A Trusted Measurement Scheme for Connected Vehicles Based on Trust Classification and Trust Reverse

Abstract

As security issues in vehicular networks continue to intensify, ensuring the trustworthiness of message exchanges among vehicles, infrastructure, and cloud platforms has become increasingly critical. Although trust authentication serves as a fundamental solution to this challenge, existing models fail to effectively address the specific requirements of vehicular networks, particularly in defending against malicious evaluations. This paper proposes a novel multidimensional trust evaluation framework that integrates both static and dynamic metrics. To tackle the issue of malicious ratings in peer assessments, a rating reversal mechanism based on K-means clustering is designed to effectively identify and correct abnormal trust feedback. In addition, the framework incorporates an entropy-based trust weight allocation mechanism and a time decay model to enhance adaptability in dynamic environments. The simulation results demonstrate that, compared with traditional approaches, the proposed scheme improves the average successful information rate by 12% and reduces the false positive rate to 6.1%, confirming its superior performance in securing communications within the vehicular network ecosystem.

1. Introduction

Connected vehicles represent a pivotal advancement in transportation technology, offering transformative capabilities to enhance system efficiency, reduce traffic incidents, improve safety measures, and mitigate congestion impacts [1]. Industry projections indicate a substantial growth trajectory, with the global connected vehicle market expected to reach 9.9 billion units by 2035 [2]. However, the rapid development of these technologies has concurrently introduced significant security vulnerabilities. A notable demonstration of these challenges occurred in 2015 when Chrysler initiated a recall of 1.4 million vehicles following the discovery of critical remote attack vulnerabilities [3]. The rapid development of IoT technologies (as surveyed in [4]) and mobile edge computing standardization efforts [5] have created both opportunities and challenges for secure V2X communications.

The automotive industry has progressively integrated vehicle-to-everything (V2X) communication technologies, encompassing both vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) systems, into modern vehicles. From a security perspective, ensuring the trustworthiness of messages exchanged among vehicles, infrastructure, and cloud platforms is paramount. Within the Car Communication Consortium, extensive deliberations have been conducted regarding security protocols and protective measures for vehicular systems. These discussions culminated in the establishment of comprehensive security frameworks, including the definition of trusted assurance levels and specific security requirements [6].

The connected vehicles network, encompassing V2V, V2I, and V2X communications, exhibits significant architectural similarities with edge computing paradigms, as illustrated in Figure 1. Recent advancements in industrial edge computing [7] have demonstrated the critical role of low-latency processing and distributed trust management in mission-critical systems, providing valuable insights for vehicular network design. This correspondence necessitates a targeted consideration of both connected vehicle network characteristics and edge computing features in system design. The core research focus lies in developing efficient and comprehensive interaction mechanisms for trusted node access within these networks. However, existing trust models demonstrate limited capability in addressing the critical requirements for secure interaction among connected vehicle nodes, highlighting a substantial research gap in this domain.

The establishment of efficient node interaction fundamentally depends on the maintenance of robust trust relationships, which can be effectively quantified through trust models [8]. However, the implementation of these models necessitates the comprehensive consideration of multiple attributes. Current trust modeling approaches are primarily categorized into two distinct paradigms: centralized trust modeling [9,10] and distributed trust modeling [11,12], differentiated by the entity responsible for trust metric computation. A critical research challenge lies in developing effective trust assessment mechanisms for connected vehicle nodes, particularly in leveraging architectural features to integrate the respective advantages of both centralized and distributed trust models for comprehensive node trust modeling in connected vehicle networks.

In this study, we propose a novel trusted measurement scheme for connected vehicles, incorporating trust classification and trust reversal mechanisms. The primary contributions of this work are as follows:

• We have developed a comprehensive trusted measurement framework specifically designed for connected vehicle systems. This framework integrates carefully selected trust attributes and calculation methodologies, meticulously aligned with the unique security requirements of connected vehicle networks.
• We introduce an innovative score reversal mechanism to address malicious mutual evaluation scenarios. This mechanism demonstrates superior capability in identifying concealed malicious nodes compared to conventional approaches that fail to account for problematic scoring patterns.

This paper is organized into six distinct sections. Section 1 presents the research background and outlines the core innovations of this study. Section 2 provides a comprehensive review of recent advancements in relevant research domains. Section 3 elaborates on the rationale behind the selection of trust attributes in our proposed framework. Section 4 details the methodology for trust value computation. Section 5 presents the experimental evaluation and analysis of the results. Finally, Section 6 concludes this paper with a summary of the proposed scheme and its key findings.

2. Related Work

2.1. Security Mechanism of Connected Vehicles

Despite extensive research efforts by both academia and industry, connected vehicle nodes continue to face significant security challenges in open environments. Several approaches have been proposed to address these challenges. Jiang et al. [13] identified four primary research directions for security enhancement in IoT and connected vehicles: authentication, access control, management, and low-cost encryption schemes. Alfardus and Rawa [14] developed an RNN-based detection system using wavelet transforms for real-time IVN protection. Aledhari et al. [15] proposed new CAV security protocols and threat classifications. Traditional solutions include Ning’s [16] implementation of vendor-provided trusted execution environments to ensure secure node operation and Jung et al.’s [17] development of security-enhanced management platforms utilizing ARM Platform Security Architecture. However, these solutions exhibit limitations in terms of hardware dependency and limited generalizability. Recent studies on edge computing security frameworks [18] have emphasized the necessity of hierarchical protection mechanisms aligned with cybersecurity standards, which resonates with the distributed trust challenges in vehicular networks. Furthermore, while some researchers have explored time-automata-based secure gateways through firewall retrofitting similar to traditional network security approaches, such solutions demonstrate inadequate support for the distributed nature of connected vehicle networks. Current research continues to develop more adaptive solutions to overcome these challenges.The proposed trust evaluation framework operates without relying on proprietary hardware. It integrates multidimensional metrics, including static and dynamic trust, offering strong scalability and platform independence. This enables effective security protection for the Internet of Things and makes the framework well suited for large-scale deployment environments.

