Wireless Sensing And Networking For The Internet Of Things Zihuai Lin

Wireless Sensing And Networking For The Internet
Of Things Zihuai Lin download
https://ebookbell.com/product/wireless-sensing-and-networking-
for-the-internet-of-things-zihuai-lin-50655732
Explore and download more ebooks at ebookbell.com

Here are some recommended products that we believe you will be
interested in. You can click the link to download.
Wireless Sensing And Networking For The Internet Of Things Zihuai Lin
And Wei Xiang
https://ebookbell.com/product/wireless-sensing-and-networking-for-the-
internet-of-things-zihuai-lin-and-wei-xiang-50112468
Physical Layer Security For Wireless Sensing And Communication Hseyin
Arslan
https://ebookbell.com/product/physical-layer-security-for-wireless-
sensing-and-communication-hseyin-arslan-48004208
Wireless Sensing Principles Techniques And Applications Jiannong Cao
https://ebookbell.com/product/wireless-sensing-principles-techniques-
and-applications-jiannong-cao-45146282
Security And Trends In Wireless Identification And Sensing Platform
Tags Advancements In Rfid 1st Edition Pedro Peris Lopez
https://ebookbell.com/product/security-and-trends-in-wireless-
identification-and-sensing-platform-tags-advancements-in-rfid-1st-
edition-pedro-peris-lopez-4633788

Wireless Ai Wireless Sensing Positioning Iot And Communications K J
Ray Liu
https://ebookbell.com/product/wireless-ai-wireless-sensing-
positioning-iot-and-communications-k-j-ray-liu-10680720
Advanced Wireless Sensing Techniques For 5g Networks 1st Edition
Ashish Bagwari
https://ebookbell.com/product/advanced-wireless-sensing-techniques-
for-5g-networks-1st-edition-ashish-bagwari-9952010
Backscattering And Rf Sensing For Future Wireless Comm Abbassi
https://ebookbell.com/product/backscattering-and-rf-sensing-for-
future-wireless-comm-abbassi-24231140
Wireless Networks From The Physical Layer To Communication Computing
Sensing And Control Franceschetti
https://ebookbell.com/product/wireless-networks-from-the-physical-
layer-to-communication-computing-sensing-and-control-
franceschetti-4109984
Internet Of Things For Sustainable Community Development Wireless
Communications Sensing And Systems 2nd Edition 2nd Abdul Salam
https://ebookbell.com/product/internet-of-things-for-sustainable-
community-development-wireless-communications-sensing-and-systems-2nd-
edition-2nd-abdul-salam-58398266

Edited by
Wireless Sensing and
Networking for the
Internet of Things
Zihuai Lin and Wei Xiang
Printed Edition of the Special Issue Published in Sensors
www.mdpi.com/journal/sensors

Wireless Sensing and Networking for
the Internet of Things

Wireless Sensing and Networking for
the Internet of Things
Editors
Zihuai Lin
Wei Xiang
MDPI • Basel • Beijing • Wuhan • Barcelona • Belgrade • Manchester • Tokyo • Cluj • Tianjin

Editors
Zihuai Lin
The University of Sydney,
Camperdown, Australia
Wei Xiang
La Trobe University,
Melbourne, Australia
Editorial Ofﬁce
MDPI
St. Alban-Anlage 66
4052 Basel, Switzerland
This is a reprint of articles from the Special Issue published online in the open access journal
Sensors (ISSN 1424-8220) (available at: https://www.mdpi.com/journal/sensors/special issues/
sensing iot).
For citation purposes, cite each article independently as indicated on the article page online and as
indicated below:
LastName, A.A.; LastName, B.B.; LastName, C.C. Article Title. Journal Name Year, Volume Number,
Page Range.
ISBN 978-3-0365-7448-6 (Hbk)
ISBN 978-3-0365-7449-3 (PDF)
© 2023 by the authors. Articles in this book are Open Access and distributed under the Creative
Commons Attribution (CC BY) license, which allows users to download, copy and build upon
published articles, as long as the author and publisher are properly credited, which ensures maximum
dissemination and a wider impact of our publications.
The book as a whole is distributed by MDPI under the terms and conditions of the Creative Commons
license CC BY-NC-ND.

Contents
About the Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Zihuai Lin and Wei Xiang
Wireless Sensing and Networking for the Internet of Things
Reprinted from: Sensors 2023, 23, 1461, doi:10.3390/s23031461 . . . . . . . . . . . . . . . . . . . . 1
Xiaosa Xu, Wen-Kang Jia, Yi Wu and Xufang Wang
On the Optimal Lawful Intercept Access Points Placement Problem in Hybrid Software-Defined
Networks
Reprinted from: Sensors 2021, 21, 428, doi:10.3390/s21020428 . . . . . . . . . . . . . . . . . . . . . 7
Abebe Diro, Naveen Chilamkurti, Van-Doan Nguyen and Will Heyne
A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using Machine
Learning Algorithms
Ethan Chen, John Kan, Bo-Yuan Yang, Jimmy Zhu and Vanessa Chen
Intelligent Electromagnetic Sensors for Non-Invasive Trojan Detection
Khalid Haseeb, Amjad Rehman, Tanzila Saba, Saeed Ali Bahaj and Jaime Lloret
Device-to-Device (D2D) Multi-Criteria Learning Algorithm Using Secured Sensors
Kenneth E. Schackart III and Jeong-Yeol Yoon
Machine Learning Enhances the Performance of Bioreceptor-Free Biosensors
Muhammad Zubair Islam, Shahzad, Rashid Ali, Amir Hadier and Hyung Seok Kim
IoTactileSim: A Virtual Testbed for Tactile Industrial Internet of Things Services
Shuangshuang Li and Wenming Cao
SEMPANet: A Modified Path Aggregation Network with Squeeze-Excitation for Scene Text
Detection
Paula Fraga-Lamas, Sérgio Ivan Lopes and Tiago M. Fernández-Caramés
Green IoT and Edge AI as Key Technological Enablers for a Sustainable Digital Transition
towards a Smart Circular Economy: An Industry 5.0 Use Case
Janis Eidaks, Romans Kusnins, Ruslans Babajans, Darja Cirjulina, Janis Semenjako and
Anna Litvinenko
Fast and Accurate Approach to RF-DC Conversion Efficiency Estimation for Multi-Tone Signals
Vyacheslav Begishev, Dmitri Moltchanov, Anna Gaidamaka, and Konstantin Samouylov
Closed-Form UAV LoS Blockage Probability in Mixed Ground- and Rooftop-Mounted Urban
mmWave NR Deployments
v

Georgios Fevgas, Thomas Lagkas, Vasileios Argyriou and Panagiotis Sarigiannidis
Coverage Path Planning Methods Focusing on Energy Efﬁcient and Cooperative Strategies for
Unmanned Aerial Vehicles
Md Abdulla Al Mamun, David Vera Anaya, Fan Wu and Mehmet Rasit Yuce
Landmark-Assisted Compensation of User’s Body Shadowing on RSSI for Improved Indoor
Localisation with Chest-Mounted Wearable Device
Rui Wang, Yue Wang, Yanping Li, Wenming Cao and Yi Yan
Geometric Algebra-Based ESPRIT Algorithm for DOA Estimation
Zaheer Allam, Simon Elias Bibri, David S. Jones, Didier Chabaud and Carlos Moreno
Unpacking the ‘15-Minute City’ via 6G, IoT, and Digital Twins: Towards a New Narrative for
Increasing Urban Efﬁciency, Resilience, and Sustainability
Dinesh Tamang, Alessandro Pozzebon, Lorenzo Parri, Ada Fort and Andrea Abrardo
Designing a Reliable and Low-Latency LoRaWAN Solution for Environmental Monitoring in
Factories at Major Accident Risk
Pisana Placidi, Renato Morbidelli, Diego Fortunati, Nicola Papini, Francesco Gobbi and
Andrea Scorzoni
Monitoring Soil and Ambient Parameters in the IoT Precision Agriculture Scenario: An Original
Modeling Approach Dedicated to Low-Cost Soil Water Content Sensors
Yonghui Tu, Haoye Tang and Wenyou Hu
An Application of a LPWAN for Upgrading Proximal Soil Sensing Systems
Xue Han, Zihuai Lin, Cameron Clark, Branka Vucetic and Sabrina Lomax
AI Based Digital Twin Model for Cattle Caring
vi

About the Editors
Zihuai Lin
Zihuai Lin received a Ph.D. degree in Electrical Engineering from the Chalmers University of
Technology, Sweden, in 2006. Prior to this, he worked at Ericsson Research, Stockholm, Sweden.
Following his Ph.D. graduation, he worked as an Associate Professor at Aalborg University,
Denmark. He is currently an Associate Professor at the School of Electrical and Information
Engineering at the University of Sydney, Australia. His research interests include IoT wireless
sensing and networking, 5G/6G cellular systems, IoT in healthcare, TeraHertz communications,
see-through wall radar imaging, Ghost Imaging, wireless artificial intelligence (AI), AI-based
ECG/EEG signal analysis, information theory, communication theory, source/channel/network
coding, coded modulation, MIMO, OFDMA, SC-FDMA, radio resource management, cooperative
communications, small-cell networks and others.
Wei Xiang
Professor Wei Xiang is Cisco Research Chair of AI and IoT, and the Director of the Cisco La Trobe
Centre for AI and IoT at La Trobe University. Previously, he was the Foundation Chair and Head of
the Discipline of IoT Engineering at James Cook University, Cairns, Australia. Due to his instrumental
leadership in establishing Australia’s first accredited Internet of Things Engineering degree program,
he was inducted into Pearcy Foundation’s Hall of Fame in October 2018. He is a TEDx speaker and
an elected Fellow of the IET in UK and Engineers Australia. He received the TNQ Innovation Award
in 2016, the Pearcey Entrepreneurship Award in 2017, and Engineers Australia Cairns Engineer of
the Year in 2017. He was a co-recipient of four Best Paper Awards at WiSATS’2019, WCSP’2015,
IEEE WCNC’2011, and ICWMC’2009. He has been awarded several prestigious fellowship titles.
He was the Vice Chair of the IEEE Northern Australia Section from 2016 to 2020. He is currently
an Associate Editor for IEEE Communications Surveys and Tutorials, IEEE Transactions on Vehicular
Technology, IEEE Internet of Things Journal, IEEE Access and the Nature journal of Scientific Reports.
He has published over 300 peer-reviewed papers, including three books and 220 journal articles.
He has severed in a large number of international conferences in the capacity of General Co-Chair,
TPC Co-Chair, Symposium Chair, etc. His research interests include the Internet of Things, wireless
communications, machine learning for IoT data analytics and computer vision.
vii

Citation: Lin, Z.; Xiang, W. Wireless
Sensing and Networking for the
Internet of Things. Sensors 2023, 23,
1461. https://doi.org/10.3390/
s23031461
Received: 7 December 2022
Accepted: 9 December 2022
Published: 28 January 2023
Copyright: © 2023 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
sensors
Editorial
Wireless Sensing and Networking for the Internet of Things
Zihuai Lin 1,* and Wei Xiang 2,*
1 School of Electrical & Information Engineering, University of Sydney, Camperdown, NSW 2006, Australia
2 School of Engineering and Mathematical Sciences, La Trobe University, Melbourne, VIC 3086, Australia
* Correspondence: zihuai.lin@sydney.edu.au (Z.L.); W.Xiang@latrobe.edu.au (W.X.)
In recent years, we have witnessed the exponential proliferation of the Internet of
Things (IoT)-based networks of physical devices, vehicles, and appliances, as well as
other items embedded with electronics, software, sensors, actuators, and connectivity,
which enable these objects to connect and exchange data. Facilitating the introduction
of highly efficient IoT, wireless sensing, and network technologies will reduce the need
for traditional processes that must currently be manually carried out, thus freeing up
the precious resources of a dwindling workforce, and informing more meaningful and
necessarily human-centered work.
This Special Issue aims to collate innovative developments in areas relating to IoT,
wireless sensing, and networking. The eighteen papers published in this Special Issue
cover software-defined network (SDN)-based IoT networks, artificial intelligence (AI) for
IoT, industrial IoT, smart sensors, energy efficiency optimization for IoT and wireless
sensor networks, IoT applications for agriculture, smart cities, healthcare, localization, and
environment monitoring.
In [1], an IoT network with intercept access points (IAPs), SDN nodes, and non-SDN
nodes was developed for the purpose of lawful interception. Different from traditional
networks with centralized management, this paper optimized the deployment of IAPs in
hybrid software-defined networks containing both SDN and non-SDN nodes. This work
presented an enhanced equal-cost multi-path shortest-path algorithm for IAP deployment
and three SDN interception models in accordance. In addition, the authors proposed the
use of a restriction minimal vertex cover algorithm (RMVCA) in hybrid SDN nodes to
consider the geographic importance of all intercepted targets and the global cost of operator
operations and maintenance. By applying a variety of SDN interception algorithms based
on the RMVCA to actual network topologies, the authors were able to significantly optimize
the deployment efficiency of IAPs and improve the intercept link coverage in hybrid SDN
nodes, as well as reasonably deploy the best intercept access point and intercept the
whole hybrid SDN with the fewest SDN nodes, thereby aiding in the introduction of
lawful interception.
The second paper [2] developed anomaly detection methods by utilizing machine
learning to safeguard an IoT system. The authors provided a thorough analysis of prior
work in creating machine-learning-based anomaly detection methods for safeguarding IoT
systems. Additionally, they claimed that blockchain-based systems used for anomaly detec-
tion are capable of jointly building efficient machine learning models for anomaly detection.
The authors of [3] outlined a comprehensive self-testing method that used energy-
efficient learning modules and nanoscale electromagnetic (EM) sensing devices to identify
security concerns and malicious attacks at the front-end sensors. The development of a
built-in threat detection method employing intelligent EM sensors dispersed on the power
lines was proven to facilitate the efficient use of energy while detecting unusual data
activity without compromising performance. Energy-constrained wireless devices may
also be able to have an on-chip detection system to quickly foresee hostile attacks on the
front lines due to the minimal energy and space usage.
Sensors 2023, 23, 1461. https://doi.org/10.3390/s23031461 https://www.mdpi.com/journal/sensors
1

Sensors 2023, 23, 1461
Ref. [4] introduced a D2D multi-criteria learning technique for secured IoT networks
to enhance data exchange without adding extra fees or data diversions for mobile sensors.
Additionally, machine learning was shown to lower the risks of compromise in the presence
of anonymous devices and increase the reliability of the IoT-enabled communication
system. Broad simulation-based experiments were also used to evaluate and assess the
proposed work, showing significantly better performance for realistic network topologies
in terms of packet delivery ratio, packet disruptions, data delays, energy consumption, and
computing complexity.
The authors of [5] demonstrated how machine learning can improve the functionality
of biosensors without biological receptors. The performance of these biosensors was
enhanced by machine learning, which effectively substitutes modeling for the bioreceptor to
increase specificity. Since their introduction, simple regression models have been commonly
used in biosensor-related fields to determine analyte compositions based on the biosensor’s
signal strength. Traditionally, bioreceptors offer good sensitivity and specificity to the
biosensor. However, a growing number of biosensors without bioreceptors have been
created for a variety of purposes. The usage of ML for imaging, E-nose and E-tongue,
and surface-enhanced Raman spectroscopy (SERS) biosensors was discussed in this study.
It is also particularly noteworthy that several artificial neural network (ANN) methods
paired with principal component analysis (PCA), support vector machine (SVM), and other
algorithms performed remarkably in a variety of tasks.
The authors of [6] stressed the exigency of using a virtual testbed dubbed IoTactileSim
to implement, investigate, and manage QoS provisioning in tactile industrial IoT (IIoT)
services. The study demonstrated that tactile IIoT enables the real-time control and manip-
ulation of remote industrial environments via a human operator. The authors also showed
that a communication network with ultra-low latency, ultra-high reliability, availability, and
security is required by TIoT application cases. Furthermore, it has become more difficult to
research and enhance the quality of services (QoSs) for tactile IIoT applications due to the
absence of the tactile IIoT testbed. IoTactileSim uses the robotic simulator CoppeliaSim and
network emulator Mininet to carry out real-time haptic teleoperations in both virtual and ac-
tual surroundings. This allows the real-time monitoring of network impairments, operators,
and teleoperator data flow, as well as various implemented technology parametric values.
In [7], a novel feature fusion-based approach to scene text detection was created.
Rather than solely relying on feature extraction from SENet, this technique incorporated
MPANet’s features to make up the difference. By using the suggested fusion technique, the
text detection model could achieve better detection performance than the baseline network.
In addition, the model was post-processed with a progressive expansion technique to
provide rapid and precise text detection. This method was shown to be important for in
studying natural scene text detection technology that is oriented toward actual application
scenarios because it aims to improve experimental results without introducing end-to-end
networks with too many parameters, and it ultimately achieves high accuracy and fast
text detection.
The energy-efficient design of IoT is a very challenging topic. As mentioned in [8],
although IoT technologies and paradigms such as edge computing have enormous po-
tential for the digital transition towards sustainability, they do not yet contribute to the
IoT industry’s sustainable development. Due to its use of scarce raw materials and its
energy consumption in manufacturing, operation, and recycling processes, this industry
has a substantial carbon footprint. To address these challenges, the green IoT (G-IoT)
paradigm was developed as a study field to lower this carbon footprint; nevertheless, its
sustainable vision directly clashes with the arrival of edge artificial intelligence (edge AI),
which mandates the use of additional energy. The authors of [8] addressed this issue by
investigating various factors that influence the design and development of edge AI G-IoT
systems. In addition, their study provided an Industry 5.0 use case that highlights the
various principles that were discussed. In particular, the proposed scenario involved an
2

Sensors 2023, 23, 1461
Industry 5.0 smart workshop that aims to improve operator safety and operation tracking,
employing a mist computing architecture built of IoT nodes with AI capabilities.
For the energy harvesting of IoT in paper [9], a fast and accurate numerical method
was given to determine the RF–DC power conversion efficiency (PCE) of energy harvesting
circuits in the case of power-carrying signals with multiple tones and periodic envelopes.
In recent years, extensive research has been conducted on this kind of signal. For low-to-
medium input power levels, their use was shown to produce a potentially higher PCE
than the usual sine wave signal. Because of this, the authors wanted to devise a fast and
accurate two-frequency harmonic balance method (2F-HB) because a fast PCE calculation
could speed up the process of optimizing the converter circuit by a lot. A comparison
study was conducted to show how well the 2F-HB works when it comes to computing.
The results of [9] show that the 2F-HB performs much better than widely used methods
such as the transient analysis (TA) method, the harmonic balance method (HB), and the
multidimensional harmonic balance method (MHB). This method also proved to be more
effective than Keysight ADS, a commercial non-linear circuit simulator that uses both HB
and MHB. The proposed method could also be easily added to commercially available
non-linear circuit simulation software, such as Keysight ADS and Ansys HFSS, as used by
many people.
Unmanned aerial vehicles (UAVs) represent one of the new types of devices that use
5G and 6G networks. One possible way of supporting advanced services for UAVs, such as
video monitoring, is to use the recently standardized millimeter-wave (mmWave) frequency
band for new radio (NR) technology. However, buildings may cause frequent outages if
they block the paths between NR base stations (BSs) and UAVs. In [10], the authors used
the tools of integral geometry to describe the connectivity properties of UAVs in terrestrial
urban deployments of mm-wave NR systems. The main metric of interest is the likelihood
of UAV line-of-sight (LoS) blockage. Unlike other studies, the proposed approach made
it possible to obtain a close approximation of the likelihood of line-of-sight blockage as a
function of city and network deployment parameters.
In another review [11], early-stage coverage path planning (CPP) methods were
presented in the robotics field. The objective of CPP algorithms is to reduce the overall
coverage path and execution time. Significant research has been conducted in the field
of robotics, particularly in the areas of multi-unmanned unmanned aerial vehicle (UAV)
collaboration and energy efficiency in CPP challenges. In addition, this paper also addressed
multi-UAV CPP techniques and focused on CPP algorithms that conserve energy.
In [12], the authors investigated a method used to mitigate the user’s body shadowing
effect on the RSSI to improve localization accuracy. They also examined the effect of
the user’s body on the RSSI. The idea of a landmark was then used to develop an angle
estimate method. An inertial measurement unit (IMU)-aided decision tree-based motion
mode classifier was used to accurately identify different landmarks. A compensation
strategy was then proposed to fix the RSSI. The closest neighbor method was used to
estimate the unknown location. The results show that the suggested system can greatly
increase localization accuracy. After adjusting for the body effect, a median localization
accuracy of 1.46 m was attained, compared to 2.68 m before the compensation using the
traditional K-nearest neighbor approach. Additionally, when comparing the suggested
system’s performance to that of the two other relevant works, it clearly surpassed the
competition. By using a weighted K-nearest neighbor approach, the median accuracy was
further increased to 0.74 m.
Direction-of-arrival (DOA) estimation is integral in array signal processing, and the
estimating signal parameter via rotational invariance techniques (ESPRIT) algorithm is one
of the typical super-resolution algorithms used for finding directions in an electromagnetic
vector sensor (EMVS) array. However, existing ESPRIT algorithms treat the output of the
EMVS array as a “long vector”, which leads to a loss of signal orthogonality. Ref. [13] pro-
posed a geometric algebra-based ESPRIT algorithm (GA-ESPRIT) to estimate 2D-DOA with
double parallel uniform linear arrays. The approach integrated GA with ESPRIT to describe
3

