Content uploaded by Dr Sachin Kumar Gupta
Author content
All content in this area was uploaded by Dr Sachin Kumar Gupta on Sep 13, 2023
Content may be subject to copyright.
Received: 6 March 2022 Revised: 18 April 2023 Accepted: 29 August 2023
DOI: 10.1002/ett.4858
RESEARCH ARTICLE
Efficient selfish node detection using SVM in
IoT-MANET environment
Subhankar Ghosh1Anuradha Banerjee2Abu Sufian3Sachin Kumar Gupta4,5
S. H. Alsamhi6,7 Abdu Saif8
1Department of Computer Science &
Engineering, Regent Education and
Research Foundation, Kolkata, India
2Department of Computer Application,
Kalyani Government Engineering
College, Kalyani, India
3Department of Computer Science,
University of Gour Banga, Malda, India
4Department of Electronics and
Communication Engineering, Central
University of Jammu, Samba, Jammu, UT
of J&K, India
5School of Electronics and
Communication Engineering, Shri Mata
Vaishno Devi University, Katra, Jammu,
UT of J&K, India
6Centre for Data Analytics, Senior
Research Fellow at the University of
Galway, Galway, Ireland
7Electronic Engineering, IBB University,
IBB, Yemen
8Department of Communication and
Computer Engineering, Faculty of
Engineering and IT, Taiz University, Taiz,
Yemen
Correspondence
Sachin Kumar Gupta, School of
Electronics and Communication
Engineering, Shri Mata Vaishno Devi
University, Katra, 182320, Jammu UT of
J&K, India.
Email:sachin.gupta@smvdu.ac.in
Abstract
The communication between nodes in the Internet of Things-based mobile
ad-hoc networks environment is typically dependent on their selfless attitude.
Whenever a node needs to send a message to another node in the network,
it needs the help of one or more nodes to act as a router(s) that will bridge
the gap between the source and the destination. All these selfless forwarding’s
require energy, bandwidth, and other resources. Therefore, some routers often
raise a link breakage attack to save their resources. They keep silent after receiv-
ing a message; neither they acknowledge it nor they forward it. These selfish
nodes must be identified and carefully avoided while choosing routes; other-
wise, numerous messages will have to be resent, including control messages like
route-request. The identification depends on the past behavior of the node as
well as velocity, the direction of movement, current geographical location and
so forth. This article presents a support vector machine-based node classifica-
tion method that checks whether nodes are intentionally issuing a link breakage
attack or it is really out of the radio range of its predecessor. The simulation
results of the proposed method demonstrate that the proposed technique can
correctly detect most of the selfish activities in the network and that also in
much lesser time. It also enhances the packet delivery ratio and reduces delay
and energy consumption.
1INTRODUCTION
A mobile ad-hoc network (MANET) consists of multiple battery-powered nodes that exchange messages with each other
either directly or indirectly with the help of some router nodes, which bridge the gap between a predefined sender and
receiver. Since these networks do not require any existing infrastructure or centralized administration, they are suit-
able for deployment for group-wise independent communications in the Internet of Things (IoT).1-4 This IoT-MANET
Trans Emerging Tel Tech. 2023;e4858. wileyonlinelibrary.com/journal/ett © 2023 John Wiley & Sons, Ltd. 1of24
https://doi.org/10.1002/ett.4858
2of24 GHOSH .
communication environment is very useful in radio communication on battlefields, after natural disasters,
vehicle-to-vehicle communication, different healthcare applications and so forth.5,6
There are several neighbor nodes for each node based on its radio range, but the radio range’s value is also limited.
Hence, a node cannot communicate with non-neighbors unless some selfless nodes provide their forwarding service
to the sender node.7,8 Nodes often tend to the selfish because they have to sacrifice their battery power for the sake of
others, and nodes always try to maximize their lifetime, that is, residual battery power.8Therefore, several techniques
havebeen proposed toemerge aselfless forwardingservice among nodes,9-25 these are brieflyreported in the related works
section. Some handle selfish and malicious activities while others are restricted to identifying and punishing selfish nodes
only. There are different types of attack mechanisms that are emulating, such as link breakage, slander attack, masking
attack, deliberately delaying the traffic, collision attack and so forth are mention-worthy.26 Among them, this article has
considered detecting link breakage attacks, which is one of the most critical attacks in this type of network environment.
Here, we have proposed a support vector machine (SVM)-based efficient node classification method, called SVM-ECN
for the same purpose. The proposed method has considered the current situation of a neighbor node in terms of position,
velocity, the direction of movement and so forth along with its past behavior for designing an effective technique for
node selection after classification.9The simulation results confirm that the proposed technique is better than the current
state-of-the-art. This has been measured in terms of correct detection of attacks (CDA), avoidance of attack during data
communication (AADC), RREQ transmission by attackers (RRTA), packet delivery ratio (PDR), average delivery delay of
data packets (ADDDP), and the average lifetime of network nodes (ALNN).
The following are the main features of the proposed method:
1. SVM-basednode arrangement methodthat givesinstructions whether nodesare calculatedly dispensinga linkfracture
attack or it is really out of radio range.
2. Selfishnodes always prefertomaximize theirencouragement and thereforechoose to be compliant whereverpotential.
3. The capability or purpose to cooperate with the ancestor is predicted using an SVM.
4. SVM-ECN creates even if a node may decide not to cooperate with some other; it will have to occupy significant energy
and time by strongly progressing messages of others.
1.1 Innovation and motivation
Based on reported studies in the literature, we arrived at the understanding that among all methods used by the attacker,
link breakage is very difficult to detect until and unless both the attacker node and its predecessor (which has assigned
a forwarding task to the attacker) are within radio-range of the monitoring node. Such kind of a topological requirement
cannot always be satisfied in communication paths especially when the nodes are highly mobile and not so dense. The
only way out in this case is to analyze the past behavior of nodes with as much accuracy as possible and find out its
general tendency as a forwarder, that is whether it is “eager to forward” or “not so eager.” This motivated us to design the
problem as a 2-class classification problem and encouraged us to design an SVM to serve the purpose. High accuracy in
the detection of link breakage attacks helps us not to punish the nodes that have crossed the radio ranges of predecessors.
Hence, the number of unjustified blacklists reduces the increasing data PDR in the network. A brief comparative data are
presented in Table 1.
1.2 Organization of the article
Therest of the article isorganized as follows: Section 2detailsthe relatedwork, while Section3illustrates the methodology
of SVM-ECN. Section 4demonstrates the mathematical model of blocklisting recommendation propagation and energy
saving. Section 5presents the simulation result, while Section 6concludes the article.
2RELATED WORK
A detailed description and comprehensive review of secure data aggregation methods in wireless sensor networks has
been prescribed in Reference 10. So far, many studies have been proposed on cooperation among nodes in this type of
network. Some prominent ones have been mentioned here.
GHOSH . 3of24
TABLE 1 Tabular comparison between different methods mentioned in related work.
Name of
the method Associated references Advantages Disadvantages
Cryptography based method 9-11 Less complexity of encryption and
decryption Not suitable for detecting aggressive
malicious activities
Game theory based approaches 14-17,35 Cooperation is enforced among
selfish nodes Not very effective in dealing with
malicious activities of nodes
Trusted body based methods 15,16,22,33 Deployment of sufficient trusted
bodies identify link breakages
with 100⧵% accuracy
Cost of additional trusted bodies
increase cost of ad hoc networks
Cluster based methods 30-32 Clusterheads can identify all
malicious activity inside a cluster
with 100⧵% accuracy
Additional cost is imposed due to
formation of clusters
Watchdog based methods 23-25 If a watchdog can be deployed for all
links, then all link breakages can
be identified
Deployment of watchdog incur
additional cost
The study in Reference 11 presented a non-cooperative power control technique without a pricing mechanism. The
authors that study used stochastic fictitious play and reinforcement learning algorithms in their method, where the
method has three distinct features—user’s decision, dynamics arising, and does not need any information exchange. The
study in Reference 12 proposed a technique to suppress selfish behavior in the networks. Cryptography techniques were
used to hide the destined address of packets, so those selfish nodes cannot take selective decisions to drop the packets.
Studies in Reference 13 presented local watchdog mechanisms with an improvement of functionality in each step.
