AU2021102263A4 - Robust diffusion least mean square algorithm against false data injection attacks - Google Patents
Robust diffusion least mean square algorithm against false data injection attacks Download PDFInfo
- Publication number
- AU2021102263A4 AU2021102263A4 AU2021102263A AU2021102263A AU2021102263A4 AU 2021102263 A4 AU2021102263 A4 AU 2021102263A4 AU 2021102263 A AU2021102263 A AU 2021102263A AU 2021102263 A AU2021102263 A AU 2021102263A AU 2021102263 A4 AU2021102263 A4 AU 2021102263A4
- Authority
- AU
- Australia
- Prior art keywords
- sample
- node
- lof
- dlms
- calculate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000009792 diffusion process Methods 0.000 title abstract description 10
- 238000002347 injection Methods 0.000 title abstract description 8
- 239000007924 injection Substances 0.000 title abstract description 8
- 230000002159 abnormal effect Effects 0.000 abstract description 10
- 239000011159 matrix material Substances 0.000 abstract description 9
- 238000004088 simulation Methods 0.000 abstract description 4
- 239000000523 sample Substances 0.000 description 16
- 238000001514 detection method Methods 0.000 description 12
- 238000000034 method Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 9
- 230000001010 compromised effect Effects 0.000 description 9
- 208000035032 Multiple sulfatase deficiency Diseases 0.000 description 6
- 230000006978 adaptation Effects 0.000 description 6
- 238000002474 experimental method Methods 0.000 description 6
- 238000005259 measurement Methods 0.000 description 6
- 201000006033 mucosulfatidosis Diseases 0.000 description 6
- 230000004927 fusion Effects 0.000 description 5
- 238000013499 data model Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000003044 adaptive effect Effects 0.000 description 3
- 238000009472 formulation Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012935 Averaging Methods 0.000 description 1
- RZOXEODOFNEZRS-UHFFFAOYSA-N Tramazoline hydrochloride Chemical compound [Cl-].N1CCN=C1[NH2+]C1=CC=CC2=C1CCCC2 RZOXEODOFNEZRS-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000003064 k means clustering Methods 0.000 description 1
- 238000013450 outlier detection Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000005654 stationary process Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/16—Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2321—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
- G06F18/23213—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/04—Terminal devices adapted for relaying to or from another terminal or user
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- General Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Software Systems (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computing Systems (AREA)
- Evolutionary Biology (AREA)
- Algebra (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Probability & Statistics with Applications (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Operations Research (AREA)
- Signal Processing (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Computation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
This patent is mainly to solve the problem of how to obtain a distributed optimal
estimation in the case of a wireless sensor being attacked by an attacker in an
adversarial environment. To tackle with this problem, a robust diffusion least mean
square strategy against false data injection attacks(R-dLMS) is proposed in this patent.
The proposed strategy is mainly based on local outlier factor(LOF) and 2-median
clustering. Through the cooperation of LOF and 2-median clustering, R-dLMS can
detect the attacked sensor nodes, and replacing its information with the information of
the safe node, and further obtaining the distributed optimal estimation of the network.
Finally, some simulations are performed to show the effectiveness of the proposed
R-dLMS algorithm under false data injection (FDI ) attacks.
Fig.1. Spatial difference between abnormal data and normal data
uIput sample point
matrix W
Get the number of samples n (the
number of columns of the matrix 0f Calculate the sum of the local reachable
density of all samples (except itself) in
the k neighborhood of the i-th sample
Define the value of Irdksuim(i)
Calculate the Euclidean distance
matrix D(i, j) between the i-th sample Calculate the outliers of the i-t Sample
and the j-th sample e I Ofg) _ Irdk sum(i)
4 kxirdk(i)
Get the k distance dk(i) of
andthe sample point l n
Calculate the local reachable density End
lrdk(i) o f the i-th sample
Fig.2. Flow chart for calculating LOF value of sample points
Obtained the reliable data sellRand unreliable data
set U ofthisclustering
Yes Update thercenter pointH6c fR and UG_cof U
in this clustering
Ftg.3. Flow chart for 2-mean clusterng
5,5
I-F
-1
-2
-3 -2 -1 d 1 2 3
Fig.4.networktopology with 20nodes
Description
This patent is mainly to solve the problem of how to obtain a distributed optimal
estimation in the case of a wireless sensor being attacked by an attacker in an
adversarial environment. To tackle with this problem, a robust diffusion least mean
square strategy against false data injection attacks(R-dLMS) is proposed in this patent.
