A Secure Cooperative Spectrum Sensing Scheme in Mobile Cognitive Radio Networks

The reliability of cooperative spectrum sensing (CSS) can be severely degraded by the falsified spectrum sensing reports provided by malicious secondary users (SUs). However, in existing works, the problem of secure CSS in mobile cognitive radio networks (CRNs) has not been well considered yet. The detection of abnormal sensing reports in existing works does not evaluate both sensing reports and locations of SUs simultaneously. And the mobility pattern of all SUs is assumed to be similar, which is impractical in real mobile CRNs. In this paper, spatial correlation of the received signal strength among SUs is exploited to get the evidence whether the received signal strength is consistent with the location from where it is generated. And Dempster-Shafer theory is used to filter out abnormal reports by combining the evidence collected from the spatial correlation algorithm in each sensing period. To mitigate the adverse effects caused by the SUs’ mobility pattern, a fusion scheme based on SUs’ reputation is proposed. In comparison to the existing schemes, simulation results demonstrate that the proposed secure CSS scheme improves the primary user detection rate by 10% at false alarm rate of 0.1 when the mobility pattern of the SUs is different.


Introduction
Cognitive radio networks (CRNs) are expected to bring evolution to the spectrum scarcity problem through intelligent use of the underutilized or the free spectrum bands [1]. Being capable of utilizing the spectrum in an opportunistic manner, cognitive radio enables secondary users (SUs) to sense the portion of the spectrum that is available, select the appropriate channel for access, and vacate from the channel when the primary users (PUs) return.
Spectrum sensing is a vital phase in CRNs [2]. The goal of spectrum sensing is to detect accurately and reliably, in real time, the presence or absence of primary signals on a spectrum band. In a shadowed or fading environment, the received signal strengths (RSSs) at a SU may vary significantly at different locations. Spectrum sensing is hampered by the uncertainty resulting from channel randomness. To combat these impacts, cooperative spectrum sensing (CSS) schemes have been proposed to obtain the spatial diversity in CRNs [3,4]. In CSS, information from different SUs is combined to make a decision on the presence or absence of the primary user.
CSS requires each SU has the ability to negotiate with another spectrum and network utilization. This negotiation process may be undertaken with the support of networks or simply by proceeding in an ad hoc manner [5]. However, the negotiation process can be manipulated by attackers in various ways, such as spectrum sensing data falsification (SSDF) attack [6]. Beside faulty nodes, according to the motivations, Chen et al. [7] classify the attackers into two types: selfish attacker and malicious attacker. Selfish attacker may report the presence of the primary user when its transmission demands cannot be met. The goal of selfish attacker is to monopolize the specific band sneakily by forcing all other SUs to evacuate it; malicious attacker may report absence or presence of the primary user opposite to its actual spectrum sensing results. The goal of this type of attacker is to prevent other SUs from using the spectrum and causing 2 International Journal of Distributed Sensor Networks a denial of service (DoS) or harmful interference to the PUs. Because of the possible existence of the attackers and the uncertainties in the primary signal from factors such as shadowing, the design of secure CSS is a challenging problem.
According to the cooperative interaction among attackers, there are generally two types of SSDF attacks existing in CRNs, that is, independent attack and collaborate attack [8].
In independent attacks, all the actions of attackers are based on their own observations of the PU's status and there is no information exchanged between the attackers. For example, in [9], the authors model spectrum state transitions using a Markovian model and propose a conditional frequency check (CFC) to counter independent attack in CRNs. In collaborate attacks, a SSDF attacker acts according to local decisions of the honest users or the other attackers. To prevent collaborate attacks, the authors in [10] proposed a prevention mechanisms, which discourage selfish attackers from launching attacks by designing attack detection and punishment strategies. But the proposed prevention mechanisms are ineffective for malicious attackers. Although collaboration among attackers can improve the effectiveness of the damage, it has its own drawbacks. Collaborate attacks require additional infrastructure to coordinate the attackers and increase communication overhead among attackers, which can deplete the resources of the attackers or reduce the concealment of attack. In this paper, we assume that only independent attack exists in CRNs.
