A Novel Approach to Sybil Attack Detection in VANETs Using Verifiable Delay Functions and Hierarchical Fog-Cloud Architecture

Abstract

Vehicular Ad Hoc Networks (VANETs) have become the foundation for the implementation of intelligent transportation systems and new vistas for road safety and traffic efficiency. However, these networks are still susceptible to Sybil attacks, a form of attack that requires malicious entities to create a series of fake identities in order to have an out-of-proportion influence. The present paper puts forth a new Sybil attack detection framework that combines Verifiable Delay Functions (VDFs) in synergistic cooperation with a hierarchical fog-cloud computing structure. Our method does not rely on any additional properties of VDFs but uses them to prove uniqueness computationally, deploying purposefully placed fog nodes for effective localized detection. We mathematically formulate a multi-layered detection algorithm that processes interactions between vehicles on two fog (and cloud) layers to produce suspicion scores using spatiotemporal consistency and VDF challenge-response patterns. Security analysis proves the system’s ability to resist a range of Sybil attack variants with performance evaluation outperforming at detection above 97.8% and false positives below 2.3%. The incorporation of machine learning techniques also extends detection capabilities, and our hybrid VDF-ML method proves better adaptation to the changing attack patterns. Details of implementation and detailed simulations in various traffic situations prove the feasibility and efficiency of our proposed solution to set a new level playing ground for secure VANET communications.

1. Introduction

Vehicular Ad Hoc Networks (VANETs) are a specialized form of Mobile ad hoc Networks (MANETs) enabling vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications for traffic management, accident prevention, emergency coordination, and infotainment [1,2]. The rapid rise of connected and automated vehicles has increased interest in VANETs among both researchers and manufacturers, as these networks are now seen as an essential component of future intelligent transportation systems [3]. Yet the reliability and safety of VANET services hinge critically on robust security. Among the spectrum of threats, Sybil attacks—where an adversary forges multiple identities to manipulate network consensus [4]—pose unique challenges in VANETs, potentially causing false congestion alerts, tampering with emergency notifications, and depleting network resources [5,6].

VANET protocols typically assume that messages originate from unique, trustworthy vehicles [7]. Sybil attacks undermine this assumption by introducing colluding pseudonymous nodes that validate spurious data through apparent consensus [4,5]. In practice, such attacks could simulate phantom traffic jams, disrupt safety-critical messaging, or corrupt traffic-optimization algorithms [5,8]. The high mobility, dynamic topology, intermittent connectivity, and stringent latency requirements of VANETs exacerbate Sybil detection, and privacy-preservation measures (e.g., frequent pseudonym changes) [7] further complicate distinguishing legitimate anonymity from malicious identity spoofing [9].

Accordingly, this study is guided by the following explicit research question: Can the integration of Verifiable Delay Functions (VDFs) within a hierarchical fog-cloud architecture enable accurate, low-latency, and privacy-preserving Sybil attack detection in highly dynamic VANET environments? By clearly articulating this question, the paper positions the proposed framework as a direct attempt to evaluate whether cryptographically enforced computational delay, combined with distributed edge-assisted analysis, can overcome the limitations of existing Sybil detection mechanisms while remaining feasible for real-world vehicular deployment.

Current Sybil-detection strategies in VANETs fall into four broad categories:

• Position-based: Exploit physical constraints (a vehicle cannot occupy two places simultaneously) [10]. These approaches are effective under normal conditions but vulnerable to location spoofing and reliant on precise localization infrastructure [11].
• Resource-testing: Leverage the assumption that attackers have finite computational or radio resources [12,13]. These methods introduce protocol overhead and can be circumvented by pooling attacker resources [14].
• Cryptographic: Rely on certificate authorities and Public Key Infrastructure (PKI) to bind identities [15]. Although theoretically strong, PKI-based schemes suffer from certificate-revocation latency, bandwidth overhead, and reliance on centralized authorities [16].
• Social-network-based: Detect anomalous communication patterns indicative of collusion [17,18]. These approaches rely on trust relationships between nodes and graph structure to detect Sybil identities. They are based on the idea that malicious nodes generally have few connections to honest areas of the network [19,20]. Although they may be relevant in social or highly trust-based environments, their effectiveness is reduced in VANETs, where interactions change rapidly and the network topology is highly dynamic.

Many of these schemes apply binary classifications (“legitimate” vs. “malicious”), ignoring intermediate levels of suspicion. Furthermore, few approaches balance detection accuracy with the limited computational and communication capacity of on-board units [21].

To address these limitations, we propose leveraging Verifiable Delay Functions (VDFs) combined with a hierarchical fog computing architecture. VDFs require a predetermined amount of sequential computation, making them inherently resistant to parallelization attacks while maintaining efficient verification [22]. This makes them particularly suitable for Sybil mitigation, since attackers cannot feasibly forge multiple identities without incurring prohibitive computational costs.

Fog computing further enhances this model. Unlike traditional cloud-based approaches, fog nodes positioned at the network edge offer low-latency, real-time security services with reduced communication overhead [23]. By processing VDF challenges and responses locally, fog nodes enable distributed Sybil detection, while selective inter-fog data exchange maintains global situational awareness [24]. This design aligns especially well with VANET requirements, where intermittent connectivity and ultra-low-latency decision-making are critical for safety.

The synergy between VDFs and fog computing addresses key VANET constraints: VDFs enforce computational fairness and prevent resource pooling by attackers, while fog nodes enable scalable and real-time detection without overwhelming individual vehicles [23].

This paper makes the following key contributions to VANET security:

• Primary Contributions:

  1.

  Novel VDF-based Sybil Detection Framework: We present the first comprehensive VANET framework that integrates VDFs for Sybil attack detection, providing both theoretical foundations and practical implementation guidelines.

  2.

  Fog-enabled Distributed Architecture: We introduce a fog-computing design that enables scalable, real-time Sybil detection with minimized per-vehicle computational load.

  3.

  Adaptive Security Mechanism: We propose a dynamic trust evaluation system that assigns graduated suspicion levels rather than binary labels, supporting more nuanced security decision-making.

  4.

  Comprehensive Performance Evaluation: We conduct extensive simulations covering various attack strategies, network conditions, and scalability requirements.

• Secondary Contributions:

  1.

  Hybrid Detection Strategy: Integration of VDF proofs with traditional detection mechanisms to form a multi-layered defense.

  2.

  Privacy-preserving Design: Preservation of vehicle anonymity while enabling strong Sybil detection through cryptographic techniques.

Although an increasing body of research exists on Sybil attack detection in VANETs, there are no solutions that combine high vehicular mobility, intense latency, diverse computational abilities, and high privacy demands to overcome this issue in a single solution. In this connection, the research question directing this study is as follows: Could the implementation of Verifiable Delay Functions (VDFs) into a hierarchical architecture of fog tools allow checking the Sybil attack in highly dynamic VANETs with high accuracy, low latency, and privacy guarantees? Answering this question directly, the suggested framework aims to test whether cryptographically authenticated delay of computations, coupled with edge-based distributed analysis, is capable of addressing the drawbacks of the currently available methods of Sybil detection and may apply to real-world vehicular implementations.

Beyond incremental improvements to existing Sybil detection mechanisms, the core innovation of this work lies in the integration of cryptographically enforced computational delay with adaptive, context-aware, and privacy-preserving distributed intelligence. Unlike conventional approaches that rely solely on behavioral heuristics, static resource testing, or centralized authentication infrastructures, the proposed framework introduces a sequentially verifiable delay primitive (VDF) as a provable identity rate-limiting mechanism embedded within a hierarchical fog-cloud architecture. This design transforms Sybil detection from a purely statistical anomaly detection problem into a hybrid cryptographic–behavioral enforcement model.

The remainder of this paper is organized as follows. Section 2 presents background on VANET security, Sybil attacks, and the preliminaries required for our study. Section 3 reviews related work on Sybil attack detection in VANETs. Section 4 introduces the foundations of Verifiable Delay Functions (VDFs) and hierarchical fog-computing architectures. Section 5 describes the proposed VDF-based Sybil detection framework and its workflow. Section 6 provides the security analysis of the proposed approach. Section 7 reports the simulation setup, results, and performance evaluation. Section 8 presents the machine-learning-enhanced detection module and discusses how it complements the VDF-based mechanism. Section 9 concludes the paper.

2. Background

2.1. Vehicular Ad Hoc Networks (VANETs)

A subclass of Mobile ad hoc Networks (MANETs) is the Vehicular Ad Hoc Networks (VANETs) in which vehicles that have communication devices become mobile nodes and are organized in a self-organizing network to exchange traffic safety, congestion, and infotainment information [25]. VANETs facilitate V2V and V2I as well as vehicle to infrastructure (V2I) communication to enhance road safety and efficiency.

VANET architecture is usually made of three primary components (on-board units (OBUs) in vehicles to process and communicate, roadside units (RSUs) along roads as fixed infrastructure to relay information, and application units (AUs) to execute particular applications [26]. Communications are done through either the dedicated short-range communications (DSRC) or WAVE standards and they can accommodate hybrid architectures that might encompass cellular networks that can have wider connection coverage [27].

2.2. Sybil Attacks in VANETs

In VANET, a Sybil attack is an attack that involves a rogue vehicle making many faked identities to interfere with the network As illustrated in Figure 1, such as by transmitting untrue traffic data to cause an illusion of a traffic jam or a crash, which may cause traffic blockages or crashes [4].

VANETs also have numerous security challenges due to their distinctive nature, which is not similar to ordinary wireless networks. Having a high mobility pattern provides the network topology to be made rapidly, and the vehicles travel at different speeds and enter or leave the communication range frequently [25]. This is a dynamic character that makes it hard to build trust relationships and ensure that people are authenticated continuously. The decentralized structure of the VANETs, where such a structure is not led by a centralized control infrastructure, necessitates decentralized security measures that can simultaneously work effectively without being connected to central authorities at all times.

2.3. Privacy Concerns in VANETs

The issue of privacy in VANETs is also a major concern, and vehicles constantly broadcast safety information, including location and trajectory information [27]. Although these messages are necessary to avoid collisions or manage traffic, they may be used to track down particular vehicles and conclude about the habits and destinations of drivers. The necessity to have accountability in case of malicious actions and the need to have location privacy are some of the central issues in the design of VANET security.

VANET applications are real-time in nature, and this demands the security mechanisms to be rather strict in latency constraints [25,27]. The emergency braking warning and collision alert are safety-critical applications that can only work within milliseconds. The high computational overhead or communication latencies presented by traditional cryptography protocols can make such applications ineffective, and hence it is required that lightweight security protocols be made with regard to vehicles.

2.4. Impact of Sybil Attacks

Sybil attacks are especially dangerous to VANETs [28] in terms of the correlation of their behavior with cooperation and distributed consensus [5,8]. In such attacks, one malicious entity establishes numerous pseudo-identities in order to have an unfair advantage in network activities. As an example, a hacker who has control over several virtual vehicles can create traffic jam messages, control routing choices, or interfere with data aggregation mechanisms based on majority voting. Sybil attacks are not just disruptive but have caused damage to the core VANET services such as position verification and reputation-based trust models.

It has been found that there are a number of attack vectors that can facilitate Sybil attacks in VANETs. Identity forgery is the most straightforward technique, in which attackers either create fake cryptographic credentials or abuse vulnerabilities in identity management systems [5,8]. Credential theft in vehicles that have been broken into is duplicatable to form multiple identities that may seem valid to other members of the network.

2.5. Limitations of Existing Detection Methods

The nature of VANET communications as being wireless broadcasts is such that it is impossible to differentiate between a series of messages sent by the same malicious vehicle and a series of messages sent by a series of different vehicles.

Sybil attacks are potentially devastating in vehicular networks, and the ramifications of successful attacks are vast and far-reaching [25,29]. The fake information injection has the potential to cause unwarranted emergency reactions, redirect traffic to less efficient paths, or establish phantom traffic congestion spreading across the network. Sybil attacks may slow down or block the spread of authentic emergency messages in situations where there is a safety risk, such as an accident, and life loss may follow. Economic effects are high consumption of fuel through inefficient routing and inefficiency of smart transportation systems [5,8].

Sybil attacks’ detection and prevention have been an active research area, with proposed solutions being in a number of categories. Resource testing techniques take advantage of the physical constraints of devices by solving computational puzzles or radio resource tests that cost them a lot to maintain multiple identities [12,13]. The methods of position verification use the fact that a single vehicle cannot be in more than one place at the same time. Nonetheless, these solutions tend to cause a considerable overhead or to need further infrastructure deployment.

Cryptographic techniques such as certificate-based authentication offer good guarantees on identity but are challenged by key management and computational power in the highly mobile setting [27]. Reputation-based systems impose trust scores on the participants of the network on the basis of how they have behaved in the past. Sometimes these systems are manipulated by advanced attackers who create reputation over time before attacking.

