outlier 9 imp

7/23/2019 Outlier 9 Imp

http://slidepdf.com/reader/full/outlier-9-imp 1/5

Local Outlier Factor Based Cooperation SpectrumSensing Scheme for Defending Against Attacker

Fatemeh Amini

Department of Electrical and Computer EngineeringIsfahan University of Technology,

Isfahan, [email protected]

Mehdi Mahdavi

Department of Electrical and Computer EngineeringIsfahan University of Technology

Isfahan, [email protected]

Abstract — Cooperative spectrum sensing is proposed as an

efficient way to detect the spectrum holes in cognitive radio

networks (CRNs). This technique, however, opens a window for

malicious users (MUs) and attackers, who send distorted

spectrum sensing data to the FC. In order to defend against such

attacks, it is necessary for the FC to distinguish the trustiness of

the reports from SUs. In this paper, we investigate a scheme to

identify and eliminate the several malicious users based LocalOutlier Factor (LOF). The proposed sensing scheme shows the

better performance than recent research works to deal with

malicious users, while does not required to any other pre-

knowledge about data distribution and network topology. The

performance of the proposed scheme are studied and evaluated

using simulations.

Keywords— cognitive radio; cooperative spectrum sensing;

energy detection; malicious user; outlier

I. I NTRODUCTION

The conducted research by the Federal CommunicationCommission (FCC) indicated that some part of radio spectrum

is idle in certain periods of time [1]. One of reasons of thisinefficient usage of spectrum is assigning spectrum to licensedusers, called primary users. Improper usage of spectrum andincreasing application of wireless systems on the other hand,necessitate development of dynamic access techniques, whereusers who have no spectrum licenses, also known as secondaryusers, are allowed to use temporarily unused licensed spectrum[2]. This technology is known as Cognitive Radio (CR). CR is

based on effective spectrum sensing. Through spectrumsensing and analysis, SU’s can obtain awareness about thespectrum usage and existence of PU.

Environmental elements like multi-path fading andshadowing affect spectrum sensing. Cooperative Spectrum

Sensing (CSS) is suggested to decrease effect of theseelements. In CSS, SU’s share their information with eachother cooperatively, and make cooperative decisions which issurely much accurate than individual decisions. In recentstudies, some strategies are presented to improve the

performance of cooperative spectrum sensing [3, 4]. All ofsuch methods will be effective only when the CR users arehonest. In fact when there are Malicious Users, who send falsedata to the Fusion Center (FC), performance of CSS willdrastically degrade. Some methods are presented to detect andeliminate the effect of malicious users so that one of their

branches is based on defining outliers. The sensible definition

of an outlier is an observation that deviates so much fromother observations as to arouse suspicion that it was generated

by a different mechanism [5]. In this work, we use the terms Local Outlier Factor (LOF) that is density based method fordetermining the outliers [6, 7]. The density-based approachestimate the density distribution of the data and identifiesoutlier as those lying in low-density regions [8].

The proposed method in this article, beside is able to detectand eliminate several malicious user, doesn't require any other

pre-knowledge about data distribution, primary network,location of primary transmitter and location of secondaryusers. Finally, we compare the performance of proposedscheme with latest work like ESD and ABP. Simulationresults show that our proposed scheme effectively defendsagainst various attacks.

The remainder of this paper is organized as follows.Section II is related work. Section III describes the systemmodel and attack model. In Section IV, we propose ourscheme. Section V evaluates the performance of our scheme

under various types of attacks, and Section VI conclusions are presented.

II. R ELATED WORK

In recent years cooperative spectrum sensing is proposedto improve the performance of spectrum sensing. SUs cansend valid or invalid data to FC. Thus, it is essential todesigning robust cooperative sensing schemes to defendagainst malicious users that send invalid data. Much effort hasalready been made in recent years, such as [9]–[19].

