2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)

An analysis of Network Security Attacks and their

mitigation for Cognitive Radio Communication
2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS) | 979-8-3503-9737-6/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICACCS57279.2023.10112905

N. Gayathri H. Anandakumar S. Gowri

Computer Science and Engineering Computer Science and Engineering, Department of Artificial Intelligence
Sri Eshwar College of Engineering Sri Eshwar College of Engineering and Data Science
Coimbatore, Tamilnadu Coimbatore,Tamilnadu Sri Eshwar College of Engineering
gayathri.n@sece.ac.in anandakumar.h@sece.ac.in Coimbatore, Tamilnadu
gowri.s@sece.ac.in
J. Keerthika S. Nithyapriya
Computer Science and Engineering Department of Artificial Intelligence
Sri Eshwar College of Engineering and Data Science
Coimbatore,Tamilnadu Bannai Amman Institute of
keerthika.jcse@sece.ac.in Technology
Coimbatore, Tamilnadu
nithuit@gmail.com

Abstract—The primary motivator after the evolution of
cognitive radio is the lack of utilization of the spectrum. This
technology adds new functionality in the physical layer, data
link sub-layer, Transmission Control Protocol/Internet
Protocol layer, and Transport layers of the hierarchy of
software layers. The majority of the currently available
research in cognitive radio has concentrated on security
challenges at the physical, MAC layers. Over the past two
decades, cyber security threats and problems have grown
significantly, especially in cognitive radio networks. This study
describes and analyzes various attacks that target each layer
at its protocol stack. Each attack's specific detection
techniques and defenses are also examined and contrasted.
Keywords—Cognitive Networks, Denial of Service, Licensed
user, Unlicensed user.
I. INTRODUCTION
Increasing business demand is driving the update of
wireless communication technology, which is evolving
rapidly. Therefore, limited spectrum resources compete with
growing business needs. A Federal Communications
Commission (FCC) research claims that the current
spectrum underutilization is the outcome of ineffective
regulations rather than actual spectrum shortages. With a
restricted supply of spectrum and a rising demand for
spectrum for wireless applications and services, cognitive
radio networks (CRNs) start to make use of this untapped
spectrum. It is an intelligent network that uses the radio
spectrum more effectively and adjusts to environmental
changes. CRNs help address spectrum shortages caused by
unauthorized users allowing uninterrupted access to the host
system.
But Spectrum-sensing technology enables Secondary
Users (SUs) to use the channels that aren't already being
occupied by the authorized Primary Users when CRNs
operate in an environment of open and random access
networks (PUs).
To be effective, CRNs must be secure, just like any other
contemporary communication technology. To put it another
way, CRNs are required to ensure the privacy, accuracy, and
legitimacy of any data passing over the network.
Unfortunately, traditional radio networks also have to deal
with a variety of security issues, such as attacks that take
advantage of their adaptability. Currently, network security
research is one of the most popular areas of study for
cognitive networks. Then, it is mandatory to study the
current state of cognitive radio network security research.
The appropriate building and upkeep of security measures to
thwart assaults made against CRNs are necessary for the
deployment of CRNs to be successful. We classify the CRNs
attacks into different types: Physical Layer, Data Link
sublayer – Medium Access Control, Transmission Control
Protocol/Internet Protocol layer, and Transport Layer
attacks.
We examine the Physical Layer attacks through primary
user emulation, Eavesdropping, and Jamming attacks.
Frequency Spectrum Data Falsification through sensing and
Control Channel Capacity Denial of Service threats are
specified in the MAC layer. The attacks that apply to routing
in CRNs are the Sinkhole, Hello Flood, and Wormhole
attacks, which are primarily discussed at the network layer.
We focus on the Lion Attack in the transport layer. This
research work is a detailed study of the network security
attacks occurring for Cognitive radios and their
countermeasures. Its setup is given in the form of sections.
In Section 2, the Overview of CRNs is described. For the
configurability of cognitive radios, Section 3 addresses
network security and its attacks. The comparison of the
attacks made as a result of its activity is in Section 4. The
areas of future CRN security research and conclusion are
covered in Section 5.
II. OVERVIEW OF COGNITIVE RADIO NETWORKS
Since CR depends on the spectrum being open, the
Cognitive radio network should be categorized between
licensed users and cognitive users. Because the frequency
band is accessible, cognitive users can locate an unutilized
spectrum by noticing a gap in the spectrum that the primary
users aren't currently using and exploit it fully to access the
frequency spectrum without disrupting the foundation of
user network information [1], as demonstrated in Fig. 1.