2.2. Trust Model

The concept of trust, originating from sociological studies, was first adapted for device management by Blaze et al. [19] in 1996. Their pioneering work conceptualized trust models as proactive defense mechanisms, establishing a framework for enhancing the trustworthiness of connected systems through trust extension. Building upon this foundation, recent advancements have significantly expanded trust management techniques for vehicular networks. Shahariar and Phillips [20] proposed a tamper-proof device-based trust management framework for VANETs that regulates driver behavior and reduces communication overhead by disseminating feedback only when conflicting information arises. Mwanje et al. [21] further introduced a fuzzy-logic-based trust evaluation framework that considers factors such as message freshness and sender location to determine the trust level of vehicles in the network. Ma et al. [22] developed an integrated trust-based evaluation model for edge nodes, facilitating efficient edge computing operations, while Sultan et al. [23] proposed a collaborative trust approach for detecting malicious nodes in vehicular ad hoc networks (VANETs). However, the literature lacks detailed documentation regarding the specific trust metric processes employed in their model. In the domain of vehicular networks, Hamssa [24] introduced a hybrid trust model (HTM) coupled with a malicious behavior detection system (MDS) specifically designed for VANET systems. While effective within its target domain, this approach demonstrates limited applicability to other technological domains. The information-entropy-based multidimensional trust evaluation mechanism designed in this paper incorporates a time decay function, enabling the system to dynamically adjust the weight of each trust dimension over time. This approach allows for more effective differentiation between short-term anomalies and long-term malicious behaviors, thereby improving the accuracy of trust inference and ensuring its effective applicability in the Internet of Things domain.

2.3. Machine Learning

Machine learning (ML) has emerged as a prevalent and effective technique for malicious node detection in various network environments. Akbani et al. [25] pioneered an approach combining machine learning with reputation systems, while Liu et al. [26] developed a trust system that evaluates node trustworthiness through routing path analysis. Subsequent advancements by Liu et al. [27] introduced a classification scheme utilizing linear regression methods to distinguish between malicious and benign nodes, incorporating the potential for multiple mixed attacks. Mehmet Aslan and Sevil [28] Sen proposed a dynamic ML-based trust management model for VANETs, adaptively assessing trust levels to enhance malicious node detection while reducing computational overhead. Further research by Yang et al. [29] identified sophisticated selective edge packet attacks, highlighting the evolving intelligence of malicious nodes in executing targeted attacks. Wang et al. [30] developed MESMERIC, an ML-driven trust management mechanism that integrates direct trust, indirect trust, and contextual information to separate trustworthy vehicles via optimal decision boundaries. Rashid et al. [31] further designed an adaptive real-time detection framework for VANETs, employing a distributed multi-layer classifier validated through OMNET++/SUMO simulations, achieving high DDoS attack detection accuracy. However, despite these advancements, existing machine-learning-based approaches face limitations in their applicability to connected vehicle systems with edge computing capabilities, primarily due to high computational overhead and inherent model constraints. The lightweight rating reversal mechanism proposed in this paper employs the K-means clustering algorithm to detect abnormal rating behaviors and automatically correct malicious ratings. This significantly reduces the system’s computational overhead while maintaining high detection accuracy, thereby enhancing its practical deployability in resource-constrained vehicular environments.

3. Trusted Multidimensional Assessment Metrics

In response to the critical data collection requirements and diverse security risks inherent in connected vehicle networks, we have developed a comprehensive trust evaluation framework comprising two distinct components: static trust and dynamic trust. The static trust component evaluates the inherent characteristics and integrity of node hardware and software, enabling the identification of fundamental device faults or persistent security compromises. Conversely, the dynamic trust component assesses real-time node behavior and data quality, facilitating the timely detection of anomalous activities and potential data inaccuracies, even in otherwise operational nodes. This dual-component approach provides a robust mechanism for comprehensive trust evaluation in connected vehicle systems.

The proposed network architecture in this study organizes connected vehicles into multiple clusters $(cl{u}_1,cl{u}_2,\dots ,cl{u}_n)$, where each cluster is responsible for executing similar tasks or connecting to shared infrastructure. Within each cluster, numerous nodes $(nod{e}_{n1},nod{e}_{n2},\dots ,nod{e}_{nm})$ operate under the supervision of designated management nodes $(manag{e}_{n1},manag{e}_{n2},\dots ,manag{e}_{nm})$. These management nodes, selected from infrastructure components or ordinary nodes, facilitate intra-cluster coordination and inter-cluster communication. For the purpose of this study, we assume that all management nodes maintain complete security through the implementation of established security mechanisms. The comprehensive network architecture is illustrated in Figure 2.

