In order to solve the problem that the existing Internet of Things (IoT) trust evaluation method ignores the impact of the timeliness of trust and non-intrusion factors on direct trust evaluation, and is lack of reliability evaluation of trust recommendation nodes, which lead to low trust evaluation accuracy and low capability to deal with malicious nodes, an IoT node Dynamic Trust Evaluation Method (IDTEM) was proposed. Firstly, the quality of service persistence factor for nodes was introduced to evaluate node behavior and the dynamic trust attenuation factor of nodes was used to express the timeliness of trust, improving the Bayesian-based direct trust evaluation method. Secondly, the reliability of recommended node was evaluated from three aspects:recommended node value, evaluation difference and trust value of the node itself, and was used to optimize the recommendation trust weight calculation method. At the same time, recommendation trust feedback mechanism was designed to suppress collaborative malicious recommendation nodes by the feedback error between the actual trust of the service provided node after providing service and the recommendation trust. Finally, the adaptive weights of direct and recommendation trust of the node were calculated based on the entropy to obtain the comprehensive trust value of the node. Experimental results show that compared with the Reputation-based Framework for high integrity Sensor Network model (RFSN) based on Bayesian theory and the Behavior-based IoT Trust Evaluation Method (BITEM), IDTEM has certain advantages in dealing with malicious services and malicious recommendation behaviors, and has lower transmission energy consumption.

Aiming at the low detection rate caused by data imbalance in Android malware detection, an Android malware detection model based on Bagging-SVM (Support Vector Machine) integrated algorithm was proposed. Firstly, the permission information, intent information and component information were extracted as features from the file AndroidManifest.xml. Secondly, IG-ReliefF hybrid selection algorithm was proposed to reduce the dimension of data sets, and multiple balanced data sets were formed by bootstrap sampling method. Finally, a Bagging-based SVM ensemble classifier was trained by the multiple balanced data sets to detect Android malware. In the classification experiment, the detection rates of Bagging-SVM and random forest algorithm were 99.4% when the number of benign and malicious samples was balanced. When the ratio of benign and malicious samples was 4:1, the detection rate of Bagging-SVM algorithm was 6.6% higher than random forest algorithm and AdaBoost algorithm without reducing the detection accuracy. The experiment results show that the proposed model still has high detection rate and classification accuracy and can detect the vast majority of malware in the case of data imbalance.

Aiming at the low efficiency of the existing network security situation assessment method based on neural network, a network security situation assessment method based on Cuckoo Search (CS) optimized Back Propagation (BP) Neural Network (CSBPNN) was proposed. Firstly, the numbers of input and output nodes of the BP Neural Network (BPNN) were determined according to the number of input index and the output value. The number of hidden layer nodes was calculated according to the empirical formula and the trial and error method. Secondly, the connection weights and thresholds were randomly initialized, and the weights and thresholds were coded into cuckoo by using floating point coding. Finally, the weights and thresholds were optimized by using CS algorithm. The CSBPNN model for situation assessment was got and trained. The situation data was input into the CSBPNN model to obtain the situation value. The experimental results show that the iterative number of CSBPNN is reduced by 943 and 47 respectively, and the prediction accuracy is 8.06 percentage points and 3.89 percentage points higher than that of BPNN and Genetic Algorithm (GA) optimized BP neural network. The proposed algorithm has faster convergence speed and higher prediction accuracy.

The basic scoring index weight distribution of the Common Vulnerability Scoring System (CVSS) relies too much on expert experience, which leads to the lack of objectivity. In order to solve the problem, a vulnerability basic scoring index weight distribution method was proposed. Firstly, the relative importances of scoring elements were sorted. Then, the index weight combination optimal search method was used to search the weight combination scheme. Finally, combined with the grey relation analysis method, the multiple weight distribution schemes based on expert experience decision were used as the input to obtain the weight combination scheme. The experimental results show that, compared with CVSS, from the quantitative point of view, the proposed method has more gentle score distribution of scoring results than the CVSS, which effectively avoids the excessive extreme values, and the discretization of score distribution can effectively distinguish the severity of different vulnerabilities objectively and effectively. The comparative analysis from the qualitative point of view show that, while the vast majority of vulnerabilities (92.9%) in CVSS are designated as the high level of severity, the proposed method can achieve more balanced characteristic distribution in grade distribution of vulnerability severity.