Seediscussions,stats,andauthorprofilesforthispublicationat:https://www.researchgate.net/publication/316169742

ASecureOptimumDistributedDetectionSchemeinUnder-AttackWirelessSensorNetworks

Article·April2017

DOI:10.1109/TSIPN.2017.2697724

CITATIONS

0

READS

15

3authors,including:

Someoftheauthorsofthispublicationarealsoworkingontheserelatedprojects:

DistributedDetectionandEstimationinWirelessSensorNetworks-ResourceAllocation,FusionRules,

andNetworkSecurityViewproject

DroneCommunicationNetworksforResilientSmartCitiesViewproject

EdmondNurellari

UniversityofLincoln

15PUBLICATIONS14CITATIONS

SEEPROFILE

MounirGhogho

UniversityofLeeds

306PUBLICATIONS2,413CITATIONS

SEEPROFILE

AllcontentfollowingthispagewasuploadedbyEdmondNurellarion17April2017.

Theuserhasrequestedenhancementofthedownloadedfile.Allin-textreferencesunderlinedinblueareaddedtotheoriginaldocument

andarelinkedtopublicationsonResearchGate,lettingyouaccessandreadthemimmediately.

1

A Secure Optimum Distributed Detection Schemein Under-Attack Wireless Sensor Networks

Edmond Nurellari, Des McLernon, Member, IEEE, and Mounir Ghogho, Senior Member, IEEE

Abstract—We address the problem of centralized detection ofa binary event in the presence of β fraction falsifiable sensornodes (SNs) (i.e., controlled by an attacker) for a bandwidth-constrained under− attack spatially uncorrelated distributedwireless sensor network (WSN). The SNs send their one-bit teststatistics over orthogonal channels to the fusion center (FC),which linearly combines them to reach to a final decision.Adopting the modified deflection coefficient as an alternativefunction to be optimized, we first derive in a closed-form the FCoptimal weights combining. But as these optimal weights requirea− priori knowledge that cannot be attained in practice, thisoptimal weighted linear FC rule is not implementable. We alsoderive in a closed-form the expressions for the attacker “flippingprobability” (defined in paper) and the minimum fraction ofcompromised SNs that makes the FC incapable of detecting.Next, based on the insights gained from these expressions,we propose a novel and non-complex reliability-based strategyto identify the compromised SNs and then adapt the weightscombining proportional to their assigned reliability metric. Inthis way, the FC identifies the compromised SNs and decreasestheir weights in order to reduce their contributions towardsits final decision. Finally, simulation results illustrate that theproposed strategy significantly outperforms (in terms of FC’sdetection capability) the existing compromised SNs identificationand mitigation schemes.

Index Terms—Distributed detection, optimum fusion rule, fal-sified sensor nodes (SNs) observations, wireless sensor networks(WSNs).

I. INTRODUCTION

CENTRALIZED detection of a binary event is one of themost important applications of wireless sensor networks

(WSNs) [1], [2]. Deployed over a field, multiple coordinatedSNs report their processed observations to a fusion center(FC). Then, upon receiving all the contributions from eachSN, the FC optimally combines them to declare a global deci-sion. Unfortunately, these tiny devices suffer from constrainedbandwidth and limited available on-board power. Furthermore,the geographically distributed nature of such a system makesthem quite vulnerable to a different type of attack. Hence,incorporating security into WSNs has been a challenging task.

This work was partly supported by the Engineering and Physical SciencesResearch Council through the Project Shaking Tunnel Vision under GrantEP/N03435X/1.

E. Nurellari is with School of Engineering, University of Lincoln, BrayfordPool, Lincoln, LN6 7TS, UK., and also with the School of Electronic andElectrical Engineering, University of Leeds, LS2 9JT, Leeds, U.K. (e-mail:elen@leeds.ac.uk).

D. McLernon is with the School of Electronic and ElectricalEngineering, University of Leeds, LS2 9JT, Leeds, U.K. (e-mail:d.c.mclernon@leeds.ac.uk).

M. Ghogho is with the School of Electronic and Electrical Engineering,University of Leeds, Leeds LS2 9JT, U.K., and also with the InternationalUniversity of Rabat, Rabat 11 100, Morocco (e-mail: m.ghogho@leeds.ac.uk).

Like all other networks [3], WSNs are also vulnerable tovarious security issues. Furthermore, the local SNs decisionprocess (i.e., local detection performance) itself is subject tovarious security threats. The detection performance stronglydepends on the reliability of these SNs in the network. Whilefusing the data received by the spatially deployed SNs allowsmaking a reliable FC decision with respect to the status of thephenomena, it is possible that one or more SNs (compromisedby an attacker) deliberately falsify their local observations todegrade the FC detection performance. However, there area number of different strategies as to how the test statisticsreceived from each SN will be efficiently used in order toarrive at a reliable FC final decision. We will first give a briefreview on the related work before introducing our proposedapproach.

The framework of distributed detection under attack−freeWSNs has been extensively studied in [4]-[14], to name butjust a few. While references [4]-[8] consider distributed de-tection by assuming unlimited bandwidth/resources in WSNs,the authors of [9]-[14] relax this assumption by consider-ing distributed detection over bandwidth-constrained/energy-constrained WSNs. But these approaches are vulnerable tosecurity attacks as some of the SNs reporting to the FC maybe compromised. As a result, the FC is not robust against suchattacks and its detection performance will be degraded.

Now, security vulnerabilities can be exploited by differenttypes of attacks that can be launched in a WSN, for example,jamming, spoofing, wiretap disruption attacks, etc [15]. Apartfrom these well-known traditional security threats, several re-cent studies consider the sensor node data falsification (SNDF)attack (known as a Byzantine attack, eg., [16], [17]). TheByzantine attack was first proposed by [18] and later widelyused in the context of distributed detection ( [16], [19], [20]and see references therein). In this work, we also consider theSNDF attack in which the compromised SNs send wrong localdecision reports to the FC either to degrade the FC detectionperformance or to achieve their selfish greedy objectives.

The reported work on distributed detection over attack−free WSNs is relatively high but there is limited considerationfor under−attack WSNs, see for example, [16]-[21] andreferences therein. In [21], a probabilistic test statistic falsifi-cation (TSF) attack is proposed and theoretical performanceevaluation (in terms of destructiveness and stealthiness) isobtained. The authors of [22], in the context of smart grids,propose heuristic centralized algorithms to derive variousstrategies (attacker versus defender dynamics). Then, a dis-tributed algorithm is proposed that guarantees convergence tothe centralized solution taken at the FC. Reference [23], in the

2

context of cognitive radio (CR), proposed a prefiltering schemeof sensing data and a trust factor is assigned to each userto detect the malicious CR ones. The authors of [24], in thecontext of target localization, also consider binary Byzantineattacks where the SNs transmit to the FC their binary decisionsand they propose two techniques to mitigate the compromisedSNs negative impact on the FC decision. To mitigate theByzantine effect on the data fusion problem in cooperativespectrum sensing, a weighted sequential probability ratiotest was proposed in [25]. However, these schemes requirea− priori information and/or due to the high computationalcomplexity are not always feasible in the context of WSNs.In [26], a reputation-based scheme is proposed for identifyingthe compromised SNs by accumulating the deviations betweeneach SN’s decision and the FC’s decision over a time windowduration. Then, the identified compromised SNs are totallyexcluded from the data fusion process. Different from [26], theauthors in [27] use the FC’s decision as an evaluation basis toassign to each SN a reputation measure, classifying each SN aseither reliable, partially reliable or malicious. In this way, theSNs classified as malicious will be excluded from the fusionprocess (i.e., assigned zero weight), and the one decided onas reliable will be assigned a unity weight and the partiallyreliable ones are assigned a 0.5 weight. However, identifyingand then totally excluding the compromised SNs contributionsfrom the FC decision process may not be the best strategy. Forinstance, we might end up excluding SNs contributing towardsthe FC global decision that might have high local signal-to-noise-ratios (SNRs). Recently, the authors in [19], [28] bothconsider a decentralized network in the presence of com-promised SNs while in this paper we consider a centralizedscheme. The authors in [19] propose a synchronous distributedweighted average consensus algorithm that is claimed to berobust to Byzantine attacks while reference [28] considersthe detection and mitigation of data injection attacks in arandomized average consensus.

So, this work investigates the detection performance ofan under−attack WSN. To reduce the transmission andprocessing burden of the SNs, each SN generates the 1-bitlocal test statistic by performing energy detection [29] andreports this test statistic to the FC. As in [26], we relax theassumption of perfect knowledge of the true hypothesis [16]and we assume that the compromised SNs (controlled by theattacker) do not know the true state of the target. For theFC, we assume that it is not compromised and receives thetest statistic from both types of SNs (i.e., compromised andhonest). The transmission (SNs to FC) links are assumed errorfree (see eg., [16], [26]).

A. Contributions & Oragnization

Our main contributions are as follows:(i) First, we develop an efficient FC linear weight combing

framework for an under−attack WSN. To further reduce theoptimization complexity and to get an insight into the problem,we adopt the modified deflection coefficient (MDC) [7] asan alternative function to be optimized. Based on this (i.e.,the MDC), we provide an optimization problem to be solved

from both the FC’s and the attacker’s perspective. From theFC’s perspective, we derive analytically (in a closed form) theoptimal weight combiner for each SN. We show that theseweights are a function of the local SNs probability of falsealarm and probability of detection metrics as well as the SNslocal test statistics “flipping probability” (to be defined later).Unfortunately, for the compromised SNs this a priori knowl-edge cannot be obtained in practice (we propose a solution tothis (see later (ii))). Then (from the attacker’s perspective), wederive analytically (for a fixed number of compromised SNs)the optimum attacker local test statistics flipping probabilityand the minimum fraction of the compromised SNs that makesthe FC incapable of detecting.

(ii) Next, based on this framework (i.e., FC linear weightcombing strategy), we also propose a new non-complex andefficient (based on a reliability metric) FC detection schemeto identify the compromised SNs. Our approach is differentfrom the existing approaches [16], [26], [27] in two importantaspects: 1) We introduce a new reliability metric at theFC to identify the compromised SNs. First, we count theinconsistency between the FC’s decision (where all the SNscontributions are considered) and the ith local SN’s decisionover a time window. Similarly, we then count the inconsistencybetween the FC’s decision (where the ith SN contribution isnot considered) and the ith local SN’s decision. Finally, theproposed reputation metric is evaluated as the difference be-tween these two parameters; 2) Then, based on this reputationmetric, we propose a novel FC weight computation strategythat ensures the following: a) for the identified compromisedSNs, their weights are likely to be decreased proportionally tothis metric (where the existing schemes assign a zero weight).b) In this way (based on this new reputation metric), theFC decides how much a SN should contribute to its finaldecision. We will show that this strategy outperforms theexisting schemes where the identified compromised SNs aretotally excluded from the FC final decision contribution (i.e.,a zero weight is assigned).

Now, the summary of the paper is as follows. In Section IIwe describe the system model (SN sensing and local decision)and describe the compromised SNs attack model. SectionIII introduces the simplified linear weighted fusion rule andanalyzes the optimization problem from both the FC’s and theattacker’s perspective. In Section IV we present our proposedcompromised SNs identification metric and weight combiningcomputation strategy. Finally, section V presents simulationresults and in Section VI we give our conclusions.

II. PROBLEM FORMULATION

Consider the problem of detecting the presence of anunknown but deterministic signal s(n) by an under− attackWSN consisting of M geographically distributed SNs anda FC (see Fig. 1). The honest SNs are represented with ablack color and the compromised SNs (i.e., the ones controlledby the attacker) with a red color. The attacker’s aim isto successfully manipulate the FC global decision makingprocess while the FC would like to detect reliably (i.e., withvery high probability). Next, we explain in more detail the

3

sensing, the local decision and the compromised SNs attackmodel.

SN3

SN2

SN5

SN1

SN4

SN6

Target

Attacker

FC

Tf =M∑i=1

αiIi

IC3

I2

IC5

I4

I6

I1

I3

I2

I5

I4

I1

I6

Fig. 1. Under attack schematic communication architecture between periph-eral SNs and the fusion center (FC). Each of the ith honest/compromisedSNs represented with a black/red color generates a local (binary) indicatorvariable (Ii/ICi ) by observing the target and performing the test in (5) withlocal detection threshold Λ/ΛC . While the ith (i = {1, 2, 4, 6}) honestSN indicator (test statistic) remains unchanged (i.e., Ii = Ii), the jth

(j = {3, 5}) compromised SN falsifies its indicator (test statistic) as in (8)before transmitting to the FC. Here i/j are the honest/compromised SN index.

A. Sensing

The measured signal at SN i is either:

H0 : yi (n) = wi (n) (1)H1 : yi (n) = si (n) + wi (n) (2)

and energy estimation is performed at the ith SN to give

Ti =

N∑n=1

(yi(n))2, i = 1, 2, . . . ,M (3)

which for large N has an approximately Gaussian distribution[29]. Furthermore, the noise samples are assumed to beidentically and independently distributed (i.i.d.) across timeand space. It is not difficult to show that

E {Ti|H0} = Nσ2i , Var {Ti|H0} = 2Nσ4

i

E {Ti|H1}=Nσ2i (1 + ξi) ,Var {Ti|H1}=2Nσ4

i (1+2ξi) (4)

where ξi =N∑n=1

s2i (n) /Nσ2i .

B. Local Decision

Based on its local energy estimation (3), the ith SN gener-ates a binary indicator random variable Ii as follows:

if Ti < Λ, Ii = 0 =⇒ decide H0

if Ti ≥ Λ, Ii = 1 =⇒ decide H1

}(5)

where Λ is a local detection threshold that is the same for allthe M SNs. The ith SN local probability of false alarm (pifa)and the local probability of detection (pid) can be expressedas:

pifa = Pr (Ti ≥ Λ|H0)=Q

(Λ− E {Ti|H0}√

Var {Ti|H0}

)

pid = Pr (Ti ≥ Λ|H1) = Q

(Λ− E {Ti|H1}√

Var {Ti|H1}

)(6)

where Q(.) is the Q-function. While the ith honest SNtransmits its actual one-bit test statistic (i.e., Ii in (5)) to theFC, the compromised SNs falsify them before transmitting tothe FC. Next we introduce the attacker model.

C. Compromised SNs Attack

Different attack strategies could be adopted by the compro-mised SNs. In this work, the data falsification attack modelwidely used in [16], [20], [26] is considered. There are βfraction of SNs controlled and compromised by the attacker(the attacker controls the local detection threshold, the flippingprobability, and the fraction β, all to be defined later). Asbefore, (i.e., in the case of attack − free) each of the ith

compromised SNs perform the local test in (5) but now with alocal detection threshold (ΛC) controlled by the attacker andassumed to be the same for all the β fraction compromisedSNs. That is:

if Ti < ΛC , ICi = 0 =⇒ decide H0

if Ti ≥ ΛC , ICi = 1 =⇒ decide H1.

}(7)

Now, the probability of false alarm1 (pi,Cfa ) and the probabilityof detection (pi,Cd ) at the ith compromised SN are respectivelygiven as in (6) with Λ = ΛC , while for the honest SNsit remains as in (6). After performing the test in (7), thecompromised SNs further manipulate their binary indicatorvariables prior to FC transmission so as to yield the maximumpossible FC degradation. Let P flipC be the probability that eachcompromised SN intentionally reports the opposite informa-tion to its actual local decision (i.e., flips the indicator randomvariable in (7) prior to FC transmission with probabilityP flipC ). It is assumed that all the compromised SNs have thesame probability of attack in a particular sensing period (seesection IV for details). The remaining (1-β fraction) SNs are“honest” and report to the FC accordingly. Now, the ith localbinary indicator test statistic for the compromised SNs can beexpressed as:

Ii =

{1− ICi , with probability P flipC

ICi , with probability (1− P flipC )(8)

while for the honest SNs this relation is simply Ii = Ii.Similarly, the ith compromised SN local probability of falsealarm and the probability of detection can be shown to be

1Here the superscripts “i, C” refer to the ith compromised SN.

4

R =(1− β

)diag

p1d(1− p1d

)+ β

1−β

(P flipC + p1,Cd

(1− 2P flipC

))(1− P flipC + p1,Cd

(2P flipC − 1

))p2d(1− p2d

)+ β

1−β

(P flipC + p2,Cd

(1− 2P flipC

))(1− P flipC + p2,Cd

(2P flipC − 1

))...

pMd(1− pMd

)+ β

1−β

(P flipC + pM,C

d

(1− 2P flipC

))(1− P flipC + pM,C

d

(2P flipC − 1

))

, α =

α1

α2

...αM

(18)

respectively:

pifa = P flipC

(1− pi,Cfa

)+(

1− P flipC

)pi,Cfa

pid = P flipC

(1− pi,Cd

)+(

1− P flipC

)pi,Cd (9)

while for the honest SNs clearly pifa = pifa and pid = pid.Next, we introduce a simplified (optimum) linear fusion ruleat the FC.

III. SIMPLIFIED FUSION RULE-THE LINEAR APPROACH

Now, the ith SN transmits to the FC the one-bit local teststatistic (Ii). The communication channels between SNs andthe FC are assumed to be error-free in this paper. Upon receiv-ing all the contributions from all the SNs (i.e., compromisedand honest), the FC linearly combines them:

Tf =

M∑i=1

αiIi (10)

where {αi}Mi=1 are the optimum weights that we will derivelater in section III-A. The FC then makes the final decision:

if Tf < Λf , decide H0

if Tf ≥ Λf , decide H1

}(11)

where Λf is the FC detection threshold. Let

Pd = Pr(Tf ≥ Λf |H1

)Pfa = Pr

(Tf ≥ Λf |H0

)(14)

where Pd and Pfa are the system probability of detection andprobability of false alarm respectively. For large M , Tf canbe approximated by a Gaussian distribution and the Pd for afixed Pfa is given as [30]:

Pd=Q

(Q−1 (Pfa)

√Var {Tf |H0}− E {Tf |H1}+E {Tf |H0}√

Var {Tf |H1}

)(15)

with appropriate quantities given in (12)-(13).

A. Weight Combining Optimisation

In this section, we would like to find the optimum weightingvector (αopt) that maximizes (15). However, maximizing (15)w.r.t. α is difficult and no closed form solution can be found.So we will approximate the optimal solution by adopting the

modified deflection coefficient2 (MDC) [7] as an alternativefunction to be maximized. This is given as:

d2 (α) =

(E {Tf |H1} − E {Tf |H0}√

Var {Tf |H1}

)2

=

(bTα

)2αTRα

(16)

where

b=

(1− β

)(p1d − p1fa

)− β

(p1,Cd − p1,Cfa

)(2P flipC − 1

)(1− β

)(p2d − p2fa

)− β

(p2,Cd − p2,Cfa

)(2P flipC − 1

)...(

1− β)(pMd −pMfa

)−β(pM,Cd − pM,C

fa

)(2P flipC − 1

)

(17)and R and α are given in (18). Now, our optimization problemis:

αopt = arg maxα

(d2 (α)

). (19)

Further, via the transformation ψ = R1/2α, the deflectioncoefficient (16) becomes:

d2 (ψ) =ψTDψ

||ψ||2, D = R−T/2bbTR−1/2. (20)

So αopt = R−1/2ψopt = kR−1b, where ψopt = kR−1/2b isthe eigenvector corresponding to the maximum eigenvalue ofD. Now, the optimum weight combining in (10) can be easilyshown to be (21). Clearly, the optimum weights dependon the local probability of false alarm and the probability ofdetection metrics as well as on the β (fraction of compromisedSNs) and the probability of flipping the local decisions by theattacker. For the SNs that are honest (i.e., controlled by the FC)these local probabilities are known (since the FC can set thelocal detection threshold itself). However, for the compromisedSNs these local probabilities are not available at the FC (sincethe attacker takes control of the local detection threshold).To make the matters worse, the FC knows just the fractionof compromised SNs (i.e., β) but it cannot identify who theyare. As a result, the FC cannot implement the optimum weightcombining fusion rule (10).

Later, in section IV, we propose a simple but yet effectiveapproach to possibly identify these compromised SNs andcompute the optimum weights at the FC, based on theirassigned reliability. Next, we derive the optimum attackerflipping probability (P flipC ) which makes the FC incapable ofdetecting.

2In order to get insight into the system design parameters of the detectionscheme, in this paper we adopt the MDC. This is due to its simplicity andclose relationship with the detection performance. In general, Pd is a mono-tonically increasing function of the MDC and yields a good approximation incharacterizing the detection performance.

5

E {Tf |H1} = (1− β)

M∑i=1

αipid + β

[P flipC

( M∑i=1

αi(1− pi,Cd

))+(1− P flipC

)( M∑i=1

αipi,Cd

)]

E {Tf |H0} = (1− β)

M∑i=1

αipifa + β

[P flipC

( M∑i=1

αi(1− pi,Cfa

))+(1− P flipC

)( M∑i=1

αipi,Cfa

)]. (12)

Var {Tf |H1} = (1− β)

M∑i=1

α2i pid

(1− pid

)+ β

[(P flipC

( M∑i=1

α2i

(1− pi,Cd

))+(1− P flipC

)( M∑i=1

α2i pi,Cd

))(

1− P flipC

( M∑i=1

α2i

(1− pi,Cd

))−(1− P flipC

)( M∑i=1

α2i pi,Cd

))]

Var {Tf |H0} = (1− β)

M∑i=1

α2i pifa

(1− pifa

)+ β

[(P flipC

( M∑i=1

α2i

(1− pi,Cfa

))+(1− P flipC

)( M∑i=1

α2i pi,Cfa

))(

1− P flipC

( M∑i=1

α2i

(1− pi,Cfa

))−(1− P flipC

)( M∑i=1

α2i pi,Cfa

))]. (13)

αiopt =

(1− β

)(pid − pifa

)+ β

(pi,Cfa − p

i,Cd

)(2P flipC − 1

)(1− β

)(pid(1− pid

))+ β

(P flipC + pi,Cd

(1− 2P flipC

))(1− P flipC + pi,Cd

(2P flipC − 1

)) . (21)

B. Attacker Flipping Probability Optimisation

So what is the optimum P flipC that the attacker needs toadopt for the compromised SNs in order to cause the maximumpossible degradation to the FC (i.e., to possibly make the FCincapable of detecting)? Again, we use the modified deflectioncoefficient as an alternative function to be optimized andassume that the FC does not act strategically against theattacker strategy.Lemma 1: The optimum flipping probability

(P flipC,opt

)which

minimizes the modified deflection coefficient is:

P flipC,opt =β − 1

2β

( M∑i=1

αi(pid − pifa

)M∑i=1

αi(pi,Cfa − p

i,Cd

))

+1

2. (22)

Proof. Since the modified deflection coefficient is always non-negative, then its minimum is always greater than or equal tozero. So, the condition to make the minimum of the modifieddeflection coefficient zero is:

bTα =(1−β

) M∑i=1

αi(pid−pifa

)+βP flipC

M∑i=1

αi(pi,Cfa −p

i,Cd

)+ β

(1− P flipC

) M∑i=1

αi(pi,Cd − pi,Cfa

)= 0. (23)

Further simplification of the above and re-arrangement of the

terms yields:

β( M∑i=1

αi(pi,Cfa −p

i,Cd

))(2P flipC −1

)=(β−1

) M∑i=1

αi(pid−pifa

)

=⇒ P flipC,opt =β − 1

2β

( M∑i=1

αi(pid − pifa

)M∑i=1

αi(pi,Cfa − p

i,Cd

))

+1

2. (24)

This concludes the proof. �

In the special case when the attacker does not changethe local detection threshold in (7) (i.e., pid = pi,Cd andpifa = pi,Cfa ), then the optimum probability of flipping thelocal decisions can be shown to be:

P flipC,opt =

1

2− β − 1

2β=

1

2β, for 0.5 ≤ β ≤ 1

not applicable, for β = 0

not defined, otherwise.(25)

Interestingly, in this case the optimum probability of flippingthe local SNs decision is inversely proportional to the fractionof the compromised SNs (β). As expected, when β increases,the optimum probability of flipping the local decision in orderto make the MDC zero decreases and vice-versa. Furthermore,when the half of the network is compromised (i.e., β = 0.5),the attacker can make the modified deflection coefficient zerowith P flipC,opt = 1 (i.e., the local SNs should always flip theirlocal decisions).

