Upload
suchi87
View
222
Download
0
Tags:
Embed Size (px)
DESCRIPTION
imp
Citation preview
1HMM-Based Malicious User Detection for Robust
Collaborative Spectrum SensingXiaofan He, Huaiyu Dai, Senior Member, IEEE and Peng Ning, Senior Member, IEEE
AbstractCollaborative spectrum sensing improves the spec-trum state estimation accuracy but is vulnerable to the potentialattacks from malicious secondary cognitive radio (CR) users,and thus raises security concerns. One promising malicioususer detection method is to identify their abnormal statisticalspectrum sensing behaviors. From this angle, two hidden Markovmodels (HMMs) corresponding to honest and malicious usersrespectively are adopted in this paper to characterize theirdifferent sensing behaviors, and malicious user detection isachieved via detecting the difference in the corresponding HMMparameters. To obtain the HMM estimates, an effective inferencealgorithm that can simultaneously estimate two HMMs withoutrequiring separated training sequences is also developed. By usingthese estimates, high malicious user detection accuracy can beachieved at the fusion center, leading to more robust and reli-able collaborative spectrum sensing performance (substantiallyenlarged operational regions) in the presence of malicious users,as compared to the baseline approaches. Different fusion methodsare also discussed and compared.
Keywords-Cognitive radio network, security, collaborativespectrum sensing, malicious user detection, Byzantine attacks,HMM.
I. INTRODUCTION
Spectrum sensing is a key functionality for emerging cog-
nitive radio (CR) networks, and various collaborative spec-
trum sensing schemes have been proposed to improve its
performance [1][4]. However, collaborative spectrum sensing
is vulnerable to the potential attacks from malicious users
who may intentionally report falsified spectrum inferences to
mislead the fusion center (FC) to incorrect decisions, which
is often referred to as Byzantine attack or spectrum sensing
data falsification (SSDF) attack [5][8].
In literature, countermeasures to such type of attacks have
been proposed. In [9], a reputation based weighted sequential
probability ratio test (WSPRT) is proposed. In [10], an outlier
detection technique is employed, where the outlier factor is
determined by the statistics of the reported spectrum state
sequence from each user. In [11], both trust and consistency
values are computed for secondary users to mitigate the
malicious users influence. In [12], a reputation metric, which
represents the frequency of the users local inference being dif-
ferent from the global decision, is used for adversary detection,
Manuscript received November 18, 2012; revised April 5, 2013.X. He ([email protected]) and H. Dai (Huaiyu [email protected]) are with the
Department of Electrical and Computer Engineering, North Carolina StateUniversity, NC, USA.P. Ning ([email protected]) is with the Department of Computer Science,
North Carolina State University, NC, USA.This work was supported in part by the National Science Foundation under
Grants CNS-1016260 and ECCS-1002258.
and the corresponding analysis is based on extensions from
relevant study in [13] to the context of CR networks. A double-
sided neighbor distance (DSND) metric incorporated with the
frequency check is proposed for malicious user detection in
[14]. A learning based method that can identify the malicious
sensor and exploit the falsified data after malicious sensor
identification is proposed in [15], with the assumption that the
probability of the true spectrum being occupied is known. In
[16], a user-centric misbehavior detection is presented, where
the user uses itself as the anchor for adversary detection.
All the preceding methods either explicitly consider the i.i.d.
spectrum state model for simplicity [14][16], or focus their
analysis on one time slot and ignore the Markov property of
the spectrum state [9][13].
Generally the primary channel states are correlated in time,
and it is more accurate to model them as Markovian. For such
a setting, a malicious user detection algorithm based on the
non-parametric Kruskal-Wallis test is developed in [17], where
malicious users are divided into two groups, each flipping the
local spectrum state inference only in one way, i.e., either
from idle to occupied or the other way around. Also, in [18],
a Markovian spectrum model is considered but the proposed
malicious user detection algorithm requires prior knowledge of
the state transition probabilities of the true spectrum, which is
difficult to obtain in the presence of attackers.
When the true spectrum is Markovian, the hidden Markov
model (HMM) is an appropriate model for the spectrum
sensing problem. In [19] and [20], the Baum-Welch algorithm
[21], [22] has been applied to estimate the parameters of
the HMM model, so that the fusion center can achieve more
accurate spectrum state decisions. However, in [19] and [20],
all the secondary users are assumed to be honest and the
security problem is not considered.
Towards more reliable collaborative spectrum sensing, a
new HMM-based malicious user detection method is proposed
in this work, where honest users and malicious users are
modeled by two HMMs, respectively. Due to the abnormal
statistical behaviors, the HMM of malicious users will be
different from that of honest users and thus can be exploited
for malicious user detection. To this purpose, an appropriate
inference technique is required to obtain estimates of the
corresponding HMM parameters. It may be tempting to adopt
the original Baum-Welch algorithm. However, in the origi-
nal Baum-Welch algorithm, multiple independent observation
sequences are required to estimate a single HMM, and the
estimation of multiple HMMs is usually accomplished through
using separate training sequences for each individual HMM
[23]. Consequently, two specific technical issues prevent the
2direct application of the original Baum-Welch algorithm to ob-
tain the HMM estimates in the presence of malicious CR users:
(1) The local inference sequences reported from secondary
users are correlated, because all the secondary users are sens-
ing the same spectrum; (2) Two HMMs exist and the reported
sequences from honest users and malicious users are mixed,
not separate. To overcome these issues, a new estimation
method for HMM is proposed in this work. As compared to the
original Baum-Welch algorithm, the technical contributions of
the proposed algorithm include: 1) simultaneously estimating
two HMMs, 2) working with correlated observation sequences
and 3) no requirement of separate training sequences, and thus
it can be applied to detect malicious users in collaborative
spectrum sensing. This method is developed under the generic
Expectation-Maximization (EM) framework [24]. Once the
estimates of these two HMMs are obtained, two auxiliary tests
can be invoked to identify the malicious users by detecting
their abnormal spectrum sensing behaviors. Both hard data
fusion (where data from detected malicious users is directly
discarded) and soft data fusion (where malicious user data
are processed and fused along with honest user data) are
discussed.
Even though the proposed inference method in this work
is rather general and can be applied to a wide range of
applications, its effectiveness on malicious user detection will
be the focus of this work. As compared to previous works with
a Markovian model, the proposed method can defend against
malicious users that flip local sensing results in both directions
(i.e., from idle to occupied and the opposite), and eliminates
the requirement of prior information of the true spectrum.
