Current Search: Zou, Changchun (x)
View All Items
(21 - 29 of 29)
Pages
- Title
- Novel Computational Methods for Integrated Circuit Reverse Engineering.
- Creator
-
Meade, Travis, Zhang, Shaojie, Jin, Yier, Orooji, Ali, Zou, Changchun, Lin, Mingjie, University of Central Florida
- Abstract / Description
-
Production of Integrated Circuits (ICs) has been largely strengthened by globalization. System-on-chip providers are capable of utilizing many different providers which can be responsible for a single task. This horizontal structure drastically improves to time-to-market and reduces manufacturing cost. However, untrust of oversea foundries threatens to dismantle the complex economic model currently in place. Many Intellectual Property (IP) consumers become concerned over what potentially...
Show moreProduction of Integrated Circuits (ICs) has been largely strengthened by globalization. System-on-chip providers are capable of utilizing many different providers which can be responsible for a single task. This horizontal structure drastically improves to time-to-market and reduces manufacturing cost. However, untrust of oversea foundries threatens to dismantle the complex economic model currently in place. Many Intellectual Property (IP) consumers become concerned over what potentially malicious or unspecified logic might reside within their application. This logic which is inserted with the intention of causing harm to a consumer has been referred to as a Hardware Trojan (HT).To help IP consumers, researchers have looked into methods for finding HTs. Such methods tend to rely on high-level information relating to the circuit, which might not be accessible. There is a high possibility that IP is delivered in the gate or layout level. Some services and image processing methods can be leveraged to convert layout level information to gate-level, but such formats are incompatible with detection schemes that require hardware description language.By leveraging standard graph and dynamic programming algorithms a set of tools is developed that can help bridge the gap between gate-level netlist access and HT detection. To help in this endeavor this dissertation focuses on several problems associated with reverse engineering ICs. Logic signal identification is used to find malicious signals, and logic desynthesis is used to extract high level details.Each of the proposed method have their results analyzed for accuracy and runtime. It is found that method for finding logic tends to be the most difficult task, in part due to the degree of heuristic's inaccuracy. With minor improvements moderate sized ICs could have their high-level function recovered within minutes, which would allow for a trained eye or automated methods to more easily detect discrepancies within a circuit's design.
Show less - Date Issued
- 2017
- Identifier
- CFE0006896, ucf:51716
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0006896
- Title
- Resource Allocation and Pricing in Secondary Dynamic Spectrum Access Networks.
- Creator
-
Khairullah, Enas, Chatterjee, Mainak, Zou, Changchun, Lang, Sheau-Dong, Catbas, Necati, University of Central Florida
- Abstract / Description
-
The paradigm shift from static spectrum allocation to a dynamic one has opened many challenges that need to be addressed for the true vision of Dynamic Spectrum Access (DSA) to materialize. This dissertation proposes novel solutions that include: spectrum allocation, routing, and scheduling in DSA networks. First, we propose an auction-based spectrum allocation scheme in a multi-channel environment where secondary users (SUs) bid to buy channels from primary users (PUs) based on the signal to...
Show moreThe paradigm shift from static spectrum allocation to a dynamic one has opened many challenges that need to be addressed for the true vision of Dynamic Spectrum Access (DSA) to materialize. This dissertation proposes novel solutions that include: spectrum allocation, routing, and scheduling in DSA networks. First, we propose an auction-based spectrum allocation scheme in a multi-channel environment where secondary users (SUs) bid to buy channels from primary users (PUs) based on the signal to interference and noise ratio (SINR). The channels are allocated such that i) the SUs get their preferred channels, ii) channels are re-used, and iii) there is no interference. Then, we propose a double auction-based spectrum allocation technique by considering multiple bids from SUs and heterogeneity of channels. We use virtual grouping of conflict-free buyers to transform multi-unit bids to single-unit bids. For routing, we propose a market-based model where the PUs determine the optimal price based on the demand for bandwidth by the SUs. Routes are determined through a series of price evaluations between message senders and forwarders. Also, we consider auction-based routing for two cases where buyers can bid for only one channel or they could bid for a combination of non-substitutable channels. For a centralized DSA, we propose two scheduling algorithms-- the first one focuses on maximizing the throughput and the second one focuses on fairness. We extend the scheduling algorithms to multi-channel environment. Expected throughput for every channel is computed by modelling channel state transitions using a discrete-time Markov chain. The state transition probabilities are calculated which occur at the frame/slot boundaries. All proposed algorithms are validated using simulation experiments with different network settings and their performance are studied.
Show less - Date Issued
- 2017
- Identifier
- CFE0006890, ucf:51723
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0006890
- Title
- Load-Balancing in Local and Metro-Area networks with MPTCP and OpenFlow.
- Creator
-
Jerome, Austin, Bassiouni, Mostafa, Yuksel, Murat, Zou, Changchun, Jin, Yier, University of Central Florida
- Abstract / Description
-
In this thesis, a novel load-balancing technique for local or metro-area traffic is proposed in mesh-style topologies. The technique uses Software Defined Networking (SDN) architecture with virtual local area network (VLAN) setups typically seen in a campus or small-to-medium enterprise environment. This was done to provide a possible solution or at least a platform to expand on for the load-balancing dilemma that network administrators face today. The transport layer protocol Multi-Path TCP ...
Show moreIn this thesis, a novel load-balancing technique for local or metro-area traffic is proposed in mesh-style topologies. The technique uses Software Defined Networking (SDN) architecture with virtual local area network (VLAN) setups typically seen in a campus or small-to-medium enterprise environment. This was done to provide a possible solution or at least a platform to expand on for the load-balancing dilemma that network administrators face today. The transport layer protocol Multi-Path TCP (MPTCP) coupled with IP aliasing is also used. The trait of MPTCP of forming multiple subflows from sender to receiver depending on the availability of IP addresses at either the sender or receiver helps to divert traffic in the subflows across all available paths. The combination of MPTCP subflows with IP aliasing enables spreading out of the traffic load across greater number of links in the network, and thereby achieving load balancing and better network utilization. The traffic formed of each subflow would be forwarded across the network based on Hamiltonian 'paths' which are created in association with each switch in the topology which are directly connected to hosts. The amount of 'paths' in the topology would also depend on the number of VLANs setup for the hosts in the topology. This segregation would allow for network administrators to monitor network utilization across VLANs and give the ability to balance load across VLANs. We have devised several experiments in Mininet, and the experimentation showed promising results with significantly better throughput and network utilization compared to cases where normal TCP was used to send traffic from source to destination. Our study clearly shows the advantages of using MPTCP for load balancing purposes in SDN type architectures and provides a platform for future research on using VLANs, SDN, and MPTCP for network traffic management.
Show less - Date Issued
- 2017
- Identifier
- CFE0006887, ucf:51705
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0006887
- Title
- Energy Efficient and Secure Wireless Sensor Networks Design.
- Creator
-
Attiah, Afraa, Zou, Changchun, Chatterjee, Mainak, Wang, Jun, Yuksel, Murat, Wang, Chung-Ching, University of Central Florida
- Abstract / Description
-
ABSTRACTWireless Sensor Networks (WSNs) are emerging technologies that have the ability to sense,process, communicate, and transmit information to a destination, and they are expected to have significantimpact on the efficiency of many applications in various fields. The resource constraintsuch as limited battery power, is the greatest challenge in WSNs design as it affects the lifetimeand performance of the network. An energy efficient, secure, and trustworthy system is vital whena WSN...
