LI Xiuxian,LI Zhetao,OUYANG Yan,DUAN Haohua,XIANG Liyao

(1.Xiangtan University,Xiangtan 411100,China；2.Central South University,Changsha 410000,China；3.ShanghaiJiao Tong University,Shanghai200000,China)

Abstract:Mobile edge users(MEUs)collect data from sensor devices and report to cloud systems,which can facilitate numerous applications in sensor-cloud systems(SCS).However,because there is no effective way to access the ground truth to verify the quality of sensing devices’data or MEUs’reports,malicious sensing devices or MEUs may report false data and cause damage to the platform.It is critical for selecting sensing devices and MEUs to report truthful data.To tackle this challenge,a novel scheme that uses unmanned aerial vehicles(UAV)to detect the truth of sensing devices and MEUs(UAV-DT)is proposed to construct a clean data collection platform for SCS.In the UAV-DT scheme,the UAV delivers check codes to sensor devices and requires them to provide routes to the specified destination node.Then,the UAV flies along the path that enables maximal truth detection and collects the information of the sensing devices forwarding data packets to the cloud during this period.The information collected by the UAV will be checked in two aspects to verify the credibility of the sensor devices.The first is to check whether there is an abnormality in the received and sent data packets of the sensing devices and an evaluation of the degree of trust is given;the second is to compare the data packets submitted by the sensing devices to MEUs with the data packets submitted by the MEUs to the platform to verify the credibility of MEUs.Then,based on the verified trust value,an incentive mechanism is proposed to select credible MEUs for data collection,so as to create a clean data collection sensor-cloud network.The simulation results show that the proposed UAV-DT scheme can identify the trust of sensing devices and MEUs well.As a result,the proportion of clean data collected is greatly improved.

Keywords:sensor-cloud system;truth detection;trust reasoning and evolution;mobile edge user;unmanned aerial vehicle

1 Introduction

W ith the development of techniques on microprocessor industry,sensing-based devices are becoming smaller while their computation and capacities are strengthened gradually[1–3]. Therefore,sensing technologies are widely deployed in areas with on-demand monitoring processes.According to a survey,there were more than 20 billion devices connected to the Internet of Thing(IoT)in 2020 and the number is growing at a faster rate[4–6].These IoT devices are equipped with numerous sensing devices to realize the perception of the surroundings[9–10].Thus,the sensor-cloud systems(SCS),within which the IoT devices and cloud services are well combined,can be more productive and effective on its functionality and solve such problems as the sharing of sensor nodes and large amounts of data analysis due to memory and energy limitations[9].In an SCS,a huge number of sensing devices are deployed at the edge of the network to sense the surrounding environment[11–13],and then upload the sensed data to the cloud.Due to the excellent computing power,cloud services can perform sophisticated computation and analytics,as well as orchestrate various applications.For example,the supervisory control and data acquisition(SCADA)system is one of the SCS and composes of smart sensing devices spreading over a wide area in order to remotely monitor physical phenomena[14].These smart sensing devices can be deployed on demand in the areas that require temporary testing,and then collect data into the cloud in various ways to initiate and build up various applications[15–16].The method of data collection has also changed a lot from the traditional methods in the past.In traditional wireless sensor networks(WSNs),many nodes are deployed in specific areas and self-organize into a network.The sensed data is routed to a specific node called sink through multi-hop routing[17–18]and the sink is connected to the Internet by a wired network;in this way,the data are reported to the cloud.However,the time and economic cost of deploying the network to establish the connection with the sink will be relatively high,so this system is hardly used on some scenarios such as urgent events and scenarios without complete infrastructure.Thus,many researchers have proposed more flexible and convenient data collection schemes.For example,BONOLA et al.[19]proposed a method of data collection using opportunistic routing through mobile vehicles(MVs),and in this way,the roadside is deployed with sensing devices to monitor the status of street lights,smart trash cans,and roads and bridges on demand.With this solution,the sensing hardware will be simple,only a short-distance wireless communication capability be required,and installing expensive 5G communication hardware be not necessary[19].The reason is that,in a smart city,there are a large number of MVs moving on the roads of the city,and when the MVs pass through the communication range of sensing devices,they can collect data and transmit the data to the cloud through 5G communications. In the research of HUANG et al.[20],numerous deployed sensor nodes can also self-organize into a network;the nodes on both sides of a road act as gateways,which are responsible for converging the entire network,and pass data to the cloud through MVs[21].Therefore,this method may be widely used in smart cities.More related studies have been conducted[22–24].In fact,except MVs[25–27],smartphones,tablets and smart watches can also act as data collectors[28].They are called mobile edge users(MEUs)in the research of WANG et al.[28].Because these MEUs have 5G communication capabilities,they can communicate directly with the cloud.The MVs are only on the road,but there are multiple types of MEUs in the market[28]with a wider moving range.When these MEUs pass through sensing devices with weak communication capabilities,they can collect data from sensing devices within their communication range and relay the data to the cloud.The use of MVs for data collection[19]is also a form of data collection approaches using MEUs.Therefore,in this paper,MEU is the general term for the devices that have 5G communication capabilities to perform data collection in a relay mode,and sensing devices or sensing nodes refer to a type of simple hardware that can only communicate over a short distance and needs to rely on MEUs to relay data to the cloud.

In order to incentivize MEUs to collect data,the incentive mechanism[29]is widely used,which enables cloud to initiate data collection tasks,grant a reward for collecting data,and incentivize MEUs to collect data[29].This mechanism simplifies the deployment requirements of sensing devices and many sensor devices can be deployed on demand without 5G communication capabilities.Therefore,it facilitates a dramatic cost reduction of numerous sensor devices[30].Moreover,the data collected by these sensing devices will be reported to the cloud through a huge number of MEUs,rather than specifically deploying a network for device connection.Such a system based on the incentive mechanism has strong adaptability and has been widely studied and used.

