<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article  PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article"><front><journal-meta><journal-id journal-id-type="publisher-id">JCC</journal-id><journal-title-group><journal-title>Journal of Computer and Communications</journal-title></journal-title-group><issn pub-type="epub">2327-5219</issn><publisher><publisher-name>Scientific Research Publishing</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.4236/jcc.2017.57016</article-id><article-id pub-id-type="publisher-id">JCC-76445</article-id><article-categories><subj-group subj-group-type="heading"><subject>Articles</subject></subj-group><subj-group subj-group-type="Discipline-v2"><subject>Computer Science&amp;Communications</subject></subj-group></article-categories><title-group><article-title>
 
 
  An Immunity-Based IOT Environment Security Situation Awareness Model
 
</article-title></title-group><contrib-group><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Yuanquan</surname><given-names>Shi</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Tao</surname><given-names>Li</given-names></name><xref ref-type="aff" rid="aff2"><sup>2</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Renfa</surname><given-names>Li</given-names></name><xref ref-type="aff" rid="aff3"><sup>3</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Xiaoning</surname><given-names>Peng</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Pengju</surname><given-names>Tang</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib></contrib-group><aff id="aff2"><addr-line>College of Computer Science, Sichuan University, Chengdu, China</addr-line></aff><aff id="aff1"><addr-line>College of Computer Science and Engineering, Huaihua University, Huaihua, China</addr-line></aff><aff id="aff3"><addr-line>College of Computer Science and Electronic Engineering, Hunan University, Changsha, China</addr-line></aff><author-notes><corresp id="cor1">* E-mail:<email>syuanquan@163.com(YS)</email>;</corresp></author-notes><pub-date pub-type="epub"><day>09</day><month>05</month><year>2017</year></pub-date><volume>05</volume><issue>07</issue><fpage>182</fpage><lpage>197</lpage><history><date date-type="received"><day>April</day>	<month>20,</month>	<year>2017</year></date><date date-type="rev-recd"><day>Accepted:</day>	<month>May</month>	<year>22,</year>	</date><date date-type="accepted"><day>May</day>	<month>25,</month>	<year>2017</year></date></history><permissions><copyright-statement>&#169; Copyright  2014 by authors and Scientific Research Publishing Inc. </copyright-statement><copyright-year>2014</copyright-year><license><license-p>This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/</license-p></license></permissions><abstract><p>
 
 
  To effectively perceive network security situation under IOT environment, an Immunity-based IOT Environment Security Situation Awareness (IIESSA) model is proposed. In IIESSA, some formal definitions for self, non-self, antigen and detector are given. According to the relationship between the antibody-concentration of memory detectors and the intensity of network attack activities, the security situation evaluation method under IOT environment based on artificial immune system is presented. And then according to the situation time series obtained by the mentioned evaluation method, the security situation prediction method based on grey prediction theory is presented for forecasting the intensity and security situation of network attack activities that the IOT environment will be suffered in next step. The experimental results show that IIESSA provides a novel and effective model for perceiving security situation of IOT environment.
 
</p></abstract><kwd-group><kwd>IOT Environment</kwd><kwd> Security Situation Awareness</kwd><kwd> Artificial Immune System</kwd><kwd> Grey Prediction</kwd></kwd-group></article-meta></front><body><sec id="s1"><title>1. Introduction</title><p>Internet of Things (IOT) is a heterogeneous network that consists of the conventional Internet and the edge networks, and it is connected by many different resource constrained devices/nodes using IP protocol [<xref ref-type="bibr" rid="scirp.76445-ref1">1</xref>] . As a part of the future Internet, IOT will comprise billions of “Things” possessing intelligent communication capability [<xref ref-type="bibr" rid="scirp.76445-ref2">2</xref>] . Generally, IOT is defined as a dynamic global network which possesses self-configuring capability based on standards and interoperable communication protocols, and all physical or virtual “things” of IOT hold specific identities that they can be integrated as an information network by using intelligent interfaces [<xref ref-type="bibr" rid="scirp.76445-ref3">3</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref4">4</xref>] . But the definition of IOT varies because of many advanced technologies involved into IOT [<xref ref-type="bibr" rid="scirp.76445-ref2">2</xref>] , such as wireless sensor networks, near field communication, low energy wireless communications, barcodes, intelligent sensing, radio frequency identification, and cloud computing etc. At pre- sent, IOT is very important in our society, and it has been widely used in industrial automation, environmental monitoring, healthcare monitoring, daily living monitoring, traffic congestion controlling, library services, smart cities and so forth [<xref ref-type="bibr" rid="scirp.76445-ref1">1</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref2">2</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref5">5</xref>] . The challenges of IOT, however, have been emerged. They mainly include IOT standardization, implementing technologies, innovation in IOT environment, security and privacy protection etc. For IOT, its every physical object, which can provide services for users, should be addressed and labelled, but the interconnections among things of IOT might bring many security problems, such as denial of service attacks, sybil attacks, data attacks, code attacks, local security of sensing nodes and so on [<xref ref-type="bibr" rid="scirp.76445-ref5">5</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref6">6</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref7">7</xref>] .</p><p>To solve security problems of IOT, many researchers have proposed different security schemes, which involve from security architecture of IOT to security mechanism, introduced for the faced real problems. The security and privacy requirements of IOT mainly include data confidentiality and authentication, access control, privacy and trust among users and things, the enforcement of security and privacy policies [<xref ref-type="bibr" rid="scirp.76445-ref2">2</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref6">6</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref7">7</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref8">8</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref9">9</xref>] . Sun and Wang [<xref ref-type="bibr" rid="scirp.76445-ref6">6</xref>] proposed the security hierarchy structure of IOT, which consists of the sensation layer, the network layer and the application layer. And meanwhile they analyzed different security problems and corresponding security requirements in different layers of IOT. According to the related studies in the architecture and security threats analysis of IOT, Li and Zhou [<xref ref-type="bibr" rid="scirp.76445-ref10">10</xref>] proposed the security architecture of IOT based on security architecture of information system, and the related security problems are analyzed in IOT, such as security services, security domains and network hierarchies etc. Abie [<xref ref-type="bibr" rid="scirp.76445-ref11">11</xref>] proposed adaptive evolving security model (AES) and adaptive trust management model (ATM) used for implementing the automation of message-oriented middleware (MOM), and the proposed models can learn, anticipate, evolve and adapt to the changed environment according to the changing threats. Habib et al. [<xref ref-type="bibr" rid="scirp.76445-ref12">12</xref>] classified adaptive security approaches according to the hierarchy architecture of IOT based on the ITU-T reference model and IOT dynamic environment. Yan et al. [<xref ref-type="bibr" rid="scirp.76445-ref13">13</xref>] proposed IOT system model based on trust management (TM), and emphasized that TM plays an important role in IOT to enhance user privacy and information security. Raza et al. [<xref ref-type="bibr" rid="scirp.76445-ref14">14</xref>] proposed a novel intrusion detection system (i.e. SVELTE) for IOT to detect routing attacks such as spoofed or altered information, sinkhole attacks, and selective-forwarding etc.