Chinese Journal of Electronics

Vol.20, No.4, Jan. 2011

Defense Against Objective Function Attacks in

Cognitive Radio Networks
PEI Qingqi1,2 , LI Hongning1 , MA Jianfeng1 and FAN Kefeng3
(1.Ministry of Education Key Laboratory of Computer Network and Information Security,
Xidian University, Xian 710071, China)
(2.Institute of China Electronic System Engineering Corporation, Beijing 100039, China)
(3.China Electronics Standardization Institute, Beijing 100007, China)
Abstract Cognitive radio (CR) is a technology for
identifying opportunities using the spectrum holes for
communication by cognition. Consequently, we can increase spectrum resource utilization rate with CR. However, it is cognition that causes an unprecedented challenge for cognitive radio networks, especially in security
performance. Based on security problems existing in cognitive radios, we analyze Objective function attacks in detail. To counter this attack, we propose a multi-objective
programming model, called MOP, which veries all parameters tampered, so that attackers can not prevent CR from
adapting to surroundings. Our simulation results indicate
that the MOP model can defend Objective function attacks
eectively. Thus, with the MOP model based on Particle
swarm optimization (PSO), cognitive radio networks will
obtain the optimum condition.
Key words Cognitive radio, Parameters attacks, Objective function attacks, Spectrum sensing, Multi-objective
programming.

ing threats) and articial intelligence behavior threats (policy

threats, learning threats and parameters threats) aect CR
application directly. In these threats, Primary user emulation (PUE) attacks, a spectrum sensing threat, and Objective
Function Attacks, a parameters threat, are two kinds of typical attacks. To defend PUE attacks, many researchers have
designed eective schemes, such as the technology of embedding a signature in an incumbent signal[2] , and the LocDef
(Localization based defense)[3] scheme. The most important
characteristic of CR is that it can adjust parameters to the
optimum condition by environment sensing and all round balancing based on memory. However, the objective function
attack is what prevents the performance of this characteristic.
The study for objective function attack is just getting started,
and no perfect scheme appears at present. We rst analyze
objective function attacks in detail[4] , and optimize objective
function of CRN by using PSO algorithm, then manipulate
the total objective function so as to defense objective function
attacks.

I. Introduction
As a limited natural resource, wireless spectrum becomes
increasingly scarce with the ever-increasing number of users,
and the utilization ratio is a critical problem in wireless applications, then cognitive radio appears. In cognitive radio
networks, CR can adapt to parameters by checking the state
of dynamic spectrum without causing any interference to primary users and make full use of the limited amount of spectrum so that the spectrum utilization ratio can be increased
and the Cognitive radio networks (CRNs) can reach the optimum condition. Compared with traditional wireless radios,
CR can provide data for later decision-making by learning[1] .
Similar to traditional wireless networks, CRNs also have
security problems. These threats such as dynamic spectrum
access threats (spectrum sensing threats, spectrum management threats, spectrum mobility threats[7] and spectrum shar-

II. Background
1. Basic PSO algorithm
PSO is inspired by observing the bird ocking or sh
schooling. Scientists found that the synchrony of ocking behavior was by maintaining optimal distances between individual members and their neighbors. Scientists perceived that in
order to nd food the individual members determined their
velocities by two factors, their own best previous experience
and the best experience of all other members, called pbest and
gbest. The formula is as follows:
v[] =v[] + c1 rand() (pbest[] present[])
+ c2 Rand() (gbest[] present[])
present[] =present[] + v[]

Manuscript Received Dec. 2009; Accepted Jan. 2010. This work is supported by the National Natural Science Foundation of China
(No.60803150, No.60803151), the National High Technology Research and Development Program of China (No.2008AA01Z411), the Key
Program of NSFC-Guangdong Union Foundation (No.U0835004), China Postdoctoral Science Foundation (No.20090451) and the Planned
Science and Technology Project of Shannxi Province (No.2009K08-38).

Defense Against Objective Function Attacks in Cognitive Radio Networks

where v[] represents velocity, present [ ] is the location of the
particle at present, rand ( ) and Rand ( ) are random numbers, rand, Rand (0, 1), and c1 and c2 are learning factors,
c1 = c2 = 2 generally, and v[] [vmax , vmax ] and vmax is a
constant decided by users.
2. Multi-objective programming
The multi-objective programming focus on Distributed decision. Bilevel programming is the simplest form. All the
Multi-Layer programming can be seen as the compounding
form of bilevel programming. The common model of bilevel
programming is as follows:
min f0 (x, y) =(f01 (x, y), f02 (x, y), , f0n (x, y), )
x

s.t.

G(x, y) 0

min fi (x, yi )
y1

s.t.

gi (x, yi ) 0,

i = 1, 2, , m

where x and f0 are decision-making variable and objective

variable function in the upperlayer respectively. y and fi are
decision-making variable and objective variable function in the
underlayer respectively, and gi is the constraint condition.

III. Objective Function Attacks and Their

Influence
In adaptive radios[5] , the cognitive engine manipulates a
large number of radio parameters over time in an eort to
maximize its multi-goal objective functions by using optimization algorithm, such as Genetic algorithm (GA) and PSO[6] .
Once the optimized result is chosen, CR assigns the parameters to each sub-objective function, so that the CR systems
can reach the optimum condition. In the accommodation process, attackers try to prevent CR from adjusting parameters
in every way, which is dicult to avoid. The illustration is
shown in Fig.1 and Fig.2.

139

process is secure. Fig.2 shows the state under assault: attackers tamper data before CR optimize all parameters, and as a
result CR can not reach the set objective, and these behaviors
lead to worse parameter setting of CR systems.
Objective function attacks are that attackers prevent CR
from adaptive change by tampering data[9] . Suppose a simple
cognitive radio system only has three goals, low-power, highrate, and secure communication, then the total objective function is as follows: f = 1 P + 2 R + 3 S, where i , i = 1, 2, 3
are the weights and P, R, and S represent the three goals of
power, rate, and security. Imagine an attacker wishes to force
a radio to use some security level s1 rather than the more secure version s2 , where s1 < s2 . Whenever the cognitive engine
tries using s2 , the attacker can articially decreasing R from
r2 to r1 with r1 < r2 . In particular, an attacker would need
to cause sucient interference such that
1 P + 2 r 2 + 3 s1 > 1 P + 2 r 1 + 3 s2
3
or solving for r1 : r1 < r2
(s2 s1 ). Thus, once CR
2
wants to change S, the total objective function will change,
and this leads to bad setting of parameters. Attackers get all
parameters in every way and they could prevent CR manipulating only by computing r1 . This is called Objective function
attack[4] . Attackers reach their goals as Fig.3 shows.

Fig. 3. Object function attack

The signicant dierence between cognitive radio and traditional wireless radio is that CR can adapt to parameters itself
by sensing and learning from around, especially from memory.
However, with objective function attacks, CR can not adapt
to parameters, leading to worse performance. How to defend
objective function attacks? We propose a scheme as follows.

IV. A Scheme to Defend Objective

Function Attacks
Fig. 1. Normal situation

In objective function attacks, attackers tamper parameters to prevent CR from adjusting parameters. How can we
detect the tampered parameter and correct it in order to
make CR setting perfect? According to the form of objective
function attacks, we assume CR has n sub-objectives, fi (x),
i = 1, 2, , n, then the total objective function is:
f=

n


i fi (x)

i=1

Fig. 2. Attack situation

Fig.1 shows that in normal situations, CR optimizes all

parameters after sensing External condition and customer requirements, then assigns the parameters. This accommodation

where i is the weight of the ith sub-objective, and

CR chooses max

n

i=1

n


i = 1.

i=1

i fi (x) as the optimal result to adjust set(t)

tings. At time t, the ith sub-objective is fi (x), i = 1, 2, , n

Chinese Journal of Electronics

140

and the total objective function is f (t) = max

n


(t) (t)

i fi (x).

i=1

Because of dynamic changes of the external environment and

user demand, CR has to tamper the jth parameter in the following time. In order to ensure that the jth parameter j fj (x)
has been tampered indeed without other parameters uctuating on a large-scale, at this time, we must adjust the objective
function under the condition that other parameters are not
changing on a large-scale, so that :

n


(t)

(t1)

i fi (x) fi

(x)k

(1)

i=1
i=j

Eq.(1) is as small as possible, that is:

min

n


(t1)
fi
(x)k

(2)

i=1
i=j

V. Simulations

where Eq.(1) has an upper limit which is:

max

n


(7)

and then adjust it.

Generally speaking, attackers can only tamper a few subobjective functions. For their own benets, they often tamper one parameter with a large margin. At this moment,
CR detects the wave range of every sub-objective function
(t) (t)
and searches for wave radius R, R = max i fi (x)
(t1) (t1)
fi
(x). Then CR compares sub-objective function
i
around R with tness value by response to the external environment. If these sub-objective functions deviate from tness
values, we consider it as attackers behavior. After this, CR
redistributes every parameter to make the system state optimal.
We can calculate the tness of the ith sub-objective in time
k+1 according to velocity calculating in PSO. The tness value
of the ith sub-objective in time k + 1 is:
vik+1 = vik + c1 rand(pbest vik ) + c2 Rand(gbest vik )

1
(t)
i fi (x)

2011

(t)

(t1)

i fi (x) fi

(x)k

< mj

(3)

i=1
i=j

mj is a xed value:
(t)

(t1)

mj = j fj (x) fj

(x)

Once objective function attacks exist, CR can not tamper

parameters freely. From the above three formulas, we can detect whether attackers exist by system computing. If Eq.(3)
does not hold, CRs readjust parameters intelligently. According to the analysis above, we conclude the bilevel programming
model as follows:


f = max n
(4)
i=1 i fi (x)

s.t.

k
n

(t)
(t1)
k

i fi (x) fi
(x)
(5)

min

i=1

i
=
j

s.t.

k
n

(t)
(t1)
k

f
(x)

f
(x)
< mj
(6)
max
i
i
i

i=1

i=j

(t)
(t1)
mj = j fj (x) fj
(x), j = 1, 2, , n
Eq.(4) indicates the optimum total objection function with
the restriction of Eqs.(5) and (6). From Eq.(5) we can see the
uctuation should be as small as possible except the jth parameter. Besides, the uctuation has an upper limit in Eq.(6).
We can decide whether attackers behavior work according to
Eq.(6). If Eq.(6) still holds, even if attackers have tampered
some parameters, the attack will be meaningless. If Eq.(6)
doesnt hold, the attack will be eective. Therefore, CR should
nd out the tampered parameter and x it to make the system
state perfect.

In order to illustrate the performance of the bilevel programming model, we choose 5 common sub-objectives to analyze adaptivity(A), learning capacity(L), security(S), sensitivity(Se) and transmission rate(V) respectively. Table 1 shows
the optimal state in time t 1:
Table 1. Parameter
A
Sub-objective
0.7
weight
0.4
Total objective

setting in time t 1
L
S
Se
V
0.5
0.4
0.8
0.3
0.3
0.15
0.1
0.05
0.585

Table 2. Anticipative parameters in time t

A
L
S
Se
V
Sub-objective
0.7
0.5
0.9
0.8
0.3
weight
0.4
0.3
0.15
0.1
0.05
Total objective
0.66
Table 3. Tampered
A
Sub-objective
0.4
weight
0.4
Total objective

parameter in time t
L
S
Se
V
0.5
0.9
0.7
0.28
0.3
0.15
0.1
0.05
0.529

For the changes of surroundings or customer requirements

in time t, CR wants to raise the security level to a value greater
than 0.4, and other parameters neednt be tampered. Table 2
shows CRs anticipative results.
Attackers tamper some of the parameters by objective
function attacks, as a result, CR can not adapt to surroundings and keep the parameters setting in time t 1 perpetually.
Similar to traditional wireless radios, CRs cognitive function
never works. According to our bilevel programming, we detect
parameters in time t to see whether attackers exist. If

max

n


(t)

(t1)

i fi (x) fi

(x)k

> mj

i=1
i=j

holds, there must be attackers. Then we look for wave radius

R, compare the large wave sub-function with tness value. If
not matched, reset these parameters.

Defense Against Objective Function Attacks in Cognitive Radio Networks

Fig. 4. Parameters setting in

time t 1

Fig.4 shows the optimal setting of the ve subobjectives mentioned above in

time t 1. In order to verify
our bilevel programming, we
imitate attackers. Fig.5 and
Fig.6 are results of tampering
one parameter and three parameters respectively.
In Fig.5 and Fig.6, (a)
is the anticipated parameters
setting. After attackers tam-

141

we can judge whether the parameters are altered by malicious

nodes or not. In our simulation, we consider two mobile nodes
can communicate with each other through one of the three
channels freely in 250 250m.
L: Loss ratio; T: Throughput; S: Security level
Se: Sensitivity (communication time/ (total time)), total
time =communication time +channel switching time
The sub-objectives:
s1 = 1 L; s2 = T ; s3 = Se; s4 = S
the total objective function is:
f = 1 s1 + 2 s2 + 3 s3 + 4 s4
Table 4. Parameters
L
T
Se
0 6s
0.028
1.212
0.980

S
0.500

Table 5. Weights
1
2
3
4
0.3
0.1
0.2
0.4

To improve communication security, both sides need to alter security level next time. So they set s4 lager, s4 = 0.8. At
this moment, the malicious node jam the channel, articially
decreasing sub-objective from s1 to s1 , s.t.
s = 1 s1 + 2 s2 + 3 s3 + 4 s4 < s
Fig. 5. One parameter tampered

Based on the maximum principle, CRs have to choose the

parameters of s. As a result, CRs cannot adapt itself and
reach Self-Adaptation. With our bilevel programming model,
we can detect the altered parameter, and then calculate the
tness value with Eq.(7) and modulate power to decrease interference, and reduce loss ratio.
In CRN, incumbents should be protected against interference from CRs[8] ; hence, CRs have to regulate parameters to
ensure their security without disturbing incumbents. With our
bilevel programming model, we can detect all parameters and
decide which one has been altered by attackers. Besides, PSO
algorithm makes our tness values of all sub-objectives adapt
to the new environment. The proposed solution solves objective function attacks even if a number of parameters have
been tampered. Moreover, considering sensing data as subobjectives, we can detect the spectrum sensing process[9] and
cooperate other CRs to reach optimal state on the basis of
security.

