Accepted Manuscript
Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks
Abdessadek Aaroud, Mohammed-Alamine El Houssaini, Ali El Hore, Jalel Ben-Othman
PII: DOI:
Reference: To appear in:
S2210-8327(15)00023-X http://dx.doi.org/10.1016/j.aci.2015.11.001 ACI 45
Applied Computing and Informatics
Received Date: Revised Date: Accepted Date:
13 July 2015 3 November 2015 22 November 2015
Please cite this article as: Aaroud, A., Houssaini, M.E., Hore, A.E., Ben-Othman, J., Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks, Applied Computing and Informatics (2015), doi: http://dx.doi.org/ 10.1016/j.aci.2015.11.001
This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
Pr. Abdessadek Aaroud
Department of computer Science,
University Chouaib Doukkali, El Jadida - Morocco
April 3, 2015
Paper Title:
Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks
Authors:
Abdessadek Aaroud, Mohammed-Alamine El Houssaini, Ali El Hore
Department of Computer Science Faculty of Sciences, Chouaib Doukkali University El Jadida, Morocco {elhoussaini.m, aaroud.a, elhore.a}@ucd.ac.ma
Galile
Jalel Ben-Othman artment of Computer Science e Institute, Paris 13 University Paris, France jalel.ben-othman@univ-paris 13.fr
Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks
Abstract—The MAC layer misbehavior of the IEEE 802.11 standard can have a negative impact on the wireless network's performance, similar to the effects of denial of service attacks. The goal of this misbehavior is handling the protocol to increase the greedy nodes transmission rate at the expense of the other honest nodes. In fact, nodes in IEEE 802.11 standard should wait for a random backoff interval time to access to the channel before initiating any transmission. Greedy nodes use a malicious technique to reduce the channel waiting time and occupy the channel. This paper introduces a new scheme to detect such malicious behavior, which is based on statistical process control (SPC) borrowed from the industrial field in a quality management context. To the best of our knowledge, this approach has not been proposed in state of the art, reports concerning the detection of greedy behaviors in mobile ad hoc networks. The approach has the power to identify greedy nodes in real time by using a graphical tool called «control chart» that measures the throughput and the inter-packet interval time for each node, and raises an alert if this measure is over a defined threshold. The validation of all obtained results is performed in the network simulator NS2.
Keywords— Mobile ad hoc Network; MAC IEEE 802.11; Misbehavior detection; NS2 simulation; Statistical process control.
1. Introduction
One of the most significant advantages of the IEEE 802.11 standard is the fair access to the medium. However sharing the transmission channel makes the networks vulnerable to several attacks such as jamming, black holes, greedy behavior (MAC layer misbehavior) [12].
A greedy node intentionally modifies the MAC IEEE 802.11 protocol to get more network resources than honest nodes [10]. By this channel-access misbehavior a greedy node can benefit from several advantages such as:
• Increasing its throughput.
• Reducing its power consumption.
This work aims to apply a statistical process control (SPC) scheme to detect the IEEE 802.11 MAC layer misbehavior.
Our paper is organized as follows. The second section is dedicated to presenting the architecture of the IEEE 802.11 with all its layers. An overview of the research works related to the IEEE 802.11 MAC layer misbehavior is shown in the third section. The fourth section proposes
our detection scheme of the IEEE 802.11 MAC layer misbehavior (greedy node). In the fifth section, the authors evaluate the performance of their approach using the NS2 simulator. Conclusions and perspectives are presented in the last section.
2. IEEE 802.11 layers
The IEEE 802.11 protocol covers the physical layer and the Medium Access Control (MAC) layer as described in Figure 1.The MAC layer is the same for all IEEE 802.11 standards. However, the physical layer is divided into three categories: FH (Frequency Hopping Spread Spectrum), DS (Direct Sequence Spread Spectrum) and IR (Infrared).
LLC Data Link Laver
802.Si MAC
HI DS ]R PHY Layer
Figure 1 IEEE 802.11 layers description
The IEEE 802.11 MAC layer defines the access method CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) working as follows. Before transmitting, a node first listens to the shared medium (such as listening for wireless signals in a wireless network) to determine whether another node is transmitting or not. If the channel is free for a DIFS time (DCF Inter-Frame Space), then the station transmits a frame which is acknowledged after a SIFS interval time (Short Inter-Frame Space) with an ACK frame.