Sensors 2023, 23, 1461
multidimensional signals holistically. Direction angles were determined by different GA
matrix operations to retain correlations among EMVS components. Experimental results
show that GA-ESPRIT is robust to model mistakes and requires less time and memory.
The ‘15-min city’ concept offers new perspectives on livability and urban health in
post-pandemic cities. Smart city network technologies can offer personalized pathways to
respond to contextualized difficulties through data mining and processing to better enhance
urban decision-making processes. The authors of [14] argued that digital twins, IoT, and
6G can benefit from the ‘15-min city’ concept. The data collected by these devices and
analyzed by machine learning reveal urban fabric patterns. Unpacking these dimensions to
support the ‘15-min city’ notion can illuminate new ways of redefining agendas to better
respond to economic and societal requirements and line with environmental commitments,
including UN Sustainable Development Goal 11 and the New Urban Agenda. This study
argued that these new connectivities should be examined so that relevant protocols can
be created and urban agendas can be recalibrated to prepare for impending technology
breakthroughs, offering new avenues for urban regeneration and resilience crafting.
Environment monitoring is one of the commonly used IoT applications. Ref. [15]
proposed a low-latency LoRaWAN system for environmental monitoring in factories
at major accident risk (FMARs). Low-power wearable devices for sensing dangerous
inflammable gases in industrial plants are meant to reduce hazards and accidents. Detected
data must be provided immediately and reliably to a remote server to trigger preventive
steps and then optimize the functioning of a machine. In these scenarios, the LoRaWAN
system is the best connectivity technology due to off-the-shelf hardware and software.
The authors examined LoRaWAN’s latency and reliability restrictions and proposed a
strategy to overcome them. The suggested solution also used downlink control packets
to synchronize ED transmissions (DCPs). These experiments validated the proposed
technique for the FMAR scenario.
For low-cost IoT precision agriculture applications such as greenhouse sensing and
actuation, the authors of [16] created a LoRaWAN-based wireless sensor network with
low power consumption. All of the research’s subsystems were entirely constructed using
only commercially available components and freely available or open-source software
components and libraries. This entire system was established to demonstrate the possibility
of creating a modular system using low-cost commercially available components for sensing
purposes. The data generated by the experiments were compiled and kept in a database
maintained by a cloud-based virtual computer. Using a graphical user interface, the user
had the ability to observe the data in real time. In a series of experiments conducted with
two types of natural soil, loamy sand and silty loam, the overall system’s dependability was
demonstrated. The system’s performance in terms of soil characteristics was then compared
to that of a Sentek reference sensor. Temperature readings indicate good agreement within
the rated accuracy of the implemented sensors, whereas readings from the inexpensive
volumetric water content (VWC) sensor revealed variable sensitivity. The authors made
several conclusions using a unique approach to maximize the parameters of the non-linear
fitting equation connecting the inexpensive VWC sensor’s analog voltage output with the
standard VWC.
The authors of [17] integrated LPWAN technology to an existing proximate soil sensor
device by building an attachment hardware system (AHS) and accomplishing technical
upgrades for low-cost, low-power, wide-coverage, and real-time soil monitoring in fields.
The testing results demonstrate that, after upgrading, the sensor device can run for several
years with only a battery power supply, and that the effective wireless communication
coverage is nearly 1 km in a typical suburban farming context. As a result, the gadget
not only keeps the sensor device’s original mature sensing technology, but also displays
ultra-low power consumption and long-distance transmission. The proposed method also
serves as a model for extending LPWAN technology to a broader spectrum of inventoried
sensor devices for technical advancements.
4

Sensors 2023, 23, 1461
The final paper [18] of this Special Issue focused on digital twins for cattle care. The
authors established cutting-edge artificial-intelligence-powered digital twins of cattle status
in this research (AI). The project was based on an IoT farm system that can record and
monitor the health of livestock from a distance. The sensor data obtained from the farm
IoT system was used to create a digital twin model of cattle based on deep learning (DL).
It was shown that the real-time monitoring of the physiological cycle of cattle is possible,
and by applying this model, the next physiological cycle of cattle can be predicted. An
enormous amount of data to confirm the accuracy of the digital twins model acted as the
foundation of this effort. The loss error of training for this digital twin model, predicting
the future behavioral state of cattle, was approximately 0.580, and the loss error of doing so
after optimization was approximately 5.197. This work’s digital twins model could be used
to predict the cattle’s future time budget.
Conflicts of Interest: The authors declare no conflict of interest.
References
1. Xu, X.; Jia, W.; Wu, Y.; Wang, X. On the Optimal Lawful Intercept Access Points Placement Problem in Hybrid Software-Defined
Networks. Sensors 2021, 21, 428. [CrossRef] [PubMed]
2. Diro, A.; Chilamkurti, N.; Nguyen, V.; Heyne, W. A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using
Machine Learning Algorithms. Sensors 2021, 21, 8320. [CrossRef] [PubMed]
3. Chen, E.; Kan, J.; Yang, B.; Zhu, J.; Chen, V. Intelligent Electromagnetic Sensors for Non-Invasive Trojan Detection. Sensors 2021,
21, 8288. [CrossRef] [PubMed]
4. Haseeb, K.; Rehman, A.; Saba, T.; Bahaj, S.; Lloret, J. Device-to-Device (D2D) Multi-Criteria Learning Algorithm Using Secured
Sensors. Sensors 2022, 22, 2115. [CrossRef] [PubMed]
5. Schackart, K.; Yoon, J. Machine Learning Enhances the Performance of Bioreceptor-Free Biosensors. Sensors 2021, 21, 5519.
[CrossRef] [PubMed]
6. Zubair Islam, M.; Shahzad; Ali, R.; Haider, A.; Kim, H. IoTactileSim: A Virtual Testbed for Tactile Industrial Internet of Things
Services. Sensors 2021, 21, 8363. [CrossRef] [PubMed]
7. Li, S.; Cao, W. SEMPANet: A Modified Path Aggregation Network with Squeeze-Excitation for Scene Text Detection. Sensors 2021,
8. Fraga-Lamas, P.; Lopes, S.; Fernández-Caramés, T. Green IoT and Edge AI as Key Technological Enablers for a Sustainable Digital
Transition towards a Smart Circular Economy: An Industry 5.0 Use Case. Sensors 2021, 21, 5745. [CrossRef] [PubMed]
9. Eidaks, J.; Kusnins, R.; Babajans, R.; Cirjulina, D.; Semenjako, J.; Litvinenko, A. Fast and Accurate Approach to RF-DC Conversion
Efficiency Estimation for Multi-Tone Signals. Sensors 2022, 22, 787. [CrossRef] [PubMed]
10. Begishev, V.; Moltchanov, D.; Gaidamaka, A.; Samouylov, K. Closed-Form UAV LoS Blockage Probability in Mixed Ground- and
Rooftop-Mounted Urban mmWave NR Deployments. Sensors 2022, 22, 977. [CrossRef] [PubMed]
11. Fevgas, G.; Lagkas, T.; Argyriou, V.; Sarigiannidis, P. Coverage Path Planning Methods Focusing on Energy Efficient and
Cooperative Strategies for Unmanned Aerial Vehicles. Sensors 2022, 22, 1235. [CrossRef] [PubMed]
12. Mamun, M.; Anaya, D.; Wu, F.; Yuce, M. Landmark-Assisted Compensation of User’s Body Shadowing on RSSI for Improved
Indoor Localisation with Chest-Mounted Wearable Device. Sensors 2021, 21, 5405. [CrossRef] [PubMed]
13. Wang, R.; Wang, Y.; Li, Y.; Cao, W.; Yan, Y. Geometric Algebra-Based ESPRIT Algorithm for DOA Estimation. Sensors 2021,
14. Allam, Z.; Bibri, S.; Jones, D.; Chabaud, D.; Moreno, C. Unpacking the ‘15-Minute City’via 6G, IoT, and Digital Twins: Towards a
New Narrative for Increasing Urban Efficiency, Resilience, and Sustainability. Sensors 2022, 22, 1369. [CrossRef]
15. Tamang, D.; Pozzebon, A.; Parri, L.; Fort, A.; Abrardo, A. Designing a Reliable and Low-Latency LoRaWAN Solution for
Environmental Monitoring in Factories at Major Accident Risk. Sensors 2022, 22, 2372. [CrossRef]
16. Placidi, P.; Morbidelli, R.; Fortunati, D.; Papini, N.; Gobbi, F.; Scorzoni, A. Monitoring Soil and Ambient Parameters in the IoT
Precision Agriculture Scenario: An Original Modeling Approach Dedicated to Low-Cost Soil Water Content Sensors. Sensors
2021, 21, 5110. [CrossRef] [PubMed]
17. Tu, Y.; Tang, H.; Hu, W. An Application of an LPWAN for Upgrading Proximal Soil Sensing Systems. Sensors 2022, 22, 4333.
[CrossRef]
18. Han, X.; Lin, Z.; Clark, C.; Vucetic, B.; Lomax, S. AI-Based Digital Twin Model for Cattle Caring. Sensors 2022, 22, 7118. [CrossRef]
[PubMed]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual
author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to
people or property resulting from any ideas, methods, instructions or products referred to in the content.
5

sensors
Article
On the Optimal Lawful Intercept Access Points Placement
Problem in Hybrid Software-Defined Networks
Xiaosa Xu, Wen-Kang Jia *, Yi Wu and Xufang Wang
Citation: Xu, X.; Jia, W.-K.; Wu, Y.;
Wang, X. On the Optimal Lawful
Intercept Access Points Placement
Problem in Hybrid Software-Defined
Networks. Sensors 2021, 21, 428.
https://doi.org/10.3390/s21020428
Received: 16 December 2020
Accepted: 4 January 2021
Published: 9 January 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
4.0/).
Fujian Provincial Engineering Technology Research Center of Photoelectric Sensing Application,
Key Laboratory of OptoElectronic Science and Technology for Medicine of Ministry of Education,
College of Photonic and Electronic Engineering, Fujian Normal University, Fuzhou 350007, China;
xiaosaxu521@163.com (X.X.); wuyi@fjnu.edu.cn (Y.W.); fzwxf@fjnu.edu.cn (X.W.)
* Correspondence: wkjia@fjnu.edu.cn
Abstract: For the law enforcement agencies, lawful interception is still one of the main means to
intercept a suspect or address most illegal actions. Due to its centralized management, however, it is
easy to implement in traditional networks, but the cost is high. In view of this restriction, this paper
aims to exploit software-defined network (SDN) technology to contribute to the next generation
of intelligent lawful interception technology, i.e., to optimize the deployment of intercept access
points (IAPs) in hybrid software-defined networks where both SDN nodes and non-SDN nodes
exist simultaneously. In order to deploy IAPs, this paper puts forward an improved equal-cost
multi-path shortest path algorithm and accordingly proposes three SDN interception models: T
interception model, ECMP-T interception model and Fermat-point interception model. Considering
the location relevance of all intercepted targets and the operation and maintenance cost of operators
from the global perspective, by the way, we further propose a restrictive minimum vertex cover
algorithm (RMVCA) in hybrid SDN. Implementing different SDN interception algorithms based
RMVCA in real-world topologies, we can reasonably deploy the best intercept access point and
intercept the whole hybrid SDN with the least SDN nodes, as well as significantly optimize the
deployment efficiency of IAPs and improve the intercept link coverage in hybrid SDN, contributing
to the implementation of lawful interception.
Keywords: lawful interception; hybrid SDN; intercept access point; minimum vertex cover
1. Introduction
National security and social stability, in today’s world, have been shaken by some
security threats such as terrorist attacks, cybercrime and information warfare. For the
law enforcement agencies (LEAs; L), therefore, lawful interception (LI) is still one of the
main means to intercept a suspect or address these illegal actions at present. As we all
know, lawful interception is a kind of data acquisition of communication network based on
lawful authorization for the purpose of analysis or evidence collection. Thus, it allows the
law enforcement agencies with court orders or other legitimate authorities to selectively
eavesdrop on individual users. Most countries require those licensed telecom operators to
provide legitimate interception gateways and nodes on their networks for communication
interception. To deploy the gateways and nodes in legacy networking where traditional
gateways or nodes rely on dedicated devices and backhaul links to intercept network
traffic, however, leads to unimaginable cost. On the contrary, software-defined networking
(SDN) [1], different from the traditional networking, can simplify the traditional network’
architecture [2] and thus enable efficient management and centralized control [3] for
intercepting network traffic at an extremely low cost because of its property of software
definition with OpenFlow protocol [4]. The deployment of SDNs, however, is not a one-step
process, but a long process, namely, in the wake of the increasing deployment of SDNs [5],
a situation where both SDN nodes and non-SDN (N-SDN) nodes exist simultaneously is
7

Sensors 2021, 21, 428
formed gradually. Therefore, it is of great significance to study how to design a brand-
new network information lawful interception system architecture based on the software-
defined network (SDN) technology and to discuss its challenges such as the deployment of
intercept access point (IAPs), route selection of intercept, the minimum cost of intercept,
the minimum number of intercept access points etc. in a hybrid SDN.
In this paper, we propose the deployment and optimization strategy of intercept
access points, which includes single intercept access point selection, the shortest route
optimization algorithm between three points, the minimum intercept traffic cost algorithm,
and the restrictive minimum vertex cover algorithm.
The problem of single intercept access point selection is the shortest path problem
that is to solve the shortest path between two given vertices in a weighted graph. At this
time, the shortest path not only refers to the shortest path in the sense of pure distance, but
also in the sense of economic distance, time and network. In this paper, the cost of shortest
path between two points can refer to hop-count, traffic, transmission delay, transmission
bandwidth, energy consumption etc. As is known to all, Dijkstra Algorithm [6] is the most
typical single source shortest path algorithm, which is used to calculate the shortest path
from one node to all nodes, and yet not all equal-cost multi-path shortest path. Meanwhile,
Li [7] proposed an improved Dijkstra Algorithm that can find most of the shortest paths
using the initial shortest path set through applying for concept of precursor node but
cannot find all shortest paths. Moreover, a lot of related work with respect to the shortest
path have been done by [8–14] in various fields.
In view of this, we develop an improved equal-cost multi-path shortest path algorithm
(i.e., ECMP-Dijkstra) which can find all shortest paths between the source (S) and the
destination (D), and accordingly put forward three SDN interception models based on
ECMP-Dijkstra Algorithm in hybrid SDN. The three SDN interception models can be
viewed as a cost-effective three-point shortest path algorithm with low time and space
complexity, and thus can be used to deploy the best intercept access point reasonably in
hybrid SDN.
The optimization of traffic engineering in hybrid SDN, like [15–17], is also one of our
focuses. This study mainly concerns with the best transmission quality of intercepted data,
the minimum cost of returning intercepted data to the interception center (i.e., LEA; L),
the total traffic in global network, the transmission quality of traffic normally accepted by
users when deploying intercept access points.
In reality, the deployment of intercept access points in the Internet does not simply
corresponds to the micro perspective of a single data flow between three points. There is a
very dynamic and complex traffic matrix [18] relationship and interactive influence among
hundreds of millions of nodes in the large-scale Internet. A certain intercept access point
(IAP; I) can meet the demand of traffic between S-D (from S to D) path, but there are also
tens of millions of other traffic between intercept target node pairs, which may also flow
through I node at the same time. Therefore, it is very important to select the deployment
location of intercept access point, which must occupy the hub position, and greatly covers
all intercepted traffic and must go through the critical path. For this reason, the location
relevance of all intercepted targets and the operation and maintenance cost of operators
must be taken into consideration from the global perspective, and thus the deployment
problem of intercept access points is viewed as the minimum vertex cover problem (MVCP)
that is NP-complete [19] to find its solution.
A lot of investigations have been done on MVCP in theory and applications for the
last several decades [20–22]. Some parameterized algorithms about MVCP have been
applied in biochemistry [23,24]. Moreover, the optimal approximation algorithm for MVCP
have been proposed in [25–30]. Authors in [25–30] proposed the approximate optimization
algorithm for MVCP by using the concept of degree.
Referring to their proposed algorithm, we develop a restrictive minimum vertex cover
algorithm (RMVCA) in hybrid SDN networks to optimize the deployment efficiency of
IAPs and to improve the link coverage of the whole interception system.
8

Sensors 2021, 21, 428
The ultimate aim of this paper is to contribute to the theory of lawful interception
technology, the development of Internet and national security. In summary, the main
contributions of this paper are as follows:
• To solve the problem of single intercept access point selection and routing between
three points, we develop an improved equal-cost multi-path shortest path algorithm
(i.e., ECMP-Dijkstra) and accordingly put forward three SDN interception models
(e.g., T model, ECMP-T model and Fermat-point model) to deploy the best intercept
access point reasonably in hybrid SDN, realizing the effective deployment of intercept
access point in lawful interception system.
• Considering the location relevance of all intercepted targets and the operation and
maintenance cost of operators of the whole interception system, we proposed a restric-
tive minimum vertex cover algorithm (RMVCA) to intercept the whole interception
system with the least SDN nodes, optimize the deployment efficiency and improve
the intercept link coverage for the whole interception system when deploying IAPs.
• Based RMVCA, we put forward three approaches PA, RA, and HA for experiments,
and study and analyze the impact of different approaches on the efficiency of deploy-
ing intercept access points and on the intercept link coverage in hybrid SDN, to seek
out the best RMVCA approach.
• We study and analyze the impact of different SDN interception models on various per-
formance metrics of lawful interception system by using three real-world topologies,
to seek out the best interception model.
In this paper, we first analyze various SDN interception models in hybrid software-
defined networks and propose their algorithms, and then develop a restricted minimum
vertex coverage algorithm from a global perspective. Extensive simulation results based
on real-world network topology show that RMVCA can significantly improve network
interception link coverage and deployment efficiency of IAPs of whole interception system,
and that the performance metrics of the interception system are the best when Fermat-point
interception model is adopted.
The remainder of this article is structured as follows. Section 2 surveys relevant
work and Section 3 presents ECMP-Dijkstra Algorithm and SDN interception models. We
propose the RMVCA in Section 4, followed by the performance evaluation of RMVCA and
SDN interception models in Section 5. Then, Section 6 concludes the paper.
2. Related Works
Table 1 presents comparisons between our proposed and the related works according
to different parameters.
Table 1. Comparisons of related works.
Lawful Interception [31] [32] Our Proposed
SDN based No Yes Yes
Cost Very High Low Low
The shortest path algorithm [6] [7–14] Our proposed
Time-Space complexity Low Medium Medium-Low
The number of ECMP One The most All
Minimum Vertex Cover [33] [20–30] Our proposed
Time-Space complexity Low Medium Medium-Low
Results Very bad Near-optimal Near-optimal
2.1. Lawful Interception (LI) and Hybrid Software-Defined Networks (H-SDNs)
With the dramatic development of the Internet, an increasing number of people
commit crimes on the Internet, and criminal activities are extremely rampant, which
seriously affect people’s security and national stability. Thus, lawful interception (LI) is
still one of the momentous means for the law enforcement agencies (LEAs) to maintain
national security, crack down on crime and prevent cybercrime. For interception system, an
9

Sensors 2021, 21, 428
intercept device is installed to intercept network traffic, and copies it back to LEAs, and then
carries out identifying and analyzing by manual or machine. With the development of new
network technology and the continuous increase of network traffic, it is a more and more
common and difficult task to carry out lawful interception on the Internet [31] for helping
tracking culprits and to understand the nature and behavior of current Internet traffic.
With the development of SDN technology, legacy Ether-net switches are gradually
migrating to SDN, and this process is harmless [32]. Although the emerging SDN networks
that provides programmability to networks can have an improvement in implementing
traffic engineering (TE), management departments still hesitate to deploy SDN fully be-
cause of various reasons such as budget constraints, risk considerations as well as service
level agreement (SLA) guarantees. This results in developing SDN network incrementally,
i.e., to deploy the SDN network only through migrating fewer SDN switches in legacy
network, thus, to form the hybrid SDN networks (H-SDNs). H-SDN network provides
a coexistence and cooperation environment for N-SDN nodes and SDN nodes, which
brings many benefits to traditional IP networks. For the near-optimal performance of
traffic engineering, therefore, it is crucial to maximize the benefits of SDN with minimal
SDN deployment. Therefore, it is imperative to deploy SDN intercept access point in a
hybrid SDN (H-SDN) network where SDN nodes (routers) and legacy nodes coexist and
operate in perfect harmony, realizing lawful interception. In H-SDN, the links between
SDN nodes and between SDN nodes and N-SDN nodes can be intercepted (i.e., SDN links),
and the links between N-SDN nodes cannot be intercepted (i.e., N-SDN links) due to the
lack of special equipment and dedicated return link in hybrid SDN. In other words, in the
interception system based SDN, the law enforcement agencies (LEAs) do not have to set
up special equipment and a dedicated line in traditional IP networks, but can intercept
traffic of links through SDN intercept access point to respond to requests from the intercep-
tion center, which can greatly reduce the cost of traditional special equipment and leased
lines. The interception system based SDN will be no longer restricted by the bandwidth of
the intercepting dedicated equipment and link. By deploying intercept access point, the
interception system will have a lot of redundant links or paths to be employed to return
data flow, thus, to reduce or avoid the risk of single point failure or to further guarantee
the multi-path routing method.
Therefore, the deployment of SDN intercept access point in interception system is
helpful to perfect the route of intercepting traffic, to make full use of Internet bandwidth
resources, to improve user’s quality of service, and to further optimize the performance of
the whole interception system.
2.2. Dijkstra Algorithm
The most classic single source shortest path algorithm is Dijkstra Algorithm [6], which
was proposed in 1956 and became well-known three years later. Dijkstra Algorithm can
calculate the shortest path from one node to all nodes, yet not all equal-cost multi-path
shortest path.
Many modified algorithms based on Dijkstra Algorithm are proposed in [7–14]. An
improved algorithm of Dijkstra Algorithm was proposed by Li [7]. Under the concept of
precursor node, Li exploited the initial shortest path set calculated by Dijkstra Algorithm,
to calculate most but not all of the shortest paths. The authors of [8] improved Dijkstra
Algorithm for solving three issues, such as the ineffective mechanism to digraph. In
addition, the work [9] proposed some modifications on Dijkstra Algorithm and made the
number of iterations less than the number of the nodes. Work [10] proposed an optimized
algorithm based on Dijkstra Algorithm to optimize logistics route for the supply chain. On
the other hand, the study [11] modified Dijkstra Algorithm and the modified algorithm is
very of efficiency for public transport route planning. Work [12] used Dijkstra Algorithm
towards shortest path computation in navigation systems for making sensible decision and
time saving decisions. By the way, the study [13] improved Dijkstra Algorithm to find the
10

