Distributed detection is a well studied topic in the detection theory literature [1, 2, 3]. The traditional distributed detection framework comprises of a group of spatially distributed nodes which acquire the observations regarding the phenomenon of interest and send them to the fusion center (FC) where a global decision is made. However, in many scenarios a centralized FC may not be available or in large networks, the FC can become an information bottleneck that may cause degradation of system performance, and may even lead to system failure. Also, due to the distributed nature of future communication networks, and various practical constraints, e.g., absence of the FC, transmit power or hardware constraints and dynamic characteristic of wireless medium, it may be desirable to employ alternate peer-to-peer local information exchange in order to reach a global decision. One such distributed approach for peer-to-peer local information exchange and inference is the use of a consensus algorithm .
Recently, distributed detection based on consensus algorithms has been explored in [9, 7, 4, 5, 6, 8]. In consensus based detection approaches, each node communicates only with its neighbors and updates its local state information about the phenomenon (summary statistic) by a local fusion rule that employs a weighted combination of its own value and those received from its neighbors. Nodes continue with this consensus iteration until the whole network converges to a steady-state value which is the global test statistic. In particular, the authors in [5, 6] considered average consensus based distributed detection and emphasized network designs based on the small world phenomenon for faster convergence . A bio-inspired consensus scheme was introduced for spectrum sensing in . However, these consensus-based fusion algorithms only ensure equal gain combining of local measurements. The authors in  proposed to use distributed weighted fusion algorithms for cognitive radio spectrum sensing. They showed that weighted average consensus based schemes outperform average consensus based schemes and achieve much better detection performance than the equal gain combining based schemes. However, the weighted average consensus based detection schemes are quite vulnerable to different types of attacks. One typical attack on such networks is a Byzantine attack. While Byzantine attacks (originally proposed in ) may, in general, refer to many types of malicious behavior, our focus in this paper is on data-falsification attacks [11, 12, 13, 14, 15, 16, 17, 18]. Thus far, research on detection in the presence of Byzantine attacks has predominantly focused on addressing these attacks under the centralized model [13, 14, 19, 18]. A few attempts have been made to address the security threats in the distributed or consensus based schemes in recent research [21, 22, 23, 24, 25, 20]. Most of these existing works on countering Byzantine or data falsification attacks in distributed networks rely on a threshold for detecting Byzantines. The main idea is to exclude nodes from neighbors list whose state information deviates significantly from the mean value. In  and , two different defense schemes against data falsification attacks for distributed consensus-based detection were proposed. In , the scheme eliminates the state value with the largest deviation from the local mean at each iteration step and, therefore, it can only deal with the situation in which only one Byzantine node exists. It excludes one state value even if there is no Byzantine node. In 
, the vulnerability of distributed consensus-based spectrum sensing was analyzed and an outlier detection algorithm with an adaptive threshold was proposed. The authors in proposed a Byzantine mitigation technique based on adaptive local thresholds. This scheme mitigates the misbehavior of Byzantine nodes and tolerates the occasional large deviation introduced by honest users. It adaptively reduces the corresponding coefficients so that the Byzantines will eventually be isolated from the network.
Excluding the Byzantine nodes from the fusion process may not be the best strategy from the network designer’s perspective. As shown in our earlier work  in the context of distributed detection with one-bit measurements under a centralized model, an intelligent way to improve the performance of the network is to use the information of the identified Byzantines to the network’s benefit. More specifically, learning based techniques have the potential to outperform the existing exclusion based techniques. In this paper, we pursue such a design philosophy in the context of raw data based fusion in decentralized networks.
To design methodologies for defending against Byzantine attacks, fundamental challenges that arise are two-fold. First, how do nodes recognize the presence of attackers? Second, after identification of an attacker or group of attackers, how do nodes adapt their operating parameters? Due to the large number of nodes and complexity of the distributed network, we develop and analyze schemes that would update their own operating parameters autonomously. Our approach further introduces an adaptive fusion based detection algorithm which supports the learning of the attacker’s behavior. Our scheme differs from all existing work on Byzantine mitigation based on exclusion strategies [21, 22, 23, 24, 25], where the only defense is to identify and exclude the attackers from the consensus process.
I-a Main Contributions
In this paper, we focus on the susceptibility and protection of consensus based detection algorithms. Our main contributions are summarized as follows:
We characterize the effect of Byzantines on the steady-state performance of the conventional consensus based detection algorithms. More specifically, we quantify the minimum fraction of Byzantines needed to make the deflection coefficient of the global statistic equal to zero.
