Scholarly article on topic 'Real-time detection of MAC layer misbehavior in mobile ad hoc networks'

Real-time detection of MAC layer misbehavior in mobile ad hoc networks Academic research paper on "Computer and information sciences"

CC BY-NC-ND
0
0
Share paper
Academic journal
Applied Computing and Informatics
OECD Field of science
Keywords
{"Mobile ad hoc Network" / "MAC IEEE 802.11" / "Misbehavior detection" / "NS2 simulation" / "Statistical process control"}

Abstract of research paper on Computer and information sciences, author of scientific article — Abdessadek Aaroud, Mohammed-Alamine El Houssaini, Ali El Hore, Jalel Ben-Othman

Abstract The MAC layer misbehavior of the IEEE 802.11 standard can have a negative impact on the wireless network’s performance, similar to the effects of denial of service attacks. The goal of this misbehavior was handling the protocol to increase the greedy nodes transmission rate at the expense of the other honest nodes. In fact, nodes in IEEE 802.11 standard should wait for a random backoff interval time to access to the channel before initiating any transmission. Greedy nodes use a malicious technique to reduce the channel waiting time and occupy the channel. This paper introduces a new scheme to detect such malicious behavior, which is based on statistical process control (SPC) borrowed from the industrial field in a quality management context. To the best of our knowledge, this approach has not been proposed in state of the art, reports concerning the detection of greedy behaviors in mobile ad hoc networks. The approach has the power to identify greedy nodes in real time by using a graphical tool called «control chart» that measures the throughput and the inter-packet interval time for each node, and raises an alert if this measure is over a defined threshold. The validation of all obtained results is performed in the network simulator NS2.

Academic research paper on topic "Real-time detection of MAC layer misbehavior in mobile ad hoc networks"

Accepted Manuscript

Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks

Abdessadek Aaroud, Mohammed-Alamine El Houssaini, Ali El Hore, Jalel Ben-Othman

PII: DOI:

Reference: To appear in:

S2210-8327(15)00023-X http://dx.doi.org/10.1016/j.aci.2015.11.001 ACI 45

Applied Computing and Informatics

Received Date: Revised Date: Accepted Date:

13 July 2015 3 November 2015 22 November 2015

Please cite this article as: Aaroud, A., Houssaini, M.E., Hore, A.E., Ben-Othman, J., Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks, Applied Computing and Informatics (2015), doi: http://dx.doi.org/ 10.1016/j.aci.2015.11.001

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

Pr. Abdessadek Aaroud

Department of computer Science,

University Chouaib Doukkali, El Jadida - Morocco

April 3, 2015

Paper Title:

Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks

Authors:

Abdessadek Aaroud, Mohammed-Alamine El Houssaini, Ali El Hore

Department of Computer Science Faculty of Sciences, Chouaib Doukkali University El Jadida, Morocco {elhoussaini.m, aaroud.a, elhore.a}@ucd.ac.ma

Galile

Jalel Ben-Othman artment of Computer Science e Institute, Paris 13 University Paris, France jalel.ben-othman@univ-paris 13.fr

Real-Time Detection of MAC Layer Misbehavior in Mobile Ad Hoc Networks

Abstract—The MAC layer misbehavior of the IEEE 802.11 standard can have a negative impact on the wireless network's performance, similar to the effects of denial of service attacks. The goal of this misbehavior is handling the protocol to increase the greedy nodes transmission rate at the expense of the other honest nodes. In fact, nodes in IEEE 802.11 standard should wait for a random backoff interval time to access to the channel before initiating any transmission. Greedy nodes use a malicious technique to reduce the channel waiting time and occupy the channel. This paper introduces a new scheme to detect such malicious behavior, which is based on statistical process control (SPC) borrowed from the industrial field in a quality management context. To the best of our knowledge, this approach has not been proposed in state of the art, reports concerning the detection of greedy behaviors in mobile ad hoc networks. The approach has the power to identify greedy nodes in real time by using a graphical tool called «control chart» that measures the throughput and the inter-packet interval time for each node, and raises an alert if this measure is over a defined threshold. The validation of all obtained results is performed in the network simulator NS2.

