A Hierarchical Account-aided ReputationManagement System for Large-Scale MANETs

Ze Li and Haiying ShenDepartment of Electrical and Computer Engineering

Clemson UniversityClemson, SC 29631

Email: {zel, shenh}@clemson.edu

Abstract—Encouraging cooperative and deterring selfish be-haviors are important for proper operations of MANETs. For thispurpose, most previous efforts either rely on reputation systemsor price systems. However, both systems are neither sufficientlyeffective in providing cooperation incentives nor efficient inresource consumption. Nodes in both systems can be uncoop-erative while still being considered trustworthy. Also, informa-tion exchange between mobile nodes in reputation systems andcredit circulation in price systems consume significant resources.This paper presents a hierarchical Account-aided ReputationManagement system (ARM) to efficiently and effectively providecooperation incentives. ARM builds a hierarchical locality-awareDHT infrastructure for efficient and integrated operations ofboth reputation and price systems. The infrastructure helps toglobally collect all reputation information in the system, whichhelps to calculate more accurate reputation and detect abnormalreputation information. Also, ARM coordinately integrates re-source and price systems by enabling higher-reputed nodes to payless for their received services. Theoretical analysis demonstratesthe properties of ARM. Simulation results show that ARMoutperforms both a reputation system and price system in termsof effectiveness and efficiency.

I. INTRODUCTION

A mobile ad-hoc network (MANET) is a self-configuringnetwork automatically formed by a collection of mobile nodeswithout a fixed infrastructure or centralized management.Nowadays, wireless devices such as smart-phones (e.g., PDAs,IPhones and gPhones) increasingly become prevalent in ourdaily life. The number of wireless Internet users has tripledworld-wide in the recent three years, and the number of smart-phone users has reached around 190 million in 2010 [1] andwill reach 300 million by 2013 [2]. A MANET is expected toconnect thousands or even millions of the mobile nodes forpervasive communication in the future. In a MANET, nodescommunicate with each other by routing data through relaynodes in a multi-hop manner. Thus, reliable communication iscritical to the proper operations of MANETs.

While many technologies are important to achieving highcommunication reliability, perhaps one of the most essentialchallenges to overcome is deterring selfish and encouragingcooperative behaviors. MANETs are particularly vulnerableto selfish behaviors due to the individualized nature of nodes.Each node labors under an energy constraint and selfish nodestend not to forward data in order to save resources. The pres-ence of only such a few misbehaving nodes can dramatically

impede the performance of the entire system [3]. Current mainmethods to deal with the challenge can be divided into twocategories: reputation systems and price systems. However,existing reputation systems and price systems are neithersufficiently efficient nor effective. By insufficient efficiency,we mean that the methods exacerbate the resource-efficiencyproblem in large-scale MANETs by consuming already strin-gent resources. By insufficient effectiveness, we mean that themethods lack capability to accurately reflect nodes’ behaviorand prevent nodes from gaining fraudulent benefits while beingconsidered reputed. The accuracy of node reputation can beadversely affected by false information including falsified,conspiratorial and misreported information.

In most current reputation systems [4]–[14], a node collectslocally-generated node feedbacks and aggregates them to yieldthe global reputation values (Rg) for others based on periodicalinformation exchanges between neighbors. The node whosereputation is below a predefined threshold (T ) is consideredas selfish and put into a blacklist, otherwise as trustworthy.However, the systems suffer from a number of problems.First, they lack efficient mechanisms to collect and propa-gate reputation information. Periodical information exchanges,keeping redundant reputations in each node, and broadcastingto query reputations [14] consume significant resources, failingto achieve high scalability. Second, reputation calculationbased on partial local information, which may include falseinformation, may result in insufficiently accurate reputationevaluation to truly reflect node behaviors. Third, solely re-lying on reputation system is not effective enough to thwartuncooperative behaviors. The reputation systems provide equaltreatment to trustworthy nodes with Rg ≥ T . Thus, a node canbe uncooperative for some time while still keeping Rg ≥ T .

Price systems [15]–[19] treat message forwarding as aservice transaction, and introduce virtual credits for the trans-actions. In the systems, nodes forward others’ messages inorder to earn credits for their own message transmission. How-ever, the systems also inherently have a number of problems.First, the circulation of credits in the network requires a fairamount of computation and storage resources and increasestraffic overhead. Second, the systems fail to provide a way toknow the service quality offered by a node and lack effectivemethods to punish a selfish and wealthy node (e.g., nodesthat need few services) that sometimes drops others’ packets.

This paper was presented as part of the main technical program at IEEE INFOCOM 2011

978-1-4244-9921-2/11/$26.00 ©2011 IEEE 909

Third, cooperative nodes located in a low-traffic region receivefew forwarding requests, and thus may not earn enough creditsfor their own requests, while nodes located in a high-trafficregion have more chances to earn more credits than theyactually need and thus may drop some messages. Finally,the implementation of credits and virtual banks brings morecomplexity with high requirements on transmission security.For example, since credits are stored at the head of a packetwhich is transmitted through several nodes, how to prevent thecredits from being stolen becomes a problem.

Directly combining a reputation system and a price systemcould foster cooperation incentives to a certain extent, butstill cannot essentially resolve the individual problems suchas reputation misreports and collusion, equal treatment totrustworthy nodes, cooperative and poor nodes, and compleximplementation. What’s even worse, the direct combinationmakes the problem of resource consumption and scalabilityeven more severe. A formidable challenge is how to efficientlyand coordinately combine the two systems to avoid problemsin individual systems, ensuring they can be exploited to theirfullest capacities.

To efficiently and effectively encourage cooperative anddeter selfish behaviors, we propose a hierarchical Account-aided Reputation Management system (ARM). ARM selectslow-mobility and trustworthy nodes as reputation managers(managers in short), builds them into a locality-aware dis-tributed hash table (DHT) [20] infrastructure, and coordinatelyintegrates reputation system and price system through the in-frastructure. DHT is well-known for high scalability, efficiencyand reliability, thus supports scalable and efficient operationsin ARM. It helps to marshal all reputation and transactioninformation of a node into one manager, which calculatesthe reputation and increases/decreases credits in the accountof the node accordingly. A node with Rg < T or deficitaccount is put into blacklists. Specifically, ARM consists ofthree components:

• A locality-aware DHT infrastructure. The infrastructureefficiently collects all reputation and transaction infor-mation of a node for effective reputation and accountmanagement. Experiment results show that including themaintenance overhead in node mobility, ARM still gen-erates much lower overhead than current reputation andprices systems.