The proposed strategy is mainly based on local outlier factor(LOF) and 2-median
clustering. Through the cooperation of LOF and 2-median clustering, R-dLMS can
detect the attacked sensor nodes, and replacing its information with the information of
the safe node, and further obtaining the distributed optimal estimation of the network.
Finally, some simulations are performed to show the effectiveness of the proposed
R-dLMS algorithm under false data injection (FDI ) attacks.
Fig.1. Spatial difference between abnormal data and normal data
uIput sample point matrix W
Get the number of samples n (the number of columns of the matrix 0f Calculate the sum of the local reachable density of all samples (except itself) in the k neighborhood of the i-th sample Define the value of Irdksuim(i)
Calculate the Euclidean distance matrix D(i, j) between the i-th sample Calculate the outliers of the i-t Sample and the j-th sample e IOfg) _ Irdk sum(i) 4 kxirdk(i) Get the k distance dk(i) of andthe sample point l n
Calculate the local reachable density End lrdk(i) o f the i-th sample
Fig.2. Flow chart for calculating LOF value of sample points
Obtained the reliable data sellRand unreliable data set U ofthisclustering
Yes Update thercenter pointH6c fR and UG_cof U in thisclustering
Ftg.3. Flow chart for 2-mean clusterng
5,5
-1
-2
-3 -2 -1 d 1 2 3
Fig.4.networktopology with 20nodes
1. Background and Purpose
Recently, the widespread use of wireless sensor networks (WSNs) has been recognized, because communication and computing power of wireless sensors have been greatly improved. Besides, thanks to many advantages of distributed estimation, such as strong robustness, good scalability, and low power consumption, distributed estimation methods in WSN have attracted a growing number of researches and attentions. Over the last few years, many distributed adaptive estimation algorithms have been proposed, such as recursive least squares (RLS), diffusion least mean squares (DLMS), distributed multitask network estimates, and adaptive estimates with entropy. However, most of these previous studies hypothesize that all sensors are normal and safe in WSNs. However, wireless sensors nodes may not always be in a secure environment. In an adversarial environment, some sensors may be easily compromised to transmit malicious data, which causes severe consequences and even leads to huge economic losses. So the safety of WSNs has attracted abroad attention. In general, attacks can be divided into two categories in WSNs: denial of service (DoS) attack and spoofing attack. DoS attack aims to prevent the communication between sensors while spoofing attack aims to tamper with the transmitted information. DoS attack has been detected by many efficient algorithms. At present, FDI attack is also studied by many researchers, resilient attack detection estimators are delicately constructed to detect FDI attack. To give a good estimation performance over WSNs in the presence of both compromised sensors and compromised communications, in this patent, a robust diffusion least mean square algorithm against false data injection attacks has been proposed. The proposed strategy is mainly based on local outlier factor(LOF) and 2-median clustering. Through the cooperation of LOF and 2-median clustering, R-dLMS can detect the attacked sensor nodes, and replacing its information with the information of the safe node, and further obtaining the distributed optimal estimation of the network. The main contributions of this patent are summarized below. 1) A novel distributed adaptive algorithm based on LOF and 2-median clustering is proposed to against FDI attack. 2) For the compromised nodes attacked by FDI, we propose a new data fusion strategy to weaken the impact of them.
