AbstractThis paper is concerned with fully distributed

reputation-based mechanisms that improve security in MANETS.

We introduce a number of optimisations to the current
reputation schemes used in MANETs such as selective deviation
tests and adaptive expiration timer that aim to deal with
congestion and quick reputation convergence. We propose to use
two different centrality measures for evaluation of the individual
trust claims and resolving the aggregated ones. We design and
build our prototype over AODV and test it in NS-2 in the
presence of variable active blackhole attacks in highly mobile and
sparse networks. Our results show that we achieve increased
throughput while delay and jitter decrease and converge to
AODV.
Keywords: MANET, reputation, trust, routing
I. INTRODUCTION
There has been a proliferation of interest in ad hoc network
security that due to potentially high mobility of nodes and lack
of common infrastructure render conventional security
solutions dysfunctional due to their dependence on centralized
authority. A wide range of fully distributed reputation-based
security protocols for ad hoc networks have been proposed but
usually tested in relatively low mobility or even semi static
scenarios (i.e. long pause time between node movement and
slow node speed [3][4][16]).
This paper is concerned with the design, implementation
and evaluation of a reputation-based self organized protocol
that is specifically targeted for highly mobile and sparse
environments. Our protocol follows and extends distributed
reputation guidelines proposed in [1]. We identify and use
degree centrality in order to fully exploit different influences of
nodes. Eigenvector centrality measure was also integrated in
the framework in order to improve on the reputation
convergence and faster isolation of malicious nodes.
EigentTrust was incorporated in our protocol to calculate a
global consistent reputation measure between heterogeneous
nodes. We incorporate our distributed reputation protocol
within AODV and perform extensive simulations using a
number of scenarios characterized by high node mobility
(speed 20 m/s), short pause time (1 second) and highly sparse
network in order to evaluate each of the design choices of our
system. We focus on a single and multiple blackhole attacks [2]
but our design principles and results are applicable to a wider
range of attacks such as grayhole, flooding attacks. Our
implementation of blackholes comprises active routing
misbehaviour and forwarding misbehaviour. The rest of the
paper is organised as follows. Section 2 gives brief review of
the related work. Section 3 describes our proposed protocol.
Section 4 gives our results and Section 5 concludes and
identifies future work.
II. RELATED WORK
Distributed reputation has been used in both MANETs and
P2P environments. CORE COllaborative REputation
mechanism in MANET [6] proposed a watchdog for
monitoring and isolating selfish nodes based on a subjective,
indirect and functional reputation. CONFIDENT [7] proposed
using an adaptive Bayesian reputation and trust system where
nodes monitor their neighbourhood and detect several kinds of
misbehaviour. SCAN [4] proposed a network layer security
protocol that relies on collaborative localised voting to convict
malicious nodes and using asymmetric cryptography to protect
the token of normal nodes. Each node is required to have
In the peer-to-Peer file-sharing networks, reputation has
been used to reflect the ratings of different users and distributed
Eigen-Vector has been proposed to calculate trust in a
distributed Peer-to-Peer environment. [8] proposed EigenTrust
algorithm that assigned each peer a unique global trust value,
based on the peers history of uploads. EigenTrust used 1 or -1
to represent users satisfaction or dissatisfaction about the
download transaction respectively. In our model, nodes
reputation is classified to not only good or bad but we classify
nodes into multiple zone that enable higher details and better
decision making depending on the required services such as
packet forward or topology discovery as described in section
III. Other researches attempted to provide routing layer
solutions to blackhole attacks, with techniques to identify and
isolate these nodes as in [9] [10]. Ref. [9] proposed that a node
communicates with one extra node to check whether the route
from the intermediate node to the destination node exists or not,
while [10] considered static sensor networks which are not
similar to MANET conditions. Ref. [11] proposed a solution to
collaborative blackhole attack using next hop information
validation but showed no results or detailed analysis. Ref. [17]
discusses centrality for disconnected and delay tolerant
networks, where some bridge nodes are identified based on
their betweenness centrality and locally determined social
similarity to the destination node in order to forward
information to that destination. [18] presents a Cooperative
Incentive Mechanism based on Game Theory in order to
identify and exclude selfish nodes. Each node attempts to
maximize its utility function by using game theory to model the
Ad hoc network relaying game, which ensures that the payoff
is higher than the node own cost to cooperate.
Reputation-Based Security Protocol for MANETs in
Highly Mobile Disconnection-Prone Environments
Sameh R. Zakhary
School of Computer Science & IT
University of Nottingham
Nottingham, NG8 1BB, UK
email: itxsraz@nottingham.ac.uk