MD5-based cryptography mechanism is used to generate a signature that is matched with the same receiver. If these
two do not match, then the malicious activity is detected. Similar methods have been proposed in References 14 and 15
to identify selfish and malicious nodes in MANETs. They are activity-based overhearing, iterative probing, and unam-
biguous probing. The specific sensor applies these methods to detect and exclude selfish and malicious nodes from data
communication routes. Sensors generate observations that are either positive or negative, representing cooperation and
non-cooperation, respectively. These sensor ratings are combined into a local rating propagated within a predefined geo-
graphical area signed with the private keys of each node. So that credibility of the rating remains intact and trustworthy.
Techniques like iterative probing, unambiguous probing and so forth require a dummy or probe packet to be transmit-
ted along the selected network path of communication, which eats up bandwidth degrading the flow performance in the
network.16 This is a huge cost paid to identify malicious activities of nodes. However, if an attacker accidentally forwards
the probe packet and then raises a link breakage attack for actual data packets, then it will incur complete loss and no
gain at least for that particular communication session. An attacker may be clever enough to forward a small number of
packets in between breaking links for a large number of packets.
Attacker/defender game-based approaches are proposed in References 17-20. This approach focused on the concept
that if the advantage produced by a malicious node is higher than the damage it causes, then it is always better to exploit
the node instead of black-listing it. In References 21 and 22, token-based umpiring techniques (TBUT) are proposed,
where the neighbor of a node work as an umpire. Accordingly, tokens are issued to a node that is being monitored, and
this token is like a citizenship card required to remain active in the network. Messages of a node are not forwarded until
and unless a valid token accompanies them. Each token has a time limit after which it is not valid. Cooperation needs to
be continued to earn tokens. The main difficulty of TBUT is that it applies neighbors of a node to watch its behavior and
identify its selfish as well as malicious activities. But if that suspicious node is not within radio range of the monitoring
node(s), then malicious behavior of the suspicious node will not be detected. So, this scheme works well for a very highly
dense environment, although, nevertheless, it takes a significant time and energy of monitoring nodes, which degrades
theperformance of the system. especially if call arrival rates and/or message transmission ratesof thosemonitoring nodes
are high, then they will find little time to identify selfish and malicious nodes.
Game theory-based methods (GTMs) are proposed in Reference 23 where incentives are given to nodes. Selfish nodes
always prefer to maximize their incentives and therefore choose to cooperate wherever possible. Thus, the stability and
reliability of the network improve as far as the detection of selfish nodes is concerned. However, this scheme will not
4of24 GHOSH .
work for malicious nodes because malicious nodes will not need to maximize incentives; rather they need to maximize
the damage they can cause to the network. In Reference 24, a set of monitoring nodes is applied for anomaly detection.
These nodes cooperate and collaborate by exchanging details. The data collection component is responsible for collecting
the features of each node from the control packet and data packet transmissions. Based on this collected information, the
fuzzy logic decision is applied to detect lightly or heavily suspected nodes. in this scheme, additional monitoring nodes
require additional cost. They have to find time and use their energy for these monitoring tasks. Features are collected from
both control and data packets from which fuzzy logic-based decision is applied to identify malicious activities. However,
the accuracy of these fuzzy logic-based decisions cannot be mathematically measured for a given dataset and therefore,
only simulation results have been prescribed by the authors here to support the claims.
The scheme proposed in Reference 25 is particularly suitable for a network that applies AODV routing. It produces
a minimum number of false-positive detection of selfish nodes both for RREQ and data packets. The authors claim that
the scheme produces specific and significant improvements in PDR and end-to-end delay. The study in Reference 27 has
proposed an evolutionary self-cooperative trust technique that imitates cognitive processes. The technique depends on
trust-level information to prevent various attacks and evaluate the performance. In Reference 28 proposes a decision tree
technique to detect selfish nodes. However, it does not work for malicious ones. Other works in References 18 and 29
addressing a similar problem, CORE and CONFIDANT19 is mention-worthy. As soon as these techniques detect selfish
and malicious activities, they punish those nodes by isolating them. They will not raise any attack like emulating link
breakage, deliberately delaying the traffic, or injecting enormous traffic and so forth. Also, all will ignore their recom-
mendations to blacklist others, which refrains them from issuing slander attacks. At this point, since each attacker has
zero capability to raise any attack, collision among them will not be able to cause any harm because nobody will listen to
them or depend on them. CONFIDANT and CORE are typically reputations based. They detect link breakage attacks if
no acknowledgment is received even after three consecutive transmissions. But in a highly mobile environment, this may
lead to unjustified isolation of nodes that moved out of the radio range of their predecessors in between a live communi-
cation session. If a large number of such nodes get isolated from the network, then packet forwarding will be hampered
leading to a very low PDR. Inspired by the CONFIDANT method, Karakostas et al. came up with an emergency connec-
tivity protocol for catering to selfish and malicious activities by nodes in Reference 20. Each node defines its threshold
of tolerating misbehavior concerning each of its neighbors. A comparison between different methods is mentioned in
Table 1. Despite several methods proposed for addressing the challenges raised by selfish nodes, some challenges are still
present. Some of them are energy efficiency, the capability to work with high mobility nodes, quick detection of selfish
nodes, identifying the reasons for selfish behavior and so forth. A modified data-driven zone routing protocol (DD-ZRP)
is proposed in Reference 30 where outlines are identified in each zone based on data collected both at network and sub-
group levels. However, this does not work with another ad hoc network routing protocols, especially where nodes are not
clustered. Therefore the additional overhead of cluster-head selection is there. A similar problem is faced by Gomathy
et al.9and Pon et al.31 because that is also a cluster-based scheme. In Reference 32, a trust-based probabilistic malicious
node detection method is proposed where a periodically accessible trusted authority has to be deployed to pass judgment
on the behavior of suspicious nodes based on gathered routing evidence with self and coordinate monitoring. Authors
claim that it improves network throughput by 34% compared to previous methodologies. The main disadvantage of the
scheme is that it requires a central trusted body that will judge the forwarding activity of others. But this will happen
distributed nature of the system and communicating with the central body for every link breakage will incur huge time
and cost, which is not desirable. Also, there may be a bottleneck at the centralized trusted authority if nodes are highly
mobile and frequently move out of the boundary of their predecessor in between an ongoing communication session.33
The article in Reference 34 focuses on the fact that public key cryptography incurs huge overhead, especially in a
system of nodes with limited resources. A new incentive-based scheme is proposed by the authors where public key cryp-
tography is required only for forwarding the first data packet in a series of packets. For subsequent packets, a hash-based
mechanism is utilized to detect misbehavior. However, its results have been compared with only DSA and RSA both of
which are encryption-based methods. CASHNet35 (cooperation and accounting strategy for hybrid networks) is another
cryptography-based method where public key-based operations are required for both the transmitted data packet and
the acknowledgment packet because the source attaches it is digital signature to transmitted data packet and destina-
tion attaches its own signature to ACK so that selfish nodes are properly detected and credit improves for the selfless
forwarders.
A game theoretic approach is proposed in Reference 14 where selfish activity is detected particularly in IoT environ-
ment through a three-phase approach with its phases being—clustering, playing the multi-person games and detecting
selfish as well as malicious activity. Here the nodes are first clustered and subsequently the cluster-heads agree to play an
GHOSH . 5of24
infinite game of transmission and forwarding. “The process of cooperation is analyzed for determiningthe selfish or mali-
cious nodes which forwarded the data packets with delay or even not sent them. The other nodes reduce the reputation
of the nodes which do not cooperate with them, and they do not cooperate with the selfish and malicious nodes, as pun-
ishment. So, selfish and malicious nodes are stimulated to cooperate.” A DSR (dynamic source routing) based algorithm
is proposed in Reference 36 where data is transferred based on residual energy in nodes. The reason is that if a node is
already running short of battery power then it is bound to behave selfishly.
3DETAILS OF SVM-ECN
Section 3.1 has briefly described system architecture and methodology, whereas functionalities of individual modules
have been discussed in Section 3.3.
3.1 System architecture and proposed methodology
The first module in the block diagram of SVM-ECN is the message transmission-reception module, as shown in Figure 1.
It enables a node to generate and transmit messages or receive and forward messages. During transmission or forwarding,
ifthe intendednext-hop down link neighbor does not propagateacknowledgment ofits successorto itspredecessor within
a pre-specified time interval, then the transmitter/forwarder repeats the process at most three times. If still no response
is received, then a link breakage attack is probable. The link breakage attack detection module considers the current
velocity, current geographical location, and direction of movement of a node and considers whether a node can get out of
its predecessor’s radio range. If it can get out, then the benefit of the doubt is given to the allegedly selfish node. Otherwise,
its past behavior is analyzed, and the SVM-based classification module classifies the node as selfish or non-selfish. If the
node is detected as selfish, it is blacklisted by the blacklisting module. The information is propagated to all other nodes
in the network using the blacklist information propagation module. The modules in Figure 1are explained in detail in
Section 3.3. An architectural diagram is a diagram of the proposed scheme and it is represented in Figure 2.
3.2 Flowchart of SVM-ECN
Re-transmit is a variable that keeps track of the number of times one particular message is transmitted, and it can take
values 0, 1, and 2. When the value of re-transmit is less than 3, the message M is transmitted by nito njand then ni
waits for a predefined time duration (mentioned as pre-specified-duration in the flowchart) after which it increments
re-transmit by 1. If acknowledgment from njis received by niby that time then njcannot be detected as selfish and
the process of this detection comes to an end. Otherwise, the message is transmitted again by nito nj. Subsequently, ni
waits for pre-specified-duration once more, to get acknowledgment from njand the process repeats till retransmit <3. If
retransmit =3, then the distance between the current location of niand the predicted current location of nj(denoted as
(x1,y1) in the flowchart); prediction is done depending upon some recent previous locations of njas evident from cache
c1) is computed. If this distance is higher than R(i), then there is a high possibility that by the time nihastransmittedthe
message, njhas gone out of its radio range and therefore, should not be termed as selfish. On the other hand, if distance
<=R(i), then past forwarding of njis investigated and analyzed (which is stored in cache c2) using SVM-classifier, which
returns 1 if the node is identified as selfish by the SVM; otherwise it returns 0. If 1 is returned, then nigenerates a random
number between 0 and 5. If it is higher than 2, then nibroadcasts blacklist recommendation of njotherwise it marks the
status of njas temporarily suspended and waiting, to be blacklisted upon arrival of any such recommendation against nj
FIGURE 1 Block diagram of SVM-ECN.
6of24 GHOSH .
FIGURE 2 Flowchart of SVM-ECN.
from any node in the network. C-s is the cache other suspended node ids are stored. When a node njis suspended by ni,it
is not chosen again for any forwarding transmission in the future. However, nidoes not immediately broadcast blacklist
recommendations against it. Rather it waits for some other node to initiate.
3.3 Functionalities of modules
Section 3.3.1 has briefly described the message transmission or reception module, whereas the link breakage attack
detection module has been discussed in Section 3.3.2.
GHOSH . 7of24
3.3.1 Message transmission/reception module
The algorithm in this module shows the working principle of the message transmission/reception module (Algorithm 1).
It is based on the assumption that node niis the current sender, node njis the successor of node niwhereas node njis
supposedto forwardthe messageof node ni,tonodenk.Nodenisends themessage M to node njand node njis supposed to
propagate then to node nk. In return, node nksends an acknowledgment to node njwhich node njis supposed to forward
to node ni. Possible misbehavior is:
1. Node njdoes not acknowledge to node nithat it has received the message. In that case, node nisuspects that node nj
might have issued a link breakage attack.
2. Node njhas forwarded the message to node nkbut nkhas not sent any acknowledgement to it. Therefore, node nj
cannot forward an acknowledgment of node nkto node ni.Inthatcase,nodenjforwards the message to all other
neighbors, and if at least one of them acknowledges, then node njsends that acknowledgment to ni. On the other hand,
if node njis unable to produce any acknowledgment, then it might have issued a link breakage attack as perceived by
node ni, and much will depend on the past behavior of node nj.
3.3.2 Link breakage attack detection module
Each node contains a cache memory C1 which stores the history of the location of each neighbor in terms of xand ycoor-
dinates along with the corresponding timestamp. Location information may be acquired during transmission/reception
of actual data message and acknowledgment to data on HELLO and acknowledgment to HELLO message. These interac-
tions are often consecutive since after a node njentered into the radio-circle of node ni, it probably stayed there for some
time and had low relative velocity with node niand that’s why it was elected as the most intended down link neighbor.
Based on this information, the current x and y coordinates of node njare computed using Newton’s forward interpolation
formula, as below. Let xcoordinate of a node njbe denoted as x(j)and ycoordinate be denoted as y(j).Thenx(j)=f1(t)
and y(j)=f2(t)where f1andf2 are two functions that express dependence of location of njat time t. Assume that t0is the
timestamp at which x(j)takes the values f1(t0),f1(t0+h),f1(t0+2h),…, corresponding to different equispaced values
of x(j)with spacing hsuch as t0,t0+h,t0+2h,…, and so on. If the current timestamp at which link breakage attack is
allegedly being issued is t,thent0+ph =twhere tis some real number. Hence, p=(t−t0)∕h.
Therefore, according to Newton’s forward interpolation formula,
f1(t0+ph)=EPf1(t0)
that is, f1(t0+ph)=(1+Δ)
Pf1(t0)
that is, f1(t0+ph)=[1+PΔ+P(P−1)
2!Δ2+P(P−1)(P−2)
3!Δ3+···]f1(t0).
So,
f1(t0+ph)=f1(t0)+PΔf1(t0)+P(P−1)
2!Δ2f1(t0)
+P(P−1)(P−2)
3!Δ3f1(t0)+···+P(P−1)(P−2)…(P−n+1)
n!Δnf1(t0)+𝜀1,
where 𝜀1istermedasanerror.Thevalueofnis the required number of observations. It should be high enough so that
𝜀1 remains less than a pre-defined threshold value of three-err. Mathematically it is expressed as:
𝜀1<three-err,similarly,
f2(t0+ph)=f2(t0)+PΔf2(t0)+P(P−1)
2!Δ2f2(t0)
+P(P−1)(P−2)
3!Δ3f2(t0)+···+P(P−1)(P−2)…(P−n+1)
n!Δnf2(t0)+𝜀2,
8of24 GHOSH .
Algorithm 1. Algorithm for message transmission and receive
begin
flag = 0
rec=0
/* flag denotes the possibility of a link breakage attack. If it is zero, then it indicates no breakage of the link; otherwise, it is set to 1 if
one such attack is detected */
/* rec is set to 1 if the successor has properly received */
transmit-msg(ni,nj,M)
/* transmit-msg accepts three arguments- sender, receiver, and message */
wait(ni,𝜏)
/* wait function introduces delay. nihas to wait for time 𝜏before next transmission */
if(received-ack(nj))
no link breakage attack is issued by nj
else, begin
max-retrans-left = 2
/* maximum possible number of retransmissions left is 2 */
no-of-trans = 0
while(no-of-trans <max-retrans-left)
begin
if(received-ack(nj))
begin
rec=1
/* niis now assured that njhas received the message; hence it now waits for acknowledgment of a successor of nj*/
break
end
elseno-of-trans = no-of-trans + 1
/* number of transmissions is increased by 1 */
end
end
if(ni≠source (M))
begin
if(rec = 1)
begin
/* nihas received acknowledgment of njand now it is supposed to forward that to it is predecessor since niis not the source of M */
propagate-ack(ni, predes(ni),
acknowledgment(nj))
/* predes(ni) specifies predecessor node of niwhereas acknowledgment(nj) is the acknowledgment sent by nj*/
end
else, begin
/* acknowledgment of njhas not reached ni*/
for each np𝜖Di(t)
begin
/* transmit M to all downlink neighbors of niat time t */
transmit-msg(ni,np,M)
wait(ni,𝜏)
end
for each np𝜖Di(t)
begin
if(received-ack(np))
begin
propagate-ack(ni, predec(ni),
acknowledgment(nj))
/* acknowledgment has been received from npand immediately it is propagated to predecessor of ni*/
break;
/* stop searching for any more acknowledgments */
end
end
end
end
end
GHOSH . 9of24
where, 𝜀2<thres-err.
Hence, numerically estimated current location of njis (f1(t0+ph),f2(t0+ph)). Assuming (x(i),y(i)) be the current
location of ni, the possibility of a link breakage attack will be eliminated if condition (1)istrue.
