7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 1/10

Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104

Contents lists available at ScienceDirect

International Journal of Electronics andCommunications (AEÜ)

 journal homepage: www.elsevier .com/ locate /aeue

Secure cooperative spectrum sensing under primary user emulationattack in cognitive radio networks: Attack-aware threshold selectionapproach

Abbas Ali Sharifi ∗, Morteza Sharifi, Mir Javad Musevi Niya

Faculty of Electrical andComputer Engineering, University of Tabriz, Tabriz, Iran

a r t i c l e i n f o

 Article history:Received 29 April 2015Accepted 28 October 2015

Keywords:Cognitive radioCooperative spectrum sensingPrimary user emulation attackAttack parametersAttack-aware threshold selection

a b s t r a c t

Cooperativespectrumsensing(CSS) is aneffectiveapproachto improve thedetectionperformanceincog-nitive radio (CR) networks. TheCSS process imposes some additional security threats to the CRnetworks.One of the commonthreats isprimaryuser emulationattack (PUEA). In thisparticular typeof attack, somemalicious users try to imitate primary signal characteristics and defraud CR users to prevent them fromaccessing the idle frequency bands. Here, we propose a novel cooperative sensing scheme with attack-awarecapability in thepresenceof amaliciousPUEA.Moreprecisely, theprobabilitiesof thepresenceof aPUEA fake signal in both presence andabsenceof the licensedPU signal are estimated.Then, theobtainedparameters areused to determine the optimal threshold that minimizes the total error probability. Sim-ulation results are presented to indicate the performance improvement of the proposedmethod againstPUEAcomparedwith the conventionalmethod.

© 2015 Elsevier GmbH. All rights reserved.

1. Introduction

In the past decade, cognitive radio (CR) has been introducedas a promising technology to solve the spectrum scarcity resultedfromthe rapidly proliferatedwireless communication services [1].In a CR networks, secondary or unlicensed user is allowed toreuse idle frequency band (spectrum hole) which belongs to thelicensedPrimaryUser(PU)onlywhenitdoesnotcause interferenceto the PU operation. To this end, the CR users must have flexi-ble and convenient channel utilizationmode. Therefore, spectrumsensing becomes one of the crucial issues in CR network to detectthe activity of the PU and should be reliable, quick and accurate.Another important issue for discovering spectrum usage informa-tion is using thedatabase service that helps predict PUactivity andresults in energy efficient spectrum sensing [2]. An efficient spec-trumsensingmethodleadsto great improvement in spectrumholeutilization and overcomes the problem of spectrumscarcity.Basedon classical signal detection, several methods have been proposedfor local spectrum sensing [3–5]. But through it all, energy detec-tion technique is preferred because of its low complexity and therequirementof noprior informationofPUsignal features.Themain

∗   Corresponding author..E-mail addresses: a.sharifi@tabrizu.ac.ir (A.A. Sharifi),

msharifi91@ms.tabrizu.ac.ir (M. Sharifi), niya@tabrizu.ac.ir (M.J.M. Niya).

challenge behind spectrum sensing which dramatically compro-misessensingperformance is receiveruncertaintyproblem suchaschannel fading condition and the so-called hidden terminal prob-lem [6]. Motivatedby this fact, cooperative spectrumsensing (CSS)is proposed as a promising methodology to combat with shad-owing, multipath fading, and so on. The CSS process is able toreach better sensing and improve the achievable throughputs byexploiting the observation diversity between CR users [7]. In CSS,each user independently performs local sensing and then reportsits measurements to a fusion center (FC). Based on the nature of received data, the FC chooses one of the soft or hard combiningrules to decide about channel status [8,9].

Because of theuniquecharacteristic of CRnetwork architecturethat allows various unknownwireless devices to opportunisticallyaccess the spectrum, CR networks are prone to serious securitythreats andarevulnerable tomaliciousattacks [10]. Since CRusersare self-cognitive and re-configurable, some malicious users canmanipulate their transmitter parameters and mimic incumbentsignal to pretend as a licensed PU. So, the other CR users areprevented from accessing the channel. Such attack, called as pri-mary user emulation attack (PUEA), was first introduced in [11].To date, several research literatures have been conducted to findan effective approach to deal with PUEA. To distinguish betweenPU and PUEA signals, the authors in [11] proposed a transmitterverification method. Their proposed method takes advantage of the geographical location of a PU by exploiting two techniques:

http://dx.doi.org/10.1016/j.aeue.2015.10.0101434-8411/©2015 Elsevier GmbH. All rights reserved.