An attack detection framework for cooperative spectrumsensing, called IRIS has been developed in [9]. Authors of [9]used the system state estimation to determine the

presence/absence of a primary user. IRIS employs the largestnormalized residual method to eliminate abnormal sensingreports iteratively. In [10] COI algorithm has been proposed tocomplement IRIS for cooperative attacks. In [11] Anderson-Darling Goodness-of-feet method has been proposed that testswhether the distribution of the sensing data from eachsecondary user fits the expected distribution for a malicioususer. In [12] a cooperative sensing method based on Bayesianreputation model has been proposed witch the cooperation inCRNs is viewed as a service-evaluation process and SU’sreputation degree is updated according to its service history.By using sparsity property of the signals, the concept of

978-1-4799-5359-2/14/$31.00 ©2014 IEEE

2014 7th International Symposium on Telecommunications (IST'2014)

1144



compressive sensing (CS) is presented that reduces the cost ofobtaining data. Using this method, an incomplete matrix iscreated at the FC. To defense attacks from malicious users inthis kind of systems, in [13] Adaptive Outlier Pursuit (AOP) isused to complete the incomplete matrix and identify themalicious users in CR network. In [14], some Trust Anchor

Detectors are used that evaluate instantaneous trustworthinessof mobile detectors in combination with their reputation

scores.In recent studies, to identify and remove the effect of

malicious users, methods based on outlier have been proposed[15-19]. In [15] Grub test and in [16] Dixon test have beenused to determine outlier. These approaches are useful whenthe number of malicious users is not more than one. But,increasing the number of malicious user, identification

performance reduce drastically. In [18] to identify more thanone malicious users, ABP and GESD tests have been

proposed. GSED can detect several malicious users if the datadistribution model is log-normal.

The CSS scheme proposed in this paper has advantagesover previous work. In this work, does not require priorknowledge about the location of the SU’s and the networktopology. Also, it is not necessary to calculate and maintainthe history of the CR users and the proposed scheme does notdepend on the data distribution model. Herein, a powerfulcooperative spectrum sensing scheme is presented which also

presents good resistant against several malicious user whilethe number and type of attacker is unknown.

III. SYSTEM MODEL

A. Network Model

We consider a cognitive radio network with a FC and N secondary users in the presence of a primary user. We assumethe time is framed and the primary user in channel is presentor absent in the desired spectrum for the whole frame. Eachframe is divided to four phase which are: sensing phase,transmission phase, decision phase and sending data phase, asfig.1 shows.

Frame

Sensing Phase Transmission Phase Decision Phase Sending Data Phase

21 N

Fig. 1. Frame Structure

In sensing phase, secondary users employ energy detection

to detect the presence or absence of primary user locally. Intransmission phase, each SU sends the data obtained fromspectrum sensing through an ideal control channel to the FC.Transmission phase is also divided into N sections and eachSU is allowed to send his own data in one of these sections. Inthe decision phase in FC is decided that PU is presence orabsence, by using data sent by SU’s. We assume softcombining at the FC, which is known to outperform hardcombining. In sending data phase, if the final decisionindicates the absence of the primary user, FC selects one ofthe SUs to send its data. The CSS model presented above isdesigned with the assumption that there is no malicious user

among the SUs. In fact, with presence malicious users thatsend false data to the FC, performance of the cooperativesensing will be dramatically degraded. Therefore, it isimportant to detect and eliminate MUs from cooperation

before the decision making process.

Suppose is energy detector output of ith

secondaryuser at n

th frame. Typically, local sensing for primary signal

detection can be formulated as a binary hypothesis problem asfollows [16]:

20

1

21

1

( )

[ ]

( ) ( ) ( )

1,2, ,

L

i

k i L

i i

k

n k H

n

h k s k n k H

i N

ϕ =

=

⎧⎪⎪⎪

= ⎨⎪

+⎪⎪⎩

=

∑

∑…

(1)

where is transmitted signal from the primary user, isthe channel gain between the primary user and the i

th

secondary user, is zero-mean additive white Gaussian noise

(AWGN), is number of samples obtained from energydetector and and denote the hypothesis of the absenceand presence of the PU signal, respectively.

B. Attack Model

There are always users who intentionally orunintentionally send false data to the FC. SU’s whointentionally send false data called malicious users anddivided into three groups: Always YES, Always NO and Always Opposite users. The efficiency of CSS is reduced bythe presence of malicious users.

In Always No attack, when the primary user is active,malicious user reports its data in a way that both the energy

sensed from the spectrum and the detection probability aredecreased. In Always YES attack, when the primary user isinactive, malicious user reports an increased amount of energyand therefore increases the false alarm probability. In AlwaysOpposite, when the primary user is active, malicious userreports less amount of energy and when the primary user isinactive, malicious user reports high amount of energy. Suchkind of malicious user intends to fool other SUs to believe thatthe spectrum is occupied while PU is absence and to causeinterference to the PU when PU is presence. In the followingwe assume that malicious users act independently at eachframe.

IV.

