“…Existing work was mostly based on anomaly detection [15] techniques to discover deviations from expected behaviors, including rule-based [16,17], weighted summation [18], data clustering [19], and Support Vector Machine (SVM) [20]. In rule-based anomaly detection [16,17], typically rules based on QoS metrics are being setup to detect suspected attack behaviors, e.g., if a SN does not forward a packet within a time limit, if a SN forwards the same packet multiple times without suppression, or if a packet is received directly from a non-neighbor SN or from a neighbor SN who is not supposed to send a packet during a particular time interval, then the SN in question is suspected of maliciousness.…”