The remainder of this paper is organized as follows. Sec-
tion II formulates the problem. In Section III, explicit expres-
sions of the HMM estimates are derived along with conver-
gence analysis, followed by malicious user detection based
on the obtained HMM estimates. Data fusion is discussed in
Section IV. Simulation results and relevant analysis are given
in Section V. Section VI concludes the paper.
II. PROBLEM FORMULATION
A. System Model
1) Spectrum Sensing Metrics: To quantify the spectrum
sensing performances, probabilities of detection Pd and false
alarm Pfa are widely used in literature [1][3]. In this work,
it is assumed that all secondary users use the same devices to
sense the spectrum and have the same {Pd, Pfa}. An honestuser will directly report its local spectrum state inference to
the fusion center, i.e., PHd = Pd and PHfa = Pfa from the
fusion centers viewpoint. A malicious user, however, may
intentionally tamper its local inferences before reporting to
the fusion center. Two parameters 01 and 10 are used to
quantify malicious users attacking levels, where 01 is the
probability that a malicious user will flip its local inference
from 0 (idle spectrum) to 1 (occupied spectrum) and 10 isthe probability of flipping 1 to 0. Accordingly, the equivalentPMd and P
Mfa of the malicious users to the fusion center are
given by
PMd = (1 10)Pd + 01(1 Pd), (1)
TABLE I: Notations and symbols
Symbol Definition
T Detection window lengthqt True spectrum state at time t
q = {q0, ..., qT } Collection of true spectrum states over timeS Total number of spectrum statesL Total number of secondary users
olt The report from the lth user at time t
Ol = {ol1, ..., olT } Report sequence from the lth user
Ot = {o1t , ..., oLt } Reports from all the L users at time t
O = {O1, ...,OL} All the report sequences from all usersN Number of user types
ml {1, ...,N} The type of the lth userm = {m1, ...,mL} Set of user types of these L users
Estimate of at the previous iteration Percentage of malicious users
0o 1o 1o 0o
( )H Md dP P1 (1 )H Md dP P
1 (1 )H Mfa faP P
( )H Mfa faP P
B
, AS
1q 0q 0,0a0,1a
1,0a
1,1a
Fig. 1: Single user spectrum sensing model.
and
PMfa = (1 10)Pfa + 01(1 Pfa), (2)
respectively. For an effective malicious user, at least one of
01 and 10 should be nonzero; otherwise, the malicious user
will behave identically to honest users in the statistical sense.
In addition, in this work, it is assumed that all the malicious
users belong to one type, i.e., having the same {01, 10}.1
Remark: In the interest of space, we will only focus on the
above mentioned flipping attack as it is widely considered in
literature (e.g., [12], [14], [25], [26]). Nevertheless it is worth
noting that besides the flipping attack, malicious users can
also modify their operating points (PMd , PMfa ) by changing
local detection thresholds [15], and our method can be used
to defend against such type of attacks as well.
B. Two Correlated HMMs
In the context of spectrum sensing, the HMM of a single sec-
ondary user is shown in Fig. 1, where q and o represent the true
and the reported spectrum states, respectively. The correspond-
ing set of parameters of this single HMM s = {pi,A,B} con-sists of three parts: 1) initial spectrum state distribution vector
pi = [pi0, pi1] where pii is the probability that the spectrumstarts from the ith state; 2) spectrum state transition probability
matrix A = [ai,j ]22 where ai,j , P (qt = j|qt1 = i).2
1The extension to the multi-type malicious users case, i.e., differentmalicious users may have different {01, 10}, remains a future work.
2With a slight abuse of notation, the indices of matrices start from 0.
3True sequence
of spectrum
states
User 1's reported
sequences
User 2's reported
sequences
0q 1q 2q tq Tq
11o
21o
12o
22o
1to
2to
2To
1To
Fig. 2: Collaborative spectrum sensing over T time slots.
For example, a0,0 is the self-transition probability of the idle
spectrum state and a0,1 is the transition probability from the
idle to the occupied spectrum state; 3) spectrum sensing matrix
B = [bij ]22 where bij , bi(j) = P (o = j|q = i) is theprobability that the reported spectrum state is j given that the
true spectrum state is i. For example, b1(1) is the probabilityof detection and, similarly, b0(1) is the probability of falsealarm from the viewpoint of fusion center.
When adversary exists, two HMMs (1)s =
{pi(1), A(1), B(1)} and (2)s = {pi(2), A(2), B(2)} may
be used to represent the honest and the malicious users
respectively. The abnormal sensing behavior of malicious
users causes the difference between B(1) and B(2), but
the parameters pi and A of these two HMMs are identical
as all users are sensing the same spectrum (i.e., user
observations are correlated). Specifically, the sensing matrix
of the mth (m {1, 2} representing honest and malicioususers respectively) HMM is denoted by B(m) = {bmi (k)}
(e.g., b(1)1 (1) and b
(2)1 (1) are the probabilities of detection
of the CR users corresponding to the first and the second
HMM, respectively). Nevertheless, the original Baum-Welch
algorithm cannot be applied to estimate these two HMMs as
no separate training sequences are available (i.e., honest and
malicious data are mixed). Considering this, a new inference
algorithm that can jointly estimate these two HMMs based
on the mixed and correlated spectrum sensing sequences
from all users is developed in this work by introducing a
new user classification vector c12 = [c1, c2]. In particular,cm (m {1, 2}) denotes the percentage of the mth type ofusers in the network, and the entire set of parameters to be
estimated is = {c, pi, A,B(1), B(2)}. For a fixed , cm canbe interpreted as the prior probability of any user belonging
to the mth HMM. To conform with the EM framework, we
will express cm as P (ml = m|) for any l in the following
derivations, where ml denotes the type of the lth user. After
obtaining the estimates of these two HMMs, secondary users
can be clustered into two types (each corresponding to one
HMM) by evaluating the corresponding maximum a posteriori
(MAP) probabilities, and then two auxiliary tests presented in
Section III-C will be invoked to identify the malicious type.
Other notations used in this work are summarized in Ta-
ble I.3 Specifically, O = {O1, ..., OL} = {O1, ..., OT } is thecollection of sensing reports from all these L users from time
t = 1 to t = T ; the number of spectrum states S equals 2(i.e., either occupied or idle), and the number of user types N
3With slight abuse of notation, q here coincides with the generic one inFig. 1.
also equals 2 (i.e., either honest or malicious) in this work. Inaddition, and denote the HMM estimates in the current
and the previous iterations, respectively.