Contrary to the conventional CSS, the SUs are not assumed to be trusted a priori in secure CSS. Many secure CSS schemes have been proposed to resist the SSDF attack in literature, where these schemes usually consist of two-stage process: identify malicious SU and filter out contaminated sensing reports and combine the reports that are filtered by the first stage. When the locations of PUs and SUs are unknown a priori, nonlocation based schemes have been developed. For example, an enhanced weighted sequential probability ratio test (EWSPRT) [11] based on Bayesian detection is proposed for secure CSS. However, EWSPRT requires that the knowledge of a priori probability of SU's sensing reports under hypothesis zero and one, such data may be unavailable in practice. A scheme [6] based on abnormality detection techniques is proposed to identify malicious SU. In [12], another scheme based on maximum a posterior estimation is proposed to calculate suspicious level of all SUs. When the suspicious level of a SU is beyond certain threshold, its reports will be temporarily removed from decision making. In [13], robust statistics was used to approximate the distributions for both hypotheses of all nodes, discriminatingly, based on their past data reports. An SU with abnormal estimated parameters will be detected as malicious SU, and its reports will be filtered out. The authors in [14] propose applying the Dixon's test on the SUs' energy data to suppress a malicious secondary user (SU) in centralised fusion based CRNs. When the fusion center (FC) can obtain the location information of the SUs, another type of location based schemes has also been developed. In [15], the authors view the area of interest as a grid of square cells and assumed that the FC can get reliable coordinate of each SU. The proposed mechanism is based on identifying outlier measurements inside each cell, as well as corroboration among neighboring cells in a hierarchical structure to identify cells with significant number of malicious SUs. In [16], spatial correlation among neighboring SUs is exploited to discard the abnormal sensing reports. The reports of an SU may be unreliable due to it moving to a bad location by chance or it submitting manipulated sensing reports. The author in [17] takes into consideration both location-diversity and mobility of SUs, and Dempster-shafer theory is used to combine the credibility of each SU's current and past reports, and the evaluation of trust for current report from each SU is given.
However, existing schemes have two limitations for its application in mobile scenario. Firstly, these schemes either assume the SUs are static or assume that all of the SUs have similar mobility pattern; that is, the average velocity of malicious SUs and honest SUs are the same, and their activity areas are also the same, which is impractical in real cognitive radio networks and may lead to incorrect conclusions. For example, existing schemes assume the number of attackers is always less than honest SUs; however, when the range of attackers' activity area is smaller than the honest SUs' , the attackers will dominate these areas, and such assumption will be invalid there. Secondly, existing works do not evaluate both sensing reports and locations of SUs simultaneously [18], or in other words the detection of abnormal sensing reports only based on the deviation from its neighbor's reports, which is not accurate and may mistake the honest SUs located far away from the PU for malicious SUs or neglect the malicious SUs located near to the PU.
Considering the practical problems and limitations discussed above, we focus on the issue of secure CSS scheme for mobile CRNs. We proposed the Location-Reports Consistency (LRC) test to filter out inconsistent sensing reports (abnormal sensing value or incorrect location information) caused by the uncertainty of the noise or the attacker's malicious behaviors. In the proposed scheme, the Geary's [19] is used to characterize the degree of correlation between sensing results reported by neighboring SUs at each sensing period. By using Geary's , the credibility of each SU's reports is collected. Being in mobile scenario, the neighbors of an SU may be different at each sensing period. Therefore, we propose using Dempster-Shafer theory to update the credibility of SUs' reports at each sensing period, and those inconsistent sensing reports are filtered out. To mitigate the adverse effects caused by the diversity of SUs' mobility pattern, we propose a Reputation based Data Fusion (RDF) scheme, which can efficiently mitigate attackers' negative impact on the final decision while utilizing the benefits it will bring. The SUs' reputations are built up based on Bayesian reputation model. The SU's sensing reports are weighted at the FC, and hence the SU with bad reputation will have less effect on the final decision.
The main contributions of this paper can be summarized as follows.
(i) Propose the LRC test to filter out unreliable reports, which take into consideration both the SU's sensing reports and locations simultaneously.
International Journal of Distributed Sensor Networks 3 (ii) Propose the RDF scheme to weigh each SU's sensing reports based on their reputation value, the proposed scheme updating each SU's reputation value according to its behavior in the areas of different fading.
(iii) In-depth simulation in mobile CRNs shows our proposed secure CSS schemes outperforming existing scheme regardless of the attackers' mobility pattern.
The remainder of this paper is organized as follows. In Section 2, we explained the system model in detail. In Section 3, we give the problem formulation and propose the solution. In Section 4, we evaluate the performance of our solution. Finally, we concluded this paper in Section 5.

