Research Article Detecting and Mitigating Smart Insider ...downloads.hindawi.com/journals/jcnc/2016/4289176.pdf · formation of the grand coalition because they belong to the smaller

Research ArticleDetecting and Mitigating Smart Insider Jamming Attacks inMANETs Using Reputation-Based Coalition Game

Ashraf Al Sharah Taiwo Oyedare and Sachin Shetty

Department of Electrical and Computer Engineering Tennessee State University Nashville TN 37209 USA

Correspondence should be addressed to Ashraf Al Sharah aalsharamytnstateedu

Received 15 January 2016 Accepted 22 March 2016

Academic Editor Eduardo da Silva

Copyright copy 2016 Ashraf Al Sharah et al This is an open access article distributed under the Creative Commons AttributionLicense which permits unrestricted use distribution and reproduction in any medium provided the original work is properlycited

Security in mobile ad hoc networks (MANETs) is challenging due to the ability of adversaries to gather necessary intelligence tolaunch insider jamming attacks The solutions to prevent external attacks onMANET are not applicable for defense against insiderjamming attacks There is a need for a formal framework to characterize the information required by adversaries to launch insiderjamming attacks In this paper we propose a novel reputation-based coalition game in MANETs to detect and mitigate insiderjamming attacks Since there is no centralized controller inMANETs the nodes rely heavily on availability of transmission rates anda reputation for each individual node in the coalition to detect the presence of internal jamming nodeThe nodes will form a stablegrand coalition in order to make a strategic security defense decision maintain the grand coalition based on node reputation andexclude anymalicious node based on reputation value Simulation results show that our approach provides a framework to quantifyinformation needed by adversaries to launch insider attacksThe proposed approach will improveMANETrsquos defense against insiderattacks while also reducing incorrect classification of legitimate nodes as jammers

1 Introduction

Mobile ad hoc networks (MANETs) are self-organized net-works which require distributed reliable and flexible net-works which provide interdependency and rational decision-making MANETs are vulnerable to jamming attacks due tothe shared nature of the wirelessmediumThere are twomaincategories of jamming attacks external jamming and internalinsider jamming Several research efforts [1ndash4] have focusedon external jamming attacks This type of attack is launchedby foreign adversary that is not privy to network secrets suchas the networkrsquos cryptographic credentials and the transmis-sion capabilities of individual nodes of the network Thesetypes of attacks could be relatively easier to counter throughsome cryptography based techniques some spread spectrummethodology such as Frequency-Hopping Spread Spectrum(FHSS) [5] and Direct Sequence Spread Spectrum (DSSS)[5 6] Ultrawide Band Technology (UWB) [7] AntennaPolarization and directional transmission methods [8]

Smart insider attacks on the other hand are much moresophisticated in nature because they are launched from

a compromised node that belongs to the network Theattacker exploits the knowledge of network secrets it hasgathered to adaptively target critical network functions Thismakes it very hard for legitimate nodes to restore a new com-munication channel securely

Owing to the manner of interaction between nodes ina network game theory has been extensively used to solveinteresting research problems facing MANETs This gameis broadly categorized as cooperative and noncooperativegamesA cooperative game is played betweennodeswhohavemutual relationshipwith each otherwhile the noncooperativegame is played between nodes that do not seem to coexistmutually There have been several efforts on using nonco-operative games to model security in wireless networks [9ndash12] To the best of our knowledge little work has been donein using cooperative or coalitional games to ensure securityin MANETs Coalition game is a form of cooperative gamethat is formed when more than two nodes agree to form analliance in order to achieve a better probability of successThe cooperation of nodes in the network is dependent onindividual nodersquos experience and previous history records it

Hindawi Publishing CorporationJournal of Computer Networks and CommunicationsVolume 2016 Article ID 4289176 13 pageshttpdxdoiorg10115520164289176

2 Journal of Computer Networks and Communications

has gathered Individual nodes in themselves tend to be weakagainst attacks but could achieve higher level of securitywhenthey form a coalition

In this paper we present a reputation-based coalitiongame-theoretic approach to detect and mitigate insiderattacks on MANETs In our approach nodes implement rep-utation mechanism based on transmission rates Reputationof a node is the collection of ratings maintained by othernodes about the given node [13] The reputation mechanismcan be first hand or second hand depending on whether thereputation values are collected directly or relayedThe choiceof first hand versus second hand will impact the reliability ofthe reputation valuesWe adopt first-hand reputation becausenodes within the transmission range are best equipped toprovide reliable information [13 14]

Different from existing works [15 16] which made use ofan alibi-based protocol and a self-healing protocol respec-tively to either detect or recover from a jamming attackwe make use of a reputation-based coalition game to ensuresecurity in the networkThese approaches are too generalizedandmight not be implementable for a mobile ad hoc networkfor which our system is modeled Ourmodel instead followsa game-theoretic approach by (1) implementing a coalitionformation algorithm (2)maintaining the coalition via a repu-tationmechanism (3) identifying the insider attackers by set-ting up a reputation threshold and (4) excluding the attackersfrom the coalition by rerouting their paths and randomlychanging their channel of transmission This method is fullydistributed and does not rely on any trusted central entity tooperate at optimal performance

The rest of this paper is organized as follows in Section 2we presented relevant works that are closely related to ourapproach in Section 3 we presented the network and jammermodel Section 4 describes the proposed defense model inSection 5 we provide the simulation and result of the modeland finally in Section 6we conclude andpresent futurework

2 Related Work

Previous researches have devoted great efforts to security inmobile ad hoc networksThere is a plethora ofworks that haveused other techniques besides game theory to prevent secu-rity attacks in MANETs Li et al [16] designed a protocol toprotect self-healing wireless networks from insider jammingattacksThe protocol is not applicable toMANET as the pair-wise key design in the protocolworks best in a centralized sys-tem Some other works have only focused on node selfishnessand not on intentional malicious acts or jamming attacks

Marti et al [17] categorized nodes according to a dynam-ically measured behavior a watchdog mechanism identifiesthe misbehaving nodes and a path-rater mechanism helpsthe routing protocols avoid these nodesThe research showedthat the two mechanisms make it possible to maintain thetotal throughput of the network at an acceptable level evenin the presence of a high amount of misbehaving nodesHowever the operation of the watchdog is based on anassumption which is not always true the promiscuous nodeof the wireless interface Also the selfishness of the node does

not seem to be castigated by both the watchdog and path-ratermechanisms in otherwords themisbehaving nodes stillenjoy the possibility of generating and receiving traffic

Also Michiardi and Molva [18] have used a reputationmechanism they termed CORE which is an acronym for col-laborative reputation mechanism They suggested a genericmechanism based on reputation to enforce cooperationamong the nodes of a MANET to prevent selfish behaviorThe only challenge with this mechanism is that it would onlywork for node selfishness whereas there is a greater risk of ser-vice denial in malicious nodes attacks Furthermore reputa-tionmechanismwas also used byCheng andFriedman inP2Pnetworks where the notion of Sybil proofness was formalizedusing static graph formulation of reputation [19] Accordingto the authors this model cannot be generalized becausereputation functions did not depend on the state of thenetwork at previous time steps as well as the current state ofthe network Buchegger and Le Boudec [20] described the useof a self-policing mechanism based on reputation to enablemobile ad hoc networks to keep functioning despite thepresence of misbehaving nodesThey explained how second-hand information is used while mitigating contamination byspurious ratings Their survey pointed out that a reputationsystem is effective as long as the number of misbehavingnodes is not too large