</p><p>Known from the above-mentioned literatures, the research about security defense policies of IOT is still scarce, especially the security policies for IPv6 over low-power wireless personal area networks (6LoWPAN) that is to prevent many attacks from conventional Internet passed by the 6LoWPAN border router (6BR). Firewall provides an effective defense mechanism against network attacks by performing careful gatekeeping over the communication traffic that enter and exit the protected system [<xref ref-type="bibr" rid="scirp.76445-ref14">14</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref15">15</xref>] , that is to say, user may deploy security policies by running a gateway-level firewall to prevent hacker attacks from external network. Therefore, a firewall provides a clean interface to control bidirectional access to/from an individual application, an entire device, or a portion of a network [<xref ref-type="bibr" rid="scirp.76445-ref16">16</xref>] . The application of firewall has been used extensively to the conventional Internet, WSNs, and network based embedded systems [<xref ref-type="bibr" rid="scirp.76445-ref15">15</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref16">16</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref17">17</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref18">18</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref19">19</xref>] . In IOT, the resource constrained devices are usually connected to the unreliable and untrusted Internet via IPv6 and 6LoWPAN [<xref ref-type="bibr" rid="scirp.76445-ref14">14</xref>] , these devices will face wireless attacks from 6LoWPAN and conventional Internet, even though these devices are secured with encryption and authentication. Some security policies of the conventional Internet, such as Firewall and Intrusion Detection System (IDS), are unsuitable to protect resource constrained devices of IOT because these policies need higher storage space and time cost in devices/nodes of IOT. Therefore, the uncovering requirements and the developing Firewall/IDS under IOT environment are worth investigating. At present, the relevant technologies of firewall/IDS for IOT have been proposed by some researchers in the existed literatures in order to ensure the security of 6LoWPAN network [<xref ref-type="bibr" rid="scirp.76445-ref1">1</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref8">8</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref14">14</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref20">20</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref21">21</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref22">22</xref>] [<xref ref-type="bibr" rid="scirp.76445-ref23">23</xref>] .</p><p>The security problems under IOT environment are similar to the faced intrusion problems of biological immune system (BIS), and they need keep the systemic stability under a varying environment [<xref ref-type="bibr" rid="scirp.76445-ref24">24</xref>] . Artificial immune system (AIS) inspired by BIS is one of bionic intelligent systems, and is also another new frontier research in artificial intelligence fields after genetic algorithm (GA) and artificial neural network (ANN). AIS can not only distinguish and withstand non-self antigens, which are illegal intrusions, but also possess the evolving learning mechanism of Darwin’s evolution theory [<xref ref-type="bibr" rid="scirp.76445-ref25">25</xref>] - [<xref ref-type="bibr" rid="scirp.76445-ref32">32</xref>] . According to the dynamism of IOT environment and the illegal attacks from external and internal 6LoWPAN network, an immunity-based IOT environment security situation awareness model (IIESSA) is proposed to protect the security of resource constrained devices/nodes under IOT environment.</p></sec><sec id="s2"><title>2. The Proposed IIESSA Model</title><p>An Immunity-based IOT Environment Security Situation Awareness (IIESSA) model is shown in <xref ref-type="fig" rid="fig1">Figure 1</xref>. In IIESSA, the 6LoWPAN of IOT connects directly to the conventional Internet by 6LoWPAN router (6LBR). The 6LoWPAN is comprised of router (RT), security awareness center (SAC) and security sensor (SS), where SS represents all kinds of resource constrained devices (RCDs) based on Contiki that is the embedded operation system, and SSs communicate with other devices/nodes of IOT by 6LBR or RT. IIESSA adopts SAC and SS to monitor intelligently the security of 6LoWPAN environment. SS is viewed as an immunity-based security sensor under IOT environment, and its function modules mainly include extracting security elements, evaluating security situation and</p><fig id="fig1"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref></label><caption><title> An immunity-based IOT environment security situation awareness model</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/16-1730620x2.png"/></fig><p>predicting security situation, where the former two modules adopt artificial immune mechanism to detect network intrusions and evaluate network security situation according to arbitrary kind of network attacks that resource constrained devices faced, and the last modules is used for predicting the security situations of devices/nodes of IOT by grey prediction method. For SAC, it is viewed as security awareness center based on artificial immune mechanism, and the tasks of SAC mainly include intrusion detection, security situation evaluation, security situation prediction and security policy response. Inspired by immune vaccine mechanism, SAC and SS can distribute new feature strings (detectors), which are extracted from network attack activities, to other devices/ nodes of IOT by vaccine distribution mechanism so that the security of devices/nodes can be protected and enhanced timely. And meanwhile network attacks and results of network security situation that SSs faced will be sent to SAC so that SAC can manage timely 6LoWPAN environment security situation and execute corresponding security policy response.</p><p>To perceive effectively IOT environment security situation, the key problems that need be solved by IIESSA is how to evaluate and predict security situation which result from all kinds of network attack activities of 6LoWPAN under IOT environment. In this paper, IIESSA adopts artificial immune mechanism to evaluate quantitatively security situation of 6LoWPAN in SAC and SS, and use grey prediction method to predict security situation of 6LoWPAN. As a result, IIESSA can obtain effectively network attack activities from massive network information, and then can dynamic intelligent perceive and supervise IOT environment security situation.</p><sec id="s2_1"><title>2.1. Immunity-Based IOT Environment Security Situation Evaluation Method</title><p>Inspired by artificial immune system, this paper firstly presents the relevant concepts and formal definitions for self, non-self, antigen and detector to solve security situation evaluation problems under IOT environment. In IOT environment, all antigens are detected by the mature/memory detectors that have experienced self-tolerance, clonal selection and immune mutation. The more network attacks, the more detector clones. The antibody-concentration of memory detectors reflects quantitatively and real-timely the attack intensity and security situation that IOT faced.</p><p>Definition 1 Antigen set <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x3.png" xlink:type="simple"/></inline-formula> represents original IP packets under IOT environment, where antigenic determinant ad represents a l-bit binary feature string obtained by antigen-presenting of IP packet, it includes source/destination IP address, source/destination port number, protocol type, feature code and so on, shape-space <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x4.png" xlink:type="simple"/></inline-formula> represents all network activities, and l is a nature number (constant).</p><p>Definition 2 Self set <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x5.png" xlink:type="simple"/></inline-formula> represents all normal network activities, non-self set <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x6.png" xlink:type="simple"/></inline-formula> represents all illegal network activities, so that <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x7.png" xlink:type="simple"/></inline-formula> and<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x8.png" xlink:type="simple"/></inline-formula>.</p><p>Definition 3 Immune detector set <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x9.png" xlink:type="simple"/></inline-formula>, where ab represents antibody, p represents antibody-concentration, t represents tolerance value of immature detector, age represents the age of mature/memory detector, cnt repre- sents the number of antigen matched by antibody, R represents the set of real numbers, and N represents the set of nature numbers.