Keywords

1 Introduction

Multi-hop device-to-device (D2D) communication [15], which enables direct data transmission between source user equipments (SUEs) and destination user equipments (DUEs) with the assistance of other user equipments (UEs) acting as relays (RUEs), provides a promising solution for mobile network operator to meet the growing users demands (such as higher throughput, lower transfer delay, and better power efficiency). Now multi-hop D2D communication has been widely used in various application, e.g., vehicle-to-vehicle networks [27], unmanned aerial vehicle (UAV) assisted wireless communications [11], and near field communications (NFC) [6].

However, multi-hop D2D communication may be exposed to many intrusions because of its openness, weak security protection on mobile UEs and the direct data transmission without the fixed network infrastructures. For example, in D2D-based vehicle-to-vehicle (V2V) communication [27], adversaries may disguise as normal vehicle equipment and send malicious packets via D2D communication to invade and compromise the destination vehicle equipment [12], thus threatening the lives of the people at destination vehicles. To mitigate the intrusions in a timely way, one significant thing that should be done is to establish a Cooperative Intrusion Response System (CIRS) for D2D communication to detect and respond to intrusion activities during data transmission. Through this approach, intrusion activities are detected and responded in time, communication overhead (e.g., the total volume of data traffic) are drastically reduced, thus communication security is improved.

Motivation: However, the CIRS cannot efficiently work in multi-hop D2D networks, because the RUEs are selfish and unwilling to spend extra resources on undertaking the intrusion detection and response tasks. Hence, a selfish RUE would not participate in responding intrusion events unless a satisfying incentive is given to compensate its extra cost. Without adequate participation of RUEs, the performance of a CIRS will be drastically decreased. To address this problem, an incentive mechanism, which motivates RUEs to promptly respond to intrusions, is required.

Considering the incentive resources being used to incentivize participation, existing incentive mechanism can be roughly divided into two categories: social-aware and financial-aware [7]. In the social-aware incentive mechanism [20], two social phenomena (i.e., social trust and social reciprocity) are used to find the social relationships among UEs and identify the best relays. However, privacy leakage is a serious challenge in social-aware incentive mechanism [22], because the process of identifying social relationships among UEs is usually accompanied by extra private information leakage. Compared with the social-aware incentive, the financial-aware incentive mechanism, which allocates financial resources to cooperators to incentivize participation, is a more desirable incentive paradigm in a practical application. However, existing CIRS and financial-aware incentive mechanisms are suffer from two problems, respectively: (1) Low response accuracy. In existing CIRS, response activities are operated based on aggregated monitored data from different sensors, thus most CIRS suffers from the loss of accuracy and the response accuracy is low. (2) False-reporting attack. When a packet is normal, malicious RUEs without carrying out detections might claim that they have detected the packet and have not found any abnormal data in this packet. Through this approach, they expects to win more rewards from DUEs.

Contribution: To address the above problems, in this paper, a dynamic game approach is utilized to establish a decentralized incentive mechanism for CIRS, which promote the response accuracy and mitigates the potential false-reporting attack. Our main contributions are as follows.

  1. (1)

    In this paper, we formulate an incentive mechanism for CIRS in multi-hop D2D communication as a dynamic game and achieve the only one Nash equilibrium for RUEs to decide whether to participate in detection or not.

  2. (2)

    We evaluate the benefit and cost of DUE and RUEs to analyze the proposed game. A reputation-based spot-check mechanism is also proposed to mitigate the potential false-reporting attack.

  3. (3)

    Simulations demonstrate that our mechanism can efficiently motivate potential RUEs to participate in intrusion detection and response, and can also block intrusion propagation in time.

The remainder of this paper is organized as follows. In Sect. 2, we discuss the related work. We introduce the system model and discuss the spot-check mechanism in Sect. 3. Payoffs of RUEs and DUE are evaluated in Sect. 4. In Sect. 5, we formulate the incentive mechanism as a dynamic game and analyze its Nash equilibrium in Sect. 5. Simulations are provided in Sect. 6 to demonstrate the validity of proposed results. Section 7 draws the conclusion.