Milena Radenkovic
School of Computer Science & IT
University of Nottingham
Nottingham, NG8 1BB, UK
email: mvr@cs.nott.ac.uk

IEEE/IFIP WONS 2011 - The Seventh International Conference on Wireless On-demand Network Systems and Services
978-1-4244-6061-8/10/$26.00 2011 IEEE 161
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.


A lot of emerging research [17][19][20] attempt to use
social theory to address routing/forwarding in opportunistic
networks. We attempt in this paper to analyze the impact of
using such social parameters to help building a reputation
system in such challenged environments.
In this paper, we employ a more aggressive blackhole
attacks where the malicious node is not only silently dropping
the data packets, but also attacking the routing layer. [11] [4]
[7] were only concerned with a passive blackhole where the
blackhole would only drop the traffic that is sent to it as part of
the normal topology discovery (no routing malicious
behaviour). In our paper we deal with more aggressive routing
level attack, in which a blackhole would actively reply to
topology discovery requests and advertise itself as an attractive
route (i.e. advertise itself as having the shortest number of hops
to destination, and the highest AODV sequence number than
any other RREP to indicate freshness of the route) to any
destination(s). This doesnt only cause the malicious nodes to
intercept and drop the data packets but also to disrupt
communication needed between other good nodes to propagate
reputation information necessary for reputation convergence in
MANET.
III. OUR REPUTATION-BASED FULLY
DISTRIBUTED PROTOCOL FOR HIGHLY MOBILE AND
SPARSE MANETS
A. Functional Overview
Our reputation based protocol integrates four main features
of distributed reputation systems proposed in [1] and shows
how they can be extended by utilising different kinds of
centrality of nodes even in highly mobile and disconnection-
prone scenarios. Each node in a MANET collects reputation
information, through direct observation of its neighbours
(subjective observation) and gathers indirect (second hand)
reputations from other nods. In addition to using historical
observations, our protocol uses reputation discounting to ensure
that old reputations will fade away giving more chance for
nodes to reclaim their reputation by consistently behaving in a
cooperative manner. We use secondary response to retaliate
against any neighbour who originally had a bad reputation that
then got reclaimed, if this neighbour shows early signs of
misbehaver afterwards, to avoid reputation discounting firing-
back. We employ reputation noise detection and cancellation,
deviation test and secondary response that are specifically
tailored for our highly challenged environment in order to
increase the accuracy and reliability of the reputation resolution
We consider two kinds of Centrality: Eigen vector and
degree centrality in order to elect the most influential nodes to
assist in the role of helping other nodes to build their trust into
other less popular nodes in the network and act as community
leaders. Nodes with higher centrality have higher probability of
getting in contact with many other nodes than nodes with low
centrality. We identify the nodes that have both high centrality
and high reputation as preferred sources for indirect reputation.
This becomes even more important in high-mobility and sparse
networks, as nodes often have few connections if any- at any
point in time, these connections are frequently changing which
causes more uncertainty. In our system, we used the degree
centrality to inform the reputation aggregation module to
provide higher weights for highly central nodes. This has lead
to fast reputation convergence due to the incorporation of high
quality data from more central node and emphasizing on the
importance of these nodes opinion about other nodes in the
network. Nodes with higher centrality and higher reputation are
prime nodes to give highly trusted opinions about other nodes
in MANET in a self-organized manner. We use centrality of
ego networks for each node to obtain localized view of its
neighbourhood to allow fast reputation convergence and
subsequently higher throughput
Figure 1 shows an example of how we use Eigen-Vector
reputation-based centrality to influence nodes decision about
the reputation of other nodes and the importance of indirect-
reputation exchanged between nodes. Both centrality of the
reporting nodes and indirect-reputation are key to quick
isolation of the malicious nodes and convergence of reputation
across all the nodes.
In Figure 1, node A is the observed node and each of its
neighbours has a direct reputation measure for it as R1 to R4
respectively. Node B, that is not directly connected to node A,
receives R1-R4 reputation observations about Node A. By
applying the Eigen-Vector reputation-based centrality, as
discussed in section B below, node B will have a centrality
measure based on all Node As neighbouring nodes reputation
evaluation of that node. Using this technique makes Node B
immune against an attack where one node would collude with
multiple other nodes to provide false indirect reputation about
node A, as indirect reputation reported by N1-N4 is subject to
selective deviation test that is described in the section B.

Figure 1. Eigen-Vector Reputation-Based Centrality.

When we resolve nodes reputation as a function of its
centrality characteristics, we classify it as high, medium or low
centrality.
Figure 2 below, shows how we classify the observed nodes
into zones based on their reputation and centrality. Nodes
falling into zone 1 are highly trusted nodes that also have wider
view of the network. Nodes that are classified as belonging to
that zone have privileges such as higher watchdog expiration
time and they are exempted from the deviation tests on their
reported indirect-reputation, low or no discounting factor, and
162
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.


high Reputation-Record expiration time. On the other hand,
nodes falling into zone 6 are classified as miss-behaving nodes,
so their reported indirect-reputation is rejected. Nodes falling in
zones between 1 and 6 would have different levels of
acceptance and the different parameters would be adjusted to
reflect their current zone. Nodes classification can change over
time. This can be a result of a good reputation node that started
to behave maliciously and hence become less trusted and fall to
a less favourable zone. This technique allows the network to
evolve into a multiple clusters of different trustworthiness
levels. These different levels of trust-worthiness allow higher
layer applications to limit their interaction only to one selected
zone vs. any other zone.

Figure 2. Self-Organized node selection for indirect-reputation information.

B. Architectural Overview
Figure 3 shows the interaction between the key components
of our reputation model in order to provide automatic and
autonomous routing decisions to the under-laying routing
protocol based on the available neighbours reputations.

Figure 3. Reputation system model.
Reputation Management is the main entity responsible for
storing and retrieving all the nodes neighbours reputation
records. It orchestrates the operations of the other components
and act as the concentration point for all the events taking place
inside the system. Neighbour Reputation Record is the entity
representing reputation observation for one of the neighbours.
Each node holds N neighbour reputation records where N can
be determined by the nodes memory capacity, CPU power for
maintenance to update these records and other resource
constraints. Nodes with higher reputation and centrality should
hold enough reputation records about other nodes in order to
provide adequate coverage of the nodes in its own area. Node
recycles these records using expiration time to balance the
different overheads with the need to have enough reputation
about different neighbours.
Reputation Broadcast is the entity responsible for receiving
indirect reputation from neighbours. It performs a selective
deviation test to ensure the unity of view between the
reporting node and the receiving node about the reputation of
the node in question (observed node). Traditional Deviation
Test as presented in [1], requires each node to compare
received indirect reputation with its own direct reputation for a
given neighbour and reject any indirect reputation that deviate
by a certain value (the deviation threshold). In our Selective
Deviation Test, the receiving node (a) attempts to calculate the
reputation of its neighbour node (j). Node (a) first checks the
reputation of the reporting node (the sender of the reported
reputation information) node (i). R
ai
is the reputation held by
node (a) about node (i). If the reputation R
ai
> (threshold) then
R
ij
is trusted without further tests. This enables fast reputation
convergence which is critical in our challenged scenarios
where nodes dont get enough time to observe the reputation
of other nodes, and at the same time cant miss the opportunity
to use good nodes and avoid malicious nodes whenever such
information is available. At the same time, node (a)
uncertainty with respect to node (j) decreases as a result of
trusted node (i) reporting its direct reputation observation. We
follow the same definition of uncertainty as used by Feng et al.
in [13].
Reputation Detect, Filter, Transform and Localize: The
calculation of the direct reputations was inspired by the Eigen
Trust algorithm presented in [8]. Our algorithm calculates a
global consistent reputation value at each node for all its
neighbours and then resolves the reputation using direct and
indirect (second hand) reputation information. Each node
calculates the Eigenvector centrality of its neighbours (
(1
) in order to reflect on each neighbour reputation
and the level of confidence in this neighbour reported indirect
reputation. x
i
denote the score of the i
th
node. Let A
i,j
be the
adjacency matrix of the network. A
i,j
is originally defined in
Eigen-Vector Centrality as A
i,j
= 1 if the i
th
node is adjacent to
the j
th
node, and A
i,j
= 0 otherwise. In our model, A
i,j
= s,
where s is the wireless signal strength from the i
th
node to its
neighbour j
th
node, and A
i,j
= 0 if the i and j are not
neighbours. For the i
th
node (the observed node), the centrality
score is proportional to the sum of the scores of all nodes
which are connected to it. Hence:
(1)
Where M(i) is the set of nodes that are connected to the i
th

node, N is the total number of nodes and is a constant. For
the purpose of our reputation schema we use connectivity
instead of transaction. This connectivity takes place when the
node either receives or requests a forward of a message from
that neighbour. In our distributed network environment, each
High Medium Uncertain Low Negative
High
1
Medium
Low
Reputation
2
4 5 6
3
Central
lity
Lessreliableforindirect
reputationduetolackof
networkwideview.
Directionforlessreliableindirectreputationduetothe
node'sbadreputation.
163
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.


node marks its experience when it comes into contact (i.e.
becomes connected) with another neighbour. Periodically,
each node will evaluate its connectivity experience with each
of its direct neighbours and gives it a rating and vice versa (
(2). Node i calculate the percentage of packets
originating from i that were forwarded by node j over the total
number of packets offered to node j, frwd(i,j), and the
percentage of packets that were expired (i.e. packets that were
originating or forwarded by node i to node j but they were not
subsequently forwarded by node j) over the total number of
packets offered to node j, expr(i,j).
S
Ij
= fiwu(i, j) expi(i, j) (2)
Where S
ij
is the recent satisfaction index for node i about
node j. S
ij
would be then weighted (using (3) into the direct
reputation of node j:
R
]
= R
]-pc
- w
hsto
+ S
]
- (1 - w
hsto
) (3)
R
ij-prev
is reputation value that node i had for node j before
incorporating the most recent satisfaction index. W
history
is a
constant that reflects the level of confidence that node i has in
the past observed reputation for its neighbour j (i.e. whether
the past reputation R
ij-prev
reflects a persistent behaviour). If no
connectivity between i and j takes place, R
ij
is discounted
instead using a constant value: w
dIscountIng
. We define max
t