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 2/10

96  A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104

distance ratio test (DRT) and distancedifference test (DDT). In [12],a location-baseddefensemechanismagainst thePUEA is explored.Theauthorsproposedutilizingthe physical location informationof the PU transmitter and received signal strength (RSS) characteris-tics which are collected by deploying sensor network. In [13–15],the authors discuss the malicious PUEA in theCR network withoutusing anylocationinformation. Theydevelopmathematical formu-lation of probability density function (PDF) of the received powerfrom malicious users by Fenton approximation and then presentNeyman–Pearson CompositeHypothesis Test (NPCHT) andWald’sSequential Probability Ratio Test (WSPRT) to detect the malicioususers. A PUEA operating in the spectrum holes of Digital TV (DTV)bandisconsideredin [16]. A reliableAdvancedEncryptionStandard(AES)-assistedDTV scheme is suggested, where the TV transmittergenerates an AES-encrypted reference signal and theobtained sig-nal is used as the sync bits of the DTV data frames. By sharing asecret between the transmitter and receiver, the reference signalis regenerated at the receiver and used to achieve accurate detec-tion of licensedPU.Furthermore,whencombinedwith the analysison the auto-correlation of the received signal, the presence of themalicious PUEA is accurately identified. A new CSS scheme in thepresenceofPUEA is investigatedin [17], inwhichthe sensing infor-mationof different CR users isweighted combined at FC. Then, the

assigned weights are optimized with the objective of maximizingthe detection probability under constant false alarm rate (CFAR).The PUEA is assumed to be always present in radio environmentwhich is not practical and efficient for the attacker because it con-sumes more power. Finally, the authors analyzed the impact of the channel estimation error on the system performance. Unlikeaforementioned research, the authors in [18], demonstrate that asmart behavior of attacker can impose a more destructive effecton the spectrum sensing process. In this scenario, PUEA performsspectrumsensing andsends the fake signal with the desired signaloccurrence over special frequency band. The authors also investi-gated the smart PUEA in [19], in which they usedweighted vectorof CR’s reports at FCandmaximized theaverageCognitiveSignal toInterference plus Noise Ratio (CSINR). In [20], a hard combination

method has been considered and voting rule exploited to choosethe final decision. Then, the researchers explore the optimizednumberof samples used fordecisionmakingand find an appropri-atedetectionthresholdsoas tominimizethe total errorprobability.In [21], the CSS process is investigated in the presence ofmultiplesmartPUEAs.The authors assumethat theCR receiverhasmultipleantennas and the CR transmitter sends combined information tothe FC using beamforming with a single antenna. An optimal softcombination scheme is derived tomaximize the CSINR for a givenfalse alarm probability.

Tomitigate the destructive effect of PUEA,most of the previousresearch studies have been conducted based on the assumptionthat the physical location or uniqueproperties of the PU transmit-ter is known for CR users or the FC. But, an appropriate strategy

capable of accurate PU detection, without any prior informationabout location and properties of PU signal, is extremely impor-tant. In the present study, we propose a new CSS method calledattack-aware threshold selection (AATS) scheme that requires noprior information about physical location or specific properties of PUsignal.First,eachCRuserperformsitsownspectrumsensingandsends its measurements to the FC. Then, the first and second ordermoments of sensing reports are calculated to estimate the attackparameters. The obtained attack parameters, including probabil-ity of PUEApresence in a desired spectrum hole and probability of simultaneous presenceof both PUEAandPU, areused todeterminethe optimal thresholds that minimize the total error probability.

The rest of the paper is organized as follows: Section 2 intro-duces the considered system model. In this section, cooperative

sensinginthepresenceofamaliciousPUEAisalsocomprehensively

Fig. 1. Network layout.

described. The proposed AATS approach is investigated in Section3. Simulation results and discussions are presented in Section 4.Finally, conclusion remarks are drawn in Section 5.

2. Systemmodel

The considered system model is a centralized CR networkincluding a PU transmitter, N collaborative CR users, an FC and amaliciousPUEA. It is further assumed thatN CRusers arerandomlydeployed ina small area and aregeographicallyfar from thePU andPUEA transmitters. The network model is shown in Fig. 1.

We assume that the energy detection scheme is used for localspectrum sensing. A malicious PUEA is present in the radio envi-ronment which tries to prevent the CR users from accessing thespectrum holes.We further assumea perfect spectrum sensing bythe PUEA, i.e., the attacker is able to exactly distinguish betweenoccupied andunoccupied frequencybands allocated to the PU.

