Sage Journals: Discover world-class research

Abstract

To detect the primary user’s activity accurately in cognitive radio sensor networks, cooperative spectrum sensing is recommended to improve the sensing performance and the reliability of spectrum-sensing process. However, spectrum-sensing data falsification attack being launched by malicious users may lead to fatal mistake of global decision about spectrum availability at the fusion center. It is a tough task to mitigate the negative effect of spectrum-sensing data falsification attack and even eliminate these attackers from the network. In this article, we first discuss the randomly false attack model and analyze the effects of two classes of attacks, individual and collaborative, on the global sensing performance at the fusion center. Afterwards, a linear weighted combination scheme is designed to eliminate the effects of the attacks on the final sensing decision. By evaluating the received sensing result, each user can be assigned a weight related to impact factors, which includes result consistency degree and data deviation degree. Furthermore, an adaptive reputation evaluation mechanism is introduced to discriminate malicious and honest sensor node. The evaluation is conducted through simulations, and the results reveal the benefits of the proposed in aspect of mitigation of spectrum-sensing data falsification attack.

Keywords

Spectrum sensing reputation degree data falsification attack cognitive radio sensor networks

Introduction

In cognitive radio sensor networks (CRSN), the sensors with cognitive radio devices can employ dynamic spectrum access technology to use licensed spectrum bands on an opportunistic manner. By allowing secondary users (SUs) to share licensed spectrum bands, the problem of radio frequency spectrum shortage will be alleviated effectively. Certainly, unlicensed users should ensure to avoid causing harmful interference to the licensed users (primary users (PUs)).¹ Although the SUs need to monitor periodically to identify the PU’s presence, dynamic use of spectrum facilitates CRSN more flexibility to support many emerging applications.² It can not only alleviate the congestion of Industrial Scientific Medical (ISM) band and improve the spectrum utilization but also effectively avoid data collision and high network throughput.³ Compared with traditional wireless sensor networks (WSNs), owing to spectrum sensing and decision-making, the problem of spectrum resource scarcity and inefficient spectrum utilization can be effectively alleviated. Spectrum sensing is an essential prerequisite for cognitive radio (CR) system to detect the activity of PU, which should sense the spectrum for available opportunities and avoid any collision and minimize harmful interference to licensed users. The detection accuracy of spectrum sensing determines the performance of the whole CR system to a great extent.⁴

Due to shadowing, multipath fading, and time-varying characteristics of wireless channel, erroneous sensing decisions can occur frequently and result in inefficient utilization of the spectrum opportunities or interference at the licensed user. Cooperative spectrum sensing (CSS) can improve the reliability of spectrum sensing effectively. By combining all results from cooperative sensing nodes, they can cooperate with each other to decide on the presence or absence of the PU collectively. It overcomes the unreliability of individual SU or the influence of multipath fading, shadow effect, and noise uncertainty that may occur in the wireless environment. Therefore, CSS has been suggested as one of the solutions to exploit the diversity of multi-users and make more accurate decision. However, CSS is vulnerable to suffer from various kinds of security threats.⁵ Among them, spectrum-sensing data falsification (SSDF) attack can severely impair cooperative sensing performance, in which local false observations sent by malicious users (MUs) during the process of cooperative sensing.⁶ Even small number of MUs behaving maliciously, such as broadcasting falsified information or not following proper collaboration mechanism, it will result in serious damage on the reliability of CSS.⁷ As a result, it is necessary to design a secure and effective cooperative spectrum-sensing mechanism to resist SSDF attacks. To this end, this article presents the main contributions as follows:

The randomly false attack model is introduced, and the analysis of the effects about two classes of attacks, individual and collaborative, on the global sensing performance is conducted.

Based on the analysis of node’s result consistency degree and data deviation degree, a linear weighted combination scheme is designed to eliminate the effects of SSDF attacks on the final sensing decision.

An adaptive reputation evaluation mechanism is presented to discriminate malicious SU and honest SU.

We compare and analyze traditional techniques under SSDF attack. Simulation results show that the proposed scheme can not only weaken the harmful influence caused by attackers but also give good performance in terms of detection rate and false detection rate.

The rest of this article is structured as follows: section “Related work” provides a survey of existing SSDF counter mechanisms; section “System model” defines the randomly false attack model and analyzes the impacts of two types of attacks theoretically; section “Attack-aware linear weighted combination scheme” introduces a linear weighted combination scheme to address the problem of SSDF attacks; section “Simulation results and discussions” shows simulation results from the point of view of attacker’s identification and detection performance. Finally, section “Conclusion” concludes this article.

Related work

CSS is a well-known approach to identify potential spectrum holes applied in centralized and decentralized network, but it is easy to incur various kinds of attacks such as primary user emulation attack (PUEA), SSDF, and eavesdropping attack.⁸ Among them, SSDF is the most well-known security threat in CRSN. The motivation of SSDF attackers is to waste the access opportunities of other SUs or to disturb PU’s normal operation by decreasing the global detection probability. By sending false spectrum-sensing reports, MUs can cause a wrong global decision about spectrum availability at the fusion center (FC).⁹ Especially, some honest SUs may be regarded as attackers owing to their bad sensing performance caused by either shadowing and fading or malfunctioning sensor.¹⁰ Nevertheless, either MUs or those unintentional attackers degrade the detection accuracy of the system, which depends on the joint distribution of attackers and honest users’ detection probability.