III. THE PROPOSED METHOD
In this section, the proposed joint estimation method for two
HMMs is developed along with the corresponding convergence
analysis, and followed by two auxiliary tests for malicious user
detection based on these estimates.
A. Derivations of the Proposed Estimation Method
The Expectation-Maximization algorithm, which alternates
between an expectation (E) step and a maximization (M) step,
is a generic iterative method for finding maximum likelihood
estimates of parameters in a statistical model with hidden
variables, such as the HMM. The current E-step formulates
the expected log-likelihood function where the distribution
of the hidden variables is determined by the optimal param-
eter found in the last M-step, and current M-step finds
the optimal parameter that maximizes the expected log-
likelihood function formulated in the current E-step [24].
This alternation continues until convergence (or a maximum
number of iterations is reached). In this subsection, the E-step
and M-step for the estimation of based on the collection of
all the secondary users reported spectrum sensing sequences
O are derived. The collection of the spectrum states q and the
set of user types m are hidden vectors.
1) E-step: The E-step computes the expectation (with
respect to q and m) of the log-likelihood function
logP (O, q,m|), where the distribution of the hidden vari-ables q and m is determined by the estimate in the
previous iteration and the observed sequences O, denoted by
P (q,m|, O). This results in
Q(, ) = E {logP (O, q,m|)}
mM
P (q,m|, O) logP (O, q,m|)
=1
P (O|)
mM
P (O, q,m|) logP (O, q,m|)
,1
P (O|)Q(, ), (3)
where Q = {0, 1}T and M = {1, 2}L are the out-come spaces of q and m, respectively;
and
mM
are shorthand notations for
q0{0,1}
q1{0,1}
qT{0,1}
and
m1{1,2}
m2{1,2}
mL{1,2}
, respectively. In particular, the
first equality in (3) is due to definition of Q(, ); the secondstep expands the expectation with respect to P (q,m|, O); theBayes formula is applied in the third equality; and the last
step is due to the definition of Q(, ) given below.It is worth noting that P (O|) in (3) is a constant that does
not depend on , which implies that to maximize Q(, ) isequivalent to maximize
Q(, ) ,qQ
mM
P (O, q,m|) logP (O, q,m|).
4Therefore, Q(, ) will be used to find the optimal in thesubsequent derivations without affecting the results.
2) M-step: The M-step aims at finding the current estimate
that maximizes Q(, ). Note that
P (O, q,m|) = P (q|)P (O,m|q, )
= piq0 Tt=1
aqt1,qt Ll=1
P (Ol,ml|q, )
= piq0
Tt=1
aqt1,qt
Ll=1
P (Ol|ml, q, )
Ll=1
P (ml|), (4)
where the second equality holds because all the L reported
sequences Ol are conditionally independent given the true
spectrum state sequence q; the last equality holds because the
user type ml is independent to the true spectrum state q; here
and onwards piq0 represents pii|i=q0 , i.e., pii evaluated at i = q0,and q0 {0, 1} is the initial spectrum state. According to (4),Q(, ) can be expressed as
Q(, ) =qQ
mM
P (O, q,m|) logLl=1
P (ml|)
(a)
(5)
mM
P (O, q,m|) log piq0 (b)
mM
P (O, q,m|) log
Tt=1
aqt1,qt (c)
mM
P (O, q,m|) logLl=1
P (Ol|, q,ml)
(d)
.
Note that in (5), each of the four terms (a), (b), (c), and(d) relies on only one of the four parameters c, pi, A and B,respectively. This implies that the optimal values of c, pi, A
and B, which maximizeQ(, ), can be found by maximizingthese four terms separately. A common approach used in the
following derivation is the method of Lagrange multiplier.
a) Current estimate of c: To maximize term (a) in (5),it is equivalent to maximize
mM
P (O, q,m|) logLl=1
P (ml|)
=mM
P (O,m|) logLl=1
P (ml|)
=m1
m2
mL
P (O,m1,m2, ..., mL|)Ll=1
logP (ml|)
=m1
m2
mL
[P (O,m1,m2, ..., mL|)
Ll=1
Nm=1
(ml m) logP (ml = m|)
]
=
Ll=1
Nm=1
[m1
m2
mL
(ml m)
P (O,m1,m2, ..., mL|) logP (ml = m|)
]
=
Ll=1
Nm=1
[m1
ml1
ml+1
mL
P (O,m1,m2, ..., ml = m, ..., mL|) logP (ml = m|)]
=
Ll=1
Nm=1
P (O,ml = m|) logP (ml = m|)
=
Ll=1
Nm=1
P (O,ml = m|) log cm, (6)
where (n) = 1 if and only if n = 0; the first step is dueto marginalization over q; the second last step is due to the
fact that the expression inside the brackets only depends on
ml and thus all the other mj 6=ls can be marginalized out; the
last step is by the definition of c.
By associating the constraintN
m=1 cm = 1 with a La-grange multiplier , the optimal c can be found by solving
cm
{Ll=1
Nm=1
P (O,ml = m|) log cm
+
(N
m=1
cm 1
)}= 0, m = 1, ..., N,
which leads to
Ll=1
1
cmP (O,ml = m|) + = 0, m = 1, ..., N. (7)
Summing over all m results in = L P (O|) and
cm =1
L
Ll=1
P (O,ml = m|)
P (O|), m = 1, ..., N. (8)
b) Current estimate of pi: By marginalizing over m and
q1, ..., qT , (b) in (5) can be simplified asS1
i=0 P (O, q0 =i|) log pii. Using, again, the Lagrange multiplier method, theupdate equation of pii based on
is given by
pii = P (O, q0 = i|)/P (O|), i = 0, ..., S 1. (9)
c) Current estimate of A: Term (c) in (5) can be furthersimplified as
mM
P (O, q,m|) logTt=1
aqt1,qt
P (O, q|)
Tt=1
S1i=0
S1j=0
(qt1 i)(qt j) log ai,j
=Tt=1
S1i=0
S1j=0
[q1
...qT
P (O, q|)
(qt1 i)(qt j) log ai,j
]
=Tt=1
S1i=0
S1j=0
P (O, qt1 = i, qt = j|) log ai,j , (10)
where in the first step marginalization over m is applied; in
the last step all the qs other than qt1 and qt are marginalized
5out because the term inside the brackets only depends on qt1and qt. Using the same method, the update equation of ai,jbased on can be found as
ai,j =
Tt=1
P (O, qt1 = i, qt = j|)
Tt=1
P (O, qt1 = i|)
,
i, j = 0, ..., S 1. (11)
d) Current estimate of B: Term (d) in (5) can be furthersimplified as
mM
P (O, q,m|) log
Ll=1
P (Ol|, q,ml)
mM
P (O, q,m|)Ll=1
Tt=1
logP (olt|, qt,ml)
=
Ll=1
Tt=1
S1i=0
Nm=1
(P (O, qt = i,m
l = m|)
logP (olt|, qt = i,ml = m)
)=
Ll=1
Tt=1
S1i=0
Nm=1
(P (O, qt = i,m
l = m|)
log
S1k=0
(olt k)bmi (k)
), (12)
where P (Ol|, q,ml) =T
t=1P (olt|, qt,m
l) is applied in the
first step, i.e., the observations olts are mutually conditional
independent and olt only depends on qt given and the user
type ml; by definition bmi (olt) = P (o
lt|, qt = i,m
l = m)and thus the last step holds. Similarly, the update equation of
bmi (k) based on is given by
bmi (k) =
Ll=1
Tt=1
(olt k)P (O, qt = i,ml = m|)
Ll=1
Tt=1
P (O, qt = i,ml = m|)
, (13)
i = 0, ..., S 1, m = 1, ..., N and k = 0, ..., S 1.