Using probability of detection and probability of false alarm as measures of detection performance, we investigate the degradation of transient detection performance of the conventional consensus algorithms with Byzantines.
We propose a robust distributed weighted average consensus algorithm and obtain closed-form expressions for optimal weights to mitigate the effect of data falsification attacks.
The rest of the paper is organized as follows. In Sections II and III, we introduce our system model and Byzantine attack model, respectively. In Section IV, we study the security performance of weighted average consensus based detection schemes. In Section V, we propose a protection mechanism to mitigate the effect of data falsification attacks on consensus based detection schemes. Finally, Section VI concludes the paper.
Ii System model
First, we define the network model used in this paper.
Ii-a Network Model
We model the network topology as an undirected graph , where represents the set of nodes in the network with . The set of communication links in the network correspond to the set of edges , where , if and only if there is a communication link between and (so that, and can directly communicate with each other). The adjacency matrix of the graph is defined as
The neighborhood of a node is defined as
The degree of a node in a graph , denoted by , is the number of edges in which include as an endpoint, i.e., .
The degree matrix is defined as a diagonal matrix with and the Laplacian matrix is defined as
or, in other words, . For example, consider a network with six nodes trying to reach consensus (see Figure 1). The Laplacian matrix for this network is given by
The consensus based distributed detection scheme usually contains three phases: sensing, information fusion, and decision making. In the sensing phase, each node acquires the summary statistic about the phenomenon of interest. In this paper, we adopt the energy detection method so that the local summary statistic is the received signal energy. Next, in the information fusion phase, each node communicates with its neighbors to update their state values (summary statistic) and continues with the consensus iteration until the whole network converges to a steady state which is the global test statistic. Finally, in the decision making phase, nodes make their own decisions about the presence of the phenomenon. Next, we describe each of these phases in more detail.
Ii-B Sensing Phase
We consider an -node network using the energy detection scheme . For the th node, the sensed signal at time instant is given by
where is the channel gain, is the signal at time instant , is AWGN, i.e., and independent across time. Each node calculates a summary statistic over a detection interval of samples, i.e.,
where is determined by the time-bandwidth product. Since is the sum of the square of
i.i.d. Gaussian random variables, it can be shown that
follows a central chi-square distribution withdegrees of freedom under , and, a non-central chi-square distribution with degrees of freedom and parameter under , i.e.,
where is the local SNR at the th node and represents the sensed signal energy over detection instants. Note that the local SNR is times the average SNR at the output of the energy detector, which is .
Ii-C Information Fusion Phase
Next, we give a brief introduction to conventional consensus algorithms . Consensus is reached in two steps.
Step 1: All nodes establish communication links with their neighbors, and broadcast their information state .
Step 2: Each node updates its local state information by a local fusion rule (weighted combination of its own value and those received from its neighbors). We denote node ’s updated information at iteration by . Node continues to broadcast information and update its local information state until consensus is reached. This information state updating process can be written in a compact form as
where is the time step and is the weight assigned to node ’s information. Using the notation , network dynamics in the matrix form can be represented as,
where, is referred to as a Perron matrix. The consensus algorithm is nothing but a local fusion or update rule that fuses the nodes’ local information state with information coming from neighbor nodes and every node asymptotically reaches the same information state for arbitrary initial values.
Ii-D Decision Making Phase
The final information state after reaching consensus for the above consensus algorithm will be the weighted average of the initial states of all the nodes  or , . Average consensus can be seen as a special case of weighted average consensus with . After the whole network reaches a consensus, each node makes its own decision about the hypothesis using a predefined threshold 111In practice, parameters such as threshold and consensus time step can be set off-line. This study is beyond the scope of this work.
where weights are given by 
Note that, after reaching consensus . Thus, in rest the of the paper, is referred to as the final test statistic.
Next, we discuss Byzantine attacks on consensus based detection schemes and analyze the performance degradation of the weighted average consensus based detection algorithm due to these attacks.
Iii Attacks on Consensus based Detection Algorithms
When there are no adversaries in the network, we noted in the last section that consensus can be accomplished to the weighted average of arbitrary initial values by having the nodes use the update strategy with an appropriate weight matrix . Suppose, however, that instead of broadcasting the true sensing statistic and applying the update strategy (1), some nodes (referred to as Byzantines) deviate from the prescribed strategies. Accordingly, Byzantines can attack in two ways: data falsification (nodes falsify their initial data or weight values) and consensus disruption (nodes do not follow update rule given by (1)). More specifically, Byzantine node can do the following
where and are introduced at the initialization step and at the update step , respectively. The attack model considered above is extremely general, and allows Byzantine node to update its value in a completely arbitrary manner (via appropriate choices of , and , at each time step). An adversary performing consensus disruption attack has the objective to disrupt the consensus operation. However, consensus disruption attacks can be easily detected because of the nature of the attack. The identification of consensus disruption attackers has been investigated in the past literature (e.g., see [28, 7]) where control theoretic techniques were developed to identify disruption attackers in a single consensus iteration. Knowing the existence of such an identification mechanism, a smart adversary will aim to disguise itself while degrading the detection performance. In contrast to disruption attackers, data falsification attackers are more capable and can manage to disguise themselves while degrading the detection performance of the network by falsifying their data. Susceptibility and protection of consensus strategies to data falsification attacks has received scant attention, and this is the focus of our work. In this paper, we assume that an attacker performs only a data falsification attack by introducing during initialization. We exploit the statistical distribution of the initial values and devise techniques to mitigate the influence of Byzantines on the distributed detection system.
Iii-a Data Falsification Attack
In data falsification attacks, attackers try to manipulate the final test statistic (i.e., ) in a way that the detection performance is degraded. We consider a network with nodes that uses Algorithm (1) for reaching consensus. Algorithm (1) can be interpreted as, weight , given to node ’s data in the final test statistic, is assigned by node itself. So by falsifying initial values or weights , the attackers can manipulate the final test statistic. Detection performance will be degraded because Byzantine nodes can always set a higher weight to their manipulated information. Thus, the final statistic’s value across the whole network will be dominated by the Byzantine node’s local statistic that will lead to degraded detection performance.
Next, we define a mathematical model for data falsification attackers. We analyze the degradation in detection performance of the network when Byzantines falsify their initial values for fixed arbitrary weights .
Iii-B Attack Model
The objective of Byzantines is to degrade the detection performance of the network by falsifying their data . By assuming that Byzantines are intelligent and know the true hypothesis, we analyze the worst case detection performance of the data fusion schemes. We consider the case when weights of the Byzantines have already been tampered to and analyze the effect of falsifying the initial values . This analysis provides the most favorable case from the point of view of Byzantines and yields the maximum performance degradation that the Byzantines can cause. Now a mathematical model for a Byzantine attack is presented. Byzantines tamper with their initial values and send such that the detection performance is degraded.
where is the attack probability and is a constant value which represents the attack strength, which is zero for honest nodes. As we show later, Byzantine nodes will use a large value of so that the final statistic’s value is dominated by the Byzantine node’s local statistic that will lead to a degraded detection performance. We use deflection coefficient  to characterize the security performance of the detection scheme due to its simplicity and its strong relationship with the global detection performance. Deflection coefficient of the global test statistic is defined as: , where is the conditional mean and
is the conditional variance. The deflection coefficient is also closely related to other performance measures, e.g., the Receiver Operating Characteristics (ROC) curve. In general, the detection performance monotonically increases with an increasing value of the deflection coefficient. We define the critical point of the distributed detection network as the minimum fraction of Byzantine nodes needed to make the deflection coefficient of global test statistic equal to zero (in which case, we say that the network becomesblind) and denote it by . We assume that the communication between nodes is error-free and our network topology is fixed during the whole consensus process and, therefore, consensus can be reached without disruption.
In the next section, we analyze the security performance of consensus based detection schemes in the presence of data falsifying Byzantines.
Iv Performance analysis of consensus based detection algorithms
In this section, we analyze the effect of data falsification attacks on conventional consensus based detection algorithms.
First, in Section IV-A, we characterize the effect of Byzantines on the steady-state performance of the consensus based detection algorithms and determine . Next, in Section IV-B, using probability of detection and probability of false alarm as measures of detection performance, we investigate the degradation of transient detection performance of the consensus algorithms with Byzantines.
Iv-a Steady-State Performance Analysis with Byzantines
Without loss of generality, we assume that the nodes corresponding to the first indices are Byzantines and the rest corresponding to indices are honest nodes. Let us define and .
For data fusion schemes, the condition to blind the network or to make the deflection coefficient zero is given by
The local test statistic has the mean
and the variance
The goal of Byzantine nodes is to make the deflection coefficient as small as possible. Since the Deflection Coefficient is always non-negative; the Byzantines seek to make . The conditional mean and conditional variance of the global test statistic, , can be computed and are given by (3), (4) and (5), respectively. After substituting values from (3), (4) and (5), the condition to make becomes
Note that, when , the blinding condition simplifies to . This condition indicates that by appropriately choosing attack parameters , an adversary needs less than of sensing data falsifying Byzantines to make the deflection coefficient zero.
Next, to gain insights into the solution, we present some numerical results in Figure 2. We plot the deflection coefficient of global test statistic as a function of attack parameters . We consider a -node network with the topology given by the undirected graph shown in Figure 1 to detect a phenomenon. Nodes and are considered to be Byzantines. Channel gains of the nodes are assumed to be and weights are given by (2). We also assume that , and . Notice that, the deflection coefficient is zero when the condition in Lemma 1 is satisfied. Another observation to make is that the deflection coefficient can be made zero even when only two out of six nodes are Byzantines. Thus, by appropriately choosing attack parameters , less than of data falsifying Byzantines are needed to blind the network.
Iv-B Transient Performance Analysis with Byzantines
Next, we analyze the detection performance of the data fusion schemes, denoted as , as a function of consensus iteration in the presence of Byzantines. For analytical tractability, we assume that . We denote by the element of matrix in the th row and th column. Using these notations, we calculate the probability of detection and the probability of false alarm at the th node at consensus iteration .
For sufficiently large , the distribution of Byzantine’s data given is a Gaussian mixture which comes from with probability and from with probability , where
denotes the normal distribution and
Now, the probability density function (PDF) ofconditioned on can be derived as
where (for notational convenience denoted as ) is the PDF of and . Next, for clarity of exposition, we first derive our results for a small network with two Byzantine nodes and one honest node. Later we generalize our results for an arbitrary number of nodes, .
Notice that, for the three node case, the transient test statistic , is a summation of independent random variables. The conditional PDF of is given in (6). Notice that, PDF of is the convolution of , and .
Now, using the fact that convolution of two normal PDFs and is again normally distributed with mean and variance , we can derive the results below.
Due to the probabilistic nature of the Byzantine’s behavior, it may behave as an honest node with a probability . Let denote the set of all combinations of such Byzantine strategies:
where by we mean that Byzantine node behaves as a Byzantine and by we mean that Byzantine node behaves as an honest node. Let denote the indices of honest nodes in the strategy combination , then, from (7) we have
where is used to denote the null set and to denote the cardinality of subset . Using these notations, we generalize our results for any arbitrary .
The test statistic of node at consensus iteration , i.e., is a Gaussian mixture with PDF
The performance of the detection scheme in the presence of Byzantines can be represented in terms of the probability of detection and the probability of false alarm of the network.
The probability of detection and the probability of false alarm of node at consensus iteration in the presence of Byzantines can be represented as
Notice that, the expressions of probability of detection and probability of false alarm for the Byzantine node case involves combinations (cardinality of is ). It, however, can be represented compactly by vectorizing the expressions, i.e.,
). It, however, can be represented compactly by vectorizing the expressions, i.e.,
with , and , where boldface letters represent vectors, symbol represents element-wise multiplication, represents element wise Q function operation, i.e., , is th column of matrix , , matrix is the binary representation of decimal numbers from to and is the matrix after interchanging and in matrix .
Similarly, the expression for the probability of false alarm can be vectorized into a compact form.
Next, to gain insights into the results given in Proposition 1, we present some numerical results in Figures 3 and 4. We consider the -node network shown in Figure 1 where the nodes employ the consensus algorithm 1 with to detect a phenomenon. Nodes and are considered to be Byzantines. We also assume that , , and . Attack parameters are assumed to be and . To characterize the transient performance of the weighted average consensus algorithm, in Figure 3, we plot the probability of detection as a function of the number of consensus iterations when Byzantines are not falsifying their data, i.e., . Next, in Figure 3, we plot the probability of detection as a function of the number of consensus iterations in the presence of Byzantines. It can be seen that the detection performance degrades in the presence of Byzantines. In Figure 4, we plot the probability of false alarm as a function of the number of consensus iterations when Byzantines are not falsifying their data, i.e., . Next, in Figure 4, we plot the probability of false alarm as a function of the number of consensus iterations in the presence of Byzantines. From both Figures 3 and 4, it can be seen that the Byzantine attack can severely degrade transient detection performance.
From the discussion in this section, we can see that Byzantines can severely degrade both the steady-state and the transient detection performance of conventional consensus based detection algorithms. As mentioned earlier, a data falsifying Byzantine can tamper its weight as well as its sensing data to degrade detection performance. One approach to mitigate the effect of sensing data falsification is to assign weights based on the quality of the data. In other words, lower weight is assigned to the data of the node identified as a Byzantine. However, to implement this approach one has to address the following two issues.
First, in the conventional weighted average consensus algorithm, weight given to node ’s data is assigned by the node itself. Thus, a Byzantine node can always set a higher weight to its manipulated information and the final statistics will be dominated by the Byzantine nodes’ local statistic that will lead to degraded detection performance. It will be impossible for any algorithm to detect this type of malicious behavior, since any weight that a Byzantine chooses for itself is a legitimate value that could also have been chosen by a node that is functioning correctly. Thus, the conventional consensus algorithm cannot be used in the presence of an attacker.
Second, as will be seen later, the optimal weights assigned to nodes’ sensing data depend on the following unknown parameters: identity of the nodes (i.e., honest or Byzantine) and underlying statistical distribution of the nodes’ data.
In the next section, we address these concerns by proposing a learning based robust weighted average consensus algorithm.
V A Robust Consensus Based Detection Algorithm
In order to address the first issue, we propose a consensus algorithm in which the weight for node ’s information is assigned (or updated) by neighbors of the node rather than by node itself. Note that, networks deploying such an algorithm is more robust to weight manipulation because if a Byzantine node wants to lower the weight assigned to the data of its honest neighbor in the global test statistic, it has to make sure that a majority of the neighbors of put the same lower weight as . In other words, every honest node should have majority of its neighbors that are Byzantines, otherwise, it can be treated as a consensus disruption attack and Byzantines can be easily identified detected by techniques such as those given in [28, 7].
V-a Distributed Algorithm for Weighted Average Consensus
In this section, we address the following questions: does there exist a distributed algorithm that solves the weighted average consensus problem while satisfying the condition that weights must be assigned or updated by neighbors of the node rather than by the node itself? If it exists, then, under what conditions or constraints does the algorithm converge?
We consider a network with nodes with a fixed and connected topology . Next, we state Perron-Frobenius theorem , which will be used later for the design and analysis of our robust weighted average consensus algorithm.
Theorem 1 ().
Let be a primitive nonnegative matrix with left and right eigenvectors
be a primitive nonnegative matrix with left and right eigenvectorsand , respectively, satisfying and . Then, .
Using the above theorem, we take a reverse-engineering approach to design a modified Perron matrix which has the weight vector , , as its left eigenvector and
as its right eigenvector corresponding to eigenvalue. From the above theorem, if the modified Perron matrix is primitive and nonnegative, then, a weighted average consensus can be achieved. Now, the problem boils down to designing such a which meets our requirement that weights are assigned or updated by the neighbors of node rather than by node itself.
Next, we propose a modified Perron matrix where is the original graph Laplacian, is element-wise matrix multiplication operator, and is a transformation given by
Observe that, the above transformation satisfies the condition that weights are assigned or updated by neighbors of node rather than by node itself. Based on the above transformation , we propose our distributed consensus algorithm:
Let us denote the modified Perron matrix by .
Next, we explore the properties of the modified Perron matrix and show that it satisfies the requirements of the Perron-Frobenius theorem . These properties will later be utilized to prove the convergence of our proposed consensus algorithm.
Let be a connected graph with nodes. Then, the modified Perron matrix , with satisfies the following properties.
is a nonnegative matrix with left eigenvector and right eigenvector corresponding to eigenvalue ;
All eigenvalues of are in a unit circle;
is a primitive matrix222A matrix is primitive if it is non-negative and its th power is positive for some natural number ..
Notice that, and . This implies that has left eigenvector and right eigenvector corresponding to eigenvalue . To show that is non-negative, it is sufficient to show that: , and . Since is the left eigenvector of and , is non-negative if and only if
To prove part , notice that all the eigenvectors of and are the same. Let be the th eigenvalue of , then, the th eigenvalue of is . Now, part can be proved by applying Gershgorin theorem  to the modified Laplacian matrix .
To prove part , note that is strongly connected and,
therefore, is an irreducible matrix . Thus, to prove that is a primitive matrix, it is sufficient333 An irreducible stochastic matrix is primitive if it has only one eigenvalue with maximum modulus.
An irreducible stochastic matrix is primitive if it has only one eigenvalue with maximum modulus.to show that has a single eigenvalue with maximum modulus of . In , the authors showed that when , the original Perron matrix has only one eigenvalue with maximum modulus at its spectral radius. Using a similar logic, is a primitive matrix if
Consider a network with fixed and strongly connected undirected topology that employs the distributed consensus algorithm