An Improved K -Means Clustering Intrusion Detection Algorithm for Wireless Networks Based on Federated Learning

. The existing wireless network intrusion detection algorithms based on supervised learning confront many challenges, such as high false detection rate, di ﬃ culty in ﬁ nding unknown attack behaviors, and high cost in obtaining labeled training data sets. This paper presents an improved k -means clustering algorithm for detecting intrusions on wireless networks based on Federated Learning. The proposed algorithm allows multiple participants to train a global model without sharing their private data and can expand the amount of data in the training model and protect the local data of each participant. Furthermore, the cosine distance of multiple perspectives is introduced in the algorithm to measure the similarity between network data objects in the improved k -means clustering process, making the clustering results more reasonable and the judgment of network data behavior more accurate. The AWID, an open wireless network attack data set, is selected as the experimental data set. Its dimensionality reduces by the method of principal component analysis (PCA). Experimental results show that the improved k -means clustering intrusion detection algorithm based on Federated Learning has better performance in detection rate, false detection rate, and detection of unknown attack types.


Introduction
With the rapid development of wireless LAN and mobile communication technologies, the WiFi network has become an indispensable part of people's daily work and life, bringing great convenience. Meanwhile, it is always threatening people's property and information security because of the security threats. Therefore, it is of great significance to study network information security and related technologies. At present, as an important direction of network security research, the network intrusion detection method has attracted the interest of many researchers [1].
Network intrusion detection, as an important dynamic security technology, is the most widely used and effective active network security defence method at present, which makes up for the deficiency of static security technology. Intrusion detection technology is mainly divided into two categories: misuse intrusion detection and anomaly intrusion detection [2]. With the aid of the established database of known intrusion behavior characteristics, misuse intrusion detection technology can use the database to real-time monitor the network data flow in pattern matching and thus determine whether the network behavior and its variant behavior are abnormal. When the data traffic characteristics and features in the database intersect any of the detection rules, it can be concluded that an invasion has occurred. Misuse intrusion detection technology relies on the characteristic library of known intrusion behaviors, which can detect the known intrusion behavior quickly and accurately, thus, determine which type it belongs to. Unfortunately, it cannot detect the network intrusion behavior of an unknown attack type. By establishing the normal behavior characteristic database, the abnormal intrusion detection technology can solve the above problem. When the behavior characteristics of network data do not conform to the rules of the normal behavior characteristic database, the behavior is determined as network intrusion behavior. This technique can detect the intrusion behavior of an unknown attack type, but its false detection rate and missed detection are high [3]. With the increasing diversification and complexity of network intrusion behaviors, the network intrusion detection system based on anomaly detection technology can better adapt to the changeable network environment, which makes it more popular at present.
In the network intrusion detection system with supervised anomaly detection, a large amount of normal behavior data needs to be marked in the practical application process to establish the normal behavior characteristic library. However, it is very difficult and costly to obtain pure and accurate data sets of normal behavior in the real network environment [4]. To solve this problem, the unsupervised anomaly detection method was proposed, which does not rely on labeled data or requires manual or other methods to mark and classify the training data set [5]. Accordingly, the lack of training data set for the detection model is alleviated to a certain extent. However, the major challenges faced by it are still lacking a large number of effective training data sets. How to train the detection models with the network traffic data from different data sources and protect their privacy is an urgent problem to be solved.
Federated Learning [6], first proposed by Bernd, is an effective way to solve the multisource data cotraining model, whose purpose is to carry out collaborative training without sharing private data. The model is not trained intensively with the aggregated multisource data but trained cooperatively with them by only transmitting their relevant encrypted parameters. With the wide application of Federated Learning in intrusion detection systems, researchers have proposed a series of effective detection algorithms based on it. For example, Wang et al. [7] proposed a method of using a DCNN network to extract features under the federated learning mechanism and finally using the Softmax classifier model to carry out intrusion detection. Zhao et al. [8] proposed a network intrusion detection classification model (CNN-FL) that integrates Federated Learning and convolutional neural network (CNN), and it used multisource data to cotrain the same model to improve the classification accuracy of the classifier. Wei et al. [9] proposed a cross-platform malicious user detection method for social networks based on vertical federated learning, which combined multiparty data for modeling and analysis and finally realized more accurate detection of malicious users.
In order to further improve the detection rate of wireless network intrusion detection system, reduce the false detection rate, flexibly discover the attack behavior of unknown attack types, and efficiently reduce the training time of the model, this paper proposes an improved k-means clustering intrusion detection algorithm for wireless network based on Federated Learning. This algorithm no longer takes Euclidean distance as the measurement method between data objects of wireless network but uses cosine distance [10] which is more suitable for high-dimensional network data to describe the similarity between objects and then measures the similarity between any two data objects from multiple perspectives, making the measurement results more reasonable and accurate. At the same time, this algorithm improves k-means clustering by combining three-way decision ideas, realizes the dynamic adjustment of k values by setting the threshold α, and also realizes the delayed decision of uncer-tain network data by using the q neighborhood of data objects, thus, further improving the detection rate of the intrusion detection system and reducing the false detection rate.
In this paper, we choose the open data set AWID [11] of the wireless network to do the experiments and the method of principal component analysis (PCA) [12] to reduce the dimensionality of experimental data, which significantly decreases the data feature scale and improves the performance of the algorithm. Experimental results show that, compared with the traditional wireless network intrusion detection algorithm, the proposed algorithm in this paper not only realizes the purpose of expanding the amount of training data but also improves the performance of the detection rate, the false detection rate, and the discovery of unknown attack types under the condition of ensuring the data privacy security.