Other works have used noncooperative games to modelsecurity scenarios as well as the corresponding defensestrategies to such attacks [13 21ndash25] Most of these worksfocused on two-player games where all legitimate nodes aremodeled as a single node and attacker nodes are alsomodeledas a single node too this is only valid for centralized networkswhereas MANETs are self-organized networks Thamilarasuand Sridhar formulated jamming as a two-player noncoop-erative game to analyze the interaction between attackersand monitoring nodes in the network The mixed strategyNashEquilibriumwas computedwhile the optimal attack anddetection strategies were derived [22]

Researchers have also used cooperative game theory inthe form of coalition game to ensure security in MANETsMajority of their works have only focused on node selfishnessand not on intentional malicious acts or jamming attacks Yuand Liu presented a joint analysis of cooperation stimulationand security in autonomous mobile ad hoc networks under agame-theoretic framework [26] Their results however showthat the proposed strategies would only stimulate cooper-ation among selfish nodes in autonomous mobile ad hocnetworks under noise and attacks which does not properlyaddress intentionalmalicious attacksHan andPoor [27] usedcoalition game in which boundary nodes used cooperativetransmission to help backbone nodes in the middle of thenetwork and in return the backbone nodes would be willingto forward the boundary nodesrsquo packets

Saghezchi et al [28] proposed a credit scheme based oncoalitional game model the authors provided credit to thecooperative nodes proportional to the core solution of thegame and this distributes the common utility among theplayers in a way that all players are satisfied Mathur et al[29] studied the stability of the grand coalition when users in

Journal of Computer Networks and Communications 3

awireless network are allowed to cooperatewhilemaximizingtheir own rates which serve as their utility function

Our approach is unique in that (1) each node in theMANET is defined by a security characteristic function forthe coalition formation (2) each node uses a reputationmechanism to accurately detect insider jamming attack (3)each nodemaintains a history of transmission rates for nodesin the coalition and (4) the combination of transmission ratesand reputation values for nodes in the coalition is used todetect insider attacker and exclude it from the coalition

3 Network and Jammer Model

31 Network Model We consider a model for the system asa reputation-based coalition game with imperfect informa-tion The game will be repeated at each iteration until thenodes arrive at their destination The model will consist of119873(1 2 119873) numbers of nodes and 119860(0 1 (1198732) minus 1)

numbers of attackers where the number of attackers wouldnot exceed the number of legitimate nodes The attackerwould be able to join the coalition because it acts like a regularnode at the beginning which permits it to become a memberof the coalition On joining the coalition a new node hasa reputation value of zero and would start cooperating bysharing its transmission rate to all the nodes in its range oftransmission Each node builds andmaintains two tablesThetables contain an accumulative history of the entire transmis-sion rate and reputation of all neighboring nodes based ontheir willingness to share their transmission rate with theirneighbors The transmission rate is broadcast periodicallyduring time interval 119905 This transmission rate is then storedaccording to our AFAT algorithm [30] Nodes that sharetheir transmission rates with neighboring nodes will receivea positive reputation from those neighbors and hence updatetheir reputation table about the node Nodes that refuse toshare their transmission rate will receive a negative reputa-tion A nodewhose negative reputation value exceeds a presetthreshold will be tagged as an attacker and excluded from thecoalition

311 Coalition Formation Model A coalition game is anordered pair ⟨119873 V⟩ where 119873 = (1 2 119899) is the set ofplayers and V is the characteristic function Any subset of 119873is called a coalition and the set involving all players is calledthe grand coalition The characteristic function V 2

119873rarr 119877

assigns any coalition 119862 sub 119873 a real number V(119862) which iscalled the worth of coalition 119878 By convention V(120601) = 0where 120601 denotes the empty set [31]

Let 119899 ge 2 denote the number of players in the gamenumbered from 1 to 119899 and let 119873 denote the set of players119873 = (1 2 119899) A coalition119862 is defined to be a subset of119873119862 sub 119873 and the set of all coalitions is denoted by 2119873The set119873is also a coalition called the grand coalition For example ifthere are just two players 119899 = 2 then there are four coalitions(120601 1 2119873) If there are 3 players there are 8 coalitions(120601 (1) (2) (3) (1 2) (1 3) (2 3)119873) For 119899 players the set ofcoalitions 2119873 has 2

119899 elements A game with transferrableutility (TU) is a gamewhich involves a universal currency thatcan be freely exchanged among the players A game which

lacks this kind of currency is called a game with nontrans-ferrable utility (NTU) [31] In addition 119866 = (119873 V) is called asuperadditive game if forall119862 119879 sub 119873 and 119862 cap 119879 = 120601 then

V (119862 cup 119879) ge V (119862) + V (119879)

V (119862 cup 119879) ge V (119862) + V (119879) minus V (119862 cap 119879)

(1)

A payoff vector 119909 is called feasible if it distributes theworth of grand coalition among the players completely [31]that is

sum

119894isin119873

119909119894= V (119873) (2)

A payoff vector 119909 is called individually rational if it offersplayers more payoff than what they can obtain individually[31] that is

119909119894ge V (119894) forall119894 isin 119873 (3)

The coalition formation process starts with nodes form-ing small disjoint coalition with neighboring nodes in theirrange of transmission and then gradually grows until thegrand coalition is formed with the testimony of intersectingnodes The final outcome of the coalition formation processis to form a stable grand coalition which comprises all nodesin the network Forming a grand coalition implies that all thesmaller coalitions formed would be merged by the presenceof these intersecting nodes which would belong to morethan one coalition at a time Our coalition formation processdepends on the transmission rate table that has been storedaccording to the previous work done by [30]

In [30] an accumulative feedback adaptation trans-mission (AFAT) rate was proposed this design follows adecentralized approach which ensures the communication oftransmission rates between neighboring nodes in a networkThis crucial knowledge helps a node to adjust its own rateaccordingly [30] In other words AFAT ensures maximumtransmission rates for the nodes in order to meet the spe-cific application bandwidth requirements [30] According toAFAT the transmission rates of the nodes are adjusted basedon the history of neighborsrsquo transmission rates A list of thetransmission rates has been built into the transmission ratetable and is updated periodically [30]

The final outcome of the coalition formation process is toform a stable grand coalition which comprises all nodes inthe networkThe intersecting nodes would be very key to theformation of the grand coalition because they belong to thesmaller coalitions that would be merged into a single coali-tion

Our network model involves a characteristic functionand a coalition formation model described in [31 32] Oursecurity characteristic function consists of three parameterscapturing the node mobility in the MANET The supportrate is the neighbors in the nodersquos transmission range Themaximum transmission rate in the coalition is provided byAFAT The maximal admitting probability or cooperationprobability is unchanged

Nodes can testify for each other so that the coalition hasintegrity compared to individuals Any node that does not


(1) Start for all nodes119873(2) Begin the 1st round of formation(3) Pick a node with the highest V

119905(119862)

(4) Broadcast forming option to the neighboring nodes in the network(5) if V

119905(119862) is beyond threshold and ge2 nodes match then

(6) Form a small coalition(7) else(8) Do not pick any node(9) end if(10) Update transmission rate table in AFAT [30] with the rate of newest members(11) Begin the 2nd round(12) Pick a node with the highest security value V

119905(119862)

