Jiangfan Zhang

Asymptotically Optimum Distributed Estimation in the Presence of Attacks

Distributed estimation of a deterministic mean-shift parameter in additive zero-mean noise is studied when using quantized data in the presence of Byzantine attacks. Several subsets of sensors are assumed to be tampered with by adversaries using different attacks such that the compromised sensors transmit fictitious data. First, we consider the task of identifying and categorizing the attacked sensors into different groups according to distinct types of attacks. It is shown that increasing the number K of time samples at each sensor and enlarging the size N of the sensor network can both ameliorate the identification and categorization, but to different extents. As K→∞, the attacked sensors can be perfectly identified and categorized, while with finite but sufficiently large K, as N→∞, it can be shown that the fusion center can also ascertain the number of attacks and obtain an approximate categorization with a sufficiently small percentage of sensors that are misclassified. Next, in order to improve the estimation performance by utilizing the attacked observations, we consider joint estimation of the statistical description of the attacks and the parameter to be estimated after the sensors have been well categorized. When using the same quantization approach successfully employed without attacks, it can be shown that the corresponding Fisher Information Matrix (FIM) is singular. To overcome this, a time-variant quantization approach is proposed, which will provide a nonsingular FIM, provided that K ≥ 2. Furthermore, the FIM is employed to provide necessary and sufficient conditions under which utilizing the compromised sensors in the proposed fashion will lead to better estimation performance when compared to approaches where the compromised sensors are ignored.

Attacks on Sensor Network Parameter Estimation With Quantization: Performance and Asymptotically Optimum Processing

Byzantine attacks on sensor systems estimating the value of an unknown deterministic parameter based on quantized observations are studied. Initially, asymptotically optimum processing is investigated for the family of attacks that would pass bad data detectors at the sensors. Bad data detectors check that the sensor data fits the models employed by the estimation approach when it assumes no attack is present. It is then shown that it is possible to identify the attacked sensors, under stated assumptions, with perfect accuracy as the number of observations K from each sensor tends to infinity. If the number of sensors tends to infinity while having a finite K, it is shown that the attacked sensors can be identified with a given accuracy that can be set by K, allowing considerable design flexibility. Next, the performance of any estimation approach employed by the sensor system under any general attack is described for cases where any number of observations and sensors are employed. A classification for these general attacks which categorizes them according to the information available to the attacking entity is introduced. Solving optimization problems over these attack classes leads to expressions which describe the performance of any specific estimation algorithm under the most devastating attacks with full information and the generally less effective information free attacks. Constraints are considered to account for some attack detection performed by the sensor system.

Asymptotically Optimal Truncated Multivariate Gaussian Hypothesis Testing With Application to Consensus Algorithms

In the interest of complexity reduction or to facilitate efficient distributed computation using consensus, truncated versions of the optimal hypothesis test are considered for a canonical multivariate Gaussian problem with L observations. The truncated tests employ correlation terms involving any given observation. The focus is on cases with a large L such that significant efficiency results with a truncation rule, k as a function of L, which increases very slowly with L. A key result provides sufficient conditions on truncation rules and sequences of hypothesis testing problems which provide no loss in deflection performance as L approaches infinity when compared to the optimal detector. The set of asymptotically optimal truncation rules satisfying these sufficient conditions varies with the scaling behavior of the difficulty of the hypothesis testing problem with L. Several popular classes of system and process models, including observations from wide-sense stationary limiting processes as L→∞ after the mean is subtracted, are used as illustrative classes of examples to demonstrate the sufficient conditions are not overly restrictive. In these examples, significant truncation can be employed even when the difficulty of the hypothesis testing problem scales in the least favorable manner, putting the most stringent conditions on the truncation rule. In all the cases considered, numerical results imply the fixed-false-alarm-rate detection probability of the truncated detector converges to the detection probability of the optimal detector for our asymptotically optimal truncation in terms of deflection.

Distributed estimation in the presence of attacks for large scale sensor networks

Distributed estimation using quantized data in the presence of Byzantine attacks is considered. Several subsets of sensors are assumed to be tampered with by different adversaries. Under the control of adversaries, the compromised sensors transmit fictitious data to the fusion center (FC) in order to undermine the estimation performance of the sensor network. First, we show that it is possible to asymptotically identify the attacked sensors and categorize them into different groups corresponding to different attacks, provided it is known that the set of unattacked sensors is larger than any set of attacked sensors taken over by one attack. Next, we consider joint estimation of the statistical description of the attacks and the parameter to be estimated. It can be shown that the corresponding Fisher Information Matrix (FIM) is singular. To overcome this, a modified quantization approach is proposed, which will provide a nonsingular FIM. Thus, the statistical properties of the attacks and the parameter to be estimated can be accurately estimated with sufficient data, provided that the number of time samples at each sensor is not less than 2. Furthermore, the FIM is employed to provide necessary and sufficient conditions under which utilizing the compromised sensors in the proposed fashion will lead better estimation performance when compared to approaches where the compromised sensors are ignored. Finally, numerical results imply that for some cases, significant estimation performance gain can be achieved by taking advantage of compromised sensors.

Ordering for shift-in-mean of Gauss-Markov random fields with dependent observations

Previous work on ordered transmission approaches showed significant transmission savings but focused entirely on cases with statistically independent observations at a set of sensor nodes. Here we take the first steps toward applying ordering to cases with statistically dependent observations. While we focus on a particular signal detection problem, we choose one of the most well studied problems, detection of a shift-in-mean for a multivariate Gaussian distribution. We employ the well developed theory of decomposable graphical models, and focus on cases where the observations are taken at a set of sensor nodes which can be grouped into a set of cliques. We assume the nodes within a clique are physically close, so that inner-clique communications can be considered extremely inexpensive. We present the computation of the overall likelihood ratio as a new sum, distinctly different from the sum over a set of independent variables, which implies it is possible to employ ordering over the cliques in an attempt to limit the number of communications from each clique to the place where the clique data will be combined. We present results that imply we can often save a significant portion of these transmission, which is lower bounded by half of the number of cliques. We describe necessary conditions for the result to hold and provide numerical results indicating these conditions are satisfied in many cases of practical interest.

Functional Forms of Optimum Spoofing Attacks for Vector Parameter Estimation in Quantized Sensor Networks

Estimation of an unknown deterministic vector from quantized sensor data is considered in the presence of spoofing attacks, which alter the data presented to several sensors. Contrary to the previous work, a generalized attack model is employed which manipulates the data using transformations with arbitrary functional forms determined by some attack parameters whose values are unknown to the attacked system. For the first time, necessary and sufficient conditions are provided under which the transformations provide a guaranteed attack performance in terms of Cramer-Rao Bound (CRB) regardless of the processing the estimation system employs, thus defining a highly desirable attack. Interestingly, these conditions imply that, for any such attack when the attacked sensors can be perfectly identified by the estimation system, either the Fisher information matrix (FIM) for jointly estimating the desired and attack parameters is singular or that the attacked system is unable to improve the CRB for the desired vector parameter through this joint estimation even though the joint FIM is nonsingular. It is shown that it is always possible to construct such a highly desirable attack by properly employing a sufficiently large dimension attack vector parameter relative to the number of quantization levels employed, which was not observed previously. To illustrate the theory in a concrete way, we also provide some numerical results which corroborate that under the highly desirable attack, attacked data are not useful in reducing the CRB.

