2021 International Conference on Emerging Smart Computing and Informatics (ESCI)

AISSMS Institute of Information Technology, Pune, India. Mar 5-7, 2021

A Table Based Attack Detection (TBAD) scheme

for Internet of Things: An approach for Smart City
Environment
2021 International Conference on Emerging Smart Computing and Informatics (ESCI) | 978-1-7281-8519-4/20/$31.00 ©2021 IEEE | DOI: 10.1109/ESCI50559.2021.9396929

Serin V Simpson G Nagarajan

Research Scholar, Professor,
Department of Computer Science and Engineering, Department of Computer Science and Engineering,
Sathyabama Institute of Science and Technology, Sathyabama Institute of Science and Technology,
Jeppiaar Nagar, Chennai, India. Jeppiaar Nagar, Chennai, India.
serinsimpson@gmail.com nagarajanme@yahoo.co.in
ORCID: 0000-0002-0977-274X ORCID: 0000-0002-9891-1288

Abstract—People wish to live in smart cities due to the data packet and the drop of data packets will reduce the
better lifestyle that can be offered by such environments to the efficiency of network. Packet drop attacks are the first choice
residents. Smart cities have been developed with the help of of a denial of service attacker. It can be implemented without
‘Internet of Things’ (IoT) network. The increased acceptance any further communication in between the nodes. The effect
became a reason for the attackers to choose such environments of such attacks is really high. Packet drop can happen due to
as their first choice. Many attacks are present in the IoT many normal reasons. Unavailability of network resources,
network, which can directly affect the integrity of data and the limitation in cash memory and improper load balancing can
smooth working of IoT network. The data integrity can be be the reason for packet drop. That is the advantage of an
assured by using any of the existing end-to-end encryption
attacker in choosing packet drop attack. Network nodes are
schemes. But, the Denial of Service (DoS) attacks can harm the
IoT network, if the system fails to find the source of attack.
not normally capable to distinguish a normal packet drop and
The attacking strategy and the pattern will differ each time, a packet drop by an attacker. Network requires a separate
even for the same kind of attack. The proposed work mainly mechanism to find the same. All packet drop attacks produce
focuses on packet drop attacks and the way to detect the the same result, but it may differ in the implementation
strategically different dropping attacks. This work gives an strategy. Thus it is hard to distinguish from normal packet
optimal solution to detect and prevent the gray hole and selfish drop [3].
node attacks present in Edge based Smart City environment.
The well known packet drop attacks are black hole
The proposed Table Based Attack Detection Scheme (TBAD) is
attack, gray hole attack and selfish node attack. All these
a table based approach developed for the malicious free
communication in Smart City Environment.
attacks produce the same result but each one is unique in
their attacking pattern. Majority of algorithms fail to identify
Keywords—Smart Cities, IoT, Edge Computing, MEC, TBAD the attack. Even though the existing systems can find the
packet drop attacks by assessing the dropped packet count,
I. INTRODUCTION still most of them are not capable to distinguish the attack.
The devices inside the smart city environment have large Edge based mechanism usually uses a collective approach in
scale service requirements. Due to the economical network administration. Edge nodes mostly use accusation or
consideration and increased demand, we cannot deploy voting based scheme to identify and isolate the malicious
highly efficient devices inside the smart city. Thus resource activities. Accusation based mechanisms are capable to
limited devices will be largely deployed to serve the end identify the normal packet drop attacks. But such
users. The services will be offered by utilizing cloud servers. mechanisms fail to identify gray hole attack and selfish node
But those cloud servers cannot ensure a timely response due attack due to some reasons. The proposed method, TBAD is
to the network as well as other constraints [1]. The Edge capable to identify, distinguish and prevent the packet drop
computing has been introduced to overcome the limitations attacks. TBAD uses table based approach in implementation
of cloud servers. Due to the deployment of servers, the IoT and an accusation based approach in malicious node
devices could be served from the edge of the network. The identification [4].
wide acceptance and the increased demand of smart city II. RELATED WORK
environment also increased the interest of attackers to intrude
the network for contributing possible damages towards Bo Wang et al. (2020) have proposed a trust management
ongoing communications [2]. mechanism for ensuring the trustworthiness of IoT devices in
smart city environment. The proposed method establishes a
The most simple and powerful way of an attacker node to weighted information network among network entities for
destroy the stability of the network is packet drop attack. A having secure communication. The weight value is
network has two kinds of packets, control packets and data calculated based on network parameters. The nodes in the
packets. Both are equally important in network aspects. network will be categorized into two lists named white list
Transmission of the data packets is the primary goal of and black list. Nodes will be included to communication path
network. Control packets help the network to deliver the data strictly based on the occupying list. Additionally an
packets to destination successfully without delay. Drop of algorithm has been proposed to select the IoT devices based
any type of packet will affect the smooth working of on the list. The trust of an IoT device is computed based on
network. Drop of control packets will affect the delivery of