B. Convergence Analysis
The convergence of the log-likelihood {logP (O|n)} of theproposed algorithm is shown in this subsection, where n is
the estimate of obtained in the nth EM iteration. For this
purpose, define for any
(|n),qQ
mM
P (q,m|O, n) logP (O|q,m, )P (q,m|)
P (q,m|O, n)P (O|n),
(14)
and
(|n),logP (O|n) + (|n)
mM
P (q,m|O, n) logP (O|q,m, )P (q,m|)
P (q,m|O, n)
=Q(, n) + const. w.r.t. . (15)
First, observe that n+1 found in the (n+1)th M-step max-imizes Q(, n) Q(, n), and thus it maximizes (|n)given in (15), which implies (n+1|n) (n|n). In ad-dition, it is shown in Appendix A that logP (O|) (|n) and logP (O|n) = (n|n). Therefore, by setting = n+1, it follows that logP (O|n+1) logP (O|n)n, i.e., {logP (O|n)} is a non-decreasing sequence of n.Then, the convergence of {logP (O|n)} follows by furtherobserving that it is bounded above by 0.
C. Implementation
The calculation of update equations (8), (9), (11) and (13)
requires evaluation of the corresponding probability quan-
tities presented in the numerators and denominators (e.g.,
P (O,ml = m|) and P (O|) in (8)). To this end, similarto the original Baum-Welch algorithm, intermediate variables
are defined. Firstly, define
l,mi (t) = P (O1, O2, ..., Ot, qt = i|
,ml = m),
which is the probability of the fusion center observing the
partial sequence {O1, O2, ..., Ot} and the spectrum ending upin state i at time t given that the type of the lth user ml is m.
Secondly, define
l,mi (t) = P (Ot, Ot+1, ..., OT |qt = i,
,ml = m),
which is the probability of the fusion center seeing partial
sequence {Ot, Ot+1, ..., OT } given that the spectrum startedat state i at time t and the lth user is of type m. Further define
l,mij (t) , P (O, qt = i, qt+1 = j|
,ml = m),
and
l,mi (t) , P (O, qt = i|
,ml = m),
which admit l,mi (t) =
S1j=1
l,mij (t) by definition.
Once , , and are obtained, it can be verified (using
marginalization and the Bayes formula) that (8), (9), (11),
(13) can be evaluated as follows (see Appendix B):
cm1
L
Ll=1
(cm
S1i=0
l,mi (T )
), m = 1, ..., N, (16)
piiN
m=1
(l,mi (0)cm
S1j=0
ai,jl,mj (1)
),
i = 0, ..., S 1, (17)
ai,j=
Tt=1
Nm=1
l,mij (t 1)cm
S1j=0
Tt=1
Nm=1
l,mij (t 1)cm
, i, j = 0, ..., S 1, (18)
bmi (k)=
Ll=1
Tt=1
(olt k)l,mi (t)c
m
Ll=1
Tt=1
l,mi (t)cm
, (19)
6i = 0, ..., S 1, m = 1, ..., N and k = 0, ..., S 1,
where cm denotes the estimated percentage of type m users
from the last iteration, i.e., cm = P (ml = m|).
Precise evaluation of , and are computationally in-
tractable, and so is . To reduce the computation complexity,
three approximations are adopted in this work:
(A1) P (Ot+1|qt+1 = j, O1, O2, ..., Ot, qt = i, ,ml = m)
P (Ot+1|qt+1 = j, qt = i, ,ml = m),
(A2) P (Ot+1, ..., OT |qt+1 = j, qt = i, Ot, ,ml = m)
P (Ot+1, ..., OT |qt+1 = j, qt = i, ,ml = m),
(A3) P (Ot+1, ..., OT |qt+1 = j, O1, ..., Ot, qt = i, ,ml = m)
P (Ot+1, ..., OT |qt+1 = j, , ml = m).
The intuition of these approximations is the following.
Note that if there is only one type of users (i.e., single
HMM), the future spectrum sensing results {Ot+1, ..., OT }are independent of previous sensing results {O1, ..., Ot} giventhe true spectrum state qt+1 due to the Markovian property.
Consequently, the left hand side will equal to the right hand
side in each of the above three expressions. However, when
there are more than one type of users, the probability of
observing {Ot+1, ..., OT } (and Ot+1) depends on not onlythe true spectrum states q but also the user types m. In
the above expressions, user types (other than the lth one
ml) are not known explicitly but contained in the previous
observations {O1, ..., Ot} (as previous observations can beused to estimate user types). Therefore, the probability of
observing {Ot+1, ..., OT } (and Ot+1) will be affected by{O1, ..., Ot}. (For single HMM, user types are always known,and thus it is free from this problem.) This makes the precise
computations of , and intractable. Considering this, the
user type information contained in previous sensing results
is discarded so as to reduce the computation complexity to
a tractable level. In particular, {O1, O2, ..., Ot} is discardedin (A1) and (A3), and Ot is discarded in (A2), respectively.
Then, the following formulas can be used to evaluate , and
iteratively (see Appendix C):4
l,mj (t+ 1)
S1i=0
l,mi (t)ai,jbmj (o
lt+1)
r 6=l
(N
m=1
bmj (ort+1)c
m
), (20)
l,mi (t)
bmi (olt)r 6=l
(N
m=1
bmi (ort )c
m
)S1j=0
ai,jl,mj (t+ 1), (21)
where l,mi (0) , pii and
l,mi (T + 1) , 1, and
4In (20), (21) and (22), ai,j , bmj , pii and c
m are the estimates in
.
l,mij (t) l,mi (t)ai,j
l,mj (t+ 1). (22)
The approximate values of can be calculated according
to l,mi (t) =
S1j=1
l,mij (t).
Remark: Since all the users sense the same spectrum, if ,
and can be computed precisely, (17) and (18) will result in
the same update to pii and ai,j , respectively, for any user ID l.
However, due to the approximations (A1)(A3), this property
does not hold. Nevertheless the simulations show that using
any (fixed) l in the evaluations of (17) and (18) results in
similar estimation performance.
D. Secondary User Classification
Once the estimate is obtained, the next step is to classify
secondary users, which consists of two stages: 1) dividing all
the secondary users into two groups and 2) identifying the
malicious group.
Stage I: Based on the estimate obtained after the EM
algorithm converges5 and the collection of observation se-
quences O, all secondary users are divided into two groups
(each corresponding to one HMM) and the a posteriori that
the lth user belongs to the mth group is given by
P (ml = m|, O)
=P (ml = m|)P (O|ml = m, )/P (O|)
=
(cm
S1i=0
l,mi (T )
)/
Nm=1
(cm
S1i=0
l,mi (T )
). (23)
Therefore, the MAP estimate of the associated group of the
lth user is determined by
ml=argmaxm
cm
S1i=0
l,mi (T )/N
m=1
(cm
S1i=0
l,mi (T )
). (24)
Stage II: After dividing all secondary users into two groups,
two tests are proposed to identify the malicious group: the
spectrum sensing ability (SSA) test and group size (GS) test.
Specifically, the SSA of a sensing matrix B is defined as
SSA(B) , |b11b01| = |PdPfa|. According to (1) and (2),it is proved in Appendix D that the SSA of the malicious users
sensing matrix is always no greater than that of the honest user,
i.e., SSA(BM ) SSA(BH). The intuition is that malicioususers cannot increase their spectrum sensing ability through
data processing. Consequently, the group of users with lower
SSA are identified as malicious. In the GS test, the group with
the smaller number of users will be identified as malicious.
Since the estimate of B may not be perfect in practice, a
threshold SSAth is set such that only when the difference
between the two SSAs is larger than SSAth will the SSA test
be used.6 However, when the attacking level of the malicious
5Usually, the estimates of the proposed algorithm converge to reasonablyaccurate values in less than 30 iterations.
6Note that the proposed HMM-based algorithm divides the secondary usersinto two clusters without involving any threshold; here, the threshold SSAthis only used to identify which cluster is malicious.
7iniO O
: 1t T tO lm
tq
tO
Fig. 3: The block diagram of the proposed algorithm.
user is close to {1, 1}, the difference between SSA(BM ) andSSA(BH) is close to zero and the SSA test will fail to detectthe malicious users.7 Fortunately, the grouping will be very
accurate in such cases, due to the significant difference in
statistical behaviors between the honest and malicious users.
Consequently, the GS test can be used (when the percentage
of malicious users is less than half).8 In particular, when
|SSA(B(1)) SSA(B(2))| SSAth, the GS test will beactivated.
IV. HARD- AND SOFT DATA FUSION
In this section, we will discuss how the fusion center processes
the sensing reports based on the detection results. In particular,
two different data fusion approaches, which differ in how the
fusion center disposes of the data from detected malicious
users, are discussed.
Hard data fusion: With the user type estimates m given in
(24), a straightforward (yet effective, as shown by numerical
results) strategy of the fusion center is to directly discard
all the local spectrum inferences from the detected malicious
users, and apply majority voting on the data from honest
users to decide the spectrum states. The block diagram of this
approach is illustrated in Fig. 3. The fusion center maintains
a data buffer for the most recent sensing reports (of length T )
from all secondary users, and adopts the proposed algorithm
to estimate the corresponding HMM parameters. The resulting
estimate together with the observation history OtT :t1is fed into the MAP block for malicious user identification
using (24). Spectrum occupancy decision is made at the data
fusion block, based on the current sensing reports Ot and user
classification result m.
Soft data fusion: It is interesting to note that when precise
knowledge of HMM parameters and user type information
m is available, malicious users may also provide useful infor-
mation on the spectrum states. Soft data fusion will exploit
such potential information in the hope of further enhancing
the performance. To this end, the estimates and m obtained
by the proposed inference method can be fed into the data
fusion block in Fig. 3. Accordingly, the log-likelihood Li(t)of the true spectrum state at time t being q(t) = i, based onthe estimates of HMM parameters and user type m, is given
by
7Malicious user detection for close to {0, 0} is not of our focus becausein such cases malicious users behave nearly identically to honest users in thestatistical sense.
8To relax the assumption that the percentage of malicious users is less thanhalf, one possible way in practice is to allocate a few anchor nodes in thenetwork to aid honest group identification, but this is beyond the scope ofthis work.
TABLE II: Comparison of e(B) using different ls in (17) and (18).
e(B) = 45% = 15%l = 1 0.0854 0.0596Random l 0.0849 0.0596
Average over all l 0.0827 0.0595
Li(t) , logP (o1t , o
2t , ..., o
Lt |q(t) = i, , m)
=Ll=1
log {olt|q(t) = i, , m}
=Ll=1
log bml
i (olt), i = 0, 1. (25)
The log-likelihood ratio is defined as (t) , L1(t)L0(t),based on which the fusion center will decide the spectrum
state as
q(t) =
{1, (t) > 0,
0, otherwise.(26)
Intuitively, a performance gain of soft data fusion over hard
data fusion is expected for precise and m, as additional
information is exploited. Performances of hard- and soft data
fusions using estimated and m will be explored numerically
in Section V-C.
V. SIMULATIONS
The efficacy of the proposed method is explored through two
measures: 1) the honest/malicious user classification accuracy
(P clsfm and Pclsffa ) and 2) the spectrum sensing performance
at the fusion center (PFCd and PFCfa ). Specifically the perfor-
mances of three fusion centers adopting the majority voting
rule are compared: FC1 employs our proposed method that
processes the sensing reports from all users simultaneously
for malicious user detection and removes detected malicious
data from consideration; FC2 first uses the original Baum-
Welch algorithm to estimate s for each individual user and
then employs an agglomerative clustering method in [27],
with which users are classified based on the similarity of
corresponding s, for malicious user detection; FC3 does not
employ any malicious user detection mechanism. Throughout
the simulations, the initial values of = {c, pi, A,B} are givenby cinit = [0.5 0.5], piinit = [0.5 0.5], Ainit = [ 0.5 0.50.5 0.5 ],
B(1)init = [
0.8 0.20.2 0.8 ] and B
(2)init = [
0.5 0.50.5 0.5 ]. The detection window
length T is 100(time slot). The selection of SSAth dependson the spectrum sensing ability of honest users SSA(BH).Specifically, it may be chosen as SSAth = SSA(B
H)( (0, 1)). However, it is found that the performance is notvery sensitive to the specific value of SSAth. Thus, in the
following simulations, SSAth is set to 0.1 for simplicity.