to be the function that reports the maximum observation of R
ij
over time. R
ij
is normalized using (4.
R
]
=
R
i]
max
t
( R
i]
)
(4)
Variable/Adaptive Observation Expiration Time is the time
that a node waits for its direct neighbour to perform the
requested function before a watchdog times-out and penalize
that neighbour for its failure (i.e. forward the packet). Nodes
are able to monitor their neighbours behaviour by utilizing the
shared nature of the wireless medium and constantly
overhearing its neighbours traffic. We propose a per
neighbour/adaptive expiration technique that allows a node
to adjust depending on its neighbour reputation and network
conditions. For trusted neighbours, the observation expiration
time would be higher than for non-trusted neighbours.
Network or Node Congestion, if detected by an observing
node, it would increase its expiration time accordingly. This
would decrease the number of false positive and enable the
protocol to selectively adjustable in responses to different
network conditions.
Second hand reputation received by the observing node i is
aggregated ((5) to a single value ARR
]
(Aggregated Reported
Reputation about node j as received and processed by node i):
ARR
]
=
(RR
n]
- g
n
- RR
in
)
(g (n)- RR
in
)
(5)
Where Dig(n) is the degree centrality of the reporting
nodes(n).
Resolver is responsible for doing the actual calculation of
the neighbour final reputation (called final resolved reputation
(FRR)) by combining direct and indirect reputation (Error!
Reference source not found.) and performing Reputation
Noise Cancellation. As packets might get dropped accidently
by nodes due to other network conditions such as congestion,
interference which doesnt constitute malicious behaviour, we
have included an adaptive threshold measure that is adjusted
depending on the neighbour node movement profile and the
link quality between the observing node and its neighbours.
Depending on the nodes own knowledge about the medium
quality reported by the nodes physical layer, the node is able
to adjust the threshold of acceptable silent error level from that
neighbour. If the node experiences a packet loss from its
neighbour below this threshold, it considers that loss as a noise
and subsequently ignores the lost packets. If the losses were
above the noise threshold level, the node will start reacting to
these events accordingly. We call this approach Reputation
Noise Cancellation.
FRR
Ij
= W
dIrcct
- R
Ij
+ (1 - W
dIrcct
) - ARR
Ij
(6)
Route Maintenance is being called when the Resolver
detect that a certain neighbour reputation has fallen below a
certain threshold. The Route Maintenance entity is
responsible for breaking all the routes going through this
neighbour and initiates a new replacement route search as
needed. In our implementation using AODV, the Route
Maintenance entity sets the route to a special mode called
Local Route Repair as described in [14]. This special route
mode would enable queuing packets going out on the route
until an alternative route is established if possible, else all the
packet queued are dropped and a route error (RERR) message
is sent to the neighbour nodes.
Different components of our proposed model rely on a
number of observed parameters that affect neighbour specific
or node wide parameters in a complete state-machine for each
node as shown in Figure 4 below.

Figure 4. Reputation system parameters.
IV. EARLY PROTOTYPE IMPLEMENTAION AND
RESULTS
We have performed a number of experiments in highly
mobile and disconnected topologies where network
experienced frequent neighbourhood changes and lower route
stability. We have integrated our reputation-based protocol
Packetforwardingforaparticularnode
Packetforwardingthroughaparticularnode
Routingupdatesacceptance
IndirectReputationReporting
Detection/Convection
WatchdogExpirationTime
SelectiveDeviationTest
Weight(trustworthiness/completeness)ofIndirectReputation
ReputationRecordExpirationTime
NoiseCancellationThreshold
Centrality
MobilityProfile
DirectReputation
NetworkStatus(suchasCongestion)
ResolvedReputation
Observed
Parameters
Adjusted
Parameters
Node'sDecisions
towardsanother
node
164
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.
wi
ho
I s
sy
m/
pa
de
ass
W
ag
mi
dis
an
dis
pe
flo
Th
dro
co
rep
MA
mu
sce
bla
va
ne
bla
thr
rep
tot
fig
ba
no
tim
as
ith AODV. Ou
oc nodes rando
shows a list
stem configur
/s and pause
ause time com
viation test w
sume that no l
We implement
gressive attac
isbehaviour.
scovery reque
ny destination
sruption, a
riodically adv
ows' destinatio
his doesnt on
op data an
mmunication
putation inform
ANET. The p
uch higher tha
enarios used u
Pa
Area
Speed
Radio Ran
Placement
Movement
Routing Pr
MAC
Sending ca
Application
Packet size
Simulation
W
dIscountIn
Reputation
Publication
Re-evaluat
Fading tim
W
hIstory