Intrusion Detection Model Based on Federated Learning
As an artificial intelligence algorithm, Federated Learning is designed to ensure the security of private data while sharing and using local private data. It solves the problem that multiple computing nodes train the global model together without exchanging the original data. In Federated Learning, the global model is trained among a large number of participants in a distributed means. To avoid the server accessing local data, the participants only train the model locally and update the global model only by passing model parameters to the server. In this paper, it is applied to the wireless network intrusion detection system under the condition of lacking a large amount of effective training data. Instead, it makes full use of the local network data to assist in training the detection model. Accordingly, the overall performance of the detection model can be improved, and the privacy data leakage problem can be avoided in the process of data transmission [13]. The intrusion detection model based on Federated Learning is shown in Figure 1, where it is assumed that there are H participants with the same goal to jointly train the global classifier. In each iteration, the server passes the global model M to each participant, and the participant trains it separately through local wireless network data. After the local training is completed, each participant passes the model parameters back to the server, and the server updates the global parameters by averaging the model parameters of each participant and sends the new parameters to each participant. The core function adopted by the classifier model in this paper is the improved k-means clustering function, and the model parameter passed in the iteration process is the k-means clustering threshold α. The updating process of the global model is shown in where Mα t+1 is the model parameter at the moment of t + 1

Improved K-Means Clustering Algorithm
3.1. Traditional K-Means Clustering Algorithm. The traditional k-means clustering algorithm takes the Euclidean distance between data objects as the basis to measure whether the connection between data objects is close and considers that the closer the feature attributes are, the smaller the distance between data objects [14,15]. It follows two assumptions of clustering: (1) the number of normal data objects in the whole test data set is far greater than that of abnormal data objects; (2) there are obvious differences between normal data objects and abnormal data objects. The traditional k-means clustering algorithm is as follows.
It is a typical two-way clustering method based on the idea of two-way decision, that is, to determine whether a data object belongs to a certain class cluster or not. With the increasing diversity and complexity of wireless network intrusion, the two-way clustering algorithm has some shortcomings when dealing with network data sets. On the one hand, clustering results cannot fully reflect the properties of all data objects themselves. For example, in Figure 2, according to the traditional two-way clustering method, data objects X1 and X2 are grouped into two clusters C1 and C2, respectively. There are significant differences between data points X1, X2, and data objects in the corresponding clusters. Therefore, the adoption of two-way clustering method will inevitably reduce the intrusion detection rate while increase the false detection rate. On the other hand, the traditional k -means clustering algorithm adopts a fixed value of k, the number of categories of all data behavior, which is difficult to predict exactly in advance. Therefore, the fixed k will affect the accuracy of classification and judgment of wireless network data.
3.2. The Improved K-Means Clustering Algorithm by Combining Three-Way Decisions 3.2.1. Idea of the Three-Way Clustering. To solve the problems existing in the application of traditional clustering algorithms in the intrusion detection systems, many scholars have improved the two-way clustering algorithm by introducing the three-way decision idea into the clustering algorithm and then proposed the three-way clustering method. The core idea is to extend the decision items into positive domain decision, negative domain decision, and boundary domain decision [16,17]. If you have a full grasp of and a comprehensive understanding of things, you can directly make a judgment of acceptance or rejection; otherwise, further investigation is manifested as a delay in decision making [18,19]. Taking Figure 3 as an example, using the traditional two-way clustering method, data objects X1 and X2 can only be classified C1 and C2, respectively. But there are significant differences between data objects X1 and X2 and those in classes C1 and C2. The clustering results are shown in Figure 3. The three-way clustering method is used for clustering, and the results are shown in Figure 4. X1 and X2 are divided into the boundary region of C1 and C2, respectively, which can be used as uncertain data objects for further processing. Compared with the traditional two-way clustering method, it has obvious advantages in structure and can further cluster and judge outlier data points according to their particularity.
The three-way clustering method is an extension of the traditional two-way clustering method, which is a solution to the reasonable classification of uncertain data objects. If it is difficult to determine the category of the data object immediately, it can assign to the boundary area. The data objects whose category can be determined accurately assign to the core area.
For data set X = fx 1 , x 2 , ⋯, x n g, assume that C = fC 1 , C 2 , ⋯, C k g is the result of using the two-way clustering method to cluster X. Each category C i is improved according to the three-way decision idea, and it is represented as C i = C P i ∪ C B i by two sets C P i and C B i , where they are