Sensors 2021, 21, 428
maximum load path. Work [14] introduced an improved Dijkstra Algorithm for analyzing
the property of 2D grid map and increased significantly the speed of Dijkstra Algorithm.
Referring to their proposed algorithms, we also improve Dijkstra Algorithm and
propose an improved equal-cost multi-path shortest paths algorithm (ECMP-Dijkstra),
which can calculate all equal-cost shortest paths from one node to all nodes, thus developing
a cost-effective shortest path optimization algorithm between three points (i.e., S, D and L)
with low time and space in hybrid SDN.
2.3. The Minimum Vertex Cover Problem (MVCP)
The traditional algorithm to solve the minimum vertex cover algorithm (MVCP) is
2-approximation [33]. This algorithm can find the set of vertex cover which is no more
than twice of the optimal vertex cover, and the time complexity of the algorithm is O
(E+V). More importantly, the results obtained by this algorithm are different each time,
and thus may be inaccurate and not approximate solution. However, this algorithm has
its advantages: every time a vertex is selected, and all the edges connected by the vertex
are deleted.
The authors in [20–22] made much contribution to MVCP in theory and applications.
The authors in [23,24] proposed parameterized algorithms for MVCP, and applied them
in biochemistry. Work [25] proposed an improved greedy algorithm for minimum vertex
cover problem, and the algorithm used the concept of degree (i.e., the number of links
connected by a node) to carry out an order of degree and to select the node with the largest
degree to add to the minimum vertex cover set until the degree of all nodes is 0 (i.e., the
vertexes in the minimum vertex cover set has covered all the edges). Thus, the result is
a very excellent approximate solution. However, the process of judging the degree of
the algorithm is too complicated. Authors in [26] presented a greedy heuristic algorithm
for MVCP to offer better results on dense graphs. The study [27] presented a breadth
first search approach, which can get the exact result of MVCP for grid graphs. Work [28]
proposed a near-optimal algorithm named MAMA to optimize the unweighted MVCP, and
MAMA can return near optimal result in quick-time. Authors in [29] proposed a NHGA
for MVCP to yield near-optimal solutions. In [30], authors studied an ameliorated genetic
algorithm for the partial VCP to skip the local optimum by powerful vertex and adaptive
mutation. All of their algorithm are based on the concept of degree.
Combining with the advantages of the above algorithms, we proposed an ameliorated
restrictive minimum vertex cover algorithm (RMVCA) in hybrid SDN using the concept of
degree to significantly simplify the process of degree judgment and to yield near-optimal
result, thus, in the whole interception system, realizing the optimization of the deployment
efficiency of IAPs and the improvement of intercept link coverage.
3. ECMP-Dijkstra Algorithm and SDN Interception Models
3.1. ECMP-Dijkstra Algorithm
When deploying the best intercept access point in hybrid SDN, we have to calculate
all equivalent shortest paths between two points and then select out the best route from all
equal-cost shortest paths to choose the best node as IAP. The most typical single source
shortest path algorithm is Dijkstra Algorithm [6]. Accordingly, an improved algorithm
of Dijkstra Algorithm was proposed by Li [7]. Under the concept of precursor node, Li
exploited the initial shortest path set calculated by Dijkstra Algorithm, to calculate most
but not all of the shortest paths. In view of this, on the basis of Dijkstra Algorithm and
Li’s Algorithm, we propose an improved equal-cost multi-path shortest paths algorithm
(ECMP-Dijkstra), which can calculate all equal-cost shortest paths from one node to all
nodes. The notations used in the algorithms and in the following equations are listed in
Table 2.
11

Sensors 2021, 21, 428
Table 2. Notations.
Notation Meaning
NSDN the SDN nodes selected randomly from all nodes in H-SDN
S, D, L the source and the destination and the interception center or the LEA
I the set of the best intercept access points
spS,D or spS-D the shortest path from node S to node D
NS,D the set of nodes in the shortest path spS,D
SN the set of SDN nodes
i the SDN node or SDN devices
j the index of the j-th element of a vector
h(i) the set of hop-count, h(i) denotes the hop-count or cost of node i
numh(j) the set of costs, numh(j) denotes the cost of the j-th element
inh(j) inh(j) denotes the node with the index of j
minhops the minimum cost or hop-count
β the maximum index
N the number of nodes
hops(i,j) or hopsi-j the minimum hop-count or cost from node i to node j
The pseudo code of Dijkstra Algorithm is given in Algorithm 1. We input the source
node s and an undirected graph G (V,E) where V denotes the set of all nodes and E denotes
the set of all edges. We explain Algorithm 1 that inf denotes an inﬁnity and sps,i denotes
the shortest path from the source node s to node i. In lines 11–14, we get the minimum
hop-count value minhops and the corresponding node key. In lines 15–19, we remove node
key from U and then add node key to S and add node key to the shortest path sps,i to get
the shortest path sps,key. Finally, we obtain the shortest path set SP from the source node s
to all nodes in V.
Algorithm 1 Dijkstra Algorithm
Input: s; G(V,E)
Output: SP
1: S(s) = 0; U(i) = inf, i ∈ V, i = s; SP = ∅
2: SP ← SP ∪ sps,s
3: while U = ∅ do
4: tsp = ∅; minhops= inf; key = None
5: for edge ei,j in E do // node i, j ∈ V, i = j
6: if hops(ei,j) + S(j) ≤ U(i) then
7: U(i) ←hops(ei,j) + S(j)
8: tsp(i) = j
9: end if
10: end for
11: numu(k), inu(k) ←sort(U(i))
12: β ← Num(numu(k))
13: minhops= numu(β)
14: U ← U – key
15: S(key) = minhops
16: S(key) = minhops
17: for shortest path sp0s,i in SP do
18: if i == tsp(key) then
19: sps,key ← Merge(sps,i,key)
20: SP ← SP ∪ sps,key
21: end if
22: end for
23: end while
24: return SP
Based on Dijkstra Algorithm, we propose an improved equal-cost multi-path shortest
paths algorithm (ECMP-Dijkstra) so as to calculate all equal-cost shortest paths from
12

Sensors 2021, 21, 428
the source node s to all nodes. Detailed pseudo code of ECMP-Dijkstra Algorithm is
summarized in Algorithm 2. At beginning, we input the source node s and the shortest
path set SP calculated by Dijkstra Algorithm, which contains only one shortest path from s
to all nodes. In line 1, we use the shortest path set SP to calculate the minimum hop-count
or cost set S from s to all nodes by the function hops() and S(i) denotes the minimum
cost from node s to node i. In line 5, rsp(i) denotes all equal-cost shortest paths from the
source node s to the destination node i. We loop through the edge-set E(ei,j) and judge
whether the hop-count or cost from node s to node i (i.e., S(i)) plus the hop-count of edgei,j
equals the hop-count from node s to node j (i.e., S(j)). If it does, then we add node j to
all equal-cost shortest paths from node s to node i in lines 11–12, thus obtaining multiple
shortest paths from node s to node j and adding them to the shortest path set SP in line 13.
In lines 2–13, we exploit the precursor node and the initial shortest path set SP repeatedly,
to add equal-cost shortest paths to SP and thus update SP constantly. In line 18, we delete
the duplicate shortest path from SP using the function DeleteDup(). Thus, we update the
shortest path set SP repeatedly until the number of shortest paths in SP does not increases.
Algorithm 2 ECMP-Dijkstra Algorithm
Input: s; G(V,E); SP
Output: SP
1: S ← hops(SP)
2: repeat
3: nSP ← Num(SP)
4: for shortest path sps,i in SP do
5: rsp(i) = sps,i
// sps,i may contain more than one shortest path.
6: end for
7: for edge ei,j in E do
// node i, j ∈ V, i = j
8: sp0i,j ← Sp(ei,j)
// Convert ei,j to shortest path sp0i,j.
9: if shortest path sp0i,j /
∈ SP then
10: if S(i) + hops(sp0i,j) == S(j) then
11: for shortest path sp’s,i in rsp(i) do
12: sp’s,i ← Merge(sp’s,i, j)
13: SP ← SP ∪ sp’s,i
14: end for
15: end if
16: end if
17: end for
18: SP ← DeleteDup(SP)
19: nSP’ ← Num(SP)
20: until nSP == nSP’
We use three real-world topologies CRN, COST 239, NSFNet for simulation ex-
periments, where China’s 156 major railway nodes network (China Railway Network;
CRN) [34] has 156 nodes and 226 links, Pan-European ﬁber-optic network (COST 239) [35]
has 28 nodes and 41 links and T1 NSFNet network topology [36] has 14 nodes and 21
links. Under the three topologies, we compared ECMP-Dijkstra Algorithm with Dijkstra
Algorithm and Li’s Algorithm and the experimental results are shown in Figure 1 where
TSP denotes the total number of shortest paths from one node to all nodes. Moreover, the
higher the TSP, the better the intercept access points deployment may be. From the ﬁgures,
we know that TSP of ECMP-Dijkstra Algorithm is higher than Dijkstra Algorithm and Li’s
Algorithm, thus, to deploy intercept access point reasonably.
13

Sensors 2021, 21, 428
ȱ ȱ ȱ
(a)ȱCRNȱ (b)COSTȱ239ȱ (c)ȱNSFNetȱ
Ϭ
ϭϬϬ
ϮϬϬ
ϯϬϬ
ϰϬϬ
ϱϬϬ
ϲϬϬ
ϳϬϬ
ϴϬϬ
ϵϬϬ
ϭϬϬϬ
ϭ ϭϮ Ϯϰ ϯϲ ϰϴ ϲϬ ϳϮ ϴϰ ϵϲ ϭϬϴ ϭϮϬ ϭϯϮ ϭϰϰ ϭϱϲ
d^W
EŽĚĞůĂďĞů
ŝũŬƐƚƌĂ ŝ DWͲŝũŬƐƚƌĂ
Ϭ
ϮϬ
ϰϬ
ϲϬ
ϴϬ
ϭϬϬ
ϭϮϬ
ϭ Ϯ ϯ ϰ ϱ ϲ ϳ ϴ ϵ ϭϬϭϭϭϮϭϯϭϰϭϱϭϲϭϳϭϴϭϵϮϬϮϭϮϮϮϯϮϰϮϱϮϲϮϳϮϴ
d^W
EŽĚĞůĂďĞů
Ϭ
ϱ
ϭϬ
ϭϱ
ϮϬ
Ϯϱ
ϭ Ϯ ϯ ϰ ϱ ϲ ϳ ϴ ϵ ϭϬ ϭϭ ϭϮ ϭϯ ϭϰ
d^W
EŽĚĞůĂďĞů
Figure 1. The impact of three shortest path algorithm on TSP in three topologies. TSP. The higher, the better.
3.2. SDN Interception Models
For lawful interception in hybrid SDN, we ﬁrst need to analyze how to intercept, that
is, how to deploy intercept access point between the source (S), the destination (D) and
the interception center (L). In this section, we will analyze various network interception
models (i.e., the deployment strategies of IAP) in hybrid SDN. The deployment of intercept
access point includes the single “IAP selection problem” in the shortest path S-D (i.e., the
shortest path from S to D) and its derived “the shortest path algorithm problem between
three points (i.e., S, D and L)”. The above two problems can be viewed as the same problem.
Once the location of the intercept access point is determined, then the fourth point (IAP; I)
can meet the service trafﬁc between S, D and L. Under the condition that S-I, D-I, and L-I
path are the shortest at the same time, the shortest path between three points can be solved
to meet the needs of interception system.
We aim to solve the problem of selecting single intercept access point and routing
between three-points, namely to deploy the best intercept access point in the shortest
paths between S, D, and L. Analyzing interception models in hybrid SDN, we divide them
into two interception models by the deployment location of intercept access point: legacy
interception models and SDN interception models as shown in Figures 2 and 3.
ȱ ȱ
ȱ
(a)ȱS/Iȱ (b)ȱD/Iȱ (c)ȱL/Iȱ
Figure 2. Legacy interception models.
ȱ ȱ ȱ
(a)ȱTȱ (b)ȱECMPȬTȱ F ȱFermatȬpointȱ
Figure 3. SDN interception models.
14

Sensors 2021, 21, 428
The legacy interception models include: S/I model, D/I model, and L/I model as
shown in Figure 2a–c. As we all know, the interception service in legacy networks is limited
by the deployment location of intercept access point due to the unimaginable cost of setting
up special equipment and dedicated return link, to intercept network traffic. Thus, S or D
or L is usually adopted as intercept access point I used to respond to the requirements of
the interception center and to perform the traffic interception action in legacy network.
In this paper, we mainly study and analyze the SDN interception models, which
includes T model, ECMP-T model and Fermat-point model as shown in Figure 3a–c. In
view of the performance metrics of lawful interception system, the three SDN interception
models are used to thoroughly study to find the optimal algorithm of deploying intercept
access point.
Figure 3a shows T model: its name comes from the topology similar to the T-word.
Under the concept of SDN networking in an undirected and weighted network G(V,E), any
SDN node on the shortest path S-D can be selected as intercept access point (I) under the
premise of not affecting the existing shortest path arrangement of S-D (i.e., maintaining
the existing end-to-end transmission quality). While only the node with the minimum
hop-count (or cost) to the interception center (L) should be adopted as the best I-point to
run the function to capture traffic transferred to the interception center.
Figure 3b shows ECMP-T model: based on the operation mode of T model, the path
I-L must be the shortest path, but this shortest path S-I-D does not necessarily meet the
optimal path. In fact, there may be more than one shortest path S-D, namely, the shortest
path S-D is equal-cost multi-path (ECMP). Hence there may be a southward equal-cost
shortest path in the T-word path theoretically, in which there is another intercept access
point (I) and the hop-count (or cost) of I-L path is lower than the current one, so this
interception model is called ECMP-T model that the nearest I-point from the interception
center (L) is selected as the best intercept access point I among all the equivalent shortest
paths between S and D.
Detailed pseudo code of T or ECMP-T model is presented in Algorithm 3. At the
beginning of the algorithm, the set I used to store the best intercept access point is set to be
empty in line 1. In lines 2–4, we calculate the shortest path spS,D from S to D using Dijkstra
or ECMP-Dijkstra Algorithm and then obtain the node-set NS,D in the shortest path spS,D,
and next select out SDN nodes from the node-set NS,D to get the SDN node-set SN. If the
SDN node-set SN is not empty, we traverse SDN nodes in SN and implement lines 6–16;
otherwise, we fail to deploy intercept access point (IAP) between S, D and L, and thus
save the wrong node combination of S, D and L in line 18. Line 7 calculates the lowest hop
count (or cost) from SDN nodes to L and get the cost vector h(i). In line 9, we sort the cost
vector h(i) by size of hop count in descending order and then get the sorted vector numh(j)
and the corresponding label vector inh(j), where j denotes the subscript of j-th element
of a vector. Line 11 takes the minimum hop-count value minhops from the sorted vector
numh(j). Finally, in lines 13–14, we select the node with the minimum cost minhops as the
best intercept access point and then add the selected IAP inh(j) to the set I.
Algorithm 3 T or ECMP-T Model
Input: NSDN; S; D; L
Output: I
1: I = ∅
2: spS,D ← Dijkstra(S,D) or ECMP-Dijkstra(S,D)
3: NS,D ← Onodes(spS,D)
4: SN ← Select(NS,D, NSDN)
5: if the SDN node-set SN =∅ then
6: for node i in SN do
7: c(i)←hops(Dijkstra(i,L)) or
hops(ECMP-Dijkstra(i,L))
8: end for
15

Sensors 2021, 21, 428
9: numh(j), inh(j) ← sort(h(i))
10: β ← Num(SN)
11: minhops← numh(β)
12: for key j in numh do
13: if numh(j) = minhops then
14: I ← I ∪ inh(j)
15: end if
16: end for
17: else
18: SaveFail(S,D,L)
19: end if
20: return I
The only difference of pseudo code of T model and ECMP-T model is whether to use
Dijkstra Algorithm or ECMP-Dijkstra Algorithm to calculate the shortest path.
Figure 3c shows Fermat-point model: In geometry, Fermat-point refers to the point
with the smallest sum of the distances from the three vertices of the triangle. Accordingly,
we extend it to the node with the smallest sum of the distances from the three nodes of S, D
and L in SDN network, and at the same time with meeting the constraints of the shortest
path of S-D, S-L and D-L between the three points. Theoretically, Fermat-point model
is optimal.
Details of pseudo code of Fermat-point model are summarized in Algorithm 4. In
lines 2–4, we calculate all equal-cost shortest paths of S-D, S-L, D-L using ECMP-Dijkstra
Algorithm, and then obtain all node sets in the equal-cost shortest paths in lines 5–7, and
next combine these node sets to get the node-set NS,D,L in line 8, and further select out
SDN nodes from the node-set NS,D,L to get the SDN node-set SN. If the SDN node-set SN
is not empty, we traverse SDN nodes in SN and implement lines 11–24; otherwise, we
fail to deploy intercept access point (IAP) between S, D and L, thus to save the wrong
node combination of S, D and L. Lines 12–14 calculate the lowest hop count (or cost) of i-S,
i-D, i-L, and then add the results to the sum, to get the cost vector h(i) in line 15. In lines
17–24, we sort the cost vector h(i) by size of cost value in descending order and then take
the minimum cost value minhops, and next select the node inh(j) with the minimum cost
minhops as the best intercept access point and ﬁnally add the selected IAP inh(j) to the set I.
Algorithm 4 Fermat-point Model
Input:NSDN; S; D; L
Output: I
1: I = ∅
2: spS,D,spS,L,spD,L←ECMP-Dijkstra((S,D),(S,L),(D,L))
3: NS,D, NS,L, ND,L← Onodes((spS,D, spS,L, spD,L)
4: NS,D,L ←NS,D ∪NS,L ∪ND,L
5: SN ← Select(NS,D,L, NSDN)
6: if the SDN node-set SN = ∅ then
7: for node i in SN do
8: hs(i) ← hops(ECMP-Dijkstra(i,S))
9: hd(i) ← hops(ECMP-Dijkstra(i,D))
10: hl(i) ← hops(ECMP-Dijkstra(i,L))
11: h(i) ← hs(i) + hd(i) + hl(i)
12: end for
13: numh(j), inh(j) ← sort(h(i))
14: β ← Num(SN)
15: minhops ← numh(β)
16: for key j in numhdo
17: if numh(j) = minhops then
18: I ← I ∪ inh(j)
16

Sensors 2021, 21, 428
19: end if
20: end for
21: else
22: SaveFail(S,D,L)
23: end if
24: return I
We use spi-j to denote the shortest path from node i to node j, and hopsi-j denotes the
lowest hop-count or cost from node i to node j. We use ‘→’ to denote that the next-node is
N-SDN node and use ‘⇒’ to denote that the next-node is SDN node. Examples of three
interception models are illustrated in Figure 4, where we select node 154, node 9, node 105
all marked by red as S, D and L respectively and select 30 nodes randomly in Figure 4 as
SDN nodes which includes node i∈{4, 8, 11, 19, 23, 25, 31, 38, 49, 50, 58, 60, 65, 67, 77, 82, 89,
92, 100, 103, 117, 120, 121, 125, 128, 134, 140, 150, 152, 156}, to construct a hybrid SDN.
ȱ
Figure 4. China’s 156 major railway nodes network (China Railway Network; CRN).
We run T interception model: One shortest path from node 154 to node 9 is sp154-9
marked by pink in Figure 4 that is 154 → 153 ⇒ 152 → 146 → 142 → 136 ⇒ 134 → 124 ⇒
121 ⇒ 117 → 94 → 81 ⇒ 82 → 74 → 52 ⇒ 49 → 32 → 30 ⇒ 31 ⇒ 25→9, and hops154-9 = 20.
Among all nodes in sp154-9, node 117 that is an SDN node has the lowest hop count to node
105 due to hops117-105 = 6, and thus node 117 can be used as the best intercept access point I
in T interception mode.
We run ECMP-T interception model: There are 22 equivalent shortest paths from
node 154 to node 9, but we only show three shortest paths (i.e., sp154-9 contains sp1154-9,
sp2154-9, and sp3154-9) from node 154 to node 9 marked by pink, bright green, turquoise
respectively in Figure 4. sp1154-9 is 154 → 153 ⇒ 152 → 146 → 142 → 136 ⇒ 134 → 124⇒
121 ⇒ 117 → 94 → 81 ⇒ 82 → 74 → 52 ⇒ 49 → 32 → 30 ⇒ 31 ⇒ 25 → 9, and sp2154-9 is
154 → 153 → 155 → 144 ⇒ 140 → 133 ⇒ 134 → 124 ⇒ 121 ⇒ 117 → 99 → 97 → 69 →
68 → 61 ⇒ 60 → 56 ⇒ 23 → 24 ⇒ 25→9, and sp3154-9 is 154 → 153 → 155 → 144 ⇒ 140
→ 133 ⇒ 134 → 115 → 113 → 112 ⇒ 100 → 101 → 64 → 63 → 62 → 59 → 17 → 16 ⇒ 19
→ 10 → 9, and hops154-9 = 20. Among all nodes in sp154-9, node 100 that is SDN node in
sp3154-9 has the lowest hop count to node 105 due to hops100-105 = 4, and thus node 100 can
be used as the best intercept access point (I) in ECMP-T interception mode. Apparently,
hops100-105 hops117-105, namely, this I-point outperforms the one in the T model.
17

Sensors 2021, 21, 428
We run Fermat-point interception model: the node-set N154-9-105 with no repeat is
obtained by all sp154-9, sp154-105,sp9-105 (i.e., spS-D, spS-L, spD-L). Namely, N154-9-105 contains
all nodes of all the shortest paths from node 154 to node 9, from node 154 to node 105, and
from node 9 to node 105. And then, the sum of hop-count from node 103 in N154-9-105 to
node 154, node 9, node 105 (i.e., hops103-154,9,105) is the smallest and hops103-154,9,105 = 23,
This means that node 103 that is SDN node in N154-9-105 can be used as the best intercept
access point I in Fermat-point interception mode.
We have solved the problem of single intercept access point deployment above, and
then expand to deploy intercept access points in hybrid SDN.
Running different network interception models, we will study and analyze the influ-
ence on the best transmission quality of intercepted data (the minimum cost from intercept
access point (I) to interception center (L); MILC), the total cost of running intercept op-
eration in global network (TOC), and the quality of service of normal user’s data stream
(UQoS) with different proportion of SDN node. According to the proposed three models
in Figure 3, MILC, TOC, UQoS are calculated in respectively in (1), (2) and (3), where N
denotes the maximum node label or index, and any node can be selected as S, D and L in
hybrid SDN topology, i.e., there are N3 possibilities for node-combination of S, D and L.
After the node-combination selection (S, D, L), the best intercept access point (I) can be got
by the SDN interception models, then the hop count or cost of the shortest path S-I, D-I
and L-I can be calculated by the function hops(i,j), thus calculating MILC, TOC and UQoS.
4. Restricted Minimum Vertex Cover Algorithm
There is no exception that most network optimization deployment problems can be
viewed as the minimum vertex cover problem (MVCP) in graph theory. In the process of
migration of SDN technology for large-scale Internet, it may be faced with the situation of
hybrid deployment of SDN nodes and non-SDN nodes (N-SDN). In this hybrid SDN, not
all nodes have software-defined functions to play the role of intercept access point. Only
some nodes with the function of software definition can respond to the requirements of
the interception center and to run interception operation. Therefore, it is very critical to
select the best deployment location of intercept access point. And IPA must occupy the
position of the hub, greatly covering all traffic through the critical path, and under a certain
proportion of threshold, it may not achieve 100% intercept link coverage. Therefore, the
minimum vertex cover problem must be transformed into the restricted minimum vertex
cover problem question (RMVCP).
MILC =
N
∑
S=1
N
∑
D=1
N
∑
L=1
hops(L, I) (1)
TOC =
N
∑
S=1
N
∑
D=1
N
∑
L=1
hops(S, I) + hops(D, I) + hops(L, I) (2)
UQoS =
N
∑
S=1
N
∑
D=1
N
∑
L=1
hops(S, I) + hops(I, L) (3)
Considering overall situation (e.g., the location relevance of all intercepted targets,
the operation and maintenance cost of operators) from the whole interception system, we
intend to develop a restricted minimum vertex cover algorithm (RMVCA) to achieve the
best intercept link coverage of the whole network with the minimum number of intercept
access points as well as optimize the efficiency of deployment when deploying intercept
access points in the hybrid SDN.
RMVCP: given a network graph G(V,E), where V denotes the set of all nodes, and E
denotes the set of all links in the network. There exists non-SDN nodes and SDN nodes at
the same time in the network where V = S∪N, and S denotes the set of SDN nodes, and N
denotes the set of non-SDN nodes. To find a P set (P ⊆ S ⊆ V), so that every link in the
network is covered (intercepted) by at least an SDN node in the P set.
18

Sensors 2021, 21, 428
Figure 5 shows an example of solving RMVCP. In this hybrid SDN, SDN nodes (i.e.,
solid circle) set S = {1, 3, 8, 9, 11, 12, 13, 17, 19, 20, 21, 22, 25, 26, 27, 28} and non-SDN nodes
(i.e., light circle) set N= {2, 4, 5, 6, 7, 10, 14, 15, 16, 18, 23, 24}. Using RMVCA, the SDN
nodes set P = {1, 8, 9, 11, 13, 20, 22, 25, 26, 27} is recommended to be selected as the intercept
access points set, but 7 links (marked as dotted lines) in the example failed to be covered
due to the hybrid deployment of SDN and N-SDN nodes, and thus only about 80% of the
links (marked as solid lines) are completely covered by 10 intercept access points.

