Event-Centric Situation Trust Data Aggregation Mechanism in Distributed Wireless Network

In wireless sensor networks, the characteristics of the openness and vulnerability can lead to communication failure and node capture more easily. To cope with the deviation problem caused by the compromised nodes, this paper proposes a situation data fusion mechanism which can enhance reliability and integrality. It makes a reliability assurance scheme, which not only establishes a project distinguishing purposive and purposeless acts, but also builds a trust awareness rule based on historical trust and the correlations among current nodes. Furthermore, the data integrality is ensured in three stages, respectively. Firstly, in event detection stage, the proposed mechanism detects events and pretreats data to improve accuracy through most trust majority rule after collecting data. Moreover, during data fusion stage, data filtration is adopted to extract credible data. Additionally, the fusion weights of transactions depend on trust, so that they will change with the passage of time. As a result, the final fusion data will be closer to real value. Finally, in consistency detection stage, the detection rule with lower communication traffic is utilized to judge whether the centers are credible. Theory analyses and simulation results verify that the new mechanism can reduce the deviation. Meanwhile, reliability and stability have been validly enhanced.


Introduction
Owing to the wide coverage, the sharp increase of network flow, the huge amounts of data [1], and the frequent interactions and communications among network resources, future wireless sensor networks need situation data fusion mechanism to manage.Situation awareness [2,3], such as security and survival situation awareness, regards data fusion as center, so that its model depends on fusion model [4,5].Its system structure can be classified into 5 sections: detection, perception, prediction, evaluation, and decision.Those networks with limited sources and store capacities, such as P2P, MANETs, and ad hoc, joining data fusion, can lead to the characteristics of openness, dynamics, and vulnerability, which can easily cause communication failure and node capture.The captured issues affecting the output of aggregators can be classified into two categories: (1) information is falsified in the process of transmission and (2) after information arrives at node, data is falsified by node.Encryption and authentication techniques can deal with the problem in transit, while this paper mainly considers how to fuse the situation data after nodes are compromised.The adversaries want to cause the deviation between fusion value and real value by 3 ways in [6]: (1) fabricating terminal data to misadvise higher center, (2) falsifying or tampering fusion data of center, and (3) hiding information and not telling other nodes related information.
It is an effective measurement building trust model to reduce the influence caused by capture attacks.As a result, many methods based on trust come into being, whereas there is a focus on finding a secure and credible aggregation model.At present, many data fusion researches based on trust [7,8] hardly consider historical and time correlation.They fuse data with the same transaction weight or with fixed weight.
The aggregation method proposed in [9] regards MEDIAN function as reference to fuse data, which is more reliable than MAX, MIN, AVG [10], and SUM fusion function, because adversary can easily affect the SUM, MAX, and MIN value by changing some data reports.The network aggregation scheme in [11,12] ensures data integrity and 2 International Journal of Distributed Sensor Networks reliability, but it depends on SUM, MAX, or MIN and fusion weights are fixed.It cannot cope with sortie attacks and needs to tackle the detectable evil nodes.The aggregation method based on reputation in [13] supposes true and false data number yield to beta distribution, assuming that only terminals can be captured, which is unpractical, because center also can be captured.The average fusion method (AFR) proposed in [10] refers to AVG as benchmark.After handling data, it uses AVG to fuse data.Heterogeneous neuron fusion (BPR) in [14] regards terminals as neurons and considers fusion as the processing of handling neuron data by primary function.But after fusion, the deviation is big.Above methods can respond known attack and hardly consider time and historical correlation, which also lack consistency rule to detect reliability of node.
This paper proposes a fusion mechanism MCMR based on trust, not only supposing that terminals can be captured, but also considering that centers can be compromised.It considers historical and time correlation and draws up situation trust awareness rule on historical trust and current data correlation.The mechanism contains 3 periods: when detecting events, relative nodes upload data reports to centers, and then, centers judge whether events have happened by most trust majority rule MMR.If they ensure that given events have happened, they will pretreat data before fusing data.Next, they fuse data with the transaction fusion weights related to trusts.Finally, during consistency detection, it utilizes consistence detection rule RSR to verify reliability of centers and issues the final value.
This paper is organized as follows.Section 2 introduces the system model.Then, Section 3 introduces situation data fusion mechanism MCMR.In Section 4, we introduce the reliability assurance scheme of mechanism.Section 5 analyzes simulation and evaluates performance.At last, we summarize the paper and point out future directions.

