G.Chen et al. Computer Networks 190 (2021)107952 reduced.In order to effectively avoid the negative impact of these trust mouthing attacks,ballot stuffing attacks,selective misbehavior attacks related attacks,these bad recommendations can be regarded as outliers and on-off attacks.We also explain these attacks in detail in Section 2.2 and detected by outlier detection methods.Therefore,the trustor can and our trust model can resist these trust related attacks effectively.In use a recommendation filtering algorithm based on outlier detection the next paragraph,we introduce some specific trust models and their methods to eliminate these bad recommendations when evaluating the advantages and limitations. recommendation trust of trustees.In this subsection,we introduce some Chen et al.[18]clarified the concept of trust and reputation in common outlier detection methods and then we will compare and IoT and proposed an IoT trust management model based on fuzzy analyze these methods in Section 5.2.1 so as to explain why we choose theory.But in their model,a trustor cannot evaluate trustees without k-means to filter out bad recommendations. direct interactions.To solve this problem,our trust model adopts the recommendation trust evaluation to help the trustor calculate the trust Grubbs'test:Grubbs'test which was proposed by Grubbs et al. [11]is a statistically based outlier detection method.It is used to value of trustees indirectly.Nitti et al.[19]proposed two types of trust models:subjective model and objective model.In the subjective detect outliers in one-dimensional data under the assumption that model,each trustor calculates and stores the trust value of trustees the data is generated by a Gaussian distribution.It calculates the itself.In the objective model,a distributed hash table is designed for z score of each data instance and compares the z score with the storing the information of each node.But these two trust models are threshold.The z score is calculated by dividing the absolute value susceptible to malicious nodes in the network.Considering that the of the difference between the data instance and the average value trust evaluation is sensitive to context,Saied et al.[20]designed a of the data by the standard deviation of the data.A data instance context-aware and multi-service approach to trust management.The whose z score greater than the threshold will be regarded as an model selects a certain number of historical trust values to calculate outlier. the current trust value.But it is difficult to quickly evaluate the Box plot:Box plot [12]is a simple statistical technique to detect trustworthiness when there is not enough trust related information.To outliers in one-dimensional and multi-dimensional data.It first solve this problem,Xia et al.[21]designed a kernel-based nonlinear calculates the Inter Quartile Range(/OR)which is the difference multivariate gray prediction model to predict the direct trust which between the first quartile(O)and the third quartile(O3).Then, needs a small amount of historical information.Experimental results data instances greater than 3+1.5 /OR or less than 01-1.5 indicate the accuracy and convergence rate of the trust model.But,the IOR will be regarded as outliers. proportion of malicious nodes is only 30%in their experiments.Our Isolation forest:Isolation forest was brought by Liu et al.[13] trust model is still accurate when the proportion of malicious nodes is and can be viewed as the unsupervised counterpart of decision as high as 70%. trees.An isolation tree is generated with a given sample set by Some work brings social attributes to the IoT.A comprehensive recursively choosing one random attribute and one random split model was proposed in [22]and used the social relations of users on value of the data on every tree node until the height limit is the real social platform to establish the social relationship among nodes reached or the terminal leaf contains one distinct data instance. so as to make the experimental results more persuasive.Chen et al.[9] The principle is that outliers have a higher chance of being divided trust into three types based on social attributes:honesty,coop- isolated on an earlier stage than normal data instances.Hence, eration and community-interest.The trust model separately calculates outliers are expected to have a shorter height in the isolation the three types of trust and combines them according to the actual trees. scenario.However,it needs a large number of experiments to determine Local outlier factor(LOF):LOF [14]is a well-known approach the best weight.When the trustor and the trustee do not interact with that first introduced the concept of local outliers.The LOF score each other directly,recommendations are important to trust evaluation. for a data instance is based on the average ratio of the instance's Xia et al.[23]proposed a trust model that divides recommendations neighbors'density to the instance's density.For a normal instance into direct recommendations and indirect recommendations and uses lying in a dense region,its local density will be similar to that of direct trust and similarity value to calculate the weight of the two its neighbors,while for an outlier,its local density will be lower types of recommendations.But their work lacked security analysis of than that of its neighbors.Hence,LOF scores of normal instances their model.To avoid the impact of bad recommendations,a trust are close to 1 while outliers'LOF scores are much greater than 1. model with clustering technique was proposed in [5]to dynamically DBSCAN:DBSCAN [15]is a density-based clustering algorithm filter out attacks related to bad recommendations.Similarly,Chen and can be used as an outlier detection method.It has two user- et al.