Fig. 6. Three parameter tampered

VI. Conclusion

pering, parameters become dierent shown as (b). The malicious tampering leads to the result that CR keeps settings in
last time t 1 perpetually. With our bilevel programming, we
can detect and control parameters, and then adapt them to
surroundings as is shown in (d).
The results show that no matter how many parameters are
tampered by attackers, our bilevel programming works. This
bilevel programming can defend objective function attacks effectively.
Let simple communication parameters be sub-objectives,

To defend Objective Function Attacks in cognitive radios, we propose an appropriate proposal called MOP (Multiobjective programming model). After attackers obtain all parameters, CRs detect them and compare them with tness
value with MOP to decide whether attackers exist. If so, then
CR readjusts the tampered parameters to optimal settings. All
these ensure that CR adapts to surroundings intelligently. Besides using MOP repeatedly (this will increase computation),
if CR needs to change two or more parameters, we propose a
rough scheme above. The details will be our future work.

Chinese Journal of Electronics

142
References

[1] Burbank, Jack L, Security in cognitive radio networks: The

required evolution in approaches to wireless network security,
Proceedings of the 3rd International Conference on Cognitive Radio Oriented Wireless Networks and Communications,
(CrownCom), pp.17, 2008.
[2] Ruiliang Chen, Jungmin Park, Y. Thomas Hou, Jerey H. Reed,
Toward secure distributed spectrum sensing in cognitive radio networks, IEEE Communications, Vol.46, No.4, pp.5055,
Apr. 2008.
[3] R. Chen, J.M. Park and J.H. Reed, Defense againstagainst primary user emulation attacks in cognitive radio networks, IEEE
Journal on Selected Areas in Communcations Special Issue on
Cognitive Radio Theory and Applications, Vol.26, No.1, Jan.
2008.
[4] T. Clancy, N. Goergen, Security in Cognitive Radio Networks:
Threats and Mitigation, Third International Conference on
Cognitive Radio Oriented Wireless Networks and Communications (CrownCom), pp.18, May 2008.
[5] Yuan Zhang, Gaochao Xu, Xiaozhong Geng, Security Threats
in Cognitive Radio Networks, Computer Society, pp.10361041,
Sept. 2008.
[6] T.W. Rondeau, C.J. Rieser, B. Le, C.W. Bostian, Cognitive
radios with genetic algorithms: Intelligent control of software
dened radios, Software Defined Radio Forum Technical Conference, 2004.
[7] G.A. Safdar and M. ONeill, Common control channel security
framework for cognitive radio networks, 69th Vehicular Technology Conference, pp.15, Apr. 2009.
[8] Ahmad, Aftab, O. Richard, Afolabi, On secure spectrum sensing in cognitive radio networks using emitters electromagnetic
signature, Proceedings of 18th International Conference on
Computer Communications and Networks, pp.15, Aug. 2009.
[9] Tevk Yucek and Huseyin Arslan, A survey of spectrum sensing algorithms for cognitive radio applications, IEEE Communications Surveys and Tutorials, Vol.11, No.1, pp.116130, First
Quarter 2009.

2011

PEI Qingqi
received B.E., M.E.
and Ph.D. degrees in computer science and
cryptography from Xidian University, in
1998, 2005 and 2008, respectively. He
is now an associate professor and a vicedirector of CNIS Laboratory, also a Professional Member of ACM and Japan IEICE, Senior Member of Chinese Institute
of Electronics and China Computer Federation. His research interests focus on digital contents protection and wireless networks and security. (Email:
qqpei@mail.xidian.edu.cn)
LI Hongning received B.S. degree
in information and computing science from
Xidian University, China, in June 2007 and
now she is a M.S. degree candidate in cryptography. Her research interests include
wireless networks security and cognitive radios.

MA Jianfeng received B.S. degree

in mathematics from Shaanxi Normal University, China in 1985, and received M.E.
and Ph.D. degrees in computer software
and communications engineering from Xidian University, China in 1988 and 1995, respectively. From 1999 to 2001, he was with
Nanyang Technological University of Singapore as a research fellow. He is an IEEE
member and a senior member of Chinese
Institute of Electronics (CIE). Now he is a Professor and Ph.D.
supervisor in the School of Computer Science at Xidian University, Xian, China, and the director of the Key Laboratory of Computer Networks and Information Security of Ministry of Education
(China). His current research interests include distributed systems,
wireless and mobile computing systems, computer networks, and information and network security. He has published over 150 refereed
articles in these areas and coauthored ten books.