From the attacker’s point of view, SSDF attack strategies can be divided into Always-Yes attack, Always-No attack, Always-False attack, Hit-and-Run attack, probability attack, and so on.¹¹ To deal with the serious damage on the reliability of CSS through data falsification injection, several works have been investigated to defense against SSDF attacks. The statistical features of node’s sensing results can be employed to identify MUs. Zhang et al.¹² analyzed a generalized probabilistic soft SSDF attack model and deduced a closed-form expressions of global sensing performance at the FC. In the study by Singh et al.,¹³ a distance-based outlier detection approach is proposed to isolate the malicious nodes from the decision process. In the study by Ahmadfard et al.,¹⁴ a flexible structure is introduced to deal with the uncertain attacking parameters settings by attackers, and a soft-decision-based defense strategy is employed at FC to detect the attackers. Based on statistic characteristics of sensing information, Ahmed et al.¹⁵ proposed a Bayesian nonparametric clustering approach to estimate the PU’s channel behavior and identify MUs’ collaborative spectrum sensing. Li and Chigan¹⁶ presented a fuzzy c-means clustering–based secure fusion strategy to deal with the dynamic flip rates of MUs. By setting some evaluation frames and assigning specific weights to different sensing nodes, Althunibat et al.¹⁷ presented a novel robust algorithm against SSDF attack to improve the resulting effects on CSS. Also, the proposed algorithm is capable to convert attackers to honest nodes, which in turn improves network energy efficiency and the detection accuracy. Ghaznavi et al.¹⁸ propose a fast searching algorithm to detect the trusted sensors, which can be grouped into reliable clustering structure according to the sensing history.

In the context of SSDF attacks, reputation-/trust-based approaches have been widely studied and applied into CRSNs. According to the local and global decision results, Zeng and Faweczak¹⁹ presented a mechanism for updating the trust values of sensing node. Furthermore, SUs will be designated into three states: trusted state, discarded state, and waiting state according to the trust value, and only SUs with trusted state can be allowed to participate in cooperative sensing. Althunibat et al.²⁰ developed identification and punishment policies for SSDF attackers, which aim to detect attackers and ignore their reported sensing results and redistribute the transmission opportunities among SUs based on their local performance. Han et al.²¹ used Jousselme distance to measure the credibility of CR users’ sensing results, filtered out the reliable sensing results with high credibility, and combined them with appropriate weight value. By exchanging the sensing results with the neighbors, Feng et al.²² presented a distributed trust evaluation scheme to counter SSDF attack in non-centralized networks, which includes a trust evaluation phase to manage CSS. Based on mechanism design theory, Wang et al.²³ motivated users to report authentic sensing data and decouple erroneous sensing reports. However, the arbitrarily discarding the sensing report of suspicious SU may lead to require more decision samples to support the global decision. Despite of their effectiveness in resisting SSDF attacks, most of existing works do not consider SSDF attack model based on soft fusion. Compared to hard combination, soft SSDF attack will be more intangible due to relatively larger range of the observed energy, which can cause as aggressively as possible to the FC’s performance.

Motivated by the observations above, in this article, we start with an objective to develop a more general soft SSDF attack model. And then, we propose an adaptive reputation-based mechanism, which does not require prior information about the number of attackers or attacking strategies, to defend against both independent and collaborative attacks based on soft SSDF.

System model

Network model

Consider that a CRSN with N cognitive sensor nodes (SNs) periodically transmit the sensed data to the central coordinator (a sink node or access point), which acts as the FC to regulate the medium access of all SNs attached to it. After the sensing nodes perform local spectrum sensing simultaneously, the observations will be sent to the FC through the common control channel to make the final decision. Each SN is independent, and the energy detection method is exploited. The PU detection problem for a given received signal $x (k)$ can be formulated into binary hypothesis testing. Then, the receiving signals for hypotheses $H_{0}$ and $H_{1}$ can be denoted as the presence or absence of PU. Thus, it can be formulated as follows²⁴

x_{i} (k) = {\begin{matrix} u_{i} (k), H_{0} \\ h_{i} (k) s (k) + u_{i} (k), H_{1} \end{matrix}

(1)

where $s (k)$ is the signal transmitted by PU, $u_{i} (k)$ represents the observation noise, and $h_{i} (k)$ is the channel gain between the ith SNs and PU.

By accumulating m samples of the energy observation in ith node, the test statistic can be given as²⁵ $E_{i} = \sum_{k = 1}^{m} {| x_{i} (k) |}^{2}$ .

If m is sufficiently large, the probability distribution function (PDF) of $E_{i}$ can be approximated by Gaussian distribution as follows

under H_{0}, N (m σ_{i}^{2}, 2 m σ_{i}^{4})

(2)

under H_{1}, N ((m + γ_{i}) σ_{n}^{2}, 2 (m + 2 γ_{i}) σ_{i}^{4})

(3)

where the noise and the signal are assumed to be i.i.d Gaussian random processes with zero mean and variance $σ_{i}^{2}$ and $σ_{u}^{2}$ , respectively, and the received signal-to-noise ratio (SNR) is denoted by $γ_{i} = σ_{u}^{2} / σ_{i}^{2}$ .

Then, the probability of false alarm and detection of ith node can be given as

P_{f, i} = Q (\frac{λ_{i} - m σ_{i}^{2}}{\sqrt{2 m} σ_{i}^{2}})

(4)

P_{d, i} = Q (\frac{λ_{i} - (m + γ_{i}) σ_{i}^{2}}{\sqrt{2 (m + 2 γ_{i})} σ_{i}^{2}})

(5)

where $λ_{i}$ denotes the local threshold of ith SN and $Q (t)$ denotes a Gaussian tail function which is defined as $Q (t) = 1 / \sqrt{2 π} (\int_{t}^{\infty} \exp (- x^{2} / 2) dt)$ .

Suppose that all SNs send the local test statistic to FC through error-free public control channels, the reported result received by FC can be expressed as $Z_{i} = E_{i}$ , $i = 1, 2, \dots, N$ . According to the Neyman–Pearson criterion,²⁶ the log-likelihood ratio (LLR) test will be an optimal combination rule. However, it is strictly applicable when the PU’s signal experiences slow fading. Comparatively, linear soft combination can be possessed with low computational complexity, and the detection threshold can be derived by mathematical approximation.²⁷ Therefore, in this article, the weighted linear combination is employed to fuse test statistic from each individual SN. The combination result $Z_{c}$ of FC can be expressed as

Z_{c} = \sum_{i = 1}^{N} w_{i} Z_{i}

(6)

where $w_{i}$ is the weight of the test statistic from ith SN and $\sum_{i = 1}^{N} w_{i} = 1$ .

