^{1}

^{1}

^{2}

^{*}

Internet of Things (IoT) paradigm with strong impact on future life will be interconnected through Cognitive Radio Networks (CRNs). CRNs with Ubiquitous trait are highly promising to achieve interference-free and on-demand services. CRs are able to sense the spectral environment, to detect unoccupied bands, and to use them for signal transmissions. This opportunity encourages malicious Users to surpass CRs by Primary User Emulation (PUE) attack and use vacant spectrums. This paper proposes an unsupervised algorithm to distinguish CRs from PUs regardless of static and mobile user. Employing K-means and graph theory are coincident in our algorithm to improve detection outcomes. The edge of graph corresponding to the relation between signals is used and the result of comparison the signal properties is exposed to different clusters. The Receiver Operating Characteristic (ROC) and Detection Error Tradeoff (DET) of our proposed algorithm prove our claim.

Internet of Things can provide a ubiquitous network of connected devices and intelligent sensors for smart communications, and big data analytics has the potential to enable the movement for real-time control. IoT capable objects will be interconnected through wired and wireless communication technologies. However, cost-effectiveness issues and accessibility to remote users make wireless communication as a feasible solution [

A Cognitive radio Network (CRN) is a network comprising of CR devices that are equipped with cognitive capability and reconfigurability and built on the software-defined radio (SDR) [

Due to the aforementioned tasks, a CR requires following enabling techniques:

・ Bayesian signal processing (e.g. cognitive radar with the availability of a priori information),

・ Dynamic programming,

・ Learning machines with feedback (e.g. neural networks),

・ Game-theoretic models,

・ Cross layer protocol design.

Nowadays, PU detection is performed using one of the following three methods: transmitter detection, cooperative and interference detection. Four approaches are shown in

ulation. Secondly, Energy Detection [

Most common types of malicious user attacks are: 1) PUE attack, 2) Spectrum Sensing Data False (SSDF) [

This paper emphasizes graph theory to enhance the accuracy of clustering based on the unsupervised learning methods, while MUs’ traits lead to misclustering.

The remainder of this paper is organized as follows. Section 2 describes the K-means algorithm and its challenges for detecting MU. In Section 3, Graph theory is discussed. Section 4 introduces the dependence of signals and then details of the proposed algorithm are explained in Section 5. In Section 6, we survey the accuracy of the proposed algorithm to recognize a malicious user. In Section 7, we analytically evaluate the performance of the K-means method, and our proposed algorithm. Summary of the work and conclusions are presented in Section 8.

Suppose that sparse points as delivered signals which may belong to PUs, SUs or MUs are scattered in one cluster. They have their own features such as power, mean, kurtosis of signals, or kurtosis of d/dt of signals, rms value, autocorrelation, which can be used for clustering process. For clustering received signals in a three dimensional space, three features can be employed.

One of the renowned clustering algorithms is k-means. It assigns a signal to a cluster whose center has the minimum distance from the object. The distance is calculated between received signals based on features which have been introduced on each axis. For instance, k-means algorithm considers rms values of each received signal denoted by rms_{s} for clustering them. Imagine that it declares the rms values of cluster centers by rms_{n} n = 1 , 2 , ⋯ , N , then it should solve the following problem:

n o p t = find [ min n | r m s s − r m s n | ] (1)

In the Equation (1), n_{opt} is the minimum distance among every two distances between two rms values. So, k-means algorithm assigns the received signal to cluster n_{opt}. This procedure is done for any received signal and it is assumed that the features (e.g. rms value) of cluster centers are known by k-means algorithm.

Noise, interference and Rayleigh fading channel may change features of the received signal. To combat this problem, we propose that k-means employs randomly three features of the received signal and find its distance from the three corresponding features of the cluster centers, then decides to which cluster the signal should be assigned.

As stated by three features, all other kinds of received signals can be clustered. If one of these features causes the same value between clusters, this feature will be replaced randomly with other features of the signal. This procedure may be repeated a number of times until a received signal clustered into one of existing clusters.

Wide range of wireless standards and relevant devices to communicate in IoT environment [

tion. To fix this problem we present a new pattern detection method based on the graph theory to distinct area like bipartite graph [

and traits. A graph G(vε) is called bipartite while vertices v can be partitioned into N disjoint modulations with ∪ n = 1 N S I G n = v , and the edge set ε connect vertices

from one to another modulation. Each cluster can construct its own features based on eliciting information from received signal. Let I ′ n denotes the number of signals belonging to cluster n. Assume that cluster n collects the set of chan- nels from all CRs in I ′ n . Then, it can declare a bipartite graph,

G n ( ∪ i n = 1 I ′ n s i g i n , ∪ j = n + 1 N ε i n j ) , which represents the relation between channels (

and a vertex s i g i 2 (ЄSIG2). SIG1 is the set of I ′ 1 signals that belong to cluster

“1” ( S I G 1 = ∪ i 1 = 1 I ′ 1 s i g i 1 ) and SIG2 is the set of I ′ 2 signals that belong to cluster “2”

( S I G 2 = ∪ i 2 = 1 I ′ 2 s i g i 2 ). Next section is focused on the edge ε as the relevance of signals.

We consider three standard modulations, namely, BPSK, 16-QAM and GMSK, but any other modulation can be easily included in the scheme. These modulations are representative of CDMA, WiFi and GPRS IoT standards respectively. Other related standards as well as their application in internet of things are exposed in

Proposed Modulations | Applications in IoT | ||
---|---|---|---|

Modulation | Standard/Protocol | Application areas in IoT | |

BPSK | ・ CDMA ・ WiMAX (16d, 16e) ・ WLAN 11a, 11b, 11g, 11n ・ Satellite ・ DVB ・ Cable modem | To transmit the essential information of systems and low speed communication systems [ | |

16QAM | ・ Low power wide area network ・ WiFi ・ WiGi ・ TV white space | ・ digital terrestrial television using DVB-Digital Video Broadcasting ・ land mobile communications ・ envelopment (DOE) technique ・ LTE modes | |

GMSK | ・ Positive Train Control ・ Wireless M-bus | EC-GPRS |

The continuous growth of incoming signals means a continuous growth of features. Besides mentioned features which have been implied earlier, some other features like carrier frequency, signal bandwidth, symbol rate, modulation scheme and propagation channel exist as extra features of unknown incoming signals and channels. Increasing these features to the calculation led us to exceedingly complicated analysis. Hence, these recent features are ignored in “blind” channel modeling to cluster signals. In previous section, we discussed about edgeԑ that shows the relevance of two points and consequently relation between two clusters. In this paper, we use common features between two signals like signal to noise amplitude ratio (SNAR), bit error rate (BER) and others that shown in

According to the

SNAR, BER and Power features can be used for the initial calculation and seeking the degree of membership.

Ratios | Relevance | ||
---|---|---|---|

Typical signals relevance | Formula | Relation | |

SINR | T 0 ⋅ c N + ∑ i I i | BER, FER | |

SNAR | μ 1 + μ 2 σ 1 + σ 2 | BER | |

BER | 0.5 × e r f c ( s q r t ( 10 ^ ( μ 1 + μ 2 20 ( σ 1 + σ 2 ) ) ) ) | SNAR | |

Q ( E ( S I N R K ) ∞ ) | SINR | ||

Occupied Bandwidth | R S ⋅ K ( 1 + α ) | S_{eff} , BER, Power, SINR, Data Rate | |

Spectral Efficiency (S_{eff}) | K K ( 1 + α ) | Occupied Bandwidth, Power | |

Frame Error Rate (FER) | F E R ≤ ∑ m = t + 1 n F E C ( n m ) P e m ( 1 − P ) n − m | SINR, Power | |

Power | ∫ | S i g n a l | 2 d t | SINR | |

Data Rate | R S ⋅ K ( K F E C n F E C ) ⋅ ( T T X T T X + T R X ) ⋅ ( L L max ) | Power, S_{eff} |

R_{S}: Symbol Rate; T_{0}: Symbol Period (1/R_{S}); K: number of bits per symbol ( log 2 M ); α: pulse shape filter roll-off factor (in this scheme, α = 0.5); T T X T R X : amount of transmitting time to receiving in a TDD sys; L L max : the number of bytes to maximum bytes in a packet; N: Noise Power; m: modulation order; c: carrier power; µ_{i}: the mean of signal i; σ i : standard deviation of signal i.

Advent of cognition ability will change the future of communications. And bring new requirements of sources. The most proportion of sources will be allocated to data storage and data analyzing. These two factors should be handled by optimized algorithm of analyzing and organized information like that described in.

Machine learning and associated branches have a significant role in computing. In this paper, we try to step into optimal modes to reduce the adventure of sophisticated analyzing and heighten the accuracy of malicious detection by k-means clustering. K-means restricted to distance and threshold radius of cluster. But our algorithm by exhibiting a new way tried to escape from k-means’ restrictions and its imprecise clustering. Initially, it alludes to thirteen features of signal which encompass Mean, The Standard Deviation (StdDev), Variance? Covariance (VAR), Kurtosis, Kurtosis of Square signal, Kurtosis of Derivation of signal, Skewness, Power, Average Power, StdDev of amplitude, StdDev of angle, Max Autocorrelation of signal and StdDev of absolute value of Phase change (StdDev_abs_PhaseChange). These features are momentous for stochastic chosen name for each axis which their impact have been explained in Section 2. First of all it uses Euclidian metrics (

with inefficient measure of the distance criterion. Then, the procedure switches to compare the signal features and relevant features respectively. Aforementioned argument the Power of unknown signal will be compared with the average power of nearest cluster as a second stage. Third step dedicated to utilize the comparative features such as Signal-to-Noise Amplitude Ratio (SNAR) and Bit Error Rate (BER) and exploit their privileges to determine malicious user (extra explanation brought in Sections 3 and 4).

Our algorithm attempts to discover patterns of malicious users. In this section we try to confirm whether this algorithm reflects the properties of MUs. The ROC curve is a fundamental tool for evaluating the algorithm’s result. In a ROC curve the true positive rate is plotted in function of false rate for different cut-off points. Each possible cut-off point represents the discrimination between malicious cases and normal cases, there will be some cases with the malicious correctly detected as positive (TP = True Positive), but some cases with the malicious will be detected negative (FN = False Negative). On the other hand, some cases without the malicious will be correctly detected as negative (TN = True Negative), but some cases without the malicious will be detected as positive (FP = False Positive).

Our assumption about TN, FP, TP and FN is defined as follows:

TN : = ∑ n = 1 N P n ( T r | L ) = ∑ n = 1 N P ( N ′ n n ) − ∑ n = 1 N ∑ q = n + 1 N P ( N ′ n q ) ⋅ P ( N ′ q n ) (2)

In Equation (2), L presents legal point and Tr is a representative of the threatening point. Each point falls into two categories, firstly, legal affiliation to CR, secondly, dependence on malicious users. Both of aspects have at least one acceptance value for signals relevance.

P ( N ′ n n ) is the probability of threatening points for cluster n and P ( N ′ n q ) is the probability of threatening points of cluster n for cluster q. These probabilities can be calculated with following equations:

P ( N ′ n n ) = N ′ n n I ′ n ; P ( N ′ n q ) = N ′ n q I ′ n ; P ( N ′ q n ) = N ′ q n I ′ q

FP : = ∑ n = 1 N P n ( L | T r ) = ∑ n = 1 N { ( ∑ n = 1 N 1 − [ P ( N ′ n n ) + ∏ q = 1 , q ≠ n N P ( N ′ n q ) ] ) − ∑ n = 1 N ∑ q = n + 1 N 1 − [ P ( N ′ n q ) ⋅ P ( N ′ q n ) ] } (3)

TP : = ∑ n = 1 N P n ( T r | ¬ L ) = ∑ n = 1 N ∑ q = n + 1 N N ′ n q S I G ; S I G = ∑ n = 1 N c a r d ( [ S i g n ] ) (4)

Finally, False Negative fraction:

FN : = ∑ n = 1 N P n ( L | ¬ T r ) = ∑ n = 1 N 1 − P ( N ′ n n ) S I G (5)

To verify this idea, a point should be compared with others in Power, SNAR, BER, SINR and other signals relevance like what was stated in Algorithm 1.

We generate 100 random signals corresponding to 100 trials for three clusters with three modulations, BPSK, 16QAM and GMSK. While the properties of these signals are: 1) α = 0.5, 2) R_{s} = 256 kb/s for one level modulation, 3) E_{b}/N_{0} = 10 and AWGN fading channel with 320 max doppler frequency. The ROC curve describes the detection performance of proposed and k-means algorithm. As can be seen from

Two types of errors may be occurred during detection process. The first type is related to inaccurate sense occupied bandwidth by CR when PU is present. In this case, the subsequent transmissions of CRs will cause interference to the PU. The second type arises from inaccurate sense occupied bandwidth by CR when PU is absent. In addition to exploiting the transmission opportunities and use spectrum more efficiently, the cognitive structure needs to minimize the risk of malicious activities and restrict the probability of incorrect attack detection.

Algorithm 1. Malicious detection.

An alternative to the ROC curve is the Detection Error Tradeoff (DET) graph, which plots the false negative rate (missed detections) vs. the false positive rate (false alarms) on non-linearly transformed x- and y-axes.

that the proposed algorithm can identify malicious user with lower error probability in detection.

The new field of unsupervised learning in cognitive radios with a special emphasis on unique aspect of these radios-spectrum sensing provides novel opportunities to cluster. We strengthen the accuracy clustering while a malicious user wants to be a PU and opportunistically occupies licensed bandwidth. As claimed by the rules of graph-based, the edge of each cluster is defined by the relation between signals (

This work was partially funded by Iran Telecom Research Center (ITRC) and Iran University of Science and Technology (IUST).

Hosseini, A., Abolhassani, B. and Hosseini, A. (2017) Secure Cognitive Radio Communication for Internet-of-Things: Anti-PUE Attack Based on Graph Theory. Journal of Computer and Communications, 5, 27-39. https://doi.org/10.4236/jcc.2017.511003