6'1QRGH
16'1QRGH
, 6'1QRGHVHOHFWHGDVWKHEHVWLQWHUFHSWDFFHVVSRLQW
6'1OLQN
ȉ
16'1OLQN ȱ
Figure 5. Hybrid SDN covered by minimum vertexes.
RMVCA ensure the result a near-optimal solution or one of the approximate solutions,
so as to meet the optimal solution of the deployment problem of intercept access points.
Based on the concept of degree, we, at a time, use greedy algorithm to select one
approximate or equivalent optimal intercept access point to reduce the scale of the problem
recursively, so as to obtain the minimum vertex approximation set covering all SDN
links and achieve the best intercept link coverage with the minimum number of intercept
access point.
Details of pseudo code of RMVCA are summarized in Algorithm 5. We input an
undirected and weighted network cover set P is set to empty originally. In line 2–3, we
get the set N of N-SDN nodes and the accordingly edge-set EN-SDN of N-SDN nodes by
the set N. Line 4 removes EN-SDN from the edge-set E, to get the edge set ESDN of SDN
nodes. Lines 6–7 traverse each SDN node and calculate its degree d(i). In line 9, we sort
the degree vector d(i) in the ascending order and get the sorted degree vector numd(j) and
the accordingly label vector ind(j) where j denotes the index or subscript of j-th element.
Line 11 selects the maximum degree numd(β) from numd(j) where β denotes the number
of SDN nodes in the set S. In lines 12–18, we judge the degree of node and implement
accordingly measures. If the maximum degree of node is not equal to zero in line 12, we
ﬁrst add the node ind(β) where β denotes the subscript of β-th element to the minimum
vertex cover set P in line 13 and then calculate the adjacent edge-set θ(ind(β)) of node ind(β)
in line 14, and next remove the adjacent edge-set θ(ind(β)) from the edge-set E in line 15,
which leads to the degree reduction of each SDN node. Finally, we return line 5 to judge
whether ESDN is empty and then calculate the degree of each SDN node again. Otherwise,
if the maximum degree of node is equal to zero, we break the loop and end the algorithm.
19

Sensors 2021, 21, 428
Algorithm 5 RMVCA (Restricted Minimum Vertex Cover Algo-rithm)
Input: G(V,E); S: the SDN node-set
Output:P
1: P = ∅
2: N ← V – S
3: EN-SDN ← Edge(N(i))
4: ESDN ← E –EN-SDN
5: while ESDN = ∅ do
6: for node i in S do
7: d(i) ← i
8: end for
9: numd(j), ind(j) ← sort(d(i))
10: β ← Num(S)
11: maxnumd ← numd(β)
12: if maxnumd 0 then
13: P ← P ∪ ind(β)
14: θ(ind(β)) ←ind(β)
15: ESDN ←ESDN – θ(ind(β))
16: else
17: break
18: end if
19: end while
20: return P
Using RMVCA proposed above, we will study and analyze the influence of different
SDN node proportion on the maximum intercept link coverage of the whole network (i.e.,
max-ILC) and the accordingly needed minimum number of SDN nodes in the P set for
realizing the maximum intercept link coverage (i.e., numP), as well as the influence of
RMVCA on the intercept link coverage (i.e., ILC) and the efficiency of deploying intercept
access points in whole hybrid SDN.
5. Simulation and Results
5.1. Simulation Environment and Performance Metrics of Lawful Interception System
In our simulation, we choose three real-world backbone topologies CRN, COST 239,
NSFNet to evaluate the performance of three SDN interception models. Under the three
network topologies, we randomly select different number of nodes as SDN nodes to
construct the hybrid SDN network and the weight of each link is set to 1 by default, and
the source node (S), the destination node (D) and the interception center (L) are selected
randomly and thus there are 3,796,416 (1563), 21,952, 2,744 node combinations of S, D and L.
Under different proportion of SDN nodes, we will study and analyze the influence of
different SDN interception models on the best transmission quality of intercepted data (the
minimum cost from intercept access point (I) to the interception center (L); MILC), the total
cost of running intercept operation in global network (TOC), and the quality of service of
normal user’s data stream (UQoS), the deployment efficiency of IAP (the total number of
times to calculate the shortest path during the process of deploying IAP; TTC)), and the
total number of failures to deploy IEP (i.e., NFD).
According to the proposed three SDN interception models, MILC, MRLC, TOC, and
UQoS are calculated respectively in (1), (2) and (3). Based RMVCA, we run different SDN
interception models and calculate and count up MILC, TOC, UQoS, TTC and NFD of each
node combination of S, D and L and then compare and analyze the results to evaluate the
performance of three SDN interception models.
5.2. Benchmark Approach
In order to analyze the influence of RMVCA on the intercept link coverage of whole
hybrid SDN and the efficiency of deploying intercept access points, we propose three
approaches, proactive approach (PA), reactive approach (RA), hybrid approach (HA), and
20

Sensors 2021, 21, 428
then compare them by running three SDN interception models in real-world topology
CRN. To show the effectiveness of HA, we compare it with the following baselines: PA
and RA.
Experimental initialization: We randomly select some nodes as SDN nodes (i.e., given
a hybrid SDN network topology), and then use RMVCA to calculate the minimum vertex
cover set P required to achieve the maximum intercept link coverage in theory and the
accordingly number N of SDN nodes in the P set. Additionally, the calculation amount of
this initialization process is negligible compared with the one of the whole H-SDN.
Nodes selection: we traverse any node as S, D and L in topology CRN (i.e., there are
3,796,416 (1563) possibilities for node-combination of S, D, L) and then the node combina-
tion of S, D and L is given for experiments.
Proactive approach (PA): when running SDN interception models to deploy intercept
access point, we select the best intercept access point from the minimum vertex cover
set P calculated by RMVCA. Details of pseudo code of PA in T or ECMP-T model are
summarized in Algorithm A1 of Appendix A. The only difference of pseudo code of PA
in T model and ECMP-T model is whether to use Dijkstra Algorithm or ECMP-Dijkstra
Algorithm to calculate the shortest path.
Reactive approach (RA): according to the selected node combination of S, D and L, we
run three interception models without exploiting RMVCA to deploy intercept access points.
Hybrid Approach (HA): running three SDN interception models to deploy intercept
access point, we get the node-set NS,D,L where all nodes are selected from the shortest paths
between S, D and L, and then obtain the node-set SP whose nodes also exist in the node-set
P calculated by RMVCA. If the node-set SP is not empty, we preferentially select node
from the SP set to deploy the best intercept access point; otherwise, we implement RA.
Details of pseudo code of HA in T or ECMP-T model are summarized in Algorithm A2 of
Appendix A.
When implementing PA or RA or HA, we count and calculate the frequency of the
nodes selected as the best intercept access point, and then sort the nodes from largest
to smallest based their frequency, and next select the first N nodes and calculate their
intercept link coverage for studying and analyzing the impact of different approaches on
the intercept link coverage (i.e., ILC) of the whole hybrid SDN. Additionally, we count
the total times of calculating the shortest path (i.e., TTC) during the process of deploying
intercept access points for studying and analyzing the impact of different approaches on
the efficiency of deploying IAPs.
5.3. Results and Discussion
5.3.1. ILC
Using RMVCA, we study and analyze the influence of different numbers of N-SDN
nodes on the maximum intercept link coverage (i.e., max-ILC) and the accordingly needed
minimum number of SDN nodes in the P set for realizing the maximum intercept link cover-
age (i.e., numP). Moreover, we take the operator’s operation and maintenance cost (i.e., the
minimum number of SDN nodes) and network intercept link coverage into account com-
prehensively, so as to find the best proportion of SDN nodes from the experimental results.
Randomly selecting the number of N-SDN nodes (node i ∈ (0,156)) in CRN topol-
ogy, we conducted 10,000 experiments in the same proportion of N-SDN nodes. Due
to the different network topologies under the same SDN node proportion, the results of
each experiment are different. The statistical results of 10,000 experiments are shown in
Figures 6 and 7.
21

Sensors 2021, 21, 428
ȱ

PD[,/
й
EEͲÊ
DĂǆŵĂǆͲ/
ǀĞƌĂŐĞŵĂǆͲ/
DŝŶŵĂǆͲ/
Figure 6. The influence of different numbers of N-SDN nodes on max-ILC.
ȱ

Ϭ
ϭϬ
ϮϬ
ϯϬ
ϰϬ
ϱϬ
ϲϬ
ϳϬ
ϴϬ
ϵϬ
ϭϬϬ
Ϭ ϭϮ Ϯϰ ϯϲ ϰϴ ϲϬ ϳϮ ϴϰ ϵϲ ϭϬϴ ϭϮϬ ϭϯϮ ϭϰϰ ϭϱϲ
ŶƵŵW
EEͲÊ
DĂǆŶƵŵW
ǀĞƌĂŐĞŶƵŵW
DŝŶŶƵŵW
Figure 7. The influence of the number of N-SDN nodes on numP.
Figure 6 shows the influence of different numbers of N-SDN nodes on max-ILC. From
the figure, we can see that the number of SDN links in hybrid SDN decreases gradually
with the increase of the number of N-SDN nodes (the decrease of the number of SDN
nodes), resulting in the gradual decline of the network intercept link coverage. And max-
ILC = 0.00% denotes that all links in the whole network are N-SDN links that cannot be
intercepted, namely, all nodes in the network are N-SDN nodes. Additionally, we can see
that the intercept link coverage of the whole hybrid SDN can reach 80.53~100% when the
number of N-SDN nodes is between 0 and 57 (i.e., the number of SDN nodes is between 99
and 156), namely, only when the number of SDN nodes in hybrid SDN is more than 99 can
SDN nodes intercept more than 80% of the links of the whole network.
Figure 7 shows the influence of different numbers of N-SDN nodes on numP. From
the figure, we can see that when the number of N-SDN is 0 (i.e., the number of SDN nodes
is 156), 79 SDN nodes are required to achieve the maximum intercept link coverage; the
number of SDN nodes required to intercept the whole network gradually increases first
and then decreases gradually. This is because that when the number of N-SDN nodes is
between 0 and 37 (i.e., the number of SDN nodes is between 119 and 156), though the
increase of N-SDN links results in the decrease of the degree of some SDN nodes, the
total number of SDN links does not decrease significantly. Thus, more SDN nodes are
needed to intercept the same number of links. Accordingly, the number of SDN nodes
required to intercept the whole network increases. While when the number of N-SDN is
between 38 and 156 (i.e., the number of SDN is between 0 and 118), the number of SDN
links greatly decreases with the increasing number of N-SDN nodes, so the number of
SDN nodes needed to achieve maximum intercept link coverage also decreases gradually.
Moreover, when all nodes in the network are N-SDN nodes, all links are N-SDN links,
and thus the minimum vertex cover set P is empty (i.e., numP = 0). To sum up, according
to Figures 4 and 5, we only need 69~95 SDN nodes to achieve 80.53~100% intercept link
coverage of the whole interception system when the number of SDN nodes in the whole
hybrid SDN is between 99~156.
22

Sensors 2021, 21, 428
Next, we will study and analyze the influence of three different approaches and three
SDN interception models on intercept link coverage (ILC) as shown in Figure 8. From the
figure, we can see that ILC of PA and HA with RMVCA is higher than that of RA without
RMVCA in general, and ILC of PA and HA are relatively close, whether using T model,
ECMP-T model or Fermat-point interception model. Additionally, compared with RA, PA
and HA can significantly improve the intercept link coverage when the number of N-SDN
nodes is between 0 and 60 (i.e., the number of SDN nodes is between 96 and 156). And this
improvement decreases with the decrease of SDN nodes.
ȱ

,/

116'1
73$
75$
7+$
(0373$
(0375$
(037+$
)HUPDWSRLQW3$
)HUPDWSRLQW5$
)HUPDWSRLQW+$
5$
3$DQG +$
h
Figure 8. The impact of three approaches in three SDN interception models on ILC under CRN
topologies. ILC. The higher, the better.
Meanwhile, another conclusion we can make is that the three SDN interception models
have nearly the same intercept link coverage. In other words, the intercept link coverage
(ILC) has no relationship with SDN interception models and the SDN interception models
have little impact on ILC.
5.3.2. TTC
Using RMVCA, we will analyze the impact of RMVCA on the efficiency of deploying
intercept access points in whole hybrid SDN. In many experiments, we run three SDN
interception models to deploy IAPs in three approaches during which the shortest paths
need to be calculated, and thus the total times of calculating the shortest path (TTC) is
different. In order to evaluate the performance of RMVCA, we employ TTC as its most
important performance metric. We predict that RMVCA can improve the efficiency of
deploying IAPs (i.e., reduce the total deployment time). The experimental results are
shown in Figure 9.
ȱ

77
h

EEͲÊ
73$ 75$ 7+$
(0373$ (0375$ (037+$
)HUPDWSRLQW3$ )HUPDWSRLQW5$ )HUPDWSRLQW+$
Figure 9. The impact of three approaches in three SDN interception models on TTC under CRN
topologies. TTC. The lower, the better.
23

Sensors 2021, 21, 428
From Figure 9, we can see that TTC of Fermat-point interception model is the highest
whether in PA, RA or HA, namely, running Fermat-point model may take the longest time
to deploy IAPs. In addition, TTC of T model and ECMP-T model is similar and is far lower
than that of Fermat-point model. Therefore, in terms of the efficiency of deploying IAPs, T
model and ECMP-T model are better than Fermat-point model.
Also, Figure 9 show the impact of three approaches in three SDN interception models
on TTC under CRN topologies. From the figure, we can see that compared TTC in PA
and RA, TTC in HA is the lowest, whether running T model, ECMP-T model or Fermat-
point model in hybrid SDN. Namely, HA is the best approach in terms of the efficiency of
deploying IAPs based on thorough analysis and comparison.
Meanwhile, we also can see that TTC in PA is the highest and thus PA is the most
undesirable approach. Considering that TTC is the most important performance metric
of RMVCA, we can abandon PA. According to Figure 9, we can conclude by calculating
that with the increasing number of N-SDN nodes (i.e., with the decreasing number of SDN
nodes) in hybrid SDN, HA can significantly improve the deployment efficiency of intercept
access points for the reason that compared with RA, HA can decrease TTC on average by
41.14%, 44.07%, 53.32% respectively in T model, ECMP-T model and Fermat-point model.
In conclusion, PA is the most undesirable approach that should be abandoned. While HA
is the best approach in terms of the deployment efficiency of IAPs.
5.3.3. MILC, TOC and UQoS
After deploying the best intercept access point (IAP; I), the interception center (the
law enforcement agencies; L) hopes to receive the data intercepted by the intercept access
point with the minimum cost (i.e., the minimum cost or hop-count from the intercept access
point (I) to the interception center (L); MILC). Therefore, MILC is one of the most important
performance metrics of lawful interception system. In addition, the network operators
are most concerned about the total cost of running intercept operation in global network
(i.e., TOC) which is the prominent performance metrics of lawful interception system.
Meanwhile, running different SDN interception models to deploy intercept access point
may lead to the different selection of the best intercept access point (namely the placement
location of IAP differs) and the different amount of calculation, thus affecting the quality
of service of normal user’s data stream (UQoS). Thus, UQoS is also one of the important
performance metrics of lawful interception system. In a word, MILC, TOC and UQoS are
of great significance for the Law Enforcement Agencies, the network operators and the
users, respectively. Focused on three hybrid SDN topologies CRN, NSFNet and COST 239,
we study and analyze the impact of running three different SDN interception models to
deploy the best IAPs on MILC, TOC, and UQoS of whole lawful interception system under
different number of SDN nodes. The experimental results of the three topologies are shown
in Figure 10a–c.
ȱ
ȱ ȱ
(a)ȱCRNȱ (b)ȱCOSTȱ239ȱ (c)ȱNSFNetȱ
Ϭ
ϰ
ϴ
ϭϮ
ϭϲ
ϮϬ
Ϯϰ
Ϯϴ
ϯϮ
ϯϲ
ϰϬ
ϰϰ
ϰϴ
ϱϮ
ϱϲ
ϲϬ
ϲϰ
ϲϴ

+RSFRXQW
h

116'1
0,/7 0,/(037 0,/)HUPDWSRLQW
727 72(037 72)HUPDWSRLQW
84R67 84R6(037 84R6)HUPDWSRLQW

+RSFRXQW
h

116'1
0,/7 0,/(037 0,/)HUPDWSRLQW

+RSFRXQW
h

EEͲÊ
0,/7 0,/(037 0,/)HUPDWSRLQW
Figure 10. The impact of three SDN interception models on MILC, TOC, UQoS under three topologies. Hop-count. The
lower, the better.
24

Sensors 2021, 21, 428
From the figures, we can see that MILC, TOC in T model are relatively close to the ones
in ECMP-T model. And MILC and TOC consumed by ECMP-T model are lower than that
of T model, so ECMP-T model is better than T model. More importantly, compared with
MILC and TOC in T model and ECMP-T model, MILC and TOC in Fermat-point model are
the lowest in all number of SDN nodes. In other words, Fermat-point model can decrease
MILC and TOC compared with T model and ECMP-T model. More specifically, compared
with T model and ECMP-T model, Fermat-point model can decrease MILC on average
by 13.41%, 11.11% in CRN topology, 14.91%, 8.73% in COST 239, and 19.72%, 16.04% in
NSFNet, and TOC on average by 1.91%, 0.99% in CRN topology, 2.82%, 0.46% in COST 239,
and 2.65%, 1.03% in NSFNet. These simulation results verify that the performance of
Fermat-point model outperforms T model and ECMP-T model and thus Fermat-point
model is the best SDN interception model in terms of MILC and TOC.
Meanwhile, from the figures, we can see that no matter in CRN, COST 239 or NSFNet,
ECMP-T model and T model have the same UQoS. In other words, T model and ECMP-T
model have little impact on the transmission quality of traffic normally accepted by users
and on deployment efficiency of IAP. According to the principle of T model and ECMP-T
model, we know the simulation results in three hybrid SDN topologies are consistent
with the theory, so these results are true and reliable. In addition, we can also clearly
observe from the figures that UQoS in Fermat-point model is higher than the one in T
model and ECMP-T model, which means that Fermat-point model slightly affect UQoS.
Thus, Fermat-point model has poor performance in terms of UQoS.
5.3.4. NFD
Due to the hybrid SDN topologies where N-SDN nodes cannot be selected as IAP,
not every combination of S, D and L can successfully deploy intercept access point. We
count the total number of failures to deploy IEP (i.e., NFD), to evaluate the performance
of SDN interception models. The statistical results are shown in Figure 11a–c. We can
clearly observe from the figures that in the three hybrid SDN topologies, the total number
of failures to deploy IAPs (NFD) in Fermat-point model is the least compared with NFD in
T model and ECMP-T model, which means that Fermat-point model has a high success rate
to deploy intercept access point. More specifically, compared with T model and ECMP-T
model, Fermat-point model decreases NFD on average by 88.21%, 86.87% in CRN topology,
76.9%, 74.68% in COST 239, and 67.53%, 66.26% in NSFNet. To sum up, the performance
of Fermat-point model outperforms T model and ECMP-T model and thus Fermat-point
model is the best interception model in terms of NFD.
ȱ ȱ ȱ
(a)ȱCRNȱ (b)ȱCOSTȱ239ȱ (c)ȱNSFNetȱ
Ϭ
ϱ
ϭϬ
ϭϱ
ϮϬ
Ϯϱ
ϯϬ
ϯϱ
ϰϬ
Ϭ ϭϮ Ϯϰ ϯϲ ϰϴ ϲϬ ϳϮ ϴϰ ϵϲ ϭϬϴ ϭϮϬ ϭϯϮ ϭϰϰ ϭϱϲ
1)'
[

