IEEE ICC 2013 - Cognitive Radio and Networks Symposium
ReDiSen: Reputation-based Secure Cooperative Sensing in
Distributed Cognitive Radio Networks
Tongjie Zhang, Reihaneh Safavi-Naini, Zongpeng Li
Department of Computer Science, University of Calgary
Calgary, Alberta, Canada T2N 1N4
{tozhang, rei, zongpeng}@ucalgary.ca
Abstract—Cognitive radio techniques represent an emerging
approach for mitigating the spectrum scarcity problem in wireless
communications. Cooperative sensing is an effective solution to
improve sensing accuracy and robustness in the presence of
fading and shadowing that make individual sensing less reliable.
However, when an adversary can corrupt some nodes in the
network, the effectiveness of cooperative sensing may degrade
dramatically. We design the first fully distributed security scheme
ReDiSen to counter attacks in cooperative sensing. We apply
reputation generated from exchanged sensing results as an aid to
restrict the impact of the malicious behaviours. Both theoretical
analysis and simulation results indicate that ReDiSen provides
an effective countermeasure against security attacks by enabling
secondary users to obtain more accurate cooperative sensing
results in adversarial environments. ReDiSen does not rely on a
central authority, nor a common control channel, and is therefore
more applicable in dynamic cognitive radio networks.
Index Terms—Cognitive Radio Networks; Cooperative Sensing;
Reputation; Security
I. I NTRODUCTION
To resolve the disparity between the escalating demand of
wireless radio frequency and spectrum under-utilization by
license holders (primary users), the concept of an intelligent
wireless communications system - Cognitive Radio Network
(CRN) has been envisioned [7]. CRN is an emerging technique that mitigates spectrum scarcity in the prosperous area
of wireless communications. A cognitive radio is aware of
its environment, and adapts to the new scenarios based on
its previous experiences. It is possible for unlicensed users
(secondary users) to lease spectrum from primary users while
respecting their rights.
Spectrum sensing involves the detection of the presence
of a transmitted signal of interest, and is crucial for CRN
performance. In the sensing process, the cognitive radio users
shall not cause harmful interference to the primary users [7].
However, it is a challenge for a cognitive radio to carry out
reliable spectrum sensing. Signals suffer from shadow fading
and multipath fading. It is also possible for a secondary user to
falsely detect a primary user because of noise or interference.
These problems can be addressed by requiring multiple secondary users to cooperate with each other in spectrum sensing
[14]. Each secondary user acts as a sensing terminal that
This work was supported in part by AITF (Alberta Innovates Technology
Futures).
978-1-4673-3122-7/13/$31.00 ©2013 IEEE
conducts local spectrum sensing. In the centralized cooperative
sensing process, individual nodes send their local sensing data
to a central authority (fusion center), where the data is processed to make a final sensing decision. Cooperative sensing
leads to more accurate decisions, consumes less resource at
individual nodes, improves the throughput, and overcomes
performance degradation due to fading and shadowing [7].
In an adversarial network environment, an adversary may
compromise and control a subset of nodes to attack the
cooperative sensing protocol, e.g., by reporting false sensing
results that aim to affect the final group decision. Such attacks
are known as Spectrum Sensing Data Falsification (SSDF)
attacks. Previous studies have shown that the performance
of cooperative sensing can degrade significantly due to the
falsified reports from malicious nodes [4].
Existing research on SSDF attacks often assume the existence of a fusion center that collects local measurements and
makes the final decision of whether primary users are present
or absent [2], [6], [8]–[12]. They also assume that a common
control channel for information exchange in the protocol.
The requirement of a fusion centers and a common control
channel leads to its own problems: (1) The centralized schemes
usually incur heavy communication overhead between the fusion center and other cognitive radios. The reporting channels
between the fusion center and other secondary users may
suffer from fading, thus the results become less reliable. (2)
Malicious nodes can aim to compromise the fusion center,
and hence paralyze the entire system. This single point of
failure poses a serious security threat. (3) The dependence
on a common control channel makes the protocol vulnerable
to jamming attacks. The adversary may launch a Denial-ofService (DoS) attack by flooding the control channel. This is
more energy efficient for the adversary compared to jamming
all communication channels. (4) All secondary users need
to establish connections with the fusion center. While nodes
are moving, this behaviour requires an extensive usage of
network protocols. (5) Another downside is the leak of private
information in some of such security schemes [2], [6], [8],
while it is often desirable to protect location privacy in CRNs.
