Target Localization in Wireless Sensor Networks ... - Semantic Scholar

Download PDF
4 downloads 340 Views 195KB Size Report
Comment
Email: [email protected]. Abstract—Wireless Sensor Networks (WSNs) are vulnerable to. Byzantine attacks in which malicious sensors send wrong data.
Target Localization in Wireless Sensor Networks with Quantized Data in the Presence of Byzantine Attacks Keshav Agrawal∗ , Aditya Vempaty† , Hao Chen‡ and Pramod K. Varshney†

∗ Electrical

Engineering Department, University of California, Los Angeles, CA 90095 Email: [email protected] † Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY 13244 USA Email: {avempaty, varshney}@syr.edu ‡ Department of Electrical and Computer Engineering, Boise State University, Boise, ID, 83725 Email: [email protected]

Abstract—Wireless Sensor Networks (WSNs) are vulnerable to Byzantine attacks in which malicious sensors send wrong data to the fusion center leading to an increase in the probability of incorrect inference. This paper considers Byzantine attacks for the location estimation task in wireless sensor networks where each sensor uses a binary quantization scheme to send binary data to the fusion center. Posterior Cramer-Rao lower Bound (PCRLB) metric and Fisher Information Matrix (FIM) are used to analyze the performance of the network in the presence of Byzantine attacks. We have considered two kinds of attack strategies, independent attacks (all the malicious sensors attack a WSN independently of each other) and collaborative attacks (all the malicious sensors communicate with each other and attack the WSN in a coordinated manner). We determine the fraction of Byzantine attackers in the network above which the fusion center becomes incapable of finding the location of the target. Optimal attacking strategy for given attacking resources is also proposed.

I. I NTRODUCTION Wireless Sensor Networks are increasingly being used both in military and civilian applications. One such application is to monitor, detect or estimate the location of a target or object in the area of interest. Secure localization is very important as malicious sensors continuously attempt to disrupt the network and diminish its capability. Several algorithms have been developed for secure localization in wireless sensor networks (WSNs) [1][2][3]. Based on direction of arrival (DOA) for narrow-band sources or time-delay of arrival (TDOA), many techniques for acoustic pulse localization in sensor networks or sensor arrays are available in the literature[4][5]. But due to the requirement of accurate matching of timings, inexpensive sensors cannot be employed as a lot of processing is required for location estimation. As a result, the techniques related to DOA or TDOA are not very practical. Several energy based methods have also been proposed to localize a single source using least-square methods and maximum-likelihood (ML) source location methods[6][7]. Due to resource constraints like energy and bandwidth, it is often desirable that sensors only send binary or multi-bit quantized data to limit the communication

978-1-4673-0323-1/11/$26.00 ©2011 IEEE

requirements [8][9]. In the previous works [8][9], no malicious sensors or attackers have been considered. One kind of attack in a WSN is by Byzantines where an adversary takes over some sensors which send wrong information to the fusion center. The main goal of Byzantine attackers is to undermine the network such that the fusion center is unable to estimate the correct location of the target. A related work was done for primary user detection for cognitive radio networks [10]. In this paper, we try to analyze the degradation in terms of localization performance in a WSN due to Byzantine attackers. We define the strategy followed by the Byzantine attackers and its effect on the location estimate at the fusion center. The rest of the paper is organized as follows: In Section II, we introduce the problem and the assumptions made in the problem formulation. In Section III, we discuss the first type of attack: Independent Attacks. We define the strategy of both Byzantine attackers and the fusion center and we use a suitable metric to analyze the performance of the network. Similar analysis is carried out in Section IV for the case of Collaborative Attacks. Then in Section V, we carry out simulations for the two types of attacks. We conclude the paper with some remarks in Section VI. II. P ROBLEM F ORMULATION We use a similar target localization scenario as described by Niu and Varshney [9], where the aim is to estimate the location of the target described by the parameter θ = [xt , yt ]. The main difference, however, is that there are some Byzantine sensors present in the network in our case. We consider random deployment of N sensors in the environment as shown in Figure 1 and also assume that the fusion center knows the locations of all the sensors. We use an isotropic signal intensity attenuation model which is the same as used in [9]

1669

a2i =

Gi P0 P0 = n di d ( dn ) i

(1)

