IEEE COMMUNICATIONS LETTERS, VOL. 20, NO.

1, JANUARY 2016

93

Defense Against SSDF Attack in Cognitive Radio Networks: Attack-Aware

Collaborative Spectrum Sensing Approach
Abbas Ali Sharifi and Mir Javad Musevi Niya, Member, IEEE

AbstractThe reliability of the collaborative spectrum sensing

(CSS) can be severely decreased by spectrum sensing data
falsification (SSDF) attacks. In an SSDF attack, some malicious
users intentionally report incorrect local sensing results to the
fusion center (FC) and disrupt the global decision-making process. The present study introduces a new defense scheme called
attack-aware CSS (ACSS). The proposed method estimates attack
strength and applies it in the koutN rule to obtain the optimum value of k that minimizes the Bayes risk. The attack strength
is defined as the ratio of the number of malicious users to the total
number of users, which is equal to the probability that a specific
user is malicious.
Index TermsAttack-aware, attack strength, Bayes risk,
spectrum sensing.

I. I NTRODUCTION

OGNITIVE Radio (CR) technology has been proposed to

operate opportunistically in the free space of the licensed
frequency bands in the presence of the licensed Primary Users
(PUs) [1]. One of the main challenges of CR networks is the
spectrum sensing with the aim of finding the vacant frequency
bands [2]. Collaborative Spectrum Sensing (CSS) has been suggested to prevail over the effect of multipath fading, shadowing,
and hidden station issues [3]. Unfortunately, the CSS is vulnerable to Spectrum Sensing Data Falsification (SSDF) attacks [4].
In an SSDF attack, the malicious CR user intentionally sends a
falsified local sensing result to the FC in an attempt to cause the
FC to make incorrect global decision. To mitigate the problem
of SSDF attack, many approaches have been proposed.
Independent and collaborative SSDF attacks have been
developed in [5]. The authors propose a novel reputationbased scheme to identify the attackers. They illustrate that
in the presence of 50% independent attackers, their proposed
approach cannot differentiate between the malicious and benign
users. However, for collaborative attack, this ratio reduces
to 35%. The authors in [6] present a hybrid method called
Weighted Sequential Probability Ratio Test (WSPRT). Their
method combines the nodes reputation and uses Sequential
Probability Ratio Test (SPRT) to identify malicious users.
Compared with SPRT, the WSPRT improves correct sensing
probability at the cost of increasing sampling overhead. A new
scheme to countermeasure against SSDF attack in CSS, called
Conjugate Prior-based (CoP) is proposed in [7]. The authors
reconstruct the probability function of random sensing reports
Manuscript received July 26, 2015; accepted November 6, 2015. Date of
publication November 10, 2015; date of current version January 7, 2016. The
associate editor coordinating the review of this paper and approving it for
publication was X. Zhou.
The authors are with the WiLab, Faculty of Electrical and Computer
Engineering, University of Tabriz, Tabriz 5166616471, Iran (e-mail:
a.sharifi@tabrizu.ac.ir; niya@tabrizu.ac.ir).
Digital Object Identifier 10.1109/LCOMM.2015.2499286

and each sensing report is examined for the normality based on

a confidence interval.
As a countermeasure against SSDF attacks, we propose a
new method called Attack-Aware CSS (ACSS). The idea is
based on attack strength estimation, where the attack strength
is defined as the probability that a given user is malicious. The
proposed ACSS method obtains the attack strength and applies
it in koutN rule to deriving the optimal value of parameter k
so as to minimize the Bayes risk. To the best of our knowledge,
this important issue has not been disclosed in previous studies.
Simulation results confirmed the effectiveness of the proposed
method.
II. S YSTEM M ODEL
The proposed system model is a centralized CR network
including a PU transmitter located away from the center of
the network. N CR users randomly deployed in a small area
and an FC located at the center of the network, among N
CR users there are Na (Na < N ) malicious users. In addition,
communication range of the PU transmitter covers the whole
network.
The received signal at the ith sample of the jth CR user, x ij ,
can be formulated as [8]:

ni
H0
(1)
x ij = j i
j s j + n ij H1
where H1 and H0 denote hypotheses corresponding to the pres
ence and absence of the PU signal, respectively. j s ij denotes
the received primary signal with the average power j , and n ij
denotes the additive Gaussian noise. We assume that the noise
at each sample and s ij s are independently and identically distributed Gaussian random variables with zero mean and unit
variance. Thus j also represents the average SNR of the jth
CR user. We further assume that the average SNR j is the same
for each CR receiver. This condition is relevant for CR network
which is geographically far from the PU transmitter. Thereby,
the index j can be omitted from j .
With regard to the above assumptions, the received signal,
x ij , is Gaussian distributed as

N (0, 1)
H0
i
xj
(2)
N (0, 1 + ) H1
Accordingly, M samples are utilized for local energy detection
at each CR user. The observed energy of the jth user, E j , is
given by:
M  

 i 2
Ej =
(3)
x j 
i=1

1558-2558 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

94

IEEE COMMUNICATIONS LETTERS, VOL. 20, NO. 1, JANUARY 2016

The local measured energy E j is compared with a predefined threshold and the comparison result is sent to FC via
Common Control Channel (CCC). In the current study, the
CCC is assumed to be error free. Since E j is the sum of absolute
of Gaussian variables, it is distributed as Chi-square random
variable with M degrees of freedom. But, according to central limit theorem, if a large number of samples are considered
(i.e. M > 10), E j can be assumed to be Gaussian distributed as
follows:

N (M, 2M)
 H0
Ej
(4)
H1
N M ( + 1) , 2M( + 1)2
Let us assume that v j represents the binary sensed result by
user j. Then, the probabilities of false alarm and miss detection
rate of a user are P f a and Pm , respectively [9].






M
P f a = P v j = 1 |H0 = P E j > |H0 = Q
2M




Pm = P v j = 0 |H1 = P E j < |H1


M( + 1)
(5)
=Q

( + 1) 2M
where Q(.) is the Q-function for standard normal distribution.
The local threshold is determined by the target false alarm
probability.
III. T HE P ROPOSED ATTACK -AWARE C OLLABORATIVE
S PECTRUM S ENSING
The attacker makes its local binary decision v j and produces
a bit u j = 1 v j as sensing report. Obviously, for benign CR
users, the sensing result v j is the same as its sensing report u j .
The local binary hypotheses (for benign or malicious user) can
be formulated as






P v j = 0 = P v j = 0 |H0 0 + P v j = 0 |H1 1


= 1 P f a 0 + Pm 1


P v j = 1 = P f a 0 + (1 Pm ) 1
(6)
where 0 and 1 denote the actual idle and busy rate of the
channel, respectively. The probability function of sensing report
u j , can also be written as





P u j = 0 = P u j = 0 v j = 0 P(v j = 0)



+ P u j = 0 v j = 1 P(v j = 1)





P u j = 1 = P u j = 1 v j = 0 P(v j = 0)



+ P u j = 1 v j = 1 P(v j = 1)
(7)
Assuming that the sensing and decision strategy is the same
among all benign and malicious users, thus,
 fromthe FC point
of view, two
conditional
probabilities
P
u j = 0 v j = 1 and


P u j = 1 v j = 0 are the same and equal to . The parameter
is called attack strength through the study and is defined as



= P u j  = v j v j = V
V = 0, 1


 


= P u j = v j v j = V, S j = M P S j = M


 

+ P u j = v j v j = V, S j = b P S j = b
= 1 (Na /N ) + 0 ((N Na ) /N ) = Na /N
(8)

Fig. 1. Spectrum sensing process in the presence of malicious users.

where the parameter S j indicates the user type, which can

be malicious (M) or benign (b). Finally, the equation (7) is
simplified to


P u j = 0 = (1 )P(v j = 0) + P(v j = 1)


P u j = 1 = P(v j = 0) + (1 )P(v j = 1)
(9)
The CSS process in the presence of malicious users can be
illustrated as Fig. 1.
Applying the koutN rule, the global false alarm and miss
detection probabilities are respectively given by
Q f a (k) =

N 



(1 P f a ) + (1 )P f a P f a

=k
 N 
+ (1 )(1 P f a )
Q m (k) =

k1 

N
[ Pm + (1 )(1 Pm )] [(1 Pm )

=0

+ (1 )Pm ] N 

(10)