The deployment of VDFs to VANET security is a new research direction that remedies some of the weaknesses in the current methods [30,31]. VDFs can allow parties to place temporal limits on identity generation imposed through computational delays that can be verified, making large-scale Sybil attacks unaffordable but allowing efficient verification of legitimate end-users. The sequential character of VDF computation inhibits parallelization attacks in which the attackers utilize distributed computing means to hasten identity generation.

2.6. Verifiable Delay Functions in VANETs

Verifiable Delay Functions (VDFs) are cryptographic primitives that take a given number of sequential computation time to compute, yet permit the output to be verified fast [22]. A VDF is mathematically defined as (pp (public parameters), x, y, p), where y is the output and p is the proof of the result of a sequence of steps (with time T of length T) and o = Verify(pp, x, y, p) → {accept, reject} is a polylogarithmic time algorithm. Constructs of VDFs come in the form of Pietrzak, which builds upon iterative squaring in RSA groups, and Wesolowski, which builds upon repeated squaring in groups of unknown order [30,31]. Verifiable Delay Functions have three important properties that render them especially efficient in VANET security applications. First, sequentiality means that computation cannot be markedly sped up by parallelization, even when unlimited computing resources are available, and there are a predetermined number of sequential steps in the computation. Second, the output can be verifiable, which, with polylogarithmic time, is orders of magnitude faster than the computation itself. Third, uniqueness ensures that one and only one valid output exists given a particular input and makes attackers unable to pre-compute other solutions [32].

This time-delay mechanism that is inherent in VDFs presents a new identity management in VANETs. The system inherently rate-limits the creation of identities in that every vehicle must do a sequential calculation before creating or updating an identity. This computational hurdle renders it cost-wise and time-wise impracticable for a single malicious vehicle to uphold numerous parallel Sybil identities; each identification would need individual sequence computation, which cannot be done in parallel.

2.6.1. Sybil Attack Mitigation Based on VDF

The VDFs applied to Sybil attack prevention work based on the principle of computational proof-of-elapsed time. When a car asks to become a part of the network or create a new identity, it is obliged to calculate a VDF on a challenge that involves the time of the moment and network parameters. The computation time T is adjusted to achieve a time T that is acceptable to generate legitimate identities (say, a few seconds) but not achievable to support a multiplicity of identities at once.

The verification process utilizes the efficient verifiability property of VDFs to enable RSUs and other vehicles to decide in a very short time that the appropriate amount of computation time was spent without re-computing the computation. This disparity of computation and verification time is essential to VANET settings where verification has to be completed in milliseconds to enable real-time safety software.

2.6.2. Types of VDF Constructions

The VANET security implementations have investigated two main VDF constructions that can be regarded as viable options regarding trade-offs in computational efficiency, proof size, and verification complexity.

The Pietrzak system makes use of repeated squaring in sets of unknown order and creates proofs using a recursive halving process. This construction generates proofs of logarithmic size with respect to the delay parameter, with O(log T) elements of proof: T is the number of sequential steps. The verification procedure is also fairly quick, taking O(log T) exponentiations, and is especially appropriate to resource-constrained verification environments, such as vehicular networks. Nevertheless, the bigger proof size, which is usually several kilobytes, can be a problem with bandwidth in high-density VANETs where many vehicles are broadcasting authentication messages at the same time.

The Wesolowski construction is also based on repeated squaring in groups whose order is unknown, but uses a different process of generation of proofs, which is based on quotient computation. This scheme generates proofs of constant size independent of the delay parameter, which usually is only a few hundred bytes, and is therefore very efficient in bandwidth-limited vehicular communications. The verification procedure involves a single large exponentiation, which, though possibly computationally more expensive than Pietrzak, is also orders of magnitude faster than the actual computation. Wesolowski construction is also appealing with regard to size since its proof size is small, and therefore it is applicable in vehicle-to-vehicle broadcasting where message overhead is directly proportional to network performance.

These constructions can be used depending on the deployment needs. Wesolowski construction is beneficial with small proof overhead in the case of RSU-based verification in a network bandwidth-constrained environment with abundant computational resources. Pietrzak construction can be more appropriate to larger proof sizes in cases where resource-constrained OBU verification is required or where the latency associated with verification is a critical requirement. Hybrid strategies that change the type of construction majority based on the network conditions and the ability of vehicles are a prospective path to the practical implementations.

2.7. Connected and Automated Vehicles (CAVs)

Recent works on the topic of Connected and Automated Vehicles (CAVs) [33] emphasize the increased reliance of the vehicular systems on trustworthy inter-vehicle communication and cooperative control. As an illustration, a hierarchical architecture of cooperation control in CAVs based on multi-agent systems has demonstrated that a significant gain in traffic efficiency and safety is enabled by distributed coordination. Nevertheless, these cooperative mechanisms presuppose subjective trust of communication members implicitly, which makes them very susceptible to attacks based on identity. In that regard, Sybil attacks present a greater risk by compromising the collective decision-making process upon which autopilot vehicles rely. This increasing merging of independence, connectivity, and distributed intelligence highlights why a resilient, scalable, and compatible system of detecting Sybils is required and is compatible with the extremely low-latency and safety demands of the next-generation VANET, based on CAV technologies [34].

Furthermore, the framework explicitly addresses emerging challenges in the rapidly evolving connected and automated vehicle (CAV) ecosystem. As demonstrated in recent modern CAV systems, increasingly rely on cross-entity data sharing, distributed coordination, and privacy-sensitive analytics [35]. These developments significantly amplify the consequences of identity-based attacks, as malicious entities can manipulate cooperative control decisions, traffic optimization algorithms, and multi-agent coordination mechanisms. In this context, the proposed VDF–Fog–ML framework provides a scalable and privacy-conscious security foundation capable of supporting next-generation CAV applications without sacrificing low-latency responsiveness or data protection guarantees.

3. Related Work

A decade of research has produced varied Sybil-detection techniques in VANETs, each with strengths and gaps:

3.1. Position Verification

Grover et al. demonstrated 90 percent detection under moderate traffic using RSSI-based position checks [11,36]. Zhou et al.’s P2DAP leveraged cooperative neighbor verification but remained susceptible to collusive spoofing [37]. Park et al. developed a timestamp-based Sybil detection method, while Baza et al. proposed a system combining proof of work and proof of location. In this system, location proofs provided by RSUs are linked to anonymous vehicle trajectories to detect Sybil identities by analyzing trajectory overlaps [38,39].

3.2. Resource Testing

Yu et al. utilized radio-resource constraints to limit identity forgery, attaining 92 percent detection with less than 5 percent false positives [14]. Palomar et al. developed a proof-of-work-based security mechanism for VANETs, where vehicles are required to perform a certain amount of computational effort before issuing alert messages. This approach helps curb the injection of false alerts and reduce abuse related to Sybil attacks [40].

3.3. Cryptographic Schemes

Hao et al. proposed distributed key management that achieved high detection rates in lab conditions, although it incurred a heavy key-management overhead [41]. Wang et al. developed a privacy-preserving authentication protocol that balanced anonymity with Sybil detection [42]. Group-signature schemes, such as Lin et al.’s GSIS [43] and the identity-based group-signature approach of Qin et al. [44], enabled anonymous signing with revocation traceability but encountered scalability issues. Identity-based schemes, including Zhang et al. [45], Chim et al.’s SPECS [46], and He et al.’s PAMPA [47], eliminated certificate management but imposed computational burdens and required careful overhead management. Overall, cryptographic solutions face persistent challenges in certificate revocation, reliance on centralized authorities, and constraints on on-board resources [16].

3.4. Social-Network Approaches

SybilGuard, introduced by Yu et al., is one of the first defense methods against Sybil attacks based on social networks. Its principle consists of exploiting the structure of trust graphs, assuming that there are few links between honest nodes and Sybil identities [19]. Viswanath et al. then studied this type of approach in greater depth and showed that its effectiveness depends heavily on several properties of the graph, such as trust connectivity, mixing behavior, and community structure [20]. Despite their theoretical interest, these methods remain poorly suited to VANETs, where interactions between vehicles are temporary, highly dynamic, and insufficient to form stable social graphs [48].

3.5. Fog Computing in VANET Security

Fog computing extends cloud capabilities to the network edge (e.g., RSUs and parked cars), thereby reducing latency and bandwidth demands for real-time security tasks [23,49,50]. VehicleFog, proposed by Hou et al., offloaded computation to RSUs and parked vehicles, reducing latency by 67 percent compared to cloud-only setups [51]. Concone et al. proposed a fog- and cloud-assisted architecture for defending against Sybil attacks in vehicular crowdsourcing. The cloud distributes detection tasks, while fog nodes perform local processing close to the vehicles, limiting system overload while enhancing Sybil detection efficiency [52]. Hierarchical and fog computing-based approaches, such as those presented in [53,54] show that bringing intelligence closer to the edge of the network can enhance VANET security. In particular, they enable faster detection of malicious nodes, local analysis with better privacy protection, and reduced dependence on centralized cloud infrastructures. Paranjothi and Atiquzzaman have developed a statistical framework based on fog computing to ensure more effective detection of malicious nodes in VANETs. Their approach, known as FSDV, relies on the dynamic formation of a fog from nearby vehicles, with the aim of reducing processing delays, communication overload, and the false positive rate when detecting Sybil attacks [55]. Hua et al. proposed a fog computing-based approach to detecting malicious nodes, in which vehicles parked stably at the roadside are used to dynamically form a fog network. This organization ensures reliable, low-latency detection of malicious nodes in VANETs [56]. Despite these advancements, key challenges remain in fog-node placement, secure fog-cloud communication, heterogeneity management, and adaptive task distribution [57,58].

3.6. Research Gap and Novelty Justification

Although substantial research has addressed Sybil attack detection in VANETs, existing approaches remain fragmented in scope and architectural integration. Position-based schemes focus primarily on spatial plausibility checks but degrade in sparse or high-mobility environments. Resource-testing mechanisms impose computational or radio constraints, yet they are vulnerable to hardware pooling and do not explicitly account for heterogeneous on-board unit (OBU) capabilities. Cryptographic solutions rely heavily on PKI infrastructures and certificate management, often incurring latency and scalability limitations. Fog-enabled detection frameworks improve responsiveness but typically employ heuristic anomaly scoring without cryptographically enforced identity rate control. Meanwhile, machine learning-based methods enhance anomaly detection accuracy, yet they frequently lack formal guarantees against computational asymmetry and identity generation abuse.

Notably, prior works that incorporate fog computing emphasize latency reduction and distributed analytics, but they do not integrate Verifiable Delay Functions (VDFs) as a provable, sequential identity-rate limiting primitive. Conversely, existing VDF research has largely focused on blockchain consensus and time-lock cryptography, with limited exploration in vehicular network security and no comprehensive integration into hierarchical fog-cloud architectures. Furthermore, earlier Sybil detection mechanisms do not formally optimize suspicion scoring parameters nor incorporate adaptive delay escalation mechanisms to counter hardware-accelerated adversaries. The proposed framework addresses these gaps through four key novelties:

1.

Integrated VDF–Fog–ML Architecture: A unified framework combining sequential VDF-based identity rate limiting, hierarchical fog-assisted verification, and machine learning–enhanced anomaly detection within a single operational pipeline.

2.

Adaptive Delay Escalation Against Hardware Asymmetry: A dynamic VDF difficulty recalibration mechanism that explicitly accounts for heterogeneous OBUs and adversaries equipped with FPGA/ASIC acceleration.

3.

Formally Optimized Suspicion Scoring: A mathematically grounded suspicion score model with grid-search optimization, logistic-regression-based calibration, ROC-based threshold selection, and online reinforcement adaptation—moving beyond heuristic weighting strategies.

4.

Privacy-Preserving Cross-Layer Design: Integration of differential privacy-based aggregation with pseudonym rate control and VDF-enforced identity throttling, reducing cross-layer linkage risks while maintaining detection robustness.

3.7. Comparative Table of Sybil Detection Methods

The following

Table 1. Comparative summary of representative Sybil attack detection approaches in VANETs.

