stochastic model for cognitive radio networks under...

Stochastic model for Cognitive Radio Networks underjamming attacks and honeypot-based prevention

Suman Bhunia1, Xing Su2, Shamik Sengupta3, Felisa Vazquez-Abad4

[email protected], [email protected],[email protected], [email protected]

1,3University of Nevada, Reno, NV, USA 895572,4City University of New York, NY, USA

International Conference on Distributed Computing and Networks2014, Coimbatore, India

S Bhunia, S Sengupta, X Su, F Vazquez-Abad () ICDCN 2014 1 / 25

Introduction

I In Cognitive radio network, a secondary user (SU) goes through fixedperiodic cycle of sensing and transmission period. We model this asFCFS queue with fixed server vacation. Sensing period is consideredas vacation as the SU can’t transmit packet in this period.

I Queue modeling with random server vacation has been studiedextensively by the research community. However, fixed and periodicschedule of vacation leads added layer of complexity in the model.

I In this paper, we are going to present a queue model that deals withqueue with fixed and periodic server vacation.

I Again, in the transmission period a secondary user might be assignedwith other task such as honeypot. This leads to another kind ofvacation. In this paper we also study honeypot scheduling in aspectof queue size of the node.


Cognitive Radio Network

I Cognitive Radio allows secondary user (SU) to use a spectrum whenprimary user (PU) is not using that spectrum.

I SUs sense for free channels in sensing period and can transmit on achannel on transmission period if the channel is free from PU.

I In a network, all SUs are synchronous for this cognitive cycle.Otherwise one SUs transmission will create false alarm to other SU.

I All SUs generate list of free channel in sensing period. Then centralcontroller schedule which channel to be used by which SU in thetransmission period.

I Each SU transmit packets in the transmission period over the channeldedicated by central controller.


Jamming based DoS attack

I The nature of broadcasting electromagnetic signal on shared wirelessmedium is vulnerable to jamming based denial of service attack.

I While PUs are able to discourage attackers by means of heavypunishment, SUs are left vulnerable against malicious jamming /disruptive attacks

I Attacker emits jamming signal to create high interference to thecommunication of a legitimate wireless network and disrupt it.

I Advancement in software dened radio (SDR) and dynamic spectrumaccess (DSA) makes it even easier for smart malicious attacker toefciently find legitimate communication and disrupt.


Jamming attack example

PSD of normal datacommunication

PSD of narrow bandjamming signal

I Two computers are configured tocommunicate over a WLAN (IEEE802.11-a, channel 36, central frequency:5.18 GHz)

I PSD shows high energy on 20 MHz channeland some leakage to neighboring channels.

I We begin transmitting a very narrow bandjamming signal of 2MHz from a thirdmachine, also on channel 36.

I In the presence of jamming signal, normaldata communication is stopped. PSD onlyshows jamming signal energy.


Use of Honeypot in avoiding attacks

I In Cybercrime defense, honeypots are being used as a camouflagingsecurity tool with little or no actual production value to lure theattacker giving them a false sense of satisfaction thus bypassing(reducing) the attack impact and giving the defender a chance toretrieve valuable information about the attacker and attack activities.

I A smart attacker does not attack a channel blindly. It scans throughall possible channels and choose one channel to attack that wouldgive it best incentive out of jamming.

I It’s strategy space includes but not limited to attacking channels withhighest power, bandwidth, data-rate, particular modulation schemeetc.

I In CRN, honeypot mechanism can be deployed in one SUs which actas normal data transmission. In order to attract the attacker to thischannel, the honeynode tries to obtain the attackers fingerprint fromthe past attack history.


Use of Honeypot in avoiding attacks . . .

I The SU acting as honeypot node or honeynode transmit withtransmission characteristics that is learned to be attacker’s strategy.This lures the attacker to attack on honeynode’s channel.

I Design of Honeypot is beyond the scope of this paper. We describethe design in another paper.

I In every transmission period, a SU is dedicated as honeynode. Whenacting as honeynode, that SU have to queue all its packet andtransmit some garbage data.

I Sacrificing as honeynode causes delay to that particular SU. Choosinga honeynode from the network is a crucial problem to maintain thebalance of system performance.

I Define a parameter, Attractiveness of Honeypot (ξ) as the probabilityof honeynode transmission is jammed given there is an attack.

I In this paper we present a theoretical model for calculating averagequeuing delay for a node. Then present honeynode selection strategy.


Channel Allocation by Central Controller


Mathematical Model: Queues

I Different application generates packets withdifferent size and at random interval.

I These packets are queued upon generation.

I In transmission period if the node is notserving as honeypot, it transmits packetsfrom queue.

I We model the queue of each SU as M/G/1 FCFS server with periodic“vacations”. ’Service’ means packet transmission. These vacationsare: when SU is in sensing period, and when it is acting as honeynode.

I Poisson arrivals at each SU λi .

I Packet sizes ∼ U(`1, `2) in bytes, E(Y ) = 1136.

I Server needs δ = 10−7msec to transmit each byte.

I Sensing period of 50 msec and transmission period of 950 msec.


Mathematical Model Contd . . .

Assume that each queue is stable and call X the fraction of service thatmust be postponed at the start of a sensing period in steady state. Then:

E(X ) = ρ

(E(S) + `1

2

). (1)

This result follows from straightforward calculation. Assuming that thequeues are stable, the effective service rate for each of the SUs satisfiesthe equation:

µ′i = µ

(Tt − ρi 0.5(E(S) + `1)

Ts + Tt

)(1− pi ), ρi =

λiµ′i,

which yields an implicit equation for µ′:

µ′i (Tt + Ts) = µ

(µTt − 0.5

(E(S) + `1)λiµ′i

)(1− pi ) (2)


Stationary waiting time for infinite buffer model

Theorem

Suppose that i’th SU has incoming rate λ, and that it is chosen as ahoneynode independently of the state of the queue, with long termfrequency of p. Furthermore, assume that this queue is stable and ergodicand let X satisfy equations (1). Then the stationary delay in queue is:

Wq =R

1− λE(S)(1 + ∆), (3)

where the stationary residual service time is:

R =λE(S2)

2+

E(Ts + X )2 (1− p) + E(Ts + Tt + X )2 p

2(Ts + Tt)(4)

and the correction factor for the vacations is:

∆ =Ts + λE(X ) + pTt

(1− p)(Tt − E(X )).


Proof: Idea

Poisson arrivals: system in stationary state.Nq ∼ stationary distribution of the queue length.T = required service time for the customers in queue.

E(T ) = E

Nq∑k=1

Sk

= E(NqE(S)) = λWqE(S).

Arriving customer has s stationary average waiting time:

Wq = λWqE(S) + R + vs( Ts + E(S)) + vh Tt ,

where vs and vh are the (expected) number of sensing and honeynodeperiods (respectively) that fall within the time required to transmit all theNq customers in front of the new arrival.


Proof: residual time for next transmission

Here, green indicates packet transmission, red is Channel sensing, yellow isServing as honeypot and blue indicates, the node postpone current packet

transmission as it can not be done within transmission period.

R = limt→∞

1

t

∫ t

0

r(t) dt

= limt→∞

1

t

M(t)∑i=1

S2i

2+

V (t)∑i=1

(E(Ts + S)2)

2

)+

H(t)∑i=1

T 2t

2


Honeynode selection strategies

I Random selection: Centralized controller picks one SU randomly ashoneypot, following a probability pi = P(node i is chosen as honeypotat each transmission period.

I Round robin: This is the simplest form of scheduling mechanism.Here honeypots are selected in circular fashion, selecting all SU’s withequal frequency.

I State dependent: In this type of selection mechanism the centralizedcontroller picks the SU according to the current values of the queues.These policies target a decrease in mean queueing delay.


Simulator

We coded a discrete event simulation written in Python in order tocompare the honeynode selection strategies. Default system parametersare given below:

Parameter Symbol Value

Number of SU N 20Packet Service Time Sn ∼ U(0.1, 1.7) msecSensing Period Ts 50 msTransmission Period Tt 950 msNumber of attacks / slot 1Number of honeynodes /slot 20Number of replication 30Simulated time 5000000 msecWarm-up time 100000 msec


Comparison of approximations: without honeypot

I M/G/1 Queue. A first crudeapproximation is to use theM/G/1 formulas with theeffective rates λ and µ′. µ′ canbe calculated as in (2)µ′ ∈ [1.05513, 1.05551].

I Priority model. A secondapproximation is based on aM/G/1 priority queue. Thesensing operation is to be servedin higher priority, and packettransmission is the lower priorityjob. This deals with servicesarriving according to Poissonprocess.

0

2

4

6

8

10

12

14

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Ave

rag

e Q

ue

uin

g D

ela

y in

mill

ise

co

nd

Packet Arrival Rate (λ)

M/G/1 ApproximationPriority Queue

Queue with VacationSimulated

We can clearly see that ourmathematical model gives closestapproximation to the simulated resultcompared to already developedqueue models.


Comparison of approximations: with honeypot

I One SU serves as honeynode.

I M/G/1 Queue. For randomhoneynode assignment(pi = 1/N), the correspondingrange is µ′ ∈ [1.00283, 1.00320],ensuring stability for all queues.

I Priority model. The sensingoperation is to be served inhigher priority, serving ashoneynode as second priorityand packet transmission is theleast priority job. This dealswith services arriving accordingto Poisson process.