Show moreABSTRACTWireless Sensor Networks (WSNs) are emerging technologies that have the ability to sense,process, communicate, and transmit information to a destination, and they are expected to have significantimpact on the efficiency of many applications in various fields. The resource constraintsuch as limited battery power, is the greatest challenge in WSNs design as it affects the lifetimeand performance of the network. An energy efficient, secure, and trustworthy system is vital whena WSN involves highly sensitive information. Thus, it is critical to design mechanisms that are energyefficient and secure while at the same time maintaining the desired level of quality of service.Inspired by these challenges, this dissertation is dedicated to exploiting optimization and gametheoretic approaches/solutions to handle several important issues in WSN communication, includingenergy efficiency, latency, congestion, dynamic traffic load, and security. We present severalnovel mechanisms to improve the security and energy efficiency of WSNs. Two new schemes areproposed for the network layer stack to achieve the following: (a) to enhance energy efficiencythrough optimized sleep intervals, that also considers the underlying dynamic traffic load and (b)to develop the routing protocol in order to handle wasted energy, congestion, and clustering. Wealso propose efficient routing and energy-efficient clustering algorithms based on optimization andgame theory. Furthermore, we propose a dynamic game theoretic framework (i.e., hyper defense)to analyze the interactions between attacker and defender as a non-cooperative security game thatconsiders the resource limitation. All the proposed schemes are validated by extensive experimentalanalyses, obtained by running simulations depicting various situations in WSNs in orderto represent real-world scenarios as realistically as possible. The results show that the proposedschemes achieve high performance in different terms, such as network lifetime, compared with thestate-of-the-art schemes.
Show less - Date Issued
- 2018
- Identifier
- CFE0006971, ucf:51672
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0006971
- Title
- Opportunistic Spectrum Utilization by Cognitive Radio Networks: Challenges and Solutions.
- Creator
-
Amjad, Muhammad Faisal, Zou, Changchun, Bassiouni, Mostafa, Turgut, Damla, Wang, Chung-Ching, University of Central Florida
- Abstract / Description
-
Cognitive Radio Network (CRN) is an emerging paradigm that makes use of Dynamic Spectrum Access (DSA) to communicate opportunistically, in the un-licensed Industrial, Scientific and Medical bands or frequency bands otherwise licensed to incumbent users such as TV broadcast. Interest in the development of CRNs is because of severe under-utilization of spectrum bands by the incumbent Primary Users (PUs) that have the license to use them coupled with an ever-increasing demand for unlicensed...
Show moreCognitive Radio Network (CRN) is an emerging paradigm that makes use of Dynamic Spectrum Access (DSA) to communicate opportunistically, in the un-licensed Industrial, Scientific and Medical bands or frequency bands otherwise licensed to incumbent users such as TV broadcast. Interest in the development of CRNs is because of severe under-utilization of spectrum bands by the incumbent Primary Users (PUs) that have the license to use them coupled with an ever-increasing demand for unlicensed spectrum for a variety of new mobile and wireless applications. The essence of Cognitive Radio (CR) operation is the cooperative and opportunistic utilization of licensed spectrum bands by the Secondary Users (SUs) that collectively form the CRN without causing any interference to PUs' communications.CRN operation is characterized by factors such as network-wide quiet periods for cooperative spectrum sensing, opportunistic/dynamic spectrum access and non-deterministic operation of PUs. These factors can have a devastating impact on the overall throughput and can significantly increase the control overheads. Therefore, to support the same level of QoS as traditional wireless access technologies, very closer interaction is required between layers of the protocol stack.Opportunistic spectrum utilization without causing interference to the PUs is only possible if the SUs periodically sense the spectrum for the presence of PUs' signal. To minimize the effects of hardware capabilities, terrain features and PUs' transmission ranges, DSA is undertaken in a collaborative manner where SUs periodically carry out spectrum sensing in their respective geographical locations. Collaborative spectrum sensing has numerous security loopholes and canbe favorable to malicious nodes in the network that may exploit vulnerabilities associated with DSA such as launching a spectrum sensing data falsification (SSDF) attack. Some CRN standards such as the IEEE 802.22 wireless regional area network employ a two-stage quiet period mechanism based on a mandatory Fast Sensing and an optional Fine Sensing stage for DSA. This arrangement is meant to strike a balance between the conflicting goals of proper protection of incumbent PUs' signals and optimum QoS for SUs so that only as much time is spent for spectrum sensing as needed. Malicious nodes in the CRN however, can take advantage of the two-stage spectrum sensing mechanism to launch smart denial of service (DoS) jamming attacks on CRNs during the fast sensing stage.Coexistence protocols enable collocated CRNs to contend for and share the available spectrum. However, most coexistence protocols do not take into consideration the fact that channels of the available spectrum can be heterogeneous in the sense that they can vary in their characteristics and quality such as SNR or bandwidth. Without any mechanism to enforce fairness in accessing varying quality channels, ensuring coexistence with minimal contention and efficient spectrum utilization for CRNs is likely to become a very difficult task.The cooperative and opportunistic nature of communication has many challenges associated with CRNs' operation. In view of the challenges described above, this dissertation presents solutions including cross-layer approaches, reputation system, optimization and game theoretic approaches to handle (1) degradation in TCP's throughput resulting from packet losses and disruptions in spectrum availability due non-deterministic use of spectrum by the PUs (2) presence of malicious SUs in the CRN that may launch various attacks on CRNs' includingSSDF and jamming and (3) sharing of heterogeneous spectrum resources among collocated CRNs without a centralized mechanism to enforce cooperation among otherwise non-cooperative CRNs
Show less - Date Issued
- 2015
- Identifier
- CFE0005571, ucf:50249
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0005571
- Title
- Spectrum Map and its Application in Cognitive Radio Networks.
- Creator
-
Debroy, Saptarshi, Chatterjee, Mainak, Bassiouni, Mostafa, Zou, Changchun, Jha, Sumit, Catbas, Necati, University of Central Florida
- Abstract / Description
-
Recent measurements on radio spectrum usage have revealed the abundance of underutilizedbands of spectrum that belong to licensed users. This necessitated the paradigm shift from static to dynamic spectrum access. Cognitive radio based secondary networks thatutilize such unused spectrum holes in the licensed band, have been proposed as a possible solution to the spectrum crisis. The idea is to detect times when a particular licensed band is unused and use it for transmission without causing...
Show moreRecent measurements on radio spectrum usage have revealed the abundance of underutilizedbands of spectrum that belong to licensed users. This necessitated the paradigm shift from static to dynamic spectrum access. Cognitive radio based secondary networks thatutilize such unused spectrum holes in the licensed band, have been proposed as a possible solution to the spectrum crisis. The idea is to detect times when a particular licensed band is unused and use it for transmission without causing interference to the licensed user. We argue that prior knowledge about occupancy of such bands and the corresponding achievable performance metrics can potentially help secondary networks to devise effective strategiesto improve utilization.In this work, we use Shepard's method of interpolation to create a spectrum mapthat provides a spatial distribution of spectrum usage over a region of interest. It is achieved by intelligently fusing the spectrum usage reports shared by the secondary nodes at various locations. The obtained spectrum map is a continuous and differentiable 2-dimension distribution function in space. With the spectrum usage distribution known, we show how different radio spectrum and network performance metrics like channel capacity, secondary network throughput, spectral efficiency, and bit error rate can be estimated. We show the applicability of the spectrum map in solving the intra-cell channel allocation problem incentralized cognitive radio networks, such as IEEE 802.22. We propose a channel allocationscheme where the base station allocates interference free channels to the consumer premise equipments (CPE) using the spectrum map that it creates by fusing the spectrum usage information shared by some CPEs. The most suitable CPEs for information sharing arechosen on a dynamic basis using an iterative clustering algorithm. Next, we present a contention based media access control (MAC) protocol for distributed cognitive radio network. The unlicensed secondary users contend among themselves over a common control channel. Winners of the contention get to access the available channels ensuring high utilization and minimum collision with primary incumbent. Last, we propose a multi-channel, multi-hop routing protocol with secondary transmission power control. The spectrum map, created and maintained by a set of sensors, acts as the basis of finding the best route for every source destination pair. The proposed routing protocol ensures primary receiver protection and maximizes achievable link capacity.Through simulation experiments we show the correctness of the prediction model and how it can be used by secondary networks for strategic positioning of secondary transmitter-receiver pairs and selecting the best candidate channels. The simulation model mimics realistic distribution of TV stations for urban and non-urban areas. Results validate the nature and accuracy of estimation, prediction of performance metrics, and efficiency of the allocation process in an IEEE 802.22 network. Results for the proposed MAC protocol show high channel utilization with primary quality of service degradation within a tolerable limit. Performance evaluation of the proposed routing scheme reveals that it ensures primary receiver protection through secondary power control and maximizes route capacity.
