Hybrid Trust Model for Node-Centric Misbehavior Detection in Dynamic Behavior-Homogeneous Clusters

Abstract

In vehicular ad hoc networks (VANETs), the presence of untrustworthy nodes poses a significant threat, impacting the network’s reliability. This has led to the emergence of node-centric misbehavior detection as a crucial aspect of VANET security, focusing on the behavior of vehicles rather than the content of their interactions. While the trust model is a popular approach, the computational complexity of trust computations and management in VANETs is attributed to the intricate relationships among vehicles and the dynamic autonomous movement of nodes. To tackle these challenges, we developed a hybrid trust model scheme for node-centric misbehavior detection. Our method represents complex vehicular relationships using a hyper-graph within a dynamic behavior-homogeneous cluster. The model incorporates direct and indirect trust in a multi-layered hybrid trust framework, enabling accurate computation of the aggregate trust level for each cluster member vehicle. Experimental results demonstrate the effectiveness of our scheme, particularly in high-density vehicle cooperation scenarios, highlighting its promising ability to detect misbehaving nodes.

1. Introduction

Vehicular ad hoc network (VANET) systems, leveraging advanced communication technologies, have achieved a seamless interconnection among vehicles, roads, and cloud services, rendering VANETs complex and open networks. The complexity of VANETs is primarily manifested in the diverse types of vehicle nodes, dynamically varying network topologies, and unique characteristics of participating entities and behaviors [1]. Participants in VANETs confront information security threats from both external and internal attackers across all spatial and temporal dimensions.

External attackers in VANETs refer to malicious users attempting to infiltrate the network from outside [2]. These attackers lack direct access to VANET resources and cannot participate in the network’s information exchange. Cryptographic technologies are commonly employed to ensure security and defend against external attackers. On the other hand, internal attackers are misbehavior nodes that have penetrated the network and engaged in information exchange. Despite possessing legitimate access, authenticated misbehavior nodes may intentionally manipulate data, disseminate false information, and replay messages. Compared to external attackers, internal attackers with certain levels of privileges pose a potentially more severe threat to VANETs. Therefore, detecting misbehavior nodes in VANETs is a crucial research direction.

Current research on misbehavior detection in VANETs primarily focuses on data dimension, targeting anomalies caused by threatening behaviors [3,4,5,6]. However, these approaches often concentrate solely on data anomalies and overlook other factors that might influence misbehavior, such as the interaction between vehicle nodes, and fail to analyze the behavioral characteristics of vehicle nodes, such as interactions with neighboring vehicles and movement patterns. To address these limitations, some scholars propose that trust management effectively identifies misbehavior vehicles in VANETs [7,8,9,10]. Compared to other methods of detecting misbehavior vehicles, such as watchdog and network monitoring mechanisms, trust model-based node-centric misbehavior detection is suitable for highly dynamic VANET scenarios. It evaluates multiple dimensions of vehicle nodes, including historical behavior, feedback from neighboring nodes, and data authenticity, thereby enhancing the accuracy of misbehavior detection. Trust models typically combine direct and indirect trust assessments, offering a comprehensive evaluation of vehicle node trustworthiness. Even in the face of attackers attempting to tamper with or forge trust values, trust models maintain high robustness. Additionally, trust models are often based on cooperation among vehicle nodes, positively influencing information-sharing, resource allocation, and multi-vehicle collaboration in VANETs. Despite their advantages, trust-based misbehavior vehicle detection also faces a series of challenges. Due to the dynamic, complex, and diverse nature of VANETs, static trust management struggles to capture real-time changes and influences between vehicle nodes. Moreover, complex interrelationships among different types of nodes and vehicles in VANETs make it challenging for static trust management based on historical information to fully reveal the true behavior and trust status of vehicle nodes in the network. Static trust management systems often lack the flexibility to adapt to changing environments or evolving threats, potentially leading to outdated or inappropriate trust assessments. Additionally, they fail to incorporate real-time data or user behavior, which can result in a less accurate representation of the current trustworthiness of entities within a network [11].

In response to these challenges, this study proposes a hybrid trust model detection scheme tailored to the dynamic and intricate nature of VANETs. The scheme aggregates trust values for the same vehicle node from diverse dimensions and information sources within behavior-homogeneous clusters. Subsequently, these trust values are adjusted through various interrelationships, enhancing their credibility and safety. Moreover, the proposed scheme further combines the interrelationships and interactions between vehicle nodes to augment the accuracy and robustness of trust assessments. The main contributions of this paper are as follows:

[1]

Proposing a method for the dynamic segmentation of behavior-homogeneous clusters.

[2]

Investigating the weights of interrelationships among vehicles within a cluster.

[3]

Introducing a method for identifying misbehavior nodes in complex networks within dynamic behavior-homogeneous clusters based on a hybrid trust model.

The organization of the rest of the paper is as follows: Section 2 introduces the system model, laying the foundation for the proposed framework. Section 3 explains the segmentation of dynamic behavior-homogeneous clusters. Section 4 focuses on mining complex relationship weights within dynamic vehicle clusters using a hypergraph model. Section 5 presents the computation of hybrid trust values based on weighted vehicle behavior and interrelationship weights. Section 6 details a collaborative node-centric approach for misbehavior detection using hybrid trust values. Section 7 provides a comprehensive performance analysis of the proposed methods. Finally, the conclusion discusses future research directions.

2. Related Work

Vehicular ad hoc networks (VANETs) aim to enhance traffic management and minimize road accidents by offering various safety applications [12]. VANETs include connected vehicles, natural vehicles, Roadside Units (RSUs), Global Navigation Satellite Systems (GNSS), and cloud platforms. In a vehicle network, vehicular communications comprise Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I), Vehicle-to-Pedestrian (V2P), and Vehicle-to-Network (V2N) communications, collectively referred to as Vehicle-to-Everything (V2X) communications [13], as Figure 1 shown.

A.

Trust-based detection

The trust-based detection algorithm relies on both nodes’ the historical and current trust levels. Michiardi and Molva were the first to propose a collaborative trust mechanism called CORE [14], built on the Dynamic Source Routing (DSR) routing protocol. This mechanism encourages cooperation among nodes by observing their behavior and implementing a trust evaluation system. Abirami and Sumithra [15] adopted a credit-based approach to incentivize collaboration by assigning credits to nodes. Their proposed routing algorithms assess neighbor nodes based on credit values and enhanced credit mechanisms. This credit-based system rewards and penalizes nodes for transmitting and receiving packets while leveraging cooperative game theory to detect and manage selfish behavior within the network. Similarly, Marias et al. [16] introduced the CORE approach, where each network participant employs a trust system to evaluate the involvement of other members. Trust scores are calculated based on data observed locally and information shared by other nodes engaged in network activities. Nodes with high trust scores gain access to network resources, whereas those with low scores are restricted.

While trust-based detection mechanisms evaluate historical and current trust levels to identify misbehavior, they face significant scalability challenges. These methods often rely on node-to-node interactions and trust evaluations, which are difficult to scale effectively in large and highly dynamic VANETs.

B.

RSU-aided detection

Some misbehavior detection schemes utilize fixed RSUs as cluster heads to manage vehicle clusters. These RSUs group vehicles within their communication range and monitor exchanged information in the area to identify and filter out anomalous data [17,18]. Such detection mechanisms [19,20] primarily address issues like disseminating false position information and Sybil attacks in VANETs. RSUs play a key role in verifying the authenticity of a node’s location through a series of checks, including acceptance range validation, maximum speed limit verification, node density evaluation, speed consistency analysis, and time interval confirmation. Additionally, various technologies, such as trajectory tracking and identity monitoring, enhance RSU-based detection mechanisms.

