CN101977384A - Active protection method of wireless MESH network intrusion based on signal detection - Google Patents
Active protection method of wireless MESH network intrusion based on signal detection Download PDFInfo
- Publication number
- CN101977384A CN101977384A CN201010526564.0A CN201010526564A CN101977384A CN 101977384 A CN101977384 A CN 101977384A CN 201010526564 A CN201010526564 A CN 201010526564A CN 101977384 A CN101977384 A CN 101977384A
- Authority
- CN
- China
- Prior art keywords
- invasion
- blacklist
- attack
- gray list
- listening state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Burglar Alarm Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to an active protection method of wireless MESH network intrusion based on signal detection, which is as follows: after an accessed mesh router (MR) founds the attack of an invasion microcomputer (MC) by using an invasion detection technology, the MR enters a corresponding detection response state, namely the MR records the invasion MC into the blacklist of the MR and then spreads out the information of the invasion MC; and surrounding MRs enter a continuous monitoring state and take corresponding measures after receiving the broadcast of the blacklist. When the invasion MC escapes, part of the MR in the continuous monitoring state continues to broadcast the information of the invasion MC, so that no matter how the intrusion MC escapes, the MC can always be surrounded by a mobile firewall once the attack behavior of the invasion MC is found, thus maximally eliminating the adverse influence of the invasion MC on network to ensure normal operation of the network, and simultaneously greatly reducing the network source consumed by active prevention. The method of the invention is carried out automatically during the whole process without manual intervention, thus realizing real-time active invasion prevention.
Description
Technical field
The present invention relates to a kind of active means of defence of invading, belong to the safe practice field of network service based on the Wireless MESH network of acquisition of signal.
Background technology
The broadband wireless network that wireless mesh MESH network WMN (Wireless Mesh Network) is a kind of multi-hop, have self-organizing and self-healing characteristics.Each node in the Wireless MESH network is realized interconnecting in the wireless multi-hop mode by other adjacent network nodes.Node in this network is divided into two classes: a class is terminal node MC (Mesh Client), and another kind of is mesh router MR (Mesh Router).MC can be notebook computer, PDA, Wi-Fi mobile phone, RFID reader and wireless senser or controller etc., and MC can have higher mobility as the node among the Ad hoc.The position relative fixed of MR is responsible for connecting terminal node M C, realizes the network insertion of MC; Simultaneously, part MR also has gateway function, is responsible for connecting the Internet network.Therefore, as long as mesh router MR can be in any wide-area deployment, Wireless MESH network just can be realized large-scale covering.
When Wireless MESH network was used widely, the safety guarantee of Wireless MESH network also became and becomes more and more important.The strategy of existing guarding network invasion mainly contains intrusion detection and intrusion response technology.Intrusion Detection Technique is to determine the invader by the analysis node behavior, according to the detection technique of concrete application, can be divided into again two kinds of intrusion detections based on feature and anomaly-based.At the different attack meanses in the network (as attacks such as inundation, black hole, worm holes), adopt special Intrusion Detection Technique just can exactly the assailant be identified.But up to now, the research of Wireless MESH network safety mainly concentrates on Intrusion Detection Technique, and the technology that how to realize intrusion response under the Wireless MESH network environment yet there are no pertinent literature and delivers.
As everyone knows, Intrusion Detection Technique is passive defensive measure, and it can not eliminate the invador effectively.In Wireless MESH network, after invasion MC is successfully detected,, can avoid blocking of detection node by large-scale escape or transfer because of it possesses high dynamic, then, this invasion MC begins a new round to other node again and attacks.At this moment, can only re-execute new intrusion detection, both lose time, energy and financial resources, more can not guarantee network security.In order fundamentally to eliminate intrusion behavior, need in the network to introduce necessary intrusion response strategy, so that after detecting the invader, implement immediately necessary response mechanism, thereby avoid again carrying out the needs of new intrusion detection.
In wireless Ad hoc network, adopt blacklist the whole network broadcast mechanism to realize intrusion response usually; Promptly after detection node detects the invador, generate at once and the corresponding blacklist message of attack node, then, the whole network broadcasting by the blacklist message, the whole network node is obtained attack the existence and the identity information thereof of node, and then take to reject with the route and the data message (when attacking) of forwarding attack node or stop to send the responsive measures of various replies such as its all packets (at black hole attack time) as intermediate node at snowslide.This intrusion response strategy is so that remove all the other outer most of nodes of monitoring node and can both know in advance the invader and take corresponding defensive measure, avoided the expense that again detects and to the harm of network security, thereby eliminates invader's harm from root.