</p><p>Definition 4 Memory detector set<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x10.png" xlink:type="simple"/></inline-formula>, mature detector set<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x11.png" xlink:type="simple"/></inline-formula>, immature detector set <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x12.png" xlink:type="simple"/></inline-formula>, where<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x13.png" xlink:type="simple"/></inline-formula>, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x14.png" xlink:type="simple"/></inline-formula>represents the tolerance threshold of immature detector, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x15.png" xlink:type="simple"/></inline-formula>and <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x16.png" xlink:type="simple"/></inline-formula> represents the lifecycle and activated threshold of mature detector respectively.</p><sec id="s2_1_1"><title>2.1.1. Detector Evolution</title><p>In the course of detector evolution, immature detectors can turn into mature detectors when immature detectors are successful during self-tolerance phase. When the matching times between a mature detector in its lifecycle and antigens are up to the activated threshold<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x17.png" xlink:type="simple"/></inline-formula>, the mature detector clones itself and then evolves into memory detector, and when antigens are identified by a memory detector, the detectors cloned from this mature detector will be merged to mature/immature detector set. To ensure effectively identify antigens and make the diversity of antibody of detector so as to may handle known or unknown network attacks, three immune operators are introduced during evolving detector, namely affinity evaluation, clonal selection and immune mutation.</p><p>1) Affinity evaluation In this section, Hamming distance based matching algorithm [<xref ref-type="bibr" rid="scirp.76445-ref24">24</xref>] is adopted used for calculating affinity between detector and detector/antigen. Take the self-tolerance of detector as an example, the immature detector’s tolerance is successful if immature detector never match all elements of Self at α, conversely, it’s dead. Suppose self<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x18.png" xlink:type="simple"/></inline-formula>, immature detector<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x19.png" xlink:type="simple"/></inline-formula>, Equation (1) represents how to identify immature detector id by s, where 1/0 represents whether id match with s or not, l<sub>d</sub> is the length of detector id, f<sub>affinity</sub> is used for calculating affinity between s and id, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x19.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x20.png" xlink:type="simple"/></inline-formula>represents the threshold of affinity. Equation (2) is used for executing self-tolerance of immature detector id, and Equation (3) is used for accumulating the times of self-tolerance for id when the result of Equation (2) returns 1, and if<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x19.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x20.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x21.png" xlink:type="simple"/></inline-formula>, immature detector id evolves into mature detector.</p><disp-formula id="scirp.76445-formula118"><label>(1)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x22.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula119"><label>(2)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x23.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula120"><label>(3)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x24.png"  xlink:type="simple"/></disp-formula><p>2) Clonal selection Clonal selection operator is used for executing cell clonal operation of the mature detectors and memory detectors. Equation (4) is used for cloning detectors, where <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x25.png" xlink:type="simple"/></inline-formula> is a clonal constant, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x25.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x26.png" xlink:type="simple"/></inline-formula>re- presents all mature detectors and memory detectors, n<sub>d</sub> represents the sum of detectors which possess similarity antibody with detector<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x25.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x26.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x27.png" xlink:type="simple"/></inline-formula>. For Equation (5), T<sub>cln</sub> and M<sub>cln</sub> represent the clonal selection sets of the mature detectors and that of the memory detectors, respectively. After running clonal selection in one generation, the cloned detectors are added to the mature detector set, and the same detectors <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x25.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x26.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x27.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x28.png" xlink:type="simple"/></inline-formula> existing in the clonal selection set T<sub>cln</sub> and M<sub>cln</sub> will be deleted.</p><disp-formula id="scirp.76445-formula121"><label>(4)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x29.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula122"><label>(5)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x30.png"  xlink:type="simple"/></disp-formula><p>3) Immune mutation The purpose of immune mutation operator is to improve the diversity of detectors by mutating the gene of antibody of the corresponding detectors in order to enhance the identifying ability for antigens. Taking <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x31.png" xlink:type="simple"/></inline-formula> bits from detector <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x31.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x32.png" xlink:type="simple"/></inline-formula> matched by antigen<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x31.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x32.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x33.png" xlink:type="simple"/></inline-formula>, and these bits are instead randomly by 1/0, where l<sub>d</sub> represents the length of d. The mutated detector is regarded as immature detector that is renewed tolerance by self set.</p></sec><sec id="s2_1_2"><title>2.1.2. Antigen Surveillance</title><p>During antigen surveillance, all antigens are detected by the mature and memory detectors. Firstly, the memory detector surveils antigens, antigens will be deleted from antigen set A<sub>g</sub> if non-self antigens identified by this detector are successful, reversely, and this detector is deleted from memory detector set M<sub>d</sub> if self antigen identified by this detector is successful. Secondly, the mature detector surveils antigen, the antigen will be deleted from antigen set A<sub>g</sub> if non-self antigen identified by this detector is successful, and this detector will be turned into memory detector if the accumulating times of mature detector matching antigens are up to the activated threshold <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x34.png" xlink:type="simple"/></inline-formula> in its lifecycle<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x34.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x35.png" xlink:type="simple"/></inline-formula>. Reversely, the mature detector is deleted from mature detector set T<sub>d</sub> if antibody identified by self antigen is successful or mature detector is not activated in its lifecycle. Lastly, to sustain the dynamic update of self set Self, the remainders of antigens are merged into Self, and then immature detector in I<sub>d</sub> is matched by Self in order to keep detectors evolution dynamically.</p><p>Definition 5 Suppose <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x36.png" xlink:type="simple"/></inline-formula> (&gt;0, constant) is the initial value of antibody-con- centration of memory detector, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x36.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x37.png" xlink:type="simple"/></inline-formula>(&gt;0, constant) simulates the award factor of antibody of memory detector, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x36.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x37.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x38.png" xlink:type="simple"/></inline-formula>(&gt;0, constant) is the maintaining period of antibody-concentration of memory detector.