A Byzantine Attack Defender: the Conditional Frequency Check

A Byzantine Attack Defender: the Conditional Frequency Check Xiaofan He and Huaiyu Dai Peng Ning Department of ECE Department of CSC North Carolina State University, USA North Carolina State University, USA Email: {xhe6,hdai}@ncsu.edu Email: pning@ncsu.edu Abstract Collaborative spectrum sensing is vulnerable to the Byzantine attack. Existing reputation based countermeasures will become incapable when malicious users dominate the network. Also, there is a scarcity of methods that fully explore the Markov property of the spectrum states to restrain sensors statistical misbehaviors. In this paper, a new malicious user detection method based on two proposed Conditional Frequency Check (CFC) statistics is developed with a Markovian spectrum model. With the assistance of one trusted sensor, the proposed method can achieve high malicious user detection accuracy in the presence of arbitrary percentage of malicious users, and thus significantly improves collaborative spectrum sensing performance. I. INTRODUCTION Various collaborative spectrum sensing schemes have been proposed to overcome the unreliability of single user spectrum sensing []. Along with all the benefits, collaborative spectrum sensing also induces security vulnerabilities [2], among which the Byzantine attack [3] (a.k.a. spectrum sensing data falsification (SSDF) attack [4]) is the focus of this paper. Many existing defenses against Byzantine attacks are reputation based, e.g., [5 8]. In this type of methods, lower reputations will be assigned to sensors that deviate from the global decision to mitigate the negative effects of the malicious sensors. However, the underlying assumption is that the global decision is correct, which may not be true when malicious sensors dominate the network. In fact, it has been shown in [3] [9] that when Byzantine attackers in the network exceed a certain fraction, such reputation based methods become completely incapable. Non-reputation based approaches have also been proposed, such as [ 2]. However, these methods still rely on the correctness of the global decision and hence only investigate the scenarios where a small fraction of users are malicious. When the majority are not trustworthy, global decision independent approaches are more suitable. Such type of works include the prior-probability aided method proposed in [3], and the user-centric misbehavior detection presented in [4]. In practice usually there is memory in the spectrum state evolvement, and the spectrum occupancy is more precisely modeled by a Markov model. Most of the existing methods either consider the i.i.d. spectrum state model for simplicity This work was supported in part by the National Science Foundation under Grants CCF-83462, ECCS-2258 and CNS-626. When all sensors have the same spectrum sensing capability, the reputation based methods cannot mitigate the effect of Byzantine attacks if more than 5% sensors are malicious [3]. (e.g., [,2,4]), or focus their analysis on one time slot and ignore the correlation between the spectrum states at consecutive time slots (e.g., [3,5 8,]). In [3], the Markov property of the spectrum is incorporated into the malicious user detection algorithm; however, it is generally difficult to obtain the required prior knowledge of the true spectrum in practice. In this paper, a global decision independent method, the Conditional Frequency Check (CFC), is proposed based on a Markov spectrum model to combat the Byzantine attacks. In particular, two CFC statistics, which explore the second order property of the Markov model, are constructed in this paper. The corresponding analysis proves that these two proposed CFC statistics together with an auxiliary hamming distance check are capable of detecting any sensor that misbehaves. In addition, two consistent histogram estimators based on the history of sensors reports are also developed for these two CFC statistics. With the aid of one trusted sensor, the proposed method is capable of detecting any malicious sensor with high accuracy regardless of the portion of malicious ones in the sensor group, without requiring any prior knowledge of the spectrum and sensing models. The rest of this paper is organized as follows. Section II formulates the problem. The proposed malicious sensor detection method and the corresponding theoretical analysis are presented in Section III. Some supporting simulation results are presented in Section IV, and Section V concludes the paper. II. PROBLEM FORMULATION In this paper, the following scenario is considered: ) The true spectrum has two states, i.e., (idle) and (occupied), and follows a homogeneous Markov model with state transition matrix A = [a ij ] 2 2 (i,j {,}) where a ij Pr(s t+ = j s t = i) and s t denotes the true spectrum state at time t. The stationary state distribution is denoted by π = [π,π ], which satisfies πa = π. In addition, it is assumed that the Markov chain of spectrum states is in equilibrium. 2) One trusted honest sensor exists and is known by the fusion center. 3) All sensors, including malicious ones, have the same spectrum sensing capability, i.e., identical detection probabilities P d s and false alarm probabilities P fa s. 2 4) An honest sensor will send its local sensing result directly to the fusion center. 5) 2 This is a common assumption in literature (e.g., [3] []). Defense to more intelligent and powerful attackers remains a future work.