Each node must verify its trustworthiness to the manage through both static (inherent characteristics) and dynamic (real-time behavior) trust assessments.

3.1. Hardware Metrics

We represent hardware components as $(h_0,h_1,\dots ,h_k,\dots ,h_n)$, where $(h_1,\dots ,h_k)$ denotes non-replaceable node components and $(h_{k+1},\dots ,h_n)$ indicates user-replaceable parts (e.g., batteries). During initialization, the nodes send hardware information to the manage as $(h_0^{\prime },h_1^{\prime },\dots ,h_n^{\prime })$.

The hardware trust value is shown in Equation (1):

$$Me\left(Ha\right)=\prod _{i=1}^k(h_i\wedge h_i^{\prime })\wedge ({\displaystyle \frac{1}{n-k}}\sum _{i=k}^n{h}_i\wedge h_i^{\prime })$$

(1)

The formulation explicitly distinguishes between critical hardware components, which are non-replaceable, and external extended hardware, which permits partial replacement. However, the safety thresholds governing such replacements are exclusively determined by system administrators.

3.2. Software Metrics

We characterize software components as $(s{o}_0,s{o}_1,\dots ,s{o}_k,\dots ,s{o}_n)$, where $(s{o}_0,\dots ,s{o}_k)$ encompasses critical, non-modifiable system software, including a bootloader and OS kernel, while $(s{o}_{k+1},\dots ,s{o}_n)$ comprises user-configurable applications. Following system configuration, nodes submit their software information $(s{o}_0^{\prime },s{o}_1^{\prime },\dots ,s{o}_k^{\prime },\dots ,s{o}_n^{\prime })$ to the manage during the initialization phase.

The software trust value is shown in Equation (2):

$$Me\left(So\right)=\prod _{i=1}^k(s{o}_i\wedge s{o}_i^{\prime })\wedge ({\displaystyle \frac{1}{n-k}}\sum _{i=k}^{n}s{o}_i\wedge s{o}_i^{\prime })$$

(2)

The formulation explicitly distinguishes between critical software components, which are non-replaceable, and external extended software, which permits partial modification. While users may sequentially deploy additional applications, the software trust value maintains inherent resilience. However, the safety thresholds governing such modifications are exclusively determined by system administrators.

3.3. Dynamic Metrics

Given the frequent state transitions of operational nodes, the manage requires a periodic dynamic assessment of each node.

We categorize dynamic trust metrics into two distinct dimensions based on node characteristics: behavioral trust and data trust. Behavioral trust encompasses network behavior patterns, energy consumption profiles, and security policy compliance. Data trust is established through a comparative analysis of data collected by individual nodes against peer node datasets.

The dynamic assessment framework incorporates five key parameters: security policy compliance $Me\left(St\right)$, energy efficiency $Me(\Delta E)$, behavioral consistency $Me\left(Beh\right)$, network activity $Me\left(Na\right)$, and data reliability $Me\left(Data\right)$.

3.3.1. Security Policy Score

In connected vehicle networks, multiple nodes collaborate through inter-node communication to accomplish shared tasks. Within each device, communication occurs between specific processes. We model these communication processes as $c_1,c_2,\dots ,c_n$, with the corresponding permission sets required for task execution denoted as $\{j_1,j_2,\dots ,j_n\}$. The access privileges granted to external processes by a node are represented as $j_a$.

Then, the security policy trust value is shown in Equation (3):

$$Me\left(St\right)={\displaystyle \frac{1}{l-1}}\sum _{i=1}^l{j}_i\wedge j_u$$

(3)

The security policy score quantifies the degree of alignment between the permissions required by the current process and the authorized permission set.

3.3.2. Energy Score

Energy status serves as a critical metric for node valuation, providing dual insights into system operation and security. Primarily, energy consumption patterns reflect the operational load distribution across IoT devices, potentially indicating network segmentation or uneven workload distribution. Secondarily, anomalous energy fluctuations may signify device malfunctions or security breaches. Node energy consumption originates from three primary sources: data transmission/reception, computational processing, and device operation. The input/output energy consumption $E_{IO}$ is calculated as $E_{IO}=C_{IO}·b+C_{Init}·b·d^2$, where b represents the number of transmitted/received bits, d denotes the inter-node distance, $C_{IO}$ indicates the average energy consumption per bit, and $C_{Init}$ accounts for the energy required to establish communication standards.

Computational energy consumption $\left(E_{Com}\right)$ is determined by task complexity and device efficiency, while collection device consumption $\left(E_{Coll}\right)$ depends on device power requirements and quantity. Given the practical challenges in the real-time measurement of $E_{IO}$, $E_{Com}$, and $E_{Coll}$, we employ an estimation approach based on the assumption of relatively stable operational patterns. Within a defined timeframe, the total energy reduction can be equated to the sum of these consumption components, the function as shown in Equation (4):

$$\begin{array}{cc}\hfill \Delta E& =E_t-E_{t-1}\hfill \\ \hfill & =E_{IO}+E_{Com}+E_{Coll}\hfill \end{array}$$

(4)