116'1
7
(037
)HUPDWSRLQW
Ϭ
ϱ
ϭϬ
ϭϱ
ϮϬ
Ϯϱ
Ϭ Ϯ ϰ ϲ ϴ ϭϬ ϭϮ ϭϰ ϭϲ ϭϴ ϮϬ ϮϮ Ϯϰ Ϯϲ Ϯϴ
1)'
h

116'1
7
(037
)HUPDWSRLQW
Ϭ
ϱ
ϭϬ
ϭϱ
ϮϬ
Ϯϱ
ϯϬ
Ϭ Ϯ ϰ ϲ ϴ ϭϬ ϭϮ ϭϰ
1)'
h

EEͲÊ
7
(037
)HUPDWSRLQW
Figure 11. The impact of SDN interception models on NFD under three topologies. NFD. The lower, the better.
6. Conclusions
In this paper, we proposed an improved equal-cost multi-path shortest path algorithm
(ECMP-Dijkstra) and accordingly proposed three SDN interception models T model, ECMP-
T model, and Fermat-point model, to deploy the best intercept access point reasonably in
three real-world hybrid SDN topologies. Subsequently, we proposed a restrictive minimum
25

Sensors 2021, 21, 428
vertex coverage algorithm (RMVCA) to intercept the whole interception system with the
least SDN nodes, and to optimize the deployment efficiency of intercept access points
and improve the intercept link coverage, so as to optimize the performance of the whole
intercepting system. According to RMVCA, we analyze the effect of different SDN node
ratios on the intercept link coverage and the minimum vertex coverage set. Considering
the intercept link coverage and the minimum vertex coverage set, we found a suitable SDN
node ratio for deploying intercept access points reasonably, namely, to intercept the whole
hybrid SDN with the least SDN nodes.
Based RMVCA, we put forward three approaches PA, RA, and HA for experiments,
and compared the three experimental approaches. The experimental results show that HA
is the best approach, which can significantly optimize the efficiency of deploying intercept
access points (i.e., optimize TTC) and improve the intercept link coverage of the whole
hybrid SDN.
By the way, we analyzed the influence of three SDN interception models on various
performance metrics of lawful interception system using three real-world topologies. The
simulation results reveal that the three SDN interception models have little effect on the
intercept link coverage, and T model and ECMP-T model have no effect on user’s traffic
transmission quality. Compared with T model and ECMP-T model, Fermat-point model is
the best interception model for the reason that Fermat-point model can make MILC, TOC,
NFD the lowest by sacrificing a small part of user’s traffic transmission quality (UQoS) and
deployment time (TTC), intercepting the whole hybrid SDN at dramatically lower costs.
This paper has not considered the traffic bottleneck (link capacity) problem but has
proposed the deployment and optimization strategy of intercept access points that pave
the way for the future work that joint deployment of IAPs and LEAs in H-SDNs based on
the consideration of the traffic bottleneck problem.
Author Contributions: X.X. and W.-K.J. conceived and designed the study. X.X. performed the
simulations. X.X. wrote the paper. Y.W. and X.W. reviewed and edited the manuscript. All authors
have read and agreed to the published version of the manuscript.
Funding: This research was financially supported by the National Natural Science Foundation of
China No. U1805262, No. 61871131, and No. 61701118 in part by the Natural Science Founda-
tion of Fujian Province, China No.2018J05101, 2018H6007, and Special Fund for Marine Economic
Development of Fujian Province (ZHHY-2020-3).
Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.
Data Availability Statement: The data are not publicly available due to their containing information
that could compromise the privacy of research participants.
Acknowledgments: The authors would like to thank the anonymous reviewers for their useful
comments and careful reading of the manuscript.
Conflicts of Interest: The authors declare no conflict of interest.
Appendix A
Based on Proactive Approach (PA) or Hybrid Approach (HA), the details of pseudo
code of T, ECMP-T or Fermat-point model can be presented respectively in Algorithm A1
or Algorithm A2.
26

Sensors 2021, 21, 428
Algorithm A1 Proactive Approach—T or ECMP-T or Fermat-point Model
Input: P; S; D; L
Output: I
1: if P = ∅ then
2: I = ∅
3: for node i in P do
: . . . . . .
4: return I
Algorithm A2 Hybrid Approach—T or ECMP-T or Fermat-point Model
Input: NSDN; P; S; D; L
Output: I
1: I = ∅
: . . . . . .
2: SP ← Select(NS,D, P) or Select(NS,D,L, P)
3: if the SDN node-set SP =∅ then
4: for node i in SP do
: . . . . . .
5: else
6: Algo3(NSDN,S,D,L) or Algo4(NSDN,S,D,L)
7: end if
8: return I
References
1. Fundation, O.N. Software-Defined Networking: The New Norm for Networks. ONF White Paper 2012, 2, 11.
2. Kadhim, A.J.; Seno, S.A.H. Maximizing the Utilization of Fog Computing in Internet of Vehicle Using SDN. IEEE Commun. Lett.
2019, 23, 140–143. [CrossRef]
3. Görkemli, B.; Tatlıcıoğlu, S.; Tekalp, A.M.; Civanlar, S.; Lokman, E. Dynamic Control Plane for SDN at Scale. IEEE J. Sel. Areas
Commun. 2018, 36, 2688–2701. [CrossRef]
4. McKeown, N.; Anderson, T.; Balakrishnan, H.; Parulkar, G.; Peterson, L.; Rexford, J.; Turner, J. OpenFlow: Enabling innovation in
campus networks. ACM Sigcomm. Comput. Commun. Rev. 2008, 38, 69–74. [CrossRef]
5. Cheng, T.Y.; Jia, X. Compressive Traffic Monitoring in Hybrid SDN. IEEE J. Sel. Areas Commun. 2018, 36, 2731–2743. [CrossRef]
6. Dijkstra, E.W. A Note on Two Problems in Connexion with Graphs. Numer. Math. 1959, 1, 269–271. [CrossRef]
7. Li, G. An Improvement of Dijkstra Algorithm; Computer Development Applications: New York, NY, USA, 2009.
8. Wang, S.; Zhao, X. The improved Dijkstra’s shortest path algorithm. In Proceedings of the 2011 Seventh International Conference
on Natural Computation, Shanghai, China, 26–28 July 2011; pp. 2313–2316. [CrossRef]
9. Kadry, S.; Abdallah, A.; Joumaa, C. On The Optimization of Dijkstras Algorithm. In Informatics in Control, Automation and Robotics;
Springer: Berlin/Heidelberg, Germany, 2012.
10. Zhang, X.; Chen, Y.; Li, T. Optimization of logistics route based on Dijkstra. In Proceedings of the 2015 6th IEEE International
Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 23–25 September 2015; pp. 313–316. [CrossRef]
11. Bozyiğit, A.; Alankuş, G.; Nasiboğlu, E. Public transport route planning: Modified dijkstra’s algorithm. In Proceedings of the2017
International Conference on Computer Science and Engineering (UBMK), Antalya, Turkey, 5–8 October 2017; pp. 502–505.
[CrossRef]
12. Makariye, N. Towards shortest path computation using Dijkstra algorithm. In Proceedings of the 2017 International Conference
on IoT and Application (ICIOT), Nagapattinam, India, 19–20 May 2017; pp. 1–3. [CrossRef]
13. Wei, K.; Gao, Y.; Zhang, W.; Lin, S. A Modified Dijkstra’s Algorithm for Solving the Problem of Finding the Maximum Load Path.
In Proceedings of the 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT), Kahului, HI,
USA, 14–17 March 2019; pp. 10–13. [CrossRef]
14. Wenzheng, L.; Junjun, L.; Shunli, Y. An Improved Dijkstra’s Algorithm for Shortest Path Planning on 2D Grid Maps. In
Proceedings of the 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC),
Beijing, China, 12–14 July 2019; pp. 438–441. [CrossRef]
15. Levin, D.; Canini, M.; Schmid, S.; Schaffert, F.; Feldmann, A. Panopticon: Reaping the benefits of incremental SDN deployment in
enterprise networks. In Proceedings of the 2014 {USENIX} Annual Technical Conference, Philadelphia, PA, USA, 19–20 June 2014;
pp. 333–345.
16. Hong, D.K.; Ma, Y.; Banerjee, S.; Mao, Z.M. Incremental deployment of SDN in hybrid enterprise and ISP networks. In Proceedings
of the Symposium on SDN Research, Santa Clara, CA, USA, 14–15 March 2016.
27

Sensors 2021, 21, 428
17. Poularakis, K.; Iosifidis, G.; Smaragdakis, G.; Tassiulas, L. One step at a time: Optimizing SDN upgrades in ISP networks. In
Proceedings of the IEEE INFOCOM 2017-IEEE Conference on Computer Communications, Atlanta, GA, USA, 1–4 May 2017.
18. Zhou, H.; Zhang, D.; Xie, K.; Wang, X. Data reconstruction in internet traffic matrix. China Commun. 2014, 11, 1–12. [CrossRef]
19. Chen, J.; Kanj, I.A. Constrained minimum vertex cover in bipartite graphs: Complexity and parameterized algorithms. J. Comput.
Syst. Sci. 2003, 67, 833–847. [CrossRef]
20. Behsaz, B.; Hatami, P.; Mahmoodian, E.S. On minimum vertex cover of generalized Petersen graphs. Australas. J. Comb. 2010,
40, 253–264.
21. Madhavi, L.; Maheswari, B. Edge Cover Domination in Mangoldt Graph. Momona Ethiop. J. Sci. 2011, 3, 37–51. [CrossRef]
22. Wu, Y.; Yu, Q. A Characterization of Graphs with Equal Domination Number and Vertex Cover Number. Bull. Malays. Math. Soc.
Ser. 2012, 3, 803–806.
23. Volkmann, L. On graphs with equal domination and covering numbers. Discret. Appl. Math. 1994, 51, 211–217. [CrossRef]
24. Grandoni, F.; Könemann, J.; Panconesi, A.; Sozio, M. A Primal-dual Bicriteria Distributed Algorithm for Capacitated Vertex Cover.
Siam J. Comput. 2008, 38, 825–840. [CrossRef]
25. Zhang, N.; Sheng, Z. Improved Greedy Algorithm for the Minimum Vertex Cover Problem; Mongolia Normal University: Hohhot,
China, 2012.
26. Tomar, D. An Improved Greedy Heuristic for Unweighted Minimum Vertex Cover. In Proceedings of the 2014 International
Conference on Computational Intelligence and Communication Networks, Bhopal, India, 14–16 November 2014; pp. 618–622.
[CrossRef]
27. Angel, D. A breadth first search approach for minimum vertex cover of grid graphs. In Proceedings of the 2015 IEEE 9th
International Conference on Intelligent Systems and Control (ISCO), Coimbatore, India, 9–10 January 2015; pp. 1–4. [CrossRef]
28. Fayaz, M.; Arshad, S.; Zaman, U.; Ahmad, A. A Simple, Fast and Near Optimal Approximation Algorithm for Optimization of
Un-Weighted Minimum Vertex Cover. In Proceedings of the International Conference on Frontiers of Information Technology
IEEE, Islamabad, Pakistan, 19–21 December 2017.
29. Çınaroğlu, S.; Bodur, S. A new hybrid approach based on genetic algorithm for minimum vertex cover. In Proceedings of the 2018
Innovations in Intelligent Systems and Applications (INISTA), Thessaloniki, Greece, 3–5 July 2018; pp. 1–5. [CrossRef]
30. Zhou, Y.; Qiu, C.; Wang, Y.; Fan, M.; Yin, M. An Improved Memetic Algorithm for the Partial Vertex Cover Problem. IEEE Access
2019, 7, 17389–17402. [CrossRef]
31. Branch, P.A. Lawful Interception of the Internet. Int. J. Emerg. Technol. Soc. 2003, 1, 38–51.
32. Csikor, L.; Szalay, M.; Rétvári, G.; Pongrácz, G.; Pezaros, D.P.; Toka, L. Transition to SDN is HARMLESS: Hybrid Architecture for
Migrating Legacy Ethernet Switches to SDN. IEEE/ACM Trans. Netw. 2020, 28, 275–288. [CrossRef]
33. Bshouty, N.H.; Burroughs, L. Massaging a linear programming solution to give a 2-approximation for a generalization of the
vertex cover problem. In Symposium on Theoretical Aspects of Computer Science; Springer: Berlin/Heidelberg, Germany, 1998.
[CrossRef]
34. Cao, W.; Feng, X.; Jia, J.; Zhang, H. Characterizing the Structure of the Railway Network in China: A Complex Weighted Network
Approach. J. Adv. Transp. 2019, 2019, 3928260. [CrossRef]
35. De Maesschalck, S.; Colle, D.; Lievens, I.; Pickavet, M.; Demeester, P.; Mauz, C.; Jaeger, M.; Inkret, R.; Mikac, B.; Derkacz, J.
Pan-European optical transport networks. Photonic Netw. Commun. 2003, 5, 203–225. [CrossRef]
36. Claffy, K.C.; Polyzos, G.C.; Braun, H. Traffic characteristics of the T1 NSFNET backbone. In Proceedings of the IEEE INFOCOM
’93 The Conference on Computer Communications, San Francisco, CA, USA, 28 March–1 April 1993; Volume 2, pp. 885–892.
[CrossRef]
28

sensors
Review
A Comprehensive Study of Anomaly Detection Schemes in IoT
Networks Using Machine Learning Algorithms
Abebe Diro 1, Naveen Chilamkurti 2, Van-Doan Nguyen 2,* and Will Heyne 3
Citation: Diro, A.; Chilamkurti, N.;
Nguyen, V.-D.; Heyne, W. A
Comprehensive Study of Anomaly
Detection Schemes in IoT Networks
Using Machine Learning Algorithms.
Sensors 2021, 21, 8320. https://
doi.org/10.3390/s21248320
Academic Editors: Zihuai Lin and
Wei Xiang
Received: 8 November 2021
Accepted: 8 December 2021
Published: 13 December 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
4.0/).
1 College of Business and Law, RMIT University, Melbourne 3001, Australia; abebe.diro3@rmit.edu.au
2 Department of Computer Science and I.T., La Trobe University, Melbourne 3086, Australia;
n.chilamkurti@latrobe.edu.au
3 BAE Systems Australia, Adelaide 5000, Australia; will.heyne@baesystems.com
* Correspondence: o.nguyen@latrobe.edu.au
Abstract: The Internet of Things (IoT) consists of a massive number of smart devices capable of
data collection, storage, processing, and communication. The adoption of the IoT has brought
about tremendous innovation opportunities in industries, homes, the environment, and businesses.
However, the inherent vulnerabilities of the IoT have sparked concerns for wide adoption and
applications. Unlike traditional information technology (I.T.) systems, the IoT environment is
challenging to secure due to resource constraints, heterogeneity, and distributed nature of the smart
devices. This makes it impossible to apply host-based prevention mechanisms such as anti-malware
and anti-virus. These challenges and the nature of IoT applications call for a monitoring system such
as anomaly detection both at device and network levels beyond the organisational boundary. This
suggests an anomaly detection system is strongly positioned to secure IoT devices better than any
other security mechanism. In this paper, we aim to provide an in-depth review of existing works in
developing anomaly detection solutions using machine learning for protecting an IoT system. We
also indicate that blockchain-based anomaly detection systems can collaboratively learn effective
machine learning models to detect anomalies.
Keywords: cybersecurity; anomaly detection; the Internet of Things; machine learning; deep learn-
ing; blockchain
1. Introduction
The IoT consists of myriad smart devices capable of data collection, storage, processing,
and communication. The adoption of the IoT has brought about tremendous innovation
opportunities in industries, homes, the environment, and businesses, and it has enhanced
the quality of life, productivity, and profitability. However, infrastructures, applications,
and services associated with the IoT introduced several threats and vulnerabilities as
emerging protocols and workflows exponentially increased attack surfaces [1]. For instance,
the outbreak of the Mirai botnet exploited IoT vulnerabilities and crippled several websites
and domain name systems [2].
It is challenging to secure IoT devices as they are heterogeneous, traditional security
controls are not practical for these resource-constrained devices, and the distributed IoT
networks fall out of the scope of perimeter security, and existing solutions such as the
cloud suffer from centralisation and high delay. Another reason for this challenge is that
IoT device vendors commonly overlook security requirements due to a rush-to-market
mentality. Furthermore, the lack of security standards has added another dimension to the
complexity of securing IoT devices. These challenges and the nature of IoT applications call
for a monitoring system such as anomaly detection at device and network levels beyond
the organisational boundary.
An anomaly is a pattern or sequence of patterns in IoT networks or data that signif-
icantly deviate from the normal behaviour. Anomalies can be contextual and collective
29

Sensors 2021, 21, 8320
points based on the sources of anomalies [3]. Point anomaly represents a specific data point
that falls outside the norm, and it indicates random irregularity, extremum, or deviation
with no meaning, often known as outliers. The contextual anomaly denotes a data point
that deviates from the norm in a specific context such as in a time window. It means that
the same normal observation in a given context can be abnormal in a different context. The
contextual anomaly is driven by contextual features such as time and space and behavioural
features such as the application domain. A collection of related data points, specifically in
sequential, spatial, and graph data, that fall outside of normal behaviour forms collective
anomalies. It is denoted as a group of interconnected, correlated, or sequential instances,
where individuals of the group are not anomalous themselves; the collective sequence is
anomalous. Anomalous events rarely occur; however, these events bring about dramatic
negative impacts in businesses and governments using IoT applications [4].
As for protecting IoT and I.T. applications, intrusion detection systems (I.D.S.s) that
alert abnormal events or suspicious activities that might lead to an attack have been
developed. I.D.S.s can be divided into two main categories: anomaly-based and signature-
based. With anomaly-based I.D.S.s, unidentified attacks or zero-day attacks can be detected
as deviations from normal activities [5]. However, signature-based I.D.S cannot identify
unknown attacks until the vendors release updated versions consisting of the new attack
signatures [5]. This indicates that anomaly-based I.D.S.s are strongly positioned to secure
IoT devices better than signature-based I.D.S.s. Moreover, there is a large amount of
raw data generated by IoT devices, which leads to the process of identifying suspicious
behaviour from data suffering from high computation cost due to included noise. Hence,
lightweight distributed anomaly-based I.D.S.s play a significant role in thwarting cyber-
attacks in the IoT network.
In recent years, using machine learning techniques to develop anomaly-based I.D.S.s
to protect the IoT system has produced encouraging results as machine learning models are
trained on normal and abnormal data and then used to detect anomalies [1,2]. However,
building effective and efficient anomaly detection modules is a challenging task as machine
learning has the following drawbacks:
• First, machine learning models, specifically with classical algorithms, are shallow
to extract features that can truly represent underlying data to discriminate anomaly
events from normal ones.
• Second, running machine learning models can consume extensive resources, making
it challenging to deploy such models on resource-constrained devices.
• Third, it requires massive data for training machine learning models to archive high ac-
curacy in anomaly detection. Therefore, machine learning models may not capture all
of the cyber-attacks or suspicious events due to training data. This means that machine
learning suffers from both false positives and false negatives in some circumstances.
However, with the advancement in hardware such as GPU and neural networks such
as deep learning, machine learning has constantly improved. This makes it promising for
anomaly detection emerging platforms such as blockchain.
This paper aims to provide an in-depth review of current works in developing anomaly
detection solutions using machine learning to protect an IoT system, which can help re-
searchers and developers design and implement new anomaly-based I.D.S.s. Our contribu-
tions are summarised as follows: first, we present the significance of anomaly detection in
the IoT system (Section 2); then, we identify the challenges of applying anomaly detection
to an IoT system (Section 3); after that, we describe the state-of-the-art machine learning
techniques for detecting anomalies in the system (Section 4); finally, we analyse the use of
machine learning techniques for IoT anomaly detection (Section 5). In particular, this paper
also covers the federated learning technique that helps to collaboratively train effective
machine learning models to detect anomalies (Section 4) and indicates that the use of
blockchain for anomaly detection is a novel contribution as the inherent characteristics of a
distributed ledger is an ideal solution to defeat adversarial learning systems (Section 5).
30

Sensors 2021, 21, 8320
2. Significance of Anomaly Detection in the IoT
Over the years, anomaly-based I.D.S.s have been applied in a wide range of IoT
applications, as illustrated in Table 1. This section will focus on the important roles of
anomaly detection systems in industries, smart grids, and smart cities.
Table 1. Anomaly-Based I.D.S.s according to Anomaly Types and Applications.
ANOMALY TYPES
Points Contextual Collective
APPLICATIONS
Generic
[6] [7] [8]
[9] [10]
[11]
[12]
[13]
[14]
[15]
Flights [16]
Industries
[17]
[18]
[19]
Health [20]
Smart Cities [21]
Smart Grids [22]
Smart Home
[23] [24]
[25]
[26]
Unmanned Aerial Vehicles [27]
Industrial IoT is one of the beneficiaries of anomaly detection tools. Anomaly de-
tection has been leveraged for industrial IoT applications such as power systems, health
monitoring [28], heating ventilation and air conditioning system fault detection [29], pro-
duction plant maintenance scheduling [30], and manufacturing quality control systems [31].
In [32], machine learning approaches such as linear regression have been applied to sensor
readings of engine-based machines to learn deviations from normal system behaviours.
The study demonstrated that anomaly detection plays a significant role in preventive main-
tenance by detecting machine failures and inefficiencies. In another study, autoencoder
(A.E.)-based outlier detection was investigated in audio data using reconstruction error [33].
The study showed that early detection of anomalies could be used as responsive main-
tenance for machine failures, thereby reducing downtime. Furthermore, water facilities
used IoT anomaly detection [34] to monitor and identify certain chemical concentration
levels as a reactive alerting mechanism. These studies show that IoT anomaly detection
provides mechanisms of improving efficiency and system up-time for industry machines
by monitoring machine health.
The power sector including existing smart grids has also attracted anomaly detection
systems to identify power faults and outages. The study in [35] utilised statistical methods
to develop an anomaly detection framework using smart meter data. The authors argue that
hierarchical network data can be used to model anomaly detection for power systems. The
other study [36] employed high-frequency signals to detect anomalies in power network
faults. The article concludes that local anomaly detection depends more on network size
than topology. In [37], big data analysis schemes were explored to detect and localise
failures and faults in power systems. The study showed that the compensation theorem in
circuit theory could be applied to event detection in power networks. Physical attacks on
smart grids such as energy theft can also be detected by using anomaly detection systems,
31