(13) if the first option has been matched successfully then(14) Pick the next best option available(15) else(16) Broadcast the forming option to the neighbors again(17) end if(18) if there is an intersecting node- nodes that belongs to more than one small coalition then(19) Merge the small coalitions(20) else(21) Re-broadcast forming option again to the network(22) end if(23) if V(119873) ge payoff from any disjoint set of smaller coalition then(24) Form a grand coalition(25) else(26) Repeat step (11)(27) end if

Algorithm 1 Algorithm for coalition formation

belong to the coalition would not be seen to be trustworthyThere are119873 nodes in the network for any coalition 119862 isin 2

119873The number of nodes in it is |119862| any node in the coalitionwould have |119862| minus 1 nodes that can testify for it Let |119866

119894| be the

set of nodes in a transmission range Therefore at time slot 119905the support rate for a node 119894 is

119878119905 (119862) =

10038161003816100381610038161198661198941003816100381610038161003816 minus 1 (4)

The transmission rate 119879119905(119862) of coalition 119862 at time 119905

would also be a part of the security functionThe nodesrsquo shar-ing of their transmission rate is very key to their admittanceinto the small coalition In other words to form a coalitionwith any node there is a need to know themaximumavailabletransmission rate The maximum transmission rate ensuresthat the nodes match the best nodes in terms of transmissionrate before settling for the next best option as seen in thecoalition formation algorithm The maximum transmissionrate is given by

119863119905 (119862) = max 119879

119905 (119862) (5)

The larger the transmission rate of a node is the moreprobable it is for such a node to quickly find a match Thesetransmission rates are stored according to AFAT [30]

The third parameter for the characteristic function isthe maximal admitting probability because nodes in thenetwork have different admitting probabilities and it wouldbe necessary to pick the highest probability which would be

used as a reference for the whole coalition Every node inthe coalition formed was admitted with a certain probabilityThe nodes having different admitting probability engenderthe need to assign a maximal admitting probability as thecooperation probability of the whole coalition Hence alarger coalition size ensures a higher cooperation probability

The maximal admitting probability is given by

119860119905 (119862)

= max119895isin119862

sum119894isin119862

119875119894119895

|119862|| 119862 = 119894 | 119894 isin 119862 119894 = 119895 119875

119894119895= 0

(6)

Algorithm 1 shows the coalition formation stepsThe coalition formation is a dynamic process it is per-

formed in an iterative manner until all nodes belong to thecoalition No matter the location of a node in the network itstill has neighbors that can testify about it From the coalitionformation algorithm we can see that at each round offormation every coalitionmember tries to find a partnerTheconvergence time of formation is short thereby increasingthe speed of coalition formation The grand coalition iseventually formed when two conditions are met presence ofan intersecting node to aid the merging and whether V(119873)

is at least greater than the individual payoff of any disjointsmaller coalition

A coalition approach is needed to detect insider attacksAs stated earlier we are interested in a singular coalitioncalled the grand coalition as shown in Figure 1 In the grand


Transmission range of nodesA grand coalition

Node at the beginning of the coalition

Figure 1 A coalition of ten (10) nodes with no malicious node

coalition all nodes in the network should belong to this singlecoalition

From the coalition formation algorithm we can see thatat each round of formation every coalition member tries tofind a partner Therefore the speed of coalition formationis fast which means the convergence time of formation isshort And the size will keep growing until a grand coalitionis reached or all misbehaving nodes are identified It isimportant to explain how large the size of the coalitionwould be The grand coalition is eventually formed frommerging the smaller coalitions that have the same membersThese intersecting nodes will be a condition to form agrand coalition between the smaller coalitions The maximaladmitting probability is the cooperation probability of thewhole coalition because the larger the coalition size is themore tolerant and robust the coalition is and the coalitioncan therefore have a higher cooperation probability Eachnode has no limit on the number of neighbors in its rangebecause they are all moving (as the name implies mobile adhoc networks) In other words there are no fixed numbers ofneighbors to a particular node From our proposed modelthe size of the grand coalition could be any size of threenodes and above as would be seen in the simulation sectionwhich have three cases where each case consists of differentnumbers of legitimate and malicious nodes For any node119894 isin 119862 |119862| gt 1 its security payoff share is defined as

119909119905 (119894) =

1

|119862|(120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862)) (7)

The coalition game definitely has a core a core existsonly if the sum of payoff shares of all the members for eachcoalition is larger than the value of that coalition From (3)and (4) we can deduce that

sum

119894isin119862

119909119905 (119894) ge V

119905 (119862) (8)

The game has a core because it satisfies the concept of core ofthe coalition game [31]

312 Admitting a Node into the Grand Coalition A newnode would be accepted into the grand coalition based on itsranking in the smaller coalition To be admitted to a grandcoalition the node should build up good reputation while itis a part of the small coalition It is possible for a new nodeto be denied access to the grand coalition even when it wasa part of the smaller coalition This is possible when the newnode is temporarily out of range from the intersecting node asat the time its smaller coalition is forming a grand coalitionSo in essence the new node is not totally new to some nodesin the coalition This process could continue while there areintersecting nodes to testify about the new node This wouldmake the grand coalition get biggerwhichwould help providemore robust security in the network as we stated earlier

Incorporating these three parameters we can write thecharacteristic function by weighing each parameter Thecharacteristic function proposed is then

V119905 (119862) =

0 if |119862| = 1

120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862) if |119862| ge 1

(9)

120572 120573 and 120574 are weight parameters and

120572 + 120573 + 120574 = 1 (10)

These weight parameters can be used to help providevariability for the characteristic function of the nodes Dueto the mobility factor in our model it is important to keeptrack of the neighbors of any node at a given time 120572 helps toweigh the support rate parameter which is responsible for thenumber of neighbors of a node Our assumption is that thenodes are slow-moving and there cannot be a rapid changeof neighbors 120573 provides a weight value for the maximaladmitting probabilityThe value assigned to 120573 depends on thesize of the coalition if the coalition size is very big (say about100 nodes) then it could be important to make it bigger thanthe other parameters

The transmission rate is affected by two major factorspropagation environment and the degree of congestionDepending on these two factors we could assign a weightvalue for the maximum transmission rate using 120574 Thereforethe three main parameters that affect the payoff are thesupport rate cooperative probability and transmission ratesof the nodesThat is according to the dynamism of those vari-ables If the coalition refuses to admit some nodes thatmeansthat these nodes did notmeet the requirements for joining thecoalition regardless of whether it is a malicious node or not

313 NetworkAssumptions Weassume119873mobile nodeswith119860 attackers where 119860 is less than 1198732 (ie the number ofattackers would not exceed the number of legitimate nodes)The following are the assumptions under which we presentour work

(i) Nodes cannot easily generate identities which can beexploited to launch a Sybil attack hence we do notconsider the possibility of Sybil attacks in this paper


(ii) All players (or nodes) are rational (ie they wouldalways choose the strategy that benefits them themost)

(iii) Individual nodes have weak security and wouldjointly have higher security by joining a coalition

(iv) There is no hierarchy leader-follower or centralizedmechanism in this system

(v) The goal of the game is to form a stable grand coalitionwhere any node that is unable to join this grandcoalition would be designated as a malicious node

(vi) The nodes are moving slowly because fast movementbrings about a frequent change in the nodersquos neigh-bors which may affect the reputation of the nodesadversely

(vii) A nodersquos continuous membership of the grand coali-tion is dependent on its reputation value