0

50

100

150

200

250

300

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Ave

rag

e Q

ue

uin

g D

ela

y in

mill

ise

co

nd

Packet Arrival Rate (λ)

M/G/1 ApproximationPriority Queue

Queue with VacationSimulated Random Honeypot

Simulated Round Robin Honeypot

We can clearly see that ourmathematical model gives closestapproximation to the simulated resultcompared to already developedqueue models.


Starvation probability

Strategies for honeypot allocation may include choosing the channel withlargest probability of emptying. The particular case where all SU’s haveidentical statistics (same arrival rates) is much simpler because it reducesto choosing the node with minimal queue size, and no further calculationsare necessary. However in the more realistic scenarios when λi is not onlydifferent but perhaps even slowly changing, it may prove essential to beable to calculate specific trade-offs between choosing honeypots andavoiding attacks.

Probability that the queue empties within the current transmission periodis P(τu ≤ Tt).Classical risk theory : finite horizon “ruin probability”.


Comparison of Strategies: infinite buffer

0

50

100

150

200

250

300

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Aver

age

Que

uing

Del

ay

Packet Arrival Rate ( )

No HoneypotRandom Honeypot

Min QueueRound Robin

Figure: Average Queuing Delay inmillisecond observed with infinite bufferand ξ = 0.8

I No packet drop for queueoverflow, and therefore pdr isindependent of λ.

I The only cause of packet drop isthe jamming attack.

I Simulation results reflects thathaving no honeynode gives PDRof 0.05 and with one honeynode,PDR is 0.01 for all values of λ.

I Delay increases with λ andselecting SU with minimumQueue as honeynode givesbetter performance.


Comparison of Strategies: infinite buffer

0

0.01

0.02

0.03

0.04

0.05

0.06

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Aver

age

PDR

Attractiveness of Honeypot ( )



Figure: Average PDR of all SUs withinfinite buffer and λ = 0.6

I Average queuing delay for nohoneypot, random honeypot,minimum queue and round-robinselection schemes are 3.54 ms,72.55 ms, 62.1ms and 64.62 msrespectively for all values of ξ.

I If θi = probability that i’th SUis attacked, thenPDRi = θi ((1−pi ) + pi (1− ξi )).When θi = pi = 1/N andN = 20 we obtain the linearfunction 0.05(1− 0.05ξ).

I State dependent policy i.e.selecting honeynode based onminimum queue length ensuresbetter performance.


Comparison of strategies: finite buffer

0

10

20

30

40

50

60

70

80

0 200 400 600 800 1000 1200 1400 1600 1800 2000

Aver

age

Que

uing

Del

ay

Buffer Size in number of Packets



(a) Average Queuing Delay in msec

0.005 0.01

0.015 0.02

0.025 0.03

0.035 0.04

0.045 0.05

0.055

0 200 400 600 800 1000 1200 1400 1600 1800 2000

Aver

age

PDR

Buffer Size in number of Packets



(b) Average PDR

Figure: Results varying buffer size of SU with λ = 0.6, ξ = 0.8

On average λ× (2Ts + Tt) = 630 packets would be queued when SUserves as honeynode. There would be queue overflow if buffer is smaller.


Comparison of Strategies: finite buffer

0

10

20

30

40

50

60

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Ave

rag

e D

ela

y a

mo

ng

all

SU

s

Packet Arrival Rate(λ)



(a) Average Queuing Delay inmillisecond

0.005

0.01

0.015

0.02

0.025

0.03

0.035

0.04

0.045

0.05

0.055

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Ave

rag

e P

DR

Packet Arrival Rate(λ)



(b) Average PDR

Figure: Results for CRN varying λ with ξ = 0.8 and Buffer of 400 packets

When λ goes above the threshold Buffer Size/(2TS + Tt) = 0.381, andthe SU is serving as honeynode, SU accumulates many packets so that thequeue overflows that causes significant amount of PDR.


Conclusion

I In this paper we presented a theoretical model to predict theperformance of Cognitive Radio Network based on queuing modelwith fixed vacation.

I The model deals with the periodic sensing of cognitive cycle as fixedlength vacation.

I Honeypot is well known to prevent jamming attack but assigninghoneynode without considering queuing delay associated with it costsdegradation of performance.

I Dynamic assignment of Honeynode is crucial from systemperformance perspective.

I We propose state dependent honeynode assignment scheme on everytransmission cycle where the honeynode selection can be done bychoosing the SU with lowest estimated queue size. This schemeperforms well when all the SUs in network are having identical trafficload.


Future Work

I For Finite Buffer model, finding out lowest value of ξ below which, itis not worth using honeynode.

I Finding optimal balance between honeypot allocation and overallperformance of network.

I Game theoretical framework for “intelligent” attackers?


Thank you for your attention.

Any Questions?


stochastic model for cognitive radio networks under...

Documents