{x(i)−f1(t0+ph)}2+{y(i)−f2(t0+ph)}2≥R(i),(1)
where R(i)is radio-range of ni. If condition (1) is true then it means that node njhas gone out of radio-range of node niand
therefore node nicannot expect it to do the forwarding. On the other hand, if condition (1) is false then node niassumes
that node njhas issued a link breakage attack. The algorithm of this module appears below (Algorithm 2):
Algorithm 2. Algorithm for link-breakage
Begin
link-break = 0
/* a flag variable initially set to 0. If a link breakage is detected then it is 1 */
x∣= new-forward-intr-lat(nj,C1)
/* new-forward-intr-lat is a function that consults cache C1 and predicts current-latitude of njbased on the record of it is
earlier latitudes */
y∣= new-forward-intr-long(nj,C1)
/* new-forward-intr-long is another function that consults cache C1 and predicts current-longitude of njbased on the
record of it is earlier longitudes */
distance = (x(i)−x∣)2+(y(i)−y∣)2
if(distance <R(i))
link-break = 1
end
3.3.3 SVM based classifier module
SVM-based classifier module of a node nianalyses earlier message-forwarding responses of its neighbors. It is activated
by the link-break variable produced by the previous module. The classifier consults with another cache C2ofnodeni.
This cache contains a description of the past behavior of each downlink neighbor node njin terms of several parameters
of interactions, current values of residual energy, energy depletion rate, velocity, the relative velocity with node ni.The
forwarding status (0 or 1; 0 specifies that the message was not forwarded in the current effort, whereas 1 specifies that
node njcooperated with node ni, and the message was transmitted in the current effort. The number of re-transmissions
required for the current transmission to be successful amount of energy and time invested by node niin the current
transmission. If the current transmission is not successful, it is set to 4; on the other hand, if it is successful, then it
contains values 0, 1 or 2 because at most 3 transmissions or two re-transmissions are allowed. The value of link-break in
the current session.
3.3.4 Theoretical description of the SVM
Support vector machine or SVM is a supervised machine learning algorithm that can be employed for classification and
regression purposes. Most commonly it is used for classification problems. Here it is a two-class problem that categorizes
whether a node is selfish or non-selfish. SVMs are based on the idea of finding a hyperplane that best divides a dataset
into two classes. Support vectors are the data points nearest to the hyperplane, the points of a data set that, if removed,
would alter the position of the dividing hyperplane. Intuitively, the further from the hyperplane the data points lie, the
more confident one can be that those points have been correctly classified. It is better if the data points lie as far away
from the hyperplane as possible, while still being on the correct side of it. So when new testing data is added, whatever
side of the hyperplane it lands, on will decide the class to be assigned to it.37
10 of 24 GHOSH .
3.3.5 Practical implementation details of SVM
In each node ni, there is a cache c2 which stores the past forwarding behavior of all nodes it has interacted with, in the
recentpast. Ineach nodenithere is a cache c2 whichstores the past forwarding behaviorof all nodes it has interacted with,
in the recent past. The attributes, of this information, are node-id, sus-black-frac, selfless-forward-frac, avg-returns-num,
avg-del, avg-dist, and avg-vel. node-id specifies the unique identifier of the node. sus-black-frac is the fraction of sessions
in which njis suspected to behave selfishly; selfless-forward-frac is the fraction of packet that it has selflessly forwarded,
the average number of re-transmissions required to get an acknowledgment from it; avg-del is the average delay to get an
acknowledgment; avg-dist is the average distance of the node from nion a per session basis; avg-vel is the average velocity
of the node nion a per session basis. For a session in which the link was not broken, avg-dist is set to (R(i) +1) and avg-vel
is set to (vmax +1) where vmax is the maximum possible velocity of any node in the network. Based on this, a cooperating
node will have low values for avg-returns-num and avg-del and high values for other features. The SVM is supposed to
divide this entire information into two classes, cooperating and non-cooperating.
This dataset is stored in a CSV file and divided into training and testing sets in the measurement of 80% and 20%.
We implemented SVM using C++ because ns-2 supports only two languages C++ and Octt. The package libsvm was
installed using vcpkg installer. While setting the SVM parameters, the first parameter is supposed to specify the type of
SVM which is 2 in the present case (because the problem is a 2-crars classification problem); the second parameter is
kernel type which we set to linear, subsequent three parameters are degree, gamma, and coefo which are set to 0 because
they are applicable for poly, polyln by and poly/sigmoid kernel only. SVM optimization parameter c is set to 10 which is
neither very high nor very low.38 This increases the tolerance of SVm optimizer and at the same time allows some degree
of freedom to if so that it can meet the best hyperplane. A maximum of 1000 iterations are allowed for each test sample.
svm CLASSIFIER IS RUN USING THE SVM →predict function on each test sample. The average testing accuracy that
we obtained in our system is 97.33% which is quite high.
The ability or intention to cooperate with the predecessor is predicted using SVM. There are two options to
work-incremental and online. The incremental mode of operation corresponds to the continuous population of the train-
ing set representing new evidence or new entries in the caches C1andC2. After each interaction, be it cooperation or
non-cooperation, some new information will continue to be added to the caches. Please note that SVM is a classifica-
tion technique that maps the data present in the neighbor table into higher dimensions to find a hyperplane. Tuples are
divided into two classes or groups where −1 indicates non-cooperative or selfish, and 1 indicates cooperative, as shown
in Figure 3.
Hence (xi,yi) for all i=1ton, are training data. yi𝜖{−1, +1}are class labels, wis the weight vector assigned to
individual observations and b is the threshold. (w.xi+b)denotes the prediction of the model corresponding to ith training
tuple whereas the actual value is yi. Large functional margin denotes that if yiis positive, (w.x+b)is a large positive
number and if yiis negative, (w.x+b)is a large negative number. Also, data points should not fall into the margin, that
is, if xi=1, w(xi+b)>1, and if xi=−1, w(xi+b)<1.
Combining these, we get, yi(wxi+b)≥1 for all is.t., 1 ≤i≤n.
Whenevera nodeis identifiedas selfish,it isblacklisted andthe informationis propagatedto neighbors. The algorithm
for the classification is presented below (Algorithm 3).
FIGURE 3 Support vector machine based cooperation determination.
GHOSH . 11 of 24
Algorithm 3. Algorithm for SVM-based classifier
begin
sel-fish = 0
if(link-break = 1)
begin
/* if link breakage is 1, then only the selfishness of a node can be detected */
sel-fish = SVM - classifier (nj,C2)
/* SVM - classifier is a function that consults its own C2 cache and identifies the tendency of a node njbased on its past
behavior. If it is found to be selfish, then the variable selfish is set to 1, else it is −1. */
if selfish = 1
begin
p = random(0.5)
if p <2
blacklist(nj)
else
if(nj)
suspected-blacklist(C-S, (nj))
end
In SVM-ECN, we have not considered complete exhaustion of the battery of a node in between a communication ses-
sion, because that cannot happen in our scheme. We have imposed the following restrictions by which it is implemented.
1. Each route request packet must contain a number of data packets to be transmitted in a communication session.
2. If a router, according to its own current energy and call arrival rate, finds that it is expected to remain alive till the
end of the session, then only it forwards the route reply. Otherwise, it does not. Therefore if a node has forwarded
route-reply, then it indicates the battery of the node is healthy enough to remain alive till the end of the session. The
following inequality specifies the constraint mathematically.
e(j)
{2m(s)
𝜏(s)+call −arr(j)}xkR𝜌(j)≥max(𝜏(s),∀v(j)
k′=1(𝜏(sk′)−𝜏′(sk′))),
where
𝜏(s)=t(d) t(s);
t(s) =timestamp of initiating route-request by source ns;
t(d) =timestamp of initiating route-reply by destination nd.
So, 𝜏(s)=time to send a data packet from source to destination through the selected path.
m(s) =total no. of data packets to be transmitted in the session.
In the average case, each packet needs to be transmitted twice (minimum once, maximum thrice) leading to a total (2
×m(s)) number of packets throughout the entire session.
So, additional call arrival rate is (2 ×m(s))/𝜏(s).
Assuming that previous call arrival rate is call-arr(j), total call arrival rate will be (2m(s)
𝜏(s)+call-arr(j)).
For each of those calls, assuming that the next hop downlink neighbor is at maximum distance, that is, R(j) and the
energy required to transmit a packet at that distance is kR𝜌(j)where kis the proportionality constant and p=2, 3, or 4
depending upon the medium of communication.