6

C. Minimum Fraction of Compromised SNs

Now, we are interesting in the minimum fraction of thecompromised SNs that is needed to cause the maximumpossible degradation to the FC. We state the result in the nextLemma.Lemma 2: The minimum fraction of the compromised SNsneeded to make the FC incapable of detecting or to make themodified deflection coefficient zero is βmin ≥ 1

2 .

Proof. As we previously stated, the modified deflection co-efficient is always non-negative and the minimum occurs atzero. From (23), the condition to make the modified deflectioncoefficient zero is:

bTα =(1−β

) M∑i=1

αi(pid−pifa

)+βP flipC

M∑i=1

αi(pi,Cfa −p

i,Cd

)+ β

(1− P flipC

) M∑i=1

αi(pi,Cd − pi,Cfa

)= 0. (26)

After simplifying the above equation, the condition on βneeded to make the FC incapable of detecting becomes:

β =

1−

( ( M∑i=1

αi(pi,Cd − pi,Cfa

))(1− 2P flipC

)M∑i=1

αi(pid − pifa

)︸ ︷︷ ︸

(A)

)

−1

.

(27)

Now, the minimum of β (βmin) can be achieved when term(A) of (27) is minimum. We also know that for any real scalara and b the following holds:

min(ab

)≥

min(a)

max(b) . (28)

Using (27) and (28), we now derive a lower bound on theminimum β. Clearly, we require that both the numeratorand the denominator of term (A) take the minimum andthe maximum values respectively. Now, the minimum of the

numerator (i.e., min

(( M∑i=1

αi(pi,Cd − pi,Cfa

))(1 − 2P flipC

)))

can be achieved if both pi,Cd = P flipC = 0 and pi,Cfa = 1

or alternatively when both pi,Cd = P flipC = 1 and pi,Cfa = 0.Similarly, the maximum of the denominator of term (A) (i.e.,

max

(M∑i=1

αi(pid− pifa

))) can be achieved when both pid = 1

and pifa = 0. Finally, using the above analysis we can easilyshow that:

βmin ≥1

2. (29)

This concludes the proof. �

In the special case when the attacker does not change thelocal detection threshold in (7) (i.e., pid = pi,Cd and pifa =

pi,Cfa ), the minimum fraction of compromised SNs required tomake the modified deflection coefficient zero (i.e., make the

FC incapable of detecting) can be shown to be: βmin = 12 and

this can be achieved with P flipC = 1 (see (25)).

IV. COMPROMISED SNS IDENTIFICATION AND WEIGHTCOMBINING COMPUTATION

In this section, we propose a scheme to identify the compro-mised SNs and compute the weight combining in (10) basedon each SN assigned reliability. As in [26] and [27], we dividethe local sensing process into time windows consisting of Ksensing periods3.

A. Compromised SNs Identification

At the fusion center, the received observations corre-sponding to the ith SNs can be expressed as Ii =[Ii(1), Ii(2), · · · , Ii(K)], ∀i = 1, 2, · · · ,M . At the lth sensingperiod, upon receiving the contributions from all the SNs (i.e.,compromised and honest) the FC linearly combines them toyield:

Tf (l) =

M∑j=1

αAFj Ij(l), l = 1, 2, · · · ,K

T if (l) =

M∑j=1,i6=j

αAFj Ij(l), l = 1, 2, · · · ,K, i = 1, 2, · · · ,M

(30)

where T if (l) is the final test statistic at the lth sensing periodwithout the contribution of the ith SN; and {αAFj }Mj=1 arethe optimum weights under an attack-free scenario and can beeasily derived from (21) by substituting (β = 0, P flipC = 0,pi,Cfa = pifa and pi,Cd = pid, ∀i). These can be shown to be:

αAFj =pjd − p

jfa

pjd(1− pjd

) . (31)

Based on the test statistics (30), the FC then generates at thelth sensing period two different indicator random variables asfollows:

If (l) =

{0 if Tf (l) < Λf

1 if Tf (l) ≥ ΛfIif (l) =

{0 if T if (l) < Λf

1 if T if (l) ≥ Λf .(32)

Now that the FC has evaluated these two indicator randomvariables (i.e., If (l) and Iif (l)), it then compares them to theith SN local indicator variable Ii(l) to yield:

di(l) =

{1 if If (l) 6= Ii(l)

0 otherwisedi(l) =

{1 if Iif (l) 6= Ii(l)

0 otherwise(33)

where di(l) represents the inconsistency between the FC’sdecision (all the SNs contributions are counted) and the ith

SN local decision. Similarly, di(l) represents the same butnow the ith SN is not considered at the FC decision. Notethat all of the above steps are performed during the same time

3Each SN samples N times (see (3)) in each sensing interval and thenperforms the energy detection as in (5).

7

window K. After observing the reports for up to K sensingperiods, the FC evaluates a reliability metric for the ith SN:

ri =1

K

∣∣∣∣∣K∑l=1

(di(l)− di(l)

)∣∣∣∣∣ , i = 1, 2, · · · ,M. (34)

It is worth mentioning that the ri’s for the compromised SNsare expected to be larger than those for the honest ones (seesimulations results section later). Finally, the FC performs thereliability test:

if ri < δ, decide reliable

if ri ≥ δ, decide not reliable

}(35)

where δ is the reliability detection threshold. Now, the prob-ability that a compromised SN has been truly detected andthe probability that an honest SN has been falsely detectedat the ith SN are respectively:

P i,trued = Pr(ri ≥ δ|Compromised

)P i,falsed = Pr

(ri ≥ δ|Honest

)(36)

where the superscript “i, true” and “i, false” represents thetrue and false detection at the ith SN respectively. Obviously,the compromised SNs detection performance depends on thechoice of the reliability detection threshold (δ). If we choosea large δ, P i,falsed is expected to be low. However, this alsowill result in a low P i,trued . On the other hand, choosing alower δ it will increase the P i,trued value but also an increasein P i,falsed will be noticed. Clearly, the reliability detectionthreshold imposes a trade-off between these two metrics. Notethat in practice we wish to keep P i,falsed close to zero andP i,trued close to one. Based on this reliability test (i.e., thetest in (35)), next we will evaluate the weight combining in(10) such that the probability of detection in (15) is furtherimproved.

B. Proposed Weight Combining Computation

In this section, we propose a weight combining computa-tion based on the reliability test (35). Existing schemes usereliability-based metrics to possibly identify the compromisedSNs and then totally exclude them from contributing to the FCprocess and decision. However, identifying and then excludingthem from the detection process is not the optimum solution.For instance, we might end up removing (from contributingtowards the global decision) compromised SNs that hold usefulinformation in general (for example those SNs with highlocal SNRs). Different from the existing approaches, here wepropose to update the weight combining (i.e., (31)) of eachSN based on the correctness of information reported to theFC. That is:

αAFi =

{αAFi if ri < δ

αAFi − µri if ri ≥ δ(37)

where µ ∈ [0,∞] is the weight penalty that is the same forall the M SNs. For those SNs that are identified as beingcompromised by the attacker, the FC is likely to decreasetheir weights. For example, those SNs that are identified as

influential and unreliable (i.e., ri turn out to be relativelylarge) the FC decreases the current weights the most. However,for those SNs that are identified as compromised but not soinfluential to the FC decision process (i.e., ri is relativelysmall) the FC decreases the weights proportional to ri. Withregard to SNs identified as honest, the FC keeps their weightsunchanged. In this way, the FC decides through the weightcombiner how much a local report should contribute to theFC final decision. This is a reasonable approach since if thereport from a SN tends to be incorrect, it should be countedless in the final decision.

Next, in the simulation results, we will show that thereliability detection threshold (δ) and the weight penalty (µ)are crucial for the system detection performance. We will alsoshow via simulations that there is an optimum δ and µ suchthat the system detection performance is maximized.