32 Jammer Model Liao et al have classified attacks onwireless ad hoc networks they classified attacks as palpableand subtle with palpable attacks being attacks resultingin conspicuous impact on network functions which resultsin intolerable impacts on the users On the other handthey defined subtle attacks as attacks that lead to invisibledamage in a vaguer way According to them palpable attacksinclude jamming traffic manipulating blackhole and flood-ing attacks while subtle attacks include eavesdropping trafficmonitoring grayhole wormhole and Sybil attacks [33]

The jammer starts out by being a member of a smallercoalition and as such has earned a good reputation fromits neighboring nodes We would recollect that the grandcoalition is formed only when there is an intersecting nodefrom the other smaller coalitions (ie the intersecting nodeor nodes belong to more than one coalition according tothe coalition formation algorithm explained in the coalitionformation process) The intersecting node would serve as areferee for the other nodes The attacker who has met all thecriteria to be a part of the coalition would be seen to start outas an eavesdropper by passively monitoring the network andeven participating in sharing its transmission rate with all theneighbors in its range of transmission in the coalition At thisstage the attacker would still partake of the crucial networkassignments like routing and packet forwarding and in turngain a good reputation for itself After gathering informationabout what channel its neighbors are transmitting on theattacker stops sharing its own transmission rate and at thispoint its reputation starts reducing at every time slot

The jammer would then launch its palpable attack byintentionally sending a high-powered interference signal tothe channel that has a lot of traffic on it thereby attemptingto disrupt communication As can be seen from the jammermodel above the jammer is an intelligent jammer who hasacted as an ldquoundercover agentrdquo in the coalition The jammerwould start to initiate its attack right after it has enoughinformation in its history table The most important require-ment is that the jammer must gather information about

Smaller coalitionLegitimate nodesAttacker nodes


Figure 2 A coalition of ten (10) nodes with two (2) jammers

the transmission rates that have been shared by the othernodes in its range of transmission It is also monitoringthe communication in the coalition as well as initiallyparticipating in the network functions before launching itsattack The aim of jamming a selected channel is to disablethe functionality of the channel in question thereby causing ajamming attack to all the nodes in the coalitionThe complex-ity of the jamming can be seen in the fact that the movementof the jammers may hinder the detection capability of thecoalition The jammers distinctive attack would be differentfrom a normal interference or noise in that it would send ahigh-powered signal to disrupt communication in a selectedchannel it has enough information on

Figure 2 shows the presence of two jammers in a coalitionof ten nodes The jammers first became a part of two smallercoalitions which in turnmerged to become a grand coalitionThe node marked by the yellow color will be the intersectingnode for both coalitions It can be seen that the first jammerhas three other legitimate nodes in its range of transmissionit has the capability of jamming the channels at which they arebroadcasting their transmission rate The second jammer onthe other hand has two legitimate nodes in its transmissionrange The scenario painted below shows that there couldbe a case of more than one jammer and subsequently oursimulation results would show how thesemalicious nodes areexcluded from the coalition

4 The Proposed Defense Model

41 Maintaining the Coalition through Reputation Herewe present a maintenance method that employs the nodereputation to track all the history of each nodersquos cooperationas they broadcast their transmission rate Reputation in thecontext of cooperation is defined as the goodness of a node asperceived by other nodes in a network A higher value of rep-utation indicates that the node is cooperative while a smallervalue indicatesmisbehaviorThe reputation of a node ismain-tained by its neighbors who monitor the nodes behavior and


(1) Assign values for 120590 and 120582

(2) Start for all nodes(3) Node 119894 checks its transmission rate table to assign reputation value for neighbor 119895(4) if 119895 shares its transmission rate then(5) compute reputation value according to(6) V

119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]

(9) end if(10) if 119895 refuses to share its transmission rate then(11) compute reputation value according to(12) 119896

119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891

(15) end if(16) Node 119894 updates node 119895rsquos reputation value according to(17) 119877

119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))

(18) Store this reputation value in its reputation table(19) Share reputation table with neighbors at every time-slot(20) return 119877

119894119895

(21) All nodes continue to update their reputation table

Algorithm 2 Coalition maintenance through reputation

update its reputation accordingly We define a good behavioras the timely broadcast of transmission rate and misbehavioras refusal to broadcast transmission rate at any time slotEvery node monitors and is in turn monitored by its neigh-bors A new node that joins the network is neither trustednor mistrusted but is assigned a neutral reputation 119902

119873 All

reputations are valid for a time period 119879V There is an upperthreshold 119902

119880 and a lower threshold 119902

119871 where 119902

119871lt 119902119873

lt 119902119880

Reputation is increased at the rate of 120590 and decreased atthe rate of 120582 where 120590 120582 lt 1 and are both real numbersBoth 120590 and 120582 need to be chosen carefully this is because if120590 is very large when compared to 120582 a node may cooperateand build high reputation in a short time span and thenconsequently refuse to share its transmission rate for a longtime also it may lack themotivation to continue cooperatingafter reaching the upper threshold 119902

119880 due to the high rate

of increment On the other hand if 120582 is reduced at a lowrate a node can stay in the coalition long enough to exploitthe network infrastructure decreasing at a very high ratealso causes an unjust punishment for a node that misbehavesbecause of network congestion It is possible to set 120590 equal to120582 as this would make the reputation increase and decreaseat the same rate to ensure fairness Algorithm 2 showsthe monitoring process and how the reputation is eitherincreased or decreased depending on the nodersquos behavior

119898 is the number of observations made by node 119895 aboutnode 119894rsquos refusal to share its transmission rate 119879

119891is the

tolerance of the network that is 119898 per reputation valuebefore reducing reputation of a node

119910 is the number of observations made by node 119895 whennode 119894 shares its transmission range in the time period 119887

119891 119887119891

is the broadcast factor of the network

42 Jammerrsquos Exclusion from the Coalition The exclusion ofjammer from the coalition should factor in false positivewhich results when a legitimate node is classified as ajammer when it is unable to share transmission rates dueto impairing wireless environment False positive could alsohappen when a node fails to broadcast its transmissionrange at a particular time slot due to being in an out-of-range location This situation often arises in a mobile systemwhere nodes are constantly in motion We adopt reputationmanagement to encourage trustworthy behavior from nodesin the coalition In addition reputation profiles are predictiveof nodersquos actions The implementation of reputation systemsis of particular importance in games where repeated inter-actions between multiple players are probable Furthermorebecause of the nature of the attack which includes carefullymonitoring the network and then turning against the networkwhen enough information has been gathered it is necessaryto drum up support from all nodes in the coalition to be ableto properly exclude any malicious node

As it has been explained in Section 41 each node startsout with the same reputation value and these values willincrease as the nodes continue to cooperate and reduce aswell when they refuse to cooperate When a node joins asmall coalition it would start with a reputation value ofzero The reputation is updated according to (10) Nodes thatbelong to the coalition have a monitor for observations andreputation records for first-hand information about routingand forwarding behavior of other nodes nodes publishingof their transmission rates and a path manager to adapttheir behavior according to reputation and to take actionagainst any misbehavior The coalition excludes the jammerby following Algorithm 3


(1) Node 119894 checks node 119895rsquo reputation value after update(2) Node 119895 is tolerated until its reputation falls below 119902

