 Research
 Open Access
Performance analysis of probabilistic soft SSDF attack in cooperative spectrum sensing
 Linyuan Zhang^{1},
 Qihui Wu^{1}Email author,
 Guoru Ding^{1}Email author,
 Shuo Feng^{1} and
 Jinlong Wang^{1}
https://doi.org/10.1186/16876180201481
© Zhang et al.; licensee Springer. 2014
 Received: 2 March 2014
 Accepted: 20 May 2014
 Published: 31 May 2014
Abstract
In cognitive radio networks, spectrum sensing data falsification (SSDF) attack is a crucial factor deteriorating the detection performance of cooperative spectrum sensing. In this paper, we propose and analyze a novel probabilistic soft SSDF attack model, which goes beyond the existing models for its generalization. Under this generalized SSDF attack model, we firstly obtain closed form expressions of global sensing performance at the fusion center. Then, we theoretically evaluate the performance of the proposed attack model, in terms of destructiveness and stealthiness, sequentially. Numerical simulations match the analytical results well. Last but not least, an interesting tradeoff between destructiveness and stealthiness is discovered, which is a fundamental issue involved in SSDF attack, however, ignored by most of the previous studies.
Keywords
 Cognitive radio
 Spectrum sensing data falsification attack
 Destructiveness
 Stealthiness
1 Introduction
Cognitive radio (CR) has been regarded as a promising technology to improve the spectrum utilization[1]. To enable CR, cooperative spectrum sensing, among multiple spectrum sensors, is one of the key technologies[2]. However, due to the openness of lowlayer protocol stack of CR, the reliability of cooperative spectrum sensing is challenged by many security threats[3].
The most wellknown security threat is the spectrum sensing data falsification (SSDF) attack[4], where abnormal or malicious spectrum sensors falsify their true sensing results. The main goal of SSDF attack can be roughly expressed as two points. One point is to decrease the global detection probability for disturbing the normal operation of the primary user (PU). The other is to increase the global probability of false alarm with the purpose of wasting the access opportunities of the honest secondary users (SUs).
Previous studies on SSDF attack modeling can be generally grouped into two classes: hard SSDF attack and soft SSDF attack. Briefly, in hard SSDF attack, malicious SUs falsify their local binary decisions[5–8], while in soft SSDF attack, malicious SUs falsify their received energy values. Compared to hard SSDF attack, soft SSDF attack is generally more powerful and elusory for its relatively larger value space[9–12], since malicious SUs falsify real energy observations, rather than binary decisions, to mislead the fusion center (FC).
Three soft SSDF attack models have been widely adopted to test various secure sensing algorithms: Always Yes[13], Always No[14, 15], and Always Adverse[16]. In Always Yes soft SSDF attack, an attacker raises its local observations by injecting a positive offset in every sensing slot. In Always No attack, an attacker decreases its local observations by injecting a negative offset in every sensing slot. In Always Adverse attack, an attacker firstly performs a local binary hypothesis testing between H_{0} and H_{1} by comparing its energy observation with a predefined threshold, with H_{0} denoting the case that the primary signal is absent and H_{1} otherwise; then, the malicious SU raises its observations when its local binary decision is H_{0} and decreases its observations when its decision is H_{1}. One main limitation of the existing soft SSDF attack models is that they are oversimplified and not general enough to serve as the baseline for the design of counterattack or secure sensing algorithms.
Motivated by the observations above, in this paper, we start with an objective to develop a more general soft SSDF attack model, which should go beyond the existing models and include them as special cases. We also consider that each attacker should be smart to have dual goals in mind: (i) causing harmful disturb to cooperative spectrum sensing and (ii) protecting itself against being easily detected. Specifically, the main contributions of this paper are as follows:

Propose a generic probabilistic soft SSDF attack model and derive the corresponding closedform expressions of global sensing performance at the fusion center.

Analyze the destructiveness of the proposed attack model under three general scenarios and obtain the corresponding optimal attack strategies.

Define a stealthiness metric and analyze the stealthiness of the proposed attack model under a classical secure sensing algorithm.