2 Related Work

2.1 D2D Communication

D2D communication [10, 19] has received considerable attention in recent years and can be divided into two categories: standalone D2D and network-assisted D2D. UEs in standalone D2D organize communications by themselves and transfer messages directly without fixed network infrastructures (e.g., base stations) [3]. However, it is a big challenge for standalone D2D UEs to establish, maintain and control the communication only by themselves, which requires high complexity of the UEs. As a solution to this challenge, network-assisted D2D communication, which utilizes fixed network infrastructures for communication organization and resources allocation, has been widely studied. Zhou \(et\ al.\) [26] proposed a bargaining game to promote security and efficiency in network-assisted D2D with the presence of malicious eavesdroppers. Though network-assisted D2D works better than standalone D2D in practical applications, those two D2D paradigms could be failed due to long distance for their one-hop structure.

To solve the above problems, multi-hop D2D communication problems have been widely studied and applicated in various fields [6, 11, 27]. Zhou \(et\ al.\) [27] addressed the dependable D2D content distribution problem using a coalition formation game approach to optimize peer discovery, route selection, and spectrum allocation jointly. The spectrum trading contract was designed in [11] for D2D-based UAV-assisted cellular networks to better serve local mobile users. Liu \(et\ al.\) [13] designed multi-hop D2D communication protocol and algorithm to address resource allocation problem for the general multi-hop D2D communication underlying cellular networks. Liu \(et\ al.\) [14] proposed three wireless power transfer policies in the power transfer model to analyzed the physical layer security in energy constrained D2D communication. Xu \(et\ al.\) [12] investigated the interplay between incentives and interdependent security risks in D2D offloading, and designed security-aware incentive mechanisms.

Multi-hop D2D communication provides an efficient D2D communication scheme with a variety of advantages such as improved spectral efficiency, and increased network capacity. Unfortunately, due to the weak security protection on ordinary mobile UEs, D2D communication may be exposed to many intrusions. In the past few decades, researchers are mainly focused on the security issues in single-hop D2D communication. So far, however, there has been little discussion about the security problems in multi-hop D2D communication.

2.2 Incentive Mechanism

Existing work investigates the incentive mechanism in wireless networks can be roughly divided into two categories: social-aware and financial-aware. Social-aware incentive mechanism for wireless networks is studied in [1, 5, 18]. Chen \(et\ al.\) [20] proposed a social-trust and social-reciprocity-based framework to promote cooperation among devices for multi-hop D2D communication. A cooperative video multicast system was developed in [4] to provide incentive for clients to share video packets with each other based on social ties in D2D communication. Gao \(et\ al.\) [8] formulates the dynamic social-aware peer selection problem as a dynamic optimization problem and proposes the drift-plus-penalty ratio algorithm to solve it. However, privacy leakage is a serious and inevitable problem in social-aware incentive mechanism.

Considering the privacy leakage issue, financial-aware incentive mechanism [12] is a more desirable incentive mechanism paradigm in practical application. Yang \(et\ al.\) [21] designed and analyzed platform-centric and user-centric financial-aware incentive mechanisms for mobile phone sensing. Guo \(et\ al.\) [9] formulated the incentive mechanism for CIDS as an evolutionary game to maximize nodes utility and motivate nodes to cooperate. However, financial-aware incentive mechanism may suffer serval attacks, and among them false-reporting attack is common and inevitable [25]. Zhang \(et\ al.\) [23, 24] studied the free-riding and false-reporting problem in crowdsourcing and designed an incentive mechanism to motivating providers to complete their assigned tasks.

3 Basic Idea and System Model

3.1 Communication-Response Model

Figure 1 gives the communication process of multi-hop D2D and the mechanism of CIRS. Its detail processes are as follows. First, DUE requests a file with size D from SUE. After SUE receives the request from DUE, it computes the routing path uses via routing algorithms (e.g., interference aware touting algorithms [16]) and obtains a set RP of RUEs where \(RP = \{\text {RUE}_0, \text {RUE}_1, ..., RUE_{N-1}\}\) and N is the number of RUEs. Then, SUE sends a packet containing the file to its nearby RUE. When a neighboring RUE receives the packet and detects its potential threat (e.g., virus, Trojan) with detection rate \(\alpha \) via intrusion detection technology (e.g. pattern matching). If without any threat included in this packet, RUE will relay the packet to its next nearby RUE in the routing path. Otherwise, it will pre-undertake corresponding countermeasures (e.g., interrupting the current communication and isolating the packet) and upload the threaten evidence to a trusted third party (TTP). In our work, we assume that the probability of malicious packets is \(\rho \) and no collusion between UEs exists.