Wireless Communications and Mobile Computing
where C P i , C B i are called the core region and the boundary region of the class, respectively. The data objects in the core region are determined to belong to a class C i , while the data objects in the boundary region may belong to a class C i .
In the process of intrusion detection, the core region data are directly classified as intrusion data or normal data, and the boundary region data are deferred to decide to reduce misjudgment.

Three-Way Dynamic Threshold K-Means Clustering
Algorithm. In general, the same kind of behavior data in the network intrusion detection system has a high similarity [20], so the vast majority of boundary region C B i in the result set based on the three-way clustering algorithm can be basically determined as behavior data that is not of the same kind with the core region C P i . On the basis of the traditional threeway clustering algorithm based on q neighborhood, the following improved k-means clustering algorithm of threeway dynamic threshold is proposed to eliminate the influence of human intervening k value on the clustering effect of the k -means algorithm.
In the process of k-means clustering, a distance threshold α is introduced, which is predicted by the hard clustering algorithm and dynamically optimized during the algorithm execution. It adopts distance as the similarity evaluation index, and the introduction of α can effectively cluster those 1. Input: data sample set X = fx 1 , x 2 , ⋯, x n g and the number of clustering k. 2. Initialize: Randomly select k data objects to form the first cluster center point set U = fu 1 , u 2 , ::, u k g from the data set X = fx 1 , x 2 , ⋯, x n g.
Calculate the distance dðx i , u j Þ between all x i in X and k cluster center points u j . 4.
Update the cluster Recalculate the new mean in each cluster Update the cluster center point set U = fu 1 , u 2 , ::, u k g.
Algorithm 1:    Wireless Communications and Mobile Computing outlier data objects separately, which can be used as a new clustering center to participate in data training. The dynamic adjustment of the clustering center can eliminate the influence of human intervening k value on the clustering effect of the k-means algorithm to a certain extent. The k-means clustering algorithm based on three-way dynamic thresholds is as follows.
The final clustering result consists of two data sets C B and C P , where C P contains all the core region data objects through deterministic division and C B contains the deterministic data objects obtained from all the data in the uncertainty border area by a secondary deterministic division. The accuracy of the resulting clustering set is significantly higher than that of the traditional two-way clustering algorithm.

Similarity Measure of the Multiple Perspective Cosine
Distance. Euclidean distance is a common measure of the distance between samples used in clustering algorithms. As shown in equations (4) and (5), the traditional k-means clustering method achieves the purpose of clustering by minimizing the sum of the distance between each sample and the center of the class.
In the methods of similarity measurement between samples, Euclidean distance focuses on measuring the numerical differences of attribute values between samples, while cosine distance, mainly measuring the differences between dimensions without paying attention to the numerical differences, focuses on the consistency of value directions between dimensions. For wireless network data with higher dimensions, these two traditional measurement methods have their limitations. In this paper, the improved cosine distance measurement method is introduced to the k-means clustering algorithm of wireless network data, and the similarity between data objects in a wireless network is measured from multiple perspectives to obtain a more reasonable and real similarity between two data objects, thus, making the 1. Input: data sample set X = fx 1 , x 2 , ⋯, x n g and the number of clustering k. 2. Initialize: Randomly select k data objects to form the first cluster center point set U = fu 1 , u 2 , ::, u k g from the data set X = fx 1 , x 2 , ⋯, x n g.
Calculate the distance dðx i , u j Þ between all remaining x i in X and k cluster center points u j . 6.
Update the cluster , where x i is the stand-alone cluster in the X and the cluster number is updated to k′. 9.
Recalculate the new mean in each cluster
Calculate the objective function 12.
Until: J convergence. 13. Obtain the two-way clustering result:

