### Trust acquisition

The AVTE method can not only identify malicious nodes, but also accurately obtain the node trust degree. In the active trust scheme, the node that does not attack the detection route is evaluated as a good node, and the trust state of the node is qualitatively obtained. However, the AVTE method gives the trust degree of the node quantitatively, which provides a more accurate standard for selecting the next hop.

According to the criterion of high trust given by trusted nodes and low trust given by untrusted nodes, the average trust degree of trusted nodes is used to evaluate the ability of AVTE scheme to identify trusted nodes. The trust degree of these trusted nodes is generally high, so the average trust degree is also high. Based on the calculation of the trust degree in Section 4.5, we consider that there are *n*_{1}, *n*_{2}, …, *n*_{m} nodes in total, among which *h* nodes of *n*_{2}, *n*_{5}, …, *n*_{d}, *n*_{q} are not malicious nodes. The given trust degrees are *T*_{2}, *T*_{5}, …, *T*_{d}, *T*_{q}, then the average trust degree is:

$$ \xi =\frac{\left({T}_2+{T}_5+\dots +{T}_d+{T}_q\right)}{h} $$

(13)

If the average trust level is below 0.5, it means that the AVTE strategy has an error in identifying the trusted node. The higher the average trust degree, the higher the security of trusted nodes, and the stronger the ability of AVTE to identify the credibility of nodes.

With the number of detections increases, the trust value of good nodes will continue to increase, the average trust value will also increase, and the trust value of bad nodes will decline. Figure 10 shows that after 11 data verifications, the average trust degree of trusted nodes is continuously rising and higher than 0.5, indicating that the trust value obtained by the AVTE method is effective.

### Data collection rate

There are detection routes, data routes, and feedback routes in the edge network at the same time. The detection routes are responsible for identifying malicious IoT devices, the data routes are responsible for sending data to the sink, and the feedback routes are responsible for returning data routing information to the source node. When the data route transfers the data of node *n*_{i} to node *n*_{j}, the detection route detects two nodes are not black nodes. The trust of node *n*_{i} to node *n*_{j} is called direction trust. Direction trust refers to the trust relationship established by two nodes directly transmitting data. At the same time, there is also indirect communication between nodes in the network. Data is transmitted to another node through an intermediate node. The trust relationship established at this time is called indirect trust. In the edge network, nodes mostly establish direct trust through direct interaction, and the direct trust obtained is more accurate and reliable. Therefore, the network relationship is simplified in our manuscript, and Fig. 3 only shows the relationship between nodes directly transmitting data to nodes. Therefore, Theorem 5 and Theorem 6 in our manuscript only consider direction trust, which has no effect on the result of data collection rate.

After receiving the data, the node will choose the neighbor node closer to the sink as the next-hop node. Therefore, detection routes need to detect whether the neighbor node is a black node. When all its neighbor nodes are black nodes, it means that the transmission fails.

**Theorem 5:** Considering the number of hops from the source node *n*_{i} to sink is *ω*, the number of nodes is *α*, and the ratio of malicious nodes is *λ*. If only direction trust is considered, the number of nodes with direction trust is *β*, then the data collection rate of the sink is

$$ \left\{\begin{array}{c}{\varPsi}_i={\left(1-{\lambda}^{\alpha /3}\right)}^{\omega -1}\ \beta \ge \alpha \\ {}{\varPsi}_i={\left(1-{\lambda}^{\beta /3+1}\right)}^{\omega -1}\ \beta <\alpha \end{array}\right. $$

(14)

**Proof:** First, calculate the success rate of single hop transmission of any node A. The failed transmission means that node A finds that all of the detected nodes whose hop number smaller than its own are black holes. The detected nodes cannot be selected, and A must select from the undetected nodes. If the selected undetected node is a black hole, the transmission fails.

Therefore, the failure probability is as follows. There are three states for node A, that is, more than, less than, and equal to the hop count of node A. For the number of nodes *α*, the number of nodes whose hops are smaller than A’s is *α*/3. If the number of nodes with direction trust is *β*, there are *β* detections in total. For nodes with hop count less than node A, the total detections is *β*/3.

If *β ≥ α*, all neighbors of node A can be detected. The proportion of malicious nodes is *λ*, and the probability that all detected nodes are malicious nodes is *λ*^{α/3}, so the probability of transmission failure is *λ*^{α/3}.

If *β<α*, all neighbor nodes cannot be detected. The probability that the detected nodes are malicious nodes is *λ*^{β/3}. The probability of being a malicious node at the next hop node is *λ*, so the failure probability is *λλ*^{β/3} = *λ*^{β/3 + 1}.

The source node *n*_{i} has *ω* hops to sink. Considering that the last hop is not a malicious node, the probability that the sink successfully collects data is

$$ \left\{\begin{array}{c}{\varPsi}_i={\left(1-{\lambda}^{\alpha /3}\right)}^{\omega -1}\ \beta \ge \alpha \\ {}{\varPsi}_i={\left(1-{\lambda}^{\beta /3+1}\right)}^{\omega -1}\ \beta <\alpha \end{array}\right. $$

**Theorem 6:** The number of hops from source node *n*_{i} to sink is *ω*, the number of nodes is *α*, and the ratio of malicious nodes is *λ*. Only the direction trust is considered, the number of nodes with direction trust is *β*, and the ratio of malicious nodes changes to *γ*, then the probability that the sink successfully collects the data packet is

$$ \left\{\begin{array}{c}{P}_i={\left(1-\lambda {\left(1-\gamma \right)}^{\alpha /3}\right)}^{\omega -1}\ \beta \ge \alpha \\ {}{P}_i={\left(1-\lambda {\left(1-\gamma \right)}^{\beta /3+1}\right)}^{\omega -1}\ \beta <\alpha \end{array}\right. $$

(15)

**Proof:** The feedback mechanism verifies the data received and the data sent. If the packets are inconsistent, the trust value is reduced. If the trust value drops below the threshold, the node is a malicious node. The active trust scheme can detect whether neighbor node is a malicious node, our scheme can further detect malicious nodes on the data route, so our scheme makes the ratio of malicious nodes change from the previous *λ* to *λ* (1- *γ*). The rest of the proofs are as in Theorem 5.

**Theorem 7:** The source node sends the data to the sink through *ω* hops. When using the shortest path protocol, the data collection rate is

$$ \eta ={\left(1-\lambda \right)}^{\omega -1} $$

(16)

**Proof:** When using the shortest path protocol, the nodes are randomly selected, and the probability that these selected nodes are black nodes is *λ*. The last hop is not a black node, so the probability of choosing a non-black node after *ω* hop *η* = (1 − *λ*)^{ω − 1}.

Figure 11 shows the data collection rate when the ratio of malicious nodes is different in the AVTE scheme and the ActiveTrust scheme, where *α* =6, *β* =8, *ω* =15. Figure 12 is the data collection rate comparison of the AVTE scheme and the ActiveTrust scheme under different hop counts, where *γ* = 0.2, *α* =6, *β* =8, *λ* =0.2. Figure 13 presents the data collection rate of the two schemes when the number of nodes with direction trust is less than the number of nodes, where *γ* = 0.2, *α* =9, *β* =6, *ω* =10. From the above three figures, we can see that the data collection rate of the AVTE scheme is higher than that of the ActiveTrust scheme. The performance of the AVTE scheme is improved comparing with the active trust scheme.

Figure 14 shows the probability of successful data collection of ActiveTrust scheme, AVTE scheme and the shortest path. The shortest path has the lowest data collection rate. When *ω* =15, *λ* =0.2, the total data collection rate drops below 0.1. The ActiveTrust scheme and the AVTE scheme have maintained a high success rate (> 60%). And the AVTE scheme is superior to the ActiveTrust scheme, because the active trust can identify all black nodes. The next hop only needs to select a good non-black node for routing, but the reliability of all non-black nodes is different. Adding a feedback mechanism can compare the reliability of neighbor nodes that are not black nodes, so as to provide non-black next-hop routing nodes with higher trust for data routing. Therefore, the AVTE scheme has higher data collection rate than the ActiveTrust scheme.

Figure 15 shows the ratio of the data collection rate of AVTE, the ActiveTrust scheme and the shortest route scheme when the number of malicious nodes is different. It can be seen that the AVTE scheme and the ActiveTrust scheme have a significant improvement over the shortest route. With the increase of malicious nodes, the AVTE scheme has improved the performance by more than 8 times and the ActiveTrust scheme has improved by more than 6 times.

Compared with the ActiveTrust scheme, the ratio of data collection rate of AVTE scheme remains above 1 and increases slightly. This is because the greater the ratio of malicious nodes, the ActiveTrust scheme can effectively detect the location of malicious nodes and avoid their application in data routing, so that the success rate of data packets to sink is greatly increased. On the basis of ActiveTrust scheme, the AVTE scheme detects black nodes that have been used as routing nodes in data routing and selects nodes with higher trust as next hop routing nodes, once again increasing the data collection rate.

### Energy consumption and network lifetime

The energy of nodes is mainly consumed in sending and receiving, detecting and confirming packets. The network lifetime is defined as the death time of the first node. When each node needs to send confirmation packet to the source node in the presence of data routing and detection routing, it will consume part of the energy. We need to calculate the energy consumption in the network and analyze the impact of the feedback mechanism on the network lifetime. The composition of the confirmation packet is the same as the data packet, so the energy consumed is equivalent to the energy consumption of the unit data packet.

The data packet contains the *m*-bit binary code of *k* data. The feedback data packet is a binary code after *k* data XOR. Because the amount of data has fewer coded bits, and the energy consumption of the encoded feedback signal itself is low, the energy consumption of the coded bits of the number of received data can be ignored, which is equivalent to *m*-bit encoding. Therefore, the composition of the feedback data packet is the same as that of the data packet. The energy consumption per unit data packet is *e*_{p}. The feedback data packet contains one piece of data so the energy consumed by the feedback signal is also *e*_{p}.

We analyze whether the remaining energy in the network can establish detection routes after the data packets and confirmation packets consume some energy. The energy consumption is related to the number of packets carried by the node. Consider the network radius is *R*, the transmission radius of the node is *r*, the event occurrence rate is *υ*, and the distance from the node to the sink is *l* [36]. According to the Ref. [36], we can get the number of data packets loaded by the node is

$$ {d}_l=\left(\left(z+1\right)+\left(\frac{z\left(z+1\right)r}{2l}\right)\right)\upsilon $$

(17)

*z* is an integer and satisfies *l* + *zr* < *R*.

Eq. (17) shows that the energy consumption depends on the amount of data and the lifetime of the network depends on the node with the highest energy consumption. We consider that the maximum data load of the node is *d*_{max} and the energy consumption is *d*_{max}*e*_{u}. The node with the data loads less than *d*_{max} has residual energy. The remaining energy can be used to send feedback packets to the source node and construct detection routes. For a node with a distance *l* to the sink, the remaining energy is (*d*_{max} − *d*_{l})*e*_{u}. If the distance of the active probe route is measured by the hops and after sending a confirmation packet, the available hops of the active probe route are as follows.

**Theorem 8:** If the distance from the node to the sink is *l*, the maximum number of detection hops that the remaining energy can reach is

$$ \upchi =\frac{\left({d}_{max}-{d}_l-1\right)\left(1+{k}_2\right)}{1+{k}_2/{k}_1} $$

(18)

Where *k*_{1} is the ratio of the length of the data packet to the detection packet, and *k*_{2} is the ratio of the body length of the data packet to the packet header of the detection packet.

