IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO.

1, JANUARY 1, 2018 5

Malicious User Detection Based on Low-Rank

Matrix Completion in Wideband Spectrum Sensing
Zhijin Qin , Member, IEEE, Yue Gao , Senior Member, IEEE, and Mark D. Plumbley , Fellow, IEEE

AbstractIn cognitive radio networks, cooperative spectrum falsification (SSDF) [4]. This characteristic of CSS networks
sensing (CSS) has been a promising approach to improve sens- blocks the application of CR techniques in large-scale networks.
ing performance by utilizing spatial diversity of participating sec- In CSS networks, SUs that launch SSDF attackers are called
ondary users (SUs). In current CSS networks, all cooperative SUs
are assumed to be honest and genuine. However, the presence of malicious users. The main goals of malicious attacks come from
malicious users sending out dishonest data can severely degrade two aspects: 1) decreasing detection probability for disturbing
the performance of CSS networks. In this paper, a framework the normal operation of PUs; and 2) increasing false alarm prob-
with high detection accuracy and low costs of data acquisition at ability to deprive access opportunities for honest SUs [5]. In
SUs is developed, with the purpose of mitigating the influences decentralized CSS networks, sensing results are exchanged be-
of malicious users. More specifically, a low-rank matrix comple-
tion based malicious user detection framework is proposed. In the tween neighboring SUs to improve the network reliability to link
proposed framework, in order to avoid requiring any prior in- failure. However, this characteristic makes decentralized CSS
formation about the CSS network, a rank estimation algorithm more vulnerable to malicious attacks [6], as the observations at
and an estimation strategy for the number of corrupted channels honest SUs are also available to malicious users during the in-
are proposed. Numerical results show that the proposed malicious formation exchanging and convergence process. Furthermore,
user detection framework achieves high detection accuracy with
lower data acquisition costs in comparison with the conventional corrupted data can be integrated into the decisions of honest
approach. After being validated by simulations, the proposed ma- neighbor SUs, which eventually brings significant performance
licious user detection framework is tested on the real-world signals degradation to the whole CSS network [7]. In centralized CSS
over TV white space spectrum. networks, all SUs report their local sensing data to a fusion
Index TermsCooperative spectrum sensing, low-rank matrix center (FC), where the final decision on spectrum occupancy is
completion, malicious user detection, TV white space. made. By doing so, all participating SUs, including malicious
users, can only obtain the spectrum occupancy knowledge from
I. INTRODUCTION the FC. Thus, observations at honest SUs in the CSS network
PECTRUM sensing, a promising solution to identify po- would not leak to malicious users directly. However, as the cor-
S tential spectral holes, is one of the most challenging tasks
in cognitive radio (CR) networks [1]. Cooperative spectrum
rupted data are still considered in the decision making process,
the existence of malicious users may lead to incorrect decisions
sensing (CSS) is an effective approach to offer significant per- at the FC. Generally, regardless of the types of malicious attack
formance gain in detecting spectrum holes, by exploiting the and CSS network, malicious users pose significant challenges
spatial diversity of collaborative secondary users (SUs) [2], [3]. to the security in CSS networks. Therefore, accurate malicious
However, due to the openness of low-layer protocol stacks, CSS user detection is essential to guarantee the security of CSS net-
networks are vulnerable to attacks from spectrum sensing data works.
Along with improving the security of CSS networks through
malicious user detection, another key challenge in attempting
Manuscript received July 30, 2016; revised December 7, 2016, May 15, 2017, to build CSS networks comes from the need to reduce data
August 11, 2017, and September 16, 2017; accepted September 16, 2017. Date
of publication October 2, 2017; date of current version November 13, 2017. The acquisition costs at SUs. Due to the well-known Nyquist sam-
associate editor coordinating the review of this manuscript and approving it for pling theorem, sampling rates should be no less than twice the
publication was Dr. Itsik Bergel. The work of Y. Gao was supported by Physical signal bandwidth. However, as the SUs are normally energy-
Sciences Research Council (EPSRC) in the U.K. under Grant EP/L024241/1.
The work of M. D. Plumbley was supported in part by the European Unions constrained, their sensing capabilities are normally limited as
Seventh Framework Programme (FP7-PEOPLE-2013-ITN) under Grant 607290 well. Thus, it is difficult to achieve such high sampling rates for
SpaRTaN and in part by the H2020 Framework Programme (H2020-MSCA- wideband spectrum sensing at energy-constrained SUs. Addi-
ITN-2014) under Grant 642685 MacSeNet. (Corresponding author: Zhijin Qin.)
Z. Qin is with the Lancaster University, Lancaster LA1 4YW, U.K. (e-mail: tionally, as the spectrum is normally underutilized in reality [8],
[email protected]). [9], the signal spectrum exhibits a sparsity property [10] in the
Y. Gao is with the Queen Mary University of London, London E1 4NS, frequency domain. It is further noted that this sparsity prop-
U.K. (e-mail: [email protected]).
M. D. Plumbley is with the Centre for Vision Speech and Signal Pro- erty can be transformed into a low-rank property of the matrix
cessing, University of Surrey, Guildford, Surrey GU2 7XH, U.K. (e-mail: m. constructed by spectral signals received at spatially distributed
[email protected]). SUs [11], since nearby locations or adjacent channels share the
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org. similar spectrum occupancies [12]. Matrix completion (MC)
Digital Object Identifier 10.1109/TSP.2017.2759082 techniques [13] can be applied to recover the complete matrix

This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/
6 IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO. 1, JANUARY 1, 2018