119871

(3) Classify misbehaving nodes according tojammer if 119877

119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then

(5) Node 119894 sends an alarm message(6) All nodes change their channel of transmission(7) Accused nodersquos payoff reduces due to bad testimony(8) Node 119895 attempts to jam the communication channel that has the best transmission rate(9) Jammer records little or no success because of the proactive step taken by the coalition(10) Neighbors of node 119895 blacklist him and exclude him from their small coalition(11) Nodes with reputation greater than 119902

119871regroup again

(12) else(13) No alarm is sent and nodes continue their transmission(14) end if(15) Nodes with 119877

119894119895greater than 119902

119871are retained

(16) Continue transmission

Algorithm 3 Jammer exclusion from the coalition

The jammer prevention algorithm aims to reduce thenumber of false positives False positive occurs when alegitimate node is classified as a jammer when a node fails tobroadcast its transmission rate at a particular time slot due tobeing out of range which is typical of mobile networks Theimplementation of reputation systems is of particular impor-tance in games where repeated interactions between multipleplayers are probable Nodes that belong to the coalition havea monitor for observations and reputation records for first-hand information about the degree of cooperation of theirneighbors as regards sharing their transmission rates Thecoalition excludes the jammer by Algorithm 3

A malicious node that has been excluded from thecoalition cannot be redeemed Algorithm 3 provides theneeded self-dependency and self-organization that are usu-ally required in mobile ad hoc networks

5 Simulation and Results

51 Simulation Scenarios and Parameters We implementedour approach using NS2 simulator The results will showthree different scenarios The first scenario focuses on net-work throughput and delay in this scenario we show howthe coalition size affects these two parameters The secondscenario shows how varying the reputation parameters canaffect the performance of the jammer The third scenariofocuses on the varying of the weights (120572 120573 120574) of the securitycharacteristic functionThe parameters for the simulation areshown in Table 1

52 Results

521 Scenario One Network Throughput and Delay For thisscenario we show the network throughput and the delaywith respect to time for three cases of different coalition sizes(5 10 20) This is done in order to show that delay would

Table 1 Parameters for simulation

Parameter LevelArea 2300 times 1300Speed 15msRadio range 250mMAC 80211Simulation time 130 sNumber of mobile nodes 5 10 20 40 and 80Network interface type WirelessChannel type Wireless channelTransmission rate 1ndash11MbpsPercentage of jammer 20Threshold 119902

1198800975

Threshold 119902119871

070

reduce significantly as the coalition size increases in a veryshort period of time

The network throughput and delay for the first caseare discussed here The first case consists of five nodes(11987311198732119873311987341198735) four of them are legitimate nodes andone is the jammer Figure 3 shows the throughput for thiscase from the results as shown in Figure 3 we see thatowing to the small ratio of jammer to legitimate node thethroughput of the jammer is still considerably high untilafter about 3ms when it decreases sharply After 3ms thejammer has been excluded from the coalition and hence itsthroughput takes a nosedive

Figure 4 shows the network delay for the first case whenthe coalition is under attackThere is a spike at the beginningof the attack which indicates the sharp increase in the delaydue to the jamming attack launched by the jammer Thedelay is seen to improve as the coalition regroups again afterexcluding the jammer


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes

Figure 3 Throughput for 4 legitimate nodes versus 1 jammer

4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay

Figure 4 System delay for 4 legitimate nodes and 1 jammer

For the second case we also discuss the network through-put and delay with respect to time In this case there are tennodes (119873111987321198733 11987310) eight of them are legitimatenodes and two are jammers Figure 5 displays the throughputof the jammer and the network during the attack Thethroughput of the jammers reduced sharply right after 1msThis is because we have a larger number of neighboring nodesthat could observe the activities of the jammer After 15msthe jammer having been excluded from the coalition stillseeks to continue jamming the network but its throughput issoon reduced to the barest minimum

Figure 6 shows the network delay for the second casewhen the coalition is under attack Even thoughwe still noticea spike at the beginning of the attack the network delay hasbeen greatly reduced The reason for this is that the coalitionhas more nodes than the previous scenario which help toprovide amore robust defense to attacks After some time wesee that the delay is reduced to zero which is the ideal delaythat is expected in any network

In the third case the network throughput and delay withrespect to time are also shown In this case there are twentynodes (119873111987321198733 11987320) sixteen of them are legitimatenodes and four are attackers From the results as shown inFigure 7 we see that the throughput of the attacker reducesafter 05ms It can be seen that if we keep increasing thenumber of nodes in the coalition the value of the network

0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes

Figure 5 Throughput for 8 legitimate nodes versus 2 jammers

0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay

Figure 6 System delay for 8 legitimate nodes and 2 jammers

0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


throughput improves tremendously This occurs becauseour system relies on reputation value assigned by a nodersquosneighbor and the more neighbors a node has the better analert would be raised when it crosses the threshold value forits reputation

Figure 8 shows the network delay for the third case whenthe coalition again is under attack As can be observed thespike has been reduced by more than 200 percent of thesecond case This proves that the more nodes we have in thecoalition the better results we get


0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n

Figure 9 Reputation of both regular and jammer node over time

522 Scenario Two Reputation For this scenario we showhow reputation can affect different aspects for both legitimatenodes and jammers and show how reputation can be a majorissue for classifying nodes and detecting jammers

In Figure 9 we show the comparison between the rep-utations of both regular and jammer nodes A regular noderetains its reputation value by sharing its transmission rate atevery time slot while the reputation value for the insider jam-mer reduces when it stops cooperatingThe nearest neighborof the jammer node computes the reputation at every timeslot The computation follows (9) and (10) in Algorithm 2

Figure 10 shows the number of observations made by thenodes for cooperative suspicious and malicious nodes Anode is observed as suspicious if its reputation value is closeto the lower threshold for the reputation As seen in the figurethe number of observations made increases with increase incoalition size This figure particularly shows the importanceof the support rate parameter as only the neighbors of a nodecan make a genuine observation about its activities in thecoalition

Figure 11 shows the average payoff of the insider jammerafter detection with different decreasing reputation values 120582From the figure it can be seen that if we keep increasing120582 thepunishment for a jammer is increased by a large decrease inits reputation score this in turn reduces the average payoffof the jammer A value of 120582 = 07 shows a great reduction inthe payoff of the jammer

020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)

Cooperative nodesMalicious nodesSuspicious nodes

Figure 10 Number of observations made for all nodes

0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07

Figure 11 Average payoff of the insider jammer after detection

523 Scenario Three Security Characteristic Function Thisscenario shows outputs for different value assigned forsecurity characteristic function weight and shows how theseweights affect their respective parameters

Figure 12 illustrates network overhead when support rateparameter 120572 is varied for different coalition size Overheadis any combination of excess or indirect computation timememory bandwidth or other resources that are required toattain a particular goalThe goal for us here is to have asmanyneighbors as possible to testify for a nodeDue to this goal thenetwork overhead needs to be reduced as much as possibleThis is reduced by specifying a suitable value for 120572 Here thenetwork overhead slightly changes with an increase in thenumber of neighbors

Figure 13 illustrates admitting probability for differentcoalition size and 120573 values When 120573 is increased the prob-ability of admitting a node into a coalition is also increasedwhich has a tendency of allowing more malicious nodes togain access to the coalition It is important to state that thisparameter needs to be carefully chosen as well For optimumresults it is better to set this value to 03 The value canhowever be chosen based on the peculiarity of the network

Figure 14 illustrates the degree of congestion whentransmission rate is varied for different coalition size and