w
dcct

Deviatio
TABLE I.
Figure 5 (a
ackholes to th
alues on the x
twork are no
ackholes. Th
roughput of ea
presenting the
tal number of
gure shows th
ased protocol
odes increase b
me, AODV wi
the number o
ur simulation
omly moving
of the simula
ration variable
time of 1 se
mpared to 300
was implement
liars exist for
ted and teste
ck that involv
A blackhole
ests and adver
n. And in o
blackhole w
vertising inco
on that it can
nly cause the
nd routing
needed betwe
mation necess
percentage of
an in other tes
up to a maximu
arameter
nge

t
rotocol
apacity
n
e
n time
ng

n Threshold
n timer
tion timer
mer
on Threshold
EXPERIMEN
a), shows on
he total numb
x-axis range fr
ormal and no
he y-axis rep
ach protocol a
e throughput
f nodes (20 no
hat the networ
gracefully fa
but it remains
ith a blackhole
f blackholes in
scenarios inc
around the sim
ation setup pa
es. Our nodes
ec that is sign
0 sec in [15].
ted to offset th
the purpose o
ed the netw
ves both rout
e actively re
rtise itself as a
order to max
was actively
orrect and attr
n overhear in
malicious no
packets but
een other good
sary for reputa
f blackhole no
st scenarios fo
um of 20% bl
V
750 m X 750
20 m/s
250 m
Uniform
random way
AODV
802.11
4 Kbps
CBR
512 B
500 s
0.9
0
10 s
10 s
10s
0.70
0.90
0.5
NTS CONFIGURATI
n the x-axis
ber of nodes i
from 0% (i.e.
o malicious n
presents the
as compared to
of AODV pr
odes) without
rk throughput
alls as the nu
bounded abov
e is continuing
ncrease.
cluded 20 mob
mulation area
arameters and
speed was se
nificantly very
Even thou se
he effect of lia
of these experi
work using a
ting and forw
eplies to to
an attractive r
ximize the n
y monitoring
ractive routes
n its neighbou
des to interce
t also to
d nodes to pro
ation converge
odes that we u
ound in [15] w
ackhole nodes
Value
0 m
ypoint model
ION PARAMETERS
the percenta
in the networ
all the nodes
nodes exist) t
percentage
o a benchmark
rotocol of the
t any blackhol
t for our repu
umber of ma
ve 70%. At th
g to drop belo


bile ad-
a. Table
d other
et to 20
y short
elective
ars, we
iments.
a more
warding
opology
route to
network
g and
s about
urhood.
ept and
disrupt
opagate
ence in
used is
were the
s.
S
age of
rk. The
s in the
o 35%
of the
k value
e same
le. The
utation-
alicious
he same
w 50%
in
nu
bl
as
pa
de
wi
m
sp
as
wi
rep
ex
ab
wi
Figure 6, sh
our experim
umber of dif
ackholes but
s (arrival time
ackets. The re
elay is high in
ith no reputati
malicious node
peed by which
s their number
ill come acros
putation of m
xplained in [1
bove 20%, th
ithout reputati
Figur
Figure 5. A
ows the avera
ments, we hav
fferent runs
different mob
e send time)
esults shows t
n AODV wit
ion, it does co
es approach 15
h the maliciou
r increase due
ss normal nod
malicious nod
3]. As the nu
he Average de
ion.
re 6. Average en
Average throughp
age end-to-end
ve averaged
using the s
bility scenario
), then averag
that while the
th reputation
nverge to AO
5%. This can
us nodes are id
to the higher
de, this helps t
des and decr
umber of mali
elay becomes
nd-to-end delay c
ut.
d delay for all
this number
same percent
o. Delay is cal
ged over all t
average data
compared to
ODV as the num
n be attributed
dentified and i
probability th
o quickly reso
rease uncerta
cious nodes i
s lower than
comparison.

packets
over a
tage of
lculated
the data
a packet
AODV
mber of
d to the
isolated
hat they
olve the
ainty as
increase
AODV

165
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.



Figure 7. Average Jitter with various numbers of blackhole nodes.

Figure 7, shows the average data packet Jitter comparison
between AODV and AODV with Reputation. It shows that our
protocol has considerably higher Jitter when the percentage of
the blackhole nodes is below 15% compared to AODV without
reputation. This can be explained as the node has higher
probability of meeting new nodes with no prior reputation; the
node will be reluctant to switch to any of these new neighbours
even though they might have been able to offer shorter paths
with less delay and jitter. As the number of blackhole nodes
approach 20% of the total number of nodes, our protocol does
converge fast to AODV. This can be attributed to the fact that
the network was able to quickly identify and isolate malicious
nodes as the blackhole nodes have higher probability of
meeting good nodes. And the probability of meeting new
unknown node decreases.

Figure 8. Plot of the Reputation vs. Centrality of various malicious/normal
nodes during the simulation time.
Figure 8, shows the distribution of reputation and centrality
of normal and malicious node. Our observations show that
higher centrality normal nodes advance in their reputation
faster than lower centrality normal nodes. At the same time,
lower centrality malicious nodes are slower to be isolated by
other good nodes compared to the speed of isolating other
malicious nodes that have higher centrality.
Our system can handle more sophisticated attacks that can
be monitored on the data link and routing layers. For example,
flooding attacks where a node attempts to send dummy or
crafted packets to its neighbours in order to exhaust their
resources (e.g. power, bandwidth, buffers...) can be monitored
in the same way as we monitor to determine the neighbour
direct reputation, but the monitoring node will keep a
receive/send rate for each of its surrounding neighbours and
apply a threshold to determine whether the observed neighbour
is flooding or not. The challenge is to distinguish normal
behaviour where a node has enough data burst to send vs.
malicious behaviour. One solution is to utilize congestion
control techniques to measure the responsiveness of suspected
neighbour before classifying the behaviour as an attack and
blacklist that neighbour. Another important attack to any
reputation system is Reputation Liar, where one or more
node either individually or collaboratively attempt to lie to a
node to influence its reputation assessment about other third
node(s) around the network. Our system uses selective
deviation test in order to eliminate the effect of these liars as
discussed in [1].
Our system is scalable to larger MANETs as reputation
information exchange takes place in ego networks, where each
node only exchanges reputation information with nodes in its
neighbourhood (which is the collection of ego and all nodes to
whom ego has a connection at some path length, 3 hops in our
experiments). Nodes are responsible for deciding, based on the
trade-off between reputation competence and costs in terms of
maintenance, and storage, how to handle older reputation
records about other nodes. Many techniques (such as MFR)
exist in P2P that discuss aging and efficient management of
information and which are outside the scope of this paper.
V. CONCLUSION AND FUTURE WORK
Our proposed reputation framework relies on centrality and
mobility as two key parameters to drive the system to a more
stable state in highly mobile, sparse and disconnected
environments. We discuss how we integrate two kinds of
centrality in our reputation-based protocol and propose a
number of optimisations for more efficient node monitoring
and trust resolution such as selective deviation test and
adaptive expiration timer. Our early prototype implementation
over AODV confirms and extends the results published in
[3][4][5]. The results presented in this paper show that the
throughput remains above 70% in the presence of the
increasing number of blackhole nodes while the jitter and
delay decrease and are below AODV. We also discuss the
impact the distribution of centrality and reputation of our
nodes has on the time needed to isolate malicious nodes.
Our subsequent work will focus on studying the impact of
centrality and configuration parameters on the protocol
166
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.