The fusion center and common control channel are essential components to implement the existing secure cooperative sensing solutions, which do not allow a straightforward
extension to a distributed solution. While there exist work
in the literature that discusses security issues in distributed
2601
cooperative sensing, some centralized mechanisms, e.g., root
nodes, are still required [5]. In this work, we propose ReDiSen,
a Reputation-based Distributed Sensing scheme that is the first
fully distributed cooperative spectrum sensing scheme with
security assurance against malicious behaviour of a subset of
nodes. Our contributions are summarized below.
(1) ReDiSen is a fully distributed and scalable scheme where
nodes only exchange information with neighbors. Each node
makes its decision based on its local measurement and the
values exchanged with its neighbours. Through iterative value
updates, honest nodes eventually arrive at a converged value
as the cooperative sensing result. The removal of the fusion
center and the common control channel reduces communication overhead. Nodes can dynamically move to anywhere at
anytime. The adversary cannot benefit from corrupting a small
fraction of nodes or jamming the common control channel.
(2) ReDiSen uses reputation to weight received values from
neighbors according to their trustworthiness. With the removal
of the fusion center and the common control channel, the
reputation system provides a mechanism to reduce the effect
of malicious nodes, and to help secondary users correctly
identify the state of the primary user. Both theoretical analysis
and simulation results indicate that ReDiSen can improve the
robustness against falsified reports from malicious neighbours.
(3) ReDiSen protects the location privacy of secondary
users. Nodes do not need to report their geographic location,
which is required by schemes based on spatial correlation [2],
[6], [8]. A secondary user reliably exchanges information with
neighbors within its communication range. The neighbours of
a node however change as nodes’ locations change. ReDiSen
is applicable to dynamic yet adversarial CRN environments.
In the rest of the paper, Sec. II and Sec. III introduce the
related work, network model and attack model, respectively.
Sec. IV presents the ReDiSen scheme. Sec. V is simulation
studies results. Sec. VI concludes the paper.
II. R ELATED W ORK
Centralized schemes can use location as an additional
factor for identifying malicious nodes. The intuition is that
cognitive radios which are spatially close should have similar
measurements. An outlier, i.e., a secondary user that reports
significantly different sensing results from its neighbouring
nodes, is deemed as malicious or malfunctioning, and its
sensing results will be discarded [2], [6], [8]. This however
compromises the location privacy of secondary users. There
also exist other centralized schemes that study SSDF attacks
[9]–[12]. However, all centralized schemes rely on a central
authority and require a common control channel.
Li et al. proposed to remove the fusion center by having
all cognitive radios update their local measurements with
neighboring nodes iteratively to arrive at consensus [3]. A
secondary user needs to communicate only with its neighbors.
Each secondary user conducts energy detection to obtain a
local measurement of the primary user’s signal. These measurements are then exchanged with neighbors. A secondary
user updates its value based on its own value and the those
received from all its neighbors. The updated values are then
exchanged. This iterative process continues until a consensus
is reached asymptotically for all nodes [13]. The scheme
focuses primarily on how to arrive at a consensus without
considering possibly falsified local measurements. Yan et al.
discuss a number of attacks in the distributed cooperative
sensing process [5]. They propose a security scheme that is still
not fully distributed, as it contains a hash-based computation
verification implemented by a centralized root node.