For high mobility and the wireless Ad hoc network that is limited in scope, the technical measures of above-mentioned this intrusion response are to satisfy the fail safe of intrusion response mechanism and the requirement of high efficiency.But, for large-scale Wireless MESH network, the realization of this technical measures not only can bring the huge unnecessary message and the expense of transmission thereof, and, under the situation that a plurality of invadors are taken place, also can bring adverse effect to normal network service traffic.Therefore unsatisfactory in the practical application in Wireless MESH network.Therefore, how above-mentioned intrusion response technology is carried out Improvement and perfection, just become the in the industry new focus of scientific and technical personnel's concern.
Summary of the invention
In view of this, the objective of the invention is at above-mentioned the deficiencies in the prior art, a kind of active means of defence of invading based on the Wireless MESH network of acquisition of signal is provided, The present invention be directed at present that the most common backbone network MESH network configuration: MC is the access that realizes the Internet by MR, and at the invador be that node is attacked in the invasion of high mobility in the MESH network.Detection method of the present invention is carried out by MR, can not produce any influence and adjection to MC, after MR detects invasion attack node, utilize the sign of the signal strength signal intensity of invasion MC as invasion MC existence, and, along the mobile route of invasion MC, MR broadcasting blacklist message, make each MR can be informed the existence of invasion MC, and stop its access by early warning.Thereby around invasion MC, form mobile fire compartment wall together, with its encirclement and be isolated from network, thoroughly eliminate the network intrusions behavior.
In order to reach the foregoing invention purpose, the invention provides a kind of active protection method of invading based on the Wireless MESH network of acquisition of signal, it is characterized in that: after the mesh router MR employing Intrusion Detection Technique discovery invasion MC offensive attack of node M C access is attacked in invasion, this MR just enters corresponding detection responsive state: will invade the access that MC charges to the blacklist of oneself and blocks it, and outwards propagate this invasion MC information again; After MR on every side receives blacklist broadcasting, enter lasting listening state and take corresponding measure; When invasion MC escapes, be in the information that the part MR that continues listening state can continue outwards to propagate this invasion MC, thereby so that after in a single day the attack of this invasion MC be found, no matter how it escaped, the fire wall that all can be moved all the time surrounds; Thereby eliminate to greatest extent this invasion MC to the adverse effect of network, so that network can keep running well, simultaneously, greatly reduce the Internet resources that initiatively protect required consumption.
Described method comprises the steps: at least
(1) MR of invasion attack node M C access detects this invasion MC by Intrusion Detection Technique, just will invade the MC information recording/in the access of the blacklist of oneself and this invasion of blocking-up MC, so that the attack of this invasion MC obtains temporary transient prevention;
(2) described MR adopts one to jump the broadcasting blacklist, should invade MC information notification neighbours MR, and this MR enters lasting listening state simultaneously, in order to find that this invasion MC again during offensive attack, blocks and avoid expense and the time delay of secondary detection at once;
(3) after neighbours MR receives the blacklist of broadcasting, this is invaded the MC information recording/in the gray list of oneself, and enter lasting listening state, begin to monitor the signal strength signal intensity of this invasion MC, in order in advance the attack of this invasion MC is watched out for, and at its close rear execution Initiative Defense; At this moment, the MR around this invasion MC has been in lasting listening state, and namely each MR will invade MC and put into blacklist or the gray list of oneself, so that this invasion MC is surrounded by the fire wall around it, can't implement its attack.
Described method further comprises the steps: after invasion MC moves
(5) after described invasion MC moves into certain MR communication range that is in lasting listening state, when this MR monitors the signal of this invasion MC, just according to the requirement that continues listening state, change it over to oneself blacklist, and initiatively its attack is blocked;
(6) this MR one jumps the broadcast transmission blacklist, and this invasion MC information early warning is informed own neighbor router MR on every side;
(7) each neighbor router MR will invade MC and put into the gray list of oneself, and enter lasting listening state, thereby in advance this invasion MC be taked to watch out for measure, and at its close rear execution Initiative Defense; Like this, each MR around the invasion MC after mobile will invade MC and put into separately blacklist or gray list, and be in lasting listening state, thus outside this invasion MC that moves the mobile fire wall of formation.
