fastprobe: malicious user detection in cognitive radio networks through active transmissions
DESCRIPTION
FastProbe: Malicious User Detection in Cognitive Radio Networks Through Active Transmissions. Tarun Bansal, Bo Chen and Prasun Sinha Department of Computer Science and Engineering Ohio State University Columbus, Ohio. White Space Channels. Discrepancy in channel usage - PowerPoint PPT PresentationTRANSCRIPT
1
FastProbe: Malicious User Detection in Cognitive Radio
Networks Through Active TransmissionsTarun Bansal, Bo Chen and Prasun SinhaDepartment of Computer Science and Engineering
Ohio State UniversityColumbus, Ohio
2
White Space Channels• Discrepancy in channel usage
– Unlicensed (ISM) bands are congested – Licensed bands are free most of the time
• Unused channels can be used for data transmission
Taken from “How much white-space capacity is there?” IEEE DySPAN, 2010
3
Opportunistic Usage
• Unlicensed users must avoid interference to licensed user (or primary user, PU)
• Two Types:– In band Scanning: Detect arrival of primary user to avoid causing
interference to them– Out of band Scanning: Detect channels currently not in use by licensed
users
• Scanning takes time and results in throughput loss
• Scanning must be reliable‒ Use Cooperation‒ BS based model: BS collects scanning readings from users and
aggregates
What if some users deliberately report incorrect results?
Malicious Cognitive Radio Users
4
• May not scan the channel
– Have a hardware error due to which its readings are erratic
– Reports arbitrary sensing results without performing any sensing to save time and/or energy
– Incorrectly report the channel to be busy (DoS attack)
Objective: Identify the malicious users in the network
Related Work
5
• Existing algorithms (e.g., ADSP, Min et al. ICNP 2009)
– Divide the Cognitive Radios (CRs) in clusters
– All users in the same cluster are expected to have similar results
– If some node has substantially different result compared to its neighbors, it is marked as malicious
Limitations of the Related Work
6
• Presence of obstacles affect the readings– Assumption that users in the same cluster have similar
readings may not be true
Secondary Base Station (SBS)n1
n2n3
Existing algorithms will label n1 as malicious
Cluster BusyVacant
Vacant
Limitations of the Related Work (contd.)
7
• Ground truth (State of the PU) is unknown
• Current algorithms detect malicious users reactively– Users scan the channel and then base stations determine
the malicious users
– BS may make multiple incorrect scanning decisions before it detects malicious users
– Incorrect scanning decisions cause interference to licensed users (Violation of FCC requirements)
8
Working of FastProbe• Active Transmissions Based Approach: Proactively detect malicious
users
• A subset of CRs (testing nodes) transmit PU-Emulated (PUE) signals
• Neighboring CRs are asked to scan the channel and report results back to the Base Station
• Malicious users can’t distinguish PUE signals from the actual PU signals and would report incorrect results.
• Mission Accomplished.
9
Detecting Malicious Users (Out-of-Band Sensing) : FastProbe Illustration
SBSn1
n2
n3
Link Historical Path Loss
PathLoss (this round)
n1 <-> n2 67 dB 66 dB
n1 <-> n3 59 dB 60 dB
n4 <-> n5 61dB 48 dB
n4 <-> n6 46 dB 47 dB
n4
n5
Testing Nodes: n1, n4
n6
ReputationValue
0.8 -> 0.9
0.9 -> 0.95
0.82 -> 0.64
0.83 -> 0.89
ReputationValue
0.8
0.9
0.82
0.83
A difference of 13 dB: n5 did not participate in out of band sensing
in this round
10
Detecting Malicious Users (In-Band Sensing)
• FastProbe works similar as before– SBS asks a subset of the users to transmit PUE
signals
– The neighboring users must report the presence of PU within 2 seconds (FCC requirement)
11
Detecting Malicious Users (In-Band Sensing) : FastProbe Illustration
SBSn1
n2
n3
n4
n5
n2 and n3 must report the arrival of the licensed user within 2 seconds
n1 transmits PUE signals on the
channel that n2 and n3 are
currently using
n6
If not, mark them as malicious
12
Advantages of FastProbe
• Base Station has knowledge about the ground truth (e.g., transmission power level) for the tests– It can more accurately conclude if the received power
level reported by the tested node is correct
• Path loss readings compared with the previous readings for the same transmitter-receiver pair– Uncertainties due to obstacles and multipath are
removed
13
Other Challenges Answered in the Paper• How do we test the nodes in the shortest possible time?
