Byzantine Attack and Defense in Cognitive Radio Networks: A Survey

The Byzantine attack in cooperative spectrum sensing (CSS), also known as the spectrum sensing data falsification (SSDF) attack in the literature, is one of the key adversaries to the success of cognitive radio networks (CRNs). In the past couple of years, the research on the Byzantine attack and defense strategies has gained worldwide increasing attention. In this paper, we provide a comprehensive survey and tutorial on the recent advances in the Byzantine attack and defense for CSS in CRNs. Specifically, we first briefly present the preliminaries of CSS for general readers, including signal detection techniques, hypothesis testing, and data fusion. Second, we analyze the spear and shield relation between Byzantine attack and defense from three aspects: the vulnerability of CSS to attack, the obstacles in CSS to defense, and the games between attack and defense. Then, we propose a taxonomy of the existing Byzantine attack behaviors and elaborate on the corresponding attack parameters, which determine where, who, how, and when to launch attacks. Next, from the perspectives of homogeneous or heterogeneous scenarios, we classify the existing defense algorithms, and provide an in-depth tutorial on the state-of-the-art Byzantine defense schemes, commonly known as robust or secure CSS in the literature. Furthermore, we highlight the unsolved research challenges and depict the future research directions.Comment: Accepted by IEEE Communications Surveys and Tutoiral

When Attackers Meet AI: Learning-empowered Attacks in Cooperative Spectrum Sensing

Defense strategies have been well studied to combat Byzantine attacks that aim to disrupt cooperative spectrum sensing by sending falsified versions of spectrum sensing data to a fusion center. However, existing studies usually assume network or attackers as passive entities, e.g., assuming the prior knowledge of attacks is known or fixed. In practice, attackers can actively adopt arbitrary behaviors and avoid pre-assumed patterns or assumptions used by defense strategies. In this paper, we revisit this security vulnerability as an adversarial machine learning problem and propose a novel learning-empowered attack framework named Learning-Evaluation-Beating (LEB) to mislead the fusion center. Based on the black-box nature of the fusion center in cooperative spectrum sensing, our new perspective is to make the adversarial use of machine learning to construct a surrogate model of the fusion center's decision model. We propose a generic algorithm to create malicious sensing data using this surrogate model. Our real-world experiments show that the LEB attack is effective to beat a wide range of existing defense strategies with an up to 82% of success ratio. Given the gap between the proposed LEB attack and existing defenses, we introduce a non-invasive method named as influence-limiting defense, which can coexist with existing defenses to defend against LEB attack or other similar attacks. We show that this defense is highly effective and reduces the overall disruption ratio of LEB attack by up to 80%

A Study on Techniques/Algorithms used for Detection and Prevention of Security Attacks in Cognitive Radio Networks

In this paper a detailed survey is carried out on the taxonomy of Security Issues, Advances on Security Threats and Countermeasures ,A Cross-Layer Attack, Security Status and Challenges for Cognitive Radio Networks, also a detailed survey on several Algorithms/Techniques used to detect and prevent SSDF(Spectrum Sensing Data Falsification) attack a type of DOS (Denial of Service) attack and several other  Network layer attacks in Cognitive Radio Network or Cognitive Radio Wireless Sensor Node Networks(WSNN’s) to analyze the advantages and disadvantages of those existing algorithms/techniques

A Message Passing Approach for Decision Fusion in Adversarial Multi-Sensor Networks

We consider a simple, yet widely studied, set-up in which a Fusion Center (FC) is asked to make a binary decision about a sequence of system states by relying on the possibly corrupted decisions provided by byzantine nodes, i.e. nodes which deliberately alter the result of the local decision to induce an error at the fusion center. When independent states are considered, the optimum fusion rule over a batch of observations has already been derived, however its complexity prevents its use in conjunction with large observation windows. In this paper, we propose a near-optimal algorithm based on message passing that greatly reduces the computational burden of the optimum fusion rule. In addition, the proposed algorithm retains very good performance also in the case of dependent system states. By first focusing on the case of small observation windows, we use numerical simulations to show that the proposed scheme introduces a negligible increase of the decision error probability compared to the optimum fusion rule. We then analyse the performance of the new scheme when the FC make its decision by relying on long observation windows. We do so by considering both the case of independent and Markovian system states and show that the obtained performance are superior to those obtained with prior suboptimal schemes. As an additional result, we confirm the previous finding that, in some cases, it is preferable for the byzantine nodes to minimise the mutual information between the sequence system states and the reports submitted to the FC, rather than always flipping the local decision

A Game-Theoretic Framework for Optimum Decision Fusion in the Presence of Byzantines