Described method is carry out to be detected and corresponding measure by the router MR in the Wireless MESH network, has no requirement and does not produce any impact for terminal node MC; Each MR is responsible for safeguarding two malicious attack nodes lists: blacklist and gray list.
Described blacklist is used to write down detected all the invasion MC of MR, and these invasions MC comprises two classes: this MR oneself detects, or by the blacklist that receives other MR broadcasting know, its invasion signal confirms by self detecting again; Described gray list is used to write down MR and knows but the temporary transient invasion MC that does not detect its invasion signal to attack as yet by the blacklist broadcasting that receives other MR.
Whether described method is positioned at blacklist or the gray list of this MR according to MC, and MR takes respectively two kinds of defence methods for this MC: detect responsive state or lasting listening state;
Described detection responsive state is MR for the response after detecting the response behind the invasion MC and receiving the blacklist of broadcasting; When MR detects certain MC that is connected with it and has malicious attack, earlier this MC is charged to the blacklist of oneself and block its access, one jump the broadcast transmission blacklist then, with the neighbours MR around informing; When neighbours MR receives the blacklist of this broadcasting, with the gray list that the invasion MC of broadcasting report is recorded to oneself, if its gray list has been shown this MC, then do not do change and enter lasting listening state;
Described lasting listening state is MR for the monitoring of the invasion MC in own blacklist and/or the gray list and the response after detecting the invasion signal: MR real-time listening ambient signals, when finding that reception or the packet of monitoring are to be derived from the invasion MC that is arranged in blacklist and/or gray list, then do not give its access; And, if the source of this invasion MC is gray list, just change it over to blacklist, and a jumping broadcast transmission blacklist, to notify own neighbours MR on every side.
The present invention is based on the active protection method of the Wireless MESH network invasion of acquisition of signal, this method is after detecting the invasion node, only carry out the locally broadcast of blacklist, and broadcasting area is controlled in the jumping, so both avoided the great expense incurred of the whole network broadcasting, around the invasion node, formed again on together " fire wall ".And after the invasion node is escaped, utilize effect and the conversion of blacklist and gray list, so that each MR takes to broadcast blacklist along the mobile route continuation of invasion node locally, so that " fire wall " progressively enlarges, thereby form together " mobile fire wall ", to invade node and isolate from up hill and dale beyond the network, can't produce attack function.
Compared with prior art, the present invention has following beneficial effect: can find in real time and the initiatively attack of blocking-up invasion node, ensure safety and the normal operation of Wireless Mesh knitmesh network.The present invention comprehensively adopts intrusion detection and two kinds of technology of intrusion response, and, response expense localization, mobile fire compartment wall just forms around the invasion node, has saved the expense of blacklist broadcasting packet greatly and has alleviated its influence that network regular traffic flow is brought.Therefore, the present invention has good popularization and application prospect.
Description of drawings
Fig. 1 is the active means of defence operating procedure flow chart that the present invention is based on the Wireless MESH network invasion of acquisition of signal.
Fig. 2 is the detection responsive state schematic diagram in the inventive method.
Fig. 3 is the lasting listening state schematic diagram in the inventive method.
Fig. 4 is the result schematic diagram behind the invasion node offensive attack.
After Fig. 5 is the invasion node motion, the mobile fire compartment wall of formation also will be invaded the isolated result schematic diagram of node.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and Examples.
The present invention is based on the active protection method of the Wireless MESH network invasion of acquisition of signal, after being invasion node M C offensive attack, after the mesh router MR that is inserted by this MC adopts Intrusion Detection Technique to find, this MR just enters corresponding detection responsive state: will invade the access that MC charges to the blacklist of oneself and blocks it, and outwards propagate this invasion MC information again; After MR on every side receives blacklist broadcasting, enter lasting listening state and take corresponding measure; When invasion MC escapes, be in the information that the part MR that continues listening state can continue outwards to propagate this invasion MC, thereby so that after in a single day the attack of this invasion MC be found, no matter how it escaped, the fire wall that all can be moved all the time surrounds; Thereby eliminate to greatest extent this invasion MC to the adverse effect of network, so that network can keep running well, simultaneously, greatly reduce the Internet resources that initiatively protect required consumption.