System Model
This situation fusion mechanism has 3 steps: event detection, situation data fusion, and consistency detection.At first, the mechanism picks up the relative terminal sensor nodes and central nodes of event.Then, after all relative sensor nodes collect data, they will send data to their upper centers.Next, after centers have fused and tackled data, they will send data to base station.Finally, base station detects consistency of centers and issues the fusion value.The mechanism network model is presented in Figure 1.There are only 3 kinds of nodes in the network: terminal node, center, and base station.The detection coverage of terminal node   ,  = 1, . . ., 12 is a circle with radius  1 .The detection coverage of center   ,  = 1, .As is shown in Figure 1, events  and  occurred simultaneously.The relative sensor nodes of event  are  6 ,  8 ,  2 , and  4 .The relative sensor nodes of event  are  10 ,  11 , and  4 .Hence, node  8 detects the events  and  simultaneously. 7 and  11 are the abnormal nodes.If an event has happened in the coverage of a node, we define the node as relative node to this event.If there are centers among relative sensor nodes, the centers become relative centers, directly, for example,  2 ,  4 to event .If there are no centers among relative sensor nodes, the centers having the relative terminal nodes will become relative centers, for example,  3 to event .The total collection of all nodes is NN  , which contains all nodes in the network.

Situation Trust Data Aggregation Mechanism
3.1.Event Detection.Event detection mainly decides whether the contingent event uploaded by sensors has happened or not.Generally, if an event has happened, we can consider its state as 1, or we will consider its state 0. There are several methods to decide the state of event, such as "AND" rule, "OR" rule, "majority" rule.To "AND" rule, only if a sensor says the state is 1, it judges state as 1.To "OR" rule, only if a sensor says the state is 0, it judges state as 0. To common majority rule (CMR), if more than half of sensors say the state is 1, it judges state as 1.In persistent period , the arrival number of events yields to the random Poisson distribution, so that several events that occur at the same time can be considered as events occurring in slot time Δ → 0.
The collection of contingent concurrence events is In this part, this mechanism judges the state of event by MMR, which is an improved rule of "majority" rule as follows.
Second, individual detection: the individual detection function is  : Finally, base station decision: decision function is : where In event detection, because of the application of MMR, the probability of misrepresentation attack success reduces.

Proposition 1. If the probability of evil nodes eliminated by MMR is 𝑙 > 0, the average probability of attack success of MMR, 𝑃 FM , is smaller than that of common majority rule (CMR), 𝑃
Proof.To  concurrence events, the false detection probability [15] can be expressed as where  2  is the noise variance,  is the threshold, and ∑  =1  2  obeys the Chi-square distribution with degree of freedom .The cumulative distribution function is  2  (⋅), and, therefore, we know the true detection probability is 1 −   > 0.5,   = 1− 2  ().If  is the number of nodes joining CMR and the number of malicious nodes is  ≤ , we can know the number of nodes joining MMR is  =  −  ⋅ , 0 <  < .To MMR, we get the average probability of attack success: To CMR, we can also obtain the average probability of attack success: When  < /2,  FM =  FG = 0.
is a diminishing function and the bigger  is, the smaller () is, so we know Therefore,  FM ≤  FG .

Data Resilient Aggregation.
Data fusion is intended to know the concrete data of event.If the event is fire emergency, the data may be the temperature and smoke scope.Fusion methods in [9,10,13,14,16] presented how to fuse data but did not pretreat data before data fusion.Situation data fusion proposed in this paper considers how to pretreat data, which contains 3 stages: prior judgment, data filtration, and data fusion.
The first stage is prior judgment: when there are several events that happened simultaneously.It processes event data in chronological order.If several events have occurred, the base station will preferentially tackle event with biggest prior.Other events with lower prior will wait until that has been finished.If only one event has happened, it can enter data filtration directly.
In system model, to events  and , if   <   , the mechanism will handle event , preferentially.
The second stage is data filtration: pretreatment of event data.
Definition 3 (data filtration rule).To current event , if all relative nodes in n   ×1 belong to  relative centers,  centers will constitute collection , it can enter next stage, data fusion, where data  is the detection data of node , and Δ is the correlation threshold, and data O V, med is the median data of data  ,  ∈ O V, .Meanwhile, the center  V ∈ C  rejects these nodes not meeting "condition 1, " with the probability 1 − .In other words, these nodes not meeting "condition 1" can enter data fusion, with the probability .
To the center  V ∈ C  , after data filtration, the nodes in O V, meeting "condition 1" constitute node collection F V, , and those nodes in O V, which can enter data fusion will constitute node collection H V, .We record the size of O V, as  V, .To the relative center  V ∈ C  , if there are  V, nodes meeting "condition 1, " F V, will have  V, elements.We round  V, + ( V, −  V, ) to the nearest integer, and H V, will have round ( V, +( V, − V, )) elements.The error frequency of node  in collection O V, is num  ,  ∈ O V, .To event , the data filtration procedure of center  V ∈ C  is given in Procedure 2.
In system model, to event , we can get , there is no abnormal node, and we suppose The third stage is data fusion: the data fusion rule is as follows.
Definition 4 (data fusion rule).The data yields to uniform distribution, according to equilibrium theory, multiplying data inverse function,   : (data  ) = √ 2 exp{(data  − ) 2 /2 2 }, where the real value is .This can get the data in unified form.To current event , according to the data  and the trust  , of node  ∈ H V, , relative center  V ∈ C  can get fusion value: Generally, based on the trusts   V , ,  V ∈ C  , the mechanism can compute the center fusion value: In system model, to event , we can get base station considers all centers in C  are reliable and regards BAd  as final fusion value (7) end if (8) if  = =  (9) station regards BSd  as final fusion value (10) for  = 1, . . ., size(C  ) do (11) if station reduces the trust of center  V ∈ C  (13) end if (14) end for (15) end if (16) end for Procedure 3: Consistency detection Δdata, , , med[  V , ], BAd  , C  .data, randomly. nodes compose collection S  .They shape the fusion data   = med[data  ],  ∈ S  .If |  −   | < Δdata, the station will think that all centers in C  are reliable, where Δdata is the correlation threshold.And then, it regards   as final fusion value.Otherwise, the consistency detection is failed, and the base station will repeat the operation to detect consistency.In excess of the maximum number  of replication, it will cut down trusts of centers not meeting condition 2: and regards   as final fusion value, where   V  is the data of   V  ,  V ∈ O V, , and med[  V  ] is the median of all   V  ,  V ∈ C  .The error frequency of each center  V is num  V  , respectively.To event , the consistency detection procedure is as Procedure 3.
In system model, to event , at the consistency detection stage, the base station will select  terminal nodes from the lower level nodes  3 ,  4 ,  6 ,  8 ,  11 , and  12 to detect the consistency of  2 ,  4 .
Presently, most researches hardly have considered consistency detection.This mechanism has used consistency detection RSR to detect the consistency of center.Compared with general overall search detection (GAS), RSR has lower complexity and workload.If the number of nodes joining data fusion is  and the sampling number of nodes in consistency detection is , we can see the complexity of GAS is O( 2 +/2) and that of RSR is O( + /2).The ratio of the former to the latter is /.We know the reliability of GAS is close and lesser than 1 and that of RSR is 1−(   )⋅( − − ) / (   ).The mechanism flow chat is like Figure 2.

Reliability Assurance Scheme of Mechanism
In order to ensure its reliability, this mechanism especially builds reliability assurance scheme from two aspects as follows: (i) establishing trust awareness rule on historical value and current data correlation; International Journal of Distributed Sensor Networks (ii) building project distinguishing purposive acts and nonpurposive acts.

Trust Awareness Rule of Mechanism.
According to historical trust and current data correlation, the mechanism adjusts trust.If several events occur at the same time, the trust renewal will refer to prior judgment.If there is a new event, it will wait until current event has finished.Owing to evil acts of terminal node, the trust will be reduced by 0.1, but for that of center the trust will be decreased by 0.2.The initial trust of terminal sensor node is 0.8, but that of central node is 1.If the current event is not in the coverage of nodes, the mechanism will retain their trusts.All trusts return initial states, every executing fusion 20 times.In several stages, trust updating is as follows.
(i) To event , owing to the existence of concealed attack, in event detection, to all relative nodes, only relative nodes in N having the same event detection result as their center will retain their trusts; however, others will reduce by Δ.The other irrelative nodes will retain their intrinsic states.
(ii) To event , owing to the existence of concealed attack, in event detection, only relative nodes in N having the same event detection result as their center will retain their trusts; however, others will reduce by Δ.The other irrelative nodes retain their intrinsic states.To event , according to the error frequencies, the mechanism will reduce trusts of relative nodes not meeting "condition 1" in data fusion.
(iv) After the mechanism has released the final fusion value, it begins to adjust trust.To all nodes having joined the fusion of current event , the association degree of arbitrary two nodes between ,  ∈ H V, and or   = 0. To arbitrary node ,  ∈ H V, , its historical trust is θ .Time decay factor is .The trust of node  will be updated as