The transaction time (DATA+SIFS+ACK) is noted as a Network Allocation Vector (NAV) and blocks other stations from accessing channel till total NAV decrement. Additionally the CSMA/CA method has an optional mechanism of channel reservation RTS (Request To Send)/CTS (Clear To Send) [1].
The CSMA/CA access method defines the Binary Exponential Backoff (Figure 2) in order to resolve the access medium problem when several stations want to transmit data simultaneously. This method requires that each station chooses a random waiting time between 0
and the size of a contention window CW (value equals to a number of time slots), and expects the number of slots before transmission [1].
Figure 2 Backoff procedure
3. Related work
The BEB algorithm provides a fair access to the medium. Greedy nodes change their BEB to increase their throughput at the expense of other honest nodes. This greedy behavior is considered as misbehavior of the IEEE 802.11 MAC layer.
The classification of the MAC layer misbehavior, given in [4], is categorized as follows:
• a misbehavior: The greedy node chooses the value of BEB in the interval [0 a(CW-1)], where CW is the contention window, and 0<a<1;
• Deterministic BEB: The greedy node chooses a constant BEB independently of the contention window;
• p misbehavior: After a failed transmission, instead of putting a CW to be min{2CW, CWmax}, greedy node sets its contention window as CW= max{CWmin, min{pCW, CWmax}} where 0<p<2;
• Fixed maximum Contention window;
• Fixed Contention window.
Several approaches have been proposed in the literature for the detection of the IEEE 802.11 MAC layer misbehavior.
Tiwary [16] proposed a detection scheme based on the statistical collection of all nodes RTS retransmission due to time out, packet retransmission due to ACK timeout and throughput at receiver, then compared these results with the threshold values to decide whether a selfish attack is occurring. This method does not require any changes in protocols but it creates computation overhead.
Other authors [17] also proposed an extension to the 802.11 standard that ensures a uniformly distributed random backoff through the protocol of coin flipping by telephone. The main idea is to let both the sender and receiver agree on a random value of backoff through a public exchange using an engagement method inspired by the protocol of applying flipping coins over the telephone. However, it is still unable to detect collusion between sender and receiver.
An approach of greedy nodes detection in IEEE 802.11 was proposed [5] based upon the linear regression between instants of transmission to calculate a detection
threshold and without requiring modifications to the standard. This idea results from the strong linear correlation noticed between nodes in terms of transmission instants.
The strategy called DOMINO (Detecting MAC Layer Greedy Behavior in IEEE 802.11 Hotspots) deployed in the access point to detect misbehavior is exposed [6]. This method uses a modular architecture which comprises individual tests and a decision making component DMC. However, greedy nodes may exploit the knowledge of DOMINO in order to adapt its parameters to avoid the detection.
he knowl :ters to av
il quality con
We propose in the following section a new detection strategy based on a statistical quality control approach (statistical process control).We use the Shewhart chart for individual value, applied to the receiving throughput and the average time between receptions. Our new detection strategy can be implemented on any receiving node to monitor the network in real time. As we will demonstrate by the simulation of the proposed detection scheme does not require modifications of the IEEE 802.11 standard.
To the best of our knowledge our approach based on statistical process control has not been proposed before in the literature to detect greedy behavior in mobile ad hoc networks.
4. Proposed detection system
4.1. Modeling 802.11 networks with greedy nodes
Bianchi [18] developed a Markov chain model for IEEE 802.11 protocol in a normal case and without any attacks, assuming that the network is saturated and the collision probability is constant. The author adopted the notation Wj = 2 'W, where i e (0,m) is called "bachoff stage" and , s(t) and b(t) denotes the stochastic process referring to the backoff stage and the backoff time counter of the node at time t respectively. The stochastic process is defined as follows:
rP{i,k\i,k + 1} = 1 k 6 (0, Wt — 2) ie(0,?n)
I p{o,fc|i,o}= (i-p)/w0 ke(o,w0-i) ie(o,?n)
I P{i,k\i - 1,0} = p/Wt k 6 (0,14^ -1) i e (l,m) I P{m, k\m, 0} = p/Wm k 6 (0, Wm - 1)
Where:
^{¿l-fciUo'^o) —
The probability that a node in the network transmits a packet in a randomly chosen slot is denoted as . Its computation can be done as:
t = ■
2(1-2 p)
(l-2p)(W+l)+pW(l-(2p)m)
For n nodes using the shared medium, p = 1 - (1 - r)""1
The last two equations can be solved to compute the two unknowns variables and .