• Reputation management. Relying on the collected globalreputation information by DHT, ARM effectively detectsthe false information, and accurately calculates node rep-utation. Also, with the aid of DHT, ARM reduces eachnode’s burden for periodical information exchange and forstorage and computing.

• Reputation-adaptive account management. ARM treats thenodes with different reputations differently, and also pre-vents nodes from gaining fraudulent benefits. Specifically,a higher-reputed node pays lower price while a lower-reputed node pays higher price for service. Also, a high-reputed node earns more credits than a low-reputed node

for the same forwarding service. Using the DHT, ARM hasno virtual credits circulating in the network and eliminatesthe implementation complexity.

In ARM, uncooperative and reputed nodes in reputationsystems will have deficit accounts and uncooperative andwealthy nodes in price systems will have Rg < T quickly.Also, because a cooperative node pays lower price for theservice, the credits earned by a node in a low-traffic area cansustain its requests. As far as we know, this is the first workthat coordinately integrates the reputation system and pricesystem through a DHT to efficiently and effectively providecooperation incentives.

The remainder of this paper is organized as follows. Sec-tion II provides related works for cooperation incentive pro-vision in MANETs. Section III describes the ARM system.Section IV presents simulation results to demonstrate the ef-fectiveness and efficiency of ARM compared with a reputationsystem and a price system. Section V concludes this paper.

II. RELATED WORK

Reputation systems can be classified into two categories:direct observation [9] and indirect observation [4]–[8], [10]–[14] methods. In the former, nodes independently assesstheir neighbors’ reputations based on their direct interactions.It reduces the complexity of reputation management andachieves performance comparable to the approaches requiringreputation exchanges in a certain scenario. In the latter, nodesperiodically share the reputation information they observedwith others. The works in [4], [7] use techniques of watchdogand pathrater. Watchdog in a node promiscuously listens to thetransmission of the next node in the path in order to detect mis-behaviors. Pathrater in a node keeps the rating of other nodesto avoid interaction with uncooperative nodes in the transmis-sion. CONFIDANT [5] detects uncooperative nodes and in-forms other nodes of observed misbehavior. Wu and Khosla [6]proposed an authentication mechanism to authenticate reputa-tion messages in order to prevent a selfish node from playingtricks to benefit itself. Anantvalee and Wu [10] introduceda new type of nodes called suspicious nodes, which will befurther investigated to see if they tend to behave selfishly bytwo reputation threshold(s). Buchegger et al. [11] proposed aBayesian prediction mechanism to increase system robustnessto falsely disseminated information. They also investigated theeffect of using rumors on the detection time of misbehavingnodes and the robustness of reputation systems against wrongaccusations. Mundinger et al. [12] built a stochastic process toformulate the behavior of the nodes in the system and deriveda mean ordinary differential equation for misreport detection.Luo et al. [13] built a fuzzy logic model to deal with theuncertainty and tolerance of imprecise data inputs.

Price systems [15], [17]–[19], [21] provide incentives forcooperation by using micro payment. Buttyan et al. [15],[17] proposed two payment models: packet purse model,in which a source node pays relay nodes by storing virtualcredits in the packet head, and packet trade model, in whicha relay node buys packets from the previous node and sells

910

n3

n6n2

n4n2

n5

n7n

n

n

n n

nn

n n

n

n nn

n

n

n

Link for packet forwardingLink for reputation management

mReputation managerMobile node nReputation reportingMoving trajectory

m8

m7

m6

m5m4

m3 m2

m1

m9

m10

Fig. 1. The ARM hierarchical structure.

them to the next node in the path. In the credit-based systemin [18], when a node forwards a message, it keeps a receiptand uploads it to the credit clearance service for credits.Crowcrof et al. [21] proposed a traffic price approach, inwhich the compensation of message forwarding dependsnot only on the energy consumption of the transmission butalso on the congestion level of the relaying node. A nodechooses a route to a destination with the minimum routecompensation. Janzadeh et al. [19] proposed a price-basedcooperation mechanism that utilizes hash chains to defendagainst cheating behavior. As described, individual reputationand price systems are not insufficiently efficient and effective.These deficiencies are confirmed in our previous work [22]which used game theory to investigate the underlyingcooperation incentives of both systems. ARM resolves theproblems in the individual system and greatly enhances thesystem efficiency and effectiveness by coordinately integratingthe two systems through a DHT-based infrastructure.

III. THE DESIGN OF THE ARM SYSTEM

A. Locality-aware DHT Infrastructure

Figure 1 illustrates the hierarchical structure of ARM. Thehigher level is a DHT network composed of managers (low-mobility and high-trustworthy nodes) and the lower level iscomposed of normal mobile nodes. A DHT network canpartition ownership of a set of objects (e.g., files) among par-ticipating nodes, and efficiently route messages to the uniqueowner of any given object. Each object or node is assigned anID that is the hashed value of the object (e.g., file name) ornode IP address using consistent hash function [23]. An objectis stored in a node whose ID equals to or immediately succeedsto the object’s ID. The DHT provides two main functions:Insert(ID,object) and Lookup(ID) to store an objectto a node responsible for the ID, and to retrieve the object. Themessage for the two functions is forwarded based on the DHTrouting algorithm. The DHT achieves O(log n) path length perlookup request by using O(log n) neighbors per node, wheren is the number of nodes in the system.

We leverage the Chord DHT network [20] for theinfrastructure of ARM for scalable and efficient reputationand account management. ARM constructs a locality-awareDHT-based infrastructure where logical proximity abstraction

0 1

2

3

4

56

7

70

1

2

34

5

6

Physical topology DHT logical topology

DHT pathConnection link

19

ID Reputation Account

0.80.6 234

134

6

ID Reputation Account

0.2 32

Fig. 2. Construction of the DHT infrastructure.

derived from the ARM matches the physical proximityinformation in reality. In this way, the packet routing pathin the overlay is consistent to the packet routing path in thephysical topology, which greatly reduces the physical routingdistance and overhead. However, managers in MANETs aremobile while nodes in DHT networks are stable. Also, ina MANET, a node can only communicate with the nodeswithin its transmission range. This poses a challenge to buildand maintain a DHT in a mobile environment.