RSU-aided detection, on the other hand, struggles with the high mobility and random distribution of vehicle nodes, making it challenging to accurately identify anomalous nodes within the fixed coverage area of RSUs.

C.

Node collaboration detection

This approach relies on exchanging additional information among neighboring vehicles to detect misbehavior. Leinmüller et al. [21] initially proposed a data-centric method that used proactive neighbor table exchange in node-centric detection. Their position verification strategy combined proactive sharing of neighbor tables with reactive position requests. Vehicles share their neighbor tables and verify whether the reported positions correspond to their observations. Building on this, Van der Heijden et al. [22] introduced a statistical model-based system where vehicles calculate and broadcast a flow parameter. This system utilized location data and applied subjective logic for misbehavior detection, enhancing two key processes: the Acceptance Range Threshold (ART) and Proactive Neighbor Exchange.

Node collaboration detection, which depends on information exchange among neighboring vehicles and lacks the support of reliable infrastructure-based detection, is vulnerable to malicious nodes broadcasting false or manipulated information, ultimately compromising the accuracy of detection mechanisms.

Based on the previous review, node-centric detection in VANETs faces several critical challenges. First, vehicle networks’ high mobility and dynamic nature make it difficult to maintain accurate and reliable trust assessments over time. Second, the random distribution of vehicle nodes adds complexity, as the detection mechanism must adapt to constantly changing network topologies. Third, malicious nodes can manipulate or broadcast false information, compromising the accuracy and reliability of detection mechanisms. Finally, the lack of a comprehensive framework to integrate multidimensional trust information and interrelationships between nodes reduces the robustness of existing detection approaches, making it challenging to identify anomalous behavior in complex and large-scale networks. Consequently, our scheme utilizes a layered trust assessment within Dynamic Behavior-Homogeneous Clusters to compute a composite trust value. Leveraging hypergraph mining quantifies the trust value weights based on node relationships, thereby effectively identifying anomalous nodes in the region that fall below the trust threshold.

3. Methodology

Our proposed scheme addresses these issues by employing a layered trust assessment within dynamic behavior-homogeneous clusters. It dynamically segments clusters based on behavioral similarity, enabling localized and scalable trust evaluations that adapt to the high mobility of VANETs. The scheme aggregates trust values from diverse information sources and adjusts them using nodes’ interrelationships, enhancing trust assessments’ credibility and reliability. By combining interrelationships with node interactions, our approach mitigates the impact of false or manipulated data, improving robustness against malicious behavior. Additionally, the hybrid trust model effectively identifies misbehavior in complex networks, achieving a balance between accuracy and efficiency and overcoming the limitations of traditional node-centric detection methods.

3.1. System Model

Our trust assessment model is structured around two topological layers: intra-cluster topology and inter-cluster topology. The inter-cluster topology utilizes centralized trust management methods through RSUs and global cloud controllers, while the intra-cluster topology employs distributed trust management methods. The hierarchical trust assessment model conducts layered composite trust value assessments through dynamic vehicle nodes, cluster head layers, and RSU layers. Finally, anomalous vehicles are identified at the cloud layer based on the composite trust values. The detection model is depicted in Figure 2, where vehicles of the same color belong to the same cluster, and the red vehicle serves as the cluster head.

• Vehicle Node Layer: Each vehicle node computes its total trust value by integrating both direct trust (self-observed behavior) and indirect trust (recommendations from neighboring vehicles).
• Cluster Head Layer: The cluster head aggregates the total trust values of member vehicles within its cluster, computing an average total trust value for the cluster. This calculation incorporates association weights, quantifying the strength of relationships between individual vehicles and their cluster.
• RSU Layer: The RSU further refines the trust evaluation by aggregating trust data from multiple clusters within its coverage area. A global hybrid trust value is computed considering inter-cluster associations and vehicle trust assessments.
• Cloud Controller Layer: The cloud controller collects hybrid trust values from RSUs across different regions. A trust threshold range is dynamically computed using a consistency parameter.

Vehicles are classified as trustworthy, malicious, and pending inspection. Vehicles flagged as malicious are identified as misbehaving nodes within the VANET.

3.2. Overview of the Proposed Scheme

Assuming the evaluation of composite trust values and misbehavior detection for vehicles, the computation process of the composite trust value in the hierarchical trust model based on behavior-homogeneous vehicle clusters proceeds as follows:

Initially, at the vehicle node layer, the total trust value of the vehicle is derived by calculating its direct and indirect trust values. Subsequently, at the cluster head layer, the average total trust value of a vehicle within the vehicle cluster is computed based on the reported total trust values of multiple vehicles and the weights of the association between member vehicles and the vehicle cluster. Then, at the RSU layer, the global hybrid trust value of the vehicle is calculated by considering the average total trust values of multiple vehicles provided by different vehicle clusters and the weights of the association between these clusters. Finally, through the RSU, the cloud controller collects the hybrid trust values of various vehicle nodes within the region. Utilizing a consistency parameter, a trust threshold range is computed. Through a series of decision-making logic, nodes are classified into three categories: trustworthy, malicious, and pending inspection. Nodes identified as malicious are recognized as exhibiting misbehavior within the vehicular network.

Our proposed scheme consists of four main stages:

• Segmentation of Dynamic Behavior-Homogeneous Vehicular Clusters

In this stage, vehicles are grouped based on behavioral similarity to enhance trust evaluation.

• Mining of Complex Relationship Weights in Dynamic Vehicle Clusters

This stage focuses on extracting and modeling vehicle association relationships, ensuring accurate trust propagation during the trust computation process.

• Hybrid Trust Value Computation Based on Weighted Vehicle Behavior

Trust values are computed hierarchically across multiple layers in this stage, and direct and indirect trust assessments are integrated.

• Collaborative Node-Centric Misbehavior Detection

This process occurs in three layers, implementing a multi-layered mechanism to identify and mitigate malicious behavior within the vehicular network.

The notations employed in the scheme are detailed in

Table 1. Notations and Description.

Notations	Description
$HG$	Representing dynamic vehicle clusters using hypergraphs
$V$	vertices in the hypergraph
$e$	Hyperedges in the hypergraph.
$\omega$	weight for hyperedge
$h(v,e)$	The hyperedge function for nodes
H	The total number of hyperedges in the hypergraph
$\delta (e_k)$	the degree of a hyperedge $e_k$
$d(v_i)$	the degree of a vertex $v_i$, indicating the number of edges encompassing the vertex
$S(v_i)$	The set of nodes connected to the vehicle node $v_i$
$L(v_i)$	The number of directed edges emanating from node $v_{\mathrm{i}}$
$Au(v_i)$	The authority of vehicle nodes
$R{e}_{ij}(v_i,v_j)$	The association between vehicle nodes
$R{v}_i(V)$	The relationship between node $v_i$ and the vehicle cluster V
$R_C(i,j,t)$	The association between adjacent vehicle clusters
$T_{d}V(v_i)$	The direct trust value of a vehicle node
$V_L$	The speed limit of the current road segment
$M$	The standard transmission frequency of sensor nodes
$m_i$	The actual transmission frequency of the vehicle node $v_i$
$S_i$	The number of scans conducted by the sensor node i
$T_{d}TF(v_i)$	The direct trust value assessed based on the transmission frequency
${\tau }_1$ and ${\tau }_2$	The weighting coefficient
$\delta$	The fault tolerance coefficient
$Thr{e}_{TF}$	The threshold of transmission frequency representing the upper limit of scan counts
${RSSI}_{receive}(v_i)$	The RSS strength of $v_i$
$D_{RSSI}$	The distance between vehicle nodes
$D_{norm}Min$	The minimum distance threshold between nodes
$D_{norm}Max$	The maximum distance threshold between nodes
$T_d(v_i)$	The direct trust value of vehicle $v_i$
${\alpha }_j$	The weighting coefficient
$R_j$	Trust assessed through various observational indicators.
$k$	Constant parameter
$T_r(v_i)$	The indirect trust value of vehicle $v_i$
$T_{tot}(v_i)$	The total trust value
$\mu ,\gamma$	The weights of direct and indirect trust values
$T_{tot}(v_i)$	The total trust list of neighboring vehicles
$T_{totm}(v_i)$	The average total trust value of $v_i$
$n$	The frequency of occurrence of the total trust value of vehicle $v_i$
$T_{tot}^j(v_i)$	The total trust value of vehicle $v_i$ computed by vehicle $v_j$
$T_{glob}(v_i)$	The global trust value
$T_{totm}^{Ci}(v_i)$	The average total trust value
$T$	The time range for direct trust calculation
$L(t_0-t_k)$	Time distance
$T_{glob}{(v_i)}^T$	The direct trust within the sliding time window T
$Av(v_i)$	The consistency parameter
$T_{thresh}^v(v_i)$	The trust threshold of vehicle $v_i$ at the vehicle layer
$T_{thresh}^{C_i}(v_i)$	The trust threshold of vehicle $v_i$ at the cluster head layer
${\omega }_t$	The periodic check parameter

.

4. Segmentation of Dynamic Behavior-Homogeneous Vehicular Cluster

The limitations of wireless signals and physical spatiotemporal boundaries mean that detection algorithms covering the entire spatiotemporal spectrum could lead to high computational demands and reduced efficiency. To overcome this, the proposed research suggests segmenting VANETs into clusters with high behavioral homogeneity and strong interconnectivity. By focusing node-centric detection on vehicle clusters with similar behaviors, this method optimizes the detection process within the dynamic environment of VANETs, addressing the challenges of timeliness and information redundancy.

4.1. Dynamic Cluster Head Selection

In a vehicular network environment, the formation of a vehicle cluster occurs when at least two vehicles are within a range that allows mutual reachability, as determined by their respective Received Signal Strength (RSS). In other words, two vehicles must be within each other’s RSS communication range to form a cluster. A vehicle cluster is a collection of vehicles within a 300 m radius centered around a mobile vehicle cluster head. The cluster head vehicle generates and distributes group keys within the vehicle cluster. The dynamism and flexibility of the vehicular network are evidenced by the possibility of multiple vehicle clusters and the same vehicle being a member of different clusters. The selection of a dynamic Cluster Head (CH) is categorized into three scenarios: initialization, update, and departure.

• Cluster Initialization

At the initiation of a region, the first vehicle to initiate communication authentication through the RSU and succeed is selected as the Cluster Head (CH). The second vehicle to initiate communication authentication within the same range is chosen as the Backup Cluster Head (BCH).

• Cluster Head Update

The trust value is assessed based on vehicle behavior, and potential cluster head vehicles are elected based on this trust value. The vehicle with the highest trust value in the group is considered the potential CH, and the one with the second-highest trust value is seen as the potential backup CH.

• Cluster Head Departure

There are two scenarios for the departure of the cluster head from the current area: the CH voluntarily leaving the vehicle cluster and the CH being out of the current range. When the CH voluntarily leaves, it notifies the area’s RSU of its departure and delegates the CH responsibilities to the BCH. Not all vehicles selected by the previous CH may be within the communication range. Therefore, after the BCH becomes the new CH, the vehicle cluster needs to be reorganized and updated according to the current situation and the group key. If the CH is out of range, the vehicle members of the group will detect whether it is still within communication range by periodically receiving messages from the CH. If no message from the CH is received within a certain time (e.g., 300 ms), the cluster members will delete the cluster ID and apply to join another vehicle cluster.

4.2. Clustering Method

In the adaptive clustering method, the cluster head vehicle clusters are based on three parameters: arrival angle, RSS, and inter-vehicle distance. This section focuses on dynamic vehicle cluster heads, transforming the clustering rules based on transmission angle into N equidistant transmission angles $(A_1,A_2,A_3,\dots ,A_n)$, with each transmission angle denoted as $360°/N$. The cluster head vehicle can establish N directional groups by assigning each transmission angle to a unique cluster member vehicle, as shown in Figure 3. Therefore, the characteristic parameters of different dynamic behavior-homogeneous vehicle clusters defined by the transmission angle and RSS are as follows:

$$\left\{\begin{array}{c}{\theta }_{\mathrm{x}}-{\theta }_y\le {\displaystyle \frac{360°}{N}}\\ S_N=(\mathrm{Cos}{\theta }_N,\mathrm{Sin}{\theta }_N)\\ RS{S}_x-RS{S}_y\le 1-e^{-{\displaystyle \frac{V_t-V_{t-1}}{a}}}\\ \Delta RSS\le 1-e^{-{\displaystyle \frac{\Delta V}{a}}}\\ d\le {\mathrm{T}}_{\mathrm{r}}\cdot (1-\epsilon )\end{array}\right.$$

(1)

where, apart from ${\theta }_x$ and ${\theta }_y$ representing the arrival angles of the vehicle, $S_N$ is the directional vector of any vehicle N.

5. Mining of Complex Relationship Weights in Dynamic Vehicle Clusters

This section emphasizes the detection of misbehavior nodes by evaluating the trustworthiness reflected in their interactions and relationships. Existing research reflects that trust among nodes evolves dynamically through repeated collaborations and communications. Positive interactions over time strengthen trust relationships, and analyzing interactions and associations is crucial in trust evaluation. Therefore, our approach integrates the representation and mining of complex associative relationships between vehicles and between vehicles and clusters. Specifically, a hypergraph-based model is employed to represent dynamic vehicle clusters, enabling the effective assessment of relationship weights and their influence on trust evaluation throughout the process.

5.1. Vehicle Cluster Representation Method Based on Hypergraph Model

To address the multidimensional, dynamic, and complex interaction relationships between vehicle nodes, the hypergraph model is employed to represent the connections between pairs of vehicle nodes and hyperedges [23,24]. A hyperedge can connect any number of nodes, and a node can appear in multiple hyperedges, as shown in Figure 4, where different colors represent different vehicle clusters.

This section constructs a relationship mining model based on hypergraph theory for the multidimensional dynamic vehicle cluster characteristics. This model quantifies the impact weights between vehicle nodes, vehicle clusters, and vehicle node behaviors. In dynamic vehicle clusters, relationship mining is divided into three categories: relationships between vehicle nodes, relationships between vehicle nodes and vehicle clusters, and relationships between vehicle clusters.

The dynamic vehicle clusters defined by the hypergraph model represent a ternary relationship $HG=(V,E,\omega )$. Here, $V$ represents the set of hypergraph vertices, with each node representing a vehicle node $v$ in the cluster. $E$ represents the collection of hyperedges in the hypergraph, and $\omega$ represents the collection of weights for each hyperedge. Unlike general graphs, hypergraphs have clustering characteristics because a hyperedge can connect to any number of vertices. Thus, a hyperedge $e_{1-i}$ is a collection of vertices $(v_1,v_2,\dots ,v_n)$. If a hyperedge $e_{ij}$, which represents the connection between $v_i$ and $v_j$, contains two vertices, then $v_i$ and $v_j$ are considered adjacent.