These consumption variations serve as critical indicators for dynamic trust assessment. For the energy score evaluation, we establish a threshold-based mechanism. Let ${\mathrm{Eth}}_i$ represent the acceptable energy deviation threshold for device i. The collective threshold vector for n devices is defined as $Energythreshold=\{Et{h}_1,Et{h}_2,\dots ,Et{h}_n\}$. Considering historical energy consumption data $\Delta E^h$, the energy score can be computed through the following formulation, as shown in Equation (5):

$$\begin{array}{c}\hfill Me(\Delta E)=\left\{\begin{array}{cc}1& \Delta E-\Delta E^h<Energythreshold\\ \left|{\displaystyle \frac{1}{\Delta E-\Delta E^h}}\right|& \Delta E-\Delta E^h\ge Energythreshold\end{array}\right.\end{array}$$

(5)

3.3.3. Behavior Score

Node behavior analysis focuses on data forwarding characteristics, encompassing three critical metrics:

Network forwarding rate $nfr$: When $nod{e}^{\prime }$ requests N data packets from node and node successfully forwards n packets $(n\le N)$, the forwarding rate is evaluated based on the ratio of delivered packets received by $nod{e}^{\prime }$.

Network repeat rate $nrr$: This metric quantifies data duplication in node reports. A lower repetition rate indicates higher node trustworthiness. Conversely, increased repetition rates may suggest malicious activity, as compromised nodes often replay historical messages to evade detection, thereby reducing their trustworthiness.

Network transmission delay $ntd$: The transmission delay must remain within the network architecture’s permissible range. The time interval for data forwarding from $nod{e}^{\prime }$ is constrained by system-specified thresholds.

The above node behavior $\Omega B$ can be described as shown in Equation (6):

$$\Omega B=(nfr,nrr,ntd)$$

(6)

The behavior score of $\Omega B$ is shown in Equation (7):

$$\mathrm{Me}\left(Beh\right)=\sum _{i=1}^n\Omega B_i\times \Omega {B_i}^h$$

(7)

$\Omega {B_i}^h$ represents the historical value of the i-th component of the node behavior metric vector. It reflects the normal behavior pattern of the node in the past. By comparing the current value $\Omega {B_i}^h$ with its historical value $\Omega {B_i}^h$, we can effectively detect abnormal changes in the node’s behavior.

3.3.4. Node Activity

Node activity serves as a crucial indicator of the vitality and operational stability of a node. The trustworthiness of a node is positively correlated with its activity level, which is determined by the frequency and success rate of interactions with other nodes and clusters.

We define the node activity calculation function $NodeActCalc$ using Equation (8):

$$NodeActCalc\left(x\right)=1-{\displaystyle \frac{1}{x+\epsilon }}$$

(8)

$\epsilon$ is a positive regulation constant; when $\epsilon \to \infty$, $textcolorredNodeActCalc\left(x\right)\to 1$.

The node activity $Me\left(Na\right)$ is determined using Equation (9):

$$Me\left(Na\right)={\displaystyle \frac{NodeActCalc\left(nod{e}^{\prime }\right)+NodeActCalc\left(cl{u}^{\prime }\right)}{2}}$$

(9)

$NodeActCalc\left(nod{e}^{\prime }\right)$ represents the number of nodes interacting with the target node, while $NodeActCalc\left(cl{u}^{\prime }\right)$ denotes the number of clusters interacting with the node.

3.3.5. Data Trust

Data trust is established by comparing a node’s reported values with those of other nodes in the same environment to assess data accuracy. For instance, a temperature variation exceeding 5 °C within a confined space is highly improbable.

Significant deviations in a node’s reported data relative to its peers may indicate either node malfunction or environmental anomalies. This cross-node validation mechanism aligns with the IoT data integration frameworks proposed in [32], where distributed device collaboration is essential for ensuring data credibility in large-scale sensing networks. To quantify data trust, we define an acceptable offset threshold for each measurable metric within the system. The collective threshold vector for n metrics is represented as $Datathreshold=\{Dtt{h}_1,Dtt{h}_2,\dots ,Dtt{h}_n\}$. Given historical data $Dat{a}^h$, the data trust value can be calculated by the following formula, as shown in Equation (10):

$$Me\left(Data\right)=\sum _{i=1}^n\left\{\begin{array}{cc}1\hfill & Dat{a}_{\mathrm{i}}-Dat{a}_i^h<Dtt{h}_i\hfill \\ \mid {\displaystyle \frac{1}{Dat{a}_{\mathrm{i}}-Dat{a}_i^h}}\mid \hfill & Dat{a}_{\mathrm{i}}-Dat{a}_i^h\ge Dtt{h}_i\hfill \end{array}\right.$$

(10)

4. Trusted Multidimensional Assessment Methods

4.1. Dynamic Trusted Weight

To effectively weight different trust dimensions, our methodology incorporates information entropy, a concept adapted from thermodynamic entropy by Shannon information theory. This approach provides a robust mechanism for quantifying uncertainty in trust evaluation, ensuring that metrics from more reliable nodes align more closely with actual conditions.

Building upon the trust value components outlined in Section 3, the information entropy $Ct$ for each dimension is computed as shown in Equation (11):

$$\mathrm{Ct}\left(Me\right(i\left)\right)=-Me\left(i\right)logMe\left(i\right)-(1-Me(i\left)\right)log(1-Me(i\left)\right)$$

(11)

$Me\left(i\right)$ represents the trust value of a specific dimension for a node, and $1-Me\left(i\right)$ denotes the corresponding untrustworthiness.