However,in such applications,the pivotal point is how to ensure the security of data collection.The factors affecting the security of data collection mainly come from MEUs and sensing devices[28,30].The impact of MEUs on the security of data collection is mainly manifested in some MVs reporting false data in order to obtain rewards,and there are even some malicious MVs that deliberately report offensive data,making data-based applications unusable[20–22].For sensing devices,due to their simple hardware design,they are vulnerable to face attacks.Once these sensing devices are attacked,various problems will occur.For example,a black hole drops the data packets that are passing through it,so that the cloud platform cannot receive data[30].According to statistics,there are more than 30 types of attacks on the sensing network,and these attacks will generate false data,tamper with data,or block the collection of data to damage the network[30].Therefore,how to create a safe and clean environment of data collection as well as collecting authentic and credible data is a challenge deserved to concern with.

Although the use of MEUs is a cost-effective method[20],it is more challenging to ensure the security of data collection in such a data collection mode.In addition to the inherent unsafe factors in sensing devices,the use of MEUs for data collection may bring more threatening factors[15].In particular,MEUs participate in data collection voluntarily with no identification,so it is difficult to ensure that MEUs are trustworthy in such an open-ended network environment[24].What is more serious is that it is incredibly hard to verify whether the data reported by MEUs are true,which is known as an information elicitation without verification(IEWV)problem[31].Due to the IEWV problem,even if the MV report reports false data in order to obtain rewards,it is difficult to verify the data.

Using a credibility mechanism to choose trustable MVs for data collection is a feasible method.Because credible MVs will truthfully report the collected data,selecting credible MVs for data collection can improve the authenticity of the data[9,15].However,as mentioned earlier,it is difficult to verify the authenticity of data reported by MVs[32];similarly,it is also difficult to identify the trustworthiness of MVs.In addition,for the sensing network,it is a major challenge to identify the credibility of these sensing devices[22,24].For a sensing network far from the edge of the network,it is very difficult to detect data attack[32].Thus,we make the first attempt to deal with this challenge.In this paper,we propose a novel scheme that uses unmanned aerial vehicles(UAV)to detect the trust of sensing devices and MEUs(UAV-DT)to construct a clean data collection platform for SCS.The main contributions of this article are as follows:

1)We propose a framework using UAV to detect the trust of sensing devices and MEUs.In the proposed framework,the UAV is sent to the sensing network,deliver check codes to some selected sensing devices,and is required to route the code to the designated destination node.At the same time,the UAV collects information about data packets sent from sensing devices within a time span when passing through the sensing network.In this scheme,the checking code can act as a base truth indicator.If the UAV or cloud does not receive the verification code on the time that it should receive it,it can indicate that the verification code has been attacked during the data collection process.In this way,the IEWV problem that exists in this type of network can be effectively solved.

2)We propose an effective approach to sensing devices and MVs credibility computation.This method can construct a trusted data collection network environment.The information collected by the UAV will be checked by the cloud platform in two aspects to verify the credibility of sensor devices.On the one hand,the platform will check whether there is an anomaly in the data packet routing process for trust evaluation.It mainly checks whether the upstream and downstream nodes of the sensing devices receive and send data packets abnormally and therefore provide a performance evaluation about the trustworthiness.Besides,the data packets submitted by the sensing devices to the MEUs and those submitted by the MEUs to the platform will be checked and compared to verify the trustworthiness of the MEUs.On the other hand,according to the designed routing path of the verification code,it checks whether the verification code is successfully routed from the originated nodes to the MVs,and then submits the message to the cloud,which improves the trust of these sensing devices and MVs.The credibility computation method proposed in this paper enables accurate verification.

3)Based on the proposed framework,we propose a data collection strategy based on credibility magnitude and incentivation mechanism.The simulation results show that the proposed UAV-DT scheme can identify the credibility magnitude of sensing devices and MEUs,and the amount of clean data collected has been proportionally incremented.The classification rate for trusted sensing devices is as high as 98.9%.Meanwhile,a data collection rate of 89.9%on average can be achieved.

2 Related Work

To protect the security of networks in smart cities,various safety mechanisms,e.g.,cryptographic schemes,authentication mechanisms and secure storage,were proposed in the past.However,using a trust-based model,the trust evaluation mechanism has the advantages of efficiency,lightweight and low overheads.The trust models that have been proposed provide a better choice in terms of network security and safety.

In general,the trust-based evaluation mechanisms for network security can be classified into two categories:the centralized and distributed.For the former,the trust value of nodes can be calculated by themselves.KIM and SEO[33]have proposed a trust computation method using fuzzy logic(TCFL)for WSN.They suggest a trust model using fuzzy logic in sensor network,in which trust is an aggregation of consensus given a set of past interaction among sensors.They calculate the trust value of the path through the trust of the nodes,then the path with the highest trust value is selected to transmit data packets[33].However,in the great majority of applications,smart network system is distributed with a large number of nodes and a node in the system only focuses on the trustworthiness of its neighbor nodes.Besides,centralized approaches always make high energy consumption.

A distributed mechanism,the beta-based trust and reputation evaluation system for wireless sensor networks(BTRES),is proposed in Ref.[34].BTRES is based on monitoring nodes’behavior and beta distribution is used to describe the distribution of nodes’credibility.Another distributed trust computation scheme,the parameterized and localized trust management scheme(PLUS),is proposed by YAO et al.[35].In PLUS,each sensor node maintains highly abstracted parameters,and rates the trustworthiness of its interested neighbors to adopt appropriate cryptographic methods,identifing the malicious nodes and sharing the opinion locally.Distributed mechanisms have obvious disadvantages as well,which include the excess energy node and time costs due to the cooperation and communication with neighbors and increasing memory costs with the increase of network density caused by the lack of centralized management.

