0 оценок0% нашли этот документ полезным (0 голосов)

28 просмотров6 страницimp

Nov 11, 2014

© © All Rights Reserved

PDF, TXT или читайте онлайн в Scribd

imp

© All Rights Reserved

0 оценок0% нашли этот документ полезным (0 голосов)

28 просмотров6 страницimp

© All Rights Reserved

Вы находитесь на странице: 1из 6

Spectrum Sensing Data Falsification Attacks in

Cognitive Radio Networks

Changlong Chen

Min Song

ChunSheng Xin

EECS Dept.

University of Toledo

Toledo, OH 43606

changlong.chen@rockets.utoledo.edu

EECS Dept.

University of Toledo

Toledo, OH 43606

min.song@utoledo.edu

ECE Dept.

Old Dominion University

Norfolk, VA 23529

cxin@odu.edu

solution to the spectrum scarcity issue. In cognitive radio

networks, because of the low reliability of individual

spectrum sensing by a single secondary user, cooperative spectrum sensing is critical to accurately detect the

existence of a primary user signal. However, cooperative

spectrum sensing is vulnerable to the spectrum sensing

data falsification (SSDF) attack. Specifically, a malicious

user can send a falsified sensing report to mislead other

(benign) secondary users to make an incorrect decision

on the PU activity. Therefore, detecting the SSDF attack

or identifying the malicious sensing reports is extremely

important for robust cooperative spectrum sensing. This

paper proposes a distributed density based SSDF detection

(DBSD) scheme to countermeasure the SSDF attack. DBSD

can effectively exclude the malicious sensing reports from

SSDF attackers, so that a benign secondary user can

effectively detect the PU activity in distributed cooperative

spectrum sensing. Furthermore, DBSD can also exclude

abnormal sensing reports from ill-functioned secondary

users. Simulation results show that DBSD achieves very

good performance in cooperative spectrum sensing.

Index Termscognitive radio networks; SSDF attack;

probability density based SSDF detection.

I. I NTRODUCTION

With wireless devices and applications booming, the

problem of inefficient utilization of the precious radio spectrum has arisen. Recent studies showed that

a considerable amount of licensed spectrum is rarely

occupied [1]. Cognitive radio is a key technology to

improve spectrum utilization [2]. A major challenge in

cognitive radio networks is spectrum sensing, which

detects if a spectrum band is being used by primary

users (PU) or not. The local spectrum sensing by a

single secondary user (SU) is often inaccurate as the

Therefore, cooperative spectrum sensing, which exploits

the cooperation among multiple SUs, has been proposed

to achieve reliable spectrum sensing.

Based on how cooperating SUs share the sensing

reports in the network, cooperative spectrum sensing can

be conducted in two modes: centralized or distributed

[3]. In centralized cooperative spectrum sensing, a fusion

center collects sensing reports from all the SUs, makes

a final decision on the PU activity, and disseminates the

decision to all SUs. In contrast, distributed cooperative

spectrum sensing does not rely on a fusion center for

making decision. Each SU shares its own sensing report

with other SUs, combines its report with the received

ones, and decides whether the PU is active or not by

using a local criterion. Since only local sensing reports

are exchanged, distributed cooperative spectrum sensing

is energy-efficient and scalable. Therefore, distributed

cooperative spectrum sensing is more suitable for cognitive radio networks.

However, distributed cooperative spectrum sensing is

vulnerable to security attacks from malicious users. For

example, to achieve unfair usage of a spectrum band, a

greedy user can generate a false PU signal to launch the

primary user emulation (PUE) attack [4]. On the other

hand, malicious users can manipulate sensing reports in

order to disrupt other SUs decision on the PU activity.

