Throughput and Interference for Cooperative Spectrum Sensing: A Malicious Perspective

Abstract

Cognitive radio (CR) is a feasible intelligent technology and can be used as an effective solution to spectrum scarcity and underutilization. As the key function of CR, cooperative spectrum sensing (CSS) is able to effectively prevent the harmful interference with primary users (PUs) and identify the available spectrum resources by exploiting the spatial diversity of multiple secondary users (SUs). However, the open nature of the cognitive radio networks (CRNs) framework makes CSS face many security threats, such as, the malicious user (MU) launches Byzantine attack to undermine CRNs. For this aim, we make an in-depth analysis of the motive and purpose from the MU's perspective in the interweave CR system, aiming to provide the future guideline for defense strategies. First, we formulate a dynamic Byzantine attack model by analyzing Byzantine behaviors in the process of CSS. On the basis of this, we further make an investigation on the condition of making the fusion center (FC) blind when the fusion rule is unknown for the MU. Moreover, the throughput and interference to the primary network are taken into consideration to evaluate the impact of Byzantine attack on the interweave CR system, and then analyze the optimal strategy of Byzantine attack when the fusion rule is known. Finally, theoretical proofs and simulation results verify the correctness and effectiveness of analyses about the impact of Byzantine attack strategy on the throughput and interference.

1. Introduction

Due to the rapid advances in wireless communication systems, the demand for spectrum resources has increased sharply, so the spectrum resources cannot meet the needs of wireless devices and applications. And yet, in another respect, it has been proved by Federal Communications Commission (FCC) research that the spectrum scarcity is a direct consequence of the underutilization of the frequency spectrum by primary users (PUs) either temporally or spatially in fact. Therefore, cognitive radio (CR) is proposed to enable secondary users (SUs) to communicate in the authorized frequency band, with the aim of not affecting the PU’s normal operation [1]. In a interweave CR operation mode [2], CR allows secondary users (SUs) using spectrum sensing methods to detect whether the PU’s signal is present or not [3], and then the SUs opportunistically access the channel (when the PU is absent, which presents that the channel is underutilized by the PU) but without causing excessive interference to the primary network. Therefore, CR is able to solve the dilemma between the spectrum underutilization and scarcity [4].

However, due to the inherent nature of wireless propagation, the single-node spectrum sensing is prone to be affected by many factors, such as shadow effect, multipath fading, etc., the spectrum sensing performance is prone to be affected. In view of this, cooperative spectrum sensing (CSS) uses the spatial diversity of SUs to improve the spectrum sensing performance by the diversity gain, which significantly increases the sensing accuracy. Now it has become the primary method for the fusion center (FC) to detect whether the PU occupies the spectrum. In the CSS, SUs sends the original observations (soft-combining) or their local decisions (hard- combining) to the FC, and then the FC makes a global decision about the PU’s status through a specific fusion rule [5]. There is no doubt that CSS is able to improve the accuracy of the PU detection. However, it opens a hole to the malicious users (MUs) who take part in the spectrum sensing and submit falsified sensing information to the FC to implement Byzantine attack. Through Byzantine attack, MUs mislead the FC to make wrong global decision by submitting falsified sensing information, thereby causing the following effects: on the one hand, MUs can prevent normal users (NUs) from occupying spectrum resources the in order to selfishly access the channel; on the other hand, MUs allure NUs to access the channel when the PU is using it and then cause excessive interference to the PU’s normal communication.

Therefore, protecting CSS from Byzantine attack is indispensable and devising a comprehensive and in-depth analysis on the characteristics and impact of Byzantine attack becomes essential.

1.1 Related Work

The area of CSS has been a very active field of research in the past, security problems in CRNs have gained attention only in the last decade. Both [6] and [7] used a trusted node assistance to verify the correctness of reputation and data of participating CSS nodes, with the aim of securing CSS. In [8], the FC allocates a reasonable weight value (depending on historical sensing behavior of nodes) according to the submitted observations' evaluation to make the global decision. In [9], an algorithm was proposed by Z. Sun et al. to select better sensing strategies either collaboratively or independently. In [10], M. Ningrinla et al. proposed a lightweight intrusion detection scheme and intrusion detection scheme using the Markov chain model based on historical spectrum sensing data to detect intrusion and identify Byzantine attackers. In [11][12], a reputation-based strategy is proposed by A. S. Rawat et al. to identify Byzantine attackers, but Byzantine attack identification can take effect in the proposed system when the malicious percentage is less than 50%. Nevertheless, the above-mentioned methods either rely heavily on the assistance of a third-party trusted node or are only applicable for small-scale Byzantine attack scenarios. In fact, the reliable trusted node is not easy to obtain in a realistic CRN, this assumption appears to be too ideal. Otherwise, since a low percentage of MUs cannot compromise the FC, most of existing Byzantine identification algorithms adopt the FC’s global decision as the evaluation criterion of the reputation management mechanism [13], apparently, they overlook the possibility of large-scale Byzantine attack.