Dependingon thepresenceorabsence of the PUandPUEA, thereare four possible stateswhich can be expressed as:

H s0 : onlyNoise

H s1 : PU+ Noise

H s2 : PUEA+ Noise

H s3 : PU+ PU EA+ Noise

The first state H s0   occurs when the CR users receive only noise.Moreover, the channel is neither occupied by PUnor by PUEA. Thesecond stateH s1 happens when the PU transmits over the channelwhilethe PUEA isabsent. If the PUisabsentandPUEA transmitsthefake signal, the CR users receive only the PUEA signal plus noise,

as stated by the third hypothesis H s2. Finally, the last state H s3indicates the simultaneouspresence of both PU and PUEA signals.We assume that two hypotheses H 1   and

H 0   indicate the presence and absence of PUsignal, respectively. Similarly, the presence and absence of the PUEA signal are denoted by E on and E off , respectively, basedon the above mentioned assumptions, the probability of eachhypothesisH sk, denoted byk, is determined as

0 = P (H s0) = (PH 0, E off ) = P (E off H 0 )P (H 0)

1 = P (H s1) = (PH 1, E off ) = P (E off H 1 )P (H 1)

2 = P (H s2) = (PH 0, E on) = P (E on

H 0 )P (H 0)

3 =

P (H s3)=

P (H 1, E on)

=P (E on H 1 )P (H 1)

(1)

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 3/10

 A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104 97

Let two parameters ˛ and ˇ be the conditional probabilitiesregarding the presence of the fake PUEA signals in two hypothe-sesH 1 andH 0, respectively (i.e.˛ = P (E on

H 1 ) andˇ = P (E onH 0 )),

which are related to attacker strategy. Then, the above equationcan be simplified to

0 = (1− ˇ)P (H 0)

1 = (1− ˛)P (H 1)

2 = ˇP (H 0)

3 = ˛P (H 1)

(2)

By considering the four-level hypotheses, the received signal atthe ith sample of the jthCR user, xi

 j, can be formulated as

xi j =

ni j

  H s0   j p

i j+ ni

 j  H s1 

 jei j+ ni

 j  H s2 

  j pi j+ 

 jei j+ ni

 j  H s3

(3)

where ni j is the AdditiveWhite Gaussian Noise (AWGN) at the  jth

CR user. The parameters 

  j pi j and 

 jei j are the received PUandPUEA signal with the powers   j  and  j, respectively. We assume

thatthenoiseateachsample(ni j),thePUsignal( pi

 j),andPUEAsignal

sample (ei j) are independently and identically distributed Gaussian

random variables with zero mean and unit variance. We furtherassume that the CR users experience independent block Rayleighfading channelswith the same average SNRs. This condition is rel-evant for CR network which is geographically far from the PU andPUEA transmitters. Thus,   j and  j  vary from (observation) periodtoperiodwhile theirprobability density functions (PDFs) are iden-tically as exponential distribution with the average values ̄  and̄, respectively. The parameter = /̄  is also defined as attackstrength. Obviously, a largervalueof ( »1)indicates amore pow-erful PUEA. As mentioned in Eq. (3) and with regard to the aboveassumptions, thereceived signal, xi

 j, is a Gaussiandistributedas [9],

 xi j∼

N (0,1)H s0

N (0,   j + 1)H s1N (0,  j + 1)H s2N (0,   j +  j + 1)H s3

(4)

Moreover,M samples areutilized for local energydetection at eachCR user [4]. The observed energy of the jth user, E  j, is givenby

E j =

M 

i=1xi j2

∼

a j   H s0

(  j + 1)b j   H s1

( j + 1)c  j   H s2

(  j +  j + 1)d j   H s3

(5)

where the random variables a j, b j, c  j  and d j   follow a central Chi-square distribution with M degree of freedom. But, according tocentral limit theorem [4], if a large number of samples are con-sidered (i.e.M >10), E  j  can be assumed to be Gaussian distributedas

E  j∼

N (M,2M )H s0

N (M (  j + 1),2M (  j + 1)2)H s1N (M ( j + 1),2M ( j + 1)2)H s2N (M (  j

+ j+1),2M (  j

+ j+1)2)H s3

(6)

ρ < 1

µ0

  µ2

  η µ1

µ3

P(Λ|Hs3

)

P(Λ|Hs1

)

P(Λ|Hs2

)

P(Λ|Hs0

)

PU-OFFPU-OFFPU-ON PU-ON

ρ>1

P(Λ|Hs3

)P(Λ|H

s2)

P(Λ|Hs0)

P(Λ|Hs1

)

µ0

  η0

µ1

  η1

µ2

η2

  µ3

PU-OFF   PU-ON   PU-OFFPU-ON

Fig. 2. The conditional PDFsof decision statistics.

In CSS, local measured energy of each CR user is sent to the FCtomake a global decision about presence or absence of the PU sig-nal. In conventional equal gain combining (EGC) scheme [9], in the

absence of the PUEA, all of the sensing reports are summed upand compared with a predefined threshold. If the sum of reportsis greater than the thresholdthen the channel status is determinedto be occupied; otherwise, the frequency band is assumed to beidle. The output signal at the FC is

=N 

 j=1

E  j

H 1

>

<H 0

0   (7)

where0 is the globalthreshold anddeterminedby thetarget falsealarmormissdetectionprobability.Obviously,thedecisionstatistic is a Gaussian distributed and in the presence of the PUEA, it canbe defined as

∼

N (0,  20 ) H s0

N (1,  21 ) H s1

N (2,  22 ) H s2

N (3,  23 ) H s3

(8)

where one can easily verify that

0   =MN,  20 = 2MN 

1   =MN (̄ + 1),  21 = 2MN (̄ + 1)2

2   =MN (̄+ 1),  22 = 2MN (̄+ 1)2

3  =

MN (̄ 

+ ̄

+1),  23

 =2MN (̄ 

+ ̄

+1)2

(9)

Anappropriatespectrumsensingruleisanalyzedbyconsideringthe attacker. As mentioned before, the PUEA sends fake signals inthe radio environment to defraud CR users and consequently pre-vents them from accessing idle frequency bands. The conditionalPDFs of decision statistics under four hypotheses H s0, H s1, H s2,and H s3 are shown in Fig. 2.

Asshown,for <1,onedetectionthreshold shouldbeobtainedto determine the PU activity. Accordingly, for =1, where twoaverage SNR values   and are the same, two curves P (

H s1)and P (

H s2) exactly coincide and the optimum threshold iscalculated. For >1, three thresholds 0, 1, and 2  are obtainedfor channel status determination. All of the threshold values aredetermined by minimum error probability criterion (optimum

threshold).

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 4/10

98  A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104

0  1000  2000  3000 4000  5000  6000  7000  8000 9000  100000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

   E  s   t   i  m  a   t   i  o  n  o   f   A   t   t

  a  c   k

Sensing Interval

Estimated Value (α )True Value (α )

Estimated Value (β)

True Value (β)

Fig. 3. Theconvergences of attack parameters. (˛=0.3, ˇ=0.7).

Let Q fa be the probability of global false alarm in CSS. Then wehave

Q fa = P (DonH 0 ) = P (Don

H 0  , E on)P (E on H 0 )+P (Don

H 0  , E off )P (E off H 0 ) = P (DonH s2 )ˇ+ P (Don

H s0 )(1− ˇ)

(10)

Accordingly, the probability of global miss detection, denoted

by Q m, is defined asQ m = P (Doff 

H 1 ) = P (Doff H s3 )˛+ P (Doff 

H s1 )(1− ˛) (11)

where Don means that the FC’s decision is the presence of PU sig-nal andDoff means that the global decision declares theabsence of the PU signal. Obviously, the overall PU detectionprobabilityQ d isdefinedas

Q d = P (DonH 1 ) = 1− Q m

To evaluate the performance of CSS in the presence of a mali-cious PUEA and compare it to conventional energy detection, inwhich the PUEA is not considered, we use total error probabilityQ e. The parameter Q e defines probability of making a wrong deci-

sion in PU detection. The error occurs when the FC declares thepresence of PU while PU signal is not actually present or declaresthe absence of thePU whilePU is actually sending signals. The totalerror probability can bewritten, in general, as

Q e = P (H 0,Don)+ P (H 1,D

off ) = P (H 0)Q fa + P (H 1)Q m   (12)

With regardto Eqs. (10) and (11), theaboveequationcanbe rewrit-ten as

Q e = P (DonH s0 )0 + P (Don

H s2 )2+P (Doff 

H s1 )1 + P (Doff H s3 )3   (13)

In the following section, the proposed AATS method is carefully

described.

3. Theproposed attack-aware threshold selectionapproach

The proposed scheme is described by two-step algorithmincluding attack parameters estimation and application of theobtainedparameters in determining the optimal thresholdswhichminimize the total error probability and improve the cooperativesensing performance.

 3.1. Estimation of attack parameters

In thissection,assumingP (H 0)andP (H 1), twoattackparameters˛ and ˇ are simultaneously estimated. The estimation of attackparameters is based on the value of received sensing reports. Twoparametersm and v are defined as

m = 1

N 

N  j=1

E  j, v = 1

N 

N  j=1

E 2 j   (14)

Themathematical expectation of m and v are

E (m) = 1

N 

N  j=1

E (E  j), E (v ) = 1

N 

N  j=1

E (E 2 j ) (15)

Obviously,E (E  j) and E (E 2 j ) are themean andsecond-ordermoment

valuesof received sensing reports, respectively. By considering theEq. (6) we have

E (E  j) = E (E  jH s0)0 + E (E  j

H s1)1 + E (E  jH s2)2 + E (E  j

H s3)3=M0 +M (  j + 1)1 +M ( j + 1)2 +M (  j +  j + 1)3   (16)

and

E (m) =M0 +M (̄ + 1)1 +M (̄+ 1)2 +M (̄ +  ̄+ 1)3   (17)

where  =   1N 

N  j=1

  j and ̄ =   1N 

N  j=1

 jAccordingly,

E (E 2 j ) = (M 2 + 2M ){0 + (  j + 1)21

+ ( j + 1)2

2 + (  j +  j + 1)2

3} (18)

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 5/10

 A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104 99

0 50 100 150 200 2500

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

 Threshold

   P  r  o   b  a   b   i   l   i   t   i  e  s  o   f   Q   f  a ,   Q

  m

  a  n   d   Q  e

 Qfa

Qm

Qe

Fig. 4. Probabilities of false alarm,miss detection anderror versus threshold.

and

E (v ) = (M 2 + 2M ){0 + (2̄ 2 + 2̄ + 1)1 + (2̄2 + 2̄+ 1)2+ (2̄ 2 + 2̄2 + 2̄  ̄+ 2̄ + 2̄+ 1)3}   (19)

Considering theexponential distributionof instantaneousSNRs,  jand  j, we have

1

N 

N 

 j=1 2 j   = 2̄ 2 and

 1

N 

N 

 j=12 j  = 2̄2

Bysubstitutingthe Eq. (2) in Eqs. (17) and(19), theseequationscanbe summarized as

0  ˛+1 ˇ = ϕ0

2   ˛+3 ˇ = ϕ1(20)

where the parameters0, 1,2,3, ϕ0 and ϕ1 are defined as

0 = P (H 1)M  ̄

1 = P (H 0)M  ̄

2 = (2M +M 2)P (H 1) (̄ +  ̄+ 1)2 ̄

3 = (2M +M 2)P (H 0) (̄+ 1)2 ̄ϕ0 = E (m)−M [P (H 0)+ P (H 1) (̄ + 1)]

ϕ1 = E (v )− (2M +M 2)[(P (H 0)+ P (H 1)(2̄ 2 + 2̄ + 1)]

From the Eq. (20), the values of unknown attack parameters ˛ andˇ are obtained as

ˆ̨ = 1ϕ1 −3ϕ012 −03

,   ˆ̌ = 2ϕ0 −0ϕ112 −03

12   /= 03 (  /= 0)

(21)

In the following section, the optimum thresholds as functionsof two attack parameters ˛ and ˇ are calculated.

 3.2. Optimum thresholds calculations

In this section, the optimal threshold selection approach isapplied to find the hold hypothesis.

Let’s begin the case that there is no PUEA signal (˛=ˇ =0) toderive the optimal detection threshold. In the absence of PUEAsignals, two states H s2  and H s3   do not occur (2 =3 =0). Hence,the global error probability Q e   is defined as the error probabilityin determination of two states H s0  and H s1. Thus, the Eq. (13) issummarized to

Q e = P ( > H s0 )0 + P ( <

H s1 )1   (22)

The optimum thresholds * to achieve the minimum error proba-bilities Q e  is obtained as [23]

∂Q e∂

= 0⇒ ∗ =0 

21 −1 

20 + 

 

 21 −  20( 21   /=  20 ) (23)

where

 = [0 21 −1 20 ]2

+ ( 21 −  20 )1 

20 −0 

21 + 2 20 21 ln

 10 01

  (24)

In the presence of the PUEA, the optimal thresholds are calcu-lated in two different conditions:

≤1 and >1.

For ≤1, the global error probability Q e, expressed in Eq. (13),can bewritten as

Q e = p( > H s0)0+  p( >

H s2)2+ p( <

H s1)1+  p( > H s3)3   (25)

Thus, the optimum thresholds * is obtained as

∂Q e∂

= 0⇒−0F (∗,0,  0)+ 1 F (∗,1,  1)−2F (

∗,2,  2)

+3 F (∗,3,  3) = 0 (26)

where F (.) is the PDF of normal distribution given by F ( x,, ) =(1/ 

√ 2)exp(−( x−)2/2 2). From the above equation, the opti-

mum threshold* is calculated by numerical method.