This type of attack is commonly known as the spectrum

sensing data falsification (SSDF) attack. In [5], we

proposed a distributed SSDF detection scheme, which

uses only local information. In [6], a novel attack called

covert adaptive data injection attack was analyzed. The

authors proposed a distributed outlier detection scheme

with an adaptive local threshold to countermeasure this

623

Recently, the design of distributed SSDF countermeasure schemes for cognitive radio networks has received

considerable attention. In [5], we proposed a decentralized scheme to detect malicious users which launch

the SSDF attack in cooperative spectrum sensing. The

scheme utilizes spatial correlation of received signal

strengths among SUs in close proximity and is based

on robust outlier-detection technique. A neighborhood

majority voting approach is used for SUs to decide

if a specific user is malicious. A more sophisticated

attack called covert adaptive data injection attack was

considered in [6], where the attackers can adjust attack strategies via learning. The authors proposed a

distributed outlier detection scheme and used a majority

voting approach to detect malicious users.

verification scheme to detect colluding attacks. However,

both [5] and [6] used the majority voting to detect the

malicious user(s). This approach is not effective when

the number of users is small in the network.

In this paper, we propose a distributed scheme to

countermeasure the SSDF attack in cooperative spectrum

sensing, called density based SSDF detection (DBSD).

To achieve robust spectrum sensing, we focus on excluding abnormal sensing reports rather than detecting

malicious users. The scheme treats the sensing reports

as samples of a random variable, and then estimates

the probability density of the random variable using

a technique known as kernel density estimator. Each

sensing report is then tested for the normality. Once

a sensing report is deemed as abnormal, this sensing

report would be excluded from decision making on the

PU activity. Our main contributions are summarized as

follows:

We consider a time-slotted cognitive radio network

where PUs, benign SUs, and attackers (malicious users)

coexist. There are total N SUs which collaborate for

distributed spectrum sensing. Without loss of generality,

a single PU is considered in this study. Nevertheless, our

scheme can be extended to address multiple PUs.

All SUs use energy detection for local spectrum

sensing, and the sensing reports at different SUs are

assumed independent. In spectrum sensing, although the

hard decision, i.e., one bit decision on PUs existence,

can decrease the communication overhead, [12] claimed

that soft decision, i.e., raw sensing results, combining

sensing reports achieves better sensing performance than

hard decision. Therefore, the raw results from local

spectrum sensing are exchanged among all SUs. The

received signal strength, Pi , at SU i can be expressed

as follows [6]:

DBSD excludes all abnormal sensing reports, including the sensing reports from both malicious

users and ill-functioned SUs, which improves the

success probability to detect the PU activity.

We have developed an approach to effectively test

the normality of sensing reports.

Section II discusses the related work. Section III describes the system model. Section IV describes DBSD.

Section V presents simulation results. At last, Section VI

concludes the paper.

II. R ELATED W ORK

Many centralized approaches have been proposed to

achieve robust spectrum sensing in the literature. In [7],

the authors used shadow-fading correlation-based filters

to minimize the effect of abnormal sensing reports in

detecting digital TV PUs. The authors in [8] proposed

three schemes to detect malicious users based on outlier detection techniques. These schemes require some

knowledge of the malicious user, e.g., the maximum

number of malicious users. The authors in [9] proposed

a scheme for secure cooperative spectrum sensing. This

scheme assumes a somehow simplified attack strategy,

i.e., attackers launch only always yes or always no

attacks. In [10], an onion-peeling approach was proposed

to defend against multiple compromised SUs, using a

maliciousness suspicious level for each user. In [11],

the authors proposed a double-side abnormality detection

scheme for collaborative spectrum sensing.

(1)

path loss exponent, di is the distance from PU to SU

i, d0 is the reference distance, Gi is the power loss due

to the log-normal shadowing, and Mi is the multipath

fading from the PU to SU i. We assume d0 = 1

meter in this paper. Also, the location of PU is assumed

known to all SUs. Each SU also knows its own location

information. As a general practice, the power loss due

to the log-normal shadowing, Gi , is usually modeled as

a Gaussian random variable with mean 0, and standard

deviation , which has an empirical value depending

on the surroundings. It is reasonable to assume that

the channel bandwidth is much larger than the coherent

2

624

is negligible.