2. Preliminaries and Problem Formulation A. Diffusion LMS Without Attacks In this section, we briefly introduce the normal DLMS algorithm without FDI attack, and then the FDI attack model is formulated. Considering a WSN consisting of N wireless sensors, spatially distributed over some region with a certain topological
structure in this patent. Let Nk denote the set of neighbors of sensor node k including itself. At every time instant i, each node k can access to a real-valued temporal
wide-sense stationary process d*(i),U,, where dk(i) is a scalar measurement and
is an L-dimensional row regression vector. The measurements k(i)anduk are related by a linear model as follows: d*(i)= Ukw"+ n(1
Where w° is an L-dimensional unknown column vector and nk(i) is the contaminated noise. The objective of distributed estimation is to generate an estimate of w° at each node k by exchanging and combining the intermediate estimated value from its neighbors. The ATC dLMS is implemented by ~ -QjkJi-1) Adapt) (Pk ik Wkl1 PU kt- ,i p) u'i(d* (i)-(w l)A
=wkli c e (Combine) (2)
where P is a constant step-size for each node k, (*,i is an intermediate variables for each node k, and the nonnegative real coefficients cik, which is the element number of fusion matrix C, satisfy I T C= T andck=0, ifteNk (3) where I denotes an N-dimensional column vector consisting of all ones. The following assumptions, generally used in distributed estimation, are assumed. Al: The regressors Uk,, are independent in time and space with covariance
R' = E [ ukiuk A2: The noise is zero-mean Gaussian, which is identically independent distributed (i.i.d.) in time and also spatially independent, i.e., E[nk(i)nj 3 -] =k 2kjQ
A3: The network is connected such that each node can access to the information of the whole network through diffusion. A4: For each node k, the number of the attacked nodes is less than I , where |Nk |is the cardinality of the set of neighbors Nk.
B. Problem Formulation of Distributed Estimation Under Attacks
In this patent, we consider the problem of distributed estimation in the presence of FDI attack, which are defined as: dk(i)=d*(i)+y k, (4)
where d*(i) follows the data model (1) and yk(i) is a linear combination of the regression vector Uki with regard to a M-dimensional error vector attk , i.e.,
y@) -- u=U,iat . (5)
Next, for convenience, regardless of whether the sensor node is attacked or not, its data model is uniformly denoted as: dk()=uk (w + attk)+nk (6)
Where attk equals to a zero vector for a normal sensor, but a nonzero vector for a compromised sensor. Our objective is to develop a secure distributed cooperation strategy such that each node can give a good estimate of w" in the presence of FDI attack.
3. Related work
A. Local Outlier Factor(LOF)
LOF is a density-based anomaly detection algorithm, which is often used in data mining to clean data and eliminate invalid and abnormal data. As shown in Fig.1, The blue dots represent normal data, and the red dots represent abnormal data. Normal data samples are very close in space, they will form a dense area, and abnormal data samples will deviate from normal data samples, which is the principle of outlier detection by LOF. Next, in order to calculate the LOF value of the sample, some relevant definitions are made:
i.The distance between two points Wkand W;
The distance between sample points Wk and W1 is defined by Euclidean distance: d(w, ) - w, -- w, 2 (7) ii. k-distance
The k distance dk(Wk,) for point Wk is defined as follows:
dk(wk,i)= d(wk, w) , which satisfy: a) There are at least k points w, not including Wk in the set W E CX IX # Wk ,and d(wk,w)< d(wkw,) (8) b) There are at most k- points excluding wk inthe set W E CjX X# Wk},and d(wk,w,)< d(wkw,) (9) iii. k-distance neighborhood of Wk
The k distance neighborhood Nk(w) of point Wk is defined as all points within the k distance of Wk , including the point at the k-th distance. Therefore, the number of points in the k neighborhood of Wk satisty INk(wk)I !k. iv.The k-th reach-distance
The k-th reachable distance from point w, to point w, is defined as:
reach-distance (wk,w, ) = max{dk(wk), d(wk,w,)} (10)
v.local reachability density of a point Wk
The local reachability density of a point Wk is expressed as the reciprocal of the average
reachable distance from a point in the k neighborhood of the point Wk toWk
Irdk( wk ) = W, ENk(P) reach - distk (w, W, (11)
INk( wk)I
vi. local outlier factor (LOF)
The LOF value of a point wkis defined as the average of the ratio of the
local reachable density of the neighboring point Nk(wk) of the pointwkto the
local reachable density of the point wk .