Compared to the ideal assumptions in the aforementioned works, an incentive method based on peer-peer prediction was proposed by Y. Gan et al. to identify and punish attackers and encourage SU to send accurate reports in [14]. An incentive-compatible mechanism was designed by W. Wang et al. to provide a moderate punishment to MUs based on the moral hazard principal-agent model in [15]. With the prior knowledge of attack behaviors, the closed form expressions of the identification performance was derived by L. Zhang et al. in [16]. Considering that the unavailable prior knowledge, the maximized likelihood estimation is made based on the extended sensing to optimize the optimal performance. In [17], J. Wu et al. proposed a low-complexity sequential 0/1 defense strategy against strategic Byzantine attack for CSS. Both [18] and [19] made use of estimation algorithm to estimate attack parameters, aiming to adopt appropriate defense strategies. In contrast to the simplified hostile scenario, the above works consider some relatively complex and flexible Byzantine attack strategies from various aspects, and then propose corresponding defense strategies by means of estimation algorithms. But for some special attack model (i.e., probabilistic Byzantine attack), estimation algorithms have to take a long sensing observation period and then confirms attack parameters before deploying defense strategies.

Bedsides, J. Ren et al. proposed an algorithm which take Byzantine attack and energy efficiency into consideration in [20]. F. Ye et al. made use of evidence theory and credibility calculation where evaluates the holistic credibility of SUs from both the real-time difference and statistical sensing behavior of SUs in [21] to propose a CSS method. In [22], W. Hashlamoun et al. proposed a mechanism to mitigate the Byzantine attack by partitioning sensors into groups and measured the CSS performance by introducing a weighted Kullback- Leibler divergence indicator. Unfortunately, [20-24] only consider the simple always attack, such as always yes/no/false attack, but in fact, for a rational MU, the always attack is more aggressive and easily identified by the FC’s defense strategy. Otherwise, numerous efforts on Byzantine attack identification and removal for CSS have been made in [25-26] and references therein.

1.2 Our Contributions

Through analyses on the above literature, many efforts have been devoted to studying Byzantine attack for CSS, few studies consider rational Byzantine attackers from the malicious perspective. Because of the incomplete analysis of Byzantine behavior, the defensive strategy or algorithms always have various unrealistic assumptions and some limitations, hence CSS also poses many new research challenges.

The previous works always start with the CSS security to deal with Byzantine attack and fail in considering the motives and purpose of MUs, in this paper, we relax the requirements of the parameters on Byzantine attack, and reconsider Byzantine attack behaviors in CSS. Further, we make an in-depth analysis on the impact of Byzantine attack of the achievable throughput of CRNs and interference to the PU under various scenarios. In summary, the main contributions of this paper can be summarized as follows:

· We start with Byzantine behaviors in CSS to develop a dynamic Byzantine attack model from the malicious perspective. Under this generalized attack model, the MU can conduct various attack strategies by arbitrarily adjusting attack parameters and does not have any restrictions. Since the proposed dynamic Byzantine attack model does not have any ideal assumptions, it provides a more extensive analysis in various complex scenarios.

· Under two scenarios where the fusion rule is unknown or known for MUs, the blind problem and the impact of Byzantine attack on the throughput and interference are taken into account. When the fusion rule is unknown, according to the proposed attack model, we derive the minimal percentage of MUs and condition of which making the FC blind. When the fusion rule is known, we analyze the impact of Byzantine attack on the achievable throughput of CRNs and interference to the PU, and conduct the optimal attack strategy to obtain maximal throughput and interference.

· Finally, we simulate the real effect of Byzantine attack parameters on CRNs in the various scenarios, and by a series of numerical simulations, we corroborate correctness and effectiveness of theoretical analyses about the impact of Byzantine attack strategy on the throughput and interference from the malicious perspective.

1.3 Organization

The remainder of this paper is organized as follows. Section 2 introduces the system model, including the spectrum sensing, Byzantine attack model, and throughput evaluation. In Section 3, the blind condition of making the FC blind is analyzed and derived when the fusion rule is unknown. Section 4 analyzes the optimal attack strategy to maximize the achievable throughput and interference when the fusion rule is known. Simulation results are provided in Section 5 to verify our theoretical analyses. Finally, conclusions and further work are drawn in Section 6.

2. System Model

In this section, the spectrum sensing model based on an interweave operation mode is presented in an infrastructure-based CRN. Following the spectrum sensing model, we propose a dynamic Byzantine attack model according to Byzantine behaviors from the MU’s perspective. Then on the basis of the periodic spectrum sensing frame structure, we further evaluate the achievable throughput as the performance metric of CRNs, respectively.

2.1 Spectrum Sensing Model

We consider an infrastructure-based CRN in an interweave operation mode, which consists of a FC, a PU, 𝑁𝑁 several collaborative SUs, and the malicious percentage 𝜌, as shown in Fig. 1. In order to realize the detection for the PU, all SUs make use of the local spectrum sensing methods to detect the PU signal. According to the binary hypothesis test problem, at the 𝑘𝑘-th sensing interval, the received sampled signal 𝑦𝑦𝑖𝑖(𝑛𝑛) of the 𝑖𝑖-th SU can be described as

Fig. 1. CSS in the presence of MUs.

\(y_{i}(n)= \begin{cases}u_{i}(n), & H_{0} \\ h_{i}(k) s(n)+u_{i}(n), & H_{1}\end{cases}\)       (1)

where 𝐻₀ and 𝐻₁ represent the two hypotheses that the licensed frequency band is idle or occupied (i.e., the PU is absent or present), 𝑢_𝑖(𝑛) is the additional white Gaussian noise (AWGN) with mean zero and variance \(\sigma_{u}^{2}\), 𝑠(𝑛) is the SU’s received signal transmitted by the PU, ℎ_𝑖(𝑛) is the channel gain, 𝑠(𝑛) and 𝑢_𝑖(𝑛) are assumed to be independent.

