A Non-Parametric Statistical Approach for ... - Semantic Scholar

This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE ICC 2011 proceedings

A Non-Parametric Statistical Approach for Malicious Users Detection in Cognitive Wireless Ad-Hoc Networks Ferran Adelantado

Christos Verikoukis

Universitat Oberta de Catalunya (UOC) Barcelona, Spain [email protected]

Telecommunications Technological Centre of Catalonia Castelldefels, Spain [email protected]

Abstract—In cognitive wireless ad-hoc networks the cooperative sensing achieves more accurate results than non-cooperative ones. However, it also exposes the network to attacks. In this paper an algorithm based on the non-parametric Kruskal-Wallis test is proposed to detect malicious users without having any a priori knowledge. The algorithm makes use of the existing statistical differences between the cooperative decision and the non-cooperative decisions. Once an attack of malicious users is detected, the Conover-Inman post-hoc method is used to discern between honest and malicious users.

I. I NTRODUCTION The scarcity of spectrum resources, together with the inefficiency of the classical static spectrum allocation paradigm, has encouraged the research community to exploit a new dynamic spectrum allocation paradigm known as Opportunistic Spectrum Sharing (OSS) [1]. The fundamentals of the OSS is the reuse of the primary channels when they are idle. Hence, the new spectrum utilization paradigm relies on the basis of accurate sensing of the licensed spectrum. For such a purpose, the secondary users (SU) sense periodically the primary channels and schedule their transmissions on them when they are detected idle. The cooperation of the SUs during the sensing process, though incurring in additional signaling overhead, improves the accuracy of the primary channels occupancy estimation [2]. However, in cognitive wireless ad-hoc networks, the cooperation between SUs poses additional vulnerabilities. The existence of malicious SUs that provide false sensing information may degrade the performance of the cognitive wireless network. It is necessary, then, to develop mechanisms to detect and discard the sensing information provided by the malicious SUs, thereby preventing the network from such attacks. The importance of the reliability of the SUs at the MAC layer level has attracted the interest of the research community. In particular, [3] is an interesting work where most of the the main OSS security threats, at all layers, are analyzed and referenced. Focusing on the malicious users’ MAC layer attacks, there are two main different strategies to cope with the problem. On the one hand, the processing of the cooperative information in order to mitigate its influence on the final

spectrum occupancy decision, e.g. [4]. On the other hand, the detection and discarding of malicious users [5]- [10]. This paper is a contribution to the latter. Malicious users with non-complex behavior patterns, such as always yes/no strategies [5] or an always false information strategy have been presented in the literature [6]. Moreover, the attack of a single or few SUs could be detected [7]. In the literature, also more complex malicious behavior patterns have been studied, but restrictive assumptions were imposed. In [8] the whole study was based on the assumption that the fusion center was aware of the existence of an attack, and in [9] Wang et al. presented and approach to assign a trust value to each SU. However, misdetection and false alarm probabilities were supposed to be known a priori. Finally, [10] is an outstanding proposal to detect abnormal users where no a priori information on the attackers was assumed. Yet, [10] is based on whether the knowledge of misdetection and false alarm probabilities or on an accurate estimation of them, which may be quite restrictive. In this paper, a new algorithm based on statistical nonparametric methods is proposed. The algorithm is able to detect the existence of an attack and detect, even without having information on the SUs characteristics, the malicious users. The paper is organized as follows: First the problem is modeled in Section II. In Section III the impact of the malicious users is analyzed and in Section IV the detection algorithm is described. Finally, the results of the simulations are explained in Section V. II. S YSTEM MODEL Cognitive wireless ad-hoc networks are usually organized in clusters so as to sense the spectrum cooperatively. We define a cluster as a set of SUs, U = {uk : 1 ≤ k ≤ K}, where one of the users undertakes the role of cluster head. The cluster head tasks imply the coordination of the sensing process, the final occupancy decision and the distribution of the cooperative sensing process result. It is worth mentioning that the cluster head and the rest of the users communicate each other through a Common Control Channel (CCC), which is generally a nonlicensed secondary channel, for cooperative sensing process

978-1-61284-231-8/11/$26.00 ©2011 IEEE


purposes [1]. The cooperative sensing process consist of three phases. First, the cluster head selects what primary channel/s to be sensed during the current sensing process and informs the rest of the SUs. Secondly, the cluster members sense the primary channels and transmit the sensing results to the cluster head whether coordinately or contending for the Common Control Channel. Finally, the cluster head combines the results received from all the SUs, makes a decision on the availability of the sensed channels and distributes the decision among the rest of the SUs, also through the CCC. The protocol used to coordinate the transmissions from the non-cluster head SUs to the cluster head SU is out of the scope of this study. The set of primary channels is denoted by F = {fm : 1 ≤ m ≤ M }. When the cluster head triggers a sensing process, one or several channels contained in F are sensed by the cluster SUs. As the mentioned primary channels are licensed to the primary users (PU), when the cluster head triggers a sensing process the channels might be idle (in case no PUs are transmitting on the channel) or busy (one or several PUs are transmitting on the channel). Accordingly, the stochastic process describing the activity of a channel fm is denoted by am (t), and it is defined such that am (t)=1 if the channel is busy at time t and am (t)=0 if it is idle. We also define dk,m (t) ∈ {0,1} as the hard decision made by the SU uk after the sensing process triggered at time t on fm . Ideally, for a honest SU, dk,m (t)=am (t). However, regardless of the detection method used by the SUs, there is a non-null sensing error probability even for honest SUs and, therefore, P (dk,m (t) = am (t)) =0 [2]. In that sense, the false fa md ) and misdetection (Pk,m ) probabilities for a user alarm (Pk,m uk are defined as fa = P (dk,m (t) = 1|am = 0) Pk,m

(1)

md Pk,m = P (dk,m (t) = 0|am = 1)

(2)

Regarding the malicious users, they may follow two different strategies: - Strategy A: In order to ruin the cognitive network operation, they may share false sensing observations when the channel is detected busy. By doing so, the malicious SUs aim to incur interference on the PUs transmissions. - Strategy B: In order to gain privileged access to the available idle primary resources, they provide erroneous sensing information when the channel is detected idle. Hence, the malicious SUs avoid the contention for the available resources between SUs thereby gaining unfair access. The set of SUs, U , is divided into three subsets. If uk is honest, then we will say that uk ∈ U H . If the user uk is malicious and follows the first strategy, we will say that uk ∈ U A . Finally, if uk is malicious but follows strategy B, then uk ∈ U B , where U =U H ∪U A ∪U B and U H ∩U A ∩U B =∅. Notice that a user in U A may be modeled with higher misdetection probability. Likewise, a user in U B may be modeled with higher false alarm probability.

For three SUs, each one contained in a different subset, uk1 ∈ U H , uk2 ∈ U A and uk3 ∈ U B , it may be assured by definition that = Pkmd < Pkmd Pkmd 1 ,m 3 ,m 2 ,m

(3)

Pkf1a,m = Pkf2a,m < Pkf3a,m

(4)

The cluster head, upon the reception of all the individual decisions, combines them all and decides whether a channel fm is available for opportunistic SUs transmissions or not. The combination scheme function used to obtain the cooperative decision may be written as πC :

⎛ ⎜ ⎝

{0, 1}K

⎞T

−→{0, 1}

d1,m (t) ⎟ .. C ⎠ −→dm (t) . dK,m (t)

(5)

where dC m (t) is the decision made by the cluster head after gathering and combining the decisions generated by all the SUs at time t. The most common combination schemes are the OR and the AND1 operations. Hereafter, the cooperative C C and πAN OR and AND functions will be denoted by πOR D. III. I MPACT OF MALICIOUS USERS When a sensing process is triggered at time t, all the dk,m (t) are generated and delivered to the cluster head. The cluster head could then determine what SUs are more likely to provide false observations and, consequently, classify them as honest or malicious SUs. The problem resides in the knowledge of the real PUs activity for a channel fm , i.e. am (t). The real activity is unknown and dC m (t), which could be seen as an am (t) estimation, may be affected by false sensing information provided by both honest SUs (involuntarily) or malicious SUs (involuntarily and deliberately). Furthermore, the impact of the malicious users on the cooperative decision is unknown since there is not any information related to the number of malicious users nor on the strategy followed by the malicious users. In order to overcome the uncertainty, an exhaustive analysis is presented. A. Analysis of the impact Let us gain insight in the impact of malicious users on the cluster decision with a clarifying example. Consider two SUs, / U H . We assume, only for this example uk1 ∈ U H and uk2 ∈ and for the sake of simplicity, that the sensing of the honest SUs is ideal and, therefore, dk1 ,m (t)=am (t) for ∀t. With regard to the malicious SU, uk2 , we consider that at time t it transmits false information, dk2 ,m (t), and so dk2 ,m (t) = am (t). Accordingly, there are two possibilities: the malicious user manages to alter the cluster decision or it does not. If dC m (t) varies as a consequence of dk2 ,m (t), then dC m (t) = dk2 ,m (t) = dk1 ,m (t). Otherwise, dC m (t) = dk1 ,m (t) = dk2 ,m (t). 1 The OR and AND functions are bitwise functions. The OR function result is 1 when at least one of the entries is equal to 1. The AND function result is 1 only when all the entries are equal to 1.


Based on the example above, we define a function δk,m (t) : {0, 1}2 → {0, 1} as 1 If dC m (t) = dk,m (t) δk,m (t) = (6) 0 Otherwise If the time elapsed between two consecutive sensing processes is denoted by TS , we define Dk,m (t) as the avergae number of differences between the sensing result of a user uk , i.e. dk,m (t), and the cluster decision made by the cluster head, dC m (t), along the last L sensing processes. Dk,m (t) =

L−1 1 δk,m (t − qTS ) L q=0

(7)

In order to illustrate the effect of the SU characteristics on Dk,m (t), a simple example is shown. In the following example am (t) is modeled as an ON-OFF Markovian process. In particular, P (am (t) = am (t − TS ))=0.8 and P (am (t) = C , is am (t − TS ))=0.2. The OR cooperative function, i.e. πOR used and the parameter L is set to 5. The cluster is made up by 10 SUs, one of them undertaking the role of cluster head. fa fa md md = Pk,m = 0.1 if uk ∈ U H , Pk,m = 0.5 and Pk,m = 0.1 Pk,m fa A md B if uk ∈ U , and Pk,m = 0.1 and Pk,m = 0.5 if uk ∈ U . The probability mass function fDk,m (d) is numerically calculated for different combinations of U H , U A and U B users. In Fig. 1 the number of U A users is always the same as the number of U B users (|U A |=|U B |, where | · | stands for the set cardinality operator). Therefore, the 3-tuple (|U H |,|U A |,|U B |) is (2,4,4), (4,3,3), (6,2,2) and (8,1,1).

A. Kruskal-Wallis theoretical basis Given a set of K random variables, there are statistical methods to decide whether the random variables are generated by a single population or not. As the normality assumption may not be accepted since it is too stringent, a non-parametric method is required. Hereafter, the non-parametric one-way Kruskal-Wallis method [11] is presented as a technique to detect and discard the malicious SUs in a cognitive wireless network. In particular, the Krsukal-Wallis test determines whether the K random variables have been generated by a single population (H0 or null hypothesis) or by more than a single population (H1 or alternative hypothesis). Indeed, it is an analysis of the Dk,m (t) medians, namely θk,m . The hypothesis may be expressed as H0 : θ1,m = θ2,m = . . . = θK,m (8) H1 : θk1 ,m = θk2 ,m for at least one k1 = k2 Notice that according to (7), in order to generate Dk,m (t), L sensing processes are required and the time elapsed is then TD = LTS . For the analysis proposed hereafter, Q samples of Dk,m (t) will be needed, and the time required to collect them is TKW = QTD . As the non-parametric methods are based on the rank of the data, we denote the rank of Dk,m (t) by rk,m (t) [11]. According to the Kruskal-Wallis test, the test statistic Hm (t) for the Kruskal-Wallis procedure is defined as

K Rk,m (t)2 KQ(KQ + 1)2 1 − (9) Hm (t) = Sm (t)2 Q 4

0.6

0.6

0.5

0.5

fDk,m (d)

fDk,m (d)

k=1

0.4 0.3

0.2

0.1

0.1 (8,1,1) 0.2

(6,2,2)

Rk,m (t) =

0.3

0.2

0 0

where

0.4

(4,3,3)

0.6

0 0 (6,2,2) (4,3,3)

0.6 0.8

1

(2,4,4)

(|U H |, |U A |, |U B |)

(a) when uk ∈ U A Fig. 1.

(10)

(8,1,1) 0.2

0.8

Dk,m (t)

rk,m (t − qTD )

q=0 0.4

0.4

Q−1

1

(2,4,4)

Dk,m (t)

(|U H |, |U A |, |U B |)

(b) when uk ∈ U B

Probability mass function of a SU uk .

It may be observed in Fig. 1 that important differences in the probability mass function arise depending on the behavior of the malicious SU, i.e. strategy A or B. Therefore, the example suggests that malicious SUs might be detected by comparing Dk,m (t). IV. M ALICIOUS USERS DETECTION The system may be seen as a set of K random variables, namely Dk,m (t), generated by three possible different populations: the honest users population, the malicious strategy A users population and the malicious strategy B users population. Each population is characterized by the false alarm and misdetection probabilities. Thus, given a set of K random variables, Dk,m (t) with 1 ≤ k ≤ K, and assuming that there is at least one user uk ∈ U H , if the number of populations that generate the K random variables is bigger than 1 it may be concluded / UH. that there is at least one user uk1 such that uk1 ∈

Sm (t)2 =

K Q−1 rk,m (t − qTD )2 k=1 q=0

KQ

−

(KQ + 1)2 4

(11)

If the cumulative distribution function of a chi-square random variable with K-1 degrees of freedom is denoted by Fχ2K−1 (x), the null hypothesis is rejected if α > 1 − Fχ2K−1 (Hm (t))

(12)

where α is the level of significance. If the null hypothesis is accepted, all the Dk,m (t) samples are presumed to be generated by the same population and malicious users are not detected. On the contrary, if H0 is rejected, it is presumed that there exist more than a single population and some malicious users must be discarded. B. Conover-Inman theoretical basis In non-parametric methods, some post-hoc tests are intended to implement pairwise comparisons to detect whether differences between samples of two random variables are significant or not. A common procedure used with Kruskal-Wallis method is the Conover-Inman procedure [11]. According to


the Conover-Inman procedure, the difference between two medians θk1 ,m and θk2 ,m is significant if |Rk1 ,m (t) − Rk2 ,m (t)| > tKQ−K,1− α2 λm (t)

(13)

where tKQ−K,1− α2 is a quantile from the Student’s tdistribution on KQ-K degrees of freedom and a level of significance 1-α/2, and KQ − 1 − Hm (t) (14) λm (t) = 2QSm (t)2 KQ − K C. Set error definition Let define the estimation of the mean squared error of a SU uk as 2 e k (t) = E[(dk,m (t) − a (15) m (t)) ] where a m (t) is the estimation of am (t). The optimum estimator a m (t) should minimize the error with respect to am (t). However, as no assumptions on the channel activity are done, it is not possible to find the estimator that minimizes the error. Notice that, by definition, when the OR combination scheme function is applied, the cluster decision reduces the probability of interfering the transmissions of the PUs, but the probability of misdetecting a transmission opportunity rises. On the contrary, when the AND combination scheme function is applied, the SUs increase the transmission opportunities detection though, at the same time, the collision probability grows. Therefore, we propose the MAJORITY combination C scheme function2 , namely πM AJ , since it is more robust against false information than AND and OR functions. From C C C , where dC is the dC now on a m (t)=dm (t)|πM m (t)|πM m (t) AJ AJ C resulted from applying πM AJ . Using (15), we may also define the averaged estimation of the mean squared error for a set. Hence, given a set of users denoted by Sn , the averaged estimation of the mean squared error is defined as 1 e k (t) (16) e Sn (t) = |Sn | ∀k uk ∈Sn

D. Algorithm implementation The implementation of the Kruskal-Wallis based algorithm is carried out as follows: Kruskal-Wallis: - After the distributed sensing, the cluster head gathers the information delivered by the rest of the SUs, dk,m (t), and makes a final decision, dC m (t), by using the AND or the OR combination scheme. - Every time the cluster head gathers L samples of a SU, a Dk,m sample is computed. - When Q samples of Dk,m for each SU are computed, if (12) is accomplished, malicious users are detected and the Conover-Inman process is triggered. 2 The MAJORITY function is defined as a function whose result is 1 if more than half of the entries are equal to 1, and 0 otherwise.

Conover-Inman: - All the SUs are ordered according to Rk,m (t). - From the smallest Rk,m (t) to the biggest Rk,m (t), if (13) is true for two consecutive SUs, then they are considered to be of a different type (they have different fa md and Pk,m ). Otherwise characteristics in terms of Pk,m they are considered to be of the same type. By doing so, the K SUs are split up into N subsets, namely Sn with 1 ≤ n ≤ N ≤ K. All the SUs in Sn have the same characteristics according to (13). eSn (t)}], and con- Finally, it is inferred that U H =arg[min{ / U H are discarded. sequently all the SUs such that uk ∈ V. S IMULATION RESULTS The scenario proposed for simulation consists of 15 SUs. A single primary channel is considered and the activity, am (t), is modeled as a two-state discrete Markov process with 1.0 sec expected busy and idle periods duration time. The time between two consecutive sensing processes is TS =100 msec. Honest and malicious users are characterized by the false alarm and misdetection probabilities shown in Table I. TABLE I H ONEST AND MALICIOUS USERS CHARACTERIZATION

fa Pk,m md Pk,m

Honest

Strategy A

Strategy B

0.1 0.1

0.1 > 0.1

> 0.1 0.1

First simulations are intended to highlight the impact of parameters L (the number of samples required to generate Dk,m ) and Q (the number of Dk,m variables required to trigger the Kruskal-Wallis test) on the probability of detecting the existence of malicious users, i.e. the probability of accepting H1 . Hereafter, such probability will be referred to as P (H1 ). In Fig. 2, 10 honest SUs and 5 malicious SUs are simulated with α=0.1. Fig. 2(a) plots P (H1 ) as a function of Q and L md =0.3 and when malicious users apply strategy A, their Pk,m C the combination function is πOR whereas Fig. 2(b) depicts the same scenario when malicious users apply strategy B, fa C =0.3 and the combination function is πAN their Pk,m D . It may be observed that in both cases the results are reasonably symmetrical and, therefore, P (H1 ) depends on the product QL rather than on Q and/or L. Moreover, with appropriate Q and L values the detection probability, P (H1 ), may achieve levels close to 1. However, it is also true that there is a trade-off between QL and the detection delay. The higher the product QL is, the higher the detection delay is. Malicious users might alter the cluster decision as long as they are not detected. Therefore, a delay in the malicious SUs detection might result in unreliability of the cluster decision for longer time. It has been shown in Fig. 2 that the algorithm is able to detect the existence of malicious users in simple scenarios. Now, a more complex scenario is proposed, where 5 honest users, 5 malicious users with strategy A and 5 malicious users with strategy B are simulated. Regarding the algorithm C are used. parameters, L=15, Q=35 and πOR

1

1

0.8

0.8

P (H1 )

0.6 0.4 0.2

arises. In such cases, high α leads to better malicious SUs existence detection probability but, at the same time, increases the probability of making a mistake when classifying the SUs.

0.6 0.4 0.2

0

0 50 40

40

50 40

30

Q

10

50 30

20

20 10

40

30

30

20

Q

L

(a) malicious SUs apply strategy A and the cluster head C uses πOR

10

20 10

(b) malicious SUs apply strategy B and the cluster C head uses πAN D

Fig. 2. Probability of detecting the existence of the malicious users, P (H1 ), with 10 honest SUs and 5 malicious SUs.

Fig. 3 depicts P (H1 ) as a function of α for different malicious attacks intensity. The intensity of the attacks is determined by the false alarm and misdetection probabilities of the malicious users. For the sake of clarity, in this scenario md of malicious users applying strategy A we assume that Pk,m fa is the same than Pk,m of malicious users applying strategy B, and both of them will be denoted by PI . Accordingly, fa md =Pk,m =0.1 if if it is said that PI =0.2, it means that Pk,m fa H md A uk ∈ U , Pk,m =0.2 and Pk,m =0.1 if uk ∈ U , and finally fa md =0.1 and Pk,m =0.2 if uk ∈ U B . Fig. 3 shows that when Pk,m PI =0.2, malicious users are hardly detected with low α due to differences between malicious and honest users are small and, consequently, the significance level restriction must be relaxed. When differences between honest and malicious users grow (PI =0.3), the existence of malicious users is detected regardless of α. 1.2

1

P (H1 )

0.8

0.6

0.4

PI =0.2 PI =0.3

0.2

0

0.01

0.05

0.1

α

0.15

2

L

0.2

Fig. 3. Probability of accepting H1 hypothesis with |U H |=5, |U A |=5, C . |U B |=5 and πOR

Once the attack of malicious users is detected, the algorithm should be able to sort out the malicious users. Fig. 4 shows, once the attack is detected, the expectations of the number of honest SUs erroneously discarded, denoted by nH , and the number of malicious SUs correctly discarded, denoted by nA + nB . It may be observed that, when the intensity of the attack is high, the number of honest SUs erroneously discarded tends to 0 as α grows whereas the number of discarded malicious users tends to 10 (the overall number of malicious SUs). When the intensity of the attack decreases, not all the malicious users may be discarded. Moreover, the number of honest SUs erroneously discarded grows as α is increased. Accordingly, the algorithm is robust to detect the malicious users. The key point is that, when the attack intensity is low, a trade-off between the probability of an attack detection and the number of SUs erroneously discarded/not discarded

PI =0.2 PI =0.3 PI =0.4

10

1.5

8

E[nA + nB ]

50

E[nH ]

P (H1 )


1

6

4

PI =0.2 PI =0.3 PI =0.4

0.5 2

0

0.01

0.05

0.1

α

0.15

0.2

(a) Expectation of the number of honest users discarded, E[nH ]. Fig. 4.

0

0.01

0.05

0.1

α

0.15

0.2

(b) Expectation of the number of malicious users discarded, E[nA + nB ]

SUs discarded after the Conover-Inman test.

VI. C ONCLUSIONS A new robust algorithm to detect malicious users in cognitive wireless ad-hoc networks has been proposed. The algorithm implementation is not based on a priori knowledge neither of the PUs activity nor of the malicious and honest SUs. Results show that the proposed algorithm is able to effectively detect the malicious users without a priori information. ACKNOWLEDGMENT This work has been funded by the Research Projects GREENET (264759) and CO2Green (TEC2010-20823). R EFERENCES [1] I. Akyildiz, W. Lee, M. Vuran, and S. Mohanty, “Next generation/dynamic spectrum access/cognitive radio wireless networks: a survey,” International Journal of Computer and Telecommunications Networking, vol. 50, pp. 2127–2159, September 2006. [2] T. Yucek and H. Arslan, “A survey of spectrum sensing algorithms for cognitive radio applications,” IEEE Communications Surveys and Tutorials, vol. 11, pp. 116–130, March 2009. [3] S. Arkoulis, L. Kazatzopoulos, C. Delakouridis, and G. Marias, “Cognitive spectrum and its security issues,” Next Generation Mobile Applications, Services and Technologies, pp. 565 – 570, September 2008. [4] Q. Zhu, Z. Han, and T. Basar, “No-regret learning in collaborative spectrum sensing with malicious nodes,” IEEE International Conference on Communications, pp. 1–6, July 2010. [5] S. Xu, Y. Shang, and H. Wang, “Double thresholds based cooperative spectrum sensing against untrusted secondary users in cognitive radio networks,” IEEE Vehicular Technology Conference, pp. 1–5, June 2009. [6] T. Zhao and Y. Zhao, “A new cooperative detection technique with malicious user suppression,” IEEE International Conference on Communications, pp. 1–5, June 2009. [7] W. Wang, H. Li, Y. Sun, and Z. Han, “Attack-proof collaborative spectrum sensing in cognitive radio networks,” Annual Conference on Information Sciences and Systems, pp. 130–134, June 2009. [8] P. Anand, A. Rawat, H. Chen, and P. Varshney, “Collaborative spectrum sensing in the presence of byzantine attacks in cognitive radio networks,” International Conference on Communication Systems and Networks, pp. 1–9, January 2010. [9] W. Wang, H. Li, Y. Sun, and Z. Han, “Catchit: Detect malicious nodes in collaborative spectrum sensing,” IEEE Global Telecommunications Conference, pp. 1–6, November 2009. [10] H. Li and Z. Han, “Catching attacker(s) for collaborative spectrum sensing in cognitive radio systems: An abnormality detection approach,” IEEE Symposium on New Frontiers in Dynamic Spectrum, pp. 1–12, April 2010. [11] J. Dickinson and S. Chakraborti, Nonparametric statistical Inference. Marcel Dekker Inc., 2003.