G.Chen et al. Computer Networks 190(2021)107952 order to implement trust evaluation.Fig.2 illustrates the process of In Eq.(2),denotes the amount of positive feedback provided trust evaluation and the detailed description is as follows: by trustoriabout trusteeat timeanddenotes the amount of negative feedback.e is a time decay function and is a decay (1)Each node periodically sends feedback about the services it has factor that affects the decay rate of the time decay function.m is the received from service providers to its closest TTP via its feedback sender. size of the sliding window.pf and nf are the amount of positive and negative feedback at time t,respectively. (2)Each feedback receiver of the TTP receives feedback from nodes and uploads the feedback to its feedback repository. Another problem we need to solve in the direct trust evaluation is to migrate the risk of on-off attacks.We use a penalty factor to amplify (3)A trustor will use request sender to a send trust evaluation the influence of negative feedback and the trust value of the trustee request to its closest TTP when it wants to obtain the trust value will decrease faster if it provides the trustor with bad service.Trustor of the target trustee. will give negative feedback about the trustee and the weight of negative (4)When a TTP receives a trust evaluation request from the trustor, feedback will be greater with the influence of the penalty factor.Eq.(3) it first searches whether there is feedback about the target is the final formula to evaluate the direct trust. trustee in its feedback repository.If not,it will request feedback about that trustee from other TTPs.The TTP which stores the DT= 唱+1 required feedback will send them back. (3) 号+唱*PF+2 (5)The TTP utilizes the feedback and its trust evaluation module to evaluate the direct trust,recommendation trust and synthesis In Eq.(3),PF is the penalty factor.The calculation of and trust of the target trustee can be found in Eq.(2). (6)After the work of the trust evaluation module,the TTP sends the target trustee's trust value to the trustor through the trust value 5.2.Recommendation trust sender. (7)Finally,the trustor receives the trust value of the trustee and When the trustor does not interact with the trustee directly,it then decides whether to receive services provided by the trustee. lacks essential information to evaluate the trustee's direct trust.At this time,the trustor needs to request recommendations from recom- 5.The proposed trust model menders who have interacted with the trustee before and then uses these recommendations to calculate the recommendation trust of the In this section,we propose the concrete methods used in the trust trustee.Under the trust related attacks,the trustor may receive some model that can evaluate the trust value accurately and steadily in the bad recommendations.To avoid the influence of these attacks,we dynamically hostile environment. propose a recommendation filtering algorithm based on k-means to filter out malicious recommenders.For the recommendations provided 5.1.Direct trust by remaining recommenders after filtering,some important factors are applied to ensure the accuracy of the recommendation trust. We adopt a Bayesian inference model [28]based on beta probability density function to evaluate the direct trust of the trustee.Eq.(1)shows 5.2.1.The choice of k-means the direct trust of trustor i about trustee j. We have already discussed why we need a recommendation filtering a9+1 algorithm based on outlier detection methods in Section 2.3.Now we (1) analyze the applicability of these outlier detection methods according 0+唱+2 to the characteristics of bad recommendations and explain why we finally propose a recommendation filtering algorithm based on k-means In Eq.(1),DT represents the direct trust of trustor i about trustee instead of other outlier detection methods.The bad recommendations j at time t.It is a real number in the range of [0,1]where 1 indicates about the trustee provided by malicious recommenders are often op- complete trust,0.5 indicates uncertainty and 0 indicates complete posite to the ground truth of the trustee.For example,if the ground distrust.denotes the total number of positive feedback given by truth of a well-behaved trustee is 1,malicious recommenders are likely trustor i about trustee j from the beginning of trust evaluation to to give recommendations less than 0.5 to reduce the recommendation current time 1.Similarly,is the total number of negative feedback. trust of the trustee.These behaviors performed by malicious recom- If the services provided by the trustee can meet the requirements,the menders are called bad mouthing attacks.Ballot stuffing attacks are trustor