When comparing the information entropy of two distinct dimensions, a higher entropy value indicates greater uncertainty within that trust dimension. This increased uncertainty suggests a more significant contribution to the overall trustworthiness assessment, thereby warranting a higher weighting in the evaluation process.

Following the computation of information entropy $Ct$ for various trust indicators, the trust differentiation $Td$ for each dimension can be derived as shown in Equation (12):

$$T{d}_i=\left\{\begin{array}{cc}1-{\displaystyle \frac{1}{logL}}Ct\left(Me\left(i\right)\right)\hfill & Ct\left(Me\right(i\left)\right)>\rho \hfill \\ 0\hfill & Ct\left(Me\right(i\left)\right)<\rho \hfill \end{array}\right.$$

(12)

L represents the number of trust levels, standardized to five in this study. In practical applications, this parameter is configurable by system administrators. The metric weights ${\alpha }_i$ for different trust indicators are calculated as shown in Equation (13):

$${\alpha }_i={\displaystyle \frac{T{d}_i}{{\sum }_{i=1}^{n}T{d}_i}}i=1,2,\dots ,n$$

(13)

In the formula, $0⩽{\alpha }_i⩽1$, and ${\displaystyle \sum _{i=1}^n}{\alpha }_i=1$.

4.2. Time Decay

Trust evaluation should incorporate not only the current state but also historical trust patterns and their temporal evolution. This temporal sensitivity necessitates a dynamic decay mechanism for historically acquired trust values over time.

Consider a node subjected to n trust evaluations between time $t-\Delta t$ and t, yielding a sequence of multidimensional trust assessment indicators $\{M1,M2,\dots ,M_n\}$. Here, $M_1$ represents the oldest metric while $M_n$ corresponds to the most recent assessment. The time weight coefficient is defined as in Equation (14):

$$w_i=h\left(i\right)/i$$

(14)

$h\left(i\right)$ denotes the time decay function, constrained by $h\left(i\right)\in [0,1]$. This decay function assigns temporally weighted significance to trust metrics, prioritizing recent interactions over historical ones. The time decay function can be formulated as shown in Equation (15):

$$h\left(i\right)=\left\{\begin{array}{cc}1\hfill & i=n\hfill \\ h(i-1)=h\left(i\right)-{\displaystyle \frac{1}{n}}\hfill & 1⩽i⩽n\hfill \end{array}\right.$$

(15)

4.3. Trust Feedback and Dispersion

Nodes inherently operate within clusters, necessitating frequent communication with peer devices and servers. Consequently, trust evaluation must incorporate assessments from other devices, with trust feedback and dispersion serving as fundamental mechanisms for node management. Each node is obligated to provide feedback following interactions, enabling the server to maintain unified control and update trust assessments based on collective feedback.

Following an interaction between a node and other devices, the subject node evaluates the guest node’s behavior on a scale of $[0,1]$, where 0 indicates complete dissatisfaction and 1 represents full satisfaction.

Let $E{x}_{ij}$ denote the interaction satisfaction of node $P_i$ toward node $P_j$, which can be calculated as shown in Equation (16):

$$E{x}_{ij}={\left[\prod _{i=1}^n{\alpha }_i\Omega B_i\right]}^{1/n}$$

(16)

In this formulation, ${\alpha }_i$ represents the trust weight defined in Section 4.1 while $\Omega B_i$ denotes the i-th component of node behavior metrics.

Upon computing the interaction satisfaction, the $server$ stores the results and updates the historical record vector as shown in Equation (17):

$$E{x}_{ij}^h=(〈t_1,E{x}_{ij}^{h^{\left(1\right)}}〉,〈t_2,E{x}_{ij}^{h\left(2\right)}〉,\dots ,〈t_n,E{x}_{ij}^{h^{\left(n\right)}}〉)$$

(17)

$t_i$ represents the timestamp of the i-th interaction and $E{x}_{ij}^{h^{\left(i\right)}}$ records the subjective satisfaction at time $t_i$.

The feedback trust value is calculated by aggregating historical interaction satisfaction, as shown in Equation (18):

$$Me\left(Ex\right)=w_{t}E{x}_{ij}+w_{t-1}{T}_{ij}^h$$

(18)

Given the potential instability of node services, it is essential to calculate the trust dispersion based on historical interaction satisfaction after obtaining the direct trust value. This dispersion metric serves as a subjective evaluation of the reliability of the node’s self-assessment and is subsequently reported to the server during feedback submission. The dispersion degree ${\rho }_{ij}$ is calculated as shown in Equation (19):

$${\rho }_{ij}={\displaystyle \frac{1}{\sqrt{\frac{1}{n-1}{\sum }_{k=1}^{n-1}{(E{x}_{ij}^{h^{\left(k\right)}}-Me\left(Ex\right))}^2}+1}}$$

(19)

The server maintains a feedback trust record matrix structured as shown in Equation (20):

$$\begin{array}{cc}\hfill & TM{a}^{P_i\to P_j}=\hfill \\ \hfill & \left(\begin{array}{cccc}〈E{x}_{11},{\rho }_{11}〉& 〈E{x}_{12},{\rho }_{12}〉& \dots & 〈E{x}_{1n},{\rho }_{1n}〉\\ 〈E{x}_{21},{\rho }_{21}〉& 〈E{x}_{22},{\rho }_{22}〉& \dots & 〈E{x}_{2n},{\rho }_{2n}〉\\ \dots & \dots & \dots & \dots \\ 〈E{x}_{n1},{\rho }_{n1}〉& 〈E{x}_{n2},{\rho }_{n2}〉& \dots & 〈E{x}_{nn},{\rho }_{nn}〉\end{array}\right)\hfill \end{array}$$

(20)

The feedback trust value from $P_i$ to $P_j$, denoted as $TM{a}^{P_i\to P_j}$, along with the dispersion degree ${\rho }_{ij}$, is recorded. When $i=j$, this record is excluded from the calculation of trust feedback, dispersion, and overall trust.

