#### 4.2. Security Services Assessment

Due to the randomness, as well as the openness, of the social environment and the virtualization of fog computing, the security assessment for the services is very complex in social advanced fog computing systems. At the same time, the security assessment scheme must satisfy the low-complexity requirements and deal with virtualization and dynamic environments. In this section, we propose a security service assessment scheme regarding the aforementioned factors.

Assume a service in the social networking advanced fog computing system is denoted as

fs. The service set is denoted as

FS, where

$fs\in FS$. To assess the security of a service in social networking advanced fog computing system, confidentiality, integrality, and availability (CIA) are used as the basic assessment dimensions. Moreover, to make the CIA assessment dimensions uniform, a vulnerability factor is introduced into the assessment model. Here

vul is used to denote service vulnerability and the set of vulnerability factors is denoted as

VUL. The vulnerability factor of fs is denoted as

VUL(

fs). The vulnerability assessment and quantization methodology proposed by our previous work in [

26] can be used to evaluate the vulnerabilities in dynamic and complex systems, and is based on an optimized attack graph and Analytic Hierarchy Process (AHP). Social fog computing is also a dynamic and complex computing and networking system, so the vulnerability assessment and quantization methodology in [

26] is introduced. Moreover, assume

EX(

vul),

CR(

vul), and

SE(

vul) denote exploitability, credibility, and severity of

vul, respectively. Then,

InSec(

vul) is used to denote the insecurity factor caused by

vul, which can be computed by:

which is under the constraint of the value range (0,1]. In the security services assessment, the weighted insecurity factor of service is used to perform the assessment. The value of this factor means the insecurity level of the service. In other words, services with high security levels have low values for the insecurity factor. Thus, the most secure services can be found based on this factor.

Assume that

IISec (

VUL, fs) is the immediate insecurity on

fs caused by

VUL(

fs), which can be calculated as:

which is also under the constraint of value range (0, 1].

Next, in the security service assessment phase, assume that importance factor can describe the importance of service

fs, which is denoted as

Imp(

fs). Moreover, the weighted insecurity of service

fs can be denoted as (

Imp(

fs) ×

IISec(

VUL, fs)). The weighted insecurity factor of service set

FS can be computed as follows:

In addition, assume

UniInSec(

FS) is used to denote the uniformization of

InSec(

FS), which can be calculated by:

Moreover, because the social networking advanced fog computing system is complex and dynamic, it is necessary to analyze transient state of the security service. To provide the analysis for the transient state of the security service, a finite homogeneous continuous-time Markov chain is used to establish the description model. Assume that

$\left\{V(t),t\ge 0\right\}$ denotes the finite homogeneous continuous-time Markov chain. Moreover, assume

$SP=\{1,2,\dots ,n\}=A\cup B$ is the state space, where the absorbing state set is denoted as

A and non-absorbent set is denoted as

B. Assume

CH_{i}(

t) denotes the transition probability matrix of the finite homogeneous continuous-time Markov chain. Let

CH_{j}(

t) =

CH(

SP(

t)

= j), where

CH is the transition probability matrix of the finite homogeneous continuous-time Markov chain, and

SP is the state space. The transition probability matrix of the finite homogeneous continuous time Markov chain in

j-th time slot is the transition probability matrix of the corresponding state space. Assume that infinitesimal generated matrix is denoted as

GM = [

g_{ij}], then:

where

CH(0) is known. Moreover, within time [0, t], assume

Res(

t) is the reserve of state

j. Here

Res(

t) can be obtained by:

Then, the following formula can be obtained.

According to the transition in time slot T, GMT, which is the submatrix of GM, can be constructed. Then

GM_{T} can take the place of

GM in Equation (7).

$Re{s}_{T}$ is the reserve of state

j in time slot

T. Next, assume

$Re{s}_{T}(\infty )$ can be obtained by:

Assume

T_{ab} denotes the time when the system enters the absorbing state totally, which can be computed by:

#### 4.4. Security Service Recommendation Based on Particle Swarm Optimization (PSO)

In this section, the security service recommendation mechanism is proposed for social fog computing. Particle swarm optimization (PSO) is a new bionic evolutionary algorithm for crowd sensing, which is inspired by the movement of birds looking for habitat [

27]. PSO is introduced as a basis of the proposed crowding sensing based security service recommendation. In PSO, each individual can be regarded as a particle with no weight and volume. Although the moving track of a single particle seems chaotic, a particle can dynamically adjust the behaviors according to its own and its companions’ experiences until the swarm enters a better area of the environment with high fitness.

Assume that a particle swarm with l particles finds the optimal results in an h-dimension solution space. The PSO algorithm-based crowd sensing is as follows:

**Step 1:** Initialization: Set the learning factor ler_{1}, ler_{2}, and maximal evolution algebra al_{max}, when evolution algebra al = 1. Assume that m service particles are generated randomly in space R, which are denoted as p_{1}, p_{2}, …, p_{m}, and the service swarm matrix sw(t). Next, the displacement variations are generated randomly for each service particle, which are denoted as c_{1}, c_{2}, …, c_{m} forming a displacement variation matrix C(t).

**Step 2:** The service swarm is evaluated, and the adaptive value ADA(P_{i}) is computed.

**Step 3:** The adaptive value ADA(P_{i}) of the current service particle is compared with its history optimization value HisBe; if ADA(P_{i}) is better than HisBe, HisBe is set as the current value of ADA(P_{i}), and the location of HisBe is set as the current location.

