Abstract
With the rapid development of the Internet of Things (IoT), the physical system and the network space are further deeply integrated, forming a larger-scale IoT heterogeneous fusion system. The attack mode considered in the security mechanism research of traditional large-scale complex systems is relatively simple; only simple attack types such as random attacks on physical systems or network systems are considered. In addition, existing attack modalities such as selectivity, locality, and distribution cannot fully consider the characteristics of security threats in the IoT system. In this paper, for large-scale heterogeneous IoT system scenarios, attackers can attack network systems or physical systems through cyberspace. We conduct situational awareness analysis on important traffic nodes or backbone nodes and study the cascading failures of two interdependent heterogeneous space systems. In view of the existence of such targeted attack threats in large-scale IoT heterogeneous systems, we focus on security assessment and risk prediction issues. First, this paper analyzes and models different IoT heterogeneous systems. Then using the penetration theory, we analyze the cascading failure process step by step and obtain the critical threshold for system collapse failure. Finally, we further verify the correctness of the theoretical values through simulation to effectively analyze and illustrate the reliability of the parameters affecting the system risk. The experimental results show that the large-scale IoT heterogeneous system presents a first-order discontinuous transition value near the critical threshold and the power-law index of the SF network has little effect on the system security.
1. Introduction
Internet of Things (IoT) system is the result of the integration of global Internet systems with advanced computing, analysis, sensing technology, and Internet connection [1–6]. The Internet of Things provides diversified service applications in smart cities, smart grids, and smart transportation [7]. Its development direction is not only to realize the informatization and intelligence of the manufacturing industry like “Industry 4.0” but also to realize the overall digital transformation of various industries [1, 8–11]. The intelligent infrastructure in the Internet of Things provides specific monitoring and control services [12]. It has had an impact on the processing of information, including the design and manufacture of some computer equipment. Internet of Things is not only a technology but also a method of guiding the development of the Internet and 5 g in the future. This new way of thinking can give us the opportunity to understand the physical and online world from different angles [13–16]. With the deep integration of digital and traditional infrastructure, the Internet of Things takes cyberphysical systems (CPS) as the critical technology [8]. CPS provides perception, dynamic control, and information services for modern systems through computing, communication, and control [17–19]. It is widely used in smart grid, transportation, medical, and other industries [20, 21]. CPS emphasizes that the physical device cluster in distributed application system is inseparable from communication. The interaction between the physical world and the digital world is inseparable from the CPS architecture. Internet of Things system composed of CPS architecture usually consists of two interdependent networks, namely, physical resource and computational resource network [19]. IoT system and CPS architecture can connect network devices from different information and communication systems, and their rapid development has also brought a lot of new potential problems [22–25]. Because cyberphysical systems and the Internet of Things are closely related to physical substances, security is very important for them [2]. In reality, networks with similar functions are often coupled together to build an interdependent structure to obtain better robustness and lower risk. For example, power grids in different regions may be coupled together, or similar financial institutions may be related to lower systemic risk. This highly coupled characteristic brings many risks and challenges, such as cascading failure [26–28]. Attackers destroy cyberspace by attacking physical space [29]. The failure of the physical network triggers other nodes’ failure dependent on the information network, which in turn affects the nodes of the physical network [30]. This cascading failure phenomenon will bring great harm to IoT systems [31]. Therefore, analyzing and evaluating the risk and reliability of this system is very necessary. We model this type of system model as an interdependent network composed of two identical networks and study the dynamics and behavior of the system in the process of cascading failure.
The traditional research on network robustness focused on isolated single networks [32, 33], which is not enough to describe the robustness of interdependent networks. Although some studies are aimed at interdependent networks, most of them are simple one-to-one network connections [34–36]. Starting from the one-to-one interdependence model of Buldyrev [37], scholars began to use this percolation theory method to widely study the cascade failure of IoT systems [38, 39]. Buldyrev pointed out that the double-layer interdependent network is very fragile, and the phase transition process of the largest connected cluster changes from the second-order phase transition of a single network to the first-order discontinuous transition. The one-to-one dependent model is no longer applicable to the ever-changing IoT systems, and scholars have gradually studied the one-to-many model. Huang [30] proposed a one-to-many model in 2015. Nodes in a computing resource network can be connected to nodes in multiple physical resource networks. It is found that if the proportion of faulty nodes exceeds the threshold, the system will crash. This paper only considers the one-to-many situations and does not consider the mixing proportion and more harmful targeted selective attacks. Reference [40] proposed a method to convert targeted selective attacks into random attacks, but the connection between networks is still a simple one-to-one connection. Peng [41] studied the cascading failure of interdependent networks under a one-to-many model when they were deliberately attacked but did not consider the mixed proportion. To solve the above problems, we model the IoT system as an interdependent network model with mixed node proportion and study the reliability of IoT systems under the targeted selective attack strategy based on node degree.
Our main contributions in this paper are as follows:(i)Propose a model based on percolation theory to study the propagation of network fault nodes in heterogeneous Internet of Things systems, which is different from the traditional equal proportion model.(ii)Deduce the critical value that the system can maintain stability after fault propagation, which will help to understand how faults propagate in an interdependent network.(iii)Use extensive experimental simulation to analyze the survival of functional nodes after fault propagation in heterogeneous Internet of Things systems under different network topologies.
The sections of this paper are organized as follows. The construction of the system model and a transformation method is described in Section 2. For the cascading failure process, we use mathematical methods to analyze each stage in detail in Section 3. The solution of the theoretical value equation is solved in Section 4, and we have carried out a large number of simulation cases to verify the correctness of the theoretical solution and analyze the key factors affecting system reliability. Section 5 is our conclusion and outlook for the future.
2. Our Proposed Method
The system model will be established in this section. We explain the criterion to measure the system’s robustness: the proportion of the most common subgraph in the network. Moreover, we define the parameter formula of deliberate attack, which is transformed into random attack through percolation theory. After transformation, the security of the IoT system under targeted selective attack strategy can be studied in the way of a random attack.
2.1. Model Construction
We develop a new interdependent system model to capture cascading failures. Our framework consists of two networks, and the two networks are represented by and , respectively. Both types of networks are the most extensive scale-free networks in real life. The degree distribution of scale-free network is . represents the power-law exponent. From the previous analysis, the connection modes of the two networks in cyberphysical systems include one-to-one, one-to-many, and many-to-many. In practice, many-to-many situations are common. Moreover, the coupling network system composed of various connection ratios also accounts for the vast majority. Therefore, we establish a coupled IoT system composed of two connection ratios. As shown in Figure 1, the two proportions are 2 : 1 and 1 : 1, respectively. We assume that the probability of both connection ratios is 0.5. Then, the ratio of network nodes and is 3 : 2.