The authors in [19] proposed a modeling of an 802.11 network with a MAC layer misbehavior attacks. They consider nodes in a network, with the presence of greedy nodes modifying the backoff timer. The misbehaving nodes choose a random backoff interval in the range of , where and W is
the current contention window CW. The collision probability at the greedy node is . Therefore they modified the stochastic process proposed in [18] to establish a simple modeling for the misbehaving nodes.
As a result they found the following equations
with 2 I + 2 unknowns,r °,t 1
,,r l,p(> .p1,
■ ,p
( T° 2(l-2p°)
(1 -2p°)(W+l)+p°lV(l-(2p0)m)
T1 2(1-2?!)
(1- -2p1)(lJ1lV+l)+p1IJ1lV(l-(2p1)m)
Tl 2(l-2p')
(1- 2p1)(lj1iv+l)+p1lj1iv(l-(2p1)"')
p° = 1 -d-tr'-'n^ti-
p1 = 1 - (1 - T0)'-1 nzsisiCl - T<)
p< = l-(l-T°)'-1ni<i<i-1(l-Ti) The last equations can be solved to compute the unknown variables and also to define parameters adopted for the performance evaluation of the network. However, finding a closed form for each variable is not our goal, since our approach is based on simulation analysis.
4.2. Basic idea
The basic idea of our strategy for detecting IEEE 802.11 MAC layer misbehavior emerges from the difference and the shift observed on the two previously defined metrics, namely throughput [7], which defined as a measure of how many successful packets were received correctly in a given amount of time and the inter-packets time defined as the mean time between receptions (mean time between successive received packets) [3].
We showed that this misbehavior led to an increase of the average reception throughput and a decrease of times between receptions for the greedy nodes. On the other side it generates a reverse effect for honest nodes [3].
Our detection method is based on the supervision of the two metrics defined in our previous work [3] and its dispersion by a control chart with two limits. These graphs are called control charts, following a statistical process control approach.
4.3. Statistical process control
The SPC ensures optimum quality based on statistical tools. It aims to:
- Give a tool to monitoring process.
- Formalize the notion of capability.
- Distinguish between ordinary and extraordinary situations.
One of the basic principles of this control is deviation detection. All variations on a system do not require modification. Indeed, two processes are never exactly
similar. There are many sources of variation in low amplitude that cannot be removed, all of them representing the common causes of dispersion [13].
However, there are major causes of variation that require change. These cases are called special causes. The process becomes out of control, and thus we must look for the cause.
The SPC method provides an effective and proper tool to separate the ordinary from the extraordinary by creating a powerful graphic called «control chart», among these charts are: The Shewhart control chart for individual measurements [13].
4.4. The Shewhart control chart measurements
The Shewhart measurements shcuL process on the basi [14].
In such useful
weig alte
irt», ami art for
for indivi
hart for individual en we want to monitor a eriodically measured quantity
the control chart for individual units cumulative sum and exponentially ng average control charts will be a better en the magnitude of the shift in process t what is of interest is small). In many ons of the individual control chart we use the ving range of two successive observations as the basis estimating the process variability [14].
The moving range is defined as [14]:
MRj = |X; - X:-, I
and Xj is the
Where the moving range number i is M R; range number i.
To establish a moving range control chart, the procedure is illustrated in the following section.
4.5. Development of the control chart
To calculate the control limits for individual values, we should use the formulas below [14]:
U C L=x+3^ (7)
C enter lin e = x (8)
LC L = x-3^ (9)
For the moving range, we find the equations [14]: U C L = D 4MMR (10)
C enter lin e = MMR (11)
LC L = D3 MMR (12)
Where UCL and LCL are the upper and lower control limits respectively, M R is the average of the moving ranges of two observations, x being the observation value. The constants , and are tabulated for various sample sizes [14]. Its mathematical origins are shown in [20].
The control chart for the individual measurements includes two graphs, the first is for individual value monitoring used for detecting the slip of the system and
the second is for moving range used to monitoring the quality [14].
4.6. Detection strategy
In this monitoring technique we propose supervising and plotting the average reception throughput and the mean inter-packets time by control charts (Table 1).
Table 1 Lookup table of the chart parameters_
Parameter
The observation X
Average of observations (center line) Average moving range of observations (center line) Upper control limit of individual observations
Lower control limit of individual observations
Throughput or inter-packets time
Center line = x Center line = MR
UCL = x + 3-
LCL = x — 3 -
Upper control limit of moving UCL = D4MR
range observations
Lower control limit of moving LCL = D3MR
range observations
The judgment and interpretations of the novel detection strategy can be summarized in the following block diagram (Figure 3):
Identification of critical process parameters
Collect ofstatistical measures in normal case (without misbehavior)
Calculate the parameters of the chart (UCL, Center line and LCL)
Represent the measurements above on the chart (if there are points that come out of the control limits they should be eliminated and recalculate the chart settings)
Monitoring the metrics using the control chart
If the curves oscillate on either side of the mean and that the majority of the points are inside the limits
If a small number of points crossed the upper or lower control limit or deviate from the center line
If there has been a greater tendency and deviation
Our process is under control and no MAC layer misbehavior
The node is moving out of the transmission range.
The network is under
greedy attack
Figure 3 Block diagram of the detection scheme
Figure 4 A mobile ad hoc network
To illustrate our novel detection scheme, station A depicted in Figure 4 for instance, receives packets from the set defined by {B, C, D, E, F}.The purpose is to identify which among this set of stations is a greedy one. Therefore, this detection scheme is implemented at every station to designate the cheater station through the supervision of the average reception throughput and the mean inter-packets time by control charts. The control is performed automatically for every node belonging to this set of transmitters; ({B, C, D, E, F} is the transmitters' set of the station A).
For the computation of the thresholds (control chart parameters), we need a minimum of 20 values [13], but for the network monitoring, we draw every calculated value (for the throughput and for the inter-packets time). This is the real-time detection that we highlight in our paper. The detection scheme is performed at any receiving node for every transmitting station (as in Figure 4). In fact every node has the right to explore its received packets. We can emphasize that one honest node in the state of transmission is sufficient to calculate the control chart parameters.
The next section is dedicated to the performance analysis of the proposed detection scheme through NS-2 simulations. In our simulation parameters we used the shadowing model as a radio propagation model which is very near to the realistic radio propagation, taking into account the energy losses.
5. Performance evaluation
To achieve our detection method of the IEEE 802.11 MAC layer misbehavior [9], the simulator NS-2 can be used with some useful tools for processing traces files as explained by [8] and [11]. In our case we have chosen the simulator with the software platform and parameters depicted in Table 2.
Table 2 Platform and parameters.
Parameters Values
Computer HP Compaq 6730s
Operating system Ubuntu 10.10
Version of the simulator ns-2.34 [2]
Trace file processing language Perl
Graph construction tool Microsoft Excel 2007
Transmission rate (Mb/s) 2
MAC layer 802.11
Physical layer Direct Sequence Spread Spectrum
Simulation surface (m) 500x500
Transmission range (m) 250
Radio propagation model Shadowing
Traffic generator CBR Constant bit rate
Simulation time (s) 600
Packet size (byte) 1000
Routing protocol AODV
Node speed (m/s) Randomly selected between 0 and 15
Mobility model Random Way Point [15]
5.1. Computation of control limits
First, we calculated the control limits and center lines based on the results of the simulation in normal cases (without IEEE 802.11 MAC Layer Misbehavior) through equations from (6) to (12):
Table 3 Control charts parameters for throughput and inter-packets time
Chart type Chart Shewhart Shewhart control
parameters control chart for chart for inter-
throughput packets time
monitoring monitoring
Individual measurement UCL 0.49238 0.02372
CENTER LINE 0.41219 0.01982
LCL 0.33200 0.01591
Moving range UCL 0.09850 0.00480
CENTER LINE 0.03015 0.00147
LCL 0 0
Throughput, UCL, Center line, LCL
0 100 200 300 400
Time in s
(Throughput monitoring in normal case) Throughput moving range, UCL, Center line
5.2. Monitoring in normal case
In this case the two metrics (throughput and inter-packets time) are supervised in the control chart below composed by the control limits that we computed in the last section for a node in the network. As we can see in the control chart for throughput and the inter-packets time, curves oscillate on either side of the mean and the majority of the points are inside the limits. Obviously we can decide that this node communicates in an environment without greedy attack. If few points come out of the control limits, we can explain this fact by the movement outside of the transmission range.
Inter-packets time, UCL, Center
er line, LCL
500 600
0 100 200 300 400 500 600
Time in s
(Inter-packets time monitoring in normal case) Inter-packets time moving range, UCL, Center line
Time in s Time in s
(Throughput moving range monitoring in normal case) (Inter-packets time moving range monitoring in normal case)
Figure 5 Control charts monitoring in normal case (without greedy attack)
5.3. Monitoring in the MAC layer misbehavior case 5.3.1. First scenario (detection of the attacked)
In this monitoring case we note that when the throughput curve crossed the lower control limit and the inter-packets time curve crossed the upper control limit,
there is a strong deviation. Consequently we can decide that this node is under a MAC layer misbehavior attack. We can also lay emphasis on the absence of any great change for the moving range curves related to the deviations for the mean but not for the amplitude, due to the greedy behavior.
5 0.40
'-§ 0.35
Throughput, UCL, Center line, LCL
Inter-packets time, UCL, Center line, LCL
0.035 0.033 0.031 0.029 0.027 0.025 0.023 0.021 0.019
200 300 Time in s
(Throughput monitoring in attack case)
Throughput moving range, UCL, Center line
200 300
Time in s
(Inter-packets time monitoring in attack case) Inter-packets time moving range, UCL,
(Throughput moving range monitoring in attack case)
(Inter-packets time moving range monitoring in attack case)
Figure 6 Control charts monitoring of the attacked
5.3.2. Second scenario (detection of the attacker)
In this monitoring case we reveal that the throughput curve crossed the upper control limit and the inter-packets time curve crossed the lower control limit. There is a strong deviation, so we can decide that this node is a greedy one (this is the MAC layer misbehavior attack).
We can also focus on a change in the moving range curve of the inter-packets time resulting from an improvement of the transmission time for the attacker due to the greedy behavior.
Throughput, UCL, Center line, LCL
Inter-packets time, UCL, Center line, LCL
s 0.019
emi 0.017
p- 0.013
tnI 0.011
200 300 400
Time in s
(Throughput monitoring in attack case)
Throughput moving range, UCL, Center line
100 200 300 400 500 600 Time in s
(Inter-packets time monitoring in attack case) Inter-packets time moving range, UCL, Center line
Time in s
(Throughput moving range monitoring in attack case)
(Inter-packets time moving range monitoring in attack case) Figure 7 Control charts monitoring of the attacker
5.4. Generalization of the detection method
We plot the tolerance interval (the difference between the upper and lower control limits) as a function of the number of nodes. Our results are represented in the graphics below (Figure 8).
Small and random variations in curves are detected. We should compute the chart parameters for every number of nodes to obtain a better supervision of the network.
Throughput, Throughput moving range
Inter-packets time, Inter-packets time moving range
0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
10 15 20
Number of nodes
10 15 20
Number of nodes
(The throughput tolerance intervals depending on the number of nodes) (The inter-packets time tolerance intervals depending on the number of nodes)
Figure 8 Tolerance intervals depending on the number of nodes
The detection thresholds and the tolerance interval depend on the number of nodes; therefore, each receiver updates these parameters for each number of transmitters. In our work we tested the detection scheme in an ideal environment which depends on the number of nodes with constant bit rate traffic. The statistical process control is a
useful and strong tool for supervising and detecting strong derivations in any type of environment (realistic or theoretical). Thus, the purpose is the separation of the extraordinary from the ordinary situations.
•a 0.7
6. Conclusion
The misbehavior at the MAC layer by changing the backoff mechanism can lead to performance degradation of the network. In this paper we tried to propose a novel detection scheme for this misbehavior based on the supervision of two metrics (reception throughput and inter-packets time) through statistical process control charts. Our detection scheme presents several advantages. It does not require any changes in the IEEE 802.11 protocol and it can be implemented at any receiving node. Its most significant advantage is the detection of such attack in real time by visual graphs. In the perspective, we will try to extend the proposed scheme by introducing other performance measurements in order to develop other detection systems that are easier than the previous ones. We also plan an implementation of the so-called detection strategy in a realistic environment.
References
[1] IEEE Standards Association. 2012. "IEEE 802.11 Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications." IEEE Standards Association (March): 818-40.
[2] Information Sciences Institute. 1995. "The Network Simulator -ns-2." Information Sciences Institute. Accessed July 10, 2015. http://www.isi.edu/nsnam/ns/.
[3] El Houssaini, M., Aaroud, A., Elhore, A., and Ben Othman, J. 2014. "Analysis and Simulation of MAC Layer Misbehavior in Mobile Ad-Hoc Networks." In Proceedings of the 5th International Workshop on Codes, Cryptography and Communication Systems, 50-54.
[4] V.R.Giri and N. Jaggi.«MAC Layer Misbehavior Effectiveness and Collective Aggressive Reaction Approach», Proceeding 33rd IEEE Sarnoff Symposium. Princeton, NJ, Apr. 2010, Pages 1-5.
[5] Hamieh, A., Ben-Othman, J., Gueroui, A., and Nait-Abdesselam, F. 2009. "Detecting Greedy Behaviors by Linear Correlation in Wireless Ad Hoc Networks." Presented at the IEEE International Conference on Communications (IEEE ICC), Dresden, Germany.
[6] Raya, M., Hubaux, J. P., and Aad, I. 2006. "DOMINO: Detecting MAC Layer Greedy Behavior in IEEE 802.11 Hotspots." IEEE Transaction Mobile Computing 5 (12): 1691-705.
[7] S. Szott, M. Natkaniec, R. Canonico, and A. R. Pach «Misbehaviour Analysis of 802.11 Mobile Ad-Hoc Networks - Contention Window Cheating», Med-Hoc-Net 2007, 12 June 2007, IonianAcademy, Corfu, Greece
[8] C. Bouras, S. Charalambides, M. Drakoulelis, G. Kioumourtzis, and K. Stamos, «A tool for automating network simulation and processing tracing data files», Simulation Modelling Practice and Theory,
Volume 30, January 2013, Pages 90-110.
[9] P.Kyasanur, and N. H. Vaidya, «Selfish MAC Layer Misbehavior in Wireless Networks», IEEE transactions on mobile computing, vol.4, no.5, september/october 2005.
[10] S.Szott, M. Natkaniec, and A. Banchs, «Impact of Misbehaviour on QoS in Wireless Mesh Networks», Proceeding NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference, P639 - 650, 2009.
[11] A. U. Salleh, Z. Ishak, N. M. Din, and M. Z. Jamaludin, «Trace Analyzer for NS-2», 4th Student Conference on Research and Development (SCOReD 2006), Shah Alam, Selangor, MALAYSIA, 27-28 June, 2006.
[12] Gupta, V., Krishnamurthy, S., and Faloutsos, M. 2002. "Denial of Service Attacks at the Mac Layer in Wireless Ad Hoc Networks." Presented at IEEE MILCOM, Anaheim, California.
[13] M. Pillet, Appliquer la maîtrise statistique des procédés MSP/SPC, 4th ed.Paris, France: Edition d'Organisation, 2005.
[14] Douglas Montgomery, C. 2008. Introduction to Statistical Quality Control, 6th ed. United States of America: John Wiley & Sons, Inc.
Bai, A. Helmy A, «A Survey of Mobility deling and Analysis in Wireless Ad-Hoc Networks» in Wireless Ad-Hoc and Sensor Networks, ed 2004.
[16] Tiwary, O. N. 2012. "Detection of Misbehaviour at MAC Layer in Wireless Networks." International Journal of Scientific and Engineering Research 3 (5), May: 909-12.
[17] Cardenas, A. A., Radosavac, S., and Baras, J. S. 2004. "Detection and Prevention of MAC Layer Misbehavior in Ad Hoc Networks." In Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, 17-22.
[18] G. Bianchi, "Performance analysis of the IEEE 802.11 distributed coordination function,", IEEE Journal on Selected Areas in Communications, vol. 18, no. 3, pp. 535-547, 2000
[19] Y. Rong, S.-K. Lee, and H.-A. Choi, "Detecting Stations Cheating on Backoff Rules in 802.11 Networks Using Sequential Analysis," Proc. IEEE INFOCOM, Apr. 2005.
[20] L. H. C. Tippett, "On the extreme individuals and the range of samples taken from a normal population,'' Biometrika, v. 17, 1925, p. 364-387.
Amer [15] F. B Mode Netw