To overcome the defects above,WANG et al.[28]propose a crowdsourcing mechanism for trust evaluation based on mobile edge computing.In this mechanism,through close access to end nodes,mobile edge users can obtain various types of information of the end nodes and determine whether the node is trustworthy.HUANG et al.[20]propose a novel baseline data based verifiable trust evaluation scheme,called BD-VTE,similar to the scheme in Ref.[28].In BD-VTE,the trust of MVs is evaluated by sending UAVs to perceive IoT devices data as baseline data.

3 System Model and Problem Statement

3.1 System Model

Fig.1 shows the SCS network model used in this paper.Our model includes sensing devices,MEUs and UAVs.The following is the description and symbol definition of each role.

1)Sensing devices

As shown in Fig.1,the SCS,the IoT devices are treated as sensor nodes and constitute the sensor network.There areNsensor nodes deployed in the network.The set of nodes is represented byV={1,2,...,N},and the sensor nodes perceive the environment in the city,output data and transmit them to the outside.A small number of nodes may be attacked and become malicious nodes,which is manifested as deliberate packet loss during data transmission.Suppose the number of malicious nodes isKand the set of malicious nodes is represented byM={1,2,...,K}.

2)Unmanned aerial vehicles

The role of the UAVs is a bridge between the sensor network and the external network and they can communicate directly with the data center in the cloud.The UAVs can distribute the verification packets generated by the data center to the sensor nodes for transmission and directly check the transmission status of the nodes.In the scenario shown in Fig.1,the UAVs pass the verification packet with a check code to a starting node,and then the node transmits it according to a certain routing rule.

3)Mobile edge users

▲Figure 1.Sensor-cloud system model

The number of MEUs with strong communication and storage capabilities distributed in the city far exceeds sensing devices.The MEU acts as a data collector in the system model and can directly communicate with the sensor node to obtain the data packet transmitted to the node.There is a total ofLMEUs in the system,and their set is represented byU={1,2,...,L}.Each MEU has its own active range,which is abstracted as a circle whose radius isr i,and the abstract model of MEU is widely used by many researchers[28–29].Within a certain period of time,the MEU can collect the data of all nodes covered in its active range,which means that the active range of the MEU indirectly refers to its ability to perform data collection tasks.

4)Transmission model

Considering communications between sender noden1and receiver noden2,letp n1denote the transmitting power ofn1,andh n1,n2denote the channel gain betweenn1andn2.The channel gain follows the Rayleigh distribution.The distance betweenn1andn2is denoted byd n1,n2,and the channel attenuation factor and Gaussian channel coefficient are donated by?andh0,respectively.Therefore,the channel gain holds as:

And the transmission rate between the sender noden1and receiver noden2can be denoted according to Shannon equation:

whereBdenotes the bandwidth,N0denotes the power spectral density of additive Gaussian white noise,andp0denotes the interference caused by reusing identical spectrum resources.

3.2 Problem Statement and Relevant Definition

The previous study has shown that using MEU can infer the trust value of the node according to its various states,e.g.,the communication behavior,remaining battery,data content of target node,and so on[28].In practice,it is difficult to obtain such information directly through the MEU,while obtaining data indirectly by monitoring neighbor nodes will add additional communication burden to each node,which will greatly reduce the life of the entire network.Due to the above limitations,it is unrealistic to directly or indirectly obtain the status of a node.Another problem that needs to be solved is the lack of an effective mechanism to ensure the authenticity of the data uploaded by MEUs.Therefore,we need to distinguish trusted nodes from malicious nodes in the network in an effective and realistic way.In general,when the nodes in the sensor network transmit data packets,trusted nodes can complete the data transmission task well.Occasionally,packet loss will occur when the network fluctuates greatly and the integrity of the data will not change significantly.However,malicious nodes will frequently drop packets or tamper with data,which will compromise the validity of the data.Meanwhile,as the third-party data collector,the credibility of MEU also needs investigating.It is also necessary to distinguish between trusted and malicious MEUs and hire trusted users to complete data collection tasks,thereby ensuring the quality of the collected data by MEUs.Thus,in this paper,the MEU that plays the role of data collector is regarded as a mobile node and it is referred to as a node with sensing devices when there is no special distinction.We also need to minimize the cost of evaluating and classifying nodes.Hiring MEUs for data collection is the main cost of the system.Therefore,the data center should adopt an efficient MEU incentive mechanism to hire a set of trusted MEUs to complete data collection tasks with high quality.This paper reflects the performance of system through the following trust indicators and overall costs:

1)Difference of trust values between normal and malicious nodesD，which is defined as

2)The discrimination rate of trusted nodes Rtand discrimination rate of malicious nodes Rmare defined as

These two indicators refer to the ratio of the correct number of nodes judged to be trustednum tˉand the total number of trusted nodesnumt,and the ratio of the correct number of nodes judged to be maliciousnum mˉand the total number of malicious nodesnum m.Both Rtand Rmreflect the system’s ability to classify nodes.Then,the goals of our strategy include Max(Rt)=and Max(Rm)=maxas well.

3)Total cost of systemΡis defined as

wheref i,jindicates whether the user labeledjin the data collector setUin theith round participates in the data collection task;f i,j=1 indicates that the user participated in the data collection task,otherwisef i,j=0 means not;p i,jrepresents the remuneration received by the user labeled asjin the data collector setUin theith round;Lirepresents the number of nodes that need UAVs to inspect in theith round andvrepresents the cost of UAV verification of one node.Therefore,one of the purposes of our strategy is Min(P)=.

In summary,all objectives in this paper are shown in Eqs.(7)–(10).

The notation of parameters in the model and for problem statement is shown in Table 1.

4 Proposed UAV-DT System

In this part,we present our UAV-DT scheme.The proposed scheme is divided into three parts:the UAV-assisted trust verification mechanism,trust reasoning mechanism based on communication behavior,and incentive mechanism based on cost performance and trust.

4.1 UAV-Assisted Trust Verification Mechanism

The most critical part of our scheme is to evaluate the trust value of nodes in the SCS,thereby distinguishing between trusted and malicious nodes.We propose a UAV-assisted trust verification mechanism to determine whether the communication behavior of the node is normal.

The mechanism is divided into four stages:generation and distribution of verification packets,result gathering of the tail node,review of data collection tasks,and verification of a suspect path.In each stage,UAVs play an important role.

At the beginning,the sensor network shown in Fig.2(a)is untested.The following is an introduction to the four steps:

1)Generation and distribution of detection packets

At this stage,the UAV selects a certain number of source nodes in the network as the start of data packet delivery.Our trust evaluation is conducted in multiple rounds,so the trust value of a node will change after each round of calculation.In this process,when the trust value of the node is higher than σmax,the node is judged to be trusted.On the contrary,when the trust value of the node is lower thanσmin,the node is considered untrusted.Therefore,our criterion for selecting a source node is the node whose trust value is betweenσminand σmaxin the suspicious state.

▼Table 1.Parameters in System Model and Problem Statement

As Fig.2(b)shows,after a source node is selected,it is necessary to determine the route of the detection data packet transmission.We use the low-trust node diffusion strategy shown in Fig.3 to generate the transmission path of the data packet.Starting from the source node,when determining the next hop node,the current trust value of each neighboring node is considered;the node that is closest to the initial trust valueσ0is selected and the task is refused to repeat.It will be ensured that each node in the network receives a certain number of inspections.

▲Figure 2.Using UAV to detect the trust of sensing devices and MEUs(UAV-DT)

▲Figure 3.Route generation strategy

The generation and distribution process of the verification data packet can be summarized in Algorithm 1.

Algorithm 1.Generation of detection packet algorithm Input:R,T,σmax,σmin,σ0,V Output:S 1:Initialize i ter out=0,S=?2:While iter o utσmin 5: ρ=ρ∪n 6: node cu r=n 7: node source=n 8: iter in=0 9: While i ter in

12: nod e cur=nxt 13: iter in=it er in+1 14: End While 15: nod e end=node cu r 16: Generate check packet p=(node source,nod e end,ρ)17: S=S∪p 18: iter out=iter out+1 19:End While 20:Return S

Algorithm 1 shows the process of multiple rounds of verification data packet generation and routing distribution.The input of the algorithm includes the number of verification task roundsR,the number of verification data packets in each roundT,three constants related to trust value and node setsV.The outer loop(Lines 2–19)represents each round of verification tasks,and at the beginning of each mission,the system randomly chooses source nodeninV.Then,the system generates a route for each verification task in the inner loop(Lines 9–14).Finally,the verification task setSis output.

2)Result gathering of the tail node

When the route of the verification packets is determined,the UAV distributes the data packets to the source node,and the packets are transmitted to the tail node in turn according to the routing path.

Then,we only need to collect the delivered data packets at the tail node to confirm whether there is any node loss behavior on the delivery path of the data packets.As shown in Fig.2(c),MEUs are hired as data collectors to perform data collection tasks at the end nodes and hand data over to the data center in the cloud for further processing.

3)Review of data collection tasks

Since the data collector is not necessarily credible,we still need to further verify the validity and completeness of the data collector’s collection results.

Obviously,not all collected results need to be verified.When issuing data collection tasks,the system clarifies which data packets at the sensing devices need to be collected,and the data collector does not know the content of the data packet and its check code in advance.Therefore,in the case that the verification packet is normally delivered to the tail node,we can consider that the result of this collection must be credible and no further confirmation is required if the submitted by the data collector is consistent with the original packet and is accompanied by a true verification code.

If a data package uploaded by the data collector is inconsistent with the original package distributed by the UAV,it is necessary to rely on the UAV to recollect the data at the tail node to make a judgment on the communication behavior between the data collector and the sensing devices on the routing path.The UAV compares the original verification packet with the data collected by itself to determine whether the data collector has performed the data collection task honestly,or the verification packet has been modified by one or more malicious nodes during the transmission process.

4)Verification of a suspect path

Through the previous stage,the system knows which verification packets have been modified during the transmission process,and defines such a routing path as a suspected path;that is,malicious nodes may appear on this path.In our system,the UAV checks the communication records of each node along the path,and judges the node(s)where the packet loss has occurred in the transmission process based on these records.

Then,we specifically describe the processing of nodes on the successful transmission path and the verification of suspected path(Fig.4).

As shown in Fig.4,in route path A,the verification packet is successfully transmitted to the tail node,and then collected by the MEUs faithfully,which means a successful transmission path.In this case,all the nodes on the transmission path honestly transmit the verification data packet to the next hop node.The system records the successful communication behavior once for Nodes a,b,c,and d.Since Node e is the tail node,it does not participate in the transmission process,so this verification task cannot perform trust evaluation on it.

▲Figure 4.Successful transmission and suspect paths

On the contrary,after system verification in route path B,the verification data packet collected at the tail node has changed compared with the original data packet,which indicates that there is packet loss behavior by one or more nodes.In the figure,the node marked in orange is the node that has lost packets during transmission.Considering that there are network fluctuations,trusted nodes may also lose packets due to poor network communications,so the system cannot directly determine whether the node that has lost the packet during the data packet transmission is a malicious node,but can only define its communication behavior this time is malicious.According to the transmission result of the data packet,the system records the successful communication behavior for Nodes a,b,and d once,and correspondingly,it records the malicious communication behavior for Node c once.As mentioned above,Node e is the tail node and does not participate in the transmission of data packets.

When the MEU collects data packets at the tail node and uploads them to the data center in the cloud,it may also misrepresent the data.The system will also check the communication behavior of its uploaded data,and record the number of honest uploads and false uploads.As shown in Fig.5,the real active range of an MEU is a light area with a radius ofR1,but it lies to the cloud data center that its active range is the dark area with a radius ofR2.Then the system assigns data collection tasks at four tail nodes,but the MEU only completes three collection tasks.The data at the node at the bottom right is not collected by the MEU because it exceeds its active range and at the same time it lies about a false result.Based on the above,the system will record the honest upload and false upload of the MEU.

After the above four steps finish,one round of a verification task is completed.With the obtained communication behaviors of the nodes and data collector,we can use various trust evaluation methods to calculate their trust values.The next section will focus on describing the trust reasoning mechanism used in our scheme.

4.2 Trust Reasoning Mechanism Based on Communication Behavior

The proposed trust reasoning mechanism in this paper is divided into three parts:the trust value initialization,trust evaluation,and trust state determination(Fig.6).

4.2.1 Trust Value Initialization

At the beginning,when all nodes and MEUs have not been fully checked,we cannot judge whether they are malicious or not,so we give each node the same initial trust valueσ0and record it as a suspect state.After multiple rounds of trust inspection,the trust value of the nodes or MEUs participating in the transmission and collection of verification data packets will change through the trust reasoning mechanism and their status will increase or decrease accordingly.

4.2.2 Trust Evaluation

The trust value is the direct basis for judging whether the nodes and MEUs are malicious or not in our scheme.In our trust reasoning mechanism,two calculation methods are mainly used for trust value evaluation:communication behavior trust and collaborative recommendation trust.

1)Communication behavior trust

In each round of a trust verification task,the transmission of the verification data packet by the participating nodes is a communication behavior,and we can obtain the number of successful and malicious communication behaviors respectively.Similarly,we can also acquire two types of behaviors(honest upload behavior and false upload behavior)of MEUs participating in the data collection task.We can accordingly calculate the communication trust between the sensor nodes participating in the transmission task and the MEUs participating in the collection task,and mark them as(σc omi)wsnand(σcom j)me urespectively,in whichirefers to the label of a sensor node in the node setVand andjrefers to the label of an MEU in the user setU.

▲Figure 5.Mobile edge user(MEU)collects data package

▲Figure 6.Trust reasoning mechanism based on communication behavior

We then record successful communication behaviors of the sensor node and honest upload behaviors of the MEU as positive communication behaviors,and the malicious communication behaviors of the sensor node and the false reports uploaded by the MEU as negative communication behaviors.We use a subjective logic framework(SLF)[36]to describe communication behavior trust and the formula for calculating the trust value is as follows:

whereA=(p+n+1),B=(p+n+1),pis the number of positive communication behaviors of nodei,andnis the number of negative communication behaviors of nodei.

2)Collaborative recommendation trust

As shown in Fig.7,the transmission and collection of a verification data packet involves multiple sensor nodes and multiple MEUs(MEU is regarded as mobile nodes),and these nodes coordinate to complete this verification task.With the packet as an intermediary,a virtual connection is created between the nodes,which is called collaborative recommendation in our scheme.

In our example,the nodes labeled a,b,e and f and the MEUs labeled B and C perform their task honestly,and then there is a positive virtual connection between them.However,the nodes labeled c,d and the MEU labeled A do not complete the task faithfully,so there is a negative virtual connection between them.Similar to the communication behavior trust,the subjective logic framework is used in the collaborative recommendation value calculation,and the formula is as follows:

whereA=(p+n+1),B=(p+n+1),pis the number of positive virtual connections established by nodesiandjin multiple rounds of verification and connection tasks,andnis the number of negative virtual connections.

▲Figure 7.Trust reasoning mechanism based on communication behavior

The collaborative recommendation trust coefficient between nodesiandjisσrec(i,j),but if we want to calculate the recommendation trust value of nodei,we need to synthesize the collaborative recommendation trust coefficients of all the nodes that have virtual connections with it.What’s more,in order to ensure the reliability of recommendation,it is essential to consider the trust of the recommender’s own communication behavior trust.In summary,the calculation formula of the node’s collaborative recommendation trust is as follows:

whereI i,jis a status indicating whether there is a connection between nodesiandj.WhenI i,j=1,there is a connection between the two nodes,otherwise not;σc om jrepresents the communication behavior trust of nodejand takes its own communication behavior trust as the weighting coefficient when nodejrecommends nodei.

Algorithm 2.Algorithm of trust value evaluation(AoTVE)based on communication behavior Input:ρI,V,U,T Output:V^,U^1:Initialize V^=V,U^=U 2:For eachρI,j∈ρI Do 3: Detection packets are transmitted on the routerρI,j 4:End For 5:For each node i∈(V mod∪U mod)Do 6: Calculate h,m of nodei by using the data collector and UAV 7: Calculateσc omi using h,m in Eq.(11)8: Let xi be a collection which node all in router pathρI 9:Q=?10:For each j,i.e.,node j∈x i Do 11: Ifσin t j≠σ0 and∑k=0 rmal node cket loss node rmal mobile edge user(MEU)alicious MEU tection data packet ansmission path of data packet ta collection behavior nest virtual connection lse virtual connection T |B k,i+B k,j|≥2 Do 12: Calculate p,n between nod ei and nod ej 13: Calculateσrec(i,j)using p,n in Eq.(12)14: Q=Q∪{σrec(i,j)}15: End If 16:End For 17:Calculateσrec i using Q in Eq.(13)18:Calculateσint i usingσr ec i,σcom i in Eq.(14)19:If node i in V Do

20: V^(i)=node i 21: Else If nod e i in U Do 22: U^(i)=node i 23: End If 24:End For 25:Return V^,U^

Algorithm 2 is the algorithm of trust value evaluation(AoTV)based on communication behavior for two trust values in the trust reasoning mechanism.Line 11(Ifσint j≠σ0andrestricts the conditions for nodejto recommend nodei.The restriction conditions require that nodejhas participated in the verification task before,that is,the comprehensive trust value is not the initial value(σint j≠σ0),and nodejhas a virtual connection with nodei.For example,suppose that nodeiand nodejperform the task labeled 1 in this round and complete honestly,thenB1,i=B2,j=1.If they do not complete the task honestly,thenB1,i=B2,j=-1.In both cases,is established,then nodeiand nodejform a recommendation relationship with each other.After calculating the communication behavior trust and collaborative recommendation trust,the comprehensive trust of the node is obtained by the following formula:

whereω1andω2are aggregation constants and the best combination is found by subsequent experiments.

4.2.3 Trust State Determination

After each round of trust evaluation,the nodes participating in the task will update the trust value once.We take the comprehensive trust value of the node as the basis for its state judgment and use two constantsσmaxandσminto divide the node into three states.When the comprehensive trust value of the node is greater thanσmax,the node is judged to be trusted.When the comprehensive trust value of the node is less thanσmin,the node is judged to be malicious state,and the node is classified as suspicious when it is in betweenσmaxandσmin.

When a node is classified as a trusted state and a malicious state,for the sensor node,it no longer needs to be verified,but for the MEU,we should continuously verify its credibility because of its strong subjectivity.Besides,the higher the MEU’s comprehensive trust,the higher the probability and rewards that it will be selected for the task.

4.3 Incentive Mechanism Based on Cost Performance and Trust

In our scheme,the final result of the data packet transmitted via the sensor node is to be collected by third-party users to reduce the flying distance of the UAV and improve the efficiency of the system.We use mobile crowdsourcing(MCS)-based data collection scheme and complete the task of data collection by hiring a large number of MEUs distributed in the city.The MEUs have strong data storage capacity,computing power and high mobility.They can complete multiple data collection tasks in a short time and make full use of the idle computing power of the equipment.

However,hiring MEUs needs to consider two aspects.On the one hand,it is impossible for MEUs to unconditionally participate in data collection tasks.Participants hope to get actual rewards from providing data,rather than volunteering to provide data for free.Because the perception of data needs to consume resources such as battery power,computing resources and data flow of participants’mobile devices,the participants in this process also need to pay time and labor.Without proper return,participants are not interested in staying active in the MCS-based network for a long time.On the other hand,we need to select MEUs to participate in the task reasonably and give them appropriate remuneration to make full use of the remuneration budget.In other words,we need to focus on the selection criteria of participants.

▲Figure 8.Reverse auction framework

Therefore,we propose an incentive mechanism based on cost performance and trust.Our incentive mechanism uses a reverse auction framework to describe the relationship between data centers and MEUs.Our mechanism is divided into five steps(Fig.8).At first,the system selects all tail nodes,and sends data collection tasks to idle MEUs according to each round of verification data packets.Then,the MEUs whose active scopes cover the target node give their own quotes and,after the system receives the quotation from the MEUs,it uses Algorithm 3 to select a set of suitable bids,which is recorded as the winning bids set,and determines the reward based on its performance.Subsequently,the selected MEUs perform data collection tasks within the scope of their activities and upload the collected results to the data center.When we design the winning bids set selection algorithm,we consider two selection criteria:

1)The ratio of an MEU’s expected revenue to its data collection capacity.The quotes of an MEU can be expressed as a two-tuplebi d i=(b i,PoI i),in whichb iis the expected reward of the MEU labeled asi,whilePoI irepresents the number of task nodes covered in the active range of the MEU labeled asi.This ratio can directly reflect the cost-effectiveness of the data benefits we can obtain by providing remuneration to users.

2)The comprehensive trust value of an MEU.Not all MEUs are authentic and the data they submit may be biased.We can divide untrusted MEUs into two categories:“Greedy Users”who may report falsehood by exaggerating their scope of activities for their own benefit and“Real Malicious Users”who deliberately misrepresent data,thus affecting the true collection of data packets,and have a certain strategy.

Based on the above two criteria,we designed Algorithm 3.The input of the algorithm includes the MEU bid setBIDand node setV.The output of the algorithm is the winner setSand their payment setP.Then the algorithm uses the greedy method to find the MEU with the maximum sensing performance-price ratio and their trust value in first loop(Lines 3–11).In second loop(Lines 13–26),for each MEU in the winner setS,the algorithm removes the MEU fromSand continues to select other MEUs in------B I Dto joinSˉuntil all the nodes can be accessed.Finally,according to the element inSˉ,the algorithm gets the payment of each MEU.