Traverse all the class
′, then randomly select k data objects to form the first cluster center point set U = fu 1 , u 2 , ::, u k g from 19. Obtain the two-way clustering result:

20.
Output: the final clustering result C = fC B ′ , C P g.
Algorithm 2 5 Wireless Communications and Mobile Computing clustering results more ideal. The distance based on cosine can be expressed as: where cos ðx i , x j Þ is the cosine value of the angle between x i and x j , measuring the similarity between the data objects [18]. According to equation (6), the cosine distance can be regarded as the angle between two objects observed from the perspective of the origin. Therefore, the cosine distance can also be expressed as: Equation (7) only takes 0 as the reference point, and the angle between two objects is only the angle from the origin, as shown in Figure 5(a). However, if two data objects are approximately in line with the origin, the cosine distance measurement with the origin as the only reference point will lose its effect, as shown in Figure 5(b). Therefore, cosine distance measurement from multiple perspectives will be effective in solving this problem.
Introduce a third nonorigin point d h as the reference point, and the distance between the data x i and x j can be expressed as: When measuring the similarity between two data objects, we can observe the angle between two data objects from each point in the reference point set S h , that is, the angle between vectors x i − d h and x j − d h . The distance between data x i and x j can be expressed by the mean of the cosine distance observed from multiple reference points: where |S h | is the base of the set S h . The main idea of selecting reference points for multiple perspectives is as follows.
Assume that A is the point on the outer hypersphere of the unit hypercube in the n-dimensional space, and O is the center of the sphere. When point A is selected on the unit hypersphere according to the equal angular step of the spherical coordinates, in the Cartesian coordinate system OX 1 X 2 ⋯ X n , the Cartesian coordinates ðX 1 , X 2 , ⋯,X n Þ of point A can be calculated as follows: In particular, suppose that A is any a point on the unit sphere in three-dimensional space, α 1 is the angle between OA ! and the x-axis, and α 2 is the angle between the projection of OA ! on the plane YOZ and the y-axis, as shown in where n is the spatial dimension, and the value of n in threedimensional space is 3. Thus, the coordinates of point A in the spatial Cartesian coordinate system are ðX, Y, ZÞ. For example, in three-dimensional space, when N = 3 is selected, the datum point coordinates obtained by the multiple perspective method are shown in Table 1 and Figure 6(b). The datum point set Sh contains data objects from all angles, so the cosine distance can more reasonably measure the similarity between two high-dimensional data objects in the case of multiple perspectives. In this paper, the multiple perspective cosine distance is used as the distance measurement method of the improved k-means clustering and applied to the wireless network intrusion 6 Wireless Communications and Mobile Computing detection algorithm, and more accurate detection results are obtained. Compared with the traditional Euclidean distance, this algorithm adopts the cosine distance to calculate the distance between high-dimensional data objects, which ensures a higher detection rate and a lower false detection rate. Unfortunately, its time complexity increases significantly, thus, decreasing its detection efficiency. Therefore, the PCA method is used to reduce the dimensionality of the data set in the wireless network, reducing the impact of the time complexity on the detection efficiency of intrusion detection.

Improved K-Means Clustering Intrusion Detection Algorithm for the Wireless Networks Based on Federated Learning
In the improved k-means clustering intrusion detection algorithm for the wireless network based on Federated Learning, each participant with the local training data set needs not to share its private data set and preprocesses its local data by itself. All participants use the processed data set to train the classifier model and timely transmit the related parameters. Each participant trains the classifier model by downloading the latest global model parameters in the next iteration. The classifier has a good detection effect on all data sets by cyclic iteration until the overall model reaches the optimal, as shown in Figure 7. During the actual training, participants and the server exchange relevant parameters at the proper time. In this paper, we assume that each participant is an independent and equal individual, and its training data size is equal or the difference is small. Therefore, the server carries out an arithmetic average operation on the model parameters uploaded by each participant. The algorithm is as follows: Figure 5: Measures the distance between data objects from the origin. Figure 6: Three-dimensional space datum point set.