Therefore,
{2m(s)
𝜏(s)+call −arr(j)}xkR𝜌(j)amount of energy will be spent in unit time.
So, with residual energy e(j), the node njis expected to remain alive for the time e(j)
{2m(s)
𝜏(s)+call−arr(j)}xkR𝜌(j).
12 of 24 GHOSH .
This time duration should be higher than the expected time of completion of all existing sessions including the new
one. The new one is expected to be complete within 𝜏(s). For others, remaining time is (𝜏(sk′)−𝜏′(j,sk′))) where 𝜏′(j,sk′)
is time already spent by njon data transmission of session sk′.So,(𝜏(sk′)−𝜏′(j,sk′))) is the remaining time duration nj
should devote for session sk′. Therefore, njshould remain alive for the duration max(𝜏(s),∀v(j)
k′=1(𝜏(sk′)−𝜏′(sk′))).
Further, the hyper-parameters of SVM are also mentioned in Table 2.
3.3.6 Node blacklisting module
Nodeblacklisting module maintains a cache C3 which blacklists a node if the variableselfish isset to1. Blacklistingmeans
no forwarding requests from that node will be entertained, and it will not be assigned any responsibility of forwarding as
well. The node will remain isolated in the network. The algorithm for this particular module will be demonstrated below
(Algorithm 4):
Algorithm 4. Algorithm for node blacklisting
begin
nj.blacklist = 1
push(C3, nj)
end
C3 is a cache where the identifier of blacklisted nodes is stored. As soon as a node is blacklisted, the information is
propagated throughout the network without delay. After receiving such an intimation, the receiver checks to see whether
the alleged node has misbehaved with it as well. If the past behavior of the alleged node is good enough, then it is not
blacklisted by the receiver. Otherwise, if the past behavior was not good enough or there is no history of interaction
between those two nodes, then the receiver blacklists the node.
3.3.7 Blacklist information propagation module
Blacklist information is propagated throughout the network. Irrespective of whether a node blacklists, the alleged node
in its cache C3 forwards or propagates the information to all other neighbors. The algorithm of the proposed module
appears below (Algorithm 5).
TABLE 2 Hyper parameters of SVM.
Parameter Value
C1000.00
cache-Size 200
class-weight None
coef0 .0
decision−function−shape ′ovr′
degree 3
gamma ′auto−deprecated′
kernel ′rbf′
max-iter −1
probability False
random-state None
shrinking True
to l .001
verbose False
GHOSH . 13 of 24
Algorithm 5. Algorithm for black list info. propagate
begin
for each np𝜖Di(t)
/* npis a down-link neighbor of niat the current time. Di(t)is set of down-link neighbors at time t */
transmit-msg(ni,np, blacklist(nj))
/* blacklist(nj) is a recommendation that instructs all receivers to blacklist nj, unless it is cooperation is found from past
behavior */
end
The blacklist recommendation of a given node is forwarded only once. It may happen that the receiver does not imme-
diately blacklist but stores it in another cache C4 for proper behavior monitoring in subsequent interactions provided the
generator of the blacklist information is trustworthy. A node will be termed trustworthy if it has forwarded at least 70% of
the packets sent to it by the corresponding node. If the alleged node misbehaves later, it will be blacklisted. On the other
hand, if the generator of the blacklist recommendation is not trustworthy, then the recommendation is dropped.
4MATHEMATICAL MODEL OF SVM-ECN
This section demonstrates the mathematical model of blacklist recommendation communication of SVM-ECN in
Section 4.1 and the model of energy saving in Section 4.2.
4.1 Model of blacklist recommendation communication
Blacklist recommendation transmitted by a trustworthy node nifor neighbor nodes npreaches another njonly once.
Duplicate recommendations are always dropped.After receiving the recommendation of node nifor blacklisting node np,
if node niis not trustworthy enough to node njor there is no previous record of interaction between node njand node np,
then the recommendation of node niis dropped. Otherwise, it is taken seriously and the behavior of node npis monitored
for 𝜏(i,j,p)amount of time. The value of 𝜏(i,j,p)will be calculated later. If the behavior of node npduring that period has
been cooperation and no additional recommendation against node npdoes not come generated by some other node (other
than node ni), then the blacklist recommendation is ignored and node npis not blacklisted for the time being convincing
capability cj(i)of a node nito node njis formulated in (2).
ccj(i)=1
2𝜓j(i),(2)
where 𝜓j(i)is trust-worthiness of nito njas formulated in (3).
𝜓j(i)= packFor(i,j)
totPackForReq(i,j),(3)
where packFor(i,j)denotes the number of packets actually forwarded by node nifor node njand totPackForReq(i,j)indi-
cates the total number of message forwarding requests transmitted to node niby node nj.If𝜓j(i)>.7 then node niwill be
treatedastrustworthytonodenj.Let,mi(p)and mj(p)denote impression of node npin eyes of node niand node nj.Here
mi(p)=−1. Also assume that mj(p)new and mj(p)old are new and old values of mj(p)respectively. Then,
mj(p)new =mj(p)old +ccj(i)mi(p)+ccj(p)mj(p)old (4)
putting mi(p)=−1in(4), we get
mj(p)new =mj(p)old −ccj(i)+ccj(p)mj(p)old,
14 of 24 GHOSH .
or,mj(p)new −mj(p)old
mj(p)old =ccj(p)− ccj(i)
mj(p)old ,
dy
dt =ccj(p)−ccj(i)
y,
where y =mj(p)
dy
dt =mj(p)new−mj(p)old
mj(p)old =y(t+Δt)−y(t)
y(t).
𝜏(i,j,p)is the maximum amount of time that should be given for the transition of yfrom 1 to −1in(5).
∫−1
1
ydy
ccj(p)y−ccj(i)=∫t1+𝜏(i,j,p)
t1
dt.(5)
Multiplying both sides of (5)byccj(p),
∫−1
1
ccj(p)ydy
ccj(p)y−ccj(i)=ccj(p)[t]t1+𝜏(i,j,p)
t1
or, ∫−1
1dy +∫−1
1
ccj(i)dy
ccj(p)y−ccj(i)=ccj(p)𝜏(i,j,p)
or, [y]−1
1+∫−ccj(p)−ccj(i)
ccj(p)−ccj(i)
dz
2=ccj(p)𝜏(i,j,p)
or, −2+[lnz]−ccj(p)−ccj(i)
ccj(p)−ccj(i)=ccj(p)𝜏(i,j,p)
or
−2+lnccj(p)+ccj(i)−lnccj(p)−ccj(i)=ccj(p)𝜏(i,j,p)
or, 𝜏(i,j,p)=
−2+ln
ccj(p)+ccj(i)
ccj(p)−ccj(i)
ccj(p)
(6)
Therefore 𝜏(i,j,p)in (6) is the time by which reputation is expected to change from 1 to −1. At some time interval
between t1and (t1+T) where T <𝜏(i,j,p), let value of y will be 𝛽.Then𝛽can be computed using Newton Raphson method
as shown below.
[y]𝛽
1+∫ccj(p)𝛽−ccj(i)
ccj(p)−ccj(i)
dz
2=ccj(p)T,
or, (𝛽−1)+[lnz]ccj(p)𝛽−ccj(i)
ccj(p)−ccj(i)=ccj(p)T,
or, (𝛽−1)+ln
ccj(p)𝛽−ccj(i)
ccj(p)−ccj(i)−ccj(p)T=0,
or, 𝛽+ln
ccj(p)𝛽−ccj(i)
ccj(p)−ccj(i)−(1+ccj(p)T)=0,
or, 𝛽+lna𝛽−k−k′=0,
where, a =ccj(p)
ccj(p)−ccj(i),k=ccj(i)
ccj(p)−ccj(i)
and k′=1+ccj(p)T
GHOSH . 15 of 24
a𝛽−k=a𝛽−kif a𝛽>k
k−a𝛽otherwise,
or, 𝛽+lna𝛽−k=k′.
So, f(𝛽)=𝛽+lna𝛽−k-k′,
where 𝛽ranges from −1to1
f′(𝛽)=1+a
a𝛽−k,𝛽n+1=𝛽n−f(𝛽n)
f′(𝛽n)
𝛽0=1
2[-1 +1]=0.
So, 𝛽1=𝛽0-f(𝛽0)
f′(𝛽0)=0-ln(k)−k′
1+a
k
𝛽1=k(k′−ln(k))
(a+k).(7)
So, 𝛽2=𝛽1-f(𝛽1)
f′(𝛽1)
or, 𝛽2=𝛽1−𝛽1+lna𝛽1−k−k′
1+a
a𝛽1−k
,
where 𝛽1is computed in (7).
Continuing like this, we will compute upto 𝛽nwhere (𝛽n-𝛽n−1)<.001. This value of 𝛽nwill determine the root of the
equation and value of mj(p)at a given point in time. If (1−mj(p)) <(mj(p)−1),thenmj(p)issetto1;elseitissetto−1.
When mj(p)is set to −1, it is blacklisted.
4.2 Model of energy saving
Whenever a node npmisbehaves to ni, it is recommended by nito be blacklisted throughout the network. Assuming H to
be the maximum possible hop count and 𝛼to be an average number of down link neighbors, the total number of broadcast
messages BM that will be transmitted is given by (8) and supported by the tree-structure of Figure 4.
BM =𝛼+𝛼2+𝛼3+···+𝛼H,
that is, BM =𝛼H+1−1
𝛼−1−1.(8)
Many of these messages will be forwarded in parallel; however, if we assume the worst case, that is, when each message
is sent in serial order, then the maximum amount of time MAXTM is as in (9).
FIGURE 4 Tree structure of broadcast communication.
16 of 24 GHOSH .
MAXTM =BM ×𝜏(Rmax),(9)
where 𝜏(Rmax)is the time that any node will require to transmit/forward a message at a distance Rmax where Rmax is the
maximum possible radio range of the network.
Similarly energy MAXEN invested by nifor network-wide blacklisting of np,isgivenby(10).
MAX −EN =BM ×𝜌(Rmax),(10)
𝜌(Rmax) is energy invested by any node to transmit∕forward a message at distance Rmax.
This will lead to the blacklisting of npto all nodes in the network that trust ni. Assume that 𝜙(i)is the set of
nodes that trust ni. Then energy and time utilization of niare represented by EU(i)and TU(i)and defined by (11)
and (12).
EU(i)= MAX −EN
N×𝜙(i).(11)
Similarly,TU(i)= MAX −TM
N×𝜙(i),(12)
where Nis the set of all nodes in the network.
Therefore EW(i) and TW(i) indicate energy and time wasted by node niin the process of blacklist recommendation
propagation, where,
EW(i)=MAX −EN −EU(i),TW(i)=MAX −TM −TU(i).
For better utilization of energy and time (that is, minimum wastage of these resources), node nishould cooperate with
others as much as possible; only then its complaints will be treated with importance by others. Similarly, if node np
wants to avoid its network-wide blacklisting, then it will have to cooperate with all those 𝜙(i)number of nodes that trust
recommendations of node ni. But since node npdoes not know which nodes in the network trust node ni,itwillhaveto
cooperate with all possible nodes in the network for some time tmax where,
tmax =∀
ni,nj,np𝜖NMAX(𝜏(i,j,p)).
Approximate energy AE(P) required by npfor this is in (13).
AE(P)={tmax ×callarr(p)×𝜌(Ravg)},(13)
where callarr(p)is call arrival rate at node np, that is, number of calls that arrive at npper unit time. Ravg is the average
radio-range in the network formulated below.
Ravg =Rmax +Rmin
2,
where Rmin and Rmax are minimum and maximum possible radio-ranges in the network. Similarly, approximate time,
AT(P), will have to be invested by npas in (14).
AT(P)={tmax ×callarr(p)×𝜏(Ravg )}.(14)
The formulation (14) is based on the practical consideration that each message has to be forwarded separately; no two
forwarding requests can be simultaneously satisfied.
This establishes that even if a node may decide not to cooperate with some other. However, to avoid black-
listing, it will have to spend significant energy and time by vigorously forwarding messages of others, as shown
in Figure 5.
GHOSH . 17 of 24
FIGURE 5 Relation between EW and EU, TW and TU.
4.3 Complexity analysis of SVM-ECN and competitor
In this subsection, we compute the complexity analysis of SVM-ECN in Section 4.3.1 and compare it with the same of it
is competitors in Section 4.3.2.
4.3.1 Complexity analysis of SVM-ECN
Assuming that the cache of C2 is CS, the time complexity of SVM-ECN is given by O(CS ×6)39 that is, O(CS). Hence 6 is
the number of features based on which from class classification is performed. Similarly, if we consider space complexity
then that is also O(CS) since at most CS number of entries can be incorporated in the cache.
4.3.2 Complexity analysis of competitors
In this article, various complexity analyses of routing protocols available on ad hoc networks are simulated, and vari-
ous performance parameters such as PDR, delay, and throughput are studied under different load conditions and using
different mobility patterns.
4.3.3 Watchdog based methods
In watchdog-based methods, for each pair of communicating nodes, a watchdog has to be assigned to monitor commu-
nication within that link. So, required number of watchdog is O(nc2),thatisO(n2). So time complexity of the watchdog
method is O(n2).
4.3.4 Cluster based methods
The complexity here involves the complexity of selecting the cluster head and subsequently engaging the cluster head for
monitoring the forwarding activities of nodes. If the cluster is 1-hop, then the optimum number of down link neighbors
is 10.40 So, the number of clusters is (n/10). So, the time complexity of the cluster-based method is O(n).
4.3.5 Trusted body-based methods
Suppose in a network of nnodes, there are ktrusted bodies. So, the number of untrusted bodies is (n−k). Hence, the
number of trusted bodies that would have been required to monitor (n−k)nodesis(n−k)C2.
In the ideal case,
n−kC2=k.
So, (n−k)(n−k−1)
2=k
or, (n−k)2−n+k=2k
18 of 24 GHOSH .
or, (n−k)2−n−k=0
or, n2+k2−2nk −n−k=0
or, k2−k(2n+1)+(n2−n)=0.
So, k =(2n+1)±(2n+1)2−4(n2−n)
2
=(2n+1)±4n2+4n+1−4n2+4n
2
=(2n+1)±8n+1
2
=(2n+1)+8n+1
2(because k>0).
So, kis O(n).
Hence time complexity of trusted body-based methods, in general, is O(n).
4.3.6 Cryptography based methods
Thetime complexityof acryptography-basedmethod isO(m′)where m′is the size of each packetin bytes.Cryptography
techniques hide the destination address of packets so that selfish nodes cannot take selective decisions to drop packets.
But a malicious node may decide to drop all data packets that were forwarded to it. In that case, cryptography methods
will not come out effective, compared to SVM-ECN.
4.3.7 Game theory based methods
In the GTM time complexity of a method is the time complexity of the calculation of gain associated with a forwarding
or packet drop decision. This complexity is O(1). Although the concept is suitable for only selfish nodes, it is not suitable
to defend the network against malicious ones who can sacrifice a bit of gain to cause harm to others. One game theoretic
approach is proposed in Reference 41 which uses two acknowledgments to identify the phenomenon of dropped packets.
However, this is applicable only in the case when at most two routers can be there in a communication path. But in
general, in ad hoc networks, the number of hops H is greater than 2. So, the applicability of these methods is much lesser
than SVM-ECN.
5SIMULATION RESULTS
Simulation is performed using NS-2 simulator version 2.35. The various simulation runs with specifications mentioned in
Table 3. In these simulation runs, mainly observations are done on two types of attacks—link breakage and deliberately
delaying the traffic. The results have illustrated in the next subsection.
TABLE 3 An example of a table.
Parameter Specification
Network size 2000 ×2000 m2
Number of nodes 200–1000
Number of selfish nodes 0–300
Radio-range of node 15–100 m
Velocity of nodes 0–25 m/s
Interval between two consecutive HELLO packets 1s
Packet size 512 Bytes
Channel bandwidth 2 Mbps
GHOSH . 19 of 24
FIGURE 6 ns-2 based selfish node detection.
Below we present a screen-shot of our simulation as shown in Figure 6. In this screenshot of ns-2-based selfish node
detection where red colored nodes are detected as selfish. One particular communication session is ongoing with source
and destination nodes marked in blue and routers in black.
5.1 Illustration of results
Normalnodes in MANETsbehavesupportivewithoutconsidering theremainingenergy inthe storage, whileselfish nodes
unfold their selfishness whenever it lacks energy during network operations. In order to examine how much energy could
be saved by selfish behaviors, the following comparison experiments are conducted. In the experiments, there are sender,
receiver, and 10 intermediate nodes deployed. The simulation time is set as 100 s. Two sets of simulations are executed.