We use the Bayes risk criterion to choose the optimal value of

parameter k that minimize the Bayes risk, given P f a , Pm and
. Assuming that correct decisions incur in no additional cost,
the Bayes risk is defined [9] as
(k) =

1 
1


P(Decision = HU |HV ) V CU V

U =0 V =0

= Q f a (k)0 C f a + Q m (k)1 Cm

(11)

where C f a and Cm are the costs of the false alarm and miss
detection events, respectively. We investigate the impact of
attack strength on the Bayes risk. In high SNR regime
and with a very effective sensing method, two conditions
P f a << and Pm << simultaneously hold. Then, Q f a (k)
and Q m (k) can be respectively approximated as
Q f a (k) Q f a (k) =

N 

N
=k

Q m (k) Q m (k) =

k1 

N
=0

 (1 ) N 

(1 ) N 

(12)

Thus, the Bayes risk can be approximated as

(k) = Q f a (k)0 C f a + Q m (k)1 Cm

(13)

SHARIFI AND MUSEVI NIYA: DEFENSE AGAINST SSDF ATTACK IN COGNITIVE RADIO NETWORKS

95

The above equation is a lower bound for (k). We can also provide upper bounds applying a worst case analysis (i.e. P f a +
Pm = 1), applying (10) in (11) lead to
A + (B A)Q m (k) (k) B + (A B)Q f a (k)

(14)

where A = 0 P f a and B = 1 Pm .
The lower bound is attained for Pm = 0 and P f a = 1. The
upper bound is reached in the case Pm = 1 and P f a = 0. Note
that since Q m (k) is an increasing function of k and Q f a (k) is
a decreasing function of k, the SSDF attacks affect more the
second bound for lower value of k than the first one. The opposite statement is valid for higher k values. Using the fact that
(k) presents a single minimum [9], the optimum k will be the
smallest integer that satisfies
(k + 1) (k) 0

(15)

Some mathematical calculations show that if we apply (15) in

(11), we have that k should satisfy
k ((N ) / (1 + ))
where
=



log 0 C f a /1 Cm

(16)

log Pm (1 ) + (1 Pm ))/(1 P f a )(1)+ P f a



log P f (1 ) + (1 P f ))/(1 Pm )(1 ) + Pm


=
log Pm (1 ) + (1 Pm ))/(1 P f a )(1)+ P f a
Regarding that kopt must remain in the interval 1 kopt N ,
we have that
kopt = min {N , ((N ) / (1 + ))}

In the proposed method, the FC needs to be aware of to

obtain the optimum value of k. Hence, we provide some details
about the derivation of the attack strength . The estimation of
is based on the mean value of received sensing reports. The
average of received reports U and its mathematical expectation
are given by

j=1

E(U ) =

N
1 
E(u j )
N

(18)

j=1

where
E(u j ) =

1

u j =0

and

u j P(u j ) = P(u j = 1)

= (1 )P(v j = 1) + P(v j = 0)

(20)

by substituting (6) in (20),



P(u j = 1) = (1 ) P f a 0 + (1 Pm )1


+ (1 P f a )0 + Pm 1
Thus, E(U ) can be rewritten as


E(U ) = (1 ) P f a 0 + (1 Pm )1


+ (1 P f a )0 + Pm 1

(21)

(22)

Finally, the value of is obtained as

= ((E(U ) )/),

= 0

(23)

where the parameters and are defined as

= P f a 0 + (1 Pm )1
= (2Pm 1)1 + (1 2P f a )0
V. S IMULATION R ESULTS AND D ISCUSSION

IV. P RACTICAL C ONSIDERATION

N
1 
u j,
N


P(u j = 1) = P(u j = 1 v j = 1 )P(v j = 1)

+ P(u j = 1 v j = 0 )P(v j = 0)

(17)

It should be noted that two parameters and depend on the

P f a and Pm . However, these probabilities are parameterized by
the local threshold . Therefore, for different values of , we
will have different values for the kopt parameter.

U=

Fig. 2. The convergences of attack strength ( = 0.3, 0.7).

(19)

Results are provided to illustrate the advantage of the proposed ACSS method. The number of collaborative CR users
N is assumed to be 40 and two probabilities 0 and 1 are
assumed to be 0.8 and 0.2, respectively. The average SNR
between the CR users and the PU is equal to -5 dB and the
number of samples within a detection interval (M) is equal to
20. The local false alarm probability is fixed to constant value
0.1 to obtain the local detection threshold . Two parameters
C f a and Cm are set to 0.3 and 0.7, respectively.
Fig. 2 shows the convergences of attack strength for =
0.3 and 0.7. The estimated value for is converged to constant values after applying almost 300 rounds of sensing. In the
simulation, the initial stage can be set as the first 500 sensing
intervals where the attack strength is estimated and then used to
improve the CSS performance.
Fig. 3 displays the Bayes risk versus parameter k for several
different values of attackers. As shown, in small scale attacks,

96

Fig. 3. The Bayes risk versus k for several different number of attackers.

IEEE COMMUNICATIONS LETTERS, VOL. 20, NO. 1, JANUARY 2016

Fig. 5. The Bayes risk versus threshold for different values of k with = 0.2.

VI. C ONCLUSION
In this study, Collaborative Spectrum Sensing (CSS) in the
presence of the SSDF attacks was investigated. The probability
that a specific user is attacker was estimated and innovatively
applied in koutN rule to obtain the optimal value of k that
minimizes Bayes risk. The obtained results verified that the
proposed approach is a robust defense method against SSDF
attacks.
R EFERENCES
Fig. 4. The Bayes risk versus attack strength .

where malicious users are assumed to be in a minority (Na <

20 is corresponding to < 0.5), the proposed method has high
effectiveness and for a given number of attackers it is an optimal
value for k that leads to minimum Bayes risk. Thus, we aim to
deriving the optimal value for k so as to minimize the Bayes
risk. Moreover, a CR network with more than %50 of malicious
users is highly unlikely.
Fig. 4 depicts the Bayes risk versus attack strength. As shown
in the figure, in conventional method (the case that there is
SSDF attack from which the FC is not aware) with increasing
leads to high Bayes risk, in contrary, by the proposed method
increasing causes a small change in the rate of Bayes risk.
Fig. 5 shows the Bayes risk versus local detection threshold
for different values of k. The system is analyzed under the
attack strength 0.2 (Na = 8). From Fig. 5, one can note that the
value of k corresponding to the minimum Bayes risk depends
on the value as predicted from the theoretical analysis.

[1] J. Mitola and G. Q. Maguire, Cognitive radio: Making software radios

more personal, IEEE Pers. Commun., vol. 6, no. 4, pp. 1318, Aug.
1999.
[2] S. Haykin, Cognitive radio: Brain-empowered wireless communications, IEEE J. Sel. Areas Commun., vol. 23, no. 2, pp. 201220, Feb.
2005.
[3] I. F. Akyildiz, B. F. Lo, and R. Balakrishnan, Cooperative spectrum sensing in cognitive radio networks: A survey, Phys. Commun., vol. 4, no. 1,
pp. 4062, 2011.
[4] R. Chen, J. M. Park, T. Hou, and J. Reed, Toward secure distributed spectrum sensing in cognitive radio networks, IEEE Commun. Mag., vol. 46,
no. 4, pp. 5055, Apr. 2008.
[5] A. Rawat, P. Anand, H. Chen, and P. K. Varshney, Collaborative spectrum sensing in the presence of Byzantine attacks in cognitive radio
networks, IEEE Trans. Signal Process., vol. 59, no. 2, pp. 774786, Feb.
2011.
[6] R. Chen, J. Park, and K. Bian, Robustness against Byzantine failures
in distributed spectrum sensing, Comput. Commun., vol. 35, no. 17,
pp. 21152124, 2012.
[7] V. Chen, M. Song, and C. Xin, CoPD: A conjugate prior based detection
scheme to countermeasure spectrum sensing data falsification attacks in
cognitive radio networks, Wireless Netw., vol. 20, no, 8, pp. 25212528,
2014.
[8] J. Ma, G. Zhao, and Y. Li, Soft combination and detection for cooperative spectrum sensing in cognitive radio networks, IEEE Trans. Wireless
Commun., vol. 7, no. 11, pp. 45024507, Nov. 2008.
[9] P. K. Varshney, Distributed Detection and Data Fusion. New York, NY,
USA: Springer-Verlag, 1997.