Sensors 2021, 21, 8320
as shown in [38]. It is compelling that anomaly detection plays a paramount role in
detecting failures and faults in power systems, enhancing system reliability and efficiency.
Abnormality detection can be used for smart city facilities such as roads and buildings.
Road surface anomalies were studied in [39]. It has been indicated that damage to private
vehicles can be reduced if the road surface is monitored for anomalies so that timely
measures such as maintenance are taken before road incidents. In the study undertaken
in [40], pollution monitoring and controlling were modelled as an anomaly to enable
policymaker decisions in health, traffic, and environment. Similarly, assisted living can
also benefit from IoT-based anomaly detection as deviations from normal alert caregivers
as studied in [41]. Thus, it can be summed up that abnormal situations in smart cities and
buildings can be detected using anomaly detection systems, and these can be provided to
policymakers for decision-making purposes.
3. Challenges in IoT Anomaly Detection Using Machine Learning
The development of anomaly detection schemes in the IoT environment is challenging
due to several factors such as (1) scarcity of IoT resources; (2) profiling normal behaviours;
(3) the dimensionality of data; (4) context information; and (5) the lack of resilient machine
learning models [15]. These factors will be explained in this section.
3.1. Scarcity of IoT Resources
The leverage of device-level IoT anomaly detection can be hindered by the constraints
in storage, processing, communication, and power resources. To compensate for this, the
cloud can be adopted as a data collection, storage, and processing platform. However, the
remoteness of the cloud can introduce high latency due to resource scheduling and round
trip time. This delay may not be acceptable for real-time requirements of IoT suspicious
events [15]. It is also evident that the scale of traffic in the IoT may degrade the detection
performance of the anomaly detection system if it exceeds the capacity of the devices. A
better solution is to offload certain storage and computations from devices to edge nodes
or to send aggregated data to the cloud. Sliding window techniques can also offer reduced
storage benefits by withholding only certain data points, though the anomaly detection
system may require patterns/trends [26].
3.2. Profiling Normal Behaviours
The success of an anomaly detection system depends on gathering sufficient data
about normal behaviours; however, defining normal activities is challenging. Due to their
rare occurrence, anomalous behaviours might be collected within normal behaviours. There
is a lack of datasets representing both IoT normal and abnormal data, making supervised
learning impractical, specifically for massively deployed IoT devices. This drives the need
to model IoT anomaly detection systems in unsupervised or semi-supervised schemes,
where data deviating from those collected in normal operations are taken as anomalous [3].
3.3. Dimensionality of Data
IoT data can be univariate as key-value xt or multivariate as temporally correlated
univariate xt =

xt
1, . . . , xt
n

. The IoT anomaly detection using univariate series compares
current data against historical time series. In contrast, multivariate-based detection pro-
vides historical stream relationships and relationships among attributes at a given time.
Thus, choosing a specific anomaly detection mechanism in IoT applications depends on
data dimensionality due to associated overheads in processing [3,29]. Furthermore, multi-
variate data introduces the complexity of processing for models, which needs dimension
reduction techniques using principal components analysis (P.C.A.) and A.E.s. On the other
hand, univariate data may not represent finding patterns and correlations that enhance
machine learning performance.
32

Sensors 2021, 21, 8320
3.4. Context Information
The distributed nature of IoT devices caters to context information for anomaly de-
tection. However, the challenge is to capture the temporal input at a time t1 is related to
input at a time tn and spatial contexts in large IoT deployments where some IoT devices are
mobile in their operations. This means that introducing context enriches anomaly detection
systems, but increases complexity if the right context is not captured [3].
3.5. Lack of Machine Learning Models Resiliency against Adversarial Attacks
The lack of a low false-positive rate of existing machine learning models and the
vulnerability to adversarial attacks during training and detection call for both accurate
algorithms and resilient models. On the other hand, the massive deployment of IoT devices
could be leveraged for collective anomaly detection as most of the devices in the network
exhibit similar characteristics. This large number of devices helps to utilise the power of
cooperation against cyber-attacks such as malware [42]. Model poisoning and evasion can
decrease the utility of machine learning models as adversaries can introduce fake data to
train or tamper the model.
4. Machine Learning Techniques for Detecting Anomalies in the IoT
Several aspects of IoT anomaly detection using machine learning must be considered.
Learning algorithm methods can be categorised into three groups: supervised, unsuper-
vised, and semi-supervised. The technique to train the learning algorithms across many
decentralised IoT devices is known as federated learning. In addition, anomaly detection
can be seen in terms of extant data dimension, leading to univariate-and multivariate-based
approaches. In the rest of this section, we will present the anomaly detection schemes
based on (1) machine learning algorithms; (2) federated learning; and (3) data sources
and dimensions.
4.1. Detection Schemes Based on Machine Learning Algorithms
Supervised algorithms, known as discriminative algorithms, are classification-based
learning through labelled instances. These algorithms consist of classification algorithms
such as the K-nearest neighbour (K.N.N.), support vector machine (SVM), Bayesian net-
work, and neural network (N.N.) [43,44]. K.N.N. is one of the distance-based algorithms of
anomaly detection where the distances of anomalous points from the majority of the dataset
are greater than a specific threshold. Calculating the distances is computationally complex;
it seems impossible to provide on-device anomaly detection using this algorithm. On the
other hand, SVM provides a hyperplane that divides data points for classification. As in
the case of K.N.N., it is so resource-intensive that the applicability to IoT anomaly detection
is impractical. As the Bayesian network may not require the prior knowledge of neighbour
nodes for anomaly detection, it can be adopted for resource-constrained devices through
low accuracy. Finally, N.N. algorithms have been extensively used to train on normal
data so that anomalous data can be detected as the deviation from normal. The resource
requirements of N.N. algorithms make it challenging to adapt to the IoT environment.
Hence, supervised algorithms are the least applicable for IoT anomaly detection systems
for their labelled dataset requirements and extensive resource requirements.
Commonly known as generative algorithms, unsupervised algorithms use unlabelled
data to learn hierarchical features. Clustering-based algorithms such as K-means and
density-based spatial clustering of applications with noise (D.B.S.C.A.N.) are unsupervised
techniques that apply similarity and density attributes to classify data points into clus-
ters [43,44]. Abnormal points are small data points significantly far from the dense area,
while normal points are either close to or within the clusters. Usually, clustering algorithms
are used with classification algorithms to enhance anomaly detection accuracy. Because of
resource usage, most of the clustering algorithms cannot be directly applied to IoT devices
for anomaly detection. Another unsupervised learning technique involves dimension-
reduction approaches such as P.C.A. and A.E. to remove noise and redundancy from data
33

Sensors 2021, 21, 8320
to reduce the dimension of original data [44,45]. P.C.A. has been extensively applied to
anomaly detection, but it fails in the dynamic IoT environment. A.E. has produced promis-
ing results in IoT anomaly detection in reducing data sizes and in reconstructing errors to
identify anomalous points. However, these techniques have been used extensively as a part
of feature extraction for classification algorithms. The dimensionality reduction algorithms
in unsupervised learning can be adapted to IoT anomaly detection. Semi-supervised al-
gorithms combine discriminative and generative algorithms by providing normal data
instances so that deviation from normal behaviour is seen as abnormal behaviour. Hence,
anomaly detection in IoT is geared toward unsupervised or semi-supervised algorithms
where normal system profiling is utilised as a baseline environment [46].
Table 2 shows the state-of-the-art machine learning algorithms according to three
anomaly types.
Table 2. Learning Algorithms According to Anomaly Types and Machine Learning Schemes.
ANOMALY TYPES
Points Contextual Collective
MACHINE
LEARNING
SCHEMES
Supervised
RF [21] RL [16] CNN [24]
DL [17] LSTM [22] GNN [8]
Multiple [10]
AE-ANN [11]
LSTM [12]
AE-CNN [13]
Ensemble [14]
Unsupervised
AE-CNN [6] Subspace [27] AE [25]
AE [18] Self-learning [26]
Semi-Supervised TCN [23] AE-LSTM [20] DNN [15]
DBN [7]
4.2. Training Detection Schemes Based on Federated Learning Algorithms
Federated learning, also known as collaborative learning, allows IoT devices to train
machine learning models locally and send the trained models, not the local data, to the
server for aggregation [47,48]. This training method is different from the standard machine
learning training approaches that require centralising the training data in one place such as
a server or data centre.
The federating learning method consists of four main steps. First, the server initialises
a global machine learning model for anomaly detection and selects a subset of IoT devices
to send the initialised model. Second, each selected IoT device will train the model by
using its local data, then send the trained model back to the server. Next, the server will
aggregate received models to form the global model. Finally, the server will send the final
model to all IoT devices to detect anomalies. Note that the server can repeat the tasks of
selecting a sub-set of IoT devices, sending the global model, receiving the trained models,
and aggregating the received models multiple times, as some devices may not be available
at the time of federated computation or some may have dropped out during each round.
By using federated learning, data in the IoT system is decentralised, and data privacy
is protected. The other advantages of federated learning include lower latency, less network
load, less power consumption, and can be applied across multiple organisations. However,
federated learning also suffers from some drawbacks such as inference attacks [49] and
model poisoning [50].
4.3. Detection Mechanisms Based on Data Sources and Dimensions
Univariate IoT data consists of data representation from a single IoT device over time.
In reality, anomaly detection systems utilise data from multiple IoT devices deployed in
complex environments. These multivariate multi-sources feed richer contexts by providing
noise-tolerant temporal and spatial information than a single source.
34

Sensors 2021, 21, 8320
4.3.1. Univariate Using Non-Regressive Scheme
In the non-regressive scheme, threshold-based mechanisms can be leveraged by setting
low and high thresholds of observations on univariate stationary data to ﬂag anomalies if
a data point falls outside the boundary. More advanced mechanisms such as mean and
variance thresholds produced over historical data can replace this min–max approach.
Another similar approach is using a box plot to split data distribution into a range of small
categories where new data points are compared against the boxes. These non-regressive
approaches are ideal in saving resources such as processors and memories for IoT devices.
However, being distributed techniques over univariate observations, the range-based
schemes fail to detect contextual and collective anomalies due to the lack of the ability to
capture temporal relationships [3].
N.N.s such as A.E.s, recurrent neural networks (R.N.N.), and long short-term memory
(L.S.T.M.) can be used as non-regressive models to solve the problem of anomaly detection
in the IoT ecosystem using univariate time series data. A.E. is used to reconstruct data
symmetrically from the input to the output layer, and a high reconstruction error probably
indicates abnormality [13]. A.E. can also be applied to resource-constrained IoT devices
for conserving resources and battery power. On the other hand, R.N.N. provides memory
in the network by affecting neurons from previous outputs through feedback loops. This
enables the capture of temporal contexts over time. The vanishing gradient problem in
R.N.N. makes it unsuitable for large IoT networks. L.S.T.M. can provide semi-supervised
learning on normal time series data to identify anomaly sequences from reconstruction to
solve this error problem. Hence, it seems that combining A.E. and L.S.T.M. can bring about
resource-saving and accuracy requirements of the IoT anomaly detection tasks.
4.3.2. Univariate Using Regressive Scheme
Predictive approaches, known as regressive schemes, enable identifying anomalies
by comparing predicted value to actual value in time series data. Parametric models such
as autoregressive moving average (A.R.M.A.) are popular techniques despite seasonality
or mean shift problems in non-stationary datasets. However, these problems can be
solved by using enhanced variants of A.R.M.A. such as autoregressive integrated moving
average (A.R.I.M.A.) and seasonal A.R.M.A. As another approach to predictive IoT anomaly
detection, NN-based predictive models such as M.L.P., R.N.N., L.S.T.M., and others can
be applied to capture the dynamics of a time series on complex univariate data [46]. For
instance, R.N.N., L.S.T.M., and G.R.U. models can represent the variability in time series
data to predict the expected values for time sequences. Recently, attention-based models
have been applied to IoT anomaly detection in complex long sequential data. Similar to the
non-regressive scheme, sequential models can boost the accuracy of IoT anomaly detection
if dimensional reduction algorithms can be used in feature extraction.
4.3.3. Multivariate Using Regressive Scheme
As the additional variables increase data sizes, dimensionality reduction techniques
such as P.C.A., A.E., and others can be employed to decrease overall data size. P.C.A. can
capture the interdependence of variables for multivariate sources. It reduces the data size
by decomposing multivariate data into a reduced set. The linearity and computational
complexity of P.C.A. can limit its usage for IoT anomaly detection. A.E. works like P.C.A.
and can discover anomalies in multivariate time series data using reconstruction error, the
same way as in univariate cases. The promising aspect of A.E. is its low resource usage
and its non-linear feature extraction. Similar to predictive and non-predictive models
on univariate data, schemes using L.S.T.M., CNN, DBN, and others can also be applied
to identifying anomalies in multi-source IoT systems. Speciﬁcally, CNN and L.S.T.M.
algorithms can be preceded by A.E. for important feature extraction and resource savings.
These deep learning schemes can learn spatio-temporal aspects of multivariate IoT data [12].
35

Sensors 2021, 21, 8320
Clustering mechanisms are another approach to detect anomalies in multivariate
data. In addition, graph networks can be used to learn models about variable or sequence
relationships where the weakest weight between graph nodes is considered anomalous.
5. Analysis of Machine Learning for IoT Anomaly Detection
Anomaly detection systems have proven their capabilities of defending traditional
networks by detecting suspicious behaviours. However, the standalone anomaly detection
systems in classical systems do not fit the architecture of distributed IoT networks. In such
systems, a single node compromise could damage the entire network. By collecting traffic
from various spots, a collaborative anomaly detection framework plays a paramount role
in thwarting cyber threats. However, the trust relationship and data sharing form two
major challenges [42,51]. In this massive network, insider attacks can be a serious issue.
Furthermore, as most anomaly detection systems apply machine learning, nodes may
not be willing to share normal profiles for training or performance optimisation due to
privacy issues. The trust problem can be solved by implementing a central server that
handles trust computation and data sharing. However, this approach could lead to a single
point of failure and security, specifically for the large-scale deployment of IoT devices.
Recently, blockchain has attracted much interest in financial sectors for its capability
of forming trust among mistrusting entities using contracts and consensus. Blockchain
could provide an opportunity to solve the problem of collaborative anomaly detection by
providing trust management and a data-sharing platform. In the remainder of this section,
we will focus on analysing (1) the collaborative architecture for IoT anomaly detection
using blockchain; (2) datasets and algorithms for IoT anomaly detection; and (3) resource
requirements of IoT anomaly detection.
5.1. Collaborative Architecture for IoT Anomaly Detection
Blockchain is a decentralised ledger that provides immutability, trustworthiness,
authenticity, and accountability mechanisms for the maintained records based on majority
consensus. Though it was originally applied to digital currency systems, blockchain can
be applied in various fields. With the power of public-key cryptography, strong hash
functions, and consensus algorithms, participating nodes in a blockchain can verify the
formation of new blocks. A block typically consists of a group of records, timestamp,
previous block hash, nonce, and a block’s hash. Thus, the change in a record or group of
records will be reflected in the next block’s previous hash field, which makes it immune to
adversarial change [42].
The powerful attributes of blockchain could provide a solid foundation for anomaly
detection in distributed networks such as the IoT. IoT devices can collaboratively develop
a global anomaly detection model from local models without adversarial attacks using
blockchain architecture. As IoT needs mutual trust to share local models in a secure and
tamper-proof way, consensus algorithms and decentralised blockchain storage make it
challenging for malicious actors to manipulate the network. However, the successful
Bitcoin consensus algorithms in financial areas such as proof-of-work require extensive
storage and processing capabilities. Etherium has applied proof-of-stake where the partic-
ipants’ stakes determine consensus. It uses smart contracts, and is less computationally
intensive. Hyperledger Fabric is another customisable blockchain platform that applies
smart contracts in distributed systems rather than cryptocurrencies. As it relies on central
service to enable participants to endorse transactions, endorsing participants must agree
on the value of a transaction to reflect changes in the local participant ledger. These three
popular blockchain systems do not seem to solve resource-constrained IoT devices [51].
Blockchain-based security solutions have been discussed in a mix of traditional and
IoT systems [52,53]. In these studies, a resource-rich device was connected to IoT devices,
where the device acts as a proxy to connect IoT devices to the blockchain. A similar study
was conducted in [54]. The main advantages of these approaches lie in resource savings, but
they may also create a central point of failure. In [55], the author’s utilised smart contracts to
36

Sensors 2021, 21, 8320
integrate IoT devices into blockchain for communication integrity and authenticity through
the resource requirement issues that may not make it practical. The most promising result
has been achieved on distributed and collaborative IoT anomaly detection [51]. The study
uses a self-attestation mechanism to establish a dynamic trusted model against which
nodes compare to detect anomalous behaviour. The model is cooperatively updated by
majority consensus before being distributed to peers.
5.2. Datasets and Algorithms for IoT Anomaly Detection
The lack of labelled realistic datasets has hampered anomaly detection research in the
IoT. The existing data suffer from lacking realistic representation for IoT traffic patterns
and lack capture of the full range of anomalies that may occur in the IoT. Class imbalance
between normal traffic and anomalous patterns also manifests, which makes classification
systems inefficient. Most IoT traffic can be represented as normal behaviour while it
dynamically changes over time. As contextual information such as time, environment, and
neighbour nodes profile rich information to improve anomaly detection in the IoT, it seems
that multivariate data plays a significant role. The challenges associated with the absence of
truly representative, realistic, and balanced datasets favour an anomaly detection scheme
that profiles normal behaviours to detect anomalous points that deviate from the normal
data [56]. Table 3 shows the common datasets that have been commonly used in some
recent studies in this research area. As can be seen, most datasets are not specific to the IoT
system; however, they are still suitable for training and evaluating anomaly-based I.D.S.s
because they contain both normal and abnormal data.
Table 3. Common Datasets for Anomaly Detection in the IoT System (Adapted from [1]).
Dataset
Published
Year
IoT
Specific
Dimensions
Normal
Instances
Abnormal
Instances
N-BaIoT [57] 2018 Yes 115 555,932 6,545,967
CICIDS 2017 [58] 2017 No 80 2,273,097 557,646
AWID [59] 2015 No 155 530,785 44,858
UNSW-NB15 [60] 2015 No 49 2,218,761 321,283
NLS-KDD [61] 2009 No 43 77,054 71,463
Kyoto [62] 2006 No 24 50,033,015 43,043,255
KDD CUP 1999 [63] 1999 No 43 1,033,372 4,176,086
The initial deployment of the IoT anomaly detection system lacks historical data that
specify normal and anomalous points. This absence and the rare nature of anomalies
challenge the usage of traditional machine learning schemes. Though several techniques of
solving imbalanced data have been proposed, such methods cannot maintain the temporal
context of anomalies. In addition, supervised algorithms capture only known anomalies
while failing to detect novel attacks. Thus, unsupervised or semi-supervised approaches
can be used to solve the limitations of supervised algorithms [54].
While several techniques have been used in IoT anomaly detection, most of the ap-
proaches have failed to satisfy the resource and power requirements of IoT devices [54].
Though there is no single best anomaly detection approach, deep learning techniques,
specifically A.E. and CNN, have shown promising results in both delivering better resource-
saving and accuracy, respectively [64]. While algorithms such as CNN and L.S.T.M. can
boost detection accuracy, A.E. can be used to reduce the dimension of data and extract rep-
resentative features by eliminating noise. Specifically, L.S.T.M. can be applied to dynamic
and complex observations within time-series IoT data over a long sequence. Thus, it sug-
gests that these techniques or combinations could be further explored to detect anomalies
in the IoT ecosystem [65].
37

