Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The information model of the present invention is totally divided into three layers, which may include a physical layer, a community layer, and a blockchain layer as shown in fig. 1. The physical layer is composed of numerous heterogeneous intelligent networking devices, which are divided into two types of nodes: resource constrained end nodes (e.g., various sensors), edge nodes (e.g., MEC servers) that possess sufficient computing resources and storage resources. According to the method, the edge nodes are selected as administrators in the communities, and are responsible for storing service description files or configuration files of the end nodes, periodically collecting information of other nodes in the communities, and calculating social similarity of the nodes and trust values of members of each community.
Fig. 2 is a flowchart of a method for managing distributed trust of internet of things with end-to-end coordination in an embodiment of the present invention, as shown in fig. 2, where the method includes:
101. dividing the Internet of things into a plurality of community structures, taking edge nodes as administrators in communities and end nodes as members in communities, and obtaining a device node set at each moment in communities;
in the embodiment of the invention, the objective has a regional structure in the Internet of things, namely the community structure in the Internet of things exists objectively, and the nodes with similar interests can be aggregated into the same community by dividing the network, so that the Internet of things structure is simplified, the complex Internet of things is divided into a plurality of small systems, and meanwhile, the computing cost for trust management of the nodes in the community is smaller, the system robustness is stronger, and the system is more suitable for a large-scale Internet of things environment.
In the embodiment of the present invention, in order to simplify the computation, numerous heterogeneous devices are divided into two types of nodes: resource constrained end nodes (e.g., various sensors), edge nodes (e.g., MEC servers) that possess sufficient computing resources and storage resources. According to the method, the edge node is selected as an administrator in the community, is responsible for storing service description files or configuration files of the end node, periodically collecting information of other nodes in the community, and is responsible for calculating social similarity of the nodes and trust values of members of each community.
In order to capture social relations among device nodes, the method and the device set DSN= { DSN 1 ,DSN 2 ,...,DSN n Dynamic social network of internet of things, wherein DSN t =(N t ,E t ) Network snapshot representing time t, N t Representing a set of nodes in the network at time t, E t Representing the edge set in the network at time t, CM t ={C t,1 ,C t,2 ,...,C t,i The community set at time t, C t,i Representing an ith community generated at the moment t; and obtaining the equipment node sets at different moments by utilizing the network snapshots at different moments.
102. Determining an incremental node set at the current moment in the community according to the device node sets at the current moment and the previous moment;
in the embodiment of the present invention, assume d i ∈C t-1,u I.e. node d i Belongs to community C at time t-1 u When at time t, there is d i ∈C t-1,v I.e. node d i Belongs to community C at time t-1 v And u is equal to v, then node d i Changes its community attribution at time t, and sets the node set with changed affiliated community as increment node set IS t Incremental nodeThe point set is defined as follows:
wherein the method comprises the steps ofAnd->C represents an edge which exists at time t but does not exist at time t-1 and an edge which exists at time t but does not exist at time t-1, respectively t,u And C t,v Respectively represent node d in the network at time t i And d j Community to which the user belongs,/>Then the newly added node at time t is indicated. Incremental node set IS t The method comprises nodes of time t-1 belonging to different communities and time t belonging to the same community, nodes of time t-1 belonging to communities and time t belonging to different communities and newly added nodes of time t.
103. Performing incremental dynamic community division on the nodes of the incremental node set according to a label propagation algorithm, and dividing the nodes into communities;
in the embodiment of the invention, a label propagation algorithm is required to be invoked to acquire an initial community structure of the Internet of things, and if the community stability of the current community exceeds that of the initial community or the community at the previous moment, the community is dynamically updated according to the nodes in the current incremental node set.
Wherein the tag propagation algorithm may be a conventional tag propagation algorithm (Label Propagation Algorithm, LPA) or a modified tag propagation algorithm (Speaker-listener Label Propagation Algorithm, SLPA); the present invention is not particularly limited in this regard, and of course, the SLPA algorithm may be selected in the preferred embodiment.
