SPECIAL SECTION ON INTERNET-OF-THINGS (IOT) BIG DATA TRUST MANAGEMENT

Received August 21, 2018, accepted September 15, 2018, date of publication November 9, 2018, date of current version October 24, 2019.
Digital Object Identifier 10.1109/ACCESS.2018.2876153

TMEC: A Trust Management Based on Evidence

Combination on Attack-Resistant and
Collaborative Internet of Vehicles
JI-MING CHEN1 , TING-TING LI1 , AND JOHN PANNEERSELVAM 2, (Member, IEEE)
1 School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
2 School of Electronic, Computing and Mathematics, University of Derby, Derby DE22 1GB, U.K.

Corresponding author: Ji-Ming Chen (jmchen@ujs.edu.cn)

This work was supported in part by the Major Projects of Natural Science Research in universities in Jiangsu Province under Grant
17KJA413001.

ABSTRACT Message transmission in vehicular networks is increasing in popularity which exploits the net-
work nodes to transmit messages using cooperative communication in a multi-hop fashion. But the increasing
number of malicious nodes in the high-speed Internet of Vehicles demands additional methodologies to
quickly detect the presence of such nodes to avoid serious security consequences. Early detection of mali-
cious nodes, and accurate assessment of complex data to assess the node reliability are of absolute importance
in vehicular networks. To this end, this paper proposes a security scheme that uses evidence combination
method to combine local data with external evidence to evaluate the reliability of multi-dimensional data
received from other peer nodes. In addition, this paper uses European Telecommunications Standards
Institute standard and Decentralized Environmental Notification Message, and proposes a trust calculation
method based on collaborative filtering by introducing a small-time interval to detect the changes in the node
behaviors. While the former solution helps more accurate computation of the direct trust value, the latter
scheme can calculate the indirect trust based on recommendations received from neighbors, ultimately to
obtain the global trust value. Finally, more effective traffic data can be obtained to help traffic prediction.
Experiments conducted under various network scenarios demonstrate that our proposed scheme outperforms
the existing trust models, such as precision or recall and can resist bad-mouth attacks, selective-misbehavior
attacks, and time-dependent attacks, especially under larger proportions of malicious nodes.

INDEX TERMS Cooperative communication, data processing, Internet of Vehicles, intrusion detection,
security management.

I. INTRODUCTION messages to vehicles for providing traffic-related status infor-

The emergence of Internet of Vehicles, as an integration of
Internet of Things (IoT) and wireless vehicular communica-
tion networks, provides more effective value-added services
for vehicular users [1], [2], as is shown in Fig.1. Enhanced
safety and intelligent traffic system is always a growing need
for any road transportation system. IoV can potentially facil-
itate a safety-aware evaluation of road traffic conditions and
with the aid of other modern information technology, accurate
evaluation and prediction of traffic conditions are also possi-
ble. For example Decentralized Environmental Notification
Message (DENM), as proposed by the European Telecommu-
nications Standards Institute (ETSI), periodically broadcasts
The associate editor coordinating the review of this manuscript and
approving it for publication was Yulei Wu.
mation and event-related asynchronous warning notifications
and danger alerts. Such process usually involves message
transmission targeted at multiple people or cars, using
high-speed wireless networks. In this context, IoV exhibits
excellent potential for developing effective and reasonable
routes and behavior plans for individuals involved in trans-
portation. However, in a realistic scenario, any two vehicle
nodes may not communicate directly during most of the
instances. Often, vehicles need to cooperate with other peer
nodes for relaying information through a multi-hop broadcast
vehicles-to-vehicles communication. Thus, the reliability of
the relay nodes has an important role to play in such a
transmission. IoV, due to its open wireless channel charac-
teristics and increasing reliance on communication technol-
ogy, is also more vulnerable to malicious attacks such as

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/
VOLUME 7, 2019 148913

FIGURE 1. IoV architecture.
bad-mouth attacks, selective-misbehavior attacks and time-
dependent attacks etc. It is common for vehicle nodes to reject
the relay request from other peer vehicles in order to save
their own resources from being compromised by adversaries.
So it is important to evaluate not only the trustworthiness
of the interacting nodes, but also the legality of the received
messages. Existing trust models mainly interrogate the user’s
information which helps decision-making during the trust
evaluation process. Trust value calculation in existing models
usually depends on the integration of multiple types of data,
but this may not hold well due to the complex relation-
ship among the data [3]. Nodes sometimes may encounter
conflicting traffic information reported by multiple sources.
Thus trust evaluation models should necessarily include data
integration, and accurate calculation of the trust value.
A good range of works have been previously proposed for
the trust models. The work presented in [4] evaluated the node
trustworthiness by referring to the trust value of nodes, believ-
ing that nodes with highly recommended trust value is trust-
worthy. However, it is possible that nodes performing well
during data forwarding (data is correctly forwarded), may
behave maliciously later during recommendation (provides
incorrect recommendation information). Therefore, filtering
out the dishonest nodes becomes a serious challenge. The
paper [5] proposed to use data fusion technology to merge
multiple data reported by different nodes so as to extract more
effective messages. Collaborative cooperation usually plays a
significant role in IoV, since the data contributed by a single
user is often incomplete and sparse. Furthermore, the network
often includes dishonest nodes, which restrains two vehicles
being connected.
This paper is aimed at overcoming the drawbacks of
traditional trust models by resolving the aforementioned
problems, based on the D-S theory. This is achieved by
analyzing the local data along with the received traffic data
and by using the evidence combination method to help traffic
prediction and management. According to the ETSI standard
and DENM, vehicles calculate direct trust based on direct
interactions. In order to reduce the impacts of collusion (that
is, users only submit positive feedback to their friends in
148914
J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV
order to enhance their respective credit ratings and submit
negative feedback to others), this paper uses the trust rec-
ommendation of collaborative filtering, and uses the Resnick
standard prediction formula [6] to calculate the recommended
trust of the neighbor nodes, finally obtains the global trust.
To evaluate the performance of proposed scheme, large-scale
experiments have been conducted. Experiment results show
that the proposed scheme can accurately evaluate node trust
and data trust, can detect malicious behavior effectively,
and can resist attacks such as bad-mouth attacks, selective-
misbehavior attacks and time-dependent attacks. Even in the
situation where the proportion of malicious nodes is relatively
large, the proposed scheme outperforms the existing tech-
niques. More specifically, this paper presents a trust manage-
ment based on evidence combination called TMEC to cope
with malicious attacks, and evaluates the global node trust
and data trust. The major contributions of this work are listed
as follows.
• Firstly, the evidence combination method is used to eval-
uate multi-dimensional data trust based on D-S theory in
order to obtain more effective traffic data.
• Secondly, we use the ETSI standard and DENM to
perceive the interactions between vehicles and to eval-
uate the direct trust in each time period, which is
beneficial to quickly detect the change of behavior
patterns.
• Thirdly, in order to avoid collusion attacks, the proposed
TMEC scheme adopts the trust recommendation of col-
laborative filtering and selects the trustworthy neighbors
by using Cosine-based similarity, ultimately to get a
more accurate global trust value.
The remainder of this paper is organized as follows.
In section 2, we analyze the current situation of existing trust
management and the detection of dishonest behaviors, and
point out their advantages and disadvantages. Section 3 intro-
duces the model definition of the TMEC scheme. The
proposed scheme is presented in Section 4. In Section 5,
the experimental study has been conducted. Finally, the con-
clusion is drawn in Section 6.
II. RELATED WORKS
Recently, the existence of selfishness and malicious behav-
iors has extremely motivated the research in the area of
trust management. Trust management bypasses traditional
cryptography-based security mechanisms to handle inter-
nal attackers who own certificates, which is widely used
for secure communications over vehicular networks [7].
Moreover, trust model can potentially overcome the secu-
rity drawbacks found in existing cryptography-based solu-
tions. Trust models are used to protect privacy and to
ensure secure and reliable data dissemination in IoV.
Trust management is divided into three categories such
as Entity-oriented Trust Models (ETM), Data-oriented
Trust Models (DTM) and Hybrid-oriented Trust Models
(HTM).
VOLUME 7, 2019
J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV
A. ETM
In order to ensure secure communication and to prevent
malicious nodes from sending fake messages or from for-
warding any messages, ETM evaluates the reputation of the
nodes in a distributed mode without the need for process-
ing the exchanged data. Buchegger et al. [8] presented the
CONFIDANT protocol, which encourages nodes collabo-
ration to penalize misbehaving nodes. CONFIDANT sets
up four components in each node: a Monitor, a Reputation
System, a Trust Manager and a Path Manager. The Monitor
is used to observe and identify abnormal routing behaviors.
The Reputation System calculates the reputation of each
node based on the observed behaviors. The Trust Manager
exchanges alerts with other trust managers about node mis-
behaviors. The Path Manager maintains path rankings and
responds to various routing messages. The possible down-
side of CONFIDANT is that an attacker could deliberately
propagate a false alarm to other nodes, whereby altering a
good node as malicious. In order to detect and eliminate mali-
cious nodes, Haddadou et al. [9] used the trust value based on
the node’s behaviors to estimate its sending cost. Malicious
nodes usually characterize a higher sending cost, which limits
the activities of malicious nodes in the network. Unfortu-
nately, communication overheads increase with a decrease in
the network cooperation ability. Choosing the initial cost and
distinguishing the selfish behaviors and resolving the packet
loss issues during transmission are quite challenging in this
scheme.
B. DTM
In order to avoid the removal of malicious nodes leading to
connection interruption between nodes, we only consider fil-
tering malicious data without revocation of malicious nodes
in DTM. Zhang et al. [10] proposed a semi-distributed trust
management for message dissemination and evaluation. The
cluster head is responsible for broadcasting and collecting
the broadcast opinions, and for discarding the untrustworthy
messages and/or relays those are not legitimate. But the main
problem of this scheme lies in the choice of cluster heads,
particularly when malicious nodes become the cluster heads.
Gurung et al. [11] used three key metrics such as content
similarity, content conflicts, and routing path similarity to
determine whether the received message is legal or not.
However, this scheme have not considered the high time
complexity, high mobility and the case of node sparsity into
account. A data-based trust model has been proposed in [12],
in which the trust of any entity depends on its role (e.g. the
trust value T [police vehicle = 1; common vehicle = 0.5]).
This model used different trust metrics to determine whether
the reported events are real. Finally, Dempster-Shafer theory
and Bayesian inference have been used to assess the evidence
associated with the events. However, this method exhibits
good performance only for the cases of non-redundant and
sufficient data but does not have obvious advantages when
vehicles is sparse in the network.
VOLUME 7, 2019
C. HTM
HTM is designed to ensure reliable communication between
nodes, and to recuperate malicious nodes and messages
that could potentially cause an interruption, mainly based
on node reputation ratings, which is similar to ETM.
Marmol et al. [13] proposed a scheme to support VANETs
trust and reputation management, where the nodes have been
divided into three different trust levels and the protocol has
been associated with the confidence of each messages. Com-
parisons have been made with the three fuzzy sets (untrusted,
+/− trust, trust) by combining the node category, the mes-
sage confidence level and the recommended messages from
RSUs and other nodes. Then decisions have been made upon
whether the received messages can be forwarded or not.
A given message will be dropped if it belongs to the first set,
accepted but not forwarded if it belongs to the second set, and
both accepted and forwarded for the trusted ones. However,
this scheme has pitfalls in the number of recommendations
and the trust value of the recommended nodes. Li et al. [14]
proposed a trust management scheme based on the repu-
tation, which evaluated the credibility of the senders and
the messages sent by senders under three dimensions: direct
trust, indirect trust and node reputation. However, using an
additional infrastructure, called the reputation management
center to achieve the centralized trust computation increases
the communication overhead.
Under the assumption that all application messages are
encrypted, Chen et al. [15] proposed a beacon-based trust
model to enhance the user’s location privacy protection.
The proposed scheme used beacons and event-based mes-
sages to protect the privacy of VANETs. The main idea is
to cross-check the feasibility of these two types of mes-
sages to determine whether other messages are trusted or
not. Although this solution can achieve privacy protection
of multi-hop vehicles (more than one hop), it cannot effec-
tively evaluate various kinds of information and cannot detect
attacks that take place on the upper layer (application, routing
and etc.). T-CLAIDS [16] proposed a trust-aware intrusion
detection solution, where the node density, mobility and the
vehicle movement direction have been taken into account.
This solution maintains probability matrices of all actions,
which is updated in the iteration until a convergence value
is achieved, in order to provide an approximate representa-
tion of the global trust. This scheme performs well when
the malicious behaviors are stable throughout a given time,
but not very efficient in the case of unpredictable events.
Furthermore, the convergence time of the vector becomes
very long when the nodes are sparse. Using standardized
message services of ETSI-ITS [17], [18], T-VNets [19] can
predict traffic and assess the distribution of attackers within
the network. The T-VNets protocol achieves high detection
rates and low overhead, which now is the only Standardized
Trust Architecture.
Table 1 illustrates the performance comparison√of a few
typical schemes of different requirements, where ‘‘ ’’ shows
148915
 J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV

TABLE 1. Performance comparison.

that the scheme satisfies the requirements. ‘‘×’’ represents

the scheme do not satisfy the requirements and ‘‘−’’ rep-
resents that the paper did not consider this requirement.
As shown in Table 1, existing works still characterize sev-
eral deficiencies, such as data trust and the characteristic of
Attack-Resistant. But the TMEC scheme can fully meet the
requirements of anti-attack in IoV.

III. DEFINITION
This section discusses the recent research problem, and intro-
duces the network model and the attack model.

A. NETWORK MODEL
IoV refers to a mobile communication network which com-
bines wireless communication technology with IoV, and pro-
vides value-added services for vehicular users based on the
social relationship between vehicles communicating with
each other through collaboration.
IoV can continuously monitor and share road and traffic
conditions. The upper IoV server is usually a set of pow-
erful server clusters, whose powerful computing and stor-
age capabilities provide roadside communication services
and store information such as vehicle identity and historical
interactions, which is equivalent to car cloud. The middle
layer is designed to create a virtual environment for vehi-
cles’ trust assessment and to undertake communication with
neighboring roadside units in a light-weight environment.
The lower layer is aimed to solve the vehicle cooperation. The
vehicle accesses a local network and transmits data through
multi-hop cooperative communication. All the vehicles share
the resources reserved in the middle layer to support the com-
pletion of trust assessment among vehicles, which improves
the resource utilization rate and service quality of the vehi-
cles, as shown in Fig. 2.
Recently, IEEE802.11p has been widely used for data
transmission between vehicles to vehicles (V2V) and vehi-
cles to roadside units (V2R). In the future, 5G will bring a
new communication area with faster data transmission, lower
delay and higher reliability [20].
B. TRUST MODEL
Trust is a subjective behavior expectation to choose which
nodes to cooperate with, even take action to punish the
FIGURE 2. Improved trust architecture.
malicious nodes if necessary [21]. Each user can only derive
the trust value of a given part of the nodes, and the trusted
nodes will also trust another part of the nodes. As this
phenomenon is propagated, starting from any node, this
trust relationship will continue to spread along the network.
So, vehicles never directly interacted before in IoV can also
agree with a basic understanding and establish an appro-
priate trust relationship. In IoV, message filtering is imple-
mented through the mutual trust evaluation between vehicles,
as shown in Fig. 2. The TMEC can be divided into different
modules responsible for (1) Computing data trust; (2) Esti-
mating the global trust; (3) Detecting the malicious attacks.
The vehicle entity combines the collected traffic evidence to
calculate the data trust to assess the data reliability. Then the
global trust value is obtained by direct trust and indirect trust,
which is used to assess the behavior of the target node. Then
the calculated trust value is updated into its own trust list.
C. ATTACK MODEL
The entities involved in transportation are more susceptible
to various attacks, such that nodes and messages can be
compromised at any time. An adversary can eavesdrop, block,
modify, forge or discard information within the wireless com-
munication range between any devices. Its main objectives

148916 VOLUME 7, 2019

J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV

TABLE 2. Parameter definition.