If a vertex $v_g$ belongs to two hyperedges $e_i$ and $e_j$, then $e_i$ and $e_j$ are adjacent. The weight $\omega$ of each hyperedge represents the importance or confidence level of the relationship between nodes. Specifically, the relationship equations of hypergraphs, nodes, and hyperedges in the hypergraph model can be expressed as follows.

$$\begin{array}{l}h(v_i,e_k)=\left\{\begin{array}{c}1,\hspace{1em}{v}_i\in e_k\\ 0,\hspace{1em}{v}_i\notin e_k\end{array}\right.\\ \delta (e_k)={\displaystyle {\sum }_{v_i\in V}h(v_i,e_k)=}\left|e_k\right|\\ d(v_i)={\displaystyle {\sum }_{e_i\in E}h(v_i,e_k)\omega (e_k)=}{\displaystyle {\sum }_{e_k\in E|v\in e}\omega (e_k)}\end{array}$$

(2)

where $h(v,e)$ represents the node-hyperedge function, $\delta (e_k)$ denotes the degree of hyperedge $e_k$, i.e., the number of nodes contained in the hyperedge. $d(v_i)$ represents the degree of vertex $v_i$, i.e., the number of edges the vertex is included in.

5.2. Association Relationship Mining Based on Hypergraph Model

A single vehicle node may belong to multiple clusters in dynamic vehicle clusters. To improve the accuracy of mixed trust values and reduce the influence of different association relationships on trust value calculation, it is necessary to further mine the authority of the node itself, the relationship between the node and vehicle clusters, and between vehicle clusters. These relationships are then incorporated as influence weights to calculate subsequent mixed trust values.

• Calculation of Vehicle Node Authority

Assuming that is the set of nodes $S(v_i)$ connected to vehicle node $v_i$, and $L(v_i)$ is the number of directed edges connected to the node $v_i$. The authority of $v_i$ is represented as $Au(v_i)$, which is calculated as:

$$Au(v_i)={\displaystyle \frac{(1-d)}{N}}+d{\displaystyle \sum _{v_i\in S(v_i)}\frac{Au(v_j)}{E(v_j)}}$$

(3)

The authority of a node can be calculated using Equation (3), where the constant $d,0<d<1$ is a damping factor typically set to 0.85 [25].

• Mining of Association Relationships Between Vehicle Nodes

The model defines the association relationship between two vehicle nodes $v_i$ and $v_j$ as, in which |H| represents the total number of hyperedges in the hypergraph:

$$R{e}_{ij}(v_i,v_j)={\displaystyle \sum _{k=1}^{\left|H\right|}\frac{h(v_i,e_k)\cdot h(v_j,e_k)\cdot {\omega }_e}{\delta (e_k)}}$$

(4)

The more hyperedges two nodes share, the higher their degree of association.

• Mining of Association Relationships Between Vehicle Nodes and Vehicle Clusters

Assume a vehicle node $v_i\in V$, where $V$ is a vehicle cluster. If hyperedge $e_{i-j}$ and $v_i$ the set of vehicle nodes in the same hyperedge as are given, then the association relationship between node $v_i$ and vehicle cluster $V$ is defined as:

$$R{v}_i(V)={\displaystyle \frac{|e_{i-j}\cap V|}{\left|V\right|}}$$

(5)

The more vehicle nodes $v_i$ in hyperedge $e_{i-j}$ overlap with vehicle cluster $V$, the higher the degree of association between node $v_i$ and vehicle cluster $V$, thus increasing the influence weight.

• Mining of Association Relationships Between Vehicle Clusters

Assume two vehicle clusters $C_i$ and $C_j$. If there is a hyperedge between $C_i$ and $C_j$, then $C_i$ and $C_j$ are adjacent vehicle clusters. The association relationship between vehicle cluster $C_i$ and $C_j$ is defined as:

$$R_C(i,j,t)=\max \left\{s(v_i,v_j,t)|v_i\in C_i\wedge v_j\in C_j\wedge \{v_i,v_j\}\in E_{ij}\right\}$$

(6)

Here, $E_{ij}$ represents a set of hyperedges in the hypergraph $HG=(V,E,\omega )$ at time t.

This translation and summary explain how the hypergraph model is used to analyze the complex relationships within dynamic vehicle clusters, focusing on the authority of individual nodes, inter-node associations, and the relationships between nodes and clusters, as well as between different clusters. Using hypergraphs allows for a more nuanced understanding of these relationships, which is crucial for trust value calculations and anomaly detection in vehicular networks.

6. Hybrid Trust Value Based on Weighted Vehicle Behavior

In vehicular networks, vehicle state information falls under the category of basic safety-related information, such as Cooperative Awareness Messages (CAMs) and Basic Safety Messages (BSMs). These messages are time-triggered [26], exchanged at a fixed frequency (1–10 Hz) using a single-hop broadcast distribution mechanism as illustrated in Figure 5, which depicts the distribution mechanism of basic safety-related information in vehicular networks. They include identity information, specific data like driving speed, geographical location, and driving direction over a certain period, and static vehicle behavior information. This information encompasses aspects like direction, speed, acceleration, curvature, and the confidence level of yaw rate, etc. To ensure the integrity and authenticity of this information, basic safety messages also contain a digital signature and a public key for signature verification [27].

6.1. Trust Value Initialization

Based on the hierarchical trust assessment model, the derived composite trust values are normalized to fall from 0 to 1. A trust value closer to 1 indicates a higher level of node trustworthiness. In this context, a trust value of 0 signifies complete distrust, while a value of 1 indicates absolute trust. During the initialization phase, vehicle nodes are considered to be in a neutral state, neither fully distrusted nor entirely trusted. Hence, the initial trust value of a vehicle node is set at 0.5 to ensure neutrality [28].

6.2. Vehicle Node Layer Trust Value Computation

The total trust value at the vehicle node layer is calculated based on past direct interactions between nodes [29,30] and feedback from other nodes [31], separately computing direct and indirect trust values. Direct trust values are assessed based on data directly received from single-hop broadcast mechanisms, while indirect trust values are derived from feedback trust values received from neighboring vehicles. To objectively evaluate the credibility of a vehicle node, weights are used to balance the proportion of direct and indirect trust, ultimately yielding the total trust value at the vehicle node layer.

1)

Direct Trust Value

In normal mode, interaction information mainly consists of vehicle ID, current position, speed, and status. The direct trust value is evaluated by neighboring vehicles based on the speed, transmission frequency, and node distance indicators from the single-hop broadcast messages.

• Direct Trust Based on Node Speed

The direct trust value based on vehicle speed in interaction information is calculated by comparing the vehicle node’s speed with the normal vehicle speed given by the Intelligent Transportation System (ITS) center of the current road section, as follows:

$$T_{d}V(v_i)=\left\{\begin{array}{c}0.3\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}V(v_i)<0.7V_L\mathrm{or}V(v_i)>1.3V_L\hfill \\ 0.5\hspace{1em}0.7V_L<V(v_i)<0.85V_L\mathrm{or}1.15V_L<V(v_i)<1.3V_L\\ 0.7\hspace{1em}0.85V_L<V(v_i)<0.9V_L\mathrm{or}1.1V_L<V(v_i)<1.15V_L\\ 0.9\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}0.9V_L<V(v_i)<1.1V_L\hfill \end{array}\right.$$

(7)

The direct trust value assessed by vehicle $v_i$ based on the speed $V(v_i)$ in the interaction information is denoted as $T_{d}V(v_i)$, where $V_L$ is the speed limit of the current road segment. Consequently, the trust value is determined as follows:

-

If $V(v_i)$ exceeds the speed limit by more than 30% or is below the speed limit by more than 30%, the trust value is set to 0.3.