THE PROPOSED SCHEME OF DETECTING MALICIOUS USERS The secondary users send their sensing data to FC through

control channel. In FC, outlier factor is used to detect andremove the effect of malicious users. Outlier factor is ameasure of deviation of a data point from the rest of the data.In this paper, we use LOF and proposed a CSS scheme on LOF(CSS-LOF based) which determines outlier based density.

Let , , , … , denotes the

received soft decision vector at FC from each SU during nth

sensing iteration. LOF is allocated to each of the data that

1145



reflects the degree of outlier-ness of it, then LOF values werecompared with the threshold value and data that its LOF isgreater than the threshold value are identified as malicious userdata and removed from combination process. In the following,calculation method of LOF is explained. To explain thecalculation method of LOF, it is necessary to define notions ofthe I -distance of object , the I -distance neighborhood of ,reachability distance of an object and local reachability

density of an object . Herein, the concept

of object is thespectrum sensing data which is obtained by SUs and are sent to

the FC. Furthermore, by dist( , ) we mean the distance between and .

Definition 1: I -distance of an object . For any positiveinteger I , the I -distance of object , denoted as I-dist( ), isdefined as the distance dist( , ) between and an object ((i.e. dist ( , )) such that:

• There exists at least I object such as where , ,

• There exists at most ( I -1) object such as where , ,

Definition 2: I -distance neighborhood of an object .Given I-dist (), the I -distance neighborhood of denoted by contains every object whose distance from is

not greater than I-dist( ) that is:

{ }( )( ) | , ( , ) ( )i I dist i z z i z i N D dist I dist ϕ ϕ ϕ ϕ ϕ ϕ ϕ − = ∈ ≤ −

(2)

Definition 3: Reachability distance of an object withrespect to object . The reachability distance of object with respect to object , denoted by reach-dist( , ) isdefined as follow:

{ }( , ) max ( ), ( , ) I i k k i k reach dist I dist dist ϕ ϕ ϕ ϕ ϕ − = −

(3)

Definition 4: Local reachability density of an object .

The local reachability density of iϕ which is denoted by

is defined as:

( )

( )

1( )

( , )

( )

k I i

i

I i

I i k N

I i

lrd reach dist

N

ϕ ϕ

ϕ

ϕ ϕ ϕ

ϕ

∈

=

−⎛ ⎞⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠

∑

(4)

Definition 5: Local outlier factor of an object . The local

outlier factor of denoted by is defined as:

( ) ( )

( )

( )

( )( )

( )

k I ii

i

I k

N I i

I i

I i

ldr

ldr LOF

N

ϕ ϕ ϕ

ϕ

ϕ

ϕ ϕ

ϕ

∈

=

∑

(5)

The LOF of object is the average ratio of localreachability density of and its I -distance neighborhood [8].It is proved that LOF of the honest user data is approximatelyequal to one [7].

V. SIMULATION R ESULTS AND A NALYSIS

In this section, we evaluate the performance of the proposed cooperative spectrum sensing scheme based on LOFassigned to CR users. We also compare our proposed schemewith generalized ESD and ABP methods in [18]. We consider aCR network with N=20 SUs cooperating among each other todetect a PU. The rural propagation model [21] is considered forthe primary signal. Hatha model [22] is implemented for path

loss that has been proposed in the 802.22 working group [23].Operating frequency is 300MHz, the primary transmitterantenna height is 30m and antenna height of CR users is 1.5m.SUs are randomly located in the range of 2000×2000. Thestandard deviation of log-normal shadowing is 5dB. Theaverage SNR of each SU is −10dB. SU’s employ energydetection to detect presence or absence of primary user. Next,SUs send their energy values to the FC through controlchannels which are assumed to be perfect. The time-bandwidthfactor is TW=50.

It is important pointing out that the value of I has a highimpact on the performance of LOF in our system. To obtainthe optimal value of I , we proposed Algorithm 1 as shown in

fig. 2. In this algorithm, malicious user type is always NO and P d is Probability of detection. We assume that if P d is greaterthan 0.95, then the malicious user data is identified andeliminated.

For optimal choice of I , when malicious type is AlwaysYES , an algorithm similar to Algorithm 1 is applied except thatfor such types of malicious users we assume if P f is smallerthan 0.05, then the malicious users data is identified andeliminated.

Fig. 2: Suggested algorithm to find optimized value of I

Fig.3.a shows the simulation result of algorithm 1 for Always NO type of malicious users. As can been see for I=10the maximum number malicious users can be identified. Fig3.b shows the simulation result of algorithm 2 for Always YESmalicious users. As you can see, if I=10 the maximum numberof malicious users are identified.