[6]developed a trust management system that adopts distributed specified parameters that determine the density of the data and collaborative filtering to select feedback and uses social contacts as it autonomously determines the number of clusters.Users can filters.However,they did not illustrate how to establish social contacts determine which clusters of data instances are outliers according between nodes.Same as above related work,our model adopts a to the rules set in advance by themselves. recommendation filtering algorithm to filter out bad recommendations k-Means:k-Means [16]is another clustering algorithm and can provided by malicious recommenders.Besides,our model considers also be used for outlier detection.k is the number of clusters and three important factors:direct trust,similarity value and confidence needs to be specified by users in advance.Similar to DBSCAN, level to further reduce the impact of bad recommendations. users can determine which clusters of data instances are outliers Machine learning based trust models have been proposed in re- according to their own rules. cent years.A trust model based on SVM and k-means was presented in [24]to classify the extracted trust features and combine them to 3.Related work produce a final trust value,whereas it is only valid in some situations. Caminha et al.[25]proposed a smart trust management method that In this section,we survey recently proposed trust models for en- can detect on-off attacks.However,this method cannot resist collusion hancing the security of IoT systems.Guo et al.[17]published a survey attacks such as bad mouthing attacks.A trust evaluation method based and presented a classification of trust models for IoT and this classi. on usage scenarios was presented in [26].The authors believed that fication contains eight classes based on five trust design dimensions: the trustworthiness of the service provided by the target node varies trust composition,trust propagation,trust aggregation,trust update according to the scenario in which the service is used and they used and trust formation.The trust model we propose also involves these neural network training to obtain the trustworthiness of the service. five dimensions.Furthermore,they presented trust related attacks that Alshehri et al.[7]proposed a clustering-driven intelligent method can perturb the trust computation models:self promoting attacks,bad that can filter out dishonest recommenders.In addition,BoudagdigueComputer Networks 190 (2021) 107952 3 G. Chen et al. reduced. In order to effectively avoid the negative impact of these trust related attacks, these bad recommendations can be regarded as outliers and detected by outlier detection methods. Therefore, the trustor can use a recommendation filtering algorithm based on outlier detection methods to eliminate these bad recommendations when evaluating the recommendation trust of trustees. In this subsection, we introduce some common outlier detection methods and then we will compare and analyze these methods in Section 5.2.1 so as to explain why we choose 𝑘-means to filter out bad recommendations. • Grubbs’ test: Grubbs’ test which was proposed by Grubbs et al. [11] is a statistically based outlier detection method. It is used to detect outliers in one-dimensional data under the assumption that the data is generated by a Gaussian distribution. It calculates the 𝑧 score of each data instance and compares the 𝑧 score with the threshold. The 𝑧 score is calculated by dividing the absolute value of the difference between the data instance and the average value of the data by the standard deviation of the data. A data instance whose 𝑧 score greater than the threshold will be regarded as an outlier. • Box plot: Box plot [12] is a simple statistical technique to detect outliers in one-dimensional and multi-dimensional data. It first calculates the Inter Quartile Range(𝐼𝑄𝑅) which is the difference between the first quartile(𝑄1 ) and the third quartile(𝑄3 ). Then, data instances greater than 𝑄3 + 1.5 ∗ 𝐼𝑄𝑅 or less than 𝑄1 − 1.5 ∗ 𝐼𝑄𝑅 will be regarded as outliers. • Isolation forest: Isolation forest was brought by Liu et al. [13] and can be viewed as the unsupervised counterpart of decision trees. An isolation tree is generated with a given sample set by recursively choosing one random attribute and one random split value of the data on every tree node until the height limit is reached or the terminal leaf contains one distinct data instance. The principle is that outliers have a higher chance of being isolated on an earlier stage than normal data instances. Hence, outliers are expected to have a shorter height in the isolation trees. • Local outlier factor(LOF): LOF [14] is a well-known approach that first introduced the concept of local outliers. The LOF score for a data instance is based on the average ratio of the instance’s neighbors’ density to the instance’s density. For a normal instance lying in a dense region, its local density will be similar to that of its neighbors, while for an outlier, its local density will be lower than that of its neighbors. Hence, LOF scores of normal instances are close to 1 while outliers’ LOF scores are much greater than 1. • DBSCAN: DBSCAN [15] is a density-based clustering algorithm and can be used as an outlier detection method. It has two user￾specified parameters that determine the density of the data and it autonomously determines the number of clusters. Users can determine which clusters of data instances are outliers according to the rules set in advance by themselves. • 𝑘-Means: 𝑘-Means [16] is another clustering algorithm and can also be used for outlier detection. 