-

If $V(v_i)$ is between +30% to +15% or −30% to −15% of the speed limit, the trust value is set to 0.5.

-

If $V(v_i)$ is between +15% to +10% or −15% to −10% of the speed limit, the trust value is set to 0.7.

-

If $V(v_i)$ is within +10% to −10% of the speed limit, the trust value is set to 0.9.

This method of trust value assessment is illustrated in Figure 6.

• Direct Trust Based on Transmission Rate

The transmission frequency of sensor data is usually fixed, making it an important indicator for monitoring node behavior. When the network is stable, the relay nodes for each vehicle sensor node are stable. Therefore, it can be assumed that if a sensor node’s behavior in scanning and detecting other relay nodes is abnormal, this will affect its trust value. The standard transmission frequency of a sensor node is set as $M$ standard, and the actual transmission frequency of the $ith$ vehicle node $v_i$ is denoted as $m_i$. The number of scans performed by the sensor node $i$ is denoted as $S_i$. The method for calculating the direct trust $T_{d}TF(v_i)$ based on transmission frequency is as follows:

$$\begin{array}{l}{T}_{d}TF(v_i)={\tau }_{1}k+{\tau }_2({\displaystyle \frac{Di{f}_i^{TF}}{Thr{e}_{TF}}})\\ Di{f}_i^{TF}=\left|S_i-Thr{e}_{TF}\right|\\ k=\left\{\begin{array}{cc} 0\hfill & m_i<(M-\delta ),m_i>(M+\delta )\\ 1\hfill & (M-\delta )<m_i<(M+\delta )\end{array}\right.\end{array}$$

(8)

where ${\tau }_1$ and ${\tau }_2$ are weight coefficients, $0<{\tau }_1,{\tau }_2<1$ and ${\tau }_1+{\tau }_2=1$. $\delta$ is fault tolerance coefficient. The threshold of transmission frequency $Thr{e}_{TF}$ represents the upper limit of scanning times.

• Calculation of Trust Value Based on Node Distance

When the distance between vehicle nodes is less than a specific threshold, malicious nodes may be tailgating or causing accidents. Conversely, if the distance between vehicle nodes exceeds a specific threshold, it could indicate malicious nodes causing traffic congestion due to idling. RSS is a part of the wireless transmission layer that can determine link quality and whether there is a need to increase the strength of broadcast transmissions. Therefore, using the RSS attenuation model, the distance between nodes can be calculated [32], which in turn helps further determine a node’s direct trust value. The specific expression for this calculation is as follows:

$$\begin{array}{l}{T}_{d}D(v_i)=\left\{\begin{array}{c}-1\hspace{1em}{D}_{RSSI}>D_{norm}Max \mathrm{or} D_{RSSI}<D_{norm}Min\hfill \\ 1\hspace{1em}\hspace{1em} D_{norm}Min<D_{RSSI}<D_{norm}Max\hfill \end{array}\right.\\ D_{RSSI}={10}^{{\displaystyle \frac{10-RSS{I}_{receive}(v_i)}{10\lambda }}}\end{array}$$

(9)

Here, $RSS{I}_{receive}(v_i)$ represents the RSS strength for vehicle $v_i$, $D_{RSSI}$ is the distance between vehicle nodes, $D_{norm}Min$ is the minimum threshold distance between nodes, and $D_{norm}Max$ is the maximum threshold distance between nodes. Considering the previous analysis, the final direct trust value of a vehicle node is calculated based on three indicators from the interaction information: speed, transmission frequency, and node distance. The geometric mean can be used to consider different parameters [33]. Assuming $T_{d}V(v_i)=R_1$, $T_{d}TF(v_i)=R_2$ and $T_{d}D(v_i)=R_3$ are the trust values calculated from these respective indicators, the calculation process for the direct trust value of a vehicle $v_i$ is as follows:

$$T_d(v_i)={\left[\prod _{j=1}^k{\alpha }_j{R}_j\right]}^{1/k}$$

(10)

where ${\alpha }_j$ are weight coefficients, $R_j$ is the trust assessed through different observation indicators, and $k$ is a constant parameter.

2)

Indirect Trust Value

The indirect trust value of a vehicle is determined based on the information provided by neighboring vehicles. Therefore, the indirect trust $T_r(v_i)$ of vehicle $v_i$ is evaluated based on the direct trust values about vehicle $v$ received from its neighboring vehicles $v_j$. Since the degree of association differs between nodes, the trustworthiness of the feedback from a node with a high degree of association is more reflective of the actual situation of vehicle $v_i$ compared to a node with a low degree of association. Hence, the degree of association between nodes is used as a weight in the calculation of indirect trust values.

The indirect trust value of vehicle $v_i$ is calculated by taking a weighted average of the trust values about vehicle $v_i$ provided by other vehicles, with each data point being independent and not influencing each other. Assume that the trust value about vehicle $v_i$ provided by vehicle $v_j$ is $T_r^j(v_i)$, and the association weight between vehicles $v_j$ and $v_i$ is ${\omega }_{ij}=R{e}_{ij}(v_i,v_j)$, where $i\ne j,j=\left[1,n\right]$. The expression for the indirect trust value is as follows:

$$T_r(v_i)={\displaystyle \frac{1}{n}}{\displaystyle \sum _{j=1}^n{\omega }_{ij}{T}_r^j(v_i)}$$

(11)

3)

Total Trust Value

The total trust value is calculated using the direct and indirect trust values of a vehicle, as per the following formula:

$$T_{tot}(v_i)=\mu T_d(v_i)+\gamma T_r(v_i)$$

(12)

$\mu$ and $\gamma$ represent the weights for the direct and indirect trust values, respectively, where $\gamma$ is defined as $1-\mu$. When $0.5<\mu <1$ is set, it implies that the direct trust value is reliable while not neglecting the indirect trust value.

The update of the total trust value is a smooth iterative update based on the previous trust value, and the method is as follows:

$$T_{tot}(v_i)=\sigma {T_{tot}}^t(v_i)+\rho {T_{tot}}^{t-1}(v_i)$$

(13)

In this formula, ${T_{tot}}^t(v_i)$ represents the total trust value at time $t$, and ${T_{tot}}^{t-1}(v_i)$ represents the total trust value at the previous time period $t-1$. $\sigma$ represent the proportions of the current $t$. $\rho$ represent the proportions of the previous time periods $t-1$. And $\epsilon$ is a threshold. When the difference between the total trust values at times $t$ and $t-1$ is less than the threshold $\epsilon$, ${T_{tot}}^t(v_i)-{T_{tot}}^{t-1}(v_i)\le \epsilon$. Then, the trust value is not updated, as shown:

$$\sigma =1,\rho =0$$

(14)

When ${T_{tot}}^t(v_i)-{T_{tot}}^{t-1}(v_i)>\epsilon$, the calculation methods for $\sigma$ and $\rho$ are as follows:

$$\sigma =1-\rho ,\rho =0.5-{\displaystyle \frac{[{T_{tot}}^t(v_i),{T_{tot}}^{t-1}(v_i)]}{2\epsilon }}$$

(15)

As the difference between the total trust values at times $t$ and $t-1$ increases, the proportion of the trust value at time $t-1$ becomes smaller.

