Investigation of Different Mechanisms to Detect Misbehaving Nodes in Vehicle Ad-Hoc Networks (VANETs)

Te vehicle ad-hoc network (VANET) is a crucial technology that will play a signifcant role in shaping the future of transition systems, which is widely used as a subset of ad-hoc networks. VANET aims to ensure driver safety by establishing independent communication with nearby vehicles. A key requirement for successful data transmission is cooperation among nodes, as factors such as high mobility, limited radio range, signal fading

placed of the road to enable V2R communications. If needed, it can connect the network vehicles to the Internet. A directional antenna is used when the RSU wants to send a message to a specifc location. Te RSUs have the storage capacity to store the information received from the vehicle's OBU.
Te following is the TPD (tamper-proof device), which, like the black box of an airplane, contains all the information about the vehicle, its route, and its speed. All trafc violations are stored in the TPD. Te communication range in VANETs can be increased by multi-hop message forwarding techniques [5,[7][8][9][10][11][12][13][14][15]. Since message passing is done through multiple intermediaries, the listed security requirements (integrity, confdentiality, privacy, non-reputation, and authentication) are essential to protect the information in the packets from tampering by attackers or malicious vehicles [7,[15][16][17][18][19].
One last feature is the TA, which manages the overall VANET network and records things like OBU, RSU, and the vehicle driver ID, which are later authenticated using the registered ID for each person or device. In this way, any malicious vehicle or false message can be detected.
In this article, we will discuss various challenges associated with VANETs. Specifcally, Section 2 will delve into these challenges and explore potential solutions. Section 3 discusses the categorized uncooperative nodes and their impact on network performance. Section 4 describes previous works and summarizes what has been discussed in each work. Sections 5-7 present various algorithms for detecting uncooperative nodes (selfsh and malicious nodes) in vehicle ad-hoc networks. Section 8 explains the parameters discussed in Tables 1, 2, and 3. Section 9 discusses the categories of papers published in various journals. Section 10 summarizes some of the problems with VANETs that researchers can work on in the future. Section 11 contains the conclusion.

VANET Challenges and Security Impact
Due to some features in the structure of VANET networks that can make them require to ensure safe and confdential communications for V2V and V2R, it is essential to implement security measures.
Below are some of the VANET challenges that you might encounter. Te challenges of VANET include network volatility, delay-sensitive applications, signal fading, lack of communication, limited bandwidth, and multi-hop connection [8].
(1) Network volatility: Vehicles' communications are temporary; therefore, the connection between vehicles may be established for a short time. Ten, it is disconnected because of the vehicle's velocity. (2) Delay-sensitive messages: Some messages are related to safety, passengers' comfort, and some risks on the road. Tese messages are time-sensitive that should forward with small overhead and low processing delays. (3) Signal to fade: Objects that stand as obstacles between two vehicles can afect network performance. Tese obstacles can be other vehicles or tall buildings stationed along the way. Teir efect prevents the transmitted signal from reaching the destination and increases the fading of a propagated signal. (4) Lack of communication: High mobility and rapid changes in topology lead to multiple and consecutive outages in the network. Te time required to extend the life of a connection should be as long as possible. Tis can happen by increasing the data transmission power, although it can reduce and degrade the operational power (average successful message delivery rate in a communication channel). (5) Bandwidth limitations: It appears that there is only one main coordinator to control node communication and perform bandwidth management responsibilities. Tere is a high possibility of forming a channel density in the frequency range of 10 to 20 MHz. Terefore, the appropriate use of bandwidth signifcantly reduces the time delay of published messages. (6) Multi-hop connection: Vehicle ad-hoc networks (VANETs) occasionally depend on multiple vehicle connections to transmit information, where each vehicle must disseminate the received messages to potential neighbors within its range of communication. Te conduct of vehicles must be discerned, and any deviant vehicles (selfsh or malicious) should be penalized or driven out of the network.
One of the signifcant concerns in VANET networks is the nodes that have selfsh behaviors. Tey drop packets, so other nodes in the network will be forced to retransmit their packets because the packets are not delivered to the destination. Due to the misbehaving nodes, the trafc will increase, and bandwidth and network performance will decrease. So, the primary focus of this study is to investigate diferent approaches for detecting selfsh and malicious nodes [19,[28][29][30][31][32][33][34][35].
(i) Tis study outlined and classifed the various mechanisms for detecting misbehaving nodes in vehicle ad-hoc networks. (ii) Each method's key aspects and drawbacks are explicitly written, and the algorithms of diferent techniques are compared with the help of three parameters: detection of the number of selfsh nodes, overhead, and throughput. (iii) Te article used comparative research to recognize the critical weakness, and open issues are discussed to inspire new algorithms to detect misbehaving nodes in vehicle ad-hoc networks.

Introduction of Uncooperative Nodes and Security Attacks
Tis section presents diferent types of attacks that occur on vehicle ad-hoc networks. Te efectiveness of an attack depends on how good the attacker is and what they can do. Te potential impact of attacks on the lifesaving application of VANET cannot be predicted with certainty. Such attacks have the capability to interrupt the whole system or even manipulate the system's operations to gain ownership. Te classifcation of attackers in VANET is determined by the nature of the attacks executed, as illustrated in Figure 2 [36,37].

Classifcation Based on Activity.
In this version of the classifcation, there are two types of attackers. One category of attackers attempts to modify the network's data by producing fake information. It is much more harmful than the second type of attacker, who reads information from the network. Passive attackers act like radio listeners. Tey listen to the data you send (eavesdrop) but do not change them.

Malicious Nodes.
A malicious node can transmit false warnings, tamper messages, and create congestion in the network by modifying, dropping, replying to earlier transmission, or misrouting data packets. Tese malicious behaviors cause problems such as vehicle crashes, increased congestion, and issues that mostly intend to destroy the network.
Tere were numerous possible attacks on VANET and the potential for a complete network shutdown and performance degradation is a distinct possibility.
Some attacks for which a solution has been provided in the studied articles are explained below.
Another classifcation proposed by the researchers in reference [38] for the types of attacks is shown in Figure 3, where the attacks are classifed according to the security services challenged by the attacks.

Attacks on Availability.
Information availability is critical to users, as a lack of information results in it not reaching users and degrading the network's performance. Attacks such as denial of service, jamming, and blackhole attacks fall into this category.

Attacks on Data Confdentiality. Confdentiality
guarantees that access to the information is restricted to authorized users only. Confdentiality is of utmost importance due to the absence of confdentiality that could leak vital information to the public. Attacks such as eavesdropping and man-in-the-middle fall into this category.

Attacks on Data
Integrity. Data integrity means that the contents of packets do not change during the transmission of the packet from one node to another in the network. Data integrity for data packets guarantees the reliability and accuracy of the data. Attacks such as illusion and masquerading belong to this category.

Attacks on Authentication.
Authentication is the frst way of protection from attackers. It is a mechanism to protect the network from the abusive behavior of vehicles entering with bad intentions. Te action of authentication in VANETs serves the purpose of safeguarding legitimate nodes from both internal and external malicious entities. Te classifcation of Sybil and Global Positioning System (GPS) spoofng attacks and replay attacks can be attributed to this category.

Attacks on Non-Repudiation.
Non-repudiation is a concept that denotes the inability of the message sender to refute having sent the message or for the message receiver to deny the receipt of the packet. An attack that utilizes this approach involves the attacker denying having both sent and received the message.
(1) Denial of Service (DOS) Attack. Te availability of the network is of utmost importance in the case of VANET, as all automobiles are dependent on it.
Te DOS attack is often one of the most severe attacks on any network. Te primary purpose of the VANET is to provide honest users from accessing the network. Tis purpose is not accomplished when a DOS attack occurs on the network because malicious vehicles send many bogus messages on the control channel to gain attention, get extra beneft from the network, or disrupt network performance. It is a problem that the DOS attack uses up a lot of memory, bandwidth, and provided memory. In this situation, an assailant transmits a notice regarding mishaps to the automobiles within its wireless radius and simultaneously to the roadside unit (RSU). In this circumstance, the RSU and the vehicles are preoccupied with receiving messages from a malevolent vehicle. However, even with this attack, the vehicle nodes present in the network cannot execute all the crucial undertakings, and the transfer of information among all the nodes is impeded.
Te architecture of the attack is shown on the right side of Figure 4 [39,40]. On the right side of Figure 4, the black vehicle carries out the DOS attack because it repeatedly sends the false message "accident occurred ahead" to the neighboring vehicles and RSU.
(2) Distributed Denial of Service (DDOS) Attack. Te DDOS attack poses a more signifcant threat than its denial of service (DOS) counterpart in the VANET circumstance. Tis is primarily due to the attack's distributed mechanism within the environment. In a DDOS attack, multiple malicious vehicles execute an attack on an honest vehicle from various locations. Te attackers send large number of packet and cause network trafc all the time. So, it is hard to fnd out from which vehicle this attack came. Tis attack is much faster than the DOS attack. Te left side of Figure 4 shows a DDOS attack in which malicious vehicles perform a DDOS attack from varying locations and at distinct temporal intervals in a manner considered lawful, so the attacked vehicle cannot communicate with trusted vehicles in its radio frequency range [41]. As you can see, the black vehicles act as malicious vehicles, and they all repeatedly send the wrong message, "accident occurred ahead," to the nearby vehicles.
(3) Illusion Attack. In this particular attack, the perpetrator deliberately alters the trafc data of their vehicle and transmits erroneous information to neighboring vehicles and RSUs. Within VANET, drivers' conduct depends upon the warning messages they receive; receiving such messages may result in a shift in the driver's response and consequentially lead to an accident, trafc congestion, or a detours route to the destination. Furthermore, the adjustment of the network topology may lead to a decline in network performance [42]. Next, how to perform the Illusion attack is shown in Figure 5. In this attack, the black vehicle, which is the cause of the attack, can confuse the drivers in choosing the route with various fake messages such as "Tere has been an accident ahead or drive slowly, the road is slippery, or the weather ahead is foggy." (4) Replay Attack. Tis attack occurs when a malicious vehicle replays the transmission of previous information to beneft the message's situation at sending. Te attacker replays the earlier message repeatedly to confuse other nodes because the previous message is not correct now. For example, sending an accident message that happened several minutes before is considered the wrong message for the vehicles ahead. Te timestamp can prevent replay attacks. In Figure 6, the yellow vehicle, which received a packet about the collision of two black and green vehicles earlier at time T1, sends it to the other vehicle after traveling a distance again at time T2 [43].
(5) Black Hole Attack. Te black hole attack in vehicle ad-hoc networks (VANET) is considered one of the subclasses of denial-of-service attacks. If a vehicle on the road tries to get packets of a vehicle, it will tell other vehicles on the road that it is the fastest way to get to that vehicle. Tis is called a black hole attack. Furthermore, after receiving the packets, it throws them away in this attack, the number of malicious nodes can be more than one, and sometimes they gather in a place close to each other, called a black box. In Figure 7, the black car presents itself as the closest node to the destination, and instead of taking the correct path indicated by the arrows in Figure 7, the packets are all sent to the black vehicle [44].
(6) Wormhole Attack. In vehicle ad-hoc networks, malicious nodes (nodes that do not follow the rules) can listen to the packets that are not supposed to be heard by others. Little by little, they replace themselves with honest vehicles to receive information and then broadcast the packets to their colleagues to the other end of the tunnel. A wormhole attack is a way to disrupt the routing of a network by sending a packet to an unexpected destination. Figure 8 shows how the

Security and Communication Networks
In a DDOS attack, several malicious nodes send false messages to a vehicle or RSU.
The Dos attack happens when a malicious vehicle continuously sends a wrong message to RSU and other vehicles. Figure 4: A small view of DOS and DDOS attacks.  attacker nodes work in this attack. Te malicious vehicle receives the information and sends it through the tunnel to its malicious colleague on the other side. Wormhole attacks can be categorized into three main categories: open wormhole, half-open wormhole, and closed wormhole. Te diference between these three divisions lies in how the packet reaches the malicious wormhole nodes [45].

Open
Wormhole. Te source, destination, and neighbor nodes in their one-hop are visible, but other malicious nodes in the path are kept hidden. Te source and destination nodes do not know they have malicious nodes in their neighborhood. In this case, the malicious nodes put themselves in the header of the route request packets.

Half-Open Wormhole.
A malicious node near the origin is visible, but the malicious node near the destination remains hidden. So, to send the packet to the destination, it is sent to the center, and the malicious node is near the origin node; then, it is sent to the destination, and the malicious node sends the packet through the tunnel to the attacking node on the other side. In this case, the content of the packets is not changed.

Closed Wormhole.
In this classifcation, the identity of all malicious nodes remains hidden between the source and the destination so that the source and destination nodes feel that they are in a one-level relationship and exchange packets directly with each other. Figure 7: A small view of the black hole attack.

RSU RSU
Wormhole tunnel between malicious vehicles

Security and Communication Networks
(1) Gray Hole Attack. Te attack, referred to as the gray hole, signifcantly impacts various parameters of VANET, including but not limited to packet delivery, throughput, and end-to-end delay. Te gray hole attack is a similar type to the black hole attack in which the malicious node behaves like black hole nodes. Tey forward the packets, but sometimes, it drops them for a while and then changes to its usual behavior [46].
(2) Jellyfsh Attack (JF). In this form of attack, the ofender's vehicle causes disruptions to the network. If the intruder manages to breach the network, the packet replication and discarding process can potentially cause delays in the network, while also rearranging the sequence of the packets. JF attacks executed at the network layer negatively impact the transport layer's functionality, leading to a decrease in the network's end-to-end delay levels [47].
(3) Jamming Attack. One of the most signifcant attacks in the feld of security applications for VANETs occurs when an untrustworthy vehicle endeavors to impede broadcasting communication using various techniques, including the transmission of a potent signal that possesses a frequency range comparable to that of the receiver or sending packets with a legal header but worthless payload. Tis attack is not energy efcient for the attacker because of that; the attacker uses as much noise as possible in the packet to change bits; in this case, little energy is consumed. If the receiver obtains a packet with an incorrect checksum, the receiver will discard it and will not accept any more packets with the same checksum as the discarded packet [48].
(4) Timing Attack. Most packets should be sent in real-time in VANET, but some attacker vehicles do not forward the safety-critical data to other vehicles at the right time. Tey add some extra packet delays regarding time slots. Tis attack is called the timing attack; a few malicious vehicles participate in this attack with destructive thoughts, such as creating trafc and causing consecutive accidents [49].
(5) Eavesdropping Attack. Eavesdropping is a passive attack. Te attacker eavesdrops on the transmission channel to access security certifcations or secret information. Hence, a vehicle that is not registered employs a legitimate certifcation to amass pertinent data about the vehicle, including the vehicle's identifcation, location, velocity, and other relevant details [50].
(6) Sybil Attack. In a Sybil attack, an attacker creates many forged identities (multiple false vehicles) to conquer the whole network and broadcast false information to hurt honest users or ruin the network's performance. According to the performance of this type of attack, it can be introduced as one of the most destructive attacks in the network. Te attacker falsely asserted to be present at another geographic site at the same time, so they forced vehicles to change their direction to other roads to make that road clean [51].
(7) GPS Spoofng Attack. All vehicles within the VANET system transmit information to the GPS system. Te satellites ensure the location of vehicles within the network by keeping track of their distinct identities and locations. During a GPS spoofng ofense, the attacker vehicle generates a misleading output generated by the GPS system to think they are located in a diferent location. Tis is accomplished through the use of a GPS satellite simulator, which generates much stronger wrong signals than the actual one [52].
(8) Sensor Tampering. It is easy for attackers to fool a device's sensors by making them think that something is true when it is not, which is called sensor tampering. In this example, an attacker could use ice to trick the sensors that tell cars how cold it is outside and the road is covered in ice, then send messages that indicate the road is icy when it actually is not. Same way, tampering with the GPS's sensors can even possibly send false position information. Terefore, it is possible to send false data to the network, even though the data are accurate and the integrity is preserved in appearance [53].
(9) Man-In-Te Middle Attack (MITM). An attacker joins the network, includes himself in the communication between two vehicles, and receives packets exchanged between the source and destination to achieve access to the packets, both source, and destination, were attempted to transmit. Te messages are changed before being delivered to the destination. But both sender and receiver think this connection is secure [54].
(10) Masquerading Attack. Te attacker gains entry into the VANET infrastructure through valid user identifcation and passwords, although under unauthorized auspices to disseminate incorrect messages that seem to originate from the ofcially registered vehicle [55].

Related Surveys
Tis section reviews previous related works, discovering the selfsh and malicious nodes presented in VANET. Each paper provides a diferent category for the behavior of diferent nodes. In [56], frst, the description of vehicle ad-hoc networks is provided, which includes the network overview, features (high mobility, dynamic network topology, frequent network disconnection, transmission media, no power limitation, transmission power limitation, weakening of wireless transmission, and extensive computing processing), security services (availability, confdentiality, authentication, data integrity, and non-repudiation) and threats, attacks in these networks, which are categorized in three general groups (attack on communications, attack on security applications, attack on entertainment information applications). Location privacy techniques have been extensively investigated to safeguard sensitive vehicle data, including vehicle location and driver information. Subsequently, an in-depth explanation is provided regarding the various trust management 8 Security and Communication Networks models utilized in VANETs and trust management simulation tools are introduced for evaluating the efciency of the  trust models in VANETs, such as MATLAB, NS-2, NS-3,  TRMSIM-V2V, TraNS, VANETMobiSim, and Veins. Discussions including the development of the VANET to VCC  (vehicle cloud computing), the reason for becoming the VCC (providing various services at low cost, including reducing trafc and trafc accidents, improving the trafc environment and road safety), VCC architecture, and security and privacy issues are provided. Tis article discusses how architectural design and security issues can afect privacy. It also discusses research challenges related to the VANET and VCC projects. Tis study presents a detailed review of related research conducted to detect and reverse node misbehavior in VANETs to establish a secure network.
In a comprehensive article that includes a complete description of all the elements of security and attacks, the authors can examine more techniques about the trust model and its impact on security and privacy are signifcant concerns that can prevent various attacks and methods which provide security in the network.
Tis study [57] reviews related research to detect node misbehavior in VANETs and revoke malicious node certifcations to establish a secure network. Ten, after dividing the nodes into two categories, static and dynamic, they examine the diferent methods presented in the articles in this feld and place each technique in the subcategories in this category. Once malicious nodes are detected, certifcate revocation is a method of removing malicious vehicles from the network, and the information about vehicles revoked by the CA is disseminated through the revocation process so that other neighbor vehicles do not consider the received message. As a result, the private information of misbehavior vehicles is blocked. Te presented article has studied each method's features, advantages, and disadvantages well. Still, it was better to use numerical parameters to compare each technique with another one.
Te review paper [58] frst introduced intelligent transportation systems and then examined security shortcomings based on the PKI method. Ten, a categorization of distinct detection mechanisms for inappropriate behavior has been presented, which is explicitly designed for vehicular ad-hoc networks. Tis categorization encompasses both data-centric and node-centric mechanisms (comprising mechanisms centered around data and nodes) that identify malicious messages according to the characteristics of the sender node, and the mechanisms that are data-centric in nature predominantly engage in the analysis of the significance of messages that are received.
Tey are divided into two categories, consistency and plausibility mechanisms. In the frst category, only the packets of a specifc sender are analyzed. Still, in plausibility mechanisms, the messages received from several diferent senders are analyzed, and all messages must be matched. Tis study summarizes each article and the pros and cons of each method are studied in full detail. Techniques have been analyzed in terms of parameters such as qualitative analysis of diagnostic range, required resources, generalizability, security, and privacy.
Arshad et al. [59] conducted a study on how to detect fake messages in VANETs. Te classifcation of false message detection schemes is based on the two main categories of node-centric and data-centric detection, which is categorized by node behavior, trust, local and cooperative. Te paper discusses the limitations of the papers published so far and what the future holds for them. Suitable parameters have been used to compare the studied approaches, which show what features each method provides in the presented article. Still, it was better to determine how much more or less the authors mean in some cases.
In [60], Lu et al. have described the characteristics of vehicle ad-hoc networks and then the system model, which includes the three main components OBU, RSU, and TA. Ten, the security and operational criteria they will try to eliminate in these cases are explained in detail. In addition to presenting the protection mechanisms against various attacks in VANET, the critical features of efective trust management models are stated. Several location privacy protection mechanisms are also described to protect vehicle privacy further and ensure the quality of location-based services. Finally, the types of simulators used in VANET are described. Te authors should compare diferent methods according to several parameters in a comparison table.
Tis study [53] examines the security challenges in VANET, such as privacy, scalability, mobility, long delay constraints, and cooperation. Te points mentioned in the article include the introduction of attacks (such as Sybil, denial-of-service (DoS), blackhole, and wormhole attacks), how the attacks work (such as sending false location information, tampering with sensors, replaying data packets, and eavesdropping on packets and publishing this information on the network), and an explanation of the impact of these attacks on the network. Te following section examines the security solutions provided in previous articles for each attack and the advantages and disadvantages of each solution. Ten, in an evaluation table, items such as the infrastructure used in the proposed method, how each method works, how to respond to the attacks, and which attacks the proposed methods cover are presented. Te authors of this study have written a table that lists all the diferent characteristics used in the study. Still, it would be better to provide a comparison table according to the essential parameters in the network.
Tis study [61] frst introduces the vehicle ad-hoc networks, and then the network characteristics have been provided (including network topology and communication model). In the following, network challenges such as the size of these networks, uncertainty about the non-manipulation of messages, various algorithms for sending packets, and security restrictions such as congestion and collision control, sender anonymity, and privacy are examined, and their causes and available solutions are provided for them. Ten, security requirements such as authentication, availability, confdentiality, non-repudiation, honesty, privacy and anonymity, data verifcation, fexibility and performance, and error detection are examined. Te authors then focus on classifying the various known attacks and suggested Security and Communication Networks solutions. Te proposed solutions enable VANET to implement a secure system for trusting vehicles and protecting them from selfsh and malicious nodes. One of the positive points of this article is the study of the features of each proposed method in diferent tables and the detection rate of attacks.
In [62], the authors address issues such as the types of communication, the reason for existing communication between vehicles and security requirements, reviewing diferent types of attacks, familiarity with diferent types of attackers, the impact of diferent kinds of attacks on vehicle ad-hoc networks and geographical location information and various threats. Networks have clearly and comprehensively discussed the threats to spatial details here. Te article should have included more methods worked in this feld and used a comparison table to compare the proposed techniques.
Te paper [38] frst gives an introduction to the VANET network. Te components and characteristics of the VANET network are described. Ten, a classifcation for the types of attacks is presented based on the security services in VANET, showing which attack threatens each security service. After defning the known attacks that challenge each security service, some of the most efective approaches to improve the services are given. At the end of the article, there are comparison tables that can show the efciency of each method by calculating the energy consumption, throughput, overhead, etc.
Te paper [63] presents several research areas for building reliable and secure vehicle ad-hoc networks. A detailed review of the research has been done to identify malicious nodes and nodes' misbehavior in vehicle ad-hoc networks. Te type of misbehavior is examined frst and then the techniques used to distinguish the misbehavior. Tis study divides the proposed methods into two general categories: node-based and data-centric. Te usefulness and weaknesses of these two sorts of methods are explained to make them work better. A combination of node-based and data-centric designs has been proposed, which can identify more complex attacks with the advantages of both approaches. In this study, it would be better to compare all the studied techniques based on the parameters written in Table 1, and there will be a complete table of features of all methods.
In [64], frst, an overview of vehicle ad-hoc networks is performed. Te security features and requirements, challenges, and types of attacks in VANETs have also been discussed, and a classifcation is presented of the kinds of attacks that classify security threats in VANET according to the diferent layers in the fve layers of the stack model (application, transmission, network, data link, and physical). Tis article uses fgures to show attacks understandable to the readers. I also recommend using comparison tables for techniques to prevent attacks from improving the quality of the paper.
In [65], the aim of classifying the current techniques is to be aware of intrusion detection in vehicle ad-hoc networks. Te intrusion detection systems are architecturally divided into three categories (independent, partner and distributed, and hierarchical); diferent intrusion detection methods are divided into several diferent types, such as the system based on watchdog node monitoring, reputation-based system, area-based system, signature-based system, etc. A onedimensional short review paper describes an intrusion detection (IDS) attack and examines various techniques to identify this attack.
In [6], the authors frst discuss the unique features and applications of VANETs. Te following contexts are about the challenges in these networks, such as frequent changes in the environment, increasing channel load, irregular connection due to changes in the strength of the received signal, and loss of packets. Ten, the authors discuss the types of attackers, known attacks so far, and critical cryptographic requirements to solve security issues such as accessibility and integrity. Also, the last topic discussed is the trust management models available in these networks, the unique challenges in modeling trust management, and the methods presented in previous articles to solve these challenges. A short review paper explores ways to deal with some of the attacks, which can be further improved by reviewing recent papers.
In the following, we discuss diferent methods for detecting selfsh and malicious nodes, or both, since there can be several diferent selfsh and malicious behaviors in the network and each method can only solve some cases. In the description of each method, we have highlighted the type of selfshness or malice emanating from the node so that it is clear what type of selfshness or malice each method can detect or what exactly the proposed method does to solve the problem.

Detection Schemes of Selfish Nodes
Tis part of the paper reviews various papers that provide an algorithm for detecting selfsh nodes. In the following, Table 1 discusses the advantages and disadvantages of these algorithms and Table 4 examines the features of each paper.

DSAM (Deep Q-Network to Suppress the Attack Motivation of Selfsh OBU).
In this study, the authors utilized a DDQN-based algorithm to establish an indirect mutual security frame for the computation and maintenance of the reputation of each OBU in the VANET. Te algorithm effectively represses the motivation of selfsh OBU attacks. Additionally, blockchain technology was implemented to safeguard against malicious tampering with the reputation model. Consequently, every node possesses a copy of the blockchain in the network of distributed devices, containing blocks that comprehensively document the past manner of individual nodes. Tese blocks cannot be falsifed or modifed with retrospective efect due to a uniformity mechanism and specialized encryption. To compact the learning state space and guess each communication behavior's Q value, the proposed algorithm includes a complex CNN (convolutional neural network) [20].

System Based on Deep
Learning. Jyothi and Patil [21] proposed a model that uses deep learning to detect selfsh vehicles by their trust values. In this method, a deep belief     --Provide (scalability, distributed, safety, message analysis, confdence) Not provide security, privacy network (DBN) and Red Fox Optimization (RFO) algorithm is used to evaluate the warning message sender and the integrity of the received message on the receiver side. To ensure the accuracy of these two items, the location of the vehicles is used to step by step get closer to the trust of each vehicle. With the help of time and distance, it can be determined whether the location stated by the vehicle is actual or not. To confrm location through distance, both beacons and event messages comprise geographic coordinates. Te supervised machine learning approach is implemented by employing SVM. Te Support Vector Machine's classifcation and majority voting processes are dependent on similarity measures that utilize distance. Te integrity of the trust level of the messages is assessed contingent upon the event message of adjacent vehicles. Based on the threshold value, both dependable and undependable vehicles are identifed. Te probability value of a reliable vehicle is one, and that of an undependable vehicle is zero. Te proposed method is compared with KNN and ANN (Artifcial Neural Network), which has higher accuracy and precision than those methods. Te accuracy is about 94%, and the precision is about 90%.

DISOT (Distributed Selfsh Node Detection in Internet of
Tings). In paper [22], Nobahary et al. proposed a model in the hybrid system category to detect selfsh nodes that drop the data packets using three steps: In the frst phase (the setup and clustering), all network nodes are identifed and clustered. Te second phase (global phase) indicates whether a selfsh node exists in the clusters or not by using the main cluster head that must monitor all other CHs and diferent kinds of nodes and identifying the selfsh node (s) of each cluster by the cluster heads acts in the local section.

A Credit-Based Method.
In the study by [23], an algorithm based on credit has been introduced to identify and resolve instances of selfsh nodes that purposefully discard data packets. In each cluster, three nodes are designated as watchdogs to oversee the activities of other nodes. Te parameters scrutinized to regulate the existence of selfsh nodes within the cluster encompass the aggregate count of dispatched and received packets in combination, end-to-end delay, and the network trafc and throughput. Te nodes are responsible for surveillance and transmit their discernment regarding the nodes under suspicion to the central node of the cluster. According to the majority vote, the central node then sends its opinion about the node to all other nodes.

A Contact-Based Model.
In [24], a collaborative contactbased watchdog (CoCoWa) is introduced as a new model for identifying selfsh nodes, which is a combination of identifying selfsh nodes by using a local watchdog and releasing this information in the entire network. If one node has previously identifed another node as selfsh, it can transfer this information to other nodes when calling. In this way, the nodes are equipped with secondhand knowledge pertaining to the nodes exhibiting self-serving behavior within the network. Te proposed methodology aims to decrease detection time and improve accuracy by lowering the efect of false alarm rate (FAR) and false-positive rate (FPR). Te analytical evaluation generally indicated a signifcant decrease in selfsh nodes' detection time and decreased overload compared with a traditional watchdog method.

QoS-OLSR (Quality of Service Optimized Link-State
Routing). In [25], Wahab et al. examined detecting vehicular misbehavior in vehicle ad-hoc networks, whereby the vehicles either exceed or fall below the speed limit. Tis is accomplished by utilizing the routing protocol known as QoS-OLSR. Te proposed method consists of two stages. Te frst stage stimulated the vehicles to behave generally during the cluster formation. After forming the cluster, the second stage tries to identify the misbehaving vehicles. Te vehicles are divided into clusters in the frst stage according to their location and speed. A cluster head and some MPR nodes are selected for each cluster. Each node in the network can use the services other nodes provide based on how trustworthy they think those nodes are. Some nodes are chosen as a watchdog for monitoring the conduct of MPR nodes. Tese nodes make determinations concerning the course of action for a given node based on their observations. Ten, the fnal decision is made about the vehicle's behavior using the Dempster-Shafer theory and whole ideas of watchdogs, and other nodes are notifed about selfsh nodes.

A Reputation-Based Model.
In VANETs, if the drivers have given the wrong information about a road closure, it will afect their decisions about how to get to their destination, how fast to drive, and how far to go. It could even cause accidents. In research conducted by Ding et al. [26], a new framework for vehicle reputation management has been proposed, using an ant-algorithm-based routing protocol. In this method, some event reporter vehicles are event monitoring vehicles, and event attendant vehicles include all roadside units in this path clustered as a virtual loop. Each vehicle's reputation is stored in all roadside units belonging to this ring in a distributed manner. After a run-of event, vehicles must eventually update their reputation based on their judgments about other vehicles' behavior. With this method's help, the authors could prevent false messages from spreading in VANET environments.

A Dempster-Shafer-Based Tit-for-Tat Strategy.
In [27], the Dempster-Shafer Tit-for-Tat strategy is introduced as a non-cooperative repetitive game to identify selfsh nodes (vehicles that sometimes use a very high speed to reach their destination and sometimes use a speed lower than the limit for selfsh reasons); the Dempster-Shafer Tit-for-Tat strategy consists of fve steps, including reputation calculation, maintenance monitoring, collect votes, set title rules for TAT and publish created information. In fve steps, these operations are done in order, one after the other. First, some observers are designed to monitor MPR nodes' behavior; then, a voting mechanism is established between the observers in the identical transmission locale. Te leader of each group subsequently assembles the ballots of the stationed observers in its corresponding cluster by applying the Dempster-Shafer principle. Ultimately, the cluster leader disseminates the verdict to all personnel within its domain and notifes other clusters in case of communication to minimize administrative burden and execution time. As a result, the members isolate the vehicles as selfsh nodes.
Tables 1, 2 and 3 compare each paper's essential benefts and weaknesses for detecting selfsh, malicious, and both types of these nodes. In each of these tables, each method has some key aspects and cons. None of these approaches satisfy our expectations, so researchers in this feld can provide better algorithms.
Te parameters studied in Tables 1, 2, and 3 include scheme name, year of publication of papers, the simulator used in the article, number of detected misbehavior nodes, the overhead of the proposed method, throughput, packet delivery rate (PDR), key aspects, drawbacks of the proposed methods.
Te parameters of the number of detected misbehavior nodes, throughput, and PDR, in some cases, their exact value is not written by the authors of the articles, or the graph related to these parameters is not drawn. In this case, as far as the authors were able, they calculated their values and put them in the relevant Table, but otherwise, their place is left empty.
Out of 62 papers, eight focus on detecting selfsh nodes, 45 deal with identifying malicious nodes, and nine concentrate on detecting both selfsh and malicious nodes.

Detection Schemes of Malicious Nodes
In this part of the document, we discuss several works that provide an algorithm for malignant node detection. Table 2 discusses the advantages and disadvantages of these algorithms, and Table 5 examines the characteristics of each work.

Rashid et al.'s Model.
In this research [66], the authors have posited a real-time system for detecting malicious nodes. Especially for DDoS attack detection using machine learning which includes two algorithms: Te initial approach employed in machine learning optimization is the Brayden-Fletcher-Goldfarb-Shannon (L-BFGS) method. At the same time, the secondary objective entails the quest to identify the apt optimization technique for the proposed VANET machine learning model. To achieve this, a distributed multilayer perceptron classifer (MLPC) is utilized, and the outcomes are assessed via OMNET++ and SUMO simulators, leveraging GBT, LR, MLPC, RF, and SVM models for machine learning categorization.

Bayesian-Based Model.
In the present study [67], the authors devised a quantitative framework centered on the concepts of the coalition and signaling games to fashion an intrusion detection game. Te game replicates the interactions between vehicles and the IDS agent and demonstrates the features of varied attack and defense phases. In addition, this approach endeavors to simulate the interactions between malicious nodes and the coalition leader outftted with an intrusion detection system (CH-IDS). Te intrusion detection game phase ascertains the essence of VANETs in every time slot. Concurrently, the Bayesian Nash equilibrium, with both pure and mixed strategies, compels the IDS agent to opt for the actions of idling or defending and not always defend, which, in turn, diminishes network overload. Te simulation results evince the proposed scheme's dependability, which can forecast the type of nodes. Te CH-IDS agent can select the most advantageous action, or optimal strategy, to counteract any malicious vehicle attacks.

MDFD.
In their scholarly article [68], the authors present a comprehensive analysis of the nature of Sybil attacks, utilizing trafc fow state data from multiple sources. Additionally, they propose a novel framework for detecting such attacks, known as the multi-source data combination detection (MDFD) method. Tis method incorporates crucial safety messages, maps, and sensor data, utilizing a multi-dimensional approach to feature extraction across four domains: spatiotemporal relationships, trafc fow state changes, vehicle behavior features, and sensor data verifcation. Finally, the proposed framework employs a machine learning-based classifcation approach to identify instances of attack behavior.

Awan's Model.
In this article [69], the authors present a novel clustering mechanism that utilizes an infrastructureless method to ensure the network, ensuring the safety and privacy of information while also maintaining quality postcluster formulation. Te mechanism is based on predefned Quality of Service (QoS) parameters, such as packet delivery rate for facilitating communication, runtime required to assess response rate, and average comment score. During cluster head selection, QoS parameters are integrated into trust parameters, and decision-making involves utilizing the absolute value that has been calculated. Te proposed mechanism employs blockchain to encrypt trust parameter calculations to address possible attacks, including detecting malicious and vulnerable nodes in the VANET network. Te trustworthiness of each vehicle is measured by the base station and transmitted to Roadside Units (RSUs) for further use. By integrating QoS and Trust, the proposed methodology presents a ranking system enabling the cluster to select its backup cluster head through computation efciently.

Fog-Based DDoS Detection Method.
Fog-based models within VANET encompass highly dynamic nodes, including roadside units (RSUs) and parked vehicles that receive information from other nodes and transmit it to fog servers for processing. In their work, Gaurav et al. [70] proposed a schema to detect DDoS attacks that leverages specifc fog nodes and servers. Within VANET, the fog nodes undertake network analysis and save critical information in the fog servers. Te fog servers can deliver storage, computing, and other cloud infrastructures to the end device, expeditiously process incoming information, make swift decisions (thereby reducing latency), and identify malicious vehicle nodes. Each node generates a database for its neighbors, considers the initial trust value of all its neighbors as zero, adjusts their trust value based on its performance, and subsequently shares the database with the fog node. Te fog node also sends this information to the fog server, which then shares it with the other fog servers, to ensure that every fog server holds the trustworthiness rating of each node within the system. Te amount of trust can be range from −0.5 to +2. Suppose that the trust rating of any given node falls below the minimum threshold. In that case, it is fagged as a malicious node, and this information is disseminated to all users via the fog servers, leading to its blacklisting.

F-RouND (Fog-Based Rogue Node Detection).
In their scholarly article denoted as [72], Paranjothi and Atiquzzaman introduced a proposed model that builds upon the Greenshield trafc model. Te suggested methodology utilizes a guardian node to identify anomalous nodes within a geographical area. Te exchange of vital information, which includes the status of braking and acceleration and the location of a vehicle, is facilitated through the transmission of beacon messages between vehicles. Te categorization of vehicles into anomalous nodes by the safeguard node is followed by theory testing to verify the identifcation's accuracy. Vehicles with an acceptable range of speeds during the hypothesis test are categorized as cooperative nodes, while those that fall outside this range are fagged as anomalous nodes. Upon successfully validating the hypothesis test, the anomalous node proceeds to disseminate data regarding the anomalous nodes for every vehicle situated within the predefned zone.

BCSM (Blockchain-Based Security Method).
In this study [73], the authors propose a security system based on blockchain technology for communication security in VANET. Te proposed system constructs two types of blockchains in VANET: BCIR (Blockchain for identifcation on RSU) and BCCA (Blockchain for certifcation on CA), where the BCIR blockchain is connected to the RSU, which evaluates the reliability of the message, and the BCCA in the CA, which determines whether a node is legitimate or not. Te legitimacy of a message is evaluated considering various factors such as message integrity, the reputation of the sending node, event type, loc event , EventTime, time efectiveness, and distance efectiveness. Te reputation of a node is defned by its communication behavior. By analyzing the communication behavior of a node, this method can determine whether the node is malicious or not. Te proposed method detects denial-of-service (DoS) attacks, integrity targets, and false alarms and defends against their sabotage.

EPORP (Emperor Penguin Optimization-Based Routing
Protocol)-Based Secure Protocol. Te EPORP-secured protocol, as suggested in reference [74], has been proposed to augment the system's security and detect the existence of Sybil attack nodes. In the context of vehicular ad-hoc networks (VANETs), detecting Sybil attacks is crucial to mitigate instances of system failure. Te Rumor riding technique has been employed to identify nodes participating in Sybil attacks. Furthermore, the SXOR (Split XOR) function ensures that the message and information remain secure. Te EPO (emperor penguin optimization) algorithm is utilized to compute generating keys in the SXOR function. Te proposed technique has demonstrated more satisfactory results than those produced by the FA (frefy algorithm), PSO (particle swarm optimization) algorithm, and WOA (whale optimization algorithm).

SAODV (Secure Ad-Hoc On-Demand Distance Vector).
Dhanaraj and colleagues proposed a novel cryptographic scheme, as documented in reference [75], which is integrated into the AODV protocol to identify and counteract a black hole attack in the context of VANET environments. Te SAODV algorithm, which improves the AODV routing protocol by incorporating security features, operates by Te FBTRP-DBN model proposed is a mechanism grounded in trust that aims to eliminate malicious nodes (the initiators of DOS attacks) from the VANET network by selecting an ideal cluster head, which is accomplished by identifying the highest trusted node. Te cluster head selection involves certain vehicles, known as recommenders, who oversee the monitoring process. Tese recommenders evaluate the accuracy of data transmission and discern the actions of individual vehicles. Te policy of FBTRP, in its determination of the retransmission trust value, employs two factors network density and the retransmission node distance factor. Te fuzzy system calculates the "trust value" output using the provided inputs. Following the evaluation of the trust value, a deep belief network is utilized to predict the vehicle's malicious behavior in the future with the obtained threshold value. Te cluster head then separates the vehicles into various lists, namely, green (cooperative), gray (abnormal), and black (malicious). Vehicles on the blacklist hold a heightened level of distrust and exhibit peculiar behavior. Tese particular vehicles are deemed malicious and possess an elevated threshold of untrustworthiness. Te ash list associated with these automobiles displays abnormal conduct and occasionally disseminates fraudulent information across the network. Additionally, these vehicles may discard or duplicate packets. Conversely, vehicles on the Green List are profcient in sending and receiving messages and usually conduct themselves [76].
6.12. TREE. In the publication denoted as [77], the authors have formulated a trust-based message propagation scheme for a vehicular network for the purpose of discerning the issue of fraudulent nodes transmitting spurious alarm messages. Initially, they have contrived a trust-based mechanism to assess the credibility of the node through the node's message transmission pace and event notifcation execution to validate the veritable emergency warning messages. Based on the nodes' reputations, the trust score is approximated for each node in the network by means of assessing the average direct trust value according to the estimated trust value. Te subsequent phase entails an evaluation of the vehicle's indirect trust, which is founded on the recommendations that are obtained from multiple neighboring vehicles. Te assessment of the vehicle's efciency in terms of reliability is carried out through the employment of both direct and indirect reliability measurements. Such an evaluation yields valuable information regarding the message transmission patterns of the node. Furthermore, the selection of the subsequent relay node is predicated on three essential parameters, namely trust score, node similarity, and link durability. To recognize fake alarm messages, a trust-based authentication approach is employed, utilizing the trust score and weight factor of vehicle network nodes.

BBAAS (Blockchain-Based Anonymous Authentication
Scheme). Te present article [78] delineates an anonymous authentication system that is founded on the blockchain. Te proposed system entails the transfer of crucial materials and private information pertaining to vehicles directly to the closest trusted authority (TA) by vehicle units. Te private information is managed exclusively by the TA and is securely stored in its database. In the proposed system, the TA is connected to the blockchain network along with the roadside units (RSUs). Te RSUs and vehicle units undergo a preliminary authentication process at TA to obtain an authentication code and an alias identity. Te TA utilizes this private information to establish the true identity of the vehicle based on the alias identities in the event of a dispute. After the initial authentication process at TA, RSUs can authenticate vehicles via the blockchain network using the verifcation code when they enter the RSU's coverage area. Upon entering the current RSU's communication area, the novel roadside unit (RSU) performs authentication of the vehicle by verifying the certifcate presented by the preceding RSU, provided that the authentication process was successful in the current RSU. At this point, the RSU transfers the verifcation password to the vehicle. Additionally, the RSU and the vehicle establish a session key in this step [78].
6.14. Fog-Assisted Networks Based on Blockchain and Neuro-Fuzzy. In this research work [79], the authors proposed a lightweight and privacy-preserving authentication scheme without a certifcate in VANET with the help of Fog using blockchain technology and fuzzy neural machine learning technique. An authentication scheme using certifcate-less signatures based on elliptic curve cryptography (ECC) and hash functions has been developed. A neural fuzzy algorithm is proposed to detect unusual requests before the authentication process and reject them to prevent denial-of-service attacks. Te proposed authentication method can defend against known attacks such as man-in-the-middle, replay, impersonation, and modifcation.

Sharma et al.'s Model.
In this method, the authors try to discover frauds of location with the help of machine learning. One machine learning approach, supervised learning, is utilized for categorizing. Some well-known classifcation algorithms in this research include KNN (K-Nearest Neighbor), Decision Tree, Random Forest, and Naïve Bayes algorithm to detect misbehaving nodes. Also, this study has classifed the types of attacks to fake the vehicle's location: constant attack, constant ofset attack, random position attack, random ofset position attack, and eventual stop attack, which, according to the type of their method, are as follows, pretending to be in a fxed place of the road in the network; add a constant, fxed value to the actual position; using a random Position; send a random number from a small area around their vehicle; act normally for some time then send a fxed position repeatedly to expose the vehicle stopped to gain trust in the network. Te result showed that the KNN algorithm better detected misbehavior vehicles than others [80].
6.16. Improved Secure AODV. Kumar et al. improved [81] the routing protocol AODV to overcome the black hole attacks by adding security to the RREP and RREQ packets exchanged in the network. Te security problem is improved with the help of digital signature, which is done in both encryptions in the source and decryption in the destination to ensure the identity of nodes. Also, a hash algorithm has been used for the message's authenticity. Ten, the reputation of each node decreases or increases according to its performance in forwarding packets.

CBM (Collaborative-Based Misbehavior) Scheme.
In a paper [82], Sultan et al. have proposed a malicious detection scheme based on participatory trust to detect vehicles that use fake identities in message forwarding and spread counterfeit data. Te authors have used one of the physical criteria here: the extraction of received signal strength (RSS) that prevents vehicles from sending fake data or does not let them send it at all. Te vehicular node, which is a participant in the system, generates a trust evaluation report utilizing the approach of SVM classifcation and its subsequent implementation transmits it surreptitiously to the trustworthy authority. Te support vector machine (SVM) utilizing a Gaussian kernel function serves as the utilized mechanism for identifying misbehavior in vehicles. Te present study in this investigation incorporates direct and indirect reputation calculation approaches. Te direct form comprises gathering communication history and pertinent information through direct communication with the intended node. In the indirect reputation, each vehicle assigns a point to its neighbor vehicles and the nearest roadside unit after calculating the combined reputation for a particular vehicle; one can determine whether the vehicle is reliable by comparing the calculated values with the defned threshold values or not.

ECT.
Te proposed algorithm in [83] employs trustbased security measures to identify malicious activities, encompassing packet dropping and packet modifcation/ modifcation attacks. Te algorithm is rooted in direct and indirect trust, allowing for the computation of trust value and satisfaction of a given node sans supplementary control overhead. Direct trust can be computed by leveraging a given node's satisfaction value and weight coefcient. Te satisfaction value can be derived by carefully examining three parameters that underlie the data transfer process over a designated time interval. Despite the signifcance of direct trust, more is needed to serve as a standalone metric of a node's dependability. Te proposed model inquiries about the recommendations of neighboring nodes subsequently to direct trust concerning the observed node. Te observed node's indirect trust or recommendation trust is computed based on these recommendations. A decision regarding the observed node is then made based on the trust gained directly and indirectly.

RBA (A Reputation-Based Algorithm).
Te algorithm expounded in reference [84] is founded on the esteem of nodes within the network to detect DOS attacks. Te esteem of every individual node is determined by its transmission rate, precisely, the ratio of packets dispatched to subsequent nodes concerning the total packets received. In the proposed algorithm, when assimilating every node into the network, a default esteem value is conferred upon it. However, it is noteworthy that the said reputation of the node may undergo alterations subsequently, predicated upon the performance of the specifc node in question. Te observer node is responsible for monitoring each node's reputation value as and when deemed necessary. Te selection of the observer node is contingent on various parameters. To qualify as the observer node, stringent criteria, including a good reputation value and minimal computational load, must be met.

QMM (QoS and Monitoring of Malicious Vehicles)-VANET. Te proposed algorithm [85] monitors vehicles'
behavior to identify malicious vehicles in the network. Te stability of the network and communication is one of the critical concerns that signifcantly impact network performance. In this work, the authors have tried to maintain the stability of the network and prevent the performance of nodes that disturb the stability of the network. To select cluster heads, the proposed QMM-VANET clustering protocol carefully evaluates the quality-of-service parameters, including bandwidth, speed, interval, number of neighboring nodes, and distrust value. A vehicle that boasts of maximum local quality of service value is deemed eligible to be chosen as a head of a group of entities. Following this selection, the chosen vehicle identifes a set of appropriate gateways that facilitate packet transmissions and enable the connection of clusters. Finally, to tackle link failures, a recuperation method that involves the selection of diferent access routes possessing a satisfactory quality of service is employed.

TBM (QoS and Monitoring of Malicious Vehicles).
Te aforementioned study [86] presented a trust-centric framework for the identifcation of malicious nodes in adhoc networks that are utilized in vehicular settings. Rogue or malicious nodes can receive the data packets and drop them between the source and destination. Te proposed model frst estimates the nodes' degree of trust and identifes the network's rogue nodes. Te proposed method selects only reliable nodes to relay data in the routing process and then chooses the set of observer nodes to monitor nodes in the network. Te observer node evaluates a particular node's combined trust, spreads the node's status in a binary fag across the network, and this study assesses the performance of a network through the examination of four key performance metrics, namely: packet delivery rate, throughput, distribution of load, and end-to-end delay.

A Blockchain-Based Model.
Owing to the signifcant level of mobility and diversity of vehicle networks, adjacent vehicles are often unfamiliar with one another and need help to establish trust fully. Tis issue is further exacerbated by the misbehavior of vehicles within the network. Such attackers may deliberately disseminate untrustworthy messages. For instance, a vehicle may transmit a message indicating that it is safe to proceed when there may be an accident or trafc congestion ahead, thereby deceiving other vehicles. In their paper [87], Yang et al. utilized blockchain technology to propose a decentralized trust administration method for vehicular ad-hoc networks. Te proposed model leverages the Bayesian inference model to enable vehicles to verify messages received from neighboring vehicles. Roadside units (RSUs) utilize vehicle-based rankings to compute the trustworthiness of each vehicle and consolidate the information into a "block." Subsequently, each RSU endeavors to add its "blocks" to the trust blockchain maintained by all RSUs. Trough a collaborative efort, all RSUs work collectively to uphold a dependable and consistent database utilizing the blockchain technique. Simulation outcomes indicate that the proposed model efectively captures, computes, and stores trust values in vehicle ad-hoc networks.

An AODV-Based Model.
Te malicious node sends a lot of trafc (packets) to the network, so the network cannot handle it and becomes congested. When malicious nodes (nodes that are trying to disrupt the network) are in the network, it will take more bandwidth and more packets to send information through the network. Tis will slow down the entire network. In [88], Zaidi et al. try to detect malicious nodes with the AODV routing protocol's help so that vehicles and roadside units register in the certifcate authority (CA) and receive their unique Id. But the way to distinguish a malicious node is that the certifcation authority receives the vehicle entry form, RSU, and the certifcation authority confrms the information. Te RSUs and the vehicles make a communication to exchange packets. If the vehicle's ID does not match the registered ID, the certifcation authority will identify it as a malicious node.

EAAP (Efcient Anonymous Authentication Scheme with Conditional Privacy Preserving).
In their paper [89], the authors proposed a novel scheme for ensuring secure VANET communication among vehicles. Specifcally, the EAAP model introduced in the paper enables an RSU to authorize vehicles anonymously before transferring LBSI messages to others. Anonymously authenticating an RSU prior to receiving LBSI messages is ability vehicles possess, as described in the authors' paper [85]. Additionally, the EAAP mechanism ofers anonymous authentication, certifcation validation, and digital signature expenses necessary for VANET applications. Additionally, the proposed scheme can function as a powerful mechanism for tracking privacy conditionally, facilitating the detection of the true identity of a disruptive vehicle. Tis can signifcantly enhance the overall efciency and efectiveness of VANET.

A Game Teory-Based Trust Model.
Te vehicles share information about trafc conditions (accidents, delays, etc.) with other vehicles. If one of these vehicles gets an incorrect message about trafc conditions, it will tell the others. Hence, the authors in [90] proposed a trusted method based on game theories for VANETs. In the proposed model, the security game's attacker and defender identify and deal with malicious nodes. Tis strategy considers three parameters: "majority opinion, centrality, and node density." Te game's outcome is determined by the cost of attacking and defending vehicles, and the best strategy to use is calculated using the Nash equation. At this point, the defending nodes, with high power and low density and the efort to retransmit, achieved a higher relational priority than the frst attacking nodes.