𝑘 is the number of clusters and needs to be specified by users in advance. Similar to DBSCAN, users can determine which clusters of data instances are outliers according to their own rules. 3. Related work In this section, we survey recently proposed trust models for en￾hancing the security of IoT systems. Guo et al. [17] published a survey and presented a classification of trust models for IoT and this classi￾fication contains eight classes based on five trust design dimensions: trust composition, trust propagation, trust aggregation, trust update and trust formation. The trust model we propose also involves these five dimensions. Furthermore, they presented trust related attacks that can perturb the trust computation models: self promoting attacks, bad mouthing attacks, ballot stuffing attacks, selective misbehavior attacks and on–off attacks. We also explain these attacks in detail in Section 2.2 and our trust model can resist these trust related attacks effectively. In the next paragraph, we introduce some specific trust models and their advantages and limitations. Chen et al. [18] clarified the concept of trust and reputation in IoT and proposed an IoT trust management model based on fuzzy theory. But in their model, a trustor cannot evaluate trustees without direct interactions. To solve this problem, our trust model adopts the recommendation trust evaluation to help the trustor calculate the trust value of trustees indirectly. Nitti et al. [19] proposed two types of trust models: subjective model and objective model. In the subjective model, each trustor calculates and stores the trust value of trustees itself. In the objective model, a distributed hash table is designed for storing the information of each node. But these two trust models are susceptible to malicious nodes in the network. Considering that the trust evaluation is sensitive to context, Saied et al. [20] designed a context-aware and multi-service approach to trust management. The model selects a certain number of historical trust values to calculate the current trust value. But it is difficult to quickly evaluate the trustworthiness when there is not enough trust related information. To solve this problem, Xia et al. [21] designed a kernel-based nonlinear multivariate gray prediction model to predict the direct trust which needs a small amount of historical information. Experimental results indicate the accuracy and convergence rate of the trust model. But, the proportion of malicious nodes is only 30% in their experiments. Our trust model is still accurate when the proportion of malicious nodes is as high as 70%. Some work brings social attributes to the IoT. A comprehensive model was proposed in [22] and used the social relations of users on the real social platform to establish the social relationship among nodes so as to make the experimental results more persuasive. Chen et al. [9] divided trust into three types based on social attributes: honesty, coop￾eration and community-interest. The trust model separately calculates the three types of trust and combines them according to the actual scenario. However, it needs a large number of experiments to determine the best weight. When the trustor and the trustee do not interact with each other directly, recommendations are important to trust evaluation. Xia et al. [23] proposed a trust model that divides recommendations into direct recommendations and indirect recommendations and uses direct trust and similarity value to calculate the weight of the two types of recommendations. But their work lacked security analysis of their model. To avoid the impact of bad recommendations, a trust model with clustering technique was proposed in [5] to dynamically filter out attacks related to bad recommendations. Similarly, Chen et al. [6] developed a trust management system that adopts distributed collaborative filtering to select feedback and uses social contacts as filters. However, they did not illustrate how to establish social contacts between nodes. Same as above related work, our model adopts a recommendation filtering algorithm to filter out bad recommendations provided by malicious recommenders. Besides, our model considers three important factors: direct trust, similarity value and confidence level to further reduce the impact of bad recommendations. Machine learning based trust models have been proposed in re￾cent years. A trust model based on SVM and 𝑘-means was presented in [24] to classify the extracted trust features and combine them to produce a final trust value, whereas it is only valid in some situations. Caminha et al. [25] proposed a smart trust management method that can detect on–off attacks. However, this method cannot resist collusion attacks such as bad mouthing attacks. A trust evaluation method based on usage scenarios was presented in [26]. The authors believed that the trustworthiness of the service provided by the target node varies according to the scenario in which the service is used and they used neural network training to obtain the trustworthiness of the service. Alshehri et al. [7] proposed a clustering-driven intelligent method that can filter out dishonest recommenders. In addition, Boudagdigue