Distinguishing the Purposive Acts and Nonpurposive Acts.
We call the accidental false actions nonpurposive act, while The sensing radius of terminal 1 m R 2 The sensing radius of center 2 √ 2 m ma per The percentage of time when a malicious node starts the attack 100% The number of concurrence events 0 (−, ) The error range of each node (−0.05, 0.05) The percentage of compromised reports to total reports 0% θ The lowest trust of system 0.3  Time decay factor 1 Δ Data filtration threshold 5 Δdata Correlation threshold in consistency detection 5 The maximum number of replication in consistency detection 10 The percentage of attacks to total nodes 20% the false reports based on the equipment failure and compromising nodes we call them purposive act.The probability of normal node appearing  consecutive errors is (1 − )  , but that of malicious node is   , because of the manipulated data.Hence, the ratio of the former to the latter is about (/1 − )  .The probability of malicious node far outweighed that of normal node.Therefore, it can distinguish the two kinds of acts based on the consecutive error number.Generally, it defines  consecutive errors as the purposive act. can be adjusted.

Performance Evaluation and Simulation Analysis
In order to evaluate the mechanism performance and prove the applicability and reliability, we simulate the situation data fusion mechanism relying on the above theoretical frame.We consider shadow fading and free path loss when communicating in wireless environment.The hardware experiment environment is Intel Core (TM) Duo 2.66 GHz CPU, 2 GB Memory, Windows XP operating system, MATLAB 7.0 simulation platform.Nodes distribute in 110 m * 110 m area symmetrically, with cluster-class method in [18].Nodes distribution is approximate to uniform distribution.The parameter setting is as in Table 1.
We analyze overall and local performance.Overall performance: damage degree, stability, and trust situation.Local performance: probability of attack success of MMR in event detection, complexity, and reliability of RSR in consistency detection.

Overall Performance Evaluation of Mechanism.
We chose algorithms which are as follows: average function fusion rule (AFR) [10] and heterogeneous situation neuron fusion rule (BPR) [14].Comparing MCMR with above two rules, we describe deviation degree and stability in Figures 3 and 4, respectively.Moreover, we operate them to compute data with recommended parameters and primary function.

Average Function Fusion Rule (AFR)
. AFR [10] considers average as primary value when fusing data.After that, it computes fusion value by AVG function.AFR may eliminate some malicious nodes but fail to detect adversaries with abnormal data, which can cause reference average increasing, finally provoking sharp deviation.Meanwhile, the fluctuation of error happens.MCMR can reject abnormal data to improve stability.

Heterogeneous Situation Neuron Fusion Rule (BPR).
BPR [14] regards lower nodes as neurons, defining fusion computing as a process from input to output.The input is processed by primary function, geometric mean function.The weights of neurons adjustment and thresholds adjustment based on last value and error both continuously change.Moreover, there is no strategy to cope with sudden data change due to the lack of data filtration and preprocessing.The deviation also uncontrollably fluctuates.

Damage Degree Evaluation.
Owing to many uncertain factors, the mechanism may have damage error inevitably.We define damage degree as the deviation between fusion value and real data.The bigger the damage degree is, the bigger the deviation is.The measure norm is mean absolute degree of damage percentage (MADDP).Consider where fusion  is th fusion value, real is real value, and  is fusion frequency.The simulation result is like Figure 3, after simulating MCMR, MFR [9], AFR [10], and BPR [14] for 25 times under attack and no attack environment, respectively.From Figure 3(a), we know when there is no attack, MADDP of MFR will be lowest, being close to 0. There are heaves at 13th and 19th events, because terminals without communication have been selected in consistence detection, thus causing damage degree increasing.From Figure 3(b), we can see when there are attacks, MADDP of MCMR will be lowest.AFR is from 0.2 to 0.5.MFR is from 0 to 0.5, but BPR is from 0.6 to 0.95.Because attacks lie in 3rd, 8th, 13th, 15th, and 18th events, MADDP of these four methods increases.Therefore, when there are attacks, MADDP of MCMR is the lowest.When there is no attack, MADDP of MFR is the lowest.

Stability Evaluation.
The mechanism regards the minimum mean square error (MMSE) [19,20] Owing to the fluctuation and uncertainty of BPR, the experiment compares MMSE of AFR and MCMR on the condition of  = 50,  = 0.2, and  = 50,  = 0.9, respectively.Then, we gain the average performance after operating it 25 times as in Figure 4.As is shown in Figure 4, MMSE of MCMR is relative concentration, and it is from 0.5 to 1.2.We can know it rises with the increasing of compromised ratio.However, MMSE of AFR is at the range of 3 ∼ 4.6.