Category	Method/Framework	Strengths	Weaknesses	Citation
Position Verification	RSSI-based (Grover et al.)	Effective in moderate traffic	Declines in sparse/highway settings	[11]
	P2DAP (Zhou et al.)	Cooperative neighbor verification	Susceptible to collusive spoofing	[37]
	TSM/Proof-of-work-and-location (Park et al.; Baza et al.)	High detection accuracy	Performance depends on RSU coverage	[38,39]
Resource Testing	Radio-resource constraints (Yu et al.)	Limits identity forgery		[14]
	Resource Testing/Proof-of-Work Palomar et al. (2012)	Reduces false event dissemination, limits flooding, provides accountability evidence	Higher computation overhead	[40]
Cryptographic Schemes	Distributed key management (Hao et al.)	Effective in lab conditions	Heavy overhead	[41]
	Privacy-preserving protocol (Wang et al.)	Balances anonymity and detection		[42]
	GSIS/IBGS (Lin et al.; Qin et al.)	Anonymous signing with traceability	Scalability issues	[43,44]
	SPECS/PAMPA (Chim et al.; He et al.)	Eliminates certificate management	Computational burdens	[46,47]
Social-Network Approaches	SybilGuard (Yu et al.)	Exploits trust-graph structure to distinguish Sybil and honest regions	Requires stable trust relationships and limited attack edges	[19]
	Social network-based Sybil defense analysis (Viswanath et al.)	Provides theoretical analysis of graph-based Sybil defenses	Effectiveness depends heavily on graph properties and stable connectivity	[20]
Fog Computing	VehicleFog (Hou et al.)	Reduces latency by 67%		[51]
	SybilDriver fog-assisted system (Concone et al.)	Near-vehicle processing, reduced network overhead, effective Sybil detection, cloud-supported global coordination	Focused on vehicular crowdsourcing; added architectural complexity	[52]
	Hierarchical (Al-Otaibi et al., Sookhak et al.)	Low-latency	Require fog infrastructure and are not always Sybil-specific	[53,54]
	Statistical rogue node detection using fog computing (Paranjothi& Atiquzzaman)	Reduces delay, overhead, and false positives	Fog-based rather than full fog-cloud coordination	[55]
	Parked-vehicle fog network for rogue node detection (Hua et al.) & Atiquzzaman)	Stable local fog formation and low-latency detection	Depends on parked-vehicle availability	[56]

compares the key Sybil detection methods discussed in the related work based on category, detection rate, false positives (where available), strengths, weaknesses, and citations.

4. System Model and Architecture

4.1. Hierarchical Fog-Cloud Architecture

Our architecture employs a four-layer hierarchical approach depicted in Figure 2, designed to optimize computational load distribution and minimize communication latency [23].

Layer 1—Vehicle Layer: On-vehicle units execute lightweight security functions including VDF challenge response computation using dedicated cryptographic co-processors, beacon message generation and validation, basic anomaly detection using statistical methods, and local threat assessment. Vehicles maintain limited storage (512 MB) for recent network state information and implement energy-efficient algorithms to preserve battery life in electric vehicles.

Layer 2—RSU Layer: RSUs serve as intelligent gateways performing data aggregation from up to 200 concurrent vehicles, selective forwarding to reduce network overhead, VDF challenge distribution with load balancing, security alert propagation using prioritized messaging, and seamless handover support for mobile vehicles [59]. Each RSU maintains a 1 h sliding window of vehicle interaction history for pattern analysis.

Layer 3—Fog Layer: Fog nodes provide edge computing services including real-time VDF response verification using parallel processing, regional traffic pattern analysis with machine learning models, preliminary suspicion score computation using multi-factor algorithms, and cross-regional coordination through secure inter-fog communication.

Layer 4—Cloud Layer: Cloud infrastructure handles global-scale operations including comprehensive data analytics across multiple regions, intensive machine learning model training and updates, long-term pattern recognition and threat intelligence, cryptographic key management and certificate lifecycle operations, and strategic decision-making for network-wide security policies [58].

Although the hierarchical fog-cloud architecture is specifically effective in dense urban environments, the implementation can also be conducted in low-density areas or rural locations with sparse fixed infrastructure. The system can make use of opportunistic fog resources, e.g., moving vehicles parked, service vehicles, or temporarily deployed mobile RSUs to perform local edge processing in sparse road networks, where the presence of roadside fog nodes can be intermittent. These opportunistic fog nodes have a future of taking on lightweight verification and aggregation capabilities and allowing detection framework execution without the need for permanent infrastructure. The architecture allows graceful degradation in case of unavailable or inadequate resources of the fog layer, which simply transfers the most important verification and analytics functions directly to the cloud layer. Adaptive challenge scheduling and decreased verification frequency are used in this situation to maintain the capability of detection while allowing greater latency. This adaptable deployment scheme will guarantee that the suggested framework will be functional in heterogeneous vehicular environments, such as rural highways and sparsely populated areas, but with a limited trade-off of responsiveness in detection and availability of infrastructure.

4.2. Threat Model and Attack Scenarios

Adversary Capabilities: Our threat model assumes adversaries can deploy multiple compromised vehicles or create sophisticated virtual nodes, possess standard computational resources equivalent to legitimate vehicles, intercept and analyze wireless communications using software-defined radios, and execute replay attacks with message modification capabilities [60]. However, adversaries cannot access specialized VDF-accelerating hardware (maintaining computational fairness), compromise the core PKI infrastructure or fog-cloud components, or manipulate GPS signals on a large scale [15].

Although the baseline threat model assumes that attackers have access to comparable computational resources as legitimate vehicles, the suggested framework is also intended to be functional against more powerful adversaries that have greatly more powerful computational capabilities (e.g., 510 times the cost of regular on-board units). The system is not based on predetermined cryptographic parameters in such instances. Rather, the layer of fog continually measures the VDF response times in the vehicle population and adjusts the delay parameter in VDF dynamically when systematic deviations, which may indicate accelerated computation, are found. This escalation of adaptive difficulty maintains a sequence of cost asymmetry between legitimate and attacker vehicles, which means that the complexity of keeping up different Sybil identities increases with the capability of the attackers. Subsequently, the framework possesses computational fairness under asymmetric hardware requirements without burdening honest players with unreasonable latency.

Attack Taxonomy: We consider five primary attack categories: Basic Sybil attacks involving generation of multiple fake identities with coordinated messaging [4]; Cooperative Sybil attacks featuring collaboration among distributed malicious vehicles with synchronized actions [41]; Mobile Sybil attacks utilizing continuously changing positions to evade detection [5]; Pseudonym-abuse attacks exploiting legitimate privacy mechanisms for malicious purposes [7]; and Hybrid attacks combining Sybil techniques with jamming, eavesdropping, or data injection [6].

Extended Threat Model: In order to respond to better adversarial assumptions and increase the scope of applicability, we expand the threat model to include more effective and resourceful attackers. In this extended model, opponents can have FPGA- or ASIC-based VDF acceleration hardware, enabling some time reduction of sequential computation time. They can make attempts at partial video shutdown of the fog node, manipulation within at the RSU level, coordinated attacks on the infrastructure on a multi-region scale, and localized GPS spoofage or signal manipulation to alter spatiotemporal consistency checks. Moreover, attackers can cooperate among parts of the compromised infrastructure to change the time of verification data or even drop questionable messages. Attackers may exploit the following under this stronger model: (i) the deployment of hardware-accelerated VDF solvers; (ii) the compromise of a small fraction of fog nodes, or RSUs; and (iii) attackers might carry out specific localized areas of GPS spoofing, and coordinate a response using multiple infrastructure components to avoid detection. The presented framework addresses the presence of such risks with adaptive VDF difficulty adjustment, cross-fog verification redundancy, multi-modal suspicion scoring based on timing behavior reduction, circular triangulation, and independent RSU attestation redundancy. In cases where there is a consistent-factor speedup by hardware acceleration, dynamic delay recalibration can restore effective temporal cost asymmetry. Residual Risk Discussion. Although the presence of partial fog or a compromise of RSU can diminish the accuracy of local detection, the hierarchy architecture reuses multiple fog redundancy and cross-regional correlation in the cloud layer, which minimizes systemic failure. Weakened parts of the infrastructure can be observed by inconsistent behavior and cross-domain validation. Nevertheless, total compromise of all fog nodes within an area would merely render localized detection weak in the short term, awaiting cross-regional, cross-available anomaly analysis. Our security guarantees are based on the assumption of some compromise in the infrastructure and unrestricted adversarial hardware acceleration. The framework does not assure coverage in case of complete collapse of PKI, global crisis of the mists, or prolonged massive interference with the GPS of whole metropolitan areas. Trust anchors that are needed in validating identity would be essentially compromised in such extreme situations.

4.3. VDF Integration Framework

The VDF integration operates through four synchronized stages [22]. Challenge Generation: Fog nodes create unique, time-bound VDF challenges based on current network conditions and threat levels. Sequential Computation: Vehicles compute responses using inherently sequential algorithms that cannot be parallelized. Efficient Verification: Fog nodes verify responses using optimized algorithms requiring minimal computational overhead. Temporal Analysis: Response timing patterns are analyzed for anomalies indicating potential Sybil behavior, with machine learning models detecting subtle deviations from expected computational delays.

The VDF integration framework with adaptive delay recalibration, anomaly-enhanced regional challenge intensification, and cross-layer verification auditing is also introduced under the extended adversarial model. When patterns of accelerated computation indicate hardware-based attacks, the fog layer randomizes the delay parameter in the affected areas in proportion to the delay parameter and ensures a fixed amount of latency by honest vehicles. Cloud-layer analytics cross-validate the decisions of the fog-layer in instances of possible infrastructure compromise with independent regional data streams. This stratified protection is resistant even to asymmetric computational threats and partial infrastructure threats.

5. Proposed VDF-Based Sybil Detection Method

5.1. Theoretical Foundation

We leverage Verifiable Delay Functions (VDFs) for their sequential computation requirement, efficient verification, uniqueness, and determinism [22,61]. The complete VDF detection workflow is summarized in the flowchart provided in Figure A1. The notation used throughout the paper is formalized in

Table A1. Symbols and components used in the VANET–Fog–Cloud architecture.

Symbol/Component	Description
$V_i$	Vehicle i with on-board unit (OBU)
${\mathrm{RSU}}_j$	Road Side Unit j
$F_k$	Fog computing node k
C	Cloud infrastructure
${\mathrm{OBU}}_i$	On-Board Unit of vehicle i
$\mathrm{PKI}$	Public Key Infrastructure
$\mathrm{GPS}$	Global Positioning System
$\mathrm{DSRC}$	Dedicated Short Range Communication
C-V2X	Cellular Vehicle-to-Everything
V2V	Vehicle-to-Vehicle communication
V2I	Vehicle-to-Infrastructure communication
$\mathrm{VDF}(x,t)$	Verifiable Delay Function
$\pi$	Cryptographic proof
$T_{\mathrm{beacon}}$	Beacon transmission interval
$R_{\mathrm{coverage}}$	RSU coverage radius
$S_{\mathrm{trust}}$	Trust score
${\mathrm{ID}}_{\mathrm{pseudo}}$	Pseudonym identity
$\Delta t_{\mathrm{sync}}$	Clock synchronization error

,

Table A2. Notation and definitions for the VDF-based Sybil detection framework.

Symbol	Mathematical Definition	Description	Purpose
$\mathrm{VDF}(x,t)$	$y=f^t\left(x\right)$	Verifiable Delay Function with input x and time parameter t	Sequential computation that cannot be parallelized
x	$\mathrm{Challenge}\in {\{0,1\}}^{\lambda }$	Random challenge generated by fog node	Input to VDF computation
t	$\mathrm{Time}\mathrm{parameter}\in \mathbb{N}$	Number of sequential steps required	Controls computation difficulty
y	$\mathrm{Response}\in G$	Output of VDF computation	Result of sequential computation
$\pi$	$\mathrm{Proof}\in {\{0,1\}}^{\ast }$	Succinct proof of correct VDF computation	Enables efficient verification
$T_{\mathrm{start}}$	Timestamp	Computation start time recorded by vehicle	Temporal consistency verification
$T_{\mathrm{end}}$	Timestamp	Computation end time recorded by vehicle	Temporal consistency verification
$\Delta t_{\mathrm{comp}}$	$T_{\mathrm{end}}-T_{\mathrm{start}}$	Actual computation time	Expected vs. actual time comparison
$\Delta t_{\mathrm{expected}}$	Theoretical minimum time	Expected computation time for an honest vehicle	Baseline for anomaly detection
$V_{\mathrm{id}}$	Vehicle identifier	Unique/pseudonymous vehicle identifier	Identity tracking and correlation
$S\left(V_{\mathrm{id}}\right)$	$S:V_{\mathrm{id}}\to [0,1]$	Trust score function	Dynamic trust evaluation
$\alpha$	$\alpha \in [0,1]$	Suspicion threshold	Threshold for Sybil detection
$\beta$	$\beta \in (0,1)$	Trust update factor	Learning rate for trust score adjustment
$n_{\mathrm{vehicles}}$	Number of vehicles	Total vehicles in network region	Network density parameter
$n_{\mathrm{fog}}$	Number of fog nodes	Total fog nodes in deployment	Processing capacity indicator
$\lambda$	Security parameter	Cryptographic security level (bits)	Determines challenge complexity
$\epsilon$	Error tolerance	Maximum acceptable timing deviation	Anomaly detection sensitivity

,

Table A3. Attack model notation.

Symbol	Definition	Attack Scenario	Detection Method
A_sybil	Sybil Attacker	Creates multiple fake identities	VDF timing analysis
ID_fake	Fake Identity	Artificially created vehicle identity	Cross-correlation with VDF responses
n_fake	Number of Fake IDs	Total fabricated identities per attacker	Resource limitation analysis
T_collude	Collusion Time	Duration of coordinated attack	Pattern recognition
P_detection	Detection Probability	Probability of successful Sybil detection	Performance metric
P_false	False Positive Rate	Probability of misclassifying legitimate vehicle	Accuracy metric
R_attack	Attack Success Rate	Fraction of successful malicious actions	Security effectiveness
C_computational	Computational Cost	Processing overhead for attacker	Resource exhaustion strategy
B_bandwidth	Bandwidth Consumption	Network resources consumed by attack	Network impact assessment
L_latency	Detection Latency	Time to identify Sybil attack	Real-time response capability

and

Table A4. Network performance notation.