lrdk(w,) WI ENk(Wk ) Irdk( wk LOF(w) INk(wk)I
Therefore, the smaller the value of LOF, the closer Wk is to its neighboring points, that is, the greater the density of Wk is, and it is a dense point. On the contrary, if the value of LOF is larger, it means that the density ofWk is less than the density of its neighboring points, so the more likely it is an abnormal point. As is shown Fig.2, we can calculate the LOF value of the input sample W. B. 2-median clustering 2-mean clustering is an improvement of the K-means clustering algorithm. The difference between them lies in the selection of clustering centers and the value is 2. The center of the 2-median clustering is the median of the sample, but the center of the K-mean clustering is the average of the sample, so the advantage of the 2-median clustering over the K-median cluster is that it can resist abnormalities value. As is shown Fig.3, 2-mean clustering algorithm will separate the data samples X into 2 cluster.
4. Robust diffusion least mean square algorithm against false data
injection attacks
In this patent, a R-dLMS is proposed for achieving reliable distributed estimation in an adversarial environment. The proposed R-dLMS algorithm is mainly based on local outlier factor(LOF) and K-median clustering. Through the cooperation of LOF and K-median clustering, R-dLMS can detect the attacked sensor nodes, and replacing its information with the information of the safe node, and further obtaining the distributed optimal estimation of the network. From the viewpoint of implementation, the R-dLMS mainly includes four steps, adaptation, communication, detection, and combination. In the adaptation step, each node updates the intermediate estimates based on its individual measurements. In the communication step, each node sends its intermediate estimates to its neighbors and also receives the intermediate estimates from its neighbors. In the detection step, each nodek will calculate the LOF(l) value of each neighbor node 1 based on process in the Fig2. Then we can use the 2-median clustering on the LOF() value to obtain two clusters, one of which is a normal node, another cluster is an abnormal node under attack. In the combination step, the intermediate estimated value from the trusted neighbor node of node k can be fused to obtain the instantaneous estimated value of node k. Next, these four steps are
illustrated in detail one by one. A. Adaption In this step, for each node k, no matter it is compromised or not, it adapts the intermediate estimates at first. Based on the local measurement{dk(),Uk, satisfying the data model (6), each node k adaptively updates the intermediate estimate as follows:
( k - ,iup ,(df,(i)-UWki) (13)
where Pk,i denotes the intermediate estimates at node k and time i.
B. Communication Once each node k finishes the local adaptation, it sends the current estimates of 9Pi to its neighbors, and also receives the estimates cpN, tE Nkfrom its neighbors. C. Detection As mentioned above, In a WSN environment where there is no attack, once each node receives the estimates from its neighbors, it implements the combination step given in (2). However, this cannot be directly performed in an adversarial environment since the compromised sensors may ruin the estimates of the whole network through distributed cooperation. In an adversarial environment, to achieve secure distributed data fusion, it is necessary to detect the trust neighbors of each node at first. In this section, we propose a new method to detect the secure nodes. The main concept of our proposed design is that, for each node k , it will receives the estimates cp /,kE Nkfrom its neighbors. These estimates can form a set:
From the viewpoint of attack, the most effective attack is to drive the estimator of the unknown parameter vector away from its true value. That is to say, if a node is attacked, its intermediate estimate will be far away from the estimate of other nodes that have not been attacked. So the LOF value of intermediate estimate of the attacked node will become larger. When each node k receives the intermediate estimated value Wk, from the neighbor node, it will calculate the LOF(l) of each node 1, le Nk . The
obtained LOF value is divided into two clustersRkandU,, by using 2-median
clustering to divide the neighbor nodes of node k. A clusterRkjis a node that is not
attacked, and a clusterUkis a node that is attacked. After the clustering process is
completed, the attack detection process ends.
