Distributed Detection in Wireless Sensor Networks under Byzantine Attacks

Distributed detection in wireless sensor networks (WSNs) under Byzantine attacks is studied in this paper. A new kind of Byzantine attacks, neighborhood malicious Byzantine attacks (NMBA), is proposed. In this type of Byzantine attacks, part of sensors is conquered and reprogrammed by an intelligent adversary. These sensors then are conducted to send false information to the fusion center (FC) in order to confuse it. We see that the attacking performance of NMBA is very close to that of collaborative malicious Byzantine attacks (CMBA) and outperforms independent malicious Byzantine attacks (IMBA). Decision fusion becomes impossible when attacking power which is the fraction of compromised sensors in WSNs exceeds a specific value. A closed-form expression for the value is derived. For mitigating attacking effect brought by NMBA, a strategy for estimating the attacking power is proposed. Furthermore, a scheme to identify Byzantine attackers is presented. Two kinds of discrepancy distance are constructed in this paper to help in identifying Byzantine attackers. We prove that most of Byzantine attackers are identified and performance of the identifying scheme is proved to be excellent. A data fusion scheme based on both dynamic threshold and the identifying scheme is analyzed in this paper. Numerical results are also provided to support the schemes and approaches.


Introduction
Wireless sensor networks (WSNs) consist of a large number of tiny power-limited sensors that are densely and spatially deployed to monitor physical phenomena.When detecting a target in the region of interest (ROI), all the sensors in network report their findings to the fusion center (FC) where a global-final decision is made.For the advantage of easy deployment and fast self-organization, WSNs have been widely used [1].Due to the increasing importance of being used in both military and civilian applications, it is imperative to incorporate secure localization and detection into WSNs.However, limited by both the processing capability and power supply of sensor nodes, secure detection in WSNs has been a challenging task.WSNs are also vulnerable to tampering.A serious threat to WSNs is Byzantine attacks where some authenticated sensor nodes have been fully controlled by an intelligent adversary.These compromised sensors are dispatched to disrupt or confuse the FC.While Byzantine attacks may, in general, refer to many types of Byzantine behaviors [2,3], our focus in this paper is on Byzantine attacks in terms of data-falsification.In this type of attack, compromised nodes are reprogrammed and then forced to send falsified data to the FC in order to undermine the inference performance of network.The main goal of Byzantine attackers is to havoc performance of the FC as much as possible so that decider at the FC is unable to utilize sensors' information to determine the presence of target correctly.
An important task that WSNs need to perform is target detection, which is imperative for an accurate tracking of target.In the context of Byzantine attackers attempting to disrupt the network, a reliable algorithm of detection needs to be introduced.In [4,5], several algorithms have been developed for secure detection and localization in WSNs.The techniques based on direction of arrival (DOA) and time of arrival (TOA) (or time-difference-of-arrival (TDOA)) have been investigated in [4] and [5], respectively.However, the TDOA is not suitable for detecting target because sensor nodes are narrow band and lack accurate synchronization.Several researchers have focused on developing techniques that do not suffer from imperfect time synchronization.For example, scheme of measuring intensity of signal energy is 2 International Journal of Distributed Sensor Networks used to detect target.Therefore, convenience of the energybased method gives feasibility to detect and localize a target through detecting energy.In [6,7], each cognitive radio adopts an effective detection scheme based harvesting energy to make its decision and determine whether there is a licensed user requesting to occupy the spectrum band.Each cognitive radio sensor detects intensity of signal and measures the energy received.If the measured energy is greater than a properly predefined threshold, the current spectrum is busy.Otherwise, the current spectrum is idle.We adopt this scheme in this paper to detect whether there is a target in the ROI.
Marano et al. have investigated distributed detection in the presence of Byzantine attacks in [8,9], where Byzantine attackers are assumed to have a complete knowledge about the true hypotheses.In their system model, the authors assumed that the FC did not know which sensor node was Byzantine attacker.Though the FC did not know which sensor node was Byzantine attacker, it knew average percentage of compromised sensor nodes or upper bound of the average.Vempaty et al. have also analyzed the problem of distributed detection under Byzantine attacks in [10].However, they did not assume that the Byzantine sensors had a complete knowledge about true hypotheses.Instead, they assumed that the Byzantine sensors made decisions about the presence of target through their own observations.In other words, each Byzantine sensor potentially flips the local decision made at the node.The performance of network has also been analyzed in the context of presence of independent and collaborative Byzantine attacks, respectively, in [10].In addition to the analysis of distributed detection in the presence of Byzantine attacks, an adaptive learning scheme that mitigated the effect brought by Byzantine attackers has been proposed by Vempaty et al. in [10].The scheme identifies Byzantine sensors through observing the ratio value of deviations between the estimated behavior of ith sensor and the expected behavior of an Honest sensor to the estimated behavior of ith sensor and the expected behavior of a Byzantine sensor.If the value is greater than 1, the FC declares the sensor to be Byzantine.Otherwise, the FC tags the sensor as Honest.In order to maximize the performance of decision fusion, the FC then removes those decisions that are from sensors tagged as Byzantine when the FC makes a global decision at the next time.