In particular, for IS t Nodes in the set re-conduct community division by using SLPA algorithm, if newly generatedThe community size is less than a specified threshold cs min If the existing node IS a non-newly added node, the community IS considered to be too small in scale to form an independent community, the community IS disassembled, and the disassembled node IS added into an independent node set IS t-indpend . IS for independent node set t-indpend Traversing each community in parallel, adding the nodes into the communities, calculating the social similarity between the nodes and each community, summing the social similarity, dividing the nodes into communities with the maximum social similarity, and obtaining the final attribution community of the nodes.
In consideration of that the result error of the community finding algorithm is accumulated along with the time, an index is needed to judge whether the community result needs to be dynamically updated, so the community stability is defined as follows:
wherein the method comprises the steps ofAnd->Respectively representing the number of edges increased and the number of edges decreased in community c at time t, +.>And->Represents the number of nodes increased and the number of nodes decreased in community c at time t, ρ, respectively 1 And ρ 2 Represents the corresponding weight and 0<ρ 1 ,ρ 1 <1。
To better illustrate the incremental dynamic community partitioning of the present invention, the present invention provides the following description:
communities are partitioned by social similarity between devices, and specific methods refer to the method of partitioning virtual communities by a Speaker-listener tag propagation model mentioned by Konstantin. Firstly, calling an SLPA algorithm to divide communities to obtain an initial community structure, and then updating communities according to the incremental node set and community stability, wherein the specific operation steps are as follows.
Step1: judging whether the initial community weight is smaller than wc min And whether the community size is smaller than cs min If smaller, the community IS broken up and added to IS t ;
Step2: repeatedly executing Step1 until each community is judged;
step3: for any IS t The node in (B) generates a new community by using an SLPA algorithm;
step4: for each new community, if the size of the community is smaller than cs min Dismissing the community, and removing the node from IS t Delete add to IS t-indpend ;
Step5: adding the rest communities into the community set NS at the time t-1 t-1 ;
Step6: repeatedly executing Step4-Step5 until the judgment of the new community is completed;
step7: for each d i ∈IS t-indpend Calculating social similarity Sim of nodes and adjacent communities community Adding the nodes into communities with highest collocation similarity;
step8: and repeatedly executing Step1-Step7 until the dynamic communities are divided. It will be appreciated that nodes within a community are more trusted to each other than nodes outside the community, as they share similar benefits. In addition, the cost of screening for malicious nodes within the community will be less than the cost of screening for malicious nodes in the entire network. Meanwhile, the network is considered to be not invariable, but dynamic, so that the invention adopts an incremental clustering algorithm to detect communities on the network. Firstly, community division is carried out on the whole network at first, then, according to the community discovery result at the previous moment, edges or nodes which change at the next moment are calculated, and only incremental parts which change at the adjacent moment are adjusted by combining the topology structure and other characteristics of the current network.
104. Taking the social similarity between the nodes as initial trust, calculating a direct trust value according to the direct expression of the nodes in service, and calculating a recommended trust value between the nodes according to the social similarity between the nodes and the direct trust value;
in the embodiment of the invention, the total trust between the nodes is divided into direct trust and recommended trust, so that the comprehensive trust between the nodes is comprehensively considered.
In one aspect, the invention employs a bayesian framework as a model for evaluating direct trust of nodes. The reason why the bayesian model is chosen is because it is a relatively sophisticated framework and is often used in trust/reputation systems. When node d i To node d j D after requesting service i Will be according to d j The direct manifestations in this service make corresponding service satisfaction evaluations, including time of service completion, probability of failure, degree of service completion, etc. The invention assumes that the service provision situation between nodes has only two results { satisfaction, dissatisfaction }, and each service provided is an independent process, consisting of S i,j Representation, wherein 1 represents node d i To node d j The service provided this time is satisfactory, and 0 indicates dissatisfaction, so the evaluation result follows binomial distribution. Suppose node d j To node d i Provide n times service, wherein node d i Satisfactory service is k times in total. The likelihood function equation is as follows.
p represents node d i To node d j Probability of satisfaction of the offered service, since the conjugate prior of the binomial distribution is beta distribution, assume node d i To node d j The probability distribution of satisfaction of the offered service is bata (alpha i,j ,β i,j ) The a priori distribution is therefore:
where Γ is the gamma function, when α i,j <P.noteq.0 when 1, when beta i,j <P.noteq.1 at 1. From bayesian inference, the posterior distribution is f (p|k) f (k|p) f (p). The posterior distribution is therefore:
the posterior distribution is also a beta distribution, denoted as bata (k+α) i,j ,n-k+β i,j ) The formula describes the probability distribution of p, so the expected value of p can be regarded as node d i To node d j Is used to determine the direct trust value of (1). Considering the trust decay problem, parameter α i,j And beta i,j The update of (2) is represented by equation (6).