</p><p>For mature detector, if its matching time is up to the activated threshold<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x39.png" xlink:type="simple"/></inline-formula>, it is stimulated and cloned via Equation (4), and then merged into the memory detector set via Equation (6). Suppose t represents the order number of detector which can match antigen, memory detector will be cloned via Equation (7) when memory detector can successful match antigen, and meanwhile the antibody-concentration of memory detector will be increased via Equation (7). If memory detector isn’t cloned again in the maintaining period<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x39.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x40.png" xlink:type="simple"/></inline-formula>, the antibody-concentration of memory detector will be decreased to zero via Equation (8), and it shows that the corresponding kind of antigen has been eliminated in IOT environment.</p><disp-formula id="scirp.76445-formula123"><label>(6)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x41.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula124"><label>(7)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x42.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula125"><label>(8)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x43.png"  xlink:type="simple"/></disp-formula></sec><sec id="s2_1_3"><title>2.1.3. Situation Evaluation</title><p>For evaluating quantitatively network security situation under IOT environment, the fatalness that IOT and its resource constrained devices undergo all kinds of attacks must be considered. To effectively classify for the illegal network attacks, the consanguinity method [<xref ref-type="bibr" rid="scirp.76445-ref33">33</xref>] is adopted used for classifying detectors in this paper. The significance for different resource constrained devices and different services must be considered under IOT environment. Let <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x44.png" xlink:type="simple"/></inline-formula> denotes the security situation that IOT and its resource constrained devices faced at time t, where St(t) = 1 indicates extreme danger for the current system, St(t) = 0 indicates no danger. Consequently, St(t) exactly reflects the variety of network security attacks that the current system has faced. Let <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x44.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x45.png" xlink:type="simple"/></inline-formula> denotes the fatalness coefficient of the jth kind of the attack Att<sub>j</sub>, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x44.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x45.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x46.png" xlink:type="simple"/></inline-formula>denotes the weightiness coefficient of the corresponding service, and <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x44.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x45.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x46.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x47.png" xlink:type="simple"/></inline-formula> represents the weightiness coefficient of the ith device/node.</p><p>For the ith device/node, Equation (9) is applied to calculate the index value of security situation of the jth kind of attack Att<sub>j</sub> at time t, Equation (10) is used for calculating the index value of security situation of all kinds of attacks in the ith device/node.</p><disp-formula id="scirp.76445-formula126"><label>(9)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x48.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula127"><label>(10)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x49.png"  xlink:type="simple"/></disp-formula><p>Under IOT environment, Equation (11) is applied to calculate the index value of security situation of the jth kind of attack Att<sub>j</sub> at time t, Equation (12) is applied to calculate the index value of the all kinds of attacks.</p><disp-formula id="scirp.76445-formula128"><label>(11)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x50.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula129"><label>(12)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x51.png"  xlink:type="simple"/></disp-formula></sec></sec><sec id="s2_2"><title>2.2. IOT Environment Security Situation Prediction Method</title><p>The variation of security situation under IOT environment is affected by many existed uncertain factors, so the prediction results of network security situation actually possess uncertainty. The grey prediction theory is the most key part of grey theory because of its merits in the short period, such as a few data samples, facility operation, and high prediction precision [<xref ref-type="bibr" rid="scirp.76445-ref28">28</xref>] . At present, the grey prediction theory is usually applied to predict in industry, agriculture, military affairs and science technology etc. The grey prediction theory is adopted to predict the time series of security situation obtained by the evaluation method of network security situation based on immune mechanism. GM(1,1) model can predict precisely for the data sequence that possesses the characteristics of exponential curve, but it doesn’t effective for the random data sequence [<xref ref-type="bibr" rid="scirp.76445-ref34">34</xref>] . Therefore, the weaken operator D [<xref ref-type="bibr" rid="scirp.76445-ref35">35</xref>] is introduced to be used for decreasing the random- city of the original data sequence in order to improve the prediction precision of GM(1,1) model in this paper.</p><p>Definition 6 Suppose the original data sequence of network security situation under IOT environment<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula>, if<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula>, then<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x54.png" xlink:type="simple"/></inline-formula>, and if<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x54.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x55.png" xlink:type="simple"/></inline-formula>, then <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x54.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x55.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x56.png" xlink:type="simple"/></inline-formula>, where<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x54.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x55.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x56.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x57.png" xlink:type="simple"/></inline-formula>, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x54.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x55.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x56.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x57.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x58.png" xlink:type="simple"/></inline-formula>, so <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x52.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x53.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x54.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x55.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x56.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x57.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x58.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x59.png" xlink:type="simple"/></inline-formula> is regarded as a weaken operator.</p><p>The 1-AGO sequence <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula> is generated by <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula> and D, where<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula>. The neighbor datum mean generation sequence of <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x63.png" xlink:type="simple"/></inline-formula> is<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x63.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x64.png" xlink:type="simple"/></inline-formula>, where <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x63.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x64.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x65.png" xlink:type="simple"/></inline-formula>, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x63.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x64.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x65.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x66.png" xlink:type="simple"/></inline-formula>,<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x63.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x64.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x65.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x66.