Printer Friendly

Some investigation on trust methods in MANET.


MANETs are multi-hop network in which the topology is dynamic in nature where the collaboration is an important factor for the effective operation of the network. In multi-hop network the node can forward packets of other nodes, the forwarding nodes are called as intermediate nodes. All nodes are capable of acting as packet forwarder. In this environment all nodes will trust all other nodes that is every node is willing to forward the packets of the others. This makes the environment volatile if the intermediate nodes become malicious by not cooperating for the group activities like not forwarding the packets that belongs to routing and query processing. The selfish node save its own energy by not forwarding other nodes packets [1]. This situation become more complex if the malicious node tried and succeed in making other node as malicious, this will affect the overall performance of the entire network [2]. The various method that addresses the misbehavior are based on reputation-base system, acknowledgment-based system and credit-based system, these methods evaluate the nodes behavior based on the number of packets forwarded in a particulate time by observing a node.

The observation is time consuming operation and also consumes more battery power [3] [4]. In the proposed method the node behavior is recorded at regular intervals and after taking the behavior value the node calculate the belief value, to determine whether the node is lair or not. The behavior can be decided base on the functionally of the network, it can be the packet forwarding behavior, or its contribution to the query processing behavior. In case of packet dropping attack the nodes are monitored for number of packet forwarded to the number of packets dropped over a period of time [5], if the value is beyond the some defined threshold the node is identified to be malicious one. In this paper an efficient method is developed to find the lair node which is less resource consuming process and shows significant improvement in terms of network throughput and functionally.

I. Related Work:

This section presents some of the existing works related In networks wherever aggregation is wont to get the result on device network the main objective is to classify those node that are trusted node that contribute to the aggregation calculation. In [2] a secure hierarchical in- network aggregation in wont to establish the misdemeanor node and stop them from collaborating within the aggregation calculation.

In credit based systems the behavior are associated with credit. If the forwarding behavior is considered then the node which forwards more packet will get more credit. This credit information is shared with all its neighbor nodes, the node will select the path that consists of node with more credit value [6]. In this method there is the possibility of tampering the credit value counter so to protect it a common node is allocated for the counter value and this node is given with extra protection. A sprite is a credit based system in which the nodes will collect receipt for the successfully transmitted or forwarded packet, later this receipt can be used to collect credit form the credit clearance service. In some other methods the credit token are secured with cryptographic method, the cryptographic functions are provided by a secure collections of virtual backbone node.

In more complex systems behavioral patterns are used to build the reputation-based system using some reputation such system is CONFIDANT method[8], in which one node will monitor the behavior of the neighboring node based on the overhearing mechanism, these observed values are used to calculate the trust value of a node. The Bayesian model is used to map the value collected from nodes to make a decision about the behavior of the node. The SORI system uses the information that a node observed by itself and also the values that are given by other nodes as recommendation for calculating the trust value. In CORE the nodes are assigned with task specific monitoring, the monitoring become more complex if the channel is of multiple in nature and if the antenna is of directional. The overhearing on neighbor nodes consumes more energy since the nodes are operating in unreliable environment where the node has to use high power in order to listenthrough environment.

Some system uses the acknowledgment [11] as the source to verify the behavior of the nodes. In this method the nodes will send an acknowledgment after forwarding the packet. In some cases the acknowledgment are send to two hop in order to convey its cooperativeness. The unacknowledged packets are kept in buffer until the timer expires. The values are calculated on the bases of number of packets acknowledged and number of packets unacknowledged, if the value is too large the observed node is to be lair or malicious node [12]. The traceroute method can be used by the source to find out the path, in which the traceroute packet will be different form that of data packet. This traceroute packet will be used to identify the node that is malicious in nature. In this paper a method to find malicious node is proposed, the aim is to find the lair node and isolate it from the being participate in network activities.

