A Key Business Node Identification Model for Internet of Things Security

Based on the research of business continuity and information security of the Internet of ,ings (IoT), a key business node identification model for the Internet of ,ings security is proposed. First, the business nodes are obtained based on the business process, and the importance decision matrix of business nodes is constructed by quantifying the evaluation attributes of nodes. Second, the attribute weights are improved by the analytic hierarchy process (AHP) and entropy weighting method from subjective and objective dimensions to form the combination weight decision matrix, and the analytic hierarchy process and entropy weighting VIKOR (AE-VIKOR) method are used to calculate the business node importance coefficient to identify the key nodes. Finally, according to the NSL-KDD dataset, the network security events of IoT network intrusion detection based on machine learning are monitored purposefully, and after the information security event occurs in the smart mobile phone, which impacts through IoT on the business system, the impact of the key business node on business continuity is analyzed, and the business continuity risk value is calculated to evaluate the business risk to prove the effectiveness of the model. ,e experimental results of the civil aviation departure business show that the AE-VIKORmethod can effectively identify key business node, and the impact of the key business node on business continuity is analyzed, which further proves the efficiency and accuracy of the model in identifying the key business node.


Introduction
Nowadays, with the rapid development of the Internet of ings, related research fields are more concerned about information security and business continuity. e Internet of things (IoT) and mobile technology [1] make multisystem cooperation more convenient, the multisystem cooperation is closely related to its business continuity. erefore, due to the application of the IoT technology, when an information security event occurs [2], it may lead to delay or stagnation of business execution, which will inevitably affect business continuity. e security of the Internet of ings is one of the hotspots in various academic fields, such as information security and machine learning. In particular, machine learning is used for intrusion detection of the IoT. Belouch et al. [3] used a machine learning analysis framework to detect any anomalous events occurring in the network traffic flow. Liu et al. [4] examined specific attacks in the NSL-KDD dataset that can impact sensor nodes and networks in IoT settings and studied eleven machine learning algorithms to detect the introduced attacks. Xie et al. [5] designed a monitoring mechanism to detect link-flooding attack (LFA) based on the availability of the crucial links and trace route flows for IoT security. Yang et al. [6] proposed a malicious node detection model based on reputation with enhanced low energy adaptive clustering hierarchy (Enhanced LEACH) routing protocol for wireless network security.
Based on the management of business continuity, at present, there are many achievements in the research of business continuity security [7][8][9][10][11][12][13]. Key business node identification is very important for business recovery, which is one of the research hotspots in the field of risk assessment for the business process. Ali et al. [14] proposed a business continuity risk assessment framework for IoTservices. Given the problems of information security risk assessment and business continuity management, Torabi et al. [15] put business continuity risk management into the framework of information security risk assessment through business continuity risk analysis. Belov et al. [16] proposed a risk value calculation of the business completion rate by studying the situation of the business resource completion rate and quantitatively assessed the business system risk. Hariyanti et al. [17] proposed a new information security risk assessment model based on the business process to improve the model based on the organization's assets. Silmie et al. [18] proposed a business continuity plan framework, which is a procedural guidance to create plans that prevent, prepare, respond, manage, and recover a business from any disruption. Diesch et al. [19] developed a comprehensive model of relevant management success factors for organizational information security to make appropriate decisions.
e Vise Kriterijumska Optimizacija I Kompromisno Resenje in Serbian (VIKOR) method [20] is one of the common methods of multiattribute decision-making, which is often used in risk assessment, economics, management, and other hot fields. Yang et al. [21] proposed a hybrid multicriteria decision-making model based on the intuitionistic fuzzy number, extended Decision-Making Trial and Evaluation Laboratory (DEMATEL) method, and VIKOR algorithm to assess the information system security risk. Mohsen et al. [22] proposed an extended VIKOR method based on entropy measure for the failure modes of the geothermal power plant risk assessment. Han et al. [23] used the modified VIKOR method to identify and preferentially reinforce critical lines for skeleton-network of power systems. e Technique for Order Performance by Similarity to Ideal Solution (TOPSIS) method [24,25] is also one of the classic multiattribute evaluation methods, which is compared with the method in this paper. In summary, the paper uses the AE-VIKOR method with combined weighting for eliminating the subjective influence of some attributes to identify effectively the key business node. e model analyzes the impact of key business nodes on business continuity and further proves the effectiveness of key identification.
e main contributions of this paper can be summarized as follows. A key business node identification model for Internet of ings security is proposed. e model in this paper identifies effectively the key business node and analyzes its impact on business continuity. e model is mainly focused on the following.
(1) e combined weighting from the subjective and objective dimensions is used to improve the attribute weights of the VIKOR method to identify the key business node. Compared with the single weighting method, such as the AHP method, the combined weighting makes the results more accurate, which is verified by experiments.
(2) After the information security event occurs in the smart mobile phone, which impacts through IoT on the business system, the model can be used to analyze the impact of the key business node on business continuity. For the specific business of the business process, this model analyzes the number of business users, business average execution time, and resource utilization. (3) According to the business user number, business average execution time, and resource utilization, the business continuity risk value is calculated and realizes properly the risk assessment of business continuity in the model. (4) In this model, the decision coefficient is selected reasonably by the experiment to realize accurate identification of key business node. Compared with other multiple attribute decision-making cases, such as using the VIKOR method to select coal suppliers, it is novel that the paper analyzed the influence of different decision mechanism coefficients on the identification results. After the key nodes are identified by this model, the key nodes are further analyzed to facilitate the analysis of the impact of business continuity. e organization of this paper is described as follows. In section 2, a key business node identification model for the Internet of ings security is proposed. e key business node identification model is composed of four modules: data preparation module, data operation module, decision module, and analysis module. In section 3, the data preparation module and the data operation module are described in detail. e decision module and analysis module are expounded in section 4. In section 5, the effectiveness of the model is verified by analyzing the business continuity of the departure business and the loading business. Conclusion is given in section 6.