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x67.png" xlink:type="simple"/></inline-formula>. Equation (13) re- presents the whitenization equation of GM(1,1) model, where a is the development coefficient, its size and sign reflect the development situation of<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x60.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x61.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x62.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x63.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x64.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x65.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x66.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x67.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x68.png" xlink:type="simple"/></inline-formula>, while b is the input of the system and its value denotes some kinds of grey information.</p><disp-formula id="scirp.76445-formula130"><label>(13)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x69.png"  xlink:type="simple"/></disp-formula><p>The coefficients, a and b, can be calculated by the equation <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x70.png" xlink:type="simple"/></inline-formula>, where Y is listed in Equation (14).</p><disp-formula id="scirp.76445-formula131"><label>(14)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x71.png"  xlink:type="simple"/></disp-formula><p>Consequently, the simulation values of <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x72.png" xlink:type="simple"/></inline-formula> and <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x72.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x73.png" xlink:type="simple"/></inline-formula> can be obtained by Equation (15) and Equation (16) respectively, where<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x72.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x73.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x74.png" xlink:type="simple"/></inline-formula>.</p><disp-formula id="scirp.76445-formula132"><label>(15)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x75.png"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.76445-formula133"><label>(16)</label><graphic position="anchor" xlink:href="http://html.scirp.org/file/16-1730620x76.png"  xlink:type="simple"/></disp-formula><p>Known from <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x77.png" xlink:type="simple"/></inline-formula> and D, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x77.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x78.png" xlink:type="simple"/></inline-formula>is regarded as an uncertain data if<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x77.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x78.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x79.png" xlink:type="simple"/></inline-formula>. Therefore, some simple fitting methods, such as the residual error identification and the linear regression, may be introduced to be used for calculating <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x77.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x78.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x79.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x80.png" xlink:type="simple"/></inline-formula> by fitting D in GM(1,1) model.</p></sec></sec><sec id="s3"><title>3. Simulation Experiment</title><p>To demonstrate the effectiveness of the proposed methods, which are network security situation evaluation method and network security situation prediction method, in this paper, we consider evaluating and predicting network security situations that IOT environment is suffering respectively a specific attack and overall attacks. The experimental platform is mainly related to network simulator Cooja based on Contiki, PCs, Laptops and resource constrained devices (i.e. TI MSP430x/wismote, Atmel AVR/micaz). The simulating experimental attacks mainly include some typical network attacks, such as Spoof, Sinkhole and Sybil etc. And the provided network services under IOT environment mainly relate to WWW, FTP and E-mail. For the length of antigen and antibody, a 288-bit binary string is considered that it consists of source/destination IP address, source/ destination port, protocol type and so on.</p><sec id="s3_1"><title>3.1. Experimental Parameter Settings</title><p>According to the proposed methods, the experimental parameter settings mainly include two aspects, namely the immune identifying parameters and the situation evaluation parameters. In the immunity-based IOT environment security situation evaluation method, its immune identifying parameters firstly are listed in <xref ref-type="table" rid="table1">Table 1</xref>. <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula>is used for identifying illegal network activities by calculating the affinity between antibody and antigens. To obtain the higher detection rate (TP, True Positive) and lower false alarm rate (FP, False Positive) from security situation evaluation method.<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x82.png" xlink:type="simple"/></inline-formula>, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x82.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x83.png" xlink:type="simple"/></inline-formula>and <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x82.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x83.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x84.png" xlink:type="simple"/></inline-formula> are three key parameters that immature detectors are evolved as memory detectors. For memory detectors, the values for parameters<inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x82.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x83.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x84.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x85.png" xlink:type="simple"/></inline-formula>, <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x82.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x83.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x84.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x85.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x86.png" xlink:type="simple"/></inline-formula>and <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x81.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x82.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x83.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x84.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x85.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x86.png" xlink:type="simple"/></inline-formula><inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x87.png" xlink:type="simple"/></inline-formula> [<xref ref-type="bibr" rid="scirp.76445-ref28">28</xref>] are used for maintaining and calculating the antibody-concentration of memory detectors in order to reflect real- timely network security situation under IOT environment.</p><p>For the situation evaluation parameters, according to the significance for the resource constrained devices/nodes and the provided services, and the fatalness of specific network attacks under IOT environment, the weightiness coefficients of network services WWW, FTP and E-mail (Identified by protocol port number) are set to 0.8, 0.7 and 0.8, respectively. The biggest value selected from among the importance of all services of a resource constrained device/node is viewed as the weightiness coefficient of the corresponding device/node. The fatalness coefficients of network attacks, which Spoof, Sinkhole and Sybil, are set to 0.8, 0.9 and 0.7, respectively.</p></sec><sec id="s3_2"><title>3.2. Experimental Results</title><p>In simulating experiments, we obtained three actual network attack intensities that IOT environment suffered in 120 seconds in <xref ref-type="fig" rid="fig2">Figure 2</xref>, namely Spoof attack intensity for WWW service of device/node, Sinkhole attack intensity for FTP service of device/node, and the overall attack intensity that IOT environment suffered. Take WWW service as an example, the values of actual network attack intensity in <xref ref-type="fig" rid="fig2">Figure 2</xref>(a) indicate that the WWW service of device/node is suffering the total amount of network attack packets per second, and the attack frequency at each second that WWW service suffered is from 9000 packets to 33,900 packets. To evaluate and predict network security situation of different network attack intensities given by <xref ref-type="fig" rid="fig2">Figure 2</xref>, <xref ref-type="fig" rid="fig3">Figure 3</xref> shows the curves of attack intensity, situation evaluation and situation prediction for Spoof attacks that WWW service of device/node suffered, respectively. <xref ref-type="fig" rid="fig4">Figure 4</xref> shows the curves of attack intensity, situation evaluation and situation prediction for Sinkhole attacks that FTP service of device/node suffered. For the overall attacks that</p><table-wrap id="table1" ><label><xref ref-type="table" rid="table1">Table 1</xref></label><caption><title> The immune identifying parameters of security situation evaluation</title></caption><table><tbody><thead><tr><th align="center" valign="middle" >Parameter</th><th align="center" valign="middle" >Value</th></tr></thead><tr><td align="center" valign="middle" >Affinity threshold <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x88.