Accordingly, the global probability of false alarm $(Q_{f})$ and detection $(Q_{d})$ can be given as

Q_{f} = Q (\frac{λ_{c} - m \sum_{i = 1}^{N} w_{i} σ_{i}^{2}}{\sqrt{2 m \sum_{i = 1}^{N} w_{i}^{2} σ_{i}^{4}}})

(7)

Q_{d} = Q (\frac{λ_{c} - \sum_{i = 1}^{N} w_{i} (m + γ_{i}) σ_{i}^{2}}{\sqrt{2 \sum_{i = 1}^{N} w_{i}^{2} (m + 2 γ_{i}) σ_{i}^{4}}})

(8)

Given the target global probability of false alarm $φ$ , the local threshold can be estimated as

λ_{c} = Q^{- 1} (φ) \sqrt{2 m \sum_{i = 1}^{N} w_{i}^{2} σ_{i}^{4}} + m \sum_{i = 1}^{N} w_{i} σ_{i}^{2}

(9)

Besides, the corresponding global probability of detection can be given as

Q_{d} = Q (\frac{Q^{- 1} (φ) \sqrt{2 m \sum_{i = 1}^{N} w_{i}^{2} σ_{i}^{4}} - \sum_{i = 1}^{N} w_{i} γ_{i} σ_{i}^{2}}{\sqrt{2 \sum_{i = 1}^{N} w_{i}^{2} (m + 2 γ_{i}) σ_{i}^{4}}})

(10)

Attack model

Without dealing with more sophisticated malicious behaviors, Always-Yes, Always-No, and Always-False attacks are usually easy to be detected by FC. Thus, to avoid detection or identification, smarter MUs usually launch random strategy or report the falsified observations intermittently to sneak into reliable SUs.²⁸ Under such attacks, the MUs can independently or collaboratively send false sensing information without any local processing to mislead the global decision of CSS. In soft combination, the MUs will invert its sensing reports and falsify the test statistics following the distribution with hypothesis $H_{1}$ while its local decision determines the PU that not exist. Otherwise, the Gaussian values as sensing results with hypothesis $H_{0}$ will be produced randomly by MUs. Besides, the MUs utilize a certain probability to decide whether to perform attack. For convenience, we assume that the first K nodes represent the malicious SNs with the same attacking probability. Specifically, two types of attacks based on randomly false attack model under soft combination are illustrated in Figure 1.

Figure 1.

Randomly false attack model under soft combination: (a) independent attack and (b) collaborative attack.

Independent attack

Under independent attack, the malicious SNs perform attack independently and each attacker will change its sensing report with probability $c_{1}$ independently. Let $S_{ij}$ and $R_{ij}$ ( $j = 0$ or 1 indicates the hypothesis $H_{0}$ or $H_{1}$ ) represent the local sensing and reporting of test statistic from node i, respectively. Under hypothesis $H_{0}$ , the mean and variance of the local test statistic are $μ_{0, n}$ and $σ_{0, n}^{2}$ . Accordingly, $μ_{1, n}$ and $σ_{1, n}^{2}$ represent the mean and variance of the local test statistic of hypothesis $H_{1}$ . The attack behavior of malicious nodes can be discussed in the following two cases:

PU is absent. When the local decision is $H_{0}$ and the malicious SN decides to launch the attack, it will produce the reports which obeys the distribution $(μ_{1, n}, σ_{1, n}^{2})$ . Conversely, if its local binary decision is confirmed as $H_{1}$ , the randomly generated reporting information will be subject to the distribution $(μ_{0, n}, σ_{0, n}^{2})$ . Hence, the conditional false alarm probability of an individual attacker can be given by

\begin{matrix} P_{I, F} = P (R_{i 0} | S_{i 1}) P (S_{i 1} | H_{0}) + P (R_{i 1} | S_{i 0}) P (S_{i 0} | H_{0}) \\ = (1 - c_{1}) P_{f, i} + c_{1} (1 - P_{f, i}) \end{matrix}

(11)

PU is present. Under hypothesis $H_{1}$ , if decided to attack, the MU will send false sensing reports to mislead the spectrum-sensing decision, and the conditional missed detection probability of an individual attacker can be given by

\begin{matrix} P_{I, M} = P (R_{i 0} | S_{i 0}) P (S_{i 0} | H_{1}) + P (R_{i 0} | S_{i 1}) P (S_{i 1} | H_{1}) \\ = (1 - c_{1}) P_{m, i} + c_{1} (1 - P_{m, i}) \end{matrix}

(12)

Collaborative attack

In collaborative attack mode, malicious SNs will send false sensing results collaboratively. Specifically, they can exchange the estimation of the state of PU and then make consistent decisions. According to the majority voting rule,²⁹ the consistent decision of malicious SNs can be obtained and all of the malicious nodes will generate and send the report opposite to the consistent decision to FC. In such case, it means that there are at least $l = ⌊ K / 2 ⌋ + 1$ compromised nodes with same decision. Since local sensing is independent among all the nodes, the probability of l malicious SNs with similar sensing resolution of the distribution of $(μ_{0, n}, σ_{0, n}^{2})$ or $(μ_{1, n}, σ_{1, n}^{2})$ should be $(\begin{matrix} K \\ j \end{matrix}) (1 - P_{f, i})^{K - j} (P_{f, i})^{j}$ and $(\begin{matrix} K \\ j \end{matrix}) (1 - P_{m, i})^{K - j} (P_{m, i})^{j}$ , respectively. Let $c_{2}$ be the probability that the malicious SNs launch attacks collaboratively. When the malicious SNs launch collaborative SSDF attack, the conditional missed detection probability and false alarm probability under collaborative attackers will be given as

{\begin{matrix} P_{C, F} = P_{f, i} (1 - c_{2}) + c_{2} \sum_{j = l}^{K} ψ (K, j, 1 - P_{f, i}) \\ P_{C, M} = P_{m, i} (1 - c_{2}) + c_{2} \sum_{j = l}^{K} ψ (K, j, 1 - P_{m, i}) \end{matrix}

(13)

where $ψ (K, j, p) = (\begin{matrix} K \\ j \end{matrix}) (1 - p)^{K - j} (p)^{j}$ .