Sensors 2021, 21, 8320
5.3. Resource Requirements of IoT Anomaly Detection
The resource-constrained nature of IoT devices prohibits the deployment of traditional
host-based intrusion detection such as anti-malware and anti-virus. As traffic analysis con-
sumes huge computational resources during anomaly detection, incremental approaches
such as sliding windows can reduce the processing and storage requirements for IoT de-
vices. It is also critical that the anomaly detection engine of the IoT system should operate
in near real-time for reliable detection. This indicates that adaptive techniques help to
improve the detection model over time without major retraining. However, offline training
may be applied for initial deployment.
6. Conclusions
The IoT environment’s massive number, heterogeneity, and resource constraints have
hindered cyber-attack prevention and detection capabilities. These characteristics attract
monitoring IoT devices at the network level as on-device solutions are not feasible. To
this end, anomaly detection is better positioned to protect the IoT network. To protect the
system, anomaly detection is considered to be an important tool as it helps identify and
alert abnormal activities in the system. Machine learning has been applied for anomaly
detection systems in I.T. and IoT systems. However, the applications of anomaly detection
systems using machine learning in I.T. systems have been better than the IoT ecosystem
due to their resource capabilities and in-perimeter location. Nevertheless, the existing
machine learning-based anomaly detection is vulnerable to adversarial attacks. This article
has presented a comprehensive survey of anomaly detection using machine learning in
the IoT system. The significance of anomaly detection, the challenges when developing
anomaly detection systems, and the analysis of the used machine learning algorithms are
provided. Finally, it has been recommended that blockchain technology can be applied to
mitigate model corruption by adversaries where IoT devices can collaboratively produce a
single model using blockchain consensus mechanisms. In the future, we plan to implement
a blockchain-based anomaly detection system for protecting high-end IoT devices such as
Raspberry Pi. The system can be built on a python-based machine learning platform such
as TensorFlow and a blockchain platform such as Hyperledger Fabric, where Raspberry Pi
devices act as distributed nodes.
Author Contributions: Conceptualization: A.D. and N.C.; methodology: A.D. and V.-D.N.; formal
analysis: V.-D.N.; investigation: V.-D.N.; resources: N.C.; data curation: V.-D.N.; writing—original
draft preparation: A.D. and V.-D.N.; writing—review and editing: A.D., V.-D.N., W.H. and N.C.;
supervision: N.C.; project administration: N.C. and W.H.; funding acquisition: N.C. and W.H. All
authors have read and agreed to the published version of the manuscript.
Funding: This work was supported by the SmartSat C.R.C., whose activities are funded by the
Australian Government’s C.R.C. Program.
Conflicts of Interest: The authors declare no conflict of interest in this research.
References
1. Alsoufi, M.A.; Razak, S.; Siraj, M.M.; Nafea, I.; Ghaleb, F.A.; Saeed, F.; Nasser, M. Anomaly-Based Intrusion Detection Systems in
IoT Using Deep Learning: A Systematic Literature Review. Appl. Sci. 2021, 11, 8383. [CrossRef]
2. Njilla, L.; Pearlstein, L.; Wu, X.; Lutz, A.; Ezekiel, S. Internet of Things Anomaly Detection using Machine Learning. In Proceedings
of the 2019 IEEE Applied Imagery Pattern Recognition Workshop (A.I.P.R.), Washington, DC, USA, 15–17 October 2019; pp. 1–6.
3. Cook, A.A.; Mısırlı, G.; Fan, Z. Anomaly Detection for IoT Time-Series Data: A Survey. IEEE Internet Things J. 2020, 7, 6481–6494.
[CrossRef]
4. Cauteruccio, F.; Cinelli, L.; Corradini, E.; Terracina, G.; Ursino, D.; Virgili, L.; Savaglio, C.; Liotta, A.; Fortino, G. A Framework for
Anomaly Detection and Classification in Multiple IoT Scenarios. Future Gener. Comput. Syst. 2021, 114, 322–335. [CrossRef]
5. Doshi, R.; Apthorpe, N.; Feamster, N. Machine Learning DDoS Detection for Consumer Internet of Things Devices. In Proceedings
of the 2018 IEEE Security and Privacy Workshops (S.P.W.), San Francisco, CA, USA, 24 May 2018; pp. 29–35.
6. Hwang, R.H.; Peng, M.C.; Huang, C.W.; Lin, P.C.; Nguyen, V.L. An Unsupervised Deep Learning Model for Early Network
Traffic Anomaly Detection. IEEE Access 2020, 8, 30387–30399. [CrossRef]
38

Sensors 2021, 21, 8320
7. Manimurugan, S.; Al-Mutairi, S.; Aborokbah, M.M.; Chilamkurti, N.; Ganesan, S.; Patan, R. Effective Attack Detection in Internet
of Medical Things Smart Environment Using a Deep Belief Neural Network. IEEE Access 2020, 8, 77396–77404. [CrossRef]
8. Protogerou, A.; Papadopoulos, S.; Drosou, A.; Tzovaras, D.; Refanidis, I. A Graph Neural Network Method for Distributed
Anomaly Detection in IoT. Evol. Syst. 2021, 12, 19–36. [CrossRef]
9. Cauteruccio, F.; Fortino, G.; Guerrieri, A.; Liotta, A.; Mocanu, D.C.; Perra, C.; Terracina, G.; Torres Vega, M. Short-long term
anomaly detection in wireless sensor networks based on machine learning and multi-parameterized edit distance. Inf. Fusion
2019, 52, 13–30. [CrossRef]
10. Hasan, M.; Islam, M.M.; Zarif, M.I.I.; Hashem, M. Attack and Anomaly Detection in IoT Sensors in IoT Sites Using Machine
Learning Approaches. Internet Things 2019, 7, 100059. [CrossRef]
11. AL-Hawawreh, M.; Moustafa, N.; Sitnikova, E. Identification of Malicious Activities in Industrial Internet of Things Based on
Deep Learning Models. J. Inf. Secur. Appl. 2018, 41, 1–11. [CrossRef]
12. Shukla, R.; Sengupta, S. Scalable and Robust Outlier Detector using Hierarchical Clustering and Long Short-Term Memory
(L.S.T.M.) Neural Network for the Internet of Things. Internet Things 2020, 9, 100167. [CrossRef]
13. Yin, C.; Zhang, S.; Wang, J.; Xiong, N.N. Anomaly Detection Based on Convolutional Recurrent Autoencoder for IoT Time Series.
IEEE Trans. Syst. Man Cybern. Syst. 2020, 1–11. [CrossRef]
14. Tsogbaatar, E.; Bhuyan, M.H.; Taenaka, Y.; Fall, D.; Gonchigsumlaa, K.; Elmroth, E.; Kadobayashi, Y. SDN-Enabled IoT Anomaly
Detection Using Ensemble Learning. I.F.I.P. In International Conference on Artificial Intelligence Applications and Innovations; Springer
International Publishing: Cham, Switzerland, 2020; pp. 268–280.
15. Diro, A.A.; Chilamkurti, N. Distributed Attack Detection Scheme Using Deep Learning Approach for Internet of Things. Future
Gener. Comput. Syst. 2018, 82, 761–768. [CrossRef]
16. Farshchi, M.; Weber, I.; Della Corte, R.; Pecchia, A.; Cinque, M.; Schneider, J.G.; Grundy, J. Contextual Anomaly Detection for
a Critical Industrial System Based on Logs and Metrics. In Proceedings of the 2018 14th European Dependable Computing
Conference (E.D.C.C.), Iasi, Romania, 10–14 September 2018; pp. 140–143.
17. Ferrari, P.; Rinaldi, S.; Sisinni, E.; Colombo, F.; Ghelfi, F.; Maffei, D.; Malara, M. Performance Evaluation of Full-Cloud and
Edge-Cloud Architectures for Industrial IoT Anomaly Detection Based on Deep Learning. In Proceedings of the 2019 II Workshop
on Metrology for Industry 4.0 and IoT (MetroInd4.0 IoT), Naples, Italy, 4–6 June 2019; pp. 420–425.
18. Bhatia, R.; Benno, S.; Esteban, J.; Lakshman, T.V.; Grogan, J. Unsupervised Machine Learning for Network-Centric Anomaly
Detection in IoT. In Proceedings of the 3rd A.C.M. CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence
for Data Communication Networks, Orlando, FL, USA, 9 December 2019; pp. 42–48.
19. Savic, M.; Lukic, M.; Danilovic, D.; Bodroski, Z.; Bajovic, D.; Mezei, I.; Vukobratovic, D.; Skrbic, S.; Jakovetic, D. Deep Learning
Anomaly Detection for Cellular IoT With Applications in Smart Logistics. IEEE Access 2021, 9, 59406–59419. [CrossRef]
20. Ngo, M.V.; Luo, T.; Chaouchi, H.; Quek, T.S. Contextual-Bandit Anomaly Detection for IoT Data in Distributed Hierarchical
Edge Computing. In Proceedings of the 2020 IEEE 40th International Conference on Distributed Computing Systems (I.C.D.C.S.),
Singapore, 29 November–1 December 2020; pp. 1227–1230.
21. Alrashdi, I.; Alqazzaz, A.; Aloufi, E.; Alharthi, R.; Zohdy, M.; Ming, H. AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart
City Using Machine Learning. In Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and
Conference (C.C.W.C.), Las Vegas, NV, USA, 7–9 January 2019; pp. 305–310.
22. Utomo, D.; Hsiung, P.A. Anomaly Detection at the IoT Edge using Deep Learning. In Proceedings of the 2019 IEEE International
Conference on Consumer Electronics—Taiwan (ICCE-TW), Yilan, Taiwan, 20–22 May 2019; pp. 1–2.
23. Cheng, Y.; Xu, Y.; Zhong, H.; Liu, Y. Leveraging Semisupervised Hierarchical Stacking Temporal Convolutional Network for
Anomaly Detection in IoT Communication. IEEE Internet Things J. 2021, 8, 144–155. [CrossRef]
24. Han, N.; Gao, S.; Li, J.; Zhang, X.; Guo, J. Anomaly Detection in Health Data Based on Deep Learning. In Proceedings of the
2018 International Conference on Network Infrastructure and Digital Content (IC-NIDC), Guiyang, China, 22–24 August 2018;
pp. 188–192.
25. Chalapathy, R.; Toth, E.; Chawla, S. Group Anomaly Detection Using Deep Generative Models. In Machine Learning and Knowledge
Discovery in Databases; Springer International Publishing: Cham, Switzerland, 2019; pp. 173–189.
26. Nguyen, T.D.; Marchal, S.; Miettinen, M.; Fereidooni, H.; Asokan, N.; Sadeghi, A.R. DÏoT: A Federated Self-learning Anomaly
Detection System for IoT. In Proceedings of the 2019 IEEE 39th International Conference on Distributed Computing Systems
(I.C.D.C.S.), Dallas, TX, USA, 7–10 July 2019; pp. 756–767.
27. He, Y.; Peng, Y.; Wang, S.; Liu, D.; Leong, P.H.W. A Structured Sparse Subspace Learning Algorithm for Anomaly Detection in
UAV Flight Data. IEEE Trans. Instrum. Meas. 2018, 67, 90–100. [CrossRef]
28. Himeur, Y.; Ghanem, K.; Alsalemi, A.; Bensaali, F.; Amira, A. Artificial Intelligence Based Anomaly Detection of Energy
Consumption in Buildings: A Review, Current Trends and New Perspectives. Appl. Energy 2021, 287, 116601. [CrossRef]
29. Piscitelli, M.S.; Brandi, S.; Capozzoli, A.; Xiao, F. A Data Analytics-Based Tool for The Detection and Diagnosis of Anomalous
Daily Energy Patterns in Buildings. Build. Simul. 2021, 14, 131–147. [CrossRef]
30. Kim, D.; Yang, H.; Chung, M.; Cho, S.; Kim, H.; Kim, M.; Kim, K.; Kim, E. Squeezed Convolutional Variational AutoEncoder
for Unsupervised Anomaly Detection in Edge Device Industrial Internet of Things. In Proceedings of the 2018 International
Conference on Information and Computer Technologies (I.C.I.C.T.), DeKalb, IL, USA, 23–25 March 2018; pp. 67–71.
39

Sensors 2021, 21, 8320
31. Kanawaday, A.; Sane, A. Machine Learning for Predictive Maintenance of Industrial Machines Using IoT Sensor Data. In
Proceedings of the 2017 8th IEEE International Conference on Software Engineering and Service Science (I.C.S.E.S.S.), Beijing,
China, 24–26 November 2017; pp. 87–90.
32. Shah, G.; Tiwari, A. Anomaly Detection in IIoT: A Case Study Using Machine Learning. In Proceedings of the The A.C.M. India
Joint International Conference on Data Science and Management of Data. Association for Computing Machinery, Goa, India,
11–13 January 2018; pp. 295–300.
33. Oh, D.Y.; Yun, I.D. Residual Error Based Anomaly Detection Using Auto-Encoder in S.M.D. Machine Sound. Sensors 2018,
18, 1308. [CrossRef]
34. Giannoni, F.; Mancini, M.; Marinelli, F. Anomaly Detection Models for IoT Time Series Data. arXiv 2018, arXiv:abs/1812.00890.
35. Moghaddass, R.; Wang, J. A Hierarchical Framework for Smart Grid Anomaly Detection Using Large-Scale Smart Meter Data.
IEEE Trans. Smart Grid 2018, 9, 5820–5830. [CrossRef]
36. Passerini, F.; Tonello, A.M. Smart Grid Monitoring Using Power Line Modems: Anomaly Detection and Localization. IEEE Trans.
Smart Grid 2019, 10, 6178–6186. [CrossRef]
37. Farajollahi, M.; Shahsavari, A.; Mohsenian-Rad, H. Location Identification of Distribution Network Events Using Synchrophasor
Data. In Proceedings of the 2017 North American Power Symposium (NAPS), Morgantown, WV, USA, 17–19 September 2017;
pp. 1–6.
38. Yip, S.C.; Tan, W.N.; Tan, C.; Gan, M.T.; Wong, K. An Anomaly Detection Framework for Identifying Energy Theft and Defective
Meters in Smart Grids. Int. J. Electr. Power Energy Syst. 2018, 101, 189–203. [CrossRef]
39. El-Wakeel, A.S.; Li, J.; Rahman, M.T.; Noureldin, A.; Hassanein, H.S. Monitoring Road Surface Anomalies Towards Dynamic
Road Mapping for Future Smart Cities. In Proceedings of the 2017 IEEE Global Conference on Signal and Information Processing
(GlobalSIP), Montreal, QC, Canada, 14–16 November 2017; pp. 828–832.
40. Kong, X.; Song, X.; Xia, F.; Guo, H.; Wang, J.; Tolba, A. LoTAD: Long-Term Traffic Anomaly Detection Based on Crowdsourced
Bus Trajectory Data. World Wide Web 2018, 21, 825–847. [CrossRef]
41. Bakar, U.A.B.U.A.; Ghayvat, H.; Hasanm, S.F.; Mukhopadhyay, S.C. Activity and Anomaly Detection in Smart Home: A Survey.
In Next Generation Sensors and Systems; Springer International Publishing: Cham, Switzerland, 2016; pp. 191–220.
42. Alexopoulos, N.; Vasilomanolakis, E.; Ivánkó, N.R.; Mühlhäuser, M. Towards Blockchain-Based Collaborative Intrusion Detection
Systems. In Critical Information Infrastructures Security; Springer International Publishing: Cham, Switzerland, 2018; pp. 107–118.
43. Hastie, T.; Tibshirani, R.; Friedman, J. The Elements of Statistical Learning: Data Mining, Inference and Prediction, 2nd ed.; Springer:
New York, NY, USA, 2009.
44. Murphy, K.P. Machine Learning: A Probabilistic Perspective. MIT Press: Cambridge, MA, USA, 2013.
45. Chadha, G.S.; Islam, I.; Schwung, A.; Ding, S.X. Deep Convolutional Clustering-Based Time Series Anomaly Detection. Sensors
2021, 21, 5488. [CrossRef]
46. Jiang, J.; Han, G.; Liu, L.; Shu, L.; Guizani, M. Outlier Detection Approaches Based on Machine Learning in the Internet-of-Things.
IEEE Wirel. Commun. 2020, 27, 53–59. [CrossRef]
47. Mothukuri, V.; Khare, P.; Parizi, R.M.; Pouriyeh, S.; Dehghantanha, A.; Srivastava, G. Federated Learning-based Anomaly
Detection for IoT Security Attacks. IEEE Internet Things J. (Early Access) 2021. [CrossRef]
48. Liu, Y.; Garg, S.; Nie, J.; Zhang, Y.; Xiong, Z.; Kang, J.; Hossain, M.S. Deep Anomaly Detection for Time-Series Data in Industrial
IoT: A Communication-Efficient On-Device Federated Learning Approach. IEEE Internet Things J. 2021, 8, 6348–6358. [CrossRef]
49. Lee, H.; Kim, J.; Ahn, S.; Hussain, R.; Cho, S.; Son, J. Digestive neural networks: A novel defense strategy against inference attacks
in federated learning. Comput. Secur. 2021, 109, 102378. [CrossRef]
50. Wang, C.; Chen, J.; Yang, Y.; Ma, X.; Liu, J. Poisoning attacks and countermeasures in intelligent networks: Status quo and
prospects. Digit. Commun. Netw. (Early Access) 2021. [CrossRef]
51. Meng, W.; Tischhauser, E.W.; Wang, Q.; Wang, Y.; Han, J. When Intrusion Detection Meets Blockchain Technology: A Review.
IEEE Access 2018, 6, 10179–10188. [CrossRef]
52. Novo, O. Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT. IEEE Internet Things J. 2018, 5, 1184–1195.
[CrossRef]
53. Dorri, A.; Kanhere, S.S.; Jurdak, R. Towards an Optimized BlockChain for IoT. In Proceedings of the 2017 IEEE/ACM Second
International Conference on Internet-of-Things Design and Implementation (IoTDI), Pittsburgh, PA, USA, 18–21 April 2017;
pp. 173–178.
54. Özyılmaz, K.R.; Yurdakul, A. Work-in-Progress: Integrating low-Power IoT Devices to a Blockchain-Based Infrastructure. In
Proceedings of the 2017 International Conference on Embedded Software (E.M.S.O.F.T.), Seoul, Korea, 15–20October 2017; pp. 1–2.
55. Huh, S.; Cho, S.; Kim, S. Managing IoT Devices Using Blockchain Platform. In Proceedings of the 2017 19th International
Conference on Advanced Communication Technology (I.C.A.C.T.), PyeongChang, Korea, 19–22 February 2017; pp. 464–467.
56. Alsoufi, M.A.; Razak, S.; Siraj, M.M.; Ali, A.; Nasser, M.; Abdo, S. Anomaly Intrusion Detection Systems in IoT Using Deep
Learning Techniques: A Survey. In Innovative Systems for Intelligent Health Informatics; Springer International Publishing: Cham,
Switzerland, 2021; pp. 659–675.
57. Meidan, Y.; Bohadana, M.; Mathov, Y.; Mirsky, Y.; Shabtai, A.; Breitenbacher, D.; Elovici, Y. N-BaIoT—Network-Based Detection of
IoT Botnet Attacks Using Deep Autoencoders. IEEE Pervasive Comput. 2018, 17, 12–22. [CrossRef]
40

Sensors 2021, 21, 8320
58. Sharafaldin, I.; Lashkari, A.H.; Ghorbani, A.A. Toward Generating a New Intrusion Detection Dataset and Intrusion Trafﬁc
Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (I.C.I.S.S.P.
2018), Funchal, Portugal, 22–24 January 2018; pp. 108–116.
59. Kolias, C.; Kambourakis, G.; Stavrou, A.; Gritzalis, S. Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats
and a Public Dataset. IEEE Commun. Surv. Tutor. 2016, 18, 184–208. [CrossRef]
60. Moustafa, N.; Slay, J. UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network
data set). In Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia,
10–12 November 2015; pp. 1–6.
61. Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.A. A detailed analysis of the KDD CUP 99 data set. In Proceedings of the 2009
IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 8–10 July 2009;
pp. 1–6.
62. Malaiya, R.K.; Kwon, D.; Suh, S.C.; Kim, H.; Kim, I.; Kim, J. An Empirical Evaluation of Deep Learning for Network Anomaly
Detection. IEEE Access 2019, 7, 140806–140817. [CrossRef]
63. Stolfo, S.; Fan, W.; Lee, W.; Prodromidis, A.; Chan, P. Cost-based modeling for fraud and intrusion detection: Results from the
J.A.M. project. In Proceedings of the DARPA Information Survivability Conference and Exposition, Hilton Head, SC, USA, 25–27
January 2000; Volume 2, pp. 130–144.
64. Kamat, P.; Sugandhi, R. Anomaly Detection for Predictive Maintenance in Industry 4.0-A Survey. In Proceedings of the E3S Web
of Conferences, Pune City, India, 18–20 December 2019; p. 02007.
65. Bovenzi, G.; Aceto, G.; Ciuonzo, D.; Persico, V.; Pescapé, A. A Hierarchical Hybrid Intrusion Detection Approach in IoT Scenarios.
In Proceedings of the GLOBECOM 2020—2020 IEEE Global Communications Conference, Virtual Event, Taiwan, 7–11 December
2020; pp. 1–7.
41

Random documents with unrelated
content Scribd suggests to you:

The Project Gutenberg eBook of The Squaw
Man: A Novel

This ebook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this ebook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.
Title: The Squaw Man: A Novel
Creator: Julie Opp
Author: Edwin Milton Royle
Release date: August 14, 2016 [eBook #52804]
Language: English
Credits: Produced by Al Haines
*** START OF THE PROJECT GUTENBERG EBOOK THE SQUAW
MAN: A NOVEL ***

'BIG FATHER—SEND FOR LITTLE HAL—
HAL SEE THE RISING SUN' See page 250

The Squaw Man
A Novel
By
Julie Opp Faversham
Adapted from the Play by
Edwin Milton Royle
New York
Grosset Dunlap
Publishers
Published by arrangement with Harper Brothers
Copyright, 1906, by HARPER BROTHERS.
All rights reserved.
Published December, 1906.
TO
WILLIAM FAVERSHAM

ILLUSTRATIONS
THE SQUAW MAN . . . Cover Inlay
'BIG FATHER—SEND FOR LITTLE HAL—HAL SEE THE RISING SUN'
. . . Frontispiece
ALMOST AS ONE MAN THEY THRUST THEIR REVOLVERS INTO
BUD'S FACE
SHE DREW HERSELF UP CLOSE TO HIM, AND SAID 'ME KILL 'UM'
'YES, DIANA. MY BOY—MY SON'
The illustrations in this book are reproduced from photographs of
scenes in the play, made by Hall's Studio, New York; the cover inlay
by Morrison, Chicago.
HOME
THE SQUAW MAN
CHAPTER I

It was Jim's last day at home. He stood in the centre of the fragrant
garden and watched the glory of color suffusing the Surrey hills
towards the west. With a sigh he turned away and walked to the
house.
Where's Diana? he called, as he came from the garden
through the casement-window of the library.
Diana—why, she's in bed an hour ago, I should hope, replied
his aunt, Lady Elizabeth Kerhill. She and Mabel went with Bates to
see the decorations and then said good-night. Surely you didn't
expect me to allow the children to stay up for the ball?
Mabel was her daughter; Diana Marjoribanks was a young girl of
thirteen, who had come to visit her.
Poor imps! they were so excited all day, and followed me about
the gun-room where I was doing some packing. They wanted me to
coax you to allow them to see the ball, and the tenantry welcome
Henry to-night.
Lady Kerhill elevated her eyebrows in questioning amazement at
Jim, as she nervously twisted the lace of her gown, and with an
impatient gesture motioned the subject aside. She was a tall,
angular woman, with a profile like the head on a bronze coin; there
was a suggestion of the eagle in her personality, and by her friends
she was likened to the famous Sarah Churchill, the first Duchess of
Marlborough.
To-night her face showed that anxious thoughts were crowding
in on her as she apprehensively watched the big, carved oak door
leading into the hall. Jim knew his aunt's firmness of character, and
as silence followed his words, he feared further discussion was
useless; but the wistful faces of the children at tea-time in the

nursery, as they coaxed him to plead for them to see the fun, made
him venture a final appeal.
You know, Aunt, Sir Charles brought Di over to stay with Mabel
so that she might see the festivities and incidentally say good-bye to
me, so you might turn angel and let Diana dance once with me at
the very beginning of the ball. I sha'n't see my little playfellow for
ages, you know.
A sound from outside held Lady Elizabeth's attention more
intently than Jim's pleading words. He crossed to her in the window-
enclosure and laid his hand caressingly on her shoulder.
The Colonel wired me that we were leaving Paddington at nine
to-morrow morning, and India is a long way off, Auntie mine.
Nonsense, answered Lady Elizabeth, as she rose from the
deep window-seat. You are almost twenty, and Diana is only a babe
—isn't she, Henry? She glanced up and appealed to the young man
who rather noisily entered the library.
Who's a babe? Diana? Why, mater, she's a little witch, and I
promised her I'd let her see the illuminations at ten and then old
Burrow should carry her off to bed.
Henry Wynnegate, seventh Earl of Kerhill, dropped into a great
settle close to the fire. The ball was for the tenantry in celebration of
his return, after five years' absence with his regiment. He was a tall,
heavy-set young soldier of seven-and-twenty, with the famous
Wynnegate beauty, but it was marred by the shifting expression of
his rather deep-set eyes and the heavy lines about his mouth. Self
was his god: it showed in every expression of his face and in every
action of his life.

Jim Wynnegate, his cousin, the son of the younger brother of
the late Earl, Henry's father, turned from the window as Henry
entered. In the young boy's face—for he seemed younger than his
years—one could easily trace the family resemblance; but Jim, with
his great, clean spirit shining in his honest gray eyes, invited
confidence and won it, from a mongrel dog to a superior officer. He
was taller than Henry, and as slim as a young sapling. The delicate,
sensitive mouth was balanced by a strong chin.
In the oak-lined room, grown almost black with age, the candle-
lights flickering in the heavy brass sconces, stood these three last
descendants of a great family. The Earl's brother, Dick Wynnegate,
had run away with the daughter of an impecunious colonel. A few
years later, while on service in India, he was shot, and the young
wife lived only to bring the tiny boy Jim home and to leave him with
her husband's brother. Even then the fortunes of the Wynnegates
were somewhat impaired, but the old Earl had taken the boy to his
heart, and on his death had confided him to his wife to share their
fortune with his son Henry. His last words were, Be good to poor
Dick's boy. The estates were entailed, so no provision could be
made by him for Jim, but Lady Kerhill, in her cold, just fashion, had
tried to make Dick's boy happy.
Deep in his heart, Jim remembered the years that followed;
remembered the selfish domination of the elder boy; remembered
the blind adoration of his aunt for her son, the bearer of the torch,
who was to carry on the golden light of the house of Kerhill. In the
Anglo-Saxon idolatry of the Countess of Kerhill for the male of the
family, all the old traditions and beliefs were justified. Her boy—-the
man-child who was to be the head of the house—was her obsession.

The tiny, flower-like girl who came shortly before her husband's
death, learned soon to turn to Cousin Jim for comfort when her
brother carelessly crushed her little joys, as he selfishly planned and
fought for his own gratification.
Instinctively Jim watched his aunt, who, at Henry's word, had
started to move towards him.
Of course, if you care to go and fetch Diana, I shall be happy,
Lady Kerhill said.
Henry lounged back in his chair. Well, if I forget, Jim can
remember for me—eh, Jim?
Lady Kerhill's face became grave as she leaned over Henry's
chair and closely studied the flushed face. She found there
confirmation of the fear that had preyed on her mind for the past
half-hour.
Oh, Henry, you've broken your word, she whispered.
The reckless challenge of Henry's dark eyes as he moved
impatiently in his chair was his only answer. Then in a burst of ill-
concealed resentment he rose: Don't nag, mother.
He swayed slightly as he crossed to the open casement. As Jim
turned to him, he sullenly pushed him aside.
And don't you preach, he muttered, as he started for the
garden.
Jim quickly caught him by the shoulder, Pull yourself together,
Henry. It's eight o'clock and the people are gathering in the park.
Henry's only reply was a snarl as he disappeared in the shadow
of the trees.
The broad window opened level on an Old World garden that
led into the great park beyond. The late twilight of the July night

was bathing park and garden in a curious, unearthly light which
made strange spectres of the slowly waving yew-trees. The scent of
the rose-bushes, the call of the late nightingale to his mate, and the
ghostly sundial, sentinel-like, guarding the old place, made a fitting
environment for Maudsley Towers.
On a slight hill beyond the park, Jim could see the ruins of the
famous Norman church. To the right, at the farther end of the
garden, was the Fairies' Corner. There among the trees the fairies of
the field were supposed to sleep, and to listen to and grant the
requests of the children, who had the courage to venture to them at
even-tide. Jim's thoughts were busy to-night; all the old memories
seemed to tug at his heartstrings.
He had carried Diana Marjoribanks there on her first visit to the
Towers. She was six then and he was twelve. She had clung to him
and hid her head on his shoulder—the tiny body had stiffened with
fear—as they made their way to the dark enclosure of the trees. He
could still hear her prayer.
Dear Fairy, please make Henry kinder to poor Jim, poor Mabel,
and poor me!
Even then, Henry had been the little tyrant of the Towers.
And yet to-night Henry's wish, as of old, was law to his mother.
She conceded Diana to him at his first careless request, although in
all probability he would forget the longing child in the nursery—
forget his promise to give her pleasure, as he had forgotten so often
when he was a boy.
Jim roused himself; as he turned to Lady Elizabeth he caught a
glimpse of her with the mask off, the bitter disappointment of the
mother's heart showing in every line of her proud face. He crossed

to her, but the sound of carriage-wheels turning into the driveway
heralded the approach of the first arrivals, and before Jim could
speak the doors were thrown open to the guests.
Lady Elizabeth gave one look of appeal to Jim. It said: Help
Henry and me!
Up-stairs in the right wing of the old house, a tall, slender child
crouched close to the nursery window. She had crept from her cot,
and, wrapped in a coverlet, waited, and clung to the belief that
Henry would come for her. Jim had said he would try, but Henry had
promised. She was old enough to know that what Henry desired he
obtained. Her little face was pressed closer and closer to the window
as she listened to the swelling music and saw the guests thronging
towards the park. Carriage after carriage brought its load of finery,
until the child fancied that the entire county must be gathered
below. She could see through the climbing roses down into the
library, which jutted out at a sharp angle almost opposite to the
nursery window. But of Jim or Henry she could catch no glimpse.
The stars began to creep out and blink at the tiny figure in the
window-seat. Gradually the entire house grew quiet. All—even the
servants—had joined the revelry in the park.
The music crashed louder. Fiery showers of illumination could be
seen shooting and flaming into the sky. It grew cold. Tighter she
drew the coverlet and held closer the small puppy that nestled warm
in her arms and slept. In the adjoining room Mabel, Lady Kerhill's
little daughter, lay fast asleep.
It's Jim's last night. I must say good-bye, the child whispered
to the fleecy white bundle in her arms. I must keep awake and say
good-bye.

Fainter grew the music, darker the sky, and heavier the curved
eyelids. Slowly, with a sigh the child slipped to the floor, and the
brown head pillowed itself on the cushioned window-seat. Diana
slept.
In the park, the tenantry, eager to meet their young master,
were shouting themselves hoarse. A speech of welcome followed the
dazzling illuminations. Over it all, Lady Elizabeth, with Sir Charles
Marjoribanks, presided.
Diana and her father lived on a neighboring estate, and Sir
Charles had come to-night to rejoice with his old friend on the return
of her son. Sir Charles was a man of slender physique, with a gentle,
winning manner; extremely delicate in health, he led for the most
part a secluded life, and since the death of his wife, at Diana's birth,
went little into the social world. Diana's childhood had been almost
as lonely as Jim's had been in his aunt's home. To-night Sir Charles
delighted in seeing the house of Wynnegate honored. He scarcely
noted the reckless demeanor and wild spirits of Henry as unusual;
only for Jim and Lady Elizabeth was it a night of anxiety. Never for a
moment did Henry escape Jim's watchful eyes; slip after slip made
by Henry was covered by Jim's tact and thoughtfulness, and with
simple dignity he carried the night to success. Only when he stood
aside and saw Henry receive the demonstrations of the county and
tenantry did the bitterness of his position force itself upon him. Not
once did Henry remember his promise to the child waiting for him.
Jim remembered; but the look of appeal from his aunt, and the
sullen defiance of Henry, kept him close to his cousin's side.
The final bars of the last dance were dying away and the ball
was drawing to its brilliant end. In the east, a pale streak of light

was beginning to show over the horizon. Sir Charles, half an hour
before, had gone to his room. Exhausted by the long evening's
anxiety and late festivities, Lady Kerhill forgot that Jim was to leave
early in the morning and that she would not see him again, and had
retired to her own apartment. In the great hall, tired and excited
groups of guests were saying good-night.
It's good-bye for Jim, Sir John Applegate, Diana's cousin,
called as the last carriage drove away.
A half-whimsical smile played over Jim's face. Then some one
remembered that he was leaving England. As he turned from the
door, he met the eyes of his cousin fastened on him, all the latent
rebellion rising to the surface. Henry Kerhill was sober enough to
know that Jim had watched and guarded him through the entire
night, and had stood between him and disgrace. As he leaned
against the tall mantel, the bitter consciousness that the young boy
had proved himself of fine mettle, ate like acid into his feverish
brain. He dug his hands deep into his pockets, then with a lurch he
pulled himself together. Without a word he turned, crossed to the
twisted staircase, and grasping the oak rails, slowly ascended. From
the landing came the slam of a heavy door, and Jim knew that he
was alone.
So this was the end. The striking of the bell in the church-tower
reminded him that it was now four o'clock and that he was to leave
at six. His luggage had been sent on ahead the previous day. He
changed quickly, without disturbing the tired servants, and in half an
hour was ready to walk to the station. As he came down the broad
staircase, lined with portraits of the ancestors of the house of

Wynnegate, a slight noise in the corridor leading off from the broad
landing attracted him. Before he could turn, a low voice called:
Jim—Jim!
It was Diana. Standing there in the dim light of the corridor, she
made an entrancing picture. With the parted hair falling away from
the low brow, around the oval face, and the far-apart blue-black
eyes, she looked like the child Madonna of Rosetti's Annunciation.
The coverlet was drawn close about her, the puppy still hidden under
its folds.
It's Di, Jim, she whispered as she hurried to him. I waited
and waited for you—I knew you were going away and I wanted to
say good-bye. Burrow promised that she would let me see you, but
she's fast asleep, and so is Mabel. I tried to wake them but I
couldn't. The little figure cuddled into his arms.
Jim's heart was very full as he looked at the frail child in the
early dawn, the shadows of a restless night showing on her
delicately modelled face. He drew her into a window-enclosure, and
wrapping the heavy curtains about her, held her fast.
Say something, the sweet voice coaxed. I shall miss you so
and wait for you to come back. You will come back, won't you?
Jim's only answer was to press the little head close to his heart.
In all the great house, she alone had cared to say good-bye—to wish
him in her child's way godspeed.
See, Diana continued as she opened her arms, here is
something for you to take away with you, so that you sha'n't be
lonely any more. She opened her arms and held up the soft roll of
fur with its blinking eyes and pink-tipped nose.
Di, dear Di, Jim whispered, as he patted the towsled hair.

Quite seriously her big eyes searched Jim's face to be sure that
her gift truly won approval.
The church clock boomed the hour of five. Jim hurriedly rose
and slipped the dog into his coat-pocket.
Good-bye, Di, and God bless you!
She clung quietly to him with her arms tight around his neck for
a long time; then the little face quivered, and in a burst of tears she
sank back among the cushions of the window-seat. Jim hesitated a
moment, then with a final pat on the dear head, hurriedly reached
the doorway and was out on the high-road. From a turn at the top
of the common he caught a last glimpse of the great house, and in
the big window of the hall could see the faint outline of the white
figure still huddled among the cushions.
All the suppression of the past days gave way. With a cry, Jim
threw himself down on the damp ground and convulsive sobs shook
his body. It had all been his—his home, his country—and he was
leaving it without a friend, without a loving hand or voice to cheer
him.
He suddenly felt a damp nose thrust into his hand, and a soft
tongue began to lap his face as though in sympathy. The tiny puppy
had fallen from his pocket and crawled on to his shoulder. He rose to
his feet and picked up the fluffy ball; something in the round, pulpy
mass made him laugh.
So I've found a friend, have I? Is that what you're trying to tell
me?
The dog gave a faint yelp in reply and began to lick his hand.
Holding the dog close to him, Jim walked on, all the boy in him
welling up to meet the promise of the new day. Suddenly he stopped

as he neared the station platform, and stroking gently the soft fur,
he whispered:
I'll call you Di.
CHAPTER II
It was London in full swing. A wild April shower had sprung up and
was quickly driving people into the shelter of passing hansoms.
There was a sudden exodus from the park of gayly gowned women,
hurrying to their waiting carriages. Bewildered nurses gathered their
young charges into protecting corners. Only a few minutes before it
had been radiant sunshine. Open high-swung see-victorias, with
their powdered, liveried men on the boxes, and unprotected
occupants driving from a royal house to a ducal assemblage, were
caught in the congested mass of hansoms, top-heavy 'busses, and
passing carts. Stalwart, blue-coated giants were trying to stem the
rush and scramble.
Diana crossed from the couch where she had been sitting to the
open window. In a week's time she was to be married. She held a
note in her hand, which had just come by messenger. It was from
Henry. He could not take her to Ranelagh as he had planned, he
wrote. Unexpected business had arisen, but he would see her later
in the evening.
The room in which Diana stood faced Hyde Park. The house was
one of those built a century ago by the mad Duke of Delford, and
was famous for the purity of its architecture. On this spring day the

front looked like a hanging garden, so abundant and exquisite were
the large boxes of trailing flowers. The room with its Adam ceiling
and mantel, its crimson brocade curtains against the pale-cream
walls, its rare specimens of Sheraton and Chippendale and precious
bits of china, made a harmonious setting for Diana in her dove-
colored gown. Bowls of yellow jonquils and daffodils gleamed like
golden bits of imprisoned sunlight on slender-legged tables.
Diana was alone. Lady Dillingham, her aunt, and the mistress of
the Park Lane House was confined to her room with a sharp attack
of gout. From the window looking out across the park, the rain
glinted like a fine sheet of steel. It beat down the great beds of
flaming hyacinths and daffodils that lined the park walk with their
glory of purple and yellow. The blue-and-white fleecy sky of a past
half-hour now hung over the town like a dirty ship's sail, with
puffing, dun-colored clouds sweeping past.
Diana half consciously watched the amusing scurry of the
passers-by. Through the long, open windows protected by a
projecting balcony she could hear the splashing of the rain against
the pavement. The confusion of carriages began to straighten itself
out. The hurrying crowds disappeared as though swallowed up in
the drenched ground. What had been a fantastic, brilliantly colored
panorama was now a desolate space.
As Diana stood there, a rising resentment at the broken promise
filled her mind. It was not because of the disappointment. So often,
at the last moment, her plans had been changed by Henry's failure
to keep his engagements with her. A sharp gust of wind blew its
damp air into the room and made her shiver. She closed the window
and walked to the open log fire. The spring days of an English

climate still permitted this luxury within doors. As she sat before the
hearth, the letter still in her hand hanging listlessly by her side, the
door quietly opened and her father entered. On the previous day he
had come up from the country to join Diana, who was visiting his
sister while the necessary wedding preparations were being
completed. The passing years had greatly aged Sir Charles. The
delicate, high-bred face had grown more spiritual, and he seemed
further aloof from material influences.
With a pang Diana noticed the change. She rose and crossed to
him, her tall figure hovering protectingly over the old man. The
maternal instinct was deeply embedded in Diana's nature. Quite
tenderly he took the young face in his withered but exquisitely
modelled hands and kissed her.
Alone, dear? he said. I thought Henry was to take you to join
some people at Ranelagh.
Henry has just sent me word that he is unexpectedly detained
in the city.
Something in her tone made Sir Charles wince.
She was very beautiful, in a curious, contradictory way. Her
tender, serious eyes suggested the Madonna, but her arched, full
mouth made her a half Venus. More than tall, there was in the lithe,
girlish figure an embodiment of latent reliance and vitality. Her
usually calm face was disturbed at the moment by a look of intense
perplexity. It seemed as though she were vainly trying to combat her
doubts.
She stood for a moment irresolute, then in a burst of tears she
slipped down beside the big chair in which her father sat.

I can't marry Henry—I can't, she sobbed, as she hid her face
in her hands.
For a moment Sir Charles was startled; then, smiling at what he
divined to be a lover's quarrel, he patiently patted the bent head as
though humoring a wayward child. Absorbed in his own narrow life,
he had no knowledge of men, and to him Henry Wynnegate was an
ideal match for his motherless girl.
He had known the late Earl well, and in the reflected glory of
the parents he saw the son. His heart was set on seeing Diana safely
moored in the house of Wynnegate and the brilliant position hers,
which she could assume as the Countess of Kerhill. These tears, of
course, were the foolish outcome of the afternoon's disappointment.
He let her have her cry out; then gradually drew the slender hands
from her face.
You are unreasonable, my child, he began. Surely you can
hope for no better husband than the son of my late friend. Why, I
have known him from childhood. Think, he went on, of his career
as a soldier; of the respect of his tenantry; of his position in the
world. He forgot the dominance of Lady Elizabeth, who, by her
plans and generalship had commanded all these attributes for her
son. With his knowledge of life and the future assured him, he
continued, he can give you all that so far has been denied to you.
What more can you desire, my dear?
Diana raised her tear-stained face and listened.
He drew her close to him, his feeble body vibrating with sudden
emotion as he said, I am very feeble—far older than my years, and
I long to see you safely placed. He waited a moment as though
expecting a reply, but there was no answer to his appeal. We are

poor, Diana—very poor. I have carried a heavy burden for years. This
marriage will make me supremely happy; it will make my remaining
days peaceful. He paused. You can trust me, dear, in this matter.
Say that you can.
Something in the tense, pathetic face forced back Diana's words
of opposition. Perhaps she was wrong, There was no tangible reason
for this rebellion that her perplexed mind could grasp. Her father, so
gentle, so wise, so loving, could not be doubted. Sir Charles watched
her eagerly. He loved her, but in his short-sighted desire for her
happiness he failed to see the depths of her troubled heart. Almost
convinced that her frightened instinct was wrong, Diana rose, and,
with a gentle pressure of her father's hand, yielded to his
importunities. Tactfully, and in silence, Sir Charles accepted her
consent.
A strained pause followed. Sir Charles reflectively sank into the
cushions of his high-backed chair. He was sure that Diana's outburst
was mere nervousness; it was often so with young, inexperienced
girls before marriage. The excitement of the London life was a great
fatigue to him. Even the muffled, vibrating roar that half penetrated
into the dwellings of Mayfair, told on his sensitive nature. He closed
his eyes.
Diana's girlhood had been singularly isolated from the world.
Shortly after Jim's departure for India, she had been sent abroad to
a school on the Continent. She had usually spent the summers with
her father at some peaceful, out of the way corner. Her education
completed, she had returned during the April previous, to the quiet
life of her father's home.

There followed the lonely weeks with her awakening
womanhood crying out for comprehension. Then one day Henry
Wynnegate returned to the Towers. She had only a vague memory
of the subsequent days of amusement that passed so quickly. All
that her youth and gayety had so long desired was given her. She
was unconsciously swept on by the passion of Henry's love and
could hardly recall when she promised to be his wife. That was in
the autumn.
At the beginning of the season she was presented at court. Her
youth and beauty made a sensation, and her marriage was arranged
to take place within a month.
Eager to grasp the bloom of the fresh flower he had plucked,
Henry would tolerate no delay. Backed by the dominant influence of
his mother, who in Diana saw not only the gratification of Henry's
desires, but a gracious bearer of his name, and, with the persuasion
of Sir Charles, Diana acquiesced to an early marriage. She was in
love with love, not with the man, and her loveliness and the purity of
her fresh young soul made her idealize the best of Henry's shifting,
many-sided nature.
Sir Charles dozed peacefully. Diana, with feverish cheeks and
burning eyes, longed to escape from the warm room. Through the
closed windows she could see that the rain had ceased. She wanted
to be alone, to calm the battling emotions of the past hour. As she
tiptoed to the door, it was thrown open, and the Countess of Kerhill
and Lady Mabel Wynnegate were announced.
Sir Charles aroused, rose quickly from his chair to greet the
visitors.

My dear, Lady Kerhill began, as she entered the room and
embraced Diana, we are going to ask you for our tea at once if you
will take pity on us. Such an afternoon! We were obliged to turn
back from Ranelagh because of the storm. Fortunately we had a
closed carriage, but Mabel and I were so anxious to know whether
you and Henry had started before the shower sprang up—with a
quick look of surprise about the room, she exclaimed, Why, where
is Henry?
Diana rang the bell for tea.
I had a note from Henry, dear Lady Elizabeth, saying he was
detained by some unexpected business.
Sir Charles noticed with great satisfaction Diana's superb
control. Her rebellious mood, as he surmised, had been a mere
whim.
For a moment a half-frightened look came into Lady Elizabeth's
eyes. She was never quite sure of Henry, but even to herself she
never admitted it. She had cast him for a role that he neither
suggested nor attempted to play, but she never flinched before the
duty of wilfully blinding herself to these truths. Her love and her
belief would win, and out of it all would be created the son she so
desired Henry to be—that was her unconscious prayer. She threw off
the moment's anxiety.
No doubt it is a busy week for Henry, she said. She crossed to
a chair near the fire, and with the announcement of tea began to
gossip with Sir Charles. Mabel moved close to Diana's side at the
tea-table. She had grown into a fairy-like creature, with exquisite,
youthful coloring. Very shy and utterly subordinate to her mother
and brother, she lavished upon Diana a great affection in return for

Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.
More than just a book-buying platform, we strive to be a bridge
connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.
Join us on a journey of knowledge exploration, passion nurturing, and
personal growth every day!
ebookbell.com

Wireless Sensing And Networking For The Internet Of Things Zihuai Lin

More Related Content

Similar to Wireless Sensing And Networking For The Internet Of Things Zihuai Lin (20)

Recently uploaded (20)

Wireless Sensing And Networking For The Internet Of Things Zihuai Lin