System Model
The system is illustrated in Figure 1. We consider a primary transmitter, which is located far away from the CRNs. Thus the entire CRNs lie within the detection range of the primary signal. The CRNs, we considered, mainly urban areas, where trees, building, and so forth, will cause deep fading. Consider SUs collaborating for spectrum sensing. After each sensing period, SUs send their reports, based on their local observations, to a FC. We assume that there exist at most malice SUs and the remaining − SUs are honest. It is reasonable to assume that < . The SUs are mobile and may be present at different locations at different times. And the mobile pattern of honest SUs and malicious SUs are different. The areas of CRNs can be divided into a grid, and each cell in a grid is assumed to have the same pathloss exponent and shadowing parameters of its own [17]. The total number of cells is . In practice, the size or shape of a cell may be chosen differently which depends on the signal propagation environment and shadowing caused by obstacles between PU and SU.

Cooperative Spectrum Sensing Models.
As a key technology for realizing opportunistic spectrum access, spectrum sensing aims to detect the presence of PUs accurately and quickly. Due to its applicability to a wide range of signals and mathematical amenity compared to other detectors, an energy detection spectrum sensing method [20] is used.
Each SU is having an energy detector as shown in Figure 2. The SUs sense the spectrum periodically slot by slot by using energy detection. Assume that the bandwidth of the primary user signal is and sample interval is . At each sensing period, each user senses the local spectrum and takes = 2 samples of the signal measurements. The sample ( ) taken at time by the secondary user can then be written as follows: where 0 and 1 are hypotheses to determine the absence and presence of the PU signal, respectively. ( ) is the signal transmitted from the primary user and ℎ ( ) denotes the gain of the channel between the PU and SU . And V ( ) is  the sample of the zero-mean additive white Gaussian noise (AWGN) with variance 2 . As shown in Figure 2, the output of the energy detector for SU , at th sensing period, is As the number of samples taken becomes sufficiently large, the distribution ( ) ( ) of the test statistic ( ) can be approximated using the central limit theorem as follows [21,22]: where Pr is the received power of a primary signal at the SU . At each sensing period, each SU sends along with its coordinates to the FC. SUs can find their current coordinates, based on localization techniques [23].
Based on the test statistic ( ), the SU then makes a decision of the presence of the PU. The probability of making wrong decisions (false alarm and missed detection) can be defined and calculated as follows: where the (⋅) function is the complementary CDF of the standard Gaussian distribution. And is detection threshold at the FC.

4
International Journal of Distributed Sensor Networks Figure 2: Block diagram of an energy detector.
By cooperation, SUs can share their sensing information for making a combined decision more accurate than the individual decisions [24]. In the CSS, multiple SUs observe the signal from the PU, and the observed signals at the SUs are combined at the FC. Hard and soft combinations are the typical combination strategies. The original sensing information is combined in the soft combination, whereas two-level quantized information is combined in the hard combination. In this paper, we use weighted soft combination to mitigate attackers' negative impact on the final decision.
Let ( ) be the summation of the weighted reports from SUs at th sensing period. The decision statistic of CSS is, thus, where ( ) denote the weighting coefficient for the report of the SU .
Thus, the probability of detection and the probability of false alarm for CSS at th sensing period are given by [21] ) .
In Section 3.1, we will give the method to calculate ( ) in detail.