The trust evaluation for node j, denoted as $TM{a}^{P_{*}\to P_j}$, is calculated as the mathematical expectation of the j-th column in the feedback trust matrix.

4.4. Detection and Reversal Mechanism of Scores from a Malicious Evaluation

In scenarios where a system is compromised, attackers may infiltrate multiple devices to collaboratively manipulate trust evaluations. These compromised nodes may artificially inflate trust scores for other malicious nodes during the feedback process, thereby deceiving the system into classifying them as trustworthy. To address this vulnerability, we propose a score reversal mechanism designed to mitigate the impact of fraudulent evaluations from compromised devices.

Prior to implementing the reversal mechanism, we employ a filtering process to identify suspicious scores. Our methodology utilizes the k-means clustering algorithm for anomaly detection in trust evaluations.

The input is node list $node=\{nod{e}_{n1},nod{e}_{n2},\dots ,nod{e}_{nm}\}$, with the value of each node’s trust $Me$ and the feedback record matrix $TM{a}^{P_i\to P_j}$ as each variable’s threshold. The K-means maximum number of iterations is $k{m}^{max}$. The output is a list of problematic mutual evaluations, denoted as $fix$. The algorithm procedure consists of the following steps:

• Initialization phase: The method utilizes node i’s trust value $M{e}_i$ and its evaluation tuple $〈E{x}_{ij},{\rho }_{ij}〉$ toward node j to construct data points. Two initial centroids are randomly selected from these points: $(M{e}_x.<E{x}_{xj},{\rho }_{xj}>)$ and $(M{e}_y.<E{x}_{yj},{\rho }_{yj}>)$. The iteration counter $kmi$ is initialized to 0, and a list $fix$ is created to store identified problematic nodes.
• K-means clustering: Two cluster lists, $List1$ and $List2$, are initialized to represent the K-means clusters. A centroid change flag $flag\_change$ is introduced to track updates to the centroids, with its default value set to false. In each iteration, $kmi$ is increased by 1. For each data point $(M{e}_i.<E{x}_{ij},{\rho }_{ij}>)$, distances $dist1$ and $dist2$ to the current centroids are computed. The point is assigned to the cluster with the smaller distance, and centroids are recalculated based on the updated clusters. The algorithm terminates if the maximum iteration count $k{m}^{max}$ is reached or if centroids remain unchanged.
• Screening stage: The direct trust values of nodes in $List1$ and $List2$ are compared, and the cluster with lower trust values is identified as containing problematic mutual evaluations. These nodes are added to the problem group $fix$.

The pseudo-code is listed in Algorithm 1.

Algorithm 1 Calculate problematic scores

Input: Node list $node=\{nod{e}_{n1},nod{e}_{n2},\dots ,nod{e}_{nm}\}$; Each node’s trust value $Me$, Feedback Record Matrix $TM{a}^{P_i\to P_j}$; Each variable’s thresholdl; Maximum number of iterations $k{m}^{max}$. Output: Problematic scores record matrix $fix$. Each manager of clusters calculates its own nodes.     1: for $nod{e}_{ni}$ do     2:    Constructing $(M{e}_i.<E{x}_{ij},{\rho }_{ij}>)$.     3: end for     4: Randomly select two points $(M{e}_x.<E{x}_{xj},{\rho }_{xj}>)$ and $(M{e}_y.<E{x}_{yj},{\rho }_{yj}>)$, $flag\_change=0$, $kmi=0$.     5: repeat     6:    $C_1=$ , $C_2=$ , $flag=false$, $kmi++$     7:    for $(M{e}_i.<E{x}_{ij},{\rho }_{ij}>)$ do     8:        $dis{t}_1=\sqrt{{\left(M{e}_i-M{e}_x\right)}^2+{\left(〈E{x}_{ij},{\rho }_{ij}〉-〈E{x}_{xj},{\rho }_{xj}〉\right)}^2}$     9:        $dis{t}_2=\sqrt{{\left(M{e}_i-M{e}_y\right)}^2+{\left(〈E{x}_{ij},{\rho }_{ij}〉-〈E{x}_{yj},{\rho }_{yj}〉\right)}^2}$   10:        if $dis{t}_1\le dis{t}_2$ then   11:           $C_1=C_1\cup (M{e}_i.<E{x}_{ij},{\rho }_{ij}>)$   12:        else   13:           $C_2=C_2\cup (M{e}_i.<E{x}_{ij},{\rho }_{ij}>)$   14:        end if   15:    end for   16:    $\left(M{e}_{temp1};〈E{x}_{temp1j},{\rho }_{temp1j}〉\right)=\left({\displaystyle \frac{1}{\left|C_1\right|}}{\displaystyle \sum _{M{e}_i\in C_1}}M{e}_i;{\displaystyle \frac{1}{\left|C_1\right|}}{\displaystyle \sum _{〈E{x}_{ij},{\rho }_{ij}〉\in C_1}}〈E{x}_{ij},{\rho }_{ij}〉\right)$   17:    $\left(M{e}_{temp2};〈E{x}_{temp2j},{\rho }_{temp2j}〉\right)=\left({\displaystyle \frac{1}{\left|C_2\right|}}{\displaystyle \sum _{M{e}_i\in C_2}}M{e}_i;{\displaystyle \frac{1}{\left|C_2\right|}}{\displaystyle \sum _{〈E{x}_{ij},{\rho }_{ij}〉\in C_2}}〈E{x}_{ij},{\rho }_{ij}〉\right)$   18:    if $\left(M{e}_{tempx};〈E{x}_{tempxj},{\rho }_{tempxj}〉\right)\ne (M{e}_x.<E{x}_{xj},{\rho }_{xj}>)$ then   19:        $(M{e}_x.<E{x}_{xj},{\rho }_{xj}>)=\left(M{e}_{tempx};〈E{x}_{tempxj},{\rho }_{tempxj}〉\right)$   20:        $flag=true$   21:    end if   22:    if $\left(M{e}_{tempy};〈E{x}_{tempyj},{\rho }_{tempyj}〉\right)\ne (M{e}_y.<E{x}_{yj},{\rho }_{yj}>)$ then   23:        $(M{e}_y.<E{x}_{yj},{\rho }_{yj}>)=\left(M{e}_{tempy};〈E{x}_{tempyj},{\rho }_{tempyj}〉\right)$   24:        $flag=true$   25:    end if   26: until $kmi\le k{m}^{max}$ or $flag==false$   27: if $M{e}_x\le M{e}_y$ then   28:    $Fix=C_1$   29: else   30:    $Fix=C_2$   31: end if   32: return $Fix$

The score reversal mechanism operates as follows: when a node receives a high trust score during feedback evaluation but demonstrates consistently low scores across other trust dimensions, the server will automatically replace the inflated score with a lower, more representative value. Simultaneously, the system generates an administrative alert regarding the anomalous evaluation of the node in question.

The pseudo-code is listed in Algorithm 2.

Algorithm 2 Trust reverse

Input: Node list $node=\{nod{e}_{n1},nod{e}_{n2},\dots ,nod{e}_{nm}\}$; Each node’s trust value $Me$, Feedback Record Matrix $TM{a}^{P_i\to P_j}$; Each variable’s threshold; Problematic scores record matrix $fix$. Output: Fixed feedback record Matrix $TM{a_{fix}}^{P_i\to P_j}$. Each manager of clusters calculates its own nodes.     1: for $nod{e}_{ni}$ do     2:     if $nod{e}_{ni}$’s $Me<threshold$ then     3:         for $〈E{x}_{yj},{\rho }_{yj}〉\in TM{a}^{P_i\to P_j}$ do     4:             if $〈E{x}_{yj},{\rho }_{yj}〉>Fix$ and $nod{e}_{nj}$’s $Me<threshold$ then     5:                 $TM{a}_{fix}^{P_i\to P_j}=TM{a}^{P_i\to P_j}-1$     6:             else     7:                 $TM{a}_{fix}^{P_i\to P_j}=TM{a}^{P_i\to P_j}$     8:             end if     9:         end for   10:     end if   11: end for   12: return $TM{a}_{fix}^{P_i}\to P_j$

4.5. Trust Grouping

Connected vehicle nodes exhibit characteristics analogous to social communities, where each cluster functions as a micro-society with distinct structures and roles. Within these clusters, nodes share resources and engage in interactions. A node’s initial trust is significantly influenced by its cluster’s reputation, particularly before establishing its own trust history.

Building upon the variables defined in previous sections, we define the static metric vector of a node as $IC=\left(Me\right(Ha),Me(So\left)\right)$, and its operating vector as $RC=\left(Me\right(St),Me(\Delta E),Me(Beh\left)\right)$.

Let $\overline{IC}=(\overline{Me\left(Ha\right)},\overline{Me\left(So\right)})$ represent the expected static metric vector of managed devices from the perspective of $manag{e}_{nm}$. For a node under evaluation $nod{e}_n$, the static metric evaluation function $M{e}_{IC}$ in the trust grouping process is computed as shown in Equation (21):

$$M{e}_{IC}(\overline{IC},IC)={\displaystyle \frac{\overline{IC}·IC}{\sqrt{{\overline{IC}}^2}\sqrt{I{C}^2}}}$$

(21)

$nod{e}_n$ exhibits dynamic trust characteristics, requiring the evaluation of its reliability over the time interval $[t_i,t_{i+1}]$ to determine its trustworthiness. This reliability is calculated as shown in Equation (22):

$$\mathrm{M}{\mathrm{e}}_{RC}={\displaystyle \frac{MeIC(\overline{IC},IC)}{t_{i+1}-t_i}}\underset{t_i}{\overset{t_{i+1}}{\int }}Me\left(St\right)Me(\Delta E)\mathrm{Me}\left(Beh\right)dt$$

(22)

The administrator must establish a threshold $th$ for group membership. A node $nod{e}_n$ is permitted to join the group managed by $manag{e}_{nm}$ if its calculated trust metric satisfies $M{e}_{TC}>th$.

For nodes lacking direct neighbor trust relationships, their feedback trust values are derived from the cluster’s average trust value.