II. Proposed Method:

The network become more manageable if the belonging nodes are grouped. Since in MANETs the topology is uncertain the grouping can be realized using clustering technique. Clustering is twofold process in first step the nodes will participate in an election processes to select a suitable cluster head (CH), on successfully selection of CH is followed by the cluster member joining phase, in which the nodes will join to the nearby CH. Once the clustering is completed the node will perform the normal operation since the malicious nodes will wait for some time to activate. In top-k query processing result accuracy is depends on the values that are contributed by all the nodes, the cluster head is responsible for the collection of result and aggregation. The proposed method aims to narrow down the node that contributes malicious behavior.

A. Clustering:

The network is deployed with 60 nodes. Each node is assigned with unique identification number. The clustering process consists of two phases, first one is cluster head election and the second one is the node joining phase.

1) Cluster Head Election:

In query processing network the base station or CH will do more processing when compare to that of normal, so the CH has to possess enough amount of battery power when compared with other nodes and also it is more important to maintain a stable cluster structure. So the cluster head has to be with more battery backup and should be more stable when compare with other nodes. The CH election algorithm is based on weight that are associated with the battery power and mobility pattern of the node. The weight value are calculate by all the nodes and they are compare with its neighbors, the node with highest weight value be declare itself as cluster head.

The process starts with the measurement of nodes battery power. The node are allowed to transmit a light weight HELLO packet which is used to find the neighbors of each other, during this process the batter power are measured. The batter power is suitably called as residual energy, since at the time of calculation the battery power are being consumed by the nodes activities. The node residual energy is calculated based on the given formula,

[R.sub.i] = -([T.sub.i] + R[E.sub.i] + [I.sub.i]) (1)

Where n is the number of nodes n > 0, and [T.sub.i] be the energy need for the transmission of packet of length 16 byte, [R.sub.i] be the energy need for the receiving of the packet of length 16 byte, [I.sub.i] be the energy consumed when the node is ideal. Each node measure the (T, RE, I) values and share them with its neighbours, the values are used to calculate the residual energy of the node. The mobility pattern of a node can be effectively measured by means of stability factor.

The stability factor is the measure of deviation in the movement of node when compared with that of the movement of another chosen reference node. The node with lesser deviation will be the suitable candidate for CH election. The distance between two nodes can be obtained based on the number of hops between the given two nodes, the hop is calculated based on the packet send and received. In this method the highly density area is selected where more number of nodes are available. Among them a node is selected at random, call it as candidate node (CAN). Then the distance between the CAN node and every other node is measured at regular time interval for a defined time window. Based on the observed values the threshold distance is calculated (average of all the distance value). Then the measured distance value are compared with the threshold value, if it is greater than the threshold than the CAN node is not stable that is its mobility is high, if the value is smaller than the threshold then CAN node is in less motion. Each time the distance is calculated and if the distance is larger than the unstable count is increased by one. The formula to calculate the stability factor is give as,

STB = 1/n [[summation].sup.n.sub.i=1] 1--unstable Value [n (i)] / time (2)

After calculating R and STB values for a node the total weight is calculated based on the formula 3.The node with highest weight is act as cluster head, if two nodes have the same weight value than the node with lowest ID is selected as cluster head, where [W.sub.1], [W.sub.2] are weight association which is used to get fair result and their sum is 1.

W = [W.sub.1]R + [W.sub.2]STB (3)

2) Cluster Formation:

The node with the larger weight value will become the cluster head. The CH will broadcast its presence, the nearby nodes which hears this broadcast will send the joining request to the CH, and the CH will accept the nodes that have a strong link to it. In case of cluster head failure or if the head moves to another region the cluster head election is performed followed by cluster formation. In this method an optimized cluster formation technique is implemented in which if the cluster head is changed the nodes are allowed to change only the associated CH id to new CH id, they don't need to send request message, instead of request the member node will send the YES packet if they opt to stay in the same cluster but with the new CH. The YES packet act as attendance based on it the new CH will get the clear picture of the cluster structure.

The each cluster head can communicate with other cluster head using the gateway node. In each cluster some node will hear the communication of nearby cluster head and these nodes will act as gateway node which takes packets form one CH to another CH.

B. Attack Model:

The nodes are arranged in cluster like structure under the CH. The malicious nodes will wait for a random amount of time before becoming malicious. False Notification is one such attack, in which the node will contribute false information for all type of query [7]. The nodes which are consider to be malicious will be present anywhere inside the given network. The malicious nodes will know about the mechanism of detection so they will employ method to hide themselves.

The main function of malicious node is to degrade the network functionality and to remain in stealth mode. Some nodes are called as independent misbehaviors, they will switch between honest and misbehavior activities during a course of time, which is very complex to identify such type of independent malicious nodes. In some cases the malicious node will tries to share their information with another malicious node about the activities of honest nodes this type of activity is called colluding.

The mechanism against malicious behaviors can be eliminated based on the trust calculation. The trust calculation is based on the values supplied by other nodes as recommendation or observed by the node themselves. The liar nodes will contribute its own false value to the network to influence its own result, example a sensing node says that less rain fall in an area A, but another honest nodes reporting the original reading. This can be eliminated by comparing the major results but it become worse if a node switches between liars to honest and vice versa. Majority of liar detection algorithm will fails to bring out the liar node.

C. Malicious Node Identification Methods:

The basic qualification of any attack prevention system has to full the following four properties,

* The node must perform the defined task or not.

* The aggregation and propagation of trust value should not increase the trust value.

* The multipath propagation of the value should not contribute the lower values for trust.

* The individual and group based trust calculated value should not be largely deviated.

The trust is nothing but the honesty of a node. In the network if any one node trust another node, it believes the trusted node will not lie when providing information or it will do the stated service as is described before. The trust calculation methods can be implemented by satisfying all the rules or it can satisfy only few rules[9]. The probability based trust estimation realizes all the rules.

1) Probability Based Malicious Node Identification:

It is the one of the method used to measure the trust value of a node. In this method the nodes are represented as graph, the edges are provided with weight value [17]. The trust relationship between two entity based on some specific action can be represented in 3 tubules T :(Entity, Peer, Event), where Entity is the node which is measuring of some Event in the Peer node, the T be the trust value. The probability value can be given as P: (Entity, Peer, Event). Consider three nodes X, Y, Z, in which Y is node that makes recommendation to node X about some event that is performed by Z. The probability that the recommendation send by Y is considered as trust by X is given by [P.sub.XY], it can be written as P : (RM (Entity, Peer) -> E (Event)), in terms of X, Y, Z the probability is P: (RM (X, Y) -> E (Z)).The probability that the event will happen at Z base on the Y observation is given by [P.sub.YZ]: (OB (Y) -> E (Z)).The probability that the node Y will recommend the correct value is given by P (Y), and the probability value that the Z will perform the correct operation also the Y makes a positive recommendation P (E (Z)) -> OB (Y) = 1, and P (E (Z)) -> OB (Y) = 0, the event will happens but the Y don't make a positive recommendation. Then the probability that X believes from Y that the Z will perform the correction action can be obtained using the formulas

[P.sub.XYZ] = P (Y) * (P (E (Z)) -> OB (Y) = 1) + (1- P (Y)) * (P (E (Z)) -> OB (Y) = 0) (4)

The node X don't have the values for the following, so it will replace the values as shown below,

* (P (E (Z)) -> OB (Y) = 1 replaced as [P.sub.YZ].

* P (E (Z)) -> OB (Y) =0

* P (Y) replaced as [P.sub.XY].

So the equation (4) becomes, the trust value of T: XYZ is 0 if the trust value of T: XY is zero. We can say there is a 0.5 probability for the [P.sub.XYZ] and [P.sub.XY] this value are applied to equation (5)

[P.sub.XYZ] = [P.sub.XY] * [P.sub.YZ] + (1 - [P.sub.XY])) * (P (E (Z)) -> OB (Y) = 0) (6)

[P.sub.XYZ] = [P.sub.XY] * [P.sub.YZ] + (1 - [P.sub.XY])) * (1 - [P.sub.YZ]) (7)

The equation is used to calculate the trust values and if the recommendation comes from many sources as the x gets recommendation form a and Ythe problem of data fusion will occur so the data fusion model is used, such that the recommendation are from independent source (assumed), the [P.sub.AZ] is calculated as shown in (8) using this the multipath trust value can be calculated.

PXZ / 1-PXZ = PXYZ * PXaZ / (1-PXYZ) * (PXaZ) (8)

2) Fuzzy based Malicious Node Identification:

The probability based method that is stated above may sometime misses the accuracy due to uncertainty in among the nodes activity over time. So Fuzzy based method is use to eliminate the uncertainty in the trust calculation[10][11]. Let CA (t) be the value used to state the capability level of the node for a particular service or functionality based on the nodes resources. Let HR (t) be the logged date at time t based on the observation done on some event on any given node. The trust value for the node at time t+1 is given by TR (t+1). The fuzzy member ship functions for CA (t) {LOW, MODERATE, GREAT} and H (t) {LOW, MODERATE, GREAT, GREATER}. Based on this the fuzzy rule is given below,

* If the node have less capability than the node will perform low on any functionality so first ROW be Low.

* If the node have moderate capability to perform a particular service than the performance level will be {L, M, GR}, in some extreme cases the node will perform greater.

* If the capability is greater than the node will expose the functionality at all levels {L, M, G, GR}.

The inference relation for the given rule is give as R = H[R.sub.t] * C[A.sub.t] * T[R.sub.t] (9)

The equation (8) can be written as[for all] a [member of] HR, b [member of] CA, c [member of] TR, Rl (a, b, c) = HR (a) AND CA (b) AND TR (c) (10)

Then for all n rules the inference relation can be written as, R (a, b, c) = [[summation].sup.n.sub.1=1] = Rl (a, b, c) (11)

The trust value for each pair of input can be calculated using the equation as give in (11), with the help of defuzzification the individual nodes trust value can be found c [member of] [0, 1].

TR = (HR * CA) x R (12)

3) Trust Based on Observation and Recommendation:

This in the non-centralized method the uses all the available value to calculate the trust between the two nodes that likes to interact [9]. The values for trust calculation are contributed by direct, indirect method and a belief function [14] [15], the overall calculation with weight factor will give the trust value. Each node in the network will execute the trust evaluation algorithm and they keep track of past trust value of and node that have interacted. The evaluation is centred around nodes experience on the past behaviour of node and the recommendation information are used as supporting [16]. In this method the trust value is measured as continuous value which ranges for [0, 1], in which 1 denotes the node is more trusted and 0 denotes the node non-trust node and 0.5 states that the node cannot be judged that is the value uncertain.

[T.sub.ij=] [W.sub.1] * Obs + [W.sub.2] * [T.sub.ij]Rec + [W.sub.3] * [T.sub.ij]Con (13)

The formal as shown in (13) is used to calculate the trust value between any two give nodes i, j. The [T.sub.ij] is the trust value of node j measured by node i, [T.sub.ij] Obs is the observed (Direct) trust value, [T.sub.ij] Rec be the Recommended (In-Direct) trust value and [T.sub.ij] Con be the confidence level of a node on another node (node i trust the value received form node j if the confident level between node i and j is high). The algorithm start with the measurement of direct trust value, each node will have two variable [alpha], [beta] > = 0 these variable are incremented base to on the events. The variable [alpha] is incremented if the observed node does the stated action or an event takes place in the point of observing node, and [beta] is incremented if the stated action or the even not take place in the observed node. Than the trust value is calculated based on the following formula,

P1 = [[summation].sup.n.sub.i=1] = [alpha] (i) (14)

P2 = [[summation].sup.m.sub.j=1] = [beta] (j) (15)

In which P1 be the summation of all correct action or event recorded and P2 be the summation of all wrong action or event recorded between node i, j. Based on (14) and (15) the observed trust value is calculated using the equation shown in (16).

[T.sub.ij] Obs = p1 / (p1 + p2) (16)

The node will observe the events or actions and calculate the trust value, that the calculated trust value is shared with other nodes is called as recommendation or in-direct trust value. Consider three nodes a, b, c in which the node b observer the events on c, the observed value are send to a as recommendation, based on the values received at a, a will calculate P1', P2', if n recommendation are arrived from a node denoted as k = 1, 2, 3, ... n than the trust is calculated as shown in (17).