Keywords— Mobile ad hoc Network; MAC IEEE 802.11; Misbehavior detection; NS2 simulation; Statistical process control.

1. Introduction

One of the most significant advantages of the IEEE 802.11 standard is the fair access to the medium. However sharing the transmission channel makes the networks vulnerable to several attacks such as jamming, black holes, greedy behavior (MAC layer misbehavior) [12].

A greedy node intentionally modifies the MAC IEEE 802.11 protocol to get more network resources than honest nodes [10]. By this channel-access misbehavior a greedy node can benefit from several advantages such as:

• Increasing its throughput.

• Reducing its power consumption.

This work aims to apply a statistical process control (SPC) scheme to detect the IEEE 802.11 MAC layer misbehavior.

Our paper is organized as follows. The second section is dedicated to presenting the architecture of the IEEE 802.11 with all its layers. An overview of the research works related to the IEEE 802.11 MAC layer misbehavior is shown in the third section. The fourth section proposes

our detection scheme of the IEEE 802.11 MAC layer misbehavior (greedy node). In the fifth section, the authors evaluate the performance of their approach using the NS2 simulator. Conclusions and perspectives are presented in the last section.

2. IEEE 802.11 layers

The IEEE 802.11 protocol covers the physical layer and the Medium Access Control (MAC) layer as described in Figure 1.The MAC layer is the same for all IEEE 802.11 standards. However, the physical layer is divided into three categories: FH (Frequency Hopping Spread Spectrum), DS (Direct Sequence Spread Spectrum) and IR (Infrared).

LLC Data Link Laver

802.Si MAC

HI DS ]R PHY Layer

Figure 1 IEEE 802.11 layers description

The IEEE 802.11 MAC layer defines the access method CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) working as follows. Before transmitting, a node first listens to the shared medium (such as listening for wireless signals in a wireless network) to determine whether another node is transmitting or not. If the channel is free for a DIFS time (DCF Inter-Frame Space), then the station transmits a frame which is acknowledged after a SIFS interval time (Short Inter-Frame Space) with an ACK frame.

The transaction time (DATA+SIFS+ACK) is noted as a Network Allocation Vector (NAV) and blocks other stations from accessing channel till total NAV decrement. Additionally the CSMA/CA method has an optional mechanism of channel reservation RTS (Request To Send)/CTS (Clear To Send) [1].

The CSMA/CA access method defines the Binary Exponential Backoff (Figure 2) in order to resolve the access medium problem when several stations want to transmit data simultaneously. This method requires that each station chooses a random waiting time between 0

and the size of a contention window CW (value equals to a number of time slots), and expects the number of slots before transmission [1].

Figure 2 Backoff procedure

3. Related work

The BEB algorithm provides a fair access to the medium. Greedy nodes change their BEB to increase their throughput at the expense of other honest nodes. This greedy behavior is considered as misbehavior of the IEEE 802.11 MAC layer.

The classification of the MAC layer misbehavior, given in [4], is categorized as follows:

• a misbehavior: The greedy node chooses the value of BEB in the interval [0 a(CW-1)], where CW is the contention window, and 0<a<1;

• Deterministic BEB: The greedy node chooses a constant BEB independently of the contention window;

• p misbehavior: After a failed transmission, instead of putting a CW to be min{2CW, CWmax}, greedy node sets its contention window as CW= max{CWmin, min{pCW, CWmax}} where 0<p<2;

• Fixed maximum Contention window;

• Fixed Contention window.

Several approaches have been proposed in the literature for the detection of the IEEE 802.11 MAC layer misbehavior.

Tiwary [16] proposed a detection scheme based on the statistical collection of all nodes RTS retransmission due to time out, packet retransmission due to ACK timeout and throughput at receiver, then compared these results with the threshold values to decide whether a selfish attack is occurring. This method does not require any changes in protocols but it creates computation overhead.

