Security in IoT Mesh Networks Based on Trust Similarity

Internet of Things (IoT) Mesh networks are becoming very popular to enable IoT devices to communicate without relying on dedicated PC services. The Internet of Things (IoT) implicitly uses mesh networks. IoT connectivity to cloud and edge computing is in vogue. A Wireless Mesh Network (WMN) is a multi-hop and distributed wireless network with mesh routers and mesh clients. Data originating from mesh clients are forwarded to destinations through mesh routers. In IoT Mesh networks, mesh clients are IoT devices. The crucial security issue with these networks is the lack of a trusted third party for validation. However, trust between nodes is required for the proper functioning of the network. WMNs are particularly vulnerable as they rely upon cooperative forwarding. In this research work, a secure and sustainable novel trust mechanism framework is proposed. This framework identifies the malicious nodes in WMNs and improves the nodes’ cooperation. The proposed framework or model differentiates between legitimate and malicious nodes using direct trust and indirect trust. Direct trust is computed based on the packet-forwarding behavior of a node. Mesh routers have multi-radios, so the promiscuous mode may not work. A new two-hop mechanism is proposed to observe the neighbors’ packet forwarding behavior. Indirect trust is computed by aggregating the recommendations using the weighted D-S theory, where weight is computed using a novel similarity mechanism that correlates the recommendations received from different neighbors. Dynamic weight computation calculates the overall trust by using several interactions. We present the evaluations to show the effectiveness of the proposed approach in the presence of packet drop/modification attacks, bad-mouthing attacks, on- off attacks, and collusion attacks by using the ns-2 simulator.


I. INTRODUCTION
Internet of Things (IoT) is a revolutionary technology in 21st century. A thing in IoT is an embedded computer with networking and sensing capabilities. As IoT networks are growing, the communication gap is also increasing with the Internet and more infrastructure is required to exchange The associate editor coordinating the review of this manuscript and approving it for publication was Diana Gratiela Berbecaru . data with the base station. When Wireless Mesh Network (WMN) infrastructure is used; mesh router(s) can be placed between IoT and Internet. So, many IoT networks can be connected to WMNs. A WMN gateway can be used to connect to the Internet. WMNs are increasingly deployed in IoT, machine-to-machine communication, and broadband Internet access. Mesh routers connect to heterogeneous networks including both wired and wireless networks [1]. A mesh network contains mesh routers, mesh clients and gateways [2].
Mesh clients are mostly IoT devices. Traditional IoT devices depend on the cloud to relay messages by using cellular or Wi-Fi connectivity. This works better in a standalone system but sometimes we want to establish a connection to the Internet and also create a local network to join other IoT devises [1]. Recently mesh networks reached a maturity level with approachable cost. So, Wireless mesh networking became a viable solution for industrial and commercial IoT applications such as smart cities, health care, smart home, farming, and industrial Internet [1]. WMNs are used as backbone networks for the Internet of Things and sensor networks [2]. Since IoT is characterized by different devices and these devices are connected to heterogeneous networks, security issues are possible. Research in IoT Security is getting priority in recent years and also trust computation has not matured enough in IoT [3]. A scalable framework is needed to deal with these security threats because IoTs are dynamic networks [4]. Authentication is used to prevent unauthorized access. data protection can be done by encrypting the data. Trust is the main issue [5] because the data exchange between two IoT devices should be reliable. Fig. 1 shows a sample IoT Wireless Mesh Network (WMN) that contains mesh routers and IoT devices. Mesh routers are connected to each other and form a network. IoT devices are connected to mesh routers and get services from the network. IoT devices' data will be sent to the cloud through WMN.
WMNs are classified into three categories [6]: Fully managed (nodes managed by ISP), Semi managed (Only few nodes managed by ISP) and Unmanaged networks (No management). As mesh networks are ad-hoc (semi-managed or unmanaged) no third-party authority manages mesh networks.
Semi-managed and unmanaged networks have several security issues with attacks originating from inside as well as outside the network. Some are [7] Packet dropping/ modification attacks, On-Off attacks, Bad mouthing attacks, and Collusion attacks. In Packet dropping attack, malicious nodes drop packets with some probability. Badmouthing attack happens when the trust is computed based on the recommendation. When a node uses recommendations to compute the trust, badmouthing attacks are conceivable. Malicious nodes provide incorrect recommendations to lower a legitimate node's trust values. In a collusion attack, a group of nodes collaborates and submit false suggestions about a target node to diminish the trust value.
This article discusses a novel trust model to reduce packetdropping/modification attacks, badmouthing attacks and collusion attacks. the proposed technique does not require a trusted third party and is dynamic. Mesh routers are Multi-Radio and Multi-Channel (MRMC) networks. A node may not be able to monitor neighbors' behavior. The neighbor's behavior is evaluated using a two-hop acknowledgment technique. The two-hop ACK mechanism to observe the neighbor's forwarding behavior. This is a unique feature of our contribution.
We aggregate the recommendations using weighted Dempster-Shafer (DS) theory. DS theory is one of the best aggregation methods when there is uncertainty in the values. Badmouthing and collusion attacks are possible in recommendation-based trust models. These attacks can be mitigated if the recommendations are weighted based on the node's legitimacy in sending recommendations. If all recommendations are weighted equally then bad recommendations also contribute equally to the trust aggregation. Direct trust can be taken as a weighting parameter for the aggregation of recommendations. But this is always not feasible, as sometimes a node may forward the packets properly but gives wrong recommendations. Similarity-based models are best suitable for removing bad recommendations. The basic principle of the similarity model is to compare the behavior of two nodes' recommendations on common neighboring nodes and compute the recommendation credibility of the node based on the error in the node's recommendations. Incorporating security measures into the proposed framework ensures that multimedia data and IoT networks can continue to be trusted and kept private.
following are the contribution of the proposed trust model.
• Every node uses packet forwarding to determine its neighbors. Since mesh nodes are MRMC capability, a two-hop ACK mechanism is used to observe the neighbor's packet forwarding behavior.
• To determine indirect trust, the recommendations are combined using the weighted Dempster-Shafer (DS) theory. Since nodes are distributed, each node may not know about other nodes confidently. In this scenario, DS theory is best suitable for aggregation. Here, weight refers to a node's recommendation credibility.
• The similarity between two nodes in the recommendation behavior is used to calculate recommendation credibility.
• The weighted mean of indirect and direct trust is used to calculate the overall trust value. Weight is quantified depending on the frequency of interactions with that particular node. If interactions are more then direct trust will have more weight.
• The proposed methodology is amalgamated with AODV protocol [7] and evaluates the performance based on the parameters such as packet dropping, badmouthing, Collusion, and on-off attacks. Following is the breakdown of this research article. Some of the common trust mechanisms in WMNs are briefly described in section 2. The system model and assumptions are described in Section 3. The proposed trust model's security analysis and trust mechanism are presented in Section 4. The trust mechanism's simulation results are shown in Section 5. In section 6, we finally conclude the paper.

II. TRUST IN IOT MESH NETWORKS
This section discusses the basic trust concepts as well as certain trust models that were developed for wireless mesh networks.

A. TRUST CONCEPTS
Trust is defined as an individual belief about the future behavior of a node which is based on past experience [8]. The reputation of a node is the trust that other nodes hold on this node. it is a global perception [8].
In this study, trust is evaluated on a continuous scale from 0 to 1, where 0 indicates distrust and 1 indicates complete trustworthiness. An individual node's trust may be computed either in centralized or distributed computation approaches. In the centralized model, trust is determined at the central server and distributed to every network node, while in a distributed model, trust is quantified individually by every node. Each approach has its own merits and demerits. IoT mesh networks are best adapted for the distributed model because the mesh network's nodes are independent. The two strategies employed in the distributed model, i.e., indirect trust and direct trust computing. Indirect trust is determined based on a neighbor's recommendation, while direct trust depends on experience. Direct and indirect trust computation models are both used in hybrid models.
The proposed distributed trust model quantifies the trust in IoT Mesh networks.

B. RELATED WORK
In this section, we briefly discuss some of the popular trust computation models in Mesh networks and IoT.
In a network, a node's behavior may not be consistent. In the case of nodes with limited resources (communication, capacity, battery power, computation, etc.), a node may turn 'selfish' in order to conserve resources. Bin Xie et al. [6] analyze a node's selfishness in WMNs, especially in presence of multi-operator networks. They also summarize various collaborative schemes to mitigate selfish behavior. The authors discuss selfish behavior in different network stack layers and suggest the replacement of promiscuous mode because of multi-radio networks.
A malicious node may modify or inject the packets into the network. SPAIS [9] is a novel mechanism to mitigate packet modification attacks in WMNs. The authors propose a direct trust approach with a watchdog mechanism. A watchdog mechanism is not possible in multi-radio networks because a node may not overhear its neighboring node's activities in a promiscuous mode. Therefore in this work, we have proposed a novel approach to overcome this problem in section IV.
Heng et al. [10] proposed a trust model for wireless mesh networks to mitigate badmouthing attacks. Authors use the correlation method to filter out the bad recommendations. After filtering the recommendations D-S theory is used to aggregate the recommendations. Direct trust is computed based on the forwarding behavior of a node. Indirect trust is evaluated with the direct trust parameters as weight. The authors evaluate their method against entropy-based methods and probability-based methods.
Rida et al. [11] proposed a trust model for WMNs by using statistical detection methods. It uses CUSUM and KS tests to compute the trust. The CUSUM test is used to identify the normal(H0) and abnormal behavior (H1) of a node. KS test is used to compare the total packet loss with the control packets. trust value is computed based on the result given by the KS test. The trust value is computed using the exponential average method to forget the older values [12], [13].
Yinpeng et al. [14] proposed a cluster-based trust model for WMNs. It computes direct reputation based on beta distribution and indirect reputation is computed based on recommendations from cluster members. Trust of cluster head and gateway is computed based on the risk factor of connecting nodes [15], [16]. Cluster head reputation is computed based on the risk factor of cluster members and gateway. However, authors consider only packet drop attacks. This model assumes all the recommendations are legitimate which is not possible in real scenarios.
Duan et al. [17] proposed a trust model for the effective use of energy. The authors used bandwidth usage and energy completion to derive trust. Game theory is used to make decisions based on trust replies received from neighbors.
Al-Hamadi et al. [18] proposed a decision-making system based on trust for health IoT systems. Reliability, loss of health probability, and risk classification are used to establish trust. Furthermore, this trust value is used to determine the patient health loss and the accuracy of the IoT devices. The value of these parameters is quantified depending on the IoT device's query and response.
Zhu et al. [19] proposed three types of trust-based models for Industrial IoT. The authors mainly focused on sensor cloud (SC). They proposed independent SC, Collaborative SC and Mutual SC to estimate the behavior of sensor nodes and data centers. The authors also show the performance improvement of IIoT due to trust mechanisms [20], [21], [22].
Recommendations received from neighbors are uncertain. Aggregating these recommendations accurately require a good ensemble method. DS theory [23] is one of the best ensemble methods when data is uncertain. NBBTE [24] use DS evidence theory to combine the recommendations. They [24] have not considered the credibility of recommendations and are susceptible to bad-mouthing attacks. They have not analyzed the performance in presence of malicious nodes. A trust management strategy for MANETs is proposed in the [25] using both recommendation and observation. The recommendations are combined using DS evidence theory. This model aggregates all recommendations with equal weight. This mechanism does not distinguish recommendations based on the node's behavior, which leads to badmouthing attack [26], [27].
Before aggregating the recommendations, a node must verify the credibility of the recommender. Assigning same weight to each recommender may not be correct because all nodes may not give proper recommendations. If a malicious node sends wrong recommendations then assigns equal weight to all recommendations may give inaccurate indirect trust value. The weight of a recommendation can be computed based on the recommender's behavior.
Yongmoo et al. [28] presents a survey on recommender systems where he explained the importance of similarity measure in recommender systems. The authors also explained the similarity mechanisms such as Pearson correlation, Cosine correlation and Root Mean Squared difference.

III. SYSTEM MODEL AND ASSUMPTIONS
This section describes the pre-requisite of the proposed methodology. Every node in the mesh network has a similar configuration, such as communication hardware, memory, initial energy, and computational power. Every node in the mesh network has a unique Id that cannot change. The network is a flat model where the mesh client sends data to another mesh client.

A. ATTACK MODEL
There are many attacks in mesh networks [29], [30], [31]. We have concentrated on important attacks like packet dropping/ modification attacks, on-off attacks, bad-mouthing attacks, and collusion attacks. The malicious node modifies the contents of the packet before passing it on to the following node in a packet modification attack. A hostile node exhibits alternately good and poor behavior in an on-off attack. When a neighbor node's trust value decreases, it exhibits positive behavior for a while to restore its trust value. Once its service is done, it acts in a bad-node manner. The detection of such on-off behavior is a challenging task. When recommendations on indirect trust computations are used, there is a chance of a collusion attack where nodes group and raise trust levels to become legitimate nodes [32], [33].

IV. PROPOSED METHODOLOGY
The objective of the proposed methodology is to offer an efficient trust technique for IoT mesh networks. Due to the lack of range and visibility beyond the neighbors, we have evolved a totally novel model to be able to gather and compute recommendations indirectly in IoT mesh networks. The trust computed from direct observation on the target node is known as direct trust (DT). Neighbor nodes send recommendations (R) regarding the target node. The recommendations are the VOLUME 10, 2022  basis for computing indirect trust (IT). Indirect and direct trust are combined to calculate overall trust.
Forwarding Acknowledgment An acknowledgment is a packet that traverses in the reverse direction, that is, destination to source, and indicates successful delivery of the packet. Two-hop acknowledgment (Twohop ACK) is a special type of acknowledgment packet which traverses only two hops. Figure 2 shows the two-hop ACK scenario. When a node receives two-hop ACK from its twohop neighbor, it assumes that the neighbor has successfully forwarded the packet. We are assuming that the acknowledgment is generated with its source signature so that no other node can create this acknowledgment. The packet format of Two-hop ACK is shown in Figure 3. The fields are similar to route-reply packet [7], [34], [35].

A. DIRECT TRUST DT B A (t )
Direct trust is computed from the node's forwarding behavior. DT B A (t) is the direct trust on node B calculated by node A. Since mesh routers have multi-radio and multi-channel wireless connectivity, promiscuous mode is not possible. So, we use two-hop ACK to compute direct trust. Figure 2 shows four nodes A,B,C,D, which are intermediate nodes in a route. Node A first sends data to node B then node B forwards data to node C. Node C creates ACK and sends it to node A. When node A receives ACK from node C it increases the forwarding count of the neighboring node B. The forwarding Ratio computes the ratio between the number of packets correctly forwarded and a number of packets sent.

Forwarding ratio FR B
where p t =Number of packets forwarded by node B upto time t. q t =Number of packets dropped by node B upto time t. The instantaneous changes of FR B A (t) is shown below. As the Forwarding ratio decreases δ t value increases otherwise it decreases. If α is a punishment factor. β is the encouragement factor. δ t represents the momentary differences in a node's behavior.
The direct trust parameter is computed as follows. DT B A (t) is the direct trust value computed on node B by node A.
In equation 5, δ t shows the fluctuations in the node's behavior. If fluctuations are high then δ t increases. Therefore, the cos(.) function value decreases, and thereby direct trust decreases. Direct trust assesses both forwarding behavior as well as behavior fluctuations of a node.