Parameter	Symbol	Range/Units	Description
Network Density	$\rho$	vehicles/km2	Vehicle concentration in network area
Message Rate	$\mu$	messages/second	Frequency of beacon transmissions
Processing Capacity	C_proc	operations/second	Fog node computational capability
Communication Delay	d_comm	milliseconds	End-to-end message transmission time
Verification Efficiency	$\eta$_verify	verifications/second	Rate of VDF proof verification
Storage Overhead	O_storage	bytes/vehicle	Memory requirements per vehicle
Energy Consumption	E_total	joules/operation	Total energy cost for VDF operations
Scalability Factor	$\sigma$	dimensionless	System performance under load
Availability	A_system	percentage	System uptime and reliability
Throughput	$\theta$	transactions/second	System processing capacity

.

Our implementation uses repeated squaring in an RSA group, defined as: VDF(x,t) = x^(2t) mod N, where x is the input challenge, t is the time parameter, and N = pq is an RSA modulus [30,31]. The security of VDFs lies in their resistance to parallelization, which is particularly advantageous in vehicular networks where legitimate vehicles and attackers have varying computational capabilities. By adjusting difficulty parameters appropriately, we ensure that operating multiple Sybil identities becomes prohibitively expensive for attackers while remaining feasible for honest nodes.

The VDF difficulty parameter is used to trade off security assurances with the severe latency requirement of vehicle safety applications. The challenge here is denoted by t = 220, which is roughly one million consecutive squaring steps. The value was selected on empirical hardware bases, which are reflective of current on-board units (OBUs), meaning that VDF calculation finishes within a limited time frame, which can be accommodated within a non-safety-critical communication cycle but is computationally infeasible with large-scale parallel identity creation. In more common automotive-grade processors, this arrangement can provide computation times of hundreds of milliseconds to several seconds; that is not so bad in the periodic check of identity without disturbing safety-critical message spread. Simultaneously, the definite sequential character of the computation guarantees that attackers who want to maintain many Sybil identities pay a linear computational cost, which retains the usefulness of the VDF-based rate-limiting system.

We further enhance security with a challenge–response mechanism incorporating both temporal and spatial data. The challenge is constructed as: C(f_j,t) = H(f_j || t || r || loc_data) where f_j is the fog node identifier, t is the timestamp, r is a random nonce, and loc_data is the location-specific information. This ensures challenges are tied to precise spatiotemporal contexts, increasing resistance to Sybil attacks.

Algorithm 1 details the VDF challenge generation procedure at the fog node.

Algorithm 1 VDF Challenge Generation and Computation at Fog Node

Require: Input challenge x, time parameter t, RSA modulus N, fog node ID $f_j$, timestamp

$t_{\mathrm{stamp}}$, nonce r, location data $\mathit{loc}\_\mathit{data}$

Ensure: VDF result y

1: Generate challenge C:

2: $C\leftarrow H\left(f_j\parallel t_{\mathrm{stamp}}\parallel r\parallel \mathit{loc}\_\mathit{data}\right)$           ▹ Unique challenge via hash

3: $x\leftarrow C$

4: Compute VDF:

5: $y\leftarrow x$

6: for $i\leftarrow 1$ to t do

7:       $y\leftarrow (y·y)modN$                  ▹ Repeated squaring

8: end for

9: return y

5.2. Vehicle Registration Protocol

To register with the Certificate Authority (CA) and obtain a pseudonym and certificate, vehicles initially undergo an informal session security setup, with periodic pseudonym changes enabled for privacy [7,15]. Our protocol extends this by including hardware attestation, where vehicles demonstrate the capability to meet VDF baselines. New vehicles are placed on a probation period, facing more frequent VDF testing until they prove reliable.

Each vehicle is issued a group of pseudonyms with strict properties: limited validity (typically 10–15 min), regulated pseudonym-switching rates to prevent abuse, and restricted cryptographic linkage access to authorized entities only. Regional constraints are applied to prevent impersonation across geographical boundaries.

Certificates are organized in a three-tier hierarchy: a permanent certificate for the lifetime of the registered vehicle, intermediate certificates valid for 3–6 months, and short-term pseudonyms lasting from a few minutes to several hours. This structure ensures privacy preservation without compromising traceability and accountability when necessary. The vehicle registration protocol is formalized in Algorithm 2.

Algorithm 2 Vehicle Registration

Require: Vehicle ID $v_{id}$, Hardware Attestation Proof $h{w}_{proof}$, CA Public Key $c{a}_{pk}$

Ensure: Permanent Certificate $perm\_cert$, Intermediate Certificate $inter\_cert$, Short-term

Pseudonym Group $pseudo\_group$

1: Verify Hardware Attestation:

2: if $Verify(h{w}_{proof},v_{id})=\mathbf{False}$ then

3:       Reject registration

4:       return error

5: end if

6: Issue Permanent Certificate:

7: $perm\_cert\leftarrow Sign(c{a}_{pk},\{v_{id},\mathit{lifetime}:\mathrm{permanent}\})$

8: Issue Intermediate Certificate:

9: $inter\_cert\leftarrow Sign(c{a}_{pk},\{v_{id},\mathit{validity}:3–6\mathrm{months},\mathit{linked}\_\mathit{to}:perm\_cert\})$

10: Generate Pseudonym Group:

11: $pseudo\_group\leftarrow \left[\right]$

12: for $i\leftarrow 1$ to $num\_pseudonyms$ do

13:       $pseudo\leftarrow GeneratePseudonym(v_{id},\mathit{validity}:10–15\min ,region\_constraints)$

14:       $pseudo\_group.\mathit{append}\left(Sign(c{a}_{pk},\{pseudo,\mathit{linked}\_\mathit{to}:inter\_cert\})\right)$

15: end for

16: Enter Probation Period:

17: $probation\_status\left(v_{id}\right)\leftarrow \mathbf{True}$

18: Schedule frequent VDF tests for $v_{id}$

19: return $perm\_cert,inter\_cert,pseudo\_group$

5.3. VDF Computation and Verification

The verification process presented in Algorithm 3 proceeds as follows [22,30]: the fog node first generates a challenge using the format C(f_j,t) = H(f_j || t || r), and this challenge is broadcast to all vehicles in the region. Each vehicle computes the VDF response, signs it, and sends it back along with timing data. RSUs then forward these responses to the fog node, which verifies both the signature and the VDF result. The response time is recorded for further analysis.

To optimize network efficiency, challenges are issued probabilistically rather than at fixed intervals, reducing predictability while preserving coverage. Challenge frequency is dynamically adjusted based on regional threat levels, vehicle density, fog node capacity, historical attack data, and time-of-day considerations. When multiple RSUs are available, they contribute timing attestations, enabling triangulation for added security. A progressive verification scheme is employed to accept partial verification during high-density periods, avoiding excessive delays.

The on-board hardware capabilities of different vehicles are explicitly considered in the proposed VDF calculation and verification process by taking into account the heterogeneity of on-board units (OBU). Low-end OBUs, which often have a small processing capacity and power limitations, are suitably accommodated with the help of adaptive VDF difficulty parameters, capping the computation time to safety-critical latency limits. By contrast, embedded OBUs with specific cryptographic accelerators have the ability to support higher levels of VDF difficulty without affecting real-time communications. To be fair and strong, the VDF problem can be dynamically set in the fog layer, depending on the measured response times and vehicle complexity and regional background response performance parameters. Moreover, vehicles newly registered or flagged before were put under a probation mechanism, where the higher VDF challenges with a conservative difficulty setting are given during the probation period in order to set reliable computational limits before regular functioning. This adjustment measure will have the property of ensuring that resistance to Sybil is preserved in the face of heterogeneous vehicle hardware with little or no unfair punishment to resource-constrained legitimate vehicles.

Algorithm 3 Fog-Based VDF Challenge–Response Verification

Require: Fog node ID $f_j$, timestamp t, nonce r, vehicle list $\mathcal{V}$, RSA modulus N, delay parameter $\mathit{delay}\_\mathit{t}$

Ensure: Verification results $\mathit{verif}\_\mathit{results}$ for each vehicle

1: Challenge Generation at Fog Node

2: Compute challenge: $$C\leftarrow H(f_j\parallel t\parallel r)$$

3: Broadcast C to all vehicles in the region

4: Vehicle-Side VDF Computation and Response

5: for each vehicle $v_i\in \mathcal{V}$ do

6:       $x\leftarrow C$

7:       Compute VDF response: $$y\leftarrow \mathrm{VDF}(x,\mathit{delay}\_\mathit{t},N)▹y=x^{2^{\mathit{delay}\_\mathit{t}}}modN$$

8:       Generate signature: $$\sigma \leftarrow \mathrm{Sign}(s{k}_{v_i},y\parallel \mathit{timing}\_\mathit{data})$$

9:       Send $(y,\sigma ,\mathit{timing}\_\mathit{data})$ to the nearest RSU

10:       Start response timer $T_{v_i}$

11:       if timeout expires before acknowledgment then

12:             Retransmit response (up to $\mathit{max}\_\mathit{retries}$)

13:       end if

14: end for

15: Forwarding at RSU

16: RSU collects vehicle responses and forwards them to the fog node along with RSU timing attestations

17: Verification at Fog Node

18: Initialize $\mathit{verif}\_\mathit{results}\leftarrow \varnothing$

19: for each response from vehicle $v_i$ containing $(y,\sigma ,\mathit{timing}\_\mathit{data})$ do

20:       if signature verification fails then

21:             $\mathit{verif}\_\mathit{results}\left[v_i\right]\leftarrow \mathbf{False}$

22:       else

23:             Compute expected response: $$y_{\mathrm{expected}}\leftarrow \mathrm{VDF}(C,\mathit{delay}\_\mathit{t},N)$$

24:             if $y\ne y_{\mathrm{expected}}$ or timing data are anomalous then

25:                    $\mathit{verif}\_\mathit{results}\left[v_i\right]\leftarrow \mathbf{False}$

26:             else

27:                    $\mathit{verif}\_\mathit{results}\left[v_i\right]\leftarrow \mathbf{True}$

28:             end if

29:       end if

30: end for

31: if multiple RSUs available then

32:       Perform triangulation using RSU timing attestations

33: end if

34: Handling Missing or Incomplete Responses

35: for each vehicle $v_i$ with no valid response after $\mathit{max}\_\mathit{retries}$ do

36:       Mark response as inconclusive

37:       Assign temporary uncertainty penalty to $SS\left(v_i\right)$

38:       Schedule follow-up challenge with reduced difficulty

39: end for

40: Adaptive Challenge Frequency

41: Compute threat level based on density, history, and time of day

42: Adjust next challenge probability accordingly

43: Output

44: return $\mathit{verif}\_\mathit{results}$

5.4. Multi-Layer Detection Algorithm

5.4.1. Local Detection at Fog Layer

Fog nodes analyze datasets based on VDF computation times, spatial consistency of vehicle coordinates, and beacon message formats [23,54]. The detection algorithm uses a sliding window to maintain records of vehicle behavior. First, statistical profiling establishes expected norms based on environmental conditions. Outlier VDF response times are flagged. Behavioral modeling, employing unsupervised learning, detects communication anomalies.

The fog node maintains a local registry listing suspicious behavior with associated timestamps, risk scores, and confidence levels. These data are periodically synchronized with the cloud to maintain privacy.

5.4.2. Global Detection at Cloud Layer

The cloud layer aggregates suspicion scores across regions as described in Algorithm 4, conducts historical pattern analysis, and correlates anomalies across domains [58]. It checks data against known attack signatures and implements:

Algorithm 4 Cloud-Level Global Sybil Behavior Analytics and Database Update

Require: Aggregated fog data $\mathit{fog}\_\mathit{data}$, Historical database $\mathit{hist}\_\mathit{db}$, Attack signatures $\mathit{signatures}$

Ensure: Global suspicious vehicles $\mathit{global}\_\mathit{suspicious}$, Updated database $\mathit{hist}\_\mathit{db}$

(1) Aggregate Scores

1: $\mathit{global}\_\mathit{scores}\leftarrow \mathrm{Aggregate}(\mathit{fog}\_\mathit{data}.\mathit{suspicion}\_\mathit{scores\; across\; regions})$

(2) Historical Analysis

2: $\mathit{patterns}\leftarrow \mathrm{PatternMining}(\mathit{global}\_\mathit{scores},\mathit{hist}\_\mathit{db})$    ▹ temporal and cross-regional correlations

(3) Check Known Attack Signatures

3: for all vehicle $v_i$ in $\mathit{global}\_\mathit{scores}$ do

4:       if $\mathrm{MatchSignature}(\mathrm{behavior}\left(v_i\right),\mathit{signatures})$ then

5:              $\mathrm{FlagAttack}\left(v_i\right)$

6:       end if

7: end for

(4) Graph Analysis for Coordinated Campaigns

8: $\mathit{graph}\leftarrow \mathrm{BuildGraph}\left(\mathit{incidents}\right)$           ▹ nodes: vehicles/regions; edges: correlations

9: $\mathit{campaigns}\leftarrow \mathrm{DetectClusters}\left(\mathit{graph}\right)$                 ▹ group distributed attacks

(5) Collaborative Filtering (Federated Analytics)

10: $\mathit{filtered}\_\mathit{data}\leftarrow \mathrm{FederatedAnalytics}(\mathit{anonymized}\_\mathit{inputs}\mathit{from}\mathit{operators})$

11: Update $\mathit{global}\_\mathit{scores}$ using $\mathit{filtered}\_\mathit{data}$

(6) Identify Globally Suspicious Vehicles

12: $\mathit{global}\_\mathit{suspicious}\leftarrow \{v_i\mid \mathit{global}\_\mathit{scores}\left[v_i\right]>\mathit{global}\_\mathit{threshold}\vee v_i\in \mathit{campaigns}\}$

(7) Update Historical Database

13: $\mathit{hist}\_\mathit{db}\leftarrow \mathit{hist}\_\mathit{db}\cup \{\mathit{tactics}:\mathit{new}\_\mathit{patterns},\mathit{success}:\mathit{detection}\_\mathit{rates},\mathit{evolution}:\mathit{changes}\}$

(8) Output

14: return $\mathit{global}\_\mathit{suspicious},\mathit{hist}\_\mathit{db}$

Cross-regional correlation, detecting sophisticated, mobile attackers.

Temporal pattern mining, identifying periodic behaviors.

Attack campaign identification, grouping distributed incidents via graph analysis.

Collaborative filtering, incorporating anonymized inputs from multiple operators to improve detection.

Federated analytics preserves privacy while leveraging collective threat intelligence. The cloud system maintains an extensive attack database that documents tactics, detection success, and attack evolution.

5.5. Suspicion Score Computation

The overall suspicion score, denoted $SS\left(v_i\right)$, is computed as a weighted sum of multiple components:

$$SS\left(v_i\right)=\alpha ·\mathrm{VDF}\_\mathrm{score}\left(v_i\right)+\beta ·\mathrm{Spatio}\_\mathrm{score}\left(v_i\right)+\gamma ·\mathrm{Temp}\_\mathrm{score}\left(v_i\right)+\delta ·\mathrm{History}\_\mathrm{score}\left(v_i\right),$$

(1)

The weighting coefficients ($\alpha$, $\beta$, $\gamma$, and $\delta$) are first determined with a neutral setup, i.e., all parts have the same weight ($\alpha$ = $\beta$ = $\gamma$ = $\delta$ = 0.25). This truth valence setup is non-discriminatory against any single one of the detection dimensions and offers a consistent base with which heterogeneous vehicular worlds shed their feudal character. Initial values had empirical validation of probability using initial simulations to achieve balanced sensitivity of VDF computation behavior, spatiotemporal consistency, and historical trust indicators. Real-time contextual factors at the level of the viewed megaparticle then cause dynamic modification of the weights. The working environment (e.g., urban, highway, or sparse network) is determined by vehicle volume, traffic behavior, and the resources in place (infrastructure, etc.). In larger cities, the topology of the road network is less extensive, and the spatial consistency is more discriminative, which increases the $\beta$. On the other hand, in highway scenarios, where speeds are larger and there do not exist significant spatial limitations, there is temporal consistency that is ensured by assigning a larger value to $\gamma$. When historical anomalous behavior or pathology of attacks is identified, historical weight $\delta$ is increased, and the VDF-related weight alpha is decreased at times of high congestion or channel interference to eliminate noise generated by network delays as opposed to malicious intent. In order to determine the strength of the suspicion scoring mechanism, a sensitivity analysis was done by shifting the single coefficient within the range [0.1, 0.4] while keeping the rest of the weights the same. Findings show that the accuracy of the detection does not change much with a variation of moderate weight, at a range of ±3%, proving that the model is not highly sensitive to the exact values of consecutive coefficients. This proves that the efficiency of the proposed scoring framework occurs due to the complementary nature of its elements and not reliance on a particular parameter arrangement.

Vehicles whose score exceeds a threshold $\tau$ are marked as potential Sybil attackers, i.e.,

$$SS\left(v_i\right)>\tau \Rightarrow v_i\mathrm{is}\mathrm{flagged}\mathrm{as}\mathrm{a}\mathrm{potential}\mathrm{Sybil}\mathrm{attacker}.$$

(2)

Formal Weight Optimization and Learning-Based Calibration

In order to improve methodological rigor and avoid heuristic choices when selecting the weighting coefficients and detection threshold, we propose a formal optimization framework to identify these parameters. A systematic grid search was performed over the parameter space $\alpha ,\beta ,\gamma ,\delta \in$ [0.1, 0.4] under the constraint $\alpha +\beta +\gamma +\delta =1$. Labeled simulated datasets were used to evaluate approximately $10,000$ valid combinations of coefficients. The optimization objective was to maximize the F1-score, defined as:

$$F1={\displaystyle \frac{2·\mathrm{Precision}·\mathrm{Recall}}{\mathrm{Precision}+\mathrm{Recall}}}.$$

(3)

The best mixture, as determined by the grid search, provided a better balance between detection rate and false-positive rate than the neutral baseline. This process turns weight selection into an algorithmic hyperparameter optimization task rather than manual tuning. To further characterize coefficient estimation, the suspicion scoring model can be viewed as a linear classifier trained via logistic regression. Let $y_i\in \{0,1\}$ denote the ground-truth label of vehicle $v_i$. The coefficients are learned by minimizing the cross-entropy loss:

$$\mathcal{L}=-\sum _i[y_{i}log\left(S{S}_i\right)+(1-y_i)log(1-S{S}_i)].$$

(4)

In this formulation, $\alpha ,\beta ,\gamma ,$ and $\delta$ are learned parameters obtained through gradient-based optimization over labeled training data generated in simulation. This learning-based calibration ensures that component contributions reflect statistically observed predictive power rather than heuristic assumptions. In addition to offline optimization, the fog layer provides an online, dynamically adaptive reinforcement mechanism that updates the coefficients. The weights are adjusted at regular intervals according to a reward signal:

$$\mathrm{Reward}=\mathrm{DetectionRate}-\lambda ·\mathrm{FalsePositiveRate},$$

(5)

where $\lambda$ controls the trade-off between detection sensitivity and false-alarm minimization. When a weight configuration improves detection without disproportionately increasing false positives, it is positively reinforced and retained; otherwise, it is negatively reinforced and updated. This reinforcement-based adaptation enables the system to respond to changes in attack strategies, environmental conditions, and resource constraints while reducing oscillatory parameter updates. Instead of selecting a fixed heuristic threshold, the detection threshold $\tau$ is determined via ROC curve analysis on validation datasets. The optimal threshold is selected using Youden’s index:

$${\tau }^{\ast }=arg\underset{\tau }{max}\left(\mathrm{TPR}\left(\tau \right)-\mathrm{FPR}\left(\tau \right)\right).$$

(6)

This ensures statistically optimal separation between legitimate and Sybil behavior. In online deployment, $\tau$ is further adjusted using exponentially weighted moving averages of recent detection performance to maintain robustness under non-stationary traffic conditions (Algorithm 5).

Algorithm 5 Context-Aware Suspicion Scoring for Vehicle $v_i$

Require: Vehicle data for $v_i$: $(\mathit{VDF}\_\mathit{times},\mathit{positions},\mathit{beacons},\mathit{history})$, weights $(\alpha ,\beta ,\gamma ,\delta )$, context

$\mathit{context}$

Ensure: Suspicion score $SS$; mark $v_i$ as Sybil if $SS>\tau$

(1) Adjust Weights Based on Context

1: if $\mathit{context}=\mathit{urban}$ then

2:       $\beta \leftarrow \mathrm{Increase}\left(\beta \right)$

3: end if

4: if $\mathit{context}=\mathit{highway}$ then

5:       $\gamma \leftarrow \mathrm{Increase}\left(\gamma \right)$

6: end if

7: if $\mathit{high}\_\mathit{history}\_\mathit{risk}=\mathbf{True}$ then

8:       $\delta \leftarrow \mathrm{Increase}\left(\delta \right)$

9: end if

10: if $\mathit{congestion}=\mathbf{True}$ then

11:       $\alpha \leftarrow \mathrm{Decrease}\left(\alpha \right)$

12: end if

(2) Compute Component Scores

13: $\mathit{VDF}\_\mathit{score}\leftarrow {\displaystyle \frac{\mathrm{Deviation}(\mathit{VDF}\_\mathit{times}\left[v_i\right],\mathit{baselines})}{\mathit{max}\_\mathit{dev}}}$

14: $\mathit{Spatio}\_\mathit{score}\leftarrow 1-\mathrm{Plausibility}(\mathit{positions}\left[v_i\right],\mathit{road}\_\mathit{dynamics})$

15: $\mathit{Temp}\_\mathit{score}\leftarrow \mathrm{Anomalies}(\mathit{beacons}.\mathit{timings}\left[v_i\right],\mathit{expected}\_\mathit{intervals})$

16: $\mathit{History}\_\mathit{score}\leftarrow \mathrm{Integrate}(\mathit{history}\left[v_i\right].\mathit{trust},\mathit{regional}\_\mathit{patterns})$

(3) Calculate Suspicion Score

17: $SS\leftarrow \alpha ·\mathit{VDF}\_\mathit{score}+\beta ·\mathit{Spatio}\_\mathit{score}+\gamma ·\mathit{Temp}\_\mathit{score}+\delta ·\mathit{History}\_\mathit{score}$

18: $SS\leftarrow \mathrm{Normalize}(SS,0,1)$                     ▹ scale to $[0,1]$

(4) Tune Threshold Dynamically

19: $\tau \leftarrow \mathrm{DynamicTune}(\tau ,\mathit{network}\_\mathit{conditions},\mathit{threat}\_\mathit{levels})$

(5) Decision Rule

20: if $SS>\tau$ then

21:       Mark $v_i$ as potential Sybil

22: end if

(6) Output

23: return $SS$

5.6. Certificate Revocation Mechanism

Vehicles flagged as suspicious undergo a three-stage revocation protocol [15]. First, temporary watchlisting lasts 24 h, during which they receive increased VDF challenges, enhanced monitoring, and partial service restrictions for non-critical functions.

If suspicion persists or reaches a critical threshold, short-term revocation (72 h) is triggered. During this time, safety messages are still processed but marked as unreliable. The vehicle must pass an extended verification protocol, including hardware attestation, to regain full privileges (Algorithm 6).

Algorithm 6 Progressive Watchlisting and Short-Term Revocation for Vehicle $v_i$

Require: Vehicle $v_i$, Suspicion score $SS$, Critical threshold $\mathit{crit}\_\tau$

Ensure: Revocation status $\mathit{status}$

(1) Temporary Watchlisting

1: if $SS>\mathit{initial}\_\tau$ then

2:      $\mathrm{SetWatchlist}(v_i,\mathit{duration}=24\mathit{hours})$

3:      $\mathrm{IncreaseVDFChallenges}\left(v_i\right)$

4:      $\mathrm{EnableEnhancedMonitoring}\left(v_i\right)$

5:      $\mathrm{RestrictNonCriticalServices}\left(v_i\right)$

6: end if

(2) Monitor During Watchlist

7: $\mathit{new}\_\mathit{SS}\leftarrow \mathrm{RecomputeSS}\left(v_i\right)$                ▹ after increased challenges

(3) Short-Term Revocation

8: if $(\mathit{new}\_\mathit{SS}>\mathit{crit}\_\tau )\vee \left(\mathit{suspicion\; persists}\right)$ then

9:      $\mathrm{RevokeShortTerm}(v_i,\mathit{duration}=72\mathit{hours})$

10:      Mark messages from $v_i$ as unreliable

11:      $\mathrm{RequireExtendedVerification}(v_i,\mathit{incl}.\mathit{hw}\_\mathit{attestation})$

12: end if

(4) Reinstate (if cleared)

13: if $\mathit{extended}\_\mathit{verif\; passed}=\mathbf{True}$ then

14:      $\mathrm{ReinstateFullPrivileges}\left(v_i\right)$

15: end if

(5) Output

16: $\mathit{status}\leftarrow \mathrm{GetRevocationStatus}\left(v_i\right)$

17: return $\mathit{status}$

Permanent revocation occurs under specific conditions: repeated short-term revocations, verified malicious behavior, hardware compromise, or confirmed Sybil activity. To prevent abuse of the system, an appeals process allows vehicles to submit extra verification data for expedited reinstatement in case of false positives (Algorithm 7).