V. SIMULATIONS RESULTS

Here we will evaluate numerically the performance of ourproposed strategy and compare it to the attack−free scheme[12] and the strategy in [26]. A WSN with a total of M = 40SNs is considered (where a β fraction of these SNs arecompromised by the attacker). For β = 0.5, β = 0.25,and β = 0.1, (SN21-SN40), (SN31-SN40), and (SN37-SN40)are respectively compromised. We let all the σ2

i = 0.1,

such that ξa = 10 log10

(1M

M∑i=1

ξi

)= -10.5 dB with an

arbitrarily chosen s(n) = [s1(n), s2(n), · · · , sM (n)] =[0.1,0.175, 0.065, 0.027, 0.024, 0.026, 0.06, 0.09, 0.153, 0.11,0.22, 0.12, 0.1, 0.024, 0.019, 0.05, 0.12, 0.1, 0.023, 0.021,0.1, 0.175, 0.18, 0.027, 0.024, 0.026, 0.06, 0.09, 0.1, 0.065,0.1, 0.175, 0.027, 0.024, 0.18, 0.026, 0.2, 0.09, 0.1, 0.18]T ,

and where ξi=N∑n=1

s2i (n)/Nσ2i . We will also refer to “equal

weight” combining in (10) ( i.e., αi = 1,∀i) and use this asa benchmark. Finally, we use 105 Monte-Carlo simulationsand choose a fixed (equal) local SNs threshold (Λ) in (5)and local SNs threshold (ΛC) in (7) (i.e., more specifically,Λ = ΛC = 2.6) such that P falsed ≤ 0.6 (see Fig. 5-Fig. 7).

A. Impact of the time window length (K) on the malicious SNdetection accuracy and on the system detection performance

In this section, we investigate the impact that the timewindow length (K) has on the compromised SNs identificationaccuracy of the proposed scheme. More precisely, we areinterested in examining the two metrics, P i,trued and P i,falsed

(see (36)). Next, we examine the impact that this time windowlength (K) has on the system detection performance. Moreprecisely, we will examine the two metrics Pd and Pfa (see(14)). Note that K affects these two metrics through thereliability metric ri (see Fig. 2) in (34) which consequentlyaffects the FC weight combining (37) that finally decides onthe FC final test statistic (Tf ) (see (10)).

In Fig. 2 we plot the reliability metric (ri) against the FCdetection threshold (Λf ) for the compromised and the honestSNs. As expected, for the compromised but influential SNs(i.e., SNs with the high local SNRs), the corresponding relia-bility metrics will be higher. In contrast, for the compromised

8

5 10 15 200

0.01

0.02

0.03

0.04

0.05

0.06

0.07

0.08

0.09

FC threshold, Λf

Reliability

metric,

r i

SN9SN10SN11SN12SN13SN15

5 10 15 200

0.05

0.1

0.15

0.2

0.25

0.3

0.35

FC threshold, Λf

Reliability

metric,

r i

SN21SN22SN23SN24SN29SN30SN32SN35

Fig. 2. The reliability metric (ri) versus the FC detection threshold (Λf )parametrized on the SNs with M = 40, N = 20, β = 0.5, P flip

C = 1 andK = 150.

2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

FC detection threshold, Λf

Prob.ofdet.thecompromised

SN

37,P

37,true

d

K=5K=10K=15K=20K=30K=100K=200

Fig. 3. Probability that the (compromised) SN 37 has been truly detected(P 37,true

d ) versus the FC detection threshold (Λf ), parametrized on K, withM = 40, N = 20, β = 0.5, P flip

C = 1 and δ = 0.009.

or honest SNs but less influential (i.e., SNs with low SNRs),the corresponding reliability metrics with be lower.

In Fig. 3 we plot the probability of compromised SN’sdetection4 (i.e., truly detecting probability) (P i,trued ) versusΛf , parametrized for different time window lengths (K).Clearly, as K increases, the detection accuracy (of the (com-promised) SN 37) P 37,true

d improves. In Fig. 4, we now plotthe probability of honest SN’s mis−detection4 (i.e., falselydetecting probability) (P i,falsed ) (see (36)) versus (like before)Λf for different time window lengths (K). Similarly (as inFig. 3), we observe that the mis − detection performance(of the (honest) SN 11) P 11,false

d increases with K. Now,from Fig. 3 and Fig. 4 we conclude that increasing the timewindow length K not only improves the detection accuracyof the compromised SNs but at the same time increases (theundesired) mis−detection probability of the honest SNs. This

4SN 37 (Fig. 3) and SN 11 (Fig. 4) were chosen for comparison purposesas they possess the best and the worst performances among F and (M −F )SNs for each case respectively. Here F and (M − F ) represents the numberof compromised and honest SNs’ respectively.

6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

FC detection threshold, Λf

Prob.

ofmis-detect.

theho

nest

SN11

K=40

K=80

K=150

K=300

Fig. 4. Probability that the (honest) SN 11 has been falsely detected(P 11,false

d ) versus the FC detection threshold (Λf ), parametrized on K,with M = 40, N = 20, β = 0.5, P flip

C = 1 and δ = 0.009.

5 10 15 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

FC threshold, Λf

Average

prob.of

detection

,P

true

d

K=40

K=150

K=300

5 10 15 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

FC threshold, Λf

Average

prob.of

mis-detection

,P

false

d

K=40

K=150

K=300

Fig. 5. Average probabilities: (left) of compromised SNs detection; (right)of honest SNs mis-detection versus the FC detection threshold (Λf ),parametrized on K, with M = 40, N = 20, β = 0.5, P flip

C = 1 andδ = 0.009.

leads to a trade-off (while selecting the K parameter) betweenthe compromised SNs detection accuracy and the honest SNsmis− detection performance. Note that in practice we wishto keep P i,trued high and P i,falsed low.

To give more generality to the results, in Fig. 5 we plotthe average5 performances (where the average is taken overthe number of compromised/honest SNs). (left) We observethat while increasing K (more specifically from K = 40 toK = 150) we see an improvement in the average detectionaccuracy of compromised SNs. For larger K (e.g., K = 300)this improvement is negligible; (right) The same trend isobserved for the average mis− detection performance of thehonest SNs.

In Fig. 6 we plot P i,trued and P falsed versus the time windowlength (K) for a different FC detection thresholds (Λf ). Wecan observe that the average compromised SNs detection

5The average performances are defined respectively as: P trued =

1F

∑i∈J

P i,trued and P false

d = 1M−F

∑i∈J

P i,falsed , where J (J) represents

the compromised (honest) SNs set with cardinality F ([M−F ]) respectively.

9

0 10 20 30 40 50 600

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time window length, K

Ave

r.pro

b.of

det

.(m

is-d

et.),

7 Ptr

ue

d(7 P

fal

sed

) 7P trued , $f = 13 [26]

7P falsed , $f = 13 [26]

7P trued , $f = 13

7P falsed , $f = 13

7P trued , $f = 7 [26]

7P falsed , $f = 7 [26]

7P trued , $f = 7

7P falsed , $f = 7

f=13

f=7

Fig. 6. Average compromised SNs detection probability against honest SNsmis-detection probability versus the time window length (K), parametrizedon Λf , with M = 40, N = 20, β = 0.5, P flip

C = 1 and δ = 0.009.

5 10 15 20 25 30 35 40 45 500

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time window length, K

Aver.prob.ofdet.(m

is-det.),P

true

d(P

false

d)

P trued , Λf = 5

Pf alse

d , Λf = 5

P trued , Λf = 13

Pf alse

d , Λf = 13

P trued , Λf = 13

Pf alse

d , Λf = 13

β=0.5

β=0.25

β=0.10

Fig. 7. Average compromised SNs detection probability and honest SNs mis-detection probability versus the time window length (K), parametrized on βwith M = 40, N = 20, P flip

C = 1 and δ = 0.009.

performance (P i,trued ) improves with the time window length(K) for both schemes (i.e., the proposed one in this paperand the scheme proposed in [26]). Similar behavior can beobserved for the (undesired) honest SNs mis − detectionprobability. We also can observe that our proposed detectionscheme outperforms the scheme proposed in [26] (or atleast for the simulation setup considered in this paper), ∀Kin terms of P i,trued − P falsed quantity (e.g., for Λf = 7,P i,trued − P falsed ≤ 0,∀K for the scheme proposed in [26]).We note that in practice we would like to have P i,trued closeto 1 and P falsed close to 0 (i.e., P i,trued − P falsed close to 1).

In Fig. 7 we plot the same (i.e., P i,trued and P falsed perfor-mances) but now parametrized on the fraction of compromisedSNs (β). Clearly, the quantity P i,trued −P falsed improves whenthe fraction of compromised SNs (β) decreases. This behavior(as expected) results in a robust compromised SNs detectionscheme.

Now, to give more validity to the results, in Fig. 8 we show

0 5 10 15 20−0.1

−0.05

0

0.05

0.1

0.15

0.2

0.25

Time window length, K

Pd−Pfa

Scheme in [26], Λf = 12

Scheme in [26], Λf = 14

Scheme in [26], Λf = 15

Proposed, Λf = 12

Proposed, Λf = 14

Proposed, Λf = 15

Λf=14Λ

f=12

Λf=15

Fig. 8. The Pd−Pfa metric versus the time window length (K), parametrizedon the FC detection threshold (Λf ), with M = 40, N = 20, β = 0.25,P flipC = 1, δ = 0.95 and µ = 0.5.

2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

Time window length, K

Pd(P

fa)

Pd, Λf = 12,

Pd, Λf = 12

Pd, Λf = 14

Pd, Λf = 14

Pfa, Λf = 12

Pfa, Λf = 12

Pfa, Λf = 14

Pfa, Λf = 14

Proposed

Scheme in [26]

Fig. 9. Probability of detection (false alarm) Pd (Pfa) versus the time windowlength (K), parametrized on the FC detection threshold (Λf ), with M = 40,N = 20, β = 0.25, P flip

C = 1, δ = 0.95 and µ = 0.5.

the difference between the system detection and the systemfalse alarm probability (Pd − Pfa) versus the time windowlength (K) parametrized on the FC detection threshold (Λf ).Clearly, as K increases, the performance of the Pd − Pfametric improves for all the presented cases. Also, we can ob-serve that our proposed scheme outperforms the one proposedin [26]. For example, targeting a rate of 0.16, the proposedscheme requires roughly a time window of length 5 whilethe scheme in [26] requires a time window of length 11.Then, to better understand how these two important metrics(i.e., Pd and Pfa) evolve with K, in Fig. 9 we show boththe system detection probability (Pd) and the system falsealarm probability (Pfa) versus the time window length (K)parametrized on the FC detection threshold (Λf ). As expected,the larger is the time window length K, the better the detectionperformance. However, increasing K, results in an increase inthe Pfa metric. Hence, while selecting K, one has to considerthe allowable system false alarm probability.

10

1 2 3 4 5 6 7 8 9 100.2

0.25

0.3

0.35

0.4

0.45

0.5

0.55

0.6

0.65

Time window length, K

Pd−Pfa

Scheme in [26], Λf = 7

Scheme in [26], Λf = 9

Proposed, Λf = 7

Proposed, Λf = 9

Λf=9

Λf=7

Fig. 10. The Pd − Pfa metric versus the time window length (K),parametrized on the FC detection threshold (Λf ), with M = 40, N = 20,β = 0.25, P flip

C = 0.2, δ = 0.95 and µ = 10.

1 2 3 4 5 6 70

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Time window length, K

Pd(P

fa)

Pd, Λf = 7

Pd, Λf = 9

Pd, Λf = 7

Pd, Λf = 9

Pfa, Λf = 7

Pfa, Λf = 9

Pfa, Λf = 7

Pfa, Λf = 9

Proposed, µ=12

Proposed, µ=13

Scheme in [26]

Scheme in [26]

Fig. 11. Probability of detection (false alarm) Pd (Pfa) versus the timewindow length (K), parametrized on the FC detection threshold (Λf ), withM = 40, N = 20, β = 0.25, P flip

C = 0.2, and δ = 0.95.

In Fig. 10 and in Fig. 11, we show the same (as inFig. 8 and in Fig. 9 respectively) but now for (the attackerflipping probability) P flipC = 0.2 (see (8)). As expected, thePd − Pfa metric improves up to K = 4 whereas after that(i.e., for K ≥ 4) a performance saturation gain is observed.We also note that the time window length (K∗) where thisperformance saturation gain is observed increases with theattacker flipping probability (P flipC ) (see Fig. 8-Fig. 11). Thisis as expected, because increasing the (attacking) flippingprobability one would require a larger time window length (K)for the FC in order to reduce as much as possible the attackerinfluence. However, increasing the value of K may introducea delay to the FC detection algorithm. As a result, a carefulchoice for K should be selected in practice. Nevertheless, ourproposed algorithm clearly requires a short time window spanto converge.

B. Impact of reliability detection threshold and weight penaltyparameter on the system detection performance

As previously mentioned, the reliability detection thresholdand the weight penalty (i.e., δ and µ) (see (37)) are the twoimportant parameters that will significantly affect the systemdetection performance at the FC.

0 0.2 0.4 0.6 0.8 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Pro

b.ofdete

ction,P

d

Prob. of false alarm, Pfa

Upper Bound, - = 0

Equal combining in [10], - = 0

Perfect SNs iden. and tot. removal

Opt. weights in (21), perf. SNs iden.

Proposed, 7 = 15, / = 0:09

Proposed, 7 = 15, / = 0:12

Proposed, 7 = 35, / = 0:009

Proposed, 7 = 50, / = 0:009

With ,i = ,AFi in (31)

Proposed, 7 = 75, / = 0:009

Proposed

No ident. scheme

Fig. 12. Probability of detection (Pd) versus probability of false alarm (Pfa),parametrized on µ and δ, with M = 40, N = 20, β = 0.5 (unless otherwisestated), P flip

C = 1 and K = 5.

0 0.2 0.4 0.6 0.8 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Prob. of false alarm, Pfa

Prob.ofdetection,Pd

Upper Bound, β = 0

Eq. combining, β = 0

Proposed, µ = 5

Proposed, µ = 10

Proposed, µ = 25

αi = αAFi in (10)

Proposed, µ = 35

Proposed, µ = 75

0.6 0.7 0.8 0.9

0.4

0.6

0.8

0.1 0.2 0.3 0.4 0.5

0.2

0.4

0.6

Proposed

No ident. scheme

Fig. 13. Probability of detection (Pd) versus probability of false alarm (Pfa),parametrized on µ, with M = 40, N = 20, β = 0.5 (unless otherwisestated), P flip

C = 1, K = 5, and δ = 0.009.

So, in Fig. 12 we plot the ROC performance for differentchoices of the reliability detection threshold (δ) and for afixed µ in (37). Obviously, there is an optimum value ofδ such that Pd is maximized (for all the Pfa values). Thedetection performance using the weights derived under theattack − free scenario (i.e., αi = αAFi , see (31)) in (10)is also plotted. This corresponds to the case when no SNs

11

identification scheme is used (i.e., µi = 0 in (37)). Clearly,by appropriately choosing the reliability detection threshold(δ), the proposed identification scheme performance gain issignificant compared to that when no identification scheme isused. Now, in Fig. 13 we show the same (but now for a fixedreliability detection threshold (δ)) and by varying the weightpenalty parameter (µ). Clearly, there does exist an optimumvalue of µ that maximizes the ROC performance. Furthermore,the performance improvement parametrized on µ is shown tobe significant for Pfa ≥ 0.1.

C. Detection Performance Comparison

We now compare the system detection performance of theproposed strategy with the existing schemes.

0 0.2 0.4 0.6 0.8 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Prob. of false alarm, Pfa

Prob.ofdetection,Pd

Upper Bound, β = 0

Opt. weights (21), perf. SNs iden.

Equal combining in [10], β = 0

Proposed, δ = 0.009, K=80, µ = 6

Proposed, δ = 0.009, K=40, µ = 6

Proposed, δ = 0.009, K=5, µ = 10

Proposed, δ = 0.009, K=5, µ = 14

Proposed, δ = 0.009, K=5, µ = 1

With αi = αAFi in (10), no iden.

Scheme in [26], δ = 1, K = 5

Equal combining, β = 0.25

No iden. scheme

Eq. comb.

Proposed

Scheme in [26]

Fig. 14. Probability of detection (Pd) versus probability of false alarm (Pfa),parametrized on K, δ and µ, with M = 40, N = 20, β = 0.25 (unlessotherwise stated), and P flip

C = 1.

In Fig. 14, selecting some optimum value for δ and µ (moreprecisely, δ = 0.009 and varying µ), we now compare ourproposed strategy with the existing ones such as an equalcombining scheme, the proposed scheme in [26] and theproposed scheme in [12] (i.e., with αi = αAFi in (10)) derivedunder the attack − free scenario. We can observe that theperformance of the proposed approach improves up to µ = 10whereas after that a performance degradation is noticed. Also,we can observe that by further increasing the time windowlength K, it is possible to further improve the detectionperformance. However, a careful selection of K should bemade in practice as increasing the value of K introduces adelay to the FC decision making process. Clearly, the proposedscheme has a significant detection performance improvementcompared to the case where no identification scheme is appliedand also outperforms the existing strategy [12] and [26].

In Fig. 15, we report the ROC for the two different schemes(i.e., the one derived under an attack − free scenario andthe proposed one in this paper) parametrized on the fractionof compromised SNs (β) and flipping probability (P flipC )

0 0.2 0.4 0.6 0.8 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Prob. of false alarm, Pfa

Prob.ofdetection,Pd

Opt. weights in (21), perf. SNs iden.

Proposed, β = 0.25, P f lipC

= 0.2, µ = 2

αi = αAFi in (10), β = 0.25, P f lip

C= 0.2

Opt. weights in (21), perf. SNs iden.

Proposed, β = 0.5, µ = 6, P f lipC

= 0.8

Proposed, β = 0.25, µ = 6, P f lipC

= 0.8

αi = αAFi in (10), β = 0.5, P f lip

C= 0.3

αi = αAFi in (10), β = 0.5, P f lip

C= 0.5

αi = αAFi in (10), β = 0.5, P f lip

C= 1

β=0.5, PCflip=0.8

β=0.25, PCflip=0.2

No iden. scheme

Fig. 15. Probability of detection (Pd) versus probability of false alarm (Pfa),parametrized on β, µ, and P flip

C , with M = 40, N = 20, K = 5, andδ = 0.009.

parameters. As expected (refer to (25)), the worst detectionperformance is observed for the case when β = 0.5 andP flipC = 1 as this is the case where the attacker causes themaximum possible FC degradation. Clearly, for a fixed β (i.e.,β = 0.5), the detection performance improves as the flippingprobability decreases. A significant improvement is observedin particular for high probability of false alarm (Pfa) values.Now, for low probability of false alarm (Pfa) (e.g., choosingβ = 0.25 and P flipC = 0.2), the proposed scheme significantlyoutperforms the case when no identification scheme is applied(i.e., αi = αAFi in (10)) while for high Pfa its performanceapproaches the effective upper bound (i.e., when optimumweights in (21) are used and perfect SNs identification isassumed). Similarly, for e.g., β = 0.25 and β = 0.5 (for (fixed)P flipC = 0.8), the proposed approach possesses a remarkabledetection performance gain compared to that of where noidentification scheme is applied.

VI. CONCLUSION

In this paper, we have considered some of the key issuesrelated to under−attack WSNs. We have extended the resultspresented in our previous work [33] by considering a more re-alistic scenario where perfect knowledge of the true hypothesisis not required by the attacker. Optimal strategies from theFC’s and the attacker’s perspective have been characterizedand some bounds have been derived.

We also proposed a new reliability metric and based onthis, a reliability-based scheme was presented to identify thecompromised SNs in the network and to control their contri-butions towards the FC’s final decision. This new approachdecreases the weights of the compromised SNs proportionalto the reputation metric whereas the existing schemes totallyexclude the compromised SNs (i.e., a zero weight is assigned)from the fusion process. Simulation results have shown that

12

the proposed approach significantly outperforms, in terms ofdetection performance improvement, the existing FC rules andthe compromised SNs identification schemes.

While this work and the other related publications assumethat during the SNs identification stage, the attackers’ param-eters (i.e., β and P flipC ) are fixed (i.e., not dynamic), thereare interesting questions as to how the dynamic attackers’parameters will affect the network and how well the existingschemes can isolate the compromised SNs in the network. Inthis case, the dynamic optimum FC rules and the dynamicattacker strategies will be of particular interest and will beconsidered and investigated in future work in order to copewith such dynamic scenarios.

REFERENCES

[1] D. Estrin, L. Girod, G. Pottie, and M. Srivastava, Instrumentingthe world with wireless sensor networks, in Proc. IEEE Int.Conf. Acoust., Speech Signal Process. (ICASSP), Salt Lake City,UT, United States, 7-11 May 2001.

[2] O. Songhwai, C. Phoebus, M. Michael, M. Srivastava, and S.Shankar, Instrumenting Wireless Sensor Networks for Real-time Surveillance, in Proc. of the International Conference onRobotics and Automation (ICRA), May 2006

[3] L. Zhang, G. Ding, Q. Wu, Y. Zou, Z. Han, and J. Wang,“Byzantine Attack and Defense in Cognitive Radio Networks:A Survey”, IEEE Communications Surveys & Tutorials, vol. 17,no. 3, pp. 1342-1363, thirdquarter 2015.

[4] P. K. Varshney, Distributed Detection and Data Fusion.NewYork: Springer, 1997.

[5] J. N. Tsitsiklis, “Decentralized detection,” in Advances in SignalProcessing, H. V. Poor and J. B. Thomas, Eds. New York: JAI,1993, vol. 2, pp. 297-344.

[6] R. Blum, S. Kassam, and H. Poor, “Distributed detection withmultiple sensors: Part II-advanced topics,” Proc. IEEE, vol. 85,no. 1, pp. 64-79, Jan. 1997.

[7] Z. Quan, S. Cui, and A. H. Sayed,“Optimal linear cooperationfor spectrum sensing in cognitive radio networks,” IEEE J. Sel.Topics Signal Process., vol. 2, no. 1, pp. 28-40, Feb. 2008.

[8] S. Barbarossa, S. Sardellitti, and P. Di Lorenzo, “DistributedDetection and Estimation in Wireless Sensor Networks,” InRama Chellappa and Sergios Theodoridis eds., Academic PressLibrary in Signal Processing, Vol. 2, Communications and RadarSignal Processing, pp. 329-408, 2014.

[9] J. F. Chamberland and V. V. Veeravalli, “Asymptotic resultsfor decentralized detection in power constrained wireless sensornetworks,” IEEE Journal on Selected Areas in Communications,vol. 22, no. 6, pp. 1007-1015, Aug. 2004.

[10] E. Nurellari, D. McLernon and M. Ghogho, “Distributed Two-Step Quantized Fusion Rules Via Consensus Algorithm forDistributed Detection in Wireless Sensor Networks,” in IEEETransactions on Signal and Information Processing over Net-works, vol. 2, no. 3, pp. 321-335, Sept. 2016.

[11] A. Ribeiro and G. B. Giannakis, “Bandwidth-constrained dis-tributed estimation for wireless sensor networks, part I: Gaussiancase,” IEEE Transactions on Signal Processing, vol. 54, no. 3,pp.1131-1143, 2006.

[12] E. Nurellari, D. McLernon, M. Ghogho and S. Aldalahmeh,“Optimal quantization and power allocation for energy-baseddistributed sensor detection,” Proc. EUSIPCO, Lisbon, Portugal,1-5 Sept. 2014.

[13] X. Zhang, H. V. Poor, and M. Chiang, “Optimal power alloca-tion for distributed detection over MIMO channels in wirelesssensor networks,” IEEE Trans. Signal Process., vol. 56, no. 9,pp. 41244140, Sep. 2008.

[14] E. Nurellari, S. Aldalahmeh, M. Ghogho and D. McLernon,“Quantized Fusion Rules for Energy-Based Distributed Detec-tion in Wireless Sensor Networks ,” Proc. SSPD, Edinburgh,Scotland, 8-9 Sept. 2014.

[15] T. Karygiannis and L. Owens, “Wireless network security,”NIST special publication, 2002.

[16] S. Marano, V. Matta, and L. Tong, “Distributed detection in thepresence of byzantine attacks,” IEEE Trans. Signal Process., vol.57, no. 1, pp. 16-29, Oct 2009.

[17] A. Vempaty, L. Tong, and P. K. Varshney, “Distributed inferencewith Byzantine data,” IEEE Signal Process. Mag., vol. 30, no.5, pp. 65-75, Sep. 2013.

[18] L. Lamport, R. Shostak, and M. Pease,“The byzantine gen-erals problem,” ACM Trans. Program. Lang. Syst., vol.4, no. 3, pp. 382-401, Jul. 1982. [Online]. Available:http://doi.acm.org/10.1145/357172.357176.

[19] B. Kailkhura, S. Brahma and P. K. Varshney, “Data Falsi-fication Attacks on Consensus-Based Detection Systems,” inIEEE Transactions on Signal and Information Processing overNetworks, vol. 3, no. 1, pp. 145-158, Mar. 2017.

[20] V. S. S. Nadendla, Y. S. Han, and P. K. Varshney, “ DistributedInference With M-Ary Quantized Data in the Presence ofByzantine Attacks,” IEEE Transactions on Signal Processing,vol. 62, no. 10, pp. 2681-2695, May 2014.

[21] L. Zhang, Q. Wu, G. Ding, S. Feng, and J. Wang, “Performanceanalysis of probabilistic soft SSDF attack in cooperative spec-trum sensing,” EURASIP J. Adv. Signal Process., vol. 2014, no.1, pp. 81, May 2014.

[22] S. Cui, Z. Han, S. Kar, T.T. Kim, H. Poor, and A. Tajer,“Coordinated data-injection attack and detection in smart grid,”IEEE Signal Process. Mag. vol. 29, no. 5, pp. 106-115, Sep.2012.

[23] P. Kaligineedi, M. Khabbazian, and V. K. Bhargava, “Securecooperative sensing techniques for cognitive radio systems,”Proc. ICC, pp. 3406- 3410, Beijing, China, 19-23 May 2008.

[24] A. Vempaty, L. Tong, and P. Varshney,“Distributed Inferencewith Byzantine Data: State-of-the-Art Review on Data Falsifi-cation Attacks,” Signal Processing Magazine, IEEE, vol. 30, no.5, pp. 65-75, 2013.

[25] R. Chen, J. Park, K. Bian, “Robust distributed spectrum sensingin cognitive radio networks,” Proc. INFOCOM, pp. 1876-1884,Apr. 2008.

[26] A. S. Rawat, P. Anand, H. Chen, and P. K. Varshney, “Collab-orative spectrum sensing in the presence of byzantine attacks incognitive radio networks,” IEEE Trans. Signal Process., vol. 59,no. 2, pp. 774-786, Jan. 2011.

[27] H. Chen , X. Jin, and L. Xie, “Reputation-based CollaborativeSpectrum Sensing Algorithm in Cognitive Radio Networks,”proc. PIRMC, pp. 582-587, Tokyo, Japan, 13-16 Sep. 2009.

[28] R. Gentz, S. X. Wu, H. T. Wai, A. Scaglione, and A. Leshem,“Data Injection Attacks in Randomized Gossiping,” in IEEETransactions on Signal and Information Processing over Net-works, vol. 2, no. 4, pp. 523-538, Dec. 2016.

[29] H. Urkowitz, “Energy detection of unknown deterministic sig-nals, Proc. IEEE , vol. 55, pp. 523-531, Apr. 1967.

[30] S. M. Kay, Fundamentals of Statistical Signal Processing:Detection Theory , Englewood Cliffs, NJ: Prentice-Hall PTR,1993.

[31] A. Vempaty, O. Ozdemir, K. Agrawal, H. Chen, and P. Varsh-ney, “Localization in wireless sensor networks: Byzantines andmitigation techniques,” IEEE Trans. Signal Process., vol. 61, no.6, pp. 1495-1508, Mar. 2013.

[32] T. Zhao and Y. Zhao, “A new cooperative detection techniquewith malicious user suppression,” Proc. ICC, Dresden, Germany,14-18 Jun. 2009.

[33] E. Nurellari, D. McLernon, M. Ghogho, and S. Aldalahmeh,“Distributed Binary Event Detection Under Data-Falsificationand Energy-Bandwidth Limitation,” IEEE Sensors Journal, vol.16, no. 16, pp. 6298-6309, Aug. 15, 2016.

13

Edmond Nurellari received his B.Sc and his M.Scdegree in Electrical and Electronic Engineering, bothfrom Eastern Mediterranean University, NorthernCyprus, in 2010 and in 2012 respectively.

From September 2010 to February 2013, heserved as a Research and Teaching Assistant in thedepartment of Electrical and Electronic Engineeringat Eastern Mediterranean University. In 2013, he wasawarded the Leeds International Research Scholar-ship (LIRS) to pursue his Ph. D. at the School ofElectronics and Electrical Engineering, University of

Leeds, United Kingdom. Since April 2017, he has been a faculty member withthe School of Engineering at the University of Lincoln, United Kingdom,where he is currently a Lecturer in Electrical Engineering/Robotics.

His research interests includes distributed signal processing, signal pro-cessing on graphs, resource allocations, distributed decisions and networksecurity analysis in wireless sensor networks by employing tools from graphtheory and game theory. He has served as an Invited Reviewer for theIEEE Transactions on Signal and Information Processing over Networks,IEEE Communication Letter, Springers Wireless Networks Journal, SpringersDigital Signal Processing Journal and IEEE Flagship conferences.

Des McLernon (M’94) received his B.Sc in Elec-tronic and Electrical Engineering and his M.Sc. inElectronics, both from Queens University of Belfast,N. Ireland.

He then worked on radar research and devel-opment with Ferranti Ltd. in Edinburgh, Scotland,and later joined the Imperial College, Universityof London, where he received his Ph.D. in signalprocessing. After first lecturing at South Bank Uni-versity, London, UK, he moved to the School ofElectronic and Electrical Engineering at the Univer-

sity of Leeds, UK, where he is a Reader in Signal Processing.His research interests are broadly within the domain of signal processing

for communications, in which area he has published over 300 journal andconference papers.

Mounir Ghogho (SM’96) received the M.Sc de-gree (DEA) in 1993 and the Ph.D. degree in 1997from the National Polytechnic Institute of Toulouse,France. He was an EPSRC Research Fellow with theUniversity of Strathclyde, Glasgow (Scotland), fromSeptember 1997 to November 2001.

Since December 2001, he has been a facultymember with the school of Electronic and ElectricalEngineering at the University of Leeds (England),where he is currently a Professor. He is also cur-rently a Research Director and a Scientific Advisor

to the President at the International University of Rabat (Morocco). He wasawarded the UK Royal Academy of Engineering Research Fellowship inSeptember 2000. He is a recipient of the 2013 IBM Faculty Award. Heis currently an Associate Editor of the Signal Processing Magazine. Heserved as an Associate Editor of the IEEE Signal Processing Letters from2001 to 2004, the IEEE Transactions on Signal Processing from 2005 to2008, and the Elsevier Digital Signal Processing journal from 2011 to 2012.He served as a member of the IEEE Signal Processing Society SPCOMTechnical Committee from 2005 to 2010, a member of IEEE Signal ProcessingSociety SPTM Technical Committee from 2006 to 2011, and is currently amember of the IEEE Signal Processing Society SAM Technical Committee.He was the General Chair of the European Signal Processing conferenceEusipco2013 and the IEEE workshop on Signal Processing for AdvancedWireless Communications SPAWC2010, the technical co-chair of the MIMOsymposium of IWCMC 2007 and IWCMC 2008, and a technical area co-chairof Eusipco 2008, Eusipco 2009 and ISCCSP05. He is the general Chair ofIEEE WCNC 2019.

His research interests are in signal processing and communication networks.He has published over 260 journal and conference papers. He held invitedscientist/professor positions at Telecom Paris-Tech (France), NII (Japan),BUPT (China), University Carlos 3rd of Madrid (Spain), ENSICA (Toulouse),Darmstadt Technical University (Germany), and Minnesota University (USA).He is the Eurasip Liaison in Morocco.

View publication statsView publication stats