When we consider real scenarios, such as cyberphysical systems, most of the initial failures are not random. It may be due to a targeted attack on important hubs (nodes with a high degree). According to the theory of network science, the size of node degree is the key factor in evaluating the importance of a network node. The greater the degree of a node, the more other nodes connected to it. Once this node is destroyed, the nodes connected to it will be affected. Therefore, we choose to carry out targeted attacks according to the node degree.
After the system is deliberately attacked, the attacked node will no longer have a function and fail. We first adopt the targeted selective attack method to attack the node with the largest node degree. When a node in a network is attacked and fails, the corresponding node in another network will lose function due to interdependence. This process is called cascading failure, as shown in Figure 2. Nodes will not fail and maintain its function only if it satisfies the following two requirements:(i)The node pertains to the functioning giant component(ii)The node has interdependent edges

(a)

(b)

(c)

(d)

(e)

(f)
Only functional nodes in the network can continue to survive. When there are no functional nodes in the whole network, the network has completely crashed. As shown in Figure 2, node loses its function after being attacked in the initial stage. also fails because it does not belong to the largest connected cluster in Stage 1. , which has lost its dependent edge, is no longer functional in Stage 2. does not belong to the largest connected cluster and fails in Stage 3. Node dependents on lose their interdependent edges and fail in Stage 4. In Stage 5, the nodes in the network are no longer invalid and reach stability. This is the whole process of network cascading failure.
2.2. Methods of Converting Targeted Selective Attack
The critical factor in measuring the robustness of the network is the proportion of the most common subgraph in the network [42, 43]. The more significant the proportion of the maximal pass subgraph, the higher the robustness of the network. Newman et al. made outstanding contributions to the method of solving the most general subgraph [44–46]. They use the tool of generating function to solve the network. According to [46, 47], the generation function of network degree distribution is expressed aswhere is the degree distribution function of network . The degree distribution functions of scale-free network and ER random network are and , respectively, where is the average degree of ER network and is the power-law exponent of scale-free network.
Furthermore, the generating function of the underlying branching processes is
According to Sergey’s paper [37], when the network is subjected to random attacks, the proportion of remaining functional nodes in the network can be expressed bywhere satisfies the transcendental equation .
The principle of cascading failure is the same because the targeted selective and random attack is different only at the first step. Therefore, we can convert targeted selective attacks into random attacks through mathematical derivation. After the transformation, we can analyze the targeted selective attack according to the analysis method of a random attack. In [40], an equation expresses the probability of node failure:where implies the probability that node is attacked at the first time. The larger is, the more vulnerable the node with a high node degree is to attack.
Mapping targeted selective attacks into random attacks can solve the problem of targeted selective attacks. Through mathematical formula analysis and transformation, the newly obtained node survival proportion function is
And, .
can be solved by the following equations:
So far, the transformation of the targeted selective attack has been completed. Next, we will deduce the critical formula of network collapse after cascade failure.
3. Mathematical Analysis of Cascading Failures
This section uses percolation theory and generation function to deduce the cascading failure of interdependent networks after targeted selective attack. We can get the quantity of remaining functional nodes in each step after the network cascade failure through the analysis. Table 1 shows the meaning of some symbols.
3.1. Initial Attack to Network A
3.1.1. Failure in Network M
After deleting the nodes with ratio in network , the quantity of remaining nodes is
Among them, the number of nodes with functions is
Therefore, the ratio of functional nodes is shown as follows:
3.1.2. Failure in Network N due to M
Due to the interdependence of network and network . The node failure in network will lead to the subsequent failure of corresponding nodes in network . From the perspective of model construction, the number of nodes with a ratio of 2 : 1 accounts for 2/3, and the number of nodes with a ratio of 1 : 1 accounts for 1/3 in network . Thus, the quantity of nodes with dependencies in network is
Among them, the number of nodes with functions is
3.1.3. Further Fragment of Network M
On the basis of the initial connection relationship of the network, the number of nodes with a connection ratio of 2 : 1 and 1 : 1 in network is and can be calculated, respectively.
The quantity of nodes with dependencies in network is
Owing to the fact that the nodes eliminated in the first step do not belong to , , and , the fraction of nodes removed from is the same as the fraction of nodes removed from , so
Then the ratio of removed nodes in the original network is
So,
The quantity of functional nodes is
3.1.4. Cascading Failure in Network N Again
In the third step, node failure will further lead to the loss of function of nodes in network . Similar to the previous calculation, the number of dependent nodes in network is
From to , we know
Then, the ratio of removed nodes in the original network is
So,
Through the above analysis, we summarize Table 2, which shows the survival ratio of nodes in each stage of network cascade failure. Therefore, the following recursive equation can be derived:
3.2. Initial Attack on Network N
3.2.1. Initial Failure in Network
If network is attacked for the first time and the attack proportion is , the number and proportion of remaining nodes in network are
The number and proportion of functional nodes in the remaining nodes are
3.2.2. Cascading Failures in Network Caused by -Node Failures
After node fails, some nodes in network fail because they lose their dependent edges. According to the model construction, the node ratio of network and is 3 : 2, so the quantity and proportion of the remaining nodes are
The quantity of the giant component is
3.2.3. Further Fragment on Network
The definition variable , where represents the proportion of nodes that finally survive in the second stage network . Since a node in network is connected to one or two nodes in network , the proportion of remaining nodes in network is
From to , we obtain
Therefore, the total number of points removed in network is the first stage plus the nodes removed in this stage:
At this time, the remaining node scores in network N are
Among the remaining nodes, the number and proportion of nodes belonging to the most Dalian Tong subgroup are
3.2.4. More Cascading Failures of Network
Since from to , the deleted nodes in the network are equal to minus , we can get
According to the theory in [37], in the initial attack node, all deleted nodes do not belong to , , and . Therefore, deleting these nodes from is equivalent to deleting the same proportion of nodes from :
Then, the proportion of total nodes deleted in the third stage network is equal to plus the proportion of nodes deleted in the second stage :
The impact of the fourth stage on network A is equivalent to a random attack, in which is replaced by . The number and corresponding proportion of functional nodes in the network are
Through the above analysis, we can summarize Table 3 and obtain the following recursive equation:
In the next section, we will use numerical simulation and other methods to find the solution of (21) and (35). Thus, we can get the critical threshold of the coupled network.
4. Experiments and Analysis
This section calculates the critical value of network collapse by image fitting. Then, we further prove the correctness of the theoretical value through case studies. Finally, the conditions impacting the robustness of the network are analyzed by changing the relevant parameters.
4.1. Theoretical Solution
When the cascading failure of the network stops, the proportion of remaining functional nodes will not change. At this time, the ratio of remaining functional nodes meets the following equations:
We define new variables and to meet
So, (21) and (35) will change by
Excluding y, (38) and (39) will become
It is difficult to find an analytical solution to this equation. Therefore, we get the numerical solution by image fitting. The following equations are used to represent (40) and (41):
As shown in Figure 3, we draw two lines of the system of equations. The point where they are tangent is the numerical solution of the equation. Figures 3(a) and 3(b) show the results of the first attack and first attack , respectively. The network types are SF networks with power-law exponent and attack parameter . When attacking network , the seepage threshold pc = 0.586, and when attacking network N, the seepage threshold . The network types in Figures 3(c) and 3(d) are ER random networks, the average degree is 4, and the attack parameter . The percolation threshold when attacking network is 0.615. It is worth noting that the percolation threshold pc when attacking network is also 0.615. This shows that when the network type is Er-Er, there is little difference in the percolation threshold between attacking first and attacking first. In order to prove this conclusion again, we continue to attack and first under the same other conditions and attack parameter . The seepage thresholds are shown in Figures 3(e) and 3(f), with values of 0.663 and 0.66, respectively. The two still have little difference. The above conclusion is verified again.

