PUE Attack Detection by Using DNN and Entropy in Cooperative Mobile Cognitive Radio Networks

: The primary user emulation (PUE) attack is one of the strongest attacks in mobile cognitive radio networks (MCRN) because the primary users (PU) and secondary users (SU) are unable to communicate if a malicious user (MU) is present. In the literature, some techniques are used to detect the attack. However, those techniques do not explore the cooperative detection of PUE attacks using deep neural networks (DNN) in one MCRN network and with experimental results on software-deﬁned radio (SDR). In this paper, we design and implement a PUE attack in an MCRN, including a countermeasure based on the entropy of the signals, DNN, and cooperative spectrum sensing (CSS) to detect the attacks. A blacklist is included in the fusion center (FC) to record the data of the MU. The scenarios are simulated and implemented on the SDR testbed. Results show that this solution increases the probability of detection (PD) by 20% for lower signal noise ratio (SNR) values, allowing the detection of the PUE attack and recording the data for future reference by the attacker, sharing the data for all the SU.


Introduction
In the era of Industry 4.0, applications, data management, and data analysis are needed. Technologies such as the Internet of Things (IoT), augmented or virtual reality, big data, and artificial intelligence need wireless technology that efficiently improves throughput, security, and spectrum access. Entities such as the Federal Communication Commission (FCC) recognize that part of the assigned radio-electric spectrum is not being used; its utilization can be under 15%. Cognitive radio networks (CRN) are a possibility for increasing the use of this spectrum by allowing a SU to use the spectrum if a PU is not using it, which requires continuous monitoring of the spectrum's use in a specific frequency range. If a PU starts to use a frequency, the SU must move to another frequency if there is another spectral hole in the assigned space. The spectral hole is a frequency channel not used at a specific time and can be used for the PU or SU. For example, if there are four free frequency channels to assign, a SU can use one of them, but if a PU wants to use it, the SU changes to any free channel of the three that remain or waits for one of them to be released to use it [1].
One possible solution to spectrum scarcity is the implementation of a CRN. In mobile networks, for example, there are time slots where the spectrum frequencies are unused, partly because their assignment is fixed by the regulatory entities in a traditional spectrum management system, giving the operators flexibility in their usage. However, if we were to implement the CRN, it would be crucial to acknowledge the accompanying security signals in the PU frequency band. Smart PUEs know the PU signal status and attack the network depending on the PU's presence. The SUs report wrong decisions to the FC, leading to a bad global decision. The PUE uses a free frequency for its signal or causes interference, which is called selfish or malicious PUE, respectively [11].
For PUE detection, there have been some schemes; some of them are individual detection, and other works explore the CSS. In [7], we propose a method that uses the entropy calculation of the received signal for spectrum sensing; the results increase the performance for low SNR values, and it works in a simple SU. The basis of this detection is the spectrum sensing system. There are several problems, such as multipath fading, shadowing, and receiver uncertainty, and in an MCRN, there are also different modulation types, and it is difficult to distinguish between them. A possible solution for some of these problems is to share the information of all the users of the CRN; this means sharing the spectrum sensing data, the detected signal, frequency, and bands of use since these data increase detection performance, providing a solution that can be implemented for an MCRN [6]. We implemented this solution only for spectrum sensing and not for PUE detection [8].
The CSS model has been used to improve the probability of detection by including cooperation in the SUs, which share the particular sensing data and make a combined decision using an AND, OR, or MAJORITY rule, obtaining better results than the individual decisions of each CR and giving the MCRN a better knowledge of the radio environment. Energy-based detection is the faster and simpler method for spectrum sensing in the proposed CSS schemes. This method uses an energy threshold value to detect the presence of the PU/PUE in the radio environment, or with a test statistic and two thresholds, which obtain better results for sense. This is helpful to detect the signal, but it is not able to detect PUE attacks by itself [7].
In the CSS models, some authors have designed strategies to use the hard or soft fusion methods using MATLAB algorithms in additive white Gaussian noise (AWGN) or Rayleigh channels. The results show that the best method is a soft combination. Another platform used for implementing it on a device due to the costs and keeping high computational performance is the Raspberry Pi. Additionally, the SDR is another choice for CRN implementation [12].