with only partial of the items observable. Specifically, by invok- doing so, the costs of data acquisition at SUs are reduced signif-
ing MC technique at the FC, SUs in a CSS network need to sense icantly. For spectrum allocation over TVWS, the geo-location
fewer channels, as the unsensed channels can be reconstructed database approach can provide the spectrum occupancy infor-
from the sensed channels based on the low-rank property. As a mation for secondary usage. By utilizing the information from
result, the data acquisition costs are significantly reduced at SUs. the geo-location database, a prior information assisted wideband
spectrum sensing algorithm was proposed in [28], with the pur-
pose of improving the detection performance and reducing the
A. Related Work costs of data acquisition at SUs. Additionally, Qin et al. [29]
So far, malicious user detection has been widely researched proposed to remove the corrupted samples at the FC with sub-
for enhancing the security of CSS networks [14][23]. Specifi- Nyquist sampling rates at SUs. However, rank of the matrix at
cally, the performance of CSS networks with single and multiple the FC and malicious user number are assumed to be known in
malicious users were investigated by Wang et al. [14]. Here, the advance in the considered CSS networks. The two strong as-
suspicious level of each SU as well as consistency values were sumptions make the malicious user detection algorithm difficult
calculated based on historical reports from SUs, in order to re- to be implemented in dynamic CSS networks. Moreover, the
duce the influences of malicious users. Min et al. [19] proposed transmission cost from SUs to the FC is high as all the collected
to safeguard the detection process by checking the consistency measurements are transmitted to a FC, which is inefficient or
among sensing reports and and removing the abnormal sensing even unaffordable for large-scale networks.
reports. Chen et al. [15] proposed a reputation-based mechanism
to defend against malicious attacks. However, these historical-
data-based algorithms take a long time to build a reliable repu- B. Motivation and Contribution
tation. Kaligineedi et al. [16] proposed a robust outlier detection The aforementioned methods [14][23] have played a vi-
method to identify malicious users that keep sending high val- tal role and laid a solid foundation to foster new strategies
ues regardless of the spectrum occupancies, by utilizing outlier for malicious user detection. However, many of these methods
factors and spatial information about SUs. The shadowing cor- are trust-based, which uses historical information on malicious
relation between SUs were exploited in [17] to detect reports users behaviours. In practice, reliable reputation information is
manipulated by malicious users. Kalamkar et al. [18] proposed not always available, since well-established historical statistics
an outlier detection scheme to detect malicious users which send may be too expensive or even unrealistic in a fast-changing CR
true or false power values randomly. Penna et al. [20] proposed environment. Additionally, intelligent malicious users sending
a Bayesian method to detect and counteract attacks in CSS net- random false values, but very close to the true ones, are more
works by considering the attack probability at each participating challenging than the types of malicious users that always send
SU. Malicious users are assumed to send the false reports and the very high or very low values [16], [18]. Motivated by these find-
achieved performance is better than schemes based on exclusion ings, a malicious user detection method, dealing with malicious
of the malicious users. Duan et al. [21] proposed two attack- users sending values that are random but within the range of
prevention mechanisms with direct and indirect punishments. true power values reported by cooperative SUs, is desirable for
Furthermore, some work has been carried out on attack detec- secure CSS networks. Another motivation of our work comes
tion from intelligent malicious users. Li et al. [22] proposed from the need to reduce data acquisition costs at SUs without
an abnormality-detection approach for secure CSS networks, in loss of any information. The aforementioned MC-based CSS
which the intelligent attack strategy adopted by malicious users methods [12], [24][26], [28], [29] focus on reducing the costs
is unknown. Wang et al. [23] designed an incentive compatible of data acquisition at SUs without considering any security is-
mechanism to thwart malicious behaviors. By doing so, the pro- sues or require high data transmission cost in CSS networks.
posed approach was more practical to be implemented in CR Therefore, a malicious user detection algorithm with energy
networks. efficiency at SUs is strongly needed, but challenging.
As well as the existing work on malicious user detection, To the best of our knowledge, this is the first work which
MC-based CSS networks have been studied [12], [24][29], invokes the MC technique to achieve malicious user detection
with the purpose of alleviating the costs of data acquisition at without prior information about the CSS networks. The primary
SUs. Meng et al. [24] introduced the concept of MC to CSS net- contributions of this paper are summarized as follows:
works. In [24], each SU linearly combines the information on r A malicious users detection framework is proposed based
multiple channels at sub-Nyquist sampling rates. Subsequently, on low-rank MC. In the proposed framework, only part
each SU sends a small number of such linear combinations to an of the whole spectrum is sensed without degrading the
FC for MC. Li [12] applied a belief propagation framework to recovery performance, as the unsensed channels can be
MC to make the spectrum reconstructing more implementable recovered from the sensed channels at the FC by invoking
and efficient in the wideband CSS networks. Qin et al. [25] a MC technique. Consequently, the data acquisition costs
proposed a robust wideband spectrum sensing algorithm for TV at SUs are reduced in comparison with the CSS networks
white space (TVWS), with sub-Nyquist sampling performed at without MC.
each SU in the considered CSS networks. Once the compressed r At the FC, channels which are sensed but corrupted by
measurements are sent to the FC, nuclear norm minimization malicious users are removed during the MC process, by
is adopted to solve the low-rank MC problem [26], [27]. By utilizing the adaptive outlier pursuit (AOP) algorithm [30],
QIN et al.: MALICIOUS USER DETECTION BASED ON LOW-RANK MATRIX COMPLETION IN WIDEBAND SPECTRUM SENSING 7

[31]. Therefore, malicious users are removed before mak-

ing final decisions on spectrum occupancies.
r A rank estimation algorithm is proposed to provide the rank
as one of the inputs for the proposed malicious user detec-
tion algorithm. By doing so, the proposed framework does
not require any prior information about spectrum sparsity
for malicious user detection.
r An estimation strategy for the number of channels cor-
rupted by malicious users is proposed. With the new strat-
egy, the estimated number of corrupted channels can be
used as one of the inputs for the proposed malicious user
detection algorithm to ensure that the proposed framework
is completely blind to the CSS network.
r The proposed framework is tested on real-world signals
over TVWS after being validated by simulated signals.
Numerical results show that the proposed malicious user
detection framework achieves high detection accuracy with
lower data acquisition costs at SUs, in comparison with the
conventional CSS algorithms.

C. Organizations
The rest of this paper is organized as follows. Section II de-
scribes the CSS network model with malicious users. Section III
presents our proposed malicious user detection framework along
with the proposed rank estimation algorithm and the estimation
strategy for the number of corrupted channels. Section IV shows
the numerical analyses of the proposed malicious user detection
framework on both simulated and real-world signals. Section V
concludes this paper. Fig. 1. Network model.

II. NETWORK MODEL OF COOPERATIVE SPECTRUM SENSING fully sensed by the deployed SU set at each location. As shown
WITH MALICIOUS USERS in Fig. 1(a), only part of the whole spectrum are sensed by Bj
SUs at the j-th location, and each of the SU is labelled as SUbj .
A. Network Description In other words, at each location, each channel is sensed by one
We take a typical CSS scenario as the considered network SU at most, and some of the channels are not sensed by any
model, as shown in Fig. 1(a). It is assumed that the whole SU. Consequently, the costs of data acquisition at SUs can be
spectrum of interest with bandwidth D can be divided into I reduced significantly, in comparison with the case that each SU
channels. A channel is either occupied by a PU or unoccupied. senses the whole spectrum.
There is no overlap between different channels. The number of After sampling is performed, each SU calculates the power
occupied channels K is assumed to be much less than the total values of the sensed channels, and then sends this information
number of channels, i.e. K  I. Each channel is sensed by a to an FC to contribute to the final decisions on spectrum occu-
set of SUs which are spatially randomly distributed at different pancies. It is further noticed that some of the SUs experience
J locations. At an arbitrary location indexed by j (1 j J), deep fading or shadowing. They would send very low power
it is assumed that a set of Bj (1 Bj I) SUs are deployed values to the FC in a CSS network regardless of the spectrum
to sense the spectrum of interest. Within each set of SUs, SUs occupancies, which are labelled as blocks with + in Fig. 1(a)
are indexed by b (1 b Bj ). and Fig. 1(b). The transmit signal has a sparsity property in the
In a conventional CSS network, the whole spectrum is sensed frequency domain [10] and the nearby locations are assumed to
by one SU at each location, which results in Bj = 1 and J SUs share the similar spectrum occupancies [12], so the matrix con-
deployed in the CSS network in total. However, high sampling structed by the received signals at different locations exhibits a
rates are challenging for SUs to achieve wideband spectrum low-rank property [11]. Fig. 1(b) illustrates the transformation of
sensing, as the SUs are normally energy-constrained with lim- the sparsity property of transmit signals into the low-rank prop-
ited sensing capabilities. In this paper, we propose to deploy erty of the matrix at the FC, where the matrix is constructed
a set of SUs at each location (i.e. Bj > 1), where each SU is by signal powers of the sensed channels received at different
adjusted to sense different channels among the whole spectrum locations. In such a CSS network, we need to reconstruct the
at Nyquist rates. This can be achieved by equipping each SU unsensed channels from the sensed channels by a low-rank MC
with a bandpass filter. Additionally, the whole spectrum is not technique.
8 IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO. 1, JANUARY 1, 2018