The daily-increasing smartphones usually have dual-modeinterfaces: low-power ad-hoc network interface (e.g., IEEE802.11 interface) and high-power infrastructure network in-terface (e.g., WLAN radio interface). Thus, we assume somemobile nodes in the MANET have dual-mode interfaces.Some nodes in the MANET are highly trustworthy such asthose equipped with tamper-proof equipment or owned byauthorities (i.e., police stations, telecommunication companiesor mobile servers). We assume the existence of an authoritythat can select high-trustworthy, low-mobility, and dual-modeinterface nodes as managers for the DHT and notify allmanagers about the manager list. How to select managers isnot the focus of this paper and remains as our future work.

a) Locality-aware DHT infrastructure construction: Fig-ure 2 shows an example of a physical topology and its corre-sponding logical topology in ARM. In a logical topology, thedistance between nodes’ IDs represents their logical distance.To build managers into a locality-aware DHT infrastructure,we assign a sequence of consecutive DHT IDs to the managersalong the path connecting all nodes once in a cycle.

In a MANET, each node identifies its neighbors by sending“hello” messages. Thus, a node can infer the relative phys-ical closeness of its neighbors by the actual communicationlatency. To assign IDs to managers, as shown in Figure 2, wefirstly choose a trustworthy bootstrap manager (m0) and assignit ID 0. Then, it chooses its physically closest node as its suc-cessor, and assigns ID 1 to it. The successor finds its successorand assigns it ID 2. The process is repeated until the bootstrapnode is reached. At this time, a complete cycle is formed andall managers have been assigned numerically continuous IDs.The last node in the created path with ID 7 must be in thetransmission range of m0, i.e., the successor of m7 is m0.Since only the physically close nodes can have sequential IDs,the constructed logical overlay topology is consistent with thephysical topology of managers. Then, each manager builds aDHT routing table containing logN neighbors based on DHTneighbor determination protocol using broadcasting, where Nis the number of managers in the system.

911

b) Locality-aware DHT infrastructure maintenance:Proposition 3.1: In ARM, the average time period for a pair

of neighbor managers to stay in the transmission range of eachother (i.e., connection duration) is r

v , where v is the averagerelative speed of their movement and r is the transmissionrange of a node.

Proof: Since the movement of each manager isindependent and identical distributed (i.i.d), if manager mi isd distance away from manager mj and θ is the angle betweenr and d, the expected time period needed by mi to move outof the transmission range of mj is

E(T ) =

∫ 0

2π

1

2π

√r2 + d2 − 2rdcosθ·

vd(θ) =

r

v.

Proposition 3.1 shows that the stability of the DHT in-frastructure is primarily determined by the moving speed andtransmission range of managers. To maintain the DHT struc-ture in node mobility, managers need to maintain connectivitywith their neighbors to guarantee that they are sequentiallyconnected from ID 0 to N − 1. Regarding node movementas node departure followed by node join, the original DHTmaintenance mechanism could be used to maintain the ARMDHT infrastructure. However, it leads to high maintenanceoverhead due to node mobility. We propose a lightweight DHTmaintenance algorithm to deal with node mobility.

Each manager relies on the “hello” messages to check itsconnectivity with its successor and update the managers in itsrouting table. When manager mi senses its link to its predeces-sor mi−1 is about to break, it notifies mi−1. When managermi−1 receives the notification or senses that its link to itssuccessor mi is about to break, it finds an alternative path thatends in mk (k > i−1) and covers all managers with IDs ∈ [i−1, k]. The purpose of this operation is to maintain a completeDHT circle covering all managers with numerically continuousIDs. Since mi moves in a local area, in order to find the pathwith low overhead, mi−1 pings manager mi+j (j ≥ 2) in se-quence by locally broadcasting a query message with TTL =j. That is, manager mi+2 is pinged first, then mi+3 is pinged,and so on. Each pinged manager replies mi−1 a message con-taining the routing path between them. Once the path coversID∈ [i − 1, k], mi−1 reassigns IDs to the managers in thedetected path in sequence to maintain numerically continuousIDs in the cycle. If no path is found after half of the managersin the system are pinged, then mi−1 functions as a bootstrapmanager for DHT reestablishment. For routing table mainte-nance, when a manager notices that its routing table neighboris not within its transmission range, it broadcasts a querymessage to find a new neighbor in that routing table entry.

As shown in Figure 3, when m3 senses that its link tom4 is about to break, it initializes a path querying process tofind an alternate path covering all managers with ID∈ [3, k]starting from itself and ending in mk. m3 first pings m5. Ifsuch a path cannot be found, m3 pings m6, and then m7, andso on. When an alternative path is discovered, the managersalong the path will be assigned with new consecutive IDsfor a complete circle. After finding a new path that travels

0 1 0

24

Link break due to node mobility

1

24

724727

35

6 356

Break link notification

Itepi

DHT path5

0

1

0Break link notification

0

erativengingPath query

1

25

71

247

ID re-assignment

36

47

34

63

56

Fig. 3. Maintenance of the DHT infrastructure.

through manager mi with ID 5 and mj with ID 4, m3 assignsmi and mj with ID 4 and 5, respectively.

c) DHT-based information collection and querying: TheDHT supports efficient and scalable information collectionand querying in ARM. Each normal mobile node ni has avirtual id=i, which is the consistent hash of its IP address.In a DHT, an object is stored in a node whose id equalsto or immediately succeeds to the object’s id. We call thisnode as the object’s owner manager. Nodes report the businessinformation B and reputation information R of their observeddata forwarding behaviors of a specific node ni to their nearestmanagers. Relying on the Insert(i,B+R), the managersmarshal all the information of ni in the system into its ownermanager. The owner manager calculates ni’s reputation andincreases/decreases the credits in its account. For example, inFigure 2, the information of the observed behavior of n1 andn9 are stored in m1, which is responsible for their resourceand account management. A node queries for the reputationof node ni by sending Lookup(i) to its physically closestmanager. The query will be forwarded to the owner managerof node ni relying on DHT routing algorithm.

B. Reputation ManagementIn ARM, the reputation managers collect reputation in-

formation, calculate global reputation, identify misbehavingnodes, and manage nodes’ accounts. ARM provides moreaccurate node reputation due to two reasons. First, it usesthe global information rather than local partial informationin reputation calculation. Second, the large amount of globalinformation also makes it effective to detect falsified, conspir-atorial and misreported information through deviation.

d) Neighbor monitoring: ARM uses neighbormonitoring to observe the packet-forwarding behaviorsof nodes. Specifically, each observer uses a watchdog [4],[7] to keep track of the message forwarding behaviors of itsneighbors. The observer records the total number of packetsthat ni has received from other nodes for forwarding, denotedby Dr

i , and that ni has forwarded, denoted by Dfi during

each time period T . Assume t0 is the time instance thatan observing node no joined in the system. At each timeinstance t0 + kT (k ∈ [1, 2, 3...]), no calculates the observedreputation value of node ni by Rno

i =Dr

i

Dfi

, reports it to its

closest manager, and resets Dri and Df

i to zero. The manager

912

then merges the collected reputations reported by the nodesin its transmission range to local reputation Rli .