**Step 4:** The current adaptive value ADA(P_{i}) is compared with the optimal value of the service swarm, which is denoted as SwaBe. If ADA(P_{i}) is better than SwaBe, SwaBe is set as the current value of ADA(P_{i}), where the order number of SwaBe is the order number of the current service particle.

**Step 5:** The new service swarm, denoted as

P(

t + 1), can be generated based on the updates of the velocity and location of the service particle. The location matrix of the

i-th service particle is denoted as

Li = (

l_{i}_{1},

l_{i}_{2}, …,

l_{id}). Assume that the best location searched by the

i-th service particle is

LOC_{i} = (

trac_{i}_{1},

trac_{i}_{2}, …, tra

c_{id}), which is the location that the

i-th service particle passed with the best adaptive value.

LOC_{g} = (

trac_{g}_{1},

trac_{g}_{2}, …,

trac_{gd}) is used to denote the best location where all the service particles passed so far. The best adaptive value can be computed based on the objective function of the object problem. In the

t-th step of the computation, assume the security assessment factor and service track of the

i-th service particle in the

j-dimensionality space are

loc_{ij}(

t) and

v_{ij}(

t), respectively:

where

∂ is the inertial factor, and

a_{1},

a_{2} is the variation coefficients of the security assessment factor. Assume the

a_{1} is an adjustment factor used to adapt the security assessment factor of the service particle based on its own optimal solution. Additionally, let

a_{2} be an adjustment factor used to adjust the security assessment factor of the service particle adapting to the global optimal solution.

The current adaptive value ADA(P_{i}) is compared with the optimal value of the service swarm SwaBe. If ADA(P_{i}) is better than SwaBe, SwaBe is set as the current value of ADA(P_{i}), where the order number of SwaBe is the order number of current service particle.

**Step 6:** The evaluation value is checked to judge whether it achieves a given accuracy. If the evaluation value achieves given accuracy, the circulation is finished. Otherwise, set t = t + 1 and jump to **Step 2**.

Next, the security service recommendation method is proposed. Assume that

N is the matrix for predicting

n historical security service samples and

M is the prediction matrix of the

j-th security service of the

N by using

e predication methods. Then

M and

N are standardized, and assume that

EM and

EN are the standardized matrixes of

M and

N, which are computed by:

where

$\overline{N}$ and

std_{N} are the mean value and standard deviation of

N, respectively.

where

${\overline{M}}_{i}$ and

std_{i} are the mean value and standard deviation of the

i-th independent variable, respectively.

Assume that

$SR={\left[s{r}_{1},s{r}_{2},\dots ,s{r}_{n}\right]}^{T}$ is the weight matrix of

n service samples. Based on the weight matrix, the new matrices

M^{n} and

N^{n} are introduced. The construction method is as follows: Assume that the

p-th sample occurs

β_{f} times in the original data matrices

M^{n} and

N^{n}. In fact, when the data volume increases, the dimensionality number and the computation complexity of the data are very high. To decrease the computation complexity, we introduce the new matrices

M^{nn} and

N^{nn}, which can be computed as follows:

where

$diag\left(\sqrt{p}\right)$ denotes the diagonal matrix composed by the service elements which are the square roots of the sample weight matrix

p = [

p^{1},

p^{2}, …,

p^{n}]

^{T}. Partial least-squares (PLS) regression is a multivariate analysis method, which was proposed by Wold and lbano for some import regression problems, such as multicollinearity. PLS regression performs the integrations and selections, then extracts the aggregative variable with the best explanations for the systems. At the same time, PLS regression can delete the multicollinearity information and the information without explanation meanings, thus, it can resolve the problem of multicollinearity among the variables. Therefore, the model with good imitative effect, robustness, and prediction capabilities can be obtained. PLS regression can be used to analyze the mass data with the multicollinearity among the variables. Moreover it can deal with the situation in which the samples less than predication variates. Based on the above advantages of PLS regression, we introduce this regression to improve the crowd sensing-based security service recommendation.

Based on the proof in [

28], the PLS regression of

M^{n},

N^{n} is the same as that of

M^{nn},

N^{nn}. Thus the computation of sample weights between

M and

N can translate into the computation of the PLS regression between

M^{nn} and

N^{nn}. It is necessary to obtain service particles

p = [

p^{1},

p^{2}, …,

p^{3}]

^{T} and get the best predication precision, which is a global optimization problem. To resolve aforementioned problem, the objective function is set as:

where

$\stackrel{\u2322}{N}$ is combination predication value of

N_{i}. The process of the security service recommendation for social fog is shown in

Figure 3.

**Step 1:** Standardization is performed for the initial security service data based on Equations (17) and (18).

**Step 2:** Initial security service sample weight p with x-dimension is generated, which means x initial particles are generated for the crowd sensing algorithm. At the same time, all parameters of the crowd sensing algorithm are initialized.

**Step 3:** M^{nn} and N^{nn} are computed based on p. For each particle, PLS regression is performed on M^{nn} and N^{nn}. Then the weights are obtained for each predication method.

**Step 4:** The value of objective function is computed based Equation (21), which act as the adaptive degree for each service particle.

**Step 5:** For each particle, the adaptive value is compared with the best security service it applied. If the adaptive value is better, it is set as the current best security service.

**Step 6:** For each service particle, the adaptive value is compared with the best security service of all the uses applied. If the adaptive degree is better, it is set as the current global best security service, which is recommended to the users.

**Step 7:** Each particle is updated based on Equations (15) and (16) then jump to Step 3 again.