[T.sub.ij]Rec = [[summation].sup.N.sub.K=1] P1 (Kj) / P2 (Kj) + P2 (Kj). (17)

The last component is the addition of confidence trust, in which the recommendation are accepted only from the already interacted node with high trust value. The values obtained from such trusted recommender are used to calculate [alpha], [beta]. Based on this method the confidence trust is calculated as given in the equation(18) using (14,15).

[T.sub.iK] Con = P1 (ik) / P1 (ik) + P2 (ik) (18)

In order to decrease the impact of historical value being take place in trust calculation, the equations are changed, if the value observed at t+1 is new than use (19) or if the observed value are same than use (20) in which [gamma] [member of] (0, 1).

[alpha] = [[alpha].sup.old] * [gamma] + [[alpha]], [beta] = [[beta].sup.old] * [gamma] + [[beta]] (19)

[alpha] = [[alpha].sup.old] * [gamma], [beta] = [[beta].sup.old] * [gamma] (20)

The values obtained from (16, 17, 18) are used in (13) to calculate the trust value and the weight W1, W2 and W3 are dynamically updated based on the network environment.

D. Use of Cluster Structure in Trust Model:

The cluster head will start the trust evaluation model, the cluster head will decide the selection of the evaluation model. The nodes which are isolated as untrustworthy they will be the liar and a blacklist is created. The blacklist consists of node identification, which includes the physical address, current logical and Cluster address, validity. The CH will circulate the list among all CHs. The validity state how long a node gets block status, this use full to give the malicious node a second change to be fair.

The proposed system is implemented in NS2 with the following parameters as show in table 2.


This section presents the performance results of the proposed. The results are analyzed and evaluated in terms of

* Malicious node identification percentage.

* Throughput.

* Packet loss percentage.

The network in loaded with 50 % percentage of malicious node that will not co-operate. The experiment is started with 60 node, in which 4 node are assigned the processing of classification on malicious node. Each node is capable of executing all the three algorithms and the results are shown in fig 1. The observation based on the recommendation is showing better performance that the others, the probability based method is showing performance comparable with observation method.

The fuzzy rules are clear but under some uncertainty conductions the fuzzy method are not adaptable so their classification capability is low when compared with other two methods.

The throughput computation is done with the help of nodes servicing capability. The experimental setup consists of 60 nodes with 40 service hosted in the network and the nodes are allowed to make the service request. The number of malicious node are gradually increased and the throughput based on the service success rate is evaluated for the give 3 methods, the observation method finds the malicious node in faster so the throughput for the observation based method shows better throughput.

The packet loss is compared with the all three methods, the packet loss in observation method is maintained even the number of malicious nodes is increasing.


The proposed work comes out with the adaptable solution for finding malicious nodes based on their behavior. This paper compares three method in terms of malicious node identification, throughput and packet loss percentage. These methods are implemented in a cluster environment, so the finding will propagate from one cluster to another through cluster head. The identified malicious nodes are included in a shared blacklist, every other node will not make any interaction with the nodes in blacklist. The comparison shows the observation method based on recommendation shows significant performance characteristics among other methods. The future enhancement of this work can be narrow down to attack elimination using some cryptography means.


[1.] Buttyan, L. and J.-P. Hubaux, 2003. "Stimulating cooperation in self-organizing mobile ad hoc networks". ACM/Kluwer Mobile Networks and Applications, 8: 05.

[2.] Liu, K., J. Deng, P. Varshney and K. Balakrishnan, 2006. "An acknowledgment-based approach for the detection of routing misbehavior in manets". IEEE Transactions on Mobile Computing, 6(05): 536-550.

[3.] Padmanabhan, V.-N. and D.-R. Simon, 2003. "Secure traceroute to detect faulty or malicious routing". SIGCOMM Computer Communication Review, 33: 1.

[4.] Zhong, S., J. Chen and Y.R. Yang. 2003. "Sprite: A simple cheat-proof, credit-based system for mobile adhoc networks". In INFOCOM'03.

[5.] Chan, H., A. Perrig and D. Song, 2006. "Secure hierarchical in- network aggregation in sensor networks", in Proc. CCS, pp: 278-287.

