CN101355416A - Active protection system for wireless self-organizing network - Google Patents
Active protection system for wireless self-organizing network Download PDFInfo
- Publication number
- CN101355416A CN101355416A CNA2008100414552A CN200810041455A CN101355416A CN 101355416 A CN101355416 A CN 101355416A CN A2008100414552 A CNA2008100414552 A CN A2008100414552A CN 200810041455 A CN200810041455 A CN 200810041455A CN 101355416 A CN101355416 A CN 101355416A
- Authority
- CN
- China
- Prior art keywords
- agent
- node
- decision
- module
- making
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an active protection system for a wireless self-organized network in the technical field of network security, comprising a monitoring agent, a decision-making agent and a blocking agent, wherein the monitoring agent is in charge of acquiring action information of each neighborhood node around the monitoring agent; the decision-making agent is in charge of monitoring a region in the network, gathering information of the monitoring agent in the region, and making the gathered information formed into an action sequence of a certain node in a period, and compares the action sequence with a routing protocol, if the action does not accord with the routing protocol, the action is determined to be an intruder, after the intruder is found, the decision-making agent transmits a protection command to the blocking agent; the blocking agent forms a moving firewall to encircle and separate the intruder, after the blocking agent receives the protection command transmitted by the decision-making agent, simultaneously, a communication link of the network is disconnected to prevent the intruder from sending and receiving any messages. The active protection system greatly reduces the network resource consumed by active protection.
Description
Technical field
The present invention relates to the intrusion response system in a kind of network security technology field, specifically is a kind of active protection system for wireless self-organizing network.
Background technology
Wireless ad hoc network is as a kind of novel mobile multi-hop wireless network, with traditional wireless network many different characteristics arranged.It does not rely on any fixing infrastructure and administrative center, but keeps being connected of network by the mutual cooperation between mobile node with self, realizes the transmission of data simultaneously.Wireless ad hoc network does not need any fixation means is set in advance, as the base station, so it can dispose apace, thereby be applied among the multiple environment, as military affairs, disaster relief, temporary meeting etc.
Along with the extensive use of wireless ad hoc network, the safety guarantee of wireless ad hoc network becomes and becomes more and more important.The method of existing guarding network invasion can be divided three classes, and promptly invades prevention, intrusion detection and intrusion response.It is exactly to utilize authentication, encryption and firewall technology to come the not invaded person of protection system to attack and destroy that so-called invasion stops.But this class means of defence is applied in the restriction of the condition that can be subjected among the wireless ad hoc network environment, and for example network topology dynamic change does not have the network boundary that can control, makes fire compartment wall to use.Node also may be captured and surrender when mobile by the enemy, surrenders node and has legal key, encrypts and authenticate the effect that also lost.So,, in wireless ad hoc network, be difficult to play a role although invasion prevention method has been brought into play important effect in legacy network.Intrusion detection is determined the invador by the behavior of analysis node, according to detection technique, can be divided into based on feature and based on unusual intrusion detection.Up to now, the research of wireless ad hoc network safety mainly concentrates on invasion prevention and two aspects of intrusion detection.How to realize under the wireless ad hoc network environment that intrusion response yet there are no pertinent literature and delivers.Wireless ad hoc network if the invador is not produced response timely, stops its attack because its resource-constrained is quite fragile, perhaps can cause whole periods of network disruption.When the assailant started dos attack, the message transmissions rate of whole network dropped to 9.4% by 97% in 7 minutes, and network traffics almost all get clogged, and network can't normally move.Simultaneously, owing to its self-organizing, lack central controlled characteristics, make that in the environment of a plurality of management domains artificial responsive measures is difficult to carry out especially.This shows that although invasion stops and Intrusion Detection Technique is preventing to have brought into play enormous function aspect the invasion, they all are passive defensive measures, the effect that they can be obtained is exactly to prevent that normal node from becoming the victim of intrusion behavior.They can not eliminate invasion root-invador effectively.Those invadors can exist and endanger network system.
Find through literature search prior art, people such as D.Schnackenberg are at Proceedings ofthe Second DARPA Information Survivability Conference and Exposition (DISCEXII), Anaheim, CA, June 2001 (second U.S. national defense advanced research projects agency information survival ability meeting collection, the Anaheim, the California, June calendar year 2001) " the CooperativeIntrusion Traceback and Response Architecture (CITRA) " that delivers (" cooperative intrusion is followed the trail of and the Response System structure "), proposed a kind of cooperative intrusion and followed the tracks of and response architecture CITIA, this framework is with intrusion detection, fire compartment wall and router are formed an integral body and are followed the trail of the invasion source and stop intrusion behavior near the invador.It function that possesses is spanning network boundary tracking invador, stops the invador to continue to endanger network, report intrusion behavior, coordinate intrusion response.The core of this framework is that invasion is followed the tracks of and isolated agreement IDIP, the IDIP agreement by people such as D.Schnackenberg at Proceedings of the DARPA InformationSurvivability Conference and Exposition, Hilton Head, SC, January 2000 (U.S. national defense advanced research projects agency information survival ability meeting collection, Xi Erdun Head island, the South Carolina, in January, 2000) propose in " Infrastructure for Intrusion Detection andResponse " (" intrusion detection and the response architecture ") delivered on, the IDIP agreement is divided into a plurality of territories with network, and a coordinated management person is arranged in each territory.In the IDIP agreement for once attacking, the node that at first detects invasion can save the IDIP point to its all neighbour and send an event report, the node that receives can judge at first that oneself is whether on attack path, if it will continue to send the neighbor node of this event report to other.All are the node on the attack path is being sent out IDIP transmission event report to neighbor node when, can send to coordinated management person to the response that has taked this part report and it, the information of comprehensive each node of coordinated management person is coordinated the response of each node, thereby is reached the response of global optimum.CITRA (cooperative intrusion is followed the tracks of and response architecture) and IDIP (invasion is followed the tracks of and isolated agreement) are by the exchange of information between each network, to reconfiguring of router, fire compartment wall and main frame, the automatic tracking of a plurality of networks to the invador striden in realization, at last the invador isolated in the locality.The scheme of above-mentioned active protection all is based on and implements under wired Internet network environment, and under the wireless ad hoc network environment, because node motion, dynamic topology changes, make that such scheme is difficult to use.
Summary of the invention
The objective of the invention is at above-mentioned the deficiencies in the prior art, a kind of active protection system for wireless self-organizing network has been proposed, agent (agency) by multiple function forms a whole and realizes initiatively intrusion response, arrange supervision agent at each node, be responsible for collecting its behavioural information of each neighbor node on every side; Decision-making agent in each zone gathers the information that monitors agent and judges; If there is the invador, block agent and around the invador, form mobile fire compartment wall together, the invador is surrounded and is isolated from network, eliminate intrusion behavior.
The present invention is achieved through the following technical solutions, the present invention includes: monitor agent, the agent that makes a strategic decision, block agent, wherein:
Monitor that agent is arranged on each node, be responsible for collecting its behavioural information of each neighbor node on every side, and the behavioural information of collecting is transferred to decision-making agent;
Decision-making agent is responsible for a zone in the monitor network, need not reside in each node, decision-making agent gathers the information that monitors agent, and the information that will gather forms the behavior sequence of certain node in one period, comparing with Routing Protocol, is normal node if behavior meets Routing Protocol, if behavior does not meet Routing Protocol again, then be judged as after the invador finds the invador, decision-making agent is transferred to guarded commands and blocks agent;
Blocking agent receives after the guarded commands of decision-making agent transmission, block agent on the node of activation around the invador, form one mobile fire compartment wall the invador is surrounded isolation, simultaneously its communication link is disconnected, stop the invador to send and any message of reception.
Described supervision agent comprises: monitor module, filtering module, coding module and first communication module, wherein:
Monitor module and be responsible for collecting the Content of Communication that supervision agent can receive all neighbor nodes, radio communication is direction-free, and any node in its communication range all can be received its information, so the communication between the node can be monitored by the third party;
Filtering module filters the initial information of monitoring module and receiving, filtering some keep connecting etc. unnecessary information, and give coding module with the message transmission after the filtering, just can filter out such as the hello packet that is used for keeping between the node connecting;
Coding module is responsible for the important information after filtering is carried out compressed encoding, and with the traffic between the minimizing agent, and the information after will compressing is transferred to decision-making agent by first communication module.
Described decision-making agent, it is the core of whole framework, be responsible for information collection, judge, block task such as order generation, decision-making agent also resides on the node, is distributed in whole network being monitored of wireless ad hoc network everywhere and with node motion, in order to reduce taking system resource, it just is evenly distributed in the network, promptly whole wireless ad hoc network is pressed area dividing, each decision-making agent is responsible for the monitoring in a zone, and does not need to reside on each node.
Described decision-making agent comprises: second communication module, analysis module, respond module, policy library module, wherein:
Second communication module is used for communicating with supervision agent, collects and monitors the monitor message of agent to neighbor node;
Analysis module, be used for each nodal information that supervision agent sends is comprehensively judged, employing is taken out the Routing Protocol standard based on the intrusion detection method of standard from the policy library module, and nodes ' behavior is judged, if the behavior of certain node has only minority undesired, then not necessarily invading node, may be line fault, if repeatedly judge all occur undesired, judge that this node is the invasion node, and judged result is transferred to respond module;
Storage Routing Protocol standard in the policy library module, and supply analysis module to call;
Respond module produces guarded commands according to the judged result that the invasion node is arranged of analysis module, blocks agent in order to activation.
Described decision-making agent, it adopts the inquiry response mode and monitors and carries out between the agent alternately, in the process of node dynamic change, regularly peripherad node sends query message, be subjected to monitor behind the supervision agent of query message that the information of collecting issues decision-making agent by second communication module, decision-making agent is the information of interior each the supervision agent in zone comprehensively, will compare fully the supervision of certain node, and the information that do not have is omitted.
Described decision-making agent, its timing is the node broadcasts query message towards periphery, and the transmission range of message is decided by the monitoring range of decision-making agent, and monitoring range is to be the scope of center one jumping or several jumpings with decision-making agent.
Described analysis module, standard based on Routing Protocol is analyzed the behavior of node, adopts the intrusion detection method based on standard, should in time forward receiving the message that mails to other nodes as normal node, if certain is promptly transmitted after receiving message, be the proper network operation.Literary composition does not E-Packet if certain node is only received telegraph, and is not the proper network behavior.When the irregularities of certain node have surpassed the limit of setting, just can regard as it for invading node.
Described decision-making agent, because the dynamic characteristic of network node, the decision-making agent in certain zone may be because node motion, node withdraws from and vacancy or decision-making agent are attacked and lost efficacy, monitor that agent just can not receive the query message of decision-making agent this moment, when having surpassed the time dimension of setting, decision-making agent that should the zone with regard to deducibility does not exist, this regional node is then elected the resident decision-making of a node agent, and by this node from one of node request on every side decision-making agent, when this request message reaches certain decision-making agent of peripheral region, this decision-making agent duplicates portion, decision-making agent after duplicating moves to requesting node, may have a plurality of decision-making agent responses, the decision-making agent of Dao Daing plays a role at first, and that arrives soon after abandons.
A resident decision-making of node of described election agent adopts competitive way to conduct an election, and which which node of node first to file is as the resident node of decision-making agent, or which node resource sufficient which as the resident node of decision-making agent.
The described agent that blocks comprises: third communication module, locating module, isolation module and sleep block, wherein:
Third communication module is used to receive the order of blocking of decision-making agent, and locating module is used for determining invador's position, if the invador be positioned at block agent place node around, start the isolation module function;
Isolation module, it is responsible for stoping the route requests and the message of invading node to send, and also no longer E-Packets to the invasion node.Node must the forwarding by neighbor node could add network in the wireless ad hoc network, though invade node at this moment in network, it is blocked agent and isolates, and can not participate in any network function, has so farthest reduced the harm to network.
Sleep block is responsible for finishing in both cases to block agent, the one, when the location is less than the invador in setting-up time, be exactly the invador not block agent place node around; The 2nd, when invador's death no longer needed to block the agent isolation, sleep block can prevent to block agent and take node resource in a large number for a long time, has only when the invador exists, and just need block agent and isolate, and also dormancy voluntarily of agent is blocked in invador's death.
When the present invention works, comprise two parts of intrusion detection and intrusion response, supervision agent around the invasion node on the node monitors the behavior of invasion node constantly and its behavior is encoded, when the invasion node sends query message continuously, each monitors that agent mails to coding the decision-making agent of one's respective area, route standard in the decision-making agent regulative strategy storehouse is judged, after being judged as intrusion behavior, next step carries out intrusion response, the respond module of decision-making agent begins to produce blocks order, issues and blocks agent, blocks agent and is activated, block the neighbors of agent order invasion node, to face node and the link down of invading node after the arrival, any route message of refusal invasion node, other decision-makings agent repeats such work simultaneously, though the invasion node is isolated by node around it in network fully like this.
Compared with prior art, the present invention has following beneficial effect:
1, invador's attack be can find and initiatively block in real time, the safety and the normal operation of wireless self-organization network ensured.
2, mobile fire compartment wall is only forming around the assailant, need not the whole network and implements response, thereby can make the intrusion response localization, significantly reduces the Internet resources that initiatively protection is consumed.
Description of drawings
Fig. 1 is a system architecture diagram of the present invention;
Fig. 2 is the structured flowchart that monitors agent among the present invention;
Fig. 3 is the structured flowchart of decision-making agent among the present invention;
Fig. 4 is the structured flowchart of blocking agent among the present invention;
Fig. 5 is a wireless self-organized network topology figure;
Fig. 6 is that the invasion node starts attack graph;
Fig. 7 blocks among the present invention to isolate the result schematic diagram of invading node after agent forms mobile fire compartment wall.
Embodiment
Below in conjunction with accompanying drawing embodiments of the invention are elaborated: present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
As shown in Figure 5, be the topological diagram of using a wireless self-organization network of present embodiment, in this wireless self-organization network, 15 mobile nodes are arranged, to node O, adjacent node (is expressed as by two-way link from node A
) connect, wherein node H is the invador.
As shown in Figure 1, present embodiment comprises: monitor agent, the agent that makes a strategic decision, block agent, wherein:
Monitor that agent is arranged on each node, be responsible for collecting its behavioural information of each neighbor node on every side, and the behavioural information of collecting is transferred to decision-making agent; Among Fig. 5, all resident supervision agent of 15 nodes (being expressed as zero), the behavioural information of monitoring and collecting its neighbor node.
Decision-making agent is responsible for a zone in the monitor network, need not reside in each node, decision-making agent gathers the information that monitors agent, and the information that will gather forms the behavior sequence of certain node in one period, comparing with Routing Protocol, is normal node if behavior meets Routing Protocol, if behavior does not meet Routing Protocol again, then be judged as after the invador finds the invador, decision-making agent is transferred to guarded commands and blocks agent; Among Fig. 5, resident decision-making agent is responsible for gathering and decision-making of its regional internal information among three node C, L, the O (being expressed as), just is responsible for gathering monitoring the collected information of agent on node D, E, M, the L node as the decision-making agent on the node L.
Blocking agent receives after the guarded commands of decision-making agent transmission, block agent on the node of activation around the invador, form one mobile fire compartment wall the invador is surrounded isolation, simultaneously its communication link is disconnected, stop the invador to send and any message of reception.
As shown in Figure 2, described supervision agent comprises: monitor module, filtering module, coding module and first communication module, wherein:
Monitor module and be responsible for collecting the Content of Communication that supervision agent can receive all neighbor nodes, radio communication is direction-free, and any node in its communication range all can be received its information, so the communication between the node can be monitored by the third party;
Filtering module filters the initial information of monitoring module and receiving, filtering some keep connecting etc. unnecessary information, and give coding module with the message transmission after the filtering, just can filter out such as the hello packet that is used for keeping between the node connecting;
Coding module is responsible for the important information after filtering is carried out compressed encoding, and with the traffic between the minimizing agent, and the information after will compressing is transferred to decision-making agent by first communication module.
As shown in Figure 3, described decision-making agent comprises: second communication module, analysis module, respond module, policy library module, wherein:
Second communication module is used for communicating with supervision agent, collects and monitors the monitor message of agent to neighbor node;
Respond module is responsible in the process of node dynamic change, and regularly peripherad node sends query message, is subjected to will monitoring behind the supervision agent of query message that the information of collecting issues the agent that makes a strategic decision by second communication module;
Analysis module, be used for each nodal information that supervision agent sends is comprehensively judged, employing is based on the intrusion detection method of standard, take out the Routing Protocol standard from the policy library module, nodes ' behavior is judged, if the behavior of certain node has only minority undesired, then not necessarily invade node, may be line fault,, judge that this node is the invasion node if repeatedly judge and all occur undesiredly;
Storage Routing Protocol standard in the policy library module, and supply analysis module to call;
As shown in Figure 4, the described agent that blocks comprises: third communication module, locating module, isolation module and sleep block, wherein:
Third communication module is used to receive the order of blocking of decision-making agent, and locating module is used for determining invador's position, if the invador be positioned at block agent place node around, start the isolation module function;
Isolation module, it is responsible for stoping the route requests and the message of invading node to send, and also no longer E-Packets to the invasion node.Node must the forwarding by neighbor node could add network in the wireless ad hoc network, though invade node at this moment in network, it is blocked agent and isolates, and can not participate in any network function, has so farthest reduced the harm to network.
Sleep block is responsible for finishing in both cases to block agent, the one, when the location is less than the invador in setting-up time, be exactly the invador not block agent place node around; The 2nd, when invador's death no longer needed to block the agent isolation, sleep block can prevent to block agent and take node resource in a large number for a long time, has only when the invador exists, and just need block agent and isolate, and also dormancy voluntarily of agent is blocked in invador's death.
As shown in Figure 6, the middle invasion node H (being expressed as △) that shows begins to start Denial of Service attack, it floods to whole network and sends a large amount of hash messages or routing inquiry message, datagram node around the invador begins to whole network diffusion, take in a large number and consumption of network resources, cause other nodes normally to transmit message, among the figure:
Expression attack message round.
Comprise intrusion detection and two processes of intrusion response during present embodiment work:
It at first is intrusion detection, node F, G, I, D are the neighbours of H, supervision agent on node F, G, I, D constantly monitor node H behavior and its behavior encoded, when the H node sends query message continuously, being encoded to of its behavior " 6666666 ", supervision agent on the F node mails to decision-making agent on the C node with coding, the monitoring data of supervision agent is sent to the decision-making agent on the L node on the D node, and the monitoring data of supervision agent mails to the decision-making agent on the O node on G, the I node.Route standard in the decision-making agent regulative strategy storehouse is judged.
After being judged as intrusion behavior, next step carries out intrusion response, the respond module of decision-making agent begins to produce blocks order, issue and block agent, after the judgement of the decision-making agent on node C, L, the O has invasion, produce respectively and block the agent order, node C goes up the agent order arrives invador H along the CF link the neighbors F that blocks of decision-making agent generation, link FH with node F and invador H after the arrival interrupts, any route message of refusal H node.Equally, decision-making agent on node L and the O produces blocks other three neighbor node D, I, the G that the agent order arrives the invador respectively, simultaneously with its link DH, IH, GH disconnection with node H.Though invador H is isolated by node around it in network fully like this.
As shown in Figure 7, block the agent command transfer and arrive invador's four nodes on every side, activate and block agent formation mobile fire compartment wall together,, the invador is isolated as the dotted line among the figure.Among the figure, ◎ represents to block the resident node of agent, and the agent mobile alignment is blocked in → expression,
The expression broken link connects.
As can be seen from the above analysis, spread all over the monitoring of the supervision agent realization of whole network to each node, send to decision-making agent behind the behavior coding with node, decision-making agent judges.If find the invador, the agent that then makes a strategic decision sends and blocks the agent order, by blocking agent the invador is surrounded and isolation, the final influence of eliminating invasion realizes the normal operation of network, and whole process is carried out automatically, need not manual intervention, realized real-time active IPS.
Claims (8)
1, a kind of active protection system for wireless self-organizing network is characterized in that, comprising: monitor agent, the agent that makes a strategic decision, block agent, wherein:
Monitor that agent is arranged on each node, be responsible for collecting its behavioural information of each neighbor node on every side, and the behavioural information of collecting is transferred to decision-making agent;
Decision-making agent is responsible for a zone in the monitor network, decision-making agent gathers the information that monitors agent in this zone, and the information that will gather forms the behavior sequence of certain node in one period, compare with Routing Protocol again, if behavior meets Routing Protocol is normal node, if behavior does not meet Routing Protocol, then be judged as after the invador finds the invador, decision-making agent is transferred to guarded commands and blocks agent;
Blocking agent receives after the guarded commands of decision-making agent transmission, block agent on the node of activation around the invador, form one mobile fire compartment wall the invador is surrounded isolation, simultaneously its communication link is disconnected, stop the invador to send and any message of reception.
2, active protection system for wireless self-organizing network according to claim 1 is characterized in that, described supervision agent comprises: monitor module, filtering module, coding module and first communication module, wherein:
Monitor module and be responsible for collecting the Content of Communication that supervision agent can receive all neighbor nodes;
Filtering module filters the initial information that the monitoring module is received, filtering keeps the information of connection, and gives coding module with the message transmission after the filtering;
Coding module is responsible for the important information after filtering is carried out compressed encoding, and the information after will compressing is transferred to decision-making agent by first communication module.
3, active protection system for wireless self-organizing network according to claim 1, it is characterized in that, described decision-making agent, it adopts the inquiry response mode and monitors and carries out between the agent alternately, in the process of node dynamic change, regularly peripherad node sends query message, is subjected to will monitoring behind the supervision agent of query message that the information of collecting issues the agent that makes a strategic decision by communication module.
4, active protection system for wireless self-organizing network according to claim 1, it is characterized in that, described decision-making agent, its timing is the node broadcasts query message towards periphery, the transmission range of message is decided by the monitoring range of decision-making agent, and monitoring range is to be the scope of center one jumping or several jumpings with decision-making agent.
5, active protection system for wireless self-organizing network according to claim 1, it is characterized in that, described decision-making agent, because the dynamic characteristic of network node, the decision-making agent in certain zone may be because node motion, node withdraws from and vacancy or decision-making agent are attacked and lost efficacy, monitor that agent just can not receive the query message of decision-making agent this moment, when having surpassed the time dimension of setting, the decision-making agent that just infers this zone does not exist, this regional node is then elected the resident decision-making of a node agent, and by this node from one of node request on every side decision-making agent, when this request message reaches certain decision-making agent of peripheral region, this decision-making agent duplicates portion, decision-making agent after duplicating moves to requesting node, may have a plurality of decision-making agent responses, the decision-making agent of Dao Daing plays a role at first, and that arrives soon after abandons.
6, active protection system for wireless self-organizing network according to claim 5, it is characterized in that, a resident decision-making of node of described election agent, the employing competitive way conducts an election, which which node of node first to file is as the resident node of decision-making agent, or which node resource sufficient which as the resident node of decision-making agent.
According to claim 1 or 3 or 4 or 5 or 6 described active protection system for wireless self-organizing network, it is characterized in that 7, described decision-making agent comprises: second communication module, analysis module, respond module, policy library module, wherein:
Second communication module is used for communicating with supervision agent, collects and monitors the monitor message of agent to neighbor node;
Analysis module, be used for each nodal information that supervision agent sends is comprehensively judged, employing is taken out the Routing Protocol standard based on the intrusion detection method of standard from the policy library module, and nodes ' behavior is judged, if the behavior of certain node has only minority undesired, then not necessarily invading node, may be line fault, if repeatedly judge all occur undesired, judge that this node is the invasion node, and judged result is transferred to respond module;
Storage Routing Protocol standard in the policy library module, and supply analysis module to call;
Respond module produces guarded commands according to the judged result that the invasion node is arranged of analysis module, blocks agent in order to activation.
8, active protection system for wireless self-organizing network according to claim 1 is characterized in that, the described agent that blocks comprises: third communication module, locating module, isolation module and sleep block, wherein:
Third communication module is used to receive the order of blocking of decision-making agent, and locating module is used for determining invador's position, if the invador be positioned at block agent place node around, start the isolation module function;
Isolation module, it is responsible for stoping the route requests and the message of invading node to send, and also no longer E-Packets to the invasion node;
Sleep block is responsible for finishing in both cases to block agent, the one, when the location is less than the invador in setting-up time, be exactly the invador not block agent place node around; The 2nd, when invador's death no longer needed to block the agent isolation, sleep block can prevent to block agent and take node resource in a large number for a long time, has only when the invador exists, and just need block agent and isolate, and also dormancy voluntarily of agent is blocked in invador's death.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100414552A CN101355416B (en) | 2008-08-07 | 2008-08-07 | Active protection system for wireless self-organizing network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100414552A CN101355416B (en) | 2008-08-07 | 2008-08-07 | Active protection system for wireless self-organizing network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101355416A true CN101355416A (en) | 2009-01-28 |
| CN101355416B CN101355416B (en) | 2010-07-28 |
Family
ID=40308029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100414552A Expired - Fee Related CN101355416B (en) | 2008-08-07 | 2008-08-07 | Active protection system for wireless self-organizing network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101355416B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101977384A (en) * | 2010-10-19 | 2011-02-16 | 河源市特灵通通讯有限公司 | Active protection method of wireless MESH network intrusion based on signal detection |
| CN102006586A (en) * | 2010-11-30 | 2011-04-06 | 上海交通大学 | Wireless Mesh network intrusion detection system and detection method thereof |
| CN102291712A (en) * | 2011-08-16 | 2011-12-21 | 清华大学 | Adaptive active defense realizing method and system in WSN (wireless sensor network) |
| CN102461221A (en) * | 2009-05-29 | 2012-05-16 | 诺基亚公司 | Method and apparatus for engaging in a service or activity using an ad-hoc mesh network |
| CN103561030A (en) * | 2013-11-07 | 2014-02-05 | 国家电网公司 | Wireless self-organizing network intrusion detection method and device |
| WO2020125454A1 (en) * | 2018-12-18 | 2020-06-25 | 电信科学技术研究院有限公司 | Information processing method, system and apparatus |
-
2008
- 2008-08-07 CN CN2008100414552A patent/CN101355416B/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102461221A (en) * | 2009-05-29 | 2012-05-16 | 诺基亚公司 | Method and apparatus for engaging in a service or activity using an ad-hoc mesh network |
| CN101977384A (en) * | 2010-10-19 | 2011-02-16 | 河源市特灵通通讯有限公司 | Active protection method of wireless MESH network intrusion based on signal detection |
| CN101977384B (en) * | 2010-10-19 | 2012-11-21 | 河源市特灵通通讯有限公司 | Active protection method of wireless MESH network intrusion based on signal detection |
| CN102006586A (en) * | 2010-11-30 | 2011-04-06 | 上海交通大学 | Wireless Mesh network intrusion detection system and detection method thereof |
| CN102006586B (en) * | 2010-11-30 | 2013-01-09 | 上海交通大学 | Wireless Mesh network intrusion detection system and detection method thereof |
| CN102291712A (en) * | 2011-08-16 | 2011-12-21 | 清华大学 | Adaptive active defense realizing method and system in WSN (wireless sensor network) |
| CN103561030A (en) * | 2013-11-07 | 2014-02-05 | 国家电网公司 | Wireless self-organizing network intrusion detection method and device |
| WO2020125454A1 (en) * | 2018-12-18 | 2020-06-25 | 电信科学技术研究院有限公司 | Information processing method, system and apparatus |
| CN111342984A (en) * | 2018-12-18 | 2020-06-26 | 电信科学技术研究院有限公司 | Information processing method, system and device |
| CN111342984B (en) * | 2018-12-18 | 2021-08-10 | 大唐移动通信设备有限公司 | Information processing method, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101355416B (en) | 2010-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101355416B (en) | Active protection system for wireless self-organizing network | |
| CN100471141C (en) | Mixed intrusion detection method of wireless sensor network | |
| Karakehayov | Using REWARD to detect team black-hole attacks in wireless sensor networks | |
| CN102244658B (en) | Partitioned dynamic secure routing method for wireless sensor network based on hash chain | |
| Boubiche et al. | Cross layer intrusion detection system for wireless sensor network | |
| Hu et al. | Detection of insider selective forwarding attack based on monitor node and trust mechanism in WSN | |
| Yi et al. | Green firewall: An energy-efficient intrusion prevention mechanism in wireless sensor network | |
| Shah et al. | Ctr: Cluster based topological routing for disaster response networks | |
| CN101409617A (en) | Method for generating inbreak-tolerated wireless sensor network topological | |
| Ahmed et al. | Cluster-based intrusion detection (CBID) architecture for mobile ad hoc networks | |
| Zia | Reputation-based trust management in wireless sensor networks | |
| Patle et al. | Vulnerabilities, attack effect and different security scheme in WSN: A survey | |
| Al Sharah et al. | Detecting and Mitigating Smart Insider Jamming Attacks in MANETs Using Reputation‐Based Coalition Game | |
| CN101977384B (en) | Active protection method of wireless MESH network intrusion based on signal detection | |
| Boora et al. | A survey on security issues in mobile ad-hoc networks | |
| Talreja et al. | A vote based system to detect misbehaving nodes in MANETs | |
| Virada | Intrusion detection system (IDS) for secure MANETs: a study | |
| Zhang et al. | Key management scheme based on nodes capture probability for wireless sensor networks | |
| Tomar et al. | Prevention techniques employed in wireless ad-hoc networks | |
| Maheshwar et al. | Black hole effect analysis and prevention through IDS in MANET environment | |
| Bapu et al. | Malicious node detection through run time self-healing algorithm in WSN | |
| Roy et al. | Baids: detection of blackhole attack in manet by specialized mobile agent | |
| Fabrice et al. | DETECTIONAND PREVENTIONOF MALICIOUS NODE BASED ON NODE BEHAVIOUR IN MANET. | |
| Khair Ul Nisa et al. | High-Level Security Approach in Wireless Sensor Network using Cluster Based Dynamic Keying Technique | |
| Trang et al. | A distributed intrusion detection system for AODV |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100728 Termination date: 20130807 |