Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Cooperative Statistical Approach for Abnormal Node Detection with Adversary Resistance

Yingying Huangfu, Tian Bai

TL;DR

This work tackles abnormal node detection in clustered networks under adversarial data falsification. It introduces Cooperative Statistical Detection (CSD), which combines a likelihood ratio test (LRT) for forwarding-behavior assessment with a modified Z-score mechanism to filter falsified data. The authors prove that, with an optimal Z-score threshold $z_{thr}=1$, the false alarm and miss probabilities decay exponentially under certain conditions, and derive the optimal removal strategy to guarantee robust performance even when malicious detectors cooperate. Empirical results show CSD achieving near-perfect detection in regular cases and substantial resilience against falsification, outperforming state-of-the-art methods in efficiency and robustness. These contributions advance secure, efficient abnormal-node detection for resource-constrained, clustered networks.

Abstract

Distinguishing abnormal nodes from those with normal packet loss in clusters helps reduce the loss of clustered network resources. The detection performance of existing detection schemes is limited by the techniques to quantify node behaviors, and most schemes cannot avoid being misled by the falsified information. This paper presents a novel probabilistic abnormal node detection scheme CSD -- Cooperative Statistical Detection -- for accurate and efficient detection in the existence of falsified detection data in clustered networks. Specifically, employing the likelihood ratio test (LRT) based detection method to measure node forwarding behaviors, we propose a modified Z-score based falsification-resistant mechanism to filter out falsifications. We show that both the false alarm and missed detection probabilities can decrease exponentially if and only if the transmissions from the nodes falsifying the data are less than half of the total. Furthermore, the optimal threshold of the modified Z-score method is derived, which guarantees perfect detection of our CSD under any falsification strategy in the proposed detection model. Evaluation results validate the effectiveness, robustness, and superiority of our scheme compared to the state-of-the-art.

A Cooperative Statistical Approach for Abnormal Node Detection with Adversary Resistance

TL;DR

This work tackles abnormal node detection in clustered networks under adversarial data falsification. It introduces Cooperative Statistical Detection (CSD), which combines a likelihood ratio test (LRT) for forwarding-behavior assessment with a modified Z-score mechanism to filter falsified data. The authors prove that, with an optimal Z-score threshold , the false alarm and miss probabilities decay exponentially under certain conditions, and derive the optimal removal strategy to guarantee robust performance even when malicious detectors cooperate. Empirical results show CSD achieving near-perfect detection in regular cases and substantial resilience against falsification, outperforming state-of-the-art methods in efficiency and robustness. These contributions advance secure, efficient abnormal-node detection for resource-constrained, clustered networks.

Abstract

Distinguishing abnormal nodes from those with normal packet loss in clusters helps reduce the loss of clustered network resources. The detection performance of existing detection schemes is limited by the techniques to quantify node behaviors, and most schemes cannot avoid being misled by the falsified information. This paper presents a novel probabilistic abnormal node detection scheme CSD -- Cooperative Statistical Detection -- for accurate and efficient detection in the existence of falsified detection data in clustered networks. Specifically, employing the likelihood ratio test (LRT) based detection method to measure node forwarding behaviors, we propose a modified Z-score based falsification-resistant mechanism to filter out falsifications. We show that both the false alarm and missed detection probabilities can decrease exponentially if and only if the transmissions from the nodes falsifying the data are less than half of the total. Furthermore, the optimal threshold of the modified Z-score method is derived, which guarantees perfect detection of our CSD under any falsification strategy in the proposed detection model. Evaluation results validate the effectiveness, robustness, and superiority of our scheme compared to the state-of-the-art.
Paper Structure (20 sections, 6 theorems, 17 equations, 3 figures, 4 tables)

This paper contains 20 sections, 6 theorems, 17 equations, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. State of the Art
  3. Regular Abnormal Node Detection
  4. Abnormal Node Detection with Adversarial Strategy
  5. Limitations
  6. Contributions
  7. Preliminaries
  8. Network and Threat Model
  9. Decision Rules of the LRT-based Method
  10. Problem Definition
  11. Proposed Solution
  12. The CSD scheme Through Removing Untrustworthy LLRs
  13. Falsification Strategy
  14. Modified Z-Score Method
  15. Decision Rules of the CSD
  16. ...and 5 more sections

Key Result

Proposition 1

In regular scenarios, the perfect detection of the proposed LRT-based detection method is guaranteed if and only if the PLR of the abnormal node ($q_{m}$) exceeds the critical detection point ($\beta$), that is, $q_{m} > \beta$, regardless of the distribution of the number of packets.

Figures (3)

  • Figure 1: The principle of adversarial attacks. $v_{m}$: the cluster head to be checked if abnormal; $v_1,\ldots,v_j$: malicious cluster nodes; $v_{j+1},\ldots,v_{|\mathcal{C}_{m}|}$: benign cluster nodes.
  • Figure 2: FAP vs. MDP.
  • Figure 3: Performance on resisting falsified detection data. "with FRM" -- CSD with falsification-resistance mechanism; "w/o FRM" -- CSD without falsification-resistance mechanism.

Theorems & Definitions (14)

  • Definition 1: Perfect Detection
  • Definition 2: Critical Detection Point
  • Proposition 1
  • Lemma 1
  • proof
  • Definition 3: Supremum Packet Ratio with Falsified Data
  • Lemma 2
  • proof
  • Lemma 3
  • proof
  • ...and 4 more