[6.] Jakobsson, M., J.-P. Hubaux and L. Buttyan, 2003. "A micropayment scheme encouraging collaboration in multi-hop cellular networks". In Proc. of Financial Crypto.

[7.] Marti, S., T. Giuli, K. Lai and M. Baker, 2000. "Mitigating routing misbehavior in mobile ad hoc networks". In Mobi Com, pp: 255-265.

[8.] Buchegger, S. and J.-Y. Le Boudec, 2005. "Self-policing mobile ad hoc networks by reputation systems", Communications Magazine, IEEE, 43(7): 101-107.

[9.] Ali Aydin Sel.,cuk, Ersin Uzun,Mark Re,sat Pariente, 2008. "A Reputation-based Trust Management System for P2P Networks", International Journal of Network Security, 6(3): 235-245.

[10.] Ghorpade, R. 2008. "Fuzzy Logic based Trust Management Framework for MANET", DSP Journal, 8 (1): 83-98.

[11.] He, Q., D. Wu and P. Khosla, 2004. "SORI: A secure and objective reputation-based incentive scheme for ad-hoc networks", in Proceedings of the Third IEEE Wireless Communications and Networking Conference, WCNC 04, Atlanta, GA, US, 2: 825-830.

[12.] Mundinger, J., J. Le Boudec, 2005. "Analysis of a Reputation System for Mobile Ad-Hoc Networks with Liars", pp. 41-46, Third International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt'05).

[13.] Farag Azzedin, Ahmad Ridha and Ali Rizvi, 2007. "Fuzzy Trust for Peer-to-Peer Based Systems", World Academy of Science, Engineering and Technology, 27.

[14.] Megha Jain, Karan Saxena, Nitin Kumar, 2016. "Trust Management in Manet", Imperial Journal of Interdisciplinary Research (IJIR), 2(5): 1304-1305.

[15.] Govindan and P. Mohapatra, 2012. "Trust computations and trust dynamics in mobile adhoc networks: A survey, "IEEE Commun. Surveys & Tutorials, 14(2): 279-298.

[16.] Zhexiong, W., H. Tang, F.R. Yu, W. Maoyu, P. Mason, 2014. "Security Enhancements for Mobile Ad Hoc Networks With Trust Management Using Uncertain Reasoning," IEEE Transaction on Vehicular Technology, 63(9): 4647-4658.

[17.] Yan Lindsay Sun, Wei Yu, Zhu Han, K.J. Ray Liu, 2006. "Information Theoretic Framework of Trust Modeling and Evaluation for Ad Hoc Networks", IEEE Journal On Selected Areas In Communications, 24(2): 305-317.

(1) S. Venkatesh Babu and (2) Dr. C. Kezi Selva Vijila

(1) Asst. Professor, Christian College of Engineering and Technology, Oddanchatram, Dindigul, India.

(2) Professor, Christian College of Engineering and Technology, Oddanchatram, Dindigul, India.

Received 18 January 2017; Accepted 22 March 2017; Available online 28 March 2017

Address For Correspondence: S. Venkatesh Babu, Asst. Professor, Christian College of Engineering and Technology, Oddanchatram, Dindigul, India. E-mail:

Caption: Fig. 1: Malicious Node Classification

Caption: Fig. 2: Throughput

Caption: Fig. 3: Packet Loss
TABLE I: Fuzzy Rule

HR (t) / CA (t)   L   M   G   GR

L                 L
M                 L   M       GR
G                 L   M   G   GR

Table II: Simulation Parameter

Simulation area            1500 m x 1500 m
Number of nodes            60
Mobility model             Random way point
Node communication range   250m
Speed                      5-25 m/s
Routing protocols          DSR
MAC                        802.11
Traffic source model       Constant Bit Rate(CBR)
Simulation time            850 seconds
COPYRIGHT 2017 American-Eurasian Network for Scientific Information
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2017 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Babu, S. Venkatesh; Vijila, C. Kezi Selva
Publication:Advances in Natural and Applied Sciences
Article Type:Report
Date:Mar 1, 2017
Previous Article:Malicious node identification in MANETs based on false information.
Next Article:Survey report on MANETs trust management.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |