JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

39

Evaluating and Mitigating the Effects of Selfish MAC Layer Misbehavior in MANETs
Sam Jabbehdari, Anahita Sanandaji, and Nasser Modiri
AbstractIn mobile ad hoc networks, the IEEE 802.11 CSMA/CA is widely deployed as the primary MAC layer protocol to schedule the access to the wireless medium. This protocol was designed with the assumption that nodes would never deviate from the protocol. However, nodes may purposefully show misbehavior at MAC layer in order to obtain more bandwidth, conserver its resources, degrade the network performance or disrupt the services of the network. In this paper, we introduce several types of MAC layer misbehaviors, and evaluate their impact on performance of other well-behaved nodes using extensive simulations. To mitigate the negative effects of misbehaving nodes we introduce a novel scheme, which is a combination of detection and reaction mechanisms. Our scheme is robust against colluding nodes and provides an effective mechanism to react against misbehaved nodes. Employing a misbehavior scenario in a simulated network, we study the efficiency of our scheme. Particularly, we demonstrate that by implementing our solution, all nodes are able to gain a fair share of throughput in network. Index TermsMANET, DSR, MAC layer misbehavior, Selfish misbehavior, Detection and reaction schemes.

1 INTRODUCTION

N the last decades mobile ad hoc networks (MANETs) have become increasingly popular. MANETs can be easily deployed and are ideally suitable for battlefield, search, rescue and disaster relief operations. A MANET is a group of autonomous nodes that form a dynamic, mutihop radio network in a decentralized way. The characteristics of ad hoc networks (including a changing network topology, resource and bandwidth constraints, open network architecture and shared medium) have made it difficult to establish a secure and reliable communication. Nodes must cooperate in a way to guarantee correct route establishment and obtaining a fair share of available bandwidth. Nevertheless, due to their properties, MANETs are vulnerable to different security attacks at different layers (mainly at the transport, network, and data-link layers) of the protocol stack [1]. As a result, many research activities focus on the network layer and securing ad hoc routing protocols and mechanisms. In the most of the proposed solutions, each MANET node contains all the modules required to perform the detection tasks of security attacks. Some proposals [2], [3] are based on the notion of credit, while the credit value is often evaluated based on the transmission behavior of the nodes. The works in [4], [5], [6] are focused on events generated at the network layer, and they are examples of reputation systems. In such systems, a reputation value (that is assigned to each node) increases when the node successfully assists with intrusion

Sam Jabbehdari is with the Computer Engineering Department, North Tehran Branch, Islamic Azad University, Tehran, Iran. Anahita Sanandaji is with the Computer Engineering Department, North Tehran Branch, Islamic Azad University, Tehran, Iran. Nasser Modiri is with the Computer Engineering Department, Zanjan Branch, Islamic Azad University, Zanjan, Iran.

detection tasks, and decreases if the nodes performance during intrusion detection is unsatisfactory. Because of security issues in the IEEE 802.11 MAC [7] protocol, attacks in the MAC layer are easy to target. The IEEE 802.11 distributed coordination function (DCF) mode combines carrier sensing with collision avoidance and is introduced as one of the most popular MAC layer access protocols for wireless networks. The IEEE 802.11 standard is designed with the assumption that all nodes are fully cooperative. However, some nodes may purposefully choose to deviate and show misbehavior at the MAC layer. The distributed behavior of 802.11 DCF and the lack of a trusted centralized authority have made MANETs vulnerable to MAC layer attacks. Any misbehavior at this level has a negative impact on the network performance. The strategies of creating MAC layer misbehavior for wireless networks have attracted much attention recently and thus there are some publications that propose new detection and prevention solutions. On the other hand, little work has been done in the area of MANET security that focuses on the MAC layer. In this paper, we introduce different misbehavior scenarios that modify the proper function of MAC protocol. We classify six types of such misbehavior and study their impact on network performance. In addition, we propose a novel scheme to detect misbehavior in MANETs and response by well-behaved nodes as a strategy to react towards misbehavior. Using simulations, we demonstrate that such an approach guarantees a fair share of throughput for all nodes in the network. We use DSR [8] as a basic routing protocol in our simulation environment. The rest of the paper is organized as follows: In section 2 we provide an overview of related research in this area. In section 3 an overview on IEEE 802.11 MAC protocol and its vulnerabilities is given. We also introduce six misbehavior scenarios that are used for simulation analysis in

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

40

next sections. In section 4 our mitigation scheme is introduced which is a combination of detection and reaction schemes. The detection scheme is implemented under three different situations and the reaction scheme works based on using one of the detection methods. In section 5, we evaluate the impact of MAC layer misbehavior and the performance of our proposed scheme. We introduce future work and conclude the paper in Section 6.

2 RELATED WORK
In the last few years, several detection and prevention schemes have been proposed to protect wireless networks against MAC layer misbehavior. Most of these researches tend to concentrate on wireless networks in general but the problem is more challenging in MANETs. Some of the proposed solutions for wireless networks have centralized schemes that are implemented in Access Points (AP) accordingly. DOMINO [9] which does not require any modification to the standard MAC protocol is implemented at the AP which is assumed to be trustworthy. Authors in [10] introduce the concept of receiver assigned backoff, and authors in [11] propose modifications to the MAC protocol in order to facilitate easy detection and penalization of misbehaving sender. Some other approaches try to apply game theory in order to mitigate the selfish behavior of the cheaters [12], [13]. In [14] a new backoff scheme is introduced that uses one-way function to generate the backoff values and modifies the RTS frame format by piggybacking the DATA packets CRC value and the transmission attempt. But computing CRC and the hash function has an overhead that may lead to a decrease in the performance of the network. Solutions that mainly use the concept of receiver assigned backoff assume a trusted receiver. But the fact is that the receiver might choose to send smaller Backoff values if it wants to benefit by receiving data more frequently. Besides most reaction schemes employed by genuine nodes attempt to penalize [10], [11] or isolate [15] the selfish node. The overall objective of reaction schemes is to make it disadvantageous for any node to deviate from standard protocol behavior. The isolation of misbehaving nodes is not the best strategy to react. To reach a practical method we use ideas of [10], [16] [17] and introduces a mitigating scheme to detect misbehaving nodes and react in an effective way even in the case of colluding nodes.

control (MAC) layer is specified which provides a variety of functions that support the operation of wireless networks. The IEEE 802.11 MAC protocol supports two types of access methods: The basic access method is the distributed coordination function (DCF), which is a carrier sense multiple access with collision avoidance (CSMA/CA) mechanism. DCF is designed to support best-effort traffic that does not require any service guarantees. The optional access method is the point coordination function (PCF) in which access point performs the polling to determine which node has the right to transmit. This results to a contention free communication. PCF method is generally used in scenarios where service guarantees are required. The DCF is the primary access method in MANETs because PCF is an optional access mechanism that can be used only in the presence of an access point. In the DCF mode, before any transmission a node must ensure that the medium is idle. A random backoff interval less than or equal to the current contention window (CW) size is selected. When the medium is sensed to be idle, the backoff timer is decreased by one at each time slot. A node may wait for DIFS (DCF Inter Frame Space) time slot, when a successful transmission is occurred. In the case of a collision, the node waits for an EIFS (Extended Inter frame Space) period. If the medium is sensed to be busy, the node freezes its backoff timer and sets its NAV (Network Allocation Value) to the transmission delay indicated in the received frame. When the backoff timer reaches zero, the transmission starts again. The node chooses a backoff value form [0, CW]. After each successful transmission, the size of CW is set to CWmin. But in the case of each unsuccessful attempt, the CW is doubled until it reaches CWmax. CW is reset under two conditions: (i) when the packet is received successfully or (ii) when maximum retry limit is reached, which leads to the discard of the packet.

3.2 MAC Layer Misbehavior Overview

We can classify misbehaviors generating at the MAC layer from two points of view: First, classification of MAC layer misbehaviors based on the purpose of the host misbehavior. Second, categorization of attacks based on the misbehaving nodes knowledge of the existing intrusion detection (IDS), prevention (IPS) and reaction (IRS) systems. Host misbehaviors in MANETs can be classified into two categories of selfish [10] and malicious [18] behavior. Deviating from the MAC protocol may occur in order to make it possible for a misbehaving node to gain more bandwidth over regularly behaving normal nodes or to conserve energy. To achieve this purpose, the misbehave node should change the MAC layer parameters. These kinds of misbehaviors that aim at improving the nodes own performance are called greedy or selfish misbehaviors. On the other hand, those misbehaviors with the purpose of disrupting normal operation of the network are called malicious misbehavior.

3 OVERVIEW ON IEEE 802.11 MAC PROTOCOL AND ITS VULNERBILITIES

In this part, at first we review the operation of IEEE 80211 MAC protocol. Then MAC layer misbehavior is overviewed. At the end, we demonstrate six misbehavior scenarios that are used in next sections for simulation.

3.1 IEEE 802.11 MAC Protocol Operation

In the IEEE 802.11 standard, a common medium access

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

41

From the second viewpoint, MAC layer attacks can be classified into Native and Smart attacks. In a native attack, a misbehaving node has no knowledge of detection and prevention systems. A node uses simple attacks to gain more bandwidth or conserve its energy. These attacks can severely degrade the performance of a network. However, they can be detected more easily in comparison to the second type of attacks called smart attack. In a smart attack, a misbehaving node implements intelligent techniques that help the node to act selfishly or maliciously without being detected easily. Some of the misbehavior strategies that can be implemented are introduced as follow: Backoff Manipulation: In this strategy, the selfish node sets its backoff value to a small fixed value or selects it from a short interval such as [0, CW/2] rather than [0, CW] where k is assumed to be positive. CW Cheating: The misbehaving node does not double its CW after an unsuccessful transmission and, thus it gains more chance to reach the channel. CTS Scrambling: The selfish node scrambles CTS or ACK frames of well-behaved nodes to increase their CW. DIFS Value Reduction: In this strategy, the misbehaving node transmits before the required DIFS time slot elapse (e.g. it waits for a shorter DIFS called S-DIFS). NAV Duration Increase: The selfish node increases the value of the duration field in RTS or data packets in a way to force the receiver to update its NAV according to the received duration. In this case, the misbehaving node gets more chance to access the channel, if it has more packets to send, since it starts decreasing its backoff value before its neighbours. Single Adversary and Colluding Adversary: A single adversary attack (SAA) uses unauthorized data transmission to inject enormous data packets into normal nodes to deplete the limited channel capacity and decrease the node energy. In addition, a colluding adversary attack can deplete bandwidth within its vicinity in order to prevent well-behaved nodes from normal communication. Timeout Attack: This type of attack can purposefully delay the transmission of MAC frames and forces a well-behaved node to drop the packets, while the malicious node itself completely adheres the protocol, and therefore hides from the detection system. Adaptive Cheating: A clever cheater (which has some knowledge about the deployed detection system) may choose to switch frequently between several misbehaviour strategies to avoid being detected. A logical switch between different misbehaviour strategies without large deviation from protocol allows the misbehaving node to gain more network resources without being detected. Inter-layer Attack: A misbehaving node increases its chance to access the medium and therefore gaining more bandwidth by launching a cross-layer attack targeting at the routing protocols to decrease the number of contending nodes around it, without modifying the other parameters.

3.3 MAC Layer Misbehviour Scenarios

In this part, to evaluate the effect of MAC layer misbehavior, we consider the following six types of misbehavior scenarios associated with modifying the 802.11 MAC protocol in MANET. These scenarios are demonstrated in a way to evaluate the greedy behavior of a node when it tries to obtain an unfair share of bandwidth or refuse to participate in network activity to conserve its resourses. CW manipulation using a variable: Instead of choosing the random backoff value from the interval [0 . . .CW], the selfish node chooses it at random from the interval [0 . . .(CW)], where 0 < < 1 is for obtaining unfair share of bandwidth and 1 < 2 is for refusing to participate actively in network. CW manipulation using fixed value: The misbehaving node sets its contention window to a fixed size called CWfix, and always chooses its backoff value at random from the interval [0 . . .CWfix]. To increase its chances in accessing the channel, the misbehaved node chooses a small CWfix. Contradictory, in order to save its resources, the misbehaved node set CWfix to a larger value. CW Cheating upon unsuccessful transmission: Upon an unsuccessful transmission, the misbehaving node instead of setting its CW to be min{2 CW, CWmax}, sets its contention window as CW = max{CWmin, min{ CW, CWmax}}, where 0 < < 2. This type of misbehavior covers purpose of obtaining more share of bandwidth. Backoff cheating using fixed value: The node chooses a deterministic, constant backoff value irrespective of the current contention window size. For example, the node could always choose a very small backoff (say 2), in any situation and gain preference over other well-behaved nodes to gain the bandwidth. NAV duration manipulation: In this situation, the misbehaved node changes its duration time in RTS or data packets. As a result, well-behaved nodes are forced to change their NAV to a larger value and the misbehaved node increases its chance to access the channel. CW manipulation upon receiving a routing packet using DSR protocol: As we are using DSR as routing protocol for our MANET, this kind of misbehavior is occurred when a node receives route request broadcasts. A selfish node can start misbehaving only when it receives RREQ. In order to access the channel faster than its neighbors to reply to RREQ, the misbehaved node intentionally picks up a smaller cw upon reception of a routing packet. This leads to a kind of a rushing attack [19]. Besides, in order to conserve energy or force the source node to choose a longer route to destination, a misbehaved node may choose a larger CW to prevent to be selected as a forwarder. The CW can be manipulated by using a variable or a fixed value scenario.

4 PROPOSED MITIGATION METHOD

Despite the numerous works which have done in the lit-

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

42

erature, selfish or greedy misbehavior of nodes at MAC layer remains a challenging problem to solve in MANETS. With implementing any of the misbehavior scenarios mentioned in pervious section, the performance of well-behaved nodes degrades significantly. This fact will be proved in our simulation implementation which is demonstrated in next section. To cope with this problem, we have introduced a set of schemes that try to nullify the selfish attempt of those misbehaved nodes that deliberately disobey the IEEE 802.11 MAC protocol. By proposing this scheme, we aim to achieve the objective of mitigating the negative effects of MAC layer misbehavior in MANET. In our assumption, a misbehavior node may use two approaches to reach two different aims. It may take up the bandwidth unfairly or it may refuse to participate in the networks actively for saving its resource, e.g., battery power. To implement our detection and prevention schemes we define three different situations: Sender Misbehaviour Receiver Misbehaviour Sender and Receiver both Misbehaviour Then we define a reaction method which can be implemented as a penalty based on any of the detection schemes mentioned before. The scheme we proposed in this paper is the extensions to those algorithms demonstrated in [10], [16], [17]. We also assume that DSR is used as the basic routing protocol.

Each time the condiftion in (2) holds true a counter is incremented by one. After each increment the counter is compared with an upperbound threshold. If the counter value exceeds the upperbound threshold then S is identified as a selfish node which is trying to take up the bandwidth unfairly. If Bact > Bexp (3) Each time the condition in (3) holds true the counter is decremented by one. After each decrement the counter is compared with a lowerbound threshold. If the counter value becomes less than lowerbound threshold then S is identified as a misbehaved node that is refuseing to participate in the networks actively. Whenever a node is identified as misbehaving, the information about it, including actual backoff value Bact, is broadcasted to all the nearby nodes and the reaction scheme is lunched.

4.2 Situation 2: Detection Scheme Based on Receiver Misbehavior

In this situation, we assume the receiver node (R) is misbehaving but still assigns backoff value to well-behaved nodes. So the sender (S) is considered as a well-behaved node. This misbehavior may occur as R need S to send more data to it or it may purposfuly wants to discoarge node S from participating in network activites. In order to cover its misbehavior, R assigns a backoff value for S that is smaller or larger than what S expects. To evaluate the expected backoff, node S computes the average of backoff values it has recently assigned to other nodes and the average of the backoff values other nodes have assigned to it as P1 and P2. Br is a backoff value node S has assigned to node i, and Bs is the value node i has assigned to S. n demonstrate number of participating nodes.

4.1 Situation 1: Detection Scheme Based on Sender Misbehavior

In situation 1 we assume that the sender node (S) is misbehaving while the destination node (R) is behaving normally. After the initiation of the RTS by S, the receiver replies with CTS and a safe random backoff value (it is due to the assumption that R is well-behaved). R saves this value for future uses. S, despite of knowing the legitimate Backoff value, tries to send the data before or after the time slots are over. The n neighboring nodes of S observe the arrival of the CTS and the first attempt to send data. They separately calculate the time slots that elapsed as the turnaround time (TR). R has the responsibility of determining whether S is misbehaving or not. To achieve this purpose the n TRi that are calculated by n neighbors are sent to R. R itself also calculates the time elapsed when it receives the data from S. We call this turnaround time as TRd. Then R calculates the average of the n values received. The actual Backoff value is calculated according to (1).

P1 =

Bri
i=1

and P2 =

B
i=1

si

(4)

The expected backoff value (Bexp) is the average of P1 and P2. This expected backoff is then compared with the actual Backoff value (Bact) that R has assigned to S. To eliminate any mistake, a counter is dedicated and the conditions in (2) and (3) are checked the same as condition 1. If R is detected to be misbehaving, then the reaction method is lunched.

Bact =(

TR
i=1

n-1

)+(TR d )

4.3 Situation 3: Detection Scheme Based on Sender and Receiver Both Misbehavior
(1) Instead of the receiver assigning the backoff values to sender node, in this situation, the backoff assignment is done by a neighbor of the sender which is considered to be the most trustful node. This scheme is inspired from [16] and is implemented in any situation in which colluding nodes exists. As a result, this scheme is more powerful in comparison to the two previous ones. To demonstrate which neighbor could be the trustful node, a trust value is assigned to each neighbor node. In

and are two weighting parameters. As the turnaround time (TRd) that is computed by R is more trusted, and are defined in a way that > , and + = 1. After computing Bact, R checks whether one of the conditions in (2) or (3) holdes true or not. If Bact < Bexp (2)

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

43

[16] the trust value (T = f (C, S)) is a function of credit and stability values of the nodes. Unlike [16], to reduce computation overhead, in our scheme the trust value is computed based on the transmission behavior of nodes. Consequently, the node that performs malicious behavior (i.e., dropping packets) has the smaller trust value. One assumption is that the trustful node is in neighborhood of the Sender (S). In Fig. 1 nodes n1, n2 and n3 are neighboring nodes. While node n1 can directly monitor n3, n2 as an intermediate node between n1 and n3 can also provide n1 with information about n3.

lated by node k and is indirectly recommended to node i Consequently, the total trust value, Ttotal (j), is computed according (8).

Ttotal (j)= Tmain (j) + Tsup (j)

k=1

(8)

Fig. 1. Neighboring concept in an example MANET.

To compute the trust value of each neighbor node the below conceptions are explained: Pexp (j): Number of packets that are expected to be forwarded by node j. This is calculated according to (5), by subtracting the number of packets with node j as their destination (Pdes (j)) from all incoming packets to node j (Pin (j)). Node j can be a destination of a packet or as an intermediate node it may forward the packets to the destination. As the transmission of the node is the baseline for computing the trust value, only those packets are taken into consideration, that are forwarded by node j. Pexp (j) = Pin (j) Pdes (j) (5) Pact (j): Number of packets that are actually forwarded by node j. This is calculated according to (6), by subtracting the number of packets with node j as their source (Psrc (j)) from all outging packets of node j (Pout (j)). Node j can be a generator of a packet as a source node or as an intermediate node it can forward the packets to the destination. Only those packets are taken into consideration, that are forwarded by node j. Pact(j) = Pout (j) Psrc (j) (6) The trust value computed by a node is defined as T(j).

and are two weighting parameters. As the role of Tmain (j) in formula is bolder than Tsup (j), and are defined in a way that > and + = 1. In this scheme, each node maintains a trust table containing its neighbor nodes trust values. The table is refreshed based on neighbors behaviors. It is required that the sender node (S) searches through its trust table and chooses the neighbor that has the largest trust value (Ttotal) in the trust table as its trusted neighbor. Then S broadcasts the RTS to request the channel, and specifies the ID of the trusted neighbor. After receiving RTS from S, the trusted neighbor replies the CTS with the random backoff value. It is the responsibility of the trusted node to detect any misbehavior. By using a scheme similar to what described in section 4.1 and by comparing the expected backoff value assigned by trusted node and the actual backoff value used by S, the trusted neighbor will judge whether S is a misbehaved node or not. If S is detected to be misbehaving then the reaction scheme is triggered.

4.4 Reaction Scheme

After detecting a node as a misbehaving one, the reaction scheme is triggered. The primary goal of our reaction strategy is to mitigate the negative effects of selfish node in network (e.g. having an unfair share of bandwidth). In our reaction method a response is triggered by all wellbehaved nodes. One approach to achieve this goal would be for the well-behaved nodes to accurately estimate the level of misbehavior of the selfish node, and try to replicate that misbehavior as a reaction response. The proposed reaction method is inspired from the meaningful Nash equilibrium outlined in [13] and the aggressive reaction approach in [17]. In the case of any detected misbehavior in network, well-behaved nodes choose the same backoff value as the one the misbehaved node has chosen to cover its greedy goal. To hinder network collapse two factors are taken into consideration: Maximum Level of Misbehavior (MaxM): The maximum tolerable misbehavior in network. After reaching MaxM, the reaction strategy changes and the misbehaving node is completely ignored by other nodes in any routing process. This factor is computed based on the actual backoff value. Minimum Level of Misbehavior (MinM): The minimum tolerable misbehavior in network. After reaching MinM, the reaction strategy changes and the misbehaving node is completely ignored by other nodes in any routing process. This factor is also computed based on the actual backoff value. Assuming that the well-behaved nodes are able to detect the level of misbehavior in the network, we analyze the impact of the proposed reaction method on throughput of

T(j)=

Pact (j) Pexp (j)

(7)

If node i wants to calculate the trust value of node j and has n common neighbors with it then in order to calculate the total trust value two parameters are defined: Tmain (j): The main trust value that is directly calculated by node i for node j. Tsup (j): The supplementary trust value that is calcu-

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

44

all nodes and show the results in our simulations in next section.

5 SIMULATION RESULTS
In this section, we report our simulation results by using the OPNET 14.5 network simulator [20]. We consider a network consisting of 10 MANET nodes in a 100m x 100m area. Nodes are within transmission range of each other. 9 out of 10 (named Node_1 to Node_8) nodes are generating traffic to a destination node. There is one selfish node (named Node_Mis) in the network. The nodes (including the selfish one) are source of CBR traffic of packet size of 512 bytes. Using DSR as the basic routing protocol in this network, we use random waypoint as mobility model. We also implement heavy load traffic that is corresponding to an exponential packet arrival rate of 100 packets per second. The results are averaged over 20 simulations, 180 seconds each. In our simulation, at first we evaluate the impact of MAC layer misbehavior scenarios, discussed in section 3.3. Then we show the performance of our proposed mitigating scheme.

Fig. 2. CW manipulation using a variable misbehavior.

5.1 Evaluating MAC Layer Misbehavior Scenarios

To evaluate the impact of each type of misbehavior scenarios mentioned previously on our network, we compute the fluctuation in the throughput of the selfish node in comaprsion to the scenario when all the nodes are wellbehaved as described in [17]. Efficiency rate is computed as (9) where Twell demonstrates the throughput of a node in a network without any misbehavior, while Tmis shows the throughput of that node when it is misbehavior.

Fig. 3. CW manipulation using fixed value misbehavior.

Tmis - Twell Twell

100

(9)

Fig. 2 depicts the efficiency rate achieved using CW manipulation using a variable misbehavior type at various values of . We observe that there is a non-linear increase in efficiency rate with a decrease in the value of below 1. After a while, this gain saturates, as the node is not able to get all its data across successfully. This shows that further decreasing of the variable does not lead to any more throughput gains for the selfish node. From Fig. 2, we can also conclude that for > 1, the throughput gain of the selfish node is decreased as becomes negative. All these observation are also hold true for other misbehavior types. Fig. 3 shows the efficiency rate of misbehavior type of CW manipulation using a fixed value. Under saturated traffic conditions with no misbehavior, the average value of contention window used by a well-behaved node is 50. As a result when CWfix > 50 there is no throughput gain for misbehaved node. Fig.4 depicts the CW Cheating upon unsuccessful transmission misbehavior. The efficiency rate for this scenario is increased with a decrease in for 1 < <2. As is decreased below 1, the efficiency rate increases rapidly till saturation.

Fig. 4. CW Cheating upon unsuccessful transmission misbehavior.

Fig. 5 demonstrates the achieved in Backoff cheating using fixed value misbehavior. A decrease in throughput for the misbehaving node can be observed for values of backoff greater than 20. In Fig. 6, we directly show the throughput decrease of a well-behaved node in NAV duration manipulation misbehavior. By increasing the NAV duration of a wellbehaved node, the throughput share of it decreases significantly. In Fig. 7, we show the effect of implementing CW manipulation upon receiving a routing packet using DSR protocol. The impact of this misbehavior is like other type of misbehavior scenarios.

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

45

Fig. 8 depicts the throughput of each node for scenario I. It can be observed that all nodes have almost the equal share of throughput. The result of implementing CW manipulation using a variable misbehavior type is demonstrated in Fig. 9. As it can be observed, the misbehaving node has gained an obvious unfair share of throughput. In Fig. 10, the mitigating method is implemented, which is a combination of any detecting approaches and the reaction scheme, we described previously.

Fig. 5. Backoff cheating using fixed value misbehavior.

Fig. 8. Scenario I: All nodes are behaving normally.

Fig. 6. NAV duration manipulation misbehavior.

Fig. 9. Scenario II: One node is misbehaving.

Fig. 7. CW manipulation upon receiving a routing packet using DSR protocol.

5.2 Evaluating the Performance of Mitigation Method

Assuming that the well-behaved nodes are able to detect the level of misbehavior in the network, we analyze the impact of the proposed mitigating scheme on throughput in the network. We introduce three scenarios: Scenario I: All nodes are behaving normally Scenario II: One node is misbehaving when implementing CW manipulation using a variable misbehavior type. Scenario III: The mitigating scheme is implemented

Fig. 10. Scenario III: The mitigating scheme is implemented.

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

46

The reaction response could degrade the overall throughput, however, the misbehaving nodes throughput also reduces to the levels available to other wellbehaved nodes and all the nodes in the network are able to achieve a fair share of the throughput. The simulation results of this part showed the efficiency of our proposed scheme in mitigating MAC layer misbehavior.

[7]

[8]

December 2001. ISO/IEC 802.11, IEEE Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification,1999. D.B. Johnson, D.A. Maltz and J. Broch, DSR, The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad hoc Networks, Ad Hoc Net. C. E. Perkins, ed., Addison-Wesley, pp. 139172, 2001.

[9]

M. Raya, J.P. Hubaux, and I. Aad, DOMINO: Detecting MAC layer greedy behavior in IEEE 802.11 hotspots, IEEE Transactions on Mobile Computing, 5(12), 16911705, 2006.

6 CONCLUSTION AND FUTURE WORKS

We introduced various types of MAC layer misbehaviors and studied their negative impacts on throughput of other nodes in MANET. To nullify misbehaviors resulting from deviation of the backoff computation rules in IEEE 802.11 MAC protocol, we presented a mitigating solution. As a combination of detection and reaction schemes, the objective of the proposed method is to ensure obtaining a fair share of throughput by all the nodes in MANET. Our method is resistant to the existence of colluding nodes. Besides, its efficient reaction technique has made it disadvantageous for selfish nodes to deviate from MAC protocol without completely isolateing the node. The simulation results show that by implementing our method, the negative effects of a misbehaved node is alleviated effectively and all nodes gain a fair share of network resources. For future work, towards minimizing the incorrect detection of misbehaving nodes, we will enhance our method to use throughput observes for the estimation of misbehavior type. We also aim to optimize our solution in a way that it could tackle the problem of not only selfish misbehavior, but also malicious one in both MAC and network layer. The computation overhead is also a challenging problem that is worthwhile for further researches.

[10] P. Kyasanur and N.H. Vaidya, Selfish mac layer misbehavior in wireless networks, IEEE Transactions on Mobile Computing, vol. 4, no. 5, pp. 502516, Sep. 2005. [11] L. Guang, C. Assi, and A. Benslimane, Modeling and analysis of predictable random backoff in selfish environments, in Proc. 9th ACM international symposium on Modeling analysis and simulation of wireless and mobile systems, Terromolinos, Spain, pp. 86 90. 2006. [12] L.Chen and J. Leneutre, Selfishness, not always a nightmare: Modeling selfish MAC behaviours on wireless mobile ad hoc networks, In 27th International Conference on Distributed Computing Systems (ICDSC 07), pp.16, July 2007. [13] M. Cagalj, S. Ganeriwal, I. Aad and J.P. Hubaux, On selfish behaviours in CSMA/CA networks, Proc. IEEE INFOCOM, vol. 4. (pp.2513 2524), March 2005. [14] S. Djahel, and F. Nait-Abdesselam, Thwarting back-off rules violation in tactical wireless ad hoc networks, Proceeding of IEEE Symposium on Computers and Communications (ISCC), pp. 417-422, June 2010. [15] L. Guang, C. Assi, and Y. Ye, Dream: A system for detection and reaction against mac layer misbehavior in ad hoc networks, Elsevier Computer Communications, vol. 30, no. 8, pp. 18411853, Jun. 2007. [16] F. Shi, J. Baek, J. Song, and W. Liu, A novel scheme to prevent MAC layer misbehavior in IEEE 802.11 ad hoc networks, Telecommunication Systems, Springer,2011, doi: 10.1007/s11235-0119552-y. [17] V. R. Giri and N. Jaggi, MAC layer misbehavior effectiveness and collective aggressive reaction approach, IEEE Sarnoff Symposium, 2010. [18] V. Gupta, S. Krishnamurthy, and M. Faloutsous, Denial of service attacks at the MAC layer in wireless ad hoc networks, Proc. MILCOM, vol.2. pp. 1118 1123, 2002. [19] Y.C. Hu, A. Perrig and D.B. Johnson, Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols, Technical Report TR01-384, Department of Computer Science, Rice University, 2002. [20] Opnet Technologies., OPNET Modeler, http:// www.opent.com.

REFERENCES
[1] D. Djenouri, L. Khelladi, N. Badache, A survey of security issues in mobile ad hoc networks, IEEE Communications Surveys 7(4). Fourth Quarter, 2005. L. Buttyan and J. Hubaux, Nuglets: a virtual currency to stimulate cooperation in self-organized ad hoc networks, Swiss Federal Institute of Technology, Lausanne, Department of Communication Systems, Tech. Rep. DSC/2001, 2001. S. Zhong, Y. Yang and J. Chen, Sprite: A simple, cheat proof, credit-based system for mobile ad hoc networks, Proceedings of IEEE INFOCOM03, vol. 3, San Francisco, CA, pp. 19871997, 30 March3 April 2003. S. Buchegger and J.L. Boudec, Performance analysis of the CONFIDANT protocol: Cooperation of nodes fairness in dynamic ad-hoc networks, Proceedings of IEEE/ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC), Lausanne, CH: IEEE, pp.226-236, June 2002. Q. He, D. Wu and P. Khosla, SORI: A secure and objective reputation-based incentive scheme for ad-hoc networks, Proceedings of IEEE Wireless Communications and Networking Conference (WCNC2004), vol. 2, pp. 825830, IEEE, March 2004. P. Michiardi and R.Molva,CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks, Institut Eurecom, France, Tech. Rep. EURECOM+816,

[2]

[3]

[4]

[5]

[6]

Dr. Sam Jabbehdari currently working as an assistant professor at the department of Computer Engineering in IAU (Islamic Azad University), North Tehran Branch, in Tehran, since 1993. He received his both B.Sc. and M.Sc. degrees in Electrical Engineering Telecommunication from K.N.T (Khajeh Nasi Toosi) University of Technology, and IAU, South Tehran branch in Tehran, Iran, in 1988 through 1991 respectively. He was honored Ph.D. Degree in Computer Engineering from IAU, Science and Research Branch, Tehran, Iran in 2005. He was Head of Postgraduate Computer Engineering

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

47

Department IAU North Tehran Branch during 2008-2012. Dr. Jabbehdari has been a supervisor of 32 theses and has published extensively in many national and international conferences and journals, with over 35 papers published. He also has written Advanced Topics in Computer Networks book in Persian Language (Tehran, Classic, 2009). His current research interests are Scheduling, QoS, MANETs, Wireless Sensor Networks and Grid Computing Systems. Anahita Sanandaji received her BSc degree in Computer Software Engineering as a distinguished student from Islamic Azad University North Tehran Branch (IAU-TNB), in 2008. She is now an MSc student at Computer Engineering Department of IAU-TNB. Her research interests include but are not limited to wireless and mobile ad hoc networks and security. Most of her current work is about developing efficient mechanisms for detecting and preventing misbehaviors in mobile ad hoc networks at network and MAC layer. Dr. Nasser Modiri received his M.S. Degree from the University of Southampton, U.K, and Ph.D. degree from the University of Sussex, U.K in 1986 and 1989, respectively. In 1988 he joined The Networking Center of Hemel Hempstead, and in 1989 he worked as a Principle Engineer at System Telephone Company (STC) Telecommunication Systems, U.K. Currently, Dr. Modiri is teaching actively MSc courses in network designing, software engineering and undertaking many MSc projects. He also participates in developing applications for virtual Universities, Virtual Parliaments, Virtual Organization, ERP, GPS+GSM, GPRS, RFID, ISO/IEC 27000, ISO/IEC 15408 technologies.