Proximity-Based Trust Classification for Private and Public IoE Devices Using a Hybrid CNN–LSTM Architecture

The Internet of Everything (IoE) has an imaginary vision of a pervasive network where personal and governmental objects can communicate and collaborate to provide services within areas like smart cities, healthcare, transportation, and industry. Trust between heterogeneous IoE nodes is essential for ensuring reliable communication and cooperation. In the absence of proper trust assessment, rogue devices are able to interfere with services, steal data, or use network resources. The current security measures can counter particular cyberattacks like denial of service, spoofing, or malware, but trust management needs to evaluate the behavioral and social aspects that go beyond the traditional security measures. A trust management system must dynamically compute trust values, handle large volumes of data, adapt to behavioral changes, and maintain computational efficiency [1, 2].

1.1 Social Internet of Things dataset

To assess trust models accurately, researchers require representative datasets that reflect device diversity and user behavior. The Social Internet of Things (SIoT) dataset employed in this work includes 16,216 objects: 14,600 private devices owned by individuals and 1,616 public devices managed by municipal services. Each object record specifies the device identifier, user identifier, device type, brand, and model. Private devices: smartphones, cars, tablets, fitness wearables, smart watches, personal computers, printers, and home sensors. Ownership percentages show that 91% of all users of smartphones own one, 55% own cars, and 84% own personal computers. The dataset is simulated in the Small World in Motion (SWIM) model, which has 4,000 users, a radius of perception of 0.015, a simulation time of ten days, and a mobility parameter of 0.9. Public facilities comprise points of suggestion, environmental sensors, transport vehicles, digital signage, garbage trucks, street lights, parking detectors, and alarm systems. The data set characterizes fixed and mobile devices by position and time-stamped mobility trajectories; the relationships between people, e.g., ownership, co-location, and device type, are described by the adjacency matrices [3].

1.2 Trust management principles

Trust management assesses the credibility of the IoE participants through the analysis of the measurable characteristics (e.g., service quality, availability) and social parameters. The trust value can be calculated as a weighted sum of Quality of Service (QoS) trust and social trust, where QoS trust pertains to competence, reliability, and job execution, while social trust relates to the relationships among device owners. Trust scores have to be constantly updated in a dynamic IoE environment, depending on the recent interactions. The combination of various trust attributes has been carried out through multi criteria decision making techniques. Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM) networks are among the Deep Learning (DL) models that have been used to detect device behavior changes and determine trustworthiness. According to recent studies, the accuracy is over 99% when applying LSTM based models on trust management [4, 5].

1.3 Motivation and related work

Traditional systems of trust management often rely on either statistical methods or simple machine learning classifiers. These approaches are effective with small data sets, but they face challenges when there is large dimensionality and temporal variation of the IoE data. Both long-term dependencies and local patterns can be captured by advance / hybrid architectures. Also, many existing models treat all devices uniformly and do not consider differences between private and public devices. Public devices tend to be on the spot and belong to the municipality, whereas private devices are mobile and user-related. These dissimilarities have an impact on the way trust ought to be computed and refreshed. Besides, explainability is a topic that is seldom discussed: deep models are black boxes, so device owners and administrators are not sure what it is that makes features produce trust decisions [6, 7].

1.4 Contributions

Based on this, the paper will suggest a detailed trust classification framework that will be specific to heterogeneous IoE networks. These are the main contributions, which can be summed up as follows:

1.4.1 Proximity based trust calculation

A trust value is computed about each device, taking into consideration its proximity to other devices, co-location relationship, device type, and mobility patterns. There are trust values (trusted, neutral, and untrusted) that are grouped together in supervised learning.

1.4.2 HyLite model

The HyLite model is a hybrid model (CNN – LSTM) with a lightweight architecture that extracts local patterns using convolutional layers and temporal dependencies using LSTM layers. HyLite stands for Hybrid Lightweight, representing a hybrid deep learning architecture designed with a lightweight structure to enable efficient and accurate deployment in resource-constrained IoE environments. This model has fewer filters and dropout regularization, which helps to make the model simpler and less overfitting. To trust the decision made by the explainable Artificial Intelligence (AI), the explainable AI method known as Local Interpretable Model-agnostic Explanations (LIME) is used to interpret the contribution of individual features.

1.4.3 Evaluation on social internet of things dataset

Wide experiments are carried out on the subset of private and public devices of the SIoT dataset. The HyLite model is juxtaposed with the naïve Bayes classifier. The HyLite model demonstrates superior accuracy, precision, and recall, accompanied by reduced loss values.