The CSS model can be centralized using the FC; the cooperating SUs send their signal measurements or decisions about a sensing process to an FC or a base station BS. Then, the FC takes a general decision and transmits it to all the SUs. Another model uses a decentralized CSS, which is based on the sharing of data or decisions by the SUs to make a final decision. Still, it needs a radio frequency for the communication of each SU, requiring more radio resources. The authors use a centralized CSS to improve performance in deep fading environments with low SNR values. The PUE is a MU that reconfigures its air interfaces and transmits fake signals, leading the CSS system to make a wrong decision due to the SU report to the FC due to the openness of the lower layers [11].
Furthermore, apart from CSS, there are other techniques worth considering in the implementation of CRN. These techniques include the implementation of optimal joining techniques to detect PUEAs, detecting the MU, and bridging the gap between single equilibrium and social strategies through the imposition of a selected fee on SUs [13]. The time difference of arrival (TDOA) is another method used to find the PUE attacker position, but in an MCRN, this technique will not work because users are in motion. SUs in the CRN cooperate based on position estimation using the TDOA. Another author uses a proficient TDOA localization algorithm using the Differential Evolution (DE) method to detect the PUEA in CRNs, showing fast convergence of the detection [2].
Particle swarm optimization (PSO) has been used for PUE detection. The author in [14] uses a three-phase detection system: the state of the spectrum is calculated, the SVM algorithm is used to estimate if a frequency is occupied, and a PSO makes the selection of kernel and bias values. The technique is evaluated in MATLAB. In [15], the authors detect the PUE using the TDOA localization technique combined with a PSO algorithm to solve the cost function based on the TDOA results. It changes the parameters such as inertia, weight, and acceleration, but if a PUE, a SU, or a PU is in motion, these techniques will not work because they are based on the fixed position of the users.
The AI has been used for the detection of PUE. In [16], the authors introduce a classification method called Online Adaptive Memory-Based Genetically Optimized Artificial Neural Network (OAM-GANN), based on online learning, that uses the network parameters to identify the PUE. It optimally tunes the hyperparameters of the developed DNN. It improves the security of the CRN. It is evaluated by several metrics, such as error rate and detection probability [16].
Other solutions are based on ML algorithms, such as the Knearest neighbor classifier (KNN) algorithm, which can identify the PUE attack and group the malicious nodes together [17]. In another work, we compare KNN, random forest, and SVM, showing that for this problem, the best results are achieved with the SVM in an MCRN with a single SU [9]. Extreme machine learning (EML) and time-distance with signal strength evaluation (TDSE) methods have been used to detect or prevent PUE attacks. The TDSE implementation allows for identifying the malicious PUE attacker, and the EML compares it with the MU, but its computational requirements are high for a mobile network [18].
Another author uses the logistic regression concept to estimate the maximum likelihood of detecting the attack. The algorithm is divided into two parts: the training and testing processes, based on a dataset generated with an active PUE attack. Results show a high PD of about 99.5% with a PFA of less than 0.6% [5].
In another work, the authors implemented a classification problem and solved it with an artificial neural network (ANN). ANN increases its performance by using the immune plasma optimization (IPO) method. The results of this work show that the algorithm using the ANN has better results in terms of accuracy and other network variables. This method has an accuracy rate improvement of 32% and a 16% energy savings compared to the existing methods [19].
Other authors have proposed the DNN algorithm by combining energy detection, cyclostationary calculation, and the DNN algorithm. The PU/PUE in the frequency band is localized by using energy detection. Then, the cyclostationary technique identifies the features of the signal, and the results are used as input for the neural network to detect the PUE attack. Other work shows that radio-frequency fingerprinting can be used to detect the PUE attack. In the training step, the transmitter profiles are elaborated for each one, and a classifier with three layers of the ANN is created. The final part of the process is to compare the user signal to the established profiles to determine the PUE presence [5].
Most of the related previous work uses energy detection as the base for signal detection; we propose entropy detection for the PUE attack because it is able to work at lower SNR values with a high probability of detection. The CSS has been worked on in simulations, but there have been no results with a realistic SDR environment as we implemented it in our work. Finally, in the literature, there are no implementations of the DNN algorithms to detect the PUE attack. In this work, we include the algorithms of the DNN in the SU and test them in an SDR environment with mobile phones.

Deep Neural Network and Entropy to Multiple PUE Detection in Cooperative MCRN
The following subsections describe the CSS scheme, the entropy detector, the DNN algorithm, and the general proposal for PUE attack detection.