Currently, there are a variety of local spectrum sensing methods, including energy detection, matched filter, cyclostationary detection, and wavelet detection. Among these methods, the energy detection is commonly adopted because it does not require the PU signal’s prior information and has a low implementation complexity. Then, the test statistic 𝑦𝑖(𝑡) for energy detector at the 𝑘𝑘-th sensing interval is calculated as

\(T_{i}(k)=\sum_{t=1}^{S}\left|y_{i}(t)\right|^{2}\)       (2)

According to the central limit theorem, 𝑇𝑖(𝑘) can be approximated by a Gaussian distribution (when the number of samples 𝑆𝑆 is large enough) as follows [27]

\(T_{i}(k)= \begin{cases}\mathcal{N}\left(S \sigma_{u}^{2}, 2 S \sigma_{u}^{4}\right), & H_{0} \\ \mathcal{N}\left(S\left(\gamma_{i}(k)+1\right) \sigma_{u}^{2}, 2 S\left(\gamma_{i}(k)+1\right)^{2} \sigma_{u}^{4}\right), & H_{1}\end{cases}\)       (3)

where 𝛾𝑖(𝑘) is the signal-to-noise ratio (SNR) of the PU measured at the 𝑖-th SU.

Assuming that 𝜏 represents the sensing time, the received signal is sampled at sampling frequency 𝑓𝑠, therefore the local spectrum sensing performance for the 𝑖𝑖-th SU, i.e., the local false alarm probability and the local detection probability are respectively given by

\(P_{f, i}=P\left(T_{i}(k)>\lambda \mid H_{0}\right)=Q\left(\left(\frac{\lambda}{\sigma_{u}^{2}}-1\right) \sqrt{\tau f_{s}}\right)\)       (4)

\(P_{d, i}=P\left(T_{i}(k)>\lambda \mid H_{1}\right)=Q\left(\left(\frac{\lambda}{\sigma_{u}^{2}}-\gamma_{i}(k)-1\right) \sqrt{\frac{\tau f_{s}}{2 \gamma_{i}(k)+1}}\right)\)       (5)

where 𝑄(•) is the complementary distribution function of the standard Gaussian, 𝜆 is the predetermined threshold.

2.2 Byzantine Attack Model

After all SUs individually performs the spectrum sensing, they should continue submitting a binary decision to the FC for the global decision making. Though cooperative paradigms mitigate the negative effect of the nature of wireless propagations, but open a door for different attacks, such as Byzantine attack. In Byzantine attack, the MU sends falsified local decision report about the PU status to the FC and intentionally confuse the FC.

Many efforts have been devoted to studying Byzantine attack in CSS, including attack model and defense strategies, i.e., [24] and references therein. To be specific, Byzantine attack model has received far less attention than Byzantine defense, such as, many researches only focus on simple always yes/no/false attacks without dealing with more sophisticated malicious behaviors. There is no doubt that such an always attacker is easy to be identified and removed from CSS. This is to say, if the analysis on Byzantine attack behavior is not thorough enough, it is impossible to conduct a robust defense strategy.

To formulate a more generalized and flexible Byzantine attack model, we conduct theoretical study to dissect Byzantine behaviors of MUs. In details, when the MU deliberately sends falsified spectrum sensing data to the FC, its final goal is to force the FC into making a wrong global decision. On the one hand, when a MU has detected that the PU is absent, it falsifies the decision report 0 into 1 and then deceives the FC into declaring the global decision as 1. As a result, the FC broadcasts that the PU is using the channel, then NUs cannot access the channel to avoid causing interference to the PU, and can only continue spectrum sensing in the next sensing frame. Finally, the MUs can exclusively occupy the channel that is not actually being used by the PU. On the other hand, when a MU has detected that the PU is present, the MU falsifies the decision report 1 into 0, its objective is to induce the FC to announce the global decision 1 into 0. This is to say, the FC may inform SUs that the PU is absent and they can access the channel, but in fact the PU is still using the channel, thereby causing harmful interference to the PU.

The above two situations are the most extreme impact of Byzantine attacks on CSS. In consideration of their own attack risks, MUs do not always adopt such extreme attack strategies because extreme attack strategies will soon fail to deploy due to low reputation in common reputation-based methods. From a long-term perspective, the intermittent or interval attack strategies will not be discovered immediately, the MU has a certain degree of concealment and remains in CRNs for a long time [28]. In this regard, we start with a probabilistic attack strategy to develop a generalized and flexible Byzantine attack model.

MUs are equipped with the same spectrum sensing capability as NUs, the NU honestly submits a binary decision report to the FC while the MU submits a falsified decision report with a certain probability after all SUs perform the local spectrum sensing, as shown in Fig. 2. In details, when the local decision 𝑆𝑖 is 0, the MU submits 1 to the FC with the probability 𝛼𝛼; when 𝑆𝑖 = 1, the MU submits 0 to the FC with the probability 𝛽. From the malicious perspective, the MU can conduct various attack strategies by varying the flipping probability 𝛼 and 𝛽 from 0 to 1. Such as, when 𝛼 = 1 or 𝛽 = 1, the Byzantine attack is the always yes or always no attack at this time while it is the always false attack when 𝛼 = 𝛽 = 1. In other words, such an always attack is a kind of particular case of our proposed attack model. It should be noted that the MU can be regarded as the NU when 𝛼 = 𝛽 = 0 because it did not launch attack.