Key Business Node Identification Model
e key business node identification model is composed of four modules: data preparation module, data operation module, decision module, and analysis module. e framework diagram of the model is shown (see Figure 1). e function design of each module in the model is as follows.
(1) Data preparation module: according to the business process, the business node set to be evaluated is obtained, and the node importance decision matrix is obtained from the business node set and the evaluation attribute. (2) Data operation module: in this module, AHP subjective weighting and entropy objective weighting methods are used. e decision matrix is weighted by the combined weight from the subjective and objective dimensions, and the node importance combined weight decision matrix is formed. (3) Decision module: in this module, the combination weights are used to improve the attribute weight of the VIKOR method to get the node importance coefficient and rank it.
e key business node is identified in this model. (4) Analysis module: when information security events occur, business continuity faces risks. e impact of key business nodes on business continuity is analyzed in this module, the business continuity risk value is calculated, and business continuity risk assessment is carried out.

Data Preparation Module.
IoT allows billions of devices as well as virtual environments to exchange data with each other intelligently. For example, smartphones have become an important personal assistant and indispensable part of people's everyday life and work. With such a large amount of data, the model first analyzes business processes to better analyze business continuity. rough the analysis of the business process, this model extracts all businesses into nodes to form the business node set to be evaluated, which is recorded as M � n 1 , n 2 , n 3 , . . . , n m . M is the business node set to be evaluated. e set indicates that there are m nodes in the business process, which are numbered as n 1 , n 2 , n 3 , . . . , n m . . Considering business importance from multiple perspectives makes the identification of key business more effective.
erefore, this paper selects three factors to evaluate business importance, which are business node relevance, business user, and business priority. e specific process of indicator quantification of the business node importance attribute is as follows.
First, according to the theory of business process and complex network node centrality [26], business relevance is considered to assess business importance, and business relevance value can be measured according to the direct relationship between other business nodes and the business node. e value of business node relevance is calculated according to (1). e larger the business node relevance value is, the more important the business is: where g i is the ratio of the number of connected nodes of business node i to the total number of nodes except for node i. e larger the value is, the more important the business node is. h i is the number of nodes directly connected to node i. m is the total number of business nodes. Second, the business user importance is used to evaluate business importance. e types of business users are divided into staff, ordinary users, and both staff and ordinary users. In this paper, levels one, two, and three are assigned to business user types. Different types of users have different initial values. e larger the value is, the more important the business is. e importance levels for business user type values are defined in Table 1.
Finally, business priorities based on different business service types are used to evaluate business importance. e higher the business priority level, the higher the importance of business. e business priority assignment is based on the service characteristics and application types of the business. e business priority level is divided into levels one, two, three, and four. e assignment is shown in Table 2.
e data preparation module forms the node importance decision matrix X through the quantification of attributes and the nodes obtained. Due to the different dimensions of each attribute, matrix X is normalized by (3) for comparison. e standardized matrix is written as R.