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >0.9</td></tr><tr><td align="center" valign="middle" >Tolerance period of immature detector <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x89.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >1</td></tr><tr><td align="center" valign="middle" >Activated threshold of mature detector <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x90.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >10</td></tr><tr><td align="center" valign="middle" >Lifecycle of mature detector <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x91.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >90</td></tr><tr><td align="center" valign="middle" >Maintaining period of antibody-concentration <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x92.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >1</td></tr><tr><td align="center" valign="middle" >Initial value of antibody-concentration <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x93.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >0.0010</td></tr><tr><td align="center" valign="middle" >Award factor of antibody <inline-formula><inline-graphic xlink:href="http://html.scirp.org/file/16-1730620x94.png" xlink:type="simple"/></inline-formula></td><td align="center" valign="middle" >0.9998</td></tr></tbody></table></table-wrap><fig id="fig2"  position="float"><label><xref ref-type="fig" rid="fig2">Figure 2</xref></label><caption><title> (a) Spoof attack intensity for the WWW service of device/node, (b) Sinkhole attack intensity for the FTP service of device/node, (c) Overall attack intensity that the IOT suffered</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/16-1730620x95.png"/></fig><fig id="fig3"  position="float"><label><xref ref-type="fig" rid="fig3">Figure 3</xref></label><caption><title> Security situation curves for Spoof attacks that WWW service of device/node suffered</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/16-1730620x96.png"/></fig><p>IOT environment suffered, the curves of the corresponding attack intensity, situation evaluation and situation prediction are given in <xref ref-type="fig" rid="fig5">Figure 5</xref>.</p><fig id="fig4"  position="float"><label><xref ref-type="fig" rid="fig4">Figure 4</xref></label><caption><title> Security situation curves for Sinkhole attacks that FTP service of device/node suffered</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/16-1730620x97.png"/></fig><fig id="fig5"  position="float"><label><xref ref-type="fig" rid="fig5">Figure 5</xref></label><caption><title> Security situation curves for the overall attacks that IOT environment suffered</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/16-1730620x98.png"/></fig><p>Known from Figures 3-5, the evaluation results of network security situation can be calculated reasonably by the proposed immune-based network security situation evaluation method. When network attack intensity increases, antibody-concentration of memory detector increases correspondingly, conversely, it decreases. That is to say, the situation evaluation curves are accordant with the corresponding attack intensity curves. Therefore, the evaluation results of network security situation can reflect real-timely the situation changes of network attacks under IOT environment, and meanwhile the proposed method can keep the higher alert level when the same attacks happened again according to the antibody-concentration phenomenon of BIS.</p><p>In the process of situation prediction, the sliding window mechanism and the grey prediction method are adopted. For the original data sequence that is used for predicting network security situation, it is obtained in turn by using the proposed situation evaluation method in terms of equal interval time (sec.). When we need to predict the element value of original data sequence at time T + 1, we firstly take N(=10) data of this data sequence before time T + 1. The situation prediction curves in Figures 3-5 show that the grey prediction method can predict precisely network security situation of IOT. However, the evaluation curve of network security situation isn’t regular because of the randomicity of network attacks. In other words, the precision of security situation prediction in Figures 3-5 will be more affected when the taken N situation values possess more randomicity. To ensure the precision of the prediction results, the grey prediction method need to check the errors between the evaluation results and the prediction results of network security situation. The residual series of grey prediction theory can be adopted to improve the prediction results that haven’t met the precision requirements, and the general strategy of error detection is the relative error detection [<xref ref-type="bibr" rid="scirp.76445-ref34">34</xref>] .</p><p>The experimental results show that IIESSA can evaluate and predict network security situation for both the specific attack and the overall attacks that IOT and its resource constrained devices/nodes suffered. Simultaneously, the evaluation and prediction results of network security situation can reflect really network attack activities under IOT environment.</p></sec></sec><sec id="s4"><title>4. Conclusions</title><p>Inspired by BIS, an immunity-based IOT environment security situation awareness model (IIESSA) is proposed in this paper. The merit of IIESSA is that many network security problems can be mapped to the corresponding biological immune problems, and its corresponding immune mechanisms are adopted to solve security problems of IOT environment. Compared with conventional models, IIESSA possesses many advantages, such as self-learning, robust, adaptability and real-time etc. Security situation evaluation method in IIESSA can surveil dynamically network security activities of IOT by using immune mechanism so that network security administrator can perceive timely current network security situation. And meanwhile security situation prediction method in IIESSA is used for estimating and handling the specific network attacks that IOT will be suffered in the next step. Therefore, IIESSA is helpful for network security administrators to judge and handle network anomaly activities in order to improve the security of IOT environment. Although the proposed model has got some very impressive results, it is still under development. We will further improve this model to calculate exactly the results of evaluation and prediction of network security situation in future work.</p></sec><sec id="s5"><title>Acknowledgements</title><p>This work was supported by the National Natural Science Foundation of China under Grant Nos. 61173159, 61572334, 61173036, China Postdoctoral Science Foundation under Grant No. 2014M562102, Hunan Provincial Natural Science Foundation of China under Grant Nos. 2015JJ2112, the Scientific Research Fund of Hunan Provincial Education Department of China under Grant No. 12B099, the Scientific Research Foundation of Huaihua University under Grant No. HHUY2015-08.</p></sec><sec id="s6"><title>Cite this paper</title><p>Shi, Y.Q., Li, T., Li, R.F., Peng, X.N. and Tang, P.J. (2017) An Immunity-Based IOT Environment Security Situation Awareness Model. Journal of Computer and Communications, 5, 182- 197. https://doi.org/10.4236/jcc.2017.57016</p></sec></body><back><ref-list><title>References</title><ref id="scirp.76445-ref1"><label>1</label><mixed-citation publication-type="other" xlink:type="simple">Wallgren, L., Raza, S. and Voigt, T. (2013) Routing Attacks and Countermeasures in the RPL-Based Internet of Things. International Journal of Distributed Sensor Networks, 1-11. https://doi.org/10.1155/2013/794326</mixed-citation></ref><ref id="scirp.76445-ref2"><label>2</label><mixed-citation publication-type="other" xlink:type="simple">Li, S.C., Xu, L.D. and Zhao, S.S. (2015) The Internet of Things: A Survey. Information Systems Frontiers, 17, 243-259.</mixed-citation></ref><ref id="scirp.76445-ref3"><label>3</label><mixed-citation publication-type="other" xlink:type="simple">IERC (2013) Coordinating and Building a Broadly Based Consensus on the Ways to Realize the Internet of Things in Europe.  
www.internet-of-things-research.eu/pdf/Poster_IERC_A0_V01.pdf</mixed-citation></ref><ref id="scirp.76445-ref4"><label>4</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Kirtsis</surname><given-names> D. </given-names></name>,<etal>et al</etal>. (<year>2011</year>)<article-title>Closed-Loop PLM for Intelligent Products in the Era of the Internet of Things</article-title><source> Computer-Aided Design</source><volume> 43</volume>,<fpage> 479</fpage>-<lpage>501</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.76445-ref5"><label>5</label><mixed-citation publication-type="other" xlink:type="simple">Bi, Z.M., Xu, L.D. and Wang, C.G. (2014) Internet of Things for Enterprise Systems of Modern Manufacturing. IEEE Transactions on Industrial Informatics, 10, 1537-1546.</mixed-citation></ref><ref id="scirp.76445-ref6"><label>6</label><mixed-citation publication-type="book" xlink:type="simple">Sun, X.Y. and Wang, C.G. (2011) The Research of Security Technology in the Internet of Things. In: Jin, D. and Lin, S., Eds., Advances in Computer Science, Intelligent System and Environment, Vol. 105, Springer, Berlin, Heidelberg, 113-119.  
https://doi.org/10.1007/978-3-642-23756-0_19</mixed-citation></ref><ref id="scirp.76445-ref7"><label>7</label><mixed-citation publication-type="other" xlink:type="simple">Whitmore, A., Agarwal, A. and Xu, L.D. (2015) The Internet of Things—A Survey of Topics and Trends. Information Systems Frontiers, 17, 261-274.</mixed-citation></ref><ref id="scirp.76445-ref8"><label>8</label><mixed-citation publication-type="other" xlink:type="simple">Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A. (2015) Security, Privacy and Trust in Internet of Things: The Road Ahead. Computer Networks, 76, 146-164.</mixed-citation></ref><ref id="scirp.76445-ref9"><label>9</label><mixed-citation publication-type="other" xlink:type="simple">Javanmardi, S., Shojafar, M., Shariatmadari, S. and Ahrabi, S.S. (2014) FR Trust: A Fuzzy Reputation-Based Model for Trust Management in Semantic P2P Grids. International Journal of Grid and Utility Computing, 6, 57-66.  
https://doi.org/10.1504/IJGUC.2015.066397</mixed-citation></ref><ref id="scirp.76445-ref10"><label>10</label><mixed-citation publication-type="book" xlink:type="simple">Li, H. and Zhou, X. (2011) Study on Security Architecture for Internet of Things. In: Zeng, D., Eds., Applied Informatics and Communication. ICAIC 2011. Communications in Computer and Information Science, Vol. 224, Springer, Berlin, Heidelberg, 404-411. https://doi.org/10.1007/978-3-642-23214-5_53</mixed-citation></ref><ref id="scirp.76445-ref11"><label>11</label><mixed-citation publication-type="other" xlink:type="simple">Abie, H. (2009) Adaptive Security and Trust Management for Autonomic Message-Oriented Middleware. Proceedings of IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, Macau, 12-15 October 2009, 810-817.</mixed-citation></ref><ref id="scirp.76445-ref12"><label>12</label><mixed-citation publication-type="other" xlink:type="simple">Habib, K. and Leister, W. (2013) Adaptive Security for the Internet of Things Reference Model. Proceedings of Norwegian Information Security Conference, NISK, Stavanger, 13-24.</mixed-citation></ref><ref id="scirp.76445-ref13"><label>13</label><mixed-citation publication-type="other" xlink:type="simple">Yan, Z., Zhang, P. and Vasilakos, A.V. (2014) A Survey on Trust Management for Internet of Things. Journal of Network and Computer Applications, 42, 120-134.</mixed-citation></ref><ref id="scirp.76445-ref14"><label>14</label><mixed-citation publication-type="other" xlink:type="simple">Raza, S., Wallgren, L. and Voigt, T. (2013) SVELTE: Real-Time Intrusion Detection in the Internet of Things. Ad Hoc Networks, 11, 2661-2674.</mixed-citation></ref><ref id="scirp.76445-ref15"><label>15</label><mixed-citation publication-type="book" xlink:type="simple">Hossain, M.S. and Raghunathan, V. (2010) AEGIS: A Lightweight Firewall for Wireless Sensor Networks. In: Rajaraman, R., Moscibroda, T., Dunkels, A. and Scaglione, A., Eds., Distributed Computing in Sensor Systems. DCOSS 2010. Lecture Notes in Computer Science, Vol. 6131, Springer, Berlin, Heidelberg, 258-272.  