III. N ETWORK M ODEL AND ATTACK M ODEL
We assume that the primary users form a network of nodes
that communicate on a predetermined spectrum with high
transmission power. The primary users are located far away
from the secondary users, and are abstracted as a single virtual
node. Each secondary user utilizes an omnidirectional antenna
to communicate with other secondary users. A secondary user
i has mi neighbors that report incorrect values (including
attacking malicious neighbors and honest nodes that sense
incorrectly due to severe fading or system failure), and ni
neighbors that report correct values (including honest nodes
that sense correctly and non-attacking malicious nodes), each
equipped with a cognitive radio. They are located within the
transmission range of primary users, and can individually
sense the environment to detect the existence of primary users.
The network formed by the secondary users is modeled as an
undirected graph G = (V, E). The set of secondary users are
the nodes V, and the set of edges E ⊂ V × V. A node j is a
neighbor of a node i if (i, j) ∈ E, where i = j. The neighbors
of a node i is denoted by {j|(i, j) ∈ E} ⊂ V.
An adversary compromises a subset of nodes and modifies
their behaviour according to his choice. An honest node has no
a priori information on which of its neighbors are malicious.
There are two kinds of SSDF attacks aiming to compromise
the cooperative sensing process [6]:
(1) Exploitation Attack (EA): The adversary is selfish and
aims at using the primary spectrum exclusively. The malicious
nodes strategically report higher sensed energy to fabricate the
presence of a primary user who is not transmitting.
(2) Vandalism Attack (VA) : The malicious nodes report
lower sensed energy to fabricate the absence of a primary
user who is in fact transmitting. The goal of the adversary is
to incur interference between the primary user and legitimate
secondary users.
A malicious node can identify and communicate with other
malicious nodes in each attack. We assume malicious nodes
will all follow the same behaviour summarized by the following attack strategies:
(1) Always Attack: The malicious nodes attack in all sensing
sessions. They always report lower values while the primary
user is transmitting, higher values while the primary user is
not transmitting.
(2) Random Attack: The malicious nodes may not participate
in the sensing process. They just report random values within
a rational range to other honest neighbors, no matter whether
the primary user is transmitting or not.
2602
(3) Intermittent Attack: The malicious nodes attack in some
selected sessions. They report falsified sensed values to the
honest neighbors in attacking sessions, and truthful sensed values in non-attacking sessions. We define the attack intensity as
the percentage of sessions when falsified values are reported.
IV. T HE D ESIGN OF ReDiSen
We use a reputation system to weight the information
received by a node from its neighbor, with higher weights
for honest neighbors that are trusted, and lower weights for
neighbors that are less trusted. Reputation systems have been
previously used to cope with malicious behaviours [1]. In
ReDiSen, nodes monitor behaviours of their neighbors and use
this information to assign reputation values to them.
A. Using Reputation to Update Values
Each secondary user obtains a local measurement in a time
interval T . After a sensing session, a series of value update
t
be the
sessions are executed by the secondary users. Let Vi,j
value that a transmitter i sends to a receiver j during the update
session t. Here Vjt is the value of receiver j during the session
t. All secondary users exchange their local measurements
of the primary user energy with their neighbors, and update
their own values based on the received values. For the honest
nodes, assuming their measurements are correct, the initial
values are the sensed values of the primary user energy. The
malicious nodes can report arbitrary values aiming to achieve
their malicious goals.
After the first value exchange, an honest node calculates
the reputation of neighbors based on the values received and
its own value. The calculation of reputation can use different
methods. We use Rj,i to denote the reputation value of the
transmitter i generated by the receiver j. Then, all secondary
users update their values and exchange their updated values
with their neighbors as described in Algorithm 1. Here λ is a
discount factor [3].
Algorithm 1 ReDiSen: Value Update Algorithm (Input: The
sensed value of a node j and received values from j’s
neighbors. Output: The converged value)
1:
2:
3:
4:
5:
6:
7:
A node j senses the primary user’s energy at sensing
session T
while i is a neighbor of j do
t
Receive local measurements Vi,j
t
Send local measurement Vj,i
Calculate reputation Rj,i
while The converged value is not obtained do
Update value as
mj +nj
Vjt+1 = Vjt +
i=0
8:
9:
end while
end while
t
(1 − λ)Rj,i (Vi,j
− Vjt )
(1)
B. Reputation Requirement
We explore general reputation requirements that are needed
if ReDiSen produces better results than the results by a
reputation-less scheme. The reputation system for ReDiSen
is sound if it outputs a higher value than the reputation-less
scheme while the primary user is transmitting, and a lower
value otherwise, assuming a subset of nodes report falsified
values.
The value update scheme in the reputation-less scheme from
the literature [3] can be described as:
mj +nj
V̄jt+1 = V̄jt +
t
(1 − λ)(V̄i,j
− V̄jt ),
(2)
i=0
with initial value V̄j0 = V̄j [3].
For an honest node j, we denote the reputation of a neighbor
i that reports a correct value with RiN , and the reputation of
a node i that reports an incorrect value with RiM . Hereby, the
two value update schemes can be formulated as Vjt+1 = Vjt +
mj +nj
mj
t
RiM (Vi,j
−Vjt )+ i=m
Ri (V t −V t )] and
(1−λ)[ i=0
j +1
mjN+nji,j t j t
mj
t+1
t
t
t
V̄j
= V̄j +(1−λ)[ i=0 (Vi,j −Vj )+ i=mj +1 (Vi,j −Vj )].
mj
t
(RiM −1)(Vi,j
−Vjt )+
Therefore, V t+1 −V̄jt+1 = (1−λ)[ i=0
mj +nj j
t
t
i=mj +1 (RiN − 1)(Vi,j − Vj )].
The honest node j may sense correctly or incorrectly in a
sensing session. However, it does not know whether its sensed
value is correct or not.
t
≈ Vjt for a neighbor i that also
If j senses correctly, Vi,j
mj
t+1
t
(RiM −1)(Vi,j
−
reports a correct value, Vj − V̄jt+1 ≈ i=0
t
t
Vj ). While the primary user is transmitting, we have Vi,j < Vjt
for
value. So, as long as
maj neighbor i that reports an incorrect
t+1
t+1
(R
−
1)
<
0,
we
have
V
>
V̄
, which indicates
i
M
i=0
j
j
ReDiSen can help j obtain a higher value. While the primary
t
user is not transmitting, Vi,j
> Vjt for a
neighbor i that reports
mj
an incorrect value and so as long as i=0
(RiM − 1) < 0,
t+1
t+1
< V̄j , which indicates ReDiSen can help j
we have Vj
obtain a higher value. Thus the first requirement is for when
mj
(RiM − 1) < 0 for
j senses correctly and requires that: i=0
a neighbor i that reports an incorrect value.
t
If j senses incorrectly, Vi,j
≈ Vjt for a neighbor i that also
mj +nj
t+1
reports an incorrect value, Vj − V̄jt+1 ≈ i=m
(RiN −
j +1
t
1)(Vi,j
− Vjt ). While the primary user is transmitting, for a
t
> Vjt . So,
neighbor i that reports a correct value, we have Vi,j
mj +nj
t+1
as long as i=mj +1 (RiN − 1) > 0, we have Vj
> V̄jt+1 .
This indicates that ReDiSen can help j obtain a higher value.
While the primary user is not transmitting, for a neighbor i
t
< Vjt and so as
that reports a correct value, we have Vi,j
mj +nj
t+1
long as
< V̄jt+1 .
i=mj +1 (RiN − 1) > 0, we have Vj
This indicates ReDiSen can help j obtain a lower value. Thus
the second requirement
mj +nj is for when j senses incorrectly and
(RiN − 1) > 0 for a neighbor i that
requires that: i=m
j +1
reports a correct value.
Note that Vjt+1 > V̄jt+1 indicates that the honest nodes
obtain cooperative sensing results that are closer to the transmitting state of the primary user, and Vjt+1 < V̄jt+1 indicates
that the honest nodes obtain results that are closer to the
2603
spectrum band. Energy detection is the most widely adopted
sensing scheme due to its simplicity, small energy consumption, and short sensing time. The sensed value Pi of each
secondary user i is the received power of the primary user,
which can be expressed by the signal propagation model as
Theorem 1. Suppose an honest node j can assign reputation
Pi = P0 − 10αlog10 ( dd0i ) − Si − Mi (dBm), where P0 is the
RiM < 1 to a neighbor that reports incorrect values, and
transmit power of the primary user, α is the path-loss exponent,
RiN > 1 to a neighbor that reports correct values. Then in
d0 is the reference distance. di denotes the distance from the
t+1
which comReDiSen j can update its value to the value Vj
secondary
user i to the primary user network that is far away
pared to V̄jt+1 , the value from the system without reputation,
from the secondary users. Si represents the power loss effect
is higher when the primary user is transmitting, and lower
due to shadowing fading, modeled as a random variable with
when the primary user is not transmitting.
Si ∼ N (0, σ 2 ). Mi represents the multi-path fading effect [5].
In our simulations, P0 is 80dBm, which is the typical
C. Generating Reputation
transmission
power of a FM radio station. The transmission
Reputation values in ReDiSen are generated once for each
power
is
attenuated
while arrived at secondary users. The
sensing session as follows:
standard variance for fading and shadowing σ is 3dBm. We
consider Mi as negligible and the reference distance d0 as 1m.
|Vi,j − Ṽj |
(mj + nj + 1)|Vi,j − Ṽj | If the primary user is not transmitting, the secondary users can
= 2− mj +nj +1
,
Rj,i = 2− mj +nj +1
|Vl,j −Ṽj |
sense only the thermal noise floor −111dBm.
|Vl,j − Ṽj |
l=1
l=1
mj +nj +1
Secondary users are deployed in a 1km × 1km area, and
(3)
mj +nj +1
each
has the same capacity to communicate with others in
Vi,j
where Ṽj = l=1
is the average value of all the nodes the proximity. The parameter λ is 0.995. The primary user
mj +nj +1
in the neighborhood. We observe that 0 ≤ Rj,i ≤ 2.
is located at 5km away from the center of the secondary
The average difference from the average value is given by user network. While the primary user is transmitting, honest
mj +nj +1
|Vl,j −Ṽj |
l=1
. As long as there are more neighbors that nodes report their sensed values and malicious nodes report
mj +nj +1
report correct values, the distance between the value of a node the noise floor to their neighbors. While the primary user
that senses correctly with the average value shall be smaller is not transmitting, honest nodes report the noise floor and
than the average distance to the average value, and vice versa. malicious nodes report the transit power of the primary user
For a neighbor that reports incorrect values, the distance in the Always Attack strategy and attacking sessions of the
to the average value is larger than the average distance from Intermittent Attack strategy. The final outputs are the updated
mj +nj +1
|Vl,j −Ṽj |
l=1
⇔ values in the two equations (1) and (2) with the reputation
the average value. |Vi,j − Ṽj | >
mj +nj +1
generated as the equation (3) after 150 value update rounds.
(mj +nj +1)|Vi,j −Ṽj |
(m +n +1)|V −Ṽj |
> 1 ⇔ 2 − mj j +njj +1 i,j
< 1 ⇔
mj +nj +1
0
0
non-transmitting state of the primary user. This means that
under the above conditions, the requirements for reputation in
ReDiSen are RiM < 1 and RiN > 1. This is summarized in
Theorem 1:
l=1
|Vl,j −Ṽj |
|Vl,j −Ṽj |
mj +nj +1
(mj +nj +1)|Vi,j −Ṽj |
> 1
mj +nj +1
|Vl,j −Ṽj |
l=1
from the average value. |Vi,j − Ṽj | <
(mj +nj +1)|Vi,j −Ṽj |
mj +nj +1
0 −Ṽ |
|Vl,j
j
l=1
< 1 ⇔ 2−
mj +nj +1
l=1
⇔
⇔
RiN > 1.
These two cases can justify that the proposed reputationgenerating method in (3) can help honest nodes assign RiM <
1 for neighbors that report incorrect values, RiN > 1 for
neighbors that report correct values. This result leads to
Corollary 1:
Corollary 1. The reputation generated using equation (3) can
help honest nodes obtain better cooperative sensing results
than the reputation-less scheme, assuming that the majority
of neighbors are either correctly sensing honest nodes or nonattacking malicious nodes.
B. Simulation Results and Discussions
1) The Value Update Process: In Fig. 1, the malicious
nodes implement the Always Attack strategy. The honest
nodes implement ReDiSen with reputations generated from
the average value of neighbors. The concrete lines indicate
the updated values of 7 honest secondary users in a CRN of
10 secondary users in ReDiSen; while the dash lines indicate
the updated values in the reputation-less scheme.
50
ï
40
ReDiSen
ï
Reputation-less
ï
30
Updated Value
|Vl,j −Ṽj |
Updated Value
l=1
RiM < 1.
For a neighbor that reports correct values, the distance
to the average value is smaller than the average distance
20
10
ï
ï
0
ï
ï
ReDiSen
ï
0
50
100
Value Update Rounds
(a)
150
ï
0
Reputation-less
50
100
Value Update Rounds
150
(b)
V. P ERFORMANCE E VALUATION
Fig. 1: Value update process while the primary user is: (a) transmit-
A. Simulation Objective and Outline
A secondary user is able to decide whether a signal from
a primary user is present or not within a certain time and
ting; (b) not transmitting. All 7 honest nodes obtain closer updated
values in ReDiSen to the real state of the primary user than in the
reputation-less scheme.
2604
While the primary user is transmitting, the honest nodes
obtain higher updated values (approximately 8dBm higher)
than the reputation-less scheme. While the primary user is
not transmitting, the honest nodes obtain lower updated values (approximately 37dBm lower) than the reputation-less
scheme. Since the honest nodes all start from the same noise
floor, so their value update processes are close to each other,
which makes the lines almost overlap. Both scenarios indicate
that ReDiSen can obtain better cooperative sensing results
compared to the reputation-less scheme.
2) Attack Strategies: The malicious nodes can attack in
all sensing sessions by reporting falsified values. They can
also implement the Random Attack strategy or the Intermittent
Attack strategy strategies. For the Intermittent Attack strategy,
we simulate the scenario where the malicious nodes attack
with a 67% intensity. Fig. 2 and Fig. 3 each illustrates
the simulation results in the Random Attack and Intermittent
Attacks strategies.
60
0
50
ReDiSen
ï
30
Average Updated Value
Average Updated Value
VI. C ONCLUSION AND F UTURE W ORK
We studied SSDF attacks in CRNs, and proposed the first
fully distributed security scheme ReDiSen to countermeasure
SSDF attacks in cooperative sensing. Using well designed
reputation systems and using it in the value update algorithm,
ReDiSen can effectively improve the cooperative sensing performance in dynamic yet adversarial environments, and despite
removing the fusion center and the common control channel.
A future direction is to extend the analysis of reputation to
multiple sensing sessions, and to design a solution that can
help nodes obtain better cooperative sensing results over long
runs of the system.
Reputation-less
40
20
10
0
ï
ï
ReDiSen
ï
Reputation-less
ï
0
10
20
30
40
50
60
Percentage of Malicious Nodes
70
80
90
100
R EFERENCES
ï
ï
ï
ï
ï
ï
0
10
20
30
40
50
60
Percentage of Malicious Nodes
(a)
70
80
90
100
(b)
Fig. 2: Average updated values in the Random Attack strategy. As
long as the adversary corrupts less than 68% of the whole CRN,
ReDiSen can obtain: (a) higher average values than the reputationless scheme while the primary user is transmitting; (b) lower average
values than the reputation-less scheme while the primary user is not
transmitting.
100
100
50
50
Average Updated Value
Average Updated Value
reputation-less scheme by updating the values of the honest
nodes closer to the truthful state of the primary user even there
are 68% malicious nodes. Fig. 3 illustrates the similar effects
in the Intermittent Attack strategy with 67% attack intensity,
which can tolerate up to 75% malicious nodes. Fig. 2 and Fig.
3 together justify that ReDiSen can obtain better cooperative
sensing results in different attack strategies.
0
ï
ReDiSen
ï
ï
0
Reputation-less
10
20
30
40
50
60
Percentage of Malicious Nodes
(a)
70
80
90
100
ReDiSen
Reputation-less
0
ï
ï
ï
0
10
20
30
40
50
60
Percentage of Malicious Nodes
70
80
90
100
(b)
Fig. 3: Average updated values in the Intermittent Attack strategy
with 67% intensity. As long as the adversary corrupts less than 75%
of the whole CRN, ReDiSen can obtain: (a) higher average values
than the reputation-less scheme while the primary user is transmitting;
(b) lower average values than the reputation-less scheme while the
primary user is not transmitting.
Fig. 2 illustrates the differences between ReDiSen and the
reputation-less scheme in the Random Attack strategy. A malicious node randomly reports between −111dBm to 80dBm.
The simulation results indicate that: no matter whether the
primary user is transmitting or not, ReDiSen is better than the
[1] S. Buchegger and J. -Y. L. Boudec. Self-policing mobile ad-hoc networks
by reputation systems. IEEE Communications Magazine, pages 101-107,
July 2005.
[2] P. Kaligineedi, M. Khabbazian, and V. Bhargava, Malicious user detection
in a cognitive radio cooperative sensing system, IEEE Transactions on
Wireless Communications 9(8) 2488-2497, 2010.
[3] Z. Li, F. R. Yu, and M. Huang, A Cooperative Spectrum Sensing Consensus Scheme in Cognitive Radios, Proceedings of IEEE International
Conference on Computer Communications (INFOCOM), 2009.
[4] S. M. Mishra, A. Sahai, and R. W. Brodersen, Cooperative sensing among
CRs, Proceedings of IEEE International Conference on Communications
(ICC), 2006.
[5] Q. Yan, M. Li, T. Jiang, W. Lou, and Y. T. Hou, Vulnerability and Protection for Distributed Consensus-based Spectrum Sensing in Cognitive
Radio Networks, Proceedings of IEEE INFOCOM, 2012.
[6] O. Fatemieh, A. Farhadi, R. Chandra, and C. A. Gunter, Using Classification to Protect the Integrity of Spectrum Measurements in White
Space Networks, 18th Annual Network & Distributed System Security
Symposium, 2011.
[7] I. F. Akyildiz, B. F. Lo, and R.Balakrishnan, Cooperative spectrum
sensing in cognitive radio networks: A survey, Physical Communication
4 (2011) 40-62.
[8] A. W. Min, K. G. Shin, and X. Hu, Attack-tolerant distributed sensing for
dynamic spectrum access networks, Proceedings of IEEE International
Conference on Network Protocols (ICNP), 2009.
[9] R. Chen, J. -M. Park, and K. Bian, Robust distributed spectrum sensing
in cognitive radio networks, Proceedings of IEEE INFOCOM, 2008.
[10] H. Li, and Z. Han, Catch Me if You Can: An Abnormality Detection Approach for Collaborative Spectrum Sensing in Cognitive Radio Networks,
IEEE Transactions on Wireless Communications, November 2010.
[11] A. W. Min, K. H. Kim, and K. G. Shin, Robust Cooperative Sensing
via State Estimation in Cognitive Radio Networks, Proceedings of IEEE
Symposium on New Frontiers in Dynamic Spectrum Access Networks
(DySPAN), 2011.
[12] W. Wang, H. Li, Y. Sun, and Z. Han, CatchIt: Detect Malicious
Nodes in Collaborative Spectrum Sensing, Proceedings of IEEE Global
Telecommunications Conference (GLOBECOM), 2009.
[13] R. Olfati-Saber, J. A. Fax, and R. M. Murray, Consensus and cooperation
in networked multi-agent systems, Proceedings of the IEEE, vol. 95, no.
1, pp. 215-233, 2007.
[14] J. Wei, and X. Zhang, Two-Tier Optimal-Cooperation Based Secure
Distributed Spectrum Sensing for Wireless Cognitive Radio Networks,
Proceedings of IEEE INFOCOM, 2010.
2605