Algorithm 1: Optimization of I ( Always O MU)

1: N = 20, Counter(MU j)=0

2: For I = 1 to N

3: For MU j =1 to N

4: Sense Channel by SU’s and Sending report to FC

5: Calculate LOF and S_LOF and Delete MU Data

6: Calculate P d

7: If P d ≥ 0.95

8: Counter(MU j) = Counter(MU j) + 1

9: Else Break

10: End If

11: End For

12: End For

1146



Fig 3.a: The number of detected Always NO MU vs. I

Fig. 3.b: The number of Detected Always YES MUs vs. I

Fig. 4 shows the performance comparison of the proposedscheme with other outlier tests namely GESD and ABP tests.For this simulation, malicious users type are Always Opposite and the number of such users are M = 4. Furthermore, I = 5 isconsidered.

Fig. 4: Comparison of different outlier tests with proposed CSS scheme based test ( N =20, MU = 4, Always Opposite)

From Fig. 4, it can be observed that the detection performance of all three schemes increases along with theincrease of the required false alarm probability. Moreover, thedetection performance of the proposed scheme performsslightly better than the GESD and ABP based cooperativescheme. Hence, our proposed cooperative schemes can defendagainst the Always Opposite attack effectively and will be ableto remove effect of the multiple malicious users. Fig. 5

presents the comparison of the detection performance of proposed scheme with GESD and ABP based schemes underdifferent SNR. For such comparison MU = 4, I = 5 and P f = 0.01 and malicious users type is Always

Opposite. As can be seen from Figs. 4 and 5, LOF tests perform better than GESD and ABP tests.

Fig. 5. P d vs. Average SNR of comparison tests

The performance of the proposed scheme is compared withtwo cases. In the first case there is no malicious user in thenetwork. In the second case there are 8 numbers of malicioususers in the system however, there is no scheme to combatwith attackers. We first consider Always No malicious users.

As shown in this Fig 6, the proposed scheme can welleliminate the impact of such malicious users.

Fig. 6: Comparison of CSS Scheme based LOF with when MU don’t

exist ( N =20, MU=8, Always NO type)

Fig. 7 presents the detection performance of the proposedCSS scheme when malicious users type is Always YES . FromFigs. 6 and 7 it can be concluded that the proposed solution isable to eliminate both types of Always Yes/No malicious user.

Fig. 7: Comparison of Proposed Scheme with when MU don’t exist( N =20, MU=8, Always YES type)

1147



VI. CONCLUSION

This paper proposed an outlier-based malicious userdetection scheme for cooperative sensing. The proposedscheme, which is based on Local Outlier Factor , is resistantagainst several malicious users while the number and type ofattacker is unknown. Also proposed CSS scheme don’t require

pre-knowledge about data distribution, primary network,location of primary transmitter and location of secondary

users. Finally, LOF tests perform better than recent researchworks.

VII. R EFERENCES

[1] Spectrum Policy Task Force report, technical report 02-135,Federal Communications Commission, Nov 2002.

[2] B. Wang and K.J. Ray Liu, “Advances in Cognitive Radio Networks: A Survey”, IEEE Journal of selected Topic in signal processing, VOL. 5, NO. 1, FEBRUARY 2011.

[3] Su-wen, W.J. kang, Z. Ling, Q. Ming, “SNR-based weightedcooperative spectrum sensing in cognitive radio networks,”ELSEVIER, The Journal of China Universities of Posts andTelecommunications, Vol. 17, Issue 2, April 2010, pp. 1-7.

[4] G. Zhanga, R. Dingb, L. Huangb, “Using Trust to EstablishCooperative Spectrum Sensing Framework” ELSEVIER, Perdoica

Engineering 15, 2011, pp. 1361-136.[5] D. Hawkins, “Identification of Outliers,” Chapman and Hall,

London, 1980.[6] M.M. Breunig, H.P. Kriegel, R.T. Ng, J. Sander, “LOF: Identifying

Density-Based Local Outliers,” In Proceedings of ACMSIGMODInternational Conference on Management of Data, pp. 93-104,Dallas, Texas, U.S.A., 2000.

[7] L. Chiu, A.W. Fu, “Enhancements on Local Outlier Detection,”Proceedings of the Seventh International Database Engineeringand Applications Symposium, July 2003 IEEE.

