the sensor network has suffered from any internal attacks at the beginning of the first round, the cluster head selected in the first round can be acting as the proxy node of the third-party trust recommendation in this round of clusters.As the interaction between nodes progresses, such as the successful interaction between normal nodes, the failed interactions imposed by malicious nodes, as well as the occurrence of uncertain interaction events with certain probability, the corresponding trust values are first obtained by distributed computing between nodes. Meanwhile, the trust value is summarized to the cluster head node together with the detected data. The centralized calculation is performed by the cluster head node. The trust value table is sent to each node, and the corresponding trust value table is updated.

After a round, the cluster head node is re-elected as a third-party agent by considering the election scheme of multiple factors, as well as trust value, so that the relatively secure cluster head node can be selected by this scheme, to ensure the entire cluster structure stable. The calculation scheme of the third-party recommended value $R{T}_j$ for the common node j in a cluster is

$$R{T}_j=\frac{1}{M}{\displaystyle \sum _{k=1,k\ne i,k\ne j}^{M}D{T}_{kj}}$$

(10)

where M represents the number of nodes that can communicate with node j in addition to node j and the proxy node, then the recommended trust value can be centrally calculated by the direct trust value obtained with the nodes in the cluster. Therefore, the calculation steps for the third-party recommended trust value are as follows:

(1) According to the assumption, the sensor network is initialized, in the first round, of the cluster head is randomly elected as a proxy node for the third party’s recommended trust value.

(2)After the cluster head selection, according to the communication requirements, each node in the sensor network establishes contact with the cluster head in a self-organizing manner, and finally constructs the cluster structure of the current round process.

(3)Nodes in the cluster begin to detect the corresponding and neighbor nodes in the sensing area, and calculate the trust value.

(4) After the information collection of current round, the trust value information of neighbor node is sent to the cluster head node together with the data, and the cluster head node performs centralized calculation to obtain the trust value of each node in the cluster. Furthermore, the abnormal situation is processed, and delivered to the cluster member nodes.

(5) After the start of the new round, each node elects the trustful cluster head node of the current round according to its own situation and the trust value, and then repeats the steps 2 to 5.

C. Trust Value Synthesis

$$\begin{array}{l}{T}_{ij}=\alpha \times D{T}_{ij}+\beta \times R{T}_j=\alpha \times \frac{(w_s{s}_{ij}+1)\cdot \left(1-{\mu }_{history}\right)}{w_s{s}_{ij}+w_f{f}_{ij}+w_u{u}_{ij}+3}+\beta \times \frac{1}{M}{\displaystyle \sum _{k=1,k\ne i,k\ne j}^{M}D{T}_{kj}}\\ =\frac{\alpha \cdot (w_s{s}_{ij}+1)\cdot \left(1-{\mu }_{history}\right)}{w_s{s}_{ij}+w_f{f}_{ij}+w_u{u}_{ij}+3}+\frac{\beta }{M}{\displaystyle \sum _{k=1,k\ne i,k\ne j}^{M}D{T}_{kj}}\end{array}$$

(11)

where, $\alpha$ and $\beta$ are weights of direct observation and indirect observation respectively, and they satisfy $\alpha +\beta =1$.

In this section, we design the Dirichlet-Distribution-based Trust Management Scheme (DDTMS). Then, in the next section, we will compare and analyze the performance of DDTMS with Beta distribution and Gaussian distribution under on-off attack.

4. Simulations and Analysis

4.1. Comparison Between DDTMS, Beta Distribution, and Gaussian Distribution

The on-off attack refers to the intermittently executed cooperative and non-cooperative behaviors, which are launched by the attacking node. The cooperative behavior can effectively improve the trust value of malicious nodes. When the trust value reaches a certain level, the non-cooperative behavior—such as dropping packets, selective forwarding, and so on—is the malicious attack. In this experiment, the on-off attacks are launched into the cluster member nodes under above three distributions. The simulation parameters are shown in

Table 1. Simulation parameter table.

Parameter	Value
Direct and indirect reputation information weights (α,β)	(60%,40%)
Tinit	0.5
μGaussian	0.5
δGaussian	0.5
ws	0.85
wf	1
wu	0.05

.

Model assumptions for trust value calculations:

• The initial trust value of both nodes without any interaction is 0.5 ∈ (0,1).
• Normal nodes and malicious nodes perform a total of 200 interactions.
• A malicious node performs the attack on the 50th interaction and the 170th interaction, respectively, 30 attacks per attack.

The comparison of trust value between DDTMS, Beta distribution-based and Gaussian-distribution-basedis shown in Figure 2.

As shown in the Figure 2, there is jitter in the trust value curve in DDTMS. This is becausethere is a certain probability of undetermined interaction behavior in the interaction between two nodes. They are neither cooperative nor uncooperative. During the first 50 interactions, the malicious node is regarded as a normal node due to the cooperated interaction. Hence, its trust value is also increasing steadily. However, because of Dirichlet distribution, the weight settings of the three interaction types, the trust value will not increase very high, but also enough to embody the concept of ‘trust’.

When the malicious node begins to launch the attack at the 50th interaction, the curves of the two distribution models are drastically reduced in Figure 2, and both of them can detect the malicious node by the rapid decline of the trust value. It is noted that the trust value curve in DDTMS is lower than the curve of the Beta distribution when the attack occurs, which means that it can detect the malicious node quickly compared with the Beta distribution.

With the malicious node stops attacking, in order to regain the trust of other nodes, it restores the normal interaction. During the restoring process, the trust values under the two distributions are also significantly different. The trust value curve of the DDTMS is evidently lower than the curve of the Beta distribution. The advantage of this is that even if a malicious node attempts to restore normal interaction after performing an attack to achieve the same trust value as a normal node, it is a very difficult increase process compared to the Beta distribution. This is because, under Dirichlet distribution, the trust scheme can limit a weight on the uncooperative behavior, and it also evaluated the subsequent trust value using historical data. The trust value of the malicious node will keep a large gap with the average trust value of the normal node for a long time in the future.Hence, the probability of the same type of attack from this malicious node can be greatly reduced.

On the other hand, in Figure 2, because there is no undetermined behavior in the trust management scheme based on Gaussian distribution, and the trust value will increase rapidly in the interaction start. The trust value in DDTMS gradually increases with increasing the normal interaction behavior, in line with the expectation of the node trust value. Furthermore, when the malicious attack begins to be launched in the 50th round, the DDTMS can detect malicious nodes faster than the Gaussian-based trust scheme. In addition, it can effectively detect malicious nodes that launch attacks. It can also restrict the rapid growth of trust values of malicious nodes according to behavior evaluation weights and related behavior history data simultaneously. The comparison between DDTMS, Beta-distribution-based, and Gaussian-distribution-based is given in

Table 2. Comparison between DDTMS, Beta-distribution-based, and Gaussian-distribution-based.

	DDTMS	Beta-Distribution-Based (BD)	Gaussian-Distribution-Based(GD)
Under normal status	Because of a certain probability of undetermined interaction behavior, there is jitter in the trust value ascending process. Weight settings makes ascent of DDTMS’s trust value slower than BD and GD, and the maximum value of trust value is about GD, but less than BD.	There is no jitter in the trust value ascending process. Its maximum value of trust value is the highest among the three distributions.	There is no jitter in the trust value ascending process. Its maximum value of trust value is about DDTMS’s, but less than BD’s.
Under attack status	Trust value descends faster than BD and GD, and the minimum value of the trust value is lower than BD and GD. Recovery of trust values is slower than BD and GD, and the maximum value of trust values is lower than BD and GD.	Trust value descends faster GD and the minimum value of the trust value is higher than DDTMS. Recovery of trust values is faster than DDTMS and the maximum value of trust values is higher than DDTMS.	Trust value descends the slowest, the minimum value of trust value is about BD. Recovery of trust values is slower than BD, and the maximum value of trust values is about BD.

.

From the above analysis, it can be concluded that the trust management scheme based on Dirichlet distribution has the characteristics superior to other distribution trust management schemes, and it can simulate the node interaction better with normal nodes, considering cooperation, non-cooperation, and uncertain behavior. In turn, it can maintain a high value that is relatively high but not fully trusted. For a malicious node, the attack role can be detected quickly and effectively by DDTMS. The subsequent masquerading process of the malicious node will not help the growth of the trust value, simultaneously, and the network detection can still be facilitated. In addition, the DDTMS can also be customized for the type of node interaction to meet the requirements of those diverse network environments.

4.2. Node Interaction Based on Dirichlet Distribution

In this section, we use MATLAB to simulate the interaction between multiple types of nodes in a hierarchical routing protocol. Each node in DDTMS will calculate the trust value of the node with which it interacts.

(1) In Figure 3, it is shown that is the change of the trust value of any two normal nodes during normal interaction. The simulated environment is initially set with a total of 300 rounds of interaction, and two nodes perform 200 interactions in each round. Under the Dirichlet distribution, the trust value of the node i to node j is obtained and shown in this figure.

Because of uncertain interaction and failure interaction with a certain probability in the implementation, although the proportion is small, the trust value of a node does not increase indefinitely. The trust value exists to better detect the abnormal node, therefore, even if the non-cooperative interaction caused by fewer objective factors will affect and control the trust value of the normal node.

(2) The abnormal interactions between the normal node and the malicious node impact on the trust value, wherein the simulating environment is initially set with a total of 1400 rounds of interaction in Figure 4, 200 interactions per round, and the attack is performed to node j in the 100th round, and stops in the 200th round.

It can be noted that, after the attack starts, the trust value of node j is drastically reduced until this attack stops.With the restoration of normal interaction, after nearly 1000 rounds, the trust value slowly increased to 70% of the trust value before the attack. It can be found that the trust value control of the malicious node that launched the attack is relatively rational as described above.

(3) There is the trust value change of each node in a single cluster. It is assumed that there are five sensor nodes and one cluster head node in the cluster. The connectivity state and behavioral interaction of these five sensor nodes are shown in the matrix below. The matrix consists of five sensor nodes, where nodes 1~4 are normal nodes, node 5 is a malicious node. Non-zero means that data is reachable (connected) between nodes, 1 means normal interaction, 2 means abnormal interaction.

$$\Phi =\left[\begin{array}{ccccc}0& 1& 0& 1& 0\\ 1& 0& 1& 0& 2\\ 0& 1& 0& 0& 2\\ 1& 0& 0& 0& 2\\ 0& 1& 1& 1& 0\end{array}\right]$$

(12)

where, in simulating the environment, we initially set with a total of 600 rounds of interaction, 200 interactions per round. The interaction type is as shown in Equation (12). The node sends the calculated trust value of other nodes to the cluster head, and the cluster head performs unified summary statistics to obtain the trust value change of each cluster member as shown in Figure 5.

As shown in Figure 5, the cluster head node obtains the comprehensive statistics based on the collected nodes in the cluster. The cluster head node is more consistent for the evaluation of the four normal nodes, and the stability is between 0.8 and 0.9. When the malicious node launches attacks on three normal nodes in 100th rounds, according to the trust value received by the cluster head, the trust value of the malicious node—that is, the black curve in the Figure 5—drops rapidly.Because the trust value and the average level have a huge gap, it is quickly detected as a malicious node, which largely guarantees the security of the IoT.

In terms of the indirect trust, DDTMS deployedthe third-party recommendation. In [13] Jung, et al. constructed a test messages to evaluate the trustworthiness of those suspicious nodes, more specifically, the test messages were‘bogus’consultation requests to make difficult to be distinguished from real consultation requests. The content of test messages varies depending on the type of the intrusion. The testing node had known before hand the true diagnosis result of the test message and uses the received feedback to derive a trust value for the other nodes. For three behaviors—success, failure, and uncertainty—we introduce the corresponding behaviors will be weighted <w_s, w_f, w_u> to limit the measurement of each behavior by custom. Similarly, in DDTM, a penalty factor was defined to decrease the trust value of malicious node. In DTMS-IoT, the third-party recommendations were considered unless direct observations were not credible. Except without the third-party recommendation, in DDOA, the system control center first trained the initial reputation levels of the local agents based on the collected historical observations, and persistently observed and evaluated these local agents’ behaviors. Huang and Nan used LOF algorithm to detect the abnormal behavior of nodes. This algorithm did not forcibly define the anomaly as having a binary characteristic. Instead, it specified a local anomaly factor for each data, and used the local anomaly factor to represent the degree of abnormality of the data. The local anomaly factor became larger, it was considered to be more likely to be abnormal; otherwise, the probability of an abnormality was small. The LOF algorithm only needed one parameter k, which is a natural number, which was the minimum number of points used to define its neighbor nodes for a given datum.

In summary, the trust management scheme based on the Dirichlet distribution is superior to the trust management schemes based on the Beta distribution and the Gaussian distribution in theoretical and related simulation experiments. The trust values distribution of each node (including normal nodes and malicious nodes) in the cluster is also in line with the functional expectation of detecting malicious nodes.

5. Conclusions and Prospect

In this paper, the trust management schemes/systems based on Beta distribution, binomial distribution, and Gaussian distribution are discussed in detail. The reputation distribution model in the node interaction is selected based on the Dirichlet distribution. The third-party recommendation and the direct trust value calculation are both considered to achieve faster and accurate detection of malicious nodes in the process of derivation of trust management.

Through simulation experiments, our proposed DDTMS is better than the other two reputation models (Beta distribution and Gaussian distribution). On the one hand, it can more accurately describe the reputation changes caused by the various interactions of nodes. It can quickly detect the node types (normal node or malicious node) according to the change of trust values, and ensure the network stability. On the other hand, the third-party trusted nodes can further improve network security within a specific range by calculating the recommended values based on data submitted by members in each cluster, and facilitate the implementation of security for the related algorithms in the hierarchical routing protocol simultaneously.