Trust Situation of Mechanism.
The mechanism depends on trust to assign weight during data fusion, and it evaluates trust by historical trust and data correlation.It separates trusts into ABCD levels like Table 3.
The simulation visualizes the misrepresentation and data outlier as in Figure 5.  in the upper left are the learning process.Figure 5(b) is trust situation after simulating 25 events with misrepresentations by MCMR.There are always misrepresentations in 14th and 21st nodes, so their trusts reduce from 0.8 to 0.3, gradually.And finally, after their trusts are lower than θ, they will be out.Figure 5(c) displays data outlier distribution situation of 25 events, orderly.The gray areas represent attacks that are not serious in these areas, but the black areas represent attacks that are serious.Figure 5(d) is trust situation after simulating 25 events with outlier distribution in Figure 5(c) by MCMR.Because there are several consecutive errors in the 7th and 10th nodes and sporadic errors in others, such as 23rd, 30th, 31st, and 32nd nodes, trusts of the former nodes obviously reduce to 0.3, so they will be removed.Whereas trusts of the latter nodes decrease, they are preserved.Hence, trust situation of the mechanism is the representation of node action.It may skip over some outliers but can visualize trusts of nodes with misrepresentations and data outliers, accurately.The intendant can handle the evil actions and encourage honest actions with the trust situation.

Probability of Attack Success of MMR in Event Detection
Stage.If parameters are  = 30,   = 0.05, and  = 10, we can get Figure 6.Because of the influence of majority rule, we suppose the percentage of compromised reports to total reports is , and after  is more than 50%, the attack success probability will obviously increase.From Figure 6, we can see the error probability of attack success of  = 0.5 is bigger than that of  = 0.75.Therefore, the probability of attack success increases with the increasing of .The bigger the ratio  is, the smaller the probability of attack success is.During event detection, because of the application of MMR, the probability of misrepresentation attack success reduces.

Complexity and Reliability Evaluation of RSR in Consistency Detection.
If the maximum number of nodes joining data fusion is  = 100 and the sampling number of nodes in consistency detection  is from 0 to 100, we can get complexity as in Figure 7(a).Because partial nodes join in consistency detection, RSR has lower complexity.Figure 7(b) is the reliability with  = 20% and  the sampling number of nodes in consistency detection  = 20.Compared with GAS, RSR has lower reliability with no or few attacks, which is the cost of reducing complexity.However, when the sampling number of attacks  is bigger than 5 in consistency detection, the reliability of RSR is higher than that of GAS.Therefore, RSR is more appropriate to the condition with more attacks.

Conclusion
To cope with the deviation problem caused by compromised nodes in distributed network, this paper proposes situation data fusion mechanism based on trust, making trust awareness rule to improve reliability and processing data from 3 stages: event detection, data fusion, and consistency detection.The deviation between fusion value and real value can be reduced when there are attacks.Because of the application of MMR and the additional consideration about RSR, the reliability can be enhanced.In general, if combining with encryption techniques [6], it can improve performance,  especially in big data domain, such as environmental monitoring.How to take strategy to handle abnormal actions may be the research of future work.

Figure 5 :
Figure 5: Trust situation with attacks and no attack.

Figure 6 :
Figure 6: The probability of attack success comparison;  is the probability of rejecting abnormal nodes.

Figure 7 :
Figure 7: The relationship between complexity and reliability.
. ., 4 is a circle with radius  2 . 1 ,  2 , and  5 belong to  1 . 3 ,  4 , and  6 belong to  2 . 7 ,  9 , and  10 belong to  3 . 8 ,  11 , and  12 belong to  4 .All sensor nodes should cover the area across the board.Meanwhile, all centers should cover all terminal nodes.The base station can communicate with all nodes and tackle and store data.Centers can both gather and tackle data.Terminal nodes can just collect data.Sensor nodes can detect events in detection coverage.
as norm to evaluate stability.Adversaries want to capture nodes to cause MMSE increasing.MCMR can filter out abnormal ones to reduce MMSE of mechanism.According to MADDP of MCMR,

Table 2 .
According to the detection error of per node   ∼ (−, ), the mean  2 /3, the variance 4 2 /45, and the mean square error  2 = 1/∑  =1  2  , if the number of nodes joining fusion is  and the capture ratio is , we can know lim  → ∞   ( 2 ≤  2

Table 3 :
Trust level a .If the trust level of node is A, it will be eliminated.Only nodes trust level higher than B can access. a