1.4.4 Analysis of trust dynamics

The model examines the impact of mobility and the type of device on the trust scores. The analysis indicates the stability of the trust score of public devices as they are predictable in their actions, whereas the score of the private devices is more unpredictable.

1.5 Proposed objectives

• Develop an optimized trust classification framework that combines proximity-based trust computation with a HyLite model and LIME based interpretability.

• Validate the proposed framework by comparing it with baseline models on the SIoT dataset and reporting performance metrics for private and public devices.

The subsequent sections of the paper are structured as follows. Section 2 reviews the existing literature, while Section 3 elaborates on the methodology, encompassing trust computations, model design, evaluation procedures, and pseudocode for the proposed algorithm. Using visual aids, Section 4 discusses the experimental outcomes. Section 5 presents the findings and recommendations for additional research.

3.1 Dataset description

The dataset is retrieved from the Net4U SIoT repository. Records are separated into private and public device subsets based on ownership [19]. Missing values are filled by forward filling for time series data and by discarding incomplete records, as shown in Figures 1 and 2. Each device’s trajectory is represented as a sequence of time-stamped events containing device type, location coordinates, interactions, and service requests. The sequences are segmented into fixed-length windows for feature extraction.

Figure 1. Mobile devices dataset sample (private devices)

Figure 2. Mobile devices dataset sample (public devices)

3.2 Model architecture based trust calculation

The methodology comprises data preparation, trust calculation, formation of trust groups, model architecture, training, and evaluation. Detail System Architecture diagram is shown in Figure 3.

Figure 3. Proposed system architecture

Note: One Dimension (1D), Long Short-Term Memory (LSTM), Local Interpretable Model-agnostic Explanations (LIME).

3.3 Proximity based trust calculation

Let $D=\{d 1, d 2, \ldots, d N\}$ denote the set of devices and $P\left(d_i\right)$ - represent the set of neighboring devices within aproximity radius $r$. For device $d_i$, the trust value $T\left(d_i\right)$ is computed using weighted contributions of co-location frequency, interaction duration, device type similarity and prior trust history as shown in Eq. (1):

$\begin{gathered}\left(T\left(d_i\right)=\right. \frac{1}{\left|P\left(d_i\right)\right|} \sum_{d_j \in P\left(d_i\right)}\left[w_1 \cdot f_{\text {coloc}}\left(d_i, d_j\right)+\right. w_2 \cdot f_{\text {dur}}\left(d_i, d_j\right)+w 3 . f_{\text {type}}\left(d_i, d_j\right)+ \left.\text { w4. } T_{\text {prev}}\left(d_j\right)\right]\end{gathered}$    (1)

where, $f_{\text {coloc}}$ "counts the number of co-locations", $f_{\text {dur}}$ "measures average interaction duration", $f_{\text {type}}$ "equals 1 if devices share the same type and 0 otherwise", $T_{\text {prev}}\left(d_j\right)$ denotes "the previous trust score of neighbor $d_j$", and $w 1, w 2, w 3, w 4$ are weights satisfying w1 + w2 + w3 + w4 = 1 [20]. The proximity radius $r$ is selected according to the communication ranges of the technologies specified in the dataset (Bluetooth: 40 m , Wi-Fi: 400 m and LoRa: 1500 m ).

Computation of $\boldsymbol{f}_{\text {coloc }}$

From raw location data, the SIoT dataset contains timestamped coordinates for each device. Co-location was derived using spatial proximity and time overlap:

Step 1. Euclidean distance between two devices at time t

$d_{i j}(t)=\sqrt{\left[\left(x_i(t)-x_j(t)\right)^2+\left(y_i(t)-y_j(t)\right)^2\right]}$    (2)

Step 2. Proximity condition for co-location

$C_{i j}(t)=\left\{\begin{array}{lr}1, & \text { if } d_{i j}(t) \leq r \\ 0 & \text { Otherwise }\end{array}\right.$     (3)

Step 3. Co-location frequency between devices $d_i$ and $d_j$

$f_{\text {coloc}}\left(d_i, d_j\right)=\sum_{t=1}^T C_{i j}(t)$     (4)

Step 4. Normalized co-location score

$f_{\text {coloc}}\left(d_i, d_j\right)=\frac{1}{T} \sum_{t=1}^T C_{i j}(t)$     (5)

where,

- $x_i(t), y_i(t)$ epresent the spatial coordinates of device $d_i$ at time $t$,

- $r$ denotes the communication proximity radius,

- $T$ represents the total number of observed timestamps, and

- $C_{i j}(t)$ indicates whether devices $d_i$ and $d_j$ are colocated at time t,

- $f_{coloc}$ represents Co-location frequency.