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 6/10

100  A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104

-10 -5  0  5 10 150

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

SNR (dB)

   P  r  o   b  a   b   i   l   i   t  y  o   f   E  r  r  o  r   (   Q

  e   )

EGC (No Attack with Non-Optimal Threshold)

EGC (No Attack with Optimal Threshold)

Proposed AATS with Non-Optimal Threshold

Proposed AATS with Optimal Threshold

Fig. 5. Probability of error versus average SNR (̄ ) with=0.5, ˛=0.1 and ˇ =0.6.

-10 -5  0  5  10 150

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

SNR (dB)

   P  r  o   b  a   b   i   l   i   t  y  o

   f   E  r  r  o  r   (   Q  e   )

EGC (No Attack)

Conventional EGC (α=0.1 , β=0.6)

Proposed AATS-EGC (α=0.1 , β=0.6)

Conventional EGC (α=0.3 , β=0.9)

Proposed AATS-EGC (α=0.3 , β=0.9)

Fig. 6. Probability of error versusaverage SNR (̄ ) with=0.1.

For >1, as shown in Fig. 2, the global error probability Q e is afunctionof three thresholds 0 , 1 and 2. Thus, the Eq. (13) canbeexpressed as

Q e = p( > 0H s0 )0

+ [ p( < 1H s2)+ p( > 2

H s2) ]2+ [ p( < 0

H s1)1+  p( > 1

H s1) ]1 + p( < 2

H s3)3

(27)

Theoptimumthresholds ∗0, ∗1 and

∗2 are obtainedbymeeting the

following conditions.

∂Q e/∂0 = 0

∂Q e/∂1 = 0

∂Q e/∂2 = 0

(28)

Each of these equations is calculated according to the Eq. (23).Finally, the FC compares its metric with three optimal thresh-olds and determines which hypothesis holds. Then, the decision

is broadcasted to all CR users.

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 7/10

 A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104 101

-10  -5  0  5  10  150

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

SNR (dB)

   P  r  o   b  a   b   i   l   i   t  y  o   f   E  r  r  o

  r   (   Q  e   )

EGC (No Attack)

Conventional EGC (α=0.1 , β=0.6)

Proposed AATS-EGC (α=0.1 , β=0.6)

Conventional EGC (α=0.3 , β=0.9)

Proposed AATS-EGC (α=0.3 , β=0.9)

Fig. 7. Probability of error versus average SNR (̄ ) with =1.

-10  -5  0  5  10  150

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

SNR (dB)

   P  r  o   b  a   b   i   l   i   t  y  o

   f   E  r  r  o  r   (   Q  e   )

EGC (No Attack)

Conventional EGC (α=0.1 , β=0.6)

Proposed AATS-EGC (α=0.1 , β=0.6)

Conventional EGC (α=0.3 , β=0.9)

Proposed AATS-EGC (α=0.3 , β=0.9)

Fig. 8. Probability of error versus average SNR (̄ ) with=10.

4. Simulation results anddiscussions

We provide the simulation results of the analytical discussionin previous sections. In the proposed systemmodel there are 8 CR users(N =8)thatuseenergydetectionbyM =20samplenumberinadetection interval. The channels are assumed to be block Rayleighfading and average SNRs between PU and CR users (̄ ) also theaverage SNRs between PUEA and CR users (̄) are assumed to beknown.Moreover, prior probabilities P (H 0) and P (H 1) are assumedto be 0.8 and 0.2, respectively [24]. All parameters are constantunless otherwise specified.

Results are obtainedthroughMonte-Carlo simulations over104

runs. Throughout the simulations, we have depicted that there is

not any PUEA signals labeled by “EGC (No Attack)” curves and thecase that there is PUEA signals and the FC is not aware of the fakesignals labeled by “Conventional EGC” curves.

Fig. 3 shows the convergences of attack parameters for ˛=0.3andˇ =0.7. The estimatedvalues for˛ andˇ are convergedto con-stant valuesafterapplyingalmost1000and2000 roundsofsensing,respectively. Regarding thevalue of P (H 1) and ˛=0.3meaning thatthe PUEA transmits the fake signal only in 30% of hypothesis H 1,the convergence of ˛ is latter than that of ̌ . In the simulation, theinitial stage can be set as the first 2000 sensing intervals wherethe attack parameters are estimated and then used to find opti-mum thresholds to improve the CSS process in the presence of amalicious PUEA.

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 8/10

102  A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104

0.10.2

0.30.4

0.50.6

0.70.8

0.9

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Probabilty of PUEA Presencein Hypothesis H

0 (β)

Probabilty of PUEA Presence in Hypothesis H

1 (α)

   P  r  o   b  a   b   i   l   i   t  y  o   f   E  r  r  o  r   (   Q

  e   )

Fig. 9. Probability of error versus ˛ , ˇwith =1 forconventional method.