2 A malicious sensor, however, will tamper its local inference before reporting to the fusion center. In particular, she will flip local inference from to and to with probabilities ϕ and ϕ, respectively. The flipping probabilities ϕ may not necessarily be the same for different malicious sensors. From the fusion center s viewpoint, the equivalent detection and false alarm probabilities of a malicious sensor with flipping probabilities ϕ [ϕ,ϕ ] are given by P (M) d =( ϕ )P d +ϕ ( P d ), () P (M) fa =( ϕ )P fa +ϕ ( P fa ). (2) If a malicious sensor attacks, i.e., {ϕ,ϕ } {,}, her statistical behaviors will deviate from that of the honest sensor. The objective of this paper is to detect the malicious sensors by observing their statistical deviations. III. THE PROPOSED METHOD The proposed malicious sensor detection method consists of two phases: ) conditional frequency check (CFC), and 2) an auxiliary hamming distance check (HDC). A. Conditional Frequency Check According to the preceding model, a malicious sensor has two degrees of freedom, i.e., two parameters ϕ and ϕ, in launching an attack. The convectional frequency check, which detects malicious sensors by computing their frequencies of reporting [], enforces only one constraint to the attacker s behavior as indicated in Eq.(6) below. This is insufficient to prevent the malicious sensor from attacking. However, when the true spectrum states are Markovian, the proposed CFC can enforce two constraints by exploring the correlation between consecutive spectrum states, and consequently identify any flipping attack easily. In particular, the CFC consists of two statistics as defined below. Definition : The two conditional frequency check statistics of a sensor are defined as Ψ Pr(r t = r t = ), and Ψ Pr(r t = r t = ), respectively, where r t denotes the sensor s report at time t. According to the definitions, these two statistics are related to the model parameters as Ψ = π a P 2 fa +(π a +π a )P d P fa +π a P 2 d π P fa +π P d, (3) Ψ = π a ( P fa ) 2 +(π a +π a )( P d )( P fa ) π ( P fa )+π ( P d ) π a ( P d ) 2 + π ( P fa )+π ( P d ). (4) In the CFC, the fusion center will evaluate Ψ and Ψ for every sensor and compare the resulting values with those of the trusted sensor. If the values are sufficiently different, the corresponding sensor will be identified as malicious. In the following, the effectiveness of this statistical check is demonstrated through two analytical results, followed by a practical approach to estimating these two statistics that eliminates the requirement of any prior knowledge about the sensing and spectrum models. Proposition : For the Markov spectrum model considered in this paper, any sensor that survives the CFC can pass the FC. Proof: A malicious sensor can pass the FC as long as Pr(r (M) t = ) = Pr(r (tr) t = ), where r (M) t (r (tr) t ) denotes the malicious (trusted) sensor s report at time t. However, she needs to achieve Ψ (M) = Ψ (tr) and Ψ (M) = Ψ (tr) to survive the CFC. Note that Pr(r (tr) t = i) = Pr(r (tr) t = i) (i {,}) when the true spectrum states are in equilibrium, and Pr(r (tr) t = ) = Ψ (tr) Pr(r (tr) t = ) + ( Ψ(tr) )Pr(r (tr) t = ). Consequently, for any sensor that survives the CFC, we have Pr(r (M) t = )= Ψ (M) 2 Ψ (M) Ψ (M) Ψ (tr) = 2 Ψ (tr) Ψ (tr) =Pr(r (tr) t = ), (5) which implies that this sensor can also pass the FC. Proposition 2: If ap fa+a Pd 2, a malicious sensor can never pass the CFC if she attacks, i.e., {ϕ,ϕ } {,}. If ap fa+a Pd, an active malicious sensor can pass the CFC only if she sets {ϕ,ϕ } to {,}. Proof: According to Proposition, passing the FC is a necessary condition for a malicious sensor to pass the CFC. Thus, ϕ must satisfy π P (M) fa +π P (M) d = Pr(r (M) t = ) = Pr(r (tr) t = ) = π P fa +π P d. Considering () and (2), this implies the following linear constraint on ϕ and ϕ : ϕ (π ( P fa )+π ( P d )) = ϕ (π P fa +π P d ).(6) When (6) holds, defineg (ϕ ) (π P fa +π P d ) (Ψ (M) Ψ (tr) ). After some algebra, it can be shown that g (ϕ )=ϕ 2 κ 2 [π π 2 a (π a +π a )π π (7) +π π 2 a ]+ϕ κ [ 2π π a P fa +(π a +π a )(P fa π P d π )+2π π a P d ] P fa P d (π ( P fa )+π ( P d )). where κ = Note that the malicious sensor can pass the CFC only if she could find a ϕ = [ϕ,ϕ ] that satisfies both g (ϕ ) = (i.e., Ψ (M) = Ψ (tr) ) and (6). Denote ϕ as the non-zero root of g (ϕ ) =, which can be found as: ϕ = ξ 2 κ ξ, (8) where ξ = π π 2 a (π a +π a )π π +π π 2 a and ξ 2 = 2π π a P fa +(π a +π a ) (π P fa π P d ) +2π π a P d. According to (6) and (8), ϕ is given as where κ = P fa P d (π P fa +π P d ). ϕ = ξ 2 κ ξ, (9)

3 Consider the relation πa = π, (8) and (9) can be simplified as ϕ =2 2(a P fa +a Pd) a +a, () ϕ = 2(a P fa +a Pd) a +a. () As a direct consequence of () and (), ϕ +ϕ = 2 must hold if the malicious sensor wants to pass the CFC. On the other hand, ϕ,ϕ by definition. These two conditions imply that {ϕ,ϕ } exists only if 2(aP fa+a Pd) = and the corresponding {ϕ,ϕ } equals {,}. Otherwise, there is no valid non-zero solution for both g (ϕ ) = and (6). That is, the malicious sensor cannot pass the CFC if she attacks. Define the error function e(ϕ) Ψ (tr) Ψ (M) 2, where Ψ (tr) [Ψ (tr),ψ (tr) ] and Ψ (M) [Ψ (M),Ψ (M) ] are the CFC statistics of the trusted and the malicious sensor, respectively. A typical figure ofe(ϕ) when the condition ap fa+a Pd holds is shown in Fig.. As can be seen, {,} is the only blind spot of the CFC. In contrast, the conventional FC only enforces a linear constraint (6) on the attacker, thus forming a blind line as indicated in Fig.. Fig.. holds. e(ϕ) = Ψ (tr) Ψ (M) 2.8.7.6.4.3.2. ϕ P d =.9, P fa =., a =.2, a =.2 The linear constraint enforced by the frequency check.2.4.6.8 Typical graph of e(ϕ) when the condition a P fa +a Pd a +a Definition 2: For any sensor, two histogram estimators for Ψ and Ψ are defined as: ( T ) ( / T ) ˆΨ, (2) ˆΨ t= δ rt+,δ rt, ( T δ rt+,δ rt, t= ϕ t= ) ( / T t= δ rt, δ rt, ), (3) respectively, where δ i,j = iff i = j and T is the detection window length. Proposition 3: The two estimators ˆΨ and ˆΨ converge to Ψ and Ψ, respectively, as T. Proof: The proof is give in the Appendix. Remark : According to Proposition 3, the CFC statistics of all honest sensors (including the trusted one) will converge to the same value, i.e., Ψ (tr). On the other hand, the CFC statistics of any malicious sensor will converge to some value Ψ (M) (depending on its ϕ), which is different from Ψ (tr) according to Proposition 2. Therefore, any sensor whose CFC statistics differs from that of the trusted sensor is malicious. In practice, the values of the two CFC