(a)

(b)

(c)

(d)

(e)

(f)
4.2. Simulation Results
We verify the results of theoretical derivation by experiments. The percolation process of interdependent networks under deliberate attack will be simulated. We construct two interdependent networks through the network model in model construction, represented as and , respectively, and the network type is ER-ER or SF-SF. Networks A and B are connected in a mixed ratio of 2 : 1 and 1 : 1 nodes, and the probability of the connection ratio of the two nodes is 0.5. The internal nodes of networks A and B are connected according to the connection mode of ER network and SF network. The attack mode is a deliberate attack according to the node degree. In the initial attack, we will attack network or and save the remaining nodes when the coupled system reaches a stable state or completely crashes. First, we establish two SF networks in the program. Then, the two networks are connected according to the method in the model construction. Finally, we attack the proportion of nodes in network according to the value of attack parameter . At each stage of network cascading failure, the quantity of remaining functional nodes in each network will be saved. We carried out 50 experiments on each value and took the average value. This ensures the accuracy of the experiment to a certain extent.
Figures 4(a) and 4(b) correspond to the verification of theoretical results in Figures 3(a) and 3(b). Figures 4(c) and 4(d) correspond to Figures 3(c)–3(f). The black straight line represents the theoretical value, the attack ratio is , the abscissa represents , and the ordinate represents the proportion of remaining nodes in each network when the full network node reaches a stable state. It can be seen from the picture that the first-order discontinuous transition of the network is near the critical value, which verifies the correctness of the theoretical value. It can be seen from the picture that when attacking network A first, the proportion of nodes when networks and reach the stable state is different, while when attacking network first, the proportion of nodes when the network reaches the stable state is very close. Moreover, no matter which network is attacked first, the node proportion of network is always higher than that of network . Through the previous model analysis, the node ratio of networks and is 3 : 2, and one or two nodes in a network are connected with one node in network . A node in network will affect one or two nodes in network , which is why the proportion of nodes in network is less than that of . When attacking a node in network , if it happens to be a node in the ratio of 2 : 1, even if one node is lost, another node remains dependent on network , which protects the nodes in network to a certain extent.