Analysis

In this subsection, we present the analysis of the impact of aggressive behavior on global decision. Replace attack probability $c_{1}$ or $c_{2}$ with $ρ$ in different SSDF attack modes, and let $P_{F}$ and $P_{M}$ denote the conditional missed detection probability and false alarm probability. The test statistics received by FC from MUs under hypothesis $H_{0}$ and $H_{1}$ is defined as ${\tilde{Z}}_{0, i}$ and ${\tilde{Z}}_{1, i}$ , respectively. Based on the previous analysis, we can obtain the following result. The probability that ${\tilde{Z}}_{0, i}$ obeys $N (μ_{0, i}, σ_{0, i}^{2})$ is $(1 - P_{F}) (1 - ρ) + ρ P_{F}$ , and the probability that ${\tilde{Z}}_{0, i}$ obeys $N (μ_{1, i}, σ_{1, i}^{2})$ is $ρ (1 - P_{F}) + (1 - ρ) P_{F}$ . Meanwhile, the probability that ${\tilde{Z}}_{1, i}$ obeys $N (μ_{0, n}, σ_{0, n}^{2})$ is $(1 - P_{M}) (1 - ρ) + ρ P_{M}$ , and the probability that $E_{1, i}^{M}$ obeys $N (μ_{1, i}, σ_{1, i}^{2})$ is $ρ (1 - P_{M}) + (1 - ρ) P_{M}$ . Since the results of MUs under $H_{0}$ and $H_{1}$ obey the Gaussian mixture distribution, the mean and variance of the reporting results of MUs under different hypothesis can be expressed as

{\begin{matrix} {\tilde{μ}}_{0, i} = [(1 - P_{F}) (1 - ρ) + ρ P_{F}] μ_{0, i} \\ + [ρ (1 - P_{F}) + (1 - ρ) P_{F}] μ_{1, i} \\ {\tilde{μ}}_{1, i} = [(1 - P_{M}) (1 - ρ) + ρ P_{M}] μ_{0, n} \\ + [ρ (1 - P_{M}) + (1 - ρ) P_{M}] μ_{1, i} \end{matrix}

(14)

{\begin{matrix} ({\tilde{σ}}_{0, i})^{2} = [(1 - P_{F}) (1 - ρ) + x P_{F}] \\ [{({\tilde{μ}}_{0, i} - μ_{0, i})}^{2} + σ_{0, i}^{2}] \\ + [ρ (1 - P_{F}) + (1 - ρ) P_{F}] [{({\tilde{μ}}_{1, i} - μ_{1, i})}^{2} + σ_{1, i}^{2}] \\ ({\tilde{σ}}_{1, i})^{2} = [(1 - P_{M}) (1 - ρ) + ρ P_{M}] \\ [{({\tilde{μ}}_{0, i} - μ_{0, i})}^{2} + σ_{0, i}^{2}] \\ + [ρ (1 - P_{M}) + (1 - ρ) P_{M}] [{({\tilde{μ}}_{1, i} - μ_{1, i})}^{2} + σ_{1, i}^{2}] \end{matrix}

(15)

The FC receives the reporting information of all sense nodes and makes a global decision. Assuming that the fusion coefficient assigned to normal SN is $w_{j}$ , and the coefficient assigned to malicious SNs is ${\tilde{w}}_{i}$ , the results of linear weighted combination can be expressed as

Z_{c} = \sum_{i = 1}^{K} {\tilde{w}}_{i} {\tilde{Z}}_{i} + \sum_{j = K + 1}^{N} w_{j} Z_{j}

(16)

When m is large, $Z_{c}$ can be approximated to normal distribution, and the distribution of results after combination can be satisfied with

Z_{c} ~ {\begin{matrix} N (\sum_{i = 1}^{K} {\tilde{w}}_{i} {\tilde{μ}}_{0, i} + \sum_{j = K + 1}^{N} w_{j} μ_{0, j}, \sum_{i = 1}^{K} {\tilde{w}}_{i}^{2} {({\tilde{σ}}_{0, i})}^{2} + \sum_{j = K + 1}^{N} w_{j}^{2} {(σ_{0, j})}^{2}), H_{0} \\ N (\sum_{i = 1}^{K} {\tilde{w}}_{i} {\tilde{μ}}_{1, i} + \sum_{j = K + 1}^{N} w_{j} μ_{1, j}, \sum_{i = 1}^{K} {\tilde{w}}_{i}^{2} {({\tilde{σ}}_{1, i})}^{2} + \sum_{j = K + 1}^{N} w_{j}^{2} {(σ_{1, j})}^{2}), H_{1} \end{matrix}

(17)

The FC compares the combination result with the threshold and obtains the global decision. Given the global target false alarm probability, when exist K malicious SNs, the detection probability of the system can be estimated as

Q_{d} = Q (\frac{Q^{- 1} (φ) \sqrt{\sum_{i = 1}^{K} {\tilde{w}}_{i}^{2} {({\tilde{σ}}_{0, i})}^{2} + \sum_{i = K + 1}^{N} w_{i}^{2} {(σ_{0, i})}^{2}} + \sum_{i = 1}^{K} w_{i} ({\tilde{μ}}_{0, i} - {\tilde{μ}}_{1, i}) + \sum_{i = K + 1}^{N} w_{i} (μ_{0, i} - μ_{1, i})}{\sqrt{\sum_{i = 1}^{K} {\tilde{w}}_{i}^{2} {({\tilde{σ}}_{1, i})}^{2} + \sum_{i = K + 1}^{N} w_{i}^{2} {(σ_{1, i})}^{2}}})

(18)

From the above analysis, we can observe that the detection performance of cooperative spectrum-sensing system is determined by the weight of SNs in collaborative and independent attack.