D. Combination Through the process of detection, the instantaneous set of trust neighbors of each node k, R,, can be identified. Then, we can design the combination weights based on
the detected secure network topology. It is noted that as R, is dynamic, the
combination matrix C,={ci, is dynamic, where the index i denotes the
instantaneous value at time i to enforce the causality. Several rules for designing combination weights from graph theory , such as the Metropolis rule, the relative degree rule, and the uniform rule. In these cooperation strategies, the local estimate of each sensor itself is always trusted. In an adversarial environment, due to the existence of the attacked sensors (whose local estimates are unreliable), the above
combination rules must be modified. The combination weights (c 1 ,ijin this patent
can be designed as follows:
middle k,i if ,Rk U '/LOF) Uk = Nk 0 f ifteUkj
eki= Cmiddlefk = k(14) Z middle,,k4 '
ne N
Where Rk is the set of neighbor nodes trusted by node k at time i,andUkisthe
set of neighbor nodes that node k is attacked at time i .
Based on the coefficients clk and p,, from neighbors, the combination step of
the R-dLMS is performed as Wk- c,,P,, (15) Ce Afk,,
5. Brief Description of the Drawings
Fig.1 is spatial difference between abnormal data and normal data Fig.2 is the flow chart for calculating LOF value of sample points Fig.3 is the flow chart for 2-mean clustering Fig.4 is network topology with 20 nodes. Fig.5 is variance of input signal. Fig.6. is variance of output noise. Fig.7. is ransient network MSD. Fig.8. is steady-state network MSD verus node.
6. Detailed Description
In this section, in order to illustrate the effectiveness of R-dLMS algorithms under FDI attack, some experiments are performed. In the following examples, we consider WSNs composed of 20 wireless sensors, which are randomly distributed. The topological graph is shown in Fig. 4 . In addition, in order to facilitate the implementation of the later experiments, the topology graph is set to a fixed topology. In all experiments, the unknown ideal parameter is set to a random vector with L = 6. The regression vector uk is generated from a Gaussian model with a zero mean and Fig. 6 shows the variance of each node. The noise variance of each node is set to a fixed value, as shown in Fig. 6. The step size of each node is uniformly set to 0.02. Also, each experiment is performed 50 times independently, and the average results of experiments are presented. In experiments, the continual and time-sharing attacks will be presented. To verify the performance of the proposed algorithms in the following simulations, the DLMS with attack algorithm, the R-dLMS without attack algorithm and the DLMS without attack algorithm are adopted to provide the comparison. In order to verify that the proposed algorithms are universal, we randomly pick two ordinary nodes, which are attacked by FDI, namely nodes 8 and 15. The attacks on two nodes are set to same FDI attack. Meanwhile, FDI attack is continuous. Fig. 7 depicts the learning curve for different LMS algorithms. It can be seen that when the network is subjected to FDI attack, the MSD performance will decline significantly. Therefore, if a network is not resistant to FDI attack, it will lead to a serious impact. However, it is obvious that when the distributed network adopts three R-dLMS algorithms, they can weaken the impact of FDI attack to some extent. Simultaneously, it can be found that R-dLMS performs best and can be beyond to the normal DLMS algorithm without attack thanks to a novel data fusion strategy. Fig. 8 shows the steady-state MSDs of different algorithms, in which the values are obtained by averaging the last 300 samples over 50 simulations. From Fig. 8 and the learning curve of DLMS with FDI attack, we can find that when some nodes in the network are attacked by FDI, the impact of FDI attack will reduce the performance of the entire network through the diffusion strategy. We can also find that R-dLMS algorithms will weaken the impact of FDI attack.