On-Demand Model.
In environments characterized by high mobility, Protocols for routing that rely on location information are utilized. Particularly in vehicle ad-hoc networks (VANETs), to identify and penalize malicious nodes that may discard, alter, or redirect data packets. Tese disruptive activities lead to network dysfunction, making it arduous to utilize. Protocols for routing rely on location information. Typically, the process involves three stages: discovery of geographic location, Response regarding the geographical position, and data forwarding. Te proposed method comprises two states, namely, listening and identifying. Each node's reputation is evaluated by considering the number of packets forwarded (F_Count) against the number of packets in the forwarding request procedure (FR_Count). Each node evaluates its credibility and identifes a misbehavior node based on the reputation of other nodes. Nodes misbehaving can intentionally manipulate their routing protocol to discard packets, signifcantly impacting the send value [91].

A Model to Detect Blackhole Attack.
Te proposed algorithm [92] for detecting and preventing black hole attacks in vehicle ad-hoc networks, implementing routing protocols like AODV and DSR engenders heightened security Within the context of the ITS, particularly in city and highway scenarios. Such protocols serve to mitigate the impact of a malicious node. Te source node, in particular, facilitates this by storing information relating to all received packets within a Pseudo reply packet table. An essential feature of this table is sorting false response packets in ascending order of their sequence. Te priority is subsequently calculated based on the sequential number, with the highest priority given to the least number of orders. A node possessing an odd sequential number is considered malicious and is segregated by the source node and then the source broadcasts the message in the network.

FMBA (Fast Multi-Hop Broadcast Algorithm).
Te paper [93] analyzed the problems of position cheating attacks that can cause a reduction in safety applications. Te proposed method notes the impact of malicious vehicles on delaying alert messages and attempts to identify highly effective ways malicious vehicles use to reduce the delay of alert messages and the efect of the attackers. Te proposed method uses a fast multi-hop broadcast algorithm as a vehicle safety algorithm to reduce the time needed to send a message from a source to the furthest vehicle in a particular region. Tis algorithm consists of two phases: the phase of estimation and the broadcast phase. Te estimation phase's primary objective involves assessing the incidence frequency for each vehicle within its communication range. Tis occurrence is contingent upon broadcasting a message to every vehicle located within the sender's region of interest; additionally, before sending a packet, each recipient's responsible for determining its waiting time before initiating a message transmission. A vehicle with a lower contention window (CW) will be elected as the next sender. Still, a malicious vehicle that sends a "Hello" message will cause a delay by increasing CW in honest vehicles.

Watchdog-and Bayesian-Based Model. Rupareliya et al.
proposed a solution for preventing attacker nodes by using a watchdog and applying a Bayesian flter to fnd malicious nodes that don't forward the data packets [94]. Several nodes act as observers in the network and constantly listen to the neighboring nodes. If a node does not forward the packets to its neighbor node, the observer declares that node as a malicious node. Ten they used the Bayesian observer to analyze malicious behaviors at diferent time intervals. Based on that, the Bayesian guard calculates the percentage of packets sent by the malicious node. If the ratio is lower than the threshold value defned, the Bayesian observer does not consider the node a malicious node; otherwise, it is regarded as a malicious node.

A Distributed Reputation-Based Scheme.
Oluoch [95] posited a model of reputation that enables vehicles on the road to evaluate the reliability of other vehicles, thereby verifying the trust of messages transmitted on the network by unknown vehicles. Te originating node computes the trustworthiness of each vehicle; after that, each vehicle that receives messages seeks feedback from other vehicles within its transmission range regarding the dependability of the vehicle dispatching the message. In the event of a lack of feedback, the receiving vehicle will seek the assistance of the road site unit (RSU) to ascertain information about the sender vehicle. Te reliability of each vehicle is indicated by a reputation mark of t, which ranges from zero to one. Te trust levels are expressed on a scale ranging from 0 as the minimum to 1 as the maximum. Vehicles receiving messages implement stringent thresholds, with messages from the sender vehicle deemed trustworthy. Te average rating of all population members must exceed the set threshold to proceed.

VGKM (VANET Group Key Management).
Tis study [96] proposes a new dual authentication scheme to improve the security of vehicles communicating with the VANET environment, verify authentication, and prevent the VANET user's validity from being forged and sending false messages to other vehicles. TA classifes users into primary, secondary, and unauthorized users. Ten, a dual group key management scheme is implemented to efectively distribute a group key among each user group and update these group keys during user join and logout operations. In dual mode, two components are used: the hash code of each communication vehicle and the fngerprints. Terefore, the fngerprint authentication techniques in this study are integrated into a hash code generation method to prevent malicious users from using each network user's secret key to participate in VANET communications.

DMN (Detection of Malicious Nodes).
In paper [97], the proposed algorithm is that a vehicle gets cluster keys after joining the network. Ten the parameters: load, distrust value, and distance are calculated for neighboring vehicle nodes to select the verifer, then the proposed model fnds the nodes with lower decision threshold values, and these nodes are assigned as verifers to the recently joined vehicle. Verifers monitor the vehicle's behavior; if they detect abnormal behavior, they report it to the cluster head (CH). Te cluster calculates the value of the new distrust parameter for the vehicle. If the distrust value is detected as higher than the threshold, the whitelist will be updated, and the vehicle will be entered into the blacklist. A warning message is sent to all other nodes based on introducing malicious nodes. Te malicious vehicle has isolated access to the network, so it cannot drop and duplicate packets.

T-ACO (Ant Colony Optimization).
Te proposed method [98] used the trust metric and AODV routing protocol to detect malicious nodes. Te proposed algorithm is based on an Ant colony with two agents, FANT and BANT. Forward ant agents (FANT) move from source to destination to collect route information about the route's quality on the way to the destination. Te Backward ant agents (BANT) move from destination to source to create new paths. Ants leave the pheromone on the path while moving. So, the value of trust for each node and the amount of pheromone for each route are calculated. Suppose the trust value is lower than the threshold and the pheromone value is zero, so the node is malicious. Te quality of each path is calculated, and the route with the highest quality is selected for sending packets. [99] a data-centric model for detecting misbehavior that broadcasts false trafc information in vehicle ad-hoc networks, focusing on alert messages, including the PCN and the beacon message (information about the vehicle's location under observation being broadcast by the OBU). Te proposed model consists of an area defned by the position around the crash. It may vary for each vehicle that can observe the event (depending on its speed). In the proposed model, assume that position L is the position of the crash. Each coordinate is assigned a weight near the crash alert (L) (0, 1). Also, a confdence parameter based on the region below is extracted from the curve that shows the vehicle's route starting from the event location. A factor "β" is used to measure the truth of the information in the PCN alert.

DMV (Detection of Malicious Vehicles).
Te research proposed [100] an algorithm that could detect if a vehicle is malicious or not (for example, by looking at how it behaves packets, forwarding them, or dropping or duplicating). Some of the trustier neighbors monitor each vehicle, called verifer nodes. If a verifer vehicle perceives an abnormal behavior from each of the nodes under its supervision, it raises the distrust value of the vehicle. Te vehicle's ID is then announced to its appropriate Certifcate Authority as a malicious node when its distrust value exceeds the threshold value. Te vehicle's name is entered in the black list. Te blacklist separates malicious vehicles from honest vehicles stored in the list. Malicious vehicles are isolated from the network after being added to the black lists, and other vehicles do not accept any messages from the vehicles on the blacklist. Ultimately, the review results show that the DMV technique is able to discover most vehicles that have malicious behavior due to high speeds.

D&PMV (Detection and Prevention of Malicious Vehicles).
In research [101], Kadam and Limkar presented an improved DMV algorithm (improved DSR), detecting malicious vehicles and preventing them from operating in the network. In this algorithm, to detect malicious nodes, frst, the nodes are placed in appropriate clusters, and the main cluster head and one spare cluster head are chosen. Ten, the behavior of each node is examined with the help of observers. If it is less than or equal to the specifed threshold value, its name will be whitelisted; otherwise, a malicious node will send a warning message to the other nodes in the cluster. Te prevention algorithm is activated if the malicious node is found in the previous step. Tat path is left aside in the found path, and an alternative communication path is used. Tis methodology decreases the consequences of a potential black hole attack in vehicle ad-hoc networks, and the mechanism is impressive and safer than the previous ones.

Improved AODV Protocol (RAODV (A Robust AODV)).
In paper [102], the AODV protocol has been presented with a security model for detecting malicious vehicles. Te architecture implements a registration system managed by a central authority in each vehicle and RSU, assigning a particular identity to each node upon submission of its primary identifcation, such as the number of vehicles. Te Government ensures the preservation of RSUs to prevent any failure. Te RSUs in the network gather and retain data, including vehicle identity, vector, and classifcation of all vehicles that pass through their region through a camera. Te proposed architecture employs performance metrics, such as Packet transmission success ratios, average endto-end delay, the overhead of routing, and the number of discarded packets, to identify any malicious nodes. Upon identifcation of a malicious vehicle by the central authority (CA), a warning notifcation will be distributed to the surrounding zone, encompassing nearby RSUs and vehicles. Te packets shall not be transmitted to vehicles with malicious intent but instead will be segregated from other vehicles using the RAODV protocol. Te outcomes of the suggested mechanism have demonstrated that the RAODV protocol can successfully discern a malicious vehicle after the assignment process. Detection Scheme)). Barnwal and Ghosh [103] have developed a model to detect the misbehavior of vehicles that can detect malicious nodes that broadcast fake information about the measurement of position and velocity can be achieved through the utilization of heartbeat rate messages. Te vehicle designated as the observer utilizes the data within the heartbeat messages to determine the veracity or malfeasance of a given node. From the examination of new data, it has been assumed that the expected and observed position of the reported vehicle is calculated by the observer vehicle. If the results do not match, the index of suspicion will increase compared to that vehicle. If the level of suspicion is higher than the threshold value, the vehicle will be considered malicious. Tis method's advantage is that it does not create any communication overhead in these networks or require additional sensors because it uses a periodic message.

System Based on Detecting Cheaters.
In the proposed approach [104], Huang et al. have suggested an identifcation protocol aimed at identifying malicious vehicles that disseminate counterfeit information regarding trafc congestion with ulterior motives and adopt the guise of unreal vehicles. Te approach employs sensors to verify the vehicle's congestion based on local speed and distance measurement, and it leverages the kinematic wave distinguish method, which allows the vehicle to anticipate over time and space. Consequently, it can recognize nodes that exhibit improper conduct by transmitting false trafc congestion information. Te architecture entails a vehicle's signature to identify and stop numerous malefactors with legitimate certifcates (forgery) from falsifying trafc. Te certifcate must be appended to the signature packet. Te proposed solution is advantageous since it solely hinges on connections with adjacent nodes and does not necessitate a system to detect trafc congestion.