0

Asilomar 2011

where ai is the signal amplitude at the ith sensor, Gi is the gain at the ith sensor, P0 is the power emitted by the target measured at a distance d0 , di is the distance between the target and the ith sensor and P0 is defined as the product of the power emitted by the target and gain of the ith sensor. We also assume that all the sensors are at least d0 meters away from the target at all times. As in [9], at each sampling instant, the signal emitted from the target is measured by the sensors. This data collected by all the sensors is called a frame of data. The time interval between the frames is small enough so that we can assume the target to be static for T frames. Hence, the signal strength at the ith sensor during frame j, aij , is invariant for T frames, i.e., aij = ai for j = 1, 2, · · · , T . The signal at each sensor is assumed to be corrupted by an additive Gaussian noise: rij = ai + wij

(2)

where rij is the received signal amplitude at the ith sensor during the j th frame. We assume that for every sensor, noise follows an identical zero mean Gaussian distribution which is independent across the sensors. Then, it is straightforward to show that, for this localization problem (and many other inference problems as well), the sufficient statistic at the ith sensor is the average received signal amplitude: 1 rij = ai + vi T j=1

(3)

1 wij T j=1

(4)

T

si = where

where Di is the quantized value at the ith sensor and η is the threshold used by the sensor for quantization. For the independent attack case, we assume that all the honest sensors use the same threshold ηh and all the malicious sensors use the same threshold ηb for quantization. This seems intuitively correct because all the sensors (Honest/Byzantine) will want their data to be consistent with the other sensors of its kind (Honest/Byzantine). It is assumed that the channels between the sensors and the fusion center are ideal and thereby the quantized values are received correctly. Let Ui be the quantized value sent to the fusion center by the ith sensor. An honest sensor will send Di to the fusion center without changing it, so we can say that Ui =Di for all honest sensors. For the case of Byzantine sensors, they will use ηb to quantize the received signal and then after quantizing they flip this quantized value with probability 1:  Di ith sensor is Honest Ui = (6) ¯ i ith sensor is Byzantine D We define the probability of Ui = 1 or Ui = 0 at the ith sensor as :   ηh − ai P (Ui = 1|θ) = (1 − α)Q σ    ηb − ai (7) +α 1−Q σ    ηh − a i P (Ui = 0|θ) = (1 − α) 1 − Q σ   ηb − a i + αQ σ

T

vi =

We know that vi , i = 1, 2, ..., N , also follows a Gaussian distribution: vi ∼ N (0, σ 2 ), At each sensor, both honest and Byzantine, the average signal amplitude si is quantized using a threshold and is transmitted to the fusion center. The Byzantine sensors can use the same threshold as used by the honest sensors or they can use a different threshold to corrupt the data sent to the fusion center. III. I NDEPENDENT ATTACK

where Q(.) is the complementary distribution function of the standard Gaussian distribution and α is the probability of a sensor to be a Byzantine. After collecting U = [U1 U2 ...UN ], maximum likelihood (ML) estimation is employed at the fusion center to estimate the target location θ = [xt , yt ]: P (U|θ) =

1 N  

P (Ui = l|θ)δ(Ui −l)

(9)

i=1 l=0

where δ(.) is defined as



A. Attack Model In this section, we study the strategy which the Byzantine attackers adopt to undermine the network. Here we consider an independent attack where all the Byzantine sensors attack the network independently without communicating with each other. The quantization process which is used at the ith sensor to quantize the received signal is as follows:  0 si < η (5) Di = 1 si > η

(8)

δ(x) =

0 1

x = 0 x=0

(10)

The log-likelihood function can be written as [9] ln P (U|θ) =

1 N  

δ(Ui − l) ln(P (Ui = l|θ))

(11)

i=1 l=0

and the ML estimate of θ argmax lnP (U|θ)

1670

θ

is given as θˆ

=

B. Resources for Blinding the Fusion Center We use Posterior Cramer-Rao lower Bound (PCRLB) and Fisher information matrix (FIM) as the metrics to analyze the performance of this location estimation method. The PCRLB can be found as the inverse of FIM where FIM is given as follows:   a b T , F IM = −E[θ θ lnP (U|θ)] = c d where the elements a, b, c and d are defined as: N 1

2   ∂P (Ui = l|θ) −1 a = p(θ) dθ P (Ui = l|θ) ∂xt i=1 l=0 (12) N 1

2   ∂P (Ui = l|θ) −1 d = p(θ) dθ P (U = l|θ) ∂yt i i=1 l=0 (13)  c=b=

p(θ)

N  1  i=1 l=0

∂P (Ui = l|θ) −1 P (Ui = l|θ) ∂xt

∂P (Ui = l|θ) dθ (14) ∂yt

where p(θ) is the prior distribution of the target location assumed by the fusion center. We assume the prior distribution to be a normal distribution such that the region of interest lies in 99% of the confidence region. Now, the fusion center would like this PCRLB to be as small as possible to get a good estimate of the target location while the Byzantine attackers would want it to be large to have the maximum damage. If Byzantine attackers are able to make this PCRLB approach infinity, then the fusion center will become incapable of estimating the target location. We define αblind as the minimum fraction of Byzantine sensors which will make the fusion center incapable of using the information sent by the sensors in estimating the target location. As PCRLB is multidimensional, we will use the trace of the PCRLB matrix to calculate αblind . Byzantines will try to make the trace of the PCRLB matrix as large as possible or the determinant of Fisher information matrix close to zero. That is, in the latter case, the minimum required αblind can be found by making |F IM | = 0 or ad − bc = 0. C. A Zero-Sum Game between Fusion Center and Byzantine Attackers When α, i.e., the fraction of Byzantine sensors in the network, is greater than or equal to αblind , attackers will be able to “blind” the fusion center completely. But when α is not large enough to blind the fusion center, the Byzantine sensors will try to maximize the damage by making tr(PCRLB) as large as possible or by making |F IM | as low as possible. In contrast, the fusion center would want to minimize the tr(PCRLB) or maximize the |F IM |. This will reduce to a game between the fusion center and the Byzantine attackers where they have opposite goals. The Byzantine sensors will change the threshold ηb to maximize the tr(PCRLB) or

minimize |F IM | while the fusion center will change the honest sensors threshold ηh to minimize this maximum value tr(PCRLB) or maximize this minimum value |F IM | . Thus, it is a minimax problem and the best strategy for both the players in the minimax game is the saddle point. We find the saddle point using a method similar to the method adopted in [10]. First, we find all the saddle points of CRLB) CRLB) = ∂tr(P∂η = 0. The tr(PCRLB) by setting ∂tr(P∂η h h saddle point is the one which gives a negative value for

the 2

2

2

2

CRLB) ∂ tr(P CRLB) CRLB) − ∂ tr(P . expression: ∂ tr(P ∂ 2 ηh ∂ 2 ηb ∂ηh ∂ηb Note that the above expressions are with respect to tr(PCRLB), similar analysis can be done when we use |F IM | as the performance metric.

IV. C OLLABORATIVE ATTACK Next, we consider the case of Byzantine attacks where all the malicious sensors communicate with each other and attack the network in a coordinated fashion. Analysis of the collaborative attack is significantly more complicated than the independent case. Here, we provide a reasonable lower bound L , for this case. To find the lower for αblind , namely αblind bound, we assume that the exact location of target θ can be perfectly learned by Byzantine sensors. Thus, we consider the case where Byzantine attackers know the location of the target and use this information collaboratively to improve their attack on the network. In such a case, the optimal strategy for the Byzantine sensors will be to send UiB based on the θ value and their location. For a given sensor i and its location θi , its observation model and its threshold ηi , the probability of the sensor sending a quantized value 1 as seen by the Fusion Center is: Pi (Ui = 1|θ) = (1 − α)PiH (Ui = 1|θ) + αPiB (Ui = 1|θ)

(15)