Other authors [17] also proposed an extension to the 802.11 standard that ensures a uniformly distributed random backoff through the protocol of coin flipping by telephone. The main idea is to let both the sender and receiver agree on a random value of backoff through a public exchange using an engagement method inspired by the protocol of applying flipping coins over the telephone. However, it is still unable to detect collusion between sender and receiver.

An approach of greedy nodes detection in IEEE 802.11 was proposed [5] based upon the linear regression between instants of transmission to calculate a detection

threshold and without requiring modifications to the standard. This idea results from the strong linear correlation noticed between nodes in terms of transmission instants.

The strategy called DOMINO (Detecting MAC Layer Greedy Behavior in IEEE 802.11 Hotspots) deployed in the access point to detect misbehavior is exposed [6]. This method uses a modular architecture which comprises individual tests and a decision making component DMC. However, greedy nodes may exploit the knowledge of DOMINO in order to adapt its parameters to avoid the detection.

he knowl :ters to av

il quality con

We propose in the following section a new detection strategy based on a statistical quality control approach (statistical process control).We use the Shewhart chart for individual value, applied to the receiving throughput and the average time between receptions. Our new detection strategy can be implemented on any receiving node to monitor the network in real time. As we will demonstrate by the simulation of the proposed detection scheme does not require modifications of the IEEE 802.11 standard.

To the best of our knowledge our approach based on statistical process control has not been proposed before in the literature to detect greedy behavior in mobile ad hoc networks.

4. Proposed detection system

4.1. Modeling 802.11 networks with greedy nodes

Bianchi [18] developed a Markov chain model for IEEE 802.11 protocol in a normal case and without any attacks, assuming that the network is saturated and the collision probability is constant. The author adopted the notation Wj = 2 'W, where i e (0,m) is called "bachoff stage" and , s(t) and b(t) denotes the stochastic process referring to the backoff stage and the backoff time counter of the node at time t respectively. The stochastic process is defined as follows:

rP{i,k\i,k + 1} = 1 k 6 (0, Wt — 2) ie(0,?n)

I p{o,fc|i,o}= (i-p)/w0 ke(o,w0-i) ie(o,?n)

I P{i,k\i - 1,0} = p/Wt k 6 (0,14^ -1) i e (l,m) I P{m, k\m, 0} = p/Wm k 6 (0, Wm - 1)

Where:

^{¿l-fciUo'^o) —

The probability that a node in the network transmits a packet in a randomly chosen slot is denoted as . Its computation can be done as:

t = ■

2(1-2 p)

(l-2p)(W+l)+pW(l-(2p)m)

For n nodes using the shared medium, p = 1 - (1 - r)""1

The last two equations can be solved to compute the two unknowns variables and .

The authors in [19] proposed a modeling of an 802.11 network with a MAC layer misbehavior attacks. They consider nodes in a network, with the presence of greedy nodes modifying the backoff timer. The misbehaving nodes choose a random backoff interval in the range of , where and W is

the current contention window CW. The collision probability at the greedy node is . Therefore they modified the stochastic process proposed in [18] to establish a simple modeling for the misbehaving nodes.

As a result they found the following equations

with 2 I + 2 unknowns,r °,t 1

,,r l,p(> .p1,

■ ,p

( T° 2(l-2p°)

(1 -2p°)(W+l)+p°lV(l-(2p0)m)

T1 2(1-2?!)

(1- -2p1)(lJ1lV+l)+p1IJ1lV(l-(2p1)m)

Tl 2(l-2p')

(1- 2p1)(lj1iv+l)+p1lj1iv(l-(2p1)"')

p° = 1 -d-tr'-'n^ti-

p1 = 1 - (1 - T0)'-1 nzsisiCl - T<)

p< = l-(l-T°)'-1ni<i<i-1(l-Ti) The last equations can be solved to compute the unknown variables and also to define parameters adopted for the performance evaluation of the network. However, finding a closed form for each variable is not our goal, since our approach is based on simulation analysis.

4.2. Basic idea

The basic idea of our strategy for detecting IEEE 802.11 MAC layer misbehavior emerges from the difference and the shift observed on the two previously defined metrics, namely throughput [7], which defined as a measure of how many successful packets were received correctly in a given amount of time and the inter-packets time defined as the mean time between receptions (mean time between successive received packets) [3].

We showed that this misbehavior led to an increase of the average reception throughput and a decrease of times between receptions for the greedy nodes. On the other side it generates a reverse effect for honest nodes [3].

Our detection method is based on the supervision of the two metrics defined in our previous work [3] and its dispersion by a control chart with two limits. These graphs are called control charts, following a statistical process control approach.

4.3. Statistical process control

The SPC ensures optimum quality based on statistical tools. It aims to:

- Give a tool to monitoring process.

- Formalize the notion of capability.

- Distinguish between ordinary and extraordinary situations.

One of the basic principles of this control is deviation detection. All variations on a system do not require modification. Indeed, two processes are never exactly

similar. There are many sources of variation in low amplitude that cannot be removed, all of them representing the common causes of dispersion [13].

However, there are major causes of variation that require change. These cases are called special causes. The process becomes out of control, and thus we must look for the cause.

The SPC method provides an effective and proper tool to separate the ordinary from the extraordinary by creating a powerful graphic called «control chart», among these charts are: The Shewhart control chart for individual measurements [13].

4.4. The Shewhart control chart measurements

The Shewhart measurements shcuL process on the basi [14].

In such useful

weig alte

irt», ami art for

for indivi

hart for individual en we want to monitor a eriodically measured quantity

the control chart for individual units cumulative sum and exponentially ng average control charts will be a better en the magnitude of the shift in process t what is of interest is small). In many ons of the individual control chart we use the ving range of two successive observations as the basis estimating the process variability [14].

The moving range is defined as [14]:

MRj = |X; - X:-, I

and Xj is the

Where the moving range number i is M R; range number i.

To establish a moving range control chart, the procedure is illustrated in the following section.

4.5. Development of the control chart

To calculate the control limits for individual values, we should use the formulas below [14]:

U C L=x+3^ (7)

C enter lin e = x (8)

LC L = x-3^ (9)

For the moving range, we find the equations [14]: U C L = D 4MMR (10)

C enter lin e = MMR (11)

LC L = D3 MMR (12)

Where UCL and LCL are the upper and lower control limits respectively, M R is the average of the moving ranges of two observations, x being the observation value. The constants , and are tabulated for various sample sizes [14]. Its mathematical origins are shown in [20].

The control chart for the individual measurements includes two graphs, the first is for individual value monitoring used for detecting the slip of the system and

the second is for moving range used to monitoring the quality [14].

4.6. Detection strategy

In this monitoring technique we propose supervising and plotting the average reception throughput and the mean inter-packets time by control charts (Table 1).

Table 1 Lookup table of the chart parameters_

Parameter

The observation X

Average of observations (center line) Average moving range of observations (center line) Upper control limit of individual observations

Lower control limit of individual observations

Throughput or inter-packets time

Center line = x Center line = MR

UCL = x + 3-

LCL = x — 3 -

Upper control limit of moving UCL = D4MR

range observations

Lower control limit of moving LCL = D3MR

range observations

The judgment and interpretations of the novel detection strategy can be summarized in the following block diagram (Figure 3):

Identification of critical process parameters

Collect ofstatistical measures in normal case (without misbehavior)

Calculate the parameters of the chart (UCL, Center line and LCL)

Represent the measurements above on the chart (if there are points that come out of the control limits they should be eliminated and recalculate the chart settings)

Monitoring the metrics using the control chart

If the curves oscillate on either side of the mean and that the majority of the points are inside the limits

If a small number of points crossed the upper or lower control limit or deviate from the center line

If there has been a greater tendency and deviation

Our process is under control and no MAC layer misbehavior

The node is moving out of the transmission range.

The network is under

greedy attack

Figure 3 Block diagram of the detection scheme

Figure 4 A mobile ad hoc network

To illustrate our novel detection scheme, station A depicted in Figure 4 for instance, receives packets from the set defined by {B, C, D, E, F}.The purpose is to identify which among this set of stations is a greedy one. Therefore, this detection scheme is implemented at every station to designate the cheater station through the supervision of the average reception throughput and the mean inter-packets time by control charts. The control is performed automatically for every node belonging to this set of transmitters; ({B, C, D, E, F} is the transmitters' set of the station A).

For the computation of the thresholds (control chart parameters), we need a minimum of 20 values [13], but for the network monitoring, we draw every calculated value (for the throughput and for the inter-packets time). This is the real-time detection that we highlight in our paper. The detection scheme is performed at any receiving node for every transmitting station (as in Figure 4). In fact every node has the right to explore its received packets. We can emphasize that one honest node in the state of transmission is sufficient to calculate the control chart parameters.

The next section is dedicated to the performance analysis of the proposed detection scheme through NS-2 simulations. In our simulation parameters we used the shadowing model as a radio propagation model which is very near to the realistic radio propagation, taking into account the energy losses.

5. Performance evaluation

To achieve our detection method of the IEEE 802.11 MAC layer misbehavior [9], the simulator NS-2 can be used with some useful tools for processing traces files as explained by [8] and [11]. In our case we have chosen the simulator with the software platform and parameters depicted in Table 2.

Table 2 Platform and parameters.

Parameters Values

Computer HP Compaq 6730s

Operating system Ubuntu 10.10

Version of the simulator ns-2.34 [2]

Trace file processing language Perl

Graph construction tool Microsoft Excel 2007

Transmission rate (Mb/s) 2

MAC layer 802.11

Physical layer Direct Sequence Spread Spectrum

Simulation surface (m) 500x500

Transmission range (m) 250

Radio propagation model Shadowing

Traffic generator CBR Constant bit rate

Simulation time (s) 600

Packet size (byte) 1000

Routing protocol AODV

Node speed (m/s) Randomly selected between 0 and 15

Mobility model Random Way Point [15]

5.1. Computation of control limits

First, we calculated the control limits and center lines based on the results of the simulation in normal cases (without IEEE 802.11 MAC Layer Misbehavior) through equations from (6) to (12):

Table 3 Control charts parameters for throughput and inter-packets time

Chart type Chart Shewhart Shewhart control

parameters control chart for chart for inter-

throughput packets time

monitoring monitoring

Individual measurement UCL 0.49238 0.02372

CENTER LINE 0.41219 0.01982

LCL 0.33200 0.01591

Moving range UCL 0.09850 0.00480

CENTER LINE 0.03015 0.00147

LCL 0 0

Throughput, UCL, Center line, LCL

0 100 200 300 400

Time in s

(Throughput monitoring in normal case) Throughput moving range, UCL, Center line

5.2. Monitoring in normal case

In this case the two metrics (throughput and inter-packets time) are supervised in the control chart below composed by the control limits that we computed in the last section for a node in the network. As we can see in the control chart for throughput and the inter-packets time, curves oscillate on either side of the mean and the majority of the points are inside the limits. Obviously we can decide that this node communicates in an environment without greedy attack. If few points come out of the control limits, we can explain this fact by the movement outside of the transmission range.

Inter-packets time, UCL, Center

er line, LCL

500 600

0 100 200 300 400 500 600

Time in s

(Inter-packets time monitoring in normal case) Inter-packets time moving range, UCL, Center line

Time in s Time in s

(Throughput moving range monitoring in normal case) (Inter-packets time moving range monitoring in normal case)

Figure 5 Control charts monitoring in normal case (without greedy attack)

5.3. Monitoring in the MAC layer misbehavior case 5.3.1. First scenario (detection of the attacked)

In this monitoring case we note that when the throughput curve crossed the lower control limit and the inter-packets time curve crossed the upper control limit,

there is a strong deviation. Consequently we can decide that this node is under a MAC layer misbehavior attack. We can also lay emphasis on the absence of any great change for the moving range curves related to the deviations for the mean but not for the amplitude, due to the greedy behavior.

5 0.40

'-§ 0.35

Throughput, UCL, Center line, LCL

Inter-packets time, UCL, Center line, LCL

0.035 0.033 0.031 0.029 0.027 0.025 0.023 0.021 0.019

200 300 Time in s

(Throughput monitoring in attack case)

Throughput moving range, UCL, Center line

200 300

Time in s

(Inter-packets time monitoring in attack case) Inter-packets time moving range, UCL,

(Throughput moving range monitoring in attack case)

(Inter-packets time moving range monitoring in attack case)

Figure 6 Control charts monitoring of the attacked

5.3.2. Second scenario (detection of the attacker)

In this monitoring case we reveal that the throughput curve crossed the upper control limit and the inter-packets time curve crossed the lower control limit. There is a strong deviation, so we can decide that this node is a greedy one (this is the MAC layer misbehavior attack).

We can also focus on a change in the moving range curve of the inter-packets time resulting from an improvement of the transmission time for the attacker due to the greedy behavior.

Throughput, UCL, Center line, LCL

Inter-packets time, UCL, Center line, LCL

s 0.019

emi 0.017

p- 0.013

tnI 0.011

200 300 400

Time in s

(Throughput monitoring in attack case)

Throughput moving range, UCL, Center line

100 200 300 400 500 600 Time in s

(Inter-packets time monitoring in attack case) Inter-packets time moving range, UCL, Center line

Time in s

(Throughput moving range monitoring in attack case)

(Inter-packets time moving range monitoring in attack case) Figure 7 Control charts monitoring of the attacker

5.4. Generalization of the detection method

We plot the tolerance interval (the difference between the upper and lower control limits) as a function of the number of nodes. Our results are represented in the graphics below (Figure 8).

Small and random variations in curves are detected. We should compute the chart parameters for every number of nodes to obtain a better supervision of the network.

Throughput, Throughput moving range

Inter-packets time, Inter-packets time moving range

0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0

10 15 20

Number of nodes

10 15 20

Number of nodes

(The throughput tolerance intervals depending on the number of nodes) (The inter-packets time tolerance intervals depending on the number of nodes)

Figure 8 Tolerance intervals depending on the number of nodes

The detection thresholds and the tolerance interval depend on the number of nodes; therefore, each receiver updates these parameters for each number of transmitters. In our work we tested the detection scheme in an ideal environment which depends on the number of nodes with constant bit rate traffic. The statistical process control is a

useful and strong tool for supervising and detecting strong derivations in any type of environment (realistic or theoretical). Thus, the purpose is the separation of the extraordinary from the ordinary situations.

•a 0.7

6. Conclusion

The misbehavior at the MAC layer by changing the backoff mechanism can lead to performance degradation of the network. In this paper we tried to propose a novel detection scheme for this misbehavior based on the supervision of two metrics (reception throughput and inter-packets time) through statistical process control charts. Our detection scheme presents several advantages. It does not require any changes in the IEEE 802.11 protocol and it can be implemented at any receiving node. Its most significant advantage is the detection of such attack in real time by visual graphs. In the perspective, we will try to extend the proposed scheme by introducing other performance measurements in order to develop other detection systems that are easier than the previous ones. We also plan an implementation of the so-called detection strategy in a realistic environment.

References

[1] IEEE Standards Association. 2012. "IEEE 802.11 Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications." IEEE Standards Association (March): 818-40.

[2] Information Sciences Institute. 1995. "The Network Simulator -ns-2." Information Sciences Institute. Accessed July 10, 2015. http://www.isi.edu/nsnam/ns/.

[3] El Houssaini, M., Aaroud, A., Elhore, A., and Ben Othman, J. 2014. "Analysis and Simulation of MAC Layer Misbehavior in Mobile Ad-Hoc Networks." In Proceedings of the 5th International Workshop on Codes, Cryptography and Communication Systems, 50-54.

[4] V.R.Giri and N. Jaggi.«MAC Layer Misbehavior Effectiveness and Collective Aggressive Reaction Approach», Proceeding 33rd IEEE Sarnoff Symposium. Princeton, NJ, Apr. 2010, Pages 1-5.

[5] Hamieh, A., Ben-Othman, J., Gueroui, A., and Nait-Abdesselam, F. 2009. "Detecting Greedy Behaviors by Linear Correlation in Wireless Ad Hoc Networks." Presented at the IEEE International Conference on Communications (IEEE ICC), Dresden, Germany.

[6] Raya, M., Hubaux, J. P., and Aad, I. 2006. "DOMINO: Detecting MAC Layer Greedy Behavior in IEEE 802.11 Hotspots." IEEE Transaction Mobile Computing 5 (12): 1691-705.

[7] S. Szott, M. Natkaniec, R. Canonico, and A. R. Pach «Misbehaviour Analysis of 802.11 Mobile Ad-Hoc Networks - Contention Window Cheating», Med-Hoc-Net 2007, 12 June 2007, IonianAcademy, Corfu, Greece

[8] C. Bouras, S. Charalambides, M. Drakoulelis, G. Kioumourtzis, and K. Stamos, «A tool for automating network simulation and processing tracing data files», Simulation Modelling Practice and Theory,

Volume 30, January 2013, Pages 90-110.

[9] P.Kyasanur, and N. H. Vaidya, «Selfish MAC Layer Misbehavior in Wireless Networks», IEEE transactions on mobile computing, vol.4, no.5, september/october 2005.

[10] S.Szott, M. Natkaniec, and A. Banchs, «Impact of Misbehaviour on QoS in Wireless Mesh Networks», Proceeding NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference, P639 - 650, 2009.

[11] A. U. Salleh, Z. Ishak, N. M. Din, and M. Z. Jamaludin, «Trace Analyzer for NS-2», 4th Student Conference on Research and Development (SCOReD 2006), Shah Alam, Selangor, MALAYSIA, 27-28 June, 2006.

[12] Gupta, V., Krishnamurthy, S., and Faloutsos, M. 2002. "Denial of Service Attacks at the Mac Layer in Wireless Ad Hoc Networks." Presented at IEEE MILCOM, Anaheim, California.

[13] M. Pillet, Appliquer la maîtrise statistique des procédés MSP/SPC, 4th ed.Paris, France: Edition d'Organisation, 2005.

[14] Douglas Montgomery, C. 2008. Introduction to Statistical Quality Control, 6th ed. United States of America: John Wiley & Sons, Inc.

Bai, A. Helmy A, «A Survey of Mobility deling and Analysis in Wireless Ad-Hoc Networks» in Wireless Ad-Hoc and Sensor Networks, ed 2004.

[16] Tiwary, O. N. 2012. "Detection of Misbehaviour at MAC Layer in Wireless Networks." International Journal of Scientific and Engineering Research 3 (5), May: 909-12.

[17] Cardenas, A. A., Radosavac, S., and Baras, J. S. 2004. "Detection and Prevention of MAC Layer Misbehavior in Ad Hoc Networks." In Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, 17-22.

[18] G. Bianchi, "Performance analysis of the IEEE 802.11 distributed coordination function,", IEEE Journal on Selected Areas in Communications, vol. 18, no. 3, pp. 535-547, 2000

[19] Y. Rong, S.-K. Lee, and H.-A. Choi, "Detecting Stations Cheating on Backoff Rules in 802.11 Networks Using Sequential Analysis," Proc. IEEE INFOCOM, Apr. 2005.

[20] L. H. C. Tippett, "On the extreme individuals and the range of samples taken from a normal population,'' Biometrika, v. 17, 1925, p. 364-387.

Amer [15] F. B Mode Netw