In literature [10,11], analysis of performance of the network under independent and collaborative malicious Byzantine attacks has been performed, respectively.When a target enters into the monitoring region, the ith compromised sensor node has a detection and makes a local/original decision.In the case of independent malicious Byzantine attacks (IMBA), the local decision of ith compromised sensor completely depends on its own observation.In the case of collaborative Byzantine attacks (CMBA), the local decision of ith compromised sensor depends on not only its own observation but also decisions from the remaining compromised sensors.In the scenario of IMBA, though Byzantine sensor can make multiple observations in a proper time window and average these observations in order to reduce the effect of additive noise, it is not effective significantly when Byzantine sensor nodes stay far away from a target in the ROI.In addition, a sensor that adopts IMBA has no way to conquer a certain degree of blind flipping of its own decision.In the situation of CMBA, each Byzantine sensor communicates with the left compromised sensors and refers to their decisions before determining its own local decision.Although CMBA produces remarkable improvement in attacking effect, much energy has been consumed in communication among Byzantine sensors, especially when Byzantine sensor nodes are deployed sparsely.In addition to analysis of performance of distributed detection in the presence of Byzantine attacks, the blinding attacking power  has been obtained.The blinding attacking power ( blind ) is equal to 0.5 and 0.35 in the case of IMBA and CMBA, respectively [11].Motivated by this, we propose a new Byzantine attacks model named after neighborhood malicious Byzantine attacks (NMBA).NMBA is such a kind of attacks model where each compromised sensor node in the network determines whether there is a target or not in the ROI depending on not only its own local decision but also a certain amount of decisions coming from Honest sensors which are nearest around the compromised sensor.Then each Byzantine sensor node employs a majority strategy among decisions to make a final local decision.At last the Byzantine sensor node flips the final local decision confidently and sends false decision to the FC.
Attacking power  which is also termed indicator of the vulnerability of the sensor networks is a crucial performance metric [12,13].We assume that there are a large number of sensor nodes deployed in the ROI.According to the law of large numbers,  is equal to the ratio of number of compromised sensors to the total number of sensors in the network ( ∈ [0, 1]).In practice, although the FC knows the presence of Byzantine sensors in the network, decider at the FC can hardly determine the exact attacking power [14].If the decider knows the attacking power, it is convenient for the FC to adopt a robust strategy to mitigate the negative effect caused by Byzantine attackers [15,16].In this paper, we propose a simple and effective scheme to determine the attacking power in the perspective of decider at the FC.After the attacking power is estimated, two kinds of discrepancy distance which are used to help in identifying Byzantine sensors are constructed in this paper.
An effective scheme of decision fusion plays an important role in the FC [17][18][19].Many literatures focused on the mitigation of Byzantine attacks and developed algorithms to design a static and identical threshold for decision making at the FC [11,14].Several authors have proposed online learning of normal trajectory patterns for detection in trajectory in [20].In this paper, we propose an effective scheme based on both dynamic threshold and identifying Byzantine attackers for decision fusion at the FC.
The paper is organized as follows.In Section 2, we describe our system model including detection model and NMBA attacking model.In order to formulate the problem of distributed detection in WSNs clearly, we divide the process of decision fusion into three hierarchies or stages in this section.The attacks model of NMBA is proposed at the first stage which is different from independent Byzantine attacks and collaborative Byzantine attacks.The performance metric is also presented.In Section 3, we determine the optimal attacking strategy in the perspective of Byzantine attackers and closed-form expression for blinding region is derived.Comparison among IMBA, CMBA, and NMBA is also performed and numerical results are provided at the same time.From the perspective of network designer, we propose a fusion scheme based on dynamic threshold to make a reliable global decision and analyze how the FC identifies Byzantine attackers to enhance the fusion performance in Section 4. The attacking power is also estimated.Finally, we present our conclusion in Section 5.