The Byzantines would like to design their variables α and PiB (Ui = 1|θ) so that the Fusion Center becomes “blind” to the information received from this ith sensor, i.e., the information received from the ith sensor does not help the Fusion Center in location estimation. This can be done by making the value Pi (Ui = 1|θ) a constant value (k) with H = inf θ (PiH (Ui = 1|θ)) and the respect to θ. Let Pi,inf H H Pi,sup = supθ (Pi (Ui = 1|θ)). Then for the ith sensor, if H it was honest and PiH (Ui = 1|θ) = Pi,inf , it would mean th that the target is as far away from the i sensor as possible. However, if the same sensor behaved as a Byzantine it would send a ‘1’ to the Fusion Center with as high a probability as possible, i.e., PiB (Ui = 1|θ) = 1. Similarly, if the ith sensor H , then it would mean was honest and PiH (Ui = 1|θ) = Pi,sup th that the target is as close to the i sensor as possible and if the same sensor behaved as a Byzantine, it would send a ‘1’ to the Fusion Center with as low a probability as possible, i.e., PiB (Ui = 1|θ) = 0. This gives us two equations in two L and k: unknowns, αblind,i

1671

L H L )Pi,inf + αblind,i .1 = k (1 − αblind,i

(16)

and L H L )Pi,sup + αblind,i .0 = k (1 − αblind,i

(17)

On solving, we get L αblind,i =

H H − Pi,inf Pi,sup H H 1 + Pi,sup − Pi,inf

(18)

L where αblind,i is the fraction of malicious sensors required to make sensor i non-informative to the Fusion Center. In this case, we have at the Fusion Center, L Pi (Ui = 1|θ) = (1 − αblind,i )PiH (Ui = 1|θ) L + αblind,i PiB (Ui = 1|θ) =

H Pi,sup H H 1 + Pi,sup − Pi,inf

(19)

which is a constant, independent of θ. Thus, when α ≥ L for a particular honest sensor i, the attackers can αblind,i L have α − αblind,i fraction of Byzantine sensors act like honest L nodes and have the rest αblind,i Byzantine sensors send 1 with probability as below: PiB (Ui = 1|θ) =

H − PiH (Ui = 1|θ) Pi,sup H H Pi,sup − Pi,inf

This causes the fusion center to become incapable of utilizing the received information from the ith sensor to estimate the target location. In order to guarantee that the fusion center cannot obtain any useful information from any of its sensors, L will be: the minimum required αblind L L = max αblind,i αblind i

L This provides us with a lower bound, αblind , for the collaborative case.

V. S IMULATION R ESULTS We consider the WSN model as shown in Figure 1 where N = 121 sensors are randomly deployed in a 11 x 11 square region of interest, and ∗ represents the location of the target. There are M = α.N Byzantine sensors present in the network as shown in Fig 1 who try to manipulate the data and send wrong information to the fusion center F. In Fig. 2, we plot the value of αblind in the case of an independent attack which varies with ηh and ηb . When ηh = ηb , which is the case at the saddle point, αblind is equal to 1/2, i.e., unless the number of Byzantine sensors is greater or equal to 50 percent of the total number of sensors, the fusion center can not be made blind under independent attack. We also saw in Section III that when α is less than αblind , there exists a game between the fusion center and Byzantine sensors, both can vary their threshold according to the scenario. In Figs. 3 and 4, we plot tr(P CRLB) with varying thresholds and we see that there exists a saddle point (ηh∗ , ηb∗ ) which provides optimal strategies for both types of sensors. This result is intuitive as both types of sensors will try to achieve their objective which will become a minimax game. The saddle point (ηh∗ , ηb∗ )), in our example, is at (9.5, 9.5).

Figure 5 shows similar game theoretic analysis result for the case of |F IM | as the performance metric. The optimal values (ηh∗ , ηb∗ ) in this case come out to be the same, namely (9.5, 9.5). Thus, we can say that there exist saddle points (ηh∗ , ηb∗ ) which yield the optimal strategy for both the fusion center and Byzantine attackers. In our case, these values come out to be the same, irrespective of the performance metric we use. For the Collaborative Attack case, it can be observed that L given by (18) is always ≤ 0.5 which implies that αblind,i L αblind ≤ 0.5 which is the αblind obtained in the Independent attack case. This shows that if a strategy exists to obtain this lower bound, then the fraction of sensors required to blind the Fusion Center would decrease in the Collaborative Attack case as compared to the Independent Attack case. VI. C ONCLUSION & F UTURE W ORK In this paper, we have analyzed the effect of Byzantine attacks on the wireless sensor network tasked with target localization. We proposed an optimal strategy for both Byzantines and the fusion center for the target localization task for the case when each Byzantine sensor attacks independently. We also defined and found the fraction of Byzantine sensors needed to completely blind the fusion center. We also considered the case of a collaborative attack where all the Byzantine sensors communicate with each other to have the maximum damage. We have also found the lower bound on the number of Byzantine sensors required to completely blind the fusion center for the collaborative case. We also analyzed the situation when the Byzantines do not have the adequate resources to blind the Fusion Center. In such a case, we looked at the minimax game between the two players. We have simulated the assumed scenario and showed the existence of saddle points for the minimax game. In the future, we plan to come up with a counter-attack to the Byzantines, where the Byzantines can be identified. Their parameters can then be learnt and their information can be used by the Fusion Center for improving the network’s performance similar to our work in [11]. ACKNOWLEDGMENT This work was supported by AFOSR contract FA 9750-10C-0221, AFOSR contract FA 9550-10-C-0179 and CASE at Syracuse University.

1672

R EFERENCES [1] Boukerche, A.; Oliveira, H.A.B.; Nakamura, E.F.; Loureiro, A.A.F.; “Secure localization algorithms for wireless sensor networks,”Communications Magazine, IEEE,Volume 46, Issue: 4,page: 96-101, 2008. [2] Li, Z.; Trappe, W.; Zhang, Y.; Badri Nath; “Robust statistical methods for securing wireless localization in sensor networks,”Information Processing in Sensor Networks, Pages:91-98, 2005. [3] Yanchao Zhang; Wei Liu; Yuguang Fang; “Secure localization in wireless sensor networks,”Military Communications Conference, 2005. MILCOM 2005. IEEE, Page(s): 3169 - 3175 Vol. 5, 2005. [4] L. M Kaplan, Q. Le, and P. Molnar, “Maximum likelihood methids for bearing-only target localization,” in Proc. Int. Conf. Acoustics, Speech, and Signal Processing (ICASSP 2001), Salt Lake City, UT, May 2001, vol. 5, pp. 3001-3004

[5] J. C. Chen, R. E. hudson, and K. Yao, “A maximum likelihood parametric approach to source localization,” in Proc. Int. Conf. Acoustics, Speech, and Signal Processing (ICASSP 2001), Salt Lake City, UT, May 2001, vol. 5, pp. 3013-3016. [6] D. Li and Y. H. Hu, “Energy based collaborative source localization using acoustic microsensor array,” EURASIP J. Appl. Signal Process., no. 4, pp. 321-337, 2003 [7] X. Sheng and Y. H. Hu, “Maximum likelihood multiple-source localization using acoustic energy measurements with wireless sensor netwroks,” IEEE Trans. Signal Process., vol. 53, no. 1, pp. 44-53, Jan, 2005 [8] N. Patwari and A. O. Hero, “Using proximity and quantized RSS for sensor localization in wireless networks,” in Proc. 2nd Int. ACM Workshop on Wireless Sensor Networks and Applications, San Diego, CA, Sep. 2003, pp. 20-29. [9] Ruixin Niu; Varshney, P.K.; “Target Location Estimation in Sensor Networks With Quantized Data”, Signal Processing, IEEE Transactions, vol. 54, Issue: 12, pp. 4519 - 4528, 2006 [10] A.S. Rawat, P. Anand, H. Chen and P. K. Varshney, “Collaborative Spectrum Sensing in the Presence of Byzantine Attacks in Cognitive Radio Networks,” IEEE Transactions on Signal Processing, vol.59, no.2, pp.774-786, Feb. 2011 [11] Vempaty, A.; Agrawal, K.; Chen, H.; Varshney, P.K.; “Adaptive Learning of Byzantines’ Behavior in Cooperative Spectrum Sensing,” in Proc. IEEE WCNC 2011,.

Fig. 4.

Fig. 1.

System Model

Plot of contour of the surface of tr(PCRLB) shown in Fig. 3. Fig. 2. and ηb

Fig. 5. Plot of contour of the surface of |F IM | versus honest and Byzantine sensor’s threshold, ηh and ηb , we can see that saddle point exists

Plot of αblind versus honest and Byzantine sensor’s threshold ηh

Fig. 3. Plot of tr(PCRLB) versus honest and Byzantine sensor’s threshold, ηh and ηb , we can see that saddle point exists

1673