CN104333534A - DoS detection system of 6LoWPAN sensing network - Google Patents
DoS detection system of 6LoWPAN sensing network Download PDFInfo
- Publication number
- CN104333534A CN104333534A CN201410477851.5A CN201410477851A CN104333534A CN 104333534 A CN104333534 A CN 104333534A CN 201410477851 A CN201410477851 A CN 201410477851A CN 104333534 A CN104333534 A CN 104333534A
- Authority
- CN
- China
- Prior art keywords
- network
- 6lowpan
- layer
- sensing
- dos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/04—Protocols for data compression, e.g. ROHC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the field of security of a wireless sensing network, and provides a DoS detection system of a 6LoWPAN sensing network. The system employs a layered design and is divided into a perception layer, an adaptation layer and a network layer. The perception layer acquires correlation data from a real sensing world and transmits the data to the adaptation layer. The adaptation layer performs header compression, MAC address conversion and address registration. The network layer carries out performance management, state management and security management on the system. According to the invention, the influence of secondary factors on classification performance is reduced; dimensions are decreased, data redundancy information is reduced, and computation is reduced; and the classification performance of a support vector machine is improved, and the real-time performance of intrusion detection and the intrusion detection precision are enhanced.
Description
Technical field
The present invention relates to radio sensing network security fields, particularly relate to the DoS detection system of 6LoWPAN sensing network.
Background technology
Wireless device based on 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks) agreement has some inborn shortcomings, as at power, processor, the aspects such as memory headroom are all more limited, and communicate to protect in Loss Rate and collision unreliable.Assailant can make full use of these weakness and launch a offensive to radio sensing network.Particularly denial of service (DoS, Denial Of Service) is attacked, and DoS attack has very adverse influence to distributed wireless sensor network communication.And at present also not for the security strategy of radio sensing network DoS attack, this project is just to provide a kind of DoS attack system detected on distributed wireless Sensor Network.
DoS attack just can be able to be initialised only by order and advanced instrument long-range, and assailant can also complete distributed DoS attack, however equipment become unavailable before be difficult to discovery DoS attack.DoS attack, from simple congested attack to the forgery attack of complexity, is eavesdropped, routing attack and application layer attack etc.Due to radio sensing network self, legacy network is in the method solved on DoS attack and be not suitable for wireless sense network.Therefore the DoS detection system working out applicable IP-based radio sensing network just becomes very important.
Security study at present about 6LoWPAN sensing network is also in the elementary step, and the special research for DoS detection in 6LoWPAN network is both at home and abroad little especially at present.In draft " the IPv6over LowPower WPAN Security Analysis " latest edition that IETF 6L0WPAN working group issued in its on March 7th, 2010, be discussed in detail the demand for security of 6LoWPAN, the threat of existence and key management invention.But and for providing concrete way.
What the one section of paper " SAKES:Secure authentication and key establishment scheme for M2M communication in the IP-based wireless sensor network (6L0WPAN) " on IEEE CONFERENCE PUBLICATIONS in 2013 was detailed analyzes 6LoWPAN radio sensing network safety issue, and the detailed attack of having set forth the DoS that the every one deck of 6LoWPAN radio sensing network may be subject to, and simulate 6LoWPAN and suffer DoS attack, but the method do not provided about how effectively detecting DoS attack in 6LoWPAN network, this paper just analyzes in 6LoWPAN network the various DoS attacks that may be subject to theoretically.
Summary of the invention
The present invention is directed to above-mentioned prior art Problems existing to make improvements, namely the technical problem to be solved in the present invention is to provide a kind of DoS detection system of 6LoWPAN sensing network, and the DoS detection system of this 6LoWPAN sensing network reduces the impact of secondary cause on classification performance; Reduce dimension and reduction data redundancy information, less operand; Improve the classification performance of SVMs, improve real-time and the intrusion detection precision of intrusion detection.
In order to solve the problems of the technologies described above, the invention provides following technological invention:
A DoS detection system for 6LoWPAN sensing network, adopts hierarchical design; Described system is divided into sensing layer, adaptation layer and network layer; Sensing layer gathers related data and data is sent to adaptation layer from the real sensing world, and adaptation layer carries out header-compressed, MAC Address conversion, address registration, and network layer carries out the safety management of the performance management of system, the condition managing of system and system.