Experiments and Result Analysis
The experimental equipment in this paper is 11 laptop computers with Windows 10 operating system, Intel i5 CPU, and 8 G memory, where one acts as the server. The experimental data set is the wireless network data set AWID. The development environment is Python 3.7. The comparative tests are as follows.
(1) For detection rate and false detection rate, the proposed algorithm is compared with the intrusion detection algorithms based on traditional KNN classification and the density clustering DBSCAN  Each participant calculate U = fU 1 , U 2 ,⋯,U n g according to k-means algorithm.

4.
Each participant passes the k-means clustering threshold α t to the server. 5.
The process of data set preprocessing includes data completion, data rationalization, numerization of character data, data normalization, and reduction of the data attribute dimensionality.

Data Clipping.
In the AWID data set, some attributes of a few network data are missing. To ensure the effectiveness of its results, delete those attributes with the missing 1.Input: The wireless network Data x = ðx 1 , x 2 ,⋯,x p Þ T and principal component cumulative variance contribution threshold R.
3. i =1. 4. Repeat IF Varðy i Þ = l T i ∑l i reaches its maximum, get y i: i = i + 1 5.Until i = J 6. Determine m, the number of selected principal components, according to R and then obtain y = ðy 1 , y 2 ,⋯,y m Þ T .

Data
Selection. The number of normal behavior records in the AWID is far greater than the number of attack behavior records. Such is the case in the real network environment. Therefore, we select the 10 : 1 normal behavior record and aggressive behavior record as the training data set to construct the classifier. To fully verify the detection performance of the proposed algorithm on the data behaviors of different attack types, we also select 10 : 1 normal behavior records and attack behavior records to build a test data set. Besides, the training data set and test data set allocated to each participant contain a different number of attack behaviors. To the greatest extent, it restored the situation that some attack behavior data in the local data set of some users in the real wireless network environment is less or does not exist, but it can also have the ability to detect such attack behavior through the training of the Federated Learning detection model.

Numerization of Character Data.
The hexadecimal attribute value in the AWID is converted to the decimal attribute value, the MAC address attribute value is converted to the number of its occurrence in the whole data set, and the data attribute value in the form of characters is numerically processed by the one-hot encoding [23,24] method. The character attribute variable processed by the encoding method can retain the influence degree of the original attribute on the clustering result more reasonably.

Dimensionality
Reduction of Data Attributes. The wireless network data in the AWID has 154 attribute values. In this paper, we delete all the attributes with the same values in the data set before the experiment and use the PCA to extract the attributes with a greater contribution rate to reduce the dimensionality of the wireless network data and then reduce the time complexity of the detection algorithm. 5.1.5. Data Standardization. Different attributes in the data set have different ranges. To reduce the impact of such difference on the detection model, we can use z-score standardization [25,26] on the data to make it a normal distribution. Using distance to measure similarity and the PCA to reduce dimensions, the z-score normalization is better than the Minmax normalization in classification and clustering algorithms.
where y i represents the normalized data of x i , x i represents the i-th eigenvalue, μ represents the data mean value of the feature, and σ represents the standard data deviation of the feature.

PCA Method for Dimensionality Reduction of Wireless
Network Data. In wireless network data, each piece of network data often involves dozens or even hundreds of attribute variables. Too many attribute variables will not only increase the time complexity of the detection algorithm but also bring difficulties to the reasonable analysis of detection results.
Although each attribute variable of the network data provides a certain amount of information, its importance and contribution vary. Moreover, in most cases, there is a certain correlation between various attribute variables of network data, which makes the information provided by these attribute variables overlap to a certain extent and affects the accuracy of detection results. Therefore, we adopt the PCA method to deal with these attribute variables and replace the original attribute variables with a small number of variables, so as to achieve dimensionality reduction of wireless network data [27]. The dimensionality reduction process is as follows.
In wireless network data set AWID (154 attributes) [28], the 77-dimensional attributes that have an influence on clustering results were extracted and dimensional reduction was conducted by the PCA method. The principal component variance contribution rate and cumulative variance contribution rate obtained were shown in Table 3. When the PCA is used to reduce the dimensionality of wireless network data sets, the appropriate number of principal components can be selected by adjusting the threshold value of the contribution  Selecting a large number of principal components to replace the original data cannot achieve the purpose of dimensionality reduction. Therefore, how to choose the appropriate number of principal components to replace the original network data needs to be decided according to the specific algorithm and algorithm function, so as to achieve the goal of data dimen-sionality reduction to the maximum extent on the basis of guaranteeing the high performance of the algorithm. After many experiments, this paper selects the first 16 attributes after dimensionality reduction to carry out intrusion detection experiments and obtains the most ideal detection results. When additional attributes were added for the experiment, the time complexity gradually increased, but the intrusion detection results did not change significantly, so the first 16 attributes were selected in this paper.