https://doi.org/10.1007/978-3-642-13651-1_19</mixed-citation></ref><ref id="scirp.76445-ref16"><label>16</label><mixed-citation publication-type="other" xlink:type="simple">Macfarlane, R., Buchanan, W., Ekonomou, E., Uthmani, O., Fan, L. and Lo, O. (2012) Formal Security Policy Implementations in Network Firewalls. Computers &amp; Security, 31, 253-270.</mixed-citation></ref><ref id="scirp.76445-ref17"><label>17</label><mixed-citation publication-type="other" xlink:type="simple">Hu, H.X., Ahn, G.J. and Kulkarni, K. (2012) Detecting and Resolving Firewall Policy Anomalies. IEEE Transactions on Dependable and Secure Computing, 9, 318-331. https://doi.org/10.1109/TDSC.2012.20</mixed-citation></ref><ref id="scirp.76445-ref18"><label>18</label><mixed-citation publication-type="other" xlink:type="simple">Wilhelm, M., Martinovic, I., Schmitt, J.B. and Lenders, V. (2013) Air Dominance in Sensor Networks: Guarding Sensor Motes Using Selective Interference. 1-16. arXiv preprint arXiv:1305. 4038</mixed-citation></ref><ref id="scirp.76445-ref19"><label>19</label><mixed-citation publication-type="other" xlink:type="simple">Xiao, Q., Qin, Y. C., Xu, C. and Li, K.L. (2013) Lightweight Detecting and Resolving Algorithm for Firewall Policy Conflict. Proceedings of the 5th International Conference on Ubiquitous and Future Networks, Da Nang, 2-5 July 2013, 234-239.</mixed-citation></ref><ref id="scirp.76445-ref20"><label>20</label><mixed-citation publication-type="other" xlink:type="simple">Kubler, S., Framling, K. and Buda, A. (2014) A Standardized Approach to Deal with Firewall and Mobility Policies in the IoT. Pervasive and Mobile Computing, 20, 100-114.</mixed-citation></ref><ref id="scirp.76445-ref21"><label>21</label><mixed-citation publication-type="other" xlink:type="simple">Wang, L.H., Teng, H.K. and Yu, G.H. (2014) Sensors Access Scheme Design Based on Internet of Things Gateways. Proceedings of the 5th International Conference on Intelligent Systems Design and Engineering Application, Hunan, 15-16 June 2014, 901-904.</mixed-citation></ref><ref id="scirp.76445-ref22"><label>22</label><mixed-citation publication-type="other" xlink:type="simple">Zhu, Q., Wang, R.C., Chen, Q., Liu, Y. and Qin, W.J. (2010) IoT Gateway: Bridging Wireless Sensor Networks into Internet of Things. Proceedings of IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing, Hong Kong, 11-13 December 2010, 347-352.</mixed-citation></ref><ref id="scirp.76445-ref23"><label>23</label><mixed-citation publication-type="other" xlink:type="simple">Schrickte, L.F., Montez, C., De Oliveira, R. and Pinto, A.R. (2013) Integration of Wireless Sensor Networks to the Internet of Things Using a 6LoWPAN Gateway. Proceedings of the 3rd Brazilian Symposium on Computing Systems Engineering, Niteroi, 4-8 December 2013, 119-124. https://doi.org/10.1109/sbesc.2013.37</mixed-citation></ref><ref id="scirp.76445-ref24"><label>24</label><mixed-citation publication-type="other" xlink:type="simple">Forrest, S., Perelson, A.S., Allen, L. and Cherukuri, R. (1004) Self-Nonself Discrimination in a Computer. Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, 16-18 May 1994, 202-202.</mixed-citation></ref><ref id="scirp.76445-ref25"><label>25</label><mixed-citation publication-type="other" xlink:type="simple">Timmis, J., Hone, A., Stibor, T. and Clark, E. (2008) Theoretical Advances in Artificial Immune Systems. Theoretical Computer Science, 403, 11-32.</mixed-citation></ref><ref id="scirp.76445-ref26"><label>26</label><mixed-citation publication-type="other" xlink:type="simple">Shi, Y.Q., Li, R.F., Peng, X.N. and Yue, G.X. (2016) Network Security Situation Prediction Approach Based on Clonal Selection and SCGM(1, 1)c Model. Journal of Internet Technology, 17, 421-429.</mixed-citation></ref><ref id="scirp.76445-ref27"><label>27</label><mixed-citation publication-type="other" xlink:type="simple">Shi, Y.Q., Li, R.F., Zhang, Y. and Peng, X.N. (2015) An Immunity-Based Time Series Prediction Approach and Its Application for Network Security Situation. Intelligent Service Robotics, 8, 1-22. https://doi.org/10.1007/s11370-014-0160-z</mixed-citation></ref><ref id="scirp.76445-ref28"><label>28</label><mixed-citation publication-type="other" xlink:type="simple">Shi, Y.Q., Li, T., Chen, W. and Zhang, R.R. (2009) A Quantitative Model for Network Security Situation Awareness Based on Immunity And Grey Theory. Proceedings of the 2009 ISECS International Colloquium on Computing, Communication, Control, and Management, Sanya, 8-9 August 2009, 14-18.  
https://doi.org/10.1109/CCCM.2009.5267847</mixed-citation></ref><ref id="scirp.76445-ref29"><label>29</label><mixed-citation publication-type="other" xlink:type="simple">Shamshirband, S., Anuar, N.B., Laiha, M., Kiah, M., Rohani, V.A., Petkovic, D., Misra, S. and Khan, A.N. (2014) Co-FAIS: Cooperative Fuzzy Artificial Immune System for Detecting Intrusion in Wireless Sensor Networks. Journal of Network and Computer Applications, 42, 102-117.</mixed-citation></ref><ref id="scirp.76445-ref30"><label>30</label><mixed-citation publication-type="other" xlink:type="simple">Mostafaei, H. and Shojafar, M. (2015) A New Meta-Heuristic Algorithm for Maximizing Lifetime of Wireless Sensor Networks. Wireless Personal Communications, 82, 723-742. https://doi.org/10.1007/s11277-014-2249-2</mixed-citation></ref><ref id="scirp.76445-ref31"><label>31</label><mixed-citation publication-type="other" xlink:type="simple">Naranjo, P.G.V., Shojafar, M., Mostafaei, H., Pooranian, Z. and Baccarelli, E. (2017) P-SEP: A Prolong Stable Election Routing Algorithm for Energy-Limited Heterogeneous Fog-Supported Wireless Sensor Networks. The Journal of Supercomputing, 73, 733-755.</mixed-citation></ref><ref id="scirp.76445-ref32"><label>32</label><mixed-citation publication-type="other" xlink:type="simple">Saybani, M.R., Shamshirband, S., Hormozi, S.G., Wah, T.Y., Aghabozorgi, S., Pourhoseingholi, M.A. and Olariu, T. (2015) Diagnosing Tuberculosis with a Novel Support Vector Machine-Based Artificial Immune Recognition System. Iranian Red Crescent Medical Journal, 17, e24557.  
https://doi.org/10.5812/ircmj.17(4)2015.24557</mixed-citation></ref><ref id="scirp.76445-ref33"><label>33</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Li</surname><given-names> T. </given-names></name>,<etal>et al</etal>. (<year>2005</year>)<article-title>An Immunity Based Network Security Risk Estimation. Science in China Series F</article-title><source> Information Sciences</source><volume> 48</volume>,<fpage> 557</fpage>-<lpage>578</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.76445-ref34"><label>34</label><mixed-citation publication-type="other" xlink:type="simple">Deng, J.L. (2002) Grey System Theory. Publishing House of Huazhong University of Science and Technology, Wuhan.</mixed-citation></ref><ref id="scirp.76445-ref35"><label>35</label><mixed-citation publication-type="other" xlink:type="simple">Wei, B.G., Zhang, W.Z. and Guo, Z.S. (2000) Method of BX Data Producing for Grey Forecast and Its Application for Environmental Forecast. Journal of Qiqihar University, 16, 59-61.</mixed-citation></ref></ref-list></back></article>