Show less - Date Issued
- 2014
- Identifier
- CFE0005324, ucf:50515
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0005324
- Title
- IMPROVED INTERNET SECURITY PROTOCOLS USING CRYPTOGRAPHIC ONE-WAY HASH CHAINS.
- Creator
-
Alabrah, Amerah, Bassiouni, Mostafa, Zou, Changchun, Lang, Sheau-Dong, Bai, Yuanli, University of Central Florida
- Abstract / Description
-
In this dissertation, new approaches that utilize the one-way cryptographic hash functions in designing improved network security protocols are investigated. The proposed approaches are designed to be scalable and easy to implement in modern technology.The first contribution explores session cookies with emphasis on the threat of session hijacking attacks resulting from session cookie theft or sniffing. In the proposed scheme, these cookies are replaced by easily computed authentication...
Show moreIn this dissertation, new approaches that utilize the one-way cryptographic hash functions in designing improved network security protocols are investigated. The proposed approaches are designed to be scalable and easy to implement in modern technology.The first contribution explores session cookies with emphasis on the threat of session hijacking attacks resulting from session cookie theft or sniffing. In the proposed scheme, these cookies are replaced by easily computed authentication credentials using Lamport's well-known one-time passwords. The basic idea in this scheme revolves around utilizing sparse caching units, where authentication credentials pertaining to cookies are stored and fetched once needed, thereby, mitigating computational overhead generally associated with one-way hash constructions.The second and third proposed schemes rely on dividing the one-way hash construction into a hierarchical two-tier construction. Each tier component is responsible for some aspect of authentication generated by using two different hash functions. By utilizing different cryptographic hash functions arranged in two tiers, the hierarchical two-tier protocol (our second contribution) gives significant performance improvement over previously proposed solutions for securing Internet cookies. Through indexing authentication credentials by their position within the hash chain in a multi-dimensional chain, the third contribution achieves improved performance.In the fourth proposed scheme, an attempt is made to apply the one-way hash construction to achieve user and broadcast authentication in wireless sensor networks. Due to known energy and memory constraints, the one-way hash scheme is modified to mitigate computational overhead so it can be easily applied in this particular setting.The fifth scheme tries to reap the benefits of the sparse cache-supported scheme and the hierarchical scheme. The resulting hybrid approach achieves efficient performance at the lowest cost of caching possible.In the sixth proposal, an authentication scheme tailored for the multi-server single sign-on (SSO) environment is presented. The scheme utilizes the one-way hash construction in a Merkle Hash Tree and a hash calendar to avoid impersonation and session hijacking attacks. The scheme also explores the optimal configuration of the one-way hash chain in this particular environment.All the proposed protocols are validated by extensive experimental analyses. These analyses are obtained by running simulations depicting the many scenarios envisioned. Additionally, these simulations are supported by relevant analytical models derived by mathematical formulas taking into consideration the environment under investigation.
Show less - Date Issued
- 2014
- Identifier
- CFE0005453, ucf:50392
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0005453
- Title
- Exploring Techniques for Providing Privacy in Location-Based Services Nearest Neighbor Query.
- Creator
-
Asanya, John-Charles, Guha, Ratan, Turgut, Damla, Bassiouni, Mostafa, Zou, Changchun, Mohapatra, Ram, University of Central Florida
- Abstract / Description
-
Increasing numbers of people are subscribing to location-based services, but as the popularity grows so are the privacy concerns. Varieties of research exist to address these privacy concerns. Each technique tries to address different models with which location-based services respond to subscribers. In this work, we present ideas to address privacy concerns for the two main models namely: the snapshot nearest neighbor query model and the continuous nearest neighbor query model. First, we...
Show moreIncreasing numbers of people are subscribing to location-based services, but as the popularity grows so are the privacy concerns. Varieties of research exist to address these privacy concerns. Each technique tries to address different models with which location-based services respond to subscribers. In this work, we present ideas to address privacy concerns for the two main models namely: the snapshot nearest neighbor query model and the continuous nearest neighbor query model. First, we address snapshot nearest neighbor query model where location-based services response represents a snapshot of point in time. In this model, we introduce a novel idea based on the concept of an open set in a topological space where points belongs to a subset called neighborhood of a point. We extend this concept to provide anonymity to real objects where each object belongs to a disjointed neighborhood such that each neighborhood contains a single object. To help identify the objects, we implement a database which dynamically scales in direct proportion with the size of the neighborhood. To retrieve information secretly and allow the database to expose only requested information, private information retrieval protocols are executed twice on the data. Our study of the implementation shows that the concept of a single object neighborhood is able to efficiently scale the database with the objects in the area.The size of the database grows with the size of the grid and the objects covered by the location-based services. Typically, creating neighborhoods, computing distances between objects in the area, and running private information retrieval protocols causes the CPU to respond slowly with this increase in database size. In order to handle a large number of objects, we explore the concept of kernel and parallel computing in GPU. We develop GPU parallel implementation of the snapshot query to handle large number of objects. In our experiment, we exploit parameter tuning. The results show that with parameter tuning and parallel computing power of GPU we are able to significantly reduce the response time as the number of objects increases. To determine response time of an application without knowledge of the intricacies of GPU architecture, we extend our analysis to predict GPU execution time. We develop the run time equation for an operation and extrapolate the run time for a problem set based on the equation, and then we provide a model to predict GPU response time.As an alternative, the snapshot nearest neighbor query privacy problem can be addressed using secure hardware computing which can eliminate the need for protecting the rest of the sub-system, minimize resource usage and network transmission time. In this approach, a secure coprocessor is used to provide privacy. We process all information inside the coprocessor to deny adversaries access to any private information. To obfuscate access pattern to external memory location, we use oblivious random access memory methodology to access the server. Experimental evaluation shows that using a secure coprocessor reduces resource usage and query response time as the size of the coverage area and objects increases.Second, we address privacy concerns in the continuous nearest neighbor query model where location-based services automatically respond to a change in object's location. In this model, we present solutions for two different types known as moving query static object and moving query moving object. For the solutions, we propose plane partition using a Voronoi diagram, and a continuous fractal space filling curve using a Hilbert curve order to create a continuous nearest neighbor relationship between the points of interest in a path. Specifically, space filling curve results in multi-dimensional to 1-dimensional object mapping where values are assigned to the objects based on proximity. To prevent subscribers from issuing a query each time there is a change in location and to reduce the response time, we introduce the concept of transition and update time to indicate where and when the nearest neighbor changes. We also introduce a database that dynamically scales with the size of the objects in a path to help obscure and relate objects. By executing the private information retrieval protocol twice on the data, the user secretly retrieves requested information from the database. The results of our experiment show that using plane partitioning and a fractal space filling curve to create nearest neighbor relationships with transition time between objects reduces the total response time.
Show less - Date Issued
- 2015
- Identifier
- CFE0005757, ucf:50098
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0005757
- Title
- Quantifying Trust and Reputation for Defense against Adversaries in Multi-Channel Dynamic Spectrum Access Networks.
- Creator
-
Bhattacharjee, Shameek, Chatterjee, Mainak, Guha, Ratan, Zou, Changchun, Turgut, Damla, Catbas, Necati, University of Central Florida
- Abstract / Description
-
Dynamic spectrum access enabled by cognitive radio networks are envisioned to drivethe next generation wireless networks that can increase spectrum utility by opportunisticallyaccessing unused spectrum. Due to the policy constraint that there could be no interferenceto the primary (licensed) users, secondary cognitive radios have to continuously sense forprimary transmissions. Typically, sensing reports from multiple cognitive radios are fusedas stand-alone observations are prone to errors...