Robust diffusion least mean square algorithm against false
data injection attacks
In this patent, a R-dLMS is proposed for achieving reliable distributed estimation in an adversarial environment. The proposed R-dLMS algorithm is mainly based on local outlier factor(LOF) and K-median clustering. Through the cooperation of LOF and K-median clustering, R-dLMS can detect the attacked sensor nodes, and replacing its information with the information of the safe node, and further obtaining the distributed optimal estimation of the network. From the viewpoint of implementation, the R-dLMS mainly includes four steps, adaptation, communication, detection, and combination. In the adaptation step, each node updates the intermediate estimates based on its individual measurements. In the communication step, each node sends its intermediate estimates to its neighbors and also receives the intermediate estimates from its neighbors. In the detection step, each nodek will calculate the LOF() value of each neighbor node I based on process in the Fig2. Then as shown in Fig3, we can use the 2-median clustering on the LOF(l) value to obtain two clusters, one of which is a normal node, another cluster is an abnormal node under attack. In the combination step, the intermediate estimated value from the trusted neighbor node of node k can be fused to obtain the instantaneous estimated value of node k. Next, these four steps are illustrated in detail one by one. A. Adaption In this step, for each node k, no matter it is compromised or not, it adapts the intermediate estimates at first. Based on the local measurement{dk(i),Uki)satisfying the data model (6), each
node k adaptively updates the intermediate estimate as follows:
=k,i Wki-1 + ,'(d (i)-UCWk-1) (13)
where (P, denotes the intermediate estimates at node k and time i.
B. Communication Once each node k finishes the local adaptation, it sends the current estimates of (,, to its neighbors, and also receives the estimates (O , ENkfrom its neighbors. C. Detection
As mentioned above, In a WSN environment where there is no attack, once each node receives the estimates from its neighbors, it implements the combination step given in (2). However, this cannot be directly performed in an adversarial environment since the compromised sensors may ruin the estimates of the whole network through distributed cooperation. In an adversarial environment, to achieve secure distributed data fusion, it is necessary to detect the trust neighbors of each node at first. In this section, we propose a new method to detect the secure nodes. The main concept of our proposed design is that, for each node k , it will receives the estimatesrpt,,, te N, from its neighbors. These estimates can form a set:
Wj={we'i.. W~e~i e". . , 1.~ I}
From the viewpoint of attack, the most effective attack is to drive the estimator of the unknown parameter vector away from its true value. That is to say, if a node is attacked, its intermediate estimate will be far away from the estimate of other nodes that have not been attacked. So the LOF value of intermediate estimate of the attacked node will become larger. When each node k receives the intermediate estimated value
Wkfrom the neighbor node, it will calculate the LOF(l) of each node 1, le Nk. The
obtained LOF value is divided into two clustersRkjandUk,, by using 2-median
clustering to divide the neighbor nodes of node k. A cluster Rk, is a node that is not
attacked, and a cluster Ukiis a node that is attacked. After the clustering process is
completed, the attack detection process ends. D. Combination Through the process of detection, the instantaneous set of trust neighbors of each node k, Rkj can be identified. Then, we can design the combination weights based on the detected secure network topology. It is noted that as R' is dynamic, the combination matrix C c,,} ={ is dynamic, where the index i denotes the instantaneous value at time i to enforce the causality. Several rules for designing combination weights from graph theory , such as the Metropolis rule, the relative degree rule, and the uniform rule. In these cooperation strategies, the local estimate of each sensor itself is always trusted. In an adversarial environment, due to the existence of the attacked sensors (whose local estimates are unreliable), the above combination rules must be modified. The combination weights (CJ} in this patent can be designed as follows:
Middle 1/LOF(l) 0 if if R Ukl ' Re kUi kj Nk
middle (14) = Cmidlk,
/ nE Nk
Where Rk is the set of neighbor nodes trusted by node k at time i , and Uk,is the
set of neighbor nodes that node k is attacked at time i
. Based on the coefficients clk, and p from neighbors, the combination step of
the R-dLMS is performed as Wk= Cekj(Pe, (15)
Fig.1. Spatial difference between abnormal data and normal data 2021102263
Fig.2. Flow chart for calculating LOF value of sample points
Fig.3. Flow chart for 2-mean clustering
Fig.4. network topology with 20 nodes
Fig.5. variance of input signal.
Fig.6. variance of output noise.
Fig.7. Transient network MSD.