Described sensing layer, comprises some host nodes, several leader cluster nodes, a border router and IDS detector; Some host node H and leader cluster node C forms one bunch, and by the tidal data recovering that collects to leader cluster node, leader cluster node passes data to network layer by border router B, and the flow of 6LoWPAN network monitored by IDS detector.
Described adaptation layer, comprises basic function module, Header compression module, Context module and address registration module.
Described network layer, comprises state management module, performance management module and safety management module three parts.
Described performance management module, guarantees that system at any time can obtain best communication capacity; A signal monitoring software is designed in performance management module, described signal monitoring software is by the interference level of monitor signal, when this interference level exceedes the threshold values of setting, signal monitoring software passes through Fluctuation of analytical signal routine change current operating channel on best Gong channel.
Described state management module, provides configuration service and the network monitoring of network state; Monitor network level of interference is carried out, the information such as network delay and conflict by the system performance information obtained from performance management module; The network information is provided to make condition managing and performance management can mutual operation at any time.
Described safety management module, provides in network the mechanism of safety such as encrypting, guarantees that network layer can carry out the safe responsive measures communicating and should take when network is subject to DoS attack with adaptation layer and sensing layer part.
Described safety management module, comprises DoS protector, IDS and IDS_D;
DoS protector: receive the alarm that IDS transmits when detecting that invasion occurs, then from state management module, extract relevant information and analyze described information and be confirmed whether to occur really to attack, accept the safety measure that safety management module sends when detecting and suffering DoS attack;
IDS: monitor the illegal act in 6LoWPAN network traffics and network by IDS_D, when illegal act occurring or giving the alarm to DoS protection manager when monitoring exception of network traffic;
IDS_D: IDS detector is placed on 6LoWPAN network-external and operates, access IDS by wired mode, the network activity do not participated in, the data message in network is all monitored.
The DoS detection system of 6LoWPAN sensing network provided by the invention, its beneficial effect is: disposed on a host computer by IDS, a difficult problem for wireless sense network resource-constrained can be overcome, there is provided more energy for the attack of detection of complex, IDS detector does not participate in direct network activity, only be used for monitoring the network information, reduce the difficulty of sensing layer design.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the inventive method logic diagram.
Embodiment
As shown in Figure 1, the present invention discloses a kind of DoS detection system of 6LoWPAN sensing network, and adopt hierarchical design, this entire system framework is divided into three layers, is respectively sensing layer, adaptation layer and network layer.
Sensing layer gathers related data and data is sent to adaptation layer from the real sensing world, and adaptation layer carries out header-compressed, MAC Address conversion, address registration etc.Network layer carries out the performance management of system, the condition managing of system and the safety management of system.
The present invention's preferred embodiment is as follows:
Sensing layer: some host node H and several leader cluster nodes C form one bunch, and the tidal data recovering collected is to leader cluster node, and leader cluster node passes data to network manager by border router B.The abnormal behaviour in the flow of 6LoWPAN network and network monitored by IDS detector (IDS_D).
Adaptation layer: be divided into four modules, basic function module, Header compression module, Context module and address registration module.
Network layer: this part is state management module, performance module and security module three parts.
Performance management module: guarantee that system at any time can obtain best communication capacity; A signal monitoring software is designed in performance management module, described signal monitoring software is by the interference level of monitor signal, when this interference level exceedes the threshold values of setting, signal monitoring software passes through Fluctuation of analytical signal routine change current operating channel on best Gong channel.
State management module: configuration service and network monitoring that network state is provided; Monitor network level of interference is carried out, the information such as network delay and conflict by the system performance information obtained from performance management module; The network information is provided to make condition managing and performance management can mutual operation at any time.
Safety management module: the mechanism providing in network safety such as encrypting, guarantees that network layer can carry out the safe responsive measures communicating and should take when network is subject to DoS attack with adaptation layer and sensing layer part.Be divided into three partial design.
DoS protector: receive the alarm that IDS transmits when detecting that invasion occurs, then from state management module, extract relevant information and analyze described information and be confirmed whether to occur really to attack, accept the safety measure that safety management module sends when detecting and suffering DoS attack;
IDS: monitor the illegal act in 6LoWPAN network traffics and network by IDS_D, when illegal act occurring or giving the alarm to DoS protection manager when monitoring exception of network traffic;
IDS_D: IDS detector is placed on 6LoWPAN network-external and operates, access IDS by wired mode, the network activity do not participated in, the data message in network is all monitored.
The present invention proposes a kind of specially for the system that DoS in 6LoWPAN network detects.IDS disposes on a host computer by the present invention, can overcome a difficult problem for wireless sense network resource-constrained, provide more energy for the attack of detection of complex, IDS detector does not participate in direct network activity, only be used for monitoring the network information, reduce the difficulty of sensing layer design.
The present invention is the 6LoWPAN network design of resource-constrained specially, is a kind of lightweight DoS detection system.
Propose a kind of for the DoS detection system architectural framework in 6LoWPAN network.This system is divided into sensing layer, adaptation layer and network layer, sensing layer 6LoWPAN node is formed, and is responsible for the sensing data gathering real world.Adaptation layer, is divided into four modules, basic module, Header compression module, Context module, address registration module.Network layer is divided into three modules, performance management module, state management module, safety management module, respectively the performance of supervising the network, the state of network service and network security.
Adopt and intruding detection system operated on main frame and the method by wired mode IDS_D accessed in IDS.IDS is run on independent host computer, monitoring 6LoWPAN network, overcome the problem of radio sensing network resource restriction, more energy can be provided to carry out the security attack of detection of complex, detector can be identified as the hardware interface of the main frame inside such as network interface card, reach the immunity of IDS and IDS_D to radio congestion and other DoS attacks.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technological invention described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a DoS detection system for 6LoWPAN sensing network, is characterized in that:
Adopt hierarchical design;
Described system is divided into sensing layer, adaptation layer and network layer;
Sensing layer gathers related data and data is sent to adaptation layer from the real sensing world, and adaptation layer carries out header-compressed, MAC Address conversion, address registration, and network layer carries out the safety management of the performance management of system, the condition managing of system and system.
2. the DoS detection system of 6LoWPAN sensing network according to claim 1, is characterized in that: described sensing layer, comprises some host nodes, several leader cluster nodes, a border router and several IDS detectors; Some host node H and leader cluster node C forms one bunch, and by the tidal data recovering that collects to leader cluster node, leader cluster node passes data to network of network layer by border router B, and IDS detector monitors flow and the abnormal behaviour of 6LoWPAN network.
3. the DoS detection system of 6LoWPAN sensing network according to claim 1, is characterized in that: described adaptation layer, comprises basic function module, Header compression module, Context module and address registration module.
4. the DoS detection system of 6LoWPAN sensing network according to claim 1, is characterized in that: described network layer, comprises state management module, performance management module and safety management module three parts.
5. the DoS detection system of 6LoWPAN sensing network according to claim 4, is characterized in that: described performance management module, guarantees that system at any time can obtain best communication capacity; Described performance management module signalization monitoring of software, described signal monitoring software is by the interference level of monitor signal, when this interference level exceedes the threshold values of setting, described signal monitoring software on best Gong channel, guarantees that network is operated on a good channel by Fluctuation of analytical signal routine change current operating channel.
6. the DoS detection system of 6LoWPAN sensing network according to claim 4, is characterized in that: described state management module, provides configuration service and the network monitoring of network state; Monitor network level of interference is carried out, the information such as network delay and conflict by the system performance information obtained from described performance management module; The network information is provided to make condition managing and performance management can mutual operation at any time.
7. the DoS detection system of 6LoWPAN sensing network according to claim 4, it is characterized in that: described safety management module, the mechanism of safety such as encrypting is provided in network, guarantees that network layer can carry out the safe responsive measures communicating and should take when network is subject to DoS attack with adaptation layer and sensing layer part.
8. the DoS detection system of 6LoWPAN sensing network according to claim 7, is characterized in that: described safety management module, comprises DoS protector, IDS and IDS_D;
DoS protector: receive the alarm that IDS transmits when detecting that invasion occurs, then from state management module, extract relevant information and analyze described information and be confirmed whether to occur really to attack, accept the safety measure that safety management module sends when detecting and suffering DoS attack;
IDS: monitor the illegal act in 6LoWPAN network traffics and network by IDS_D, when illegal act occurring or giving the alarm to DoS protection manager when monitoring exception of network traffic;
IDS_D: IDS detector is placed on 6LoWPAN network-external and operates, access IDS by wired mode, the network activity do not participated in, the data message in network is all monitored.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410477851.5A CN104333534A (en) | 2014-09-18 | 2014-09-18 | DoS detection system of 6LoWPAN sensing network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410477851.5A CN104333534A (en) | 2014-09-18 | 2014-09-18 | DoS detection system of 6LoWPAN sensing network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104333534A true CN104333534A (en) | 2015-02-04 |
Family
ID=52408186
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410477851.5A Pending CN104333534A (en) | 2014-09-18 | 2014-09-18 | DoS detection system of 6LoWPAN sensing network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104333534A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261656A (en) * | 2020-09-25 | 2021-01-22 | 桂林理工大学 | Wireless sensor network intrusion detection method based on sequence model |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1949720A (en) * | 2006-09-08 | 2007-04-18 | 中山大学 | Distributed network invasion detecting system |
| US20130117584A1 (en) * | 2009-01-13 | 2013-05-09 | Jetlun Corporation | Method and system for isolating local area networks over a co-axial wiring for energy management |
| CN103561018A (en) * | 2013-10-30 | 2014-02-05 | 蓝盾信息安全技术股份有限公司 | Intrusion detection real-time analysis system for big data application platform |
-
2014
- 2014-09-18 CN CN201410477851.5A patent/CN104333534A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1949720A (en) * | 2006-09-08 | 2007-04-18 | 中山大学 | Distributed network invasion detecting system |
| US20130117584A1 (en) * | 2009-01-13 | 2013-05-09 | Jetlun Corporation | Method and system for isolating local area networks over a co-axial wiring for energy management |
| CN103561018A (en) * | 2013-10-30 | 2014-02-05 | 蓝盾信息安全技术股份有限公司 | Intrusion detection real-time analysis system for big data application platform |
Non-Patent Citations (1)
| Title |
|---|
| PRABHAKARAN KASINATHAN、CLAUDIO PASTRONE: "《Denial-of-Service detection in 6LoWPAN based Internet of Things》", 《WIRELESS AND MOBILE COMPUTING,NETWORKING AND COMMUNICATIONS(WIMOB),2013 IEEE 9TH INTERNATIONAL CONFERENCE》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261656A (en) * | 2020-09-25 | 2021-01-22 | 桂林理工大学 | Wireless sensor network intrusion detection method based on sequence model |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kasinathan et al. | Denial-of-Service detection in 6LoWPAN based Internet of Things | |
| CN100471141C (en) | Mixed intrusion detection method of wireless sensor network | |
| Sedjelmaci et al. | Novel hybrid intrusion detection system for clustered wireless sensor network | |
| Erritali et al. | A review and classification of various VANET Intrusion Detection Systems | |
| Riaz et al. | Security analysis survey and framework design for ip connected lowpans | |
| Zhijie et al. | Intrusion detection for wireless sensor network based on traffic prediction model | |
| Zhang et al. | M optimal routes hops strategy: detecting sinkhole attacks in wireless sensor networks | |
| Saeedi | Machine learning for DDOS detection in packet core network for IoT | |
| Tian et al. | A vehicular ad hoc networks intrusion detection system based on BUSNet | |
| Forootaninia et al. | An improved watchdog technique based on power-aware hierarchical design for ids in wireless sensor networks | |
| Uplap et al. | Review of heterogeneous/homogeneous wireless sensor networks and intrusion detection system techniques | |
| Gawdan et al. | Cross-layer based security solutions for wireless sensor networks | |
| La et al. | A misbehavior node detection algorithm for 6LoWPAN Wireless Sensor Networks | |
| CN104333534A (en) | DoS detection system of 6LoWPAN sensing network | |
| Liu et al. | A new Sybil attack detection for wireless body sensor network | |
| Abdel-Fattah et al. | Dynamic intrusion detection technique for dynamic mobile ad hoc network | |
| Saini et al. | WSN Protocols, Research challenges in WSN, Integrated areas of sensor networks, security attacks in WSN | |
| CN104702609B (en) | Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism | |
| Mohite et al. | Cooperative security agents for MANET | |
| Kumar et al. | A Survey on Advance Black/Grey hole Detection and Prevention Techniques in DSR & AODV Protocols | |
| Kaushik et al. | Security Technique against Power Exhausting Attacks in WSN | |
| Selvamani et al. | A hybrid framework of intrusion detection system for resource consumption based attacks in wireless ad-hoc networks | |
| Mamatha et al. | Quantitative Behavior Based Intrusion Detection System for MANETS | |
| Ramkumar et al. | Homogeneous and hetrogeneous intrusion detection system in mobile ad hoc networks | |
| Lal et al. | An energy preserving detection mechanism for blackhole attack in wireless sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150204 |
|
| RJ01 | Rejection of invention patent application after publication |