1HMM-Based Malicious User Detection for Robust

Collaborative Spectrum SensingXiaofan He, Huaiyu Dai, Senior Member, IEEE and Peng Ning, Senior Member, IEEE

AbstractCollaborative spectrum sensing improves the spec-trum state estimation accuracy but is vulnerable to the potentialattacks from malicious secondary cognitive radio (CR) users,and thus raises security concerns. One promising malicioususer detection method is to identify their abnormal statisticalspectrum sensing behaviors. From this angle, two hidden Markovmodels (HMMs) corresponding to honest and malicious usersrespectively are adopted in this paper to characterize theirdifferent sensing behaviors, and malicious user detection isachieved via detecting the difference in the corresponding HMMparameters. To obtain the HMM estimates, an effective inferencealgorithm that can simultaneously estimate two HMMs withoutrequiring separated training sequences is also developed. By usingthese estimates, high malicious user detection accuracy can beachieved at the fusion center, leading to more robust and reli-able collaborative spectrum sensing performance (substantiallyenlarged operational regions) in the presence of malicious users,as compared to the baseline approaches. Different fusion methodsare also discussed and compared.

Keywords-Cognitive radio network, security, collaborativespectrum sensing, malicious user detection, Byzantine attacks,HMM.

I. INTRODUCTION

Spectrum sensing is a key functionality for emerging cog-

nitive radio (CR) networks, and various collaborative spec-

trum sensing schemes have been proposed to improve its

performance [1][4]. However, collaborative spectrum sensing

is vulnerable to the potential attacks from malicious users

who may intentionally report falsified spectrum inferences to

mislead the fusion center (FC) to incorrect decisions, which

is often referred to as Byzantine attack or spectrum sensing

data falsification (SSDF) attack [5][8].

In literature, countermeasures to such type of attacks have

been proposed. In [9], a reputation based weighted sequential

probability ratio test (WSPRT) is proposed. In [10], an outlier

detection technique is employed, where the outlier factor is

determined by the statistics of the reported spectrum state

sequence from each user. In [11], both trust and consistency

values are computed for secondary users to mitigate the

malicious users influence. In [12], a reputation metric, which

represents the frequency of the users local inference being dif-

ferent from the global decision, is used for adversary detection,

Manuscript received November 18, 2012; revised April 5, 2013.X. He (xhe6@ncsu.edu) and H. Dai (Huaiyu Dai@ncsu.edu) are with the

Department of Electrical and Computer Engineering, North Carolina StateUniversity, NC, USA.P. Ning (pning@ncsu.edu) is with the Department of Computer Science,

North Carolina State University, NC, USA.This work was supported in part by the National Science Foundation under

Grants CNS-1016260 and ECCS-1002258.

and the corresponding analysis is based on extensions from

relevant study in [13] to the context of CR networks. A double-

sided neighbor distance (DSND) metric incorporated with the

frequency check is proposed for malicious user detection in

[14]. A learning based method that can identify the malicious

sensor and exploit the falsified data after malicious sensor

identification is proposed in [15], with the assumption that the

probability of the true spectrum being occupied is known. In

[16], a user-centric misbehavior detection is presented, where

the user uses itself as the anchor for adversary detection.

All the preceding methods either explicitly consider the i.i.d.

spectrum state model for simplicity [14][16], or focus their

analysis on one time slot and ignore the Markov property of

the spectrum state [9][13].

Generally the primary channel states are correlated in time,

and it is more accurate to model them as Markovian. For such

a setting, a malicious user detection algorithm based on the

non-parametric Kruskal-Wallis test is developed in [17], where

malicious users are divided into two groups, each flipping the

local spectrum state inference only in one way, i.e., either

from idle to occupied or the other way around. Also, in [18],

a Markovian spectrum model is considered but the proposed

malicious user detection algorithm requires prior knowledge of

the state transition probabilities of the true spectrum, which is

difficult to obtain in the presence of attackers.

When the true spectrum is Markovian, the hidden Markov

model (HMM) is an appropriate model for the spectrum

sensing problem. In [19] and [20], the Baum-Welch algorithm

[21], [22] has been applied to estimate the parameters of

the HMM model, so that the fusion center can achieve more

accurate spectrum state decisions. However, in [19] and [20],

all the secondary users are assumed to be honest and the

security problem is not considered.

Towards more reliable collaborative spectrum sensing, a

new HMM-based malicious user detection method is proposed

in this work, where honest users and malicious users are

modeled by two HMMs, respectively. Due to the abnormal

statistical behaviors, the HMM of malicious users will be

different from that of honest users and thus can be exploited

for malicious user detection. To this purpose, an appropriate

inference technique is required to obtain estimates of the

corresponding HMM parameters. It may be tempting to adopt

the original Baum-Welch algorithm. However, in the origi-

nal Baum-Welch algorithm, multiple independent observation

sequences are required to estimate a single HMM, and the

estimation of multiple HMMs is usually accomplished through

using separate training sequences for each individual HMM

[23]. Consequently, two specific technical issues prevent the

2direct application of the original Baum-Welch algorithm to ob-

tain the HMM estimates in the presence of malicious CR users:

(1) The local inference sequences reported from secondary

users are correlated, because all the secondary users are sens-

ing the same spectrum; (2) Two HMMs exist and the reported

sequences from honest users and malicious users are mixed,

not separate. To overcome these issues, a new estimation

method for HMM is proposed in this work. As compared to the

original Baum-Welch algorithm, the technical contributions of

the proposed algorithm include: 1) simultaneously estimating

two HMMs, 2) working with correlated observation sequences

and 3) no requirement of separate training sequences, and thus

it can be applied to detect malicious users in collaborative

spectrum sensing. This method is developed under the generic

Expectation-Maximization (EM) framework [24]. Once the

estimates of these two HMMs are obtained, two auxiliary tests

can be invoked to identify the malicious users by detecting

their abnormal spectrum sensing behaviors. Both hard data

fusion (where data from detected malicious users is directly

discarded) and soft data fusion (where malicious user data

are processed and fused along with honest user data) are

discussed.

Even though the proposed inference method in this work

is rather general and can be applied to a wide range of

applications, its effectiveness on malicious user detection will

be the focus of this work. As compared to previous works with

a Markovian model, the proposed method can defend against

malicious users that flip local sensing results in both directions

(i.e., from idle to occupied and the opposite), and eliminates

the requirement of prior information of the true spectrum.

The remainder of this paper is organized as follows. Sec-

tion II formulates the problem. In Section III, explicit expres-

sions of the HMM estimates are derived along with conver-

gence analysis, followed by malicious user detection based

on the obtained HMM estimates. Data fusion is discussed in

Section IV. Simulation results and relevant analysis are given

in Section V. Section VI concludes the paper.

II. PROBLEM FORMULATION

A. System Model

1) Spectrum Sensing Metrics: To quantify the spectrum

sensing performances, probabilities of detection Pd and false

alarm Pfa are widely used in literature [1][3]. In this work,

it is assumed that all secondary users use the same devices to

sense the spectrum and have the same {Pd, Pfa}. An honestuser will directly report its local spectrum state inference to

the fusion center, i.e., PHd = Pd and PHfa = Pfa from the

fusion centers viewpoint. A malicious user, however, may

intentionally tamper its local inferences before reporting to

the fusion center. Two parameters 01 and 10 are used to

quantify malicious users attacking levels, where 01 is the

probability that a malicious user will flip its local inference

from 0 (idle spectrum) to 1 (occupied spectrum) and 10 isthe probability of flipping 1 to 0. Accordingly, the equivalentPMd and P

Mfa of the malicious users to the fusion center are

given by

PMd = (1 10)Pd + 01(1 Pd), (1)

TABLE I: Notations and symbols

Symbol Definition

T Detection window lengthqt True spectrum state at time t

q = {q0, ..., qT } Collection of true spectrum states over timeS Total number of spectrum statesL Total number of secondary users

olt The report from the lth user at time t

Ol = {ol1, ..., olT } Report sequence from the lth user

Ot = {o1t , ..., oLt } Reports from all the L users at time t

O = {O1, ...,OL} All the report sequences from all usersN Number of user types

ml {1, ...,N} The type of the lth userm = {m1, ...,mL} Set of user types of these L users

Estimate of at the previous iteration Percentage of malicious users

0o 1o 1o 0o

( )H Md dP P1 (1 )H Md dP P

1 (1 )H Mfa faP P

( )H Mfa faP P

B

, AS

1q 0q 0,0a0,1a

1,0a

1,1a

Fig. 1: Single user spectrum sensing model.

and

PMfa = (1 10)Pfa + 01(1 Pfa), (2)

respectively. For an effective malicious user, at least one of

01 and 10 should be nonzero; otherwise, the malicious user

will behave identically to honest users in the statistical sense.

In addition, in this work, it is assumed that all the malicious

users belong to one type, i.e., having the same {01, 10}.1

Remark: In the interest of space, we will only focus on the

above mentioned flipping attack as it is widely considered in

literature (e.g., [12], [14], [25], [26]). Nevertheless it is worth

noting that besides the flipping attack, malicious users can

also modify their operating points (PMd , PMfa ) by changing

local detection thresholds [15], and our method can be used

to defend against such type of attacks as well.

B. Two Correlated HMMs

In the context of spectrum sensing, the HMM of a single sec-

ondary user is shown in Fig. 1, where q and o represent the true

and the reported spectrum states, respectively. The correspond-

ing set of parameters of this single HMM s = {pi,A,B} con-sists of three parts: 1) initial spectrum state distribution vector

pi = [pi0, pi1] where pii is the probability that the spectrumstarts from the ith state; 2) spectrum state transition probability

matrix A = [ai,j ]22 where ai,j , P (qt = j|qt1 = i).2

1The extension to the multi-type malicious users case, i.e., differentmalicious users may have different {01, 10}, remains a future work.

2With a slight abuse of notation, the indices of matrices start from 0.

3True sequence

of spectrum

states

User 1's reported

sequences

User 2's reported

sequences

0q 1q 2q tq Tq

11o

21o

12o

22o

1to

2to

2To

1To

Fig. 2: Collaborative spectrum sensing over T time slots.

For example, a0,0 is the self-transition probability of the idle

spectrum state and a0,1 is the transition probability from the

idle to the occupied spectrum state; 3) spectrum sensing matrix

B = [bij ]22 where bij , bi(j) = P (o = j|q = i) is theprobability that the reported spectrum state is j given that the

true spectrum state is i. For example, b1(1) is the probabilityof detection and, similarly, b0(1) is the probability of falsealarm from the viewpoint of fusion center.

When adversary exists, two HMMs (1)s =

{pi(1), A(1), B(1)} and (2)s = {pi(2), A(2), B(2)} may

be used to represent the honest and the malicious users

respectively. The abnormal sensing behavior of malicious

users causes the difference between B(1) and B(2), but

the parameters pi and A of these two HMMs are identical

as all users are sensing the same spectrum (i.e., user

observations are correlated). Specifically, the sensing matrix

of the mth (m {1, 2} representing honest and malicioususers respectively) HMM is denoted by B(m) = {bmi (k)}

(e.g., b(1)1 (1) and b

(2)1 (1) are the probabilities of detection

of the CR users corresponding to the first and the second

HMM, respectively). Nevertheless, the original Baum-Welch

algorithm cannot be applied to estimate these two HMMs as

no separate training sequences are available (i.e., honest and

malicious data are mixed). Considering this, a new inference

algorithm that can jointly estimate these two HMMs based

on the mixed and correlated spectrum sensing sequences

from all users is developed in this work by introducing a

new user classification vector c12 = [c1, c2]. In particular,cm (m {1, 2}) denotes the percentage of the mth type ofusers in the network, and the entire set of parameters to be

estimated is = {c, pi, A,B(1), B(2)}. For a fixed , cm canbe interpreted as the prior probability of any user belonging

to the mth HMM. To conform with the EM framework, we

will express cm as P (ml = m|) for any l in the following

derivations, where ml denotes the type of the lth user. After

obtaining the estimates of these two HMMs, secondary users

can be clustered into two types (each corresponding to one

HMM) by evaluating the corresponding maximum a posteriori

(MAP) probabilities, and then two auxiliary tests presented in

Section III-C will be invoked to identify the malicious type.

Other notations used in this work are summarized in Ta-

ble I.3 Specifically, O = {O1, ..., OL} = {O1, ..., OT } is thecollection of sensing reports from all these L users from time

t = 1 to t = T ; the number of spectrum states S equals 2(i.e., either occupied or idle), and the number of user types N

3With slight abuse of notation, q here coincides with the generic one inFig. 1.

also equals 2 (i.e., either honest or malicious) in this work. Inaddition, and denote the HMM estimates in the current

and the previous iterations, respectively.

III. THE PROPOSED METHOD

In this section, the proposed joint estimation method for two

HMMs is developed along with the corresponding convergence

analysis, and followed by two auxiliary tests for malicious user

detection based on these estimates.

A. Derivations of the Proposed Estimation Method

The Expectation-Maximization algorithm, which alternates

between an expectation (E) step and a maximization (M) step,

is a generic iterative method for finding maximum likelihood

estimates of parameters in a statistical model with hidden

variables, such as the HMM. The current E-step formulates

the expected log-likelihood function where the distribution

of the hidden variables is determined by the optimal param-

eter found in the last M-step, and current M-step finds

the optimal parameter that maximizes the expected log-

likelihood function formulated in the current E-step [24].

This alternation continues until convergence (or a maximum

number of iterations is reached). In this subsection, the E-step

and M-step for the estimation of based on the collection of

all the secondary users reported spectrum sensing sequences

O are derived. The collection of the spectrum states q and the

set of user types m are hidden vectors.

1) E-step: The E-step computes the expectation (with

respect to q and m) of the log-likelihood function

logP (O, q,m|), where the distribution of the hidden vari-ables q and m is determined by the estimate in the

previous iteration and the observed sequences O, denoted by

P (q,m|, O). This results in

Q(, ) = E {logP (O, q,m|)}

=qQ

mM

P (q,m|, O) logP (O, q,m|)

=1

P (O|)

qQ

mM

P (O, q,m|) logP (O, q,m|)

,1

P (O|)Q(, ), (3)

where Q = {0, 1}T and M = {1, 2}L are the out-come spaces of q and m, respectively;

qQ

and

mM

are shorthand notations for

q0{0,1}

q1{0,1}

qT{0,1}

and

m1{1,2}

m2{1,2}

mL{1,2}

, respectively. In particular, the

first equality in (3) is due to definition of Q(, ); the secondstep expands the expectation with respect to P (q,m|, O); theBayes formula is applied in the third equality; and the last

step is due to the definition of Q(, ) given below.It is worth noting that P (O|) in (3) is a constant that does

not depend on , which implies that to maximize Q(, ) isequivalent to maximize

Q(, ) ,qQ

mM

P (O, q,m|) logP (O, q,m|).

4Therefore, Q(, ) will be used to find the optimal in thesubsequent derivations without affecting the results.

2) M-step: The M-step aims at finding the current estimate

that maximizes Q(, ). Note that

P (O, q,m|) = P (q|)P (O,m|q, )

= piq0 Tt=1

aqt1,qt Ll=1

P (Ol,ml|q, )

= piq0

Tt=1

aqt1,qt

Ll=1

P (Ol|ml, q, )

Ll=1

P (ml|), (4)

where the second equality holds because all the L reported

sequences Ol are conditionally independent given the true

spectrum state sequence q; the last equality holds because the

user type ml is independent to the true spectrum state q; here

and onwards piq0 represents pii|i=q0 , i.e., pii evaluated at i = q0,and q0 {0, 1} is the initial spectrum state. According to (4),Q(, ) can be expressed as

Q(, ) =qQ

mM

P (O, q,m|) logLl=1

P (ml|)

(a)

(5)

+qQ

mM

P (O, q,m|) log piq0 (b)

+qQ

mM

P (O, q,m|) log

Tt=1

aqt1,qt (c)

+qQ

mM

P (O, q,m|) logLl=1

P (Ol|, q,ml)

(d)

.

Note that in (5), each of the four terms (a), (b), (c), and(d) relies on only one of the four parameters c, pi, A and B,respectively. This implies that the optimal values of c, pi, A

and B, which maximizeQ(, ), can be found by maximizingthese four terms separately. A common approach used in the

following derivation is the method of Lagrange multiplier.

a) Current estimate of c: To maximize term (a) in (5),it is equivalent to maximize

qQ

mM

P (O, q,m|) logLl=1

P (ml|)

=mM

P (O,m|) logLl=1

P (ml|)

=m1

m2

mL

P (O,m1,m2, ..., mL|)Ll=1

logP (ml|)

=m1

m2

mL

[P (O,m1,m2, ..., mL|)

Ll=1

Nm=1

(ml m) logP (ml = m|)

]

=

Ll=1

Nm=1

[m1

m2

mL

(ml m)

P (O,m1,m2, ..., mL|) logP (ml = m|)

]

=

Ll=1

Nm=1

[m1

ml1

ml+1

mL

P (O,m1,m2, ..., ml = m, ..., mL|) logP (ml = m|)]

=

Ll=1

Nm=1

P (O,ml = m|) logP (ml = m|)

=

Ll=1

Nm=1

P (O,ml = m|) log cm, (6)

where (n) = 1 if and only if n = 0; the first step is dueto marginalization over q; the second last step is due to the

fact that the expression inside the brackets only depends on

ml and thus all the other mj 6=ls can be marginalized out; the

last step is by the definition of c.

By associating the constraintN

m=1 cm = 1 with a La-grange multiplier , the optimal c can be found by solving

cm

{Ll=1

Nm=1

P (O,ml = m|) log cm

+

(N

m=1

cm 1

)}= 0, m = 1, ..., N,

which leads to

Ll=1

1

cmP (O,ml = m|) + = 0, m = 1, ..., N. (7)

Summing over all m results in = L P (O|) and

cm =1

L

Ll=1

P (O,ml = m|)

P (O|), m = 1, ..., N. (8)

b) Current estimate of pi: By marginalizing over m and

q1, ..., qT , (b) in (5) can be simplified asS1

i=0 P (O, q0 =i|) log pii. Using, again, the Lagrange multiplier method, theupdate equation of pii based on

is given by

pii = P (O, q0 = i|)/P (O|), i = 0, ..., S 1. (9)

c) Current estimate of A: Term (c) in (5) can be furthersimplified as

qQ

mM

P (O, q,m|) logTt=1

aqt1,qt

=qQ

P (O, q|)

Tt=1

S1i=0

S1j=0

(qt1 i)(qt j) log ai,j

=Tt=1

S1i=0

S1j=0

[q1

...qT

P (O, q|)

(qt1 i)(qt j) log ai,j

]

=Tt=1

S1i=0

S1j=0

P (O, qt1 = i, qt = j|) log ai,j , (10)

where in the first step marginalization over m is applied; in

the last step all the qs other than qt1 and qt are marginalized

5out because the term inside the brackets only depends on qt1and qt. Using the same method, the update equation of ai,jbased on can be found as

ai,j =

Tt=1

P (O, qt1 = i, qt = j|)

Tt=1

P (O, qt1 = i|)

,

i, j = 0, ..., S 1. (11)

d) Current estimate of B: Term (d) in (5) can be furthersimplified as

qQ

mM

P (O, q,m|) log

Ll=1

P (Ol|, q,ml)

=qQ

mM

P (O, q,m|)Ll=1

Tt=1

logP (olt|, qt,ml)

=

Ll=1

Tt=1

S1i=0

Nm=1

(P (O, qt = i,m

l = m|)

logP (olt|, qt = i,ml = m)

)=

Ll=1

Tt=1

S1i=0

Nm=1

(P (O, qt = i,m

l = m|)

log

S1k=0

(olt k)bmi (k)

), (12)

where P (Ol|, q,ml) =T

t=1P (olt|, qt,m

l) is applied in the

first step, i.e., the observations olts are mutually conditional

independent and olt only depends on qt given and the user

type ml; by definition bmi (olt) = P (o

lt|, qt = i,m

l = m)and thus the last step holds. Similarly, the update equation of

bmi (k) based on is given by

bmi (k) =

Ll=1

Tt=1

(olt k)P (O, qt = i,ml = m|)

Ll=1

Tt=1

P (O, qt = i,ml = m|)

, (13)

i = 0, ..., S 1, m = 1, ..., N and k = 0, ..., S 1.

B. Convergence Analysis

The convergence of the log-likelihood {logP (O|n)} of theproposed algorithm is shown in this subsection, where n is

the estimate of obtained in the nth EM iteration. For this

purpose, define for any

(|n),qQ

mM

P (q,m|O, n) logP (O|q,m, )P (q,m|)

P (q,m|O, n)P (O|n),

(14)

and

(|n),logP (O|n) + (|n)

=qQ

mM

P (q,m|O, n) logP (O|q,m, )P (q,m|)

P (q,m|O, n)

=Q(, n) + const. w.r.t. . (15)

First, observe that n+1 found in the (n+1)th M-step max-imizes Q(, n) Q(, n), and thus it maximizes (|n)given in (15), which implies (n+1|n) (n|n). In ad-dition, it is shown in Appendix A that logP (O|) (|n) and logP (O|n) = (n|n). Therefore, by setting = n+1, it follows that logP (O|n+1) logP (O|n)n, i.e., {logP (O|n)} is a non-decreasing sequence of n.Then, the convergence of {logP (O|n)} follows by furtherobserving that it is bounded above by 0.

C. Implementation

The calculation of update equations (8), (9), (11) and (13)

requires evaluation of the corresponding probability quan-

tities presented in the numerators and denominators (e.g.,

P (O,ml = m|) and P (O|) in (8)). To this end, similarto the original Baum-Welch algorithm, intermediate variables

are defined. Firstly, define

l,mi (t) = P (O1, O2, ..., Ot, qt = i|

,ml = m),

which is the probability of the fusion center observing the

partial sequence {O1, O2, ..., Ot} and the spectrum ending upin state i at time t given that the type of the lth user ml is m.

Secondly, define

l,mi (t) = P (Ot, Ot+1, ..., OT |qt = i,

,ml = m),

which is the probability of the fusion center seeing partial

sequence {Ot, Ot+1, ..., OT } given that the spectrum startedat state i at time t and the lth user is of type m. Further define

l,mij (t) , P (O, qt = i, qt+1 = j|

,ml = m),

and

l,mi (t) , P (O, qt = i|

,ml = m),

which admit l,mi (t) =

S1j=1

l,mij (t) by definition.

Once , , and are obtained, it can be verified (using

marginalization and the Bayes formula) that (8), (9), (11),

(13) can be evaluated as follows (see Appendix B):

cm1

L

Ll=1

(cm

S1i=0

l,mi (T )

), m = 1, ..., N, (16)

piiN

m=1

(l,mi (0)cm

S1j=0

ai,jl,mj (1)

),

i = 0, ..., S 1, (17)

ai,j=

Tt=1

Nm=1

l,mij (t 1)cm

S1j=0

Tt=1

Nm=1

l,mij (t 1)cm

, i, j = 0, ..., S 1, (18)

bmi (k)=

Ll=1

Tt=1

(olt k)l,mi (t)c

m

Ll=1

Tt=1

l,mi (t)cm

, (19)

6i = 0, ..., S 1, m = 1, ..., N and k = 0, ..., S 1,

where cm denotes the estimated percentage of type m users

from the last iteration, i.e., cm = P (ml = m|).

Precise evaluation of , and are computationally in-

tractable, and so is . To reduce the computation complexity,

three approximations are adopted in this work:

(A1) P (Ot+1|qt+1 = j, O1, O2, ..., Ot, qt = i, ,ml = m)

P (Ot+1|qt+1 = j, qt = i, ,ml = m),

(A2) P (Ot+1, ..., OT |qt+1 = j, qt = i, Ot, ,ml = m)

P (Ot+1, ..., OT |qt+1 = j, qt = i, ,ml = m),

(A3) P (Ot+1, ..., OT |qt+1 = j, O1, ..., Ot, qt = i, ,ml = m)

P (Ot+1, ..., OT |qt+1 = j, , ml = m).

The intuition of these approximations is the following.

Note that if there is only one type of users (i.e., single

HMM), the future spectrum sensing results {Ot+1, ..., OT }are independent of previous sensing results {O1, ..., Ot} giventhe true spectrum state qt+1 due to the Markovian property.

Consequently, the left hand side will equal to the right hand

side in each of the above three expressions. However, when

there are more than one type of users, the probability of

observing {Ot+1, ..., OT } (and Ot+1) depends on not onlythe true spectrum states q but also the user types m. In

the above expressions, user types (other than the lth one

ml) are not known explicitly but contained in the previous

observations {O1, ..., Ot} (as previous observations can beused to estimate user types). Therefore, the probability of

observing {Ot+1, ..., OT } (and Ot+1) will be affected by{O1, ..., Ot}. (For single HMM, user types are always known,and thus it is free from this problem.) This makes the precise

computations of , and intractable. Considering this, the

user type information contained in previous sensing results

is discarded so as to reduce the computation complexity to

a tractable level. In particular, {O1, O2, ..., Ot} is discardedin (A1) and (A3), and Ot is discarded in (A2), respectively.

Then, the following formulas can be used to evaluate , and

iteratively (see Appendix C):4

l,mj (t+ 1)

S1i=0

l,mi (t)ai,jbmj (o

lt+1)

r 6=l

(N

m=1

bmj (ort+1)c

m

), (20)

l,mi (t)

bmi (olt)r 6=l

(N

m=1

bmi (ort )c

m

)S1j=0

ai,jl,mj (t+ 1), (21)

where l,mi (0) , pii and

l,mi (T + 1) , 1, and

4In (20), (21) and (22), ai,j , bmj , pii and c

m are the estimates in

.

l,mij (t) l,mi (t)ai,j

l,mj (t+ 1). (22)

The approximate values of can be calculated according

to l,mi (t) =

S1j=1

l,mij (t).

Remark: Since all the users sense the same spectrum, if ,

and can be computed precisely, (17) and (18) will result in

the same update to pii and ai,j , respectively, for any user ID l.

However, due to the approximations (A1)(A3), this property

does not hold. Nevertheless the simulations show that using

any (fixed) l in the evaluations of (17) and (18) results in

similar estimation performance.

D. Secondary User Classification

Once the estimate is obtained, the next step is to classify

secondary users, which consists of two stages: 1) dividing all

the secondary users into two groups and 2) identifying the

malicious group.

Stage I: Based on the estimate obtained after the EM

algorithm converges5 and the collection of observation se-

quences O, all secondary users are divided into two groups

(each corresponding to one HMM) and the a posteriori that

the lth user belongs to the mth group is given by

P (ml = m|, O)

=P (ml = m|)P (O|ml = m, )/P (O|)

=

(cm

S1i=0

l,mi (T )

)/

Nm=1

(cm

S1i=0

l,mi (T )

). (23)

Therefore, the MAP estimate of the associated group of the

lth user is determined by

ml=argmaxm

cm

S1i=0

l,mi (T )/N

m=1

(cm

S1i=0

l,mi (T )

). (24)

Stage II: After dividing all secondary users into two groups,

two tests are proposed to identify the malicious group: the

spectrum sensing ability (SSA) test and group size (GS) test.

Specifically, the SSA of a sensing matrix B is defined as

SSA(B) , |b11b01| = |PdPfa|. According to (1) and (2),it is proved in Appendix D that the SSA of the malicious users

sensing matrix is always no greater than that of the honest user,

i.e., SSA(BM ) SSA(BH). The intuition is that malicioususers cannot increase their spectrum sensing ability through

data processing. Consequently, the group of users with lower

SSA are identified as malicious. In the GS test, the group with

the smaller number of users will be identified as malicious.

Since the estimate of B may not be perfect in practice, a

threshold SSAth is set such that only when the difference

between the two SSAs is larger than SSAth will the SSA test

be used.6 However, when the attacking level of the malicious

5Usually, the estimates of the proposed algorithm converge to reasonablyaccurate values in less than 30 iterations.

6Note that the proposed HMM-based algorithm divides the secondary usersinto two clusters without involving any threshold; here, the threshold SSAthis only used to identify which cluster is malicious.

7iniO O

: 1t T tO lm

tq

tO

Fig. 3: The block diagram of the proposed algorithm.

user is close to {1, 1}, the difference between SSA(BM ) andSSA(BH) is close to zero and the SSA test will fail to detectthe malicious users.7 Fortunately, the grouping will be very

accurate in such cases, due to the significant difference in

statistical behaviors between the honest and malicious users.

Consequently, the GS test can be used (when the percentage

of malicious users is less than half).8 In particular, when

|SSA(B(1)) SSA(B(2))| SSAth, the GS test will beactivated.

IV. HARD- AND SOFT DATA FUSION

In this section, we will discuss how the fusion center processes

the sensing reports based on the detection results. In particular,

two different data fusion approaches, which differ in how the

fusion center disposes of the data from detected malicious

users, are discussed.

Hard data fusion: With the user type estimates m given in

(24), a straightforward (yet effective, as shown by numerical

results) strategy of the fusion center is to directly discard

all the local spectrum inferences from the detected malicious

users, and apply majority voting on the data from honest

users to decide the spectrum states. The block diagram of this

approach is illustrated in Fig. 3. The fusion center maintains

a data buffer for the most recent sensing reports (of length T )

from all secondary users, and adopts the proposed algorithm

to estimate the corresponding HMM parameters. The resulting

estimate together with the observation history OtT :t1is fed into the MAP block for malicious user identification

using (24). Spectrum occupancy decision is made at the data

fusion block, based on the current sensing reports Ot and user

classification result m.

Soft data fusion: It is interesting to note that when precise

knowledge of HMM parameters and user type information

m is available, malicious users may also provide useful infor-

mation on the spectrum states. Soft data fusion will exploit

such potential information in the hope of further enhancing

the performance. To this end, the estimates and m obtained

by the proposed inference method can be fed into the data

fusion block in Fig. 3. Accordingly, the log-likelihood Li(t)of the true spectrum state at time t being q(t) = i, based onthe estimates of HMM parameters and user type m, is given

by

7Malicious user detection for close to {0, 0} is not of our focus becausein such cases malicious users behave nearly identically to honest users in thestatistical sense.

8To relax the assumption that the percentage of malicious users is less thanhalf, one possible way in practice is to allocate a few anchor nodes in thenetwork to aid honest group identification, but this is beyond the scope ofthis work.

TABLE II: Comparison of e(B) using different ls in (17) and (18).

e(B) = 45% = 15%l = 1 0.0854 0.0596Random l 0.0849 0.0596

Average over all l 0.0827 0.0595

Li(t) , logP (o1t , o

2t , ..., o

Lt |q(t) = i, , m)

=Ll=1

log {olt|q(t) = i, , m}

=Ll=1

log bml

i (olt), i = 0, 1. (25)

The log-likelihood ratio is defined as (t) , L1(t)L0(t),based on which the fusion center will decide the spectrum

state as

q(t) =

{1, (t) > 0,

0, otherwise.(26)

Intuitively, a performance gain of soft data fusion over hard

data fusion is expected for precise and m, as additional

information is exploited. Performances of hard- and soft data

fusions using estimated and m will be explored numerically

in Section V-C.

V. SIMULATIONS

The efficacy of the proposed method is explored through two

measures: 1) the honest/malicious user classification accuracy

(P clsfm and Pclsffa ) and 2) the spectrum sensing performance

at the fusion center (PFCd and PFCfa ). Specifically the perfor-

mances of three fusion centers adopting the majority voting

rule are compared: FC1 employs our proposed method that

processes the sensing reports from all users simultaneously

for malicious user detection and removes detected malicious

data from consideration; FC2 first uses the original Baum-

Welch algorithm to estimate s for each individual user and

then employs an agglomerative clustering method in [27],

with which users are classified based on the similarity of

corresponding s, for malicious user detection; FC3 does not

employ any malicious user detection mechanism. Throughout

the simulations, the initial values of = {c, pi, A,B} are givenby cinit = [0.5 0.5], piinit = [0.5 0.5], Ainit = [ 0.5 0.50.5 0.5 ],

B(1)init = [

0.8 0.20.2 0.8 ] and B

(2)init = [

0.5 0.50.5 0.5 ]. The detection window

length T is 100(time slot). The selection of SSAth dependson the spectrum sensing ability of honest users SSA(BH).Specifically, it may be chosen as SSAth = SSA(B

H)( (0, 1)). However, it is found that the performance is notvery sensitive to the specific value of SSAth. Thus, in the

following simulations, SSAth is set to 0.1 for simplicity.

A. A Basic Example

A basic example is shown first to demonstrate the effec-

tiveness of the proposed method in both detecting malicious

users and improving the collaborative spectrum sensing perfor-

mance. In this example, = 45% of the 20 secondary users are

8TABLE III: Comparison of HMM parameter estimation errors.

e() = 20% = 40%PHd

= 0.8, PHfa

= 0.2 0.0493 0.0701

PHd

= 0.9, PHfa

= 0.1 0.0351 0.0475

TABLE IV: Performance comparison for the three fusion centers.

Classification PFCd

PFCfa

FC1 99.3% 0.9968 0.0046

FC2 66.5% 0.8832 0.0661

FC3 0.7895 0.0632

malicious. The true spectrum sensing matrix B of the honest

users is [ 0.8 0.20.15 0.85 ] (i.e., PHd = 0.85 and P

Hfa = 0.2). For

malicious users, the attacking level indices are 10 = 0.8 and01 = 0.75 resulting in a spectrum sensing matrix [ 0.36 0.640.72 0.28 ]according to (1) and (2). The true spectrum state transition

matrix A is set with a0,1 = a1,0 = 0.2. 100 Monte Carloruns are implemented for this scenario. Recall that using

different user ID ls to evaluate (17) and (18) may result in

different estimates due to the three approximations mentioned

in Section III-C. Since the proposed malicious user detection

method mainly relies on the estimates of sensing matrices Bs,

the sensing matrices estimation accuracy of using different ls

is shown in Table II, where the estimation error is defined

as e(B) , 1NS2

Nm=1

Si=1

Sj=1

|bmj (i) bmj (i)|. As shown in

Table II, using different ls leads to similar estimation accuracy

for sensing matrices Bs (more uniform for smaller ).9 In the

following simulations, l = 1 is used in the evaluation of (17)and (18). Furthermore, the HMM parameter estimation errors

e() (defined similarly as e(B)) are shown in Table III. As itcan be seen, the estimation accuracy is acceptable and more

accurate estimates can be obtained with better honest sensing

devices.

The proposed algorithm achieves high classification accu-

racy as shown in Table IV, where the average classification

accuracy is 99.3%, which outperforms the baseline FC2 whoseclassification accuracy (66.5%) is far below a satisfactory

9Similar trends are observed for other parameters c, pi and A.

0 20 40 60 80 1000

0.2

0.4

0.6

0.8

1

Index of Monte Carlo runs

Spectr

um

sensin

g p

erf

orm

ance

Pd

FC1

Pd

FC2

Pd

FC3

Pfa

FC1

Pfa

FC2

Pfa

FC3

Fig. 4: Comparison of spectrum sensing performances over

100 Monte Carlo runs.

level. As a consequence, with FC1, PFCd is increased from

0.8832 (0.7895) to 0.9968 and PFCfa is reduced from 0.0661(0.0632) to 0.0046, as compared to FC2 (FC3). Further,Fig. 4 compares these three fusion centers spectrum sensing

performances, where the PFCd and PFCfa of FC1 consistently

outperform those of FC2 and FC3. It is also observed in sim-

ulations that the proposed method is faster10 than the baseline

approach FC2, as in the proposed method the estimation is

done in an integrated manner, with more efficient use of the

data and much less redundancy in computation.

B. Further Simulations

To provide a more concrete evaluation of the proposed method,

the effects of different malicious user percentage and at-

tacking level are investigated.11 For every pair of and

, 100 Monte Carlo runs are implemented. Fig. 5 showsthe performance comparison of all three fusion centers with

L = 20.Fig. 5a shows the regions of (, ) (under the curves)

when both the mis-detection probability P clsfm and false alarm

probability Pclsffa of malicious user detection are less than 5%

for FC1 and FC2, respectively. The P clsfm and Pclsffa of FC2 are

always greater than 15% when 0.3 resulting in a vanishedregion in Fig. 5a, while FC1 using the proposed method

significantly outperforms FC2. (Note that in the proposed

algorithm, there is no tradeoff between P clsfm and Pclsffa with

respect to and . Both P clsfm and Pclsffa are small when the

inference is accurate.)

Due to accurate user classification of the proposed method,

the spectrum sensing performance of FC1 is enhanced as

compared to the other two fusion centers. The regions where

PFCd 0.95 and PFCfa 0.05, of these three fusion centers

are plotted in Fig. 5b and Fig. 5c, respectively. As it can

be seen, FC1 significantly extends the operational regions

and is able to tolerate substantially more malicious users

with more aggressive attacking. For example, in Fig. 5b,

when 40% users are malicious and their attacking level isbeyond 0.7, both FC2 and FC3 fail to achieve PFCd 0.95due to the severe attacking. However, FC1 can still achieve

PFCd 0.95 even when the attacking level of malicioususers is as high as 0.9. Similar observation can be made forPFCfa as well. The proposed method is still able to provide

P clsfm , Pclsffa 5%, P

FCd 0.95 and P

FCfa 0.05 with

some attacking level when the percentage of malicious

users exceeds 50% as shown in Fig. 5. The reason is thatwhen is not close to 1, the difference between SSA(BH)and SSA(BM ) is significant and thus the SSA test workseffectively without activating the GS test. In addition, the

performance degradation of FC2 as compared to FC3 can

be explained by its poor classification results, as shown in

Fig. 5a, that result in the unfavorable excluding (including)

honest (malicious) users sensing reports in the data fusion

process. Furthermore, as shown in Fig. 5, both malicious user

detection and spectrum sensing performances are similar for

10About 3 times based on our current implementation.11It is assumed in this subsection that 01 = 10 = for 2-D plotting.

920 30 40 50 60 70 80 900.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Percentage of malicious users (%)

Attackinglevel

Method in [12]

Pm

clsf

10

20 30 40 50 60 70 80 900.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Percentage of malicious users (%)

Attackinglevel

Performance contour of malicious user identification

Pm

clsf

11

Similarly, it follows from (11) that

ai,j

Tt=1

P (O, qt1 = i, qt = j|)

=

Tt=1

Nm=1

P (ml = m|)P (O, qt1 = i, qt = j|ml = m, )

=Tt=1

Nm=1

cml,mi,j (t 1), (30)

and further normalization over j gives (18). In addition, by the

definition of l,mi (t), it can be seen that P (O, qt = i,m

l =

m|) = cml,mi (t). Then, (19) follows from (13).

APPENDIX C

Equations (20)(22) will be derived here by applying approx-

imations (A1)(A3).

For , it admits

l,mj (t+ 1)

def. of = P (O1, ..., Ot+1, qt+1 = j|

, ml = m)

(i)=

S1i=0

P (O1, ..., Ot, qt = i, Ot+1, qt+1 = j|, ml = m)

def. of and (ii)=

S1i=0

l,mi (t)P (Ot+1|qt+1 = j, O1, ..., Ot, qt = i,

,ml = m)P (qt+1 = j|qt = i, ,ml = m)

(A1)

S1i=0

l,mi (t)P (Ot+1|qt+1 = j, qt = i, ,ml = m)ai,j

(iii)=

S1i=0

l,mi (t)P (Ot+1|qt+1 = j, ,ml = m)ai,j

(iv)=

S1i=0

l,mi (t)P (olt+1|qt+1 = j,

, ml = m)

r 6=l

(P (ort+1|qt+1 = j,

))ai,j

(i) and (ii)=

S1i=0

l,mi (t)P (olt+1|qt+1 = j,

, ml = m)

r 6=l

(N

m=1

P (ort+1|mr = m, qt+1 = j,

)cm

)ai,j

def. of b=

S1i=0

l,mi (t)ai,jbmj (o

lt+1)

r 6=l

(N

m=1

bmj (ort+1)cm

).

(31)

For , it admits

l,mi (t)

def. of and (i)=

S1j=0

P (Ot, Ot+1, ..., OT , qt+1 = j|qt = i, ,ml = m)

(ii)=

S1j=0

ai,jP (Ot, Ot+1, ..., OT |qt+1 = j, qt = i, ,ml = m)

(A2)

S1j=0

ai,jP (Ot+1, ..., OT |qt+1 = j, ,ml = m)

P (Ot|qt = i, ,ml = m)

def. of =

S1j=0

ai,jl,mj (t+ 1)P (Ot|qt = i,

,ml = m)

def. of b and (iv)=

bmi (olt)r 6=l

(N

m=1

bmi (ort )cm

) S1j=0

ai,jl,mj (t+ 1).

(32)

For , it admits

l,mij (t) , P (O, qt = i, qt+1 = j|,ml = m)

(ii)= P (O1, ..., Ot, qt = i|

,ml = m)P (Ot+1, ..., OT ,

qt+1 = j|O1, ..., Ot, qt = i, ,ml = m)

(A3) l,mi (t)P (qt+1 = j|qt = i,

)P (Ot+1, ..., OT

|qt+1 = j, , ml = m)

def. of = l,mi (t)ai,j

l,mj (t+ 1). (33)

In the above, (i) the total probability theorem, (ii) the

Bayes formula, (iii) independence between Ot+1 and qt given

qt+1 (t), (iv) conditional independence of users observationsgiven the true spectrum state are invoked.

APPENDIX D

In this appendix, we will show SSA(BH) SSA(BH).According to the definition of SSA and equations (1) and (2),

SSA(BM ) = |PMd PMfa |

= |(1 10) (PHd P

Hfa) 01 (P

Hd P

Hfa)|

= |1 10 01| |PHd P

Hfa|

1 |PHd PHfa| = SSA(B

H), (34)

where the fact 0 10, 01 1 is invoked.

REFERENCES

[1] I. F. Akyildiz, B. F. Lo, and R. Balakrishnan, Cooperative spectrumsensing in cognitive radio networks: A survey, Physical Communication(Elsevier) Journal, vol. 4, no. 1, pp. 4062, 2011.

[2] G. Ganesan and Y. Li, Cooperative spectrum sensing in cognitive radio,part I: Two user networks, IEEE Trans. Wireless Commun., vol. 6, no. 6,pp. 22042213, 2007.

[3] G. Ganesan and L. Ye, Cooperative spectrum sensing in cognitive radio,part II: Multiuser networks, IEEE Trans. Wireless Commun., vol. 6,no. 6, pp. 22142222, 2007.

[4] C. Sun, W. Zhang, and K. Ben, Cluster-based cooperative spectrumsensing in cognitive radio systems, in Proc. of IEEE ICC, 2007.

[5] J. L. Burbank, Security in cognitive radio networks: The requiredevolution in approaches to wireless network security, in Proc. of IEEECrownCom, 2008.

[6] R. Chen, J.-M. Park, Y. T. Hou, and J. H. Reed, Toward secure dis-tributed spectrum sensing in cognitive radio networks, IEEE Commun.Mag., vol. 46, no. 4, pp. 5055, 2008.

[7] T. C. Clancy and N. Goergen, Security in cognitive radio networks:Threats and mitigation, in Proc. of IEEE CrownCom, 2008.

[8] G. Baldini, T. Sturman, A. R. Biswas, R. Leschhorn, G. Godor, andM. Street, Security aspects in software defined radio and cognitiveradio networks: A survey and a way ahead, Commun. Surveys Tuts.,vol. 14, no. 2, pp. 355379, 2012.

[9] R. Chen, J.-M. Park, and K. Bian, Robust distributed spectrum sensingin cognitive radio networks, in Proc. of IEEE INFOCOM, 2008.

[10] P. Kaligineedi, M. Khabbazian, and V. K. Bhargava, Malicious userdetection in a cognitive radio cooperative sensing system, IEEE Trans.Wireless Commun., vol. 9, no. 8, pp. 24882497, 2010.

12

[11] W. Wang, H. Li, Y. Sun, and Z. Han, Securing collaborative spectrumsensing against untrustworthy secondary users in cognitive radio net-works, Journal on Advances in Signal Processing, vol. 2010, no. 4,2010.

[12] A. S. Rawat, P. Anand, H. Chen, and P. K. Varshney, Collaborativespectrum sensing in the presence of Byzantine attacks in cognitive radionetworks, IEEE Trans. Signal Process., vol. 59, no. 2, pp. 774786,2011.

[13] S. Marano, V. Matta, and L. Tong, Distributed detection in the presenceof Byzantine attacks, IEEE Trans. Signal Process., vol. 57, no. 1, pp.1629, 2009.

[14] H. Li and Z. Han, Catch me if you can: An abnormality detection ap-proach for collaborative spectrum sensing in cognitive radio networks,IEEE Trans. Wireless Commun., vol. 9, no. 11, pp. 35543565, 2010.

[15] A. Vempaty, K. Agrawal, H. Chen, and P. Varshney, Adaptive learningof Byzantines behavior in cooperative spectrum sensing, in Proc. ofIEEE WCNC, 2011.

[16] S. Li, H. Zhu, B. Yang, C. Chen, and X. Guan, Believe yourself: A user-centric misbehavior detection scheme for secure collaborative spectrumsensing, in Proc. of IEEE ICC, 2011.

[17] F. Adelantado and C. Verikoukis, A non-parametric statistical approachfor malicious users detection in cognitive wireless ad-hoc networks, inProc. of IEEE ICC, 2011.

[18] D. Zhao, X. Ma, and X. Zhou, Prior probability-aided secure cooper-ative spectrum sensing, in Proc. of IEEE WiCOM, 2011.

[19] T. Clancy and B. Walker, Predictive dynamic spectrum access, in Proc.of SDR Forum Technical Conference, 2006.

[20] N. Noorshams, M. Malboubi, and A. Bahai, Centralized and decentral-ized cooperative spectrum sensing in cognitive radio networks: A novelapproach, in Proc. of IEEE SPAWC, 2010.

[21] L. E. Baum, T. Petrie, G. Soules, and N. Weiss, A maximizationtechnique occurring in the statistical analysis of probabilistic functionsof Markov chains, The Annals of Mathematical Statistics, vol. 41, no. 1,pp. 164171, 1970.

[22] L. Rabiner and B.-H. Juang, Fundamentals of Speech Recognition.Prentice hall, 1993.

[23] P. R. Runkle, P. K. Bharadwaj, L. Couchman, and L. Carin, HiddenMarkov models for multiaspect target classification, IEEE Trans. SignalProcess., vol. 47, no. 7, pp. 20352040, 1999.

[24] A. P. Dempster, N. M. Laird, and D. B. Rubin, Maximum likelihoodfrom incomplete data via the EM algorithm, Journal of the RoyalStatistical Society. Series B (Methodological), pp. 138, 1977.

[25] A. Vempaty, O. Ozdemir, K. Agrawal, H. Chen, and P. Varshney,Localization in wireless sensor networks: Byzantines and mitigationtechniques, IEEE Trans. Signal Process., vol. 61, no. 6, pp. 14951508,2013.

[26] M. Gagrani, P. Sharma, S. Iyengar, V. S. S. Nadendla, A. Vempaty,H. Chen, and P. K. Varshney, On noise-enhanced distributed inferencein the presence of Byzantines, in Proc. of Allerton, 2011.

[27] R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification. Wiley-interscience, 2012.

Xiaofan He received the B.S. degree in electronicsand information engineering from Huazhong Uni-versity of Science and Technology, Wuhan, China,in 2008, and the M.A.Sc. degree in electrical andcomputer engineering from McMaster University,Hamilton, ON, Canada, in 2011. He is currentlyworking toward the Ph.D. degree in electrical andcomputer engineering at North Carolina State Uni-versity, Raleigh, NC.His research interests are in the areas of wireless

communications and networking, and detection andestimation. His current research focuses on the security issues in wirelesscommunications and networking with a physical layer emphasis.

Huaiyu Dai (M03, SM09) received the B.E. andM.S. degrees in electrical engineering from TsinghuaUniversity, Beijing, China, in 1996 and 1998, re-spectively, and the Ph.D. degree in electrical engi-neering from Princeton University, Princeton, NJ in2002.He was with Bell Labs, Lucent Technologies,

Holmdel, NJ, during summer 2000, and with AT&TLabs-Research, Middletown, NJ, during summer2001. Currently he is an Associate Professor ofElectrical and Computer Engineering at NC State

University, Raleigh. His research interests are in the general areas of com-munication systems and networks, advanced signal processing for digitalcommunications, and communication theory and information theory. Hiscurrent research focuses on networked information processing and crosslayerdesign in wireless networks, cognitive radio networks, wireless security, andassociated information-theoretic and computation-theoretic analysis.He has served as editor of IEEE Transactions on Communications, Signal

Processing, and Wireless Communications. He co-edited two special issuesfor EURASIP journals on distributed signal processing techniques for wirelesssensor networks, and on multiuser information theory and related applications,respectively. He co-chairs the Signal Processing for Communications Sym-posium of IEEE Globecom 2013, the Communications Theory Symposiumof IEEE ICC 2014, and the Wireless Communications Symposium of IEEEGlobecom 2014.

Peng Ning (M01, SM12) received the B.S. de-gree in information sciences from the University ofScience and Technology of China (USTC), Hefei,China, in 1994, the M.E. degree in communica-tions and electronics systems from USTC, GraduateSchool in Beijing, Beijing, China, in 1997, and thePh.D. degree in information technology from GeorgeMason University, Fairfax, VA, in 2001.is a Professor of Computer Science at NC State

University, where he also serves as the Technical Di-rector for Secure Open Systems Initiative (SOSI). He

is a recipient of National Science Foundation (NSF) CAREER Award in 2005.He is currently the Secretary/Treasurer of the ACM Special Interest Group onSecurity, Auditing, and Control (SIGSAC), and is on the Executive Committeeof ACM SIGSAC. He is an editor for Springer Briefs in Computer Science,responsible for Briefs on information security. He has served or is servingon the editorial boards of several international journals, including ACMTransactions on Sensor Networks, Journal of Computer Security, Ad-HocNetworks, Ad-Hoc & Sensor Networks: an International Journal, InternationalJournal of Security and Networks, and IET Proceedings Information Security.He also served as the Program Chair or Co-Chair for ACM SASN 05, ICICS06 and ESORICS 09, ICDCS-SPCC 10, and NDSS 13, the General Chairof ACM CCS 07 & 08, and Program Vice Chair for ICDCS 09 & 10 Security and Privacy Track. He served on the Steering Committee of ACMCCS from 2007 to 2011, and is a founding Steering Committee member ofACM WiSec and ICDCS SPCC. His research has been supported by NSF,Army Research Office (ARO), the Advanced Research and DevelopmentActivity (ARDA), IBM Research, SRI International, and the NCSU/DukeCenter for Advanced Computing and Communication (CACC). Peng Ningis a senior member of the ACM, the ACM SIGSAC, and a senior member ofthe IEEE. http://discovery.csc.ncsu.edu/pning/