performance in relation to network throughput, network delay,
network jitter and the protocol detection ratio. We will
investigate the response of the reputation protocol under the
same high-mobility conditions and subject to collaborative
blackhole and grayhole attacks.
In addition to the parameters already explored in this paper,
we have already started implementing a reputation system that
relies on richer context information (such as contact histories
and contact quality) in order to allow expanding our reputation
system to be more suitable to opportunistic networks.
VI. REFERENCES
[1] S. Buchegger, "Reputation Systems for Self-Organized Networks: Lessons
Learned," In IEEE Technology and Society Magazine, Toward Fourth
Generation Wireless, March 2008., pp. 1-10.
[2] J. Ruiz, et al, "Black Hole Attack Injection in Ad hoc Networks,"
DSN2008, International Conference on Dependable Systems and Networks.
Anchorage, Alaska, June 24-27 2008, pp. G34-G35.
[3] Sonja Buchegger and Jean-Yves Le Boudec. Performance Analysis of the
CONFIDANT Protocol: Cooperation Of Nodes Fairness In Dynamic Ad-
hoc NeTworks. In Proc. of IEEE/ACM MobiHOC, 2002. IEEE.
[4]H. Yang, et al, "SCAN: Self-Organized Network-Layer Security in Mobile
Ad Hoc Networks," IEEE Network, vol. 24, 2006, pp. 1-13.
[5] A. Dadhich, "A Distributed Cooperative Approach To Improve Detection
And Removal Of Misbehaving MANET Nodes", COMSWARE, 2008, pp728
- 735
[6] P. Michiardi and R. Molva, "CORE: A Collaborative Reputation
Mechanism to enforce node cooperation in Mobile Ad hoc Networks", Proc.
IFIP CMS, 2002.
[7] S. Buchegger, and J.-Y. Le Boudec,A Robust Reputation System for P2P
and Mobile Ad-hoc Networks, Proc. 2nd Workshop Economics of Peer-to-
Peer Systems, 2004.
[8] M.T. Schlosser, "The EigenTrust Algorithm for Reputation Management
in P2P Networks," ReCALL, 2003.
[9]H. Deng, W. Li, and D. P, "Routing Security in Wireless Ad Hoc
Network", IEEE Communications Magzine, vol 40, 2002.
[10] U. Jian Yin, Sanjay Kumar Madria, "A Hierarchical Secure Routing
Protocol against Black Hole Attacks in Sensor Networks," IEEE-SUTC, vol.
1, 2006.
[11] S. Ramaswamy et al., "Prevention of Cooperative Black Hole Attack in
Wireless Ad Hoc Networks", ICWN03, USA 2003..
[12] S. Ramaswamy et al, "Simulation Study of Multiple Black Holes Attack
on Mobile Ad Hoc Networks," ICWN'05, 2005, pp. 595-604.
[13] F. Li, J. Wu, and B. Raton, "Mobility Reduces Uncertainty in
MANETs", Proc. of IEEE INFOCOM, May 2007.
[14] C.E. Perkins and E.M. Royer, "Ad-hoc on-demand distance vector
routing,", In proc. of 2nd IEEE Workshop on Mobile Wireless Networks,
1999.
[15] C.W. Yu, et al, Distributed and Cooperative Black Hole Node Detection
and Elimination Mechanism for Ad Hoc Networks, Springer 2009.
[16] A. Dadhich, et al. "A Distributed Cooperative Approach To Improve
Detection And Removal Of Misbehaving MANET Nodes", COMSWARE,
2008.
[17] E. Daly and M. Haahr, "Social Network Analysis for Routing in
Disconnected Delay-Tolerant MANETs" Source, 2007, pp. 32-40.
[18] D. Feng and Y. Zhu, "Cooperative Incentive Mechanism Based on Game
Theory in MANET" Simulation, 2009, pp. 201-204.
[19] LEBRUN, J., CHUAH, C.-N., GHOSAL, D., AND ZHANG, M.
Knowledge-based opportunistic forwarding in vehicular wireless ad hoc
networks. In proc. VTC 05, 2005, vol. 4, pp. 22892293.
[20] Hui, Pan Crowcroft, Jon, 'Human mobility models and opportunistic
communications system design', Philosophical Transactions of the Royal
Society A: Mathematical, Physical and Engineering Sciences, 2008, vol. 366,
no. 1872, pp. 2005-2016.

167
Authorized licensed use limited to: S. A. Engineering College. Downloaded on May 31,2011 at 16:51:42 UTC from IEEE Xplore. Restrictions apply.