Algorithm 3.Winning bids set selection and payment determination Input:B I D,V Output:S,P 1:S,P=?2:------B ID=BID 3:While PoI(S)is not contain all node of V Do 4: Select participant u from------B ID by using Eq.(15)5: If PoI({u})?Po I(S)Then 6: ------BID=------B I Du 7: Else 8: S=S∪{u}9: BID=B IDu 10: End If 11:End While 12:-S=?13:For each u∈S do 14: -S=Su 15: While PoI(-S)is not contain all node of V Do 16: Select participant uˉfrom------BID by using Eq.(15)

17: If PoI({uˉ})?Po I(-S)Then 18: ------B I D=------B IDuˉ 19: Else 20: S′=S′∪{uˉ}21: BID=B I Duˉ 22: End If 23: End While 24: Calculate p b by using Eq.(16)25: P=P∪{p b}26:End for 27:Return S,P

Our incentive mechanism uses the following formula to select the current best participant:

Algorithm 3 uses the ratio of the best data benefit in the alternative setS′to calculate the participant’s payment(Lines 12–24).The calculation formula is:

wherer bis expected revenue of participantu b,r jis revenue of participant ofu j,andPo I jis the number of task nodes in the active area ofu j.

5 Performance Analysis

5.1 Experiment Setup

We realized the UAV-DT scheme in Python 3.7 and ran a simulation experiment on IdeaPad Air 14 with 16 GB 2 133 MHz LPDDR4 RAM,whose CPU parameters is 2.10 GHz AMD Ryzen 5 4600U with Radeon Graphics.

▼Table 2.Experimental parameters

The important parameters used in our experiments are listed in Table 2.Each experiment was carried out in a network area of 100×100 m2,where 1 000 smart devices and 500 MEUs were randomly deployed.We randomly created 20 different network scenarios in total and ran them once in each experiment.The results were averaged to ensure the robustness of our strategy in different network scenarios.

For a normal sensor device,there was a small probability of packet loss in the process of transmitting data packets due to network fluctuations.However,a malicious sensor device would deliberately discard a part of the data packet with a greater probability.We gave 5%and 20%probabilities for two different packet loss situations,which were reflected in the form of random functions in the simulation experiments.In the simulation,the data MEU reported had a 10%–40%probability of being false.

In the experiments,70 rounds of verification tasks were carried out in each scenario,and in each round,we used the drone to release 30 data packets starting with random sensor device.The length of the routing path of each packet was fixed to 10 nodes.

5.2 Discrepancy of Trust Values

In our scheme,the communication behavior trust and collaborative recommendation trust are aggregated into integration trust,then whether a behavior is malicious or not is determined by setting two thresholds(σmaxand σmin),which involves two aggregation coefficientsω1andω2.

In the discrepancy experiments,we set five sets of coefficients to test the effect of different coefficients on the discrepancy of trust values.We set1=(0.5,0.5),2=(0.6,0.4),3=(0.7,0.3),4=(0.4,0.6),and5=(0.3,0.7),and guaranteedω1+ω2=1.Besides,since the optimal classification threshold has not been determined,so our experiments did not classify nodes.

Fig.9(a)shows that after 70 rounds of verification tasks are completed,the values of discrepancy between normal and malicious nodes in each set of experiments are in the interval between 0.5672 and 0.5916.Obviously,when we set=3=(0.7,0.3),the discrepancy reaches a peak,equal to 0.5916.The result shows that our scheme has a high degree of discrimination between normal and malicious nodes and the discrepancy between the two reaches a high value.Thus,we still use this set of aggregation coefficients in subsequent experiments.

We continue to advance the discrepancy experiment subsequently and Figs.9(b),9(c)and 9(d)show the discrepancy of communication behavior trust,collaborative recommendation trust,and integration trust between normal and malicious nodes.The three trust values of normal nodes are 0.916,0.735 and 0.864 after 70 rounds of verification tasks,and the three trust values of malicious nodes are 0.684,0.513 and 0.633.Compared with collaborative recommendation trust,the curve of communication behavior trust is smoother and the convergence speed is faster.After 20 rounds,the average of discrepancy in communication behavior trust has reached a high level.In terms of collaborative recommendation trust,the numerical curve has fluctuations in 70 rounds.As shown in Fig.9(c),the average trust of normal nodes is not high enough so that the distinction between the two is not obvious.

The following is the conclusions of this group of experiments:

1)It is reasonable to trust a higher aggregation coefficient for communication behavior trust,and when the classification thresholds(σmaxandσmin)are not set,we use the communication behavior trust to distinguish normal nodes from malicious nodes clearly.

▲Figure 9.Influence of different parameters on the average trust between normal and malicious nodes

2)The verification effect of communication behavior trust and collaborative recommendation trust can still be further optimized.We set classification thresholdsσmaxandσmin,and the system excludes the nodes that can be clearly identified as the trustworthy or malicious from subsequent tasks,so that the left nodes with doubtful status(that isσmin<σint i<σmax)can get a chance to be verified.

From Fig.9(d),we can clearly see the average integration trust of normal nodes is 0.864 and has a slight upward trend.The average integration trust of malicious nodes is 0.231 and has a downward trend stably.Then we use 0.85 and 0.25 as the central values to find the best classification thresholds.

5.3 Discriminant Rate of Normal and Malicious Nodes

In this section,we set two groups of thresholds to conduct classification discrimination rate experiments.We use 0.85 and 0.25 as the central values of two groups=0.85,=0.25),and find the best value in the interval between the upper and lower domains is 0.1.Then the interval ofσmaxis+0.05)and the interval ofσminis0.05,+0.05).

As shown in Fig.10,in the first three sets of experiments,the discrimination rates of trusted nodes converge quickly and the final result is around 0.988,which means the correct discrimination rate of trustworthy results reaches 98.8%.Even if the result of the last set in more stringent conditions reaches 0.930,the correct discrimination rate can reach up to 93%.The results of the experiments on the discrimination rate of malicious nodes are shown in Fig.11.The discrimination effect of groups 2–5 is better and the final discrimination rate is between 0.821 and 0.933.Under the most stringent threshold conditions,whenσmin=0.20 in the experiment,the discrimination rat is still higher than 65%.

From the experimental results,it can be seen that our scheme has excellent effect and robustness on the recognition ability of trusted and malicious nodes,and can obtain a high recognition rate even after 20 rounds.Then we chooseσmax=0.85 andσmin=0.30 as the best thresholds for our system to classify nodes.The node labeled asiwill be treated as a trusted node whenσin t i>(σmax=0.85)and a malicious node whenσint i<(σmin=0.30).

Under the best classification threshold,the classification results are shown in Fig.12.Trusted and malicious nodes are thoroughly classified after 30 rounds.Finally,the classification rate of trusted nodes is as high as 98.9%,while the classification rate of malicious nodes also reaches 94.2%.In other words,only 15 nodes are still in doubt status after 70 rounds in our simulation environment.

After the best classification thresholds(σmax=0.85 andσmin=0.30)are set,we repeat the experiment in Section 5.2 withω1=0.7 andω2=0.3.As shown in Figs.13(a),13(b)and 13(c),our scheme has a good improvement on the trust evaluation ability of nodes after setting the classification thresholds.

In terms of communication behavior trust,the average trust of normal nodes,the average trust of malicious nodes and the discrepancy between normal and malicious nodes are 0.929,0.241,0.688 respectively,which are slightly improved.In terms of collaborative recommendation trust,the average trust of normal nodes,the average trust of malicious nodes and the discrepancy between normal and malicious nodes have changed from 0.735,0.222,and 0.513 to 0.890,0.282 and 0.608,respectively.The discrepancy has increased by 18.5%,which means that the evaluation effect of collaborative recommendation trust has been improved.Combining the above two types of trust,the result of discrepancy in integration trust has increased by 4.8%.

Based on the experiments,we determine the classification thresholds for node classification in our scheme,and the results prove that the node classification ability of the system is very significant.

5.4 Collection Rate

▲Figure 10.Discrimination rate of trusted nodes

▲Figure 11.Discrimination rate of malicious nodes

▲Figure 12.Discriminative ability under the optimal classification threshold

In our network scenario,there are some malicious nodes,which randomly discard some data packets passing through it with a certain probability.In this section,we generate the same number of regular data packets as the verification data packets,transmit them on the network,and hand them over to the MEU for collection.In contrast,we also simulated the collection of regular data packets in the original network scenario without our scheme,which is usually called unverified network.

▲Figure 13.Trust evaluation capability under the optimal threshold

The results are shown in Figs.14 and 15.In our scheme,the collection rate curve first rises quickly and stabilizes in a very high value range,while the collection rate curve fluctuates at a relatively low position in the unverified network.After 14 rounds(when the most nodes in the network are classified),the collection rate of our scheme stays within the range 0.88 to 0.92,and the collection rate of unverified network maintains between 0.78 and 0.82.The average of the former is 0.899,while that of the latter is 0.808,that is,our scheme improves 11.2%compared with the unverified network.

From another perspective,in our network scenario,there are two main reasons for packet loss:network fluctuations and the malicious node that deliberately loses packets.We also conducted two comparative experiments on the causes of packet loss.

▲Figure 14.Collection rate

As shown in Fig.15,the proportions of the packet loss ratio caused by network fluctuations and malicious nodes are relatively stable in multiple rounds of experiments in the unverified network.The former is 26.6%in average and the latter is 73.4%correspondingly.In our scheme,the proportions of the two keep changing with the increase of rounds and the proportion of malicious nodes intentionally losing packets is slowly decreasing from 0.638 to 0.468.

From the above experimental results,it can be seen that our scheme effectively detects a large number of trusted nodes and malicious nodes in the network,thereby avoiding malicious nodes during data packet transmission and improving the collection rate of data packets.

5.5 Cost

▲Figure 15.Rate of packet loss

In this section,our experiments compare the winning bids set selection algorithm in our scheme with the conventional greedy algorithm(Fig.16).The total cost of our system is divided into two parts:the cost of hiring MEUs and additional costs(the cost of sending drones for additional verification).We assume that the cost of each additional verification by the drone is as five times much as the cost of hiring an MEU.

According to the experimental results,the cost of hiring MEU in each round is much higher than the cost of additional verification of drones.The reason is:in our network scenario,there are more normal IoT devices than malicious ones and the frequency of transmission errors is relatively low compared to the total number of transmissions.Therefore,the cost of the system is mainly focused on hiring MEUs.In addition,it is obvious that the cost of our scheme for hiring MEUs is lower than that of the greedy strategy,with an average reduction of 23.4%.Although the additional costs are slightly higher,our scheme is still the best in terms of total cost,with an average reduction of 10.7%.Our UAV-DT scheme spends significantly less on employment than the greedy strategy.The greedy strategy does not consider the trust value in the selection range when selecting MEUs to participate in the data collection,which causes the suspected path shown in Fig.4.This will inevitably lead to an increase in the cost of using UAV for review.On the contrary,UAV-DT uses the trust value of MEUs as the selection criterion shown in Algorithm 2.

6 Conclusions

In this paper,we propose a low-cost and efficient UAV-DT security scheme,including the UAV-assisted trust verification mechanism,incentive mechanism based on cost performance and trust,and trust reasoning mechanism based on communication behavior.By continuously verifying the trust of the nodes in the network,the trusted and malicious nodes can be quickly distinguished by comparing their trust values.

Our experimental results show that our security scheme has high discrimination for malicious nodes,and provides an effective solution to efficient and safe data collection in the city.

▲Figure 16.System Costs

However,we did not use a good path planning scheme in the UAV broadcast verification packet stage and the UAV secondary inspection stage.Further studies are needed in future and we will focus on how to develop an efficient UAV flight path in the future research.