**Proof:** According to Eq. (17), for the node with distance *l* from the sink, the data load is *d*_{l} = ((*z* + 1) + (*z*(*z* + 1)*r*/2*l*))*υ*. Therefore, the node closest to the sink has the largest data load *d*_{max} = ((*z* + 1) + (*z*(*z* + 1)*r*/2*l*_{min}))*υ*. *e*_{p} represents the energy consumption for sending and receiving a unit data packet. Each node sends a confirmation packet to the source node, so the energy consumption of the node for the feedback signal is also *e*_{p}. The remaining energy of the node is (*d*_{max} − *d*_{l})*e*_{p} − *e*_{p} = (*d*_{max} − *d*_{l} − 1)*e*_{p}.

Considering that the energy consumed by sending and receiving one bit data is *e*_{u}, *e*_{p} = *xe*_{u} , *x* = *x*_{1} + *x*_{2}, where *x* is the unit packet length, *x*_{1} is the packet header length, and *x*_{2} is the packet body length. The available remaining energy is (*d*_{max} − *d*_{l} − 1)*xe*_{u} = (*d*_{max} − *d*_{l} − 1)*e*_{u}(*x*_{1} + *x*_{2}). The energy consumption of sending and receiving a detection packet is *e*_{q} = *ye*_{u} = *e*_{u}(*y*_{1} + *y*_{2}), where *y* is the packet length of the detection packet, *y*_{1} is the packet header length, and *y*_{2} is the packet body length. Considering *x*_{1} = *y*_{1}, *x*_{2} = *k*_{1}*y*_{2}, *x*_{2} = *k*_{2}*y*_{1}, the hop counts of the active detection routes that can be achieved by the remaining energy of the node are

$$ \upchi =\frac{\left({d}_{max}-{d}_l-1\right){e}_u\left({x}_1+{x}_2\right)}{e_u\left({y}_1+{y}_2\right)} $$

(19)

$$ \Rightarrow \upchi =\frac{\left({d}_{max}-{d}_l-1\right)\left(1+{k}_2\right)}{1+{k}_2/{k}_1}. $$

Assuming *R* = 500, *r* = 50, *υ* = 0.8, *l*_{min} = 10, Fig. 16 shows the maximum detection hops that can be provided by the remaining energy of nodes at different distances to the sink. When *k*_{1} and *k*_{2} are different, the number of detection hops can reach hundreds. The closer the node is to sink, the greater the data load of the node, the less energy left, and the fewer hops available for detecting the path. The amount of data of nodes far away from the sink is small. Thus, there is more residual energy, and the number of hops available for the detection path is up to 500. In addition to the energy consumed by the node sending and receiving packets and confirming packets, the node has enough energy to build the detection route for monitoring. Figure 17 shows that the number of hops of the detection route decreases when the network radius and the transmission radius are increased, but it can still reach 200 hops.

Consider *R* = 500, *υ* = 0.8, *l*_{min} =50, *k*_{1} =5, *k*_{2} =5, Fig. 18 shows the number of hops of the detection path at different distances from sink under different transmission radius. It can be seen that the number of hops of the detection path gradually increases. The initial growth is relatively large and detection hops grow slowly near the sink. The maximum data load is smaller with the larger transmission radius. The detection hops afforded by remaining energy of nodes decreases, but the maximum hops remain above 200. The maximum detection hops can be up to 500, which shows that the remaining energy in the network is sufficient to support the establishment of the detection path. The ActiveTrust mechanism verifies that the lifetime of the network is the same as other solutions without any security strategy. Compared with the ActiveTrust scheme, our scheme can establish up to hundreds of hops for the active detection path. Therefore, we can conclude that the network lifetime of our scheme is the same as that of the ActiveTrust scheme and the scheme without any security strategy.