978-1-7281-8519-4/21/$31.00 ©2021 IEEE 696

Authorized licensed use limited to: Linkoping University Library. Downloaded on June 21,2021 at 20:17:22 UTC from IEEE Xplore. Restrictions apply.
strategy expectation fitness value. The trust management have been introduced along with IoT for improving the life
introduced in this paper is capable to include multi intelligent style of residents in smart city environment.
devices in IoT based smart city environment [5].
A. System Architecture
Hui Zhang et al. (2020) have introduced secure data The architecture of proposed system consists of three
management design for IoT based Smart city environment. layers. The cloud data center is placed at upper business
The proposed system has three layers namely data security solution layer. Several edge devices have been deployed
layer, computational layer and decision making layer. The under the cloud data center. Each IoT devices in smart city
encryption algorithm has been included in data security layer environment will have direct connection with at least one
for keeping the integrity of the data. It uses a payload based edge server. The overall execution control will be handled by
symmetric key encryption scheme. All the computations cloud data center. But, the edge servers are capable to serve
required inside the smart city will be performed in the IoT devices from the edge of the network. The sensed
computational layer. The necessary information will be data will be collected by edge server from the underlying IoT
inferred from the available data at decision making layer. devices. The data processing and analysis will be done at
The decisions will be taken based on the inferred information Edge nodes. A detailed report will be sent to cloud data
at the same layer itself [6]. center after processing the service request.
Ruo Jun Cai et al. (2020) have proposed Evolutionary
self-cooperative mechanism to defend against malicious
nodes. A node can identify the malicious node by computing
the trust value. In order to make it more accurate the
proposed system uses a cooperative approach to find the
malicious nodes. It is a record based protocol. The approach
predicts the trust based on the previous records. The self
assessment procedure depends mainly on the records kept at
neighboring nodes. Individual nodes can compute the trust
based on the retrieved data. The cooperative approach is
dynamic in practice. The trust shares are collected from
different nodes and compute a single value using the trust
shares [7].
Nadav Schweitzer et al. (2020) proposed a grey
hole attack identification mechanism. The proposed system
addresses the limitations of the existing packet drop
identification mechanisms to find grey hole attack. The basic
idea of the work is to find and eliminate the suspected nodes
away from communication links. The detection is based on
the data received from the neighboring nodes [8].
Rutvij et al. (2018) have developed a trusted routing
scheme based on the attack patterns. The model performs
sensitivity analysis of trusted routing scheme with pattern
discovery. The analysis is done by considering different
parameters which results to packet dropping attack. This
model identifies the possible attack patterns and it will
eliminate the malicious nodes in early stage itself. That in
turn increases the reputation and quality of service. This
model predicting the possible patterns based on the delivery
ratio and normalized routing overhead [9].
Desai et al. (2018) have proposed a proactive predictive
approach to mitigate sequence number attacks. This paper
studies the existing attacks on sequence numbers. The
sequence number attack is a kind of routing attack. The
proposed method has a predictive approach to find sequence Fig. 1. System Architecture
number attacks, which discovers misbehaving nodes at the
time of route discovery. The predictive method, based on Figure 1 shows the system architecture of proposed Table
linear regression is applied on ad hoc on demand distance Based Attack Detection Mechanism.
vector routing. The comparative analysis shows that the
proposed scheme increases the quality of service [10]. B. Performance analysis of Normal Accusation based
approaches
III. SYSTEM ARCHITECTURE AND PROBLEM STATEMENT The accusation based scheme is capable to identify the
The emergence of smart city concept also raised the need malicious nodes, since it entrusted every node to accuse their
of incorporating new technologies to the communication malicious neighbor. If a node performs packet drop attack,
system. The traditional communication system was not then the neighbor node immediately report that to Edge node.
capable to serve the requirement of smart city environment. If the Edge node receives enough number of accusations
At the juncture, the cloud computing and edge computing about a node, then the accused node will be added to ‘Do not

697

Authorized licensed use limited to: Linkoping University Library. Downloaded on June 21,2021 at 20:17:22 UTC from IEEE Xplore. Restrictions apply.
Consider List’ (DCL). The performance of accusation based node receives enough accusations. So, normal accusation
approach with the different kinds of packet dropping attacks based methods cannot identify the presence of selfish nodes.
are analyzed below. Also, the problems happening during the gray hole attack is
also applicable in case of selfish node attack. The legitimate
1) Working of Accusation based approach with Black nodes will be added one by one to DCL due to the lack of
hole Attack enough number of accusations.
Black hole attack is the purest form of packet drop attack.
No packets will be forwarded from a black hole. Packets IV. PROPOSED SYSTEM
received at a black hole may be eavesdropped. All received Normal accusation method cannot be used to identify the
packets will be dropped without considering any factors. The gray hole and selfish node attacks in IoT based smart city
compromised node may claim even a non-existing shortest environment. Thus TBAD proposes a historical accusation
path to include itself in all nearby communication paths. The data analysis to defend against those attacks. The Edge node
packets coming through those links will be completely keeps a track of accusations received about its connected IoT
discarded by black hole [11]. Since there is a complete drop devices in a table. The immediate decisions will be taken
by a malicious node, the neighboring nodes can easily based on the received accusations. But, a re-assessment will
identify a block hole. In accusation based approach, the Edge be done immediately after every time interval. TBAD
node will get enough accusations about a black hole. The considers last 10 interval data for every re-assessment. The
more a black hole drops packets, the more Edge node will table format for keeping the accusation data is plotted below.
get accusations. Here the packet drop is at the fullest, so
accusations will also be in large count. Thus, accusation TABLE I. HISTORICAL ACCUSATION TABLE
based approach is itself capable to identify and eliminate the
black hole attack [12]. Node, n1 .... Node, ni
Time
Interval a1 d1 h1 ai di hi
2) Working of Accusation based approach with Gray ....
hole Attack t10 to t9 - - - .... - - -
Gray hole attack is also a kind of packet drop attack but it t9 to t8 - - - .... - - -
differs from black hole attack. In gray hole attack, only 50% …… …. …. …. …. …. ….. ….
of received packets will be dropped. The compromised node
t2 to t1 - - - .... - - -
will forward half of the received packets to next hop and
discards the rest of the packets. Gray hole attack is hard to t1 to t0 - - - .... - - -
identify, because the attacker node sometimes behave
normally and sometimes behave as an attacker. Thus the
attacker node may be good for some of its neighbors for an Where, ‘i’ is the total number of IoT devices connected
interval, whereas bad to other nodes at the same time. In to the Edge node ‘e’, t1 to t0 is the present time interval, {ni}
accusation based approach, the accusations about a node will is the set of IoT devices connected to the Edge node, ‘ai’ is
be counted only if the Edge node gets number of accusations the total number of accusations received, ‘di’ is the packet
more than a threshold value. In case of less number of drop and ‘hi’ is the total number of packets handled.
accusations, the accuser nodes will be added to DCL and the The historical accusation table contains the accusation
accused node will be free to participate in the communication details about the IoT devices connected to the Edge node.
[13]. If a gray hole attacker is present in the network, the The table is maintained by Edge node. Last added time slot
protocol rules may harm the network more than a gray hole
will be replaced by every new time slot. Whenever enough
attack can do. Since the gray hole is working normally to
accusations are received, the node /IoT device will be
some of its neighbors during some intervals, all nodes cannot
accuse the gray hole node at the same time. Thus the moved to ‘Do not Consider List’ (DCL) and the table
minimum required accusations count cannot be attained by column for the removed node will be deleted. The main aim
the neighboring nodes. In such cases, even though the of this table is to find gray hole and selfish node attack. In
accusations are genuine, the protocol will add the accuser the case of black hole attack, the number of accusations will
nodes to DCL as per the protocol conditions. If the same be collected during a single time interval. The neighboring
scenario repeats for number of times, then only the gray hole nodes can easily find the black hole and almost all neighbors
node will remain in the network and all other legitimate will accuse the black hole. Thus Edge node can remove the
nodes will be falsely added to DCL. accused node at the end of a single time slot. The history
based analysis is not required in the case of black hole node.
3) Working of Accusation based approach with Selfish The column of attacker node will be removed from the
Node Attack historical accusation table permanently.
Selfish node attack is not an external attack like black
hole and gray hole attacks. The selfish node attack is an Table dependant analysis is required for the gray hole
internal attack by selfish nodes. It is also a kind of packet
attack. The gray hole may be detected by some of the
drop attack. In selfish node attack, the selfish node discards
the received packet to save its own resources. A node’s neighboring nodes during every time interval. But, due to
selfish behavior is really hard to detect. It always seems to be the insufficient number of accusations, the accuser nodes
a packet drop due to normal resource constraints. Only a few will be added to DCL immediately after the time slot. Thus
neighboring nodes could identify the selfish behavior when the accused node could not be detected even in a long run.
their packets were discarded by the selfish node. Thus the At this scenario, TBAD could identify the attacker with the
number of accusations from neighboring nodes will be really help of historical accusation table. The number of
low in cases of selfish node attack [14]. In accusation based accusations received about every node will be kept in table
approach, the accused node will be isolated only if the Edge at least for past 10 intervals. Even though, the neighboring

698

Authorized licensed use limited to: Linkoping University Library. Downloaded on June 21,2021 at 20:17:22 UTC from IEEE Xplore. Restrictions apply.
nodes failed to make good accusation count about a gray ௧భబ ௧௢௧వ ݀
hole attacker, a small accusation count can be added by the σ௜ୀ௧ ܽ ቆ߱ଵ ൅ ߱ଶ ቀ ௜ ቁቇ
భ ௧௢௧బ ௜ ݄௜
neighboring nodes during almost all intervals. Continuous ܸ݈ܵܰܽ‫ ݁ݑ‬ൌ 
݇
accusations about a node indicate the presence of gray hole (3)
in the network. The past 10 table entries of a node will be
assessed at the end of every new time slots. As per the Where, ߱ଵ and ߱ଶ are weight values having values 0.25
experimental simulations, if the accusation count of a node and 0.75 respectively. SN Value is used to find the Selfish
is greater than 0 in 80% time slots, then it indicates a gray Node. The SN Threshold is fixed to 0.475 based on the
hole attacker. Based on the data in historical accusation table following conditions. There must be an average of 30%
packet drop and ‘k’ value must be greater than or equal to 4
the GH value will be computed.
with at least 1 accusation for considering a node as a selfish
node. The identified selfish node will be immediately added
σ௧௜ୀ௧
భబ ௧௢௧వ
ܽ
భ ௧௢௧బ ௜ to DCL. The accuser nodes of that selfish node which are
‫ ݏ݊݋݅ݐܽݏݑܿܿܣ݁݃ܽݎ݁ݒܣ‬ൌ  falsely added in DCL, will be reconnected back to the edge
݇
(1) node. The overall algorithm for detecting the dropping
attacks is added below.
Where, k is the total number of table rows having
accusation count greater than ‘0’. By using equation (1),
ALGORITHM 1: RE-ASSESSMENT ALGORITHM

௧భబ ௧௢௧వ ௧భబ ௧௢௧వ Input: Historical Accusation Table

ͲǤͳ ݀௜ Output: Grouping between Gray Hole Attacker, Selfish
‫ ݁ݑ݈ܸܽܪܩ‬ൌ ‫כ‬ቌ ෍ ܽ௜ ‫כ‬ ෍ ቍ
݇ ݄௜ Node and normal node.
௜ୀ௧భ ௧௢௧బ ௜ୀ௧భ ௧௢௧బ
Algorithm:
(2)
Initialization: j=1; i = number of IoT devices connected to
the Edge node ‘e’; nj= jth IoT device
GH Value is used to find the presence of Gray Hole 01: Begin
attacker. The GH Threshold is fixed to 0.8 based on the 02: While j  i, do
following conditions. There must be an average of 40% 03: If (k  8) then
packet drop and ‘k’ value must be greater than or equal to 8 04: Compute GH value of nj using equation (2)
with average 2 accusations for considering a node as a gray 05: If (GH value > 0.8) then
hole attacker. At the point of finding gray hole attack, the 06: Mark nj as Gray Hole attacker & add to DCL
node will be added to DCL. All the accuser nodes removed 07: Release the accuser nodes of nj from DCL
from normal nodes due to that gray hole attacker will be 08: Else
09: Mark nj as normal node
added back to normal nodes from DCL. Edge node will add
10: End if
new columns for the newly admitted nodes and the column
11: Else if (4  k < 8) then
maintained for the attacker node will be removed from 12: Compute SN value of nj using equation (3)
historical accusation table. 13: If (SN value > 0.475) then
The neighboring nodes are less capable to detect 14: Mark nj as selfish node & add to DCL
the selfish nodes in the network than gray hole attack. The 15: Release the accuser nodes of nj from DCL
selfish node shows selfish behavior only when it needs to 16: Else
handle more packets. Thus the node won’t be reported in 17: Mark nj as normal node
every time interval as seen in the case of gray hole attack. 18: End if
As per the experimental simulations, it is found that the 19: Else if (k < 4) then
selfish node is accused by some of its neighbors during 40% 20: Mark nj as normal node
time slots or above. But, some legitimate normal nodes may 21: End if
also have accusations due to resource constraints during 22: j ++;
more than 40% time slots. Thus it is hard to analyze and 23: End while
identify the selfish nodes form accusation data. That’s the 24: End
reason for adding the handled packet count to historical
table. TBAD checks these two data together for the
confirmation of selfish nodes. The selfish node attacks By using the historical accusation table, we could
happen only when the selfish nodes are overloaded with overcome the problems associated with gray hole and selfish
packets. At that time only the selfish node drops the packets node attacks. The TBAD works perfectly with almost all
coming from neighboring nodes. So, along with the positive variants of packet drop attacks.
accusation count, the total number of packets handled V. COMPARISON AND ANALYSIS OF EXPERIMENTAL RESULTS
during those time interval, will also be considered. If the
packet handled count is greater during those time slots, then The TBAD has implemented using NS-2.35. 100 nodes
we can count it as selfish node attack. Based on the data in having speed 25 m/s have been deployed to a 1000 X 1000
area. Each node has a transmission range of 270m and the
historical accusation table the SN value will be computed.
simulation uses Two Ray Ground propagation model.
Simulation uses IEEE 802.11 medium access control
mechanism. The values plotted in the graphs are an average
of 10 repeated simulations of 1 to 600 seconds, under the

699

Authorized licensed use limited to: Linkoping University Library. Downloaded on June 21,2021 at 20:17:22 UTC from IEEE Xplore. Restrictions apply.
same constraints. The simulation parameters are listed in the other existing works. The proper identification and the
Table 2. The simulation results of TBAD are generated as a elimination of attacker nodes help to maintain a lower End-
comparison with existing Self-organized Key Management to-End delay during communications. Figure 3 illustrates the
with Trusted Certificate Exchange in MANET (SOKMTC) comparison of packet delivery ratio between the proposed
[15], Source Anonymity-Based Lightweight Secure AODV and the existing works. The packet delivery ratio is
Protocol (SAL – SAODV) [16] and Trust based intelligent computed by considering the number of delivered packets
device selective mechanism (IDSR) [5]. and the total number of offered packets. The delivery ratio of
TBAD is comparatively high due to the ability of the method
TABLE II. SIMULATION PARAMETERS in removing the malicious nodes. The presence of malicious
nodes in the network badly affects the delivery ratio. As the
number of packet drop decreases, delivery ratio increases.
The removal of gray hole and selfish nodes reduces the
chances of dropping the packet by malicious nodes.

Fig. 3. Packet Delivery Ratio

Since IDSR, SAL-SAODV and SOKMTC use voting
based system for securing the network, the impact of having Figure 4 represents the packet drop happened during the
TBAD can be evaluated effectively. The proposed TBAD is simulation of four methods. Since this work has been
analyzed based on the four performance metrics: End-to-end conducted by reducing the packet drop, this parameter has a
Delay, Packet Delivery Ratio, Packet Drop, Misdetection significant role in comparison. The main reason for the
Ratio, fraction of node compromise and Resilience. The first proposal of TBAD is the lack of mechanism in accusation
five parameters are evaluated based on the network load and based approaches to defend against gray hole and selfish
the Network Resilience is evaluated by varying the executing node attacks. The successful elimination of such attacker
time. nodes tremendously decreases the overall packet drop.
TBAD has much reduced packet drop than SOKMTC, SAL-
SAODV and IDSR.

Fig. 2. End-to-End Delay

Figure 2 shows the comparison of End-to-End Delay Fig. 4. Packet Drop

among the four methods. The delay will be due to several
factors, which include network as well as source dependent The network resilience of four methods with respect to
reasons. TBAD maintains a comparatively low delay than the execution time is plotted in figure 5. The network load is

700

Authorized licensed use limited to: Linkoping University Library. Downloaded on June 21,2021 at 20:17:22 UTC from IEEE Xplore. Restrictions apply.
fixed as 1000 kb in all simulations conducted for estimating accusation based approaches in IoT network. The gray hole
the network resilience. The network resilience is computed attacker nodes as well as selfish nodes can withstand
by considering the total number of compromised accusation based detection schemes. As per the simulation
communications happened during a time period. The lower results, TBAD can effectively detect and eliminate both gray
value of network resilience indicates a good protocol. TBAD hole and selfish node attacks. Since healthcare, vehicular
could maintain lower network resilience than SOKMTC, network etc comes under smart city environment, the data
SAL-SAODV and IDSR, under the experimental conditions inside the network need to be handled carefully. The
stated in simulation model. The historical accusation based successful prevention and elimination of attacks are the only
approach has improved the resilience of TBAD. way to increase the trustworthiness of IoT based smart city
environment. Thus, securing the smart city environment
against all kinds of external and internal attacks will become
most essential research topic in future.
REFERENCES
[1] X. Xia, F. Chen, Q. He, J. C. Grundy, M. Abdelrazek and H. Jin,
"Cost-Effective App Data Distribution in Edge Computing," in IEEE
Transactions on Parallel and Distributed Systems, vol. 32, no. 1, pp.
31-44, 1 Jan. 2021, doi: 10.1109/TPDS.2020.3010521.
[2] S. Murali and A. Jamalipour, "A Lightweight Intrusion Detection for
Sybil Attack Under Mobile RPL in the Internet of Things," in IEEE
Internet of Things Journal, vol. 7, no. 1, pp. 379-388, Jan. 2020, doi:
10.1109/JIOT.2019.2948149.
[3] W. Shi, J. Zhang and R. Zhang, "Share-Based Edge Computing
Paradigm With Mobile-to-Wired Offloading Computing," in IEEE
Communications Letters, vol. 23, no. 11, pp. 1953-1957, Nov. 2019,
doi: 10.1109/LCOMM.2019.2934411.
[4] H. Lu, X. He, M. Du, X. Ruan, Y. Sun and K. Wang, "Edge QoE:
Computation Offloading With Deep Reinforcement Learning for
Internet of Things," in IEEE Internet of Things Journal, vol. 7, no. 10,
pp. 9255-9265, Oct. 2020, doi: 10.1109/JIOT.2020.2981557.
Fig. 5. Network Resilience [5] B. Wang, M. Li, X. Jin and C. Guo, "A Reliable IoT Edge Computing
Trust Management Mechanism for Smart Cities," in IEEE Access,
The efficiency of proposed TBAD approach has been vol. 8, pp. 46373-46399, 2020, doi: 10.1109/ACCESS.2020.2979022.
evaluated further by computing the misdetection ratio and [6] H. Zhang, M. Babar, M. U. Tariq, M. A. Jan, V. G. Menon and X. Li,
"SafeCity: Toward Safe and Secured Data Management Design for
the fraction of node compromise. The values obtained for IoT-Enabled Smart City Planning," in IEEE Access, vol. 8, pp.
both parameters; under the same simulation setup are 145256-145267, 2020, doi: 10.1109/ACCESS.2020.3014622.
summarized in table 3. [7] R. J. Cai, X. J. Li and P. H. J. Chong, "An Evolutionary Self-
Cooperative Trust Scheme Against Routing Disruptions in
TABLE III. EVALUATION OF PROPOSED WORK
MANETs," in IEEE Transactions on Mobile Computing, vol. 18, no.
1, pp. 42-55, 1 Jan. 2019, doi: 10.1109/TMC.2018.2828814.
Research Work Load Fraction of Misdetection [8] N. Schweitzer, A. Stulman, R. D. Margalit and A. Shabtai,
(kb) Node Ratio "Contradiction Based Gray-Hole Attack Minimization for Ad-Hoc
Compromise Networks," in IEEE Transactions on Mobile Computing, vol. 16, no.
TBAD 42 × 10-2 80 × 10-3 8, pp. 2174-2183, 1 Aug. 2017, doi: 10.1109/TMC.2016.2622707.
[9] R. H. Jhaveri, N. M. Patel, Y. Zhong and A. K. Sangaiah, "Sensitivity
IDSR [5] 49 × 10-2 83 × 10-3 Analysis of an Attack-Pattern Discovery Based Trusted Routing
3000 kb Scheme for Mobile Ad-Hoc Networks in Industrial IoT," in IEEE
SAL-SAODV [16] 51 × 10-2 85 × 10-3
Access, vol. 6, pp. 20085-20103, 2018, doi:
SOKMTC [15] 55 × 10-2 87 × 10-3 10.1109/ACCESS.2018.2822945.
[10] Desai, A.M. and Jhaveri, "R.H. Secure routing in mobile Ad hoc
TBAD 60 × 10-2 90 × 10-3 networks: a predictive approach," Int. j. inf. tecnol., vol. 11, pp. 345–
356, 2019, doi: 10.1007/s41870-018-0188-y.
IDSR [5] 68 × 10-2 95 × 10-3 [11] H. Tran-Dang, N. Krommenacker, P. Charpentier and D. Kim,
6000 kb
SAL-SAODV [16] 70 × 10 -2
110 × 10-3 "Toward the Internet of Things for Physical Internet: Perspectives and
Challenges," in IEEE Internet of Things Journal, vol. 7, no. 6, pp.
SOKMTC [15] 75 × 10-2 120 × 10-3 4711-4736, June 2020, doi: 10.1109/JIOT.2020.2971736.
[12] L. Atzori et al., "Enhancing Identifier/Locator Splitting Through
The count of compromised number of nodes is less in Social Internet of Things," in IEEE Internet of Things Journal, vol. 6,
proposed TBAD approach. Since the reported misdetection no. 2, pp. 2974-2985, April 2019, doi: 10.1109/JIOT.2018.2877756.
count is less in TBAD, the malicious node detection rate will [13] S. Deng, H. Zhao, W. Fang, J. Yin, S. Dustdar and A. Y. Zomaya,
"Edge Intelligence: The Confluence of Edge Computing and Artificial
be high in TBAD. The successful identification and Intelligence," in IEEE Internet of Things Journal, vol. 7, no. 8, pp.
elimination of packet drop attacks help the network to 7457-7469, Aug. 2020, doi: 10.1109/JIOT.2020.2984887.
maintain good network stability. [14] A. K. Mishra, A. K. Tripathy, D. Puthal and L. T. Yang, "Analytical
Model for Sybil Attack Phases in Internet of Things," in IEEE
VI. CONCLUSION Internet of Things Journal, vol. 6, no. 1, pp. 379-387, Feb. 2019, doi:
10.1109/JIOT.2018.2843769.
TBAD has been introduced to identify and distinguish [15] S. P. John and P. Samuel, "Self-organized key management with
strategically different packet drop attacks in Edge based trusted certificate exchange in MANET," in Ain Shams Engineering
Smart City environment. TBAD uses a table based approach Journal, vol. 6, no. 1, pp. 161-170, 2015, doi:
10.1016/j.asej.2014.09.011.
to distinguish the gray hole and selfish node attacks. Edge [16] W. Fang, W. Zhang, J. Xiao, Y. Yang and W. Chen, "A Source
node considers accusations, packet drop and total number of Anonymity-Based Lightweight Secure AODV Protocol for Fog-
packets handled for identifying the packet drop attacks. It Based MANET", in Sensors, vol. 17, no. 1421, pp. 1-16, 2017,
overcomes the limitations involved with the traditional doi:10.3390/s17061421.

701

Authorized licensed use limited to: Linkoping University Library. Downloaded on June 21,2021 at 20:17:22 UTC from IEEE Xplore. Restrictions apply.