Misreport avoidance. When a node in a region experiencesan adverse network condition such as background interferencedue to traffic noise and thermal noise, the node’s neighborsmay also experience the adverse network condition. Thus, eventhough the nodes are cooperative, they are unable to transmitrequested data. In this case, low Rls are reported from thenodes that are clustered together. Also, the interfering regionsand the nodes in the regions are changing constantly. ARMcollects all reputations of a node in a region to one manager,which makes it easy to detect misreports. Therefore, when amanager notices that all nodes in an area report low Rls, ittemporally ignores the reports to reduce the uncertainty of thereported Rl, in order to avoid punishing nodes that fail toforward packets due to adverse network conditions.

False accusation avoidance. Some misbehaving nodes mayreport a high reputation for an uncooperative node, and alow reputation for a cooperative node. Since all observedreputations of a node in a region are collected into a managerand most nodes are benign, falsified reputations are alwaysdeviated largely from most reputations. Thus, in order toreduce the effect of falsified reports, a manager filters the Risthat dramatically deviate from the average Ri. The deviationof Rno

i reported by node no about node ni is calculated by:

ΔRnoi = |Rno

i −∑

nj∈n

Rnj

i /|n||, (1)

where n denotes the group of observers that report Ri to themanger during T , and |n| denotes the number of nodes in thegroup. ARM sets a threshold δl for the deviation and ignoresRno

i satisfying ΔRnoi > δl. The manager mo then calculates

the local reputation value of ni in T denoted by Rmo

li.

Rmo

li=

∑

no∈n

Rnoi /|n|, (2)

where n denotes n after removing the deviated observedreputations. Then, the manager reports the Rmo

lito ni’s owner

manager using Insert(i,Rmo

li). According to Formula (1),

the expected value of δ is

E(δ) =

∣∣∣∣∣a ·Rlh + b ·Rlf

a+ b−Rlf

∣∣∣∣∣ =a(Rlh −Rlf )

a+ b,

where Rlh and Rlf respectively denote the expected valueof honest reports and false reports, and a and b respectivelydenote the number of honest reports and false reports ininterval T .

Collusion avoidance. The nodes in a region may colludeto conspiratorially report node reputations in order to fraudu-lently increase their reputations or decrease others’ reputations.For example, the nodes in group A and group B are the nodesin the transmission range of mk. The number of nodes in groupB overwhelms group A. If the nodes in group B collude witheach other to report low Ri for ni, then the justified reportsfrom group A are ignored by mk according to Formula (1).This problem can be resolved by another filtering process atthe owner manager mi that collects all Rmo

lifrom different

managers mo. Again, mi computes the variance of Rmo

libased

on Equation (3), and ignores Rmo

liwith ΔRmo

li> δg . δg can

be determined in the same way as δl.

ΔRmo

li= |Rmo

li−

∑

mj∈m

Rmj

li/|m||, (3)

where m is the number of managers that report Rli . Afterthat, the global reputation of node ni is calculated as

Rgi =∑

mo∈m

Rmo

li/|m|. (4)

where m is the group of m after filtering.For example, in Figure 1, node n3, n4, and n7 monitor

the transmission of n2. Nodes n3 and n7 report observedreputation of n2 to manager m8, and n4 reports its observedreputation of n2 to m10. Then, m8 and m10 merge the reportedreputations to a local reputation value of n2 in its region,denoted by Rm8

l2and Rm10

l2, and report the results to n2’s

owner manager, m2. Later, when n2 moves close to n5, n5 willstart to monitor the transmission of n2 and report the observedreputation of n2 to its nearby manager m4, which subsequentlyreports Rm4

l2to manager m2. Therefore, all local reputations

of n2 are marshaled in m2, which then calculates the globalreputation for n2. Unlike most existing reputation systemsin which a node calculates its neighbors’ reputation valuesbased on its local observations and cannot easily retrieve itsnew neighbor’s previous reputation, ARM globally collectsall Rli of node ni at all times in all regions for globalreputation calculation, leading to more accurate reflection ofni’s trustworthiness. Also, global information (i.e., large datasample) makes it easy to precisely detect false information.

When a node is suddenly out of power or suffers fromchannel congestion, it cannot offer service to others and thushas low reputation though it is not actually selfish. It is unfairto punish such a cooperative node with low reputation. Onthe other hand, it is difficult to identify the real reason fora low reputation. Therefore, ARM takes into account the oldreputation when calculating the new reputation [8]. That is,

Rnewg = αRold

g + (1− α)Rg, (5)

where Rg is the currently calculated reputation value forperiod T and α is a weight factor that is adaptive to the trafficload in the system. In a system with high traffic, a node is morelikely to be out of power or congested. Then, α should be setto a larger value. Therefore, we specify α = D/C, where Dis the average number of packets generated per second in thesystem and C is the total channel capacity of the system.

ARM periodically decreases the reputations of the nodeswhose Rg > βT + (1− β)Rmax

g (β < 1) by:

Rnewg := ϕRnew

g (ϕ < 1), (6)

where Rmaxg denotes the maximum global reputation, β and

ϕ are weight factors. The rationale behind this policy is thatthe reputation of a high-reputed node will decrease over timeif it does not receive new rating from others. Low reputationsubsequently increases the service price for message forward-ing of the node (Section III-C). Therefore, the only way a nodecan enjoy the low price is to cooperate with other nodes all the

913

100

120

ut80

100

120

ughp

ut

60

80

100

120

hrou

ghpu

tbp

s)

40

60

80

100

120

em th

roug

hput

(k

bps)

DefenselessR t ti20

40

60

80

100

120

Syst

em th

roug

hput

(k

bps)

DefenselessReputationARM

0

20

40

60

80

100

120

0 10 20 30 40 50

Syst

em th

roug

hput

(k

bps)

F i f lfi h d (%)