Attack-aware linear weighted combination scheme

In order to improve the sensing performance and reduce the impact of MUs on CSS, a reputation evaluation model is introduced to differentiate between normal and malicious SUs based on their observations. According to the reputation, the weight of node’s sensing results in CSS can be dynamically adjusted. Besides, malicious nodes or honest nodes with poor sensing performance will acquire low reputation, thus improving the detection accuracy of the system. After receiving the reporting results from SN, FC will conduct a linear weighted combination scheme with impact factors, which includes result consistency degree and data deviation degree.

Result consistency degree

At the level of result consistency degree, FC can compare the nodes’ sensing reports with the final decision result to decide the agreement about the evaluated SN. The result consistency degree can be defined as the ratio of normal spectrum sensing, which depends on the statistics of historical behavior of the observed node. If $Z_{c} - w_{i} Z_{i} ≷_{H_{0}}^{H_{1}} λ_{c}^{*}$ and $Z_{c} ≷_{H_{0}}^{H_{1}} λ_{c}^{*}$ satisfy simultaneously, it indicates that the sensing reports of ith SN is consistent with the final decision.

To deduce the estimation of the unknown probability, the consistency degree of the observed node’s reports is a random variable, which can be denoted as X and $0 \leq θ \leq 1$ . According to Bayes’s theorem,³⁰ we can derive the following

f (θ, y | x) = \frac{p (x | θ) f (θ | y)}{\int_{0}^{1} p (x | θ) f (θ | y) d θ}

(19)

where x represents the count of sensing reports consistent with the final decision and y represents the count of sensing reports inconsistent with the final decision. $p (x | θ, y)$ is the likelihood function, which follows a binomial distribution

p (x | θ, y) = (\begin{matrix} y \\ x \end{matrix}) θ^{x} {(1 - θ)}^{y - x}

(20)

We assume that the prior distribution $f (θ | y)$ follows Beta distribution

Beta (θ; α, β) = \frac{θ^{α - 1} {(1 - θ)}^{β - 1}}{\int_{0}^{1} θ^{α - 1} {(1 - θ)}^{β - 1} d θ}

(21)

Since $0 \leq θ \leq 1$ , $α > 0$ , and $β > 0$ , we have

f (θ, y | x) ~ Beta (α + x, β + y - x)

(22)

The probability expectation of Beta distribution is

E (X) = \frac{α}{α + β}

(23)

By choosing $s_{i}$ as the number of previous consistent events and $f_{i}$ as the number of inconsistent events for ith SN, after $s_{i} + f_{i}$ events, the posterior distribution still obeys the Beta distribution, and the parameters $(α, β)$ will satisfy

α = s_{i} + 1, β = f_{i} + 1

(24)

The result consistency degree is based on the expected value of the beta distribution, and long-term and short-term experiences may lead to the same level. However, it is expected that more historical observations would ensure more accurate evaluation. Thus, the level of confidence can be introduced to represent the global measurement. Hence, the result consistency degree of ith SN at round t can be estimated via the variance of the beta distribution

\begin{matrix} g_{i} (t) = 1 - Var (X) = 1 - \frac{α β}{{(α + β)}^{2} (α + β + 1)} \\ = 1 - \frac{(s_{i} + 1) (f_{i} + 1)}{{(s_{i} + f_{i} + 2)}^{2} (s_{i} + f_{i} + 3)} \end{matrix}

(25)

Data deviation degree

In this article, we assume that the monitoring area is small and the wireless channel statistics is approximately similar for different SNs. The SN whose report is near to the reference will be regarded as honest, otherwise, it is considered malicious. By examining the sensing reports of the SNs, the observations deviate significantly from others will be of large possibilities to be generated by misbehaving nodes. Then, data deviation degree can be used to metric the deviation of the report for outlier detection, especially for SSDF attack model based on soft combination rule. The reference reports are crucial, and the reporting results of the observed node during the sampling periods should be analytically compared with those of the trusted nodes set in turn.

However, traditional methods are sensitive to data falsification, and the estimates of mean and variance are probable to be distorted by false data injection. In this subsection, Orthogonalized Gnanadesikan–Kettenring (OGK) estimation will be introduced, which employ weighted method to effectively eliminate the influence of outliers.³¹

For ith node, $z_{i} (k)$ denotes the kth reporting statistic in a single detection period. $V (k) = {z_{1} (k), z_{2} (k), \dots, z_{v} (k)}$ denotes the reporting statistics sequence of trusted nodes set at the same time, and the simple mean and variance of a sequence can be defined as

{\begin{matrix} \hat{μ} (k) = \frac{\sum_{j = 1}^{v} z_{j} (k) W (V_{j} (k))}{\sum_{j = 1}^{v} W (V_{j} (k))} \\ {[\hat{σ} (k)]}^{2} = \frac{{[σ_{0} (k)]}^{2}}{v - 1} \sum_{j = 1}^{v} Ψ (\frac{z_{j} (k) - \hat{μ} (k)}{σ_{0} (k)}) \end{matrix}

(26)

where

V_{j} (k) = \frac{z_{j} (k) - μ_{0} (k)}{σ_{0} (k)}

(27)

μ_{0} (k) = median (V (k))

(28)

σ_{0} (k) = median (| z_{j} (k) - μ_{0} (k) |)

(29)

W (x) = {((1 - {(x / d_{1})}^{2}))}^{2} I (| x | < d_{1})

(30)

Ψ (x) = \min (x^{2}, d_{2}^{2})

(31)

and $median (V (k))$ represents the median of the sequence $V (k)$ . Besides, $I (\cdot)$ is the indicator function and $d_{1}$ and $d_{2}$ are tuning parameters with specific values according to actual situation.

