Chinese Journal of ElectronicsVol.20, No.4, Jan. 2011

Defense Against Objective Function Attacks in

Cognitive Radio Networks

PEI Qingqi1,2, LI Hongning1, MA Jianfeng1 and FAN Kefeng3

(1.Ministry of Education Key Laboratory of Computer Network and Information Security,

Xidian University, Xian 710071, China)

(2.Institute of China Electronic System Engineering Corporation, Beijing 100039, China)

(3.China Electronics Standardization Institute, Beijing 100007, China)

Abstract Cognitive radio (CR) is a technology for

identifying opportunities using the spectrum holes for

communication by cognition. Consequently, we can in-crease spectrum resource utilization rate with CR. How-

ever, it is cognition that causes an unprecedented chal-lenge for cognitive radio networks, especially in security

performance. Based on security problems existing in cog-

nitive radios, we analyze Objective function attacks in de-tail. To counter this attack, we propose a multi-objective

programming model, called MOP, which veries all param-eters tampered, so that attackers can not prevent CR from

adapting to surroundings. Our simulation results indicate

that the MOP model can defend Objective function attackseectively. Thus, with the MOP model based on Particle

swarm optimization (PSO), cognitive radio networks willobtain the optimum condition.

Key words Cognitive radio, Parameters attacks, Ob-

jective function attacks, Spectrum sensing, Multi-objective

programming.

I. Introduction

As a limited natural resource, wireless spectrum becomes

increasingly scarce with the ever-increasing number of users,

and the utilization ratio is a critical problem in wireless ap-

plications, then cognitive radio appears. In cognitive radio

networks, CR can adapt to parameters by checking the state

of dynamic spectrum without causing any interference to pri-

mary users and make full use of the limited amount of spec-

trum so that the spectrum utilization ratio can be increased

and the Cognitive radio networks (CRNs) can reach the op-

timum condition. Compared with traditional wireless radios,

CR can provide data for later decision-making by learning[1].

Similar to traditional wireless networks, CRNs also have

security problems. These threats such as dynamic spectrum

access threats (spectrum sensing threats, spectrum manage-

ment threats, spectrum mobility threats[7] and spectrum shar-

ing threats) and articial intelligence behavior threats (policy

threats, learning threats and parameters threats) aect CR

application directly. In these threats, Primary user emula-

tion (PUE) attacks, a spectrum sensing threat, and Objective

Function Attacks, a parameters threat, are two kinds of typ-

ical attacks. To defend PUE attacks, many researchers have

designed eective schemes, such as the technology of embed-

ding a signature in an incumbent signal[2], and the LocDef

(Localization based defense)[3] scheme. The most important

characteristic of CR is that it can adjust parameters to the

optimum condition by environment sensing and all round bal-

ancing based on memory. However, the objective function

attack is what prevents the performance of this characteristic.

The study for objective function attack is just getting started,

and no perfect scheme appears at present. We rst analyze

objective function attacks in detail[4], and optimize objective

function of CRN by using PSO algorithm, then manipulate

the total objective function so as to defense objective function

attacks.

II. Background

1. Basic PSO algorithm

PSO is inspired by observing the bird ocking or sh

schooling. Scientists found that the synchrony of ocking be-

havior was by maintaining optimal distances between individ-

ual members and their neighbors. Scientists perceived that in

order to nd food the individual members determined their

velocities by two factors, their own best previous experience

and the best experience of all other members, called pbest and

gbest. The formula is as follows:

v[] =v[] + c1rand()(pbest[] present[])

+ c2Rand()(gbest[] present[])

present[] =present[] + v[]

Manuscript Received Dec. 2009; Accepted Jan. 2010. This work is supported by the National Natural Science Foundation of China(No.60803150, No.60803151), the National High Technology Research and Development Program of China (No.2008AA01Z411), the Key

Program of NSFC-Guangdong Union Foundation (No.U0835004), China Postdoctoral Science Foundation (No.20090451) and the PlannedScience and Technology Project of Shannxi Province (No.2009K08-38).