DefenselessReputationARM

0

20

40

60

80

100

120

0 10 20 30 40 50

Syst

em th

roug

hput

(k

bps)

Fraction of selfish node (%)

DefenselessReputationARM

1416

ps)

10121416

ut o

f (k

bps)

DefenselessReputation

810121416

hput

of

des

(kbp

s)

DefenselessReputationARM

468

10121416

roug

hput

of

h no

des

(kbp

s)

DefenselessReputationARM

2468

10121416

Thr

ough

put o

f lf

ish

node

s (k

bps)

DefenselessReputationARM

02468

10121416

0 500 1000 1500 2000 2500

Thr

ough

put o

f se

lfis

h no

des

(kbp

s)

Ti ( )

DefenselessReputationARM

02468

10121416

0 500 1000 1500 2000 2500

Thr

ough

put o

f se

lfis

h no

des

(kbp

s)

Time (s)

DefenselessReputationARM

60

) Reputation

40

50

60

kbps

) ReputationARMPrice

30

40

50

60

ad (k

bps)

ReputationARMPrice

20

30

40

50

60

erhe

ad (k

bps)

ReputationARMPrice

10

20

30

40

50

60

Ove

rhea

d (k

bps)

ReputationARMPrice

0

10

20

30

40

50

60

50 60 70 80 90

Ove

rhea

d (k

bps)

N k i

ReputationARMPrice

0

10

20

30

40

50

60

50 60 70 80 90

Ove

rhea

d (k

bps)

Network size

ReputationARMPrice

(a) Average system throughput (b) Throughput of selfish nodes (c) System overheadFig. 4. Performance comparison between different systems.

time. As other reputation systems, ARM also sets a reputationthreshold T to determine whether a node is selfish or not.Smart selfish nodes may keep their reputation just above T .Thus, they can sometimes drop packets while being regardedas reputed nodes. These nodes will be detected by the accountmanagement function in ARM. That is, if a node always gen-erates packets rather than forwarding packets for others, it willeventually run out of credits and be detected as selfish node.C. Reputation-adaptive Account Management

ARM has an account management function to avoid equaltreatment of high-reputed nodes in different reputation levelsin order to effectively provide cooperation incentives and deterselfish behaviors. ARM assigns each newly joined node withan initial number of credits denoted by A(0). The ownermanagers of nodes maintain their accounts, and transparentlyincrease and decrease the credits in the accounts of forwardingservice providers and receivers, respectively. Thus, differentfrom previous price systems, ARM’s account managementdoes not need credit circulation in the network, reducingtransmission overhead and system complexity.

Notice that Rg of a node equals to the percent of the for-warded packets among the node’s received packets, we directlyuse Rg for the calculation of earned credits. Specifically, nodeni’s owner manager increases its account in every T by

Pe = prRgi , (7)where pr is a constant credit rewarding factor.

In order to foster the cooperation incentives, ARM connectsforwarding service cost per packet pc of a node to its repu-tation, so that higher-reputed nodes pay fewer credits whilelower-reputed nodes pay more credits for the same forwardingservice. The pc of ni, denoted by pci , is calculated by:

pci =γ

Rnewgi

, (8)

where γ is a constant value.When an observing node no notices that Npi

packets ofnode ni have been transmitted by others during T , it reportsthis business information Bi to its nearest manager along withRi. By DHT function Insert(i,Bi + Ri), the managerforwards the information to ni’s owner manager mi, whichthen deducts pciNpi

credits from ni’s account. Therefore, theaccount of node ni at time t0 + kT (k ∈ [1, 2, 3...]) is:

A(t) = A(0)−t0+kT∑

t=t0

(pci(t) ·Npi(t)− pr ·Rgi(t)). (9)

When the account of node ni is negative, managers notify allnodes to put node ni in their blacklists.

IV. PERFORMANCE EVALUATION

We conducted simulations on NS-2 [24] to demonstratethe performance of ARM. We describe our default settingsbelow unless otherwise specified. The simulated network has60 wireless nodes randomly deployed in a field of 1200×1200square meters. We randomly selected 10 nodes as managers.The radio transmission ranges of low-power and high-powerinterfaces were set to 250m and 1000m, respectively. The rawphysical link bandwidth was set to 2Mbits/s. The height ofantennas for data transmitting and receiving was set to 1.5meters. We used the random way-point mobility model [25]to generate node movement. The nodes are i.i.d deployed inthe field. The nodes move at a speed randomly chosen from[1,10]m/s, wait for a pause time randomly chosen from [0,10]s,and then move to another random position. We randomlychose 10 pairs of source and destination nodes in every 40s.The range of reputation was set to [0,1], and the reputationthreshold T = 0.4. Each simulation lasted 5000s. We run 10simulations and reported the average as the experiment results.

We set α = 0.5 in Formula (5), ϕ = 0.5 in Formula (6) andpr = 2 in Formula (7). The time period T for periodicallyinformation reporting for mobile nodes and managers wereset to 10s and 50s, respectively. Each node initially wasassigned 5000 credits and 1 reputation value. We comparedthe performance of the DSR [26] routing algorithm in adefenseless MANET with neither reputation system nor pricesystem (Defenseless), in a MANET with ARM (ARM), withthe Reputation [5] reputation system (Reputation), and with aprice system [15] (Price). To make results comparable, ratherthan using the absolute number of forwarded packets, we useRl =

Dr

Df to evaluate a node’s reputation in Reputation. Selfishnodes keep their reputation just above T . In the routing, a nodechooses a node not in its blacklist for data forwarding.

A. Performance Comparison of Different SystemsFigure 4(a) plots the average system throughput of different

systems versus the percent of selfish nodes. The figure showsthat ARM generates higher throughput than Reputation, whichproduces higher throughput than Defenseless. In Defenseless,a selfish node drops all of its received packets. Reputation canforce the selfish nodes to be cooperative to a certain extent.However, a selfish node still can keep Rg just above T bydropping received packets with probability of T . In ARM, theselfish nodes finally do not have enough credits to pay for theirtransmission services and are put into the blacklists. Therefore,ARM produces higher throughput than Reputation. Also, thefigure shows the throughput of the system decreases as selfish

914

4045

ree 10 managers

20 managers30354045

degr

ee

10 managers20 managers30 managers

202530354045

vity

deg

ree 10 managers

20 managers30 managers

1015202530354045

ectiv

ity d

egre

e 10 managers20 managers30 managers

51015202530354045

onne

ctiv

ity d

egre

e 10 managers20 managers30 managers

05

1015202530354045

1 10 20

Con

nect

ivity

deg

ree

N d bilit ( / )

10 managers20 managers30 managers

05

1015202530354045

1 10 20

Con

nect

ivity

deg

ree

Node mobility (m/s)

10 managers20 managers30 managers

(a) Connectivity degree per manager

0

500

1000

1500

2000

2500

3000

0 2 4 6 8 10

Con

nect

ion

dura

tion

(s)

Node mobility (m/s)

20 managers10 managers (theoretical)10 managers30 managers

(b) Average connection duration

35

40

s) 10 managers

25

30

35

40

ance

(kbp

s) 10 managers20 managers30 managers

20

25

30

35

40

nten

ance

ead

(kbp

s) 10 managers20 managers30 managers

10

15

20

25

30

35

40

Man

tena

nce

verh

ead

(kbp

s) 10 managers20 managers30 managers

5

10

15

20

25

30

35

40

Man

tena

nce

over

head

(kbp

s) 10 managers20 managers30 managers

0

5

10

15

20

25

30

35

40

0 2 4 6 8 10

Man

tena

nce

over

head

(kbp

s)

d bili ( / )

10 managers20 managers30 managers

0

5

10

15

20

25

30

35

40

0 2 4 6 8 10

Man

tena

nce

over

head

(kbp

s)

Node mobility (m/s)

10 managers20 managers30 managers

(c) Topology maintenance overhead

11.5

22.5

33.5

44.5

cove

ry h

ops

00.5

11.5

22.5

33.5

44.5

0 200 400 600 800 1000

Rec

over

y ho

ps

Simulation time (second)

(d) Reassigned IDs in DHT maintenance

Fig. 5. Performance of the locality-aware DHT infrastructure in ARM.

0.4

0.6

0.8

1

1.2

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

1.2

0 8

1

1.2

tion

0.6

0.8

1

1.2

puta

tion

0.4

0.6

0.8

1

1.2

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

1.2

Loc

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

(a) Five false-reporting nodes (b) Ten false-reporting nodesFig. 6. Local reputations in a defenseless system.

1.2

n

0 8

1

1.2

atio

n

0.6

0.8

1

1.2

eput

atio

n

0.4

0.6

0.8

1

1.2

bal

repu

tati

on

Reputation

0

0.2

0.4

0.6

0.8

1

1.2

Glo

bal

repu

tati

on

ReputationARM

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

1

0.8

1

ion

0.6

0.8

1

puta

tion

0.4

0.6

0.8

1

al r

eput

atio

n

Reputation

0

0.2

0.4

0.6

0.8

1

Glo

bal

repu

tati

on

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

(a) Five false-reporting nodes (b) Ten false-reporting nodesFig. 7. Node reputations in a defensive system.

nodes grow. Since Defenseless and Reputation cannot detectall selfish nodes, their throughput decreases as the fractionof selfish nodes grows. It is intriguing to see that ARM alsoexhibits performance degradation though it can detect mostselfish nodes. This is because selfish nodes may be chosenas forwarding nodes before their credits are used up. Also,avoiding selfish nodes in routing leads to longer path lengths,which suffers from higher transmission interference.

In order to verify the effectiveness of punishing selfishnodes by refusing their transmission requests, we testedthe throughput of packets generated by selfish nodes overa time interval. We setup 10 selfish nodes and used themas source nodes. Figure 4(b) plots the throughput of theselfish nodes. In Defenseless, selfish nodes keep constantthroughput of 15kbps. In Reputation, the throughput decreasesas time elapses and then keeps constantly at 6kbps. Thisis because the selfish nodes keep Rg just above T , thustheir transmission requests are accepted by other nodes. Thethroughput in ARM declines sharply as time goes on andfinally reaches 0. This means that with the aid of accountmanagement, ARM can effectively detect and punish selfishnodes, excluding them from the network.

To evaluate the efficiency of the systems, we tested theoverhead measured in kbps for all overhead messages in thesystems. In addition to the “hello” messages, the overheadmessages in ARM also include those for topology constructionand maintenance and reputation querying; in Reputation alsoinclude the messages for reputation exchange; in Price alsoinclude the messages for credits payments. Figure 4(c) illus-trates the overhead in each system versus network size. Thefigure demonstrates that ARM yields much less overhead thanPrice which produces less overhead than Reputation. In ARM,since nodes only communicate with managers, the overheadis in proportion to the network size. Though ARM needs toconstruct and maintain DHT infrastructure in node mobility, itstotal overhead is still lower than others. In Reputation, reputa-

tion information is exchanged among local nodes periodically,resulting in much higher overhead. In Price, credit circulationin the network generates transmission overhead. The resultsconfirm that ARM consumes less resource than other systems.

B. Evaluation of the DHT Infrastructure in ARMWe measured the average, maximum and minimum of

connectivity degree per manager when the managers move atthe speed of 1m/s, 10m/s and 20m/s. In addition to the defaultexperiment scenario, we also measured the performance withadditional 10 and 20 managers, respectively. Figure 5(a) showsthat the smallest connectivity degree of a manager is aboutN2 . The figure also shows that more managers incur higher

connectivity degree because a manager has more neighborsin a DHT with more nodes. We find that the node mobilitydoes not affect the connectivity degree per manager. The resultillustrates that the proposed DHT maintenance mechanism canestablish new links immediately upon link breakups.

Figure 5(b) presents the average connection duration ofmanagers versus node mobility. We also include the theoreticalresults based on Proposition 3.1 in the case of “10 managers”.The figure demonstrates that when the mobility is 0.5 m/s, theDHT infrastructure is much more stable than other situations.As node mobility increases, the average connection durationdrops sharply. We can also find that the connection durationstays almost the same for different number of managers.This is because with the high-power interface, a manager cancontact another manager within a long range. Thus, the numberof managers does not greatly affect the stability of DHT infras-tructure. The simulation results closely match the theoreticalresult. The small gap between them is because the theoreticalanalysis does not consider node pause time during movement.

Figure 5(c) shows the maintenance overhead of the DHT in-frastructure versus node mobility. The overhead is representedby the number of messages exchanged for DHT maintenance.The overhead grows with the increase of node mobility. Highermobility leads to higher probability of link breakups, incurring

915

0.4

0.6

0.8

1

1.2

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

1.2

n

0 8

1

1.2

atio

n

0.6

0.8

1

1.2

puta

tion

0.4

0.6

0.8

1

1.2

cal

repu

tati

on

0

0.2

0.4

0.6

0.8

1

1.2

Loc

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

(a) Defenseless system (5 colluders) (b) Defenseless system (10 colluders)

Fig. 8. Reputations in a defenseless system with non-group collusion.