Discover an interesting tradeoff between destructiveness and stealthiness, which is a fundamental issue involved in SSDF attack, however, ignored by most of the previous studies.
The remainder of this paper is organized as follows. Section 2 presents the spectrum sensing preliminaries. In Section 3, we formulate the proposed probabilistic soft SSDF attack model and present the analysis of its impacts on the sensing performance. Analytical results on destructiveness and stealthiness of the proposed attack model are provided in Sections 4 and 5, respectively. Numerical results are given in Section 6, and conclusions are provided in Section 7.
2 Spectrum sensing preliminaries
where H_{0} denotes the case that the primary signal is absent and H_{1} denotes the case that PU is present, N is the number of SUs, r_{ i }(t) is the tth sample of the ith SU’s received signal, s_{ i }(t) is the PU’s transmit signal, h_{ i }(t) is the channel gain, and n_{ i }(t) denotes the additive white Gaussian noise (AWGN).
where u_{0i}=2U,${\sigma}_{0i}^{2}=4U$, u_{1i}=2U(γ_{ i }+1),${\sigma}_{1i}^{2}=4U(2{\gamma}_{i}+1)$ and γ_{ i } is the received SNR of the i th SU.
where η_{ f } is the global threshold at the FC and w_{ i }∈ [ 0,1] is the weight assigned to the ith SU by the FC, and${\sum}_{i=1}^{N}{w}_{i}=1.$
3 Probabilistic soft SSDF attack
In this section, we will propose a generic soft SSDF attack model and present the analysis of its impacts on the sensing performance. Before going into deep analysis, we declare that a generic and effective SSDF attack model should at least have the following features:

Attackers should be able to exploit their local sensing results to implement effective attacks, and the imperfection of the local sensing results should also be considered.