Fig. 4 illustrates the false alarm,miss detection and error prob-abilities as a function of the decision threshold while there arenot any fake PUEA signals. The average SNR (̄ ) is assumed to be−5dB and the threshold value changes from 0 to 270. As shown,thefalsealarmprobability decreaseswhenthe threshold increases.Probability of miss detection, on the contrary to the false alarm,increases along with the threshold. The shape of Q e and the exist-ence of the minimum of Q e   are also shown in Fig. 4. Therefore,the minimum probability of error at the optimum threshold * isverified.

Fig. 5 shows the overall error probability obtained in differentaverage SNRs by exploiting optimal andnon-optimal thresholds atthe FC for both no-attack scenario and proposed AATS approach.

In the proposed method, the attack strength is assumed tobe 0.5. In non-optimal threshold scenario, the threshold valueis obtained from CFAR method. More precisely, the overall falsealarm in Eq. (10) is set as constant value 0.1 and it is solvedto obtain the threshold value. A comparison of error probabil-ity between optimal and non-optimal threshold selectionmethodshows improvement in the optimal threshold approach. There-fore, all of the future simulations are provided with optimalthreshold.

Figs.6–8 showtheerrorprobabilities versusaverageSNR(̄ )forattack strength 0.1, 1 and 10, respectively. As shown in the figures,usingtheproposedAATSmethodimprovesthe performanceofCSSunder malicious PUEA signals. For =0.1, the proposed method

0.10.2

0.30.4

0.50.6

0.70.8

0.9

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Probabilty of PUEA Presence in Hypothesis H

0  (β)

Probabilty of PUEA Presence in Hypothesis H

1  (α)

   P  r  o   b  a   b   i   l   i   t  y  o   f

   E  r  r  o  r   (   Q

  e   )

Fig. 10. Probability of error versus ˛ , ˇwith =1 for proposed AATS scheme.

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 9/10

 A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104 103

0.10.2

0.30.4

0.50.6

0.70.8

0.9

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Probabilty of PUEA Presence in Hypothesis H

0 (β)

Probabilty of PUEA Presence in Hypothesis H

1 (α)

   P  r  o   b  a   b   i   l   i   t  y  o   f

   E  r  r  o  r   (   Q

  e   )

Fig. 11. Probability of error versus ˛ , ˇwith =10 forconventional method.

0.10.2

0.30.4

0.50.6

0.70.8

0.9

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Probabilty of PUEA Presence in Hypothesis H

0  (β)

Probabilty of PUEA Presence in Hypothesis H

1  (α)

   P  r  o   b  a

   b   i   l   i   t  y  o   f   E  r  r  o  r   (   Q

  e   )

Fig. 12. Probabilityof error versus ˛ , ˇwith =10 forproposed AATS scheme.

neutralizes the destructive effect of the PUEA. At the worst, the

attack strength is equal to one, the error probability is not evenmore than 0.2.In order to investigate the impact of two attack parameters

˛ and ˇ in PU detection, the 3-Dimentional graphs of the totalerror probability are provided. Figs. 9 and 10 depict the errorprobabilities versus ˛ and ˇ for conventional and proposed AATSmethods, respectively. The average SNR ( ) and attack strength() are assumed to be 0dB and 1, respectively. As shown, in con-ventional method, with increasing ˛ and ˇ the error probability isremarkably increased. Using the proposed AATS method high gainisachieved,wherefor˛=ˇ =1,inwhichthePUEAisalwayspresent,the error probability reduces to 0.1.

The results obtained from Figs. 11 and 12 f or =10 correspondto the results of Figs. 9 and 10.

5. Conclusion

Cooperative spectrum sensing (CSS) was investigated in thepresence of primary user emulation attack (PUEA). A newCSS scheme based on attack-aware threshold selection (AATS)approach was introduced. As a countermeasure against PUEA, anappropriate defense strategy was proposed which estimated twoattack parameters, probabilities of the presence of a PUEA fakesignal in the presence and absence of licensed PU signal, andapplied to determine the optimal thresholds that minimize thetotal error probability. By the proposed method, less error prob-ability in detection of PU is obtained. We also observed that whenthe average SNR inCRusers received fromPUand PUEAare identi-cal, neither CR users nor the FC candifferentiate between receivedsignal from PU and PUEA, the proposedmethod improves the CSS

7/23/2019 Sharif i 2015

http://slidepdf.com/reader/full/sharif-i-2015 10/10

104  A.A. Sharifi et al. / Int. J. Electron. Commun. (AEÜ) 70 (2016) 95–104

performance. The obtained results verified theeffectiveness of theproposed scheme comparedwith conventionalmethod.