In the first set, all intermediate nodes are set as normal nodes, while in the second one, the nodes are set as selfish ones.
Considering a fair comparison, we compare the same nodes from each simulation because they have the same settings
except for selfishness.
A total of five simulation runs have been conducted. The routing protocol that is considered is AODV. Each node
decides its immediate successor in the communication path and takes forwarding decisions based on several competitors
or SVM-ECN in the domain, like the TBUT and the GTM. Performance metrics are:
1. CDA—Percentage of attacks that could be successfully identified.
2. Avoidance of attackers in data communication (AADC)—Percentage of occasions where attacking nodes were
successfully avoided in paths of data communication.
3. Route-request transmission by attackers (RRTA)—Number of route-request packets generated by attackers; that could
be broadcast throughout the networks, that is, up to H hops.
4. PDR—Percentage of data packets that could be successfully delivered to their respective destinations.
5. ADDDP specifies the average delay of delivering a data packet to the destination.
6. ALNN—Total residual energy of all nodes divided by the number of nodes.
The percentage of the selfish nodes used in the simulation gradually reaches from 0% (without selfish node) to 45% of
the total nodes. It means that when some nodes’ energy level reduces, they will change to selfish nodes. When the nodes
forward the data packets, they lose energy, and the number of such nodes grows in the network. At first, there is no selfish
node, then the percentage of the selfish nodes is 0% of all nodes. The nodes start to collect the data and forward them to
the destination, they use energy power, and some of them change their status to the selfish nodes.
Figures 7–12 shows graphical illustration of all these metrices. TBUT applies neighbors of a node to watch its behavior
and identify selfish as well as malicious nodes. But if none of the neighbors has that particular node to investigate within
their radio range, then it will be impossible to observe the behavior of the node. On the other hand, as soon as a token is
issued to a malicious node, apparently pretending to be a good one, it gets a license to actively stay in the network for a
specific period, with just one cooperation activity. This means one message forwarding and license to misbehave multiple
20 of 24 GHOSH .
FIGURE 7 CDA with respect to different no. of nodes.
FIGURE 8 AADC with respect to different no. of nodes.
FIGURE 9 RRTA with respect to different no. of nodes.
GHOSH . 21 of 24
FIGURE 10 PDR with respect to different no. of nodes.
FIGURE 11 ADDDP with respect to different no. of nodes.
FIGURE 12 ALNN with respect to different no. of nodes.
22 of 24 GHOSH .
TABLE 4 Different metrics of the proposed methods in comparison with other methods.
Percentage of improvements CDA AADC RRTA ADDDP ALNN PDR
SVM-ECN over TBUT in % 19% 27% 5% 12% 6% 24%
SVM-ECN over GTM in % 22.54% 46% 6% 17% 7% 25%
times. Therefore, it makes the identification of malicious nodes difficult, and also, there is no provision for blacklisting
network-wide.The advantageof network-widepropagationof blacklist recommendations is that other nodes can bemade
alert about misbehaviors of specific nodes which may be affected shortly. Blacklisting is required so that all receivers
who trust the recommender can be saved from the probable malicious effects of the alleged node. The strategy of ATM is
dependent on game theory, and it encourages nodes to maximize their reputation through selflessly forwarding packets of
others.But thisdoes notdetect maliciousnodes becausethey do not care about reputation. They just wantto maximize the
damage caused to the network. Causing damage to the network is possible only if they can remain active in the network,
and remaining active in the network can be stopped if it is blacklisted network-wide, which is done in SVM-ECN. For
this, SVM-ECN produces the highest detection of attacks as shown in Figure 11. Since a huge number of attackers are
detected, they are specifically avoided in established data communication paths. During route selection, protocols try not
to include them, as far as possible, in the optimal path(s). Hence, AADC is maximum in SVM-ECN compared to others,
asshowninFigure8.
SVM-ECN encourages protocols to avoid blacklisted nodes, as much as possible, in live communication paths, and
therefore, their chance of issuing link breakage attacks becomes minimum. They do not get any data packet to silently
drop or deliberately delay or route through some other wrong path. A decrease in the number of link breakages will
obviouslyreduce the numberof route-requestpacketsthatwould havetobe injected intothe network. Otherwise,to repair
the broken link from the predecessor of the malicious node and the malicious node itself. Reduction in route-request
packets Figure 9implies a reduction in the forwarding load of almost all nodes in the network. A lesser load means
lesser energy consumption and longer life for nodes in general. This again reduces link breakage occurring due to battery
exhaustion of nodes and decreases the number of attack detection requirements. A lesser number of route requests in
the network eliminates a vast number of signal collisions. As a result, SVM-ECN produces a huge PDR as specified by
Figure 10.Figure7is concerned with the average time delay of delivering a data packet to its intended destination. In
SVM-ECN, the time to finish a communication session is much lesser because the number of link breakages and several
route requests to repair those broken links is much lesser. Therefore the time required to complete one communication
sessionis significantly smallerin SVM-ECN. Different metricsof the proposedmethods in comparisonwith other methods
are mentioned in Table 4. Due to the proposed method, identifying the selfish and malicious nodes checks further energy
consumption and reduces energy consumption. The CDA which is the percentage of attacks for SVM-ECN over TBUT at
19% and SVM-ECN over GMT at 22.54%. Also, AADC which is the percentage of occasions is SVM-ECN over TBUT in
27% and SVM-ECN over GMT in 46%. Similarly, in connection with PDR, ADDDP, RRTA, and ALNN is the percentage
of SVM-ECN over TBUT and SVM-ECN over GMT, reflected in Table 4.
6CONCLUSION AND FUTURE SCOPE
In this proposed SVM-ECN method, the SVM classifier categorized all nodes in the networks as cooperative or
non-cooperative. The non-cooperative nodes may be either selfish or malicious. In both cases, they are blacklisted
throughout the network through the blacklist recommendation propagation method. Accepting this alert message to a
receiver depends upon the trustworthiness of the initiator or transmitter. Therefore, the past behavior of a node indi-
cates its acceptance and reliability to others. So, malicious nodes cannot just recommend anything about anybody, and
to effectively blacklist a list, the recommendation first needs to prove itself as trustworthy. This means a license to mali-
cious activity is not just a token but consistently cooperative past behavior. But recommending bad about anything will
consume energy.At the same time, innocent nodes will be able to escape because of their spontaneous behavior. In that
case, energy invested by dishonest blacklist recommender will be wasted, and at the same time, it will not be able to do
anything terrible to the network. The proposed SVM-ECN is much more efficient than its competitors because here dis-
honest nodes are identified, blacklisted, and isolated from other nodes in the network with great accuracy, precision, and
GHOSH . 23 of 24
recall. Also, the intelligent mechanism proposed here hinders them from eating up the energies of nodes in the network
in most cases, as result, packet delivery increases and delay decreases.
The present article aims at the detection of link breakage attacks using SVM. However, there are other kinds of attacks
as well that may be issued in ad hoc network environments. There may be the existence of intruders; also a huge number
of unnecessary route-request messages may be injected into the network to consume the battery power of other net-
work elements. Important data packets may be diverted from their intended paths or their embedded messages may be
overheard in between their transmissions and reception in each hop. Among many such problems, we intend to take
up intrusion detection in an ad hoc network environment in our next research effort, where the problem will be solved
using machine learning techniques. In the future, we can apply different SVM models for more accuracy and decreased
mathematical computation. We also have to concentrate on different types of attacks like a wormhole and so forth and
then compare the SVM-ECN with other prevention techniques. Further, the present study may also be extended for its
investigation arrangement and proper benchmark implementation.
DATA AVAILABILITY STATEMENT
The data that support the findings of this study are available on request from the corresponding author. The data are not
publicly available due to privacy or ethical restrictions.
REFERENCES
1. KarlssonJ, Dooley LS, Pulkkis G. Secureroutingfor MANET connected Internet of Things systems. 2018IEEE6thInternational Conference
on Future Internet of Things and Cloud (FiCloud). IEEE; 2018:114-119.
2. Quy VK, Ban NT, Nam VH, Tuan DM, Han ND. Survey of recent routing metrics and protocols for mobile ad-hoc networks. J Commun.
2019;14(2):110-120.