Fig. 2. Dynamic Byzantine attack model.

According to the proposed dynamic Byzantine attack, a couple of flipping probabilities 𝛼 and 𝛽 can be expressed as

\(\alpha=P\left(R_{i}=1 \mid S_{i}=0\right)\)       (6)

\(P_{m}^{m}=\left(1-P_{m}\right) \beta+P_{m}(1-\alpha)\)       (7)

For the sake of simplicity, MUs are assumed to be independent of each other and have the same flipping probability, then the false alarm probability and the miss detection probability for a MU can be obtained as

\(P_{f a}=\rho P_{f}^{m}+(1-\rho) P_{f}\)       (8)

\(P_{m}^{m}=\left(1-P_{m}\right) \beta+P_{m}(1-\alpha)\)       (9)

Taking Byzantine attack into consideration in CSS, the false alarm probability 𝑃_𝑓a and the miss detection probability 𝑃_𝑚a at the FC can be respectively expressed as

\(P_{f a}=\rho P_{f}^{m}+(1-\rho) P_{f}\)       (10)

\(P_{m a}=\rho P_{m}^{m}+(1-\rho) P_{m}\)       (11)

where the detection probability 𝑃_𝑑𝑎 = 1 − 𝑃_𝑚𝑎.

Different from that 𝛼𝛼 and 𝛽𝛽 are regarded as the false alarm attack and miss detection attack parameter and assumed to be the same in [10], the flipping probabilities 𝛼𝛼 and 𝛽𝛽 are independent of each other in this paper. To be specific, A. Sharifi and M. Niya treat the malicious percentage 𝜌𝜌 as the attack intensity in [29], obviously, the flipping probability is confused with the malicious percentage. In summary, unlike the existing attack model, our proposed dynamic Byzantine attack model does not have no any special assumption on attack parameters.

2.3 Throughput Evaluation

Next, we further introduce a periodic spectrum sensing frame structure to evaluate the achievable throughput of CRNs[30]. Each frame (the frame duration is 𝑇𝑇) consists of a sensing slot (the sensing time is 𝜏𝜏) and a data transmission slot (data transmission time is 𝑇 − 𝜏), as shown in Fig. 3. Based on the spectrum sensing frame structure, a brief of some assumptions and parameters are provided to evaluate the throughput in the data transmission time. Let 𝐶₀ and 𝐶₁ represent the average throughput of CRNs in the absence or presence of the PU [30], respectively, 𝑃_𝑠 is the received power of SU, 𝑁𝑁0 is the noise power and 𝑃_𝑝 is the interference power of PU measured at the SU, then [30]

Fig. 3. Periodic spectrum sensing frame structure of CRN.

\(C_{0}=\log _{2}\left(1+\frac{P_{S}}{N_{0}}\right)\)       (12)

\(C_{1}=\log _{2}\left(1+\frac{P_{S}}{P_{p}+N_{0}}\right)\)       (13)

In order to take the CSS performance into consideration, we further adopt the majority rule at the FC, which is based on the majority of the individual decisions [31]. Depending on the majority rule, then the global false alarm and detection probability can be given by [31][32]

\(Q_{f}=\sum_{n=K}^{N}\left(\begin{array}{l} N \\ n \end{array}\right) P_{f a}^{n}\left(1-P_{f a}\right)^{N-n}\)       (14)

\(Q_{d}=\sum_{n=K}^{N}\left(\begin{array}{l} N \\ n \end{array}\right) P_{d a}^{n}\left(1-P_{d a}\right)^{N-n}\)       (15)

where the global miss detection portability 𝑄_𝑚 = 1 − 𝑄_𝑑.

According to the global decision (the FC broadcasts that the PU is absent) made by the FC, there are following cases where SUs are allowed to access the channel.

Case 1: when the FC correctly decides that the PU is absent, the SU is allowed to access the channel underutilized by the PU, then the average throughput of CRN for Case 1 can be expressed as

\(R_{0}=\frac{T-\tau}{T} P\left(H_{0}\right)\left(1-Q_{f}\right) C_{0}\)       (16)

where 𝑃𝑃(𝐻₀) represents the probability of hypothesis 𝐻₀.

Case 2: when the FC wrongly decides that the PU is absent, the miss detection occurs, according to the global decision, the SUs still access the channel being used by the PU but will cause the harmful interference to the PU, the average throughput of CRN for Case 2 is given by

\(R_{1}=\frac{T-\tau}{T} P\left(H_{1}\right)\left(1-Q_{d}\right) C_{1}\)       (17)

where 𝑃(𝐻₁) represents the probability of hypothesis 𝐻₁.

Through above analyses, the average throughput of CRN can be represented by

\(R=\frac{T-\tau}{T}\left(P\left(H_{0}\right)\left(1-Q_{f}\right) C_{0}+P\left(H_{1}\right)\left(1-Q_{d}\right) C_{1}\right)\)       (18)

Following the above description and analyses about CSS and Byzantine attack, we further provide a comprehensive investigation on the impact of Byzantine attack in the following section.

3. Scenario I: Unknown Fusion Rule

This section considers a scenario where the MU does not know the fusion rule adopted by the FC. Because of unknown fusion rule, the MU launches Byzantine attack but cannot obtain the global CSS performance. In view of this, we discuss Byzantine attack from the local spectrum sensing performance next.