6.3. Average Total Trust Value at the Cluster Head Layer

In dynamic vehicle clusters, vehicles periodically send a list of total trust values $T_{tot}(v_i)$ of their neighbor vehicles to the cluster head vehicle. The cluster head vehicle calculates the average total trust value of its cluster member vehicles, incorporating the association relationship between the vehicle $v_j$ and the cluster as a weight in the trust assessment. Vehicles more closely associated with the vehicle cluster are considered more reliable in terms of the total trust values list they provide. Assuming the vehicle cluster is $C_i$ with the cluster head $C{H}_i$, and the cluster member vehicles are $v_i,v_j$, where $j=\left[1,n\right]$. Based on mining the relationship between vehicle nodes and vehicle clusters, the association weight ${\omega }_{C_{1}j}$ between $v_j$ and $C_1$ is calculated as follows:

$${\omega }_{C_{1}j}=R{v}_j(C_1)={\displaystyle \frac{|e_{j-n}\cap C_1|}{\left|C_1\right|}}$$

(16)

The expression for the average total trust value of vehicle $v_i$ in vehicle cluster $C_1$ is as follows:

$$T_{totm}(v_i)={\displaystyle \frac{{\displaystyle {\sum }_{j=1}^n{\omega }_{C_{1}j}{T}_{tot}^j(v_i)}}{n}}$$

(17)

where $T_{totm}(v_i)$ is the average total trust value of $v_i$, $n$ is the number of times the total trust value of vehicle $v_i$ appears in the cluster head’s database, and $T_{tot}^j(v_i)$ is the total trust value of vehicle $v_i$ calculated by vehicle $v_j$.

6.4. Global Hybrid Trust Value at the RSU Layer

The CH reports the average total trust value of vehicle $v_i$, denoted as $T_{totm}(v_i)$, to the regional RSU. The RSU calculates the global trust value of vehicle $v_i$, denoted as $T_{glob}(v_i)$, based on the collected average total trust values. Since vehicle $v_i$ may exist in one or multiple vehicle clusters, when vehicle $v_i$ belongs to only one vehicle cluster, its global trust value is equal to its average total trust value. The expression for this is as follows:

$$T_{glob}(v_i)=T_{totm}(v_i)$$

(18)

When vehicle $v_i$ belongs to multiple vehicle clusters, assume that the most recent average total trust value $T_{totm}^{Ci}(v_i)$ received by the RSU at time $t$ is from cluster head $C_i$. In calculating the global trust value $T_{glob}(v_i)$ of vehicle $v_i$, the RSU also needs to consider the proportional weights of $T_{totm}^{Cj}(v_i)$ as reported by the heads of other vehicle clusters $C_j$ ($j=1,2,\dots ,n$) received at time $[1,t-1]$. These proportional weights are calculated based on the mining the association relationships between vehicle clusters. If the association relationship between $C_j$ and $C_i$ is closer, then the weight of $C_j$ will be higher. The method for calculating the weights of different vehicle clusters based on their association relationship with $C_i$ is as follows:

$$\left\{\begin{array}{c}{\omega }_{C_i{C}_1}=R_C(i,1,t)\\ {\omega }_{C_i{C}_2}=R_C(i,2,t)\\ ⋮\\ {\omega }_{C_i{C}_j}=R_C(i,j,t)\end{array}\right.,k_{C_i{C}_1}+k_{C_i{C}_2}+k_{C_i{C}_j}=x$$

(19)

then

$$\left\{\begin{array}{c}{\omega }_{C_i{C}_1}={\displaystyle \frac{0.5k_{C_i{C}_1}}{x}}\\ {\omega }_{C_i{C}_2}={\displaystyle \frac{0.5k_{C_i{C}_2}}{x}}\\ ⋮\\ {\omega }_{C_i{C}_j}={\displaystyle \frac{0.5k_{C_i{C}_j}}{x}}\end{array}\right.$$

(20)

Thus, the global hybrid trust value $T_{glob}(v_i)$ of vehicle $v_i$ is

$$T_{glob}(v_i)={\left[{\displaystyle \prod _{j=1}^n{\omega }_{C_i{C}_j}{T}_{totm}^{Cj}(v_i)}\right]}^{1/n}$$

(21)

where $n$ is the number of vehicle clusters to which $v_i$ belongs.

7. Collaborative Node-Centric Misbehavior Detection Based on Hybrid Trust Values

This section discusses the collaborative determination of anomalous vehicle nodes through the cooperation of the vehicle node layer, cluster head layer, cloud layer and by issuing alerts and monitoring through the RSU layer in vehicular networks. Vehicle nodes in vehicular networks are primarily categorized into three types: trusted vehicles (with normal behavior), neutral vehicles (with suspicious behavior), and malicious vehicles (with anomalous behavior). A vehicle is considered trustworthy when its trust value exceeds a certain threshold. Neutral vehicles, due to their suspicious behavior, are determined through periodic checks at varying frequencies (from 300 milliseconds to 5 min) based on their trust values. If their behavior remains abnormal after a certain period, they are classified as anomalous vehicles. Vehicles with trust values below a certain threshold are directly classified as anomalous. The process for collaborative determination of anomalous nodes and periodic checks is illustrated in Figure 7 and Figure 8. Through these methods, this section achieves collaborative determination and monitoring of vehicle nodes, enhancing the trustworthiness and security of nodes in vehicular networks. The comprehensive evaluation combines the vehicle node layer, cluster head layer, cloud layer, and RSU layer to help identify and address anomalous vehicle nodes.

This summary explains the methodology for identifying anomalous behavior in vehicles within a vehicular network, emphasizing a collaborative approach across different layers of the network. Vehicles are classified based on their trust values, and a special emphasis is placed on consistency in trust assessments. The specific formulas for these calculations and the detailed process of determination are mentioned but not provided in the text.

7.1. Node Layer Misbehavior Detection

In the process of determining anomalous vehicles at the vehicle node layer based on the total trust value, a consistency parameter $Av(v_i)$ is introduced. The calculation of $v_i$ involves the ratio of direct to indirect trust values of a vehicle, expressed as follows:

$$Av(v_i)={\displaystyle \frac{T_d(v_i)}{T_r(v_i)}}$$

(22)

The trust threshold for each vehicle at the vehicle node layer is also calculated as:

$$T_{thresh}^v(v_i)={\displaystyle \frac{{\displaystyle {\sum }_{j=1}^n{T}_{tot}(v_i)}}{n}}$$

(23)

When $Av(v_i)=1$ is within a certain range, it indicates that the direct trust value a vehicle holds about another vehicle is similar to the indirect trust value received from neighboring vehicles. The determination process is as follows:

$$\left\{\begin{array}{c}{T}_d(v_i)>T_{thresh}^v(v_i),\hspace{1em}\hspace{1em}{v}_i is trusted vehicle \hfill \\ T_d(v_i)\le T_{thresh}^v(v_i),\hspace{1em}{v}_i is misbehavior vehicle\hfill \end{array}\right.$$

(24)

When $Av(v_i)>1$ falls outside a certain range, it indicates that the judgment of vehicle $v_j$ about vehicle $v_i$ differs from the indirect trust value received from neighboring vehicles about $v_i$. In comparison to the trust values fed back by other vehicles, the direct assessment by $v_j$ based on behavior of $v_i$ considers $v_i$ more trustworthy. This situation could be due to an increase in trustworthiness of $v_i$ over time, hence the direct trust value being higher than historical feedback values. Therefore:

$$\left\{\begin{array}{c}{T}_d(v_i)>T_{thresh}^v(v_i),\hspace{1em}{v}_i is trusted vehicle \hfill \\ T_d(v_i)\le T_{thresh}^v(v_i),\hspace{1em}{v}_i is neutral vehicle\hfill \end{array}\right.$$