Cooperative Spectrum Sensing Model
The designed model has a malicious PUE attack, some SUs and PUs in the network, and an FC for the centralized CSS. There is one radio frequency channel of the PU detected by the SU, another one of the PUE attacks detected by the SU, and one common channel where the SUs communicate with the FC; these signals can be seen in Figure 1. by the SU, another one of the PUE attacks detected by the SU, and one common channel where the SUs communicate with the FC; these signals can be seen in Figure 1. For cooperative spectrum sensing, each SU detects the PUE attack based on the entropy and DNN techniques described in the following subsections and informs the FC of the results. The FC takes an OR decision that helps the system detect any attack within the network coverage and the assigned frequencies. The FC manages the frequencies for detection and the state of each frequency in the MCRN.

Detector Based on Entropy
An entropy-based detector is used for the detection; the energy detection results are the inputs for the system. The MCRN has n SUs, which transmit the individual results to the FC with the calculated entropy in one frequency channel. These entropy results are the input for the DNN learning algorithm, which detects if there is a PUE attack in the frequency and communicates it to the FC, which decides for everyone under an established rule and in the presence of a PUE attack. If a PUE attack is detected, SU continues using the frequency, but if there is a PU, it must release the channel and use another one, and if there are no more available frequency channels in the range, service cannot be provided.
Energy detection is used for the spectrum sensing scheme in the SUs, but it is combined with the entropy detector for better results, as we worked out in [7]. N is the number of samples; then the test statistic is given in Equation (1) [20], where p(n) is the power of the signal received at the SU: In the traditional energy detector, a hypothesis test is used, a threshold is defined, and it is analyzed if it is above or below the threshold to detect if a PU/PUE is present. Our proposal uses the averaged energy as an input for the entropy detector. The PU/PUE signal is described in Equation (2) [7].  For cooperative spectrum sensing, each SU detects the PUE attack based on the entropy and DNN techniques described in the following subsections and informs the FC of the results. The FC takes an OR decision that helps the system detect any attack within the network coverage and the assigned frequencies. The FC manages the frequencies for detection and the state of each frequency in the MCRN.

Detector Based on Entropy
An entropy-based detector is used for the detection; the energy detection results are the inputs for the system. The MCRN has n SUs, which transmit the individual results to the FC with the calculated entropy in one frequency channel. These entropy results are the input for the DNN learning algorithm, which detects if there is a PUE attack in the frequency and communicates it to the FC, which decides for everyone under an established rule and in the presence of a PUE attack. If a PUE attack is detected, SU continues using the frequency, but if there is a PU, it must release the channel and use another one, and if there are no more available frequency channels in the range, service cannot be provided.
Energy detection is used for the spectrum sensing scheme in the SUs, but it is combined with the entropy detector for better results, as we worked out in [7]. N is the number of samples; then the test statistic is given in Equation (1) [20], where p(n) is the power of the signal received at the SU: In the traditional energy detector, a hypothesis test is used, a threshold is defined, and it is analyzed if it is above or below the threshold to detect if a PU/PUE is present. Our proposal uses the averaged energy as an input for the entropy detector. The PU/PUE signal is described in Equation (2) [7].
where n(t) is the noise and h(t) is the channel impulse response of the system, which is the response of the communication channel when an impulse is applied to the system. It can be seen as the correlation of the received signal against the transmitted signal, where o(t) is the measured data from a PU/PUE signal and p(t) is the received signal. To detect a PU or PUE attack signal, it is necessary to protect the authentic PU by changing the frequency channel to another one. In contrast, the PUE attack is detected or discarded. For this purpose, a binary hypothesis test is used: H 0 is noise, and H 1 indicates a PU/PUE signal and noise; this is defined in Equation (3) [7]. The entropy is calculated using a discrete Fourier transform (DFT), obtaining Equation (3) [7].
where P(k) is the complex spectrum of the received signal, L(k) is the PU/PUE signal, J(k) is the noise, and the size for the DFT is k = N, where N is the sample size. H 0 implies the presence of a PU/PUE signal, and H 1 its absence [21]. The results of the entropy calculation on each SU of the CSS using Equation (4) are used as an input for the DNN algorithm in the learning and detecting processes; the binary results of the detection are sent to the FC as we worked it out in [8]. For a given number of bins X, using the histogram method, the statistic test is calculated in Equation (4).
where N is the number of samples and λ is the entropy threshold calculated with the entropy H X for X bins and described in Equation (5). The probability of a false alarm is P FA and σ e is the standard deviation [8].
The cooperative results are measured for the probability of detection (Qd) and the probability of false alarm (Qfa) measured at FC and are calculated by Equations (6) and (7) [20].
where Z is the number of SUs in the CSS. In the experiments, measurements are taken based on the results of putting the devices in different positions and distances.

Deep Learning Techniques for the Decision of PUE Presence
Deep learning is one of the most effective tools for making accurate forecasts using large and complex data sets. Deep learning includes technologies with multiple data types, including numbers, text, audio, images, video, or combinations [22]. We propose to use one of the deep learning techniques to help the SU detect the PUE attack; it must be implemented on each SU to improve the decision in a CSS scheme. In this section, an explanation of the context and deep learning techniques is given, and after this, we propose a deep learning scheme for detecting the PUE attack.
The central concept of deep learning is the use of neural networks, and even though their applications are widely used today, this technology is familiar, having emerged in the 1950s. However, its development was limited after the 1970s due to a lack of hardware and algorithms necessary to achieve the great expectations generated around neural networks. AI has been used in many fields, such as robots, mobile communications, autonomous cars, smart cities, financial analysis, and engineering problems such as decision support [23]. In 2012, there was a significant advance in the field of artificial intelligence, which allowed the creation of neural networks capable of identifying images with greater precision than humans. Later AI examples include Deep Blue, a chess-playing system that defeated Gary Kasparov, or Google's AlphaGo, which defeated the world's No. 1 ranked player Jie Ke in a Go match. In 2022, OpenAI launched Chat Generative Pre-trained Transformer (ChatGPT), a next-generation model that generates human-like responses based on text input [23].
In this case, we will use the neural networks for decision-making in an MCRN under a PUE attack.
To decide which neural network is needed, the ANN concept is analyzed. The fundamental components of the nervous system in biological systems are neurons; the complexity of this system derives from the millions of neuron connections when they communicate with each other through axons and dendrites. When a living organism learns, connections between neurons are established through a process called synapses [22]. Artificial neural networks are inspired by biological behavior through artificial neurons that communicate with each other and can learn from data. A neuron performs a linear regression from a set of weighted inputs and a bias [23].
There are different types of neural networks, each with its own architecture [24]. In these models, the output depends on the current input and the information processed in the last moments. This characteristic, called shortand long-term memory, allows them to work with data series such as text, audio, or video. They are often used in natural language processing tasks, voice recognition, and time series analysis, among other applications [24]. • Generative Adversarial Networks (GAN): They are a system comprising two neural networks: generative and discriminative. The generative network creates new data from the training data set. In contrast, the discriminative network judges whether the data it receives is training data or data created by the generative network. As this competition process between the two networks progresses, each performs its task more efficiently. Thanks to this architecture, GANs have proven capable of generating high-quality images, music, and videos [26].
Deep neural networks are an effective tool for classification or regression tasks. These networks can identify complex patterns that relate input data to output values. In deep neural networks, three types of layers can be distinguished: the input layer, which has as many neurons as variables present in the training data; the deep hidden layer or layers; and the output layer, as shown in Figure 2 [27]. In this paper, we propose to use a DNN; the input layers are the SNR and entropy of the measured signals, and with this data, each SU can detect the PUE attack using supervised learning and an adequately labeled dataset. This data set is divided into training and test or validation data. The network training stage follows an iterative process that includes several phases: In this paper, we propose to use a DNN; the input layers are the SNR and entropy of the measured signals, and with this data, each SU can detect the PUE attack using supervised learning and an adequately labeled dataset. This data set is divided into training and test or validation data. The network training stage follows an iterative process that includes several phases: Initialization of parameters: Initially, the weights and biases of each neuron in the network are adjusted. These values can be chosen randomly or they can be assigned according to a probability distribution.
Forward propagation: In forward propagation of an L-layer neural network, a Z-weighted sum of the X inputs and the b biases of each neuron in the layer is performed, where the weights w represent the contribution of each input in the layer in the weighted sum, as can be seen in Equation (8). In this case, the inputs are the SNR and the entropy of the averaged energy of the received signal.
Subsequently, a nonlinear activation function a is applied to the weighted sum Z to obtain the responseŷ, as seen in Equation (9).
Error calculation: The error is obtained by calculating the cost function C, which measures the discrepancy between the predicted outputŷ, and the desired output or label y. The cost function C can be the root mean square error (RMSE) in cases of regression or cross-entropy in classification problems; the error can be seen in Equation (10) [28].
Backpropagation: After the error calculation, the backpropagation phase begins, in which the weights and biases of each neuron are adjusted to achieve the desired output. The cost function is optimized using algorithms, such as gradient descent, to minimize the error. In this way, it seeks to achieve a solution that allows a better network generalization to make accurate predictions on new data, reducing the error in the last layer, as seen in Equation (11) [29].
The backpropagation for the error can be seen in Equation (12).
Then, the derivatives of the biases are calculated in Equation (13).
Finally, the derivatives of the weights are also calculated in Equation (14).
Optimizing the weights and biases of the neural network based on their derivatives, known as backpropagation, is carried out by the backpropagation of the error from the output layer to the previous layers. This process is repeated with all the training data in one epoch and is executed multiple times until the network can capture the patterns in the data. Then, the validation of the network is carried out using the test data to measure its efficiency. If the performance is unsatisfactory, the hyperparameters are adjusted, and the entire procedure is repeated [29].
After all the DNN processes are achieved (training, testing, and validation), each SU can detect the PUE attack by taking some samples, as will be explained in the next section.

General Proposal for PUE Attack Detection
Our proposal starts with the entropy calculation of the energy detector results, which achieves better results for low SNR values and energy by itself on each SU. After that, a DNN is used and divided into two parts. In the first one, the PUE attacker is placed at different points of a mesh around the SU of the network; the collected data is used for the learning process of the DNN algorithm, which will be explained in the following subsection. Each SU has the results of the learning stage in its programming. In the second part, the PUE is positioned anywhere, and the decision results of each SU are sent to the FC, which makes the global decision if there is a PUE attack presence based on an OR rule. There are other rules, such as the AND or MAJORITY rule, but depending on the position of the SU and the PUE attacker, there is a high probability that only one SU will be able to detect the attack. The rule that allows better detection is the OR rule; if any of the SU detects the PUE attack, it will be transmitted to the entire network. An example will be shown in Section 5.2. The global decision is sent in a broadcast message to all the SU in the CSS scheme. The general model for the proposed PUE detection can be seen in Figure 3.

w ∂
Optimizing the weights and biases of the neural network based on their derivatives, known as backpropagation, is carried out by the backpropagation of the error from the output layer to the previous layers. This process is repeated with all the training data in one epoch and is executed multiple times until the network can capture the patterns in the data. Then, the validation of the network is carried out using the test data to measure its efficiency. If the performance is unsatisfactory, the hyperparameters are adjusted, and the entire procedure is repeated [29].
After all the DNN processes are achieved (training, testing, and validation), each SU can detect the PUE attack by taking some samples, as will be explained in the next section.

General Proposal for PUE Attack Detection
Our proposal starts with the entropy calculation of the energy detector results, which achieves better results for low SNR values and energy by itself on each SU. After that, a DNN is used and divided into two parts. In the first one, the PUE attacker is placed at different points of a mesh around the SU of the network; the collected data is used for the learning process of the DNN algorithm, which will be explained in the following subsection. Each SU has the results of the learning stage in its programming. In the second part, the PUE is positioned anywhere, and the decision results of each SU are sent to the FC, which makes the global decision if there is a PUE attack presence based on an OR rule. There are other rules, such as the AND or MAJORITY rule, but depending on the position of the SU and the PUE attacker, there is a high probability that only one SU will be able to detect the attack. The rule that allows better detection is the OR rule; if any of the SU detects the PUE attack, it will be transmitted to the entire network. An example will be shown in Section 5.2. The global decision is sent in a broadcast message to all the SU in the CSS scheme. The general model for the proposed PUE detection can be seen in Figure  3. The first stage of the detection system is to analyze if a PU, a SU, or a MU is detected in the radio environment to protect the PU. However, to detect if there is a PU or a MU, the UL and DL signals are estimated. If there is a PU phone call, the two signals must be active, but if there is a MU, only a DL/UL signal will be detected. For the test, we use the absolute radio frequency channel number (ARFCN) and record the combination of UL/DL frequency pairs available for the phone call. If a DL signal is detected, the system detects the UL signal. If only the DL is detected by the system, it will be marked as a MU.

Experiments
A testbed based on SDR is used for the experiments; the Ettus N210 device is the SDR selected. It has been implemented for similar purposes and can work in the MCRN frequencies; it can be configured to work with Linux or Windows, and it has the libraries or drivers to achieve several communication scenarios [30]. Each SU uses an RTL-SDR as a spectrum analyzer [12]. The N210 device generates the PUE attack; another SDR is used for the FC and each SU. The MCRN consists of some SU trying to make a phone call; this is achieved by using the OpenBTS software and GNURadio [31,32], as we work in [10]. The testbed for the experiments is shown in Figure 4. frequency pairs available for the phone call. If a DL signal is detected, the system detects the UL signal. If only the DL is detected by the system, it will be marked as a MU.

Experiments
A testbed based on SDR is used for the experiments; the Ettus N210 device is the SDR selected. It has been implemented for similar purposes and can work in the MCRN frequencies; it can be configured to work with Linux or Windows, and it has the libraries or drivers to achieve several communication scenarios [30]. Each SU uses an RTL-SDR as a spectrum analyzer [12]. The N210 device generates the PUE attack; another SDR is used for the FC and each SU. The MCRN consists of some SU trying to make a phone call; this is achieved by using the OpenBTS software and GNURadio [31,32], as we work in [10]. The testbed for the experiments is shown in Figure 4. The devices were positioned in a grid, and energy, entropy, and the DNN were calculated at that time and positioned with one PUE attacker to be able to measure the practical threshold. Then, the PUE attacker was moved to every place in that grid. That information is recorded and is the input for DNN algorithms. Once the measurements are taken and the algorithm learns how the attack works, the attacker takes a random position, and the SUs measure the results. With the energy and entropy results measured in each SU, the DNN predicts the PUE attack presence; this value is binary and transmitted to the FC. Notice that if any SU detects a signal, it changes its frequency immediately to prevent interference with a genuine PU while it detects the PUE's presence. The FC takes a global decision and transmits a broadcast message to any SU in the network; the whole system learns and records the attackers' information, creating a database with a blacklist of the attackers' data. For example, the grid of the device's position is shown in Figure 5. The devices were positioned in a grid, and energy, entropy, and the DNN were calculated at that time and positioned with one PUE attacker to be able to measure the practical threshold. Then, the PUE attacker was moved to every place in that grid. That information is recorded and is the input for DNN algorithms. Once the measurements are taken and the algorithm learns how the attack works, the attacker takes a random position, and the SUs measure the results. With the energy and entropy results measured in each SU, the DNN predicts the PUE attack presence; this value is binary and transmitted to the FC. Notice that if any SU detects a signal, it changes its frequency immediately to prevent interference with a genuine PU while it detects the PUE's presence. The FC takes a global decision and transmits a broadcast message to any SU in the network; the whole system learns and records the attackers' information, creating a database with a blacklist of the attackers' data. For example, the grid of the device's position is shown in Figure 5. If the PUE is out of the grid, it can detect it or not, depending on the SU position. The system needs at least one SU to detect it; if not, the PUE attacker is out of the system's coverage and will not be detected.
There are two parts to the process. The first part is where the algorithms learn how the attack is achieved and the threshold is measured. In this part, some samples are taken at each position, and with one PUE attacker, the frequency changes to detect some frequencies in the range. This learning process can be seen in Figure 6. If the PUE is out of the grid, it can detect it or not, depending on the SU position. The system needs at least one SU to detect it; if not, the PUE attacker is out of the system's coverage and will not be detected.
There are two parts to the process. The first part is where the algorithms learn how the attack is achieved and the threshold is measured. In this part, some samples are taken at each position, and with one PUE attacker, the frequency changes to detect some frequencies in the range. This learning process can be seen in Figure 6. If the PUE is out of the grid, it can detect it or not, depending on the SU position. The system needs at least one SU to detect it; if not, the PUE attacker is out of the system's coverage and will not be detected.
There are two parts to the process. The first part is where the algorithms learn how the attack is achieved and the threshold is measured. In this part, some samples are taken at each position, and with one PUE attacker, the frequency changes to detect some frequencies in the range. This learning process can be seen in Figure 6. The second part is the detection once the system has learned how to detect the PUE attack. This flowchart shows the steps that each SU takes. The PUE attack starts with a random position; this process can be seen in Figure 7. The second part is the detection once the system has learned how to detect the PUE attack. This flowchart shows the steps that each SU takes. The PUE attack starts with a random position; this process can be seen in Figure 7.

Results
The results are analyzed in this section, and a discussion about them is made.

Results
The results are analyzed in this section, and a discussion about them is made.

Entropy Detection of PUE Attack
The first part of the model is the energy detector, which is implemented in GNURadio. The 100 positions of the grid are defined to measure the energy of one PUE attack when it is active or not. As shown in Figure 8, there is a difference in the power when it is in the two states.

Results
The results are analyzed in this section, and a discussion about them is made.

Entropy Detection of PUE Attack
The first part of the model is the energy detector, which is implemented in GNURadio. The 100 positions of the grid are defined to measure the energy of one PUE attack when it is active or not. As shown in Figure 8, there is a difference in the power when it is in the two states. The energy is detected by averaging 100 samples of the measured energy each time. Results are taken when the PUE attack is in a fixed position. In Figure 9, an example of the received power is shown when there is a PUE active or not in two different positions near and far from a SU. The energy is detected by averaging 100 samples of the measured energy each time. Results are taken when the PUE attack is in a fixed position. In Figure 9, an example of the received power is shown when there is a PUE active or not in two different positions near and far from a SU.  The entropy is calculated with 100 samples of the energy. Figure 10 shows an example of the measured entropy when there is a PUE active or not close to the SU. The entropy is calculated with 100 samples of the energy. Figure 10 shows an example of the measured entropy when there is a PUE active or not close to the SU. The entropy is calculated with 100 samples of the energy. Figure 10 shows an example of the measured entropy when there is a PUE active or not close to the SU. Now that the entropy values have been calculated, we can run the learning algorithm for the DNN. According to Table 1, the SNR is estimated for GNURadio. For the experiments, we use GSM-850 MHz, which is assigned to an operator in the laboratory's coverage zone. A site survey was made, and we found that ARFCN 166 is not used. This corresponds to a DL frequency of 876.8 MHz and a UL frequency of 831.8 MHz. However, during all the experiments, the MCRN was configured to release the channel if a PU was detected.

DNN Algorithm Results
Once the entropy and SNR results are taken, the DNN algorithm is trained with this data. For this purpose, the scikit-learn and Keras libraries of Python are used.
A classifier was built using a DNN (fully connected) in a sequential model implemented in Keras. Two deep layers were simulated with 16 and 32 neurons, and using the ReLu activation function, the output layer contains two neurons and a Softmax activation function. The final model had 642 parameters, optimized through a training process that covered 50 epochs and a batch size of 32, as shown in Figure 11. The input is the SNR and calculated entropy.
A classifier was built using a DNN (fully connected) in a sequential model implemented in Keras. Two deep layers were simulated with 16 and 32 neurons, and using the ReLu activation function, the output layer contains two neurons and a Softmax activation function. The final model had 642 parameters, optimized through a training process that covered 50 epochs and a batch size of 32, as shown in Figure 11. The input is the SNR and calculated entropy. The algorithm is tested with 20% of the dataset when the training is performed. In this case, 20,000 samples are taken, so 4000 data points are used for the test, as shown in Figure 12 Values are measured for each SNR value from −25 dB to 0 dB. For example, for −12 dB, the algorithm's probability of detection and accuracy are 99%; the blue boxes are the right detection values.  The algorithm is tested with 20% of the dataset when the training is performed. In this case, 20,000 samples are taken, so 4000 data points are used for the test, as shown in Figure 12 Values are measured for each SNR value from −25 dB to 0 dB. For example, for −12 dB, the algorithm's probability of detection and accuracy are 99%; the blue boxes are the right detection values. mented in Keras. Two deep layers were simulated with 16 and 32 neurons, and using the ReLu activation function, the output layer contains two neurons and a Softmax activation function. The final model had 642 parameters, optimized through a training process that covered 50 epochs and a batch size of 32, as shown in Figure 11. The input is the SNR and calculated entropy. The algorithm is tested with 20% of the dataset when the training is performed. In this case, 20,000 samples are taken, so 4000 data points are used for the test, as shown in Figure 12 Values are measured for each SNR value from −25 dB to 0 dB. For example, for −12 dB, the algorithm's probability of detection and accuracy are 99%; the blue boxes are the right detection values.  After the training algorithm is executed, the results are shared and recorded on each SU in the system. Then, the second part of the DNN is executed with each value of entropy; the algorithm predicts if there is an active PUE, and depending on the estimated SNR, a probability of detection is calculated.
In the SDR experiments, the PUE position is random and fixed, the SNR is estimated, 100 entropy values are averaged on each sample, and then each value is processed by the SUs. A CSS with an OR logic is implemented; if any of the three SUs detect the PUE presence, the FC broadcasts a message of the PUE presence to any SU in the network. With the obtained data, the device records it on the blacklist of PUE attackers.
The receiver operating characteristic (ROC) curves are similar to the practical results; the experiments are conducted in laboratory conditions. An example of the implemented algorithm can be seen in Figure 13. The PUE is active, and the FC indicates that a PUE attack is present when any of the SUs detect it and send a "1" binary value. It can be seen that one SU detects the attack in some samples, which is why an OR rule is used. the obtained data, the device records it on the blacklist of PUE attackers.
The receiver operating characteristic (ROC) curves are similar to the practical results; the experiments are conducted in laboratory conditions. An example of the implemented algorithm can be seen in Figure 13. The PUE is active, and the FC indicates that a PUE attack is present when any of the SUs detect it and send a "1" binary value. It can be seen that one SU detects the attack in some samples, which is why an OR rule is used. The probability of detection of the PUE is estimated as the number of positive detections when the PUE is active. In the experimental SDR testbed, the measurements are taken with steps of 1 dB each time, as seen in Figure 14 The results are compared with our previous results on entropy and the SVM PUE attack detection system [9]. The probability of detection of the PUE is estimated as the number of positive detections when the PUE is active. In the experimental SDR testbed, the measurements are taken with steps of 1 dB each time, as seen in Figure 14 The results are compared with our previous results on entropy and the SVM PUE attack detection system [9].

Discussion
The designed algorithms are an efficient combination of energy, entropy, DNN, and CSS models, which allow the detection system to obtain a PD of above 90% at −21 dB of SNR in an actual SDR environment. Compared to our previous works, such as [9], our proposal demonstrates improved outcomes regarding noise, SNR, and PD while maintaining a fast method to release the channel and prevent interference with the PU.
In the implemented model, there is no need to know previous information such as the modulation schemes, the threshold, or some earlier data similar to other solutions. The DNN is a high-speed method that, after a learning process, can detect PUE attacks. In combination with the CSS schemes, it increases the probability of detection by using the SUs as sensors and transmitting the individual detections to the FC. The use of entropy allows us to work with lower SNR values.
As a future work, the attack and detection methods could be implemented in a 5G scenario using, for example, a 5G testbed, as mentioned in [33]. There can be experiments with some mobile technologies, CRN, attacks, and detection methods that can be compared with the results of our proposal. Another detection method could be to use the

Discussion
The designed algorithms are an efficient combination of energy, entropy, DNN, and CSS models, which allow the detection system to obtain a PD of above 90% at −21 dB of SNR in an actual SDR environment. Compared to our previous works, such as [9], our proposal demonstrates improved outcomes regarding noise, SNR, and PD while maintaining a fast method to release the channel and prevent interference with the PU.
In the implemented model, there is no need to know previous information such as the modulation schemes, the threshold, or some earlier data similar to other solutions. The DNN is a high-speed method that, after a learning process, can detect PUE attacks. In combination with the CSS schemes, it increases the probability of detection by using the SUs as sensors and transmitting the individual detections to the FC. The use of entropy allows us to work with lower SNR values.
As a future work, the attack and detection methods could be implemented in a 5G scenario using, for example, a 5G testbed, as mentioned in [33]. There can be experiments with some mobile technologies, CRN, attacks, and detection methods that can be compared with the results of our proposal. Another detection method could be to use the Boltzmann concept in a game strategy, as demonstrated in [34].

Conclusions
The experimental results obtained in the SDR environment show that a cognitive protocol can be implemented to protect the primary user in MCRN by combining GNURadio, Python, and the DNN libraries. The CSS is used to detect the PUE attack, and according to the results, it works better with low SNR values. In combination with an entropy detector, it shows a higher probability of detection than all the systems, including the SVM. The implemented PUE detection solution increases the PD by about 10% for an SNR value of −18 dB and more than 20% at −21 dB, using the three SUs as detectors in the CSS scheme. If more than 90% PD is needed, this can be achieved with the DNN algorithm for an SNR value of −21 dB or higher.
The learning process takes several minutes to measure the variables at several distances and SNR values. Still, once it is performed, the detection system can be conducted significantly faster, which prevents the interference of the PU, which is one of the objectives of the MCRN. The system can release the channel in milliseconds, using the energy detector as the first step. At the same time, it is analyzed to determine if there is a PUE present in the radio environment. The use of the DNN to detect the PUE works better than other methods found in the literature [9].
Using the CSS gives us more coverage in the MCRN and allows us to obtain higher probability values for detection. Thanks to the DNN algorithm, high detection results are achieved even with slow SNR values. These results are similar to the values found in the literature. The system successfully detects the PUE attack signals individually and in a CSS scheme. In this case, the OR rule is better to have a better knowledge of the radio environment, separating the PUE attack signal and the MU efficiently because the FC has more data from the attacks detected on each SU, avoiding PUE attacks and errors in the network. A blacklist helps the system detect a previous PUE attacker without all the processes.