MBRMS (Misbehavior-Based Reputation Management System).
In the proposed method [105], Kim and Bae have presented a new misbehavior-based reputation management system consisting of three components: (1) detection of misbehavior, (2) event broadcast, and (3) global eviction algorithms for detecting and fltering inaccurate information in these networks. Each vehicle maintains system information and relevant events to detect misbehavior nodes. Te proposed mechanism uses a diferent diagnostic technique, and when an event observer receives an alert message from an event reporter, it detects the alert type of the alert message. When the event observer receives light from the warning vehicle after a while, it calculates the relative classifcation error (RCE) using the rough sets of variable accuracy [11] of the event. It also uses the risk level of the malicious node to measure the risk value. Tis method most efectively detects and isolates misbehaving nodes.

RB-CD (Repetition-Based Broadcast Diversity
Technique). Te study [106] proposes a new and efcient protocol for sending repetition-based messages that uses various cooperation techniques. Tis method contains three phases: (1) initial broadcasting, (2) selecting the relay node, and (3) repetition phases for cooperation. Te main idea is to repeat a broadcast message correctly, cooperating with the source and the neighbors. Te proposed relay selection algorithm is a disseminated algorithm that magnifes the broadcast message's reception rate, which is designed for broadcasting single-hop safety applications, especially for essential messaging applications (EMD).

VARM (VANET Association Rules Mining).
Tis study [107] created a mechanism that collects transmission data about each vehicle in a neighborhood and then extracts the rules of temporary correlation between vehicles related to transmissions in a neighborhood. Tis method is proposed to develop communication rules for fnding a faulty or malicious vehicle that transmits inaccurate information. For example, a vehicle is unrelated to the vehicles in contact with it, and adhering to these rules is unrelated. Sorted structures are constructed based on the priority relation and use the item to conceive a set tree. Te proposed model displays superior performance when compared to the FP-tree. Furthermore, it has been demonstrated that the cats-tree exhibits a low and dense confguration. Both data sets exhibit a lower concentration of execution intervals when compared to the present data.

Data Centric Detection
Schemes. Data exchange between nodes is examined in data-centric approaches, so the misbehavior is identifed. Tis mainly relates to the communication between messages that leads to the detection of selfsh nodes. Te information disseminated by the nodes within the network is subjected to a comparative analysis with the data relayed to other nodes to ascertain the veracity of the alert announcements received. Terefore, any vehicle that sends fake details on various events in these networks, such as fake congestion messages, incorrect positions, false alarms, vehicle crashes, and road conditions, is considered misbehavior. In [108], the author has identifed the transmission of false information and misbehavior nodes by monitoring vehicle actions after sending alert messages. Te coordination of reported and estimated vehicle positions is essential to enable the making of appropriate decisions based on the available information. Instead of revoking the secret credentials, this scheme applies fnes to misbehaving nodes; the certifcate authority's credentials prevent the nodes from having malicious and selfsh behavior. Tis will reduce the calculation and communication costs of revoking the secret credentials. Te fndings indicate that the suggested framework outperforms alternative frameworks with transmission overhead when transmitting a record of invalidated private certifcates to the roadside unit.

System Based on Machine
Learning. Te study introduces a novel approach [109] that utilizes machine learning techniques to establish a Security architecture for classifying numerous forms of misconduct in vehicle ad-hoc networks. A misbehavior node can manipulate data packets by altering its identity, position, time of transmission, and safeness message. Te attacker node can also fabricate counterfeit messages or coerce other nodes to generate such messages.
Te features extracted from various attacks and misbehavior that the senders of the security packet are removed to distinguish between diferent misbehavior types. Te proposed approach classifes several types of misbehaviors in this type of network. It has been observed that J-48 and Random Forest classifers exhibit superior performance compared to other classifers such as Naive Bayes, IBK, and AdaBoost1. A voting system that allows the majority to decide to get a better and more accurate detecting system. Tis method is better and highly efcient in categorizing multiple misbehavior practices in vehicle ad-hoc networks than primary classifcations in other papers.

Intrusion Detection Model.
In the paper [110], a method for detecting intrusion based on signature has been presented, capable of distinguishing simulated congestion and denial of congestion attacks caused by malicious vehicles. A navigation system has been launched in each vehicle that includes information about each vehicle's position and the road on which it travels. Te position information received from the CAM represents the vehicle's center; given this information, a moving vehicle's rectangular model on the road can be drawn. With this model's help, it can be calculated whether diferent vehicles' rectangles intersect because malicious vehicles give fake information about their position and cause a fake trafc jam. Each node also calculates a certain amount of trust for its neighbors, which is achieved with the vehicle's frst and latest beacon messages, which are B 1 j and B n j respectively, and variable d i shows the distance between the beacons calculated by N i , and the minimum-distance-moved (MDM) is the shortest transmission range. If d i (B 1 j , B n j ) ≥ d MDM then the trust level is equal to (τ �1).

A System-Based
Alert. An "event" is a collection of observations that provide information on an initial alert's probability. Tese groups have many "event classes," each containing some events. Te performance of each event in each category is defned by specifc attributes that relate to that class. In their publication referenced by number [111], the authors presented a technique for detecting a possible mistake by relying on supplementary data or notifcations generated after the initial notifcations. Te authors fnd a way to use information about a suspicious alert to confrm whether the initial event that caused the alert was real to reduce the number of false alarms. Secondary data received as warnings of causality can be gathered to establish credibility for the direct messages. Te notifed behavior is crossreferenced against the vehicle's warning system to assess the circumstances necessitating an escalated alert. Tus, if the two are incongruent, it indicates a fraudulent alert, characterizing the vehicle as malevolent.

RCBD (A Root Cause-Based Detection).
In their study documented in [112], Ghosh et al. have advanced their research by acknowledging the potential for erroneous information about the vehicle's location in transmitting false collision notifcations. Tey have also introduced the utilization of the Post-Crash Notifcation (PCN) application to display crucial factors contributing to the efectiveness of their proposed model. Te cause-tree model is a highly efective tool in detecting instances of misbehavior and accurately identifying the underlying cause of logical cuts. Tis scheme proves to be healthy and identifes many misbehaving nodes.

Ghosh et al.'s Method.
Tere is always a chance of incorrect messages being transmitted due to faulty sensors or purposeful malicious activities. In [113], Ghosh et al. proposed a robust model for detecting malicious vehicles for a crash declaration. Te utilized methodology initially observes the driver's actions after an escalation in a collision warning message. Te vehicle's movement is monitored, and the anticipated trajectory of the vehicle is computed using the collision transportability model. If the disparity among two given values surpasses the threshold value, the warning is regarded as erroneous; subsequently, the warning is deemed incorrect with that verge value. Tis methodology profciently diminishes the rates of false alarms (FAR) and false positives (FPR) and identifes instances of misconduct.

VARS (Vehicle Ad-Hoc Network Reputation System).
One of the challenges is to make sure that the emergency message the vehicle receives is reliable (it is not fake), and that it is time-stamped (it was not changed while it was being sent).
One of the hazards of malicious nodes is sending false alarms in the network. A reputation-based model [114] for vehicle ad-hoc networks introduces many mobile nodes. Te proposed model has direct and indirect reputations for each event message. Each sending node adds a comment to its message about the reputation of the message. Tey say this mechanism is "Piggybacking," meaning when a message is sent to each node, each generates its own opinion on its reputation and attaches it to the message.

Detection Schemes of Selfish and Malicious Nodes
Tis part of the paper reviews various papers that provide an algorithm for detecting selfsh and malicious nodes. In the following, Table 3 discusses the advantages and disadvantages of these algorithms, and Table 6 examines the features of each paper.

SV (Secured VANET).
Alkhalidy et al. proposed [115] a new strategy for catching malicious nodes in the vehicle network. Malicious vehicles send wrong emergency information in the network to restrict nodes from accessing the channel to receive road information. Numerous elements are chosen for the fuzzy logic scheme to calculate the trust of nodes participating in the vehicle network. In this method, vehicles divide into clusters, and a roadside unit governs each. Te roadside unit estimates the nodes' trustworthiness before letting vehicles access the network. Te roadside unit dismisses a malicious node based on its trust value. Te proposed method has been ofered to detect malicious nodes. Still, by doing simulations, the authors realized that their method could also detect selfsh nodes, so we put this method in the category of detecting malicious and selfsh nodes.

A Cooperative Game-Based Mechanism.
In the paper [116], the authors introduced a mechanism based on coalition game theory for data transmission with nodes in VANET. Based on many parameters, such as geographical location and movement direction, vehicles can be grouped into a coalition based on the predicted distance and longevity of links created between vehicles and the gates and their joint transmission planned. On the other hand, the gates can join the coalitions to cooperate in relaying the vehicle's data over the Internet. Every vehicle tries to access the wireless Internet or the fxed Internet. Two scenarios are used to evaluate the proposed solution better: the fxed gate scenario and the mobile gateway scenario. Te simulation results show that the gates' mobility increases the transmission with cooperation and increases the communication and connection capacity in the vehicle networks.

Hierarchical Game Teory-Based Model.
Nobahary et al. [117] showed that the misbehavior nodes could be identifed and stimulated, as the proposed method takes three steps. Te setup and clustering algorithm is run in the frst phase and starts sending data and playing the game to detect the malicious and selfsh nodes. In the next step, each cluster's nodes cooperate in executing a limit Low repeated game while forwarding their packets or neighbor nodes' packets.
In the next phase, each node monitors its neighbor nodes' actions to know if they forward the packets or not. Te cooperation procedure is excavated for specifying the selfsh or malicious nodes that did not send the packets or forwarded the packets with a latency. In the end, the network's misbehavior nodes' reputation has been decreased by other nodes.

A Trust-Based
Approach. In this study [118], a completely decentralized approach aims to encourage and implement the plan to identify and prevent malicious nodes from injecting false information into the network. By examining the proposed method, the authors realized that the algorithm for identifying selfsh nodes also performs well. In the proposed method, the leader controls the transport packets, acting as an "observer." Te observer uses the incentive mechanism given according to the value of the "fag" produced by the  Security and Communication Networks leader. Next, the observer node will distribute rewards to coworker nodes. Te incentive mechanism spreads rewards to fellow nodes according to the number of "fags" generated by the leader and the punishment system, including a gray and black list. Te gray list (ID) stores malicious nodes that have been temporarily deleted. If a node reaches the value "fag � (−6)", it will be placed in a gray list and become a punished node, and it shows the value of the trust fag of the node, with the help of which the selfsh node is also identifed. If it continues its malicious behavior, it will be blacklisted and permanently removed from the group of vehicles. Te security mechanisms are based on asymmetric and RSA encryption by creating public and private keys and digital signatures to ensure packets' security.