(25)

When $Av(v_i)<1$ is below a certain range, it suggests that the judgment of vehicle $v_j$ about vehicle $v_i$ differs from the indirect trust value received about $v_i$ from neighboring vehicles. In this case, the trust value of $v_i$ fed back by other vehicles is higher than the direct observational value. This could be due to a decrease in trustworthiness of $v_i$ over time, hence the historical feedback values being higher than the direct trust value. Therefore:

$$\left\{\begin{array}{cc} T_d(v_i)>T_{thresh}^v(v_i),\hfill & v_i is neural vehicle\\ T_d(v_i)\le T_{thresh}^v(v_i),\hfill & v_i is misbehavior vehicle\end{array}\right.$$

(26)

7.2. Cluster Head Layer Misbehavior Detection

The cluster head vehicle $C_i$ calculates the trust threshold $T_{thresh}^{C_i}(v_i)$ based on the average total trust value $T_{totm}(v_i)$ of vehicle $v_i$, using this threshold to determine the vehicle’s status and report malicious vehicles to the cloud management module. The formula for calculating the threshold $T_{thresh}^{C_i}(v_i)$ is as follows:

$$T_{thresh}^{C_i}(v_i)={\displaystyle \frac{{\displaystyle {\sum }_{j=1}^n{T}_{totm}(v_i)}}{n}}$$

(27)

The process of cluster head vehicle $C_i$ making a determination about vehicle $v_i$ by using $T_{thresh}^{C_i}(v_i)$ is as follows:

$$\left\{\begin{array}{cc} T_{totm}(v_i)>T_{thresh}^{C_i}(v_i),\hfill & v_i is trusted vehicle\\ {\displaystyle \frac{T_{thresh}^{C_i}(v_i)}{2}}<T_{totm}(v_i)<T_{thresh}^{C_i}(v_i),\hfill & v_i is neural vehicle\\ T_{totm}(v_i)<{\displaystyle \frac{T_{thresh}^{C_i}(v_i)}{2}},\hfill & v_i is misbehavior vehicle\end{array}\right.$$

(28)

When vehicle $v_i$ is considered a neutral vehicle, it implies that $v_i$ exhibits some suspicious behavior, so it cannot be deemed entirely trustworthy. Therefore, the cluster head vehicle $C_i$ needs to conduct periodic checks on vehicle $v_i$ at predetermined time intervals $t$. If the trust value of vehicle $v_i$ remains the same after the specified time interval $t$, the cluster head $C_i$ will classify vehicle $v_i$ as a verified vehicle and notify the cloud management module.

7.3. Cloud Layer Misbehavior Detection and Periodic Checks

Due to the high dynamics and limited resources of vehicles and cluster head vehicles, the results of malicious vehicle determination based on mixed trust values by vehicles and cluster heads need to be preemptively warned by RSUs and then aggregated to the cloud layer’s Misbehavior Management Component (MMC). The MMC processes and manages malicious vehicles based on further determination results.

RSUs collect information about malicious nodes reported by vehicles and cluster heads and add potential malicious nodes to a grey-list. They conduct periodic checks by collecting their average trust values $T_{totm}(v_i)$. Assume that the average trust value of $v_i$ at time $k$ is $T_{totm}{(v_i)}_k$ and at time $k+1$ is $T_{totm}{(v_i)}_{k+1}$. When $T_{totm}{(v_i)}_k\approx T_{totm}{(v_i)}_{k+1}$, the RSU forwards $T_{totm}{(v_i)}_k$ to the MMC. When $\left|T_{totm}{(v_i)}_{k+1}-T_{totm}{(v_i)}_k\right|>\Delta T$, the RSU updates the trust value and forwards $T_{totm}{(v_i)}_{k+1}$ to the MMC.

Upon receiving $T_{totm}(v_i)$, the MMC compares it with $T_{totm}{(v_i)}_{k+1}$. If $T_{totm}{(v_i)}_{k+1}>T_{thresh}^{C_i}(v_i)$, it indicates that the recent trust value of $v_i$ is higher and the node behavior is more reliable, which may lead to a reduction in the duration of periodic checks $t$, and vice versa. Assuming $t\in \left[0.3 \mathrm{s},300 \mathrm{s}\right]$, $T_{totm}{(v_i)}_{k+1}-T_{thresh}^{C_i}(v_i)=\Delta T$ the calculation method for the duration of periodic $t(v_i)$ checks for the vehicle $v_i$ is as follows:

$$\left\{\begin{array}{c}{T}_{totm}{(v_i)}_{k+1}-T_{thresh}^{C_i}(v_i)>0,\hspace{1em}t(v_i)=\left[0.3 \mathrm{s},150.15 \mathrm{s}\right]\\ T_{totm}{(v_i)}_{k+1}-T_{thresh}^{C_i}(v_i)<0,\hspace{1em}t(v_i)=\left[150.15 \mathrm{s},300 \mathrm{s}\right]\end{array}\right.$$

(29)

$$\left\{\begin{array}{c}t(v_i)=150.15 \mathrm{s}-{\displaystyle \frac{T_{totm}{(v_i)}_{k+1}-T_{thresh}^{C_i}(v_i)}{T_{totm}{(v_i)}_{k+1}}}\cdot {\omega }_t,\Delta T>0\\ t(v_i)=150.15 \mathrm{s}+{\displaystyle \frac{T_{thresh}^{C_i}(v_i)-T_{totm}{(v_i)}_{k+1}}{T_{totm}{(v_i)}_{k+1}}}\cdot {\omega }_t,\Delta T<0\end{array}\right.$$

(30)

where ${\omega }_t$ is periodic check parameter.

8. Performance Analysis

This section evaluates the effectiveness of the anomaly vehicle determination based on the mixed trust model through simulation. In the experiments, we simulate vehicular network communication scenarios using SUMO 1.6.0, OMNet++, and the Transmission Control Protocol (TCP) interface provided by Veins.

Table 2. Simulation parameter settings.

Parameter	Value
Simulation Area	20 km2
Vehicle Speed	[0, 60]
Communication Range	300 m
Transmission Rate	3 Mbps
Cluster Head Driving Mode	Constant speed mode
Vehicle Driving Mode	Krauss vehicle following model
Speed Standard Deviation	$\pm 30\%$
Number of Vehicle Nodes	100, 200, 300, 400, 500
Vehicle Density	0.05, 0.10, 0.15, 0.20, 0.25
Bandwidth	10 MHz
Communication Protocol	IEEE 802.11p
Modulation	Quadrature Phase Shift Keying (QPSK)
Signal-to-Noise Ratio (SNR)	20 dB
Data Rate	3 Mbps
Vehicle Communication Range	100 m
Signal Attenuation Model	Nakagami model
Simulation Map	OSM

summarizes the simulation parameters used in our experiments. Figure 7 shows the simulation area, which is the College Bridge intersection extracted from the Open Street Map database, covering an area of approximately 20 km².

Assuming that $V_L=40 \mathrm{km}/\mathrm{h}$ and each vehicle operates for 15 min at random speeds in simulated traffic volumes of 0.05, 0.10, 0.15, 0.20, and 0.25, there are 100, 200, 300, 400, and 500 circulating vehicles in each of these five traffic environments. Vehicle densities of 0.05, 0.15, and 0.25 are defined as low-, medium-, and high-density, respectively. In the simulation, all vehicles are equipped with DSRC for V2V or V2I communication and operate in broadcast mode within a communication transmission range of 100 m, as shown in Figure 8.

The initial vehicle $V_0$ starts from the Shenning Building and moves using the Krauss vehicle the following model during its journey. Under different traffic densities, vehicles randomly circulate with a maximum travel distance of 10 km and use the shortest path to return to their starting position. In dynamic vehicle clusters, the cluster head vehicles travel at a constant speed of $V_L\pm 10\%$. This section evaluates the effectiveness of the trust model proposed in this chapter through three experiments.

8.1. Experiment 1: Total Trust Value Assessment at the Vehicle Node Layer

The trust value calculation method proposed in this study is tested in a simulation by evaluating vehicle behavior based on speed, node distance, and transmission rate. The total trust values of circulating vehicles in the simulation scenario are monitored and tracked, with Figure 9 showing the changes in total trust values for five vehicles $v_1$, $v_3$, $v_7$, $v_{13}$, $v_{17}$.

To study the dynamic changes in vehicle trust values in medium-density traffic scenarios, 300 vehicles were set to circulate for 15 min. The total trust value of vehicles changes in real-time based on behavior. The initial trust value is set at 0.5, indicating a neutral state of neither trust nor anomaly, with subsequent trust values depending entirely on vehicle behavior. The results show that in the most trustworthy state, vehicle trust values approach 0.9, with no vehicle achieving a perfect trust score (total trust value of 1).

The results reveal that vehicle $V_3$ reached a trust value of 0.654 after one minute of driving, gradually increasing to 0.872, and ending the simulation with a trust value of 0.877 at $t=10$. This indicates that vehicle $V_3$ maintained good behavior throughout the simulation. Conversely, vehicle $V_{13}$ exhibited fluctuating and declining trust values from the start of the simulation, potentially indicating malicious intent. Vehicle $V_{17}$ showed an initial increase in trust values between 3 and 5 min, followed by a sudden drop and a subsequent continuous rise, suggesting an initial good performance, followed by a special event (such as emergency braking), and eventually a recovery to good trust status.

The experiment also found that the calculation of mixed trust values requires the collection of indirect trust feedback from different neighbors. Therefore, when a vehicle exhibits malicious behavior, indirect trust feedback from multiple neighbors can quickly identify malicious actions in the trust value update process, reflecting in the total trust value calculation at the vehicle node layer. The total trust value decreases rapidly, aligning with the design goal of the trust model: malicious behavior leads to a quick drop in trust value, while trust value improvement is a slow process. Thus, trust values can reflect changes in vehicle behavior at specific stages.

8.2. Experiment 2: Impact of Information Interaction on the Hybrid Trust Model in Different Traffic Densities

To study the impact of traffic density on the mixed trust model, Experiment 2 conducted experiments from two aspects: the performance differences of the mixed trust model under different densities and the impact of traffic density on the total trust value of vehicles.

1)

Performance Differences of the Mixed Trust Model Under Different Densities

To explore the performance differences of the hybrid trust model in scenarios with varying densities, the experiment statistically analyzed the proportion of alerted vehicles in low, medium, and high-density scenarios, as shown in Figure 10. In high-density scenarios, the number of alerted vehicles is generally higher than in medium and low-density scenarios. This is mainly attributed to the high penetration rate of vehicular network messages in high-density scenarios, achieving almost full coverage. However, message conflicts in high-density vehicular networks may lead to data loss. Therefore, in some cases, the number of alerted vehicles in medium-density scenarios may be higher than in high-density scenarios.

2)

Impact of Information Interaction on Total Trust Value of Vehicles in Different Traffic Densities

To more clearly demonstrate the impact of information interaction on vehicle trustworthiness, the experiment set a hypothesis: in both low- and high-density scenarios, vehicles are considered trustworthy. Then, the experiment explored the impact of successful and failed information interactions on vehicle trustworthiness in these two scenarios. The results are shown in Figure 11 and Figure 12. It is important to note that the calculation of a vehicle’s trust value depends on information transmission between vehicles and feedback from other vehicles. In low-density traffic scenarios, failed information interactions may lead to insufficient trust data, making the impact of failed interactions on trust calculation more significant in low-density scenarios than in high-density scenarios. From Figure 12, it can be observed that in high-density scenarios, even if the number of failed information interactions falls within a certain range, the trustworthiness of credible vehicles in the current scenario can still be judged to be higher than 0.5, indicating they are trustworthy.

8.3. Experiment 3: Calculation of Average Total Trust Value and Vehicle Status Determination Based on Vehicle Cluster Trust Threshold

1)

Vehicle Status Determination Based on Trust Threshold Following the Method

The cluster head is responsible for collecting vehicle behavior information within its wireless communication range. In the simulation experiment, we selected 5 vehicles from a database of a vehicle cluster consisting of 20 vehicles. The behavior of these five vehicles was evaluated using the trust model, and their average total trust values were calculated. The experiment results are shown in

Table 3. Average total trust values collected by the cluster head.

Vehicle ID	Time	Average Total Trust Value	Average Weight of Node Relationship	Vehicle Status
1	7	0.718	0.977	Trusted
3	7	0.788	0.948	Trusted
7	7	0.553	0.957	Neutral
13	7	0.371	0.771	Misbehavior
17	7	0.509	0.955	Neutral

.

In the vehicle cluster $C_2$, the average total trust value of all vehicles is 0.752, which sets the range $[0.376,0.752]$ for the cluster head to determine misbehavior vehicle nodes. Based on this, vehicle $V_3$ is determined as trustworthy, $V_{13}$ as malicious, and $V_1$, $V_7$ and $V_{17}$ as vehicles requiring periodic checks. According to the time calculations for periodic checks, the check times for $V_1$, $V_7$ and $V_{17}$ are, respectively, 13.85 s, 79.60 s, and 97.14 s. After the check period, if their average total trust value is higher than the cluster’s average, they are deemed trustworthy; otherwise, they are considered malicious nodes.

The experimental results demonstrate that the method for determining anomalous nodes based on hybrid trust values is suitable for multi-vehicle collaboration scenarios in vehicular networks and can effectively detect anomalous behavior in highly dynamic environments.

9. Discussion

Despite its effectiveness, our method faces several challenges. Trust evaluation relies on interaction data, making it difficult to assess newly joined vehicles or those in sparsely populated areas with limited connections. Additionally, in high-density misbehavior node scenarios, collusion attacks may undermine trust assessments, leading to the exclusion of legitimate nodes.

To address these issues, future research will explore hybrid approaches that combine trust-based evaluation with onboard misbehavior detection. When trust mechanisms become unreliable, vehicles should rely on local sensor data to minimize the impact of malicious nodes. Further work will focus on enhancing these strategies to improve trust assessment and security in dynamic vehicular networks.

10. Conclusions

In this paper, we address existing gaps in misbehavior detection by introducing a scheme that concentrates on cluster segmentation and hybrid trust computation specifically designed for dynamic VANETs. Our primary concerns include appropriate cluster-based detection scenarios, and reliable trust computing to enhance node-centric detection. To achieve this goal, this study utilizes a hypergraph model to integrate association relationship weights into mixed trust value calculations within vehicular networks. The impact of these weights and vehicle behaviors on trust assessments is examined through a three-layer ’vehicle-vehicle cluster-RSU’ architecture. Trust values are calculated at various network layers, which are then used for collaborative misbehavior vehicle detection. Through simulation experiments, we demonstrate the method’s effectiveness in scenarios with high-density traffic and varied misbehavior vehicles, confirming its suitability for fostering multi-vehicle collaboration in vehicular networks.