Optimum decision fusion in the presence of malicious nodes - often referred to as Byzantines - is hindered by the necessity of exactly knowing the statistical behavior of Byzantines. By focusing on a simple, yet widely studied, set-up in which a Fusion Center (FC) is asked to make a binary decision about a sequence of system states by relying on the possibly corrupted decisions provided by local nodes, we propose a game-theoretic framework which permits to exploit the superior performance provided by optimum decision fusion, while limiting the amount of a-priori knowledge required. We first derive the optimum decision strategy by assuming that the statistical behavior of the Byzantines is known. Then we relax such an assumption by casting the problem into a game-theoretic framework in which the FC tries to guess the behavior of the Byzantines, which, in turn, must fix their corruption strategy without knowing the guess made by the FC. We use numerical simulations to derive the equilibrium of the game, thus identifying the optimum behavior for both the FC and the Byzantines, and to evaluate the achievable performance at the equilibrium. We analyze several different setups, showing that in all cases the proposed solution permits to improve the accuracy of data fusion. We also show that, in some instances, it is preferable for the Byzantines to minimize the mutual information between the status of the observed system and the reports submitted to the FC, rather than always flipping the decision made by the local nodes as it is customarily assumed in previous works

Application of reinforcement learning for security enhancement in cognitive radio networks

Cognitive radio network (CRN) enables unlicensed users (or secondary users, SUs) to sense for and opportunistically operate in underutilized licensed channels, which are owned by the licensed users (or primary users, PUs). Cognitive radio network (CRN) has been regarded as the next-generation wireless network centered on the application of artificial intelligence, which helps the SUs to learn about, as well as to adaptively and dynamically reconfigure its operating parameters, including the sensing and transmission channels, for network performance enhancement. This motivates the use of artificial intelligence to enhance security schemes for CRNs. Provisioning security in CRNs is challenging since existing techniques, such as entity authentication, are not feasible in the dynamic environment that CRN presents since they require pre-registration. In addition these techniques cannot prevent an authenticated node from acting maliciously. In this article, we advocate the use of reinforcement learning (RL) to achieve optimal or near-optimal solutions for security enhancement through the detection of various malicious nodes and their attacks in CRNs. RL, which is an artificial intelligence technique, has the ability to learn new attacks and to detect previously learned ones. RL has been perceived as a promising approach to enhance the overall security aspect of CRNs. RL, which has been applied to address the dynamic aspect of security schemes in other wireless networks, such as wireless sensor networks and wireless mesh networks can be leveraged to design security schemes in CRNs. We believe that these RL solutions will complement and enhance existing security solutions applied to CRN To the best of our knowledge, this is the first survey article that focuses on the use of RL-based techniques for security enhancement in CRNs

Spectrum sensing, spectrum monitoring, and security in cognitive radios

Spectrum sensing is a key function of cognitive radios and is used to determine whether a primary user is present in the channel or not. In this dissertation, we formulate and solve the generalized likelihood ratio test (GLRT) for spectrum sensing when both primary user transmitter and the secondary user receiver are equipped with multiple antennas. We do not assume any prior information about the channel statistics or the primary user’s signal structure. Two cases are considered when the secondary user is aware of the energy of the noise and when it is not. The final test statistics derived from GLRT are based on the eigenvalues of the sample covariance matrix. In-band spectrum sensing in overlay cognitive radio networks requires that the secondary users (SU) periodically suspend their communication in order to determine whether the primary user (PU) has started to utilize the channel. In contrast, in spectrum monitoring the SU can detect the emergence of the PU from its own receiver statistics such as receiver error count (REC). We investigate the problem of spectrum monitoring in the presence of fading where the SU employs diversity combining to mitigate the channel fading effects. We show that a decision statistic based on the REC alone does not provide a good performance. Next we introduce new decision statistics based on the REC and the combiner coefficients. It is shown that the new decision statistic achieves significant improvement in the case of maximal ratio combining (MRC). Next we consider the problem of cooperative spectrum sensing in cognitive radio networks (CRN) in the presence of misbehaving radios. We propose a novel approach based on the iterative expectation maximization (EM) algorithm to detect the presence of the primary users, to classify the cognitive radios, and to compute their detection and false alarm probabilities. We also consider the problem of centralized binary hypothesis testing in a cognitive radio network (CRN) consisting of multiple classes of cognitive radios, where the cognitive radios are classified according to the probability density function (PDF) of their received data (at the FC) under each hypotheses

Synoptic analysis techniques for intrusion detection in wireless networks

Current system administrators are missing intrusion alerts hidden by large numbers of false positives. Rather than accumulation more data to identify true alerts, we propose an intrusion detection tool that e?ectively uses select data to provide a picture of ?network health?. Our hypothesis is that by utilizing the data available at both the node and cooperative network levels we can create a synoptic picture of the network providing indications of many intrusions or other network issues. Our major contribution is to provide a revolutionary way to analyze node and network data for patterns, dependence, and e?ects that indicate network issues. We collect node and network data, combine and manipulate it, and tease out information about the state of the network. We present a method based on utilizing the number of packets sent, number of packets received, node reliability, route reliability, and entropy to develop a synoptic picture of the network health in the presence of a sinkhole and a HELLO Flood attacker. This method conserves network throughput and node energy by requiring no additional control messages to be sent between the nodes unless an attacker is suspected. We intend to show that, although the concept of an intrusion detection system is not revolutionary, the method in which we analyze the data for clues about network intrusion and performance is highly innovative