Signal Propagation Models.
The received primary signal strength at SU at th sensing period can be expressed as the propagation model [25] Pr where is the signal strength at the primary transmitter, a unitless constant which depends on the antenna characteristics and the average channel attenuation (dB) = −20log 10 (4 0 / ), the wavelength, the path-loss exponent, 0 the reference distance, and the distance from the PU's transmitter to the SU at th sensing. And ( ) is the log-normal shadowing from the PU to the SU at th sensing and Ray ( ) is the Rayleigh fading from the PU to the SU at th sensing. It is reasonable to assume that the channel bandwidth is much larger than the coherent bandwidth. Therefore, the effect of Rayleigh fading is negligible [16].

Attack Model.
A malicious SU may alter local spectrum sensing reports on purpose, misleading the fusion center to make the wrong decision. To make his attack action steady, the attacker may also reports incorrect location information.
Here, we consider an independent attack where all the actions of malicious SUs are based on their own observations of the PU's status and there is no information exchanged between the malicious SUs. The fusion center is unaware of the number of attackers and the strategy of attack they employed.
We define two types of SSDF attacks [26] with three parameters: the attack threshold ( ), the attack strength (Δ) and the attack probability ( ).
Selfish Attack. At each sensing period , if attacker's the local observation ( ) is lower than , the attacker sends ( ) + Δ with the probability , instead of ( ); otherwise, it reports ( ). The attacker chooses in order to conceal its malicious behavior. And represent the probability that the attacker has communication demands. Obviously, the attacker launching selfish attack aims to get exclusive spectrum access or making the channel available for other unauthorized users.
Vandalism Attack. At each sensing period , if the attacker's local observation ( ) is lower than , the attacker sends ( ) + Δ with the probability , instead of ( ); if the attacker's local observation ( ) is higher than , the attacker sends ( ) − Δ with the probability . The intention of the vandalism attacker is to both cause interference to PU and inhibit the communication of other SUs.

Secure Cooperative Spectrum Sensing Scheme
In this section we first propose the Location-Reports Consistency (LRC) test to filter out abnormal sensing reports based on spatial data analysis. Due to the difference of fading and shadowing characteristics in different locations of CRNs, the average received signal strength varies with locations [27]. Then according to this characteristic, we propose our algorithms for evaluating the quality of each cell, which is used to construct SUs' reputation value. And finally, to mitigate the adverse effects caused by SUs mobility pattern, a fusion scheme based on SU's reputation is proposed.