MUs intend to destroy the operation of CR through Byzantine attack, in order to achieve this goal, MUs need to perform local spectrum sensing like other NUs, and then flip the original sensing decision and submit them to the FC, thereby misleading the FC to make wrong global decision regarding the PU’s status. If possible, MUs will make the FC completely unable to decide on the channel status, but this needs to make an in-depth analysis on characteristics of Byzantine attack. In fact, there are a number of different MU identification and mitigation algorithms methods to defend against Byzantine attack threats but fail in considering characteristics of Byzantine attack itself. For example, regardless of the defense strategy, to what extent can MUs degrade the performance of the FC, and what is the relationship between the attack ratio and the flipping probabilities and ?

In order to solve above issues, we introduce a blind conception about the FC’s decision ability. In the view of the Bayesian framework, when the received decision does not provide any information about the hypotheses to the FC, we regard that the FC is blind at this time. That is to say, the global decision is completely independent of the hypothesis test. Meanwhile, it should be noted that the random guess of the FC can also have 50% accuracy, hence the condition to make the FC blind can be stated as 𝑃(𝑹|𝐻₀) = 𝑃(𝑹|𝐻₁) where 𝑹 = [𝑅₁, . . . , 𝑅_𝑖, . . . , 𝑅_𝑁]. Assuming that each SU’s sensing observation is subject to conditional independent and identically distribution, then the blind condition of which MUs make the FC become 𝑃𝑓a = 𝑃𝑑a. Therefore, we have

\(\rho P_{f}^{m}+(1-\rho) P_{f}=1-\rho P_{m}^{m}-(1-\rho) P_{m}\)       (19)

Hence, the FC becomes blind if

\(\rho=\frac{1}{\alpha+\beta}\)       (20)

To be specific, we can see from (20) that when MUs launch always false attack (i.e., 𝛼 = 𝛽 = 1), the minimum percentage of MUs to make the FC blind is 𝜌 = 0.5. Otherwise, when MUs only launch always yes attack (𝛼 = 1) or always no attack (𝛽 = 1), it is impossible to make the FC blind unless MUs are spread all over the network.

The above blind condition is derived without defense strategies, but in front of defense strategies, MUs still can adjust their own attack strategies (the attack ratio and the flipping probability) to obtain attack benefit (i.e., exclusively occupying the channel or causing harmful interference to the PU) and ensure security [29]. For example, on the one hand, when the MU represents the minority, three kinds of always attack have been widely studied and easily identified. In fact, MUs should consider that the flipping probability is less than 1 (i.e., 𝛼 = 𝛽 = 0.5), then will not be eliminated because of aggressive attacks; On the other hand, when MUs are in the majority, most defense strategies cannot defend against such a large-scale Byzantine attack, therefore the flipping probability can be varied from 0 to 1.

4. Scenario I I: Known Fusion Rule

This section takes the scenario II where the MU knows the fusion rule adopted by the FC into account. According to the majority rule, MUs would want to deteriorate the CSS performance, thereby occupying spectrum resources or causing harmful interference to the PU. The malicious goal is to obtain the optimal attack strategy that maximizes the MU’s throughput and interference to the PU.

4.1 The SU’s Average Throughput

Before proceeding with analyses on the MU’s average throughput and interference to PU, the SU’s average throughput of CRN is provided. Following (18) and the interweave CR framework, the average throughput for a SU is represented by

\(R_{l}=\frac{T-\tau}{T} \frac{1}{N}\left(P\left(H_{0}\right)\left(1-Q_{f}\right) C_{0}+P\left(H_{1}\right)\left(1-Q_{d}\right) C_{1}\right)\)       (21)

When MUs intend to minimize 𝑅_𝑙, then the minimization problem can be described as

\(\min _{\alpha, \beta} \frac{T-\tau}{T} \frac{1}{N}\left(P\left(H_{0}\right)\left(1-Q_{f}\right) C_{0}+P\left(H_{1}\right)\left(1-Q_{d}\right) C_{1}\right)\)       (22)

For a fixed 𝛽, the partial derivative of 𝑅𝑅𝑙𝑙 with respect to 𝛼𝛼 can be obtained as

\(\frac{\partial R_{l}(\alpha, \beta)}{\partial \alpha}=-\frac{T-\tau}{T} \frac{1}{N}\left(P\left(H_{0}\right) C_{0} \frac{\partial Q_{f}}{\partial \alpha}+P\left(H_{1}\right) C_{1} \frac{\partial Q_{d}}{\partial \alpha}\right)\)       (23)

where \(\frac{\partial Q_{f}}{\partial \alpha}\) and \(\frac{\partial Q_{d}}{\partial \alpha}\) can be obtained by the following algebraic manipulations,

\(\begin{aligned} \frac{\partial Q_{f}}{\partial \alpha}=&\left(\begin{array}{l} N \\ K \end{array}\right)\left(K \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K}-(N-K) \cdot \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K}\left(1-P_{f a}\right)^{N-K-1}\right) \\ &+\left(\begin{array}{c} N \\ K+1 \end{array}\right)\left((K+1) \frac{\partial P_{f a}}{\partial \alpha} \cdot P_{f a}^{K}\left(1-P_{f a}\right)^{N-K-1}-(N-K-1) \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K+1}\right.\\ &\left.\cdot\left(1-P_{f a}\right)^{N-K-2}\right)+\cdots+\left(\begin{array}{l} N \\ N \end{array}\right)\left(N \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{N-1}-0\right) \\ =& \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K}\left[\left(\left(\begin{array}{l} N \\ K \end{array}\right) K-\frac{P_{f a}}{1-P_{f a}}(N-K)\right)+\left(\begin{array}{c} N \\ K+1 \end{array}\right)\right.\\ &\left.\cdot\left((K+1) \frac{P_{f a}}{1-P_{f a}}-(N-K-1) \frac{P_{f a}^{2}}{\left(1-P_{f a}\right)^{2}}\right)\right] \\ =& \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K}\left[\left(\left(\begin{array}{l} N \\ K \end{array}\right) K-\frac{P_{f a}}{1-P_{f a}}(N-K)\right)\right.\\ &+\frac{P_{f a}}{1-P_{f a}}\left(\begin{array}{c} N \\ K+1 \end{array}\right)\left((K+1)-(N-K-1) \cdot \frac{P_{f a}}{1-P_{f a}}+\cdots\right] \end{aligned}\)        (24)

Because of \(\left(\begin{array}{l} N \\ K \end{array}\right) \frac{K}{N}=\left(\begin{array}{l} N-1 \\ K-1 \end{array}\right)\), then

\(\begin{aligned} \frac{\partial Q_{f}}{\partial \alpha}=& \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K}\left[\left(\begin{array}{l} N \\ K \end{array}\right) K+\left[-\frac{P_{f a}}{1-P_{f a}}\left(\begin{array}{l} N \\ K \end{array}\right) \cdot(N-K)\right.\right.\\ &\left.\left.+\frac{P_{f a}}{1-P_{f a}}\left(\begin{array}{c} N \\ K+1 \end{array}\right)(K+1)\right]+\cdots\right] \\ =& \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K}\left[\left(\begin{array}{l} N-1 \\ K-1 \end{array}\right) N+\frac{P_{f a}}{1-P_{f a}}\left[\left(\begin{array}{c} N \\ K+1 \end{array}\right) \cdot(K+1)\right.\right.\\ &\left.\left.-\left(\begin{array}{l} N \\ K \end{array}\right)(N-K)\right]+\cdots\right] \\ =& \frac{\partial P_{f a}}{\partial \alpha}\left(1-P_{f a}\right)^{N-K}\left[\left(\begin{array}{l} N-1 \\ K-1 \end{array}\right) N+\frac{P_{f a}}{1-P_{f a}} * 0\right] \\ =& N\left(\begin{array}{l} N-1 \\ K-1 \end{array}\right) \frac{\partial P_{f a}}{\partial \alpha} P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K} \end{aligned}\)       (25)

Similarly, we also have \(\frac{\partial Q_{d}}{\partial \alpha}=N\left(\begin{array}{l} N-1 \\ K-1 \end{array}\right) \frac{\partial P_{d a}}{\partial \alpha} P_{d a}^{K-1}\left(1-P_{d a}\right)^{N-K}\).

Then, we have the following result

\(\begin{aligned} \frac{\partial R_{l}(\alpha, \beta)}{\partial \alpha}=&-\left(\begin{array}{l} N-1 \\ K-1 \end{array}\right) \rho \frac{T-\tau}{T} P\left(H_{1}\right) C_{1} P_{m}\left(1-P_{d a}\right)^{N-K} \\ & \cdot P_{d a}^{K-1}\left[\frac{P\left(H_{0}\right) C_{0}}{P\left(H_{1}\right) C_{1}} \frac{\left(1-P_{f}\right) P_{f a}^{K-1}\left(1-P_{f a}\right)^{N-K}}{P_{m} P_{d a}^{K-1}\left(1-P_{d a}\right)^{N-K}}+1\right] \end{aligned}\)       (26)

By observing (26), we can easily get \(\frac{\partial R_{l}(\alpha, \beta)}{\partial \alpha}<0\). . The proof of \(\frac{\partial R_{l}(\alpha, \beta)}{\partial \beta}>0\) is similar to that of \(\frac{\partial R_{l}(\alpha, \beta)}{\partial \alpha}<0\).

Therefore, it is concluded that the optimal attack strategy to minimize the SU’s average throughput is 𝛼 = 1, 𝛽 = 0. Since 𝐶₀ > 𝐶₁, 𝑅₀ dominates the achievable throughput.

4.2 The MU’s Average Throughput and Interference to the PU

Now, the impact of Byzantine attack on benefit of the MU itself is an issue of our concern. From the MU’s perspective, there are two modes of Byzantine attack, such as, sleep mode and action model. In the sleep mode, the MU does not launch Byzantine attack, i.e., 𝛼 = 𝛽 = 0, but it detects the PU’s presence or absence by means of the local spectrum sensing technology as well as other NUs, and also obtains spectrum resources from it or causes certain interference to the PU. In the action mode, the MU launches Byzantine attack, with the aim of occupying more spectrum resources and causing excessive interference to the PU.

Next, we further elaborate on how the MU achieves the average throughput and causes harmful interference to the PU from CSS process in the interweave CR system. A brief description of following situations about the MU’s average throughput and interference to the PU can be described as

Situation 1: When the FC’s global decision is 1, the PU is also present, all SUs are not allowed to access the channel at the current frame. According to the principle of the interweave CR system, SUs have to sense the availability of another channel in the next sensing frame.

Situation 2: When the FC’s global decision is 0, but in fact the PU is present and the FC still informs SUs to access the PU’s channel, thereby causing harmful interference to the normal activities of PU at this time.