In the case of a sensing malfunction, some SUs in the CSS of elements in E as E {|E|} and = E{|E|}
| | . Here, || refer to
network send corrupted power values to the FC, labelled as
the number of items in E and , respectively. Specifically, pE
ij
the blocks with X in Fig. 1(a) and Fig. 1(b). Malicious users
can also be expressed as
appear randomly in the considered CSS network to corrupt a
random number of channels at random locations. Malicious
users that keep sending high power values or low power values pij w.p.
pE
ij = (5)
are easily detected. However, malicious users sending values 0 w.p. 1 .
that are random but very close to the true values are much more
difficult to detect, which is the case we consider in this paper. We define O as a subset of E to denote the index set for
We propose to remove these malicious users during the MC the sensed channels from honest SUs at different locations. We
process at the FC. Otherwise, recovery performance at the FC assume that a sensed channel is from
a honest
would be degraded significantly as the corrupted power values  SU with probabil-
are used for the MC. ity . Then it is obvious that = E |O |
|E| . If SUi,j decides to
corrupt the measured channel power pij , it will generate a cor-
B. Signal Processing Model rupted power value. Then with the existence of malicious users,
the power of an arbitrary sensed channel can be expressed as
Let us define si (t) C N 1 to be the signal transmitted over
the i-th channel, where N refers to the number of samples at 
m ax pm in + pm in
pE w.p. 1
E E
the Nyquist sampling rate. It is assumed that only the primary pij = (6)
signals are transmitted in the spectrum of interest. Additionally, pij w.p.
rij (t) refers to the signals over the i-th channel received by the
SU at the j-th location, which is given by where U (0, 1) follows a standard uniform distribution with
rij (t) =
/2
dj hij si (t), (1) minimum 0 and maximum 1, pE E
m in and pm ax refer to the min-
imum and maximum power values of the sensed channels, re-
where dj refers to the distance from PUs to the receiver at the spectively. More specifically, pE
m in refers to the power value of
j-th location, is defined as the propagation loss factor, and hij the vacant channel, and pE
m ax refers to power value of the occu-
follows independent Rayleigh distribution which is assumed to pied channel, which can be known at SUs according to historical
be time-invariant within one sensing period. information.
Once signals over the i-th channel rij (t) are received at an With malicious users appearing in the CSS network, the in-
SU at the j-th location, the power of the sensed channel pij can complete matrix PE becomes sparsely corrupted, labelled as
be calculated as PEC . Then the item pEC EC
ij in P can be expressed as
1 
N
pij = |rij [n]|2 , (2)
N n =1 pij w.p.
pEC
ij = (7)
where rij [n] refers to the discrete sampling of rij (t). The com- 0 w.p. 1 .
plete matrix P constructed by signals received at J different
locations can be illustrated as III. PROPOSED MALICIOUS USER DETECTION FRAMEWORK

p1,1 p1,J
.. In order to enhance the security of the CSS network, a mali-
P = ... ..
. . (3)
cious user detection framework based on low-rank MC is pro-
pI,1 pI,J IJ posed. Based on the network model described in Section II-A,
each SU is proposed to sense only part of the spectrum rather
where the i-th row of P represents the power values of the i-th
than the whole spectrum, in order to reduce costs of data ac-
channel sensed by SUs located at the different J locations. The
quisition at each SU. Additionally, we propose to remove the
the j-th column of P refers to the power values of different
power values of corrupted channels at the FC by invoking the
channels sensed by the Bj SUs at the j-th location. Here, is
AOP algorithm [30]. It is further noted that the rank of the matrix
defined as the index set of complete matrix P .
at the FC and the number of channels corrupted by malicious
As the whole spectrum of interest is not fully sensed by the
users is normally unknown in reality, but are required by the pro-
set of SUs at each location in the considered network, the matrix
posed malicious user detection algorithm with AOP. To make
constructed by the power values available at the FC is incomplete
the proposed malicious user detection framework completely
and labelled as PE . The item pE E
ij in P can be expressed as
blind, a rank estimation algorithm and an estimation strategy on
pij if (i, j) E the number of corrupted channels collected at the FC are pro-
ij =
pE (4) posed. As a result, the malicious user detection framework does
0 otherwise
not require any prior information about the CSS network. Once
where E, a subset of , denotes the index set for sensed channels the exact matrix is obtained by the proposed framework, spec-
at different locations. The elements in E and the number of trum occupancies can be determined by a conventional energy
elements in E are both random. We denote the average number detection method [32].
QIN et al.: MALICIOUS USER DETECTION BASED ON LOW-RANK MATRIX COMPLETION IN WIDEBAND SPECTRUM SENSING 9

2) With fixed P , can be updated by solving

  2
= arg min ij P ij pEC ij

(i,j )

s.t. (1 ij ) L, ij {0, 1} . (10)
(i,j )

The problem (10) is tochoose (I J L) elements with

 2
least sum from S = P ij pECij , (i, j) .
Given as the L-th largest item in S , ij can be updated
as
 2
1 if (i, j) , P ij pEC <
ij = ij
0 otherwise.
Fig. 2. Illustration for the corruption index matrix , with 1 for uncorrupted
channels and 0 for corrupted channels received at the fusion center. (11)
During the process of solving problem (8), the power values for
those corrupted channels are removed from the observed ones
A. Malicious User Detection Algorithm Based on Matrix at the FC to alleviate the recovery errors caused by malicious
Completion users. Once the recovered matrix P is obtained at the FC,
With malicious users appearing in a CSS network, power spectrum occupancies are determined by comparing the energy
values of the sensed channels are partly corrupted, affecting the of each channel with a predefined threshold. Particularly, the
accuracy of recovery of sensed channels at the FC. As attacks can i-th channel is determined as occupied if its energy is higher
be launched by any malicious SU participating the CSS network, than the empirical threshold d as given by
corrupted power values are assumed to be sparsely and randomly  2
distributed among the collected values at the FC. The indices of d = , (12)
2
the corrupted power values are unknown to the FC. Additionally,      
   
in order to make attacks more difficult to detect, each malicious where = vec P  vec P  refers to the av-
user may distort the power of an arbitrary channel to a value 1 0
that is close to the true power. In such a case, the malicious user erage
 absolute
 value of all the J K nonzero elements in
detection problem can be formulated as follows: vec P
[11]. Here, vec () stacks all columns of matrix P
 2 into a long vector. The final binary decisions d = (d1 , . . . , dI )
1 
P , = arg min ij P ij pEC on spectrum occupancies can be determined as
P , 2 ij

(i,j )
J  I
 1
s.t. (1 ij ) L, ij {0, 1}, (8) di = |pij | d , i (13)
J j =1 i=1
(i,j )

where pij is the reconstructed power value of the i-th channels

where P is the recovered matrix, and the number of corrupted sensed by the SU at the location j.
power values collected at the FC is L, where is unknown and The proposed malicious user detection algorithm is summa-
to be discussed in the following. Binary matrix denotes the rized in Algorithm 1. The maximal number of iterations for
uncorrupted channels at different locations by 1, i.e. ij = 1 if solving (8) is predefined as Im ax . At the l-th iteration, l is
(i, j) O for channel i at the j-th location, and the corrupted used to identify the corrupted power values based on the newly
channels by 0, which is illustrated in Fig. 2.  l
constructed P . Then the indices for the uncorrupted power
It is noted that problem (8) is non-convex, since it has both values are updated to be 1 and the other items are indexed by
continuous and discrete variables. The following two steps can 0 in order to remove the corrupted values during the matrix
be performed to find a local optimal solution to (8): completion process. This iterative process continues until the
2
1) Fix and update P . If (i, j)
/ , ij ((P )ij pEC
ij ) index set for the uncorrupted power values is same as that in the
in (8) becomes zero. Therefore, P can be obtained by last iteration. It should be noted that malicious users that send
solving the simplified problem both corrupted and uncorrupted power values are not removed
  2 completely during the iterative recovery process. Only the cor-

P = arg min P ij
pEC
ij . (9) rupted values are removed, which maximizes the number of
P uncorrupted measurements collected at the FC to achieve better
(i,j )
recovery performance. After the complete matrix is recovered,
This problem can be easily solved by Riemannian trust- final decisions on spectrum occupancies d are made according
region for MC (RTRMC) [33]. to (13). As demonstrated in Algorithm 1, the rank of the matrix
10 IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO. 1, JANUARY 1, 2018

