A survey on cognitive radio network attack mitigation using machine learning and blockchain

In [20], the authors have proposed a support vector machine (SVM) classifier, which classifies the malicious users and the authorized cognitive users. After segregating the users, the fusion centre collects all the local sensing reports from the authorized cognitive users using Dempster–Shafer evidence theory to make a global decision of the primary user activity. The attack which is considered in [20] is spectrum sensing data falsification (SSDF) attack. The region of convergence (ROC) curve in terms of false alarm and probability of detection, shows that the SVM classifier performs better than other classifiers.

Ernesto, Luis and Jorge [21] have employed SVM classifier to classify the malicious users, who try to mimic the primary user (primary user emulation attack) and the authorized primary users in mobile cognitive radio network. The model has been implemented on software-defined radio testbed with modulations like GMSK (Gaussian minimum shift keying) and orthogonal frequency division multiplexing (OFDM). Improved detection probability has been observed in low SNR compared to other traditional methods without threshold calculations.

Backoff manipulation attack (BMA), affecting the MAC layer, has been detected in cognitive radio network using SVM classifier with radial basis function (RBF) kernel in [22]. SVM classifier is trained using throughput and average transmission delay to distinguish the malicious nodes from the trust ones.

In [23], SVM classifier is used to identify the received signals modulation type based on its fractal dimension and to detect the primary user emulation attack (PUEA). When the SNR is > 10 dB, the PUE detection is 100% and when the SNR is -20 dB, the PUE detection probabilities are \(>97\)%. Thus, the PUE attack is efficiently detected.

In [24], the authors have used the SVM classifier to detect and classify the malicious users in cognitive radio-based Internet of Things (CRIoT). The classification allows the fusion centre to make robust decisions only when the normal CRIoT users report it. With different datasets, classification achieves excellent accuracy with different kernels.

In [25], attacks have been detected using SVM classifier. This intrusion detection system creates an alert information, which is then sent to a probabilistic neural network for attack free opportunistic spectrum access. Throughput, system utility rate and packet delivery ratio have been enhanced, and there has been a drastic improvement in spectrum utilization as well.

Mohammad and Kumaraswamy [26] have compared KNN and artificial neural network (ANN) in the detection of primary user emulation attack in cognitive radio network. They have used elliptical curve cryptography as data encryption for the security of the network. KNN achieves 98% detection accuracy as compared to ANN. Improved network performance in terms of throughput and security has been achieved using KNN classifier.

The analysis of the performance in terms of classification capacity of both KNN and SVM classifier is shown in Fig. 4. Figure 4 shows that SVM outperforms KNN, as the classifier is not only linear, but it includes curvatures. Green line represents KNN classification, and black line denotes SVM classification. It is obvious from the given datasets, which overlap as shown in the figure, that it is impossible for a linear classifier to accurately distinguish them. But a linear classifier, like KNN fails in this case.

Ensemble learning is a useful method to obtain more accurate detection compared with the detection of individual classifiers. For the detection of spectrum sensing data falsification (SSDF) attack in cooperative spectrum sensing of cognitive radio networks, four machine learning techniques like SVM, neural network, ensemble and naive Bayes have been chosen in [27]. Training and testing has been conducted on (i) same dataset and (ii) different datasets. Under the same dataset, neural networks and ensemble learning perform better than the others. Under different datasets, ensemble learning outperforms the other methods. In [28], the authors have used boosted tree algorithm (BTA) with AdaBoost as an ensemble model, to mitigate SSDF attack in cooperative spectrum sensing environment. Results are compared with genetic algorithm soft decision fusion, particle swarm optimization soft decision fusion, count hard decision fusion models and maximum gain combination soft decision fusion schemes and found that BTA has achieved minimum error probability, reduced false alarm and high probability of detection. The authors of [29] have proposed an ensemble model with temporal convolutional recurrent neural network, reputation-based weighted majority vote algorithm, support vector machine (SVM) and logistic regression (LR) in a full-duplex cognitive radio network to resist the interference and malicious attackers. High accuracy, low time cost, low spectrum waste and collision probabilities are observed compared to single-model-based fusion methods and conventional majority vote rule-based fusion strategy. In [30], ensemble-based jamming behaviour detection and identification technique has been used to detect the jamming attack. The ensemble model is proposed with Bayesian classifier, K-nearest neighbour (KNN) classifier and random forest classifier. Results show efficiency in detection, accuracy and precision–recall rates with approximately ‘1.’

Machine learning (ML) models such as logistic regression, k-nearest neighbours, decision tree, Gaussian naive Bayes, support vector machine and linear discriminant analysis have been used for pattern recognition and the performance was evaluated with respect to recall, F-score, precision and accuracy. These ML models are trained and tested with the features extracted using a new technique called pattern-described link signature (PDLS) proposed in [31] to differentiate the authorized users and the malicious users to prevent from the PUEA (primary user emulation attack). The decision tree classifier showed better results, when trained with huge data.