Show moreDynamic spectrum access enabled by cognitive radio networks are envisioned to drivethe next generation wireless networks that can increase spectrum utility by opportunisticallyaccessing unused spectrum. Due to the policy constraint that there could be no interferenceto the primary (licensed) users, secondary cognitive radios have to continuously sense forprimary transmissions. Typically, sensing reports from multiple cognitive radios are fusedas stand-alone observations are prone to errors due to wireless channel characteristics. Suchdependence on cooperative spectrum sensing is vulnerable to attacks such as SecondarySpectrum Data Falsification (SSDF) attacks when multiple malicious or selfish radios falsifythe spectrum reports. Hence, there is a need to quantify the trustworthiness of radios thatshare spectrum sensing reports and devise malicious node identification and robust fusionschemes that would lead to correct inference about spectrum usage.In this work, we propose an anomaly monitoring technique that can effectively cap-ture anomalies in the spectrum sensing reports shared by individual cognitive radios duringcooperative spectrum sensing in a multi-channel distributed network. Such anomalies areused as evidence to compute the trustworthiness of a radio by its neighbours. The proposedanomaly monitoring technique works for any density of malicious nodes and for any physicalenvironment. We propose an optimistic trust heuristic for a system with a normal risk attitude and show that it can be approximated as a beta distribution. For a more conservativesystem, we propose a multinomial Dirichlet distribution based conservative trust framework,where Josang's Belief model is used to resolve any uncertainty in information that mightarise during anomaly monitoring. Using a machine learning approach, we identify maliciousnodes with a high degree of certainty regardless of their aggressiveness and variations intro-duced by the pathloss environment. We also propose extensions to the anomaly monitoringtechnique that facilitate learning about strategies employed by malicious nodes and alsoutilize the misleading information they provide. We also devise strategies to defend against a collaborative SSDF attack that islaunched by a coalition of selfish nodes. Since, defense against such collaborative attacks isdifficult with popularly used voting based inference models or node centric isolation techniques, we propose a channel centric Bayesian inference approach that indicates how much the collective decision on a channels occupancy inference can be trusted. Based on the measured observations over time, we estimate the parameters of the hypothesis of anomalous andnon-anomalous events using a multinomial Bayesian based inference. We quantitatively define the trustworthiness of a channel inference as the difference between the posterior beliefsassociated with anomalous and non-anomalous events. The posterior beliefs are updated based on a weighted average of the prior information on the belief itself and the recently observed data.Subsequently, we propose robust fusion models which utilize the trusts of the nodes to improve the accuracy of the cooperative spectrum sensing decisions. In particular, we propose three fusion models: (i) optimistic trust based fusion, (ii) conservative trust based fusion, and (iii) inversion based fusion. The former two approaches exclude untrustworthy sensing reports for fusion, while the last approach utilizes misleading information. Allschemes are analyzed under various attack strategies. We propose an asymmetric weightedmoving average based trust management scheme that quickly identifies on-off SSDF attacks and prevents quick trust redemption when such nodes revert back to temporal honest behavior. We also provide insights on what attack strategies are more effective from the adversaries' perspective.Through extensive simulation experiments we show that the trust models are effective in identifying malicious nodes with a high degree of certainty under variety of network and radio conditions. We show high true negative detection rates even when multiple malicious nodes launch collaborative attacks which is an improvement over existing voting based exclusion and entropy divergence techniques. We also show that we are able to improve the accuracy of fusion decisions compared to other popular fusion techniques. Trust based fusion schemes show worst case decision error rates of 5% while inversion based fusion show 4% as opposed majority voting schemes that have 18% error rate. We also show that the proposed channel centric Bayesian inference based trust model is able to distinguish between attacked and non-attacked channels for both static and dynamic collaborative attacks. We are also able to show that attacked channels have significantly lower trust values than channels that are not(-) a metric that can be used by nodes to rank the quality of inference on channels.
Show less - Date Issued
- 2015
- Identifier
- CFE0005764, ucf:50081
- Format
- Document (PDF)
- PURL
- http://purl.flvc.org/ucf/fd/CFE0005764