It has been proved that exact signal recovery can be guar-

Algorithm 1: Proposed Malicious User Detection Algo-
anteed when the number of sensed channels is no less than
rithm.
(K J) log (I/K) + [35]. However, the number of sensed
Input: , M sensed channels, Im ax > 0, L 0, K > 0. channels that guarantees exact rank estimation and exact signal
Initialization: l = 1, ij = 1 for (i, j) , O0 = . recovery are different. When Monte Carlo simulation and sta-
1: while l < Im ax do
 l tistical curve fitting techniques are adopted to find the values of
2: Update P with RTRMC as in (9); the constants and , the following two results can be obtained
3: Update l with (10); with given I, J and K:
4: Update Ol to be indices in where lij = 1; Result 1: Successful rank estimation can be guaranteed when
5: if Ol = O l1
 then the number of sensed channels is not less than M1 , which is
l
6: P = P ;

defined as follows:
7: Break;
8: end if M1 = 1 (Km ax J) log (I/Km ax ) + 1 (16)
9: Update l = l + 1; where Km ax is the statistical upper bound of K, 1 and 1 are
10: end while  experimental values provided in [36].
11: pij = P . Result 2: Successful signal recovery can be guaranteed when
ij
12: Calculate threshold d . the number of sensed channels is not less than M , which is
13: Make final decisions d on spectrum occupancies defined as follows:
by (13). M = 2 (K J) log (I/K) + 2 (17)
14: return d.
where 2 and 2 are also experimental values provided in [36].
Normally, the historical spectrum occupancy Km ax is used as
K and the number of corrupted power values L are required as a statistical upper bound of rank K, which is utilized to deter-
the inputs at the FC. However, the two kinds of prior information mine the minimal sampling rates at SUs in order to guarantee
are normally unknown in reality. Therefore, we propose a rank exact signal recovery. In practice, spectrum occupancies are dy-
estimation algorithm and an estimation strategy for the number namic, which makes the statistical value Km ax not suitable for
of corrupted channels collected at the FC, to enable the proposed the practical spectrum occupancy. One possible scenario is that
malicious user detection framework. The details of the proposed Km ax is much larger than K, which leads to that the number of
algorithm and strategy are introduced in the following two parts. data values collected for the rank estimation being much more
than that for exact signal recovery. As a result, it is a waste of
data acquisition costs at SUs. Another scenario is that Km ax is
B. Rank Estimation Algorithm much smaller than K, which leads to inexact signal recovery
Rank estimation can be converted into a sparsity order es- as the number of collected data is insufficient for successful
timation problem, as the sparsity property of a signal can be signal recovery. In order to obtain the exact rank of the matrix
transformed into a low-rank property of a matrix constructed at the FC, we propose a rank estimation algorithm to get Km ax
by signals received by SUs at different locations [11]. With the adaptively.
sensed channels observed at the FC, rank of a matrix can be In the proposed rank estimation algorithm, for the scenario
estimated using the following two steps: that Km ax is much larger than K, a shrink algorithm is pro-
1) The reconstructed complete matrix P for rank order posed to update Km ax , as shown in Algorithm 2. In the l-th
estimation can be obtained by solving iteration, M1l is calculated by (16) with Km l
ax . Additionally, the
    complete matrix can be obtained by (14) with the M1l number
P = arg min vec P 1 s.t. A P = PEC of sensed channels, and then K l can be determined by (15). Ad-
P
(14) ditionally, the number of sensed channels M l required for exact
where A is an operator from to /E, and the AIC recovery is obtained by (17). Subsequently, M2l is updated as
sampler M2l = M l M1l , and Km l+1
ax is obtained by deducting the step
 [34] is taken in this paper. Here, the sparsity level
of vec P is equal to J K. size 1 from Km ax . This iterative process is repeated until
l

2) The estimated rank K is given by M2l > 0 or the maximal iteration number Iterm ax is reached.
The outputs of Algorithm 2 are the updated Km ax and K l .
 
I    Because of the over-utilizing of Algorithm 2 caused by un-
1 J 
K =  pij  r (15) suitable step size 1 , output Km ax from Algorithm 2 can be-
J
i=1  j =1  come smaller than the real rank K. This leads to an M1 that
is insufficient for the exact rank estimation K. As illustrated
where r is a threshold for the rank estimation, and pij in Algorithm 3, an enlargement algorithm is proposed to en-
refers to the items in P . By applying data fusion at the large Km ax until exact rank estimation can be achieved. The
FC, the power value of each channel is then calculated by outputs of Algorithm 2, Km ax and K l , are taken as inputs of
l+1
averaging power values of the same channel received by Algorithm 3. In the l-th iteration, Km ax is updated by adding
spatially distributed SUs. step size 2 to Km ax . Subsequently, the updated M1l is deter-
l
QIN et al.: MALICIOUS USER DETECTION BASED ON LOW-RANK MATRIX COMPLETION IN WIDEBAND SPECTRUM SENSING 11

by malicious users L is required. However, if the estimated

Algorithm 2: Proposed Shrink Algorithm.
number of corrupted channels L is smaller or greater than its
Input: PEC , 1 , Kin i , Iterm ax , and r . real value L, the performance of Algorithm 1 will be degraded
Initialization: l = 1, Km l
ax = Kini , M2 < 0.
l
significantly. More specifically, if L is underestimated, some of
1: while M2 < 0 or l Iterm ax do
l
the corrupted channels will still be used to perform MC at the
2: Calculate M1l with Km l
ax by (16); FC, which will definitely result in recovery errors in the recon-
3: Calculate K by (14) and (15) with M1l channels;
l
structed matrix. If L is overestimated, some of the uncorrupted
4: Calculate M l with K l by (17); channels will be removed during the MC process, and there-
5: Calculate M2l = M l M1l ; fore the MC process would result in more than one solution,
ax = Km ax 1 and l = l + 1.
l+1 l
6: Update Km as no enough uncorrupted measurements are available for MC.
7: end while Consequently, exact MC is difficult to achieve as the number of
l l
8: return Km ax , and K . available uncorrupted channels may be insufficient.
As proved in [30], a sufficient condition for the non-
uniqueness of a matrix P is given as follows: suppose the
Algorithm 3: Proposed Enlargement Algorithm. number of sensed channels is M , and they are randomly dis-
Input: PEC , 2 , Km ax , K l , r , Iterm ax and . tributed among the complete matrix P C IJ . Let us define
Initialization:
 l = 1, Km
l
ax = Km ax . L as the difference between the overestimated number of cor-
 l  rupted channels L and the real number of corrupted channels
1: while K Km ax  or l Iterm ax do
l
(M L )
L. If L > m ax(I,J ) K > 0, then the reconstructed matrix
ax = Km ax + 2 and l = l + 1;
l+1 l
2: Update Km
3: l
Calculate M1 with Km l is non-unique.
ax by (16);
4: Calculate K by (14) and (15) with M1l channels.
l In the proposed framework, an initial guess L0 for the number
5: end while of channels corrupted by malicious users is used as one input for
6: return K l = Km l Algorithm 1. It is an iterative process to update the number of
ax .
corrupted channels in combining with Algorithm 1. In each iter-
 1 is performed, the value of theLth largest
ation, after Algorithm
 2
term in set S = P ij pEC ij , (i, j) should be
checked. If it is less than a predefined tolerance ltol , L is deter-
mined to be overestimated, and some of the removed channels
are uncorrupted. The numerical analyses in [30] has proven that
L can be bounded by (lm in K), where lm in is defined as the
minimum number of sensed channels   row or one column
in one
of the incomplete matrix with M L elements at the FC.
More specifically, let us define lm in as the minimal number of
Fig. 3. Procedure of the proposed rank estimation algorithm. sensed channels
 in one  row or one column of the incomplete
mined by (16) to achieve exact rank estimation. Additionally, K l matrix with M L elements. If lm in is less than the rank
is determined by (14) and (15). This iterative process continues K, the estimated number of corrupted channels L is updated as
 2
L = L + lm in K. If lm in is no less than K and pij pEC
l l
until the difference between Km ax and K becomes less than ij
the error tolerance or the maximal iteration number Iterm ax is less than , the exact matrix is reconstructed. Consequently,
is reached. The updated Km ax is taken as the output of the the iterative process for MC is terminated. Otherwise, if lm in is
proposed rank order estimation, and used for the rank input to  2
greater than K and pij pEC ij is greater than , L is consid-
Algorithm 1.
ered to be underestimated. As a result, the value of L should be
The whole process of the proposed rank estimation algorithm
updated to be 1 L, where 1 > 1 is a properly selected constant.
is illustrated in Fig. 3. Once the algorithm starts with the inputs,
l l The updated L is then taken as one input for the MC process
the updated Km ax and K obtained by (15) are returned as the
in the next iteration until the exact matrix is recovered or the
outputs of Algorithm 2. Subsequently, Algorithm 3 is triggered
iteration number reaches its upper bound Im ax .
if the difference between K l and Km l
ax is no less than the
With the proposed rank estimation algorithm and the num-
error tolerance . The K l is returned until the stop condition is
ber of corrupted channel estimation algorithm described above,
satisfied or the maximal iteration number Iterm ax is reached.
the whole procedure of the proposed malicious user detection
framework with low-rank MC can be summarized as shown in
C. Estimation Strategy on Number of Corrupted Channels Fig. 4. Within this framework, it is worth noting that the exact
As illustrated in Algorithm 1, the number of corrupted chan- recovery cannot be achieved if the number of sensed channels
nels L collected at the FC is required as one of the inputs. M is smaller than M1 . In this case, the FC should coordi-
However, L is usually unknown and needs to be estimated. nate SUs in the CSS network to sense more channels until
Therefore, an estimation of the number of channels corrupted M M1 .
12 IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO. 1, JANUARY 1, 2018


complexity is O I 3 J 3 , which comes from solving the l1 -
norm minimization. For the malicious user detection part,
the computational complexity mainly comes from step 2 in
Algorithm 1. In each iteration of Algorithm
 1, thecomputational

complexity of solving step 2 is O M + I + J K 2 + IK 3 .
Fig. 4. Whole procedure of the proposed malicious user detection framework As a result,
 the complexity
 of Algorithm
 1 is bounded by
based on low-rank matrix completion. 2 3
O Im ax M + I + J K + IK . Due to the low-rank
property of the matrix at the FC, the value of matrix rank, K, is
D. Data Acquisition Costs and Computational Complexity usually small, which leads to an acceptable complexity.
If the whole spectrum of interest is entirely sensed by the set
of SUs at each location, the number of sensed channels obtained IV. NUMERICAL ANALYSES
at the FC is M = I J. In such as case, a complete matrix is
In this section, numerical analyses of the proposed malicious
available at the FC. Otherwise, if only part of the whole spectrum
user detection framework are presented. The proposed frame-
is sensed, only an incomplete matrix can be constructed at the
work is tested on both simulated and real-world TVWS signals.
FC with M < I J. Herein, the compression ratio can also
In the simulation, the total number of channels is I = 40,
be defined as = IJM
, which is the ratio of the number of the which is the number of TVWS channels in the UK. Each channel
sensed channels M in the incomplete matrix PE to the total is either fully occupied by a PU or vacant. The locations of PUs
number of channels I J in the complete matrix P at the are randomly distributed among the spectrum of interest. Here,
FC. the size of a CSS network refers to the number of different
Without invoking the MC technique, the total number of chan- locations J where SUs are implemented in that CSS network.
nels to be sensed at J different locations in the CSS network In simulation settings, the size of a CSS network changes from
is M1 = I J, regardless of the presence of malicious users. small scale (J = 1) to large scale (J = 400). The power values
Additionally, considering a MC based CSS network without of corrupted channels pij are assumed to be random within the
malicious users, in order to make sure the complete matrix can range of [pEm in , pm ax ]. Without considering channel fading, pm ax
E E

be recovered exactly at the FC, the minimal number of channels is normalized as 1 which refers to the power values of occupied
to be sensed is channels, and pE m in is 0 indicating that the channel is vacant. In
the simulation, with considering the channel fading and different
M2 = m in I J (18)
compression ratios, the values of pE E
m ax and pm in can be variable
where m in is the lower bound of compression ratio to guarantee in each trial. The maximal number of iterations for Algorithm 1
exact MC, which is dependent on the rank K of the matrix to is Im ax = Iterm ax = 200. The step size is 1 = 2 = 1, and
be recovered and the MC solvers. Furthermore, for the CSS = 1.
network with the presence of malicious users considered in
this paper, with invoking Algorithm 1, the minimal number of A. Numerical Results Using Simulated Signals
channels to be sensed is In this subsection, simulation results of the proposed frame-
M3 = m in I J (19) work are illustrated by using the simulated signals.
1) Results of Proposed Rank Estimation Algorithm: The
where m in [m in , 1] is the minimal compression ratio that saved sampling costs, which refer to the saved number of chan-
can be achieved by Algorithm 1. The exact value of m in is nels to be sensed for guaranteeing exact MC, is shown in Fig. 5
dependent on the rank K and the channel corruption ratio . with increasing number of sensing periods and dynamic spec-
Here, the channel corruption ratio = IJL
is defined as the trum occupancies. In this scenario, varying spectrum occupan-
ratio of the number of corrupted channels L to the total number cies result in changing the rank K of the matrix at the FC.
of channels (I J) to be sensed in the considered CSS network. Therefore, the upper bound Km ax of the rank should change
When there is no malicious user in the CSS network, i.e., = 0, accordingly. The rank change points are marked by circle in
we have M2 < M1 . With the presence of malicious users, i.e., Fig. 5. Here, the two-step compressive sensing based spectrum
> 0, we have M3 M2 . Meanwhile, M3 M1 according sensing algorithm (TS-CS-SS) [36] utilizing fixed Km ax is il-
to the definition of M3 in (19). Therefore, no matter whether lustrated as the benchmark. The same initial value for Km ax
malicious users exist in the CSS network, if MC is invoked is used for both TS-CS-SS and the proposed rank estimation
at the FC, the number of channels that needs to be sensed is algorithm. Therefore, the sampling costs saved by these two al-
less than the case without invoking MC technique. As a result, gorithms are same at the initial sensing period in Fig. 5. When
the data acquisition costs can be significantly reduced by the the sparsity of the spectral signals changes, the saved sampling
proposed malicious user detection framework, in comparison costs caused by TS-CS-SS algorithm keep constant as Km ax
with the conventional malicious user detection method. is fixed. However, exact MC cannot be guaranteed if Km ax is
Complexity of the proposed malicious user detection frame- much smaller than K, or extra data acquisition costs are caused
work lies in two parts: i) rank estimation; and ii) malicious if Km ax is much larger than K. For the proposed rank estima-
user detection. For the rank estimation part, the computational tion algorithm, the saved sampling costs is degraded at each
QIN et al.: MALICIOUS USER DETECTION BASED ON LOW-RANK MATRIX COMPLETION IN WIDEBAND SPECTRUM SENSING 13

Fig. 7. Detection performance comparison between the proposed method and

Fig. 5. Saved sampling costs with varying spectrum occupancies.
various benchmarks versus malicious user ratio . Compression ratio is = 1.0,
matrix rank is K = 1, and network size is J = 40.

overestimated, i.e. > 1, especially in the case with high level

of channel corruption ratio, i.e. 0.5. It is further noted that
Pd would only be degraded slightly if the number of corrupted
channels L is underestimated. In the following simulations, by
invoking the proposed estimation strategy for the number of cor-
rupted channels, the correct estimation of the corrupted channels
L is taken as one input of Algorithm 1.
3) Results of the Proposed Malicious User Detection Frame-
work: Fig. 7 shows the verification of our proposed method for
its effectiveness of dealing with malicious users. Here, we pro-
vide curves for the following four approaches:
r Approach 1: spectrum sensing without malicious users,
Fig. 6. Detection probability P d of the proposed malicious user detection
framework with different estimation accuracy ratios and channel corruption labelled by in the figure.
ratios . The compression ratio is = 100%, and network size is J = 40. r Approach 2: with the existence of malicious users, signal
recovery is performed by solving the nuclear norm opti-
change point in order to guarantee exact MC. However, the mization problem as adopted in [25] for the multiple nodes
saved sampling costs are increased gradually after the sparsity case. It is labelled by  in Fig. 7.
change point. The proposed rank estimation algorithm guaran- r Approach 3: with the existence of malicious users, our
tees exact MC in dynamic spectrum occupancy environment, proposed malicious user detection method is adopted to
with the extra burden on sampling in comparison with the TS- remove malicious users during matrix recovery process. It
CS-SS algorithm. In practice, spectrum occupancy is assumed is labelled by in Fig. 7.
to be the stable within several periods. Therefore, the proposed In this scenario, the number of active PUs in the spectrum of in-
rank estimation algorithm is reliable for practical scenario, as terest is 1, which results in the rank of matrix at the FC as K = 1.
it can adjust Km ax to be closer to the real rank K after a few Compression ratio is = 1.0 to avoid any performance degrada-
periods of the K change point. More accurate estimation of K tion caused by insufficient number of collected measurements at
makes the proposed algorithm outperform TS-CS-SS in terms the FC. By comparing the curves for approach 1 with approach
of the saved sampling costs with guarantee on exact MC. 2, we can observe that the detection performance is degraded
2) Results of the Case With Unknown Number of Corrupted when malicious users attack the system. This is because that the
Channels: In Fig. 6, the influences of the incorrect estimation on collected measurements used for signal recovery at the FC are
the number of corrupted channels L = L are analyzed. Here, corrupted by malicious users, which leads to inaccurate signal
, named as estimation accuracy ratio, is defined as the ratio recovery. With invoking our proposed method, i.e., approach 3,
of the estimated number of corrupted channels L to the actual it can be noted that the detection performance is improved sig-
number of corrupted channels L. In this case, we choose J = 40 nificantly in comparison with approach 2, which validates the
and K = 1 to simplify the simulation process. Additionally, the effectiveness of our proposed framework. It is also worth noting
estimated number of corrupted channels L = L varies from that the detection performance degrades when more channels
0.7L to 1.3L. It is shown in Fig. 6 that detection probability are corrupted by malicious users.
Pd of the proposed malicious user detection framework gets de- In order to further illustrate how malicious users influence the
graded when the estimated number of corrupted channels L is signal recovery accuracy, we also provide a comparison on the
14 IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO. 1, JANUARY 1, 2018

Fig. 8. Recovery accuracy comparison between the proposed method and Fig. 10. Detection probability P d of the proposed malicious user detection
traditional compressive spectrum sensing approach versus malicious user ratio framework with different channel corruption ratios . The compression ratio
. Compression ratio is = 1.0, matrix rank is K = 1, and network size is is 0.6, 0.8, and 1.0, respectively. Here, network size is J = 40.
J = 40.

ratio . In order to eliminate any possible influence caused by an

insufficient number of measurements at the FC, the compression
ratio is = 1.0 in this case. From the figure, we can observe
that the probability of incorrectly classifying the uncorrupted
channels increases with higher . The reason is that with higher
, the number of uncorrupted power values collected at the FC
is reduced, which results in inexact MC. It is also worth not-
ing that probability that the corrupted channels are successfully
removed during the MC process decreases with increasing ,
which is caused by the inexact MC at the FC as well. We can
further note that as more uncorrupted channels are determined
as corrupted and removed during the MC process, the number
of uncorrupted values used for the MC is further reduced. As a
result, the recovery performance of MC degrades.
Fig. 10 plots the detection probability Pd of the proposed
malicious user detection framework versus channel corruption
Fig. 9. Corrupted channel detection probability versus malicious user ratio . ratio . It is worth noting that the detection probability Pd of the
The compression ratio is = 1.0, matrix rank is K = 1, and network size is proposed malicious user detection framework decreases when
J = 40.
more channels are corrupted by malicious users in the consid-
ered networks. Specifically, we can observe that when channel
relative recovery error achieved by approach 2 and approach 3 corruption ratio is increased to 0.6, the detection probability Pd
as specified above. Here, the relative recovery error is defined is heavily degraded regardless of the compression ratio. It is

P P

2 reasonable as the number of uncorrupted values is insufficient

as
P
2 2 . As shown in Fig. 8, we can see that the relative to guarantee exact MC at the FC.
2
recovery error achieved by the traditional compressive spec- Fig. 11 illustrates how the detection probability Pd of the pro-
trum sensing approach, i.e., approach 2, is much higher than posed malicious user detection framework varies against chan-
our proposed approach, i.e., approach 3. This is caused by the nel corruption ratio under different network sizes J. With
existence of malicious users. When these corrupted values are a fixed , the number of corrupted channels L increases with
included in the measurements to perform signal recovery at the larger network size J, as the channel corruption ratio is defined
FC, the recovery error increases. The more channels are cor- as = IJ L
and I is fixed to be 40. Additionally, as labelled
rupted by malicious users, the worse recovery accuracy can be with black ovals in Fig. 11, for the two cases with J = 200
achieved. When our proposed malicious user detection approach and J = 400, if is 0.4 and 0.2, respectively, the number of
is adopted to remove those corrupted measurements during the corrupted channels becomes the same L = 3200. Similarly, as
process of recovery ordinal matrix, the recovery accuracy is labelled with black ovals in Fig. 11, for the cases with J = 40
increased significantly. This result matches with the detection and J = 200, if is set to 0.5 and 0.1, the number of corrupted
performance trend shown in Fig. 7. channels L = 800 becomes the same. In these two considered
Fig. 9 plots the probabilities of detecting the corrupted chan- scenarios, we notice that detection probability Pd of the CSS
nels as corrupted (Pd ) and that of incorrectly classifying un- network with large size is higher than that with smaller size
corrupted channels as corrupted (Pf ) versus channel corruption when the number of corrupted channels is fixed. This supports
QIN et al.: MALICIOUS USER DETECTION BASED ON LOW-RANK MATRIX COMPLETION IN WIDEBAND SPECTRUM SENSING 15

Fig. 11. Detection probability P d of the proposed malicious user detection

framework with different channel corruption ratios . The network size J is 40, Fig. 13. Measurement setup for collecting real-world data at Queen Mary
200, and 400, respectively. The compression ratio is = 1.0, and matrix rank University of London.
is K = 4.

Fig. 12. Detection probability P d of the proposed malicious user detection

framework with different matrix ranks K and different channel corruption ratios Fig. 14. Detection probability P d and false alarm probability P f of the pro-
. The compression ratio is = 1.0, and network size is J = 400. posed malicious user detection algorithm using real-world signals with different
compression ratios , and K = 9.

the proposition that the higher spatial diversity of the CSS net-
work (i.e., larger CSS network size), the better defense against carried out at Queen Mary University of London. There are
the same number of corrupted channels. I = 40 channels over TVWS in total, ranging from 470 MHz to
In Fig. 12, the detection probability Pd of the proposed mali- 790 MHz. Each TVWS channel is with bandwidth of 8 MHz.
cious user detection framework is presented with different chan- Among these TVWS channels, channel 27 is generally vacant,
nel corruption ratios and different ranks K. The rank K of the whose frequency ranges from 518 MHz to 526 MHz. During
matrix is determined by the number of active PUs in the spec- the measurement, channel 27 was randomly corrupted by Dig-
trum of interest. The positions of the active PUs are randomly ital Video Broadcasting-Terrestrial (DVB-T) signals, which are
generated in the spectrum of interest. In this case, the com- generated and transmitted temporarily by the setup shown in
pression ratio is set to 1.0 to avoid any possible performance Fig. 13(a). Real-world signals over TVWS are collected by
degradation caused by an insufficient number of sensed channels a portable RFeye node as shown in Fig 13(b). As shown in
at the FC. We can see that the detection performance improves Fig 13(c), there are 8 channels being occupied by PUs, includ-
with decreasing rank K of the matrix as well as decreasing ing channel 22, 23, 25, 26, 28-30, and 33. When the trial signal
channel corruption ratio . This observation is reasonable, as is transmitted, as labelled by red circle in Fig. 1, channel 27
exact MC requires more observed measurement at the FC with became occupied. Due to the limited number of sensing nodes
increasing rank K and channel corruption ratio . and restricted licence for accessing TVWS, channel 27 was cor-
rupted randomly among different time slots in order to simulate
the random distribution of corrupted values among the matrix at
B. Numerical Results Using the Real-World Signals
the FC. In the following, the proposed malicious user detection
The UK regulator Ofcom has conducted a series of trials framework is tested by real-world signals collected during the
on the TVWS pilots [37], [38]. One of the trials has been trial.
16 IEEE TRANSACTIONS ON SIGNAL PROCESSING, VOL. 66, NO. 1, JANUARY 1, 2018

In this case, the same channel is sensed by SUs collected at APPENDIX

J = 50 different time slots. Malicious users appear in channel
The key notations in this paper are summarized in Table I.
27 randomly among the 50 time slots. Fig. 14 shows the detec-
TABLE I
tion probability Pd and the false alarm probability Pf of the pro- KEY NOTATIONS AND DEFINITIONS
posed malicious user detection algorithm with varying compres-
sion ratios . The detection performance comparison is demon-
strated for the cases with and without malicious users in the CSS
network. When there are no malicious users in the CSS network,
we can see that the perfect detection performance (Pd = 1.0 and
Pf = 0.0) can be achieved by choosing the suitable threshold
according to (12) for decision making. If malicious users show
up in the CSS network, the false alarm probability Pf becomes
higher than the case without malicious users, because a false
alarm happens if the corrupted value on channel 27 over TVWS
is not removed properly during MC process. It is further noticed
that the false alarm probability Pf does not reach 0 when there
are malicious users in the CSS network. This is caused by the as-
sumption in the proposed framework that the corrupted channels
are assumed to be sparsely and randomly distributed among the
sensed channels collected at the FC. This assumption is reason-
able and practical as malicious users can show up anywhere and
interpolate any channel. However, in the trial, only channel 27
among the 40 TV channels can be corrupted randomly due to the
license limitation. The slight behaviour difference of malicious
users in the real-world signals causes inexact MC, by utilizing
the proposed framework for malicious user detection. Thus, as
shown in Fig. 14, the higher Pf is found in comparison with
the benchmark (the case without malicious users). However, we
can still observe that Pf gets closer to the benchmark with the
increasing compression ratio , as the recovery error becomes
smaller when higher number of sensed channels are available
at the FC. This trend matches the simulation results presented
in Fig. 10.

REFERENCES
V. CONCLUSION
[1] J. Mitola and G. Q. Maguire, Cognitive radio: Making software radios
In this paper, we proposed a low-rank matrix completion more personal, IEEE Pers. Commun., vol. 6, no. 4, pp. 1318, Aug. 1999.
(MC) based malicious user detection framework for the se- [2] A. Ghasemi and E. Sousa, Collaborative spectrum sensing for oppor-
cure cooperative spectrum sensing (CSS) networks. As each tunistic access in fading environments, in Proc. IEEE Int. Symp. New
Frontiers Dyn. Spectrum Access Netw., Baltimore, MD, USA, Nov. 2005,
SU only sensed part of the whole spectrum, the costs of data pp. 131136.
acquisition at SUs were reduced significantly. Meanwhile, a [3] I. F. Akyildiz, B. F. Lo, and R. Balakrishnan, Cooperative spectrum
malicious user detection algorithm was proposed by adopt- sensing in cognitive radio networks: A survey, Phys. Commun., vol. 4,
no. 1, pp. 4062, Mar. 2011.
ing the adaptive outlier pursuit (AOP) algorithm, in which the [4] R. Chen, J. M. Park, Y. T. Hou, and J. H. Reed, Toward secure distributed
channels corrupted by malicious users were removed during spectrum sensing in cognitive radio networks, IEEE Commun. Mag.,
the MC process. Additionally, a rank estimation algorithm and vol. 46, no. 4, pp. 5055, Apr. 2008.
[5] G. Ding, Q. Wu, Y.-D. Yao, J. Wang, and Y. Chen, Kernel-based learning
an estimation strategy for the number of corrupted channels for statistical signal processing in cognitive radio networks: Theoretical
were proposed to provide inputs for the proposed malicious foundations, example applications, and future directions, IEEE Signal
user detection framework, in order to make it completely blind. Process. Mag., vol. 30, no. 4, pp. 126136, Jun. 2013.
[6] Q. Yan, M. Li, T. Jiang, W. Lou, and Y. Hou, Vulnerability and protec-
Furthermore, the proposed malicious user detection framework tion for distributed consensus-based spectrum sensing in cognitive radio
was tested on both simulated signals and real-world signals networks, in Proc. IEEE INFOCOM, Mar. 2012, pp. 900908.
over TV white space spectrum. Numerical analyses showed [7] L. Zhang, G. Ding, Q. Wu, Y. Zou, Z. Han, and J. Wang, Byzantine
attack and defense in cognitive radio networks: A survey, IEEE Commun.
that the proposed framework alleviated the influences of mali- Surveys Tut., vol. 17, no. 3, pp. 13421363, Apr. 2015.
cious users with lower data acquisition cost at each individual [8] P. Kolodzy and I. Avoidance, Spectrum policy task force, Federal
SU. It can be concluded that the proposed malicious user de- Commun. Comm., Washington, DC, USA, Rep. ET Docket no. 02-135,
Jun. 2002.
tection framework is a strong candidate for the secure CSS [9] Ofcom, Statement on Cognitive Access to Interleaved Spectrum, U.K.
networks. Office of Communications, London, U.K., Jul. 2009.
QIN et al.: MALICIOUS USER DETECTION BASED ON LOW-RANK MATRIX COMPLETION IN WIDEBAND SPECTRUM SENSING 17

[10] Z. Tian and G. Giannakis, Compressed sensing for wideband cogni- [34] J. Tropp, J. Laska, M. Duarte, J. Romberg, and R. Baraniuk, Beyond
tive radios, in Proc. IEEE Int. Conf. Acoust. Speech Signal Process., Nyquist: Efficient sampling of sparse bandlimited signals, IEEE Trans.
Honolulu, HI, USA, Apr. 2007, pp. 13571360. Inf. Theory, vol. 56, no. 1, pp. 520544, Jan. 2010.
[11] Y. Wang, Z. Tian, and C. Feng, Collecting detection diversity and com- [35] E. Candes, Compressive sampling, in Proc. Int. Congr. Math., Madrid,
plexity gains in cooperative spectrum sensing, IEEE Trans. Wireless Com- Spain, Aug. 2006, vol. 3, pp. 14331452.
mun., vol. 11, no. 8, pp. 28762883, Aug. 2012. [36] Y. Wang, Z. Tian, and C. Feng, Sparsity order estimation and its applica-
[12] H. Li, Reconstructing spectrum occupancies for wideband cognitive radio tion in compressive spectrum sensing for cognitive radios, IEEE Trans.
networks: A matrix completion via belief propagation, in Proc. IEEE Int. Wireless Commun., vol. 11, no. 6, pp. 21162125, May 2012.
Conf. Commun., Cape Town, South Africa, May 2010, pp. 16. [37] UK Office of Communications (Ofcom), Ofcom TV White
[13] E. J. Candes and B. Recht, Exact matrix completion via convex optimiza- Spaces Pilot Update Event, Jun. 2014. [Online]. Available:
tion, Found. Comput. Math., vol. 9, no. 6, pp. 717772, Dec. 2009. http://stakeholders.ofcom.org.uk/binaries/spectrum/whitespaces/TVWS_
[14] W. Wang, H. Li, Y. Sun, and Z. Han, Securing collaborative spectrum Pil ot_Update_event_26-06-14_presentation_PUBLISH.pdf
sensing against untrustworthy secondary users in cognitive radio net- [38] O. Holland et al., To white space or not to white space: That is the trial
works, EURASIP J. Adv. Signal Process., vol. 2010, pp. 115, Jan. 2010. within the Ofcom TV white spaces pilot, in Proc. IEEE Int. Symp. Dyn.
[15] R. Chen, J.-M. Park, and K. Bian, Robust distributed spectrum sensing in Spectrum Access Netw., Stockholm, Sweden, Sep. 2015, pp. 1122.
cognitive radio networks, in Proc. IEEE INFOCOM, Phoenix, AZ, USA,
Apr. 2008, pp. 1318. Zhijin Qin (S13M16) received the Bachelors de-
[16] P. Kaligineedi, M. Khabbazian, and V. K. Bhargava, Malicious user grees from Beijing University of Posts and Telecom-
detection in a cognitive radio cooperative sensing system, IEEE Trans. munications, Beijing, China, in 2012 and the Ph.D.
Wireless Commun., vol. 9, no. 8, pp. 24882497, Jun. 2010. degree from Queen Mary University of London,
[17] A. W. Min, K. G. Shin, and X. Hu, Secure cooperative sensing in IEEE London, U.K., in 2016.
802.22 WRANs using shadow fading correlation, IEEE Trans. Mobile She joined Lancaster University, Lancaster, U.K.
Comput., vol. 10, no. 10, pp. 14341447, Oct. 2011. as a Lecturer (Assistant Professor) in the School of
[18] S. Kalamkar, A. Banerjee, and A. Roychowdhury, Malicious user sup- Computing and Communications since August 2017.
pression for cooperative spectrum sensing in cognitive radio networks Before that, she was with Imperial College London as
using Dixons outlier detection method, in Proc. Nat. Conf. Commun., a Research Associate. Her research interests include
Kharagpur, India, Feb. 2012, pp. 15. low-power wide area network in Internet of Things,
[19] A. W. Min, K. H. Kim, and K. G. Shin, Robust cooperative sensing via compressive sensing and machine learning in wireless communications, and
state estimation in cognitive radio networks, in Proc. IEEE Symp. New nonorthogonal multiple access. She currently serves as an Editor of the IEEE
Frontiers Dyn. Spectrum Access Netw., May 2011, pp. 185196. ACCESS. She has served as a TPC member for many IEEE conferences such as
[20] F. Penna, Y. Sun, L. Dolecek, and D. Cabric, Detecting and counteracting GLOBECOM16, ICC16, VTC15, and VTC14. She received the best paper
statistical attacks in cooperative spectrum sensing, IEEE Trans. Signal award at Wireless Technology Symposium 2012.
Process., vol. 60, no. 4, pp. 18061822, Apr. 2012.
[21] L. Duan, A. W. Min, J. Huang, and K. G. Shin, Attack prevention for
collaborative spectrum sensing in cognitive radio networks, IEEE J. Sel. Yue Gao (S03M07SM13) received the Ph.D.
Areas Commun., vol. 30, no. 9, pp. 16581665, Oct. 2012. degree from Queen Mary University of London
[22] H. Li and Z. Han, Catch me if you can: An abnormality detection approach (QMUL), London, U.K., in 2007.
for collaborative spectrum sensing in cognitive radio networks, IEEE He is a Reader in Antennas and Signal Processing
Trans. Wireless Commun., vol. 9, no. 11, pp. 35543565, Nov. 2010. and the Director of Whitespace Machine Commu-
[23] W. Wang, L. Chen, K. Shin, and L. Duan, Thwarting intelligent malicious nication Lab, School of Electronic Engineering and
behaviors in cooperative spectrum sensing, IEEE Trans. Mobile Comput., Computer Science, QMUL. He worked as a Research
vol. 14, no. 11, pp. 23922405, Nov. 2015. Assistant, a Lecturer (Assistant Professor), and a Se-
[24] J. Meng, W. Yin, H. Li, E. Hossain, and Z. Han, Collaborative spectrum nior Lecturer (Associate Professor) at QMUL. He
sensing from sparse observations in cognitive radio networks, IEEE J. is currently leading a team developing theoretical
Sel. Areas Commun., vol. 29, no. 2, pp. 327337, Feb. 2011. research into practice in the interdisciplinary area
[25] Z. Qin, Y. Gao, M. D. Plumbley, and C. G. Parini, Wideband spectrum among smart antennas, signal processing, spectrum sharing, and Internet of
sensing on real-time signals at sub-Nyquist sampling rates in single and Things applications. He has published more than 130 peer-reviewed journal and
cooperative multiple nodes, IEEE Trans. Signal Process., vol. 64, no. 12, conference papers, two patents, and two book chapters. He is an Editor of the
pp. 31063117, Jun. 2016. IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, the IEEE WIRELESS COM-
[26] Z. Qin, Y. Liu, Y. Gao, M. Elkashlan, and A. Nallanathan, Wireless pow- MUNICATION LETTERS, and China Communications. He is serving as Cognitive
ered cognitive radio networks with compressive sensing and matrix com- Radio Symposium Co-Chair of the IEEE GLOBECOM 2017. He has served
pletion, IEEE Trans. Commun., vol. 65, no. 4, pp. 14641476, Apr. 2017. as the Signal Processing for Communications Symposium Co-Chair for IEEE
[27] Y. Ma, Y. Gao, Y. C. Liang, and S. Cui, Reliable and efficient sub- ICCC 2016, Publicity Co-Chair for IEEE GLOBECOM 2016, and the General
Nyquist wideband spectrum sensing in cooperative cognitive radio net- Chair of the IEEE WoWMoM and iWEM 2017. He is a Secretary of the IEEE
works, IEEE J. Sel. Areas Commun., vol. 34, no. 10, pp. 27502762, Technical Committee on Cognitive Networks, and an IEEE Distinguished Lec-
Oct. 2016. turer of Vehicular Technology Society. He coreceived the EU Horizon Prize
[28] Z. Qin, Y. Gao, and C. G. Parini, Data-assisted low complexity compres- Award on Collaborative Spectrum Sharing in 2016 and the Research Perfor-
sive spectrum sensing on real-time signals under sub-Nyquist rate, IEEE mance Award from Faulty of Science and Engineering at QMUL in 2017.
Trans. Wireless Commun., vol. 15, no. 2, pp. 11741185, Feb. 2016.
[29] Z. Qin, Y. Gao, M. Plumbley, C. Parini, and L. Cuthbert, Low-rank Mark D. Plumbley (S88M90SM12F15) re-
matrix completion based malicious user detection in cooperative spectrum ceived the B.A. (Hons.) degree in electrical sciences
sensing, in Proc. IEEE Global Conf. Signal Inf. Process., Austin, TX, and the Ph.D. degree in neural networks both from
USA, Dec. 2013, pp. 11861189. the University of Cambridge, Cambridge, U.K., in
[30] M. Yan, Y. Yang, and S. Osher, Exact low-rank matrix completion from 1984 and 1991, respectively. From 1991 to 2001, he
sparsely corrupted entries via adaptive outlier pursuit, J. Sci. Comput., was a Lecturer with Kings College London, London,
vol. 56, no. 3, pp. 433449, Sep. 2013. U.K., before moving to Queen Mary University of
[31] M. Yan, Y. Yang, and S. Osher, Robust 1-bit compressive sensing using London, London, U.K. in 2002, later becoming the
adaptive outlier pursuit, IEEE Trans. Signal Process., vol. 60, no. 7, Director of the Centre for Digital Music. In 2015,
pp. 38683875, Jul. 2012. he joined the Centre for Vision, Speech and Signal
[32] Y. C. Liang, Y. Zeng, E. C. Y. Peh, and A. T. Hoang, Sensing-throughput Processing, University of Surrey, Guildford, U.K., as
tradeoff for cognitive radio networks, IEEE Trans. Wireless Commun., a Professor of signal processing. His main research interest include the analysis
vol. 7, no. 4, pp. 13261337, Apr. 2008. and processing of audio and music signals, using techniques such as matrix
[33] N. Boumal and P.-A. Absil, RTRMC: A Riemannian trust-region method factorization, sparse representations, and deep learning. He is a member of the
for low-rank matrix completion, in Proc. Adv. Neural Inf. Process. Syst. IEEE Signal Processing Society Technical Committee on Signal Processing
24, Granada, Spain, Dec. 2011, pp. 406414. Theory and Methods.