Location-Reports Consistency (LRC) Test.
In shadow fading environment, the sensing reports made at the same time but different locations may not be independent [28]. For example, the sensing reports made at nearby locations are may be closer in value than the sensing reports made at locations farther apart. Due to the fact that the correlation between two SUs' reports at the same time is weaker with the distance of them becoming larger [29], the deviation of an SU's reports from its neighbors' reports not always means that it is malicious SU. To determine the credibility of an SU's reports, we must consider the SU's reports and location as a whole. Since the SU can get its coordinate information based on localization techniques [23], we use spatial autocorrelation characters to check the consistencies of the location and sensing value that a SU has reported, that is, the values of the honest SU almost consistent with its location, while it does not for the attackers. To find out the credibility of an SU's reports, Geary's [19] is used to evaluate both sensing results and locations of the SU simultaneously. And Geary's can evaluate whether the SUs' reports are clustered and find out abnormal sensing reports. The SU 's sensing report to the fusion center at th sensing can be expressed as [16] ( ) = Pr ( ) + + , where is the noise power added to the SU 's sensing result and ∼ N(0, 2 / ) is the measurement error of the SU . According to (7), the shadowing component can be calculated by In our system model, SUs in the same cell have same path-loss exponent of that cell. From (11), the correlation in the product of sensing reports and the distance from the PU to the SU { ( ) } preserves the correlation of the shadow fading. So we define a metric ( ) = ( ) and use Geary's statistic to evaluate both the sensing value and location which SUs have reported simultaneously.
Geary's statistic is based on the deviations in responses of each observation with one another, and the definition is given by [19] where is the number of reports received from the cell at th sensing period and 1 , 2 is a weight indicating something about the spatial relationship of SU 1 and 2 . Usually, the weight equals the reciprocal of the distance between two SUs, that is, . And is the mean of ( ), that is, = (1/ ) ∑ =1 ( ). Geary's measures the global spatial autocorrelation of SUs' report in the same cell. It varies from 0 to 2, value 0 indicates strong negative correlation, and value 2 indicates strong positive correlation, and 1 means in the absence of autocorrelation. In order to find out abnormal SUs, we focused on one pair of SU's reports each time. In this special case, = 2, 1 , 1 = 2 , 2 = 0; that is, at th sensing period both the SU 1 and 2 visit the same cell ; the Geary's between SU 1 and 2 is simplified as The average Geary's of the SU 1 at th sensing can be evaluated as where 1 , 2 ( ) is the Geary's between SU 1 and 2 . The expectation and the variance of Geary's of the cell at th sensing are { ( )} and Var{ ( )}, respectively. The details of the expression are given in the Appendix.
Heuristically, when the SU in the cell at th sensing period, the more deviating of 1 ( ) from { ( )}, the more suspiciousness of the SU 's report. However, if malicious SUs dominate the cell, the Geary's of a honest SU also deviates significantly from { ( )}. An accurate credibility of a SU cannot be got only by its sensing report at a single sensing period. The FC may accumulate a certain number of reports from an SU to get its credibility.
To quantify the uncertainty of an SUs reports' credibility, the Dempster-Shafer theory (DST) is used to combine the uncertainty deriving from its sequential sensing reports to determine the overall uncertainty in redevelopment decisionmaking. Traditional probability theory has strict separation of aleatory and epistemic uncertainty. Aleatory uncertainty results from the fact that a system can behave in random ways, while epistemic uncertainty results from the lack of knowledge about a system [30]. Evidence theory can correctly represent epistemic uncertainties from intervals, degrees of belief, and probabilistic information [31]. The motivation for selecting DST to evaluate credibility in CSS can be characterized by the following reasons.
(1) DST allows for the direct representation of uncertainty of system responses to the SU's report where an imprecise system input can be characterized by a set or an interval and the resulting output is a set or an interval.
(2) The evidence gets from one sensing period is imperfect or imprecise; DST can combine evidences from two or more sensing period to form a relatively perfect or precise references.
A SU's sensing report is either consistent with or inconsistent with its locations, so we have a set of hypothesis, that is, frame of discernment, Θ = { , − }, which represent the SU's reports honest with or dishonest with its locations.
According to previous analysis, if the average Geary's of the SU deviates more from the Geary's of cell which the SU is in, the SU's honesty BPA should be lesser. We where ( ) is the average Geary's of SU at th sensing period. { ( )} and Var{ ( )} represent the expectation and the variance of the Geary's of the cell at th sensing period, respectively.
The credibility of the SU 's report can be deduced from its current and past reports. We use DST's combination scheme for updating the SU's bma at each sensing period: The statistic of location-reports consistency test can be denoted by Therefore, if ( ) is smaller than a threshold , the report from the SU at th sensing period is incredible, and this report will be discarded.

Evaluate the Average of the Signal Strength Received from
Each Cell. In the mobile cognitive radio networks, an SU may visit different cells over a period of time. Different cells may have different path-loss and shadowing characteristics, and the distance from the PU may also be different. Thus, the average of receiving signal strength of the PU may be different significantly at different cells. We can classify the cells according to the average of receiving signal strength of the PU from each cell. The reports from a low quality cell will be unreliable. However, it is unrealistic to have prior knowledge of fading and shadowing characteristics of all the cells, and many data-mining approaches cannot be applied without training data. In this section, we will evaluate the quality of each cell. We evaluate the quality of each cell for two reasons: (1) to give low weight to the reports come from the low quality cells and (2) to use these results to check the SUs intention and construct SUs' reputation value. We will detail this reason in Section 3.3.
The authors of [17] proposed a solution to evaluate the quality of each cell, but they assumed that all the SUs have similar mobility pattern. The simulation results show that their solution achieves poor performance, if the malicious SUs and the honest SUs have different mobility patterns. This is because the authors simply sum all of reports from the cell in every sensing period and average the summation to evaluate the quality of the cell. If a malicious SU lingered in the cell , its reports would be in the majority of all reports from the cell , and the evaluation process of the cell would be affected by the malicious SU. To overcome this drawback, we propose a new approach which performs well in the mobile cognitive radio networks; even the malicious SUs and the honest SUs have different mobility pattern. The intuition of the proposed approach is that each SU evaluates the quality of each cell, respectively, and the final evaluation of each cell's quality is based on the average of each SU's evaluation.
Let , be the report of SU at th sensing and , be the probability of SU in cell at th sensing. Then after times sensing, the expected total number of reports generated by the SU from cell is ∑ =1 , , and the expected sum of reports generated by the SU from cell is ∑ =1 , , .
Then, the average sensing reports of the SU from the cell , denoted as , is We denote by and the probabilities that the PU is busy or idle, respectively.
International Journal of Distributed Sensor Networks 7 Then , = * ( | H 0 ) + * ( | H 1 ) . (20) After some algebra, the expectation of can be express as It means that ( ) can be used to evaluate the quality of the average signal strength received from the cell .
The variance of can be express as Notice that 0 ≤ is decreases monotonically as increase.
Therefore ( ) decreases monotonically as increases, and According to Proposition 1, ( ) can be interpreted as the evaluation of the average signal strength received from the cell given by SU . And the accuracy of this evaluation improves as the number of sensing period increases. For convenience of exposition, ( ) will be referred to as the evaluation of the quality of the cell given by SU . Considering sensing periods of observations, using empirical distribution function [32], ( ) can be estimated as where ( ) = 1 for SU in cell at th sensing, otherwise is 0. We denote Avg ( ) = { }; let Avg( ) = {Avg 1 ( ), Avg 2 ( ), . . . , Avg ( )} be the set of evaluations for the quality of the cell given by each SU. The quality of the cell can be simply computed by averaging all the values in the set Avg( ). However, this method is not robust and can be easily manipulated by malicious SUs. Therefore, we use // initialize variables used in the algorithm (1) For ∀ , ∀ , = { }, Avg ( ) = 0, dim = 0, = 0, and ( ) = 0 (2) for each sensing slot (3) for each cell , = 1, 2, . . . , (4) for each SU , = 1, 2, . . . , (5) if SU in at th sensing period, else (12) Avg ( ) = 0 (13) end if (14) end for (15) using (25) Therefore, the proposed algorithm for evaluating the quality of a cell is summarized in Procedure 1.