A. A Basic Example
A basic example is shown first to demonstrate the effec-
tiveness of the proposed method in both detecting malicious
users and improving the collaborative spectrum sensing perfor-
mance. In this example, = 45% of the 20 secondary users are
8TABLE III: Comparison of HMM parameter estimation errors.
e() = 20% = 40%PHd
= 0.8, PHfa
= 0.2 0.0493 0.0701
PHd
= 0.9, PHfa
= 0.1 0.0351 0.0475
TABLE IV: Performance comparison for the three fusion centers.
Classification PFCd
PFCfa
FC1 99.3% 0.9968 0.0046
FC2 66.5% 0.8832 0.0661
FC3 0.7895 0.0632
malicious. The true spectrum sensing matrix B of the honest
users is [ 0.8 0.20.15 0.85 ] (i.e., PHd = 0.85 and P
Hfa = 0.2). For
malicious users, the attacking level indices are 10 = 0.8 and01 = 0.75 resulting in a spectrum sensing matrix [ 0.36 0.640.72 0.28 ]according to (1) and (2). The true spectrum state transition
matrix A is set with a0,1 = a1,0 = 0.2. 100 Monte Carloruns are implemented for this scenario. Recall that using
different user ID ls to evaluate (17) and (18) may result in
different estimates due to the three approximations mentioned
in Section III-C. Since the proposed malicious user detection
method mainly relies on the estimates of sensing matrices Bs,
the sensing matrices estimation accuracy of using different ls
is shown in Table II, where the estimation error is defined
as e(B) , 1NS2
Nm=1
Si=1
Sj=1
|bmj (i) bmj (i)|. As shown in
Table II, using different ls leads to similar estimation accuracy
for sensing matrices Bs (more uniform for smaller ).9 In the
following simulations, l = 1 is used in the evaluation of (17)and (18). Furthermore, the HMM parameter estimation errors
e() (defined similarly as e(B)) are shown in Table III. As itcan be seen, the estimation accuracy is acceptable and more
accurate estimates can be obtained with better honest sensing
devices.
The proposed algorithm achieves high classification accu-
racy as shown in Table IV, where the average classification
accuracy is 99.3%, which outperforms the baseline FC2 whoseclassification accuracy (66.5%) is far below a satisfactory
9Similar trends are observed for other parameters c, pi and A.
0 20 40 60 80 1000
0.2
0.4
0.6
0.8
1
Index of Monte Carlo runs
Spectr
um
sensin
g p
erf
orm
ance
Pd
FC1
Pd
FC2
Pd
FC3
Pfa
FC1
Pfa
FC2
Pfa
FC3
Fig. 4: Comparison of spectrum sensing performances over
100 Monte Carlo runs.
level. As a consequence, with FC1, PFCd is increased from
0.8832 (0.7895) to 0.9968 and PFCfa is reduced from 0.0661(0.0632) to 0.0046, as compared to FC2 (FC3). Further,Fig. 4 compares these three fusion centers spectrum sensing
performances, where the PFCd and PFCfa of FC1 consistently
outperform those of FC2 and FC3. It is also observed in sim-
ulations that the proposed method is faster10 than the baseline
approach FC2, as in the proposed method the estimation is
done in an integrated manner, with more efficient use of the
data and much less redundancy in computation.
B. Further Simulations
To provide a more concrete evaluation of the proposed method,
the effects of different malicious user percentage and at-
tacking level are investigated.11 For every pair of and
, 100 Monte Carlo runs are implemented. Fig. 5 showsthe performance comparison of all three fusion centers with
L = 20.Fig. 5a shows the regions of (, ) (under the curves)
when both the mis-detection probability P clsfm and false alarm
probability Pclsffa of malicious user detection are less than 5%
for FC1 and FC2, respectively. The P clsfm and Pclsffa of FC2 are
always greater than 15% when 0.3 resulting in a vanishedregion in Fig. 5a, while FC1 using the proposed method
significantly outperforms FC2. (Note that in the proposed
algorithm, there is no tradeoff between P clsfm and Pclsffa with
respect to and . Both P clsfm and Pclsffa are small when the
inference is accurate.)
Due to accurate user classification of the proposed method,
the spectrum sensing performance of FC1 is enhanced as
compared to the other two fusion centers. The regions where
PFCd 0.95 and PFCfa 0.05, of these three fusion centers
are plotted in Fig. 5b and Fig. 5c, respectively. As it can
be seen, FC1 significantly extends the operational regions
and is able to tolerate substantially more malicious users
with more aggressive attacking. For example, in Fig. 5b,
when 40% users are malicious and their attacking level isbeyond 0.7, both FC2 and FC3 fail to achieve PFCd 0.95due to the severe attacking. However, FC1 can still achieve
PFCd 0.95 even when the attacking level of malicioususers is as high as 0.9. Similar observation can be made forPFCfa as well. The proposed method is still able to provide
P clsfm , Pclsffa 5%, P
FCd 0.95 and P
FCfa 0.05 with
some attacking level when the percentage of malicious
users exceeds 50% as shown in Fig. 5. The reason is thatwhen is not close to 1, the difference between SSA(BH)and SSA(BM ) is significant and thus the SSA test workseffectively without activating the GS test. In addition, the
performance degradation of FC2 as compared to FC3 can
be explained by its poor classification results, as shown in
Fig. 5a, that result in the unfavorable excluding (including)
honest (malicious) users sensing reports in the data fusion
process. Furthermore, as shown in Fig. 5, both malicious user
detection and spectrum sensing performances are similar for
10About 3 times based on our current implementation.11It is assumed in this subsection that 01 = 10 = for 2-D plotting.
920 30 40 50 60 70 80 900.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Percentage of malicious users (%)
Attackinglevel
Method in [12]
Pm
clsf
10
20 30 40 50 60 70 80 900.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Percentage of malicious users (%)
Attackinglevel
Performance contour of malicious user identification
Pm
clsf
11
Similarly, it follows from (11) that
ai,j
Tt=1
P (O, qt1 = i, qt = j|)
=
Tt=1
Nm=1
P (ml = m|)P (O, qt1 = i, qt = j|ml = m, )
=Tt=1
Nm=1
cml,mi,j (t 1), (30)
and further normalization over j gives (18). In addition, by the
definition of l,mi (t), it can be seen that P (O, qt = i,m
l =
m|) = cml,mi (t). Then, (19) follows from (13).
APPENDIX C
Equations (20)(22) will be derived here by applying approx-
imations (A1)(A3).
For , it admits
l,mj (t+ 1)
def. of = P (O1, ..., Ot+1, qt+1 = j|
, ml = m)
(i)=
S1i=0
P (O1, ..., Ot, qt = i, Ot+1, qt+1 = j|, ml = m)
def. of and (ii)=
S1i=0
l,mi (t)P (Ot+1|qt+1 = j, O1, ..., Ot, qt = i,
,ml = m)P (qt+1 = j|qt = i, ,ml = m)
(A1)
S1i=0
l,mi (t)P (Ot+1|qt+1 = j, qt = i, ,ml = m)ai,j
(iii)=
S1i=0
l,mi (t)P (Ot+1|qt+1 = j, ,ml = m)ai,j
(iv)=
S1i=0
l,mi (t)P (olt+1|qt+1 = j,
, ml = m)
r 6=l
(P (ort+1|qt+1 = j,
))ai,j
(i) and (ii)=
S1i=0
l,mi (t)P (olt+1|qt+1 = j,
, ml = m)
r 6=l
(N
m=1
P (ort+1|mr = m, qt+1 = j,
)cm
)ai,j
def. of b=
S1i=0
l,mi (t)ai,jbmj (o
lt+1)
r 6=l
(N
m=1
bmj (ort+1)cm
).
(31)
For , it admits
l,mi (t)
def. of and (i)=
S1j=0
P (Ot, Ot+1, ..., OT , qt+1 = j|qt = i, ,ml = m)
(ii)=
S1j=0
ai,jP (Ot, Ot+1, ..., OT |qt+1 = j, qt = i, ,ml = m)
(A2)
S1j=0
ai,jP (Ot+1, ..., OT |qt+1 = j, ,ml = m)
P (Ot|qt = i, ,ml = m)
def. of =
S1j=0
ai,jl,mj (t+ 1)P (Ot|qt = i,
,ml = m)
def. of b and (iv)=
bmi (olt)r 6=l
(N
m=1
bmi (ort )cm
) S1j=0
ai,jl,mj (t+ 1).
(32)
For , it admits
l,mij (t) , P (O, qt = i, qt+1 = j|,ml = m)
(ii)= P (O1, ..., Ot, qt = i|
,ml = m)P (Ot+1, ..., OT ,
qt+1 = j|O1, ..., Ot, qt = i, ,ml = m)
(A3) l,mi (t)P (qt+1 = j|qt = i,
)P (Ot+1, ..., OT
|qt+1 = j, , ml = m)
def. of = l,mi (t)ai,j
l,mj (t+ 1). (33)
In the above, (i) the total probability theorem, (ii) the
Bayes formula, (iii) independence between Ot+1 and qt given
qt+1 (t), (iv) conditional independence of users observationsgiven the true spectrum state are invoked.
APPENDIX D
In this appendix, we will show SSA(BH) SSA(BH).According to the definition of SSA and equations (1) and (2),
SSA(BM ) = |PMd PMfa |
= |(1 10) (PHd P
Hfa) 01 (P
Hd P
Hfa)|
= |1 10 01| |PHd P
Hfa|
1 |PHd PHfa| = SSA(B
H), (34)
where the fact 0 10, 01 1 is invoked.
REFERENCES
[1] I. F. Akyildiz, B. F. Lo, and R. Balakrishnan, Cooperative spectrumsensing in cognitive radio networks: A survey, Physical Communication(Elsevier) Journal, vol. 4, no. 1, pp. 4062, 2011.
[2] G. Ganesan and Y. Li, Cooperative spectrum sensing in cognitive radio,part I: Two user networks, IEEE Trans. Wireless Commun., vol. 6, no. 6,pp. 22042213, 2007.
[3] G. Ganesan and L. Ye, Cooperative spectrum sensing in cognitive radio,part II: Multiuser networks, IEEE Trans. Wireless Commun., vol. 6,no. 6, pp. 22142222, 2007.
[4] C. Sun, W. Zhang, and K. Ben, Cluster-based cooperative spectrumsensing in cognitive radio systems, in Proc. of IEEE ICC, 2007.
[5] J. L. Burbank, Security in cognitive radio networks: The requiredevolution in approaches to wireless network security, in Proc. of IEEECrownCom, 2008.
[6] R. Chen, J.-M. Park, Y. T. Hou, and J. H. Reed, Toward secure dis-tributed spectrum sensing in cognitive radio networks, IEEE Commun.Mag., vol. 46, no. 4, pp. 5055, 2008.
[7] T. C. Clancy and N. Goergen, Security in cognitive radio networks:Threats and mitigation, in Proc. of IEEE CrownCom, 2008.
[8] G. Baldini, T. Sturman, A. R. Biswas, R. Leschhorn, G. Godor, andM. Street, Security aspects in software defined radio and cognitiveradio networks: A survey and a way ahead, Commun. Surveys Tuts.,vol. 14, no. 2, pp. 355379, 2012.
[9] R. Chen, J.-M. Park, and K. Bian, Robust distributed spectrum sensingin cognitive radio networks, in Proc. of IEEE INFOCOM, 2008.
[10] P. Kaligineedi, M. Khabbazian, and V. K. Bhargava, Malicious userdetection in a cognitive radio cooperative sensing system, IEEE Trans.Wireless Commun., vol. 9, no. 8, pp. 24882497, 2010.
12
[11] W. Wang, H. Li, Y. Sun, and Z. Han, Securing collaborative spectrumsensing against untrustworthy secondary users in cognitive radio net-works, Journal on Advances in Signal Processing, vol. 2010, no. 4,2010.
[12] A. S. Rawat, P. Anand, H. Chen, and P. K. Varshney, Collaborativespectrum sensing in the presence of Byzantine attacks in cognitive radionetworks, IEEE Trans. Signal Process., vol. 59, no. 2, pp. 774786,2011.
[13] S. Marano, V. Matta, and L. Tong, Distributed detection in the presenceof Byzantine attacks, IEEE Trans. Signal Process., vol. 57, no. 1, pp.1629, 2009.
