Secure distributed estimation against false data injection attack

Secure Distributed Estimation against False Data Injection Attack

Journal Pre-proof

Secure Distributed Estimation against False Data Injection Attack Yi Hua, Feng Chen, Shuwei Deng, Shukai Duan, Lidan Wang PII: DOI: Reference:

S0020-0255(19)31131-4 https://doi.org/10.1016/j.ins.2019.12.016 INS 15059

To appear in:

Information Sciences

Received date: Revised date: Accepted date:

15 January 2019 31 August 2019 14 December 2019

Please cite this article as: Yi Hua, Feng Chen, Shuwei Deng, Shukai Duan, Lidan Wang, Secure Distributed Estimation against False Data Injection Attack, Information Sciences (2019), doi: https://doi.org/10.1016/j.ins.2019.12.016

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2019 Published by Elsevier Inc.

Highlights • The distributed diffusion least mean squares algorithm based on KullbackLeibler divergence (DLMSKL) is proposed to detect false data injection (FDI) attack. • Three different DLMSKL algorithms are proposed to weaken the impact of the continual FDI attack and time-sharing FDI attack. • The proposed algorithms guarantee the stable convergence and maintain favorable robustness under FDI attack. • Mean and mean-square performance analysis of the three DLMSKL algorithms are provided.

1

Secure Distributed Estimation against False Data Injection Attack ✩ Yi Huaa,b,c,d , Feng Chena,b,c,d,∗, Shuwei Dengb , Shukai Duana , Lidan Wangb a

b

College of Artificial Intelligence, Southwest University, Chongqing, 400715, China College of Electronic and Information Engineering, Southwest University, Chongqing 400715, China c Brain-Inspired Computing and Intelligent Control Key Laboratory, Southwest University, Chongqing, 400715, China d Chongqing Collaborative Innovation Center for Brain Science, Chongqing, 400715, China

Abstract With the development of wireless sensor networks, many distributed algorithms have been studied by researchers. This paper considers the situation of distributed estimation with false data injection (FDI) attack. Owing to the fact that Kullback-Leibler (KL) divergence is very effective to detect outliers caused by FDI attack, a distributed adaptive algorithm over KL divergence is proposed to detect FDI attack. When the malicious nodes are detected, three algorithms are explored separately to weaken the impact of FDI attack. The performance of the three algorithms is analyzed in mean and mean-square. The effectiveness of the three proposed algorithms is shown through some illustrative examples under continual FDI attack and time-sharing FDI attack. Keywords: False data injection attack, distributed estimation, KL divergence, time-sharing attack, wireless sensor networks.

✩

This work was supported in part by the National Key R&D Program of China (2018YFB1306600) and Chongqing Research Program of Basic Research and Frontier Technology (No. cstc2017jcyjAX0265). ∗ Corresponding author Email address: [email protected] (Feng Chen) Preprint submitted to Elsevier

December 16, 2019

I. Introduction Recently, the widespread use of wireless sensor networks (WSNs) has been recognized, because communication and computing power of wireless sensors have been greatly improved [1, 14, 42, 44]. Because of many advantages of distributed estimation, such as strong robustness, good scalability, and low power consumption [3], distributed estimation methods have attracted a growing number of researches and attentions. Over the last few years, many distributed adaptive estimation algorithms have been proposed, such as recursive least squares (RLS) [2, 24], diffusion least mean squares (DLMS) [3, 9, 23, 25, 37], distributed multitask network estimates [7, 8, 10, 16, 32], and adaptive estimates with entropy [4, 5]. In [2], a diffusion recursive least-squares algorithm is proposed, in which each node only needs to communicate with its closest neighbor. In [3], the problem of DLMS strategies for distributed estimation is considered. In [10], the distributed diffusion algorithms, which minimize an appropriate meansquare error criterion with `2 -regularization to address multitask problems, are employed. In [5], a generalized correntropy with the generalized Gaussian density kernel function is proposed, and an adaptive maximum correntropy criterion algorithm is further presented and is applied to adaptive filtering. Most of these previous studies hypothesize that all sensors are normal and safe in WSNs. However, wireless sensors may not always be in a secure environment. In an adversarial environment, some sensors may be easily compromised to transmit malicious data, which causes severe consequences and even leads to huge economic losses. So the safety of WSNs has attracted abroad attention [11, 15, 27, 28]. In [17, 33, 40], distributed estimations with Byzantine attacks are studied. In [18], a distributed weighted average consensus algorithm is proposed to detect data falsification attacks. An adaptive deviation-tolerant security algorithm is proposed to deal with the large deviation and the misbehavior of malicious nodes in [21]. In general, attacks can be divided into two categories in WSNs: denial of 3

service (DoS) attack and spoofing attack [36]. DoS attack aims to prevent the communication between sensors while spoofing attack aims to tamper with the transmitted information [39]. DoS attack has been detected by many efficient algorithms which are robust [38, 43, 45]. At present, FDI attack is also studied by many researchers [12, 22]. In [12], resilient attack detection estimators are delicately constructed to detect FDI attack. In [22], a hybrid system composed of two subsystems is proposed to obtain the secure distributed dLMS algorithm (S-dLMS), where one subsystem is used to get an accurate detection of malicious nodes by an adaptive threshold, and the other subsystem provides a secure distributed estimation. In [26], a reputation-based diffusion LMS (R-dLMS) algorithm is presented, which could assign each node the appropriate reputation weight according to the distance between its instantaneous local estimate and the reference estimate to weaken malicious attack, and which is also compared in [22]. Recently, KL divergence has also been applied to attacks or anomaly detection. In [19], an artificial intelligence (AI) method based on KL distance is proposed to successfully identify the compromised meters by anticipating the correct measurements in the event of FDI attack. The AI method uses past safety data for attack prediction. But when the network is attacked at the beginning, the past safety data are not provided for attack detection. Therefore, this method does not work, which motivates an urgent need to adopt KL divergence without relying on past safety data to detect outliers caused by FDI attack. In this paper, the distributed estimation and KL divergence are combined to detect outliers caused by FDI attack in WSNs without relying on past safety data. Meanwhile, three different algorithms based on distributed estimation and KL divergence are proposed to weaken the impact of FDI attack, and it is verified which algorithm performs better through simulation. And a simple threshold is designed to identify accurately malicious nodes. We summarize the main contributions of this paper as follows: 1. A novel distributed adaptive algorithm based on KL divergence is