Referring to Fig. 1, introduce the operating procedure of the inventive method:
(1) MR of invasion attack node M C access detects this invasion MC by Intrusion Detection Technique, just will invade the MC information recording/in the access of the blacklist of oneself and this invasion of blocking-up MC, so that the attack of this invasion MC obtains temporary transient prevention.
(2) described MR adopts one to jump the broadcasting blacklist, should invade MC information notification neighbours MR, and this MR enters lasting listening state simultaneously, in order to find that this invasion MC again during offensive attack, blocks and avoid expense and the time delay of secondary detection at once.
(3) after neighbours MR receives the blacklist of broadcasting, this is invaded the MC information recording/in the gray list of oneself, and enter lasting listening state, begin to monitor the signal strength signal intensity of this invasion MC, in order in advance the attack of this invasion MC is watched out for, and at its close rear execution Initiative Defense; At this moment, the MR around this invasion MC has been in lasting listening state, and namely each MR will invade MC and put into blacklist or the gray list of oneself, so that this invasion MC is surrounded by the fire wall around it, can't implement its attack.
After invasion MC moved, the inventive method also comprised following operating procedure:
(5) after described invasion MC moves into certain MR communication range that is in lasting listening state, when this MR monitors the signal of this invasion MC, just according to the requirement that continues listening state, change it over to oneself blacklist, and initiatively its attack is blocked.
(6) this MR one jumps the broadcast transmission blacklist, and this invasion MC information early warning is informed own neighbor router MR on every side.
(7) each neighbor router MR will invade MC and put into the gray list of oneself, and enter lasting listening state, thereby in advance this invasion MC be taked to watch out for measure, and at its close rear execution Initiative Defense; Like this, each MR around the invasion MC after mobile will invade MC and put into separately blacklist or gray list, and be in lasting listening state, thus outside this invasion MC that moves the mobile fire wall of formation.
The present invention is each technical measures of being carried out intrusion detection and intrusion response by the router MR in the Wireless MESH network, has no requirement and does not produce any influence for terminal node MC; Each MR is responsible for safeguarding two malicious attack nodes lists: blacklist and gray list.Wherein blacklist is used to write down detected all the invasion MC of MR, and these invasions MC comprises two classes: this MR oneself detects, or by the blacklist that receives other MR broadcasting know, its invasion signal confirms by self detecting again.Gray list is used to write down MR and knows but the temporary transient invasion MC that does not detect its invasion signal to attack as yet by the blacklist broadcasting that receives other MR.
Whether be positioned at blacklist or the gray list of this MR according to MC, the MR in the inventive method takes respectively two kinds of defence methods for this MC: detect responsive state or lasting listening state.
Referring to Fig. 2, introduce to detect responsive state: this state is MR for the response after detecting the response behind the invasion MC and receiving the blacklist of broadcasting; When MR detects certain MC that is connected with it and has malicious attack, earlier this MC is charged to the blacklist of oneself and block its access, one jump the broadcast transmission blacklist then, with the neighbours MR around informing; When neighbours MR receives the blacklist of this broadcasting, with the gray list that the invasion MC of broadcasting report is recorded to oneself, if its gray list has been shown this MC, then do not do change and enter lasting listening state
Referring to Fig. 3, introduce and continue listening state: it is the response after MR monitors the invasion MC in own blacklist and/or the gray list and detects the invasion signal: MR real-time listening ambient signals, when finding that reception or the packet of monitoring are to be derived from the invasion MC that is arranged in blacklist and/or gray list, then do not give its access; And, if the source of this invasion MC is gray list, just change it over to blacklist, and a jumping broadcast transmission blacklist, to notify own neighbours MR on every side.。
In sum, because Wireless MESH network is intended to provide large-scale access to MC, so the design feature of Wireless MESH network is to have certain density, can guarantee that namely the communication range between any two adjacent MR can realize that zero-clearance connects.Thereby as long as invade MC in case by the discovery that MR detects that it inserted, so, in its moving process, the MR of close this invasion MC must be informed in advance, thereby not needed to re-start an intrusion detection.
For example, topological diagram referring to an application shown in Figure 4 Wireless MESH network embodiment of the present invention, in this Wireless MESH network, have 16 MR nodes, from MR1 to MR16, for more clearly explanation, in Fig. 4, only listed invasion MC (representing it with small circle among the figure), and omitted other MC node near MR10.
Whether the MR (referring to Fig. 2) that is in the detection responsive state detects its neighbor node on every side constantly unusual action.Each MR independently has basic intrusion detection feature, detects such as passing threshold voluntarily and finds the flood attack node.When MR detects certain MC that is connected with it and has malicious attack, at first this node will be charged in the own blacklist, and blocking-up gives its access.This MR sends a blacklist of jumping and broadcasts to notify own neighbours MR on every side then.Simultaneously, enter lasting listening state.Other MR that are in the detection responsive state need record the invador of this broadcasting report in the gray list of oneself after the blacklist broadcasting that receives from neighbours MR; Simultaneously, enter lasting listening state.
In Fig. 4, be in the node that continues listening state and judge for the source of the packet of receiving or listening to, when the sender who finds packet is the invasion MC that comes from blacklist and/or the gray list, then it is abandoned.And, if this invasion MC derives from gray list, just it is transferred in the blacklist, send again one and jump the blacklist of broadcasting, to notify own neighbours MR on every side.
Referring to Fig. 4 and shown in Figure 5,
Expression MR will invade node A and charge in the blacklist,
Expression MR charges to node A in the gray list,
The expression broken link connects.In case when the invasion attack takes place in wireless Mesh netword (be illustrated as invasion MC and insert MR10, and the beginning offensive attack), the present invention can detect in time invasion MC and form fire wall one on every side at it, surrounds them.
Referring to Fig. 4, the embodiment operating procedure of introducing the inventive method is as follows:
(1) MR10 detects invasion MC by Intrusion Detection Technique, this invasion node A is recorded in the blacklist of oneself, and the access of blocking-up node A, so that invader's attack obtains temporary transient prevention.
(2) MR10 sends a jumping blacklist broadcasting and informs neighbours MR, and enters lasting listening state, and this state is blocked behind the discovery invader at once, has avoided the needs of secondary detection.
(3) each neighbor node MR{691114} is after receiving blacklist broadcasting, node A is recorded in the gray list of oneself, and enter lasting listening state, the signal strength signal intensity of beginning monitoring node A, thereby in advance the invador is watched out for, after it is close, carry out the active defence.
(4) the node A when being positioned at Fig. 4 is at the communication range of MR6 and MR9, they can monitor the signal strength signal intensity of node A by monitoring, according to the requirement that continues listening state, MR6 and MR9 transfer to node A in the blacklist of oneself, send one simultaneously and jump blacklist broadcasting, the neighbor node around the early warning oneself once more.
(5) each neighbor node MR{2,5,7,13} is after receiving blacklist broadcasting, and A puts into gray list with node, and begins to detect its signal strength signal intensity, thereby in advance the invador is watched out for, and carries out the active defence after it is close.
At this moment, the MR around the invasion node A has been in lasting listening state, promptly all node A has been put into blacklist or gray list.Invasion node A is enclosed among one fire wall at this moment.
In wireless Mesh netword, behind the invasion node attack and when mobile (invasion MC blocked by MR10 after, just begin to escape), the present invention can form together mobile fire wall around it, make it can't continue network is threatened.Referring to Fig. 5, introduce the inventive method to after invading node motion, the embodiment operating procedure of the Initiative Defense measure of taking:
(1) in the gray list of MR11, after node A was near MR11, MR11 monitored its signal to node A, according to lasting listening state requirement, it was changed in the blacklist of oneself, initiatively its attack was blocked.
(2) MR11 has sent one and has jumped blacklist broadcasting, the neighbor node around the early warning oneself.
(3) neighbor node of MR11 is put into gray list with node A, and enters lasting listening state, thereby watches out in advance this invasion node, and carries out Initiative Defense after it is close.
Therefore, the node around the invasion MC is recorded in it blacklist or gray list separately again, and namely mobile fire wall is extended.Because the formation of this road fire wall all is the movement that is accompanied by invasion MC with enlarging, thereby formed together mobile fire wall.