[14] H. Li and Z. Han, Catch me if you can: An abnormality detection ap-proach for collaborative spectrum sensing in cognitive radio networks,IEEE Trans. Wireless Commun., vol. 9, no. 11, pp. 35543565, 2010.
[15] A. Vempaty, K. Agrawal, H. Chen, and P. Varshney, Adaptive learningof Byzantines behavior in cooperative spectrum sensing, in Proc. ofIEEE WCNC, 2011.
[16] S. Li, H. Zhu, B. Yang, C. Chen, and X. Guan, Believe yourself: A user-centric misbehavior detection scheme for secure collaborative spectrumsensing, in Proc. of IEEE ICC, 2011.
[17] F. Adelantado and C. Verikoukis, A non-parametric statistical approachfor malicious users detection in cognitive wireless ad-hoc networks, inProc. of IEEE ICC, 2011.
[18] D. Zhao, X. Ma, and X. Zhou, Prior probability-aided secure cooper-ative spectrum sensing, in Proc. of IEEE WiCOM, 2011.
[19] T. Clancy and B. Walker, Predictive dynamic spectrum access, in Proc.of SDR Forum Technical Conference, 2006.
[20] N. Noorshams, M. Malboubi, and A. Bahai, Centralized and decentral-ized cooperative spectrum sensing in cognitive radio networks: A novelapproach, in Proc. of IEEE SPAWC, 2010.
[21] L. E. Baum, T. Petrie, G. Soules, and N. Weiss, A maximizationtechnique occurring in the statistical analysis of probabilistic functionsof Markov chains, The Annals of Mathematical Statistics, vol. 41, no. 1,pp. 164171, 1970.
[22] L. Rabiner and B.-H. Juang, Fundamentals of Speech Recognition.Prentice hall, 1993.
[23] P. R. Runkle, P. K. Bharadwaj, L. Couchman, and L. Carin, HiddenMarkov models for multiaspect target classification, IEEE Trans. SignalProcess., vol. 47, no. 7, pp. 20352040, 1999.
[24] A. P. Dempster, N. M. Laird, and D. B. Rubin, Maximum likelihoodfrom incomplete data via the EM algorithm, Journal of the RoyalStatistical Society. Series B (Methodological), pp. 138, 1977.
[25] A. Vempaty, O. Ozdemir, K. Agrawal, H. Chen, and P. Varshney,Localization in wireless sensor networks: Byzantines and mitigationtechniques, IEEE Trans. Signal Process., vol. 61, no. 6, pp. 14951508,2013.
[26] M. Gagrani, P. Sharma, S. Iyengar, V. S. S. Nadendla, A. Vempaty,H. Chen, and P. K. Varshney, On noise-enhanced distributed inferencein the presence of Byzantines, in Proc. of Allerton, 2011.
[27] R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification. Wiley-interscience, 2012.
Xiaofan He received the B.S. degree in electronicsand information engineering from Huazhong Uni-versity of Science and Technology, Wuhan, China,in 2008, and the M.A.Sc. degree in electrical andcomputer engineering from McMaster University,Hamilton, ON, Canada, in 2011. He is currentlyworking toward the Ph.D. degree in electrical andcomputer engineering at North Carolina State Uni-versity, Raleigh, NC.His research interests are in the areas of wireless
communications and networking, and detection andestimation. His current research focuses on the security issues in wirelesscommunications and networking with a physical layer emphasis.
Huaiyu Dai (M03, SM09) received the B.E. andM.S. degrees in electrical engineering from TsinghuaUniversity, Beijing, China, in 1996 and 1998, re-spectively, and the Ph.D. degree in electrical engi-neering from Princeton University, Princeton, NJ in2002.He was with Bell Labs, Lucent Technologies,
Holmdel, NJ, during summer 2000, and with AT&TLabs-Research, Middletown, NJ, during summer2001. Currently he is an Associate Professor ofElectrical and Computer Engineering at NC State
University, Raleigh. His research interests are in the general areas of com-munication systems and networks, advanced signal processing for digitalcommunications, and communication theory and information theory. Hiscurrent research focuses on networked information processing and crosslayerdesign in wireless networks, cognitive radio networks, wireless security, andassociated information-theoretic and computation-theoretic analysis.He has served as editor of IEEE Transactions on Communications, Signal
Processing, and Wireless Communications. He co-edited two special issuesfor EURASIP journals on distributed signal processing techniques for wirelesssensor networks, and on multiuser information theory and related applications,respectively. He co-chairs the Signal Processing for Communications Sym-posium of IEEE Globecom 2013, the Communications Theory Symposiumof IEEE ICC 2014, and the Wireless Communications Symposium of IEEEGlobecom 2014.
Peng Ning (M01, SM12) received the B.S. de-gree in information sciences from the University ofScience and Technology of China (USTC), Hefei,China, in 1994, the M.E. degree in communica-tions and electronics systems from USTC, GraduateSchool in Beijing, Beijing, China, in 1997, and thePh.D. degree in information technology from GeorgeMason University, Fairfax, VA, in 2001.is a Professor of Computer Science at NC State
University, where he also serves as the Technical Di-rector for Secure Open Systems Initiative (SOSI). He
is a recipient of National Science Foundation (NSF) CAREER Award in 2005.He is currently the Secretary/Treasurer of the ACM Special Interest Group onSecurity, Auditing, and Control (SIGSAC), and is on the Executive Committeeof ACM SIGSAC. He is an editor for Springer Briefs in Computer Science,responsible for Briefs on information security. He has served or is servingon the editorial boards of several international journals, including ACMTransactions on Sensor Networks, Journal of Computer Security, Ad-HocNetworks, Ad-Hoc & Sensor Networks: an International Journal, InternationalJournal of Security and Networks, and IET Proceedings Information Security.He also served as the Program Chair or Co-Chair for ACM SASN 05, ICICS06 and ESORICS 09, ICDCS-SPCC 10, and NDSS 13, the General Chairof ACM CCS 07 & 08, and Program Vice Chair for ICDCS 09 & 10 Security and Privacy Track. He served on the Steering Committee of ACMCCS from 2007 to 2011, and is a founding Steering Committee member ofACM WiSec and ICDCS SPCC. His research has been supported by NSF,Army Research Office (ARO), the Advanced Research and DevelopmentActivity (ARDA), IBM Research, SRI International, and the NCSU/DukeCenter for Advanced Computing and Communication (CACC). Peng Ningis a senior member of the ACM, the ACM SIGSAC, and a senior member ofthe IEEE. http://discovery.csc.ncsu.edu/pning/