Hybrid Acknowledgment Punishment Scheme Based on Dempster-Shafer Theory for MANET

. In this paper, we cope with malicious nodes dropping packets to disrupt the well-functioning of mobiles ad hoc networks tasks. We propose a new hybrid acknowledgment punishment scheme based on Dempster Shafer theory, called HAPS. The proposed scheme incorporates three interactive modules. The monitor module monitors the behaviour of one-hop nodes in the data forwarding process. The reputation module assesses the direct and the indirect reputation of nodes using Dempster Shafer theory, which is a mathematical method, that can aggregate multiple recommendations shared by independent sources, while some of these recommendations might be unreliable. Since recommendations exchange between nodes consumes resources, a novel recommendation algorithm has been incorporated to deal with false dissemination attack and to minimize the recommendation traﬃc. The exclusion module punishes nodes regarded as malicious. The simulation results show that HAPS improves the throughput and reduces the malicious dropping ratio in comparison to existing acknowledgment scheme.


Introduction
Mobile ad hoc network (MANET) is a collection of wireless mobile nodes that are able to perform the network tasks without requiring a fixed infrastructure or centralized administration.The communication between nodes follows a multihop approach.This approach depends on the assumption that all mobile nodes cooperate.Nevertheless, this assumption cannot be ensured due to the MANET features including the distributed nature, resource constraint of nodes [1].These features make MANET vulnerable to selfish and malicious nodes.Selfish nodes may refuse to relay packets for other nodes to preserve their resources.On the other hand, malicious nodes may drop all packets passing through them in order to disrupt the functioning of the networks activities.Therefore, to improve the network performance, it is critical to cope against the selfish and malicious behavior.
In the literature, one can categorize two types of related works dealing with selfish and malicious nodes dropping packets: credit-based schemes [3][4][5][6][7] and reputation-based schemes [2, 5, 8-10, 12, 13, 18-21, 24].The goal of incentivebased schemes consists of encouraging nodes to relay packets for the benefits of other nodes by using credit.Node earns credits by relaying packets for other nodes and loses credits to send their packets.In the reputation-based schemes, each node monitors its one-hop nodes and computes their reputation values according to their behaviour.Almost of the reputation-based schemes use the watchdog technique [2] for the monitoring.However, this technique presents several feebleness as reported in [2,11].To deal with this feebleness, the acknowledgment technique is proposed in [12].This technique permits to expand the range of neighbours monitoring to the two-hop by introducing a new kind of packet called TWOACK packet.
One of the recent scheme employing the acknowledgment technique is EAACK scheme [13].EAACK can detect and punish malicious links.EAACK can effectively resolve some feebleness of the watchdog technique.However, EAACK is still vulnerable to other threats.(1) When nodes move faster, their neighbourhoods change often and therefore, malicious nodes have a several chances to drop more packets.Because, each new neighbour for malicious node forms a potential malicious link.This threat is inherited from TWOACK scheme [12], since TWOACK scheme can detect only malicious links and EAACK is based on TWOACK.(2) All requests initiated by malicious nodes are still relayed because the purpose is to relive malicious nodes from relaying data packets instead of punishing them.
To address the above threats, we propose a hybrid acknowledgment punishment scheme based on Dempster Shafer theory [14,15,23], called HAPS.HAPS scheme aims to enhance the performance of EAACK [13] by punishing malicious nodes more severely.HAPS is structured around three interactive modules: monitor, reputation, exclusion.The monitor module monitors the behavior of one-hop nodes in the data forwarding process.The reputation module computes the direct and indirect reputation values of neighbour nodes based on the information provided by the monitor module and the recommendations shared between nodes.We propose a new combination algorithm based on Demspter Shafer theory [14,15] to compute the direct reputation value of the node.Thus, HAPS enables nodes to share their recommendations about other nodes, but only when it is necessary, and the combination of different recommendations is done based on Dempster Shafer Theory.The exclusion module punishes all nodes having reputation values smaller than the reputation threshold.
The remainder of this paper is organized as follows.In the section 2, We present some preliminaries on Dempster Shafer Theory.Section 3 is devoted to the adversarial model.In section 4, we present our proposed scheme (HAPS).In section 5, we examine the performance of HAPS via simulation and finally conclude the paper.

Preliminaries on Dempster-Shafer Theory
Dempster Shafer theory of evidence [14,15] is a mathematical method, handling the uncertainty and the subjective judgment.This method is especially efficient in situation when there is a need to aggregate multiple evidences shared by independent sources while some shared evidences might be unreliable, imprecise or incomplete/ambiguous. Let ϕ = {A 1 , .., A n } be a finite set of mutually exclusive and exhaustive hypotheses denoted as the frame of discernment, where A i are the individual hypotheses [22]. 2 ϕ denotes the possible subsets (or power set) of ϕ.In this section, we outline some basic concepts of Dempster Shafer theory.
Definition 1 [15] : A basic probability assignment function (BPA) or a mass function m is a function that assigns to each subset of φ a quantity of belief which is a number between 0 and 1. m is defined from 2 ϕ → [0, 1] and satisfying the following two constraints: Definition 2 [15] : let m : 2 ϕ → [0, 1] be a mass function.The belief function bel : 2 ϕ → [0, 1] related to the mass function m over ϕ is defined as follows bel(A) corresponds to the total of belief given to the hypotheses A.
Definition 3 [15] : Dempsters rule of combination permits to combine independent evidences issued from independent sources by applying the orthogonal sum .Given two mass functions m 1 and m 2 over the same frame of discernment ϕ.According to the Dempsters rule of combination, m 1 and m 2 can be combined into a new mass function m : 2 ϕ → [0, 1] as follows: Where . m (c) represents the mass function of the combined evidence and K 12 reflects the amount of conflicts between m 1 and m 2 .
According to the Dempsters rule of combination, we can combine n evidences as follows: Where

Adversarial Model
According to their purposes, nodes may behave maliciously in order to degrade the network performance.In our paper, we suppose that malicious nodes may launch: (1) Black hole attack by dropping all data packets passing through them.
(2) False dissemination attack by sharing fake recommendation to falsely improve or degrade the reputation value of the malicious or honest node, respectively. 4 The Proposed HAPS Scheme HAPS scheme is structured around three interactive modules: monitor, reputation, exclusion.

Monitor Module
This module monitors the behaviour of one-hop nodes in the data forwarding process.HAPS employ the monitoring technique proposed in the EAACK scheme [13].EAACK scheme is the result of the combination of three modes: ACK, S-ACK and MRA.In this paper, we implement only ACK and S-ACK modes.In the ACK mode, the destination node should send back an ACK packet to the source node for every data packet received.The S-ACK mode is similar to the TWOACK scheme.In the S-ACK mode, a new kind of packet called S-ACK is used.Each node forwarding data packets should send an S-ACK packet to the two-hop node in the opposite direction of the forwarding path.To illustrate the functioning of this technique, let p = {N s , ..., N i , N j , N k , ..., N d } the selected forwarding path, < N i , N j , N k >∈ p a triplet of nodes taken as an example (see Fig. 1).List ID denotes the list of ID of data packets sent or forwarded waiting to be acknowledged.The source N s sends data packets to the destination N d through the path p.In the startup, the ACK mode is employed.In this mode, N s adds the ID of each data packet sent D to List ID .Each ID is maintained for θ second.Upon reception of D at N d , it should send back an ACK packet to N s .For each ACK packet relayed by all nodes N i ∈ p, the monitor module of N i registers a good action through the link (N j , N k ).If N s receives an ACK packet before θ expires, which means that there are no malicious actions along the path p, it removes the ID of D from List ID .Otherwise, N s switches to the S-ACK mode.N i adds the ID of each data packet forwarded D to List ID .Each ID is maintained for ϑ second.N j Will forward D to N k if it behaves cooperatively.Once the packet D reaches N k , it should send back an S-ACK packet N i if it does not behave maliciously.If N i receives S-ACK packet before ϑ expire, it deletes the ID of D from List ID and registers a good action against the link (N j , N k ).Otherwise, if N i does not receive S-ACK packet after ϑ expires, N i removes the ID of D from List ID and registers a bad action against the link (N j , N k ).The same process is repeated for each triplet of nodes along p.This process is repeated until N s receives a switch packet from N d , which means that p is a safer path.Therefore, N s switches to the ACK mode.

Reputation Module
This module assesses and manages the reputation values of one-hop nodes.The reputation is classified into three types: direct, indirect and final.This module maintains four parameters ranging from 0 and 1: the reputation value of each monitored link (N j , N k ) ∈ F L j i denoted by R i (j, k) where F L j i denotes the set of forwarding links in which N j is involved, The direct, indirect and final reputation values denoted byDR j i (t), IR j i (t) and F R j i (t), respectively, where denotes the time of the computation of the reputation value.

Direct Reputation
A reputation is considered type direct, if it is computed based only on the recommendation of the monitor module.The reputation module of N i evaluates the trustworthiness of N j in all forwarding links (N j , N k ) ∈ F L j i in which is involved (see Fig. 1).If the monitor module detects a good action, R i (j, k) is increased.Otherwise, R i (j, k) is decreased.To compute the direct reputation value DR j i (t) of N j at time slot t, we propose a combination algorithm based on Demspter Shafer theory [14,15,23].This algorithm combines and aggregates the reputation values of all links R i (j, k) , (N j , N k ) ∈ F L j i to come up to a single reputation value of N j .The proposed algorithm functions as follows.In the startup, R i (j, k) of each link (N j , N k ) ∈ F L j i is initialized to neutral v and it is updated according to the action detected by the monitor module.We consider two exclusive and exhaustive hypothesis that construct the frame of discernment ϕ = {C, C} where C means that the node N j is cooperative and C means that the node N j is uncooperative.The power set 2 ϕ consists of four elements:∅,C = cooperative, C = uncooperative and hypothesis U = ϕ ( N j is either cooperative or uncooperative which represents the uncertainty).In this scenario, the reputation module of N i perceives the reputation of each link (N j , N k ) ∈ F L j i as recommendation provided by N k .The reputation module determines the state of the node N j in the link (j, k) according to R i (j, k).If reputation module states that N j is cooperative through the link(j, k) , which means that R i (j, k) ≥ neutral v , The BPA of N k is: If reputation module states that N j is uncooperative through the link(j, l), which means that R i (j, k) < neutral v , the BPA of N l is The direct reputation value DR j i (t) is computed by combining all recommendations collected from all links (N j , N k ) ∈ F L j i by applying the Dempster rule of combination.neutral v − R i (j, l) value reflects the degree of maliciousness of the link (j, l).The rational of this algorithm is that: a malicious node should compromise multiple forwarding links (multiple forwarding paths) to achieve its purpose that consists on disrupting the data forwarding process.Therefore, it is involved in multiple bad actions that cause the degradation of its direct reputation value.On the other hand, an honest node is involved in more good actions than bad actions; therefore, it can improve its direct reputation value.

Indirect Reputation
A reputation is considered indirect, if it is computed based only on the recommendations shared between neighbours.In HAPS, this reputation is calculated and used only when there is need.The exchange method is done only when it is necessary, especially when a particular neighbour needs to send its packets.The goal is to improve the accuracy of the computation of nodes reputation and to minimize the recommendations traffics.When a node termed requestor needs to relay its packets through neighbours, all neighbours exchange their computed direct reputation values about this requestor.After that, they compute its indirect reputation value by aggregating all received recommendations using Dempster Shafer theory.Note that recommendations from nodes regarded as malicious are ignored.
When N i receives a RREQ packet, it checks whether the requestor N j is a neighbour (N j ∈ N G i ).If the requestor N j is not neighbour, N i simply forwards the RREQ packet.Else, N i shares its recommendation about N j in the neighbourhood and set the timer T r .To prevent malicious nodes from colluding with other nodes or from manipulating the reputation values of some nodes, node N i accepts only recommendation received before T r expire.In order to compute the indirect reputation value of N j , N i aggregates all received recommendations using Dempster Shafer Theory.The recommendation of N i about N j is one among the set {cooperative-uncooperative}.Therefore, the frame of discernment is ϕ = {cooperative, uncooperative}.For instance, the reputation value of N k at N i is DR k i (t).If N k states that N j is cooperative, the BPA of N k is [16]: If N k claims that N j is uncooperative, the BPA of N k is: The indirect reputation value of N j is obtained after combining all recommendations using the Dempster's rule of combination.According to Dempster Shafer Theory features, the relevance of a recommendation depends on the reputation value of the recommender, which permit to get a reliable reputation value.This feature make our approach resilient to false recommendation dissemination.Thus, our approach can cope with collusion attack that occurs when a group of malicious nodes provides fake recommendations about an honest node.Because, the time T r ec between the diffusion and the combination of recommendations is very low.Then, these nodes have not sufficient times to collude.

Illustration example:
Let assume three nodes N k , N l and N f with reputation values 0.4, 0.45 and 0.9 at N i , respectively.They share their recommendations about N j .N k claims that N j is cooperative, N l and N f claims that N j is uncooperative.Hence, the mass function are: The reputation module of N i combines m k and m l as follows: The obtained m kl is combined with m f as: From this result, the indirect reputation value IR j i (t) of node N j is 0.81.

Final reputation
After obtaining DR j i (t) and IR j i (t), the final reputation value F R j i (t) is computed by combining DR j i (t) and IR j i (t) with the following equation: Where δ( 0 < δ < 1) determines the relevance of direct reputation compared to the indirect reputation.

Exclusion Module
The exclusion module is responsible for punishing malicious nodes.It considers a node having final reputation value smaller than the threshold as malicious.This module puts the detected node in its black list Black l ist, and it sends a misbehaving report to the source node of data packets to proceed to its punishment.All nodes forwarding, receiving or overhearing the misbehaving report put the detected node in their Black l ist and proceed to its punishment.The punishment consists on: (1) invalidating all forwarding paths involving this node and evicting to route their data packets through this node.(2) Refusing to forward packets initiated from this node by discarding all its RREQ packets generated.

Performance Evaluation
In this section, we conduct a series of simulation experiments to examine the performance efficiency of the HAPS scheme using the network simulator NS-2.34.We evaluate the effectiveness of the HAPS scheme on the exclusion of malicious nodes dropping data packets in comparison to EAACK [13].We simulate 40 mobile nodes deployed within an area of 700 * 700 m.The number of malicious nodes varies from 2 to 12.The rest of simulation parameters are shown in Table 1.The following two metrics are used to examine the efficiency of HAPS: -Average throughput (Kbps) represents the total size of data packets that successfully reached their destination over the simulation times.-Malicious dropping ratio refers to the ratio between the total numbers of data packets dropped by malicious nodes to the total numbers of data packets sent.
All plotted results are obtained after averaging the result of 20 simulation runs.

Average Throughput (Kbps)
Fig. 2 shows the average throughput of HAPS and EAACK under varying the number of malicious nodes.We can observe that as the number of malicious nodes increases, the average throughput of two schemes decreases.However, the obtained results indicate that HAPS improves the average throughput much more than EAACK.This improvement is due to the fact that HAPS can identify and isolate malicious nodes instead of malicious links.Therefore, using HAPS scheme, the established paths between each pair of nodes is more reliable.

Malicious Dropping Ratio
Fig. 3 depicts the malicious dropping ratio of HAPS and EAACK as a function of the number malicious nodes.The results show that the malicious dropping ratio increases as the number of malicious nodes increases.But, the malicious dropping ratio with HAPS increases more gently than with EAACK.This is because AASC penalizes malicious nodes more effectively and severely compared EAACK that is able to isolate only malicious links.Fig. 4 plots the malicious dropping ratio across varying the node speed.In this scenario, the network contains 4 malicious nodes.From this figure, we can observe that HAPS has a lower malicious dropping ratio in all cases compared to EAACK.This gap is more apparent when the nodes move faster.Because, when the nodes move faster, their neighbourhoods change frequently.As EAACK isolates only malicious links, each new neighbour for malicious nodes forms a new opportunity (malicious link) to drop more packets.Therefore, HAPS is more resilient to topology changes.

Conclusion and Future Work
In this paper, we have proposed HAPS, which is a novel acknowledgment Punishment Scheme aiming to detect and punish malicious nodes dropping data packets.In HAPS scheme, the reputation values of all links in which node is involved, are perceived as recommendations.Using Dempster Shafer Theory, these recommendations are combined to compute the reputation value of the node.HAPS incorporates a novel manner to exchange recommendations between nodes following the nature of on-demand routing protocol.The recommendations exchange is performed only when it is necessary and the aggregation is done based on Dempster Shafer Theory.HAPS punishes malicious nodes, whose the reputation values are smaller than the threshold by refusing to forward their packets, and isolating them from all network activities.The simulation results demonstrate that HAPS improves the throughput and reduces the malicious dropping ratio.As future work, We plan to evaluate mathematically the complexity of HAPS approach, and by simulation the effect of other network parameters in the effectiveness of HAPS approach (such Node density).We also plan to extend the HAPS scheme with an incentive mechanism aiming to cope against the selective packet dropping attack, while to motivate the cooperation of selfish nodes.

Table 1 .
Malicious scenario parameters