[8] J. Xi, X. Zhou, J. Su, “Outlier Detection Algorithms in DataMining,” Second International on Intelligent InformationTechnology Application, Dec. 2008, IEEE, Vol. 1, pp. 94 – 97.

[9] A.W. Min, K. Kim, K.G. Shin, “ Robust Cooperative Sensing viaState Estimation in Cognitive Radio Networks,” InternationalSymposium on Dynamic Spectrum Access Networks (DySPAN),

May 2011, pp. 185 - 196.[10] Z. Qin, Q. Li, G. Hsieh, “Defending Against Cooperative Attacks

in Cooperative Spectrum Sensing,” IEEE TRANSACTIONS ONWIRELESS COMMUNICATIONS, VOL. 12, NO. 6, JUNE 2013.

[11] G. Noh, S. Lim, S. Lee, D. Hong,” Goodness-of-Fit-basedMalicious User Detection in Cooperative Spectrum Sensing,”Vehicular Technology Conference (VTC Fall), 2012 IEEE.

[12] M. Zhou, J. Shen, H. Chen, L. Xie, “A Cooperative SpectrumSensing Scheme Based on the Bayesian Reputation Model inCognitive Radio Networks,” 2013 IEEE, Wireless Communicationand Networking Conference (WCNC), MAN.

[13] Z. Qin, Y. Gao, M.D. Plumbley, C.G. Parini, L.G. Cuthbert, “Low-rank Matrix Completion based Malicious User Detection inCooperative Spectrum Sensing,” Global Conference on Signal andInformation Processing (GlobalSIP), Dec. 2013 IEEE, pp. 1186 –1189.

[14]

R. Zhang, J. Zhang, Y. Zhang, C. Zhang, “Secure Crowdsourcing- based Cooperative Spectrum Sensing,” INFOCOM, April 2013,Proceedings IEEE, pp. 2526 - 2534.

[15] P. Kaligineedi, M. Khabbazian, V.K. Bhargava, “Malicious UserDetection in a Cognitive Radio Cooperative Sensing System”IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS,VOL. 9, NO. 8, AUGUST 2010, pp. 2488-2497.

[16] S.S. Kalamkar, A.Banerjee, “Malicious User Suppression forCooperative Spectrum Sensing in Cognitive Radio Networks usingDixon’s Outlier Detection Method,” IEEE Communications(NCC), 2012 National Conference on, 2012, pp. 1 – 5.

[17] S. Srinu, S.L. Sabat, “Cooperative wideband sensing based oncyclostationary features with multiple malicious user elimination,”

ELSEVIER, International Journal of Electronics andCommunications, 24 February 2013, pp. 702– 707.

[18] S.Srinu, S.L. Sabat, “Cooperative wideband sensing based onentropy and cyclic features under noise uncertaint,” IET SignalProcess, IEEE 2013, Vol. 7, Iss. 8, pp. 655–663.

[19] S. Jana, K. Zeng, P. Mohapatra, “Trusted Collaborative SpectrumSensing for Mobile Cognitive Radio Networks,” IEEE, INFOCOM2012, Information Forensics and Security, IEEE Transactions on,2013, pp. 1497 – 1507.

[20] F. Zhang, P. Ren, L. Sun, Q. Du, “An Iterative Screening Strategy

Based on Detection Performance for Multi-Channel CooperativeSpectrum Sensing,” Aug. 2013, 8th International Conference onCommunications and Networking in China (CHINACOM), pp.628 - 632.

[21] N. Shabbir, M.T. Sadiq, H. Kashif, R. Ullah, “ COMPARISON OFRADIO PROPAGATION MODELS FOR LONG TERMEVOLUTION (LTE) NETWORK,” International Journal of Next-Generation Networks (IJNGN), Vol. 3, No. 3, Sep, 2011.

[22] M. Hata, “Empirical Formula for Propagation Loss in Land MobileRadio Services,” IEEE TRANSACTIONS ON VEHICULARTECHNOLOGY, VOL. VT-29, NO. 3, AUGUST 1980.

[23] G. Chouinard, “IEEE P802.22 Wireless RANs: minutes of the‘channel model’ sub-group teleconference,” July 2005, availableat: http://www.ieee802.org/22/.

[24] A.G. Fragkiadakis, E.Z. Tragos, I.G. Askoxylakis, ”A Survey onSecurity Threats and Detection Techniques in Cognitive Radio

Networks,” IEEE COMMUNICATIONS SURVEYS &TUTORIALS, 2012.

1148

outlier 9 imp

Documents