statistics between any two honest sensors may be different due to finite detection window length T. For this concern, only when the difference between the CFC statistics of a sensor and those of the trusted sensor is larger than a pre-specified threshold β CFC, will this sensor be identified as malicious. The proposed CFC procedure with threshold β CFC is summarized in Algorithm. Algorithm The CFC procedure Compute ˆΨ (tr) and ˆΨ (tr) for the trusted sensor according to (2) and (3). for sensor i do Compute ˆΨ (i) and ˆΨ (i) according to (2) and (3). if ˆΨ (tr) ˆΨ (i) 2 > β CFC then Classify sensor i as malicious. end if end for B. The Hamming Distance Check As shown in Fig., the CFC fails to detect the malicious sensor using ϕ = {,} when ap fa+a Pd. This may happen when a = a and P d + P fa =. However, in this case, a large normalized hamming distance between the report sequences from a malicious sensor i and the trusted T sensor, which is defined as d h (i,tr) T δ (i) r, will t,r (tr) t t= be expected because of the high local inference flipping probability at the malicious sensor. Based on this observation, sensor i will be identified as malicious if d h (i,tr) is greater than a pre-specified threshold β HDC. IV. SIMULATIONS Two different cases are simulated. In both cases P d =.9 and P fa =., but in the first case, A = [.8.2.2.8 ], and in the second case, A = [.8.2.4.6 ]. Thus, the condition a P fa +a Pd is satisfied in the first case but not in the second one. Every malicious sensor randomly selects its own {ϕ,ϕ } according to uniform distribution over (,] 2. The thresholds are set as β CFC =.2 and β HDC =.3. There are n H = 8 honest sensors and n M = 3 malicious sensors, i.e., the malicious sensors dominate the network. The detection window length is T = (time slot). At the fusion center, the majority voting rule is used. Simulation results of a typical run of the first case are shown in Fig. 2 Fig. 4. In particular, by comparing Fig. 2 and Fig. 3, it can be seen that two malicious sensors whose flipping probabilities ϕ and ϕ are close to successfully pass the CFC. However, these two malicious sensors fail to pass the subsequent HDC. Also, it can be seen by comparing Fig. 3 and Fig. 4 that there is one malicious user surviving both CFC and HDC. Further examination reveals that the flipping probabilities of this malicious user are low: ϕ and

4 CFC Truth.9.9.8.8.7.7 Ψ.6 Ψ.6.4.4.3.2..2.3.4 Ψ.6.7.8 Fig. 2. sensor detection result using CFC..3.2..2.3.4 Ψ.6.7.8 Fig. 4. True sensor types. CFC and HDC V. CONCLUSIONS Ψ.9.8.7.6.4 sensors with flipping probablities close to Miss classified sensor.3.2..2.3.4 Ψ.6.7.8 Fig. 3. sensor detection result using CFC and HDC. A new method consisting of two CFC statistics and an auxiliary HDC procedure has been proposed in this paper for malicious user detection under a Markov spectrum model. By using the two consistent histogram estimators of the CFC statistics, the proposed method does not require any prior knowledge of the spectrum and sensing models for malicious sensor detection. Both theoretical analysis and simulation results show that the proposed method, with the assistance of a trusted sensor, can achieve high malicious user detection accuracy, and thus significantly improves collaborative spectrum sensing