0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08

Number of neighboring nodes

Figure 12 System overhead percentage with different numbers ofneighboring nodes

0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015

Figure 13 Admitting probability for different coalition size and betavalues

120574 values where 120574 is the value maximum transmission ratefactor When there are more nodes in the network thereis a tendency that the network would get congested whenthey start communicating With an increase in 120574 the degreeof congestion for the network slowly increases as seen inFigure 14 The highest degree of congestion is seen when 120574

is set to 08 for a coalition size of 80 nodes

6 Conclusion and Future Work

We have been able to show through simulation that areputation-based coalitional game can help prevent insiderattacks in a mobile ad hoc network We discussed a coalitionformation algorithm and showed how nodes can be admittedinto a coalition using a modified security characteristicfunction We came up with a unique mechanism that keepstrack of the transmission rates and reputation of individualnodes in the network Also we showed how the jammersaction can be prevented and how it is excluded from thecoalition In the future we would like to show throughsimulations and experiments that this model can be scaled

0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08

Figure 14 Degree of congestion when transmission rate is varied

up to include thousands of nodes and this would furthershow that the algorithm would work best when there are somany nodes in the coalitionWewould also like to investigatea case of cooperative attacks that could occur when theexcluded nodes form a coalition with the aim of jammingcommunication in their previous coalition

Notations

119873 Number of nodes in the network119862 Coalition of nodes119866119894 Nodes in the transmission range of node 119894

V119905(119862) Security characteristic function for

coalition 119862

V(119873) Payoff of the grand coalition119878119905(119862) Support rate for coalition 119862

119879119905(119862) Transmission rate of coalition 119862

119875119894119895 Probability of cooperation of node 119894 with

node 119895119860119905(119862) Maximal admitting probability for

coalition 119862

119909119905(119894) Payoff share of node 119894

119877119894119895 Reputation value of node 119894 by node 119895

119877lowast

119894119895 Previous reputation value of node 119894 by

node 119895119877119894119896 Reputation value of node 119894 by node 119896

V119894119895(119910) Factor responsible for increasing

reputation value119896119894119895(119898) Factor responsible for reducing reputation

value119902119871 119902119873 119902119880 Lower neutral and upper threshold valuerespectively

119879119891 119887119891 Tolerance factor of the network and

broadcast factor120590 120582 Rate of increase and decrease of reputation

value

Competing Interests

The authors declare that they have no competing interests


Acknowledgments

This work is supported by Office of the Assistant Secre-tary of Defense for Research and Engineering AgreementsFAB750-15-2-0120 NSF CNS-1405681 and DHS 2014-ST-062-000059

References

[1] M Albanese A De Benedictis S Jajodia and D Torrieri ldquoAprobabilistic framework for jammer identification inMANETsrdquoAd Hoc Networks vol 14 pp 84ndash94 2014

[2] P Sharma and A Suryawanshi ldquoEnhanced security schemeagainst Jamming attack in mobile Ad hoc networkrdquo in Proceed-ings of the International Conference on Advances in Engineeringand Technology Research (ICAETR rsquo14) pp 1ndash5 IEEE UnnaoIndia August 2014

[3] K PelechrinisM Iliofotou and S V Krishnamurthy ldquoDenial ofservice attacks in wireless networks the case of jammersrdquo IEEECommunications Surveys and Tutorials vol 13 no 2 pp 245ndash257 2011

[4] A Mpitziopoulos D Gavalas C Konstantopoulos and GPantziou ldquoA survey on jamming attacks and countermeasuresin WSNsrdquo IEEE Communications Surveys and Tutorials vol 11no 4 pp 42ndash56 2009

[5] R L Pickholtz D L Schilling and L B Milstein ldquoTheoryof spread-spectrum communicationsndasha tutorialrdquo IEEE Transac-tions on Communications vol 30 no 5 pp 855ndash884 1982

[6] DSSS-wikipedia httpenwikipediaorgwikiDirect-sequencespreadspectrum

[7] UWB-wikipedia httpenwikipediaorgwikiUltrawideband[8] W Stutzman and G Thiele Antenna Theory and Design John

Wiley amp Sons New York NY USA 2nd edition 1997[9] P Goudarzi ldquoA non-cooperative quality optimization game for

scalable video delivery over MANETsrdquo Wireless Networks vol19 no 5 pp 755ndash770 2013

[10] X Guan M Chen and T Ohtsuki ldquoNon-cooperative game-based packet ferry forwarding for sparse mobile wireless net-worksrdquo Wireless Communications and Mobile Computing vol15 no 12 pp 1633ndash1648 2015

[11] P R Baggidi D Giri Prasad and T Srinivas ldquoSecurityenhancement in mobile ad hoc networks using non-zero non-cooperative game theoryrdquo International Journal of Research inComputer andCommunication Technology vol 2 no 8 pp 614ndash621 2013

[12] B Paramasiva and KM Pitchai ldquoModeling intrusion detectionin mobile ad hoc networks as a non cooperative gamerdquo in Pro-ceedings of the International Conference on Pattern RecognitionInformatics and Mobile Engineering (PRIME rsquo13) pp 300ndash306IEEE Salem India February 2013

[13] B Zong F Xu J Jiao and J Lv ldquoA broker-assisting trustand reputation system based on artificial neural networkrdquo inProceedings of the IEEE International Conference on SystemsMan and Cybernetics (SMC rsquo09) pp 4710ndash4715 San AntonioTex USA October 2009

[14] M T Refaei L A DaSilva M Eltoweissy and T NadeemldquoAdaptation of reputation management systems to dynamicnetwork conditions in ad hoc networksrdquo IEEE Transactions onComputers vol 59 no 5 pp 707ndash719 2010

[15] H Nguyen T Pongthawornkamol and K Nahrstedt ldquoA novelapproach to identify insider-based jamming attacks in multi-channel wireless networksrdquo in Proceedings of the IEEE Military

Communications Conference (MILCOM rsquo09) pp 1ndash7 IEEEBoston Mass USA October 2009

[16] L Li S Zhu D Torrieri and S Jajodia ldquoSelf-healing wirelessnetworks under insider jamming attacksrdquo in Proceedings ofthe IEEE Conference on Communications and Network Security(CNS rsquo14) pp 220ndash228 San Francisco Calif USA October2014

[17] S Marti T J Giuli K Lai and M Baker ldquoMitigating routingmisbehavior in mobile ad hoc networksrdquo in Proceedings of the6th Annual International Conference on Mobile Computing andNetworking (MOBICOM rsquo00) pp 255ndash265 August 2000

[18] P Michiardi and R Molva ldquoCore a collaborative reputationmechanism to enforce node cooperation in mobile ad hocnetworksrdquo in Proceedings of the IFIP TC6TC11 6th Joint Work-ing Conference on Communications and Multimedia SecurityPortoroz Slovenia September 2002

[19] A Cheng and E Friedman ldquoSybilproof reputation mecha-nismsrdquo in Proceedings of the ACM SIGCOMM Workshop onEconomics of Peer-to-Peer Systems Philadelphia Pa USA 2005

[20] S Buchegger and J-Y Le Boudec ldquoSelf-policing mobile adhoc networks by reputation systemsrdquo IEEE CommunicationsMagazine vol 43 no 7 pp 101ndash107 2005

[21] P Michiardi and R Molva ldquoA game theoretical approach toevaluate cooperation enforcement mechanisms in mobile adhoc networksrdquo in Proceedings of the Modeling and Optimizationin Mobile Ad Hoc and Wireless Networks (WiOpt rsquo03) pp 3ndash5Sophia Antipolis France March 2003

[22] G Thamilarasu and R Sridhar ldquoGame theoretic modeling ofjamming attacks in ad hoc networksrdquo in Proceedings of the18th International Conference on Computer Communicationsand Networks (ICCCN rsquo09) pp 1ndash6 San Francisco Calif USAAugust 2009

[23] D Slater P Tague R Poovendran andM Li ldquoA game-theoreticframework for jamming attacks and mitigation in commercialaircraft wireless networksrdquo in Proceedings of the AIAA Infotechat Aerospace Conference and Exhibit and AIAA UnmannedUnlimited Conference Seattle Wash USA April 2009

[24] Y E Sagduyu R A Berry and A Ephremides ldquoJamminggames in wireless networks with incomplete informationrdquo IEEECommunications Magazine vol 49 no 8 pp 112ndash118 2011

[25] S Bhattacharya and T Basar ldquoGame-theoretic analysis of anaerial jamming attack on a UAV communication networkrdquo inProceedings of the American Control Conference (ACC rsquo10) pp818ndash823 Baltimore Md USA July 2010

[26] W Yu and K J R Liu ldquoGame theoretic analysis of cooper-ation stimulation and security in autonomous mobile ad hocnetworksrdquo IEEE Transactions on Mobile Computing vol 6 no5 pp 507ndash521 2007

[27] Z Han and H V Poor ldquoCoalition games with cooperativetransmission a cure for the curse of boundary nodes in selfishpacket-forwarding wireless networksrdquo IEEE Transactions onCommunications vol 57 no 1 pp 203ndash213 2009

[28] F B Saghezchi A Radwan and J Rodriguez ldquoA coalitionalgametheoretic approach to isolate selfish nodes in multihopcellular networkrdquo in Proceedings of the 9th IEEE Symposium onComputers and Communications (ISCC rsquo14) Madeira PortugalJune 2014

[29] S Mathur L Sankar and N B Mandayam ldquoCoalitions incooperative wireless networksrdquo IEEE Journal on Selected Areasin Communications vol 26 no 7 pp 1104ndash1115 2008

[30] A Al-Sharah and S Shetty ldquoAccumulative feedback adaptationtransmission rate in mobile ad-hoc networksrdquo in Proceedings of


the International Conference and Workshop on Computing andCommunication (IEMCON rsquo15) pp 1ndash5 Vancouver CanadaOctober 2015

[31] T S Ferguson Game Theory Mathematics Department Uni-versity of California Los Angeles Calif USA 2nd edition 2014

[32] X Li Achieving secure and cooperative wireless networks withtrust modelling and game theory [PhD thesis] 2009

[33] X Liao D Hao and K Sakurai ldquoClassification on attacks inwireless ad hoc networks a game theoretic viewrdquo in Proceedingsof the 7th International Conference on Networked Computingand Advanced InformationManagement (NCM rsquo11) pp 144ndash149Gyeongju The Republic of Korea June 2011

[34] A Balasubratuanian and J Ghosh ldquoA reputation based schemefor stimulating cooperation in MANETsrdquo in Proceedings of the19th International Teletraffic Congress (ITC rsquo19) Beijing ChinaSeptember 2005

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



has gathered Individual nodes in themselves tend to be weakagainst attacks but could achieve higher level of securitywhenthey form a coalition

In this paper we present a reputation-based coalitiongame-theoretic approach to detect and mitigate insiderattacks on MANETs In our approach nodes implement rep-utation mechanism based on transmission rates Reputationof a node is the collection of ratings maintained by othernodes about the given node [13] The reputation mechanismcan be first hand or second hand depending on whether thereputation values are collected directly or relayedThe choiceof first hand versus second hand will impact the reliability ofthe reputation valuesWe adopt first-hand reputation becausenodes within the transmission range are best equipped toprovide reliable information [13 14]

Different from existing works [15 16] which made use ofan alibi-based protocol and a self-healing protocol respec-tively to either detect or recover from a jamming attackwe make use of a reputation-based coalition game to ensuresecurity in the networkThese approaches are too generalizedandmight not be implementable for a mobile ad hoc networkfor which our system is modeled Ourmodel instead followsa game-theoretic approach by (1) implementing a coalitionformation algorithm (2)maintaining the coalition via a repu-tationmechanism (3) identifying the insider attackers by set-ting up a reputation threshold and (4) excluding the attackersfrom the coalition by rerouting their paths and randomlychanging their channel of transmission This method is fullydistributed and does not rely on any trusted central entity tooperate at optimal performance

The rest of this paper is organized as follows in Section 2we presented relevant works that are closely related to ourapproach in Section 3 we presented the network and jammermodel Section 4 describes the proposed defense model inSection 5 we provide the simulation and result of the modeland finally in Section 6we conclude andpresent futurework

2 Related Work

Previous researches have devoted great efforts to security inmobile ad hoc networksThere is a plethora ofworks that haveused other techniques besides game theory to prevent secu-rity attacks in MANETs Li et al [16] designed a protocol toprotect self-healing wireless networks from insider jammingattacksThe protocol is not applicable toMANET as the pair-wise key design in the protocolworks best in a centralized sys-tem Some other works have only focused on node selfishnessand not on intentional malicious acts or jamming attacks

Marti et al [17] categorized nodes according to a dynam-ically measured behavior a watchdog mechanism identifiesthe misbehaving nodes and a path-rater mechanism helpsthe routing protocols avoid these nodesThe research showedthat the two mechanisms make it possible to maintain thetotal throughput of the network at an acceptable level evenin the presence of a high amount of misbehaving nodesHowever the operation of the watchdog is based on anassumption which is not always true the promiscuous nodeof the wireless interface Also the selfishness of the node does

not seem to be castigated by both the watchdog and path-ratermechanisms in otherwords themisbehaving nodes stillenjoy the possibility of generating and receiving traffic

Also Michiardi and Molva [18] have used a reputationmechanism they termed CORE which is an acronym for col-laborative reputation mechanism They suggested a genericmechanism based on reputation to enforce cooperationamong the nodes of a MANET to prevent selfish behaviorThe only challenge with this mechanism is that it would onlywork for node selfishness whereas there is a greater risk of ser-vice denial in malicious nodes attacks Furthermore reputa-tionmechanismwas also used byCheng andFriedman inP2Pnetworks where the notion of Sybil proofness was formalizedusing static graph formulation of reputation [19] Accordingto the authors this model cannot be generalized becausereputation functions did not depend on the state of thenetwork at previous time steps as well as the current state ofthe network Buchegger and Le Boudec [20] described the useof a self-policing mechanism based on reputation to enablemobile ad hoc networks to keep functioning despite thepresence of misbehaving nodesThey explained how second-hand information is used while mitigating contamination byspurious ratings Their survey pointed out that a reputationsystem is effective as long as the number of misbehavingnodes is not too large

Other works have used noncooperative games to modelsecurity scenarios as well as the corresponding defensestrategies to such attacks [13 21ndash25] Most of these worksfocused on two-player games where all legitimate nodes aremodeled as a single node and attacker nodes are alsomodeledas a single node too this is only valid for centralized networkswhereas MANETs are self-organized networks Thamilarasuand Sridhar formulated jamming as a two-player noncoop-erative game to analyze the interaction between attackersand monitoring nodes in the network The mixed strategyNashEquilibriumwas computedwhile the optimal attack anddetection strategies were derived [22]

Researchers have also used cooperative game theory inthe form of coalition game to ensure security in MANETsMajority of their works have only focused on node selfishnessand not on intentional malicious acts or jamming attacks Yuand Liu presented a joint analysis of cooperation stimulationand security in autonomous mobile ad hoc networks under agame-theoretic framework [26] Their results however showthat the proposed strategies would only stimulate cooper-ation among selfish nodes in autonomous mobile ad hocnetworks under noise and attacks which does not properlyaddress intentionalmalicious attacksHan andPoor [27] usedcoalition game in which boundary nodes used cooperativetransmission to help backbone nodes in the middle of thenetwork and in return the backbone nodes would be willingto forward the boundary nodesrsquo packets

Saghezchi et al [28] proposed a credit scheme based oncoalitional game model the authors provided credit to thecooperative nodes proportional to the core solution of thegame and this distributes the common utility among theplayers in a way that all players are satisfied Mathur et al[29] studied the stability of the grand coalition when users in








119873rarr 119877





V (119862 cup 119879) ge V (119862) + V (119879)


(1)


sum

119894isin119873

119909119894= V (119873) (2)


119909119894ge V (119894) forall119894 isin 119873 (3)








119905(119862)




119905(119862)





119894| be the


119878119905 (119862) =

10038161003816100381610038161198661198941003816100381610038161003816 minus 1 (4)



119863119905 (119862) = max 119879

119905 (119862) (5)





119860119905 (119862)

= max119895isin119862

sum119894isin119862

119875119894119895

|119862|| 119862 = 119894 | 119894 isin 119862 119894 = 119895 119875

119894119895= 0

(6)











119909119905 (119894) =

1

|119862|(120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862)) (7)


sum

119894isin119862

119909119905 (119894) ge V

119905 (119862) (8)




V119905 (119862) =

0 if |119862| = 1

120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862) if |119862| ge 1

(9)


120572 + 120573 + 120574 = 1 (10)

























119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]


119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891


119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))


119894119895




119873 All



119871 where 119902

119871lt 119902119873

lt 119902119880





119891is the



119891 119887119891






119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation
















119873rarr 119877





V (119862 cup 119879) ge V (119862) + V (119879)


(1)


sum

119894isin119873

119909119894= V (119873) (2)


119909119894ge V (119894) forall119894 isin 119873 (3)








119905(119862)




119905(119862)





119894| be the


119878119905 (119862) =

10038161003816100381610038161198661198941003816100381610038161003816 minus 1 (4)



119863119905 (119862) = max 119879

119905 (119862) (5)





119860119905 (119862)

= max119895isin119862

sum119894isin119862

119875119894119895

|119862|| 119862 = 119894 | 119894 isin 119862 119894 = 119895 119875

119894119895= 0

(6)











119909119905 (119894) =

1

|119862|(120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862)) (7)


sum

119894isin119862

119909119905 (119894) ge V

119905 (119862) (8)




V119905 (119862) =

0 if |119862| = 1

120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862) if |119862| ge 1

(9)


120572 + 120573 + 120574 = 1 (10)

























119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]


119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891


119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))


119894119895




119873 All



119871 where 119902

119871lt 119902119873

lt 119902119880





119891is the



119891 119887119891






119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











119905(119862)




119905(119862)





119894| be the


119878119905 (119862) =

10038161003816100381610038161198661198941003816100381610038161003816 minus 1 (4)



119863119905 (119862) = max 119879

119905 (119862) (5)





119860119905 (119862)

= max119895isin119862

sum119894isin119862

119875119894119895

|119862|| 119862 = 119894 | 119894 isin 119862 119894 = 119895 119875

119894119895= 0

(6)











119909119905 (119894) =

1

|119862|(120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862)) (7)


sum

119894isin119862

119909119905 (119894) ge V

119905 (119862) (8)




V119905 (119862) =

0 if |119862| = 1

120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862) if |119862| ge 1

(9)


120572 + 120573 + 120574 = 1 (10)

























119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]


119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891


119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))


119894119895




119873 All



119871 where 119902

119871lt 119902119873

lt 119902119880





119891is the



119891 119887119891






119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation















119909119905 (119894) =

1

|119862|(120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862)) (7)


sum

119894isin119862

119909119905 (119894) ge V

119905 (119862) (8)




V119905 (119862) =

0 if |119862| = 1

120572119878119905 (119862) + 120573119860

119905 (119862) + 120574119863119905 (119862) if |119862| ge 1

(9)


120572 + 120573 + 120574 = 1 (10)

























119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]


119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891


119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))


119894119895




119873 All



119871 where 119902

119871lt 119902119873

lt 119902119880





119891is the



119891 119887119891






119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation





























119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]


119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891


119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))


119894119895




119873 All



119871 where 119902

119871lt 119902119873

lt 119902119880





119891is the



119891 119887119891






119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












119894119895(119910) =

119910

119877119894119895

(7) else(8) Set V

119894119895(119910) = 0 if 119910119877

119894119895le 119887119891[34]


119894119895(119898) =

119898

119877119894119895

(13) else(14) Set 119896

119894119895(119898) = 0 if119898119877

119894119895le 119879119891


119894119895= 119877lowast

119894119895+ 120590 lowast (V

119894119895(119910)) minus 120582 lowast (119896

119894119895(119898))


119894119895




119873 All



119871 where 119902

119871lt 119902119873

lt 119902119880





119891is the



119891 119887119891






119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











119871


119894119895lt 119902119871

regular if 119877119894119895

ge 119902119871

(4) if 119877119894119895is below 119902

119871then


119871regroup again


119894119895greater than 119902

119871are retained







52 Results




1198800975


070





0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


4 15 30 45 53 56 61 64 68 80 90Time (ms)

0010203040506070809

1

Del

ay





0010203040506070809

1

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes


0 39 45 55 65 80Time (ms)

0

01

02

03

04

05

06

07

Del

ay


0

02

04

06

08

1

12

0 05 1 15 2 25 3 35 4 45

Thro

ughp

ut

Time (ms)

AttackersNodes





0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










0

005

01

015

02

025

4 39 42 48 54 57 65 69 82 100

Del

ay

Time (ms)


1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 96Time (sec)

LegitimateAttacker

0

02

04

06

08

1

12

Repu

tatio

n






020406080

100120140160180200

10 20 30 40 50 60 70 80 90 100

Num

ber o

f obs

erva

tions

Time (sec)



0102030405060708090

5 10 20 40 80

Aver

age p

ayoff

for j

amm

ers (

)

Coalition size

120582 = 01120582 = 03

120582 = 05120582 = 07







0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










0010203040506070809

1

10 3020 40 50

Ove

rhea

d (

)

120572 = 02

120572 = 04

120572 = 06

120572 = 08



0102030405060708090

100

5 10 20 40 80

Adm

ittin

g pr

obab

ility

()

Coalition size

120573 = 07

120573 = 05

120573 = 03

120573 = 015






0

01

02

03

04

05

06

5 10 20 40 80

Deg

ree o

f con

gesti

on

Coalition size

120574 = 02

120574 = 04

120574 = 06

120574 = 08



Notations



coalition 119862





coalition 119862



119877lowast








value

Competing Interests



Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Acknowledgments


References








































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation

















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









Documents

Research Article Detecting and Mitigating Smart Insider ...downloads.hindawi.com/journals/jcnc/2016/4289176.pdf · formation of the grand coalition because they belong to the smaller