To make a decision on the PU activity, each SU

collects sensing reports from its neighbor SUs, uses the

proposed DBSD scheme to exclude abnormal reports,

calculates the average value based on the remaining

sensing reports, and compares this value to a PU detection threshold. We assume that there is a reliable

and secure end-to-end connection between SUs, i.e., the

communication is error-free and would not be tampered

by attackers. This process repeats for each time slot at

each node. It is important to note that a benign SUs

objective is to exclude abnormal sensing reports rather

than identifying specific attackers.

In this paper, we assume that there are M inside

attackers, i.e., malicious SUs, in the network, since

outside attackers can be effectively excluded from the

network by authentication mechanism. We assume that

M is relatively small compared with N so that the

sensing reports from attackers would not dominate the

sensing reports of benign SUs. The objective of the

SSDF attackers is to mislead benign SUs to make an incorrect decision on the PU activity. To achieve this goal,

the attackers manipulate their sensing reports to mislead

benign SUs. Specifically, when the PU is active, attackers

send out sensing reports with small PU signal energy; in

contrast, when the PU is inactive, the attackers send out

sensing reports with high PU signal energy. To avoid

being detected by the network, the attackers can adapt

their attack strategies based on the updated information

of benign SUs sensing reports and collude with other

attackers. It is worthy to note that ill-functioned SUs

may generate incorrect sensing reports due to software

or hardware failure. These sensing reports are harmful

to spectrum sensing, and hence should also be excluded.

Therefore, we do not differentiate the sensing reports of

attackers from the sensing reports of ill-functioned SUs.

abnormality of each sensing report using a confidence

interval derived from the probability density function. If

the test result is abnormal, this sensing report is seen

from an attacker or an ill-functioned SU, and discarded.

Next we discuss how to estimate a probability density

based on sensing reports, and how to construct the

confidence interval.

We use a technique called kernel density estimator

[13], to estimate the probability density. We consider

an SU that has n neighbors in its direct communication

range, and has received n sensing reports from them.

Given n different sensing samples x1 , . . . , xn , the kernel

density estimator, denoted as q(x), is given as follows

n

1X 1

x xi

q(x) =

K(

)

m

n

h

h

(2)

i=1

bandwidth used for sample xi . In this paper, we consider

a cognitive radio network in a 2-dimensional plane.

Therefore, we have m = 2.

We use the PU signal energy detected by an SU as the

kernel function, i.e., we let K() = Pi . As described in

Section III, the power loss due to shadowing fading can

be modeled as a Gaussian random variable, i.e., Gi

N (0, 2 ). Therefore, the PU signal energy detected by

an SU can be modeled by a Gaussian distribution, i.e.,

Pi N (i , 2 ). Hence we have

(yi )2

1

K(y) = Pi (y) = e 22

2

(3)

For the ease of description, we let

x xi

.

h

Then Eq. (2) can be rewritten to

yi =

scheme DBSD. With DBSD, after an SU has received the

sensing reports from other SUs. These received sensing

reports are treated as random samples of the PU signal

received at those SUs, which can be seen as a random

variable, i.e., Pi , as indicated in Eq. (1). To develop a

general and robust approach to countermeasure SSDF

attacks, we do not assume any knowledge of the probability density of this random variable. Instead, we use a

technique called kernel density estimation to estimate the

probability density of the received PU signal, based on

q(x) =

(yi i )2

1X

1

e 22 .

n

h2 2

(4)

i=1

the kernel function as in Eq. (3), the optimal choice of

the bandwidth h() is given as follows [14, p.48],

h=

4

5

3n

51

,

(5)

is the standard

deviation of the sensing samples x1 , . . . , xn .

3

625

1: Input:

2: Output: A list of normal sensing reports in set X

3: Collect neighbor SUs sensing reports, x1 , . . . , xn

4: Compute the standard deviation

of samples

x1 , . . . , x n

5: Calculate the bandwidth h using Eq. (5)

6: Calculate using Eq. (7)

7: Let X = {x1 , . . . , xn }

8: for j = 1 to n do

9:

Test sensing report xj using Eq. (8)

10:

if test result is abnormal then

11:

X = X\{xj } {sensing report xj (from SU j )

is excluded}

12:

end if

13: end for

on the distance from the SU to the PU. The mean of the

PU signal energy detected at SU i is

i = Pt 10log10 (di ).

(6)

Therefore, the mean of the probability distribution represented by the kernel density estimator in (4), denoted

as , can be calculated as

=

n

1 X

i .

nh2

(7)

i=1

fading can be modeled as a Gaussian random variable.

Therefore, the PU signal energy detected by an SU

follows the Gaussian distribution. In other words, the

underlying probability density we are trying to estimate

in Eq. (4) follows the Gaussian distribution with mean

and standard deviation . As such, from and ,

we

h can construct ai 100(1 )% confidence

interval

2

2

2

of the standard Gaussian distribution, i.e., Pr(Z z ) =

2

With this confidence interval, we can test the abnormality

of a sensing report as follows.

(

T (xi ) =

normal,

h

i

if xi z , + z

2

abnormal, otherwise

(8)

At last, we describe our density based SSDF detection

scheme in Algorithm 1.

Fig. 1.

PU detection success probability versus , with 15%

malicious users

V. P ERFORMANCE E VALUATION

noted. In the simulation, we assume that the PU is active.

The results of detecting that PU is not active are similar

and omitted due to space limit. The simulation results

are obtained from 10000 rounds of simulations using

different seeds. We use the success probability to detect

the PUs activity as the performance metrics.

Fig. 1 illustrates the success probability of DBSD

to detect the PUs activity versus (the corresponding

confidence interval is 100(1 )%), with total 40, 60,

and 80 number of SUs, respectively. In this experiment,

15% of the SUs are simulated as malicious users to

launch the SSDF attack. We can see that when

increases, i.e., when the confidence interval decreases,

the PU detection success probability increases. This is

because a narrower confidence interval excludes more

sensing reports as abnormal data and hence the abnormal

We evaluate the performance of DBSD through simulations. The cognitive radio network is assumed as a

circular area with a radius = 1000 meters. One PU is

located at the center and N SUs are deployed at random

locations. In the simulations, the pass loss exponent

is assumed 2, and the PU transmission power Pt is

assumed 20. The standard deviation of the power loss

due to shadowing fading, , is assumed 1. The results

for using different values for have similar trends and

are omitted due to space limit. If SU i is a benign

SU, then the sensing report is generated as a Gaussian

random variable with mean i from Eq. (6) and standard

deviation . If SU i is a malicious user, then the sensing

reports is generated using an enlarged mean i , where

> 1 is called abnormality factor. The abnormality

factor is set as 1.1 in the simulation if not otherwise

4

626

Fig. 2.

malicious users, with = 0.1

malicious users, with N = 40

(N ), with = 0.1

decision making on the PU activity is less impacted by

the sensing reports from malicious users. In particular

when 0.075, or when we use a 92.5% or narrower

confidence interval, the PU detection success probability

is close to 1.

Next we examine the PU detection success probability

with a fixed number of SUs (N = 80) but different

percentages of malicious users. The results are plotted

in Fig. 2. We can see that the PU detection success

probability has a similar trend as in Fig. 1.

Figs. 3 and 4 illustrate the PU detection success

probability as a function of the percentage of malicious

users, with N = 40, and = 0.1, respectively. The

PU detection success probability decreases only slowly

when the percentage of malicious users increases. This

indicates that DBSD is a robust scheme that is resilient

The PU detection success probability versus the number of SUs (N ) is plotted in Fig. 5. We can see that

with more number of SUs, the PU detection success

probability moderately improves. On the other hand,

DBSD still has a good performance even when the

number of SUs is small.

At last, we examine the PU detection success probability versus the abnormality factor that is used

to generate abnormal sensing reports. The results are

plotted in Figs. 6 and 7. We can see that DBSD is very

effective to countermeasure the SSDF attack, as indicated

by the high PU detection success probability when the

abnormality factor increases. For instance, when = 2,

the PU detection success probability is very close to 1.

As a matter of fact, even when is smaller, the PU

5

627

However, any opinion, finding, and conclusions or recommendations expressed in this material; are those of

the author and do not necessarily reflect the views

of the National Science Foundation. The research of

ChunSheng Xin is supported in part by NSF under grants

CNS-1217668, ECCS-1247853, and CNS-1017172.

