Stochastic DoS Attack Allocation Against Collaborative Estimation in Sensor Networks

Ya Zhang, Member, IEEE, Lishuang Du, and Frank L. Lewis, Fellow, IEEE

Abstract—In this paper, denial of service (DoS) attack management for destroying the collaborative estimation in sensor networks and minimizing attack energy from the attacker perspective is studied. In the communication channels between sensors and a remote estimator, the attacker chooses some channels to randomly jam DoS attacks to make their packets randomly dropped. A stochastic power allocation approach composed of three steps is proposed. Firstly, the minimum number of channels and the channel set to be attacked are given.Secondly, a necessary condition and a sufficient condition on the packet loss probabilities of the channels in the attack set are provided for general and special systems, respectively. Finally, by converting the original coupling nonlinear programming problem to a linear programming problem, a method of searching attack probabilities and power to minimize the attack energy is proposed. The effectiveness of the proposed scheme is verified by simulation examples.

I. Introduction

WIRELESS sensor networks (WSNs), which are interconnected by a large number of cooperative wireless sensor nodes, have been extensively applied in many areas [1]. The optimal estimation algorithms based on minimum mean square error, such as Kalman filtering and information filtering, are often used in WSN state estimation for obtaining accurate estimate [2]–[7]. However, due to the wireless communication characteristics of WSNs, attackers can easily monitor the channels in the task domain of the network, inject bitstream into the channel, and replay the previously captured packets [8]–[10]. It is important to conduct in-depth research on attacks in sensor networks.

The research on state estimation of networks under attacks can be classified into two categories: one is secure estimation against attacks, the other is to place the attacks from the standpoint of attackers. Secure estimation in centralized or distributed networks has been studied preliminarily. Chisquare detection and Euclidean detector were used to detect data anomalies caused by attacks [11]–[14]. Scheduling strategies including event triggering strategies were proposed out to mitigate the impact of attacks [15]–[17]. K-means algorithm for classifying trust nodes had also been studied[18]. In [19], a distributed secure estimation problem on GE F404 engine was researched. An efficient distributed resilient estimator and attack detection mechanism for sensor networks under deception attacks on both the system dynamics and sensor intercommunication links were proposed in [20]. A distributed finite-time filter was proposed for discrete time positive systems in sensor networks under random deception attacks [21]. Du et al. [22] studied distributed state estimation problem under deception attacks and denial of service (DoS)attacks, and proposed a novel alternating direction method of multipliers (ADMM)-based distributed state estimation method.

How to allocate attacks is another hot topic [23]–[29]. DoS attacks can cause network congestion and packet losses,which makes the remote estimator difficult to obtain uniformly bounded state estimation errors in the network. Qin et al. [23] studied the optimal attack scheduling scheme of the energy-constrained attacker in packet-dropping networks. The corresponding time-centralized attack strategies were given to maximize the trace of the average estimation error and the terminal estimation error. Similarly, using the Markov decision process, Ding et al. [24] proposed a two-player zerosum stochastic game framework to investigate such a situation: sensors need to select a single channel to send data packets and reduce the possibility of being attacked; at the same time, attackers need to determine the attacked channel under the constraints of energy budget. Cao et al. [25]proposed a probabilistic DoS attack scheme against remote state estimator over a Markov channel in cyber-physical systems. Li et al. [26] designed an attack jamming approach on remote state estimation in cyber-physical systems by using a game theory. Zhang et al. [27], [28] studied a scenario, in which the optimal attack power allocation of energyconstrained DoS attackers to maximize the terminal estimation error was discussed. An attack power allocation mechanism with low cost was put forward. A dynamic attack energy disposal algorithm with ascertained attack capability in each period was also designed. In relevant works, most of the considerations focus on DoS attacks in single channel between the sensor and the remote estimator. Few researches have discussed DoS attack allocation in multiple channels of cooperative sensor networks. In [23] an attack scheduling approach was proposed to maximize the sum of the estimation errors of two remote estimators corresponding to two sensors,with the assumption that each sensor was completely observable. Yang et al. [29] studied DoS attack arrangement within an energy budget in centralized state estimation, and proposed a selection scheme of which sensor to be attacked under the assumption that different kinds of sensors are completely observable.

Although the DoS attack allocation problem has attracted wide attention [23]–[29], to the best of our knowledge, the problem of DoS attack scheduling in collaboratively working sensor networks has not been well addressed in the literature.The main difficulties may come from the following two aspects.

1) The network is composed of multiple heterogeneous sensors and single sensor is not necessarily observable. Unlike previous works [23], [27], [28], where the steady-state value is used to update estimation when there is no attack, in this paper each sensor transmits its measurement and the remote estimator uses the received measurements to update estimation. The existing attack scheduling schemes for remote estimator with one observable sensor cannot be applicable.

2) The attack probabilities and attack energy to be exerted by the attacker to the sensors can be different. The function of the packet dropout probability about attack energy is nonlinear and there is trade-off between collective observability and attack energy. Hence the attack scheduling problem is a nonlinear programming problem with high complexity and computation.

This paper focuses on designing a stochastic scheduling and attack power allocation scheme from the perspective of the energy-constrained DoS attacker, so as to influence the estimation of the collaboratively working sensor network with minimum attack energy cost. An allocation scheme consisting of three steps is proposed. The contributions of this paper contain the following.

1) Unlike attack allocation in single sensor’s communication [23]–[28], in sensor networks, multiple sensors’ channels should be attacked. The minimum number of channels needed to attack and how to select the channels are given.

2) A necessary condition and a sufficient condition on the packet loss probabilities of the attacked channels such that the mean square estimation error of the estimator is divergent are provided.

3) The optimal attack probabilities and attack power with minimum energy consumption to destroy the collective observability of the network are proposed.

Assumption 2: All sensors are clock synchronized and there is no communication delay in the network. When there is no attack in the network, there is no packet dropout. The packet that each sensor transmits at each time instant consists of L bits and the transmission error is of bit-to-bit independent.

The estimator firstly computes the a priori information matrix and vector as following:

Then, the information fusion center updates the a posteriori estimate by using the received information [5]

and

B. DoS Attack Model

There exists an attacker in the network. The purpose of the attacker is to occupy the communication bandwidth by DoS attack, which jams some channels between sensors and the remote estimator and increases the packet loss probabilities.Under DoS attacks, the remote estimator may not estimate the system state successfully.

If the communication channel from sensor sito the estimator is attacked by the attacker, from [30] its SNR(signal-to-noise ratio) is

The transmitted packet of each sensor consists of multiple bits, and only if every bit is received correctly, the packet is considered as successfully received. Then from Assumption 2,the probability of one packet reception is described as [28]

Considering a limited energy budget, there is no need for the attacker to keep implementing DoS attacks to one channel with high attack power at every time. Therefore, we consider the stochastic attack mechanism satisfying the following assumption.

Assumption 3 (Attack Rule): The attacker randomly exerts DoS attacks to part of transmission channels with certain fixed probabilities and power.

Being exposed to attack results in significantly increased packet loss probability. We define another variable di,kto indicate whether the packet of sensor siis successfully received by the remote estimator at time k, where if the packet on the channel from sensor sito the estimator is not received successfully at time k , di,k=1; otherwise, di,k=0.

Due to the stochastic properties of the attacks and packet losses, di,kcan be modeled by a Bernoulli process with distribution

The block diagram for the sensor network under attack is shown in Fig.1.

Fig.1. The estimation network under attack.

C. Attack Allocation Problem

Fig.5. Estimation errors with and without DoS attack: special case.

VI. Conclusions

In this paper, a suboptimal stochastic DoS attack mechanism is designed to destroy the centralized state estimation in wireless sensor networks, which makes the estimation error of the system unbounded with minimum energy consumption. The mechanism is composed of three steps, where the attack node set, the feasible induced packet loss probability set, and the attack probabilities and power are proposed in sequence. This paper focuses on attack management in centralized estimation networks. How to place attacks in distributed estimation networks and delayed networks is of our research interest in future.