Above-mentioned analysis is as seen: behind the invasion node offensive attack, at first the MR by its access finds and outwards propagates the invasion nodal information by intrusion response, and MR on every side enters lasting listening state after receiving blacklist broadcasting.When the attempt of invasion node is escaped, be in the part router node that continues to monitor and continue outwards to propagate the invasion nodal information, thereby cause intrusion behavior after finding, in any case the invasion node is escaped, the capital is blocked by the MR of its access all the time, thereby eliminate its invasion impact fully, so that network recovery runs well.And whole process is carried out automatically, need not manual intervention, has realized real-time active IPS.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (6)
1. active protection method based on the invasion of the Wireless MESH network of acquisition of signal, it is characterized in that: after the mesh router MR employing Intrusion Detection Technique discovery invasion MC offensive attack of node M C access is attacked in invasion, this MR just enters corresponding detection responsive state: will invade the access that MC charges to the blacklist of oneself and blocks it, and outwards propagate this invasion MC information again; After MR on every side receives blacklist broadcasting, enter lasting listening state and take corresponding measure; When invasion MC escapes, be in the information that the part MR that continues listening state can continue outwards to propagate this invasion MC, thereby so that after in a single day the attack of this invasion MC be found, no matter how it escaped, the fire wall that all can be moved all the time surrounds; Thereby eliminate to greatest extent this invasion MC to the adverse effect of network, so that network can keep running well, simultaneously, greatly reduce the Internet resources that initiatively protect required consumption.
2. method according to claim 1 is characterized in that described method comprises the steps: at least
(1) MR of invasion attack node M C access detects this invasion MC by Intrusion Detection Technique, just will invade the MC information recording/in the access of the blacklist of oneself and this invasion of blocking-up MC, so that the attack of this invasion MC obtains temporary transient prevention;
(2) described MR adopts one to jump the broadcasting blacklist, should invade MC information notification neighbours MR, and this MR enters lasting listening state simultaneously, in order to find that this invasion MC again during offensive attack, blocks and avoid expense and the time delay of secondary detection at once;
(3) after neighbours MR receives the blacklist of broadcasting, this is invaded the MC information recording/in the gray list of oneself, and enter lasting listening state, begin to monitor the signal strength signal intensity of this invasion MC, in order in advance the attack of this invasion MC is watched out for, and at its close rear execution Initiative Defense; At this moment, the MR around this invasion MC has been in lasting listening state, and namely each MR will invade MC and put into blacklist or the gray list of oneself, so that this invasion MC is surrounded by the fire wall around it, can't implement its attack.
3. method according to claim 2 is characterized in that: described method further comprises the steps: after invasion MC moves
(5) after described invasion MC moves into certain MR communication range that is in lasting listening state, when this MR monitors the signal of this invasion MC, just according to the requirement that continues listening state, change it over to oneself blacklist, and initiatively its attack is blocked;
(6) this MR one jumps the broadcast transmission blacklist, and this invasion MC information early warning is informed own neighbor router MR on every side;
(7) each neighbor router MR will invade MC and put into the gray list of oneself, and enter lasting listening state, thereby in advance this invasion MC be taked to watch out for measure, and at its close rear execution Initiative Defense; Like this, each MR around the invasion MC after mobile will invade MC and put into separately blacklist or gray list, and be in lasting listening state, thus outside this invasion MC that moves the mobile fire wall of formation.
4. method according to claim 1 is characterized in that: described method is carry out to be detected and corresponding measure by the router MR in the Wireless MESH network, has no requirement and does not produce any influence for terminal node MC; Each MR is responsible for safeguarding two malicious attack nodes lists: blacklist and gray list.
5. method according to claim 4, it is characterized in that: described blacklist is used to write down detected all the invasion MC of MR, these invasions MC comprises two classes: this MR oneself detects, or by the blacklist that receives other MR broadcasting know, its invasion signal confirms by self detecting again; Described gray list is used to write down MR and knows but the temporary transient invasion MC that does not detect its invasion signal to attack as yet by the blacklist broadcasting that receives other MR.
6. method according to claim 4 is characterized in that: whether described method is positioned at blacklist or the gray list of this MR according to MC, and MR takes two kinds of defence methods respectively for this MC: detect responsive state or lasting listening state;
Described detection responsive state is MR for the response after detecting the response behind the invasion MC and receiving the blacklist of broadcasting; When MR detects certain MC that is connected with it and has malicious attack, earlier this MC is charged to the blacklist of oneself and block its access, one jump the broadcast transmission blacklist then, with the neighbours MR around informing; When neighbours MR receives the blacklist of this broadcasting, with the gray list that the invasion MC of broadcasting report is recorded to oneself, if its gray list has been shown this MC, then do not do change and enter lasting listening state;
Described lasting listening state is MR for the monitoring of the invasion MC in own blacklist and/or the gray list and the response after detecting the invasion signal: MR real-time listening ambient signals, when finding that reception or the packet of monitoring are to be derived from the invasion MC that is arranged in blacklist and/or gray list, then do not give its access; And, if the source of this invasion MC is gray list, just change it over to blacklist, and a jumping broadcast transmission blacklist, to notify own neighbours MR on every side.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105265640A CN101977384B (en) | 2010-10-19 | 2010-10-19 | Active protection method of wireless MESH network intrusion based on signal detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105265640A CN101977384B (en) | 2010-10-19 | 2010-10-19 | Active protection method of wireless MESH network intrusion based on signal detection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101977384A true CN101977384A (en) | 2011-02-16 |
| CN101977384B CN101977384B (en) | 2012-11-21 |
Family
ID=43577224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105265640A Expired - Fee Related CN101977384B (en) | 2010-10-19 | 2010-10-19 | Active protection method of wireless MESH network intrusion based on signal detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101977384B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104918254A (en) * | 2015-06-11 | 2015-09-16 | 西安电子科技大学 | Active intrusion detection system and active intrusion detection method for wireless Mesh network |
| CN107566381A (en) * | 2017-09-12 | 2018-01-09 | 中国联合网络通信集团有限公司 | Equipment safety control method, apparatus and system |
| US10212141B2 (en) | 2016-05-04 | 2019-02-19 | Nxp Usa, Inc. | Autonomous key update mechanism with blacklisting of compromised nodes for mesh networks |
| US10277564B2 (en) | 2016-05-04 | 2019-04-30 | Nxp Usa, Inc. | Light-weight key update mechanism with blacklisting based on secret sharing algorithm in wireless sensor networks |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008073573A2 (en) * | 2006-12-08 | 2008-06-19 | Motorola, Inc. | Alerting nodes of a malicious node in a mobile ad-hoc communication system |
| CN101217396A (en) * | 2007-12-29 | 2008-07-09 | 华中科技大学 | An Ad hoc network invasion detecting method and system based on trust model |
| CN101355416A (en) * | 2008-08-07 | 2009-01-28 | 上海交通大学 | Active protection system for wireless self-organizing network |
| CN101442413A (en) * | 2008-12-22 | 2009-05-27 | 西安交通大学 | Method for detecting ad hoc network helminth based on neighbor synergic monitoring |
-
2010
- 2010-10-19 CN CN2010105265640A patent/CN101977384B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008073573A2 (en) * | 2006-12-08 | 2008-06-19 | Motorola, Inc. | Alerting nodes of a malicious node in a mobile ad-hoc communication system |
| CN101217396A (en) * | 2007-12-29 | 2008-07-09 | 华中科技大学 | An Ad hoc network invasion detecting method and system based on trust model |
| CN101355416A (en) * | 2008-08-07 | 2009-01-28 | 上海交通大学 | Active protection system for wireless self-organizing network |
| CN101442413A (en) * | 2008-12-22 | 2009-05-27 | 西安交通大学 | Method for detecting ad hoc network helminth based on neighbor synergic monitoring |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104918254A (en) * | 2015-06-11 | 2015-09-16 | 西安电子科技大学 | Active intrusion detection system and active intrusion detection method for wireless Mesh network |
| CN104918254B (en) * | 2015-06-11 | 2018-11-16 | 西安电子科技大学 | The active intruding detection system and method for wireless Mesh netword |
| US10212141B2 (en) | 2016-05-04 | 2019-02-19 | Nxp Usa, Inc. | Autonomous key update mechanism with blacklisting of compromised nodes for mesh networks |
| US10277564B2 (en) | 2016-05-04 | 2019-04-30 | Nxp Usa, Inc. | Light-weight key update mechanism with blacklisting based on secret sharing algorithm in wireless sensor networks |
| CN107566381A (en) * | 2017-09-12 | 2018-01-09 | 中国联合网络通信集团有限公司 | Equipment safety control method, apparatus and system |
| CN107566381B (en) * | 2017-09-12 | 2020-03-13 | 中国联合网络通信集团有限公司 | Equipment safety control method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101977384B (en) | 2012-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gurung et al. | A novel approach for mitigating gray hole attack in MANET | |
| Wazid et al. | Detection and prevention mechanism for blackhole attack in wireless sensor network | |
| Keerthika et al. | Wireless sensor networks: Active and passive attacks-vulnerabilities and countermeasures | |
| Li et al. | A new intrusion detection system based on KNN classification algorithm in wireless sensor network | |
| Islam et al. | Denial-of-service attacks on wireless sensor network and defense techniques | |
| Gurung et al. | A novel approach for mitigating route request flooding attack in MANET | |
| Zhang et al. | The detection and defence of DoS attack for wireless sensor network | |
| Hidoussi et al. | Centralized IDS based on misuse detection for cluster-based wireless sensors networks | |
| Pawar et al. | A literature survey on security issues of WSN and different types of attacks in network | |
| Yi et al. | Green firewall: An energy-efficient intrusion prevention mechanism in wireless sensor network | |
| Zhijie et al. | Intrusion detection for wireless sensor network based on traffic prediction model | |
| CN101977384B (en) | Active protection method of wireless MESH network intrusion based on signal detection | |
| Singh et al. | An intelligent intrusion detection and prevention system for safeguard mobile adhoc networks against malicious nodes | |
| Almesaeed et al. | Sybil attack detection scheme based on channel profile and power regulations in wireless sensor networks | |
| Khanafer et al. | Intrusion detection system for WSN-based intelligent transportation systems | |
| Ramachandran et al. | A low-latency and high-throughput multipath technique to overcome black hole attack in Mobile Ad hoc network (MTBD) | |
| Yi et al. | An Intrusion Prevention Mechanism in Mobile Ad Hoc Networks. | |
| Kumar et al. | A modified approach for recognition and eradication of extenuation of gray-hole attack in MANET using AODV routing protocol | |
| Al-Anzi | Design and analysis of intrusion detection systems for wireless mesh networks | |
| CN103491542B (en) | The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network | |
| Jinisha | Survey on various attacks and intrusion detection mechanisms in wireless sensor networks | |
| Mitrokotsa et al. | Intrusion detection of packet dropping attacks in mobile ad hoc networks | |
| Boora et al. | A survey on security issues in mobile ad-hoc networks | |
| Mahalakshmi et al. | A survey on prevention approaches for denial of sleep attacks in wireless networks | |
| Keerthi et al. | Locating the attacker of wormhole attack by using the honeypot |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Free format text: FORMER OWNER: HEYUAN TELINGTONG COMMUNICATION CO., LTD. Effective date: 20130906 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| C56 | Change in the name or address of the patentee |
Owner name: GUANGDONG MAXON COMMUNICATION CO., LTD. Free format text: FORMER NAME: HEYUAN TELINGTONG COMMUNICATION CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: Guangdong province Heyuan city high tech Development Zone, three road (alinco Industrial Park plant, A C) Patentee after: GUANGDONG MAXON COMMUNICATION Co.,Ltd. Patentee after: Shenzhen Telingtong Digital Communication Development Co.,Ltd. Address before: Guangdong province Heyuan city high tech Development Zone Science and Technology Industrial Park Road eight in a building 3/4 Patentee before: Heyuan TeLingTong Communication Co.,Ltd. Patentee before: Shenzhen Telingtong Digital Communication Development Co.,Ltd. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130906 Address after: 517000 Guangdong Province, Heyuan city high tech Development Zone, three road (alinco Industrial Park plant, A C) Patentee after: GUANGDONG MAXON COMMUNICATION Co.,Ltd. Address before: 517000 Guangdong Province, Heyuan city high tech Development Zone, three road (alinco Industrial Park plant, A C) Patentee before: GUANGDONG MAXON COMMUNICATION Co.,Ltd. Patentee before: Shenzhen Telingtong Digital Communication Development Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121121 Termination date: 20151019 |
|
| EXPY | Termination of patent right or utility model |