Detection Model.
A network with  sensor nodes which are spatially deployed in the ROI is considered.All sensor nodes in this network are independent on functionality.Each sensor makes a decision independently after detection.As illustrated in Figure 1, the sensor nodes which are denoted as symbol of plus are shown to be deployed on a regular grid and intensity of energy attenuated as the distance from the target that is represented as blue star increases.It is worth mentioning that the detection scheme based on harvesting energy is capable of handling any kind of deployment as long as the location information of each sensor node is available at the FC.The uniform sensor deployment shown in Figure 1 is only a special case.In any one kind of deployment,  sensor nodes can correctly detect a target when the target intrudes at the position  = (  ,   ), where   and   denote the coordinate of this target location in 2D Cartesian.We introduce an isotropic intensity of signal attenuation model as follows: where   is the signal amplitude received at ith sensor and  0 is the emitted power measured at a reference distance  0 . is the power decay exponent, and  E, is the Euclidean distance between the target and ith sensor: in which (  ,   ) are the coordinate of ith sensor.For simplicity but without loss of generality in this paper, we let  = 2,  0 = 1 [10].As a result, (1) can be expressed as Equation ( 3) is a quite general model for signal attenuation of electromagnetic wave that propagates isotropically in free space.However, when the signal of energy arrives at ith sensor, it has been contaminated by additive white Gaussian noise in practice.Therefore, the signal amplitude received at ith sensor is expressed as   =   +   , in which   is Gaussian noise which follows standard normal distribution.
Here, we assume that all sensors in the network have the identical additive white Gaussian noise, that is,   ∼ (,  2 ),  = 1, 2, . . ., .Each sensor node needs to quantize the received signal of energy because of its limitations of bandwidth and energy and sends quantized binary measurements to the FC.Threshold of quantizers is adopted in this work for its simplicity of both easy implementation and analysis as follows: where d and   are local decisions made by ith sensor after quantizing the received signal and a predefined threshold adopted by ith sensor, respectively.In this paper, we assume that all of the sensors share the identical threshold; that is,   = ,  = 1, 2, . . ., .
In this work, the classical distribution detection model is taken into account where two hypotheses are considered.Each sensor solves hypothesis testing problem and makes a local decision on either hypothesis  0 (target is absent) or  1 (target is present).We consider the scenario that the adversary knows the complete information about the location of sensors and is capable of attacking all the sensors simultaneously.Due to the constraint of budget, the Byzantine attackers conquer only a part of nodes in the network to deteriorate capability of inference performance of network.These Byzantine sensors transmit false decision to the FC in order to deteriorate inference performance of the network.We assume that the channel between the FC and local sensors is error-free.The original or local one-bit decision generated at ith sensor node is denoted as d ∈ {0, 1},  = 1, 2, . . ., .Then the ith sensor reports one-bit decision   to the FC where   = d if ith sensor is Honest.For a Byzantine sensor, the local original decision   need not be equal to d in our attacks model.
Let   and   be the number of Honest and Byzantine sensors, respectively.The total number of sensors can be expressed as  =   +   and the number of Byzantine sensor nodes   is equal to  ⋅ .In the perspective of International Journal of Distributed Sensor Networks Byzantine attackers, conquering  sensors is not a wise strategy for the adversary itself at the risk of exposed activity.The main goal of adversary is to compromise a fraction of sensors to degrade the performance of the FC instead of capturing the network with a huge cost.Therefore, we have   < .We use    () = Pr( d = 1 |  1 , ) and   fa () = Pr( d = 1 |  0 , ) to denote the probability of detection and false-alarm of ith sensor, respectively.We use  to present a sensor node to be Honest and  ∈ {1, 2, . . .,   }.The detection probability of ith sensor can be expressed as Similarly, the false-alarm probability of th sensor can be expressed as where (⋅) is the complementary distribution function of the standard Gaussian When a target intrudes into the ROI, each sensor node starts to sense and record the energy propagated from the target using detection scheme based on harvesting energy [21].
We let each sensor perform  observations in a small time window  where target is assumed to be static.This is a reasonable assumption.For example, if the sampling rate of each sensor is 6000 Hz, a target with a speed of 100 km/h only moves 0.25 m during  = 54 sampling intervals [22].
The In order to formulate the problem in the process of decision fusion, we divide the process into three hierarchies/stages.As illustrated in Figure 2, ith sensor makes a local/original vector of d and sends the vector d  into the FC after d is probably "attacked" at the first stage.A decision matrix D is formulated from which the vector of global decision z = ( 1 ,  2 , . . .,   ) is mapped at the second stage.At the last stage, a global-final decision  is mapped from vector z at the FC.