Situation 3: When the FC’s global decision is 1, and the PU is absent, then NUs have to switch to another channel and continue spectrum sensing in the next frame while MUs exclusively occupy the channel at the current frame.

Situation 4: When the FC’s global decision is 0 and the PU is also absent, all SUs including MUs and NUs are allocated to spectrum resources being underutilized by the PU at the current frame.

In front of the above four situations, the next question that arises is how to evaluate the MU’s average throughput and interference to the PU according to the interweave CR system model. In Situation 1, since the FC’s global decision 1 is consistent with the real status of the PU, neither NUs nor MUs can use the channel currently being used by the PU, nor can it cause interference to the PU. Hence, both the MU’s average throughput and interference to the PU are 0.

In Situation 2, all SUs are announced that the channel can be accessed because the global decision is 0, but the PU is present. It is apparent that SU accessing the channel being used by the PU will cause harmful interference to the PU’s normal communication. In order to quantify the interference to the PU, we use the average throughput expression to describe it as 𝑇−𝜏 1

\(R_{I}=\frac{T-\tau}{T} \frac{1}{N} P\left(H_{1}\right)\left(1-Q_{d}\right) C_{1}\)       (27)

In this situation, all SUs access the channel without knowing the PU’s presence, (27) can 𝑅𝑅^𝐼𝐼= 𝑃𝑃(𝐻𝐻¹)(1−𝑄𝑄^𝑑𝑑)𝐶𝐶¹ (27)

also be regarded as the available throu𝑇𝑇 ghpu𝑁𝑁 t of each SU (assuming that each SU is evenly allocated throughput). But from the perspective of the interweave CR framework, this situation should be avoided because the interference to the PU must be constraint. Hence, from the malicious perspective, the average throughput under this situation is equivalent to the interference to the PU.

In Situation 3, it should be noted that even if the MU does not launch Byzantine attack, the false alarm may occur at the FC because of the nature of wireless propagations, i.e., noise. Only because of Byzantine attacks, MUs have more opportunities to access the idle channel. Therefore, regardless of whether there is the Byzantine attack, MUs can exclusively occupy the idle channel of the current frame. Since the spectrum resource allocation problem is out of the scope of this work, we consider that 𝜌𝑁 MUs evenly allocate spectrum resource for the sake of simplicity, then the average throughput for each MU in this situation can be expressed as

\(R_{m 01}=\frac{T-\tau}{T} \frac{1}{\rho N} P\left(H_{0}\right) Q_{f} C_{0}\)       (28)

In Situation 4, since the FC correctly decides that the PU is absent, then both NUs and MUs will access the idle channel and equally allocate spectrum resources. Therefore, then the average throughput for each MU in the situation is given as

\(R_{m 00}=\frac{T-\tau}{T} \frac{1}{N} P\left(H_{0}\right)\left(1-Q_{f}\right) C_{0}\)       (29)

Through above analyses of the MU’s average throughput and interference to the PU, then the throughput sum 𝑅_𝑚 can be obtained by

\(R_{m}=R_{m 01}+R_{m 00}\)       (30)

For a MU, the final goal is to maximize the interference to the PU 𝑅_𝐼 and the throughput 𝑅_𝑚. Apparently, the smaller the detection probability 𝑄_𝑑, the greater 𝑅_𝐼, in other words, the flipping probability 𝛼 has noting to do with 𝑅_𝐼 and only 𝛽 = 1 makes 𝑅_𝐼 maximize. As for 𝑅_𝑚, we take the partial derivative of 𝑅_𝑚 with respect to 𝛼𝛼 and 𝛽.

For a fixed 𝛽 , we have the partial derivative of 𝑅_𝑚 with respect to 𝛼 by some simple algebraic manipulations

\(\frac{\partial R_{m}}{\partial \alpha}=\frac{\partial R_{m 01}}{\partial \alpha}+\frac{\partial R_{m 00}}{\partial \alpha}=\frac{T-\tau}{T} \frac{1}{N}\left(\frac{1}{\rho}-1\right) P\left(H_{0}\right) \frac{\partial Q_{f}}{\partial \alpha}\)       (31)

Similar to (31), for a fixed 𝛼, we have the partial derivative of 𝑅_𝑚 with respect to 𝛽 is

\(\frac{\partial R_{m}}{\partial \beta}=\frac{T-\tau}{T} \frac{1}{N}\left(\frac{1}{\rho}-1\right) P\left(H_{0}\right) \frac{\partial Q_{f}}{\partial \beta}\)       (32)

Since 𝜌 ∈ [0,1], it is easy to obtain \(\frac{\partial R_{m}}{\partial \alpha}>0\) and \(\frac{\partial R_{m}}{\partial \beta}<0\), then it is can be concluded that the optimal attack strategy to maximize the MU’s average throughput is 𝛼 = 1, 𝛽 = 0. This conclusion we have obtained through mathematical analysis are consistent with intuitive feelings. These analyses laid the groundwork and guidance for the future analysis of MUs' optimal attack strategy under a defense mechanism.

5. SIMULATION RESULTS

In the section, we provide a series of numerical simulation results to corroborate the concreteness and effectiveness of our theoretical analysis on the achievable throughput and interference to the PU from the MU’s perspective. Unless otherwise specified, the values of important simulation parameters are shown in Table 1.

Table 1. Simulation parameters

As shown in Fig. 4, we display the impact of Byzantine attack on the achievable throughput 𝑅_𝑙 under various flipping probabilities. It can be seen that there is a negative correlation between the SU’s average throughput and 𝛼, and a positive correlation between the SU’s average throughput and 𝛽. Therefore, as expected, the optimal attack strategy to minimize the SU’s average throughput is 𝛼 = 1, 𝛽 = 0 from the malicious perspective.

Fig. 4. The SU’s average throughput of CRNs v. s. the flipping probability.

Since the FC incorrectly declares that the PU is absent but in fact present, SUs still access to the channel being used by the PU according to the FC’s decision, thereby causing excessive interference to the PU’s normal communication. Fig. 5 illustrates the impact of Byzantine attack on the interference to the PU 𝑅_𝐼 under various flipping probabilities. It is apparent that the flipping probability 𝛽𝛽 has a negative impact on 𝑅_𝐼 while the flipping probability 𝛼𝛼 has a positive impact on it. Since the interference to the PU is determined by the global miss detection probability, that is, the larger 𝑄_𝑚, the larger 𝑅_𝐼. According to (9), we know that the flipping probability 𝛽 is larger, the miss detection probability of a MU is larger, while the flipping probability 𝛼𝛼 is smaller the miss detection probability of a MU is smaller. Hence, we can see from Fig. 5 that 𝛼𝛼 increases 𝑅_𝐼 for a fixed 𝛽 while 𝛽 decreases 𝑅_𝐼 for a fixed 𝛼𝛼. Therefore, MUs can maximize the interference to the PU when 𝛼 = 0, 𝛽 = 1.

Fig. 5. The interference to the PU v. s. the flipping probability.

Next, the MU’s average throughput 𝑅_𝑚01 and 𝑅_𝑚00 under Situation 3 and 4 are compared in Fig. 6. In Situation 3, an increasing 𝛼𝛼 improves 𝑅_𝑚01 for a fixed 𝛽 while an increasing 𝛽 decreases 𝑅_𝑚01 for a fixed 𝛼𝛼. It is worth noting that though a pair of the flipping probabilities have a positive and negative impact on 𝑅_𝑚01, it is apparent that the effect of 𝛼 on 𝑅_𝑚01 growth rate is greater than 𝛽. Especially, when 𝛼 ≤ 0.2𝛽𝛽, 𝑅_𝑚01 = 0. This demonstrates that a small 𝛼 has little impact on 𝑅_𝑚01 because of cooperative gain. In contrast to simulation results of 𝑅_𝑚01, an increasing 𝛼 decreases 𝑅_𝑚01 for a fixed 𝛽 while an increasing 𝛽 improves 𝑅_𝑚00 for a fixed 𝛼 in Situation 4. To be specific, 𝑅_𝑚00 keeps in 0.256 when 𝛼 ≤ 0.2𝛽 , but 𝑅_𝑚00 gradually decreases as 𝛼 and 𝛽 further increases or decreases respectively.

Fig. 6. The MU’s average throughput v. s. the flipping probability.

In summary, the optimal attack strategy is 𝛼=1, 𝛽=0 in Situation 3 𝛼=0 and 𝛽=1, in Situation 4. Comparing with the interference to the PU in Situation 2 and the relatively low throughput in Situation 4, MUs can exclusively occupy the idle channel in Situation 3, it is inspiring for MUs to launch Byzantine attack, and especially explore the secondary usage for that frequency band by increasing the flipping probability . From Fig. 6 and Fig. 7, the changing trend of the total throughput 𝑅_𝑚 following the flipping probability is similar to that of 𝑅_𝑚01 , apparently, (26) dominates the MU’s throughput.

Fig. 7. The MU’s average throughput when 𝜌=0.4

The previous series of simulation results on the MU’s average throughput and the interference to the PU are only presented in a scenario where there are fewer MUs. Below we will further consider the MU’s average throughput when MUs represents the majority, i.e., 𝜌=0.8, as shown in Fig. 8. At this time, the malicious ratio and the flipping probability satisfy 𝜌 ≥ 1 ⁄ (𝛼+𝛽), the MU’s average throughput 𝑅_𝑚 remains the same, that is, MUs completely make the FC blind. However, the blind scenario does not increase the MU’s throughput, but reduces it. This is because the FC’s global decision is still reliable in the non-blind scenario, each MU also occupies more spectrum resources according to the global decision. In the blind scenario, on the one hand, the increase in the number of MUs reduces the average throughput, on the other hand, MUs still decide whether to access the channel based on the unreliable global decision, the gains outweigh the losses.

Fig. 8. The MU’s average throughput when 𝜌=0.8

6. Conclusions and Further Work

In this paper, we established a dynamic Byzantine attack model in an interweave CR system from a malicious perspective, which can conduct various Byzantine attack by design different malicious ratios and flipping probabilities, and further derive the condition of which MUs make the FC blind. Then, we theoretically analyze the optimal attack strategy under two scenarios where MUs know that the FC adopts the fusion rule, with aim to minimize other SU’s average throughput and maximize their own average throughput and the interference to the PU. Finally, a series of numerical simulation results are presented to verify the correctness and effectiveness of our theoretical analysis on Byzantine attack.

Our work is different from most existing works in that we provide recent advances and open research directions on applying the FC and Byzantine attack in various scenarios and cases, focusing on the optimal attack strategy as well as the optimal defense strategy for CSS. In the follow-up work, we will consider the wise MU's optimal attack strategy when FC adopts a defense mechanism. This is an interesting problem worth exploring in the future. At the same time, these preliminary works pave the way for the follow-up robust defense strategy.