Data Operation Module.
To eliminate some subjective influence of attributes and enhance the accuracy of the model, this paper uses the combined subjective and objective weighting method to determine the attribute weight.
e AHP method is one of the common methods to calculate the subjective weight. First, three attributes are compared. e business relevance is the local attribute of the business nodes, and its impact is relatively low. When the business user directly affects business operations, the impact of the user is stronger than that of the business relevance,  and the impact of the business type is greater than others. erefore, the comparison of the attribute of node importance evaluation is shown in Table 3.
where 2 and 4 indicate that the influence degree of attribute i and attribute j is between 3 and 5.
e subjective weighting steps are as follows.
Step 1: according to the subjective influence of business attributes on business importance, an initial comparison matrix A is constructed.
Matrix A is normalized to form matrix B according to the following: Step e AHP method coordinates the importance of each attribute to avoid the contradiction of each scheme. erefore, it is necessary to meet the consistency test. After the consistency test, the calculation of consistency test index CI is shown as follows: where λ max is the maximum eigenvalue and W is the maximum eigenvector in (8).
After testing, the subjective weight assignment conforms to the consistency test index. erefore, the subjective weight of each attribute is obtained which are w A 1 � 0.1062, w A 2 � 0.2065, and w A 3 � 0.6333. Entropy weighting is one of the classical methods to calculate objective weight. Using entropy value to modify the index weight provides a more reliable basis for the evaluation of business importance. e objective weight is calculated as follows: where S ij is the proportion of each indicator of each node in (9), and e j is the information entropy of the j-th index. e objective weight of each attribute is obtained, which are defined as w O 1 , w O 2 , and w O 3 . Real-time business with high quality interaction 4 Table 3: Importance level of business user type.

Meaning
Value Attribute i has the same effect as attribute j 1 Attribute i has a stronger influence than attribute j 3 Attribute i is an absolutely stronger influence than attribute j 5 Combined weight combines subjective weight and objective weight. e weight matrix Y is constructed based on the subjective and the objective method. e combined weight of attributes is calculated by (9)-(11) which is defined as w z � (w z 1 , w z 2 , w z 3 ): where λ max and X * are the largest eigenvalue and the largest eigenvector of R, respectively, in (13). e standardized decision matrix C of node importance combined weight is calculated by (16).

Decision Module.
e importance coefficient of business is calculated and sorted based on the AE-VIKOR method in the decision module. e AE-VIKOR method improves the evaluation attribute weight of the VIKOR method by combined weighting in the data operation module detailed in section 3.
VIKOR method is one of the common methods of the multiattribute decision model. e method considers both the maximum group utility and the minimum individual regret effect of the object; VIKOR method focuses on ranking and selecting from a set of alternatives and determines compromise solutions for a problem with conflicting criteria, which can help the decision-makers to reach a final decision. e value of the maximum group utility is measured by U i , the value of the minimum individual regret effect is expressed by K i , and Q i is the decision value, which is calculated by the following: where v is the coefficient of the decision-making mechanism in (19), rough comparative experimental analysis in section 5, in order not to lose the generality, this paper selects v � 0.5. AE-VIKOR method is also a compromise ranking method, the feasible solution of which is closest to the ideal solution. erefore, the AE-VIKOR method is without loss of generality to meet the following two conditions. Condition 1. Acceptable advantage. e first two nodes in sorting are Q i and Q j . e conditions shown in formula (16) need to be met, where m is the number of business nodes.
Condition 2. Acceptable stability. e importance coefficients of key business nodes rank first in U i and K i .
If the aforementioned two conditions are met at the same time, the model recognition results are considered valid. e value of Q i calculated based on the AE-VIKOR method is the business importance coefficient. e key business node is the largest business importance coefficient.
rough the calculation of the AE-VIKOR method, the business importance coefficient is between [0, 1].

Analysis Module.
e information security of IoT is closely related to business continuity management in the Internet era. When an information security event occurs in the system, it will affect the business continuity for the business process.
When a threat makes use of the vulnerability of IoT, information security events will appear, such as natural disaster events, infrastructure failures, network attacks, technical failures, and malicious code attacks. erefore, it shows the relationship between information security and business continuity (see Figure 2). e risk value of business continuity is calculated by combining the importance coefficient of key business according to the number of business users, average execution time of business, and resource utilization in this paper.
In this paper, the maximum of business user's numbers, average execution time, and resource utilization are, respectively, set as u max , r max , t max . When an information security event occurs, the number of business users, business execution time, and resource utilization rate at i time are defined as u i , r i , t i . e business continuity risk value is calculated by the following: where Q i represents the business importance coefficient, which can be calculated by the AE-VIKOR method in section 3. L represents the business continuity risk value, which is an important basis for the business continuity risk assessment level.

Security and Communication Networks
On calculating according to (21)-(23), the business continuity risk value L is an important basis for the business continuity risk assessment level. Because the value range ΔP is between 0 and 1, and the business importance coefficient is between 0 and 1, business continuity risk is classified according to business continuity risk value. When the risk value of business continuity is higher than 0.15, it is considered that business continuity is at higher risk. Business continuity changes with the change of business execution time. e experimental results based on mobile devices show that, after the completion of service execution time, the business continuity risk value calculated by the model does not exceed 0.15. erefore, the use of academic language to describe business continuity risk is shown in Table 4. e business risk value is between 0 and 0.15, so the risk level of business continuity is shown in Table 4.

Experimental Results and Analysis
e civil aviation industry is one of the key industries of information security. Due to the convenience of IoT, it is very common for the public to handle the departure business on mobile devices. In particular, the check-in service is carried out through the IoT technology on the smart mobile devices. However, information security appears in the smart mobile devices, and other services connected through IoT technology will also be affected. As one of the core business systems in the field of civil aviation, departure system security is of great significance. To ensure the operation safety of the civil aviation business, this paper studies the potential security risks and possible risks of civil aviation information. erefore, it is of great significance to analyze the implementation and business continuity of the key services of mobile devices.

Key Node Identification.
According to the NSL-KDD dataset, the network security events of IoT network intrusion detection based on machine learning are monitored purposefully, and the risk of business continuity caused by the key business is analyzed. Once the information security event occurs in the smart mobile phone, which impacts through IoT on every business of the system, it will cause a great threat to civil aviation security. erefore, the experimental object of this paper is the departure business process of civil aviation. Its business process is shown (see Figure 3). Specific experimental steps of calculating the business importance coefficient are as follows.
Step 1. Obtain the business node set.
is experiment needs to evaluate the importance of all business nodes in the departure business process. erefore, all businesses in the departure business process are extracted into nodes to form the business node set to be evaluated, which is recorded as N � n 1 , n 2 , n 3 , n 4 , n 5 , n 6 , n 7 , n 8 , n 9 , and represents establish flight information, flight data control prepared flight, loading preparation flight, check-in, monitoring the check-in flights, end check-in, end monitoring, loading closure, and flight closure, respectively.
Step 2. Construct the decision matrix of node importance. e decision matrix of node importance is formed by the node and the attributes of each node. According to the assignment of node attribute indicators in the data preparation module, the assignment of departure business node importance attribute indicators is shown in Table 5. e node importance decision matrix X is formed according to the business nodes and quantitative values of each attribute shown in Table 5.
After (3) is standardized, the standardized node importance decision matrix R is formed:    Step 3. Calculate the combined weight. e combined weight is calculated. e subjective weight is w A � {0.1062, 0.2605, 0.6333}, which is calculated by the AHP method. According to the objective weight calculated by the entropy method, w O � {0.3273, 0.3298, 0.3429} according to (9)- (11), and the combined weight of the two is w Z � {0.2228, 0.2756, 0.5016} according to (13)- (16).
Step 4. Key business node identification.
Node importance ranking based on the AE-VIKOR method in section 4 and the importance coefficient of departure business node are calculated as Q i � {0.1975, 0.1464, 0.5199, 1.000, 0.4844, 0.4947, 0.1048, 0.057, 0.1176} according to (13)- (15). e recognition results of the model meet two conditions after testing according to (16)- (19), and then the identification result of the key node identification model is regarded as valid. It can be seen that the most important factor of n 4 is the node. It is the check-in business that is the key business of the departure system.

Business Continuity Analysis.
When a threat makes use of the vulnerability of IoT, an information security event occurs in the passenger check-in system, and the maximum number of business users, average execution time, and resource utilization rate of the passenger check-in system at T 0 time, respectively, correspond to 1000, 10 s, and 90%.
After the information security event occurs in the checkin system at T 0 time, the check-in system data within 1 h can be obtained through monitoring. Table 6 shows the execution of the check-in business at T 1 , T 2 , T 3 , T 4 after the information security event.
To compare with the check-in, when the information security event occurs in the loading system at the time, the system data within 1 h is monitored and obtained. Problems in the loading system affected the loading fight business and loading closure business.
Execution of the loading preparation business after the information security event is shown in Table 7. e execution of the loading closure business after the information security event is shown in Table 8. e data in Tables 6-8 show, after the occurrence of information security incidents, the three factors related to business continuity, namely, the number of business users, average execution time of business, and change of resource utilization rate with time.
e time of the loading system is inconsistent with the time of the aforementioned passenger check-in system, and the time of information security incident is inconsistent, while the monitoring time and time interval are consistent. erefore, the business continuity risk value and assessment level are shown in Figure 4 at the same time.
e data of check-in business and loading business at every moment shows the degree of business continuity risk in Figure 4.
When an information security event occurs at T 0 time, it can be seen from Figure 4 that the business continuity risk value of check-in business increases rapidly after the time, while that of the loading fight business is relatively slow compared with check-in business. e data of the loading closure business shows it has the least impact on business continuity and the change degree of business continuity risk of the loading closure is the least.
At T 4 time, the value of the business continuity risk of the check-in business is 0.1426, and it is close to the higher risk. e data shows that the business continuity risk value of loading fights business within T 4 time is slowly increasing, and the risk of the loading fights business at T 4 time is 0.0654, and the corresponding risk level of business continuity is medium. At T 4 time, the risk of the loading closure business is 0.0086. Its risk increases more slowly with the change of time.
e corresponding risk level of business continuity is low at T 4 time.
erefore, the experiment further proves the validity and accuracy of the key business node identification model based on the AE-VIKOR method, and the impact of key nodes on business continuity is clearly demonstrated in Figure 4.

Comparison of Key Business Identification Methods.
In this paper, the AE-VIKOR method is used to calculate the importance coefficient of civil aviation departure business nodes, and the AE-VIKOR method is compared with the other five methods. e importance coefficient calculated by each method for each node is shown in Table 9. e calculation method and business node ranking of several business nodes are shown (see Figure 5) to clearly describe the difference between each method. erefore, the value in Figure 5 corresponds to the importance coefficient calculated in Table 9.
As can be seen from Figure 5, the AE-VIKOR method is more accurate than the other four methods. AHP-VIKOR and Entropy-VIKOR methods consider attribute weight from a single perspective, and then, the evaluation results from subjective or objective perspectives are biased. e VIKOR method does not consider attribute weight and it is not an accurate assessment of business importance from multiple perspectives. e DEMATEL and AHP methods are used to calculate the subjective weight. By comparison, the weight calculated by the AHP method is better than that by the DEMATEL method. For example, there is not much difference between the value of n 1 and that of n 2 calculated by the DEMATEL-Entropy-VIKOR method, and the difference in importance is not clearly expressed. However, the AE-VIKOR method clearly shows the difference in importance coefficients between the two nodes. In this paper, the combined weight is applied to the TOPSIS method and compared with the AE-VIKOR method.
e results show that the business importance coefficients of n 1 , n 3 , n 5 calculated by the TOPSIS method are also biased compared with the AE-VIKOR method (see Figure 5). erefore, this paper uses the AHP method to calculate the subjective weight of attributes and uses the entropy method to calculate objective weights. From these two dimensions, the combined weights are considered to improve the attribute weights of the VIKOR method and further improve the model recognition effect.
is paper uses the AE-VIKOR method to calculate the business importance coefficient to ensure the accuracy of the results to facilitate the analysis and management of business continuity.

Comparative Experiment on the Coefficient Selection of Decision Mechanism.
e evaluation results of the AE-VIKOR method are different due to different coefficients of decision mechanism v. It is very important to choose the coefficient of decision mechanism reasonably for the evaluation result of the method. To adopt a reasonable and efficient decision mechanism, coefficient v is designed to be 0.2, 0.4, 0.5, 0.6, and 0.8, in this paper. e importance coefficient of departure business node is calculated and analyzed. e evaluation result is shown (see Figure 6). It can be seen from Figure 6 that when v � 0.5, the calculation of the importance coefficient of each node is accurate and the difference is obvious. erefore, to improve the universality of the model. e decision mechanism coefficient v of the AE-VIKOR method is set to 0.5.

Conclusion
is paper proposes a key business node identification model for the Internet of ings security. e model analyzed the business process to obtain business nodes. en the business node importance evaluation attributes were quantified. And a combined weight was used to improve the attribute weight to identify key business node. After the information security event occurs in the smart mobile phone which impacts through IoT on the business system, the AE-VIKOR method is used to make a decision and sort the importance of business nodes, and the model analyzes the impact of key business node' on business continuity. e experimental results show that the key business node identification model based on the AE-VIKOR method is more accurate, and the business continuity risk assessment is carried out reasonably. e next step is to analyze the impact of the key business node on business recovery priority, after information security events occur, and further improve the recognition ability and adaptive ability of the model.

Data Availability
e raw/processed data required to reproduce these findings cannot be shared at this time as the data also forms part of an ongoing study.
Disclosure e manuscript has been extended about 150% from the Frontiers in Cyber Security (FCS 2020) conference manuscript. An earlier version of this work was presented as a paper at the FCS 2020 conference found at the following link: https://link.springer.com/chapter/10.1007/978-981-15-9739-8_47.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper when handling and making decisions.