4

proposed to detect FDI attack. 2. For the compromised nodes attacked by FDI, we propose three different algorithms to weaken the impact of them. 3. This paper analyzes mean performance and mean-square performance for three different algorithms. The remainder of this paper is organized as follows. In section II, some preliminaries of DLMS without attack are performed, and we derive the FDI attack model. In section III, the calculation of KL divergence is formulated, and a distributed adaptive estimation algorithm with KL divergence, which contains three different algorithms, is proposed. In section IV, the performance of three different algorithms is analyzed. Numerical examples are also provided in section V, and section VI draws some conclusions. II. Problem formulation and preliminaries In this part, we briefly introduce the normal DLMS algorithm without FDI attack, and then the FDI attack model is formulated. A. The normal DLMS without FDI Attack Consider a wireless sensor network consisting of J sensors, defined by the communication graph G = {K, B}, where K = {1, 2, ..., J} denotes a set of sensors and B= { (k, l)| k ∈ K, l ∈ K} is the set of edges, which means sensors k and l can communicate with each other. The set of neighbors connected with sensor k (including k itself) is: Nk = {l |l ∈ K, (k, l) ∈ B } ∪ {k} .

(1)

The nk is the degree of the sensor k. At time i, each sensor k can sense a real-valued temporal wide-sense stationary process {dk (i), uk,i }, where dk (i) is a scalar measurement and uk,i is M -dimensional column regression vector. A linear measurement model [3, 25] is assumed to express the connection between dk (i) and uk,i as follows: dk (i) =u∗k,i wo + vk (i), 5

(2)

where the operator ∗ denotes complex conjugate-transposition, wo is an M ×1 unknown signal to be estimated, and vk (i) is the Gaussian white noise with 2 the zero-mean and the variance σv,k . The regression vector uk,i and the noise vk (i) are both assumed to be spatially and temporally independent and identically distributed (i.i.d), and uk,i is assumed to be independent of vk (i). In recent years, many distributed adaptive algorithms [7, 9, 23, 25, 37] have been proposed to estimate the unknown parameter wo . In our work, we mainly focus on DLMS algorithm. From [3], it is clear that the adapt-thencombine (ATC) strategy has a better performance than combine-then-adapt (CTA) strategy. The ATC in DLMS algorithm is implemented by:  P  cl,k ul,i (dl (i) − u∗l,i wk,i−1 )  ϕk,i = wk,i−1 +µk l∈Nk (3) P  al,k ϕl,i ,  wk,i = l∈Nk

where µk is a constant step-size for each node k, the weighting coefficients al,k and cl,k are real and nonnegative, and ϕk,i is intermediate estimate. The weighting coefficients cl,k and al,k are the l and k entity of matrices C and A, respectively. The matrices A and C satisfy: cl,k = al,k = 0, if l ∈ / Nk and 1T C =1T , 1T A = 1T ,

(4)

where 1 denotes the J × 1 vector with unit entries, and the operator (·)T is the transposition. B. The FDI Attack Model Some detection systems are based on the Euclidean distance [31] to detect the presence of outliers or attacks as follows: dk (i) − u∗k,i wk,i 2 . (5) When equation (5) exceeds a presetting threshold, it means that the outliers or attacks occur with a high probability. However, the attackers can tamper 6

the parameters of some sensors by the following equation: a w˜k,i = wo + wk,i ,

(6)

a where wk,i denotes the attack power, and w˜k,i is the tampered system parameter. The FDI attacker will make sensor k compromised, and change the real sensing data dk (i) to the faulty data d˜k (i) by the following equation:

d˜k (i) =dk (i) + dak (i),

(7)

a where dak (i) is equal to u∗k,i wk,i . Equation (6) is FDI attack model, while the equation (7) denotes the consequences of FDI attack. Remark 1: In practice, whether attacks occur or not and the type of attack (continual or time-sharing) are determined by attackers. The WSNs cannot know when and what type of attack will occur in advance. Based on (5), (6) and (7), we have 2
˜ a 2 dk (i) − uk,i w˜k,i = dk (i) + dak (i) − u∗k,i wo + wk,i a 2 = dk (i) − u∗k,i wo + dak (i) − u∗k,i wk,i (8) 2 ∗ o = dk (i) − uk,i w ,

which clearly indicates that there is no attack. It is found that FDI attack does not exceed the presetting threshold, which means FDI attack can easily evade Euclidean distance detection of (5). In the following sections, in order to simplify the notations, a set of binaryvalued variables τk (i) ∈ {0, 1} will be introduced to describe the status of attack [36]. The actual measurement of sensor k under consideration of FDI attack can be expressed as: d¯k (i) = (1 − τk (i))dk (i)+τk (i)d˜k (i).

(9)

III. Secure distributed estimation algorithm In this section, we introduce the histogram method to obtain probability density function (PDF), and KL divergence is calculated. Afterward, the 7

DLMS algorithm with KL divergence (DLMSKL) is proposed to detect FDI attack. Meanwhile, three different DLMSKL algorithms are proposed to weaken this adversarial attack. A. Calculation of KL Divergence The KL divergence is calculated as follows: D(X kY ) =

X

pX (i) log

all i

pX (i) , pY (i)

(10)

where pX (i) and pY (i) are PDF of random signals X and Y at time i, respectively. In distributed signal estimation, PDF of the random signal usually is unknown, which causes a lot of troubles for calculating KL divergence. Therefore, many different methods [6, 20, 30] have been proposed to obtain PDF of the random signal. In our work, the histogram method is adopted to obtain PDF. The histogram method is extremely useful. However, the calculation of the histogram method needs to use all time data, so the histogram method with a time window is designed to approximate the actual PDF. The length of the time window is set to Le. So, combining PDF with Le time window data, the calculation of KL divergence [35] is Le

1 X pk (i − t) D (k kl ) = pk (i − t) log . Le t=0 pl (i − t) 0

(11)

B. The DLMS with KL Divergence against FDI Attack From equation (9), it can be found that it is impossible to identify whether the measurement data has been tampered or not, because the sensors cannot predict in advance whether the sensor parameters are changed or not in the adversarial environment. So the original data from the neighbors are not adopted to update the intermediate estimate, which is equivalent to making

8

C = I, where I is an identity matrix. Then, equation (3) will be transformed into the following form:   ϕk,i = wk,i−1 +µk uk,i (d¯k (i) − u∗k,i wk,i−1 ) P (12) al,k ϕl,i .  wk,i = l∈Nk