979-8-3503-9737-6/23/$31.00 ©2023 IEEE

2413
Authorized licensed use limited to: De Montfort University. Downloaded on September 18,2023 at 14:09:54 UTC from IEEE Xplore. Restrictions apply.
 2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)
Fig. 1. Cognitive Radio Network Architecture
A. Specific Functions of CRN
The Specific functions of CRN can be categorized into
four variants:
1) Spectrum sensing: Discovering unutilized spectrum
and utilizing it without negatively affecting other users. Idle
frequency bands in CRNs will be dispersed across a large
frequency spectrum series, encompassing licensed and
unlicensed frequency spectra together. Finding the principal
users who are receiving data within a CRN user's
communication range is the most effective technique to
identify spectrum gaps.
2) Spectrum decision: Utilizing the best spectrum that is
currently available to satisfy user communication needs. The
unlicensed and licensed spectrum bands will be dispersed
across a large frequency range in CRNs.
3) Spectrum mobility: During the switch to a better
spectrum, maintaining a seamless connection is necessary.
By allowing radio terminals - often referred to as cognitive
radio- to operate in the optimal frequency band available,
CRNs seek to utilize the spectrum based on the space.
4) Spectrum sharing: There are five main steps in the
spectrum sharing process: a) Frequency band sensing b)
Allocation of Spectrum c) Frequency band access d)
Handshake between the sender and acceptor e) Mobility of
the spectrum.
A secondary user (Cognitive user) which is the CR Node
must do a spectrum sensing technique to determine the band
to utilize for transmission to obtain a service [2]. To achieve
this, it looks for spectrum gaps at a certain frequency and
then exploits their existence in that available space. This
method is called Dynamic Spectrum Access (DSA). The
Cognitive Network Architecture is depicted in Fig. 1 which
includes various activities such as spotting spectrum holes,
identifying the best spectrum sensing, involving frequency
acquisition with other users, and giving room to allocate the
bandwidth when an authorized user appears. As a result,
spectrum sensing details shown in Fig. 2 entails identifying
unutilized spectrum bands, spectrum sharing entails
allocating access channels among numerous users while
avoiding impacts, spectrum selection entails selecting the
best channels, and spectrum mobility entails transfer to the
target channel when a primary user enters the scene.
Spectrum frequency band allocation and power control
operations aid the cognitive cycle.
2414
Authorized licensed use limited to: De Montfort University. Downloaded on September 18,2023 at 14:09:54 UTC from IEEE Xplore. Restrictions apply.
Fig. 2. Specific Functions of CRN
B. Spectrum Sensing Methods
Several spectrum sensing techniques are offered to
locate transmitted signals and determine the nature of the
signal [3]. The three basic types are Signal detection, Feature
determination, and Matched filter.
1) Signal Detection: The greatest method for signal
detection, also known as energy detection, radiometry, or
periodogram, has a low processing and implementation
complexity. It does not require complex spread spectrum
signal detection designs or previous knowledge of the
authorized user’s signal.
2) Feature determination: The precise properties
connected to the modulated signals transmitted by primary
users are what feature detection is based on. The primary
user input is sampled using the Cyclo-stationary feature
detection method and the amplitude is normalized.
C. Matched Filter Detection
Matching filter detection, which assumes that the signal
from the licensed user is pre-existing to the subsequent
users, is an improved detection technique [4]. The benefit of
using matched filter detection is how quickly a particular
likelihood of a false alert or the possibility of a violation may
be obtained.
III. NETWORK SECURITY IN COGNITIVE NETWORKS
A. Network Security in CRN – Types of Occurences
We classify the attacks targeting their layers: Physical
layer, Communication protocol layer (Data Link), TCP/IP
through routing, and Transport layer attacks, in contrast to
the majority of surveys that focus attacks on CRNs.
1) Physical Layer Attacks: The effective deployment of
a CRN depends critically on proper coordination between
many physical layers and numerous functional layers.
a) Primary User Emulation (PUE): To find spectrum
gaps, CR continuously scans the electromagnetic spectrum.
Spectrum sensing is the name for such a CR process. When
a spectrum hole is found, it is assigned to an SU according
to the need. Until PU recovers, SUs are permitted to use the
designated channel. When SU becomes aware of PU’s
arrival, it exits the channel and seeks out another open
spectrum where it can continue to transmit. Spectrum
handoff or spectrum mobility refers to the switching of SU
between different spectrums. There are various methods the
attacker can harm the system with a PUE assault. One such
 2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)
method involves impersonating the base user's destination
and precisely replicating the signal's energy.
Various types of PUE Attacks [5] are:
• Selfish and Malicious PUE Attacks
• PUE Attacks with Fixed and Adaptive Power
• Stationary and Mobile PUE Attacks
b) Jamming: The primary goals of the jamming
attack are to prevent information from being exchanged and
to put the SUs in a denial-of-service position. This method
distributes false packets on purpose to make a frequency
band useless for PU and SU [6]. Even though CRNs are still
vulnerable to DoS assaults similar to those that affect
traditional networks, behaviors of the cognitive radio have
been developed to considerably increase network