will give positive feedback to the trustee.On the contrary,the just the opposite of these behaviors. trustor will give negative feedback. When the proportion of malicious recommenders is relatively small, We consider the influence of feedback is blunted over time because most of the recommendations received by the trustor are close to feedback from past interactions cannot accurately reflect the current the ground truth of the trustee.The six outlier detection methods status of the trustee.So the weight of previous feedback should be re- introduced above can all effectively detect bad recommendations in duced.To achieve this,we introduce a time decay function whose value such a case.Then,the trustor can filter out these outliers based on the will decrease constantly over time,and adopt a sliding window which detection results.However,when the proportion of malicious recom- only stores and updates the feedback from recent interactions.The menders increases,the proportion of bad recommendations will also sliding window has m time slots in order from its left side to the right increase.Not all of these outlier detection methods are effective in this side.Each time slot stores the amount of positive and negative feedback situation.The average value of all recommendations is no longer close during an interaction and the corresponding time when this interaction to the average value of good recommendations,but a value between happened.The rightmost time slot stores the latest feedback that has good recommendations and bad recommendations.The z scores of the most important influence to the direct trust evaluation.Eq.(2) all recommendations will be less than the fixed threshold and thus shows the calculation of positive feedback and negative feedback. grubbs'test cannot detect bad recommendations as outliers.Similarly, the first quartile will fall among bad recommendations instead of good 9-∑e*+pj recommendations,resulting in all recommendations being within the (2) specified range of the box plot.Therefore,box plot cannot detect =∑e-+n时 bad recommendations either.Both isolation forest and LOF treat data instances in the sparse area as outliers.The difference is that isolationComputer Networks 190 (2021) 107952 5 G. Chen et al. order to implement trust evaluation. Fig. 2 illustrates the process of trust evaluation and the detailed description is as follows: (1) Each node periodically sends feedback about the services it has received from service providers to its closest TTP via its feedback sender. (2) Each feedback receiver of the TTP receives feedback from nodes and uploads the feedback to its feedback repository. (3) A trustor will use request sender to a send trust evaluation request to its closest TTP when it wants to obtain the trust value of the target trustee. (4) When a TTP receives a trust evaluation request from the trustor, it first searches whether there is feedback about the target trustee in its feedback repository. If not, it will request feedback about that trustee from other TTPs. The TTP which stores the required feedback will send them back. (5) The TTP utilizes the feedback and its trust evaluation module to evaluate the direct trust, recommendation trust and synthesis trust of the target trustee. (6) After the work of the trust evaluation module, the TTP sends the target trustee’s trust value to the trustor through the trust value sender. (7) Finally, the trustor receives the trust value of the trustee and then decides whether to receive services provided by the trustee. 5. The proposed trust model In this section, we propose the concrete methods used in the trust model that can evaluate the trust value accurately and steadily in the dynamically hostile environment. 5.1. Direct trust We adopt a Bayesian inference model [28] based on beta probability density function to evaluate the direct trust of the trustee. Eq. (1) shows the direct trust of trustor 𝑖 about trustee 𝑗. 𝐷𝑇 (𝑡) 𝑖𝑗 = 𝛼 (𝑡) 𝑖𝑗 + 1 𝛼 (𝑡) 𝑖𝑗 + 𝛽 (𝑡) 𝑖𝑗 + 2 (1) In Eq. (1), 𝐷𝑇 (𝑡) 𝑖𝑗 represents the direct trust of trustor 𝑖 about trustee 𝑗 at time 𝑡. It is a real number in the range of [0, 1] where 1 indicates complete trust, 0.5 indicates uncertainty and 0 indicates complete distrust. 𝛼 (𝑡) 𝑖𝑗 denotes the total number of positive feedback given by trustor 𝑖 about trustee 𝑗 from the beginning of trust evaluation to current time 𝑡. Similarly, 𝛽 (𝑡) 𝑖𝑗 is the total number of negative feedback. If the services provided by the trustee can meet the requirements, the trustor will give positive feedback to the trustee. On the contrary, the trustor will give negative feedback. We consider the influence of feedback is blunted over time because feedback from past interactions cannot accurately reflect the current status of the trustee. So the weight of previous feedback should be reduced. To achieve this, we introduce a time decay function whose value will decrease constantly over time, and adopt a sliding window which only stores and updates the feedback from recent interactions. The sliding window has 𝑚 time slots in order from its left side to the right side. Each time slot stores the amount of positive and negative feedback during an interaction and the corresponding time when this interaction happened. The rightmost time slot stores the latest feedback that has the most important influence to the direct trust evaluation. Eq. (2) shows the calculation of positive feedback and negative feedback. 𝛼 (𝑡) 𝑖𝑗 = ∑𝑚 𝑖=1 𝑒 −𝜆(𝑡−𝑡 𝑖 ) ∗ 𝛼 (𝑡 𝑖 ) 𝑖𝑗 + 𝑝𝑓 𝛽 (𝑡) 𝑖𝑗 = ∑𝑚 𝑖=1 𝑒 −𝜆(𝑡−𝑡 𝑖 ) ∗ 𝛽 (𝑡 𝑖 ) 𝑖𝑗 + 𝑛𝑓 (2) In Eq. (2), 𝛼 (𝑡 𝑖 ) 𝑖𝑗 denotes the amount of positive feedback provided by trustor 𝑖 about trustee 𝑗 at time 𝑡 𝑖 and 𝛽 (𝑡 𝑖 ) 𝑖𝑗 denotes the amount of negative feedback. 𝑒 −𝜆(𝑡−𝑡 𝑖 ) is a time decay function and 𝜆 is a decay factor that affects the decay rate of the time decay function. 𝑚 is the size of the sliding window. 𝑝𝑓 and 𝑛𝑓 are the amount of positive and negative feedback at time 𝑡, respectively. Another problem we need to solve in the direct trust evaluation is to migrate the risk of on–off attacks. We use a penalty factor to amplify the influence of negative feedback and the trust value of the trustee will decrease faster if it provides the trustor with bad service. Trustor will give negative feedback about the trustee and the weight of negative feedback will be greater with the influence of the penalty factor. Eq. (3) is the final formula to evaluate the direct trust. 𝐷𝑇 (𝑡) 𝑖𝑗 = 𝛼 (𝑡) 𝑖𝑗 + 1 𝛼 (𝑡) 𝑖𝑗 + 𝛽 (𝑡) 𝑖𝑗 ∗ 𝑃 𝐹 + 2 (3) In Eq. (3), 𝑃 𝐹 is the penalty factor. The calculation of 𝛼 (𝑡) 𝑖𝑗 and 𝛽 (𝑡) 𝑖𝑗 can be found in Eq. (2). 5.2. Recommendation trust When the trustor does not interact with the trustee directly, it lacks essential information to evaluate the trustee’s direct trust. At this time, the trustor needs to request recommendations from recommenders who have interacted with the trustee before and then uses these recommendations to calculate the recommendation trust of the trustee. Under the trust related attacks, the trustor may receive some bad recommendations. To avoid the influence of these attacks, we propose a recommendation filtering algorithm based on 𝑘-means to filter out malicious recommenders. For the recommendations provided by remaining recommenders after filtering, some important factors are applied to ensure the accuracy of the recommendation trust. 5.2.1. The choice of 𝑘-means We have already discussed why we need a recommendation filtering algorithm based on outlier detection methods in Section 2.3. Now we analyze the applicability of these outlier detection methods according to the characteristics of bad recommendations and explain why we finally propose a recommendation filtering algorithm based on 𝑘-means instead of other outlier detection methods. The bad recommendations about the trustee provided by malicious recommenders are often opposite to the ground truth of the trustee. For example, if the ground truth of a well-behaved trustee is 1, malicious recommenders are likely to give recommendations less than 0.5 to reduce the recommendation trust of the trustee. These behaviors performed by malicious recommenders are called bad mouthing attacks. Ballot stuffing attacks are just the opposite of these behaviors. When the proportion of malicious recommenders is relatively small, most of the recommendations received by the trustor are close to the ground truth of the trustee. The six outlier detection methods introduced above can all effectively detect bad recommendations in such a case. Then, the trustor can filter out these outliers based on the detection results. However, when the proportion of malicious recommenders increases, the proportion of bad recommendations will also increase. Not all of these outlier detection methods are effective in this situation. The average value of all recommendations is no longer close to the average value of good recommendations, but a value between good recommendations and bad recommendations. The 𝑧 scores of all recommendations will be less than the fixed threshold and thus grubbs’ test cannot detect bad recommendations as outliers. Similarly, the first quartile will fall among bad recommendations instead of good recommendations, resulting in all recommendations being within the specified range of the box plot. Therefore, box plot cannot detect bad recommendations either. Both isolation forest and LOF treat data instances in the sparse area as outliers. The difference is that isolation