Fig. 1.
figure 1

Communication-response model.

Full size image

3.2 Incentive Mechanism

As described in Sect. 1, RUEs are uninterested in participating in intrusion detection and response without sufficient incentive. To address this problem, a dynamic game-theoretic approach is proposed to stimulate a selfish RUE to detect and respond to an intrusion event. In our approach, RUE first evaluates the benefit and cost for detecting and responding to the potential intrusion, and then takes action based on its decision. After the multi-hop D2D communication is completed, DUE will decide to pay a reward only to the RUE who has worked correctly. Furthermore, due to the reward for RUE is paid after the communication is completed, some RUEs (called false-reporters) may lie to DUE that they have detected the packet in order to get rewards without detecting the packet if no intrusion is found by the RUEs before them. To address this problem, we design a reputation-based spot-check mechanism.

3.3 Spot-Check Mechanism

To mitigate false-reporting attack, we design a reputation-based spot-check mechanism. We assume that all UEs have a reputation score rep. If a RUE’s reputation is less than a preset threshold \(rep_{th}\), it will receive less reward gained from intrusion detection than normal RUEs. The process of spot-check mechanism is described as follows.

First, DUE notifies the SUE to start the spot-check activity. After receiving the packet, SUE intentionally sends a malicious packet mp with no to its nearby RUE with the destination of DUE. If the RUE claims that it has detected and then relays mp to the next RUE, we can regard this RUE as a false-reporter and reduce the RUE’s reputation. Finally, DUE rewards the RUEs which correctly responds to mp. The spot-check mechanism runs and repeats irregularly when the multi-hop D2D routing path is idle, and the running status is only known to SUE, DUE. In the following section, We assume that all UEs are normal and have a reputation score above the threshold \(rep_{th}\).

4 Benefit and Cost

4.1 RUE (User Equipment as Relay)

To establish the multi-hop D2D communication, RUE selection algorithm, which can find the optimal RUE and generate routing path for each UE, is significant. As the issue of RUE selection algorithm has been fully discussed in [13], in this paper, we will not investigate this problem and will assume the optimal routing path for multi-hop D2D communication has been selected. Here we consider the \(\mathrm {RUE_i} \in RP\) as the \((i+1)\)th RUE that receives packets from SUE, where \(i=0, 1, 2, ..., N-1\). Hence, we evaluate the detection cost and response cost of \(\mathrm {RUE_i}\) as follows.

Detection Cost: Each kind of intrusions has a unique attack pattern that can be recognized by attack pattern matching algorithms (e.g. Aho-Corasick algorithm [2]). In this paper, \(\mathrm {RUE_i}\) matches the packet to existing attack patterns to detect the potential intrusion activity. The number of attack patterns for match is \(m_i\) and the computational complexity of the pattern matching algorithm that \(\mathrm {RUE_i}\) selected is \(cpma(m_i, D)\), where D is the size of the packet. Hence, the detection cost of \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} C_{detection_i} = \lambda _{dc} \cdot cpma(m_i, D), \end{aligned}$$
(1)

where the \(\lambda _{dc}\) is the cost unit for computational complexity of the pattern matching algorithm selected by \(\mathrm {RUE_i}\).

Response Cost: If the packet is detected to be malicious, \(\mathrm {RUE_i}\) will consume its resources to undertake countermeasures. Here we consider two types of resources: the memory space and the energy of \(\mathrm {RUE_i}\). If intrusion response requires too many resources or RUE’s idle resources are limited, the response cost will be expensive for RUEs. Here we donate the memory and energy utilization for undertaking countermeasures as \(M_{u_i}\) and \(E_{u_i}\), respectively. Furthermore, the idle memory and energy are described as \(M_{f_i}\) and \(E_{f_i}\), respectively. Hence, the response cost of \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} C_{response_i} = \lambda _{rc} \cdot (\frac{M_{u_i}}{M_{f_i}} + \frac{E_{u_i}}{E_{f_i}}), \end{aligned}$$
(2)

where the \(\lambda _{rc}\) is the cost unit for resource utilization in undertaking countermeasures.