Hence, the deviation coefficient of $z_{i} (k)$ can be given as

u_{i} (k) = \frac{| z_{i} (k) - \hat{μ} (k) |}{\hat{σ} (k)}

(32)

By taking into account the historical behaviors of each node over a period of time, the greater the deviation of $z_{i}$ from other nodes’ data is, ith node will be more unreliable. The sum of all reporting statistics deviations for the entire sampling period at sensing round t can be expressed as

dev (i, t) = \sum_{k = 1}^{t} u_{i} (k)

(33)

Then, the data deviation degree can be estimated as

h_{i} (t) = \frac{\min_{1 \leq j \leq N} {dev (j, t)}}{dev (i, t)}

(34)

Based on the result consistency degree and data deviation degree, the weight assignment during the linear weighted combination scheme can be conducted. According to the history of reports of all SNs, FC can make use of above strategy to identify attacks and lower the allocated weight to the attackers. Thus, the weight assigned to ith node by the FC is given by

w_{i} = \frac{\sum_{k = 1}^{t} g_{i} (k) h_{i} (k)}{\sum_{i = 1}^{N} \sum_{k = 1}^{t} g_{i} (k) h_{i} (k)}

(35)

It is worth noting that the weight value can indicate the suspicious level of an SU and determine how much the local observations of the nodes contribute to the final decision. Consequently, the weighted combination over the local test statistic can reduce the malicious effect on CSS. Therefore, it can mitigate the influence of the falsified local test statistics from malicious nodes.

Reputation adjustment

Initially, all SNs are treated as reliable ones with a reputation value of $r_{i} (0)$ . After receiving the sensing information from all SNs, the FC will estimate the final status of PU. Then, it compares the global status with the local observations received from each SN and updates the reputation value according to the following criterion: If the sensor’s observation matches the measurements validated and concluded by FC and the global decision result is consistent with the actual PU’s state, then $r_{i} (t)$ will be increased. Otherwise, we will decrease the value $r_{i} (t)$ . The reputation value of the ith node at time slot t is updated as

r_{i} (t) = {\begin{matrix} r_{i} (t - 1) + 1, if Z_{c} - w_{i} Z_{i} > λ_{c}^{*} AND F (t) \\ = PU present \\ OR Z_{c} - w_{i} Z_{i} < λ_{c}^{*} AND F (t) \\ = PU absent \\ r_{i} (t - 1) - \frac{1 - g_{i} (t)}{g_{i} (t)}, otherwise \end{matrix}

(36)

where $F (t)$ is the final decision in sensing round t.

Particularly, the higher the reputation value, the more trusted the SN will be. Any SN whose reputation value goes below a certain threshold will be identified as malicious node and will be excluded by the FC from the trusted node list. Let $P_{e}$ be the sensing error probability of ith SN during the process of spectrum sensing, which can be defined as $P_{e} = P_{f, i} P (H_{0}) + (1 - P_{d, i}) P (H_{1})$ . To distinguish between a malicious and honest SN in the network, we employ the expected reputation value $E (r_{i} (t))$ to set the criteria as

E (r_{i} (t)) \geq r_{i} (0) + (1 - P_{e}) t

(37)

As the reputation value decreases quickly as the attacking time elapses, the evaluation mechanism can not only keep the reputation value of honest node stable but also reduce the reputation of malicious SN efficiently. In addition, to impact the decision accuracy of CSS, malicious SNs should have a larger sensing error probability than honest nodes. Consequently, the malicious SNs can be easily excluded from the trusted node list if their expected reputation value falls below a certain threshold.

Simulation results and discussions

In this section, we validate our theoretical analysis and evaluate the performance of our proposed method called attack-aware linear weighted combination scheme (ALWCS) by MATLAB. We setup a CRSN with 40 SNs and an FC. The network process is divided into a sequence of time periods. At the beginning of each time period, the FC randomly chooses a number of trusted nodes to sense a licensed channel. The idle and busy probabilities of the licensed channel are $P (H_{0}) = P (H_{1}) = 50 %$ . We assume $P_{f} = 0.1$ for all SNs. The percentage of malicious SNs in the CRSN is ranged from 0% to 70%. The attacking rates $c_{1}$ and $c_{2}$ range from 0 to 1. Besides, $d_{1} = 4.5$ , $d_{2} = 3$ , and $r_{i} (0) = 100$ .

First, the global error probability under different attacks is analyzed. Figure 2 shows the global error probability at the FC under independent and collaborative attack model in terms of different attacking probability, respectively. It can be seen from Figure 2 that the error probability will be increased with the attacking probability. This indicates that malicious nodes generate test statistic that is contrary to the detection result, which cause a certain impact on the global detection performance. The collaborative spectrum sensing under collaborative attacks has a higher error probability than that under independent attacks. When the attack probability exceeds 0.4, the overall upward trend of error probability converges. When the attack probability is low, MUs behave as normal nodes most of the time, and thus, along with the normal nodes they influence the FC to arrive at a correct decision. By contrast, when the attacking probability reaches a certain level, the performance of the proposed CSS scheme degrades as the attacking probability increases. As a result, malicious nodes can be detected by combination process, and the malicious nodes with high attacking probability can be identified owing to more frequent attacks.

Figure 2.

Global error probability under different attacks.

Also, we show through simulation results that the proposed approach can be applied on streaming data. The performance metrics considered here are true positive rate (TPR) and false positive rate (FPR) of PU signal. Among them, TPR is defined as the ratio of the total number of slots when the FC senses that PU signal is present when it is actually present to the number of slots when the PU signal is present. FPR is defined as the ratio of the total number of slots when the FC senses that PU signal is present when it is actually absent to the number of slots when it is absent. In those scenarios, the attacking probability of malicious SUs is 40%. The number of slots is 1000. We introduce attacks at slot number 400 and remove them at slot number 800. The TPR and FPR under different attacks are illustrated in Figures 3 and 4, respectively. It is seen that our scheme can detect and isolate the attackers in both classes of attacks. Especially for independent attack, the drop in TPR is low when attackers are introduced at round 400. As for collaborative attacks, with our proposed approach, they can be detected and isolated at round 700. Moreover, the results of FPR show the same characteristics. Thus, from the experiment results, it can be concluded that our proposed scheme can detect attacks successfully as well as isolate the attackers dynamically.