(a)

(b)

(c)

(d)
Comparing Figures 4(a) and 4(c) and Figures 4(c) and 4(d), it can be seen that, under the same attack parameters, the percolation threshold of network type ER-ER is greater than SF-SF. The smaller the percolation threshold, the higher the network robustness, and the system can better resist attacks. From the analysis of network type, it can be seen that a small part of nodes in the SF network have the most edges, while the vast majority of nodes have only fewer edges, and the node degree is power-law distributed. The degree distribution of nodes in ER network is the Poisson distribution. The degrees of most nodes are intermediate, and only a few nodes have large or small degrees. This node distribution law indirectly leads to the failure process of SF network nodes once the SF network is attacked. If a minimal number of high degree nodes are attacked, most of the nodes connected to them will fail, which accelerates SF network node failure.
Next, we take points near the theoretical threshold at an interval of 0.005 and calculate the number of remaining functional nodes corresponding to each point. To study the impact of different network sizes, we also selected four groups of network values with different sizes. With the increase of network scale, the image is closer and closer to the critical threshold in Figure 5. So when the number of networks reaches a particular scale, the drawn image will approximate the critical threshold. This further validates our theoretical results.

(a)

(b)
Finally, we only change the power-law exponent of the SF network under the same other conditions. From Figure 6(a), we find that when increases, the network percolation threshold decreases accordingly. This indicates that the robustness of the network is increased. At the same time, we also find that the power-law index has little influence on the robustness of the network. The network percolation threshold increases with . Although the value of a is less than 0, it will still lead to network collapse. This is different from a single network. This is of great significance for us to learn and improve the reliability of the IoT system.

(a)

(b)
5. Conclusions and Future Work
This paper simulates the network environment of large-scale heterogeneous Internet of Things systems under the targeted selective attack and decomposes and analyzes the cascading-failures effect on the network based on the network percolation theory. Besides, the theoretical solution and simulation solution of the network cascading-failures process are compared and analyzed through digital simulation. The trend, amplitude change, and attack time of network cascading failures under the attack strategy of targeted selective attack can be observed more clearly intuitively. The experimental results prove the effectiveness and correctness of the method proposed in this paper, which can realize the identification and detection of abnormal data in heterogeneous Internet of Things systems under the targeted selective attack strategy.
The research results provide new research ideas for situational awareness and attack characteristics of heterogeneous Internet of Things systems, which can further improve the security of large-scale Internet of Things systems. In future research, we will use the knowledge graph technology to use its sound mesh structure system and match attack types more quickly and accurately to obtain the attack source, attack type, and other data. In addition, we will use the multidimensional correlation knowledge graph to perform complex combined network attack threat detection. With the support of the multidimensional correlation representation of the spatiotemporal knowledge graph, it can facilitate the collaborative use of knowledge information such as network assets, vulnerabilities, and attack patterns to realize the large-scale information. The real-time detection and analysis of targeted selective attack data in the IoT systems further improve the robustness and stability.
Data Availability
No data were used to support this paper.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
Acknowledgments
This work was partly supported by the National Key Research and Development Program of China under Grant no. 2019YFC0118800, the National Natural Science Foundation of China under Grant nos. 62072412, 61902359, 61702148, and 61672468, the Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security under Grant AGK2018001, and the Key Lab of Information Network Security, Ministry of Public Security, under Grant no. C20607.