The Reputation Based Data Fusion (RDF) Scheme.
The LRC test can detect whether an SU has reported manipulated sensing value or location information, but it did not consider the reliability of the reports of neighbors; that is, although an SU's report shows high spatial correlation among its neighbors' reports in the same cell, its neighbors' reports are not always reliable. Because the average strength of sensing value reported from different quality cells is different. If the strength of a sensing value reported from low quality cell is higher than the average strength of sensing reports that the FC has received at th sensing period, this sensing report may be unreliable. Likewise, if the strength of a sensing value reported from high quality cell is lower than the average strength of sensing reports that the FC has received at th sensing period, this sensing report may also be unreliable. We exploit this characteristic to construct SUs' reputation value. Therefore, to mitigate the adverse effects caused by SUs mobility pattern, we proposed a new reputation based data fusion (RDF) scheme to provide a better fusion performance. The idea is to assign different weights based on SUs' reputation value to their sensing reports. The FC then forms a weighted sum, which is compared to a threshold to decide whether the PU is active or not.
In this paper, we apply the Bayesian reputation model [34] for the SUs' reputation value update and assign weight dynamically according to the reputation of each SU. The advantage of Bayesian reputation model is that they provide a sound mathematics basis for computing each SU's reputation value. Let us denote to be the probability where the SU acts honestly, and the parameter , represents the amount of positive feedback provided by the FC when the SU sends its top sensing reports to the FC. And the parameter , represents the amount of negative feedback provided by the FC when the SU sends its top sensing reports to the FC. Then the probability density function of , which is called the SU 's reputation function, can be expressed using gamma function Γ as where 0 ≤ ≤ 1, , ≥ 0, , ≥ 0. The probability expectation value of the SU 's reputation function can be written as where ( ) is called the SU 's reputation value at th sensing period. ( ) can be interpreted as the probability that the SU is expected to behave in future action.
The weights in soft combination scheme are assigned based on each SU's reputation value. And the weighting coefficient for the report of the SU is defined as In the following, we give the derivation of , and , and consequently get the SU 's reputation value ( ).
At th sensing period, an SU sends its sensing report to the FC, and the impact on building up its reputation can be represented as where ( ) denote the SU reputation value gained at th sensing period, ( ) denote the strength of the SU 's sensing report from the cell at th sensing period, ( ), defined in (30), is the average strength of sensing reports which are survived from LRC test, I(⋅) is the indicator function returning 1 when the statement in the parenthesis holds true and 0 otherwise, is the threshold which is used in LRC test, ( ) is the quality of the cell , is the median of the cell's quality among all cells, and = median 1≤ ≤ ( ).
If ( ) which comes from low quality cell is higher than ( ), the SU 's reputation value will be decreased. Likewise, if ( ) which comes from high quality cell is lower than ( ), the SU 's reputation value will also be decreased. In other cases, the SU 's reputation value will be increased.
The SU may change its behavior over time, and, due to sensing error or other random factors, the SU 's early reports may not always accurately reflect its true intention. We introduced the forgetting factor to give less weight to old feedback than recent feedback.
Then , and , can be updated as According to (6) and (27)- (31), the probability of detection Q and false alarm Q for CSS system based on proposed scheme over sensing period can be calculated [17]: 0 ( ) = 1 denote the PU is active at th sensing, and 1 ( ) = 1 denote the PU is inactive at th sensing.

Performance Evaluations and Discussions
In this section, we will evaluate our CSS scheme by comparing it with LRMI [17]. We first describe the simulation setup and then we will set up a simulation for two types of attacks and statistically compare the performance between our proposed scheme and LRMI.

Simulation Setup.
In the simulations, the cognitive radio (CR) network is located within a 1000 m × 1000 m square area and the area is divided into = 9 cells of equal size. = 20 SUs moves according to the random waypoint mobility model [35]. Each SU moves with average velocity and a maximum idle time of 30 s. Honest and malicious SUs have different mobility pattern, that is, the average velocity of honest and International Journal of Distributed Sensor Networks 9 malicious SUs are and , respectively. And the number of activity cells for honest and malicious SUs are AC and AC , respectively. The path-loss exponent for each cell is randomly selected from 3 to 6. In the log-normal shadowing model, the standard deviation for each cell is randomly selected from 2 to 20 dB. The PU is located 1000 m away from the center of the area. The probability of presence and absence PU signal are both 0.5. The PU transmit power is 200 mW. For the local spectrum sensing, the bandwidth-time product is = 5 [36]. The local sensing time is 1 ms. The SU sense every 1 s, and in the simulation we take the sensing time, is = 120 s. The SUs send their sensing result and their location coordinates to the FC during each sensing period. The noise power is −110 dBm. Among the = 20 SUs, there are = 2, 4, 6, 8 SSDF attackers. In the simulation, we assume attackers launch vandalism attack with the attack probability = 0.8, and the attack threshold , and the attack strength is −109 dBm and Δ ∼ N(−10 dBm, −5 dBm), respectively. The threshold used in LRC test is 0.5, and the forgetting factor in RDF is 0.9.

Comparison of Detection Performance.
Without attackers, SU's mobility increases spatiotemporal diversity in received primary signal strengths and thus improves the sensing performance [37]. If the malicious SUs are in the minority and the mobility models are the same for all SUs, as the average velocity of SU is increased, the performance of CSS improves [17]. To evaluate the influence of different mobility pattern of honest and malicious SUs on the performance of PU detection, we first study the performance of LDMI [17] and the proposed LRC-RDF with different average velocity of honest and malicious SU. Figure 3 shows that there is litter difference between the performance of LDMI and LRC-RDF for PU detection when honest and malicious SUs have the same average velocity. When the average velocity of malicious SU is different from the average velocity of honest SU, LRC-RDF performs better than LDMI. When the average velocity of malicious SU is slower than the average velocity of honest SU, the performance of PU detection is lower than that when the average velocity of malicious SU is faster than the average velocity of honest SU. Thus the velocity of malicious SU can affect the performance of PU detection. Figure 4 shows the performance of PU detection when there are = 4 malicious attackers, and the number of malicious attackers' activity cells is smaller than the number of honest SUs' activity cells. And we consider a worse case when the 4 malicious attackers selected same activity cells. We find that LRC-RDF outperforms LDMI on the performance of PU detection when the number of malicious attackers' activity cells is smaller than the number of honest SUs' activity cells. For example, when malicious attackers are moving around in the same 6 cells, the improvement of the detection rates by 10% at the false alarm rate of 10%. The smaller the number of malicious attackers' activity cells, the greater the impact on the performance for PU detection. When all of   malicious attackers stay in a cell, the performance of PU detection will be severely damaged.

Impact of SU.
We study the performance of LRC-RDF for PU detection in mobile CRNs when the honest SUs and attackers have the same mobility pattern. Figure 5 shows when the   honest SUs and attackers have the same mobility pattern, as the average velocity of SUs increases and, keeping the number of attackers constant, the system performance improves.
Keep the average velocity of SUs constant, as the number of attackers increases, the system performance decreases. Thus when honest SUs and attackers have similar models and mobility patterns, increasing in SUs' average velocity helps to improve the system performance. The attacker launches vandalism attack during 1200∼1500 sensing rounds. Figure 6, parameterized by the number of attackers. It is shown that as the sensing time increases, the performance of PU detection using LRC-RDF increases. When sensing time reaches up to some degree, increasing the sensing time will no longer help to increase the performance of PU detection.

Impact of
The Performance of RDF. The SUs' reputation weights are shown in Figure 7, in the presence of one attacker. The attacker launches vandalism attack during 1200∼1500 sensing rounds, and in other sensing rounds it does not launch attack. From Figure 7, we observe that the average weights for honest SUs almost maintain a relatively high level while the attacker has been assigned a low weight. The proposed RDF scheme can effectively identify attackers and mitigate attackers' impact on the final decision.

Conclusions
The design of a secure CSS scheme is a challenge task in mobile CRNs. In this paper, we have studied the performance of CSS when the areas of the CRNs have different path-loss and fading parameters. Our proposed secure CSS scheme requires no prior knowledge of the attackers' or honest SUs' mobility pattern, which is more practical in considering the dynamic attacking behaviors. The LRC test is proposed to filter out the SUs' abnormal sensing reports according to their spatial locations. To mitigate the adverse effects caused by SUs mobility pattern, a fusion scheme based on SU's reputation value is proposed, which can efficiently mitigate attackers' negative impact on the final decision while utilizing the benefits it can bring. The mobility pattern found can be exploited by malicious SUs to increase the damage to the CSS. The simulation results have shown the robustness of the proposed LRC-RDF scheme against malicious SU attack in mobile CRNs.