Analysis of Experimental
Results. In this paper, detection rate ACC and false detection rate FAR are used as 11 Wireless Communications and Mobile Computing performance evaluation indexes of wireless network intrusion detection algorithm [29]. The details are as follows: (1) Detection rate ACC is the ratio between the network data of the correctly judged category and the sum of network data. The higher the detection rate, the better the performance of the intrusion detection algorithm ACC = TP + TN TP + TN + FP + FN : ð14Þ (2) False detection rate FAR is the ratio between the amount of normal behavior data wrongly judged as aggressive behavior and the sum of normal behavior data. In intrusion detection algorithms, the lower the false detection rate, the better the detection performance of the algorithm where TN (true negative) represents the number of network data behaviors that correctly identified as normal; TP (true positive) refers to the amount of network data that correctly identifies the network attack behavior as the attack type; FN (false negative) represents the amount of data that misidentifies the network attack behavior as normal; FP (false positive) refers to the amount of network data that wrongly identifies normal data behavior as some attack behavior.
To avoid the contingency of experimental results caused by intrusion detection algorithm testing on a single experimental data set, experimental data sets H1 − H10 and D1 − D10 of different sizes with different attack behavior classes are randomly selected from the CLS data set for experiments. The structure of the data sets used in the experiments is shown in Tables 4 and 5, according to which the sample data are extracted from the CLS data sets. The attack behavior data of data set D1 − D10 all contain several unknown attack behavior data of corresponding class number (disguised by known attack behavior), which is used for the comparative experiments of the performance of intrusion detection algorithm to detect unknown attack behavior.

Experiments of ACC and FAR.
Intrusion detection algorithms based on traditional KNN classification and density clustering DBSCAN are compared with the proposed algorithm. When the number of participants R is 2, 4, 6, 8, and 10, ten test data sets H1, H2, H3, H4, H5, H6, H7, H8, H9, and H10 are randomly selected from the test data packets   Through the above comparative experiments, the results show that with the increasing number of participants, the detection performance of the proposed algorithm based on Federated Learning in terms of detection rate, false detection rate, and other aspects maintains at a relatively stable level. It fully verifies the feasibility of this detection algorithm in the real network environment where local data is protected and training data is scarce. Compared with the intrusion detection algorithms based on traditional KNN classification and density clustering DBSCAN, our algorithm has significant improvement in detection rate, false detection rate, and detection of unknown attack behavior. The AWID data set can well represent the characteristics of the original attributes after dimensionality reduction by the PCA method, which can achieve dimensionality reduction, reduce the time

13
Wireless Communications and Mobile Computing complexity, improve the detection efficiency, and ensure a higher detection rate and a lower false detection rate.

Conclusion
To allow multiple participants to conduct cooperative training on a global model without sharing their private data, protect participants' local data, and expand the amount of data in the training model, this paper proposes an improved k -means clustering intrusion detection algorithm based on Federated Learning for the wireless network. This algorithm is combined with three-way decision ideas and introduced a multiple perspectives cosine distance as the similarity measure between data objects to improve and modify the k -means clustering algorithm. Therefore, the clustering result is more reasonable and the network data behavior is determined more accurately. As a result, the detection rate of the algorithm is increased and the error detection rate is decreased. This algorithm, however, is assumed under the ideal condition of unobtrusive parameter transmitted between participants and server, which may be different from that in the real network environment. Moreover, the scale of reference point set selected by the multiple perspective method in this paper is so large that it will affect its overall performance. In the future, we will continue to improve the algorithm structure and use more appropriate data sets to train the classifier, thus, ensuring the security of the interaction between the participants and the server. We will also find a more reasonable and effective way to select the reference point and to reduce the dimensionality of experimental data to further reduce its time complexity and improve its overall performance.

Data Availability
The data used to support the findings of this study are included within the article.

Conflicts of Interest
The authors declare that they have no conflicts of interest.