B. RECOMMENDATION CREDIBILITY (R)
Recommendation credibility gives the node's capability to send recommendations. We use root mean the square difference to compute the similarity between two recommendations.
R B A (t) is the recommendation credibility of node B at node A, computed as follows: Let K AB is a set of common neighbors to node A and node B. Then where DT x A (t) is the direct trust on node x at node A. D B A (t) represents the root mean square difference between the evaluation of node x by nodes A and B. The sensitivity to differences of D B A (t) may reduce if there is more similarity in the DT values and if the number of common neighbors is high. Here this is a novel measure to compute dissimilarity in trust. The squared difference of trust is normalized over the number of neighbors.
Thus recommendation credibility R B A (t) which is dependent upon the difference error D B A (t) is computed as follows: where n is the total number of recommendations. X is the set of direct trust values on neighboring nodes. Y is the set of recommendations sent by a particular neighbor, B. x i X , y i Y . x i ∧ y i is 1 if both sets show similar legitimate neighbor behavior otherwise the value is 0 which is similar to binary AND operation.

C. INDIRECT TRUST
Indirect trust is computed based on the recommendations received from the neighboring nodes. These are useful to judge the trustworthiness of neighbor nodes. The recommendations received from neighbors are independent and uncertain. One of the best ways to aggregate uncertain recommendations is Dempster-Shafer (DS) evidence theory. Instead of using simple DS theory on recommendations, we use weight in recommendation aggregation. Here weight is Recommendation credibility value.
Dempster-Shaffer(DS) Theory [23]: DS theory use the belief function to represent the evidence received from each recommender. These belief functions are combined using Dempster's combination rule.
Definition ( [36]) Let the trust value of B at x is T B x . The trust values from different sources are independent of each other and the recommendations from each recommender on target may be uncertain. There must be some weight to represent the credibility of the recommender. Here we are calling weight as recommendation credibility(R).
If node p and node q are neighbours then the value of mass function is where W is the set of neighbors to q and x W . The Dempster's combination rule of m B x and m B y is [25]: is the indirect trust on node B calculated by node A.
the order of combination does not have any impact on the result due to the transitivity and commutative property of Dempster's combination.

D. OVERALL TRUST
Overall trust is computed based on a node's packet forwarding behavior with the neighbor. OT B A (t) is the overall trust on node B at node A.
where τ is the weight of direct trust which can be calculated as follows. A number of interactions (I t (A, B)) increase, τ also increases. So, the weight of the direct trust increases. The node becomes more experienced and increases the belief on its own judgment.
M t (A, B) is the average of the total number of packets forwarded by node B other than node A's packets. Similar to recommendation sharing, neighbors may also send a wrong number of interactions. So, the number of interactions are normalized by using recommendation credibility to compute M t (A, B). The importance of variable τ is used to give weightage to direct and indirect trust as per Equation 5 and computation of τ value as given in Equation 6. When there is more direct interaction direct trust will give significant information about neighbors. If direct interactions are low then τ value is computed through periodic information (recommendations) received from other neighbor nodes. So when direct interactions are more, high priority is given to direct trust otherwise indirect trust is given high priority. In the implementation, recommendations are the special packets that contain other neighbor nodes' trust values and are shared periodically. Recommendations are used to compute the indirect trust. Direct trust is computed based on the number of packets forwarded by the neighbor. Overall trust is computed as per Equation 5.
K B is the set of nodes that have communicated with node B, and |K B | is the cardinality.

E. COMPUTATION COST
Overall Trust is computed in two scenarios 1 When a node receives recommendations from the neighboring node 2 When a node receives two hop ACK from the neighboring node. Trust value is updated in the trust table after computing the overall trust. The worst case complexity of updating the trust value is O(m) where m is the number of neighbors.

G. OVERHEAD ANALYSIS
We use two-hop ACKs to assess the neighbors' behavior in the proposed trust model. The number of ACKs in the path depends on the path length. Let us assume that path length from source to destination is k hops. The number of two-hop ACKs becomes k for one data packet from destination to source.
If there are p packets in one session then the total number of two-hop ACKs will be p × k.
Assume that the size of two-hop ACK is ϕ and the data packet is ϑ then the total overhead in one session due to two-hop ACKs will be We have discussed computation cost, space requirement, and overhead analysis for better understanding however we can minimize the overhead by using optimization mechanisms such as piggybacking and cumulative acknowledgments.

V. EVALUATION
In this section, we present the performance of the proposed model. We analyzed the recommendation credibility computation, direct trust computation, accuracy of the trust, and finally performance of the network in presence of malicious nodes. We also analyze the strength of the trust model in presence of packet dropping, on-off, bad-mouthing, and collusion attacks. The proposed trust model is integrated with AODV in ns-2 [37] and named as TWMN.

A. RECOMMENDATION CREDIBILITY EVALUATION
We have analyzed the performance of recommendation credibility with some popular similarity measures. The similarity measures used for evaluation are: Pearson correlation (PCC), Cosine correlation and Root Mean Squared difference (RMS) [28], [38], [39]. Figure 4 gives PCC, Cosine similarity, RMS similarity, and proposed recommendation credibility values of six example data sets. Even though X and Y sets are showing similar values in DATA-I (in Figure 4) but PCC shows a lower value. The data sets X and Y are independent of each other so PCC may not give an accurate value. DATA-II (in Figure 4) shows cosine similarity is high. PCC is not possible on DATA-V (in Figure 4) because the Y set has the same values. Cosine similarity shows the highest value in all the cases. RMS similarity (RMS_sim) is low when more values are not similar. It is observed that no similarity mechanism works perfectly on all kinds of data. The proposed parameter R B A shows the better value for all six types of data sets. It is shown that the proposed recommendation credibility accurately computes the similarity value between two nodes.

VI. EXPERIMENTAL EVALUATION
In this section, we present the performance of the proposed model. We have implemented the proposed trust model in ns-2 [37] and integrated it with AODV [7], [40], [41] routing protocol. 26 nodes are placed randomly in an area of 1200 × 900 m 2 by using NSG [42] topology generator. Malicious nodes are deployed randomly in the network. The results are taken in presence of badmouthing and collusion attacks. Malicious nodes form groups and send bad recommendations on legitimate nodes and good recommendations on collusive nodes. Simulation parameters are given in Table 1.

A. ANALYSIS ON PACKET DROPPING ATTACK
The objective of this simulation is to show the TWMN's effectiveness in presence of packet-dropping attacks. Malicious node drops the packets randomly with Packet dropping rate (Pr)=n, defined as one packet is dropped randomly in every n packet. The successful packet delivery to the destination also depends on the number of malicious nodes present in the path. Assume that the malicious node drops the packet with probability p If there are two malicious nodes in the path then the prob- If there are three malicious nodes then the probability is p + (1 − p) × p + (1 − p) 2 × p similarly, for k malicious nodes, the packet drop probability is: The eq. 12 evaluates to 1 − (1 − p) k Therefore the probability of successful delivery of the packet if k malicious nodes are present in the path is: Figures 5-9 show the trust values of TWMN and ratio methods [25], [43], [44] with γ = 1 and γ = 3 values. TWMN is effectively computing the trust values for selective packet droppings also. Simulations show that as packet dropping rate n increases the trust value convergence time also increases. So, malicious node identification time increases. Compared to the ratio method, TWMN is reducing in all scenarios whereas the ratio method is stable at one value in all scenarios Figure 10 and figure 11 show the trust values of TWMN with different punishment factors i.e α = 2 and α = 4. It is evident that as punishment factor α increases, trust value reduces drastically because of cos(.). The trust value is reducing minimum 60% and maximum 90% for α = 2 to α = 4.

B. TRUST ACCURACY
The objective of this simulation is to show the accuracy of the trust model, TWMN. We use Trust Computation Error to denote the accuracy. Trust Computation Error is computed as the Root Mean Square error between the actual trust and VOLUME 10, 2022   expected trust values. The expected trust value for a legitimate node is 1 and for a malicious node is 0.
In this simulation, nodes in the network start behaving in a malicious manner at random. These nodes send bad recommendations to legitimate nodes in a non-collusive manner (mode). In collusive mode, malicious nodes form a group and send good recommendations to group members, and bad recommendations to legitimate nodes. Simulations are   run with different source-destination pairs. After 600 seconds a legitimate node is selected and its trust accuracy is computed based on the trust assessments of neighbors present in the trust table. Figure 12 shows the trust computation error in presence of collusive and non-collusive modes. In both modes, trust computation error is low i.e. the trust model accurately identifies the malicious nodes.

C. TRUST VALUE COMPUTATION
This simulation aims to demonstrate how the TWMN computes trust values for both malicious and legitimate nodes. Figure 13 shows the trust values of the legitimate and malicious nodes. A legitimate node performs well so the trust value is high. Malicious node shows bad behavior so the trust value decreases and reaches zero.    Figure 14 demonstrates the credibility score of a malicious and legitimate node. Malicious node relay 0.1 recommendation score to a legitimate node. Figure 15 illustrates the credibility score, which complements the trust value i.e (1 − actual trust value). In both circumstances, TWMN quantifies the recommendation credibility value with high accuracy. Figure 16 shows recommendation credibility against a number of bad recommendations. As the percentage of bad recommendations increases, recommendation credibility decreases. The contribution of recommendations is reduced based on the correct recommendations received from that neighbor (recommender).

D. PERFORMANCE EVALUATION
The proposed trust mechanism identifies the malicious nodes in mesh networks based on packet forwarding. Two-hop ACK is used to identify whether a node has forwarded the packet or not. We have evaluated the proposed model trust VOLUME 10, 2022  computations in presence of malicious nodes. However, our performance evaluation scope is to compare the network efficiency with and without the trust model. This shows the significance of the proposed trust model for wireless mesh networks. Some of the model parameters are already evaluated in our paper [22] for wireless sensor networks. Due to the above-mentioned scope, we have evaluated the proposed model in wireless mesh network model parameters. The objective of this simulation is to show the performance of the network in presence of malicious nodes. Figure 17 shows the PDR analysis of TWMN in presence of malicious nodes. A number of malicious nodes increase PDR of AODV decreases drastically due to packet drops. TWMN successfully identifies malicious nodes so, the path will be established through legitimate nodes. When malicious nodes are increased there may be chances of malicious nodes which are not evaluated previously may exist in the new route hence the PDR reduces after the malicious nodes cross 30%. Throughput is directly proportional to PDR so the throughput of TWMN is high compared to AODV. Figure 18 shows the throughput analysis. Due to MRMC, interference is also less compared to SRSC so, TWMN shows higher PDR.
Control packet overhead is the average number of control packets for one data packet received. Figure 19 shows network overhead in presence of malicious nodes. The   overhead of TWMN is high compared to AODV due to twohop acknowledgment. As the number of malicious nodes increases the route length increases so the number of two-hop ACKs increases.
We have evaluated the average end-end delay without malicious nodes to analyze the delay due to two-hop ACKs. Figure 20 shows the delay with the different numbers of hops. Delay is increased as the number of hops are increasing between the source and destination. The Delay of TWMN is higher than AODV because TWMN sends two-hop ACKs in the reverse path which consumes the network resources.

VII. CONCLUSION
In this paper, a secure and sustainable two-hop ACK mechanism framework was proposed here to build trust information. The scheme proposed is called TWMN which successfully identifies malicious nodes in the network. The two-hop mechanism allows verification of the packet forwarding behavior in the mesh network. TWMN gives a robust approach to computing recommendations in a distributed manner. TWMN uses a similarity mechanism to remove malicious recommendations. Indirect trust is aggregated by using the weighted DS Theory. TWMN trust accuracy is better and also accurately computes the recommendation's credibility. We have shown that TWMN successfully identifies the malicious nodes and ensures packet delivery to the destination in presence of packet drop/modification attacks, badmouthing attacks, collusion attacks, and on-Off attacks. The scheme proposed has more network overhead compared to AODV because of twohop ACK packets. PDR is high because of MRMC as well as the trust mechanism. Sensors' data is also very important in IoT networks. Data Trust [19] also can be integrated to verify the consistency and reliability of the IoT device. We are working on a logical extension to apply the proposed trust model for channel assignment in MRMC so that legitimate nodes get more Quality of Service.