References

[1] Mitola J, Maguire GQ. Cognitive radio:making software radiosmore personal.IEEEPerson Commun 1999;6(4):13–8.

[2] Syed ST, Safdar AG. On the usage of history for energy efficientspectrum sensing. IEEE Commun Lett 2015, http://dx.doi.org/10.1109/

LCOMM.2015.2389243.

[3] GardnerWA. Signal interception: a unifying theoretical framework for featuredetection. IEEETransCommun 1988;36:897–906.

[4] DighamF,AlouiniM, SimonM.Ontheenergydetectionofunknownsignalsoverfading channels. In: Proceedings of IEEE International Conferenceon Commu-nications, vol. 5. 2003. p. 3575–9.

[5] Akyildiz IF, Lee WY, Vuran MC, Mohanty S. Next generation/dynamic spec-trum access cognitive radio wireless networks: a survey. Comput Netw2006;50(13):2127–59.

[6] Mishra SM, Sahai A, Brodersen RW. Cooperative sensing among cognitiveradios. In: Proceedings of the IEEE International Conference on Communica-tions,vol. 165. 2006. p. 8–1663.

[7] Zhang W, Letaief KB. Cooperative spectrum sensing with transmit andrelay diversity in cognitive radio networks. IEEE Trans Wirel Commun2008;7(12):4761–6.

[8] GhasemiA, SousaES.Opportunisticspectrumaccess infadingchannelsthroughcollaborative sensing. J Commun 2007;2(2):71–82.

[9] Ma  J, Zhao G, Li Y. Soft combination and detection for cooperative spec-trum sensing in cognitive radio networks. IEEE Trans Wirel Commun

2008;7(11):4502–7.[10]  Jianwu L, Zebing F, Zhiyong F, Ping Z. A survey of security issues in cognitive

radionetworks.ChinaCommun 2015;12(3):132–50.[11] Chen R, Park JM. Ensuring trustworthy spectrum sensing in cognitive radio

networks. In: 1st IEEE Workshop on Networking Technologies for SoftwareDefinedRadioNetworks.2006. p. 110–9.

[12] Chen R, Park JM, Reed JH. Defense against primary user emulation attacks incognitive radio networks. IEEE J SelArea Commun2008;26(1):25–37.

[13] AnandS, JinZ, Subbalakshmi K. An analyticalmodel forprimaryuser emulationattacks in cognitive radionetworks. In:Proceeding IEEEInternational DynamicSpectrumAccessNetworks. 2008. p. 1–6.

[14]  Jin Z, Anand S, Subbalakshmi K. Mitigating primary user emulation attacks indynamic spectrum access networks using hypothesis testing. In: ProceedingACMSigMobile ComputingandCommunication Review, vol. 7. 2009. p. 4–85.

[15]  Jin Z, Subbalakshmi K. Detecting primary user emulation attacks in dynamicspectrum access networks. In: IEEE International Conference on Communica-tions. 2009. p. 1–5.

[16] AlahmadiA, AbdelhakimM,RenJ, Li T.Defenseagainst primary user emulationattacks in cognitive radio networks using advanced encryption standard. IEEETrans Inf Forensics Secur2014;9(5):772–81.

[17] Chen C, Cheng H, Yao Y-D. Cooperative spectrum sensing in cognitive radionetworks in the presence of the primary user emulation attack. IEEE TransWirel Commun 2011;10(7):2135–41.

[18] HaghighatM, Sadough SMS. Cooperative spectrum sensing for cognitive radionetworksin thepresenceofsmartmalicioususers.IntJ ElectronCommun(AEU)2014;68(6):520–7.

[19] HaghighatM, Sadough SMS. Smart primary user emulation in cognitive radionetworks:defensestrategies against radio-aware attacks and robust spectrumsensing. TransEmerg TelecommunTechnol 2014.

[20] SaberMJ, SadoughSMS.Optimizationof cooperative spectrumsensing for cog-nitive radio networks in thepresenceof smart primary user emulation attack.TransEmerg TelecommunTechnol 2014.

[21] SaberMJ, Sadough SMS.Optimal softcombination formultiple antennaenergydetectionunderprimary user emulationattacks. IntJ ElectronCommun(AEU)2015;69(9):1181–8.

[23] SharifiM, SharifiA, MuseviNiyaMJ.A newweighted energy detectionscheme

for centralized cognitive radio networks. In: The Seventh International Sym-posium on Telecommunications (IST2014). 2014. p. 1004–8.

[24] Federal Communications Commission Spectrum Policy Task Force Report,Technical Report 02-135; 2002.