Figure 3.

True positive rate under different attacks.

Figure 4.

False positive rate under different attacks.

Furthermore, we evaluate the impacts of independent and collaborative attacks on the detection rate and false detection rate. The detection rate is defined as the ratio of detected malicious nodes to the total number of malicious SNs. In addition, false detection rate is defined as the ratio of legitimate nodes detected as malicious to the total number of legitimate nodes. The malicious SNs are selected at random, and the results shown are averaged over 20 iterations. Figure 5 shows the detection rate versus percentage of malicious SUs under independent attack. It can be observed that both ALWCS and ACSS³² obtain better performance than WSPRT.³³ When the percentage of malicious SNs arrives 35%, the detection rate of WSPRT has been lower than 50%, which fails to detect the attackers. However, WSPRT shows better false detection rate for varying percentage of malicious presence as compared to ACSS in Figure 6. The reason is that WSPRT employs the dynamic threshold to identify the malicious node. With the increase in the number of malicious SNs, the mechanism tends to be strict. For ALWCS and ACSS, based on the analysis of history behavior, the reputation update mechanism can choose honest nodes as a baseline so as to identify malicious nodes efficiently. By comparison, ALWCS employs the local sensing reports generated as streams of data to conduct global and individual measurement. As can be seen from the experimental results, it demonstrates good performance to isolate the detected attackers from participating in the sensing decision.

Figure 5.

Detection rate versus percentage of malicious SNs under independent attack.

Figure 6.

False detection rate versus percentage of malicious SNs under independent attack.

The detection rate against varying percentage of malicious nodes under collaborative attacks is illustrated in Figure 7. We observe that WSPRT keeps perfect detection rate only up to 20% of malicious presence, while ALWCS and ACSS maintain till 30% and 25% presence of malicious nodes, respectively. Figure 8 shows the false detection rate with different percentage of malicious SNs. From the result, the CSS under collaborative attacks has a lower detection rate and higher false detection rate than that under independent attacks. Moreover, when the percentage of malicious nodes exceeds 35%–40%, the performance under different attacks degrades more significantly. It can be seen that with the increasing probability of malicious SNs, the large amount of falsified data received by FC will have a negative impact on the estimation during the process of node’s behavior identification and subsequent data combination. Generally speaking, ALWCS and ACSS demonstrate more stability in the aspect of above metrics than WSPRT. In WSPRT, once the trust value of an SU is below the threshold, the node will be identified as malicious. Intuitively, with higher threshold setting, the malicious nodes can be identified quickly but also result in promoting the probability of detecting an honest node as malicious one.

Figure 7.

Detection rate versus percentage of malicious SNs under collaborative attack.

Figure 8.

False detection rate versus percentage of malicious SNs under collaborative attack.

Conclusion

In CRSN, spectrum utilization and network performance will be disrupted seriously by malicious nodes, which may launch SSDF attacks independently or collaboratively to mislead the channel availability decision. In this article, we first discuss the randomly false attack model and analyze the effects of two classes of attacks, individual and collaborative, on the global sensing performance at the FC. Afterwards, a linear weighted combination scheme is designed to eliminate the effects of SSDF attacks on the final sensing decision. To estimate the result consistency degree, Beta probability model is used to evaluate the consistency between local test statistics and global resolution. Moreover, OGK estimators are employed to measure the data deviation degree. Furthermore, an adaptive reputation evaluation mechanism is introduced to discriminate malicious SU and honest SU. The results reveal the benefits of the proposed scheme in the aspect of significantly reduced error rate in decision-making, efficient identification of attacking nodes and greater minimization of the false detection rate of honest nodes.

Footnotes

Acknowledgements

The authors would like to thank anonymous reviewers.

Handling Editor: Vishal Sharma

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: The work described in this article was supported by Key Laboratory R&D Project of Guangdong Province (Grant No. 2016B090918097), Special Project on the Integration of Industry, Education and Research of Zhuhai (Grant No. 2012D0501990016), Industry-University-Research Collaboration Program of Zhuhai (Grant No. 2012D0501990026), and Natural Science Foundation of Hubei province, China (Grant No. 2019CF).

ORCID iD

Runze Wan

References

Shah

Akan

OB.

Performance analysis of CSMA-based opportunistic medium access protocol in cognitive radio sensor networks. Ad Hoc Net J 2014; 15: 4–13.

Cicho

Kliks

Bogucka

Energy-efficient cooperative spectrum sensing: a survey. IEEE Comm Surv Tuts 2016; 18(3): 1861–1886.

Ejaz

Shah

ul Hasan

, et al. Energy and throughput efficient cooperative spectrum sensing in cognitive radio sensor networks. Trans Emerg Telecomm Tech 2015; 26: 1019–1030.

Ali

Hamouda

Advances on spectrum sensing for cognitive radio networks: theory and applications. IEEE Comm Surv Tuts 2016; 19(2): 1277–1304.

Kaligineedi

Khabbazian

Bhargava

VK.

Malicious user detection in a cognitive radio cooperative sensing system. IEEE Trans Wireless Comm 2010; 9(8): 2488–2497.

Sharifi

Defense against SSDF attack in cognitive radio networks: attack-aware collaborative spectrum sensing approach. IEEE Comm Lett 2016; 20(1): 93–96.

Chatterjee

Roy

M. A

regression based spectrum-sensing data falsification attack detection technique in CWSN. In: Proceedings of 14th international conference on information technology (ICIT2015), 2015, pp.48–53, https://ieeexplore.ieee.org/document/7437589

Saber

Sadough

SMS

. Optimisation of cooperative spectrum sensing for cognitive radio networks in the presence of smart primary user emulation attack. Trans Emerg Telecommun Tech 2017; 28(1): 1–13.

Cheng

Song

Zhang

, et al. Self-organizing map-based scheme against probabilistic SSDF attack in cognitive radio networks. In: Proceedings of the 9th international conference on wireless communications and signal processing (WCSP), Nanjing, China, 2017, pp.1–6. https://ieeexplore.ieee.org/document/8170994

10.

Yasir

Said

Martin

Defeating SSDF attacks with trusted nodes assistance in cognitive radio networks. IEEE Sens Lett 2017; 1(4): 1–4.

11.

Chatterjee

Roy

Lightweight cloned-node detection algorithm for efficiently handling SSDF attacks and facilitating secure spectrum allocation in CWSNs. IET Wireless Sens Syst 2018; 8(3): 121–128.

12.

Zhang

Ding

Performance analysis of probabilistic soft SSDF attack in cooperative spectrum sensing. EURASIP J Adv Signal Process 2014; 2014: 81.

13.

Feng

Zhang

Xiao

, et al. Securing cooperative spectrum sensing against collusive SSDF attack using XOR distance analysis in cognitive radio networks. Sensors 2018; 18(2): 1–14.

14.

Ahmadfard

Jamshidi

Keshavarz-Haddad

Probabilistic spectrum sensing data falsification attack in cognitive radio networks. Signal Process 2017; 137: 1–9.

15.

Ahmed

Song

Han

Mitigating malicious attacks using Bayesian nonparametric clustering in collaborative cognitive radio networks. In: Proceedings of the IEEE Globecom, 2014, pp.999–1004, https://ieeexplore.ieee.org/document/7036939

16.

Chigan

Fuzzy C-means clustering based secure fusion strategy in collaborative spectrum sensing. In: Proceedings of the IEEE international conference on communications, 2014, pp.1355–1360, https://ieeexplore.ieee.org/document/6883510

17.

Althunibat

Di Renzo

Granelli

Robust algorithm against spectrum sensing data falsification attack in cognitive radio networks. In: Proceedings of VTC spring, 2014, pp.1–5, https://ieeexplore.ieee.org/document/7023078

18.

Ghaznavi

Jamshidi

A reliable spectrum sensing method in the presence of malicious sensors in distributed cognitive radio network. IEEE Sens J 2015; 15(3): 1810–1816.

19.

Zeng

Faweczak

Reputation-based cooperative spectrum sensing with trusted nodes assistance. IEEE Comm Lett 2010; 14(3): 226–228.

20.

Althunibat

Denise

Granelli

Identification and punishment policies for spectrum sensing data falsification attackers using delivery-based assessment. IEEE Trans Vehic Tech 2016; 65(9): 7308–7321.

21.

Han

Chen

Wang

An enhanced DS theory cooperative spectrum sensing algorithm against SSDF attack. In: Proceedings of the IEEE 75th vehicular technology conference (VTC Spring), 2012, pp.1–5, https://ieeexplore.ieee.org/document/6240040

22.

Feng

Zhang

, et al. Securing multi-channel selection using distributed trust in cognitive radio ad hoc networks. Ad Hoc Netw 2017; 61: 85–94.

23.

Wang

Chen

Tsai

JJP

, et al. Trust-based mechanism design for cooperative spectrum sensing in cognitive radio networks. Comp Comm 2018; 116: 90–100.

24.

Shah

Akan

. Spectrum-aware cluster-based routing for cognitive radio sensor networks. In: Proceedings of IEEE international conference on communications (ICC), 2013, pp.2885–2889, https://ieeexplore.ieee.org/document/6654979

25.

Peh

ECY

Liang

Guan

, et al. Optimization of cooperative sensing in cognitive radio networks: a sensing throughput tradeoff view. IEEE Trans Vehic Tech 2009; 58(9): 5294–5299.

26.

Yan

Blum

RS.

Distributed signal detection under the Neyman-Pearson criterion. IEEE Trans Informat Theory 2001; 47(4): 1368–1377.

27.

Chavali

da Silva

CRCM

. Collaborative spectrum sensing based on a new SNR estimation and energy combining method. IEEE Trans Veh Tech 2011; 60(8): 4024–4029.

28.

Farmani

Jannat-Abad

Berangi

Detection of SSDF attack using SVDD algorithm in cognitive radio networks In: Proceedings of IEEE third international conference on computational intelligence, communication systems and networks (CICSyN), Bali, 2011, pp.201–204, https://ieeexplore.ieee.org/abstract/document/6005686

29.

Penna

Sun

Dolecek

, et al. Detecting and counteracting statistical attacks in cooperative spectrum sensing. IEEE Trans Signal Process 2012; 60(4): 1806–1822.

30.

Josang

Ismail

. The beta reputation system. In: Proceedings of the 15th bled electronic commence conference, June 2002, pp.1–14, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.60.5461&rep=rep1&type=pdf

31.

Hubert

Rousseeuw

PJ.

A deterministic algorithm for robust location and scatter. J Computat Graph Statist 2012; 21(3): 618–637.

32.

Sharifi

Niya

JM.

Securing collaborative spectrum sensing against malicious attackers in cognitive radio networks. Wireless Person Comm 2016; 90: 75–91.

33.

Chen

Park

J-M

Bian

Robustness against Byzantine failures in distributed spectrum sensing. Comp Comm 2012; 35(17): 2115–2124.

Mitigation strategy against spectrum-sensing data falsification attack in cognitive radio sensor networks

Abstract

Keywords

Introduction

Related work

System model

Network model

Attack model

Independent attack

Collaborative attack

Analysis

Attack-aware linear weighted combination scheme

Result consistency degree

Data deviation degree

Reputation adjustment

Simulation results and discussions

Conclusion

Footnotes

Acknowledgements

Declaration of conflicting interests

Funding

ORCID iD

References