performance. The proposed method does not rely on global decision and thus is effective even when the malicious sensors dominate the network. ϕ.. Although this malicious sensor is not detected, its negative influence on the spectrum sensing result of the fusion center is negligible. Table I summarizes the simulation results over Monte Carlo runs for both cases. The proposed method achieves nearly perfect sensing results in both cases, i.e., P d =.9956 and P fa =.6 in the first case, and P d =.9958 and P fa =.8 in the second case, which are significantly better than the sensing performances of both the single trusted sensor and that of using all sensors without malicious sensor detection. Besides, the proposed algorithm also provides high malicious sensor detection accuracy (η > 95%) in both cases. TABLE I AVERAGE PERFORMANCES COMPARISON OVER RUNS. No detection only Proposed Pd FC (case one).9448.8982.9956 Pfa FC (case one).562.99.6 η (case one) 95.9% Pd FC (case two).9457.95.9958 Pfa FC (case two).55.994.8 η (case two) 95.3% APPENDIX A PROOF OF PROPOSITION 3 Proof: It can be seen that ˆΨ = n n X ti in which X ti i= is defined as {, if rti+ =, given r ti =, X ti =, if r ti+ =, given r ti =, (4) where t i is the time slot for the i-th reported of the sensor. To prove the convergence of ˆΨ, we need to prove ) E( ˆΨ ) = Ψ, which is simple to show by noticing that E(X t ) = Pr(r t+ = r t = ) = Ψ ; 2) lim Var( ˆΨ ) =. T In general, X t s are not independent due to the correlation between the consecutive true spectrum states in the Markov model. Thus, the central limit theorem can not be applied. However, we will show the second fact is true by first proving that the correlation between X i and X j (i > j) vanishes as (i j) approaches infinity. That is, lim E(X ix j )=E(X i )E(X j ) (5) (i j)

5 Note that and E(X i X j ) =Pr(r i+ =,r j+ = r i =,r j = ) =Pr(r j+ = r j = )Pr(r i+ = r i =,r j = ) =Pr(r j+ = r j = )[Pr(s i+ = r i =,r j = )P d +Pr(s i+ = r i =,r j = )P fa ] E(X j )E(X i ) =Pr(r j+ = r j = )Pr(r i+ = r i = ) =Pr(r j+ = r j = )[Pr(s i+ = r i = )P d +Pr(s i+ = r i = )P fa ]. Comparing the two preceding equations, it can be seen that, to prove (5), it is sufficient to prove lim Pr(s i+ = r i =,r j = ) = Pr(s i+ = r i = ) (i j) Note that Pr(s i+ = r i = ) is given as Pr(s i+ = r i = ) = P dpr(s i+ =,s i = )+P fa Pr(s i+ =,s i = ) P d Pr(s i = )+P fa Pr(s i = ) = π P d a +π P fa a π P d +π P fa, (6) and Pr(s i+ = r i =,r j = ) is given as 3 Pr(s i+ = r i =,r j = ) = P2 d Pr(s i+ =,s i =,s j = ) P 2 d Pr(s i =,s j = )... +P dp fa Pr(s i+ =,s i =,s j = ) +P d P fa Pr(s i =,s j = )... +P dp fa Pr(s i+ =,s i =,s j = ) +P d P fa Pr(s i =,s j = )... +P2 fa Pr(s i+ =,s i =,s j = ) +P 2 fa Pr(s i =,s j = ) = π (Pd 2p() i j a +P d P fa ( p () i j )a ) π (Pd 2p() i j +P dp fa ( p () i j ))... +π (Pfa 2 p() i j a +P d P fa ( p () i j )a ) +π (Pfa 2 p() i j +P dp fa ( p () i j )), (7) where p () n Pr(s n+j = s j = ) and p () n Pr(s n+j = s j = ). According to the definition, the following recursive relation holds for p () n, p () n =Pr(s j+n = s j = ) =Pr(s j+n =,s j+n = s j = ) +Pr(s j+n =,s j+n = s j = ) =a p () n +a ( p () n ). (8) Consequently, p () a = a +a. Similarly, we have p () = a a +a. Substituting these two expressions into (7), it can be verified that Pr(s i+ = r