When the attack is not considered in DLMS algorithm, ATC is usually divided into the following three steps: adaption, data communication, and combination. Through many iterations of these three steps, the estimated parameter wo can be obtained. But in the malicious attack environment, the proposed DLMSKL algorithms need to adjust steps of ATC to five steps: adaption, data communication, detection, label communication and combination in Fig. 1. These five steps will be described in detail below. Remark 2: Since we propose three different algorithms to weaken the impact of malicious data, these five steps can be appropriately adjusted in different algorithms. Three different algorithms are proposed to weaken FDI attack. These three algorithms are DLMSKL-RM (DLMSKL by replacing the measurement data), DLMSKL-RI (DLMSKL by replacing the intermediate estimate) and DLMSKL-DW (DLMSKL by deleting weights), respectively. From Fig. 1, it can be found that the control flows combined with black arrows and blue arrows represent the flow of DLMSKL-RM and DLMSKL-RI algorithms, while the control flows combined with black arrows and purple arrows represent the flow of DLMSKL-DW algorithm. Step 1) Adaption: Each node k combines the self-measurement data d¯k (i) and the self-regression data uk,i at time i, and the last estimate wk,i−1 to calculate the intermediate estimate ϕk,i . Besides, each node k also calculates an Le × 1 measurement vector at each moment, denoted by Sk,i : Sk,i = {d¯k (i − Le + 1), d¯k (i − Le + 2), ..., d¯k (i)}T ,

(13)

where Sk,i denotes Le measurement data of node k at time i. Step 2) Data Communication: As soon as each node k completes the local adaptation step, it transmits the intermediate estimate ϕk,i and measurement 9

Fig. 1. Diagram of three DLMSKL algorithms vector Sk,i to its neighbor nodes. And it receives intermediate estimates and measurement vectors transmitted by all its neighbor nodes. Equation (12) expresses the adaptive ATC strategy without measurement information exchange. However, in the adversarial environment, each node k transmits the measurement vector Sk,i to detect malicious nodes. Step 3) Detection: It sequentially calculates KL divergence between node k and all its neighbor nodes by equation (11). Then all divergence values of node k are encapsulated into a divergence data set Qk,i : Qk,i = {D0 (k kl ) |l ∈ Nk , l 6= k }.

(14)

In order to simplify the following description, the elements in Qk,i are rearranged from large to small as follows:

Qk,i ={D0 1 (k l(1) ), D0 2 (k l(2) ), ..., D0 nk −1 (k l(nk −1) )},

(15)



where D0 1 (k l(1) ) ≥ D0 2 (k l(2) ) ≥ ... ≥ D0 nk −1 (k l(nk −1) ), and l(α) denotes the neighbor node of node k corresponding to the α-th element in Qk,i . 10

Fig. 2. The calculation method of all elements in Vk,i Remark 3: In WSNs, without loss of generality, there is no case where, for each node k, more than half of its neighbors are attacked. Remark 4: As we all know, KL divergence measures the distance between distribution differences. When attackers use FDI attack to destroy the network, there is a big difference in the measurement data between the distribution of the compromised node and distribution of the trust node, which means that KL divergence between two type nodes will be relatively large. On the contrary, KL divergence between trust nodes will be small. For each node k, a data set, denoted by Vk,i , needs to be calculated at time i. The Vk,i (β) denotes the β-th element in Vk,i . Vk,i (1) is variance of

all elements in {D0 1 (k l(1) ), D0 2 (k l(2) ), ..., D0 nk −1 (k l(nk −1) )}, Vk,i (2) is the

variance of all elements in {D0 2 (k l(2) ), D0 3 (k l(3) ), ..., D0 nk −1 (k l(nk −1) )}, ..., and the last element in Vk,i is Vk,i (nk − 2), which is the variance of all

elements in {D0 nk −2 (k l(nk −2) ), D0 nk −1 (k l(nk −1) )}, as shown in Fig. 2. A threshold θ is used to detect whether there is a particularly large fluctuation in Qk,i of node k. The fluctuation is denoted by a ratio between

11

Vk,i (β) and Vk,i (β + 1), which is denoted by ξ. ξ=

Vk,i (β) ≥ θ. Vk,i (β + 1)

(16)

A node set dnode − keq is defined to denote the neighbor nodes {l(1) , l(2) , ..., l(q) }

of node k, where the order of {l(1) , l(2) , ..., l(q) } satisfies D0 1 (k l(1) ) ≥ D0 2 (k l(2) ) ≥

... ≥ D0 q (k l(q) ). When the ratio satisfies equation (16), it can be considered that the neighbor nodes, which are denoted by dnode − keβ , are attacked. By remark 3 and 4, we can find that, for a trust node, the fluctuation of the data is particularly large when some compromised nodes appear in its neighbor nodes, and this fluctuation will appear in dnode − ke nk −1 , which 2

means β ≤ nk2−1 . For a malicious node, its neighbor nodes’ dnode − ke nk −1 2 are trust nodes, so equation (16) will not be satisfied in dnode − ke nk −1 . 2 Step 4) Label communication: In order to let the malicious nodes know that they have been attacked, a binary variable label γk,i is introduced, and the γk,i of each node k is set to 0 in the initial state. When the trust nodes detect malicious nodes, the label γk,i is set to 1 and is transmitted to the corresponding malicious nodes. When the number of labels γk,i =1, which is received from its neighbor nodes, exceeds half of its own degree, it is considered to be attacked. And then it immediately implements the corresponding secure strategies and transmits the recalculated intermediate estimate to its neighbor nodes. In this paper, we propose three different algorithms. The DLMSKL-DW algorithm does not require this step (label communication step), while only the DLMSKL-RM and DLMSKL-RI algorithms require label communication step, as shown in Fig. 1. Three different algorithms correspond to different secure strategies. The corresponding strategies will be described in the following combination step in detail. Step 5) Combination: Through the above steps, trust nodes and malicious nodes can be detected. Meanwhile, many rules [2, 13, 29, 34, 41] have been proposed to design the combination weights. In our work, the Metropolis

12

rule mainly is used to achieve matrix A as   k , nl )  1/ max(n  P 1− a`,k al,k = `∈Nk \{k}    0

follows: if l ∈ Nk \{k}, if l = k,

(17)

otherwise,

where nl is the degree of nodes l, and l ∈ Nk \{k} denotes the neighbor nodes of node k barring itself. i) DLMSKL-RM and DLMSKL-RI: When the malicious node knows that it has been attacked, the middle node hnode − kimid in dnode − ke nk −1 is 2 chosen to replace the corresponding malicious data. For DLMSKL-RM, the measurement data of hnode − kimid is used to replace its own scalar measurement, and then its own intermediate estimate is recalculated. Differing from DLMSKL-RM, DLMSKL-RI directly chooses the intermediate estimate of hnode − kimid to replace its own intermediate estimate. Afterward the recalculated intermediate estimate is sent to all its neighbor nodes, and all nodes combine the intermediate estimates to update the wk,i . (The two algorithms contain steps from 1 to 5). ii) DLMSKL-DW: Differing from the above two algorithms, this algorithm adopts a new combination strategy to update wk,i , which skips step 4. When the malicious nodes have been detected, these nodes are removed by trust nodes in WSNs and the combination weights are recalculated. The new combination weights are updated in real time as follows:  1/ max(nk,i , nl,i ) if l ∈ N 0 k,i \{k},    P 1− a`,k,i if l = k, al,k,i = (18) `∈N 0 k,i \{k}    0 otherwise,

where nk,i is the degree of node k at time i, nl,i is the degree of nodes l 0 at time i, and Nk,i denotes the trust neighbor nodes set of node k at time i. (This algorithm only contains steps 1, 2, 3, and 5). The implementation procedures of three different DLMSKL algorithms are summarized in Table 1. 13

Table 1: Three different DLMSKL algorithms Initialization: Let wk,0 = 0, and initialize θ. At each time instant i ≥ 1 for each node k, 1. compute intermediate estimate ϕk,i by adaption step in (12), 2. compute measurement vector Sk,i by (13), 3. send ϕk,i and Sk,i to its neighbors, and receive ϕl,i and Sl,i from its neighbors, 4. compute Qk,i by (15) and Vk,i , 5. detect the trust nodes and their trust neighbors by (16), 6. if DLMSKL-RM is used to weaken FDI attack (a) implement label communication, (b) let measurement data of hnode − kimid replace the faulty measurement data, and recalculate the intermediate estimate, (c) send new intermediate estimate to its neighbors, and receive new intermediate estimate from its compromised neighbors, (d) compute estimate by combination step in (12), else if DLMSKL-RI is used to weaken FDI attack (a) implement label communication, (b) let intermediate estimate of hnode − kimid replace the faulty intermediate estimate, (c) send new intermediate estimate to its neighbors, and receive new intermediate estimate from its compromised neighbors, (d) compute estimate by combination step in (12), else DLMSKL-DW is used to weaken FDI attack (a) remove malicious nodes from neighbors of each trust node, (b) calculate new combination weights by (18), (c) compute estimate by combination step in (12), end if

14

IV. Performance analysis In this section, the performance of three different DLMSKL algorithms will be analyzed in detail. For the following convenience, combining with (2), (6) and (7), equation (9) can be rewritten as: a ) + vk (i). d¯k (i) = u∗k,i (wo + τk (i)wk,i

(19)

Meanwhile, there are two errors defined by: ∆wk,i = wk,i − wo ,

(20)

∆ϕk,i = ϕk,i − wo .

(21)

In the following subsection, we will provide the detailed performance analyses of the normal DLMS, DLMSKL-RM, DLMSKL-RI and DLMSKL-DW from section IV-A to IV-D. The setting of the threshold is analyzed in section IV-E. A. The Performance of Normal DLMS without Attack We firstly consider DLMS algorithm in secure environment. For each node k, τk (i) is set to 0. Substituting data model (19) and adaptive rule (12) into (20) and (21), we have X X ∆wk,i = al,k (IM − µl ul,i u∗l,i )∆wl,i−1 + al,k µl ul,i vl (i). (22) l∈Nk

l∈Nk

Taking expectation of (22) yields X al,k (IM − µl Ru,l )E[∆wl,i−1 ], E[∆wk,i ] =

(23)

l∈Nk

where the operator E(·) denotes taking expectation, and Ru,l = E[ul,i u∗l,i ]. Because vk (i) is independent with uk,i in space and time, the last term of (22) is equivalent to zero when we take expectation of both sides of (22). It is known that a square matrix is stable if, and only if, all eigenvalues lie 15

inside the unit circle [3]. That is, the spectral radius satisfies the following equation: X ρ( al,k (IM − µl Ru,l )) < 1. (24) l∈Nk

From (24), we can obtain

0 < µk <

2 , λmax (Ru,k )

(25)

where λ(Ru,k ) denotes the eigenvalue of Ru,k . It is obvious that λmax (Ru,k ) ≤ max λmax (Ru,l ), so a sufficient condition for every node k is

l=1,...,J

0 < µk <

2 . max λmax (Ru,l )

(26)

l=1,...,J

When equation (26) is satisfied, ∆wk,i → ∞ as i → ∞, and DLMS algorithm can be stable and has a good performance in mean stability and mean-square stability [3]. B. The Performance of DLMSKL-RM In DLMSKL-RM and DLMSKL-RI algorithms, we make two assumptions: a) node k is attacked by FDI attack, and b) node t is the trusted neighbor node hnode − kimid . From analysis of section IV-A, if a node and its neighbors are trust nodes, their errors can eventually converge to zero and they can estimate the ideal unknown signal. Therefore, in the following analysis, we only consider the performance of two situations: a) malicious nodes, and b) trust nodes with some malicious neighbor nodes. To simplify the complexity of analysis, the situation of trust nodes with some malicious neighbor nodes can be attributed to the situation of malicious nodes. Meanwhile, let the neighbor set Nk be divided into two parts: a malicious node set Nkm and a trust node set Nkt . Because node k is attacked, τk (i) = 1 and equation (19) can be written as: a ) + vk (i). (27) d¯k (i) = u∗k,i (wo + wk,i 16

Substituting (27) and (12) into (20) and (21), equation (23) is updated as follows: X X a E[∆wk,i ] = al,k (IM − µl Ru,l )E[∆wl,i−1 ]+ al,k µl Ru,l E[wl,i ]. (28) l∈Nk

l∈Nk

From (28), we can conclude that if there is FDI attack, the system will a converge the false signal to wo + wk,i rather than wo in despite of the small enough step satisfying (26). In DLMSKL-RM, the measurement data of the trust node t is used to replace the maliciously tampered measurement data of the malicious node k by the following equation to update intermediate estimate. ∗ ¯ ϕt1 k,i = wk,i−1 +µk uk,i (dt (i) − uk,i wk,i−1 ).

(29)

Owing to the neighbor set divided into two parts, the combination in (12) can be written as: X X wk,i = al,k ϕl,i + al,k ϕt1 (30) l,i . l∈Nkm

l∈Nkt

Using (29), (30) and (19)-(21), we have X X al,k µl ul,i vl (i) al,k (IM − µl ul,i u∗l,i )∆wl,i−1 + ∆wk,i = l∈Nkt

X

+

l∈Nkm

al,k ∆wl,i−1 −

X

l∈Nkt

al,k µl ul,i u∗l,i wl,i−1 .

l∈Nkm

To simplify analysis, we can rewrite (31) as X X ∆wk,i = al,k (IM − µl ul,i u∗l,i )∆wl,i−1 + al,k µl ul,i vl (i) l∈Nkt

+

X

l∈Nkm

l∈Nkt

al,k (IM − µl ul,i u∗l,i )∆wl,i−1 −

X

l∈Nkt

+

l∈Nkm

al,k (IM − µl Ru,l )E[∆wl,i−1 ]− 17

al,k µl ul,i u∗l,i wo .

(32)

l∈Nkm

Taking expectation of (32), we have X E[∆wk,i ] = al,k (IM − µl Ru,l )E[∆wl,i−1 ] X

(31)

X

l∈Nkm

al,k µl Ru,l wo .

(33)

It is obvious that when the step is small enough to satisfy equation (26), the first two terms in the right hand side (RHS) of (33) can converge to zero. Because al,k ≤ 1 and wo is a fixed value, the last term of (33) has an upper bound, which is denoted by: X

al,k µl Ru,l wo = O(µmax ),

(34)

l∈Nkm

where β = O(α) signifies that |β| ≤ b |α| for some constant b > 0, and µmax denotes µmax = max µ` [22]. When the step satisfies equation (26), the last `∈J

term of (33) can converge to zero. To summarize, if the step satisfies (26), the error of (33) can converge to zero as i → ∞, which means DLMSKL-RM algorithm owns mean stability. P For simplifying the following equation, a notation kak2P = a∗ a is introduced. According to (32), the mean-square deviation (MSD) of DLMSKLRM algorithm can be obtained as follows:

2

X

2 2

Ek∆wk,i k = E k∆wl,i−1 k(Θt )∗ Θt + E al,k µl ul,i vl (i)

l∈N t

k (35) 2 m 2 + E k∆wl,i−1 k(Θm )∗ Θm +EkΘwo k ∗ m m ∗ m − E[(Θm ∆wl,i−1 ) Θwo ] − E[(Θwo ) Θ∆wl,i−1 ],

where Θt =

X

l∈Nkt

Θm =

X

al,k (IM − µl Ru,l ),

l∈Nkm

Θm wo = Θm ∆wl,i−1 =

X

al,k (IM − µl Ru,l ),

X

al,k µl Ru,l wo ,

l∈Nkm

l∈Nkm

al,k (IM − µl Ru,l )∆wl,i−1 .

18

When the step µk is sufficiently small to satisfy (26), the first three terms in RHS of (35) can converge to zero as i → ∞. Because the first corresponding terms are similar to those terms in the normal DLMS. When the step µk m 2 satisfies (26), we can find from (34) that Θm wo = O(µmax ), so EkΘwo k can converge to O(µ2max ) as i → ∞. Moreover, we can also find that the last two terms in (35) identically converge to zero for this reason that Θm ∆wl,i−1 → 0 m and Θwo = O(µmax ) as i → ∞. Therefore it is concluded that equation (35) can converge and be bounded by an extremely small value related to the µmax when the step is sufficiently small, which means that DLMSKL-RM algorithm owns mean-square stability. C. The Performance of DLMSKL-RI The intermediate estimate of node t is used to directly replace the intermediate estimate of node k as follows: ϕt2 k,i = ϕt,i .

(36)

We can rewrite (30) as wk,i =

X

al,k ϕl,i +

X

al,k ϕt2 l,i .

(37)

l∈Nkm

l∈Nkt

Using (36), (37) and (19)-(21), we have X X ∆wk,i = al,k (IM − µl ul,i u∗l,i )∆wl,i−1 + al,k µl ul,i vl (i) l∈Nkt

+

X

l∈Nkm

l∈Nkt

al,k (IM − µt ut,i u∗t,i )∆wt,i−1 +

X

l∈Nkm

Taking expectation of (38), we have X E[∆wk,i ] = al,k (IM − µl Ru,l )E[∆wl,i−1 ] l∈Nkt

+

X

l∈Nkm

al,k (IM − µt Ru,t )E[∆wt,i−1 ]. 19

(38)

al,k µt ut,i vt (i).

(39)

According to (38), we can get the MSD of DLMSKL-RI algorithm as follows:

2



X 2 2 al,k µl ul,i vl (i) Ek∆wk,i k = E k∆wl,i−1 k(Θt )∗ Θt + E



l∈N t k (40)

2

X

+ E k∆wt,i−1 k2(Θm )∗ Θm +E al,k µt ut,i vt (i)

. Ru,t Ru,t

l∈Nkm

where Θm Ru,t =

P

l∈Nkm

al,k (IM − µt Ru,t ). Because node t is a trust node, its

error converges to zero. So for small enough step µmax , (39) and (40) can converge to zero as i → ∞, which means that DLMSKL-RI algorithm owns mean stability and mean-square stability. D. The Performance of DLMSKL-DW Differing from the above algorithms, when malicious nodes are found at time i, malicious nodes are removed from WSNs at time i and the weight 0 , Ji0 and matrix A is recalculated in DLMSKL-DW algorithm. Let al,k,i , Nk,i µ0k,i denote combination weights, trust neighbor nodes set, all trust nodes set in WSNs and step-size at time i, respectively. When the trust nodes set is updated over time, we can rewrite (22) as: X X ∆wk,i = al,k,i (IM − µ0 l,i ul,i u∗l,i )∆wl,i−1 + al,k,i µ0 l,i ul,i vl (i). (41) l∈N 0 k,i

l∈N 0 k,i

Taking expectation of (41) yields E[∆wk,i ] =

X

l∈N 0

k,i

al,k,i (IM − µ0 l,i Ru,l )E[∆wl,i−1 ].

It is known that (42) can converge to zero if, and only if, X ρ( al,k,i (IM − µ0 l,i Ru,l )) < 1. l∈N 0

k,i

20

(42)

(43)

It is equivalent that the following sufficient equation is satisfied: 0 < µ0k,i <

2 . max 0 λmax (Ru,l )

l=1,...,J

(44)

i

It is obvious that the trust nodes set Ji0 always is subset of the nodes set J, so λmax (Ru,l ) ≤ λmax (Ru,l ). Therefore step-size satisfying (26) must satisfy l=1,...,J 0 i

l=1,...,J

the equation (44), which means that if the step satisfies equation (26), (42) will also converge to zero. According to (41), the MSD of DLMSKL-DW algorithm is as follows:

2

X

2 2 0

Ek∆wk,i k = E k∆wl,i−1 k(Θ 0 )∗ Θ 0 + E al,k,i µ l,i ul,i vl (i)

. (45) N k,i N k,i

l∈N 0 k,i

P where ΘN 0 k,i = alk,i (IM − µ0 l,i Ru,l ). It is clear that (45) converges to l∈N 0 k,i

zero for sufficiently step satisfying (26). In summary, DLMSKL-DW algorithm owns mean stability and mean-square stability. E. Feasibility Analysis of threshold θ

When anomalous data appears, its effect on variance is quite large. To obtain the variance data set, we need to remove the maximum KL divergence value in turn and calculate its variance in turn. Therefore, when anomalous data appears, the change of variance data is very obvious. In order to characterize this degree of obvious change, θ is introduced. The design of θ is very convenient and does not require complicated design methods. To tolerate the impact of large noise, θ can be set to a larger value. In our work, we do focus on the malicious attack environment rather than the large noisy environment. V. Simulations In this section, in order to illustrate the effectiveness of three DLMSKL algorithms under FDI attack, some simulations are performed. In the following examples, we consider WSNs composed of 20 wireless sensors, which are 21

100

7

90

18

12

80

y-coordinate

70

9

19

60

15

6

50

3

2 8

40

20

5

16

30 20

17 1

11

10 0 0

20

14

4 40

13 60

80

10 100

x-coordinate

Fig. 3. The topological graph in WSNs randomly distributed in a square 100 × 100. The topological graph is shown in Fig. 3. In addition, in order to facilitate the implementation of the later experiments, the topology graph is set to a fixed topology. In all simulations, the unknown ideal parameter is set to a random vector with M = 6, and time window Le is set to 50. The regression vector uk,i is generated from a Gaussian model with a zero mean and a variance of 1. The noise variance of each node is set to a fixed value, as shown in Fig. 4(a). Fig. 4(b) shows the power of each node. The step size of each node is uniformly set to 0.02, and θ is set to 3. Also, each experiment is performed 100 times independently, and the average results of 100 experiments are presented. In simulations, the continual and time-sharing attacks will be presented. To verify the performance of the proposed algorithms in the following simulations, the S-dLMS algorithm in [22] and the R-dLMS algorithm in [26] are adopted to provide the comparison. Moreover, the reference estimation in [22] is also used to provide a reference. A. The continual FDI attack Under the continual FDI attack, two situations are taken into account as follows. 1). The case 1 In order to verify that the proposed algorithms are universal, we randomly pick two ordinary nodes, which are attacked by FDI, namely nodes 8 and 15 22

0.4

2 σv,k

0.3 0.2 0.1 the noise power

0 2

4

6

8

10

12

14

16

18

20

14

16

18

20

(a) node k 1.2 power of each node

σu2k

1.1 1 0.9 0.8 2

4

6

8

10

12

(b) node k

Fig. 4. (a)The noisy power of each node k (b)The power of each node k 5

Transient Network MSD(dB)

0

DLMS without attack DLMS with attack S-dLMS with attack Reference with attack

-5

R-dLMS with attack DLMSKL-RM with attack DLMSKL-RI with attack DLMSKL-DW with attack

-10 -15 -20 -25 -30 -35 0

100

200

300

400

500

600

700

800

900

1000

time i

Fig. 5. Transient network MSD of different LMS algorithms in case 1 in case 1. The attacks on two nodes are set to same FDI attack. Meanwhile, in case 1, FDI attack is continuous. Fig. 5 depicts the learning curve for different LMS algorithms. It can be seen that when the network is subjected to FDI attack, the MSD performance will decline significantly. Therefore, if a network is not resistant to FDI attack, it will lead to a serious impact. However, it is obvious that when the distributed network adopts three DLMSKL algorithms, they can weaken the impact of FDI attack to some extent. Simultaneously, it can be found that DLMSKL-DW performs best in three DLMSKL algorithms, and can be very close to the normal DLMS algorithm without attack. Meanwhile, DLMSKL-DW algorithm outperforms the other LMS algorithms against FDI attack. Fig. 6 shows the steady-state MSDs of different algorithms, in which the 23

5 DLMS without attack DLMS with attack S-dLMS with attack Reference with attack

Transient Network MSD(dB)

0 -5 -10

R-dLMS with attack DLMSKL-RM with attack DLMSKL-RI with attack DLMSKL-DW with attack

-15 -20 -25 -30 -35 0

2

4

6

8

10

12

14

16

18

20

node k

Fig. 6. Steady-state performance of different LMS algorithms in case 1 values are obtained by averaging the last 300 samples over 100 simulations. From Fig. 6 and the learning curve of DLMS with FDI attack, we can find that when some nodes in the network are attacked by FDI, the impact of FDI attack will reduce the performance of the entire network through the diffusion strategy. We can also find that DLMSKL-RM and DLMSKL-RI algorithms will replace the corresponding information of the compromised nodes 8 and 15 to weaken the impact of FDI attack and will not remove two nodes from the network. However, it is obviously found from this figure that DLMSKL-DW algorithm will remove nodes 8 and 15 from WSNs. 2). The case 2 To further verify the robustness of the proposed algorithms, two special nodes are selected for experimentation in case 2. There is an obvious difference that these two nodes have different degrees. Among all nodes, node 3 has the smallest degree, while node 19 has the greatest degree. At the same time, in order to further demonstrate the universality of the proposed algorithms, FDI attack of two compromised nodes are set to different attacking power. Fig. 7 shows the simulation results for three DLMSKL algorithms and the other LMS algorithms. Results similar to case 1 can be obtained, in which three DLMSKL algorithms are robust to FDI attack. Fig. 8 depicts the MSDs of different algorithms at each node. In summary, we can conclude 24

5

Transient Network MSD(dB)

0

DLMS without attack DLMS with attack S-dLMS with attack Reference with attack

-5

R-dLMS with attack DLMSKL-RM with attack DLMSKL-RI with attack DLMSKL-DW with attack

-10 -15 -20 -25 -30 -35 0

100

200

300

400

500

600

700

800

900

1000

time i

Fig. 7. Transient network MSD of different LMS algorithms in case 2 5

Transient Network MSD(dB)

0 R-dLMS with attack DLMSKL-RM with attack DLMSKL-RI with attack DLMSKL-DW with attack

-5 -10

DLMS without attack DLMS with attack S-dLMS with attack Reference with attack

-15 -20 -25 -30 -35 -40 0

2

4

6

8

10

12

14

16

18

20

node k

Fig. 8. Steady-state performance of different LMS algorithms in case 2 that when some nodes are subject to attack, three DLMSKL algorithms can weaken the impact of FDI attack from different extent, and DLMSKL-DW is significantly better than the other two DLMSKL algorithms and the other LMS algorithms against FDI attack. B. Time-sharing attack In an adversarial environment, when attacks have disrupted network performance, attackers sometimes try to save their energy consumption in order that they can cause longer attacks on the network. So FDI attack is set to time-sharing attack. Two compromised nodes are set as time-sharing FDI attack based on case 1. Fig. 9 shows that the performance of DLMS under time-sharing attack still is destroyed and the performance of R-dLMS algorithm has a large fluctuation. And it is found that three DLMSKL algorithms 25

DLMS without attack DLMS with attack S-dLMS with attack Reference with attack

10

R-dLMS with attack DLMSKL-RM with attack DLMSKL-RI with attack DLMSKL-DW with attack

Transient Network MSD(dB)

5 0 -5 -10 -15 -20 -25 -30 -35 0

100

200

300

400

500

600

700

800

900

1000

time i

Fig. 9. Transient network MSD of different LMS algorithms under the time-sharing attack can weaken time-sharing FDI attack from different extent. Meanwhile, compared with other LMS algorithms against FDI attack, DLMSKL-DW algorithm still has better performance. Fig. 10 shows the steady-state MSDs of different algorithms. The same conclusion as above can be obtained. From all simulation results, we can find that three different DLMSKL algorithms can accurately detect the compromised nodes. Through the above three algorithms, the rationality of the setting θ method can also be confirmed. In other words, there is no need for complicated methods to design θ. And we can obtain that three different DLMSKL algorithms can weaken the impact of FDI attack to some extent, and DLMSKL-DW algorithm is most effective in three DLMSKL algorithms. Meanwhile, compared with SdLMS algorithm and R-dLMS algorithm, DLMSKL-DW algorithm is more valid against FDI attack. However, compared with the normal DLMS, there is still a gap between DLMSKL-DW and DLMS, because certain information in the network is deleted. In an adversarial environment, in order to obtain reliable information estimates, it is understandable to delete certain information. VI. Conclusion In this paper, the issue of distributed estimation in WSNs under FDI attack is considered. DLMS algorithm combined with KL divergence is 26

DLMS without attack DLMS with attack S-dLMS with attack Reference with attack

10

Transient Network MSD(dB)

5

R-dLMS with attack DLMSKL-RM with attack DLMSKL-RI with attack DLMSKL-DW with attack

0 -5 -10 -15 -20 -25 -30 -35 0

2

4

6

8

10

12

14

16

18

20

node k

Fig. 10. Steady-state performance of different LMS algorithms under the time-sharing attack proposed to detect compromised nodes attacked by FDI. Afterward, three different algorithms based on DLMSKL are adopted separately to weaken the impact of FDI attack. The performance of three different DLMSKL algorithms is analyzed in theory. Finally, the robustness of the proposed DLMSKL algorithms has been verified via some simulations under continual and time-sharing FDI attacks. Through simulations, it can be found that DLMSKL-DW algorithm is the most effective in three DLMSKL algorithms. Meanwhile, compared with other algorithms against FDI attack, DLMSKLDW algorithm is more effective to weaken the impact of FDI attack.

27

References [1] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. A survey on sensor networks. IEEE communications magazine, 40(8):102–114, 2002. [2] F. S. Cattivelli, C. G. Lopes, and A. H. Sayed. Diffusion recursive least-squares for distributed estimation over adaptive networks. IEEE Transactions on Signal Processing, 56(5):1865–1877, 2008. [3] F. S. Cattivelli and A. H. Sayed. Diffusion lms strategies for distributed estimation. IEEE Transactions on Signal Processing, 58(3):1035–1048, 2010. [4] B. Chen, L. Xing, J. Liang, N. Zheng, and J. C. Principe. Steady-state mean-square error analysis for adaptive filtering under the maximum correntropy criterion. IEEE Signal Processing Letters, 21(7):880–884, 2014. [5] B. Chen, L. Xing, H. Zhao, N. Zheng, and J. C. Principe. Generalized correntropy for robust adaptive filtering. IEEE Transactions on Signal Processing, 64(13):3376–3387, 2016. [6] B. Chen, Y. Zhu, J. Hu, and J. Pr´ıncipe. Stochastic gradient identification of wiener system with maximum mutual information criterion. IET signal processing, 5(6):589–597, 2011. [7] F. Chen, X. Li, S. Duan, L. Wang, and J. Wu. Diffusion generalized maximum correntropy criterion algorithm for distributed estimation over multitask network. Digital Signal Processing, 2018. [8] F. Chen, X. Liu, S. Duan, L. Wang, and J. Wu. Diffusion sparse sign algorithm with variable step-size. Circuits, Systems, and Signal Processing, pages 1–15, 2018.

28

[9] F. Chen, T. Shi, S. Duan, L. Wang, and J. Wu. Diffusion least logarithmic absolute difference algorithm for distributed estimation. Signal Processing, 142:423–430, 2018. [10] J. Chen, C. Richard, and A. H. Sayed. Multitask diffusion adaptation over networks. IEEE Transactions on Signal Processing, 62(16):4129– 4144, 2014. [11] Y. Chen, S. Kar, and J. M. Moura. Resilient distributed estimation through adversary detection. IEEE Transactions on Signal Processing, 2018. [12] Y. Guan and X. Ge. Distributed attack detection and secure estimation of networked cyber-physical systems against false data injection attacks and jamming attacks. IEEE Transactions on Signal and Information Processing over Networks, 4(1):48–59, 2018. [13] W. K. Hastings. Monte carlo sampling methods using markov chains and their applications. 1970. [14] L. Hu, F. Chen, S. Duan, and L. Wang. Diffusion logarithm-correntropy algorithm for parameter estimation in non-stationary environments over sensor networks. Sensors, 18(10):3381, 2018. [15] Y. Hua, F. Chen, S. Duan, and J. Wu. Distributed data-selective dlms estimation under channel attacks. IEEE Access, 7:83863–83872, 2019. [16] W. Huang, X. Yang, and G. Shen. Communication-reducing diffusion lms algorithm over multitask networks. Information Sciences, 382:115– 134, 2017. [17] B. Kailkhura, S. Brahma, and P. K. Varshney. On the performance analysis of data fusion schemes with byzantines. In Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on, pages 7411–7415. IEEE, 2014. 29

[18] B. Kailkhura, S. Brahma, and P. K. Varshney. Data falsification attacks on consensus-based detection systems. IEEE Transactions on Signal and Information Processing over Networks, 3(1):145–158, 2017. [19] K. Khanna, B. K. Panigrahi, and A. Joshi. Ai-based approach to identify compromised meters in data integrity attacks on smart grid. IET Generation, Transmission & Distribution, 12(5):1052–1066, 2017. [20] N. Kwak and C.-H. Choi. Input feature selection by mutual information based on parzen window. IEEE transactions on pattern analysis and machine intelligence, 24(12):1667–1671, 2002. [21] S. Liu, H. Zhu, S. Li, X. Li, C. Chen, and X. Guan. An adaptive deviation-tolerant secure scheme for distributed cooperative spectrum sensing. In 2012 IEEE Global Communications Conference (GLOBECOM), pages 603–608. IEEE, 2012. [22] Y. Liu and C. Li. Secure distributed estimation over wireless sensor networks under attacks. IEEE Transactions on Aerospace and Electronic Systems, 2018. [23] Y. Liu, C. Li, and Z. Zhang. Diffusion sparse least-mean squares over networks. IEEE Transactions on Signal Processing, 60(8):4480–4485, 2012. [24] Z. Liu, Y. Liu, and C. Li. Distributed sparse recursive least-squares over networks. IEEE Trans. Signal Processing, 62(6):1386–1395, 2014. [25] C. G. Lopes and A. H. Sayed. Diffusion least-mean squares over adaptive networks: Formulation and performance analysis. IEEE Transactions on Signal Processing, 56(7):3122–3136, 2008. [26] G. Y. Lu, W. X. Chen, and Q. D. Huang. Distributed diffusion least mean square algorithm based on the reputation mechanism. Journal of Electronics & Information Technology, 37(5):1234–1240, 2015. 30

[27] K. Manandhar, X. Cao, F. Hu, and Y. Liu. Detection of faults and attacks including false data injection attack in smart grid using kalman filter. IEEE transactions on control of network systems, 1(4):370–379, 2014. [28] S. Marano, V. Matta, and L. Tong. Distributed detection in the presence of byzantine attacks. IEEE Transactions on Signal Processing, 57(1):16– 29, 2009. [29] N. Metropolis, A. W. Rosenbluth, M. N. Rosenbluth, A. H. Teller, and E. Teller. Equation of state calculations by fast computing machines. The journal of chemical physics, 21(6):1087–1092, 1953. [30] R. Moddemeijer. On estimation of entropy and mutual information of continuous distributions. Signal processing, 16(3):233–248, 1989. [31] A. Monticelli. State estimation in electric power systems: a generalized approach. Springer Science & Business Media, 2012. [32] R. Nassif, C. Richard, A. Ferrari, and A. H. Sayed. Diffusion lms for multitask problems with local linear equality constraints. IEEE Transactions on Signal Processing, 65(19):4979–4993, 2017. [33] A. S. Rawat, P. Anand, H. Chen, and P. K. Varshney. Collaborative spectrum sensing in the presence of byzantine attacks in cognitive radio networks. IEEE Transactions on Signal Processing, 59(2):774–786, 2011. [34] D. S. Scherber and H. C. Papadopoulos. Locally constructed algorithms for distributed computations in ad-hoc networks. In Proceedings of the 3rd international symposium on Information processing in sensor networks, pages 11–19. ACM, 2004. [35] P. Shen and C. Li. Distributed information theoretic clustering. IEEE Trans. Signal Processing, 62(13):3442–3453, 2014.

31

[36] H. Song, P. Shi, W.-A. Zhang, C.-C. Lim, and L. Yu. Distributed h∞ estimation in sensor networks with two-channel stochastic attacks. IEEE transactions on cybernetics, 2018. [37] N. Takahashi, I. Yamada, and A. H. Sayed. Diffusion least-mean squares with adaptive combiners: Formulation and performance analysis. IEEE Transactions on Signal Processing, 58(9):4795–4810, 2010. [38] Z. Tan, A. Jamdagni, X. He, P. Nanda, and R. P. Liu. A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE transactions on parallel and distributed systems, 25(2):447– 456, 2014. [39] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson. A secure control framework for resource-limited adversaries. Automatica, 51:135– 148, 2015. [40] A. Vempaty, K. Agrawal, P. Varshney, and H. Chen. Adaptive learning of byzantines’ behavior in cooperative spectrum sensing. In Wireless Communications and Networking Conference (WCNC), 2011 IEEE, pages 1310–1315. IEEE, 2011. [41] L. Xiao and S. Boyd. Fast linear iterations for distributed averaging. Systems & Control Letters, 53(1):65–78, 2004. [42] Y. Xu, R. Lu, P. Shi, H. Li, and S. Xie. Finite-time distributed state estimation over sensor networks with round-robin protocol and fading channels. IEEE Transactions on Cybernetics, 48(1):336–345, 2018. [43] Q. Yan, F. R. Yu, Q. Gong, and J. Li. Software-defined networking (sdn) and distributed denial of service (ddos) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1):602–622, 2016. [44] J. Yick, B. Mukherjee, and D. Ghosal. Wireless sensor network survey. Computer networks, 52(12):2292–2330, 2008. 32

[45] H. Zhang, P. Cheng, L. Shi, and J. Chen. Optimal denial-of-service attack scheduling with energy constraint. IEEE Transactions on Automatic Control, 60(11):3023–3028, 2015.

33

Declaration of Interest Statement We declare that we have no financial and personal relationships with other people or organizations that can inappropriately influence our work, there is no professional or other personal interest of any nature or kind in any product, service and/or company that could be construed as influencing the position presented in, or the review of, the manuscript entitled“Secure Distributed Estimation against False Data Injection Attack”.

Corresponding author: Feng Chen E-mail: [email protected]