Wherein the method comprises the steps ofIs an exponential decay function, < >>Is a very small number used to model the trust before it is progressively forgotten with the trust update. S is S i,j Representing a forward view, 1-S i,j Then a negative observation is indicated and Δt is the trust update interval. Thus node d i To node d j Direct trust +.>Calculated from equation (7).
In the present invention, it is considered that communities are established at the same timeThe similarity of social relations among the nodes is used, so the method takes the similarity of social relations among the nodes, namely the social capacity of the nodes, as priori knowledge, and sets alpha i,j And beta i,j Initial values of sim (d) i ,d j ) And 1-sim (d) i ,d j )。
On the other hand, the method adopts the node interaction model as a model for evaluating the recommendation trust of the node. Node d when there is no direct interaction history for both nodes i Can be based on node d j Recommended trust evaluation node d given by neighbor node with direct interaction j Is to be determined. The invention establishes a community in the first part, node d i Node d can be found through the community network j Other node with direct interaction history calculates node d j Is set to be a recommendation trust of (1). Is provided with x nodes and d j With direct interaction, the node set dx= { d 1 ,d 2 ,...,d x Each node pair d j Is directly trusted asAnd is connected with d j Is sim (d) x ,d v ) Node d i To node d j The recommended belief of (2) is given by the following formula.
In the embodiment of the invention, the direct trust value and the recommended trust value are both related to the social similarity between the nodes, so the method for calculating the social similarity provides the following modes:
according to resources or services provided by the nodes of the Internet of things, calculating the interest similarity between the nodes;
according to the cooperative relationship among the nodes of the Internet of things, calculating the cooperative similarity among the nodes;
according to the friend equipment relationship of the nodes of the Internet of things, calculating the friend similarity between the nodes;
and carrying out weighted summation on the interest similarity, the collaboration similarity and the friend similarity, and determining the social similarity between the nodes.
The manner in which the similarity of interests between nodes, the similarity of collaboration between nodes, the similarity of friends, and the similarity of social interactions between nodes are calculated will be described below, respectively.
For interest similarity between nodes, the interests of the devices can be represented by the similarity of common resources or services requested by the devices, the attributes of the resources or services are multidimensional, the associated attributes among the nodes are usually weak, and the difference of the associated attributes can be represented by the occurrence frequency of key resources or services. For resource R i Its preference vector is expressed as:
wherein k is i Representing the kth critical resource or service,weights representing its key resources. For node d i And d j Their interest preferences are calculated using cosine similarity, as follows:
where m represents the total number of resources or services provided by the node,and->Respectively represent the devices d i And d j The weight of the xth service.
For cooperative similarity between nodes, devices often need to perform certain tasks or provide certain services to enter other devicesLine collaboration, collaboration often appears as a collective, a service may be commonly split by multiple devices, and thus the collaboration relationship between devices may be represented by the frequency of collaboration services. Set C i ={(d 1 ,η 1 ),(d 2 ,η 2 ),...,(d x ,η x ) Device d i Node-wise collaborative device aggregation, eta x Representation and node d i The number of cooperations is also called the frequency. For device d i And d j Their cooperating sets are C respectively i And C j The cooperative similarity will be calculated by:
in addition, for the similarity of friends among nodes, the friends of the devices also influence the social similarity among the devices, and the invention adopts the neighbor relation to quantify the position relation of the devices, so that the device d i And d j Is calculated by the following formula:
because the invention carries out community division by measuring the social similarity among the devices, the social similarity can be expressed as the weighted sum of the interest preference degree, the collaboration similarity and the position similarity of the devices, so the device d i And d j Can be expressed as:
wherein 0.ltoreq.lambda 1 ,λ 2 ,λ 3 Not more than 1 and lambda 1 +λ 2 +λ 3 =1, node d i Similarity to a community is defined by d i And summing the social similarity with each node in the community, wherein the social similarity is obtained by the following formula:
by the calculation mode, not only can the community attribution problem of the node be calculated by using the social similarity, but also the trust value of the node can be calculated by using the social similarity.
105. And calculating a comprehensive trust value between the nodes according to the direct trust value and the recommended trust value between the nodes, and managing the end nodes in the community by the edge nodes according to the comprehensive trust value.
Combining the direct trust value and the recommended trust value calculated in the above process, node d i To node d j Is calculated by the following formula.
Wherein, is 0.ltoreq.ψ 1 Weights of direct trust and recommended trust are respectively represented by less than or equal to 1, and node d j Global trust within a community isGlobal trust represents the overall degree of trust of a node within a community, is a one-to-many relationship, and node d i To node d j Is a one-to-one trust relationship.
The invention manages trust of nodes in communities, on one hand, nodes belonging to the same community have higher credibility than nodes outside communities, and on the other hand, compared with the whole Internet of things network, malicious nodes can be identified in communities more easily. The evaluation of trust is based on the direct satisfaction of the node with past interactions and recommendations of other nodes. The trust management model of the invention is distributed, no trusted third party exists in the network, and the node stores the trust data of the node by itself according to the consensus algorithm and the distributed ledger wall technology. In the invention, trust evaluation of all nodes in the community is made by the edge nodes, the edge nodes play the role of administrators in the community, and each community maintains trust evaluation of the nodes in the community.
The invention assumes that the blockchain is safe, and the model provided by the invention does not consider threat attacks of the blockchain layer, such as Sybil attacks, hijack attacks or solar corrosion attacks. Considering that the storage resources and the computing resources of equipment in the Internet of things system are limited, the workload proof (PoW) consensus algorithm needs strong computing power of nodes and is not suitable for the Internet of things environment, so that the consensus algorithm selected by the invention is a trust benefit proof consensus algorithm (DPoS), and the storage capacity and the credibility of the benefit value node are improved.
N communities are arranged in the network after community division, and N are arranged in each community m A node i provides a network with a space-time proving capacity of t-th consensus period ofThe trust value of the node is T i t The interests of the node are therefore calculated by the following formula.
Obtaining node rights and interests ST in community i t >ST th Is taken as a consensus node, ST th And if the rights and interests of a plurality of nodes are the same, the node with the highest signaling and interest value is the consensus node. N is selected out from each community c And the consensus nodes randomly select N according to the trust value v And verifying the nodes. After the consensus node is selected, the consensus node which is successful in competition is responsible for issuing updated trust data according to the DPoS consensus algorithm, the verification node verifies the trust data, and finally the consensus node records the trust data into the block after the verification is finished.
In order to verify the performance of the method of the invention, experiments are carried out on the disclosed data set of the Internet of things. The data set is a large data set in a SIOT scene, basic information of an object of the Internet of things in a spanish Sang Tan De smart city is extracted by utilizing an Internet of things open source platform FIWARW, and the data set is a large network composed of 16216 devices, wherein the network comprises 14600 user devices (such as mobile phones, smart home devices and the like) and 1616 public objects (such as smart parking lots, smart shops and the like). These devices establish their own social relationship within 11 days, each object mainly containing the following information: basic properties of an object (e.g., object identification, object owner, branding to which the object belongs, etc.), object location and timestamp information, object configuration files, a list of applications that the object can install, and an adjacency matrix describing the social relationship of the object. Specific information is shown in the following table.
Table 1 object description information
TABLE 2 device_Profile Table
According to the invention, two comparison schemes are selected for verification, the SOA-based trust management of the Internet of things is provided in scheme 1, a distributed collaborative filtering mode is adopted, and the trust value of the object is calculated based on the friendship, social connection and similarity of interests among the objects. Hereinafter, the present invention uses a T-SOA to represent the method. Scheme 2 proposes a reputation-based trust evaluation model for the internet of things, which uses a fuzzy logic model to handle direct trust between objects. Hereinafter, the present invention uses T-REP to represent this method.
In the simulation experiment of the invention, objects with different numbers and scales are selected for verification analysis, and the performance of the model provided by the invention under small scale is considered, and the performance of the model provided by the invention under the condition of large-scale Internet of things is consideredCan be specifically divided into five groups n= {1000,2000,3000,4000,5000}. If the trust update interval is Δt=4 hours, and there is no direct trust update at this time due to service request and completion, then the direct trust will decay exponentially according to equation (7), with a decay factor ofThe recommendation trust is updated according to equation (8). In order to verify the elasticity of the model in resisting malicious attacks, as shown in FIG. 3, the simulation experiment divides the proportion of malicious nodes into five groups P M = {20%,30%,40%,50% }, considering that direct trust is a subjective score made by a node according to the behavior of an interaction node, the weight of direct trust should be greater than recommended trust, so setting ψ=0.6. Initially, node d i Trust value for other nodes->Set to 0.55, after which the trust of the nodes will be dynamically updated based on the feedback obtained when the nodes meet each other, request and complete the service. Experimental results show that the trust convergence time of the invention is respectively reduced by 14 hours and 11 hours compared with the T-SOA, is reduced by 16 hours and 14 hours compared with the T-SEP, and the malicious attack resistance elasticity is greater than that of other two schemes.
As shown in FIG. 3, the trust convergence speed is fastest under different object numbers compared with other two methods, because the method considers the regional similarity and the social similarity between the objects, and the T-SOA and the T-SEP only consider the social similarity and the fuzzy reputation between the objects respectively, and do not consider the regional similarity between the objects. When the number of the objects is large, the problems of complex trust calculation and redundant calculation exist, and the method provided by the invention introduces an objectively existing community structure during trust calculation, and divides the nodes with frequent interaction and similar social relations into the same community, so that the trust convergence speed of the objects is reduced. In the whole, the trust convergence can be achieved within 90 hours by all three schemes, but the method can keep lower convergence time in the whole, especially when the number of objects is larger, such as 4000 and 5000, the convergence time of the method is respectively reduced by 14 hours and 11 hours compared with the T-SOA and reduced by 16 hours and 14 hours compared with the T-SEP.
As shown in FIG. 4, to further explore the performance of the method of the present invention, the experiment was performed at P M =20% and the three schemes were compared under the condition that the number of subjects was 30000. As can be seen from fig. 4, all three schemes can reach the convergence state within 60 hours, but the convergence speed of the method of the present invention is faster, and the convergence speed is generally shown: the method of the invention>T-SEP>T-SOA。
As shown in fig. 5, in order to observe the elasticity of the method facing the malicious attack, the experiment is set in the condition that the number of objects is 3000, and the performance of the method under the condition of different malicious node duty ratios is shown. As can be seen from FIG. 5, as the duty ratio of malicious nodes increases, the trust convergence time and trust deviation of the nodes are correspondingly increased, and the method provided by the invention is shown in P M Best performing at =20%, at P M There is still good convergence and accuracy at=40%. When P M When the trust management method is more than or equal to 50%, the trust deviation becomes more remarkable although the convergence can still be achieved after a long period of time, which shows that the trust management method has good elasticity to malicious attacks.
As shown in FIG. 6, in order to investigate the influence of the attenuation factors on the model, four levels of attenuation parameter values were set in this experimentSetting malicious node duty cycle P M =20%, number of objects 3000, simulation results are shown in fig. 6. From the above graph, as the decay parameter increases gradually, the time required for trust convergence increases accordingly, because the calculation of the trust value of the node is affected by the behavior before the node, and when the decay parameter is set to a larger value, it means that the trust state before the node takes a smaller influence in the current trust calculation, and the trust calculation depends more on the social state of the node.
In the description of the present invention, it should be understood that the terms "coaxial," "bottom," "one end," "top," "middle," "another end," "upper," "one side," "top," "inner," "outer," "front," "center," "two ends," etc. indicate or are based on the orientation or positional relationship shown in the drawings, merely to facilitate description of the invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the invention.
In the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "configured," "connected," "secured," "rotated," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly through intermediaries, or in communication with each other or in interaction with each other, unless explicitly defined otherwise, the meaning of the terms described above in this application will be understood by those of ordinary skill in the art in view of the specific circumstances.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.