i =,r j = ) = π P d a +π P fa a π P d +π P fa = Pr(s i+ r i = ) as i j approaches infinity. Therefore (5) holds. Now, we will use (5) to prove that lim Var( ˆΨ ) =. n For any positiveδ, K δ such that Cov(X i,x j ) < δ/2 when i j > K δ due to (5). Also, given K δ, N δ such that 4K δ < δn δ. Then, for any n > N δ, we have Var( ˆΨ ) = n 2 ( )] Cov(X i X j ) [n n 2 2K δ + δ 2 (n 2K δ ) < i j 2 δ N δ K δ + δ 2 < δ. That is, lim hand, for any finite N δ, n > N δ with probability when T approaches infinity, which implies Var( ˆΨ ) =. On the other n lim Var( ˆΨ ) =. T Therefore, ˆΨ converges to Ψ. Following the same approach, it can be shown that ˆΨ converges to Ψ. REFERENCES [] I. F. Akyildiz, B. F. Lo, and R. Balakrishnan, Cooperative spectrum sensing in cognitive radio networks: A survey, Physical Communication (Elsevier) Journal, vol. 4, no., pp. 4 62, Mar. 2. [2] G. Baldini, T. Sturman, A. Biswas, R. Leschhorn, G. Gódor, and M. Street, Security aspects in software defined radio and cognitive radio networks: A survey and a way ahead, IEEE Commun. Surveys Tuts., no. 99, pp. 25, Apr. 2. [3] A. S. Rawat, P. Anand, H. Chen, and P. K. Varshney, Collaborative spectrum sensing in the presence of Byzantine attacks in cognitive radio networks, IEEE Trans. Signal Process., vol. 59, no. 2, pp. 774 786, Feb. 2. [4] R. Chen, J. M. Park, Y. T. Hou, and J. H. Reed, Toward secure distributed spectrum sensing in cognitive radio networks, IEEE Commun. Mag., vol. 46, no. 4, pp. 5 55, Apr. 28. [5] R. Chen, J. M. Park, and K. Bian, Robust distributed spectrum sensing in cognitive radio networks, Proc. INFOCOM, Phoenix, AZ, May. 28. [6] P. Kaligineedi, M. Khabbazian, and V. K. Bhargava, user detection in a cognitive radio cooperative sensing system, IEEE Trans. Wireless Commun., vol. 9, no. 8, pp. 2488 2497, Jun. 2. [7] W. Wang, H. Li, Y. Sun, and Z. Han, Securing collaborative spectrum sensing against untrustworthy secondary users in cognitive radio networks, EURASIP Journal on Advances in Signal Processing, vol. 2, Oct. 2. [8] K. Zeng, P. Paweczak, and D. Cabric, Reputation-based cooperative spectrum sensing with trusted nodes assistance, IEEE Commun. Lett., vol. 4, no. 3, pp. 226 228, Mar. 2. [9] S. Marano, V. Matta, L. Tong, Distributed detection in the presence of Byzantine attacks, IEEE Trans. Signal Process., vol. 57, no., pp. 6 29, Jan. 29. [] H. Li, and Z. Han, Catch me if you can: An abnormality detection approach for collaborative spectrum sensing in cognitive radio networks, IEEE Trans. Wireless Commun., vol. 9, no., pp. 3554 3565, Nov. 2. [] F. Adelantado, and C. Verikoukis, A non-parametric statistical approach for malicious users detection in cognitive wireless ad-hoc networks, Proc. ICC, Kyoto, Japan, Jul. 2. [2] A. Vempaty, K. Agrawal, H. Chen, and P. Varshney, Adaptive learning of Byzantines behavior in cooperative spectrum sensing, Proc. WCNC, Quintana Roo, Mexico, May 2. [3] D. Zhao, X. Ma, and X. Zhou, Prior probability-aided secure cooperative spectrum sensing, Proc. WiCOM, Wuhan, China, Oct. 2. [4] S. Li, H. Zhu, B. Yang, C. Chen, and X. Guan, Believe yourself: A usercentric misbehavior setection scheme for secure collaborative spectrum sensing, Proc. ICC, Kyoto, Japan, Jul. 2. 3 Note that a x...+b +y is used to represent a+b due to space limitations. x+y