R EFERENCES

[1] M. McHenry, NSF spectrum occupancy measurements project

summary, Shared spectrum company report, 2005.

[2] M. Song, C. Xin, Y. Zhao, and X. Cheng, Dynamic spectrum

access: from cognitive radio to network radio, IEEE Wireless

Communications, vol. 19, no. 1, pp. 2329, 2012.

[3] I. Akyildiz, B. Lo, and R. Balakrishnan, Cooperative spectrum sensing in cognitive radio networks: A survey, Physical

Communication, vol. 4, no. 1, pp. 4062, 2011.

[4] R. Chen, J. Park, and J. Reed, Defense against primary user

emulation attacks in cognitive radio networks, IEEE Journal

on Selected Areas in Communications, vol. 26, no. 1, pp. 2537,

2008.

[5] C. Chen, M. Song, C. Xin, and M. Alam, A robust malicious

user detection scheme in cooperative spectrum sensing, in

Proc. IEEE Global Telecommunications Conference (GLOBECOM), 2012.

[6] Q. Yan, M. Li, T. Jiang, W. Lou, and Y. Hou, Vulnerability

and protection for distributed consensus-based spectrum sensing

in cognitive radio networks, in Proc. 31st IEEE International Conference on Computer Communications (INFOCOM),

pp. 900908, 2012.

[7] A. Min, K. Shin, and X. Hu, Secure cooperative sensing

in ieee 802.22 wrans using shadow fading correlation, IEEE

Transactions on Mobile Computing, vol. 10, no. 10, pp. 1434

1447, 2011.

[8] P. Kaligineedi, M. Khabbazian, and V. Bhargava, Malicious

user detection in a cognitive radio cooperative sensing system,

IEEE Transactions on Wireless Communications, vol. 9, no. 8,

pp. 24882497, 2010.

[9] P. Kaligineedi, M. Khabbazian, and V. Bhargava, Secure

cooperative sensing techniques for cognitive radio systems,

in Proc. IEEE International Conference on Communications

(ICC), pp. 34063410, 2008.

[10] W. Wang, H. Li, Y. Sun, and Z. Han, CatchIt: detect malicious

nodes in collaborative spectrum sensing, in Proc. IEEE Global

Telecommunications Conference (GLOBECOM), 2009.

[11] H. Li and Z. Han, Catching Attacker (s) for Collaborative

Spectrum Sensing in Cognitive Radio Systems: An Abnormality

Detection Approach, in Proc. 4th IEEE Symposium on New

Frontiers in Dynamic Spectrum Access Networks (DySPAN),

pp. 112, 2009.

[12] E. Visotsky, S. Kuffner, and R. Peterson, On collaborative

detection of TV transmissions in support of dynamic spectrum

sharing, in Proc. 1st IEEE International Symposium on New

Frontiers in Dynamic Spectrum Access Networks (DySPAN),

pp. 338345, 2005.

[13] L. Latecki, A. Lazarevic, and D. Pokrajac, Outlier detection

with kernel density functions, Machine Learning and Data

Mining in Pattern Recognition, pp. 6175, 2007.

[14] B. W. Silverman, Density estimation for statistics and data

analysis, vol. 26. Chapman & Hall/CRC, 1986.

factor , with = 0.1

factor , with N = 60

VI. C ONCLUSION AND F UTURE D IRECTIONS

In this paper, we have proposed a density based

SSDF detection (DBSD) scheme to countermeasure the

SSDF security attack to cooperative spectrum sensing in

cognitive radio networks. Specifically, DBSD excludes

abnormal sensing reports in cooperative spectrum sensing, to prevent malicious users to mislead other secondary users in detection of the PU activity. Simulation

results indicate that using the proposed DBSD scheme,

secondary users can achieve a very good performance in

cooperative spectrum sensing.

ACKNOWLEDGMENT

The research of Min Song is supported in part by

NSF CAREER Award CNS-0644247 and NSF IPA In6

628