Detection of Jamming Attacks via Source Separation and Causal Inference

Jamming attacks to hinder communication capabilities are becoming a critical aspect of wireless networks. A challenging issue is the detection of reactive jammers that perform spectrum sensing and attack the network only when legitimate communication is in progress. In this scenario, we introduce a novel framework for reactive jamming detection using a patrol of radio-frequency (RF) sensors external to the network to be protected. The solution relies on two key components: i) a novel underdetermined blind source separation (UBSS) method that, starting from the signal mixtures observed by the RF patrollers, is capable of separating the jamming temporal profile from the network nodes’ transmission profiles; ii) a new jamming detection based on causal inference called all-versus-one transfer entropy (AvOTE). The framework is then applied to a case study where the victim network is a Long Range (LoRa)-based internet of things (IoT) system with star topology. The solution outperforms a state-of-the-art method and an approach that attempts to find the causal relationship via time series correlation, exhibiting very good performance in the presence of shadowing. Indeed, a detection probability of 90% is achieved with a false alarm probability of 6% in the presence of nuisances such as collisions and severe shadowing.


I. INTRODUCTION
P RIVATE information and sensitive data rely heavily on the network infrastructure's security. This aspect is becoming of paramount importance in several applications such as industrial IoT, remote e-health, and V2X communications, where the wireless medium conveys critical data. To further exacerbate the problem, the upcoming artificial intelligence (AI) revolution, while making intelligent and efficient devices on one side, may lead to a much more vulnerable technology on the other [1], [2], [3].
Considering the different security threats of wireless networks, we distinguish between passive (i.e., eavesdropping) Manuscript  and active attacks [4]. Among the latter, the most common threat is denial-of-service (DoS), in which a malicious transmitter (i.e., jammer) generates interference attempting to prevent legitimate users from accessing the network. DoS attacks are even more harmful when aimed at networks that adopt cognitive paradigms of dynamic reuse of the radio spectrum. Systems operating in industrial, scientific and medical (ISM) bands or shared commercial bands (e.g., 5G systems in Citizens Broadband Radio Service (CBRS)) foresee techniques of intelligent reuse of the spectrum in which legitimate users are authorized to communicate based on the spectrum availability, becoming extremely vulnerable to interferers [5]. A wide variety of jammers have been investigated in the last two decades: the continuous jammer that emits a persistent radio signal, the random jammer, the deceptive jammer that mimics the behavior of a legitimate user, and the reactive (smart) jammer capable of detecting ongoing communications via spectrum sensing and opportunistically interfere them [6], [7]. However, this last type of jammer can hide by inactivating the interference when the legitimate user is not communicating, thus making its detection remarkably hard. Moreover, considering that building a reactive jammer is becoming more accessible thanks to technological advances in softwaredefined radio, developing new techniques to counteract such attackers is now of paramount importance [8], [9].
In this scenario, a solution that recently has been proposed makes use of a spectrum patrol to enforce security of a wireless network [3], [10], [11], [12]. The patrol can be composed by one or many devices that cooperate to monitor a region, sensing the RF spectrum and detecting the presence of anomalies (i.e., malicious users). An illustration of the aforementioned scenario is shown in Fig. 1. The patrollers can pair the information received by the legitimate users and e.g., the access points (APs) or the base stations (BSs) when available, with the ones extracted from the spectrum analysis to detect the presence of a jammer. Then, such information can be forwarded to the authority (and, e.g., the network of legitimate users) that will take the necessary actions to counteract the jammer. However, due to the covert nature of smart jammers that intelligently turn themself off when a communication is not taking place, most of the spectrum sensing techniques developed in the last two decades cannot be applied. This is because when the smart jammer transmits, it does so in the presence of legitimate communication; hence, discriminating between the two transmissions is very challenging. Therefore, in this work, we propose a new framework for detecting This  smart jammers via causal inference using a patrol of RF sensors, leveraging the cause-and-effect relationship between the jammer and the network of legitimate users.

A. Existing Works
In the last decade, several jamming detection schemes have been proposed. In [13], a network node compares its packet delivery ratio (PDR), the bad packet ratio (BPR), i.e., the ratio between the number of erroneous packets and received packets, and the energy consumption, with a threshold. In [14], the authors study the detection of reactive jamming in direct sequence spread spectrum (DSSS) wireless communications systems. The detection is carried out using two metrics based on the PDR, namely, an observed PDR o and an estimated PDR e . The first is the ratio of correctly received packets over the total number of transmitted ones, while the second PDR is predicted through the chip error rate of the packet preamble. The rationale behind this detection strategy is that the jammer cannot interfere the first preamble symbols of a packet because of the non-negligible sensing time. In [15], a scheme for detecting a jammer exploiting the received signal strength (RSS) and the errors of the received bits sequence is proposed. If a bit is received with an error and the corresponding RSS value is high, then there should be an external interferer (i.e., the jammer); instead, if the corresponding RSS is low, errors are likely caused by the weak signal, e.g., due to fading or shadowing. Since jamming can severely affect the performance of Global Navigation Satellite Systems (GNSSs), characterized by remarkably low received powers, several works tackle this problem. For example, in [16], the authors exploit the carrier-to-noise density power ratio to detect the attacker. The rationale behind this is that the victim perceives a significant increase in the noise power in the presence of jamming. In [17], the authors study the physical layer security of a pilot-based massive multiple-input multiple-output (MIMO) system proposing a generalized likelihood ratio test (GLRT). In [18], the authors present an algorithm for jammer detection in wide-band cognitive radio networks based on compressed sensing (CS) and energy detector (ED). They first sample the wide-band signal through CS and identify a set of sub-bands occupied by legitimate users and the jammer. Then, the power spectral density (PSD) is used to detect the jammer based on the information about licit transmitters and the jammer stored on a database. The proposed method is computationally inexpensive but exhibits a high missed detection rate and relies on a database that contains information about all the legitimate users and the jammer, which might not always be feasible. In [19], the authors propose three classifiers, namely K-nearest neighbors (K-NN), random forest, and Bayesian classifier to detect a proactive jammer. In [20], a framework to guide the receiver in selecting the most suitable between many conventional anti-jamming schemes is proposed.
Recently, the introduction of AI techniques in the field of wireless communications gave impetus to developing machine learning (ML)-based jamming detectors. In [21], two neural networks (NNs) are proposed to detect and classify a jammer in orthogonal frequency division multiplexing (OFDM) transmissions. The authors suggest the introduction of a pre-processing stage in which a time-frequency transform is performed to improve the NNs performance. A similar method is applied in [22] to an OFDM-based satellite communication system. Both detection and classification are also performed in [23] where the authors propose an ML-based approach that exploits only the PDR and the RSS, retrievable at the GW side without demodulating the signals received from the network nodes. In [24], a large dataset with signal features that identify jamming signals is generated. Then, random forest, support vector machine (SVM) and a NN are tested in a wireless communication network using this dataset for training. In [25], a multi-layer perceptron NN is used to classify and detect a jammer attempting to interfere DVB-S2 signals. In [26], the authors suggest combining cyclic spectral analysis and NNs for jamming detection in wide-band cognitive radios. All the proposed ML-based jamming detectors have the same general operating scheme, composed of features extraction and selection followed by training and testing of a specific algorithm.
The detection schemes mentioned above need to be performed on the receiver side, i.e., within the network, as they require almost complete knowledge of the details of the communication protocols and the transmitted signals. For example, in [14], the prior knowledge of the first few jamming-free bits in the preamble is assumed, while in [15] the capability of detecting bit errors is mandatory for the detection, thus requiring the demodulation of the received packets. Instead, the AI-based solutions are sensitive to generalization errors because if the training is performed using specific signal formats (e.g., OFDM in [21] and [22]), then a change in the format will require a brand new training procedure. Table I summarizes and categorizes all the mentioned existing works.
The main problem of the listed approaches is that all the computational burden is carried by only one device, which is usually part of the network infrastructure, and this limits the overall performance of both the network and the jamming detection. From this perspective, the idea of adopting a set of crowdsourced spectrum sensors (or patrollers) that cooperate to detect violations of the spectrum usage policies appears attractive [10], [11]. In [10], the authors address a collaborative signal detection problem in which they aim to identify the optimal subset of sensors and their configurations to maximize the detection performance given certain resource limitations. In [11], mobile users cooperate through a crowdsourced enforcement architecture to detect and localize an infraction effectively. Both the presented methods rely on the spectrum patrollers receiving only the signal emitted by the intruder (i.e., a jammer). However, in a more general scenario, the transmission of the jammer concurs with the ones of the legitimate users, causing the sensors to receive a mixture of superposed signals.

B. Our Contribution
In this context, we propose a novel framework for detecting reactive jammers that exploit the mixed signals received by the spectrum patrollers and an original methodology based on causal inference. The detection strategy is quite general, including situations where legitimate users belong to different networks sharing the same spectrum. For this reason, the spectrum patrollers observe mixtures of signals transmitted over the air by the network nodes and extract energy profiles; such profiles retain information on the temporal behavior of the nodes without requiring demodulation. After this preprocessing stage, the solution performs blind source separation (BSS) to separate the energy profiles transmitted by each node of the network and the jammer. 1 In particular, we propose a novel solution to the UBSS problem, which includes substantial changes to the approach presented in [27] to be tailored for the specific needs. After the signal separation, we explore the temporal relation between the signals emitted by the nodes to detect the presence of an intruder. If the jammer is reactive, it transmits only after detecting the transmission of a legitimate user. Such behavior can be modeled via a causal relationship in which the user is the cause, and the jammer is the effect. Hence, we aim to detect the presence of the jammer by finding such a relationship using causal inference tools [28]. For this purpose, we propose a novel jamming detection methodology based on directed information, a metric that quantifies the causal relationship between time series introduced in [29] and reinvented in [30] with the name transfer entropy (TE).
In summary, the contributions of this work are the following: • We introduce a novel framework for reactive jamming detection based on a patrol of RF sensors external to the network to be protected. • The solution requires sensors to collect only raw measurements consisting of the received power calculated over short time intervals. • The framework is blind, meaning that most network features are unknown (i.e., the number of nodes, their position, the type of traffic, and the communication protocol), and all the operations are carried out without demodulating the received signals. • A first key ingredient is a novel UBSS method that, starting from the signal mixtures observed by the RF patrollers, allows estimating the number of nodes of the wireless network and reconstructing their transmitted energy profiles. • The second key element is a new jamming attack detection based on causal inference called AvOTE. • We thoroughly analyze a case study where the victim network is a LoRa-based IoT network with star topology.
Throughout the paper, capital and lowercase boldface letters denote matrices and vectors, respectively, (·) T stands for transposition, ∥·∥ p is the l p -norm, | · | is the absolute value, and ⊗ stands for Kronecker product. With v i,j , v i,: , and v :,j , we represent, respectively, the element, the ith row, and the jth column of the matrix V; with v i,j:k we select the elements between the jth and the kth entry of the ith row of V, extremes included, and V :,j:k correspond to a sub-matrix of V composed by the columns from jth to kth, extremes included. We use x ∼ N (µ, σ 2 ) to denote a Gaussian random variable (r.v.) with mean µ and variance σ 2 , z ∼ CN (0, σ 2 ) to denote a zero-mean circularly symmetric complex Gaussian r.v. with variance σ 2 , E[·] to denote the expectation operator, and ⟨·⟩ to indicate the sample mean operator. 1 {A} is the indicator function equal to one when A is true and zero otherwise.
The remainder of this paper is organized as follows. We introduce the scenario and system model in Section II. Section III presents the UBSS method adopted by the patroller to separate the signals. In Section IV, a novel jamming detection algorithm based on TE is proposed. Numerical results are given in Section V. Conclusions are drawn in Section VI.