Natural state
The fusion center neighbors to consult and   ≤   .In order to facilitate analysis, we assume that the scenario of many Byzantine sensors flocking together does not happen.Namely, the whole Byzantine sensor nodes are deployed sparsely by intelligent adversary in the ROI.In the case of  sensors deployed on a regular grid, NMBA has several neighborhood types including diamond type and square type.For each Byzantine sensor, its neighborhood nodes are those sensors that are the nearest and Honest around it in specific neighborhood type.We assume that each Byzantine sensor knows the identifications of the remaining compromised sensors.Each Byzantine sensor consults all of its neighborhood nodes to make a wise and tricky decision.In Figure 3, the type of square neighborhood is presented and the case of   =  = 9 is considered.Clearly, each Byzantine sensor node consults its eight neighbors and makes a decision based on decisions from its neighbors.We make the conditional i.i.d.assumption under which observations from sensors are conditionally independent and identically distributed.The jth observation at ith sensor then has the distributions If ith sensor is Honest, its observation  ∈ {0, 1} follows distributions  and  under hypotheses  0 and  1 , respectively.Therefore, we have According to ( 5), (6), and (7), we get Similarly, we have distributions  and  under the same hypotheses for Byzantine sensor as follows: In the attacks model of NMBA, the ith Byzantine sensor makes an initial decision  0 independently and gets the   −1 decisions from its neighborhood sensors.As a result, a set of decisions {  :  ∈ {0, 1, . . .,   − 1},   ∈ {0, 1}} is obtained where the   represents the decision from the lth neighbor of ith Byzantine sensor.Then, the ith Byzantine sensor makes its local or original decision using a majority strategy, that is, the original local decision d = IF(∑ , where IF(⋅) and   are indicator function and threshold adopted by the ith Byzantine sensor, respectively.Therefore, we have the following equations: where   ∈ {1, 2, . . .,   }, 1 ≤  ≤   , and Γ denotes the set of all permutations of the   sensors.After using majority strategy to make a local decision, the ith Byzantine sensor flips confidently its decision with probability of  flip = 1.Specifically, we have Thus, we get Therefore, we have , , International Journal of Distributed Sensor Networks Substituting ( 9) and ( 15) in ( 8) and after simplification, we obtain 2.3.Performance Metric.In the perspective of Byzantine attackers, the primary objective is to deteriorate the inference performance of FC as much as possible.On the contrary, the FC wants to make inference performance as much highly excellent as possible in order to guarantee valid detection.
In this paper, we adopt Kullback-Leibler divergence (KLD) as the network performance that characterizes inference performance at the FC.KLD is very important in probability theory and is widely employed as information-theoretic distance measure to characterize detection performance [23,24].The KLD between the distributions V  () = Pr(  =  |  0 ) and   () = Pr(  =  |  1 ) for ith sensor can be expressed as () log   () The FC receives ith sensor's decisions V  () and   () under  0 and  1 , respectively.In the perspective of Byzantine attackers, they try to minimize the KLD as much as possible so that the FC can hardly make a right decision between  0 and  1 .On the other hand, network designer wants to maximize KLD of each sensor's decision to mitigate the negative effect caused by Byzantine attackers.In the next section, we explore the optimal strategy of Byzantine attacks that impair the detection performance as much as possible by minimizing KLD.

Optimal Strategy for Byzantine Attacks.
As explored in Section 2, the Byzantine attackers attempt to make the nodes that have been compromised have small KL divergence as much as possible.Byzantine attackers have the optimal superiority on degrading inference performance of FC when KLD is equal to zero.In the case of KLD = 0, the FC cannot distinguish the distributions under  0 or  1 .In other words, the data from sensors conveys no information.We refer to this case as the FC being blinded completely when Substituting ( 16) in (18) and after simplification, the condition to make KLD(V  () ‖   ()) = 0 is equivalent to (  (1) −   (1)) +  (  ,   ,   (1) ,   (1)) , where the close-form expression of function (⋅) is denoted as the following equation: where   and   are the number of neighborhood nodes and threshold adopted by ith Byzantine sensor, respectively.As mentioned above, the KL distance between V  () and   () is equal to zero; that is, KLD(V  ‖   ) = 0, if and only if V  () =   ().The FC is incapable of distinguishing the two distributions under  0 and  1 when KLD is equal to zero.The attackers then project interests in the minimum attacking power that can just make the ability of inference of the FC destroyed.Thus, the minimum attacking power in the context of NMBA is denoted as For the sake of minimizing  to reach  blind , we have the following equation depending on operating point (  (1),   (1)): Because of 0 <   (1) −   (1) ≤ 1, we have the following inequality: To prove inequality (23), we apply the monotonic property of the function of /( + 1).Due to the function possessing differentiability, we have the following inequality: Therefore, /( + 1) is a monotonically increasing function when 0 ≤  ≤ 1.As a result, inequality ( 23) is certified.After certifying (23), we have the following equation: where ceil(⋅) is the ceiling function.Therefore, function (⋅) in ( 19) reaches the maximum value point only when   =   opt .Therefore, for a pair of fixed operating points (  (1),   (1)), we have and ( 22) can be represented as When the intelligent adversary poses attacking power  which is greater than  blind , the FC is trapped into a dilemma where the decider cannot utilize any information from sensors to make a correct decision.The situation refers to the fusion center's entering into the blinding region where the FC is blinded completely.

Numerical Results
. In this subsection, numerical results are presented to support our analysis of optimal attacking strategy for Byzantine attackers.We consider the network where  = 100 sensors are deployed on regular grid in the ROI under the Byzantine attacks model of NMBA.We set the power at the reference point ( 0 = 1) as 200 and the signal amplitude arriving at the local sensor is contaminated by AWGN with mean value  = 0 and standard deviation  = 3.
A target intrudes at position  = (90, 90).We consider the square type of NMBA where all the Byzantine sensors adopt identical number of neighborhood nodes and optimal threshold; that is,  =   and  =   opt ,  = 1, 2, . . .,   .Attacking power  is observed in the case of square type of NMBA over  ∈ {1, 2, . . .,   } and  ∈ {1, 2, . . ., }.In the blinding region, the FC is incapable of utilizing any information to make a decision to determine whether there is a target in the ROI.Byzantine users try to pay as much low cost as possible when the FC has been completely blinded by them.Attacking power  in blinding region is a convex function of threshold  under the NMBA attacking model.Therefore, it is possible for Byzantine attackers to adopt the least attacking power to blind the FC.From the numerical results presented in Figure 4, we see that the attacking power  reaches minimum value only when  = 5 in the case of NMBA when  = 9.The minimum value of  is equal to 0.3844.The result is intuitive and also indicates that the optimal threshold associates with the number of neighborhood nodes, .The other cases of NMBA are presented in Table 1.We observe that the minimum value of  blind is just obtained at the point where the optimal threshold  is got.In Figure 5, we present that optimal threshold increases with the increase in the value of .We observe that  opt is always equivalent to /2 when  is even and  opt is equal to the maximum integer that is not larger than /2 when  is odd.It is clear that optimal threshold Byzantine attacker associates with the number of its neighborhood.In Figures 6 and 7, it is shown that  blind is the monotonically decreasing function of  in the condition that  is always equal to  opt .As illustrated in Figures 5 and 6, IMBA is a particular case when  = 1.Under condition of  = 1, each Byzantine sensor makes a judgement only depending on its own observation and flips its decision confidently prior to sending to the FC.When  = 2, each Byzantine sensor consults with two neighborhood nodes around it before making a decision and the minimum attacking power in the blinding region is equal to 0.5.When  is equal to 2, the attacking effect brought by NMBA matches with IMBA. blind of NMBA decreases monotonically with the increase of  and it reaches 0.3844 when  increases to 9.  blind decreases to 0.3752 when  increases to 25.The exact value of  blind corresponding to  and  opt is presented in Table 2.In addition, as we can see from Figures 6 and 7, the number of neighborhood nodes that each Byzantine sensor node consults including itself should be odd for better attacking efficiency.To further analyze the attacks of NMBA, we compare it with IMBA and CMBA in terms of KL distance about attacking power.As we discussed above, IMBA is a special case of NMBA when  = 1. out of   fusion rule has been used for CMBA among the Byzantine sensors.And Byzantine sensors collaborate together to make decisions about the presence of target.If the attacking power is greater than 0.5, the FC can be blinded completely by any kinds of attacking strategies adopted by Byzantine attackers.Therefore, our analysis about detection performance is under the condition of  ≤ 0.5.In Figures 8  and 9, we plot the KLD of three attacking models against  in the case  = 9 and  = 25, respectively.From the numerical results presented in Figures 8 and 9, we can see that the KLD of NMBA is very close to CMBA and outperforms IMBA significantly.Though the performance of NMBA is very close to CMBA, the difference of KL distance between them varies with attacking power.In Figures 8 and 9, KL distance of CMBA is greater than that of NMBA in the region of  ∈ [0, 0.09] and  ∈ [0, 0.25], respectively.However, CMBA performs better when  meets the condition of  ≥ 0.09 and  ≥ 0.025 in Figures 8 and 9, respectively.For CMBA, the blinding point C which is marked by black-square in Figures 8 and 9 is determined by the total number of Byzantine sensor nodes instead of .For NMBA, the blinding point B which is marked by blue-square in Figures 8 and 9 is determined by the number of neighborhood nodes.For NMBA,  is larger and  blind is smaller.Furthermore,  blind = 0.3844 and  blind = 0.3751 when  is equal to 9 and 25, respectively.

Fusion Center Decision Strategy
In this section, let us solve the problem of identifying Byzantine attackers to enhance inference performance of the FC.In order to explain the problem well, we have defined three types of decision which include local/original decision, global decision, and global-final decision.As we discussed in Section 2, a decision matrix D  × = (  ()) × is formulated at the FC after  observations in a time window  at tth global-final decision making,  ∈  + .We let the FC make a corresponding global decision   () over vector of decision d   at jth observation.And a vector of global decision z() = ( 1 (),  2 (), . . .,   ()) is formulated over {d  1 , d  2 , . . ., d   },   () ∈ {0, 1} for any  ∈  + ,  = 1, 2, . . ., .Majority vote which is simple and effective scheme is adopted to make a global-final decision () ∈ {0, 1} over the vector z(), where "1" represents the presence of target and "0"   represents the absence of target, respectively.However, we project our focus on designing a rule to construct vector of global decision z().We propose a scheme of making global decision that the FC can adaptively adjust its threshold  fc (, ) for d   to make a corresponding global decision   ().

The information of elements in decision matrix D 𝑡
× is also utilized to estimate probability of miss detection and false alarm, respectively.In order to evaluate the fusion scheme, performance metric introduced in this work is the accuracy of fusion scheme in terms of identifying Byzantine sensors.
We define an intuitive distance between the global-final decision and local/original decisions as Similarly, another intuitive distance is also defined as the following equation:

distance |d 𝑡
| is larger and the ith sensor is closer to behavior of Byzantine.On the contrary, the distance of |d   | is smaller and the probability of ith sensor being tagged as Byzantine attacker by the FC is lower.Similarly, when the distance of |d   | is larger, the decision generated at jth observation is worse.The FC regards the jth observation as excellent and we believe that the network performs well when |d   | is small.For simplicity, we let probability of miss detection equal probability of false alarm; that is,   =  fa in the context of the attacks model of NMBA.

Scheme of Identifying Byzantine Attackers. If one sensor's local/original decision is different from global-final decision,
it is labeled as Byzantine.It is worth mentioning that Honest sensors are classified probably into Byzantine group when they behave like Byzantine.Similarly, the Byzantine attackers can also be probably labeled as Honest.We use  0 (, ) and  1 (, ) to denote the total effective number of elements "0" and "1" in decision matrix, respectively. 0 (, ) and  1 (, ) vary with the order of  and take part in making global decision.Here, we represent (28) and ( 29 where (, ) is defined at (37).
International Journal of Distributed Sensor Networks Proposition 1. Suppose the network with  sensors including Byzantine and Honest, where the probability of miss detection and false-alarm is zero, that is,   =   = 0, and Byzantine attackers always know the true natural state.Attacking power brought by the attackers is estimated through the following expression: where  0 () and  1 () are denoted as the total number of "0" and "1," respectively.
Proof.See Appendix A.
Based on Proposition 1 and constrained by its conditions, we have the following equation for estimating the attacking power at the global decision making: Taking the scenario of Byzantine attackers without knowledge about true natural state into consideration in practical application, we have the following.
during the process of identifying Byzantine sensors.After estimating the attacking power, α(, ), the FC approximately knows how many sensors have been compromised by an adversary among (, ) sensors that participate in the jth global decision making.The FC then takes an action to identify α(, ) ⋅ (, ) Byzantine sensors to help the next global decision making.(, ) is defined as the set of identities of sensors that are tagged as Honest at the (−1)th.These sensors will participate in the jth global decision making.It is clear that (, 0) = { ‖  = 1, 2, . . ., },  ∈  + .We define a sequence   (, ) over {|d where ∀ ∈ {1, 2, . . ., (, )}, |d   |  matches only a specific identity.There are (, ) identities and |  (, )| = (, ).In order to find the sequence of d   , we define a function ID(⋅) over   (, ): where IF(⋅) is an indicator function, and IF(true) = 1 and IF(false) = 0.
The FC have obtained the approximate knowledge about the attacking power posed by the adversary at jth global decision making.The FC has also known each sensor's sequence in   (, ).Therefore, sensors whose sequences are dropped into the region from (, ) to {(, ) ⋅ [1 − α(, )] + 1} are judged to be Byzantine attackers.The decisions from Byzantine attackers are removed at the ( + 1)th global decision making.The identities of remaining sensors which are trusted by the FC at jth global decision making can be expressed as and (, ) ⊆ (, −1).The attacking power at tth global-final decision making is estimated by the following equation: Here,  out of  fusion rule in [13] has been used for designing threshold  fc (, ), which is given by where floor(⋅) is a floor function and  −1 (⋅) is the inverse function of (⋅) which has been introduced in Section 2.  is a predefined constraint of miss detection. and  are given by In order to evaluate the identifying scheme, we define   ,   ,   , and   as the accuracy of identifying Byzantine attackers.  and   are formulated as accuracy of Honest sensors tagged as Honest and Byzantine, respectively.Similarly,   and   are defined as accuracy of Byzantine sensors identified as Honest and Byzantine, respectively.We have the equations as follows: Therein,   is the number of Honest sensors identified as Byzantine and the number of Byzantine sensors identified as Honest is denoted as   .  and   have been described in Section 2.

Numerical Results.
In this subsection, we analyze the performance of scheme of identifying Byzantine attackers through numerical results.There are also 100 sensor nodes that contain Byzantine and Honest nodes which are considered in our simulation.Meanwhile, global-final decision making is performed 100 times in our simulation.The power at the reference point ( 0 = 1) is set as 200 and the signal amplitude arriving at the local sensor has been contaminated by AWGN with mean value  = 0 and standard deviation  = 3.A target intrudes at position  = (90, 90).The true attacking power is fixed to 0.3 and  = 0.2.
In Figures 10,11,12, and 13, we show that (, ) decreases following the increase of  and has stable tendency to a fixed level.The sum of  0 (, ) and  1 (, ) is always equal to  ⋅ (, ) and  1 (, ) is greater than  0 (, ). 0 (, ) and  1 (, ) verge to ⋅  and ⋅  , respectively.And α(, ) → 0 when  exceeds a certain number and α(, ) = 0 when  ≥ 7 in the scheme of identifying Byzantine attackers.Threshold for global decision making varies with  and  fc (, ) verges to constant value when α(, ) is equal to zero.The attacking power is estimated after each global decision making.Part of sensors is judged to be Byzantine from (, ) sensors.The left sensors then participate in next global decision making.With the conducting of global decision making, there are no sensors tagged as Byzantine until jth reaches a certain number.At the FC, the total number of sensors tagged as Byzantine is computed as  − (, ).We plot   ,   ,   , and   versus  in Figures 14 and 15 under different cases.As illustrated in Figures 14 and 15,   is close to 0.3, which is black line with cross.And   is close to 0.7, which is denoted as blue line with cross.  and   are presented as black line with star and blue line with star in the Figures 14 and 15, respectively.It is clear that few Byzantine sensors are judged to be Honest by this identifying scheme.In other words, the Byzantine attackers are almost found out.We also can find that the scheme performs well at identifying Byzantine attackers.

Conclusion
We have divided the process of data fusion into three hierarchies/stages in this paper.In addition, two problems have been put forward at the first and second stage, respectively.At the first stage, we proposed neighborhood malicious Byzantine attacks model.Distributed detection under neighborhood malicious Byzantine attacks has been taken into consideration.We have shown that NMBA is an intelligent strategy adopted by an adversary.The attacking performance of NMBA has also been analyzed.We have also proved that attacking effect of NMBA matches with CMBA's when the attacking power is lower 0.3844 and NMBA always outperforms IMBA in any case.It has been analyzed that data fusion is incapable when the attacking power enters the blinding region and the closed-form expression for blinding region has been derived.At the second stage, a data fusion rule based on dynamic threshold has been put forward and we have proposed an effective way of identifying Byzantine attackers.Consequently, we have shown that most Byzantine attackers are identified through the scheme and significant improvement of performance of this scheme in terms of International Journal of Distributed Sensor Networks        accuracy is obtained.Based on the scheme of identifying Byzantine attackers, a data fusion scheme with dynamic threshold has been explored at this stage.

A. Proof for Proposition 1
If Byzantine attackers always know the true hypothesis, each decision is flipped by Byzantine attacker with probability of 1 prior to sending it to the FC [8,9].Because of   =  fa = 0, each Honest sensor can detect the natural state correctly.It is clear that the attacking power is  0 ()/ when global-final decision is "1."Similarly, the attacking power is  1 ()/ when global-final decision is "0."In other words, min{ 0 (),  1 ()} is always the number of decisions from Byzantine sensors.Therefore, the attacking power can be estimated through expression

B. Proof for Proposition 2
The way that attacking power is estimated through the ratio between the number of decisions that are different from global-final decision to the total number of decisions is adopted.Under the condition that the network has not been blinded completely, several Byzantine sensor nodes may have made mistakes and then behaved like Honest sensors.Similarly, some Honest sensors may have behaved In the perspective of decider at the FC, it is unknown which sensor is Byzantine.However, all the Byzantine attackers possess high efficiency of attacking according to (14)  (B.9)

Figure 1 :
Figure 1: The sensors are deployed in a regular grid.Each sensor independently harvests the energy propagated from target.

Figure 2 :
Figure 2: Model of three hierarchies.d is the vector of local decision made by ith sensor   , d  is the vector of decision sent to the FC,  = 1, 2, . . ., .D × is the decision matrix formulated at the FC, z is global decision vector, and  is global-final decision.

Figure 3 :
Figure3: Square type of NMBA in the case of .The blue star is a intruding target and symbol plus is denoted as sensor.Byzantine sensors are denoted as plus symbol covered with diamond.Each Byzantine sensor has 9 decisions after consulting its 8 neighborhood nodes.

MFigure 5 :
Figure 5: Optimal threshold  versus ,  varying from 1 to 9. The optimal threshold increases with the increment of  and it is always equal to ceil(/2).

MFigure 6 : 1 MFigure 7 :
Figure 6:  blind versus ,  varying from 1 to 9 in condition of  =  opt . blind monotonically decreases with .It is clear that Byzantine attacker more easily blinds the FC when each Byzantine sensor has more neighborhood nodes.

6 0j
(, ) decreases with the increment of  and converges to a stable level when  ≥ 6  1 (, ) decreases with  and converges to a stable level when  ≥ 6  0 (, ) decreases with  and converges to a stable level when  ≥ 6  fc (, ) decreases with  and converges to stable level when  ≥ (e) (, ) versus .The attacking power  estimated at jth global decision making decreases with .(, ) converges to 0 when  ≥ 6.It is clear that more and more Byzantine sensors are identified with increase of

7 0j
(, ) decreases with the increment of  and converges to a stable level when  ≥ 7  1 (, ) decreases with  and converges to a stable level when  ≥ 7  0 (, ) decreases with  and converges to a stable level when  ≥ 7  fc (, ) decreases with  and converges to stable level when  ≥ (e) (, ) versus .The attacking power  estimated at jth global decision making decreases with .(, ) converges to 0 when  ≥ 7. It is clear that more and more Byzantine sensors are identified with increase of

Figure 14 :
Figure 14:   ,   ,   , and   versus .  ,   ,   , and   vibrate with  in different cases of  and .  is very close to 0.3 and   vibrates under 0.7.  is very close to 0 and   vibrates above 0.

Figure 15 :
Figure 15:   ,   ,   , and   versus .  ,   ,   , and   vibrate with  in different cases of  and .  is very close to 0.3 and   vibrates under 0.7.  is very close to 0 and   vibrates above 0.
At last, the decider at the FC has a global-final decision ().In this paper, we put our focus on proposing an effective method of decision fusion to get an excellent vector of global decision z(), which can easily help to make a global-final decision () at the last stage.The rule of decision fusion based on dynamic threshold is that threshold ( fc (, )) for jth global decision making varies with .The number of sensors which participate in jth global decision making is denoted as (, ).
) 4.2.Rule of Decision Fusion Based on Dynamic Threshold.As we described in Section 2, the process of making a globalfinal decision is divided into three stages.A local/original decision matrix D × is generated at the first stage.A decision matrix D  × is formulated after D × being probably attacked.A vector of global decision z() = ( 1 (),  2 (), . . .,   ()) is computed and obtained over vectors of decision {d  1 , d  2 , . . ., d   } through applying a policy of fusion at the middle stage.