Weight selection (w1 to w4)

The weights are determined through grid-search optimization on the training portion of the SIoT dataset. Candidate combinations were generated under the constraint $w 1+w 2+w 3+w 4=1$ with a step size of 0.1. Each combination was evaluated using cross-validation based on the classification accuracy of the downstream CNN–LSTM (HyLite) model.

The best performing configuration was:

w1 = 0.40 (co-location frequency)

w2 = 0.30 (interaction duration)

w3 = 0.15 (device type similarity)

w4 = 0.15 (prior trust score)

Higher weight was assigned to co-location and interaction duration because mobility interactions in the SIoT dataset strongly correlate with trust behaviour. This selection process ensures the weights are empirically derived rather than manually guessed.

Prior trust score initialization

The initial trust score $T_{\text {prev}}\left(d_j\right)$ is set to 0.5 for all devices at the first iteration and updated iteratively using previously computed trust values.

To categories devices into trust groups, thresholds $\theta_1$ and $\theta_2$ are applied: devices with $T\left(d_i\right) \geq \theta_2$ are considered trusted, those with $\theta_1<T(d i)<\theta_2$ are neutral, and those with $T(d i) \leq \theta_1$ are untrusted. The thresholds are established empirically according to the distribution of trust scores within the training set.

3.4 Feature extraction and model architecture

Once trust labels are assigned, each device sequence is encoded into a two-dimensional matrix, where rows represent time steps and columns represent features such as location coordinates, interaction counts, device type indices, and computed trust values.

The architecture proposed in Figure 4 is a combination of convolutional, recurrent, and dense layers to determine the reliability of IoE devices. The first is an input layer that provides the time-series features of proximity, interaction time, and device type. In the first stage, the one-dimensional convolution is performed using 16 filters and a three-sized kernel. This procedure gathers long-range patterns from adjacent time steps, subsequently employing max-pooling to diminish dimensionality and a dropout layer to alleviate overfitting.

Figure 4. Proposed HyLite model architecture

The pooled features are then convolved again with 32 filters, and once more, the process is repeated with pooling and dropout. Once local patterns are extracted, the sequence goes to LSTM that is used to model dependencies in the long-term and the temporal context. The LSTM output passes through a fully connected layer of 32 units, which refines the feature representation and adds another dropout. The last thick layer is made with the help of the softmax activation and generates the probabilities of the three trust classes: trusted, neutral, and untrusted. It is a series of layers that will enable the model to identify both short-term and developing behavioral trends. Convolutional layers act as feature extractors, LSTM layers are used for temporal dynamics, while dense layers map learned patterns into class probabilities. The dropout at several stages decreases the chances of overfitting. The architecture, therefore, is subjecting local pattern recognition with temporal reasoning to make effective trust classifications which aligns with prior studies that have demonstrated that HyLite models are able to exploit spatial and temporal features effectively.

HyLite model architecture summary, as shown in Figure 5. The HyLite model architecture comprises the following layers.

Figure 5. HyLite model architecture summary

3.4.1 Convolutional layer

A one-dimensional convolution with 16 filters and kernel size of 3 processes the input sequences to extract local patterns.

The activation function employed is (ReLU to incorporate non-linearity. The padding is configured to "same" to ensure the output length corresponds with the input length. A max pooling procedure with a window size of 2 down samples the feature maps following convolution.

3.4.2 Dropout layer

A dropout rate of 0.2 is employed to randomly deactivate neurons during training, hence mitigating overfitting.

3.4.3 LSTM layer

A lengthy short-term memory layer with 32 units captures temporal dependencies in the downsampled feature maps. Only the ultimate output is transmitted to the subsequent layer.

3.4.4 Dense layer

A fully connected layer including 32 neurons processes the acquired characteristics, succeeded by a ReLU activation function.

3.4.5 Output layer

A softmax layer with three neurons produces trust classification probabilities for the trusted, neutral, and untrusted classes.

The use of convolution followed by LSTM is motivated by the ability of convolutional layers to identify short-term spatial patterns while LSTM layers model long-term temporal relationships. This structure is particularly well-suited to IoE data, which contains repeated local patterns (e.g., periodic user movements) and gradual behavioral changes.

The proposed HyLite model adopts a compact sequential architecture designed for efficient deployment in resource-constrained IoE environments. The model integrates lightweight convolutional layers for feature extraction, pooling and dropout layers for dimensionality reduction and regularization, and an LSTM layer to capture temporal dependencies in the data. The features extracted are passed through fully connected layers to be classified ultimately using a softmax output layer. In general, the HyLite architecture has 11,107 trainable parameters (about 43.39 KB memory footprint), which shows its memory efficiency and performance and its relevance to edge-based IoE applications without any negative impact on predictive performance.