performance when jammers are present.
c) Eavesdropping attacks: Because access to the
media is the only requirement for eavesdropping attacks,
wireless communications are vulnerable to them. The rogue
node listening in on transmissions between the CRN's
genuine members is what causes these assaults. The other
objectives of CRN eavesdroppers include gathering
configuration and waveform extraction [7].
• Configuration Extraction: Malicious devices use
this kind of attack to learn the configuration of a
CRN node, including the control channel
parameters, algorithms of spectrum evaluation, and
State information estimation through the channel
and transmit-power control strategies.
• Waveform Data Extraction: A communications
service such as GSM or IEEE 802.11 is
implemented in software as waveforms, the
intended data.
• Operator Data Extraction: Observers monitor all
network traffic to acquire data that will be useful
for identity theft or further attacks.
2) Communication Protocol Layer Attacks: The
Communication Protocol layer is categorized into two
layers, Logical Chain Control, and Medium Access
Control. The access control layer monitors the resource
management that effectively manages simultaneous
accesses while the LLC sublayer carries the traffic density
and failing events likelihood [8].
a) Frequency Spectrum Data Falsification through
sensing: In a Frequency Spectrum Data Falsification attack,
a malicious SU sends the data collector fabricated local
spectrum sensing reports (SSRs) on purpose to influence
the user to choose the wrong spectrum. To discover this
type of Attack, several data fusion strategies were put out.
The Weighted Sequential Ratio Test (WSRT) data fusion
approach was proposed in [9] as a defense against SSDF
assaults. There are two primary phases of the WSRT. In the
reputation maintenance process, each node starts with a
reputation value of 0. The real hypothesis test stage of
WSPRT is the second phase [10]. It is based on the Serial
Probability Ratio Test and has been modified in contrast to
the regular approach applied to the preceding techniques;
the result value depends on the terminal’s position.
2415
Authorized licensed use limited to: De Montfort University. Downloaded on September 18,2023 at 14:09:54 UTC from IEEE Xplore. Restrictions apply.
b) Control Channel Capacity Denial of Service
Attack : When there are more CR nodes easily available for
a given spectrum, the channel may find it difficult to take
all of the cognitive nodes into account within an appropriate
time frame. This could also cause data loss during the
transfer process. With this approach, an attacker might
quickly neutralize the channels by delivering a lot of
packets.
3) TCP/IP Attacks: Communication between distant
nodes is made possible by the network layer of CRN. The
nodes involved in the source-to-destination data packet
forwarding must vacate the occupied channel immediately
when the licensed user’s activity is revealed on it [11]. The
path identification, packet forwarding, or route preservation
processes are all possible attack targets for the routing
function. A malicious node disregards the requirements of
the routing protocols when determining the best path. We
will consider the routing attacks such as Wormhole,
Sinkhole, and Hello Flood.
a) Wormhole Attack: Two attackers intentionally
place themselves within the network in a major threat called
a wormhole attack. The attackers then carry on recording
wireless data and listening to the network. When a
destructive node intercepts a route request (RREQ) in the
network at one location and delivers it to another hostile
attacker at a different location, that attack is known as a
wormhole.
b) HELLO Flood attack: This type of attack is carried
out after an invader forwards a scatter communication
message to every node in a network with sufficient force as
a neighbor node. Hello, packets are sent throughout the
network by one naughty node using powerful enough
transmission channels. With a super-quality path to the BS,
the offender alerts the neighboring nodes to its arrival and
tempts them to connect with it. A key that is symmetric
needs to be shared with a reliable base station to thwart
Hello flood assaults [12]. As in Kerberos, the base station
will take on the role of another party in the network and
make it easier for parties to establish session keys to secure
their connection.
c) Sinkhole attack: A sinkhole in the network may
just be necessary for one cunning node to manipulate the
routing algorithm and create one. By broadcasting a high-
power transmission (using a powerful transmitter) or
appearing to be only one stage away from the base of
operations, the naughty node gets the network buzzing.
Once trust has been established, a black hole attack is
effective. It intercepts the data packets after playing with
the routing method or occasionally swallows them whole.
4) Transport Layer Segmentation Attacks
a) Cross-Layer Attack: This attack thwarts the
Transmission Control Protocol connection by utilizing the
PUE attack. The cross-layer attack known as the Lion attack
is made through the lower layer and is directed by the
transport layer. The performance of TCP is limited because
a CRN is forced to perform frequency spectrum transfer
when simulating an authorized transmission. Hernandez-
Serrano et al. propose a strategy to mitigate the lion attack
that begins by allowing the transmission control protocol to
know the data exchange between various levels from the
physical layer.
 2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)

IV. COUNTERMEASURES AND COMPARISON OF LAYER’S NETWORK SECURITY

Table I, II, and III shows the comparison of Detection methods and Counter Measures on each layer of security.

TABLE I. PHYSICAL LAYER ATTACKS

Name of the Detection Methods & Counter Merits Demerits
attacks Measures
Detection Methods High exposure rates when the long The attacker’s broadcast bandwidth is
Location-Based [13] remoteness between the licensed required to be constant.
Non-Location Based[14] user and the invader Information about signal activity
Intrusion Detection Based cryptographic signatures required
Systems[15] Useful to detect Primary user attacks High memory is required.
and other attacks Primary User location is required.
Attained Does not follow the FCC requirements.
Primary User
Confidentiality
Emulation
Key cannot be shared
(PUE)
Counter Measures PU authentication Achievable channel Jamming and
Cryptography-Based [16] Hardware fingerprint cannot be exhausted
Authentication emulated Resources.
Fingerprint-based and Game Maximize data rates Channel state information can be
Theory [8] [17] emulated.
Mobile players are required.
Detection Methods Appropriate for fixed and variant Only half-duplex is considered.
Frequency Hopping [18] spectrum allocation Authorized handlers are advised to
Spatial based Attacks Location-based maintain remoteness from the attacker.
Jamming Counter Measures Efficient in avoiding jamming High complexity
Attacks Multi-tier proxy based attacks Does not allow the cognitive nodes.
Tradeoff between jamming Through the process of switching
and spoofing between jamming and faking, the
attacker wastes resources.
Detection Methods Useful for reactive and active attacks Implementation complexity
Cryptographic Algorithms
based
Eavesdropping
Counter Measures Efficient Multiple antennae are required
attacks
Multi-Antenna based MIMO based High complexity for Beamforming
Beamforming Fewer interferences Authentication protocols are required.
Spoofing Not necessary for anti eavesdropping

TABLE II. NETWORK LAYER ATTACKS

Name of the Detection Methods & Merits Demerits
attacks Counter Measures
Detection Methods To transmit Need directional antennas and suffer
Directional antenna in particular directions for a higher from antenna directional errors.
Wormhole degree of spatial
reuse of the shared medium
Counter Measures Protect the neighbor nodes from Does not provide the authentication
Neighbor authentication [11] attackers Identity for each node and encryption
has not occurred.
Detection Methods Supports the techniques for establishing Authentication techniques based on
Behavior monitoring [20] reputation and trust that uses device cryptography allow variations to the
Sinkhole behavior analysis to identify potential licensed user and it cannot be applied
attackers directly.
Counter Measures The destination-Sequenced method for Asymmetric Cryptographic operations
Secure routing protocols Distance-Vector routing protocol is used are not provided.
(SEAD) [19] with Limited CPU processing capability

Detection Methods Based on trust evaluation occurs at each Does not provide external radio signal
Signal Strength [7] node with continuous monitoring of its interference, a poor access point
Hello Flood neighbor’s misbehaviors location.
Counter Measures A routing discovery process is added to Not useful as does not consider the
Verify the duplex of a link verify the destination nodes easily. availability of spectrum utilization
[19]

TABLE III. TRANSPORT LAYER ATTACKS

Name of the Detection Methods & Merits Demerits
attacks Counter Measures
Lion Attack Detection Methods Produces highly adaptive traffic The likelihood of inaccurate estimation of
Traffic Sampling [20] patterns primary traffic patterns is very high and traffic
sampling-based solutions are expensive.
Optimization Identifies the Denial-of-Service attack Less Effective in the detection of traffic.
Algorithm within the small degree of traffic.

2416
Authorized licensed use limited to: De Montfort University. Downloaded on September 18,2023 at 14:09:54 UTC from IEEE Xplore. Restrictions apply.
 2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS)

[17] Y. Zou, J. Zhu, X. Wang, V. Leung, Improving physical-layer

V. CONCLUSION security in wireless communications using diversity techniques,
IEEE Netw. 29 (1) (2015) 42–48.
The most serious attacks against CRNs are described in
[18] S. Bhagavathy Nanthini, M. Hemalatha, D. Manivannan, L.
this paper. We grouped them according to the layer they Devasena, Attacks in cognitive radio networks (CRN) - A survey,
operate on and discussed the current defences. Then, to Indian J. Sci. Technol. 7 (4) (2014) 530–536
demonstrate the efficiency of each layer, we examined its [19] A. Haldorai, U. Kandaswamy, and A. Ramu, “Survey on Big Data
detection strategies, security precautions, and advantages Analytic and Challenges to Cyber Security,” Information
and disadvantages. We conclude from these comparisons Technology Journal, vol. 18, no. 1, pp. 8–16, Jan. 2019.
that combining the countermeasures will result in the most doi:10.3923/itj.2019.8.16
secure CRN possible. Such a recommendation ought to [20] Cervantes C, Poplade D, Nogueira M. Detection of sinkhole attacks
for supporting secure routing on 6LoWPAN for Internet of Things.
typically be supported by simulation findings, but we will (I’M), 2015 IFIP/IEEE ...; 2015
work on it for our future enhancements. Additionally, we
will look at the works that recommend creating brand-new
security frameworks for CRN.
REFERENCES
[1] Q. Zhang, A. B. J. Kokkeler and G. J. M. Smit, “A Re- configurable
Radio Architecture for Cognitive Radio in Emergency Networks,”
The 9th European Conference on Wireless Technology,
Manchester,10-12 September 2006, pp. 35-38.
[2] Wassim El-Hajj, Haidar Safa, Mohsen Guizani, Survey Security
Issues in Cognitive Radio Networks Survey of Security Issues in
Cognitive Radio Networks, Journal of Internet Technology, March
2011.
[3] Gürkan Gür.Şerif Bahtiya, Fatih Alagöz2, “Security analysis of
computer networks: Key concepts and methodologies”, Modeling
and Simulation of Computer Networks and Systems Methodologies
and Applications, 2015, Pages 861-898
[4] Banerjee, A., Das, S.: A review on security threats in cognitive radio.
In: 2014 4th International Conference on Wireless Communications,
Vehicular Technology, Information Theory and Aerospace &
Electronics Systems (VITAE). IEEE (2014).
[5] Park, Jung-Min “Jerry” (2010). Cognitive Radio Communications
and Networks || Cognitive radio network security. , Pages 431–466.
[6] M. Jo, L. Han, D. Kim, and H. In, “Selfish attacks and detection in
cognitive radio ad-hoc networks,” Network, IEEE, vol. 27, no. 3, pp.
46–50, May 2013.
[7] Z. Shu, Y. Qian, and S. Ci, “On physical layer security for cognitive
radio networks,” Network, IEEE, vol. 27, no. 3, pp. 28–33, May
2013.
[8] M. Yuksel, X. Liu, E. Erkip, A secure communication game with a
relay helping the eavesdropper, IEEE Trans. Inf. Forensics Secure. 6
(3) (2011) 818–830.
[9] D. Kapetanović, G. Zheng, F. Rusek, Physical layer security for
massive MIMO: An overview on passive eavesdropping and active
attacks, IEEE Commun. Mag. 53 (6) (2015) 21–27r.
[10] S. Bhattacharjee, S. Sengupta, M. Chatterjee, Vulnerabilities in
cognitive radio networks: A survey, Comput. Commun. 36 (13)
(2013) 1387–1398
[11] Haldorai, A., Ramu, A. Security and channel noise management in
cognitive radio networks (2020) Computers and Electrical
Engineering, 87, art. no. 106784
[12] Giruka VC, Singhal M, Royalty J, Varanasi S. Security in wireless
sensor networks. Wirel Commun Mob Comput 2008;8((Jan.)1):1–
24.
[13] Z. Yuan, et al., Defeating primary user emulation attacks using belief
propagation in cognitive radio networks, IEEE J. Sel. Areas
Commun. 30 (10) (2012) 1850–1860.
[14] S. Bhattacharjee, S. Sengupta, M. Chatterjee, Vulnerabilities in
cognitive radio networks: A survey, Comput. Commun. 36 (13)
(2013) 1387–1398.
[15] Y. Zou, J. Zhu, X. Wang, V. Leung, Improving physical-layer
security in wireless communications using diversity techniques,
IEEE Netw. 29 (1) (2015) 42–48.
[16] Olga León, Hernández-Serrano, R. RománJuan, Towards a
cooperative intrusion detection system for cognitive radio networks,
in: International Conference on Research in Networking, 2011, pp.
231–242.

2417
Authorized licensed use limited to: De Montfort University. Downloaded on September 18,2023 at 14:09:54 UTC from IEEE Xplore. Restrictions apply.