II. SYSTEM OVERVIEW
Let us consider a scenario with a packet-based wireless network, a reactive jammer, and a patrol. In particular, the wireless network is composed by a set T of nodes (or users) and the patrol is formed by a set S of radio-frequency sensors, with cardinalities N T and N S , respectively. All the actors, namely the nodes, the sensors and the jammer are randomly deployed on a two-dimensional area. As further detailed in Section V, the proposed methodology tolerates the presence of collisions between the packets transmitted by the nodes. The jammer senses the spectrum for a period T 1 and detects the transmission of a user (in blue). Then, it alternates jamming (in red) and short sensing phases to make the jamming operation more effective.

A. Jammer Model
In this work, we consider a reactive jammer that periodically senses the channel to detect the users transmissions and interfere. The advantage of using a reactive jammer is that, even if it consumes energy to sense the spectrum, it can perform targeted attacks that make it more efficient and less detectable than simpler jammers.
The jammer is modeled by the 4-states machine shown in Fig. 2a, where two sensing states, S 1 and S 2 , alternate with idle and jamming states, I and J, respectively. In the idle state, the jammer remains silent for a time T I and then it jumps into state S 1 . In state S 1 , the jammer senses the channel for a time T 1 to detect the transmission of a user; if no transmission is detected (hypothesis H 0 ), the jammer returns to the idle state. When a signal is detected (hypothesis H 1 ) the attacker goes into state J and interferes the communication for a time T J . During T J , the jamming signal with power P J is transmitted. Then, the attacker alternates between states J and S 2 , in which it performs detection with sensing time T 2 . 2 Fig. 2b shows an example of a jammer attack.
1) Sensing at the Jammer: During S 1 and S 2 , the jammer senses the channel in a bandwidth W with sampling time 1/W . In the presence of frequency flat channel, the nth sample 2 Note that the sensing time T 2 is usually shorter than T 1 to allow a more effective sensing [31], [32]. of the equivalent low-pass signal received by the jammer is 3 wherex t,n for t = 1, . . . , N T is the nth sample of the signal transmitted by node t,h J t for t = 1, . . . , N T is the channel gain between node t and the jammer, andω J n ∼ CN (0, σ 2 J ) is the additive white Gaussian noise (AWGN) with independent, identically distributed (i.i.d.) real and imaginary parts, with noise power σ 2 J = 2N J 0 W , where N J 0 is the two-sided power spectral density. 4 The channel gain consists of two components h J t = g J t e σdt , where g J t is the complex path gain, and d t ∼ N (0, 1) are i.i.d. Gaussian r.v.s to model log-normal shadowing with intensity σ [33]. 5 The detection of a transmission is performed with an ED [31] represented by where ξ is the detection threshold obtained fixing the false alarm probability. The time-bandwidth product of the ED is thus N J ∈ {W T 1 , W T 2 } depending on the current jammer state.
2) Attack Signal: During the attack phase the jamming signal can assume several forms, e.g., white noise, a sinusoid or a signal with the same modulation of the victim communications.

B. The Patrol
Each RF sensor performs energy detection, collect the received energy samples for a period T ob and forward the data to a FC, which could be either one of the sensors or a specific device. Information as number of transmitting nodes, their positions, and physical and medium access protocol (MAC) layer configurations are unknown to the FC. As will be better explained in Section III the observation period T ob should be long enough to detect the causal relationship between the jammer and the victim network. Since such a relationship depends on the interaction between the jammer and the network at packet level, the observation period is much longer than the packet duration.

1) Received Signals at the Sensors:
Similarly to the jammer, the nth sample of the equivalent low-pass signal received by the sth sensor is where, differently from (1) the patrol sees also the signal emitted by the jammer, indicated by t = N T + 1,h s,t for t = 1, . . . , N T is the channel gain between node t and sensor s, whileh s,NT+1 is the jammer-sensor channel gain. The term 3 We also consider that the coherence time of the channel is larger than the sensing times, T 1 and T 2 . 4 We considerxt,n = 0 if node t is not transmitting at time instant n. 5 The shadowing parameter is usually expressed as the standard deviation of the channel loss in deciBel by σ(dB) = 20 ln10 σ.
is the AWGN at the sth sensor with i.i.d. real and imaginary parts, noise power σ 2 S = 2N S 0 W and two-sided power spectral density N S 0 . Since the jammer and the patrol operate in the same propagation environment, also the links between sensors and transmitters/jammer is affected by log-normal shadowing with intensity σ.
To reduce the number of collected samples and, consequently, the computational burden for jammer detection, each sensor extracts the energy of the received signal calculated over short time bins of duration T e such that T ob = N e T e , where N e is the number of energy samples. Thus, we obtain the matrix Y ∈ R NS×Ne , whose entries y s,i are the energy samples where N d = T e W is the number of signal samples used to compute the energy. This form of subsampling, while removing details (modulation, phase, etc.) of the signals emitted by the jammer and the nodes, it retains all the necessary information about the traffic profiles of the actors necessary to perform jamming detection through causal inference.
2) Received Energy Profiles: Under the assumptions of signals emitted by the nodes mutually uncorrelated and uncorrelated with the noise, we can express Y as 6 where the tth row of X ∈ R (NT+1)×Ne is the corresponding transmitter's energy profile and the last row contains the energy profile of the jammer. The entries ω s,i = of Ω ∈ R NS×Ne are the noise energy samples and H ∈ R NS×(NT+1) is the matrix of the channel power gains h s,t = |h s,t | 2 .
The energy profiles are sent to a FC that performs the jammer detection. The proposed methodology requires the temporal dynamics of the transmitted packets for each node of the wireless network and the jammer; thus, the first processing stage is BSS. After the separation, we propose a jamming detection algorithm that seeks a causal relationship between the energy profiles transmitted by the nodes and the jammer. The complete processing chain is depicted in Fig. 3.