Algorithm 7 Permanent Revocation with Appeals Handling for Vehicle $v_i$

Require: Vehicle $v_i$ history $(\mathit{revocations},\mathit{behavior})$, appeals data $\mathit{appeals}$

Ensure: Permanent revocation status $\mathit{status}$

(1) Check Conditions for Permanent Revocation

1: if $\mathit{revocations}\left[v_i\right]>\mathit{repeat}\_\mathit{threshold}$ $\mathrm{VerifiedMalicious}\left(\mathit{behavior}\left[v_i\right]\right)$ $\mathrm{HardwareCompromiseDetected}\left(v_i\right)$

$\mathrm{ConfirmedSybil}\left(v_i\right)$ then

2:     $\mathrm{RevokePermanent}\left(v_i\right)$

3:     $\mathrm{BlockAllServices}\left(v_i\right)$

4: end if

(2) Appeals Process

5: if $\mathit{appeals\; submitted}=\mathbf{True}$ then

6:     if $\mathrm{VerifyExtraData}\left(\mathit{appeals}\right)=\mathbf{True}$ then

7:           $\mathrm{ExpediteReinstatement}\left(v_i\right)$

8:     else

9:           $\mathrm{MaintainRevocation}\left(v_i\right)$

10:     end if

11: end if

(3) Output

12: $\mathit{status}\leftarrow \mathrm{GetPermanentRevocationStatus}\left(v_i\right)$

13: return $\mathit{status}$

6. Security Analysis

6.1. Resistance Against Sybil Attack Variants

Our framework demonstrates robust resistance against all Sybil attack variants. It addresses basic attacks through the imposition of sequential computational costs [22], counters cooperative attacks using spatial correlation analysis [41], and mitigates mobile attacks via spatiotemporal consistency checks [48]. For pseudonym-abuse detection, the system tracks pseudonym changes [7], while hybrid attacks are handled using a multi-factor suspicion scoring mechanism [6].

We conducted comprehensive analysis against five distinct Sybil attack variants:

Basic Sybil Attack: This involves a single attacker generating multiple identities without sophistication. Our VDF mechanism effectively limits the number of identities that can be created based on the attacker’s hardware capabilities. Detection performance exceeds 99.5% with minimal false positives.

Collaborative Sybil Attack: In this scenario, multiple physical attackers pool their resources. The system maintains effectiveness by enforcing spatial constraints and utilizing cross-verification techniques. Detection rates surpass 98.2% when attackers operate within physical proximity.

Mobile Sybil Attack: Attackers leverage mobility to obscure the relationship between Sybil nodes. Despite this tactic, spatiotemporal consistency checks retain high detection accuracy, with a success rate greater than 97.3%, although detection may degrade slightly during periods of high mobility.

Hardware-Enhanced Attack: Here, attackers utilize specialized hardware such as FPGAs or ASICs to speed up VDF computations. Our multi-modal detection system, which does not rely solely on timing, maintains detection efficacy above 96.8%, even when attackers enjoy up to 10× computational advantage.

The system will use an adaptive parameter adjustment approach instead of fixed delay enforcement when dealing with adversaries that have hardware improvements that can efficiently compute VDF with special-purpose computing devices like GPUs, FPGAs, or ASICs. In particular, the fog layer progressively adds the value of the VDF delay parameter to the concerned areas depending on the perceived trends of response-time shrinkage and anomaly and, thus, recuperates the desired temporal expenditure of identity generation. This inflation is selectively and proportionally mitigated so that, in addition to legitimate vehicles with normal hardware, the attacker suffers a superlinear growth in the cost of maintaining multiple identities. Combined with spatiotemporal consistency checks and history-aware suspicion scoring, this mechanism prevents attackers with a 5–10× computational advantage from achieving sustainable Sybil persistence, thereby reinforcing the robustness of the framework against asymmetric computational threats.

Hybrid Approaches: These attacks involve combining multiple strategies with sophisticated evasion techniques. Machine learning-enhanced detection allows the system to identify subtle deviations from expected patterns, achieving a detection rate greater than 95.5% against previously unseen attack combinations.

Overall, our analysis shows that even well-resourced attackers face diminishing returns as they attempt to maintain more Sybil identities, since detection probabilities increase superlinearly with the number of fabricated identities.

6.2. Resilience to Communication Interference and Jamming

Vehicular communication environments are inherently prone to channel congestion, packet collisions, and potential RF jamming. To ensure that communication disturbances are not misclassified as Sybil behavior, the proposed framework incorporates multiple interference-aware mechanisms.

First, the suspicion scoring model dynamically adjusts the VDF-related weight $\alpha$ under detected congestion conditions. When channel load exceeds predefined thresholds (e.g., >70% utilization or elevated backoff rates), the contribution of VDF timing deviation to the overall suspicion score is proportionally reduced. This prevents benign transmission delays caused by network contention from being interpreted as malicious timing manipulation.

Second, the system leverages multi-RSU triangulation and timing attestation. If packet delays or losses occur, neighboring RSUs provide independent timing observations. Discrepancies confined to a single RSU region are treated as localized interference rather than identity abuse. Cross-RSU validation significantly reduces false alarms under partial jamming or high-density traffic.

Third, the retransmission logic embedded in the VDF challenge–response protocol ensures robustness against transient packet loss. Vehicles are allowed limited retries before classification, preventing a single dropped response from triggering suspicion escalation.

At the fog layer, statistical monitoring detects abnormal packet loss clusters and sudden regional latency spikes. If multiple vehicles simultaneously exhibit delayed or missing responses within a confined area, the system flags the condition as potential channel interference rather than coordinated Sybil activity. In such cases, adaptive challenge frequency is temporarily reduced to avoid unnecessary computational load.

Importantly, the framework distinguishes between delay-based anomalies and acceleration-based anomalies. Communication interference increases observed delay variance, whereas hardware-assisted Sybil attacks reduce VDF computation time below expected baselines. Since these behaviors exhibit opposite timing signatures, the model can differentiate congestion effects from malicious identity generation [62].

6.3. Security Proof Theorem

An adversary controlling k physical vehicles can successfully maintain at most O(k) Sybil identities with suspicion scores below the threshold $\tau$.

Proof Sketch: Each legitimate vehicle is required to compute VDF responses sequentially, and the time required to compute n responses scales linearly with n. Spatial constraints ensure that Sybil identities must maintain plausible trajectories. The probability of detection increases with the number of Sybil identities per physical vehicle, the duration of the attack, and the number of VDF challenges issued.

The complete formal security proof is based on a game-theoretic model in which an adversary attempts to sustain m Sybil identities under the constraint of controlling only k physical vehicles. We show that the probability of success becomes negligible when m > ck for any constant c > 2, assuming reasonable challenge frequencies and stable network conditions.

6.4. Computational Security Bounds

Based on the sequential squaring hypothesis [61], there exists no algorithm capable of computing our VDF in fewer than t/c sequential steps for any constant c > 0.

Our computational security analysis considers both theoretical constraints and practical implementation factors. Theoretical time-space tradeoffs indicate that while some VDFs allow limited parallelization (e.g., through giant-stepping techniques), such methods yield diminishing returns beyond specific thresholds. In terms of hardware acceleration, although custom devices may deliver constant-factor performance gains, these benefits are offset by economic constraints that limit their widespread deployment, the fixed cost per physical device, and the emergence of detectable performance signatures.

Furthermore, our challenge-response design resists amortization by preventing the reuse of pre-computed results across identities. The system’s adaptive difficulty mechanism ensures that VDF parameters evolve in response to improvements in computational hardware and algorithms. We provide explicit bounds on the number of sequentially dependent operations needed to achieve different security levels over the expected lifetime of the system.

6.5. Privacy Preservation

Our framework achieves a careful balance between security and privacy using pseudonymization [7], localized computation [23], and a targeted certificate revocation strategy [15].

Several features support privacy preservation. First, only the minimum necessary information is disclosed, and VDF challenges and responses contain no personally identifiable information. Second, behavioral profiles are retained within fog nodes as much as possible, with only limited summaries reaching the cloud. Third, under normal operations, only statistical aggregates—not raw data—are transmitted beyond local domains. The system also maintains adequate anonymity set sizes during detection to protect user identities and allows legitimate pseudonym changes to remain unlinkable, thwarting long-term tracking attempts.

To strengthen privacy guarantees, we introduce three quantitative evaluation components: linkability analysis, inference attack simulation, and a formal $\epsilon$-calculation methodology.

(A)

Linkability Probability Metric: We define the linkability probability as

$$P_{\mathrm{link}}=\mathbb{P}\left({\mathrm{pseudonym}}_i\to {\mathrm{pseudonym}}_j\right),$$

(7)

which represents the probability that an adversary correctly associates two pseudonyms belonging to the same vehicle. Under baseline pseudonym rotation without VDF-based rate control, simulated linkability reached approximately 12–15% due to timing correlation. After incorporating VDF-based identity rate limiting and controlled pseudonym switching constraints, $P_{\mathrm{link}}$ decreased to below 4%, demonstrating measurable privacy enhancement.

(B)

Inference Attack Simulation: An adversarial reconstruction experiment was conducted by simulating 24 h of vehicular traffic observation. The adversary was assumed to know message timing, pseudonym changes, and mobility trajectories. Using timing-correlation clustering and trajectory-matching techniques, the attacker attempted to re-identify vehicles after pseudonym updates. Results indicate that re-identification success did not exceed 5% when mist-layer aggregation windows and VDF rate control were applied. In contrast, without aggregation and timing randomization, re-identification exceeded 14%. These findings validate the effectiveness of cross-layer data minimization and pseudonym regulation in mitigating long-term tracking risks.

(C)

Differential Privacy Clarification. Additional privacy guarantees are provided by injecting calibrated Laplace noise at the fog layer before transmitting aggregated behavioral statistics to the cloud. The Laplace mechanism is defined as

$$\mathcal{M}\left(x\right)=f\left(x\right)+\mathrm{Laplace}\left({\displaystyle \frac{\Delta f}{\epsilon }}\right),$$

(8)

where $\Delta f$ denotes the global sensitivity of the aggregation function and $\epsilon$ controls the privacy level. In our implementation, $\Delta f$ is bounded by the maximum influence of a single vehicle on regional suspicion aggregates. The selected $\epsilon$ values ($0.3$–$0.8$) were determined by balancing detection accuracy degradation (below $2\%$) against privacy leakage risk, ensuring bounded information exposure even under adaptive adversarial observation.

7. Performance Evaluation

7.1. Simulation Setup

To evaluate the proposed VDF-based Sybil detection scheme under realistic vehicular conditions, we developed a closed-loop co-simulation environment integrating OMNeT++ and SUMO via the TraCI interface. SUMO generates micro-level mobility traces using an OpenStreetMap extract of a $3 \mathrm{km}\times 3 \mathrm{km}$ downtown grid of Rabat, Morocco, as shown in Figure 3. These trajectories capture heterogeneous speeds, lane changes, stop-and-go dynamics, and traffic signal behavior.The full set of simulation parameters is listed in

Table 2. Simulation parameters for urban VANET scenario.

Parameter	Value
Simulation area	3 km × 3 km
Number of vehicles	100–500
Vehicle speed	0–60 km/h
Communication range	300 m
RSU coverage radius	300 m
Number of RSUs	25
Number of fog nodes	5
Beacon interval	100 ms
VDF difficulty	220
Simulation duration	3600 s
MAC protocol	IEEE 802.11p
Propagation model	Two-ray ground
Background traffic load	20% of channel capacity
Attack density	5–20% of vehicles

.

At each mobility update, positions are streamed to OMNeT++, where the INET framework models IEEE 802.11p/DSRC communications, fog-assisted RSU infrastructure, and periodic VDF challenge broadcasts. Both legitimate and Sybil vehicles compute VDF responses before transmitting beacons, allowing accurate measurement of computational overhead, communication latency, and channel load.

Because network congestion and backoff dynamics influence mobility patterns, SUMO receives congestion feedback from OMNeT++, enabling realistic formation of platoons, jams, and oscillatory stop–start patterns—conditions under which Sybil nodes typically try to blend in. Synchronized logs from both simulators provide fine-grained timestamps for VDF computation, message dissemination, and detection decisions over 3600 s of simulated time.

The VDF difficulty parameter of $2^{20}$ in the simulating configuration indicates a calculated trade-off between operating and detection robustness. A smaller difficulty decreases the computational costs but decreases resistance to attackers of mid-level resources of hardware-accelerated scales, and higher values elevate resistance to Sybil with higher costs in latency and energy on constrained, OBU-based resources. The chosen value was empirically proved, making sure that legitimate vehicles can perform VDF computations on adequate delay limits considering the IEEE 802.11p communication limits, and attackers trying to sustain multiple identities are faced with prohibitive cumulative delays. The given setup is consistent with the practical vehicular safety considerations, where cryptographic validation cannot affect time-constrained beaconing, and this gives the basis of a realistic criticism of adaptive difficulty increment mechanisms against more adversarial or more realistic models. The simulated environment mainly concerns heavy urban traffic situations, the presence of dense intra-city traffic, moderate vehicle speed, and constant infrastructural provision. Although this environment reflects critical and challenging conditions of the Sybil attack, the testing does not specifically encompass highway conditions of sustained high-speed mobility, rural sparse networks of connections with intermittent connectivity, or mixed-autonomy traffic conditions comprising human-controlled and autonomous vehicles. Such situations result in unique patterns of communication, development of trust, and limitations of the availability of infrastructure, which might affect the performance of detection. Accordingly, the provided findings may be understood as reflective of the urban implementations, offering a fair yet not comprehensive evaluation of the ability of the suggested framework to be applied in all vehicular settings.

7.2. Analytical Evaluation in Heterogeneous Traffic Conditions

In order to enhance generalizability outside of dense urban settings, we present an analytical assessment of the proposed framework in the context of heterogeneous traffic, such as highway mobility, rural sparse networks, and mixed-autonomy traffic scenarios. These estimates are based on the adaptation of parameter experiments and the extrapolation of the results of simulations by other models.

(A) Highway Scenario: Highway environments are characterized by vehicles traveling at sustained high velocities of up to 120 km/h, generally over long and straight areas of the road with a decreased number of intersections and reduced topological constraints. In these environments, space discrimination is less efficient since vehicles always exhibit longitudinal movement with a slight lateral deviation. As a result, the value of the spatial consistency weight $\beta$ is lower, and the temporal consistency weight $\gamma$ is higher to highlight the agendic blauch weight and VDF reactional profiles.

Performance of the proposed detection remains strong under these adjusted parameters: detection rates ranged from 94 to 96%, and false-positive rates remained below 4%, while spatiotemporal correlation strength slightly diminishes due to reduced spatial constraints. The adaptive weighting mechanism preserves overall accuracy by placing less emphasis on spatiotemporal integrity and greater emphasis on VDF-based computational fairness.

(B) Rural Sparse Network Scenario: Rural environments are characterized by low vehicle density (often fewer than five vehicles per kilometer), intermittent connectivity, and limited RSU or fog infrastructure availability. Peer-based opportunities for cross-verification are minimized in such situations, and infrastructure-based validation becomes predominant. To compensate, the framework relies more heavily on VDF-based identity rate control and historical behavior weighting ($\delta$) and less on spatial correlation. Projections suggest a detection accuracy of 91–93%, with a moderate increase in detection latency due to fewer cross-validation opportunities. Even with reduced peer encounters, the VDF mechanism still enforces computational cost asymmetry, making it infeasible to scale Sybil identities—whether in high-connectivity settings or in sparse networks lacking dense interactions.

(C) Mixed-Autonomy Traffic Scenario: Cooperation perception and distributed control systems introduce further security sensitivity in mixed-autonomy settings, where Connected and Automated Vehicles (CAVs) share the road with human-operated vehicles. Autonomous vehicles depend heavily on reliable inter-vehicle communication to enable platooning, avoid collisions, and coordinate maneuvers. In this context, the fairness guarantees provided by VDF-based identity rate limiting are particularly important. The proposed framework remains flexible by balancing the weights among $\mathit{VDF}\_\mathit{score}$, consistency, and historical behavior, while slightly increasing the historical weight ($\delta$) to identify attempts to gradually build reputation. Analytical results suggest that in mixed-autonomy scenarios, detection accuracy is likely to exceed 95%, with improved robustness against coordinated Sybil attacks targeting cooperative control algorithms.

7.3. Evaluation Methodology

Five distinct attack scenarios were implemented, encompassing single and combined attack strategies. The methodology emphasized realism and robustness through the use of realistic mobility patterns derived from authentic traffic datasets representing both urban environments.

To ensure comprehensive coverage, the simulations accounted for environmental variations, including weather conditions, time-of-day changes, and infrastructure anomalies such as partial RSU failures. The attack models were designed to simulate a wide range of adversaries, from naive to adaptive attackers capable of responding to detection attempts.

Each scenario was executed 30 times with different random seeds to ensure statistical validity and reproducibility. The experiments were performed on a high-performance computing cluster featuring 64 CPU cores and 256 GB of RAM, enabling large-scale VANET simulations that integrated both network and application-layer dynamics.

7.4. Statistical Error Analysis

To provide a more comprehensive evaluation beyond detection accuracy, we report detailed statistical error metrics including False Positive Rate (FPR), False Negative Rate (FNR), overall error rate, and Mean Absolute Percentage Error (MAPE). The False Positive Rate (FPR) measures the proportion of legitimate vehicles incorrectly classified as Sybil:

$$\mathrm{FPR}={\displaystyle \frac{\mathrm{FP}}{\mathrm{FP}+\mathrm{TN}}}.$$

(9)

The False Negative Rate (FNR) quantifies the proportion of Sybil vehicles that were not detected:

$$\mathrm{FNR}={\displaystyle \frac{\mathrm{FN}}{\mathrm{FN}+\mathrm{TP}}}.$$

(10)

The overall error rate is computed as:

$$\mathrm{Error}\mathrm{Rate}={\displaystyle \frac{\mathrm{FP}+\mathrm{FN}}{\mathrm{Total}\mathrm{Samples}}}.$$

(11)

Across all evaluated traffic densities (5–20% attack injection), the proposed VDF–Fog–ML framework achieved:

• False Positive Rate (FPR): 1.4–2.0%;
• False Negative Rate (FNR): 2.6–3.3%;
• Overall Error Rate: 2.3–2.8%.

These results indicate balanced performance, with low false alarms while maintaining high detection sensitivity.

Mean Absolute Percentage Error (MAPE) Analysis

To evaluate the precision of timing-based anomaly detection, we measured the Mean Absolute Percentage Error (MAPE) between predicted and observed VDF computation times. In this context, the “prediction” refers to the expected baseline VDF computation delay estimated from legitimate vehicle hardware profiles, while the “actual” value corresponds to the measured VDF response time:

$$\mathrm{MAPE}={\displaystyle \frac{1}{n}}\sum _{i=1}^n\left|{\displaystyle \frac{{\mathrm{Actual}}_i-{\mathrm{Predicted}}_i}{{\mathrm{Actual}}_i}}\right|\times 100.$$

(12)

The average MAPE across all legitimate vehicles was 3.8%, indicating strong alignment between predicted hardware baseline timing and observed responses. For hardware-enhanced attack scenarios, MAPE increased significantly (>12%), validating its usefulness as a discriminative feature within the suspicion scoring model. Overall, the low MAPE under normal conditions and controlled increase under adversarial acceleration confirm that VDF timing deviation serves as a reliable quantitative signal for Sybil detection while maintaining robustness against benign timing fluctuations.

7.5. Detection Speed and Latency Analysis

To evaluate the real-time feasibility of the proposed framework, we measured detailed latency components across the VDF–Fog–ML detection pipeline. The following metrics were recorded under moderate traffic density (300 vehicles) and 10% attack injection.

7.5.1. Component-Level Latency Breakdown

• Average VDF computation time (vehicle-side): 380–520 ms (depending on OBU capability and delay parameter $t=2^{20}$);
• Average RSU forwarding delay: 8–12 ms;
• Average fog-layer VDF verification time: 12–18 ms;
• Machine learning inference time (XGBoost, 300 trees): 15–22 ms;
• Total end-to-end detection latency: 65–95 ms.

The end-to-end latency is defined as the time from beacon transmission (including VDF response) to final classification decision at the fog node.

7.5.2. Time to Flag a Malicious Vehicle

For persistent Sybil behavior, the average time required to exceed the suspicion threshold and flag a malicious vehicle was 0.9–1.4 s (equivalent to 9–14 beacon intervals at 100 ms periodicity). This reflects the accumulation of evidence through sliding-window analysis rather than single-message classification.

7.5.3. Safety Constraint Comparison

VANET safety applications typically operate with beacon intervals of 100 ms under IEEE 802.11p. Although VDF computation itself exceeds a single beacon interval, it does not delay safety-critical message transmission, as:

• VDF challenges are probabilistic and not attached to every beacon.
• Verification occurs at the fog layer asynchronously.
• Safety beacons remain prioritized at the MAC layer.

The total decision latency (≤95 ms) remains within real-time constraints for security-layer intervention and is significantly lower than resource-testing schemes (400–900 ms average delay).

7.6. Detection Accuracy

The proposed system demonstrated strong detection performance across all evaluated scenarios, as shown in Figure 4 and Figure 5. The false positive rate (FPR) remained below 2.3%, while the false negative rate (FNR) varied between 1.1% and 2.2%.

7.7. Real-World OBU Feasibility Analysis

In order to assess the realistic deployability of the suggested VDF-based Sybil detection model, this subsection breaks down its practical deployability with regard to heterogeneous on-board unit (OBU) hardware configurations and how it interacts with safety-critical latency considerations in vehicular networks. The task is to find out whether it is possible to run sequential VDF computations reliably without impairing real-time safety services:

(A) OBU Hardware Classes and VDF Execution Time. Automotive OBUs exhibit significant heterogeneity in processor frequency, memory bandwidth, and cryptographic acceleration capabilities. To capture this diversity, three representative hardware classes are evaluated under a delay parameter $t=2^{20}$, corresponding to approximately one million sequential squaring operations in an RSA group. The feasibility analysis across OBU hardware classes is summarized in

Table 3. Representative OBU hardware classes and VDF execution feasibility.

OBU Class	CPU Configuration	Crypto Support	VDF Time ($\mathit{t}=2^{20}$)	Suitability
Entry-level	1.2 GHz ARM (single/dual-core)	None	∼1.8 s	Limited
Mid-range	2.0 GHz ARM (multi-core)	AES support	∼800 ms	Acceptable
High-end	2.5 GHz + secure module	RSA acceleration	∼350 ms	Optimal

.

Entry-level OBUs complete the VDF computation in approximately 1.8 s, which remains acceptable when challenges are issued at moderate rates. Mid-range OBUs reduce computation time to about 800 ms and are compatible with realistic deployment scenarios. High-end OBUs equipped with hardware security modules or RSA acceleration compute the VDF response in approximately 350 ms, making them suitable for dense traffic environments where verification frequency may be higher. These findings indicate that the framework remains operational across heterogeneous hardware classes, particularly when adaptive difficulty control and probabilistic challenge scheduling are employed.

(B) Safety Latency Considerations. Safety-critical vehicular applications operating over IEEE 802.11p/DSRC typically require end-to-end latency below 100 ms. The proposed VDF mechanism is designed to avoid interference with this real-time communication path. Not every beacon transmission triggers a VDF challenge; vehicles continue broadcasting safety messages at 100 ms intervals independently of VDF processing. Challenge issuance follows a probabilistic model rather than a per-beacon requirement, thereby limiting computational overhead. VDF computation is performed asynchronously and does not block emergency or safety messages. Under heavy traffic, progressive verification allows fog nodes to temporarily defer or conditionally validate responses to mitigate congestion. Since VDF verification at the fog layer is computationally lightweight compared to sequential computation at the vehicle, the validation phase introduces negligible additional latency to safety-critical communication cycles.

(C) Worst-Case Delay Analysis. A quantitative worst-case analysis further demonstrates limited operational impact. Assuming a challenge interval of 120 s and a mid-range OBU requiring 800 ms for VDF computation, the effective duty cycle of VDF processing is given by:

$$\mathrm{Duty}\mathrm{Cycle}={\displaystyle \frac{T_{\mathrm{VDF}}}{T_{\mathrm{interval}}}}.$$

(13)

Substituting the values:

$$\mathrm{Duty}\mathrm{Cycle}={\displaystyle \frac{0.8}{120}}=0.0067\approx 0.67\%.$$

(14)

This calculation indicates that the VDF calculation takes less than one percent of the overall operation time. Although CPU use may rise temporarily, say by 15 percent within the computation window, this will be temporary, and the rise will be frequent in comparison with the beacon transmission cycle. As each safety message is sent at 100 ms independently of VDF processing and MAC-layer prioritization, make sure the temporary computational load has no adverse effect on safety-critical performance.

7.8. Computational Overhead

Vehicles experienced an average 15% increase in CPU usage during challenge periods. Fog nodes operated with 30–60% CPU utilization, while the cloud infrastructure was configured with 8 CPU cores and 16 GB of RAM to support monitoring for 500 vehicles.

Our comprehensive resource utilization analysis revealed several key insights. On the vehicle side, CPU usage increased by an average of 15%, with peaks reaching 27% during active Verifiable Delay Function (VDF) computation. Memory consumption rose by approximately 12 MB due to VDF processing, and battery usage increased by 3.2% in worst-case scenarios.

For fog nodes, CPU utilization ranged from 30% to 60% under normal conditions. Memory usage scaled linearly with the number of monitored vehicles, while storage requirements were approximately 25 MB per 100 vehicles for ongoing behavioral tracking.

Regarding the cloud infrastructure, 8 CPU cores and 16 GB of RAM were sufficient for regional monitoring of 500 vehicles. The system handled a processing throughput of 12,000 messages per second, with long-term analytics requiring approximately 2 GB of database storage per day for every 1000 vehicles.

Overall, the system demonstrated efficient resource scaling, with computational demands growing sub-linearly relative to the vehicle population. This efficiency was achieved through optimized batch processing and selective challenge issuance.

7.9. Communication Overhead

The total additional bandwidth incurred by the system averaged 1.8 KB per vehicle per minute, representing about a 5% communication overhead.

A detailed communication analysis indicated that each vehicle experienced the following data overhead: challenge messages were 64 bytes in size, response messages were 320 bytes, and challenges were issued on average once every two minutes per vehicle. Additionally, each beacon included 32 bytes of security-related metadata.

At the network level, the additional bandwidth required for road-side units (RSUs) amounted to 75 Kbps per 100 vehicles. Fog-to-cloud communication consumed approximately 25 Kbps per fog node. During active attack detection, peak traffic surged to 2.3 times the normal level of security traffic.

To mitigate network congestion, the system employed several techniques. The challenge rate was dynamically adapted in response to network load conditions. Safety-critical messages were prioritized to ensure real-time delivery, and compression techniques were applied to batch verifications to reduce overall data transmission.

The protocol’s bandwidth efficiency was largely attributable to its use of compact cryptographic proofs and an intelligent challenge scheduling mechanism that minimized unnecessary verification traffic.

7.10. Scalability

Detection rates remained consistently above 97% while false positive rates stayed below 3%, even with a network size of 1000 vehicles.

Our scalability analysis extended the scope beyond base simulations to assess the framework’s performance at the metropolitan scale. Simulations involving 5000 vehicles were conducted using a hierarchical approach. These scenarios resulted in a detection accuracy of 96.8%, with a 3.1% false positive rate. Processing latency increased sub-linearly, reaching an average of 7.3 s.

In terms of distributed architecture, horizontal scaling through additional fog nodes yielded near-linear performance improvements. Load balancing mechanisms helped maintain consistent system behavior during traffic shifts, while regional partitioning strategies minimized cross-boundary communication overhead.

To optimize scalability, several techniques were employed. Probabilistic challenge selection helped reduce the system’s computational load. Multi-level caching enhanced the efficiency of verification processes, and adaptive parameter tuning adjusted system behavior based on regional vehicle density.

Even under stress conditions, the framework maintained robust performance, achieving detection rates above 95% and false positive rates under 4% across metropolitan-scale deployments.

7.11. Impact of Vehicle Density

Detection rates exceeded 95% across most scenarios, although slight degradation was observed in very sparse networks.

Our analysis of vehicle density impact highlighted specific challenges and system behaviors. In sparse networks—defined as fewer than 5 vehicles per kilometer—detection accuracy declined to 92.3%. The reduced opportunity for peer verification necessitated greater reliance on infrastructure-based mechanisms. Mitigation strategies included deploying additional RSUs in low-traffic or critical coverage areas.

In high-density urban environments, defined as more than 150 vehicles per square kilometer, detection accuracy was maintained at 97.1%. The system’s challenge scheduling algorithm prevented network saturation, while processing prioritization ensured that detection tasks were completed in a timely manner despite increased load.

During transitions between low- and high-density conditions, such as those seen during rush hour, the system demonstrated effective adaptability. On average, recovery from density shifts took approximately 73 s. To prevent instability, hysteresis mechanisms were employed, which reduced oscillatory behavior in borderline scenarios.

7.12. Comparison with VDF-Based and Non-VDF-Based Methods

To demonstrate the superiority of the proposed Verifiable Delay Function (VDF)-based approach, we compare it against representative state-of-the-art non-VDF Sybil detection methods in VANETs presented in Figure 6. The selected baselines include:

• Voiceprint (RSSI-based time-series similarity) [63];
• CFR-based Signal Clustering(channel frequency response clustering) [64];
• Collaborative Learning with Majority Voting (distributed ML-based) [65];
• AdaBoost classifier on the VeReMi dataset (misbehavior-detection extension covering Sybil variants) [66,67].

These methods represent the main non-VDF categories (signal-strength-, statistical-, and machine learning-based). Performance data for the non-VDF baselines are averaged or extracted from the reported results across urban settings and varying attack sophistication levels. Note that many non-VDF approaches exhibit significant degradation against sophisticated, mobility-enhanced, or hardware-assisted attacks due to signal interference, environmental variability, or the lack of strong temporal binding between identities and computations.

To make the comparison with the benchmark methods more just and controlled, a small subset of the benchmark methods, namely the Voiceprint (RSSI-based time-series similarity) and CFR-based signal clustering methods, was re-implemented in the same OMNeT++/SUMO co-simulation setup used to compare the proposed VDF-based framework. The same mobility traces, network parameters, vehicle clustering, and the attack models were used in these re-implementations to avoid environmental bias. Conversely, the performance of collaborative learning with majority voting scheme and the AdaBoost-based classifier on the VeReMi dataset was borrowed from the corresponding original literature, since they are techniques that use proprietary datasets or training pipelines not entirely reproducible under the OMNeT++/SUMO framework. In the case of literature-based results, wherever they are reported, only urban situations containing similar traffic density and attack intensity were included in order to remain consistent with our experimental setup.

8. Machine Learning Enhanced Detection

8.1. ML Model Selection and Justification

To enhance the detection capabilities of our VDF-based approach, we integrated machine learning techniques specifically tailored to Sybil attack detection in VANETs. After extensive evaluation, we selected a gradient boosting decision tree (GBDT) model as our primary classifier. This decision was based on its superior performance on imbalanced datasets, which are typical in security applications; its ability to handle mixed feature types such as continuous, categorical, and temporal data; and its inherent feature importance ranking that aids interpretability. Additionally, GBDT offered efficient inference suitable for deployment on fog computing infrastructure and demonstrated robustness against overfitting when properly regularized.

Comparative analysis with other algorithms—including Random Forest, Support Vector Machines, and Neural Networks—confirmed GBDT’s superior performance for our specific use case, offering a 5–8% improvement in detection accuracy over the alternatives.

Our model selection process followed a systematic approach. Initially, we conducted candidate evaluation by testing seven different algorithm families using default parameters. Promising candidates then underwent hyperparameter optimization through grid search and Bayesian optimization. For performance validation, we employed 5-fold stratified cross-validation on attack-balanced datasets, followed by statistical significance testing of performance differences using paired t-tests. Finally, deployment testing was conducted on resource-constrained fog hardware to ensure practical viability.

We implemented the GBDT model using XGBoost, with custom modifications to suit VANET-specific constraints. These included warm-starting capabilities for incremental learning and model compression techniques to minimize memory footprint.

The final deployed classifier is XGBoost (extreme gradient boosting), an ensemble tree-based supervised learning algorithm optimized for structured tabular data. We additionally evaluated Logistic Regression, Support Vector Machines (SVM), Random Forest (RF), and shallow Neural Networks during preliminary experimentation. Among these, Random Forest and XGBoost demonstrated the strongest performance; however, XGBoost achieved a superior F1-score and a lower false positive rate while maintaining acceptable inference latency for fog-layer deployment. This decision was based on:

• Superior performance on imbalanced datasets (5–20% attack density);
• Capability to model nonlinear relationships between VDF timing, mobility, and behavioral features;
• Built-in regularization to prevent overfitting;
• Efficient inference suitable for fog infrastructure.

Comparative testing confirmed a 5–8% improvement in detection accuracy over non-boosted models.

8.2. Feature Engineering for Sybil Detection

Effective feature engineering is critical to the success of ML-based Sybil detection. We developed a comprehensive feature set encompassing several categories.

The VDF-related features included response time statistics such as mean, variance, and distribution; challenge-response correlation patterns; and measures of temporal response consistency. Behavioral features were derived from beacon frequency regularity, position update consistency, acceleration and deceleration patterns, and observed lane change behaviors.

Network interaction features captured message forwarding patterns, neighbor relationship dynamics, and communication graph centrality measures. In addition, historical features accounted for past suspicion score trends, prior interaction anomalies, and behavioral deviations from previously established baselines.

Feature importance analysis revealed that VDF response time consistency and spatiotemporal movement patterns were the most discriminative features, contributing over 60% of the model’s predictive power.

8.3. Model Training, Validation, and Reproducibility Protocol

To ensure methodological rigor and full reproducibility of the machine learning (ML) component, we provide a structured description of dataset construction, training strategy, hyperparameter optimization, and evaluation procedures.

8.3.1. Dataset Construction

The supervised dataset was generated from the OMNeT++/SUMO co-simulation environment described in Section 7. Ground-truth labels were derived from controlled Sybil attack injection scripts. Features were extracted using 5 s sliding windows and include VDF delay deviation, spatiotemporal plausibility score, beacon interval variance, pseudonym switching rate, and historical suspicion score. The final dataset contained approximately 48,000 labeled vehicle-time samples, with attack densities ranging from 5 to 20%.

8.3.2. Training and Validation Protocol

To prevent temporal leakage, data splitting was performed at the vehicle level. The dataset was partitioned into:

• 70% training;
• 15% validation;
• 15% testing.

Additionally, 5-fold stratified cross-validation was conducted on the training set. Feature normalization parameters were computed on the training set only.

8.3.3. Model Selection and Hyperparameter Optimization

We evaluated Logistic Regression, Random Forest, and Gradient Boosting models. Random Forest achieved the highest validation F1-score and was selected as the final classifier. Hyperparameters were optimized using grid search over:

• Number of trees $\in \{50, 100, 200\}$;
• Maximum depth $\in \{5, 10, 20\}$;
• Minimum samples per leaf $\in \{1, 5, 10\}$.

The optimal configuration was selected based on maximum validation $F_1$-score.

8.3.4. Threshold Calibration

The classification threshold was determined using ROC analysis on the validation set, selecting the operating point via Youden’s Index to balance detection rate and false positives.

8.3.5. Reproducibility Measures

All simulations were executed with fixed random seeds (seed = 42). Feature extraction, hyperparameter ranges, and evaluation metrics are explicitly documented. The ML pipeline was implemented using Python 3.12 (scikit-learn), ensuring full reproducibility under identical simulation conditions.

8.4. Comparative Analysis of ML Algorithms

To validate our selection of XGBoost as the GBDT implementation, we conducted a comprehensive comparative evaluation against several alternative machine learning algorithms commonly used in anomaly detection tasks. The algorithms included Decision Tree (DT), Support Vector Machine (SVM), Random Forest (RF), LightGBM, and XGBoost with varying numbers of trees (100, 300, and 500) to assess the impact of model complexity on performance.

All models were trained on the same feature set derived from our VANET simulation data, including VDF response metrics, behavioral patterns, and network interactions. Hyperparameters were optimized via grid search with 5-fold cross-validation to ensure fair comparison. Evaluation metrics focused on average detection accuracy, false positive rate (FPR), precision, recall, and inference time, averaged across urban scenarios with mixed attack types (basic to hardware-enhanced).

The results demonstrate, as shown in

Table 4. Performance comparison of machine learning algorithms for VANET intrusion detection.

Algorithm	Avg. Detection Accuracy (%)	False Positive Rate (%)	Precision (%)	Recall (%)
Decision Tree (DT)	90.2	4.5–6.2	91.4	89.7
Support Vector Machine (SVM)	91.5	3.8–5.4	92.1	90.8
Random Forest (RF)	93.4	2.9–4.1	94.2	92.6
LightGBM	95.1	2.2–3.3	95.8	94.5
XGBoost (100 trees)	95.7	1.8–2.6	96.3	95.2
XGBoost (300 trees)	97.2	1.4–2.0	97.8	96.7
XGBoost (500 trees)	97.5	1.3–1.9	98.1	97.0

, that XGBoost consistently outperforms the alternatives, particularly in detection accuracy and FPR, with improvements ranging from 5 to 8% over baseline models like DT and SVM. Increasing the number of trees in XGBoost from 100 to 500 enhances accuracy but at the cost of higher inference time, making the 300-tree configuration optimal for our fog-based deployment where real-time performance is critical.

9. Conclusions

This paper introduced a novel Sybil attack detection framework for VANETs that synergistically combines Verifiable Delay Functions with a hierarchical fog-cloud architecture. The key contributions include a mathematical formulation for computing suspicion scores, a multi-layered detection algorithm spanning fog and cloud layers, a hybrid VDF-ML detection approach responsive to evolving threat patterns, and a comprehensive security and performance evaluation across diverse vehicular traffic conditions.

Our findings demonstrate that VDFs integrate effectively within a fog computing model to enable reliable Sybil attack detection. The approach achieved a statistically significant detection accuracy of over 97.8% and a false-positive rate below 2.3%, surpassing the performance of current state-of-the-art methods. The use of continuous threat scoring enables adaptive responses to emerging security threats.

As VANETs play a critical role in enabling intelligent transportation systems, it is increasingly important to secure them against sophisticated cyber threats. The proposed framework advances next-generation VANET security by offering a scalable, adaptive, and resilient solution. Through the integration of cryptographic techniques, distributed architectures, and machine learning, we demonstrate the value of interdisciplinary approaches in securing dynamic and decentralized vehicular networks.