– Choose the set of testing nodes carefully
• Checking if the testing node itself is malicious and does not transmit PUE signals faithfully– Aggregate data from neighboring CRs with high reputation
• How to make it difficult for the malicious users to distinguish PUE signals from the actual PU signals– Transmit PUE signals at random power level– Let multiple testing nodes transmit simultaneously to make it difficult to
localize
• Detecting collusion of malicious users– Use the SBS to transmit PUE signals
14
Experiment Setup
• 3 PUs also deployed (not shown above)
• 5 channels in 2.4Ghz and 5Ghz spectrum
• Number of malicious CRs varied from 1 to 5
Wall affects the correlationamong neighboring users
SBS
CRs
15
Experiments Setup (Contd.)
• Two different attack models: – Attack 1: Malicious nodes sense the channel but
they either report higher power level, lower power level or the correct power level, each with 1/3 probability .
– Attack 2: Multiple malicious CRs located close to each other collude so as to improve the reputation value of one of the malicious nodes.
16
Other Algorithms Implemented
• ADSP: “Attack-Tolerant Distributed Sensing for Dynamic Spectrum Access Networks”, Min et al., ICNP 2009– Arranges neighboring CRs in clusters– CRs in the same cluster assumed to have similar
readings
• Most of the existing algorithms work in a similar way
17
Experiment Results: Throughput Loss
FastProbe detects malicious users with up to 65% less throughput loss.
1 2 3 4 51
4
7
FastProbe Attack 1 FastProbe Attack 2ADSP Attack 1 ADSP Attack 2
Number of Malicious CRsThro
ughp
ut L
oss
(in %
) per
use
r
65% lowerloss
18
Experiment Results: Scanning Accuracy
On an average, sensing accuracy of FastProbe is 1.2x of ADSP
1 2 3 4 50.5
0.75
1
FastProbe Attack 1 FastProbe Attack 2ADSP Attack 1 ADSP Attack 2
Number of malicious CRs
Scan
ning
Acc
urac
y
1.2x
19
Experiment Results: Detection Latency
On an average, ADSP takes 4x longer to detect malicious users
1 2 3 4 50
0.5
1
1.5
2
2.5
3
3.5
FastProbe Attack 1 FastProbe Attack 2ADSP Attack 1 ADSP Attack 2
Number of malicious CRsAver
age
Det
ectio
n La
tenc
y (in
m
ins.
) ADSPtakes4x longer
20
Summary
Thank you
• Proposed an active transmissions based approach
• Proactively detect malicious CRs• Detect malicious users that do not perform in-
band sensing or out of band sensing
21
Simulation Setup
• 100 km X 100 km field
• Number of CRs: 400
• Malicious CRs: 80
• Number of PUs: 40
• Number of Channels: 50
22
Simulation Results: Total Transmissions in FastProbe
Number of transmissions done in FastProbe taper off since each user can test multiple neighbors
150 200 250 300 350 400 450 500 600 700 800 1000250
350
450
FastProbe Attack 1 FastProbe Attack 2
Number of CRs
Tota
l Tra
nsm
issi
ons
Simulation Results: Throughput Loss
23
Throughput loss for ADSP is at least 2X compared to FastProbe for both the models
FastProbe does not require multiple users to scan at the same time
50 100 150 200 250 300 350 400 450 500 600 700 800 10000
1
2
3
4
5
6
7
8
9
10
FastProbe Attack 1 FastProbe Attack 2 ADSP Attack 1 ADSP Attack 2
Number of CRs
Thro
ughp
ut L
oss
(in %
) / U
ser
24
Simulation Results under mobility: Throughput Loss
Base Station in FastProbe knows the ground truth, and detects malicious users faster with lower overhead
0 2 4 6 10 20 300
5
10
FastProbe Attack 1 FastProbe Attack 2 ADSP Attack 1 ADSP Attack 2
Churn RateThro
ughp
ut L
oss
(in %
) per
Use
r