III. BLIND SOURCE SEPARATION
The BSS aims at recovering the source matrix X starting from the observations, Y, without any prior knowledge of the channel matrix H. Without loss of generality, we consider the worst-case scenario in which the number of RF sensors is less than the number of transmitters, i.e., we solve an underdetermined blind source separation (UBSS) problem. This implies that the mixing matrix H is not invertible, making the classical overdetermined BSS techniques inappropriate. Therefore, as in [27], we tackle the UBSS problem by first estimating the mixing matrix and then the source matrix, leveraging on its sparse nature, i.e., assuming that each column of X has few non-zero entries [34], [35], [36]. This assumption means that few nodes are transmitting simultaneously. If the MAC layer is based on scheduled access protocol, then at most two actors will transmit simultaneously: a network node and the jammer. Instead, if the network adopts a random access protocol, multiple nodes might concur in the transmission and collide. However, in a well-designed random access protocol the network is not overloaded and the source matrix, X, is likely to be highly sparse. In the following, we propose a novel UBSS algorithm based on [27] that exploits such sparsity. Unlike most of the literature regarding UBSS, in which the sources that have to be separated are audio signals, we tailor our solution to deal with energy profiles transmitted by wireless nodes. In this sense, we did not use operations such as transformations to the time-frequency domain, that are common in the UBSS methods to increase the sparsity. For this reason, we propose a modified version of the algorithm in [27].

A. Estimate of the Mixing Matrix
We now aim to estimate H starting from the observations, Y, relying on the sparsity of X. For the sake of clarity, we first introduce the general estimation methodology and then remark two different situations: with or without jammer.
1) Transmission Detection: Given the matrix of energy profiles, Y, to reduce the number of samples and lighten the channel matrix estimation, the FC performs transmission detection. In particular, it aims to identify the samples corresponding to the occurrence of a transmission. The transmission detection algorithm is detailed in Algorithm 1 where, given Y as input, we analyze one column at a time. When a detection arises (line 5 of the algorithm) we start saving the columns until positive detection continues to occur. The output is a set of matrices Y k , with k = 1, . . . , K, such that Y k = Y :,i k :i k +N k is a sub-matrix of Y composed by its N k consecutive columns in which the kth transmission has been detected. The transmission starting index is denoted as i k . Each matrix Y k can contain the superposition of the energy profiles transmitted by the nodes, the jammer, and the thermal noise. Fig. 4 depicts an example of the jth row of Y k . If the transmission detection is successful, the remaining rows of Y k should have the same structure as the jth. However, since each row of Y k corresponds to the measurement carried out by a different RF sensor, the signals of the transmitters will be mixed in different ways depending on the propagation scenario. Let us now reformulate eq. (5) as where X k = X :,i k :i k +N k and Ω k = Ω :,i k :i k +N k .
2) Pseudo Channel Matrix Estimation: In this phase we estimate a raw oversized version of the channel matrix, called pseudo channel matrix. We now feed matrix Y k as input to the algorithm in [27], that is further described in the following. Initially, we divide element-wise each row of Y k by its qth row, to obtain the ratio matrix Fig. 4 depicts an example of the jth row of R in which the transmission of a smart jammer is partially overlapped with the one of a legitimate user. This row is the result of the division between the jth and the qth rows of Y k with j ̸ = q. Then, R is divided into the sub-matrices R i , i = 1, . . . , I using the quantization-based clustering algorithm proposed in [27]. Fig. 4 offers a graphical illustration of this operation: looking at the jth row of R, r j,: , it is possible to observe I j = 3 clusters of samples. Each cluster is the set of samples whose energy values are all similar and are depicted in blue, red, and purple, respectively. As an example, let us imagine that the blue cluster is labeled as cluster 1. If we select all the columns of R identified by the same column indexes of cluster 1, we obtain the sub-matrix R 1 . The same operation can be repeated for all the clusters identified by each row of R, overall generating I = NS j=1 I j sub-matrices. For more details about the clustering algorithm please refer to [27,Section II].
Considering the generic sub-matrix R i , we now estimate the corresponding column of the pseudo channel matrix as [27] h As detailed in Algorithm 2, which summarizes the complete mixing matrix estimation procedure, the steps between lines 4 and 8 are repeated for q = 1, . . . , N S to estimate a pseudo channel matrixĤ k ∈ R NS×N h . Note that due to the concatenation procedure on step 8 of Algorithm 2 the final number of columns ofĤ k is now indicated with N h .
3) Dimensionality Reduction: Due to the estimation procedure, the pseudo channel matrices are likely to have a larger number of columns than H. For this reason, we reduce the dimensionality ofĤ k as follows. By performing singular value decomposition (SVD) ofĤ k = UΛV T , the matrices of the singular vectors U, V, and the diagonal matrix of the singular values Λ are obtained. The singular values Λ n , with n = 1, 2, . . . , N h , are thus sorted in descending order along with the corresponding singular vectors. The number of independent columns N w ofĤ k is given by the number of significant singular values, i.e., whereΛ is the singular value selection parameter chosen, e.g., according to the scree plot approach [37]. To accomplish the dimensionality reduction, a linear transformation is performed using a projection matrixṼ ∈ R N h ×Nw obtained retaining only the N w singular vectors of V corresponding to the most significant singular values. Therefore,Ĥ k can be projected onto a subspace whose dimensionality is reduced from N h to N w by where W k ∈ R NS×Nw is the kth reduced pseudo channel matrix. 7 Iterating the procedure for each pseudo channel matrixĤ k , we estimate a set of reduced pseudo channel matrices W k , with k = 1, . . . , K and concatenate them such thatW = [W 1 , W 2 , . . . , W K ]. 4) Duplicate Elimination: After the complex procedure described above, it is possible thatW contains multiple estimations of the same column of H. In this case, an additional operation is performed to remove the duplicates fromW. Given a columnw :,i , we recognise thatw :,j is a duplicate if ∥w :,j −w :,i ∥ 2 < β (11) where β is the elimination threshold. In the end, we obtain the estimated channel matrix W ∈ R NS×NW , where N W is the number of estimated columns. Remark 1. Note that considering the absence of the jammer, collisions, and thermal noise a graphical illustration of the matrix X k is shown in Fig. 5 is the vector of N k energy samples of the packet transmitted by node k, and i k is the index that identifies the packet transmission starting time. 8 Here we have K = N T matrices, and Y k corresponds to the packet transmitted by the kth node, p k . Therefore, (6) becomes Y k = h :,k ⊗ p k and the entries of R are r i,j = h i,k /h q,k . Hence, the estimator (8) reduces to h :,k = h :,k ∥h :,k ∥ 2 providing a perfect estimation of the channel matrix coefficient except for a normalization factor. Such normalization does not affect the reconstruction of the temporal profiles of the activities of the nodes. In this ideal scenario, the clustering operation in R returns the same whole matrix, from which it is possible to estimate the kth column of H. Remark 2. The problem becomes more challenging in the presence of a jammer because each transmitted packet could experience at least one collision with the jamming signal. 9 In this case, a graphical illustration of the matrix X k is shown in Fig. 5, where the jamming packets in row N T + 1 are highlighted in red. Here, due to the presence of the jammer packets, Y k is the superposition of the transmissions of the jammer and the kth legitimate node. Evaluating the corresponding matrix R and performing the clustering operation, we obtain the three submatrices whose jth rows are depicted in Fig 4. The first, in blue, is composed of the columns of R corresponding only to the transmission of the kth node, the second, in red, is obtained by the columns corresponding only to the transmission of the jammer, while the third, in purple, is composed by the columns corresponding to the superposition of the transmissions of the node and the jammer. The estimation in (8) is performed for the three sub-matrices, obtaining three estimated pseudo channel matrix columns. Considering the sub-matrix R 3 , the corresponding estimated columnĥ :,3 is wrong because of the superposition of the two signals. However, it is dependent ofĥ :,1 andĥ :,2 , and, thus, deleted through dimensionality reduction.

B. Unmixing by Orthogonal Matching Pursuit
Once the mixing matrix W is estimated, the reconstruction of the transmitted energy profiles is performed. More precisely, we aim to estimate X starting from the observations Y and the estimated mixing matrix W, exploiting the sparsity of the sources. The problem is thus formulated as follows for i = 1, . . . , N e . This problem is known to be NP-hard and can be tackled with a greedy iterative method or using the well-known basis pursuit (BP) technique [38]. In this work, we reformulate (13) to be solved via the orthogonal matching pursuit (OMP) algorithm [39], i.e., min x:,i where γ is the sparsity constraint. The value of γ is chosen according to the mutual coherence, the largest normalized inner product between distinct columns of W, i.e., A large µ(W) means that the columns of W are highly correlated and, thus, the signal reconstruction is hard (or even impossible). It has been proved in [40] that if the problem (14) admits a solution x :,i with ∥x :,i ∥ 0 < 1 2 1 + 1 µ(W) , then it is the sparsest possible. Hence, the sparsity constraint is set to The output of the OMP is a matrixX ∈ R NW×Ne where, due to the dimensionality reduction adopted, some entries could get a sign flip; hence, the absolute value of the elements ofX is taken. Given that the number of columns of the estimated mixing matrix W might be different from the real one, even after OMP, the matrixX might have a different number N W of rows than X. Usually, in these cases, part of the estimated sources contains only residual crosstalk due to the separation. For this reason, we perform a skimming operation that deletes all the negligible rows. This operation is performed deleting all the rowsX i,: that satisfy where maxX is the maximum value inX, and Γ ∈ [0, 1] is the skimming threshold. In conclusion, at the end of the UBSS we obtain a matrix Z ∈ R L×Ne where L is the final number of estimated sources.

IV. JAMMER ATTACK DETECTION
After separating the transmitted energy profiles of legitimate nodes and the jammer, we analyze the temporal relationship between such emitted profiles, exploiting a causal inference tool to detect the jammer.

A. Excision Filter
The jamming detection algorithm presented in Section IV-C is based on the temporal dynamics of the packet flows generated by the nodes and the jammer. To lighten the causality inference procedure, we process the time series in Z to obtain sequences of 0s and 1s; this is performed by an excision filter which zeroes out the energy samples due to crosstalk [34]. The output is matrix A ∈ R L×Ne with entries

Algorithm 2 Estimate of the Mixing Matrix
Input : Y k ∈ R NS×N k , k = 1, . . . , K Output: W 1 for k from 1 to K do

B. Transfer Entropy for Causal Inference
The smart jammer transmits solely after the detection of the transmission of a legitimate user. Hence, we expect to find an underlying causal relationship between the energy profiles transmitted by the users and the jammer, in which the latter is the effect and the others are the causes. A state-of-the-art tool for causal inference in time series is transfer entropy (TE) [29], [30]. Considering two rows a i,: and a j,: of A, the TE from a i,: to a j,: is a conditional mutual information defined as TE i→j (k, r) = I (a j,n ; a i,n−1:n−r |a j,n−1:n−k ) = E log 2 p (a j,n |a i,n−1:n−r , a j,n−1:n−k ) p (a j,n |a j,n−1:n−k ) where p(·|·) is a conditional probability mass function, I(·) indicates the mutual information, and k and r are time lags. As in [28], histogram based estimates are computed for the probability mass functions p(·|·), for each possible configurations of a j,n , a j,n−1:n−k , and a i,n−1:n−r . TE can be interpreted as the amount of information in the current values of a j,: that is contained in the past values of a i,: , given the past values of a j,: . If a i,: has no influence on a j,: , then the two probabilities in the fraction are equal and TE i→j (k, r) = 0. Otherwise, if some information flows from a i,: to a j,: , then TE i→j (k, r) > 0. TE, unlike mutual information and crosscorrelation, is asymmetrical and, thus, it allows identifying the direction of the information flow between the time series.

C. Jammer Detection via Causal Inference
Let us consider a wireless network with a star topology, in which the nodes communicate with the gateway or AP so Authorized licensed use limited to the terms of the applicable license agreement with IEEE. Restrictions apply.

Algorithm 3 AvOTE for Jammer Attack Detection
Perform grid search to set k and r: θ that the energy profiles transmitted are not causally related. We now seek to detect the information flow from the signals emitted by the legitimate nodes toward the jammer. Hence, we evaluate TE i→j (k, r) for each possible pair of transmitters (i, j), expecting that the measure of causality will be more significant when the ith transmitter is a legitimate node and the jth is the jammer. On the contrary, TE will be negligible when both transmitters are legitimate. This procedure implies calculating L(L − 1) values of TE, where L is the number of estimated transmitters. To reduce the number of TE computations, we propose a novel approach named all-versus-one transfer entropy (AvOTE). Considering that during its sensing phase, the jammer collects energy samples corresponding to the superposition of the signals emitted by all the legitimate nodes, we expect to find a causal relationship in which the sum of the signals emitted by the nodes is the cause and the jamming signal is the effect. Therefore, let us introduce the sum vector b ∈ R 1×Ne , defined as b = L i=1 a i,: with i ̸ = j. Hence, we evaluate TE b→j (k, r) for each transmitter j = 1, . . . , L, namely the TE from the sum of all the other signals towards the jth signal. We expect that only when the jth transmitter is the jammer the corresponding TE will be significant and the highest among all. This procedure is computationally lighter than the previous one because it only requires the computation of L TEs. Then, given that we aim to detect the presence of one jammer, we find the maximum of the TEs evaluated, TE max .
A high TE max value indicates that a jammer is likely to be present, while a small value denotes its absence. Thus, TE max can be interpreted as a test statistic, hence The null hypothesis, H 0 , stands for the case when no jamming is present, while the alternate hypothesis, H 1 , corresponds to its presence. The threshold θ is given by setting the false alarm probability p FA = P(TE max > θ|H 0 ), where the null distribution, is calculated via histogram based probability density function estimation. The correct time lags for calculating TE are set by performing a grid search and finding the combination that outputs the highest value of TE. The complete AvOTE method is detailed in Algorithm 3.

V. NUMERICAL RESULTS
In this section, several tests to evaluate the performance of the whole processing chain are presented. As a case study, we simulated a wireless network composed of N T transmitters and a gateway, a patrol of N S RF sensors, and a jammer, all randomly deployed in a square area of side 100 m. The positions of all the actors (nodes, sensors, and jammer) during the following simulations are shown in the supplementary file. The network nodes adopt the LoRa modulation and Long Range Wide Area Network (LoRaWAN) MAC protocol [41], [42]. The operating frequency is set to f 0 = 868.1 MHz and the channel bandwidth is fixed to W = 125 kHz. According to the European regulation EU868, the transmission duty cycle is set to 1% [43]. We then assume that during the sensors observation time T ob , each wireless node transmits one LoRa packet. Before sending the packet, each transmitter randomly selects a spreading factor (SF) between the available ones, from 7 to 12. In general, T ob has to be sufficiently large to include several transmissions in order to ensure sufficient statistical significance of the estimated TE.
The collision event is defined as the overlap between the transmission of two or more signals (including the jammer), as in a collision channel model. The packets are structured according to [42] and [44], using the implicit header mode and Hamming code with rate 4/7. The MAC payload size for each packet is selected randomly in the interval between 1 byte and the maximum payload size allowed by the EU868 regional parameters [43].
Regarding the channel, a power-law path-loss model with exponent α = 4 and log-normal shadowing is considered. The transmit power of the nodes is P TX = 14 dBm according to the EU868 regional parameters, while the jamming signal is a sine wave at 868.1 MHz with power P J = 27 dBm. The receive antenna gain of all the devices (RF sensors and the jammer) is set to 0 dBi and the noise figure is F = 14 dB.
The sensing, attack, and idle times of the jammer are set to T 1 = T 2 = T I = T J = 50 ms, while sensors estimate the energy of the received signal within a time bin T e = 1 ms. Table II summarizes the parameter settings adopted in the processing chain depicted in Fig. 3. The thresholds ξ and ϵ, for transmission detection by the patrol and ED in the jammer, respectively, ensure a false alarm probability p FA = 0.01.

A. Algorithms' Parameter Settings
The quantization-based clustering algorithm proposed in [27] requires the setting of three parameters, the number of bins M 0 and two thresholds J 1 and J 2 that regulate the number of non-negligible bins that have to be considered. We consider J 1 = J 2 = J and set both M 0 and J at 50, i.e., quantization is performed over 50 bins, and if one of them has a number of samples less than 50, it is discarded.
The singular value selection parameterΛ is fixed to 0.01 according to the scree plot approach [37]. The duplicate elimination in the UBSS is carried out with a threshold β = 0.05. Skimming is performed with Γ = 0.001 since the negligible rows ofX are several orders of magnitude lower than the significant ones.
Let us discuss the setting of the UBSS parameter, γ. Since the estimated channel matrix, W, might have duplicated columns, then µ(W) ≃ 1 and γ = 1 from eq. (16). Setting the sparsity constraint to 1 has a direct consequence in the estimation of the sources, clearly portrayed in Fig. 6, in which a scenario with N S = 5 sensors, a single transmitter, and the jammer is considered. In fig. 6, the image above shows the transmitted signals, while in the middle and below the reconstructed sources with and without the dimensionality reduction procedure are depicted, respectively. It is possible to notice how in both cases, the reconstructed signal in blue is fragmented because of the sparsity constraint that imposes that in each column x :,i only one entry has to be nonzero. Hence, in case of a collision, only one of the colliding signals will be correctly estimated in each energy sample. This approach leads to a non-perfect signal reconstruction when collisions arise, but it is tolerable since its impact on the jamming detection is low, as shown in the following simulations. Moreover, Fig. 6 shows how dimensionality reduction allows a more accurate reconstruction of the sources.
The excision filter threshold is set to q = 0.01, while the time lags for TE are set to k max = r max = 8 samples.

B. TE, Cross-Correlation and Impact of Shadowing
As detailed in Section IV, TE is the tool we propose to infer the causality between the jammer and the network nodes. However, a much simpler approach is to use the cross-correlation as an indicator of a possible causal relationship between two time series. In this case, given two reconstructed energy profiles a i,: and a j,: , the cross-correlation is where n indicates the time samples and m is the time lag. For jamming detection through the cross-correlation, it is possible to modify the Algorithm 3 by removing the lines from 4 to 14 corresponding to grid search for TE, while lines 15, 17, In this section, the performance of the complete jammer detection algorithm under different shadowing regimes is discussed, and a comparison between TE and cross-correlation as a measure of causality is given. Fig. 7 shows the receiver operating characteristic (ROC) curves of the proposed methodology in case of different shadowing intensities using both TE and cross-correlation. For this simulation, we deployed N T = 10 transmitters, N S = 5 sensors, and a jammer in the area. The ROC curves are obtained across N MC = 10 4 Monte Carlo iterations in which the traffic profiles generated by the nodes change and the position of all the actors is provided in the attachment. The patrol observation time is T ob = 20 s, in which every node transmits one packet. The packet transmission start times vary so that the number of collisions ranges between 0 and 2 across the Monte Carlo iterations.
Although for low false alarm probabilities, the crosscorrelation ROC is above the TE's, the latter quickly outperforms the former, reaching a probability of detection over 0.9 with a relatively small false alarm probability, even in case of high shadowing regime. Fig. 7 shows that, as expected, an increase in the shadowing intensity degrades the overall performance of the methodology. This is due to a non-correct reconstruction of the transmitted  energy profiles by the UBSS. However, note that TE exhibits robust performance even for σ = 8 dB.
The presented method is compared with a ML-based approach for jamming detection proposed in [23], in which a gradient boosting algorithm is trained using RSS and PDR as features and used to detect and classify the jammer. Since, in our scenario, the PDR is not available at the patrol (it should be part of the network to retrieve such information), we trained the learning model using only RSS to ensure a fair comparison. Fig. 7 includes the performance of both solutions. Since the sensor positions are fixed during the Monte-Carlo iterations, the performance of the ML-based algorithm is optimal when σ(dB) = 0. In this case, RSS is sufficient to detect the presence of the jammer transmitting at high power. However, when increasing shadowing intensity, our algorithm significantly outperforms the existing scheme.

C. Number of Patrol Sensors
In this section, we investigate the minimum number of RF sensors that guarantee a required jammer detection performance. Given N T = 10 transmitters and a jammer with the same positions adopted for Subsection V-B, in Fig. 8 we compute the ROC curve for different number of patrol sensors N S = {4, 5, . . . , 9}. For each of the N MC = 10 4 Monte-Carlo iterations the sensors positions are decided in a random way keeping a minimum distance among them, in particular we set at least 40 m of distance with N S = 4, 30 m for N S = {5, 6, 7, 8}, and 25 m when N S = 9. A limit of at most two collisions among transmitters in T ob = 20 s is considered as in the previous subsection. We consider a shadowing with σ(dB) = 3 both for transmitter/jammer-patrol channel and for transmitter-jammer channel. It is possible to see that from N S = 4 to N S = 7 the performance noticeably increases, while from N S = 7 to N S = 9 it remains constant. Since we tackled the underdetermined case, the number of sensors does not exceed the number of transmitters, which is 10. If more sensors are available, classical overdetermined BSS schemes, e.g., independent component analysis (ICA) can be used [45].
Comparing the ROC curve for σ(dB) = 3 and N S = 5 in Fig. 7 with the corresponding curve in Fig. 8, a drop in performance can be notices. The reason lies in the different setup for patrol sensors: in Fig. 7 sensors have fixed positions chosen for good coverage of the area, while in Fig. 8 at every iteration, their positions change in a random way respecting only a minimum distance, so sometimes unfavorable placement occurs. For the same reason, a complete degradation in performance is observed for the algorithm [23]. Indeed, by changing the positions, there is a loss of information contained in the RSS values used during training.
The same simulation setup is employed to compare the UBSS algorithm in Section III with the original algorithm in [27]. In both cases, the second step of reconstruction of the transmitted energy profiles is performed with OMP, so the difference resides in the estimate of the mixing matrix where in [27] they do not use a transmission detection and dimensionality reduction steps. To underline the different performance, given the matrix Z, we compute the correlation among each row of Z and the original energy profiles in X. The result is a matrix C ∈ R L×(NT+1) where the element c ij is the correlation between the ith estimated source and the jth row of X. From C, only the maximum value of each column is considered to obtain a vector m ∈ R NT+1 that becomes a matrix M ∈ R NMC×(NT+1) , iterating the simulation for N MC = 1000. In Fig. 9, a pixel p i,j depicts the mean of M :,j for a given number of sensors N S = i. This performance metric provides a measurement of similarity among original and estimated energy profiles. p i,j with an high value implies the original profile X j,: is correctly estimated during the N MC iterations for N S = i. In the absence of the jammer, the two methods have comparable performance: the first eight transmitters are estimated with good accuracy, while the reconstruction of the last two, which cause the collision, is affected. In the presence of a jammer, the situation is more interesting because the jamming attack is poorly estimated by the algorithm in [27], while, on the contrary, with our methodology, it is the source estimated at best.