Defense Against Objective Function Attacks in Cognitive Radio Networks 139

where v[] represents velocity, present [ ] is the location of the

particle at present, rand ( ) and Rand ( ) are random num-

bers, rand, Rand (0, 1), and c1 and c2 are learning factors,c1 = c2 = 2 generally, and v[] [vmax, vmax] and vmax is aconstant decided by users.

2. Multi-objective programming

The multi-objective programming focus on Distributed de-

cision. Bilevel programming is the simplest form. All the

Multi-Layer programming can be seen as the compounding

form of bilevel programming. The common model of bilevel

programming is as follows:

minx

f0(x, y) =(f01(x, y), f02(x, y), , f0n(x, y), )s.t. G(x, y) 0miny1

fi(x, yi)

s.t. gi(x, yi) 0, i = 1, 2, ,m

where x and f0 are decision-making variable and objective

variable function in the upperlayer respectively. y and fi are

decision-making variable and objective variable function in the

underlayer respectively, and gi is the constraint condition.

III. Objective Function Attacks and TheirInfluence

In adaptive radios[5], the cognitive engine manipulates a

large number of radio parameters over time in an eort to

maximize its multi-goal objective functions by using optimiza-

tion algorithm, such as Genetic algorithm (GA) and PSO[6].

Once the optimized result is chosen, CR assigns the param-

eters to each sub-objective function, so that the CR systems

can reach the optimum condition. In the accommodation pro-

cess, attackers try to prevent CR from adjusting parameters

in every way, which is dicult to avoid. The illustration is

shown in Fig.1 and Fig.2.

Fig. 1. Normal situation

Fig. 2. Attack situation

Fig.1 shows that in normal situations, CR optimizes all

parameters after sensing External condition and customer re-

quirements, then assigns the parameters. This accommodation

process is secure. Fig.2 shows the state under assault: attack-

ers tamper data before CR optimize all parameters, and as a

result CR can not reach the set objective, and these behaviors

lead to worse parameter setting of CR systems.

Objective function attacks are that attackers prevent CR

from adaptive change by tampering data[9]. Suppose a simple

cognitive radio system only has three goals, low-power, high-

rate, and secure communication, then the total objective func-

tion is as follows: f = 1P + 2R + 3S, where i, i = 1, 2, 3

are the weights and P,R, and S represent the three goals of

power, rate, and security. Imagine an attacker wishes to force

a radio to use some security level s1 rather than the more se-

cure version s2, where s1 < s2. Whenever the cognitive engine

tries using s2, the attacker can articially decreasing R from

r2 to r1 with r1 < r2. In particular, an attacker would need

to cause sucient interference such that

1P + 2r2 + 3s1 > 1P + 2r1 + 3s2

or solving for r1: r1 < r2 32

(s2 s1). Thus, once CRwants to change S, the total objective function will change,

and this leads to bad setting of parameters. Attackers get all

parameters in every way and they could prevent CR manipu-

lating only by computing r1. This is called Objective function

attack[4]. Attackers reach their goals as Fig.3 shows.

Fig. 3. Object function attack

The signicant dierence between cognitive radio and tra-

ditional wireless radio is that CR can adapt to parameters itself

by sensing and learning from around, especially from memory.

However, with objective function attacks, CR can not adapt

to parameters, leading to worse performance. How to defend

objective function attacks? We propose a scheme as follows.

IV. A Scheme to Defend ObjectiveFunction Attacks

In objective function attacks, attackers tamper parame-

ters to prevent CR from adjusting parameters. How can we

detect the tampered parameter and correct it in order to

make CR setting perfect? According to the form of objective

function attacks, we assume CR has n sub-objectives, fi(x),

i = 1, 2, , n, then the total objective function is:

f =n

i=1

ifi(x)

where i is the weight of the ith sub-objective, andn

i=1

i = 1.

CR chooses max

ni=1

ifi(x) as the optimal result to adjust set-

tings. At time t, the ith sub-objective is f(t)i (x), i = 1, 2, , n

140 Chinese Journal of Electronics 2011

and the total objective function is f (t) = maxn

i=1

(t)i f

(t)i (x).

Because of dynamic changes of the external environment and

user demand, CR has to tamper the jth parameter in the fol-

lowing time. In order to ensure that the jth parameter jfj(x)

has been tampered indeed without other parameters uctuat-

ing on a large-scale, at this time, we must adjust the objective

function under the condition that other parameters are not

changing on a large-scale, so that :

ni=1i=j

if (t)i (x) f (t1)i (x)k

1k

(1)

Eq.(1) is as small as possible, that is:

min

ni=1i=j

if (t)i (x) f (t1)i (x)k

1k

(2)

where Eq.(1) has an upper limit which is:

max

ni=1i=j

if (t)i (x) f (t1)i (x)k

1k

< mj (3)

mj is a xed value:

mj = jf (t)j (x) f (t1)j (x)

Once objective function attacks exist, CR can not tamper

parameters freely. From the above three formulas, we can de-

tect whether attackers exist by system computing. If Eq.(3)

does not hold, CRs readjust parameters intelligently. Accord-

ing to the analysis above, we conclude the bilevel programming

model as follows:

f = maxn

i=1 ifi(x) (4)

s.t.

min

ni=1i=j

if (t)i (x) f (t1)i (x)k

1k

(5)

s.t.

max

ni=1i=j

if (t)i (x) f (t1)i (x)k

1k

< mj (6)

mj = jf (t)j (x) f (t1)j (x), j = 1, 2, , nEq.(4) indicates the optimum total objection function with

the restriction of Eqs.(5) and (6). From Eq.(5) we can see the

uctuation should be as small as possible except the jth pa-

rameter. Besides, the uctuation has an upper limit in Eq.(6).

We can decide whether attackers behavior work according to

Eq.(6). If Eq.(6) still holds, even if attackers have tampered

some parameters, the attack will be meaningless. If Eq.(6)

doesnt hold, the attack will be eective. Therefore, CR should

nd out the tampered parameter and x it to make the system

state perfect.

Generally speaking, attackers can only tamper a few sub-

objective functions. For their own benets, they often tam-

per one parameter with a large margin. At this moment,

CR detects the wave range of every sub-objective function

and searches for wave radius R, R = max (t)i f (t)i (x) (t1)i f

(t1)i (x). Then CR compares sub-objective function

around R with tness value by response to the external envi-

ronment. If these sub-objective functions deviate from tness

values, we consider it as attackers behavior. After this, CR

redistributes every parameter to make the system state opti-

mal.

We can calculate the tness of the ith sub-objective in time

k+1 according to velocity calculating in PSO. The tness value

of the ith sub-objective in time k + 1 is:

vk+1i = vki + c1rand(pbest vki ) + c2Rand(gbest vki ) (7)

and then adjust it.

V. Simulations

In order to illustrate the performance of the bilevel pro-

gramming model, we choose 5 common sub-objectives to ana-

lyze adaptivity(A), learning capacity(L), security(S), sensitiv-

ity(Se) and transmission rate(V) respectively. Table 1 shows

the optimal state in time t 1:

Table 1. Parameter setting in time t 1A L S Se V

Sub-objective 0.7 0.5 0.4 0.8 0.3

weight 0.4 0.3 0.15 0.1 0.05

Total objective 0.585

Table 2. Anticipative parameters in time t

A L S Se V

Sub-objective 0.7 0.5 0.9 0.8 0.3

weight 0.4 0.3 0.15 0.1 0.05

Total objective 0.66

Table 3. Tampered parameter in time t

A L S Se V

Sub-objective 0.4 0.5 0.9 0.7 0.28

weight 0.4 0.3 0.15 0.1 0.05

Total objective 0.529

For the changes of surroundings or customer requirements

in time t, CR wants to raise the security level to a value greater

than 0.4, and other parameters neednt be tampered. Table 2

shows CRs anticipative results.

Attackers tamper some of the parameters by objective

function attacks, as a result, CR can not adapt to surround-

ings and keep the parameters setting in time t1 perpetually.Similar to traditional wireless radios, CRs cognitive function

never works. According to our bilevel programming, we detect

parameters in time t to see whether attackers exist. If

max

ni=1i=j

if (t)i (x) f (t1)i (x)k

1k

> mj

holds, there must be attackers. Then we look for wave radius

R, compare the large wave sub-function with tness value. If

not matched, reset these parameters.

Defense Against Objective Function Attacks in Cognitive Radio Networks 141

Fig. 4. Parameters setting in

time t 1

Fig.4 shows the opti-

mal setting of the ve sub-

objectives mentioned above in

time t 1. In order to verifyour bilevel programming, we

imitate attackers. Fig.5 and

Fig.6 are results of tampering

one parameter and three pa-

rameters respectively.

In Fig.5 and Fig.6, (a)

is the anticipated parameters

setting. After attackers tam-

Fig. 5. One parameter tampered

Fig. 6. Three parameter tampered

pering, parameters become dierent shown as (b). The mali-

cious tampering leads to the result that CR keeps settings in

last time t 1 perpetually. With our bilevel programming, wecan detect and control parameters, and then adapt them to

surroundings as is shown in (d).

The results show that no matter how many parameters are

tampered by attackers, our bilevel programming works. This

bilevel programming can defend objective function attacks ef-

fectively.

Let simple communication parameters be sub-objectives,

we can judge whether the parameters are altered by malicious

nodes or not. In our simulation, we consider two mobile nodes

can communicate with each other through one of the three

channels freely in 250 250m.L: Loss ratio; T: Throughput; S: Security level

Se: Sensitivity (communication time/ (total time)), total

time =communication time +channel switching time

The sub-objectives:

s1 = 1 L; s2 = T ; s3 = Se; s4 = S

the total objective function is:

f = 1s1 + 2s2 + 3s3 + 4s4

Table 4. Parameters

L T Se S

0 6s 0.028 1.212 0.980 0.500Table 5. Weights

1 2 3 40.3 0.1 0.2 0.4

To improve communication security, both sides need to al-

ter security level next time. So they set s4 lager, s4 = 0.8. At

this moment, the malicious node jam the channel, articially

decreasing sub-objective from s1 to s1, s.t.

s = 1s1 + 2s2 + 3s3 + 4s

4 < s

Based on the maximum principle, CRs have to choose the

parameters of s. As a result, CRs cannot adapt itself and

reach Self-Adaptation. With our bilevel programming model,

we can detect the altered parameter, and then calculate the

tness value with Eq.(7) and modulate power to decrease in-

terference, and reduce loss ratio.

In CRN, incumbents should be protected against interfer-

ence from CRs[8]; hence, CRs have to regulate parameters to

ensure their security without disturbing incumbents. With our

bilevel programming model, we can detect all parameters and

decide which one has been altered by attackers. Besides, PSO

algorithm makes our tness values of all sub-objectives adapt

to the new environment. The proposed solution solves ob-

jective function attacks even if a number of parameters have

been tampered. Moreover, considering sensing data as sub-

objectives, we can detect the spectrum sensing process[9] and

cooperate other CRs to reach optimal state on the basis of

security.

VI. Conclusion

To defend Objective Function Attacks in cognitive ra-

dios, we propose an appropriate proposal called MOP (Multi-

objective programming model). After attackers obtain all pa-

rameters, CRs detect them and compare them with tness

value with MOP to decide whether attackers exist. If so, then

CR readjusts the tampered parameters to optimal settings. All

these ensure that CR adapts to surroundings intelligently. Be-

sides using MOP repeatedly (this will increase computation),

if CR needs to change two or more parameters, we propose a

rough scheme above. The details will be our future work.

142 Chinese Journal of Electronics 2011

References

[1] Burbank, Jack L, Security in cognitive radio networks: The

required evolution in approaches to wireless network security,

Proceedings of the 3rd International Conference on Cogni-tive Radio Oriented Wireless Networks and Communications,

(CrownCom), pp.17, 2008.

[2] Ruiliang Chen, Jungmin Park, Y. Thomas Hou, Jerey H. Reed,Toward secure distributed spectrum sensing in cognitive ra-

dio networks, IEEE Communications, Vol.46, No.4, pp.5055,

Apr. 2008.

[3] R. Chen, J.M. Park and J.H. Reed, Defense againstagainst pri-mary user emulation attacks in cognitive radio networks, IEEE

Journal on Selected Areas in Communcations Special Issue onCognitive Radio Theory and Applications, Vol.26, No.1, Jan.

2008.

[4] T. Clancy, N. Goergen, Security in Cognitive Radio Networks:

Threats and Mitigation, Third International Conference onCognitive Radio Oriented Wireless Networks and Communica-

tions (CrownCom), pp.18, May 2008.

[5] Yuan Zhang, Gaochao Xu, Xiaozhong Geng, Security Threatsin Cognitive Radio Networks, Computer Society, pp.10361041,

Sept. 2008.

[6] T.W. Rondeau, C.J. Rieser, B. Le, C.W. Bostian, Cognitive

radios with genetic algorithms: Intelligent control of softwaredened radios, Software Defined Radio Forum Technical Con-

ference, 2004.

[7] G.A. Safdar and M. ONeill, Common control channel securityframework for cognitive radio networks, 69th Vehicular Tech-

nology Conference, pp.15, Apr. 2009.

[8] Ahmad, Aftab, O. Richard, Afolabi, On secure spectrum sens-

ing in cognitive radio networks using emitters electromagneticsignature, Proceedings of 18th International Conference on

Computer Communications and Networks, pp.15, Aug. 2009.

[9] Tevk Yucek and Huseyin Arslan, A survey of spectrum sens-ing algorithms for cognitive radio applications, IEEE Commu-

nications Surveys and Tutorials, Vol.11, No.1, pp.116130, First

Quarter 2009.

PEI Qingqi received B.E., M.E.and Ph.D. degrees in computer science and

cryptography from Xidian University, in

1998, 2005 and 2008, respectively. Heis now an associate professor and a vice-

director of CNIS Laboratory, also a Pro-fessional Member of ACM and Japan IE-

ICE, Senior Member of Chinese Institute

of Electronics and China Computer Feder-ation. His research interests focus on digi-

tal contents protection and wireless networks and security. (Email:qqpei@mail.xidian.edu.cn)

LI Hongning received B.S. degree

in information and computing science fromXidian University, China, in June 2007 and

now she is a M.S. degree candidate in cryp-

tography. Her research interests includewireless networks security and cognitive ra-

dios.

MA Jianfeng received B.S. degree

in mathematics from Shaanxi Normal Uni-

versity, China in 1985, and received M.E.and Ph.D. degrees in computer software

and communications engineering from Xid-ian University, China in 1988 and 1995, re-

spectively. From 1999 to 2001, he was with

Nanyang Technological University of Sin-gapore as a research fellow. He is an IEEE

member and a senior member of ChineseInstitute of Electronics (CIE). Now he is a Professor and Ph.D.

supervisor in the School of Computer Science at Xidian Univer-

sity, Xian, China, and the director of the Key Laboratory of Com-puter Networks and Information Security of Ministry of Education

(China). His current research interests include distributed systems,wireless and mobile computing systems, computer networks, and in-

formation and network security. He has published over 150 refereed

articles in these areas and coauthored ten books.

/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False

/Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure true /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles true /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /NA /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice