This paper presents a novel probabilistic detection scheme called Cooperative Statistical Detection (CSD) for abnormal node detection while defending against adversarial attacks in cluster-tree networks. The CSD performs a two-phase process: 1) designing a likelihood ratio test (LRT) for a non-root node at its children from the perspective of packet loss; 2) making an overall decision at the root node based on the aggregated detection data of the nodes over tree branches. In most adversarial scenarios, malicious children knowing the detection policy can generate falsified data to protect the abnormal parent from being detected or frame its normal parent as an anomalous node. To resolve this issue, a modified Z-score-based falsification-resistant mechanism is presented in the CSD to remove untrustworthy information. Through theoretical analysis, we show that the LRT-based method achieves perfect detection, i.e., both the false alarm and missed detection probabilities decay exponentially to zero. Furthermore, the optimal removal threshold of the modified Z-score method is derived for falsifications with uncertain strategies and guarantees perfect detection of the CSD. As our simulation results show, the CSD approach is robust to falsifications and can rapidly reach $99\%$ detection accuracy, even in existing adversarial scenarios, which outperforms state-of-the-art technology.

翻译：本文提出一种名为协同统计检测（CSD）的新型概率检测方案，用于在簇树网络中对抗攻击的同时实现异常节点检测。CSD采用两阶段过程：1）从丢包角度为非根节点设计针对其子节点的似然比检验（LRT）；2）基于树分支上节点的聚合检测数据，在根节点做出全局决策。在多数对抗场景中，知晓检测策略的恶意子节点可生成伪造数据以保护异常父节点免遭检测，或将正常父节点诬陷为异常节点。为解决该问题，CSD引入改进的Z分数抗伪造机制，用于剔除不可信信息。理论分析表明，基于LRT的方法可实现完美检测，即虚警概率与漏检概率均以指数速率收敛至零。进一步地，针对策略不确定的伪造攻击，推导出改进Z分数方法的最优剔除阈值，并保障CSD的完美检测性能。仿真结果显示，CSD方法对伪造攻击具有鲁棒性，即便在现有对抗场景下也能快速达到99%的检测准确率，显著优于当前先进技术水平。