D. Effect of Collisions
As we have seen, since collisions among nodes' packets are a nuisance in the reconstruction stage, it is necessary Fig. 9. Similarity degree among transmitters profiles and estimated sources (the color scale is on the right). Each pixel of the images depicts, for a given N S in the y-axis, the correlation coefficient of two time series: the true energy profile of the transmitter indicated in the x-axis and the corresponding profile estimated via UBSS. Performance of the proposed algorithm in Section III without, (a), and with the jammer,(b). Performance of the algorithm in [27] without, (c), and with the jammer, (d).
to investigate their impact on the performance of the proposed methodology. In particular, there are two aspects to analyze: the consequences of increased collisions and their total absence. This last case summarizes the scheduled access protocols where, since a better reconstruction performance of the UBSS should be expected, then a better jammer detection will occur.
Let us consider N T = 10, N S = 5, a jammer, with fixed positions during simulation equal to Subsection V-B, T ob = 20 s, σ(dB) = 3, and an unique SF= 11. The jammer detection probability is computed for a false alarm probability of 5%, number of collisions N col from 0 to 4, and N MC = 5000 Monte Carlo iterations. With no collisions, a time division multiple access (TDMA) protocol is simulated, so each transmitter sends its packet in a time slot equal to the packet duration, and a guard time of half the packet duration is present among the slots. A collision only occurs between two packets, e.g., N col = 4 and N T = 10 means that 8 packets are involved in the collisions. The results are shown with a orange bar plot in Fig 10. As already mentioned, in a TDMA protocol without collisions, the performance exceeds the other scenarios with a substantial gap. Increasing the collisions, the UBSS performance decrease, however until N coll = 3 the detection probability remains roughly constant and above the 90%.
The red bar plot in Fig 10 is obtained with the same setting but placing N T = 20 and T ob = 30 s. 10 Since the collisions number is unchanged, the sparsity level in Y is the same and the UBSS performance does not degrade. At the same time, instead, the greater presence of packets permits to capture the causal rapport more easily. Regarding N col = 4 and N T = 10 then 80% of the packets are involved in the collisions; with N T = 20 the rate halves at the 40%. Thus, assuming that the collision packets are badly estimated by the UBSS, thanks to the most number of packets, the possibility to remain more faithful to the original sources enhances.

E. Impact of signal-to-jammer ratio (SJR)
This section studies the performance of AvOTE varying the SJR, defined as the ratio between the nodes and the jammer transmit powers. The scenario consists of N T = 10 transmitters, N S = 5 patrol sensors, and a jammer, and for  Fig. 11, the probability of detection for different values of SJR is reported, considering a false alarm probability of 5%. As expected, the detection probability reduces when the SJR grows. In fact, at high SJRs the power received from the jammer becomes comparable to or even less than the ones received from the legitimate nodes. In this situation, the drop in the detection probability is presumably due to the inability of UBSS to separate the jammer profile from the others. However, notice that if the jamming power is low, the effectiveness of the attack is also reduced.

F. Computational Complexity
This section discusses the computational complexity of the proposed jamming detection scheme. To determine the complexity, addition, subtraction, multiplication, and division are valued one floating-point operation (FLOP).
• Transmission detection. Based on (4), each sensor computes the energy profile, so the overall complexity for Algorithm 1 is O(N S N e N 2 d ). Fig. 11. Detection probability as a function of the SJR with different shadowing intensities, σ(dB), and p FA = 5%.
• Estimate of the mixing matrix. Considering loops and operations in Algorithm 2 we achieve a complexity where N R is the number of columns of the largest submatrix R i , i = 1, . . . , I. Row 5 is a quantization-based clustering algorithm that does not contain any multiplications or sums, but comparisons, so its complexity is neglected [27]. • Orthogonal matching pursuit. Based on [46], the complexity of reconstructing the transmitted energy profiles is O(γN S N W N e ). • All-versus-one transfer entropy. The input vectors are sequences of 0s and 1s of length N e , hence, one computation of TE takes O(N e ) [28], [47]. Since TE is calculated inside 3 loops in AvOTE algorithm, the complexity for this step is O Lk max r max N e + L(L − 1) , where the term L(L − 1) is due to the sum in row 3 of Algorithm 3. • Cross-correlation. Adopting fast Fourier transform (FFT) to compute the cross-correlation, the complexity for this version of Algorithm 3 is O LN e log 2 (N e ) . Considering T ob = 20 s and W = 125 kHz, we have N d N e ∼ 10 6 . Hence, the largest term of UBSS complexity is the one related to the computation of the energy. Therefore, the overall complexity of the UBSS can be reduced to O(N S N e N 2 d ).

VI. CONCLUSION
We proposed a novel framework for reactive jammer detection using a patrol of RF sensors external to the network to be protected. Sensors collect the received power computed over short time intervals and share such energy profiles with a FC. A novel UBSS method, grounded on [27], is performed at the FC to separate the transmitted energy profiles from the mixtures received by the sensors. Finally, the TE is adopted as a causal inference test to detect the presence of a reactive jammer. Extensive numerical results proved that our UBSS approach outperforms the reference method in literature, guaranteeing satisfactory reconstruction of the jammer temporal activity profile, and that the overall methodology exhibits excellent performance: up to 99% detection probability in the absence of collisions between user packets, outperforming a state-of-the-art algorithm. To provide a complete investigation of the solution, we demonstrated that performance degradation arises primarily when the sources are poorly reconstructed by UBSS due to high shadowing intensity, an insufficient number of sensors, and in the presence of many collisions.