3. Trivedi R, Khanpara P. Robust and secure routing protocols for MANET-based Internet of Things systems—a survey. In: Singh KK,
Nayyar A, Tanwar S, Abouhawwash M, eds. Emergence of Cyber Physical System and IoT in Smart Automation and Robotics. Springer;
2021:175-188.
4. Wang L, Wang H. Algorithm analysis of ad hoc network driver routing protocol for Internet of Things. In: Atiquzzaman M, Yen N, Xu Z,
eds. 2021 International Conference on Big Data Analytics for Cyber-Physical System in Smart City. Springer; 2022:869-876.
5. Alameri I. MANETs and Internet of Things: the development of a data routing algorithm. Eng Technol Appl Sci Res. 2018;8(1):2604-2608.
6. Mohamed HE-D, Azmi H, Taha S. Using MANET in IoT healthcare applications: a survey. Int J Comput Digit Syst. 2021;13:1-15.
7. Sufian A, Banerjee A, Dutta P. Energy and velocity based tree multicast routing in mobile ad-hoc networks. Wirel Pers Commun.
2019;107(4):2191-2209.
8. Ghosh S, Banerjee A, Sufian A, Gupta SK. Autoregressive moving average based anycast with support vector machine clustering in mobile
ad-hoc networks. Trans Emerg Telecommun Technol. 2021;33:e4432.
9. Gomathy V, Padhy N, Samanta D, Sivaram M, Jain V, Amiri IS. Malicious node detection using heterogeneous cluster based secure routing
protocol (HCBS) in wireless adhoc sensor networks. J Ambient Intell Humaniz Comput. 2020;11:4995-5001.
10. Yousefpoor MS, Yousefpoor E, Barati H, Barati A, Movaghar A, Hosseinzadeh M. Secure data aggregation methods and countermeasures
against various attacks in wireless sensor networks: a comprehensive review. J Netw Comput Appl. 2021;190:103118.
11. Long C, Zhang Q, Li B, Yang H, Guan X. Non-cooperative power control for wireless ad hoc networks with repeated games. IEEE J Sel
Areas Commun. 2007;25(6):1101-1112.
12. Song C, Zhang Q. OMH—suppressing selfish behavior in ad hoc networks with one more hop. Mob Netw Appl. 2009;14(2):178-187.
13. Kargl F, Klenk A, Schlott S, Weber M. Advanced detection of selfish or malicious nodes in ad hoc networks. Proceedings of ISES 2020;2020.
14. Nobahary S, Garakani HG, Khademzadeh A, Rahmani AM. Selfish node detection based on hierarchical game theory in IoT. EURASIP
J Wirel Commun Netw. 2019;2019:255.
15. Mangayarkarasi R, Manikandan DR. Cost effective collaborative anomaly detection system for selfish node attacks in MANET. JCritRev.
2020;7:148-154.
16. Folayo Aina SY, Osanaiye O. Bandwidth estimation for admission control in MANET: review and conceptual MANET admission control
framework. In: Arai K, Bhatia R, Kapoor S, eds. 2018 In Book: Proceedings of the Future Technologies Conference (FTC). Vol 2. Springer;
2018:651-671.
17. Jim LE, Gregory MA. Improvised MANET selfish node detection using artificial immune system based decision tree. 2019 29th
International Telecommunication Networks and Applications Conference (ITNAC). IEEE; 2019:1-6.
18. Michiardi P, Molva R. Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In:
Jerman-Blaži
cB,Klobu
car T, eds. Advanced Communications and Multimedia Security. Vol 100. Springer; 2002:107-121.
19. Buchegger S, Boudec JYL. Performance analysis of the confidant protocol. Proceedings of the 3rd ACM International Symposium on Mobile
Ad Hoc Networking and Computing. ACM; 2002:226-236.
20. Karakostas G, Markou E. Emergency connectivity in ad-hoc networks with selfish nodes. In: Laber ES, Bornstein C, Nogueira LT, Faria L,
eds. LATIN 2008: Theoretical Informatics. Lecture Notes in Computer Science Book Series (LNCS). Vol 4957. Springer; 2008:350-361.
24 of 24 GHOSH .
21. Mir ZH, Ko Y. Adaptive neighbor-based topology control protocol for wireless multi-hop networks. EURASIP J Wirel Commun Netw.
2012;2012:97.
22. Gui J, Liu A. A new distributed topology control algorithm based on optimization of delay and energy in wireless networks. J Parallel
Distrib Comput. 2012;72:1032-1044.
23. Tan L, Wu M. Data reduction in wireless sensor networks: a hierarchical LMS prediction approach. IEEE Sens J. 2016;16:1708-1715.
24. Shang D, Zhang B, Yao Z, Li C. An energy efficient localized topology control algorithm for wireless multihop networks. J Commun Netw.
2014;16:371-377.
25. Ghosh S, Banerjee A. Arma model based anycast AODV (ARMA-AAODV) for performance improvement in scalable mobile ad hoc
networks. Int J Wirel Inf Netw. 2021;28:199-216.
26. Arora DKK, Jain DKV. A study on attacks in mobile ad-hoc networks. J Netw Comput Appl. 2020;29:279-289.
27. CaiRJ, Li XJ, Chong PHJ.An evolutionary self-cooperative trust scheme againstroutingdisruptions in MANETs. IEEE TransMobComput.
2018;18(1):42-55.
28. Banerjee A, Dutta P, Ghosh S. Experience based energy efficient reactive routing protocol (EXERP) for mobile ad-hoc networks. Arab J Sci
Eng. 2014;39:891-901.
29. Dhurandher S, Misra S, Obaidat MS, Bansal V, Singh PR, Punia V. Eeaodr: an energy ficient ad hoc on-demand routing protocol for mobile
ad hoc networks. Int J Commun Syst. 2009;22(7):111337-111350.
30. Chugh N, Tomar GS, Bhadoria RS, Saxena N. A novel anomaly behavior detection scheme for mobile ad hoc networks. Electronics.
2021;10:1635.
31. Pon KA, Yamini J, Stephy KS, Ravi V. Improving routing disruption attack detection in MANETs using efficient trust establishment. Trans
Emerg Telecommun Technol. 2022;33:e4446.
32. Kotteeswaran C, Patra I, Nagaraju R, et al. Autonomous detection of malevolent nodes using secure heterogeneous cluster protocol.
Comput Electr Eng. 2022;100:107902.
33. Shao T, Chowdhury D, Gill SS, Buyya R. IoT-Pi: a machine learning-based lightweight framework for cost-effective distributed computing
using IoT. Internet Technol Lett. 2022;5(3):e355. doi:10.1002/itl2.355
34. Mahmoud ME, Shen X. Secure cooperation incentive scheme with limited use of public key cryptography for multi-hop wireless network.
Proceedings of the IEEE GlobeCom. IEEE; 2010:1-5.
35. Weyland A, Braun T. Cashnet—cooperation and accounting strategy for hybrid networks. 2nd Workshop on Modeling and Optimization
in Mobile, Ad Hoc and Wireless Networks; 2004:423-424.
36. Vij A, Sharma V, Nand P. Selfish node detection using game theory in MANET. 2018 International Conference on Advances in Computing,
Communication Control and Networking (ICACCCN). IEEE; 2018:104-109. doi:10.1109/ICACCCN.2018.8748632
37. Wang L. Support Vector Machines: Theory and Applications. Studies in Fuzziness and Soft Computing. Vol 177. Springer; 2005.
38. Dutt S, Chandramouli S, Das AK. Machine Learning. Pearson; 2018.
39. Joachims T. Training Linear SVMs in Linear Time. Cornell University; 2000.
40. Tarique M, Islam R. Optimum neighbors for resource-constrained mobile ad hoc networks. Int J Ad Hoc Sens Ubiquitous Comput.
2021;12:1-14.
41. Khan B, Anwar F, Olanrewaju R, Mir RN. A game theory-based strategic approach to ensure reliable data transmission with optimized
network operations in futuristic mobile adhoc networks. IEEE Access. 2000;8:124097-124109.
How to cite this article: Ghosh S, Banerjee A, Sufian A, Gupta SK, Alsamhi SH, Saif A. Efficient selfish node
detection using SVM in IoT-MANET environment. Trans Emerging Tel Tech. 2023;e4858. doi: 10.1002/ett.4858
A preview of this full-text is provided by Wiley.
Content available from Transactions on Emerging Telecommunications Technologies
This content is subject to copyright. Terms and conditions apply.