UAV (Unmanned Aerial Vehicle)-Assisted Technique.
Trust-oriented answers can efectively manage a range of security hazards in Vehicular Ad-hoc Networks (VANETs), such as Denial of Service (DoS) attacks, black holes, gray holes, and collision scenarios. Te proposed approach entails the integration of a mechanism that adjusts the detecting threshold., which enables the identifcation of intelligent malicious activities, such as identity-changing and faking schemes.
In the proposed method [119], which is an improvement of [89], a drone separates the road parts into virtual fxed groups after determining the amount of direct and indirect trust of each vehicle. Ten, a cluster head is selected, which is the closest node to the central point of the division. However, in the subsequent interactions, the selection strategy is based on 1-Trustiness and 2-Its closeness to the cluster's main topic. A cluster head interacting with cluster members has already collected their recommendations about each other; hence, it can directly list its blacklist as a local cluster localization without further processing. Tis will prevent further processing delays and overheads. Some malicious vehicles devote diferent identifers (IDs) to stay unidentifed (they change their identities when identifed). Tese vehicles are also recognized; their IDs are included in the general blacklist and are notifed to other vehicles using the roadside unit and drones. 7.6. Credit-Based Model. Credit-based methods are considered for all nodes in the network to have an initial credit, and then, in proportion to each node's performance, the cluster will reduce or increase this value. In the proposed method [120], for each vehicle, the initial confdence is 0.5, then, the trust computation, directly and indirectly, takes place. Tese trusts are characterized as a regional evaluation grounded on direct vehicle exchange, calculated in terms of a vehicle's legal and malicious actions. Te indirect trust is calculated with the help of the neighbors' recommendations that they are one hop away from the vehicle in question. Of course, the neighbors with higher trust got increased ofers. If a vehicle notices that one of its neighbors is behaving dishonestly, it will increase its level of detection (how much it trusts its neighbors), and reads the data the vehicle gives and if it sees any unusual behavior (for example, if the data is always in the same range), it will raise the detection threshold (TH) so that it will detect abnormal values. Instead of using a single fxed value to decide whether to give a vehicle punishment, vehicles can use a range of thresholds that change depending on the behavior of their neighbors. Te proposed method successfully detects the attackers that cleverly adjust and change their behavior ( Figure 9) to evade detection and prevent exclusion from the network's functions. Scheme). Te proposed method [121] is based on motivation so that a reputation is considered for each node, and with the cooperation of the nodes, their reputation is increased. In this manner, there is a motivation for all nodes to collaborate in the network. In the proposed method, the packets are forwarded to other network nodes with clustering for enhanced monitoring. Determining the cluster-head node and an associate clusterhead node is based on specifc parameters within each cluster. Additionally, three watchdog nodes, comprising the previous relay node, associate cluster head, and one of the neighboring vehicles, are chosen as cluster watchdog nodes over a short period using the round-robin method. Tese nodes maintain the source's data to the intermediate nodes in a table. Once the intermediate node sends the data, the watchdog node contrasts it with the data in the table, and if an inconsistency is detected, appropriate measures are taken.

PPS (Payment Punishment
It is known as a suspicious node. Data aggregation should be done with the replacement of some watchdog nodes. For this purpose, the Dempster-Shafer theory is used to determine the cooperation or selfshness of the suspicious node. Te nodes of the cluster will be awarded If the node is selfsh. According to the authors, this method can detect all malicious attacks such as packet dropping, replay attacks, free riding attacks, nonrepudiation, reputation stealing attack, bad-mouthing attack, collusion, and false appraisal.

DTM (Distributed Trust Model).
Te authors proposed a practical solution that flters out the nodes that spread false information, retransmit modifed data packets, or use the network's resources. Tus, their collaboration rate is low. Due to the reduction of network efciency in these conditions, selfsh and malicious nodes in the network should be discovered and discarded. Te DTM [122] is a distributed trust model inspired by Spence's job market model in the economy, for each node is assigned a credit account that can be increased or decreased due to its behavior. Tis credential is used to gain network benefts, such as receiving messages from other nodes.
On the other hand, a node whose credit expires, the node is identifed as selfsh and driven out of the network. In this model, the sender sends a signal with its message. Tis signal indicates the integrity of the message for potential recipients. Te source node must pay the price for using the signal; its cost depends on the value and the node's behavior. Te signal's cost is based on the sender's behavior. If the sender is abusive, then the signal will be expensive. Te model removes the sender nodes from acting maliciously because the transmitter nodes' cooperation is proportional to the signal received.

WD-TT (WatchDog-Trust Token).
Te proposed method tries to detect selfsh nodes that do not forward packets to others and malicious nodes that attack the packet's authenticity and data integrity. Te authors of the paper [123] proposed a WD-TT mechanism to predict the way a network will behave based on how vehicles send packets of data. Te proposed method has three protocol nodes: prior, relay, and successor. Te relay node is a part of the network that gets messages from one part of the network and passes them onto other parts. Te relay nodes forward the packet to all possible routes, so the packet could reach its destination ensure. Te prior (former) is a single-step relay node that acts as a Watchdog. Te Successor (suc) replaces one of the single downstream from the single relay that decides whether to accept packets or not. Te former and alternate nodes are within the relay node's wireless transmission range. Each node has a bufer to maintain packets.

Performance Metrics Discussion
Te assessed articles have employed the parameters for the assessment of the efcacy of each approach; these parameters are [124][125][126][127] and the number of normal nodes that have been truly detected (TN)) (i) Second chance: A node that once has selfsh or malicious behavior is not removed from the network and allowed to cooperate with other nodes again. Table 7 shows the Notation and description of each metric.

Further Investigation of Attacks and Solutions Provided for Them
In the following, we have presented another table for the types of attacks and the specifed solutions for each of the attacks. In this table, the type of attack is specifed frst, then the type of nodes, the layers involved in that attack (It is specifed according to the layers of the OSI model and the opinion of the authors), and which security service is called into question when each attack occurs. Te primary security services are categorized into several items, the most important of which are availability, confdentiality, authentication, data integrity and non-repudiation, and privacy. Te last column of this table is dedicated to the proposed method to deal with attacks. In Table 8, the type of attack is either selfsh or malicious. If the studied paper, a specifc type of attack has been solved by the method proposed by the authors, we have mentioned it in the Table 8 Otherwise, it is written as malicious, selfsh, or both, and the type of attack that resolves is bolded in the description of each method.  Figure 9: Attackers' clever behavior [116]. Giving the misbehaving node another chance to operate in the network

The Classification of the Papers Published in Various Journals
In this study, we have reviewed diferent articles on detecting uncooperative nodes. Figure 10 illustrates the papers' classifcation in various international journals, including Springer, Elsevier, Other Journals, and IEEE. Elsevier publishes 34% of the articles, IEEE publishes 26% of the papers, Springer publishes 22% of the total paper of journals, and the remaining 18% of the papers are published in other Journals.

Related Open Research Issues
For years, research in the feld of intelligent vehicle ad-hoc networks has attracted the attention of many researchers because having an intelligent vehicle is easy. Of course, safe driving has been a human dream. Tere has been a lot of research about the diferent types of attacks on these networks to realize this dream and have a safe network of vehicles. Of course, the authors suggested that countering specifc attacks have been signifcant, but the network is still vulnerable to other attacks. Tis study reviews the 11.1. Having More Secure Communication Links. One area needing more research is reliable connections. Te high density of vehicles in these networks can cause packet distribution storms, failure to deliver packets to vehicles on time, change of packet content, etc., which will disrupt network links. In a network where the correct reception of data is crucial due to its dependence on human life, such attacks in the communication link of its nodes are not acceptable and must be improved.

Elimination of Some Restrictions in the VANET Network, such as Low Bandwidth of Communication Links and Short
Radio Range. Low bandwidth prevents packets from reaching their destination on time, and if a DDoS attack is started on the network, no packets reach their destination, and messages about redirects due to an accident or heavy fog, etc. In general, security messages don't reach the drivers. Also, the short radio range causes the packets to be transferred step by step from one node to another to reach the destination, and even if one of the intermediate nodes is selfsh or malicious, it causes the packet to reach the destination either with a delay or by change, or do not reach its destination at all. Tis is a disaster in vehicle ad-hoc networks due to the immediate sending of vital packets.

Rapid Topology Change.
Another major problem in these networks is rapid topology change because the vehicles have very high mobility. Terefore, instead of using the neighboring vehicles that are constantly moving, roadside units can be used to determine the performance of these vehicles as cooperative or uncooperative. In this way, the vehicle obtains information from its neighbors and shares it with the nearest roadside unit, and roadside units can make decisions about the performance of each vehicle. Te roadside unit sends this message to all vehicles and other roadside units.

Prevention of Attacks.
As mentioned earlier, in vehicle ad-hoc networks, packets should reach the vehicles in the shortest possible time, but attacks such as DDoS prevent other packets from reaching the destination immediately by sending fake packets rapidly. So, the best way to solve some attacks is not to identify and isolate these types of nodes but to prevent attacks. We propose solutions to deal with malicious and selfsh nodes that include using learning algorithms. Several methods to detect selfsh and malicious nodes, among which it seems that the use of machine learning-based methods such as artifcial neural networks, support vector machines, and decision trees, can bring signifcant results for researchers to solve the problem of uncooperative nodes.

Conclusion
Vehicle ad-hoc networks have attracted much attention because of their potential to improve road safety and driving conditions. In this study, the authors provide a comprehensive overview of the problem of detecting misbehaving vehicles in VANETs. Tis is a critical problem because the efect of selfsh and malicious nodes can cause signifcant damage to the network. In this study, we classify the types of attacks and provide explanations of the most commonly used attacks in VANETs and the various methods proposed by the authors to prevent and detect them. Tables 1-6 also examine the performance of each method. By examining various parameters, it is possible to understand what the strengths and weaknesses of each method are, for example, by examining parameters such as the percentage of detection of uncooperative nodes, overhead, throughput, etc., and Table 8 also examines which layer each attack occurs and which security service is challenged by it. It was found that no single method can detect all misbehaving nodes in VANETs. Tis study intends to provide valuable insights for researchers seeking to explore the realm of identifcation of inappropriate conduct strategies in VANETs.
Considering that there are many challenges in this feld and solving these challenges will improve the efciency of intelligent vehicles and allow drivers to drive safely, it can be said that it will provide them with many opportunities for discovery and innovation in research that can lead to signifcant results using new technologies such as blockchain or neural network algorithms, or even by improving parameters in a fuzzy logic or combining them.

Conflicts of Interest
Te authors declare that they have no conficts of interest.