CoCoWa A Collaborative Contact-Based

CoCoWa: A Collaborative Contact-BasedWatchdog for Detecting Selfish Nodes

Enrique Hern�andez-Orallo,Member, IEEE, Manuel David Serrat Olmos, Juan-Carlos Cano,

Carlos T. Calafate, and Pietro Manzoni,Member, IEEE

Abstract—Mobile ad-hoc networks (MANETs) assume that mobile nodes voluntary cooperate in order to work properly. This

cooperation is a cost-intensive activity and some nodes can refuse to cooperate, leading to a selfish node behaviour. Thus, the overall

network performance could be seriously affected. The use of watchdogs is a well-known mechanism to detect selfish nodes. However,

the detection process performed by watchdogs can fail, generating false positives and false negatives that can induce to wrong

operations. Moreover, relying on local watchdogs alone can lead to poor performance when detecting selfish nodes, in term of

precision and speed. This is specially important on networks with sporadic contacts, such as delay tolerant networks (DTNs), where

sometimes watchdogs lack of enough time or information to detect the selfish nodes. Thus, we propose collaborative contact-based

watchdog (CoCoWa) as a collaborative approach based on the diffusion of local selfish nodes awareness when a contact occurs, so

that information about selfish nodes is quickly propagated. As shown in the paper, this collaborative approach reduces the time and

increases the precision when detecting selfish nodes.

Index Terms—Wireless networks, MANETs, opportunistic and delay tolerant networks, selfish nodes, performance evaluation

Ç

1 INTRODUCTION

COOPERATIVE networking is currently receiving signifi-cant attention as an emerging network design strategy

for future mobile wireless networks. Successful cooperativenetworking can prompt the development of advanced wire-less networks to cost-effectively provide services and appli-cations in contexts such as vehicular ad hoc networks(VANETs) or mobile social networks. Two of the basic tech-nologies that are considered as the core for these types ofnetworks are mobile ad-hoc networks (MANETs) andopportunistic and delay tolerant networks (DTNs).

The cooperation on these networks is usually contact-based. Mobile nodes can directly communicate with eachother if a contact occurs (that is, if they are within communi-cation range). Supporting this cooperation is a cost intensiveactivity for mobile nodes. Thus, in the real world, nodescould have a selfish behaviour, being unwilling to forwardpackets for others. Selfishness means that some nodes refuseto forward other nodes’ packets to save their own resources.

The literature provides two main strategies to dealwith selfish behaviour: a) motivation or incentive basedapproaches, and b) detection and exclusion. The firstapproach, tries to motivate nodes to actively participatein the forwarding activities. These approaches are usuallybased on virtual currency and/or game theory models[4], [5], [9], [36]. The detection and exclusion approach isa straight-forward way to cope with selfish nodes andseveral solutions have been presented [3], [14], [19], [22],

[23], [24], [25], [28], [34]. In CoCoWa, we do not attemptto implement any strategy to exclude selfish nodes or toincentivize their participation; instead, we focus on thedetection of selfish nodes.

The impact of node selfishness onMANETs has been stud-ied in [30], [31], [32]. In [32] it is shown that when no selfish-ness prevention mechanism is present, the packet deliveryrates become seriously degraded, from a rate of 80 percentwhen the selfish node ratio is 0, to 30 percent when the selfishnode ratio is 50 percent. The survey [31] shows similar results:the number of packet losses is increased by 500 percent whenthe selfish node ratio increases from 0 to 40 percent. A moredetailed study [30] shows that a moderate concentration ofnode selfishness (starting from a 20 percent level) has a hugeimpact on the overall performance of MANETs, such as theaverage hop count, the number of packets dropped, theoffered throughput, and the probability of reachability. InDTNs, selfish nodes can seriously degrade the performanceof packet transmission. For example, in two-hop relayschemes, if a packet is transmitted to a selfish node, the packetis not re-transmitted, therefore being lost.

Therefore, detecting such nodes quickly and accurately isessential for the overall performance of the network. Previ-ous works have demonstrated that watchdogs are appropri-ate mechanisms to detect misbehaving and selfish nodes.Essentially, watchdog systems overhear wireless traffic andanalyse it to decide whether neighbour nodes are behavingin a selfish manner [16]. When the watchdog detects a self-ish node it is marked as a positive detection (or a negativedetection, if it is detected as a non selfish node). Neverthe-less, watchdogs can fail on this detection, generating falsepositives and false negatives that seriously degrade the behav-iour of the system.

Another source of problems for cooperative approachesis the presence of colluding or malicious nodes. In this case,the effect can even be more harmful, since these nodes try

� The authors are with the Departamento de Inform�atica de Sistemas yComputadores, Universitat Polit�ecnica de Val�encia, Spain.E-mail: {ehernandez, jucano, calafate, pmanzoni}@disca.upv.es,[email protected].

Manuscript received 23 Oct. 2013; revised 12 July 2014; accepted 16 July2014. Date of publication 27 July 2014; date of current version 1 May 2015.For information on obtaining reprints of this article, please send e-mail to:[email protected], and reference the Digital Object Identifier below.Digital Object Identifier no. 10.1109/TMC.2014.2343627

1162 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 6, JUNE 2015

1536-1233� 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

to intentionally disturb the correct behaviour of the net-work. For example, one harmful malicious node can belying about the status of other nodes, producing a fastdiffusion of false negatives or false positives. Maliciousnodes are hard to detect using watchdogs, as they canintentionally participate in network communication withthe only goal to hide their behaviour from the network.Thus, since we assume that these nodes may be presenton the network, evaluating their influence becomes a veryrelevant matter.

This paper introduces Collaborative Contact-basedWatchdog (CoCoWa) as a new scheme for detecting self-ish nodes that combines local watchdog detections andthe dissemination of this information on the network. Ifone node has previously detected a selfish node it cantransmit this information to other nodes when a contactoccurs. This way, nodes have second hand informationabout the selfish nodes in the network. The goal of ourapproach is to reduce the detection time and to improvethe precision by reducing the effect of both false nega-tives and false positives. Although some of the aforemen-tioned papers (such as [3], [28]) introduced some degreeof collaboration on their watchdog schemes, the diffusionis very costly since they are based on periodic messagedissemination.

The diffusion of information about positive or negativedetections of selfish nodes introduces several issues about thereputation of the neighbour nodes. The first issue is the con-solidation of information, that is, the trust about neighbour’spositive and negative detections, specially when it does notmatch with the local watchdog detection. Another issue is thecase of malicious nodes. Thus, this paper extends our previ-ous approaches [12], [13] to also cope with malicious nodesusing a reputation scheme.

In order to evaluate the efficiency of CoCoWa we firstintroduce an analytical performance model. We modelthe network as a continuous time Markov chain (CTMC)and derive expressions for obtaining the time and over-head (cost) of detection of selfish nodes under the influ-ence of false positives, false negatives and maliciousnodes. In general, the analytical evaluation shows a sig-nificant reduction of the detection time of selfish nodeswith a reduced overhead when comparing CoCoWaagainst a traditional watchdog. The impact of false nega-tives and false positives is also greatly reduced. Finally,the pernicious effect of malicious nodes can be reducedusing the reputation detection scheme. We also evaluateCoCoWa with real mobility scenarios using well knownhuman and vehicular mobility traces. These experimentalresults confirm that our approach is very efficient.

The rest of the paper is organised as follows. We firstintroduce the architecture of CoCoWa in Section 2.Section 3 discusses the characterisation of contact occur-rence. Then, Section 4 presents a performance model forevaluating our approach. Section 5 presents the evalua-tion of CoCoWa in terms of detection time and overheadusing the analytical model. The CoCoWa approach isalso experimentally evaluated using real mobility tracesin Section 6. After presenting and evaluating our pro-posal we present some related work in Section 7. Finally,Section 8 presents the concluding remarks.

2 ARCHITECTURE OVERVIEW

A selfish node usually denies packet forwarding in order tosave its own resources. This behaviour implies that a selfishnode neither participates in routing nor relays data packets[21]. A common technique to detect this selfish behaviouris network monitoring using local watchdogs. A node’swatchdog consists on overhearing the packets transmittedand received by its neighbours in order to detect anomalies,such as the ratio between packets received to packets being re-transmitted [15]. By using this technique, the local watchdogcan generate a positive (or negative) detection in case thenode is acting selfishly (or not).

An example of how CoCoWa works is outlined in Fig. 1.It is based on the combination of a local watchdog and thediffusion of information when contacts between pairs ofnodes occurs. A contact is defined as an opportunity oftransmission between a pair of nodes (that is, two nodeshave enough time to communicate between them). Assum-ing that there is only one selfish node, the figure shows howinitially no node has information about the selfish node.When a node detects a selfish node using its watchdog, it ismarked as a positive, and if it is detected as a non selfishnode, it is marked as a negative. Later on, when this nodecontacts another node, it can transmit this information to it;so, from that moment on, both nodes store informationabout this positive (or negative) detections. Therefore, anode can become aware about selfish nodes directly (usingits watchdog) or indirectly, through the collaborative trans-mission of information that is provided by other nodes.

Under this scheme, the uncontrolled diffusion of positiveand negative detections can produce the fast diffusion ofwrong information, and therefore, a poor network perfor-mance. For example, in Fig. 1, on the last state d), node twoand three have a positive detection and node four has a neg-ative detection (a false negative). Now, node one, which hasno information about the selfish node, has several possibili-ties: if it contacts the selfish node it may be able to detect it;if it contacts node two or three it can get a positive detection;but if it contacts node four, it can get a false negative.

Fig. 2 shows the functional structure of CoCoWa and wenow detail its three main components.

Fig. 1. An example of how CoCoWa works. a) Initially all nodes haveno information about the selfish node. b) Node 2 detects the selfishnode using its own watchdog. c) Node 2 contacts with node 3 and ittransmits the positive about the selfish node. d) The local watchdogof Node 4 fails to detect the selfish node and it generates a negativedetection (a false negative).

HERN�ANDEZ-ORALLO ET AL.: COCOWA: A COLLABORATIVE CONTACT-BASED WATCHDOG FOR DETECTING SELFISH NODES 1163

The Local Watchdog has two functions: the detection ofselfish nodes and the detection of new contacts. The localwatchdog can generate the following events about neigh-bour nodes: PosEvt (positive event) when the watchdogdetects a selfish node, NegEvt (negative event) when thewatchdog detects that a node is not selfish, and NoDetEvt

(no detection event) when the watchdog does not haveenough information about a node (for example if thecontact time is very low or it does not overhear enoughmessages). The detection of new contacts is based onneighbourhood packet overhearing; thus, when the watch-dog overhears packets from a new node it is assumed tobe a new contact, and so it generates an event to thenetwork information module.

The Diffusionmodule has two functions: the transmissionas well as the reception of positive (and negative) detec-tions. A key issue of our approach is the diffusion of infor-mation. As the number of selfish nodes is low compared tothe total number of nodes, positive detections can always betransmitted with a low overhead. However, transmittingonly positive detections has a serious drawback: false posi-tives can be spread over the network very fast. Thus, thetransmission of negative detections is necessary to neutral-ise the effect of these false positives, but sending all knownnegative detections can be troublesome, producing exces-sive messaging or the fast diffusion of false negatives. Con-sequently, we introduce a negative diffusion factor g, that isthe ratio of negative detections that are actually transmitted.This value ranges from 0 (no negative detections are trans-mitted) to 1 (all negative detections are transmitted). Wewill show in the evaluation section that a low value for theg factor is enough to neutralise the effect of false positivesand false negatives. Finally, when the diffusion modulereceives a new contact event from the watchdog, it transmitsa message including this information to the new neighbournode. When the neighbour node receives a message, it gen-erates an event to the network information module with thelist of these positive (and negative) detections.

Updating or consolidating the information is another keyissue. This is the function of the Information Update module.A node can have the following internal information aboutother nodes: NoInfo state, Positive state and Negative

state. A NoInfo state means that it has no informationabout a node, a Positive state means it believes that anode is selfish, and a Negative state means it believes thata node is not selfish. A node can have direct information(from the local watchdog) and indirect information (from

neighbour nodes). CoCoWa is event driven, so the state of anode is updated when the PosEvt or NegEvt events arereceived from the local watchdog and diffusion modules. Inparticular, these events updates a reputation value r usingthe following expression:

r ¼ rþ D D ¼þd ðPosEvt;LocalÞþ1 ðPosEvt; IndirectÞ�d ðNegEvt;LocalÞ�1 ðNegEvt; IndirectÞ:

8>><>>:

d � 1 (1)

In general, a PosEvt event increments the reputationvalue while a NegEvt event decrements it. Defining u as athreshold and using the reputation value r, the state of thenode changes to Positive if r � u, and to Negative ifr � �u. Otherwise, the state is NoInfo. The combination ofd and u parameters allows a very flexible and dynamicbehaviour. First, if u > 1 and d < u we need several eventsin order to change the state. For example, starting from theNoInfo state, if u ¼ 2 and d ¼ 1, at least a local and an indi-rect event is needed to change the state, but if u ¼ 1, onlyone event is needed. Second, we can give more trust to thelocal watchdog or to indirect information. For example, avalue of d ¼ 2 and u ¼ 3, means that we need one local eventand one indirect event, or three indirect events, to changethe state. This approach can compensate wrong local deci-sions: for example, a local NegEvt can be compensated by2dþ u indirect PosEvt events, and in order to change fromPositive to Negative states (or vice-versa) we needtwice the events.

The advantages of this updating strategy are twofold.First, with the threshold u we can reduce the fast diffusionof false positive and false negatives. Nevertheless, this canproduce a delay on the detection (more events are neededto get a better decision). Second, the decision about a selfishnode is taken using the most recent information. For exam-ple, if a node had contact with the selfish node a long timeago (so it had a Positive state) and now receives severalNegEvt in a row from other nodes, the state is updated toNegative.

Finally, the network information about the nodes has anexpiration time, so after some time without contacts it isupdated. The implementation of this mechanism is straight-forward. When an event is received, it is marked with atime stamp, so in a given timeout an opposite event is gen-erated, in order to update the value of r.

3 CHARACTERISING INTER-CONTACT TIMES

Characterising inter-contact times (or inter-meeting times)between pairs of nodes is essential for analysing the perfor-mance of contact-based protocols in cooperative network-ing. The inter-contact times distribution is obtained byaggregating the individual pair distribution of all combinationsof pairs of nodes in the network. The individual pair distribu-tion is defined as the distribution of the time elapsedbetween two consecutive contacts between the same pair ofnodes [27].

The assumption that the aggregated inter-contact timefollows an exponential distribution with rate � has beenshown to hold in several mobility scenarios of both humansand vehicles [11], [23], [37]. For example, in [11] it is shown

Fig. 2. CoCoWa architecture.


that, for the random waypoint and random direction mobil-itymodels, parameter � is related to themean speed of nodesv, through an empirical expression. There is some contro-versy about whether this exponential distribution relates toreal mobility patterns. Empirical results have shown that theaggregated inter-contact time distribution follows a power-law and has a long tail [7], meaning that there are some pairsof nodes that barely experience contact. In [6] it is shown thatin a bounded domain, such as the one selected along thispaper, the inter-contact distribution is exponential, but in anunbounded domain the distribution is power-law. Thedichotomy of this distribution is described in [18]: a trun-cated power law with exponential decay appearing in its tailafter some cutoff point. A recent paper [27] presents thedependence between the individual pair distribution and theaggregated distribution. It is stated that, starting from the expo-nential individual pair distribution, the aggregated is distrib-uted according to a Pareto law. It also verifies the dichotomyproperty of the aggregate distribution analytically. The workin [10] analysed some popular mobility traces and found thatover 85 percent of the individual pair distributions fit an expo-nential distribution.

Therefore, we consider that using an exponential fit is avalid assumption to model inter-contact times. Our analyti-cal model assumes an exponential distributed inter-contactrate between nodes and, therefore, it is suited for modellingthe contacts in MANETs and DTNs networks.

4 SYSTEM MODEL

The network is modelled as a set ofN wireless mobile nodes,with C collaborative nodes,M malicious nodes and S selfishnodes (N ¼ C þM þ S). Our goal is to obtain the time andoverhead that a set ofD � C nodes need to detect the selfishnodes in the network. The overhead is the number of infor-mationmessages transmitted up to the detection time.

Note that the following models evaluate the detectionof a single selfish node. The effect of having several self-ish nodes in a network is easy to evaluate, and it doesnot require a specific model. If we assume that selfishnodes are not cooperative, we can analyse the impact ofeach selfish node on the network independently. In thecase of several selfish nodes (S > 1) on a network with Nnodes, we can assume that there are C ¼ N � S coopera-tive nodes.

4.1 The Model for the CoCoWa Architecture

The goal of this section is to model the behaviour of the dif-ferent modules of our architecture (see Fig. 2). The localwatchdog is modelled using three parameters: the probabil-ity of detection pd, the ratio of false positives pfp, and theratio of false negatives pfn. The first parameter, the probabil-ity of detection (pd), reflects the probability that, when anode contacts another node, the watchdog has enoughinformation to generate a PosEvt or NegEvt event. Thisvalue depends on the effectiveness of the watchdog, thetraffic load, and the mobility pattern of nodes. For example,for opportunistic networks or DTNs where the contacts aresporadic and have low duration, this value is lower than forMANETs. Furthermore, the watchdog can generate falsepositives and false negatives. A false positive is when the

watchdog generates a positive detection for a node that isnot a selfish node. A false negative is generated when a self-ish node is marked as a negative detection. In order to mea-sure the performance of a watchdog, these values can beexpressed as a ratio or probability: pfp is the ratio (or proba-bility) of false positives generated when a node contacts anon-selfish node, and pfn is the ratio (or probability) of falsenegatives generated when a node contacts a selfish node.Using the previous parameters we can model the probabil-ity of generating local PosEvt and NegEvt events when acontact occurs:

� PosEvt event: the node contacts with the selfishnode and the watchdog detects it, with probabilitypdð1� pfnÞ. Note that a false positive can also be gen-erated with probability pd � pfp.

� NegEvt event: the node contacts with a non-selfishnode and detect it with probability pdð1� pfpÞ. Afalse negative can also be generated when it contactswith the selfish node with probability pd � pfn.

The diffusion module can generate indirect events when acontact with neighbour nodes occurs. Nevertheless, a con-tact does not always imply collaboration, so we model thisprobability of collaboration as pc. The degree of collabora-tion is a global parameter, and it is used to reflect that eithera message with the information about the selfish node islost, or that a node temporally does not collaborate (forexample, due to a failure or simply because it is switchedoff). In real networks, full collaboration (pc ¼ 1) is almostimpossible. Finally, the probability of generating the indi-rect events are the following:

� PosEvt event: a contact with another node that has aPositive state of the selfish nodewith probability pc.

� NegEvt event: a contact with another node that has aNegative state, being the probability g � pc. Notethat not all Negative states are transmitted, itdepends on the diffusion factor g.

The information update module is driven by the previouslocal and indirect events. These events update the reputa-tion r about a node, and are used to finally decide if a nodeis selfish or not using the threshold u.

4.2 Malicious Nodes and Attacker Model

Malicious nodes attempt to attack the CoCoWa system bygenerating wrong information about the nodes. Thus, theattacker model addresses the behaviour or capabilities ofthese malicious nodes. A malicious node attack consists oftrying to send a positive about a node that is not a selfishnode, or a negative about a selfish node, with the goal ofproducing false positives and false negatives on the rest ofnodes. In order to do this, it must have some knowledgeabout the way CoCoWa works. The effectiveness of thisbehaviour clearly depends on the rate and precision thatmalicious nodes can generate wrong information. Maliciousnodes are assumed to have a communications hardwaresimilar to the rest of nodes, so they can hear all neighbourmessages in a similar range than the rest of nodes. Never-theless, the attacker could use high-gain antennas toincrease its communications range and thus disseminatefalse information in a more effective manner.


Regarding the diffusion of information on the network,our approach does not assume any security measures, suchas message cyphering or node authentification. Neverthe-less, if these measures exist, the effect of malicious nodes inCoCoWo will be very reduced or even non-existent. The dif-fusion module can also accepts messages from every node,including from malicious ones. Thus, we assume that mali-cious nodes can be active, and use this information in orderto generate wrong positives/negatives about other nodes.Nevertheless, we assume that malicious nodes cannotimpersonate other nodes and do not collude with othermalicious nodes (that is, they do not cooperate amongthem). Another problem is the Sybil attack [8]. Since mali-cious nodes can create and control more than one identityon a single physical device, it can have a serious impact onCoCoWa. Thus, a specific security measure is needed, suchas the one presented in [1].

The behaviour of malicious nodes is modeled from thereceiver perspective, which is based on the probability ofreceiving wrong information about a given node when acontact with a malicious node occurs (that is, it receives aNegative about the selfish node, and a Positive aboutthe other nodes). We denote this behaviour as the malicious-ness probability pm. Below we detail several aspects that canaffect this probability:

1) The reception of information, considering that not allcontacts produce this reception. This aspect is similarto the collaboration degree (that is, the pc parameter),but an increase of communication range of the mali-cious nodes will increase the information reception.

2) The malicious nodes do not have information aboutall nodes; so, in order to send a positive/negativeabout a node, they must have contacted this nodepreviously or have received a message from othernodes.

3) Another issue to consider is the proper generation ofwrong information, for example when receiving apositive of a node that is not a selfish node. From thereceiver point of view, a perfect malicious node willalways provide wrong information. In this case, themalicious node, in order to send wrong information,must know the state of each node. In other words itmust have a perfect local watchdog (about the nodeit contacts).

Summing up, this parameter reflects the average inten-sity or effectiveness of the attack of the malicious nodes.

4.3 The Model for the Detection of Selfish Nodes

In this section we introduce an analytical model for evaluat-ing the performance of CoCoWa. The goal is to obtain thedetection time (and overhead) of a selfish node in a net-work. This model takes into account the effect of false nega-tives. False positives do not affect the detection time of theselfish node, so pfp is not introduced in this model.

Using � as the contact rate between nodes, we can modelthe network using a 4D continuous time Markov chain (4D-CTMC). For modelling purposes, the collaborative nodesare divided into two sets: a set withD destination nodes, anda set of E ¼ C �D intermediate nodes. The destination andintermediate nodes have the same behaviour (both are

collaborative nodes). The only purpose of this division is toanalytically obtain the time and the overhead required forthe subset of destination nodes to detect the selfish node.Thus, the 4D-CTMC states are: ðdpðtÞ; dnðtÞ; epðtÞ; enðtÞÞ,where epðtÞ represents the number of intermediate nodes thathave a Positive state, enðtÞ the intermediate nodes with aNegative state, dpðtÞ the destination nodes with a Posi-

tive state and dnðtÞ the destination nodes with a Negative

state. Note that, in this model, a Negative is a false nega-tive. The states must verify the following conditions:dpðtÞ þ dnðtÞ � D and epðtÞ þ enðtÞ � E. Our 4D-CTMCmodel has an initial state ð0; 0; 0; 0Þ (that is, all nodes haveno information). The final (absorbing) states are whendpðtÞ ¼ D. We define y as the number absorbing states, thatare all possible permutations of states (fðD; 0; �; �Þg) that

sum E. It is easy to derive that y ¼ PSðEÞ ¼ 0:5ðE þ 1ÞðE þ 2Þ. The number of transient states t is obtained in a

similar way: t ¼ ðPSðDÞ � 1ÞPSðEÞ. This model can beexpressed using the following generator matrixQ:

Q ¼ T R0 0

� �; (2)

where T is a t � t matrix with elements qij denoting thetransition rate from transient state si to transient state sj, Ris a t � y matrix with elements qij denoting the transitionrate from transient state si to the absorbing state sj, the left0 is a y� t zero matrix, and the right 0 is a y� y zeromatrix.

Now, we derive the transition rates qij. Given the statesi ¼ ðep; en; dp; dnÞ,1 we have:

qij ¼

RpðE � ep � enÞ epþRfnðE � ep � enÞ enþRfnep ep�Rpen en�RpðD� dp � dnÞ dpþRfnðD� dp � dnÞ dnþRfndp dp�Rpdn dn�;

8>>>>>>>>>><>>>>>>>>>>:

(3)

where xþ represents a transition from state ð. . . ; x; . . .Þ toð. . . ; xþ 1; . . .Þ, and x� represents a transition from stateð. . . ; xþ 1; . . .Þ to ð. . . ; x; . . .Þ. Finally, qii ¼ �P

i 6¼j qij.

The first transition epþ is when a intermediate collabora-tive node changes from NoInfo state to a Positive state(ðdp; dn; ep; enÞ to ðdp; dn; ep þ 1; enÞ). The rate of changedepends on the updating of r, and on the d and u parame-ters. The reputation value r increments according to expres-sion 1. This update can be generated by local events andindirect events. First, the local watchdog can generate alocal PosEvt with rate �pdð1� pfnÞ so the reputation isincremented by d. Then, the rate of increment due to localevents is �dpdð1� pfnÞ. Second, updating from an indirectevent depends on the number of nodes with Positive andNegative states and the probability of collaboration:�pcðcp � gcnÞ where cp ¼ ep þ dp and cn ¼ en þ dn. Maliciousnodes affect this updating by generating indirect NegEvtwith a rate �Mpm. Since we are evaluating the increment,

1. For simplicity, we omit the time in the states.


this term must be positive. So, the final rate due to indirectevents is � maxðpcðcp � gcnÞ �MpmÞ. All the previous termsare divided by threshold u in order to obtain the rate ofchanging when a node contacts with a collaborative node:

Rp ¼ �ðdpdð1� pfnÞ þmaxðpcðcp � gcnÞ �Mpm; 0ÞÞ=u: (4)

Finally, there are ðE � ep � enÞ nodes with the NoInfo stateso the final transition rate is RpðE � ep � enÞ.

The second transition, enþ, is when a intermediate collabo-rative node changes from ðdp; dn; ep; enÞ to ðdp; dn; ep; en þ 1Þ.This means that a intermediate collaborative node changes toa Negative state (a false negative). We can derive a similarexpression for the rate of change to a (false) Negative stateRfN . In this case, when a node contacts with the selfish node,the reputation is decreased with rate �dpdpfn, and also byindirect events with rate �ðpcðgcn � cpÞ þMpmÞ. Finally, wehave:

Rfn ¼ �ðdpdpfn þmaxðpcðgcn � cpÞ þMpm; 0ÞÞ=u (5)

and the transition is RfnðE � ep � enÞ.The transition ep� is when a intermediate collaborative

node that has a Positive state changes to NoInfo. Thisevent is similar to enþ and the transition rate is similar:Rfnep. Note that in this case we multiply by the number ofnodes that have a Positive state instead of the number ofpending nodes. In a similar way, the transition enþ occurswhen a intermediate collaborative node that has a Negativestate changes to NoInfo. So, the transition rate is Rpen. Fortransitions regarding destination nodes, the rates are verysimilar to the previous ones, as seen in expression 3. Finally,all these transitions retain the exponential distribution ofuseful contacts (that is, the contacts that produce a transi-tion), preserving the Markovian nature of the process.

Using the generator matrixQwe can derive two differentexpressions: one for the detection time Td and another forthe overall overhead (or cost) Od. Starting with the detectiontime, from the 4D-CTMC we can obtain how long it willtake for the process to be absorbed. Using the fundamental

matrix N ¼ �T�1, we can obtain a vector t of the expectedtime to absorption as t ¼ Nv, where v is a column vector of

ones (v ¼ ½1; 1; . . . ; 1T ). Each entry ti of t represents theexpected time to absorption from state si. Since we onlyneed the expected time from state s1 ¼ ð0; 0; 0; 0Þ to absorp-tion (that is, the expected time for all destination nodes tohave a Positive state), the detection time Td, is:

Td ¼ E½T ¼ v1Nv; (6)

where T is a random variable denoting the detection timefor all nodes and v1 ¼ ½1; 0; . . . ; 0. Concerning the overheadwe need to obtain the number of transmitted messages foreach state si. First, the duration of each state si can beobtained using the fundamental matrixN. By definition, theelements of the first row of N are the expected times in eachstate starting from state 0. Then, the duration of state si isfi ¼ Nð1; iÞ.

Now, we calculate the expected number of messages mi.The number of messages depends on the diffusion model.For an easier exposition, we start with g ¼ 0, that is,only the positive detections are transmitted. From state

s1 ¼ ð0; 0; 0; 0Þ to sEþ1=ð0; 0; 0; EÞ no node has a Positive

state, so no messages are transmitted and m1 ¼ 0. Fromstates sEþ2 ¼ ð0; 0; 1; 0Þ to s2Eþ1 ¼ ð0; 0; 1; E � 1Þ, one nodehas a Positive state. In these cases, the Positive can betransmitted to all nodes (except itself) for the duration ofeach state i (Nð1; iÞ) with a rate � and probability pc. Then,the expected number of messages can be obtained asmi ¼ Nð1; iÞ�ðC � 1Þpc. From states s2Eþ2 ¼ ð0; 0; 2; 0Þ tos3Eþ1 ¼ ð0; 0; 2; E � 2Þ, we have two possible senders andmi ¼ 2Nð1; iÞ�ðC � 1Þpc. Considering both types of nodes(destination and intermediate), the number of nodes with aPositive for state si is FðsiÞ ¼ dp þ ep. Summarizing, theoverhead of transmission (number of messages) is:

Od ¼ E½Msg ¼ �ðC � 1ÞpcXti¼1

FðsiÞNð1; iÞ: (7)

Finally, for g > 0, the ratio of nodes cn that will transmit aNegative is precisely g, so FðsiÞ ¼ dp þ ep þ gðdn þ enÞ.

Using the previous model, we can also evaluate the timewhen destination nodes D have a ”false negative” about theselfish node. In this case the absorbing states are f0; D; �; �g,that is, when dn ¼ D. A high rate of false negatives andmalicious nodes may cause a false negative state to bereached in less time than a true positive detection. This situ-ation (and the solution) is studied in Section 5.2.

4.4 The Model for False Positives

We now develop a model for evaluating the effect of falsepositives. This model evaluates how fast a false positivespreads in the network (the diffusion time). Thus, in thiscase, a greater diffusion time stands for a lower impact offalse positives. The diffusion time is similar to the detectiontime of true positives described in the previous section, andit can be obtained in a similar way. Following the same pro-cess that in the previous model for the false negatives, wehave a 4D-CMTC with the same states ðdp; dn; ep; enÞ, but inthis case cp ¼ dp þ ep represents the number of nodes with afalse positive, and cn ¼ dn þ en the number of nodes with a(true) negative detection. We can derive expressions similarto 4 and 5, for the case of false positives. In this case, RfP

represents the rate of a false positive, and it is derived in asimilar way:

Rfp ¼ �ðdpdpfp þmaxðpcðcp � gcnÞ þMpm; 0ÞÞ=u (8)

and Rn represents the rate of negative detection:

Rn ¼ �ðdpdð1� pfpÞ þmaxðpcðgcn � cpÞ �Mpm; 0ÞÞ=u: (9)

Using these expressions, the transition rates (qij) of the gen-erator matrix Q are similar to expression 3, substituting RP

and Rfn by Rfp and Rn, respectively. Finally, using Equa-tions (6) and (7) described in our previous model, we canobtain the diffusion time and the overhead.

5 ANALYTICAL EVALUATION

This section is devoted to evaluate the performance ofCoCoWa. The analytical model introduced in Section 4 hasseveral parameters, so in this paper we focus on thoseparameters that clearly affect performance. First, we study


the global performance of our approach considering the col-laborative issues. Then, we focus our study on the impact offalse negatives, false positives, and malicious nodes. Finally,we compare our approach to the classic periodic diffusionmodel. Note that, since � is a multiplying factor of all transi-tion rates in matrix Q (except for qii), the concluding resultsof this section are valid for any value of � (a greater value of� will affect only on a reduction of the detection time). Forthe evaluations that follow, we consider a � value of 0.01 con-tacts/s, which has been shown to be a valid value in vehicu-lar scenarios [37]. The following evaluations also considerthe experimental ranges of several parameters obtainedfrom previous works of our research group [16], [29]. In par-ticular, the probability of detection is low because the localwatchdog needs enough packets to generate a positive (ornegative) detection of a selfish node pd ½0:1; 0:3, and theratio of false negatives and false positives are related to pd;for the range considered the former take the following val-ues: pfn ½0:05; 0:25 and pfp ½0:1; 0:3.

5.1 Global Performance Evaluation

In the experiments of this section we assume ideal condi-tions: there are no false positives, no false negatives and nomalicious nodes: pfn ¼ pfp ¼ M ¼ pm ¼ 0, and only positivedetections are transmitted: g ¼ 0. The first evaluation ana-lyse the impact that the degree of collaboration (pc) has overthe efficiency of CoCoWa. The number of selfish nodes isone (S ¼ 1) and the detection parameters are: u ¼ d ¼ 1.Fig. 3a shows the detection time and overhead for all nodesin a network with 25 nodes (N ¼ 25; D ¼ 24) with differentprobabilities of detection (pd), ranging from a low detectionratio (0.1), typical of DTNs and Opportunistic Networks, togreater detection ratios (0.3) typical of MANETs [16], [29].

We observe that, when increasing the degree of collabora-tion from 0 to 0.2, the detection time is reduced exponen-tially and the overhead is increased. The effect of pd is theexpected: for greater values of pd, the detection time isreduced. For example, for pd ¼ 0:1, the detection time withno collaboration (pc ¼ 0) is 3775 s. This value can be greatlyreduced by using CoCoWa. Thus, even for a low collabora-tion rate (pc ¼ 0:2), the detection time for all nodes isreduced to 181 s with an overhead of just 82 messages,which represents an improvement of about 2000 percent onthe detection time. Regarding the detection probability (pd),we can see that the detection time is greatly reduced evenfor low values, so CoCoWa is useful in both OpportunisticNetworks and DTNs. The previous results show that, whenusing the local watchdog alone, the detection time is veryhigh (close to one hour). The implications are important. Aone hour detection is not useful, because it is equivalent tono detection. Thus, when using collaboration, the detectiontime is reduced from hours to seconds, meaning that nodescan take appropriate actions in time to avoid the selfishnodes, thereby improving the network performance.

We now evaluate the impact that the number of nodeshas on performance. For the following experiments, we setpd ¼ pc ¼ 0:2. In the first experiment the value of N rangesfrom 10 to 100 (see Fig. 3b) while also varying the numberof destination nodes. A value of D ¼ N � 1 evaluates thedetection for all collaborative nodes in the network (theoverall detection), and D ¼ 1 evaluates the detection time foronly one node (the individual detection). Thus, the overalldetection evaluates the performance of the entire network,while the individual detection evaluates the performance seenfrom an arbitrary node. We observe that, in general, thegreater the number of nodes, the smaller the detection time

Fig. 3. Global performance evaluation in the absence of false negatives, false positives and malicious nodes. a) detection time depending on collabo-ration in a network of N ¼ 25, b) detection time depending on the number of nodes, c) number of destination nodes that have detected the selfishnodes depending on the detection time, d) detection time depending on the parameters of the detection function (u and d). In these plots, the continu-ous line represents the overhead and the dashed line the detection time.


and the greater the number of messages. The main reason isthat, when the number of nodes is greater, the number ofcontacts increases and so the information about the positivedetection is disseminated more quickly. The cost is directlyproportional to N .

Finally, as expected, for D ¼ 1 the detection time is lessthan for D > 1, but this increase is not exponential with D.We can evaluate this through the dynamics of the overalldetection process. Fig. 3c shows the number of destinationnodes (D) informed about the selfish nodes depending ontime with diferent network sizes. The figure shows that,when the number of nodes is low (N � 20), the first detec-tion takes more time, and the next detections have also alow rate. The reason is that, when N is low, the number ofcontacts is also low, and so the diffusion of the positivesbecomes very slow. On the other hand, in a network withmore nodes, there are more contacts, meaning that this dif-fusion is faster (that is, the process runs faster).

Now, we are going to evaluate the detection function,that is the impact of the u and d parameters. We expect thatgreater u values imply greater detection times and over-head, due to the number of events required to make a deci-sion. This is confirmed in the results shown in Fig. 3d. Inthis plot we can also observe that increasing d, that is, givingmore trust to local events, implies a reduction of both detec-tion time and overhead (which is logical, since less eventsare needed). The significance of these detection parameterswill become more evident when handling malicious nodes.

Finally, the effect of having several selfish nodes S > 1 iseasy to evaluate. Since the number of cooperative nodes isreduced when S increases (C ¼ N � S), the effect is similarto reducing the number of nodes in the network. For exam-ple, a network withN ¼ 100 and S ¼ 5 has a behaviour sim-ilar to a network with N ¼ 96 and S ¼ 1. Thus, the harmfuleffect of selfish nodes depends mainly on the number ofremaining collaborative nodes. If this number is very low(below 20), as shown in Fig. 3b, the cooperation is greatlyreduced and the detection time increases exponentially.

In the following sections, we evaluate the impact of falsenegatives, false positives and malicious nodes. Since we areevaluating the performance of the node’s collaborativewatchdog, we choose to evaluate the performance from anarbitray node (that is, we setD ¼ 1).

5.2 Impact of False Negatives

The goal of the following experiments is to evaluate theimpact of false negatives. In all the experiments we usedpd ¼ 0:1,M ¼ pm ¼ 0,D ¼ 1,N ¼ 25. We are going to evalu-ate how the detection time (and overhead) increases depend-ing on the ratio of false negatives (pfn). The first experimentevaluates the influence of collaboration for several values ofpc when only positive detections are transmitted (that isg ¼ 0). The detection parameters were u ¼ 1 and d ¼ 1. Wecan see in Fig. 4a that the detection time increases with theratio of false negatives. This figure also shows the effect ofcollaboration: the greater the collaboration the lesser thedetection time. Thismeans that, even a lowdegree of collabo-ration reduces the impact of these local false negatives.Regarding the overhead, the experiment showed little influ-ence on the number of messages, which is always close to 20

messages. Since only positive detections are transmitted, theeffect of collaboration is always favourable. Thus, the onlyeffect of increasing the detection parameters (u) is an incre-ment on the detection time, while it fails at reducing theimpact of false negatives.

Now, we are going to evaluate the effect of transmittingall negative detections (g ¼ 1). Fig. 4b shows the results forg ¼ 1. The results when pfn is zero are very similar to the“positive detections only” diffusion case (g ¼ 0). However,when pfn is greater than zero we can observe that the detec-tion time for values of pc > 0 increases exponentially beinggreater than the detection time with no collaboration (thedashed red line). We evaluate the time the destination nodereaches a false negative state to confirm this effect. Whenpfn is near to 0.5, the model shows that this false negativestate is reached before a true positive state.

Summing up, if only positive detections are transmitted,the detection time is greatly reduced and the impact of falsenegatives is also reduced; however, when all known nega-tive detections are transmitted, collaboration amplifies theeffect of false negatives, which is clearly undesirable.

5.3 Impact of False Positives

In this section we evaluate the influence of false positivesusing the model developed in Section 4.4. This model evalu-ates how fast a false positive spreads in the network. Thus,higher values of time imply slower diffusion of false posi-tives. In this case, we expect that the diffusion of negativedetections (that is, g ¼ 1) will reduce the influence of falsepositives and that when g is zero, the influence of false posi-tives will be amplified. Fig. 5a shows the diffusion time for

Fig. 4. Evaluation of the impact of false negatives, a) for g ¼ 0, b) forg ¼ 1.


g ¼ 0, using the same parameters of Fig. 4a. We observe,that for the curves where pc > 0, the effect of false positivesis indeed amplified, leading to a drastic reduction of the dif-fusion time. This means that these false positives are spreadon the network rather quickly, as if they were ”true” posi-tives. Consequently, we need to transmit the negative detec-tions in order to compensate for these false positives. Fig. 5bshows the results for g ¼ 1. In this case, we can see that thedetection time is highly increased when the collaborationincreases and so the effect of false positives is reduced.

One way to reduce this effect is to increase the reputationthreshold u. The results confirm that the diffusion time isincreased and so the harmful impact of false positives isreduced. Nevertheless, the best approach to reduce thiseffect is to use the diffusion factor. As shown, we have theinverse effect that in the false negatives case. If only positivedetections are transmitted the effect of false positives ismagnified and so the transmission of negative detections isneeded in order to reduce the impact of false positives. Thiseffect can be regulated using the g factor. Thus, we evalu-ated the same scenario of Figs. 4 and 5 for g ¼ 0:1. For thedetection time the resulting graph is very similar to Fig. 4a,confirming that the detection time is reduced, even if theratio of false negatives is high. Regarding the diffusiontime, the resulting graph is similar to Fig. 5a, that is, the dif-fusion time is increased when the collaboration increases,effectively reducing the effect of false positives. Summingup, the g value must be tuned properly in order to achievethe desired behavior. A g value near zero greatly reducesthe detection time of selfish nodes, but it increases the

diffusion of false positives. A value near one increases thedetection time (due to the effect of false negatives), but itreduces the diffusion of false positives. For practical imple-mentations, and based on the results of our experiments, gvalues from 0:05 to 0:25 represent good options.

5.4 Impact of Malicious Nodes

In the following experiments we evaluate the effect ofmalicious nodes. Fig. 6a shows the detection time of a selfishnode depending on the maliciousness probability of onenode (M ¼ 1). This ratio range from 0 (no malicious behav-iour) to 0.5 (a very malicious behaviour). The parametersused are similar to previous experiments (N ¼ 25, D ¼ 1,pfn ¼ pd ¼ 0:1, u ¼ d ¼ 1, g ¼ 0:1). We can conclude thatwhen pm increases the detection time increases. This effectis reduced for greater degrees of collaboration. Neverthe-less, for values of pm < 0:3, the impact is very reduced,meaning that collaboration reduces the impact of maliciousnodes. The impact on the diffusion of a false positive isshown in Fig. 6b when pfp is 0.2. We can see that the diffu-sion time is reduced when pm increases, so a false positivehas a faster diffusion. Increasing the degree of collaborationreduces this diffusion for low values of pm.

The previous experiments show that collaboration can-not reduce the impact of malicious nodes for pm > 0:2.Therefore, in order to reduce this impact we need toadjust the values of the detection parameters. In thiscase, we need to give more trust to the local watchdog(that is, the d parameter). This is confirmed by the resultsshown in Fig. 7a using pc ¼ 0:2. The best results areobtained for d ¼ u ¼ 2 and d ¼ u ¼ 3. Although the

Fig. 5. Evaluation of the impact of false positives: diffusion time of falsepositives (the higher the best). a) when only positives are transmitted(g ¼ 0), b) when positives and negative are transmitted g ¼ 1.

Fig. 6. Impact of malicious nodes a) detection time of selfish node forg ¼ 0:1, b) diffusion time of false positives for g ¼ 0:1:


detection time is greater compared to d ¼ u ¼ 1 for lowvalues of pm, when pm is high, the detection time doesnot increase exponentially as for d ¼ 1. Greater values ofd and u (not shown in the graph), increases the detectiontime. Thus, given too much trust to the local watchdog isa way to elude collaboration, so the detection time isincreased. Finally, regarding the diffusion of false posi-tives, we can see in Fig. 7b that by increasing u this diffu-sion is only slightly reduced.

Finally, the effect of the number of malicious nodes Mdepends on the number of nodes evaluated. If the ratioM=N is low, the impact can be controlled using collabo-ration and reputation mechanisms, but if the ratio M=Nis high, the performance of the network can be very low.Our experiments showed that the limit is about 0.1 (thatis, one malicious node for each ten collaborative nodes).This contrasts to the effect of selfish nodes, that onlydepends on the remaining cooperative nodes, and hasless impact on network performance. These results arecoherent, as they highlight the different behaviour of self-ish and malicious nodes.

6 EXPERIMENTAL EVALUATION

This section introduces several experimental results ofCoCoWa using two realistic scenarios. It also comparesCoCoWa with previous approaches. But first, based on theprevious analytical results, we provide some experimentalguidelines to optimise CoCoWa.

6.1 Guidelines to CoCoWa Optimisation

The goal of this section is twofold: it is a guideline for select-ing the correct configuration of CoCoWa for improving the

global performance and it also summarises the resultsobtained in the experiments presented along this paper(and from other experiments not include here).

The main criteria for tuning and adjusting CoCoWaare shown on Table 1. Each row describes the influenceof the different factors on attaining a given performancegoal. In general, reducing the impact of false negativesand false positives depends on the g factor, and in thiscase, reducing both implies adjusting the diffusion factor,as shown in the table. Regarding the detection parame-ters, the best results are obtained when d ¼ u ¼ 1. Never-theless, if the number of malicious nodes or theirprobability (pm) is high, we must use d ¼ u ¼ f2; 3g inorder to assign more trust to local watchdogs.

Thus, the procedure for CoCoWa optimisation is the fol-lowing: first, we need to obtain the network characteristicssuch as number of nodes, contact rate and degree of collabo-ration. These values can be experimentally measured or esti-mated. The performance of the local watchdog is alsomeasured (or estimated), and it can depend on the networkcharacteristics. Note that this local watchdog can be adjustedin terms of detection and precision (usually, the greater theprecision, the lesser the detection ratio, as the local watchdogneeds more packet overhearing to generate a more precisedetection). For example, in order to reduce the detectiontime in a networkwith a given contact rate and collaboration,the only solution is to increase the performance of the localwatchdogmodule (if it is possible). Other network character-istics, such as the number (or ratio) of selfish and maliciousnodes, can be evaluated using several scenarios, such as theworst case scenario.

6.2 Real Mobility Scenarios

In this section we are going to evaluate CoCoWa using realmobility scenarios. One of the drawback of the analyticalmodel is the representativity of the mobility model.Although it is shown to be an excellent approximation, it isimportant to evaluate CoCoWa using both human and

Fig. 7. Reduction of the impact of malicious nodes using different detec-tion parameters a) detection time of selfish nodes, b) diffusion time offalse positives.

TABLE 1Criteria for the Selection of Parameters

Performance goal Parameter tuning

Reduce Detectiontime

Increase detection ratio (pd). Increaseprecision (reduce local False Negative(FN) ratio (pfn))

Reduce Overhead Indirectly, reducing the detection ratio(pd). Reduce diffusion factor g

Reduce Impact ofFalse Positives

Increase precision (reduce local False Pos-itives (FP), pfp). Reduce diffusion factor g

Reduce Impact ofFalse Negatives

Increase precision (reduce local FN, pfn).Increase diffusion factor g

Reduce Impact ofboth FN and FP

Increase precision (reduce local FN andFP). Set diffusion factor g in [0.05,025]range

Reduce Impact ofMalicious Nodes

If the degree of maliciousness is high(pm > 0:2) or/and the number of mali-cious nodes is high (M=N > 0:1), givemore trust to local watchdog(d ¼ u ¼ f2; 3g)

This table resumes the main factors that have impact on the consecution of thegoals. Some of the factors can be network dependent, so we need to adjustanother parameters (if it is possible).


vehicular mobility traces. In the following experiments weused some well known real contact traces (see Table 2). TheCambridge mobility set trace [17] was gathered from a set ofundergraduate students from the University of Cambridgecarrying small devices (iMotes) in 2005. The Shanghai TaxisGPS Trace [37] was collected from 2,100 taxis in Shanghaicity during February of 2007. This trace does not contain thecontacts (it contains GPS locations), so a pre-process forobtaining the contact trace is needed. Following the methodused in [37] we assume that a contact occurs if both vehiclesare within Wi-Fi range (100 meters). The result of processingthe previous mobility traces is a contact trace.

We did four experiments with different watchdog andmaliciousness parameters for each set of traces (see Table 3).The parameter N is set to the number of nodes on each net-work. In all experiments, we obtain the time and overheadfor detecting one selfish node (S ¼ 1) by one of the nodes inthe network (D ¼ 1), assuming collaboration (pc ¼ 0:3) andno collaboration (pc ¼ 0), so we can clearly evaluate the ben-efits of using CoCoWa. The simulator is the one describedin appendix A, which can be found on the ComputerSociety Digital Library at http://doi.ieeecomputersociety.org/10.1109/TMC.2014.2343627, but in this case we used areal contact trace as the input. For each experiment, we per-formed 1,000 simulations where the destination node andthe selfish node were randomly selected from all posiblenodes. The final result for each experiment is the meandetection time (and overhead) with confidence intervals.Note that, for the Shanghai experiment, our trace is limitedto a 24 hour period. So, in order to simulate more than a day(the mean detection time is greater than 24 hours), we reusethe same trace for every new day, randomly modifyingnode numbers. This is a way to force all taxis to have a dif-ferent route every day. Finally, using the contact rate (�) ofeach trace (see Table 2), we also calculated the detectiontime (and overhead) using the 4D-CTMC analytical model,to check the precision of our model.

Table 4 shows the detection time for the four experimentsusing both mobility traces. In general, we can see that ourapproach greatly reduces the detection time of the selfishnode compared with a simple local watchdog solution.Even in the worst scenario (low precision watchdog andhigh ratio of malicious of nodes), the detection is greatlyreduced. Regarding the overhead, the results of the previ-ous experiments confirm the analytical results. For example,the overhead in CoCoWa for experiment 2 for Cambridgewas 31.5 (12.5-42.2) percent using simulation, and 34.2 using

the analytical model, which is a very reduced value. In gen-eral, the overhead is linear with the number of nodes, so itis a scalable approach.

These experiments confirm the results of the previoussection based on the analytical model. We can see that thedetection time and the overhead values obtained with theanalytical model are close to the simulated ones, so theseexperiments also validate our analytical model.

6.3 Comparison with Other Approaches

We now proceed by comparing the CoCoWa approach withprevious cooperative approaches that use periodic mes-sages for the diffusion of information about selfish nodedetections (such as the ones presented in [20], [26], [28]).Note that this comparison focuses only on the diffusion pro-tocol. If a node has information about a positive (or nega-tive) detection, it will periodically broadcast a message witha given period P . This message will be received by all nodesthat are within the communication range of the sender. Theperformance of this protocol clearly depends on the periodP . A short period will reduce the detection time, but thenumber of messages transmitted (the overhead) will behigh. A large period will increase the detection time byreducing the overhead.

TABLE 2Description of Contact Traces

Cambridge Shanghai

Type Human VehicleDevice iMote GPS+GPRSNetwork Type Bluetooth WiFiDuration (hours) 274 24Resolution (s) 120 60Nodes 36 2288Contacts (C) 21200 1262498Contact Rate � (contacts/hour) 0.101 0.012

For the inter-contact rates (�) we used the sames values of [23].

TABLE 3Parameters of the Different Real Mobility

Scenarios Experiments

Experiment Parameters

1 No false negatives and positives (low detectionratio), No malicious nodes (pfn ¼ pfp ¼ 0:0,pd ¼ 0:1,M ¼ 0, d ¼ u ¼ 1, g ¼ 0:1)

2 Low ratio of false positives and negatives(higher detection ratio), No Malicious nodes(pfn ¼ pfp ¼ 0:1, pd ¼ 0:2,M ¼ 0, d ¼ u ¼ 1,g ¼ 0:1)

3 Low ratio of false positives and negatives,Low ratio of Malicious nodes (pfn ¼ pfp ¼ 0:1,pd ¼ 0:2, dM ¼ N=50e, pm ¼ 0:1, d ¼ u ¼ 1,g ¼ 0:1)

4 Worst scenario: Higher ratio of false positivesand negatives, Higher ratio of Malicious nodesand maliciousness (pfn ¼ pfp ¼ 0:2, pd ¼ 0:3,dM ¼ N=20e, pm ¼ 0:1, d ¼ u ¼ 2, g ¼ 0:1)

TABLE 4Detection Time in Hours Using Several Mobility Scenarios

Exp. Model Simulation Simulation (no colab.)

Cambridge1 6.30 7.52 (2.12-12.14) 99.01 (40.36-140.53)2 4.86 6.15 (2.05-11.02) 61.12 (38.92-99.80)3 5.51 6.03 (1.12-12.14) 91.68 (43.12-139.60)4 11.09 7.52 (2.12-12.14) 103.14 (80.48-159.17)Shanghai1 46.82 43.69 (20.06-53.63) 999.39 (614.79-1050.1)2 36.58 34.93 (18.51-42.11) 605.18 (350.66-775.31)3 40.77 45.81 (31.26-64.82) 997.77 (592.39-1050.6)4 93.35 84.91 (50.61-124.5) 1191.45 (634.54-1502.6)

See Table 3 for the parameters of each experiment. In parenthesis are the 95 per-cent confidence intervals.


The comparison of both protocols was based on a customsimulator. This simulator reads a mobility trace and, know-ing the position of the network nodes beforehand, simulatesthe periodic diffusion protocol, broadcasting a periodicmessage to all nodes that are within communication range,as described in the previous paragraph. Since our simulatorcan accept ns-2 setdest command mobility traces, we gener-ated different mobility scenarios that are used to simulateboth approaches. The main parameters for the mobilitymodel are mean-speed = 5 m/s, side-area = 1,000 m, pause-interval = 1 s and range = 100 m. Regarding CoCoWa, thewatchdog parameters are (pfp ¼ 0:17, pfn ¼ 0:08, pd ¼ 0:11),that were obtained based on a set of real testbed experi-ments from [16]. The remaining parameters are pc ¼ 0:2,g ¼ 0:1, u ¼ d ¼ 1 and there are no malicious nodes (M ¼ 0).

Fig. 8a shows the detection time and overhead for theperiodic diffusion protocol when period P ranges from 1 to30 s on a network with 40 nodes. Results confirm thatincreasing period P implies a higher detection time whilereducing the overhead. We compare these results with thedetection time and overhead values for CoCoWa. The peri-odic diffusion for periods below 3 s has a shorter detectiontime than our model, but with a higher overhead. For exam-ple, for P ¼ 1 s, the detection time is 823 s (compared with857 s of CoCoWa) and the overhead is 9,791 messages(CoCoWa cost is always 162). For P ¼ 3 s, the detectiontime is similar to our approach, and the overhead is 3,779messages. In order to clearly compare these approaches,Fig. 8b shows the ratio between the detection time and over-head for both of them. Three different numbers of nodes(N ¼ 30; 40; 50) are used. We can see that, for the periodicdiffusion, the detection time increases compared to the

CoCoWa approach. Only for reduced periods (P < 4) is thedetection time lower or equal than for CoCoWa. Regardingthe overhead, we can see that even when increasing theperiod, it is still six times greater than with CoCoWa.Regarding false positives, in the periodic model the diffu-sion time of false positives is reduced for low values of P .For example, for N ¼ 40 the detection time of false positivesis reduced from 15;024 s when there is no diffusion of posi-tive detections to 900 s when P ¼ 1.

Summarizing, although using periodic diffusion canreduce the detection time slightly, this implies a large over-head and the impact of false positives is very high, and so itis not a viable strategy for low period values.

7 RELATED WORK

There are two main strategies to deal with selfish behaviourin cooperative networks. The first approach tries to motivatethe nodes to actively participate in the forwarding activities.For example, in [4], [5] the authors presented a methodusing a virtual currency called nuglet. Zhong et al. [36] pro-posed SPRITE, a credit-based system to incentivate partici-pation of selfish nodes in MANET communication. Theseincentivation methods present several problems, such asthe need for some kind of implementation infrastructure tomaintain the accounting and they usually rely on the use ofsome kind of tamper-proof hardware. The COMMIT Proto-col [9] combines game-theoretic techniques to achieve truth-fulness and an incentivation payment scheme to reduce theimpact of selfish nodes on routing protocols. Regarding thedetection and exclusion approach, there are several solu-tions for MANETs and DTNs. A first study about misbehav-ing nodes and how watchdogs can be used to detect themwas introduced in [25]. The authors proposed a Watchdogand Pathrater over the DSR protocol to detect non-forward-ing nodes, maintaining a rating for every node. In [28]another scheme for detecting selfish nodes based on contextaware information was proposed.

In previous works it has been shown how some degree ofcooperation can improve the detection of selfish or misbe-having nodes. The CONFIDENT protocol was proposed in[3], which combines a watchdog, reputation systems,Bayesian filters and information obtained from a node andits neighbours to securely detect misbehaving nodes. Thesystem’s response is to isolate those nodes from the net-work, punishing then indefinitely. A distributed intrusiondetection system (IDS) is introduced in [35]. In thisapproach if a node locally detects an intrusion with strongevidence, it can initiate a response. However, if a nodedetects an anomaly with weak evidence, it can initiate acooperative global intrusion detection procedure. A similarapproach is the mobile intrusion detection system describedin [20]. In this case, local sensor ratings are periodicallyflooded throughout the network in order to obtain a globalrating for each misbehaving node. Another approach isCORE “collaborative reputation mechanism” [26]. TheCORE system is similar to the distributed IDS approachesdescribed below. It consists in local observation usingwatchdogs that are combined and distributed to obtain areputation for each node. This reputation is used to deter-mine whether a node is allowed to participate (otherwise, it

Fig. 8. Comparison of periodic diffusion and CoCoWa. a) Detection timeand overhead depending on period P for N ¼ 40. The dotted linesaround the curves are the 95 percent confidence intervals. The confi-dence intervals for the CoCoWa detection time and overhead, are notplotted in the graph and are [625, 1021] and [102, 243] respectively. b)Plot of the ratio between the detection time of periodic diffusion andCoCoWa (TdðP Þ=TdðCoCoWaÞ) and overhead (OdðP Þ=OdðCoCoWaÞ)


is excluded). Another approach is OCEAN [2] where thereputation of a neighbour is evaluated using only locallyavailable information, avoiding complex and potentiallyvulnerable techniques of reputation propagation through-out the network. It is shown that, even with direct neigh-bour observations, OCEAN performs almost as well asthose schemes that share second-hand reputation informa-tion. In [14] an analytical selfish model (which is tied specifi-cally to the Ad hoc on-demand distance vector (AODV)routing protocol) is proposed. A recent work [34], introdu-ces the audit-based misbehaviour detection (AMD) whichisolates continuous and selective packet droppers. TheAMD system integrates reputation management, trustwor-thy route discovery, and identification of misbehavingnodes based on behavioural audits. This scheme also col-lects first and second-hand information for obtaining thereputation of nodes.

More recently, papers have focused on DTNs. In [19], theauthor introduces a model for DTN data relaying schemesunder the impact of node selfishness. A similar approach ispresented in [23] that shows the effect of socially selfishbehaviour. Social selfishness is an extension of classical self-ishness (also called individual selfishness). A social selfishnode can cooperate with other nodes of the same group,and it does not cooperate with other nodes outside thegroup. The impact of social selfishness on routing in DTNhas been studied in [22].

Our approach presents similarities with the ones pre-sented in [20], [26]. Nevertheless, these approaches donot evaluate the effect of false positives, false negativesand malicious nodes. For example, the approach in [26]only transmits positive detections. The problem, asshown in the evaluation sections, is that if a false posi-tive is generated it can spread this wrong informationvery quickly on the network, isolating nodes that are notselfish. Therefore, an approach that includes the diffu-sion of negative detections as well becomes necessary.Another problem is the impact of colluding or maliciousnodes. Although a reputation system, as the one pre-sented in [26], can be useful to mitigate the effect ofmalicious nodes, it clearly depends on how are com-bined local and global ratings, as shown in this paper.Another implementation issue is the high imposed over-head due to the flooding process in order to achieve afast diffusion of the information. Since our approach isbased on contacts, it has been proven that the overheadis greatly reduced.

8 CONCLUSIONS

This paper proposes CoCoWa as a collaborative contact-basedwatchdog to reduce the time and improve the effectivenessof detecting selfish nodes, reducing the harmful effect offalse positives, false negatives and malicious nodes.CoCoWa is based on the diffusion of the known positiveand negative detections. When a contact occurs betweentwo collaborative nodes, the diffusion module transmitsand processes the positive (and negative) detections.

Analytical and experimental results show that CoCoWacan reduce the overall detection time with respect to theoriginal detection time when no collaboration scheme is

used, with a reduced overhead (message cost). This reduc-tion is very significant, ranging from 20 percent for verylow degree of collaboration to 99 percent for higher degreesof collaboration. Regarding the overall precision we showhow by selecting a factor for the diffusion of negative detec-tions the harmful impact of both false negatives and falsepositives is diminished. Finally, using CoCoWa we canreduce the effect of malicious or collusive nodes. If mali-cious nodes spread false negatives or false positives in thenetwork CoCoWa is able to reduce the effect of these mali-cious nodes quickly and effectively. Additionally, we haveshown that CoCoWa is also effective in opportunistic net-works and DTNs, where contacts are sporadic and haveshort durations, and where the effectiveness of using onlylocal watchdogs can be very limited.

In short, the combined effect of collaboration and reputa-tion of our approach can reduce the detection time whileincreasing the global accuracy using a moderate local preci-sion watchdog.

ACKNOWLEDGMENTS

This work was partially supported by the Ministerio de Cien-cia e Innovaci�on, Spain (grant TIN2011-27543-C03-01).

REFERENCES

[1] S. Abbas, M. Merabti, D. Llewellyn-Jones, and K. Kifayat,“Lightweight sybil attack detection in manets,” IEEE Syst. J.,vol. 7, no. 2, pp. 236–248, Jun. 2013.

[2] S. Bansal and M. Baker, “Observation-based cooperation enforce-ment in ad hoc networks” arXiv:cs.NI/0307012, 2003.

[3] S. Buchegger and J.-Y. Le Boudee, “Self-policing mobile ad hocnetworks by reputation systems,” IEEE Commun. Mag., vol. 43,no. 7, pp. 101–107, Jul. 2005.

[4] L. Butty�an and J.-P. Hubaux, “Enforcing service availability inmobile ad-hoc WANs,” in Proc. 1st Annu. Workshop Mobile Ad HocNetw. Comput., 2000, pp. 87–96.

[5] L. Butty�an and J.-P. Hubaux, “Stimulating cooperation in self-organizing mobile ad hoc networks,” Mobile Netw. Appl., vol. 8,pp. 579–592, 2003.

[6] H. Cai and D. Y. Eun, “Crossing over the bounded domain: Fromexponential to power-law intermeeting time in mobile ad hocnetworks,” IEEE/ACM Trans. Netw., vol. 17, no. 5, pp. 1578–1591,Oct. 2009.

[7] A. Chaintreau, P. Hui, J. Crowcroft, C. Diot, R. Gass, and J. Scott,“Impact of human mobility on opportunistic forwarding algo-rithms,” IEEE Trans. Mobile Comput., vol. 6, no. 6, pp. 606–620,Jun. 2007.

[8] J. R. Douceur, “The sybil attack,” in Proc. Revised Papers 1st Int.Workshop Peer-to-Peer Syst., 2002, pp. 251–260.

[9] S. Eidenbenz, G. Resta, and P. Santi, “The COMMIT protocolfor truthful and cost-efficient routing in ad hoc networks withselfish nodes,” IEEE Trans. Mobile Comput., vol. 7, no. 1,pp. 19–33, Jan. 2008.

[10] W. Gao, Q. Li, B. Zhao, and G. Cao, “Multicasting in delay tolerantnetworks: A social network perspective,” in Proc. 10th ACM Int.Symp. Mobile Ad Hoc Netw. Comput., 2009, pp. 299–308.

[11] R. Groenevelt, P. Nain, and G. Koole, “The message delay inmobile ad hoc networks,” Perform. Eval., vol. 62, pp. 210–228,Oct. 2005.

[12] E. Hern�andez-Orallo, M. D. Serrat, J.-C. Cano, C. M. T. Calafate,and P. Manzoni, “Improving selfish node detection in MANETsusing a collaborative watchdog,” IEEE Comm. Lett., vol. 16, no. 5,pp. 642–645, May 2012.

[13] E. Hern�andez-Orallo, M. D. Serrat Olmos, J.-C. Cano, C. T.Calafate, and P. Manzoni, “Evaluation of collaborative selfishnode detection in MANETS and DTNs,” in Proc. 15th ACM Int.Conf. Modeling, Anal. Simul. Wireless Mobile Syst., New York, NY,USA, 2012, pp. 159–166.


[14] M. Hollick, J. Schmitt, C. Seipl, and R. Steinmetz, “On the effect ofnode misbehavior in ad hoc networks,” in Proc. IEEE Int. Conf.Commun., 2004, pp. 3759–3763.

[15] J. Hortelano, J.-C. Cano, C. T. Calafate, M. de Leoni, P. Manzoni,and M. Mecella, “Black hole attacks in p2p mobile networks dis-covered through Bayesian filters,” in Proc. Int. Conf. Move Mean-ingful Internet Syst., 2010, pp. 543–552.

[16] J. Hortelano, J. C. Ruiz, and P. Manzoni, “Evaluating the useful-ness of watchdogs for intrusion detection in VANETs,” in Proc.Int. Conf. Commun. Workshop, 2010, pp. 1–5.

[17] P. Hui, J. Crowcroft, and E. Yoneki, “Bubble rap: social-based for-warding in delay tolerant networks,” in Proc. 9th ACM Int. Symp.Mobile Ad Hoc Netw. Comput., 2008, pp. 241–250.

[18] T. Karagiannis, J.-Y. Le Boudec, and M. Vojnovi�c, “Power law andexponential decay of inter contact times between mobile devices,”in Proc. ACMMobicom Annu. Int. Conf. Mobile Comput. Netw., 2007,pp. 183–194.

[19] M. Karaliopoulos, “Assessing the vulnerability of DTN datarelaying schemes to node selfishness,” IEEE Commun. Lett.,vol. 13, no. 12, pp. 923–925, Dec. 2009.

[20] F. Kargl, A. Klenk, S. Schlott, and M. Weber, “Advanced detectionof selfish or malicious nodes in ad hoc networks,” in Proc. 1st Eur.Conf. Security Ad-Hoc Sens. Netw., 2004, pp. 152–165.

[21] F. Kargl, A. Klenk, M. Weber, and S. Schlott, “Sensors for detec-tion of misbehaving nodes in MANETs,” in Proc. Detection Intru-sions Malware Vulnerability Assessment, 2004, pp. 83–97.

[22] Q. Li, S. Zhu, and G. Cao, “Routing in socially selfish delay toler-ant networks,” in Proc. IEEE Conf. Comput. Commun, 2010,pp. 857–865.

[23] Y. Li, G. Su, D. Wu, D. Jin, L. Su, and L. Zeng, “The impact of nodeselfishness on multicasting in delay tolerant networks,” IEEETrans. Veh. Technol., vol. 60, no. 5, pp. 2224–2238, Jun. 2011.

[24] M. Mahmoud and X. Shen, “ESIP: Secure incentive protocolwith limited use of public-key cryptography for multihopwireless networks,” IEEE Trans. Mobile Comput., vol. 10, no. 7,pp. 997–1010, Jul. 2011.

[25] S. Marti, T. J. Giuli, K. Lai, and M. Baker, “Mitigating routing mis-behavior in mobile ad hoc networks,” in Proc. ACM MobicomAnnu. Int. Conf. Mobile Comput. Netw., 2000, pp. 255–265.

[26] P. Michiardi and R. Molva, “CORE: A collaborative reputationmechanism to enforce node cooperation in mobile ad hocnetworks,” in Proc. 6th Joint Working Conf. Commun. MultimediaSecur., 2002, pp. 107–121.

[27] A. Passarella, and M. Conti, “Characterising aggregate inter-contact times in heterogeneous opportunistic networks,” in Proc.10th Int. IFIP TC 6 Conf. Netw., 2011, pp. 301–313.

[28] K. Paul and D. Westhoff, “Context aware detection of selfishnodes in DSR based ad-hoc networks,” in Proc. IEEE Global Tele-commun. Conf., 2002, pp. 178–182.

[29] M. D. Serrat-Olmos, E. Hern�andez-Orallo, J.-C. Cano, C. T.Calafate, and P. Manzoni, “A collaborative Bayesian watchdog fordetecting black holes in MANETs,” in Proc. 6th Int. Symp. Intell.Distrib. Comput. VI, 2012, vol. 446, pp. 221–230.

[30] C. K. N. Shailender Gupta and C. Singla, “Impact of selfish nodeconcentration in MANETs,” Int. J. Wireless Mobile Netw., vol. 3,no. 2, pp. 29–37, Apr. 2011.

[31] C. Toh, D. Kim, S. Oh, and H. Yoo, “The controversy of selfishnodes in ad hoc networks,” in Proc. Adv. Commun. Technol.,Feb. 2010, vol. 2, pp. 1087–1092.

[32] Y. Yoo, S. Ahn, and D. Agrawal, “A credit-payment scheme forpacket forwarding fairness in mobile ad hoc networks,” in Proc.IEEE Int. Conf. Commun., May 2005, vol. 5, pp. 3005–3009.

[33] X. Zhang, G. Neglia, J. Kurose, and D. Towsley, “Performancemodeling of epidemic routing,” Comput. Netw., vol. 51, no. 10,pp. 2867–2891, 2007.

[34] Y. Zhang, L. Lazos, and W. Kozma, “AMD: Audit-based misbe-havior detection in wireless ad hoc networks,” IEEE Trans. MobileComput., vol. PP, no. 99, 2012, http://doi.ieeecomputersociety.org/10.1109/TMC.2012.257

[35] Y. Zhang, W. Lee, and Y.-A. Huang, “Intrusion detection techni-ques for mobile wireless networks,” Wireless Netw., vol. 9, no. 5,pp. 545–556, Sep. 2003.

[36] S. Zhong, J. Chen, and Y. Yang, “Sprite: A simple, cheat-proof,credit-based system for mobile ad-hoc networks,” in Proc. IEEEConf. Comput. Commun., Mar. 2003, vol. 3, pp. 1987–1997.

[37] H. Zhu, L. Fu, G. Xue, Y. Zhu, M. Li, and L. M. Ni, “Recognizingexponential inter-contact time in VANETs,” in Proc. IEEE Conf.Comput. Commun., 2010, pp. 101–105.

Enrique Hern�andez-Orallo received the MScand PhD degrees in computer science fromthe Universitat Polit�ecnica de Val�encia (UPV),Spain, in 1992 and 2001, respectively. He iscurrently an associate professor in the Depart-ment of Computer Engineering, UniversitatPolit�ecnica de Val�encia. From 1991-2005 hewas at several companies in real-time andcomputer networks projects. His areas of inter-est include distributed systems, performanceevaluation, and mobile and pervasive comput-

ing. He is a member of the IEEE.

Manuel David Serrat Olmos received thedegree in computer science in 1995 from theUPV, the master’s degree in ITC DepartmentManaging from the Universidad Polit�ecnica deMadrid (UPM) in 2008, the MSc degree incomputer engineering, and the PhD degree incomputer science UPV, in 2011 and 2013,respectively. He was with several institutionsand, nowadays, he is the ITC director at theValencia County Fire Department. He is a co-author of about 10 journal and conference

papers, and author of one Linux book.

Juan-Carlos Cano received the MSc and thePhD degrees in computer science from the Uni-versitat Polit�ecnica de Val�encia (UPV), in 1994and 2002, respectively. He is currently a fullprofessor in the Department of Computer Engi-neering, Universitat Polit�ecnica de Val�encia,Spain. From 1995-1997 he was a programminganalyst at IBM’s manufacturing division inValencia. His current research interests includevehicular networks, mobile ad hoc networks, andpervasive computing.

Carlos T. Calafate graduated with honors inelectrical and computer engineering from theUniversity of Oporto, Portugal, in 2001 andreceived the PhD degree in computer engi-neering from the Technical University of Valen-cia in 2006, where he has worked since 2005.He is currently an associate professor in theDepartment of Computer Engineering, Univer-sitat Polit�ecnica de Val�encia (UPV), Spain. Hisresearch interests include mobile and perva-sive computing, security and QoS on wireless

networks, as well as video coding and streaming.

Pietro Manzoni received the MS degree in com-puter science from the Universit�a degli Studi,Milan, Italy, in 1989, and the PhD degree in com-puter science from the Politecnico di Milano, Italy,in 1995. He is currently a full professor of com-puter science at the Universitat Polit�ecnica deVal�encia, Spain. His research activity is related tomobile wireless data systems design, modelling,and implementation. He is a member of the IEEE.

" For more information on this or any other computing topic,please visit our Digital Library at www.computer.org/publications/dlib.


CoCoWa A Collaborative Contact-Based

Documents

Transcript of CoCoWa A Collaborative Contact-Based