In [32], a high accuracy degree is measured in calculating the trustworthiness and reputation of sensing in secondary users using machine learning techniques. Weka software has been used for data mining tasks. Accurate number of malicious users, suspicious users and honest users are identified. It is observed that Bayes network and decision tree perform better than naive Bayes in providing precise accuracy.

In [33], the authors are concerned about malicious user detection in the energy harvested cognitive radio Internet of Things network. They have used energy detection methods for spectrum sensing and then classified the cognitive users and the malicious users using three machine learning algorithms. Once the grouping has been done in the fusion centre, Dempster–Shafer (DS) theory is employed to make the global decision. Sensing gain, accuracy, network lifetime and sum rate are evaluated among SVM, K-nearest neighbour (KNN) and logistic regression. Logistic regression outperforms the other models.

In [34], PUEA has been detected and defended using logistic regression with MLE (maximum likelihood estimation) and gradient ascent. When compared with support vector machine and artificial neural network, the detection probability and false alarm probability are observed to be 99.5% and 0.6%.

In [35], different classifiers such as neural network, SVM, naive Bayes and logistic regression are compared based on the performance metrics for identifying malicious users. Logistic regression was proved to achieve 100% accuracy with the multifactor trust-based dataset. The trust dataset depends on the spectrum sensing results of every secondary user.

To detect multiple attacks, viz. SSDF attack and jamming attack in cognitive radio network, improved k-means clustering algorithm is used in [37]. Promising results can be seen in secrecy rate, delay, signal-to-interference and noise ratio (SINR), probability of false alarm and packet delivery ratio.

Amar and Ningrinla [38] have proposed k-means++ clustering algorithm and RK-AES (improved version of advanced encryption scheme) encryption method to mitigate and detect the intelligent attackers that are responsible for smart primary user emulation attack (SPUEA). These attackers do not attack all the time but randomly, whenever the primary user is absent. Effective mitigation is done even when the attack is on the fly.

The dynamic-collusive SSDF (DC-SSDF) attackers maintain high trust by dynamically submitting true sensing data and then fake sensing data in a collaborative way to increase the strength of their attack. Zhao, Li, Feng [39] have proposed a binary clustering algorithm-based (TFCA) trust fluctuation clustering analysis to combat the DC-SSDF attack in cooperative spectrum sensing. It improves the trust value calculation accuracy and reduces the DC-SSDF attack strength successfully.

Authorized eligible secondary users are selected based on three factors, like channel quality, SNR and trust factor to improve the performance of the network, using fuzzy logic-based data fusion scheme [40] . Malicious secondary users are identified and rejected in the decision making. The process is less time-consuming rather complex and best suited for real-time applications.

In [41], Neyman–Pearson criterion and machine learning-based adaptive neuro-fuzzy inference system have been proposed, which proves better overall network efficiency of 92% compared with artificial neural network (ANN), when subjected to four kinds of attacks, namely PUEA, SSDF, software-defined network attack and sinkhole attack.

In [42], a group of PUE attackers are investigated in cooperative spectrum sensing using fuzzy conditional entropy maximization. Results have shown that the scheme offers 17.54% and 39.39% higher probability of primary user detection in the presence of PUEA. Weighted fuzzy C means clustering is applied for detecting the (Denial of Service) DOS and replay attacks, while kernel cumulative sum model is applied for detecting the primary user emulation attack (PUEA) in [43], so as to improve the sensing of secondary users. Convergence improved bat optimization reduces the energy consumption, as it makes the power allocation process easier for secondary users. Fuzzy filter convolutional neural network is used for the optimal spectrum access. Results show the reduced rate of detection error of the attack and increased packet delivery ratio.

In [44], a fuzzy c-means-based semi-supervised algorithm is used to detect the SSDF attack. The secondary users can be divided into interactive and non-interactive users. The detection performance is illustrated in different conditions and the performance shows superiority among other algorithms.

In [45], the authors have proposed a new localization approach to detect the primary user emulation attack by combining the trilateration and RSSI (received signal strength indication) with Bayesian decision to involve the conditional risk while introducing the cost of decision. The position of the malicious users are estimated using trilateration-based RSSI, and the legitimacy of the primary user is evaluated using Bayesian decision approach.

Yuanhua and Zhiming [46] have proposed a trust model based on Bayesian interference-based sliding window and weighted trust calculation scheme during spectrum sensing to locate and resist the SSDF attackers. Sigmoid log function is used to generate the trust value for every secondary user. Computational load of the model can be reduced by periodical evaluation. High detection accuracy is obtained for low attacking probabilities.

In [47], the authors have proposed a model to learn dynamic Bayesian network for orthogonal frequency division multiplexing (OFDM) modulated signals in CRIoT network. It detects the single/multiple affected OFDM subcarrier symbols attacked by jammers with high power or low power. Results show better performance compared with conventional methods.

In [48], jammer attack has been mitigated in multiple OFDM subcarriers using two single dynamic Bayesian network (DBN) and bank-parallel dynamic Bayesian network (DBN). Different M-QAM modulates the subcarriers, and optimum self-organizing map’s (SOM) size is chosen for every QAM modulation based on detection probability of multiple attacks. Under multiple attacks, both the DBN exhibits almost similar performance.

In [45], received signal strength indication (RSSI) and trilateration techniques are combined along with the Bayesian decision theory to mitigate the primary user emulation attack. Results show that the PUEA detection zone is influenced by the decision making of security, balancing and productivity.

In [51], the authors have proposed ProML algorithm (protection using machine learning), a random forest algorithm-based strategy to mitigate the random attacks on cognitive radio network channels. Jamming attack is the focussed attack to detect. The method is proved to be a promising solution for a larger network of more than 100 channels when compared with the traditional swapping methods.

In [52], every secondary user evaluates its sensing report to existing sensing classes through the Levenshtein distance function. Depending on the quantitative variables, the prediction function of every sensing class is measured by the nearest centroid classifier. The sensing reports are classified based on the presence of the primary user. At the fusion centre, the predictive classes are integrated for the robust detection against PUEA and SSDF. It outperforms the conventional methods in terms of the metrics like sensing delay by 47%, throughput by 45% and prediction error by 46%.

In [53], consensus fusion network and conventional collaborative sensing algorithms have been combined to increase the fusion network’s convergence speed and to reduce the sensing time for detecting the malicious users, in order to improve the performance of spectrum sensing.

Monireh [54], in her dissertation, formulated online learning primary user emulation attack with two attacking strategies, AORO (Attack-OR-Observe) and ABOA (Attack-But-Observe-Another), where the attacker can dynamically choose a channel for attacking in each time slot, depending on its attacking experience.

In [55], reinforcement learning in clustering is used as an approach to achieve better network scalability. The effects of reinforcement learning (RL) parameters like discount factor and learning rate are analysed in a volatile cognitive radio, where some unauthorized users involve in launching attacks. To tackle such attacks, the cluster heads leverage on reinforcement learning model. From the results, it is understood that when the attack probability ranges from 0.3 to 0.7, the reinforcement model with learning rate ‘1’ achieves high network scalability.

In [56], the thesis uses the multiarmed bandit problem and ProML machine learning design to analyse and mitigate the jamming attack in the cognitive radio network.

In [57], Markov decision process-based preventive approach is applied to detect the off-sensing DoS (denial of service) attack in cognitive radio network. Q-learning is used to learn the optimal policy. It improves the network throughput and performs better than the naive approach.

In [58], PUEA detection and prevention are realized using extreme machine learning algorithm and time–distance with signal strength evaluation, which improve the energy efficiency, sensing ability, network performance and spectrum utilization and reduces the system delay in cognitive radio network.

Table 1 shows the reference study of possible types of attacks in CRN and their countermeasures using respective machine learning algorithms.

Table 2 depicts the performance comparison of machine learning models SVM, KNN, logistic regression, k-means and decision tree by analysing the parameters training time complexity, prediction time complexity, detection accuracy, false positive rate, precision and receiving operating characteristic.

In [63], the authors have proposed a neural network model to mitigate PUEA. The model has been designed using an input layer, 15 neurons with four hidden layers and an output layer. PUEA is formulated as a two-class classification problem to classify the signal into primary user and primary user emulation attack. The real-time signal classification is done with 97% accuracy, 2.5db gain with 100% detection probability.

In [64], secure hash algorithm and soft computing method (neural network) are integrated to detect the primary user emulation attack. The received signal strength and direction of arrival are used to localize the primary and secondary users.

In [65], cognitive user emulation attack is addressed for both centralized cognitive radio network and decentralized cognitive radio network. The attacker tries to block the authorized cognitive users from accessing the unused channels by imitating them during the spectrum handoff delay. The impact of cognitive user emulation attack (CUEA) in terms of delay, throughput and miss rate detection has been compared between ANN and traditional methods. ANN outperforms the traditional methods.

In [66], a multilayer neural network classifier with 2 hidden layers of 20 neurons each is proposed to detect the falsified reports in the cooperative spectrum sensing of CRN. The classification has used SNR ratio, distance between primary and secondary users and energy statistics of the received samples as the features. When compared with linear SVM, logistic regression and radial basis function (RBF) kernel SVM, accuracy of 98.5% is achieved with probability of detection as high as 90.4% and a probability of false alarm as low as 8%.

In [67], a multilayer perceptron-based neural network is used to defend the SSDF attack. The weights of the secondary users have been updated regularly and based on these trusted weights, the sensing results have been grouped in the fusion centre.

In [68], artificial neural network (ANN) is used as a classifier to detect the malicious users. Cyclostationary features have been extracted for every detected signal and are given to a neural network as training and testing data. The performance has been compared with energy detector-based classifier and naive Bayes-based classifier. Classification rate has been obtained as ‘1’ approximately even at low transmission power.

To improve the primary user emulation attack (PUEA) detection accuracy, even when the attack signature changes inconsistently, the authors of [69] have used dual classification strategy (classification at the edge and core cognitive radio nodes) using deep learning convolution network (DLCN). The detection accuracy is compared with rule-based technique and feed-forward neural network. DLCN performs better than the compared ones.

The authors of [70] have proposed a one-dimensional convolutional neural network (1D-CNN) for detecting primary user emulation attack and jamming attack in cognitive radio network. 1D-CNN performs better than machine learning techniques in terms of receiver operating characteristics (ROC) and area under ROC.

In [71], PUE, SSDF and eavesdropper attacks are mitigated using signal strength-based location estimation (SSLE) scheme, convolutional neural network (CNN), hybrid advance encryption with Diffie–Hellman encryption (HAES-DHE) algorithm, respectively. Promising results have been obtained in detection probability, estimation of attack strength estimation, miss detection probability, honest nodes estimation and throughput.

The authors of [72] have proposed RNN model for detecting the cognitive user within primary user boundary and malicious user detection by ordering (MUDR) for differentiating the authorized and unauthorized users to avoid the illicit use of free white spectrum. It has been observed that the overall performance has increased by fast and precise detection.

The authors of [73] have proposed vertical federated learning-based cooperative sensing (VFL-CS) scheme using local RNN model to prevent the privacy threat at each secondary users, where local sensing results are available. It performs better than conventional soft-fusion-based cooperative sensing (SF-CS) scheme in terms of high area under curve.

In [75], spectrum anomaly is detected for cognitive mmWave radio network using deep learning generative models, such as auxiliary classifier generative adversarial network (AC-GAN), variational autoencoder (VAE) and conditional generative adversarial network (C-GAN). Real mmWave dataset has been used for evaluation. AC-GAN performs better than C-GAN and VAE with respect to accuracy and probability of detection.

In [76, 77], two models based on GAN have been designed- dumb GAN model without prior information of primary user and smart GAN model with prior information of the primary user to segregate the primary users and emulated primary users. Both the models detect the selfish and malicious primary user emulation attacker with more than 98% accuracy. Smart GAN model achieves better accuracy and faster saturation than the dumb model. In [77], also the pattern of long-term ON and OFF times of the primary user activities are learned using the ConvLSTM model, which gives 99.9% accuracy.

In [78], the authors have analysed two real-time applications, viz. high-dimensional data application and low-dimensional data application, using conditional generative adversarial network (C-GAN) and dynamic Bayesian network (DBN), respectively, to detect the abnormal signals present in the cognitive radio network, thus developing a self-aware radio network.

In [79], the features are extracted from the Stockwell transform representation of the wideband spectrum and organized in a generalized state vector. Then the generative models are employed and learned to detect the malicious activity. Conditional GAN, auxiliary classifier GAN and deep VAE have been taken as generative models and compared.

In [81], the authors have used adaptive learning for detecting primary user emulation attack (PUEA) by analysing transmitter received power. The learning process adopts cyclostationary and distance feature-based analyses for differentiating authorized users from the malicious user and thus improved the throughput of the secondary user and detection probability by 16.31% and 9.67% and minimized the time of signal classification and misdetection by 48.53% and 18.3%, respectively.

In [83], jamming activity mitigation and energy monitoring are done using multiobjective ant colony optimization model along with double Q-learning deep reinforcement model. The results are compared with genetic algorithm and artificial bee colony algorithm in terms of lifetime, throughput and malicious node mitigation [85].

In [84], the authors have designed double deep Q-network to confront the jamming attack in cognitive radio network. To maximize the successful transmission rate of users, deep reinforcement learning is used to learn the policy. Transformer encoder is used to implement the Q-network to analyse the spectrum data action values.

Table 3 shows the reference study of possible types of attacks in CRN and their countermeasures using respective machine learning algorithms.

The comparison of training loss curve of all deep learning models is shown in Fig. 7. Figure 7 shows that GAN outperforms other deep learning models that it converges with minimum loss within a few epochs, whereas other models take little longer epochs for the minimum loss convergence.