Attackers should be able to jointly consider harmfully disturbing the FC to obtain wrong decisions and reliably protecting itself from being easily detected, by properly adjusting attack parameters.
3.1 The proposed attack model
where u_{2i} and${\sigma}_{2i}^{2}$, respectively, denote the mean and variance when the local decision of the ith SU is H_{0} (i.e., PU is absent), u_{3i} and${\sigma}_{3i}^{2}$ denote the mean and variance when the local decision is H_{1}. Obviously, for an honest SU, the attack probability equals to zero. For a malicious SU, the attack probability p_{ i }∈(0,1). Naturely, the two mean values of random distributions have such a relation: u_{2i}≥u_{3i}, as the attacker generally falsifies sensing results by reversing them. To facilitate the following analysis, we define (u_{2i},u_{3i}) as the attack strength and consider the case${\sigma}_{2i}^{2}={\sigma}_{3i}^{2}={\sigma}_{1i}^{2}$.
The attack model in (5) is general enough to include the existing models as special cases, via properly adjusting the attack parameters (u_{2i},u_{3i},p_{ i }). For example, Always No[13], Always Yes[14, 15], and Always Adverse attacks[16] can be realized when (u_{2i},u_{3i},p_{ i }) is set as (u_{0i},u_{0i},1), (u_{1i},u_{1i},1) and (u_{1i},u_{0i},1), respectively. In particular, the attack probability p_{ i } can make the proposed attack more elusory and flexible.
3.2 Local sensing performance under probabilistic soft SSDF attack
where$f\left(\frac{x{u}_{i}}{{\sigma}_{i}}\right)$ represents the PDF of the Gaussian variable x with the mean u_{ i } and standard deviation σ_{ i }, Q(x) is the Gaussian Qfunction and η_{ i } is local threshold.
3.3 Global sensing performance under probabilistic soft SSDF attack
4 Destructiveness analysis
In this section, we evaluate the impacts of the three model parameters p_{ i },u_{2i},u_{3i} on the proposed attack model’s destructiveness. Specifically, we analyze three general and actual scenarios in sequence:
 (i)
Probabilistic attack: The optimal attack probability is derived to cause the largest harm to FC’s detection performance.
 (ii)
Contention attack: Setting appropriate attack strength, a malicious SU implements the optimal attack to maximize the global probability of false alarm to waste access opportunities of honest SUs.
 (iii)
Interference attack: With specific attack strength, a malicious SU conducts the optimal attack with the purpose of minimizing the global probability of detection to disturb the normal operation of the primary user.
Furthermore, without loss of generality, in the following analysis, the weight w_{ i } is set as 1/N.
4.1 Probabilistic attack
Theorem 1
For the given attack strength (u_{2i},u_{3i})=(u_{1i},u_{0i}), the probability of detection P_{ d } decreases with the attack probability p_{ i } and the probability of false alarm P_{ f } increases with p_{ i }.
Proof
Consequently, the probability of false alarm P_{ f } increases with the attack probability p_{ i }. Similarly, we can obtain P_{ d }(p_{ i }+Δ)P_{ d }(p_{ i })<0, and thus the probability of detection P_{ d } decreases with p_{ i }. Therefore, the detection error probability P_{ e }={(1P_{ d })P(H_{1})+P_{ f }P(H_{0})} increases with p_{ i }.
Note that Theorem 1 without taking into account any defense or secure sensing algorithms at the FC, obviously, a malicious SU with a high attack probability is prone to being easily found out for its low stealthiness, which will be further studied in the next section.
4.2 Contention attack
To simplify proofs, we assume that there exists a single malicious SU (i.e., the ith SU) in the system. Simultaneously, to partially ensure the stealthiness of attack behaviors, attack strength is limited (see Appendix).
Theorem 2
Given the probability of detection as P_{ d }=β and the attack probability as p_{ i }=p_{ a }, the probability of false alarm P_{ f } increases with u_{2i}.
Proof.
Theorem 2 points out that the global probability of false alarm can reach the maximum when u_{2i} reaches the available maximum. This theorem provides us with an approach to derive the optimal solution of attack strength to the optimization in (15). Fixed P_{ d } provides an implicit function about u_{3i} and u_{2i} whose range is limited in the Appendix. Then based on Theorem 2, the optimal value can be selected from the set of (u_{2i},u_{3i}) satisfying the function.
4.3 Interference attack
Theorem 3
Given the probability of false alarm as P_{ f }=α and the attack probability as p_{ i }=p_{ a }, the probability of detection decreases with u_{3i}.
Proof.
Theorem 3 points out that the global probability of detection can reach the maximum when u_{3i} reaches the available minimum. This theorem provides us with an approach to derive the optimal solution of attack strength to the optimization in (22). Fixed P_{ f } provides an implicit function about u_{3i} and u_{2i} whose range is limited in Appendix. Then based on Theorem 3, the optiaml value can be selected from the set of (u_{2i},u_{3i}) saitisfying the function.
5 Stealthiness analysis
In the previous section, analysis on destructiveness is done without taking into consideration any defense or secure sensing algorithms at the FC, while in this section, we consider that a classical secure sensing algorithm developed in[18] is adopted at the FC to find out the potential attackers. Therefore, stealthiness of the proposed attack model should further be studied.
Current secure algorithms at the FC mainly leverage history sensing results to identify malicious SUs[3]. To ensure the generality of the stealthiness analysis, a classical algorithm developed in[18] is chosen in this paper. Breifly, we first review this algorithm as follows.
where N_{ m } is the number of malicious SUs,${r}_{i}^{m}\left(k\right)$ denotes the reputation value of the ith malicious SU, and${r}_{i}^{h}\left(k\right)$ denotes the reputation value of the ith honest SU. We choose honest SUs as a baseline and the FC hardly distinguish a malicious SU from malicious ones when the stealthiness metric is close to 1, that is to say, the malicious SU has good stealthiness. Deeper analysis is done in the next section.
6 Performance evaluation and discussions
In this section, numerical simulations are used to verify the analytical results on destructiveness and stealthiness of the proposed probabilistic soft SSDF attack model.
In the following simulations, the cooperative spectrum sensing system consists of a FC and N SUs, among which N_{ m } SUs are malicious. The average received SNR is set as 7 dB and the local threshold is obtained by setting the local false alarm probability as 0.1. The time bandwidth product U is 100. The probability of primary signal being present is set as P(H_{1})=0.5. Without loss of generality, in the following simulations, for all malicious SUs, we set A=1.1u_{1i},B=0.9u_{0i},u_{2i}=u_{2},u_{3i}=u_{3},∀i=1,…,N_{ m }.
6.1 Destructiveness evaluation
In the simulation, N=10,N_{ m }=3. Curves with four groups of attack strengths (u_{2},u_{3}) are plotted. We also plot the curve without malicious SUs as the baseline. It is shown in Figure2 that (i) the global detection error probability increases with the attack probability, (ii) when the attack strength increases, i.e., increasing of u_{2} and/or decreasing of u_{3}, the global detection error probability increases, and (iii) simulations match the theoretical results very well.
6.2 Stealthiness evaluation
In this subsection, we study the impact of the attack probability on stealthiness of the proposed attack model. The attack strength is set as u_{2}=u_{1},u_{3}=u_{0}, and N=10,N_{ m }=3.
Figure5 shows the evolution of the stealthiness metric, defined in (30), under different attack probabilities. Two main observations are as follows:

After a few sensing slots, the stealthiness metric restrains itself to a constant value ψ for each given attack probability p_{ a }.

Malicious users’ stealthiness deteriorates with the attack probability p_{ a }.
The second observation above is opposite to the results in Figure2. Briefly, destructiveness in Figure2 increases with the attack probability while stealthiness in Figure5 decreases with the attack probability. Consequently, there should be a tradeoff between stealthiness and destructiveness with respect to the attack probability.
Although the xaxis and yaxis of Figures2 and6 are of the same content, their results are quite different. The main reason behind the differences lies on the fact that the secure sensing algorithm developed in[18] is adopted at the FC in producing Figure6 to discard the detected malicious SUs before the global fusion. It is observed in Figure6 that with defense or secure sensing algorithms into consideration, there generally exists an optimal attack probability p_{ a }∈(0,1], not necessarily equal to 1.
Taking the curve with the attack strength (u_{1},u_{0}) as an example and comparing it with the curve without malicious SUs, we can divide the attack probability into three intervals:

An interval with a low attack probability than the first point drawn as a circle in Figure6, named role reversal interval, where malicious SUs’ participation does not pose harm to FC’s global fusion, but is beneficial to it.

An interval of a high attack probability than the second point drawn as a square, named exposure interval, where attackers are found out and removed, and their powerful attack action is nearly transparent to FC for their low stealthiness.

An interval of a medium attack probability between the above two points, named favorable attack interval, where effective but stealthy attack can be implemented.
7 Conclusions
In this paper, a generic and novel probabilistic soft SSDF attack model has been proposed. In the proposed attack model, a malicious SU has a certain probability, varying from 0 to 1, to conduct attacks. Under this generalized SSDF attack model, we firstly obtained closedform expressions of the global sensing performance at the fusion center. Then, we theoretically evaluated the performance of the proposed attack model, in terms of destructiveness and stealthiness, sequentially. Moreover, numerical simulations match the analytical results well. An interesting tradeoff between destructiveness and stealthiness has also been discovered, which is a fundamental issue involved in SSDF attack, however, ignored by most of the previous studies.
Appendix
Limitation of attack strength
where A and B are constants. In the condition (a), attack stength are restricted within certain intervals determined by the constants A and B and the relationship of size between u_{2i} and u_{3i} is referred to before, revealing the attack intention. Further, the condition (b) is used to avoid the large deviation from honest reports through the interconstraint relationship between u_{2i} and u_{3i}, and the two sides of the inequation can be used to denote the residual of FC’s threshold minus the honest means.
Declarations
Acknowledgements
This work is supported in part by the National Natural Science Foundation of China under Grant No. 61172062 and No. 61301160 and in part by Jiangsu Province Natural Science Foundation under Grant No. BK2011116.
Authors’ Affiliations
References
 Mitola J: Cognitive radio: an integrated agent architecture for software defined radio. Ph.D. Dissertation, KTH 2000.Google Scholar
 Wu Q, Ding G, Wang J, Yao YD: Spatialtemporal opportunity detection in spectrumheterogeneous cogntive radio networks: twodimensional sensing. IEEE Trans. Wireless Commun 2013, 12(2):516526.View ArticleGoogle Scholar
 Rifa Pous H, Blasco MJ, Garrigues C: Review of robust cooperative spectrum sensing techniques for cognitive radio networks. Wireless Personal Commun 2012, 67(2):175198. 10.1007/s112770110372xView ArticleGoogle Scholar
 Chen R, Park JM, Hou YT: Toward secure distributed spectrum sensing in cognitive radio networks. IEEE Commun. Mag 2008, 46(4):5055.View ArticleGoogle Scholar
 Penna F, Sun Y, Dolecek L, Cabric D: Detecting and counteracting statistical attacks in cooperative spectrum sensing. IEEE Trans. Signal Process 2012, 60(4):18061822.MathSciNetGoogle Scholar
 Yao JN, Wu Q, Wang J: Attacker detection based on dissimilarity of local reports in collaborative spectrum sensing. IEICE Trans. Commun. 2012, 9: 30243027.View ArticleGoogle Scholar
 Li H, Han Z: Catch me if you can: an abnormality detection approach for collaborative spectrum sensing in cognitive radio networks. IEEE Trans. Wireless Commun 2010, 9(11):35543565.View ArticleGoogle Scholar
 Vempaty A, Tong L, Varshney P: Distributed inference with byzantine data: stateoftheart review on data falsification attacks. IEEE Signal Process. Mag 2013, 30(5):6575.View ArticleGoogle Scholar
 Farmani F, Berangi R, MA JannatAbad: Detection of SSDF attack using SVDD algorithm in cognitive radio networks. IEEE Third International Conference on Computational Intelligence, Communication Systems and Networks (CICSyN): 26–28 July 2011 (IEEE, Bali, 2011) 201204.View ArticleGoogle Scholar
 Min AW, Shin KG, Hu X: Secure cooperative sensing in IEEE 802.22 WRANs using shadow fading correlation. IEEE Trans. Mobile Comput 2011, 10(10):14341447.View ArticleGoogle Scholar
 Ding G, Wu Q, Yao YD, Wang JL, Chen YY: Kernelbased learning for statistical signal processing in cognitive radio networks: Theoretical foundations, example applications, and future directions. IEEE Signal Process. Mag 2013, 30: 126136.View ArticleGoogle Scholar
 Cui S, Han Z, Kar S, Kim TT, Poor H, Tajer A: Coordinated datainjection attack and detection in smart grid. IEEE Signal Process. Mag 2012, 29(5):106115.View ArticleGoogle Scholar
 Chen R, Park JM, Bian K: Robust distributed spectrum sensing in cognitive radio networks. INFOCOM 1318 April 2008; Phoenix, AZ (IEEE, 2008), pp. 1876–1884Google Scholar
 Han Y, Chen Q, Wang JX: An enhanced DS theory cooperative spectrum sensing algorithm against SSDF attack. IEEE Vehicular Technol.ogy Conference (VTC Spring) 6–9 May 2012; Yokohama (IEEE, 2012), pp.1–5Google Scholar
 Kaligineedi P, Khabbazian M, Bhargava VK: Secure cooperative sensing techniques for cognitive radio systems. IEEE International Conference on Communications 19–23 May 2008; Beijing (IEEE, 2008), pp. 3406–3410Google Scholar
 NguyenThanh N, Koo I: A robust secure cooperative spectrum sensing scheme based on evidence theory and robust statistics in cognitive radio. IEICE Trans. Commun 2009, 12: 36443652.View ArticleGoogle Scholar
 Urkowitz H: Energy detection of unknown deterministic signals. Proc. IEEE 1967, 55(4):523531.View ArticleGoogle Scholar
 Zeng K, Paweczak P, Cabric D: Reputationbased cooperative spectrum sensing with trusted nodes assistance. IEEE Commun. Lett 2010, 14(3):226228.View ArticleGoogle Scholar
Copyright
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly credited.