FIGURE 3. Improved trust architecture.

include interception of normal data transmission, forging or

modification of data, submission of false advice to build
benign nodes etc. [22], [23]. Specifically, this paper takes the
following malicious attacks into account.
Bad-Mouth Attacks: Malicious nodes spread negative
comments about a benign node to compromise its reputation
in the network. This collusion may lead to blocking effective
paths in the network by confusing the trust and reputation
management mechanisms.
Selective Misbehavior Attacks: This attack means that the
malicious node provides some nodes with false messages,
works properly for other nodes in the network. The behavior
traffic data may not be accurate. In DST, the probability is
modes of attackers are inconsistent with different people,
replaced by the uncertainty interval of the belief function (bel)
which leads to inconsistent trust between different nodes and
and the plausibility function (pl), that is, (bel, pl), which
such nodes are difficult to be detected by the trust manage-
denotes the uncertain interval in the suspicious behaviors
ment schemes.
of the nodes. Bel is the lower bound of this interval and
Time-dependent Attacks: The nodes change their behavior
represents the supporting evidence. In other words, (0, bel)
based on time in this attack. Nodes work normally for some
indicates a preference for support and so the node is trusted.
time, but provide unfair ratings at other times.
Pl is the upper bound of this interval and represents non-
denied evidence. Therefore, (pl, 1) indicates a preference to
IV. SCHEME DESIGN reject, since it regards the corresponding node as malicious.
This section details the proposed TMEC scheme. Direct trust The bel with regards to event ei observed by node Ni is
and recommended trust have been considered in our approach calculated as follows.
in order to aid vehicles whilst evaluating the trust value with X
better accuracy. The TMEC scheme is based on the DENM of belNi (ei ) = mNi (eb ) (1)
ETSI standard. Assuming that node j is a direct neighbor of e:eb ∈ei

node i, then node i can verify whether the event j broadcasts eb represents all the basic events that make up event ei .
is true or false. In this scenario, the vehicle first perceives mNi (eb ) represents the view of node Ni to event eb . Partic-
the traffic data, uses the evidence combination method to ularly, if node Ni only has a single report of the node Nk , that
analyze the large amount of collected data, and extracts useful is ei ⊂ ei .
information, sums up the evidence of data analysis for trust belNi (ei ) = mNi (ei ) (2)
management, and assesses the data trust. This process calcu-
lates the global trust value, as shown in Fig. 3. The system From the D-S theory, it can be understood that there is a
parameter definition is given in Table 2. certain relationship between pl and bel, that is
pl(ei ) = 1 − bel(ei ) (3)
A. DATA TRUST
Among them, ei is the event that does not appear in ei . So,
Dempster-Shafer theory (D-S) [24], [25] is used to combine
multiple pieces of evidence together even though some of the belNi (Nk ) = mNi (Nk ) = p (4)

VOLUME 7, 2019 148917

 J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV

plNi (Nk ) = 1 − belNi (Nk ) = 1 − p (5) TABLE 3. Parameter definition.

Given that trust represents the lower bound of the uncer-

tainty interval and indicates supportive evidence, the node
trust value can be defined as follows.
K
bel(Ni ) = m(Ni ) = ⊕ mNk (Ni ) (6)
k=1
mNk (Ni ) donates the view of node Nk on another node Ni .
Reports from different nodes can be combined using the D-S tx tx
theory. Specifically, the D-S theory is used to combine the where, x ≥ 1, L(j,k) and M(j,k) stand for the number of
tx
L(j,k)
local evidence collected by the nodes themselves and the legal and malicious interactions, respectively. tx tx rep-
M(j,k) +L(j,k)
external evidence shared by other nodes, as shown below.
P resents the proportion that legal interactions account for, and
q,r:e ∩e =N m1 (eq )m2 (er ) 1 − tx 1 is a variable parameter. When the legal interaction
m1 (Ni ) ⊕ m2 (Ni ) = P q r i (7) L(j,k) +1
1 − q,r:eq ∩er =φ m1 (eq )m2 (er ) tx
of vehicles increases (their value of H(j,k) will approach closer
to 1), their honesty index will also increase. The noted range
B. RECOMMENDATION TRUST
of honesty values of the nodes under different time periods
Nodes with similar characteristics may also exhibit similar are used to calculate the direct trust, where the recent time
preferences on other nodes. Therefore, based on the collab- period enjoys better weightage. Specifically, the direct trust
orative filtering, this paper uses the Cosine-based similarity is calculated as follows.
metric to measure the similarity between two vectors [26].  Pn−1 tx 
Then, the similarity cos(j,k) between two nodes is measured x=1 H(j,k) tn
α∗ n−1 + H(j,k)
by computing the cosine angle between the two vectors, DT (j, k) = (11)
as shown in Equation 8, where ‘‘•’’ represents the dot product α+1
of two vectors. where, α is a factor between 0 and 1 which denotes the
r r rr weight given to the involved time periods. The precondition
j•k (8)
cos(j, k) = |j|∗|k| before computing the direct trust is that the node j and node k
must have interacted at least once, otherwise, DT (j, k) is still
Smaller value of cos (j, k) represents a greater conflict
unchanged from its current value.
degree between two given nodes, with a lower similarity.
In particular, the recommended trust value is computed using
D. GLOBAL TRUST
the following steps.
(1) Form Trust Matrix: Each node forms a trust rating on In IoV, the global trust usually relies on two types of trust
other nodes, which is defined as a matrix R. to evaluate the node behaviors, that is, the direct trust and
(2) Choose Trusted Neighbors: Calculate the similarity of the recommended trust. The recommended trust is given in
all the nodes in the model, and then select top i most similar Section 4.2, and the direct trust is given in Section 4.3. Direct
nodes. trust is defined as the direct interaction between vehicles
(3) Calculate Neighbors Recommendation Trust: Calculate based on local evidence. Indirect trust, on the other hand,
the recommended trust value IT (j, k) of node j on node k. is the interaction between vehicles based on the views of
Si is the set of most similar nodes to node j. Rj = 6i Rj,i others, so direct trust is more important than indirect trust.
and Rk = 6i Rk,i represent the overall trust ratings to other Suppose that the vehicle interaction frequency is n. As the
nodes of node j and node k, respectively. Based on Resnick’s number of vehicle interactions increases, we use 1/(n + 1) as
standard prediction formula, IT (j, k) is calculated as follows. an adjustment factor so that direct trust can be assigned with
more weight. Then, the global trust is calculated as follows.
6i∈Si cos(j, k) ∗ (Rk,i − Rk )
IT (j, k) = Rj + (9) 1 1
6k∈Si | cos(j, k)| Trust(j, k) = [(1 − ) ∗ DT (j, k)] + [ ∗ IT (j, k)]
n+1 n+1
C. DIRECT TRUST (12)
In order to quickly detect the changes in the node behavior
patterns, the TMEC scheme introduces a small time interval
V. SIMULATION AND PERFORMANCE
to assess the direct trust value of each time period [27].
tx This paper uses NS2 as simulation platform. To evaluate the
Before calculating the direct trust, let H(j,k) represents
proposed TMEC Scheme, we rely on the IEEE 802.11p stan-
the reports of node j to the legal behavior of node k over a
tx dard to compare the performance of the baseline method [28].
certain period of time tx . Then H(j,k) is calculated as follows.
The generated vehicular traffic is based on Citymob mobility
tx " #
model [29], which uses SUMO [30] to create mobility traces.
tx
L(j,k) 1
H(j,k) = tx tx ∗ 1 − tx (10) Table 3 lists the parameters used in the simulation scenario.
M(j,k) + L(j,k) L(j,k) + 1 Here, we use Precision (P) and Recall (R) as evaluation

148918 VOLUME 7, 2019

J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV
FIGURE 4. The impact of node density (a) Precision (b) Recall.
FIGURE 5. The impact of malicious nodes (a) Precision (b) Recall.
parameters, which are widely used in Machine Learning and
Information Retrieval for accuracy assessment. In this paper,
P and R are defined as follows [31].
real malicious nodes detected
P= (13)
untrusted nodes detected
malicious nodes detected
R= (14)
real malicious nodes
A. PRECISION AND RECALL
Fig. 4 shows the precision and recall value with respect to
the node density. Fig. 4(a) compares the precision of the
TMEC method with the baseline method when the node
density varies. Experiments show that when the node density
is high, the precision of both the two methods is higher than
90%, but the precision of the proposed scheme is always
higher than the baseline method. This is due to the fact that
with more number of nodes, the probability of receiving real
data from other vehicles is higher, which makes it easier
to detect dishonest behaviors. The TMEC uses D-S theory,
to fuse different evidence, in order to get new evidence, where
(bel, 1) donates untrusted range and (pl, 1) donates absolutely
malicious nodes. Similarly, Fig. 4(b) shows the comparison
of recall between the TMEC and the baseline method. It can
be observed that the recall of the proposed TMEC method
is also better than the baseline method. Assuming that the
value of R is x/y, if the number of real malicious nodes is
increases to y + a, then the maximum value of R could be
(x + a)/(y + a). In addition, (x + a)/(y + a) is more than x/y.
VOLUME 7, 2019
In other words, as the number of nodes increases, the recall
rate becomes higher.
Fig. 5(a) and Fig. 5(b) presents the comparison between
TMEC and other schemes based on precision and recall at dif-
ferent percentages of malicious nodes in the network. When
the proportion of malicious nodes is higher, corresponding
decrease in both precision and recall is noted. However, recall
and precision of the TMEC scheme are still higher than those
of the other three methods. Further an increase in recall and
precision of TMEC is not obvious when the percentage of
malicious nodes increases. This is true because collaborative
filtering provides advice or prediction to nodes, thus the
quality of recommendations is greatly improved. In addition,
D-S theory is used to combine multiple pieces of evidence
together even though some of the traffic data may not be
accurate.
Fig. 6 shows the precision and recall in regards to the vehi-
cle speed. It is evident that the TMEC scheme is superior to
the baseline method. This is because that other schemes lack
real-time online central management server, which makes
them harder to realize vehicle information centralized trans-
mission, storage and efficient evaluation, particularly when
the speed of the vehicle increases. In addition, both the preci-
sion and recall decreases with an increase in the speed of the
vehicle. This is due to the fact that along with an increase in
the vehicle speed, the packet loss rate increases, which make
it difficult for the nodes to spread information about untrusted
vehicles.
148919

FIGURE 6. The impact of vehicle speed (a) Precision (b) Recall.
FIGURE 7. The impact of malicious nodes under bad-mouth attack (a) Precision (b) Recall.
B. ANTI-ATTACK
In addition to the evaluation of the overall performance under
different network parameters, this study also examines the
feasibility of the proposed TMEC scheme under anti-attack.
The attack model is presented in Section 2.3. Performance of
the proposed TMEC scheme is evaluated against the baseline
method under different types of malicious attacks. Let us
assume that the misbehaving attack patterns of the nodes
in the network characterize a probability of 0.5. In order to
quickly detect the changes in the node behavior patterns, this
paper introduces a small time interval, so as to comment
on the trust of the nodes under each time period, which is
effective against time-dependent attacks.
Fig. 7 shows that the performance of precision and recall
under bad-mouth attacks under increasing number of mali-
cious nodes. It can be observed that even if 40% of the
malicious nodes performs bad-mouth attacks, the preci-
sion and recall is still higher than 80%. But the baseline
method is especially plagued by bad- mouth attacks. Note
that bad-mouth attacks aim to intentionally share fake trust
views so that the malicious nodes will be falsely accused
of malicious behaviors. The use of collaborative filtering
based on recommendation strategy and D-S theory makes the
proposed scheme to be more resistant to attacks than the base-
line method. Selective-misbehavior attacks show different
attack patterns to different nodes, so it is difficult to identify
148920
J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV
attackers and malicious behaviors. Fig. 8 indicates that the
TMEC scheme can still resist selective-misbehavior attacks
and achieve high precision and recall. On the other hand,
when the percentage of attackers increases, the precision and
recall of the baseline method are significantly degraded.
C. DETECTION RATE
Using the global trust assessment, any vehicle j can evaluate
its neighbor’s trust value to assess the trustworthiness of
neighbor vehicles k, in order to make decisions upon dropping
untrustworthy messages or delaying legal messages for the
purpose of continuing the dissemination process. The Trust
Threshold varies in accordance with the security needs of the
system. For example, the Trust Threshold may be higher for
security-related events. Thus, whether the neighbor vehicle k
is trusted or not is expressed as follows.

k is a trusted neighbor,
 if Trust(j, k)
≥ TrustThreshold (15)

k is an untrusted neighbor, otherwise

Fig. 9 shows the comparison of the detection rate between
the proposed TMEC scheme and a few baseline methods
under the different Trust Threshold. It is clear that the
detection rate of the proposed scheme is obviously better
than other schemes. In addition, a higher Trust Threshold
VOLUME 7, 2019
J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV
FIGURE 8. The impact of malicious nodes under selective-misbehavior attack (a) Precision (b) Recall.
FIGURE 9. The impact of trust threshold on detection rate.
FIGURE 10. The impact of trust threshold on F-Score.
value corresponds to a lower detection rate. But the TMEC
scheme always characterizes a higher detection rate than the
other three schemes. Even when the Trust Threshold is high
up to 0.9, the detection rate is still higher than 20%, but,
the advantages of other methods are not obvious.
D. F-SCORE
Higher P value usually corresponds to a lower R value, and
vice versa. In order to solve the problem of contradiction
between P and R, we use F-Score (F) as an assessment
metric to reflect the overall performance, which is defined
VOLUME 7, 2019
as follows.
2∗ P∗ R
F= (16)
P+R
As evident from Fig. 10, the value of F-Score decreases
significantly as the Trust Threshold increases, especially
when the Trust Threshold is more than 0.6, the F-Score value
drops sharply. However, the value of F-Score of the proposed
TMEC scheme is always better than the other three schemes.
VI. CONCLUSION
Trust establishment over vehicular networks can enhance
the security of vehicles against probable insider attackers.
This paper presented an improved trust model to evaluate
the user’s trust value, analyze and detect malicious nodes,
and further developed a trust management scheme based on
evidence combination, called TMEC to resist attacks. When
calculating the trust value, the proposed scheme introduced
uncertainty to combine the information received from multi-
ple sources. With the proposed scheme, dishonest behaviors
of the nodes can be effectively detected under a small time
interval. The simulation experiments also proved its validity
of the proposed scheme under different experiment settings.
The key feature of IoV cooperative information exchange
and its social application under different virtual commu-
nities [32], which are changing the way of data exchange
and communication. Different from the traditional mobile
social networks [33], according to the upper vehicle cen-
tral cloud, IoV obtains the social relationships among the
vehicular environments based on the analysis of their social
networks, and provides a more personalized service based on
the combination of their preferences and their geographical
position. IoV facilitated novel strategies of securing message
transmission with more ease and convenient. In the future,
IoV can potentially combine individual isolated vehicles into
a community through Internet of things.
ACKNOWLEDGMENT
The authors would like to thank the anonymous reviewers for
their constructive comments and helpful suggestions.
148921

REFERENCES
[1] K. M. Alam, M. Saini, D. T. Ahmed, and A. El Saddik, ‘‘VeDi: A vehicular
crowd-sourced video social network for VANETs,’’ in Proc. 39th Annu.
IEEE Conf. Local Comput. Networks Workshops, 2014, pp. 738–745.
[2] X. Chen and L. Wang ‘‘A cloud-based trust management framework for
vehicular social networks,’’ IEEE Access, vol. 5, pp. 2967–2980, 2017.
[3] X. Liu and L. Wang, ‘‘Advancement of anonymity technical for data pub-
lishing,’’ J. Jiangsu Univ. (Natural Sci. Ed.), vol. 37, no. 5, pp. 562–571,
2016.
[4] W. Li and H. Song, ‘‘ART: An attack-resistant trust management scheme
for securing vehicular ad hoc networks,’’ IEEE Trans. Intell. Transp. Syst.,
vol. 17, no. 4, pp. 960–969, Apr. 2016.
[5] W. Zhao, T. Fang, and Y. Jiang, ‘‘Data fusion using improved
Dempster–Shafer evidence theory for vehicle detection,’’ in Proc. 4th Int.
Conf. Fuzzy Syst. Knowl. Discovery (FSKD), Aug. 2007, pp. 487–491.
[6] P. Resnick, N. Iacovou, and M. Suchak, ‘‘GroupLens: An open architec-
ture for collaborative filtering of netnews,’’ in Proc. ACM Conf. Comput.
Supported Cooperat. Work, Oct. 1994, pp. 175–186.
[7] H. Wu and L. Wang, ‘‘Trust distance based malicious nodes detec-
tion method in vehicular ad hoc network,’’ Comput. Sci., vol. 42,
no. 8, pp. 157–160, 2015.
[8] S. Buchegger and J.-Y. LeBoudec, ‘‘Performance analysis of the CON-
FIDANT protocol,’’ in Proc. 3rd ACM Int. Symp. Mobile Ad-Hoc
Netw. Comput., 2002, pp. 226–236.
[9] N. Haddadou, A. Rachedi, and Y. Ghamri, ‘‘A job market signaling scheme
for incentive and trust management in vehicular ad hoc networks,’’ IEEE
Trans. Veh. Technol., vol. 64, no. 8, pp. 3657–3674, Aug. 2015.
[10] J. Zhang, C. Chen, and R. Cohen, ‘‘Trust modeling for message relay
control and local action decision making in VANETs,’’ Secur. Commun.
Netw., vol. 6, no. 1, pp. 1–14, Jan. 2013.
[11] S. Gurung, D. Lin, and A. Squicciarini, ‘‘Information-oriented trustwor-
thiness evaluation in vehicular ad-hoc networks,’’ in Proc. Int. Conf. Netw.
Syst. Secur., 2013, pp. 94–108.
[12] M. Raya, P. Papadimitratos, V. D. Gligor, and J.-P. Hubaux, ‘‘On data-
centric trust establishment in ephemeral ad hoc networks,’’ in Proc. 27th
Conf. Comput. Commun., Apr. 2008, pp. 1238–1246.
[13] F. G. Mármol and G. M. Pérez, ‘‘TRIP, a trust and reputation infrastructure-
based proposal for vehicular ad hoc networks,’’ J. Netw. Comput. Appl.,
vol. 35, no. 3, pp. 934–941, May 2012.
[14] X. Li, J. Liu, X. Li, and W. Sun, ‘‘RGTE: A reputation-based global
trust establishment in VANETs,’’ in Proc. 5th Int. Conf. Intell. Netw.
Collaborative Syst., Sep. 2013, pp. 210–214.
[15] Y.-M. Chen and Y.-C. Wei, ‘‘A beacon-based trust management system for
enhancing user centric location privacy in VANETs,’’ J. Commun. Netw.,
vol. 15, no. 2, pp. 153–163, Apr. 2013.
[16] N. Kumar and N. Chilamkurti, ‘‘Collaborative trust aware intelligent
intrusion detection in VANETs,’’ Comput. Elect. Eng., vol. 40, no. 6,
pp. 1981–1996, Aug. 2014.
[17] J. Santa, F. Pereñguez, and A. Moragón, ‘‘Vehicle-to-infrastructure mes-
saging proposal based on CAM/DENM specifications,’’ in Proc. IFIP
Wireless Days (WD), Nov. 2013, pp. 1–7.
[18] J. Santa, F. Pereñíguez, A. Moragón, and A. F. Skarmeta, ‘‘Experimental
evaluation of CAM and DENM messaging services in vehicular communi-
cations,’’ Transp. Res. C, Emerg. Technol., vol. 46, pp. 98–120, Sep. 2014.
[19] C. A. Kerrache, N. Lagraa, C. T. Calafate, J. C. Cano, and P. Manzoni,
‘‘T-VNets: A novel trust architecture for vehicular networks using the stan-
dardized messaging services of ETSI ITS,’’ Comput. Commun., vol. 93,
pp. 68–83, Nov. 2016.
[20] D. Kombate, ‘‘The Internet of vehicles based on 5G communications,’’
in Proc. IEEE Int. Conf. Internet Things (iThings) IEEE Green Comput.
Commun. (GreenCom) IEEE Cyber, Phys. Social Comput. (CPSCom)
IEEE Smart Data (SmartData), Chengdu, China, 2016, pp. 445–448.
[21] X. Chen and L. Wang, ‘‘Exploring trusted data dissemination in a vehicular
social network with a formal compositional approach,’’ in Proc. IEEE 40th
Annu. Comput. Softw. Appl. Conf. (COMPSAC), Jun. 2016, pp. 616–617.
[22] L. Wang, X. Li, and H. Zhong, ‘‘The method of revocable group approval
in VANET,’’ Chin. Sci., Inf. Sci., vol. 43, no. 10, pp. 1307–1325, 2013.
[23] C. H. Li, Y. Liu, and L. Wang, ‘‘Intrusion detection scheme based on traffic
scenarios in vehicular ad-hoc networks,’’ J. Shangdong Univ. (Eng. Sci.),
vol. 44, no. 1, pp. 29–34, 2014.
[24] R. R. Yager, ‘‘On the Dempster–Shafer framework and new combination
rules,’’ Inf. Sci., vol. 41, no. 2, pp. 93–137, Mar. 1987.
[25] K. Sentz and S. Ferson, ‘‘Combination of evidence in Dempster–Shafer
theory. SAND 2002-0835,’’ 2002, pp. 1–5.
148922
J.-M. Chen et al.: TMEC on Attack-Resistant and Collaborative IoV
[26] C. Piao, J. Zhao, and J. Feng, ‘‘Research on entropy-based collabora-
tive filtering algorithm,’’ in Proc. IEEE Int. Conf. E-Bus. Eng. (ICEBE),
Oct. 2007, pp. 213–220.
[27] C. A. Kerrache, C. T. Calafate, N. Lagraa, J.-C. Cano, and P. Manzoni,
‘‘RITA: RIsk-aware trust-based architecture for collaborative multi-hop
vehicular communications,’’ Secur. Commun. Netw., vol. 9, no. 17,
pp. 4428–4442, Nov. 2016.
[28] I. R. Chen, F. Bao, and M. J. Chang, ‘‘Dynamic trust management for
delay tolerant networks and its application to secure routing,’’ IEEE Trans.
Parallel Distrib. Syst., vol. 25, no. 5, pp. 1200–1210, May 2013.
[29] F. J. Martinez, J. C. Cano, and C. T. Calafate, ‘‘CityMob: A mobility
model pattern generator for VANETs,’’ in Proc. IEEE Int. Conf. Commun.
Workshops, May 2008, pp. 370–374.
[30] D. Krajzewicz, ‘‘Traffic simulation with SUMO—Simulation of urban
mobility,’’ in Fundamentals of Traffic Simulation. New York, NY, USA:
Springer, 2010, pp. 269–293.
[31] J. Davis and M. Goadrich, ‘‘The relationship between precision-recall
and ROC curves,’’ in Proc. 23rd Int. Conf. Mach. Learn., Jun. 2006,
pp. 233–240.
[32] Y. Guo, L. Liu, Y. Wu, and J. Hardy, ‘‘Interest-aware content discovery
in peer-to-peer social networks,’’ ACM Trans. Internet Technol., vol. 18,
no. 3, May 2017, Art. no. 39.
[33] L. Liu, N. Antonopoulos, M. Zheng, Y. Zhan, and Z. Ding, ‘‘A socioe-
cological model for advanced service discovery in machine-to-machine
communication networks,’’ ACM Trans. Embedded Comput. Syst., vol. 15,
no. 2, May 2016, Art. no. 38.
JI-MING CHEN received the Ph.D. degree from
Jiangsu University, where he is currently an Asso-
ciate Professor with the School of Computer Sci-
ence and Communication Engineering. He has
published his recent research works in notable
peer-reviewed international conferences and jour-
nals. His research interests are in areas of cloud
computing and information security. His current
research is focused on cloud computing.
TING-TING LI received the bachelor’s degree
from Jiangsu University, China, where she is
currently pursuing the master’s degree with the
School of Computer Science and Communication
Engineering. Her research interests include safety
of the Internet of Vehicles, cryptography, and trust
management.
JOHN PANNEERSELVAM (M’14) received the
Ph.D. degree in computer science from the Uni-
versity of Derby, in 2018, and the M.Sc. degree
in advanced computer networks, in 2013, where
he is currently a Lecturer in computing. His cur-
rent research is focused on energy efficient cloud
systems and data analytics for high-performance
computing. His research interests include cloud
computing, big data analytics, opportunistic net-
working, and P2P computing. He is an active mem-
ber of the British Computer Society.
VOLUME 7, 2019