Distributed joint spoofing attack identification and estimation in sensor networks

Distributed estimation of a deterministic scalar parameter by using quantized data in the presence of spoofing attacks, which modify the statistical model of the physical phenomenon, is considered. The paper develops an efficient heuristic approach to jointly detect attacks and estimate under spoofing attacks that are undetectable by a traditional approach that relies on noticing the data is not consistent with an expected family of distributions. Numerical results show that the proposed approach can correctly identify the attacked sensors with a large number of time observations, and moreover, the estimation performance of the proposed approach can asymptotically achieve the genie Cramer-Rao bound (CRB) for the desired parameter, which is the CRB under the assumption that the set of attacked sensors is known.

Cyber attacks on estimation sensor networks and iots: Impact, mitigation and implications to unattacked systems

Estimation of an unknown deterministic vector from quantized sensor data is considered in the presence of spoofing and man-in-the-middle attacks. First, asymptotically optimum processing, which identifies and categorizes the attacked sensors into different groups according to distinct types of attacks, is outlined in the face of man-in-the-middle attacks. Necessary and sufficient conditions are provided under which utilizing the attacked sensor data will lead to better estimation performance when compared to approaches where the attacked sensors are ignored. Next, necessary and sufficient conditions are provided under which spoofing attacks provide a guaranteed attack performance in terms of the Cramer-Rao Bound regardless of the processing the estimation system employs. It is shown that it is always possible to construct such a highly desirable attack by properly employing an attack vector parameter having a sufficiently large dimension relative to the number of quantization levels employed, which was not observed previously. For unattacked quantized estimation systems, a general limitation on the dimension of a vector parameter which can be accurately estimated is uncovered.

Ordering for Reduced Transmission Energy Detection in Sensor Networks Testing a Shift in the Mean of a Gaussian Graphical Model

Detection of a shift in the mean of a vector following a decomposable Gaussian graphical model (DGGM) is considered, where each component of the vector is measured at a different sensor in a network. We provide a new method eliminating transmissions normally needed in an optimum clustering approach by using ordered transmissions while achieving the same Bayes risk as the optimum clustering approach. In the new approach, the Bayes optimum test statistic is represented as a sum of local test statistics, where each local test statistic depends only on the observations made at one clique in a generalization of the ordered transmission approach previously suggested for statistically independent observations. Hence, we propose to organize the sensors into clusters based on the clique of the DGGM they belong to, and each cluster selects one sensor to be its cluster head (CH). After collecting and summarizing the observed data at each cluster, the ordered transmission approach is employed over the CHs in an attempt to reduce the number of communications from the CHs to the fusion center where the decision is made. It is shown that the developed approach can guarantee a lower bound on the average number of transmissions saved from the ordered transmission approach for any given DGGM which approaches approximately half the number of cliques when the norm of the mean-shift vector in each clique becomes sufficiently large. In all the cases considered, numerical results imply that a significant portion of the transmissions can be saved, and the developed lower bound is obeyed. The development of the appropriate local processing and the proof of savings are highly nontrivial generalizations of ordering for statistically independent observations and this paper represents the first justification of an ordering approach for cases with statistically dependent observations.

Asymptotically optimal truncated hypothesis test for a large sensor network described by a multivariate Gaussian distribution

While recent advances have provided extremely efficient distributed methods for computing optimal test statistics for many hypothesis testing problems occurring in large sensor networks, the popular multivariate Gaussian hypothesis testing problem involving a change in both the mean vector and covariance matrix is not one of these. The difficultly is that these test statistics generally require long range communications. A truncated test is studied which only requires that each sensor shares information with 2k neighboring sensors out of a set of L total sensors. Sufficient conditions are given on the k as a function of L for a given sequence of hypothesis testing problems to ensure no loss in deflection performance as L approaches infinity when compared to the optimal untruncated detector. For several popular classes of system and process models, including observations from some wide-sense stationary limiting processes as L→∞ (after the mean is subtracted), the sufficient conditions are shown to be satisfied for k increasing very slowly compared to L even when the difficulty of the hypothesis testing problem scales in the least favorable manner. Numerical results imply the fixed-false-alarm-rate detection probability of the truncated detector converges rapidly to the detection probability of the optimal untruncated detector.