1

0.8

1

atio

n

0.6

0.8

1

puta

tion

0 2

0.4

0.6

0.8

1

bal

repu

tati

on

R t ti

0

0.2

0.4

0.6

0.8

1

Glo

bal

repu

tati

on

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

1

0.8

1

tion

0.6

0.8

1

puta

tion

0.4

0.6

0.8

1

bal

repu

tati

on

Rep tation

0

0.2

0.4

0.6

0.8

1

Glo

bal

repu

tati

on

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

(a) Defensive system (5 colluders) (b) Defensive system (10 colluders)

Fig. 9. Reputations in a defensive system with non-group collusion.

1

0.8

1

atio

n

0.6

0.8

1

puta

tion

0 2

0.4

0.6

0.8

1

cal

repu

tati

on

0

0.2

0.4

0.6

0.8

1

Loc

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

1

0.8

1

tion

0.6

0.8

1

puta

tion

0.4

0.6

0.8

1

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

Loc

al r

eput

atio

n

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Loc

al r

eput

atio

n

Node id

(a) Defenseless system (5 colluders) (b) Defenseless system (10 colluders)

Fig. 10. Reputations in a defenseless system with group collusion.

1n

0.8

1

tati

on

0.6

0.8

1

eput

atio

n

0.4

0.6

0.8

1

obal

rep

utat

ion

Reputation

0

0.2

0.4

0.6

0.8

1

Glo

bal

repu

tati

on

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

1n

0.8

1

atio

n

0.6

0.8

1

eput

atio

n

0 2

0.4

0.6

0.8

1

bal

repu

tati

on

Reputation0

0.2

0.4

0.6

0.8

1

Glo

bal

repu

tati

on

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

0

0.2

0.4

0.6

0.8

1

0 10 20 30 40 50 60

Glo

bal

repu

tati

on

Node id

ReputationARM

(a) Defensive system (5 colluders) (b) Defensive system (10 colluders)

Fig. 11. Reputations in a defensive system with group collusion.

higher maintenance overhead. The overhead also grows asthe number of managers increases, because more managersgenerate more messages for DHT maintenance. Therefore,fewer nodes with low mobility should be chosen as managersin order to reduce DHT maintenance overhead.

Figure 5(d) shows the number of nodes that have beenreassigned IDs in DHT maintenance over time. It shows that2 nodes need ID reassignment for DHT maintenance most ofthe time. Although the physical link between nodes ni andnj is broken, they still share the same manager neighbors.Therefore, most of time, by re-ordering the IDs of ni and nj

and the shared neighbors, the DHT structure with numericallycontinuous IDs can be recovered.

C. Performance in False Accusation ResilienceIn this experiment, all the nodes are cooperative. We chose

some nodes that deliberately evaluate their neighbors with lowreputations randomly chosen in [0.3, 0.4]. In the defenselesssystem, every node rates its neighbors based on their for-warding behavior. Figure 6(a) and (b) plot all evaluated localreputations of each node in a defenseless system with 5 and10 false-reporting nodes, respectively. Because of the false-reports, some of the cooperative nodes are rated with lowreputations. Comparing Figure 6(a) and (b), we can see that asthe number of the false-reporting nodes increases, the numberof low reputations each node received increases.

To make the global values of a given node in differentnodes the same, we used broadcasting to ensure each nodehas receives others’ local reputations. Figure 7 shows theglobal reputation of each node in Reputation and ARM.Reputation exhibits large variance in reputations and cannotaccurately reflect cooperative nodes’ reputations. This isbecause in Reputation, each node considers the false reportswhen calculating the global reputations. In the figure, allreputations in ARM are close to 1. This means ARM canmore accurately reflect node reputations. Some reputationsare not 1 because some cooperative nodes may drop packages

due to interference in transmission.Comparing Figure 7(a) with Figure 7(b), we find that more

false-reporting nodes in the system generate greater variancein node reputations in Reputation, while they do not haveinfluence on node reputations in ARM. More false reportsincur higher inaccuracy of node reputations in the final globalreputation calculation in Reputation. In contrast, by takingadvantage of the DHT infrastructure, ARM can efficientlygather all local reputations of each node in the system andfilter out the false reports.

D. Performance in Collusion ResilienceAccording to the movement of the colluders, collusion can

be classified to non-group collusion and group collusion. In theformer, the colluders move individually, and they report highreputation for each other when meeting together. In the latter,all colluders in a group move together as a group, and alwaysrate high reputations for each other. We conducted experimentsfor both non-group collusion and group collusion. We considercollusion where colluders drop received packets with probabil-ity 0.3, and falsely report low reputation randomly chosen in[0.3,0.4] for their neighboring cooperative nodes, and higherreputation randomly chosen in [0.9,1] for other colluders.

Figure 8(a) and (b) show node local reputations in a defense-less system with 5 and 10 colluders, respectively. The figuresshow that a certain portion of nodes receive low Rls. Theselow Rls are from the false reports of the colluders on benignnodes and correct reports from benign nodes on colluders.Comparing the two figures, we find that the number of lowRls is proportional to the number of colluders in the system.

Figure 9 (a) and (b) show the global reputation of eachnode in Reputation and ARM in non-group collusion,respectively. Reputation exhibits a larger variance than ARMin the reputations of cooperative nodes. This is becauseReputation includes the false reports for the cooperativenodes in calculating global reputation. By collecting all thereports in the system through the DHT infrastructure, ARM

916

can easily identify and filter the reports from colluders that arelargely different from others, since the majority of the nodesin the system are benign. Also, though both systems canidentify the colluders, Reputation cannot accurately reflect theRgs of colluders since some colluders have high Rgs. Thisis because the colluders report high Rl for each other whenmeeting each other. Reputation takes these false reports intoaccount while ARM filters them out when calculating Rg .

Figure 10 shows the local reputations for group collisionin a defenseless system. Compared to Figure 8, Figure 10has much less low node Rls due to two reasons. First, in thegroup node collusion, the colluders can always report highreputations for each other to increase their own reputations.Second, more colluders generate more low Rls for cooperativenodes. Figure 11(a) and (b) show the global reputation withgroup collision in Reputation and ARM. When the numberof colluders is 5, even they always collude with each other,Reputation and ARM can identify the colluders since themajority of the neighbors of a colluder are benign. By filtering

1000

2000

3000

4000

5000

6000

ou

nt

cre

dit

s o

f co

llu

ders

0

1000

2000

3000

4000

5000

6000

0 200 400 600 800 1000Acco

un

t cre

dit

s o

f co

llu

ders

Number of generated packets of colluders

Fig. 12. Credits of colluders.

out the false reports, ARMgenerates more accurate Rgsthan Reputation for both co-operative nodes and colluders.However, when the number ofthe colluders increases to 10,it is very difficult for Reputa-tion to detect colluders. Also,ARM cannot detect some col-luders directly based on reputation. Since the majority of theneighbors of a colluder are colluders and the false reports fromthe colluders overwhelm the reports from benign nodes. Theaccount management in ARM can help to detect the colludersas shown in Figure 12.

Figure 12 shows the account value of each colluder versusthe number of its generated packets in ARM. We can observethat the colluders’ account credits decrease linearly as theygenerate more packets. Although the colluders can keep highRg by rating high for each other and receive fraudulent benefitof low service price, they will ultimately use up their creditsas they generate more packets, and finally are detected asuncooperative nodes by deficit accounts.

V. CONCLUSIONS

Previous reputation systems and price systems in MANETscannot effectively prevent selfish behaviors and also gener-ate high overhead. In this paper, we propose a hierarchicalAccount-aided Reputation Management system (ARM) toefficiently and effectively deter node selfish behaviors andprovide cooperation incentives. ARM builds an underlyinglocality-aware DHT infrastructure to efficiently collect globalreputation information in the entire system for node reputa-tion evaluation, which avoids periodical message exchange,reduces information redundancy, and more accurately reflectsa node’s trustworthiness. ARM has functions of reputationmanagement and account management, the integration ofwhich fosters the cooperation incentives and non-cooperation

deterrence. ARM can detect the uncooperative nodes that gainfraudulent benefits while still being considered as trustworthyin previous reputation systems and price systems. Also, it caneffectively identify falsified, conspiratorial and misreportedinformation so as to provide accurate node reputations thattruly reflect node behaviors. In our future work, we will studyshow to choose reputation manager in a distributed manner.

ACKNOWLEDGEMENTSThis research was supported in part by U.S. NSF grants

OCI-1064230, CNS-1049947, CNS-1025652, CNS-1025649,and CNS-0917056, Microsoft Research Faculty Fellowship8300751, and Sandia National Laboratories grant 10002282.

REFERENCES

[1] The state of the smartphone market. http://www.allaboutsymbian.com/.[2] Next Generation Smartphones Players, Opportunities & Forecasts 2008-

2013. Technical report, Juniper Research, 2009.[3] S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing

misbehavior in mobile ad hoc networks. In Proc. of MobiCom, 2000.[4] P. Michiardi and R. Molva. Core: A collaborative reputation mechanism

to enforce node cooperation in manets. In Proc. of CMS, 2002.[5] S. Buchegger and J.-Y. L. Boudec. Performance analysis of the confidant

protocol. In Proc. of MobiHoc, 2003.[6] Q. He, D. Wu, and P. khosla. Sori: A secure and objective reputation-

based incentive scheme for ad-hoc networks. In Proc. of WCNC, 2004.[7] S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing

misbehavior in mobile ad hoc networks. In Proc. of MobiCom, 2000.[8] T. Anantvalee and J. Wu. Reputation-based system for encouraging the

cooperation nodes in mobile ad hoc networks. In Proc. of ICC, 2007.[9] S. Bansal and M. Baker. Observation-based cooperation enforcement

in ad hoc networks. Technical Report, CS Dept., Stanford University,2003.

[10] T. Anantvalee and J. Wu. Reputation-based system for encouraging thecooperation nodes in mobile ad hoc networks. In Proc. of ICC, 2007.

[11] S. Buchegger and J. Y. LeBoudec. A robust reputation system for mobilead-hoc networks. In Proc. of P2PEcon, 2004.

[12] J. Mundinger and J. Le Boudec. Analysis of a reputation system formobile ad-hoc networks with liars. Performance Evaluation, 2008.

[13] J. Luo, X. Liu, and M. Fan. A trust model based on fuzzy recommen-dation for mobile ad-hoc networks. Computer Network, 2009.

[14] T. Anantvalee and J. Wu. Reputation-based system for encouraging thecooperation of nodes in mobile ad hoc networks. In Proc. of ICC, 2007.

[15] M. Jakobsson, J. Hubaux, and L. Buttyan. A micropayment schemeencouraging collaboration in multi-hop cellular networks. In Proc. ofFinancial, 2003.

[16] L. Buttyan and J. P. Hubaux. Enforcing service availability in mobilead-hoc wans. In Proc. of MobiHoc, 2000.

[17] L. Buttyan and J. P. Hubaux. Stimulating cooperation in self-organzingmobile ad hoc network. ACM Journal for MONET, 2002.

[18] S. Zhong, Y. R. Yang, and J. Chen. Sprite: A simple, cheat-proof, credit-based system for mobile ad hoc networks. In Proc. of INFOCOM, 2003.

[19] H. Janzadeh and K. Fayazbakhsh and M. Dehghan and M. S. Fallah.A secure credit-based cooperation stimulating mechanism for MANETsusing hash chains. Elservier, Future Generation Comput. Sys., 2009.

[20] I. Stoica, R. Morris, and et al. Chord: A scalable peer-to-peer lookupprotocol for Internet applications. TON, 2003.

[21] J. Crowcroft, R. Gibbens, F. Kelly, and S. Ostring. Modelling incentivesfor collaboration in mobile ad hoc networks. In Proc. of WiOpt, 2003.

[22] Z. Li and H. Shen. Analysis of a hybrid reputation management systemfor mobile ad hoc networks. In Proc. of ICCCN, 2009.

[23] D. Karger, E. Lehman, T. Leighton, M. Levine, D. Lewin, and PanigrahyR. Consistent hashing and random trees: Distributed caching protocolsfor relieving hot spots on the World Wide Web. In Proc. of STOC,1997.

[24] The network simulator ns-2. http://www.isi.edu/nsnam/ns/.[25] Delay tolerant networking research group. http://www.denrg.org.[26] D. B. Johnson and D. A. Maltz. Dynamic source routing in ad hoc

wireless networks. IEEE Mobile Computing, 1996.

917