On Identifying Primary User Emulation Attacks in Cognitive Radio Systems Using Nonparametric Bayesian Classification

Primary user emulation (PUE) attacks, where attackers mimic the signals of primary users (PUs), can cause significant performance degradation in cognitive radio (CR) systems. Detection of the presence of PUE attackers is thus an important problem. In this paper, using device-specific features, we propose a passive, nonparametric classification method to determine the number of transmitting devices in the PU spectrum. Our method, called DECLOAK, is passive since the sensing device listens and captures signals without injecting any signal to the wireless environment. It is nonparametric because the number of active devices needs not to be known as a priori. Channel independent features are selected forming fingerprints for devices, which cannot be altered postproduction. The infinite Gaussian mixture model (IGMM) is adopted and a modified collapsed Gibbs sampling method is proposed to classify the extracted fingerprints. Due to its unsupervised nature, there is no need to collect legitimate PU fingerprints. In combination with received power and device MAC address, we show through simulation studies that the proposed method can efficiently detect the PUE attack. The performance of DECLOAK is also shown to be superior than that of the classical non-parametric mean shift (MS) based clustering method.