4.6. Total Trust

For each node, we obtain both its direct trust status and the modified trust feedback from other nodes. Consequently, our proposed method can be applied to compute the total trust of a node as shown in Equation (23):

$$H{T}_{total}={\beta }_o{\sum }_{i=1}^7{\alpha }_{i}Me\left(i\right)+{\beta }_{s}TM{a}^{P_{*}\to P_j}$$

(23)

${\beta }_0$ and ${\beta }_s$ represent the subjective and objective coefficients, respectively, which are determined by the system’s conditions. These coefficients satisfy the constraint ${\beta }_0+{\beta }_s=1$. The term $Me\left(i\right)$ denotes the value of each relevant variable as defined in the previous section.

Other nodes assess whether they should interact with a given node based on its computed total trust $T_{total}$ and their own trust requirements.

Following an interaction, the global trustworthiness of both nodes is updated based on the evaluation of the new interaction.

5. Scheme Analysis

To validate the proposed scheme, we developed a comprehensive test model and established an experimental environment, the detailed configuration of which is presented in

Table 1. Experiment parameter.

Parameter	Value	Description
Node	100	Number of nodes
Management	4	Number of clusters
Times	150	System run cycle
Transenergy	20	Energy consumption during transmission (nJ per time)
Computeenergy	2	Energy consumption at the time of calculation (nJ per time)
Init problem node rate (%)	5 10 15 20	Number of problem nodes at initialization

.

We conducted comprehensive performance evaluations using MATLAB R2022a, comparing the proposed scheme with Hussein’s scheme 1 [33] and Xie’s scheme 2 [34]. And,

Table 2. Comparison of trust evaluation schemes.

Dimension	My Scheme	Hussein’s Scheme	Xie’s Scheme
Trust Dimensions	Five-dimensional—static + dynamic (hard/soft/behavior/energy/data)	Three-dimensional—community trust (interaction frequency/success rate/reputation)	Four-dimensional—dynamic behavior (network/computation/storage/communication)
Malicious Node Detection	Two-stage detection (K-means clustering + score reversal)	Community-voting-based anomaly removal	Single-threshold behavior deviation detection
Dynamic Adaptability	Time decay function + entropy-based dynamic weighting	Fixed sliding time window averaging	Exponentially weighted moving average (EWMA)
Computational Complexity	O(n log n), distributed computing	O(n²), full-connection voting mechanism	O(n), centralized computation
Applicable Scenario	Highly dynamic vehicular networks	Static IoT device networking	Medium/low-speed mobile sensor networks

shows the comparison of the model architectures of the three solutions.

The experimental setup consists of 100 connected vehicle nodes distributed within a 100 × 100 m area. Nodes in this environment are susceptible to malicious attacks or internal failures, both of which result in reduced trust values. Upon detection of anomalous behavior, compromised nodes are isolated from the network. We measured two critical performance metrics: the information success rate (ISR), which reflects communication reliability, and the trust rate (TR), which indicates system integrity.

Each simulation iteration involves randomly deploying a predetermined number of malicious nodes within the test area, followed by system initialization and operation.

For each evaluated scheme, we executed the simulation environment over 150 operational cycles. The resulting system node states are visually represented in Figure 3 and Figure 4.

A comparative analysis of the three schemes reveals that our proposed approach demonstrates superior performance in minimizing the incorporation of problematic nodes, represented by red hollow nodes in the visualization.

We systematically measured the average information success rate (ISR) across varying initial percentages of problematic nodes, ranging from 5% to 20%. The comprehensive results are presented in Figure 5.

The information success rate (ISR) for each operational cycle is graphically presented in Figure 6.

As illustrated in Figure 6, our proposed scheme demonstrates superior capability in maintaining the system ISR, particularly under conditions of low initial problematic node concentrations. Furthermore, in scenarios with higher initial problematic node populations, our approach exhibits enhanced performance following the stabilization of mutual evaluation metrics.

We systematically analyzed the trust rate (TR) across various initial system configurations, with the comprehensive results presented in Figure 7.

The proposed scheme demonstrates superior resilience, as evidenced by a slower degradation rate of trust states across various initial conditions compared to alternative approaches. When analyzed in conjunction with ISR metrics, these results confirm the efficacy of our novel score reversal mechanism and validate the overall effectiveness of our proposed solution.

6. Conclusions

This study develops a trusted measurement framework for connected vehicle networks that unifies the static attestation of hardware and software with an entropy-weighted, time-decayed assessment of five dynamic dimensions. A two-stage defense, built on K-means outlier detection followed by score reversal, neutralizes collusive rating abuse and preserves rating integrity. Simulations with one hundred vehicles arranged in four clusters reveal that the framework raises the information success rate by 12 percent and caps the false-positive isolation rate at 6.1 percent, markedly outperforming Hussein’s community trust and Xie’s dynamic behavior baselines under identical conditions. Because the core algorithms execute with distributed O(n log n) complexity, they can run in real time on resource-constrained vehicular edge devices. Although the current evaluation is limited to MATLAB, the design is hardware-agnostic and cluster-aware, suggesting readiness for large-scale V2X deployments. Future work will extend verification to 5G/ITS-G5 testbeds, introduce reinforcement-based threshold tuning, and investigate latency and energy overhead in high-mobility settings to further refine practical applicability.