4.2 DUE (User Equipment as Destination)

After the multi-hop D2D communication is completed, DUE will be in one of three states: (1) State 1. DUE has received the normal packet; (2) State 2. DUE is invaded by the malicious packet; (3) State 3. No packet reaches DUE because the packet from SUE is detected to be malicious by \(\mathrm {RUE_i} \in RP\). Under above states, DUE gains three different benefits as follows.

State 1: In this state, DUE receives normal packet and no intrusion activity happens. The total benefit of DUE is gained from the packet received, and can be divided into two parts. One part is the fixed benefit F that gains from receiving the packet successfully. The other gains from DUE’s interest in the content of the packet, where the interest factor per unit of packet size is \(\theta \). If DUE is interested in the received packet, the larger the packet size D is, the higher benefit DUE can gain from it. Hence, the benefit of DUE can be defined as follows.

$$\begin{aligned} B_{s_1} = \lambda _{s_1} \cdot (F + \theta D), \end{aligned}$$
(3)

where \(\lambda _{s_1}\) is the cost unit for DUE’s interest.

However, \(B_{s_1}\) donates the sum of N benefits gained from RUEs in RP. As a result of this, the benefit of DUE that gains from \(\mathrm {RUE_i}\) can be given as follows.

$$\begin{aligned} B_{s_1i} = \lambda _{s_1} \cdot \frac{F + \theta D}{N}, \end{aligned}$$
(4)

State 2: In this state, DUE receives malicious packet and is invaded. The benefit of DUE is negative and depends on the risk of the exploited vulnerability. Here we consider the factors proposed in [17] to evaluate the exploited vulnerability, and the risk can be calculated by weighting all those factors. The risk from exploiting vulnerability \(v_j\) can be defined as \(r_j\) with \(0<r_j<1\). Hence, the benefit of DUE under the state 2 can be defined as follows.

$$\begin{aligned} B_{s_2} = -\lambda _{s_2} \cdot r_j, \end{aligned}$$
(5)

where \(\lambda _{s_2}\) is the cost unit for the risk of exploiting a vulnerability.

Under this state, DUE is invaded and all the RUEs that have detected the packet should be responsible for the intrusion. Moreover, the RUEs who receives and detects the packet early should have greater responsibilities than RUEs after them. As a result of this, the negative benefit of DUE gained from \(\mathrm {RUE_i}\) can be given as follows.

$$\begin{aligned} B_{s_2i} = -\lambda _{s_2} \cdot \frac{2 \cdot r_j \cdot (N-i)}{N(N+1)}, \end{aligned}$$
(6)

State 3: No packet reaches DUE because the packet is detected to be malicious and an intrusion is responded by \(\mathrm {RUE_i} \in RP\). If the intrusion packet is detected by \(\mathrm {RUE_i}\) with a small serial number i, which means the intrusion is blocked in time, the benefit of DUE will be high. Hence, the benefit gained from \(\mathrm {RUE_i}\) can be given as follows.

$$\begin{aligned} B_{s_3i} = \lambda _{s_2} \cdot \frac{(N-i) \cdot r_j}{N}. \end{aligned}$$
(7)

5 Dynamic Game and Its Analysis

We define the game as a triplet \(G = \{\mathrm{{\{DUE\}}}\cup RP, S, U\}\), where RP is the set which consists of the RUEs in routing path, S donates the strategy space, and U is the set of players’ utilities. Here we assume that the probability that the packet is malicious is \(\rho \). The game tree can be seen in Fig. 2, where the leaf nodes present the players’ utilities with the tuple \(U = (U_{DUE}, U_{RUE})\). We define the strategy combination as a tuple \(S = (S_{RUE}, S_{DUE})\), where \(S_{RUE} = (detect, no\_detect)\) and \(S_{DUE} = (pay, no\_pay)\). We analyze the game in two levels.

Fig. 2.
figure 2

The dynamic game tree.

Full size image

5.1 DUE Level

The benefits of DUE gained from \(\mathrm {RUE_i}\) in this game are described in (4), (6), and (7). After the communication is completed, there are four possible states of DUE and RUE. Therefore, the rewards for RUEs are defined as \(P_{s_1}\), \(P_{s_2}\), \(P_{s_3}\), \(P_{s_4}\). As the benefits of DUE are described in Sect. 4.2, for each \(\mathrm {RUE_i}\), DUE’s four different utilities are as follows.

When the multi-hop D2D communication is completed, if DUE has received the normal packet and \(\mathrm {RUE_i}\) detects correctly, the DUE’s utility gained from \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} U_{due\_s_1i} = B_{s_1i} - P_{s_1i} = \lambda _{s_1} \cdot \frac{F + \theta D}{N} - \frac{P_{s_1}}{N}, \end{aligned}$$
(8)

where \(P_{s_1i}\) is the reward for \(\mathrm {RUE_i}\).

When the multi-hop D2D communication is completed, DUE is invaded by the malicious packet, the DUE’s utility gained from \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} U_{due\_s_2i} = B_{s_2i} - P_{s_2i} = -\lambda _{s_2} \cdot \frac{2 \cdot r_j \cdot (N-i)}{N(N+1)}, \end{aligned}$$
(9)

where \(P_{s_2i} = 0\) because DUE is invaded but no intrusion is detected by \(\mathrm {RUE_i}\).

When the multi-hop D2D communication is completed, no packet reaches DUE because the packet is detected to be malicious by \(\mathrm {RUE_i} \in RP\), the DUE’s utility gained from \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} U_{due\_s_3i} = B_{s_3i} - P_{s_3i} = \frac{(N-i)}{N} \cdot (\lambda _{s_2} \cdot r_j - P_{s_3}) \end{aligned}$$
(10)

where \(P_{s_3i}\) is the reward for \(\mathrm {RUE_i}\) and it is high for the \(\mathrm {RUE_i}\) with a small serial number i because they have blocked the propagation of malicious packet in a timely way.

When the multi-hop D2D communication is completed, if DUE has received the normal packet and \(\mathrm {RUE_i}\) has detected incorrectly and responded to it, the DUE’s utility gained from \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} U_{due\_s_4i} = B_{s_1i} - 0 = \lambda _{s_1} \cdot \frac{F + \theta D}{N}. \end{aligned}$$
(11)

5.2 RUE Level

The costs of \(\mathrm {RUE_i}\) in this game are described in (1) and (2), and the rewards that DUE can pay are given in (8)–(11). Therefore, the utilities of \(\mathrm {RUE_i}\) can be expressed as follows.

When the multi-hop D2D communication is completed and no intrusion happens, if \(\mathrm {RUE_i}\) has detected the packet correctly, the utility of \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} U_{rue\_s_1i} = P_{s_1i} - C_{detection_i} = \frac{P_{s_1}}{N} - \lambda _{dc} \cdot cpma(m_i, D). \end{aligned}$$
(12)

When the multi-hop D2D communication is completed and intrusion happens, if \(\mathrm {RUE_i}\) hasn’t found the intrusion after detecting the packet, the utility of \(\mathrm {RUE_i}\) can be defined as follows.

$$\begin{aligned} U_{rue\_s_2i} = P_{s_2i} - C_{detection_i} = -\lambda _{dc} \cdot cpma(m_i, D). \end{aligned}$$
(13)

When the multi-hop D2D communication is completed and intrusion is detected and responded by \(\mathrm {RUE_i}\), the utility of \(\mathrm {RUE_i}\) can be defined as follows.

(14)

When the multi-hop D2D communication is completed and no intrusion happens, if \(\mathrm {RUE_i}\) has detected the packet incorrectly and responded to it, the utility of \(\mathrm {RUE_i}\) can be defined as follows.

(15)

5.3 Equilibrium Analysis

Theorem 1

The strategy \(s = (detect, pay)\) is the only Nash equilibrium of the dynamic game, if DUE’s rewards for RUEs satisfy the conditions as follows.

(16)

Proof

Here the method of inverse analysis is used. We can divide the problem into three aspects.

  1. (1)

    \(P_{s_2}\) is supposed to be 0 as described in Sect. 5.1. As DUE’s utility should be positive when it decides to rewards the RUEs detected the packet correctly. Therefore, according to (3) and (7), we can get the first condition as follows.

    $$\begin{aligned} \left\{ \begin{aligned}&P_{s_1}< B_{s_1} = \lambda _{s_1} \cdot (F + \theta D), \\&P_{s_2} = 0, \\&P_{s_3} < B_{s_3} = \lambda _{s_2} \cdot r_j . \end{aligned} \right. \end{aligned}$$
    (17)
  2. (2)

    According to the Fig. 2 and the utilities of \(\mathrm {RUE_i}\) defined in (12)–(15), the condition below should be satisfied to ensure the utility of “detect” is higher than “no_detect”.

    $$\begin{aligned} \left\{ \begin{aligned}&\alpha U_{rue\_s_3i} + (1-\alpha ) U_{rue\_s_2i}> 0, \\&\alpha U_{rue\_s_1i} + (1-\alpha ) U_{rue\_s_4i} > 0. \end{aligned} \right. \end{aligned}$$
    (18)

    Now using the utilities in (12)–(15), we can get condition two as follows.

    $$\begin{aligned} \left\{ \begin{aligned}&P_{s_1}> \lambda _{rc} \frac{1-\alpha }{\alpha } (\frac{M_{u_i}}{M_{f_i}} + \frac{E_{u_i}}{E_{f_i}}) \cdot N, \\&P_{s_3} > (\lambda _{dc} cpma(m_i, D) + \lambda _{rc} \frac{1}{\alpha } (\frac{M_{u_i}}{M_{f_i}} + \frac{E_{u_i}}{E_{f_i}})) \cdot N. \end{aligned} \right. \end{aligned}$$
    (19)
  3. (3)

    According to the Fig. 2 and the utilities of \(\mathrm {DUE}\) defined in (8), (9) (10) and (11), the condition below should be satisfied to ensure the utility of “pay” is higher than “no_pay”.

    $$\begin{aligned} \begin{aligned} \alpha (\rho \cdot U_{due\_s_3i} + (1-\rho ) \cdot U_{due\_s_1i}) > (1-\alpha )(\rho \cdot U_{due\_s_1i} + (1-\rho ) \cdot U_{due\_s_4i}). \end{aligned} \end{aligned}$$
    (20)

    Now using the utilities in (8)–(11), we can get condition 3 as follows.

    $$\begin{aligned} \begin{aligned} \rho \cdot P_{s_3i} + (1-\rho ) \cdot P_{s_1i} <&\ \alpha \rho \cdot B_{s_3i} + \frac{(2\alpha - 1) (1-\rho )}{\alpha } B_{s_1i} \\&-\, \frac{\rho \cdot (1-\alpha )}{\alpha }B_{s_2i}. \end{aligned} \end{aligned}$$
    (21)

As described in Sect. 5.1, we have

$$\begin{aligned} \begin{aligned} \rho \cdot \frac{(N-i)}{N} P_{s_3} + (1-\rho ) \cdot \frac{P_{s_1}}{N} <&\ \alpha \rho \cdot \lambda _{s_2} \frac{(N-i) r_j}{N} \\ {}&+\, \lambda _{s_1} \frac{(2\alpha - 1) (1-\rho )}{\alpha } (F + \theta D) \\ {}&+\, \lambda _{s_2} \frac{\rho \cdot (1-\alpha )}{\alpha } \cdot \frac{2 \cdot r_j \cdot (N-i)}{N(N+1)}. \end{aligned} \end{aligned}$$
(22)

The final result can be calculated as follows.

$$\begin{aligned} \begin{aligned} \rho \cdot P_{s_3} + (1-\rho ) \cdot \frac{P_{s_1}}{N} <&\ \alpha \rho \cdot \lambda _{s_2} + \lambda _{s_2} \frac{\rho \cdot (1-\alpha )}{\alpha } \cdot \frac{2 \cdot r_j}{N+1} \\ {}&+\, \lambda _{s_1} \frac{(2\alpha - 1) (1-\rho )}{\alpha } (F + \theta D). \end{aligned} \end{aligned}$$
(23)

Combining the three conditions (17), (19) and (23), we can get the final condition (16) to ensure the Nash equilibrium \(s = (detect, pay)\) of the dynamic game.   \(\square \)

6 Experiment Evaluation

In the experiment, we adopt a taxi scenario to simulate multi-hop D2D communication where each mobile device in a taxi is a D2D UE. Data was gathered from 8:00:00 a.m. to 8:59:59 a.m. on August 13, 2015 including 10088 GPS records of 442 taxis in the Changping area in Beijing, China. During this period, we assume that: (1) Each taxi has one mobile device in it and it communicates with others via multi-hop D2D networks; (2) Distance of D2D communication is 100 m, and taxis within the scope of the communication can transmit packets with each other; (3) Energy consumption is only considered in intrusion detection and response; (4) Size of the packet is \(D=2000\). Probability of a malicious packet is \(\rho = 0.5\). The potential number of \(\mathrm{{RUEs}} \in RP\) is \(N=10\).

Fig. 3.
figure 3

Response rate.

Full size image
Fig. 4.
figure 4

Timeliness of response.

Full size image

As described in Sect. 4.2, we define the values of parameters as follows. For the aspect of RUE, we assume that the multi-pattern matching algorithm is Aho-Corasick algorithm [2], thus \(cpma(m_i, D)\) can be calculated as \(m_i \cdot D\). The remaining parameters are as follows. \(\lambda _{dc}\) and \(\lambda _{rc}\) are \((5\times 10^{-6})\) and 25, respectively. The detection rate is \(\alpha =0.9\). The number of attack patterns for match is \(m_i = 1000\). The memory and energy utilization for undertaking countermeasures are \(M_{u_i} = 20\) and \(E_{u_i} = 10\), respectively. The free memory and energy are \(M_{f_i} = 100\) and \(E_{f_i}=100\), respectively. For the aspect of DUE, the parameters are as follows. \(\lambda _{s1}\) and \(\lambda _{s2}\) are 10 and \((2\times 10^3)\), respectively. The risk is a constant \(r_j=0.9\). Fixed benefit F is 25, and interest factor \(\theta \) is \(2.5 \times 10^{-3}\). Therefore, according to Theorem 1, the value of \(P_{s_1}\) and \( P_{s_3}\) can be set as 150 and 1000, respectively. Without the special statement, we set the parameters value described above as default.

Response Rate: We pick different number N in order to show the proportion of total response number in the number of malicious packet in D2D communication. Figure 3 shows the change of response rate over the total number N, respectively. From Fig. 3, we can see that, given the detection rate \(\alpha =0.9\), the rate of response increases with the growth of RUEs’ number N if the intrusion happens. Figure 3 shows the compensation for the single detection node.

Timeliness of Response: We pick different detection rate \(\alpha \) and the result is presented in Fig. 4. The abscissa in Fig. 4 is the ith hop of the response RUE and the ordinate is the probability of response RUEs at specific hop i. If the probability that RUE responds to the malicious packet is high, intrusion activity could be blocked in time. From Fig. 4, we can see that, with the growth of the detection rate \(\alpha \), more malicious packet is responded by the RUE with smaller hops. This means that intrusion will be blocked in a timely way before the malicious packets arrive DUE.

7 Conclusion

Multi-hop D2D communication may be exposed to many intrusions for its inherent properties, such as openness and weak security protection. To mitigate the intrusions in time, in this paper, we formulate an incentive mechanism for CIRS in multi-hop D2D communication as a dynamic game and achieve an optimal solution to help RUEs decide whether to participate in detection or not. Theoretical analysis shows that the only Nash equilibrium exists for the proposed game. To mitigate the false-reporting attack, we proposed a spot-check mechanism on the basis of binary reputation score. Simulations demonstrate that our mechanism can efficiently motivate potential RUEs to participate in intrusion detection and response, and can also block intrusion propagation in time.