3.5 Model training

Let $X \in \mathbb{R}^{N \times T \times F}$ denote the training data, where N is the number of sequences, T is the sequence length and F is the number of features. Let $\mathrm{Y} \in\{0,1,2\}^{\mathrm{N}}$ be the trust labels. The model parameters $\theta$ are learned by minimizing the categorical cross‑entropy loss represented in Eq. (2):

$\mathcal{L}(\theta)=-\frac{1}{N} \sum_{i=1}^N \sum_{c=0}^2 1\left[Y_i=c\right] \log p_c\left(X_i ; \theta\right)$    (6)

where, $p c\left(X_i ; \theta\right)$ is the anticipated probability of class ccc for sample i . The model is optimised using the Adam algorithm with a learning rate of $\eta=0.001$. Early halting is implemented according to validation loss to avert overfitting.

3.6 Machine learning / deep learning models

K-Nearest Neighbors (KNN) – The KNN [21] algorithm is a supervised machine learning technique employed for classification and regression applications. It is a non-parametric, instance-based approach that predicts the class of a new data point by identifying the majority class among its K nearest neighbours in the training dataset. The resemblance between data points is typically quantified using distance metrics, such as Euclidean distance. When a new sample is introduced, the algorithm calculates the distance between the sample and all training data, selects the closest K neighbors, and assigns the most frequent class among them as the predicted output. KNN is simple to implement and effective for pattern recognition tasks, but its performance depends on the choice of K value and proper feature scaling.

Naïve Bayes (NB): Naive Bayes [21] is a probabilistic machine learning classifier based on Bayes’ theorem, which assumes conditional independence among input features. It calculates the posterior probability of each class given the observed features and assigns the instance to the class with the highest probability. Despite its simplicity, Naïve Bayes is highly efficient and performs well in many classification tasks, especially when dealing with high-dimensional datasets. The model requires relatively small training data, is computationally fast, and is widely used in applications such as text classification, spam detection, and medical diagnosis.

CNN: CNN [22] is a DL model that extracts hierarchical features out of the input data, automatically, using convolution operations. The convolutional layers facilitate the identification of local patterns in CNNs, the pooling layers diminish dimensionality, and the fully connected layers perform the final classification.They are good learning models in the spatial features representations and are widely applied in image analysis, signal processing and sequential data modeling. Figure 6 shows the CNN Model architecture.

LSTM: LSTM [22] is a type of Recurrent Neural Network (RNN) specifically engineered to learn long-term sequential dependencies in data. LSTM networks possess memory cells and gating structures (input gate, forget gate, and output gate) to manage information flow, enabling the model to retain significant temporal patterns while discarding irrelevant data. Time-series prediction, sequential data analysis, and temporal pattern recognition are the areas of application of LSTM that are especially enabled by the mentioned ability. Figure 7 shows the LSTM Model architecture.

3.7 K‑fold cross‑validation

Stratified k -fold cross-validation is employed to ensure generalizability. The dataset is partitioned into k disjoint folds $\left\{D_1, \ldots, D_k\right\}$. For each fold j , the model is trained on $D_j$ and validated on $D_j$. The average accuracy (ACC), precision (PR), recall (RE) and F1 score across the folds are calculated as per Eqs. (7)-(10):

$A c c=\frac{1}{k} \sum_{j=1}^k \frac{T P_j+T N_j}{T P_j+T N_j+F P_j+F N_j}$    (7)

$P R=\frac{1}{k} \sum_{i=1}^k \frac{T P_j}{T P_j+F P_j}$     (8)

$R E=\frac{1}{k} \sum_{j=1}^k \frac{T P_j}{T P_j+F N_j}$    (9)

$F 1=\frac{2 \times P R \times R E}{P R+R E}$    (10)

TP, FP, TN, and FN represent "true positives, false positives, true negatives, and false negatives," accordingly. Class imbalance is addressed by using class weights computed from the training data.

3.8 Explainable artificial intelligence using local interpretable model-agnostic explanations

Applying LIME to individual forecasts helps to understand the model's conclusions. By using modified copies of the input to train a basic surrogate model, LIME approximates the complicated model around a given sample. We can use the coefficients of the surrogate model to determine how significant each feature is. Feature importance plots help identify which aspects of proximity, device type or interaction patterns most influence the trust classification [23].