Fig.8. Steady-state network MSD verus node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2021102263A AU2021102263A4 (en) | 2021-04-29 | 2021-04-29 | Robust diffusion least mean square algorithm against false data injection attacks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2021102263A AU2021102263A4 (en) | 2021-04-29 | 2021-04-29 | Robust diffusion least mean square algorithm against false data injection attacks |
Publications (1)
Publication Number | Publication Date |
---|---|
AU2021102263A4 true AU2021102263A4 (en) | 2021-06-17 |
Family
ID=76327693
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AU2021102263A Ceased AU2021102263A4 (en) | 2021-04-29 | 2021-04-29 | Robust diffusion least mean square algorithm against false data injection attacks |
Country Status (1)
Country | Link |
---|---|
AU (1) | AU2021102263A4 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114757000A (en) * | 2022-06-14 | 2022-07-15 | 山东嘉通专用汽车制造有限公司 | High-precision adaptive spring steel drawing process optimization control method |
CN116886355A (en) * | 2023-07-03 | 2023-10-13 | 华北电力大学 | DDOS and false data injection collaborative attack optimization method of power system |
-
2021
- 2021-04-29 AU AU2021102263A patent/AU2021102263A4/en not_active Ceased
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114757000A (en) * | 2022-06-14 | 2022-07-15 | 山东嘉通专用汽车制造有限公司 | High-precision adaptive spring steel drawing process optimization control method |
CN114757000B (en) * | 2022-06-14 | 2022-08-12 | 山东嘉通专用汽车制造有限公司 | High-precision self-adaptive spring steel drawing process optimization control method |
CN116886355A (en) * | 2023-07-03 | 2023-10-13 | 华北电力大学 | DDOS and false data injection collaborative attack optimization method of power system |
CN116886355B (en) * | 2023-07-03 | 2024-01-23 | 华北电力大学 | DDOS and false data injection collaborative attack optimization method of power system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021102263A4 (en) | Robust diffusion least mean square algorithm against false data injection attacks | |
Yang et al. | A secure clustering protocol with fuzzy trust evaluation and outlier detection for industrial wireless sensor networks | |
AU2019100008A4 (en) | Secure Distributed Estimation against False Data Injection Attack | |
CN104469836A (en) | Method for building multi-dimension trust model in underwater sensor network | |
CN113891244B (en) | Wireless sensor network positioning method under DoS attack | |
CN110120836B (en) | Method for determining and positioning crosstalk attack detection node of multi-domain optical network | |
Korba et al. | Anomaly-based intrusion detection system for ad hoc networks | |
Dongare et al. | Implementing energy efficient technique for defense against Gray-Hole and Black-Hole attacks in wireless sensor networks | |
Nayak et al. | Impact of black hole and sink hole attacks on routing protocols for WSN | |
CN106301627B (en) | Distributed collaborative frequency spectrum sensing method in a kind of cognitive self-organizing network | |
jit Kaur et al. | Enhanced routing in heterogeneous sensor networks | |
Xia et al. | Distributed anomaly event detection in wireless networks using compressed sensing | |
CN116055384A (en) | Edge importance identification method considering network structure and transmission performance | |
Kshirsagar | Malicious Node Detection in Adhoc Wireless Sensor Networks Using Secure Trust Protocol | |
AU2021105169A4 (en) | Distributed detection algorithm against false data attacks in networks | |
Venuturumilli et al. | Obtaining robust wireless sensor networks through self-organization of heterogeneous connectivity | |
Makani et al. | Trust-based-tuning of Bayesian-watchdog intrusion detection for fast and improved detection of black hole attacks in mobile ad hoc networks | |
Sirajuddin et al. | Efficient and secured route management scheme against security attacks in wireless sensor networks | |
Shivaji et al. | Energy efficient intrusion detection scheme based on bayesian energy prediction in WSN | |
Wang et al. | Learning-based attack schedule against remote state estimation in cyber-physical systems | |
Shakhov | On efficiency improvement of energy harvesting wireless sensor networks | |
Shin et al. | Reduced overhead distributed consensus-based estimation algorithm | |
CN114338517B (en) | Distributed network-oriented multilayer connected dominating set construction method | |
Zhu et al. | An estimator model for distributed estimation in heterogenous wireless sensor networks | |
AU2021105176A4 (en) | Diffusion Least-Mean Squares Algorithm With time-varying combiner |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FGI | Letters patent sealed or granted (innovation patent) | ||
MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |