CN101355416B - Active protection system for wireless self-organizing network - Google Patents

Active protection system for wireless self-organizing network Download PDF

Info

Publication number
CN101355416B
CN101355416B CN 200810041455 CN200810041455A CN101355416B CN 101355416 B CN101355416 B CN 101355416B CN 200810041455 CN200810041455 CN 200810041455 CN 200810041455 A CN200810041455 A CN 200810041455A CN 101355416 B CN101355416 B CN 101355416B
Authority
CN
China
Prior art keywords
agent
node
decision
module
making
Prior art date
Application number
CN 200810041455
Other languages
Chinese (zh)
Other versions
CN101355416A (en
Inventor
吴越
张帅
易平
李建华
柳宁
Original Assignee
上海交通大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海交通大学 filed Critical 上海交通大学
Priority to CN 200810041455 priority Critical patent/CN101355416B/en
Publication of CN101355416A publication Critical patent/CN101355416A/en
Application granted granted Critical
Publication of CN101355416B publication Critical patent/CN101355416B/en

Links

Abstract

The invention provides an active protection system for a wireless self-organized network in the technical field of network security, comprising a monitoring agent, a decision-making agent and a blocking agent, wherein the monitoring agent is in charge of acquiring action information of each neighborhood node around the monitoring agent; the decision-making agent is in charge of monitoring a region in the network, gathering information of the monitoring agent in the region, and making the gathered information formed into an action sequence of a certain node in a period, and compares the actionsequence with a routing protocol, if the action does not accord with the routing protocol, the action is determined to be an intruder, after the intruder is found, the decision-making agent transmitsa protection command to the blocking agent; the blocking agent forms a moving firewall to encircle and separate the intruder, after the blocking agent receives the protection command transmitted by the decision-making agent, simultaneously, a communication link of the network is disconnected to prevent the intruder from sending and receiving any messages. The active protection system greatly reduces the network resource consumed by active protection.

Description

无线自组织网络主动防护系统 Wireless ad hoc networks active protection system

技术领域 FIELD

[0001] 本发明涉及一种网络安全技术领域的入侵响应系统,具体是一种无线自组织网络 [0001] Technical Field relates to a network security intrusion response system of the present invention, particularly a wireless ad hoc network

主动防护系统。 Active Protection System. 背景技术 Background technique

[0002] 无线自组网络作为一种新型的移动多跳无线网络,与传统的无线网络有许多不同的特点。 [0002] wireless ad hoc network as a new mobile multi-hop wireless networks, wireless networks and traditional There are many different characteristics. 它不依赖于任何固定的基础设施和管理中心,而是通过移动节点间的相互协作和自我组织来保持网络的连接,同时实现数据的传递。 It does not depend on any fixed infrastructure and a management center, but to keep the connection via the network self-organization and mutual cooperation between mobile nodes, while achieving data transfer. 无线自组网络不需要事先设置任何固定设施,如基站,所以它能够快速地部署,从而应用于多种环境之中,如军事、灾难救助、临时会议等。 Wireless ad hoc networks do not require any pre-set fixed infrastructure, such as base stations, so it can be deployed quickly, thus applied in a variety of environments, such as military, disaster relief, interim meetings.

[0003] 随着无线自组网络的广泛应用,无线自组网络的安全保障变得日益重要。 [0003] With the widespread use of wireless ad hoc networks, wireless ad hoc network security has become increasingly important. 现有防范网络入侵的方法可分为三类,即入侵阻止、入侵检测和入侵响应。 Existing network intrusion prevention can be divided into three categories, i.e., intrusion prevention, intrusion detection and response. 所谓入侵阻止就是利用认证、加密和防火墙技术来保护系统不被入侵者攻击和破坏。 The so-called intrusion prevention is the use of authentication, encryption and firewall technology to protect systems from attack and destroy invaders. 但是,这类防护方法应用在无线自组网络环境之中会受到条件的限制,例如网络拓扑动态变化,没有可以控制的网络边界,使得防火墙无法应用。 However, such a protection method applied in a wireless ad-hoc network environment is restricted conditions of, for example, the network topology changes, no border control network, such that the firewall can not be applied. 节点在移动时也可能被敌方俘获而投降,投降节点拥有合法的密钥,加密和认证也失去了作用。 When the mobile node may also be captured by the enemy surrender, surrender node has a legitimate keys, encryption and authentication also lost a role. 所以,尽管入侵阻止方法在传统网络中发挥了重要的作用, 但在无线自组网络中却难以发挥作用。 So, despite the intrusion prevention methods play an important role in the traditional network, but it is difficult to play a role in wireless ad hoc networks. 入侵检测通过分析节点的行为来确定入侵者,按照检测技术,可以分为基于特征的和基于异常的入侵检测。 Intrusion detection to determine the intruder by analyzing the behavior of a node, according to the detection technique, and can be classified based on characteristics of anomaly-based intrusion detection. 迄今为止,无线自组网络安全的研究主要集中于入侵阻止和入侵检测两个方面。 So far, wireless ad hoc network security research focused on intrusion prevention and intrusion detection in two ways. 如何在无线自组网络环境下实现入侵响应还未见相关文献发表。 How to tamper response in the wireless ad hoc network environment has not been published in the literature. 无线自组网络由于其资源有限是相当脆弱的,如果不对入侵者产生及时的响应,阻止其攻击行为,也许会造成整个网络崩溃。 Wireless ad hoc networks because of its limited resources is quite vulnerable if an intruder does not produce timely response to prevent their attacks, may cause the entire network to crash. 当攻击者发动DOS攻击时,在7分钟内整个网络的报文传输率由97%下降到9. 4%,网络流量几乎全部被阻塞,网络无法正常运行。 When the attacker to launch DOS attacks, in 7 minutes the entire network packet transmission rate from 97 percent to 9.4 percent, almost all network traffic is blocked, the network can not function properly. 同时,由于其自组织、缺乏集中控制的特点,特别在多个管理域的环境中使得人工的响应措施难以实施。 Meanwhile, because of its self-organization, the characteristics of lack of centralized control, particularly in response to measures such artificial environment with multiple management domains difficult to implement. 由此可见,尽管入侵阻止和入侵检测技术在防止入侵方面发挥了巨大的作用,但是它们都是被动的防御措施,它们所能取得的效果就是防止正常节点成为入侵行为的牺牲者。 Thus, despite the intrusion prevention and intrusion detection technology has played a huge role in preventing the invasion, but they are passive defensive measures, their effect can be achieved is to prevent the invasion of normal node become the victims of it. 它们不能有效地消除入侵根源-入侵者。 They can not effectively eliminate the root causes of the invasion - the invaders. 那些入侵者能够继续存在并危害网络系统。 The intruders can jeopardize the continued existence and network systems.

[0004] 经对现有技术的文献检索发现,D. Schnackenberg等人在Proceedings ofthe Second DARPA Information Survivability Conference and Exposition(DISCEXII), Anaheim, CA, June 2001 (第二届美国国防高级研究计划局信息生存能力会议集,阿纳海姆, 力口利福尼亚州,2001年6月)发表的《Cooperativelntrusion Traceback and Response Architecture (CITRA)》(《协同入侵追踪和响应体系结构》),提出了一种协同入侵跟踪与响应架构CITIA,该架构将入侵检测、防火墙和路由器组成一个整体来追踪入侵源并在入侵者附近阻止入侵行为。 [0004] literature search of the prior art found, D. Schnackenberg et al. Proceedings ofthe Second DARPA Information Survivability Conference and Exposition (DISCEXII), Anaheim, CA, June 2001 (the second session of the US Defense Advanced Research Projects Agency Information survive the ability to set the meeting, Anaheim, force mouth Li Funi Georgia, June 2001) published "Cooperativelntrusion Traceback and response architecture (CITRA)" ( "collaborative intrusion tracking and response architecture"), proposed a collaborative intrusion tracking and response architecture CITIA, the architecture of intrusion detection, firewalls and routers as a whole to track the source and prevent intrusions invaded nearby intruder. 其具备的功能为跨越网络边界追踪入侵者、阻止入侵者继续危害网络、报告入侵行为、协调入侵响应。 Which have the function to track the intruder across network boundaries to prevent intruders continue to harm the network, reporting intrusions, intrusion response coordination. 该架构的核心是入侵跟踪与孤立协议IDIP, IDIP协议由D. Schnackenberg等人在Proceedings of the DARPA InformationSurvivabilityConference and Exposition, Hilton Head, SC, January 2000 (美国国防高级研究计划局信息生存能力会议集,希尔顿頭岛,南卡罗来纳州,2000年l月)上发表的《Infrastructure for Intrusion Detection andResponse》(《入侵检测和响应架构》)中提出的,IDIP协议将网络分为多个域,每个域内有一个协调管理者。 The core of the architecture is tracking the invasion and isolation protocol IDIP, IDIP agreement by the D. Schnackenberg et al., Proceedings of the DARPA InformationSurvivabilityConference and Exposition, Hilton Head, SC, January 2000 (US Defense Advanced Research Projects Agency Information viability conference set, Hilton head Island, South Carolina, in 2000, published on January l) "infrastructure for intrusion detection andResponse" ( "intrusion detection and response architecture") proposed, IDIP protocol network into multiple regions, each have a coordination manager. IDIP协议中对于一次攻击,首先检测到入侵的节点会向它所有的邻居节IDIP点发送一个事件报告,接收到的节点会首先判断自己是否在攻击路径上,如果是,它将会继续发送这个事件报告给其它的邻居节点。 IDIP event the agreement will send a report to all its neighbors festival IDIP point for an attack, first detected intrusion node, the receiving node to determine whether they will first attack on the path, and if so, it will continue to send this events to other neighbors. 所有在攻击路径上的节点在向邻居节点发IDIP发送事件报告的同时,会把这份报告和它已采取的响应发送给协调管理者,协调管理者综合各节点的信息,协调各节点的响应,从而达到全局最优的响应。 All nodes in the path of the attack at the same time send IDIP send incident reports to the neighbors will respond to the report and that it had taken sent to the coordinator manager, coordinating managers comprehensive information of each node, each node to coordinate response to achieve the global optimum response. CITRA(协同入侵跟踪与响应架构)和IDIP(入侵跟踪与孤立协议)通过各个网络之间信息的交换,对路由器、防火墙和主机的重新配置,实现跨多个网络对入侵者的自动追踪,最后将入侵者在当地予以孤立。 CITRA (collaborative intrusion tracking and response architecture) and IDIP (intrusion tracking and isolation protocol) through the exchange of information between the various networks, reconfiguration of routers, firewalls and host across multiple networks to achieve automatic tracking of intruders, and finally the intruder be isolated in the region. 上述主动防护的方案,都是基于有线Internet网络环境下实施的,在无线自组网络环境下,由于节点移动,动态拓扑变化,使得上述方案难于应用。 Active protection of the above-described embodiment, the embodiment is based on wired Internet network environment, in a wireless ad-hoc network environment, since the mobile node, dynamic topology changes that is difficult to apply the above solution.

发明内容 SUMMARY

[0005] 本发明的目的是针对上述现有技术的不足,提出了一种无线自组织网络主动防护系统,通过多种功能的agent (代理)组成一个整体来实现主动入侵响应,在每个节点布置监视agent,负责收集其周围每个邻居节点的行为信息;每个区域内的决策agent汇总监视agent的信息并进行判断;若存在入侵者,阻击agent在入侵者周围形成一道移动防火墙, 将入侵者包围并隔离于网络,消除入侵行为。 [0005] The object of the present invention is the above-described deficiencies of the prior art proposes a wireless ad-hoc network active protection system, a plurality of functions through the agent (the agent) to form a whole to achieve active intrusion response, each node arrange monitoring agent, is responsible for collecting its neighbor nodes around each behavior information; summarized information decision agent monitoring agent within each region and judgment; if there is an intruder, blocking agent to form a mobile firewall around the intruder, intrusion who surrounded and isolated from the network, eliminating the intrusion.

[0006] 本发明是通过如下技术方案实现的,本发明包括:监视agent、决策agent、阻击agent,其中: [0006] The present invention is achieved by the following technical solution of the present invention comprises: monitoring Agent, decision Agent, blocking Agent, wherein:

[0007] 监视agent设置在每个节点,负责收集其周围每个邻居节点的行为信息,并将收集到的行为信息传输给决策agent ; [0007] monitoring agent is provided in each node, which is responsible for collecting around each neighbor node behavior information, and collected behavioral information to the decision-making agent;

[0008] 决策agent负责监控网络中的一个区域,不需驻留在每一个节点,决策agent汇总监视agent的信息,并将汇总的信息形成某个节点一段时期内的行为序列,再与路由协议进行对比,如果行为符合路由协议则是正常节点,如果行为不符合路由协议,则判断为入侵者发现入侵者后,决策agent将防护命令传输给阻击agent ; [0008] The decision-making agent responsible for monitoring an area network, each node need not reside in, decision-making agent summary information monitoring agent, and the behavior sequence within a certain period of time the node information aggregated form, then the routing protocol comparison, if the behavior is in line with normal protocol routing node, if the behavior does not meet the routing protocol, it is determined that the intruder was an intruder, the decision-making agent protection command is transmitted to the blocking agent;

[0009] 阻击agent接收到决策agent发送的防护命令之后,激活在入侵者周围的节点上的阻击agent,形成一道移动防火墙将入侵者包围隔离,同时将其通信链路断开,阻止入侵者发送与接收任何报文。 [0009] After receiving the blocking agent to the shield transmitted command decision-making agent, blocking agent on the node activation surrounding the intruder, the intruder is formed surrounded by an isolation mobile firewall, while its communication link is disconnected, the transmission stop intruders and receive any message.

[0010] 所述监视agent,包括:监听模块、过滤模块、编码模块和第一通信模块,其中: [0011] 监听模块负责收集监视agent所能收到所有邻居节点的通信内容,无线通信是无方向性的,任何在其通信范围内的节点均可收到其信息,所以节点之间的通信能够被第三方监听; [0010] The monitoring agent, comprising: a monitoring module, a filter module, a first encoding module and a communications module, wherein: [0011] monitoring module is responsible for collecting the monitoring agent can receive all neighbor nodes of the communication content, the wireless communication is not directional, any node within its communication range can receive their information, the communication between nodes can be a third party to listen;

[0012] 过滤模块对监听模块收到的初始信息进行过滤,滤除一些保持连接的等不必要的信息,并将滤除后的信息传输给编码模块,比如用于节点之间保持联接的hello报文就可过滤掉; [0012] The filter module of the monitoring module receives the initial information is filtered, filter out unnecessary information and the like to maintain the connection, and transmits the information to the filtered encoding module, such as for holding coupling between the nodes hello messages can be filtered out;

[0013] 编码模块负责对过滤后的重要信息进行压縮编码,以减少agent之间的通信量,并将压縮后的信息由第一通信模块传输给决策agent。 [0013] Important information responsible for the filtration compression encoding to reduce the amount of communication between the agent, the compressed encoded block transmitted to the decision-making agent by the first communication module.

[0014] 所述决策agent,是整个架构的核心,负责信息的收集、判断、阻击命令产生等任务,决策agent也驻留在节点上,分布于无线自组网络的各处并随节点移动对整个网络进行监视,为了减少对系统资源的占用,它只是平均分布于网络中,即对整个无线自组网络按区域划分,每个决策agent负责一个区域的监控,而不需要驻留在每一个节点上。 [0014] The decision-making agent, the core of this architecture is responsible for collecting the information, determining, and the like check command generation task, decision-making agent reside on nodes distributed throughout the wireless ad hoc network and with the mobile node monitor the entire network, in order to reduce the usage of system resources, it's just evenly distributed in the network, that is, on the whole wireless ad hoc network by region, each decision agent responsible for monitoring an area, without having to reside in every node. [0015] 所述决策agent,包括:第二通信模块、分析模块、响应模块、策略库模块,其中: [0016] 第二通信模块,用于与监视agent进行通信,收集监视agent对邻居节点的监视信息; [0015] The decision-making agent, comprising: a second communication module, an analysis module, a response module, the policy library module, wherein: [0016] a second communication module configured to communicate with the monitoring agent, collecting agent for monitoring neighboring nodes monitoring information;

[0017] 分析模块,用于对监视agent发来的各节点信息进行综合判断,采用基于规范的 [0017] The analysis module for each node of the information sent by the monitoring agent comprehensive judgment, based norms

入侵检测方法,从策略库模块取出路由协议规范,对节点行为进行判断,如果某个节点的行 Intrusion detection method, taken out from the policy repository routing protocol specification module determines the behavior of the node, if a node line

为只有少数不正常,则不一定是入侵节点,可能是线路故障,若多次判断均出现不正常,判 Is only a few is not normal, it is not necessarily a node invasion, might be a line fault, if the judge were repeatedly appear abnormal, sentenced

定该节点为入侵节点,并将判断结果传输给响应模块; Given this node is the node invasion, and the determination result to the response module;

[0018] 策略库模块中存储路由协议规范,并供分析模块调用; [0018] the policy module library stored routing protocol specification, and calls for an analysis module;

[0019] 响应模块根据分析模块的有入侵节点的判断结果,产生防护命令,用以激活阻击agent。 [0019] Response module determination result node according intrusion analysis module, generating protection order to activate the blocking agent.

[0020] 所述决策agent,其采用查询应答方式与监视agent之间进行交互,在节点动态变化的过程中,定时向周围的节点发送查询报文,受到查询报文的监视agent后将监视收集的信息通过第二通信模块发给决策agent,决策agent能够综合区域内每个监视agent的信息,对某个节点的监视就会比较完全,不会有信息遗漏。 [0020] The decision-making agent, which is employed between the query and the answer mode monitoring agent interact, during the dynamic node, periodically sends a query to the surrounding nodes, by monitoring agent monitoring after collection query messages the decision-making information to the agent through the second communication module, each monitoring agent information in the area of ​​decision-making agent capable of comprehensive monitoring of a node will be relatively complete, there will be no missing information.

[0021] 所述决策agent,其定时向周围节点广播查询报文,报文的传输范围由决策agent [0021] The decision-making agent, the timing of the request packet to its surrounding nodes broadcast packets transmitted by the range decision-making agent

的监视范围所定,监视范围为以决策agent为中心一跳或几跳的范围。 The monitoring range set by the monitoring range to the center of decision-making agent for the range of a few hops or hop.

[0022] 所述分析模块,基于路由协议的规范对节点的行为进行分析,采用基于规范的入 [0022] The analysis module to analyze the behavior of the node based on routing protocol specification, based on a specification of the use of

侵检测方法,如正常节点在接收到发往其他节点的报文应该及时转发出去,如果某接收报 Intrusion detection methods, such as normal receiving node should be forwarded to another node sent packets in time out if a received message

文后即进行了转发,是正常网络操作。 After the text has been forwarded is a normal network operations. 如果某节点只收报文不转发报文,不是正常网络行 If a node only charge packet does not forward packets, instead of the normal line network

为。 for. 当某个节点的不正常行为超过了设定的限度,就可认定为其为入侵节点。 When a node is not normal behavior exceeds the limits set for the invasion can be identified for its node.

[0023] 所述决策agent,由于网络节点的动态特性,某个区域的决策agent可能由于节点 [0023] The decision-making agent, because of the dynamic characteristics of the network node, decision-making agent may be an area since the node

移动、节点退出而空缺或决策agent遭到攻击而失效,此时监视agent就收不到决策agent Mobile, node or withdraw the decision agent vacancies attack and fail, then the monitoring agent to receive the decision agent

的查询报文,当超过了设定的时间限度,就可推断该区域的决策agent已经不存在,该区域 The query message, a time when more than a set limit, the decision can be inferred agent in the region does not exist in the region

的节点则选举一个节点驻留决策agent,并由该节点从周围节点请求一个决策agent,该请 The node is a node that resides election decision-making agent, request a decision by the node agent from surrounding nodes that please

求报文达到周围区域的某个决策agent时,该决策agent复制一份,复制后的决策agent移 When the request packets reaches a certain area around the decision-making agent, the agent a copy of the decision-making, decision-making agent after copying shift

动到请求节点,可能会有多个决策agent响应,最先到达的决策agent发挥作用,随后到达 Moving to the requesting node, the response may be a plurality of decision-making agent, the first agent to function decision reached, then to the

的抛弃。 The abandoned.

[0024] 所述选举一个节点驻留决策agent,采用竞争方式进行选举,哪个节点先申请哪个节点作为决策agent的驻留节点,或哪个节点资源充足哪个作为决策agent的驻留节点。 [0024] The election of a decision node resident agent, a competitive mode elections, which node to which node application as a resident agent's decision node, which node or adequate resources which reside as a node of the decision-making agent. [0025] 所述阻击agent,包括:第三通信模块、定位模块、隔离模块和休眠模块,其中: [0026] 第三通信模块用于接收决策agent的阻击命令,定位模块用于确定入侵者的位置,如果入侵者位于阻击agent所在节点的周围,启动隔离模块功能; [0025] The blocking agent, comprising: a third communication module, a positioning module, and a sleep module isolation module, wherein: [0026] a third communication means for receiving the check command decision-making agent, the positioning means for determining an intruder position, if an intruder is located around the check node where the agent, isolation module start function;

[0027] 隔离模块,其负责阻止入侵节点的路由请求和报文发送,也不再向入侵节点转发报文。 [0027] isolation module, which is responsible for preventing the invasion node route request and sending the message, not again invade node forwards packets. 无线自组网络中节点必须通过邻居节点的转发才能加入网络,此时虽然入侵节点在网络中,但它被阻击agent所隔离,不能参与任何网络功能,这样最大程度地减少了对网络的危害。 Wireless ad hoc network nodes must be added by forwarding to the neighbor nodes in the network, although this time the invasion of nodes in the network, but it was blocking agent by isolation, can not participate in any network capabilities, so to minimize the harm to the network.

[0028] 休眠模块负责在两种情况下结束阻击agent, 一是在设定时间内定位不到入侵者时,就是入侵者不在阻击agent所在节点的周围;二是入侵者死亡不再需要阻击agent隔离时,休眠模块能防止阻击agent大量长时间占用节点资源,只有当入侵者存在时,才需要阻击agent隔离,入侵者死亡,阻击agent也应自行休眠。 [0028] hibernation module is responsible for the end of the blocking agent in both cases, when one is positioned within the set time is less than an intruder, the intruder is located around the node agent is not in check; the second is the death of the intruder blocking agent is no longer needed when isolation, sleep module blocking agent to prevent the prolonged occupation of a large number of node resources only when there is an intruder only needs blocking agent isolation, death intruder, blocking agent should sleep on their own.

[0029] 本发明工作时,包括入侵检测和入侵响应两个部分,入侵节点周围节点上的监视agent时刻监视入侵节点的行为并将其行为进行编码,当入侵节点连续发送查询报文时,各监视agent将编码发往本区域的决策agent,决策agent调用策略库中的路由规范进行判断,判断为入侵行为后,下一步进行入侵响应,决策agent的响应模块开始产生阻击命令, 发给阻击agent,阻击agent被激活,阻击agent命令入侵节点的邻节点,到达后将临节点与入侵节点的链路中断,拒绝入侵节点的任何路由报文,同时其他决策agent重复这样的工作,这样入侵节点虽然在网络中,但已完全被其周围节点隔离。 [0029] In operation of the present invention, including intrusion detection and response of the two portions, the monitor node invasion of surrounding nodes always monitor agent node invasion behavior and conduct coding, when invaded node continuously sends query messages, each monitoring agent coding decision-making agent sent to the region, the decision agent call routing policy specification library judge determines that the intrusion, the next step for intrusion response decision-making agent response module begins to generate blocking order issued blocking agent , blocking agent is activated, blocking agent command neighbor node invasion, arriving after temporary link nodes and node invasion interrupted, reject any message routing node invasion, as well as other decision-making agent repeat this kind of work, so although node invasion in the network, but it has been completely isolated from the surrounding nodes. [0030] 与现有技术相比,本发明具有如下有益效果: [0030] Compared with the prior art, the present invention has the following advantages:

[0031] 1、能够实时地发现并主动阻断入侵者的攻击行为,保障无线自组织网络的安全和正常运行。 [0031] 1, it can be found in real-time and take the initiative to block the attack intruders, protect the safety of wireless ad hoc networks and uptime.

[0032] 2、移动防火墙只在在攻击者周围形成,无需全网实施响应,从而能使入侵响应局部化,大大减少主动防护所消耗的网络资源。 [0032] 2, moves only in the firewall are formed around the attacker, without the whole network in response embodiments, thereby enabling localized intrusion response, greatly reducing the network resources consumed by active protection.

附图说明 BRIEF DESCRIPTION

[0033] 图1是本发明的系统结构框图; [0034] 图2是本发明中监视agent的结构框图; [0035] 图3是本发明中决策agent的结构框图; [0036] 图4是本发明中阻击agent的结构框图; [0037] 图5是一个无线自组织网络拓扑图; [0038] 图6是入侵节点发动攻击图; [0033] FIG. 1 is a system block diagram according to the present invention; [0034] FIG. 2 is a block diagram showing the monitoring agent of the present invention; [0035] FIG. 3 is a block diagram of the present invention, decision-making agent; and [0036] FIG. 4 is present blocking agent in a block diagram of the invention; and [0037] FIG. 5 is a wireless ad-hoc network topology; [0038] FIG. 6 is a node invasion FIG attack;

[0039] 图7是本发明中阻击agent形成移动防火墙后孤立入侵节点的结果示意图。 [0039] FIG. 7 is a schematic diagram of the result after the isolated node invasion blocking agent in the present invention form a moving firewall. 具体实施方式 Detailed ways

[0040] 下面结合附图对本发明的实施例作详细说明:本实施例在以本发明技术方案为前提下进行实施,给出了详细的实施方式和具体的操作过程,但本发明的保护范围不限于下述的实施例。 [0040] The following embodiments in conjunction with the accompanying drawings of embodiments of the present invention will be described in detail: In the present embodiments of the present invention is a technical premise, given the specific operation and detailed embodiments, but the scope of the present invention It is not limited to the following examples.

[0041 ] 如图5所示,是应用本实施例的一个无线自组织网络的拓扑图,该无线自组织网络中,有15个移动节点,从节点A到节点0,相邻节点通过双向链路(表示为-*)进行连接,其中节点H为入侵者。 [0041] As shown in FIG 5, the application is a wireless ad-hoc topology network according to the present embodiment, the wireless ad hoc network, the mobile node 15 from node A to node 0, the neighboring node by a bidirectional link road (indicated as - *) for connecting node H intruder.

[0042] 如图1所示,本实施例包括:监视agent、决策agent、阻击agent,其中: [0042] As shown in FIG 1, the present embodiment includes: monitoring Agent, decision Agent, blocking Agent, wherein:

[0043] 监视agent设置在每个节点,负责收集其周围每个邻居节点的行为信息,并将收 [0043] monitoring agent is provided in each node, which is responsible for collecting around each neighbor node behavior information, and income

集到的行为信息传输给决策agent ;图5中,15个节点(表示为〇)都驻留监视agent,监 To set information to the behavior decision Agent; FIG. 5, the node 15 (expressed as square) Agent resides monitoring, supervision

听并收集其邻居节点的行为信息。 Listen and collect information about the behavior of its neighbors. [0044] 决策agent负责监控网络中的一个区域,不需驻留在每一个节点,决策agent汇总监视agent的信息,并将汇总的信息形成某个节点一段时期内的行为序列,再与路由协议进行对比,如果行为符合路由协议则是正常节点,如果行为不符合路由协议,则判断为入侵者发现入侵者后,决策agent将防护命令传输给阻击agent ;图5中,三个节点C、L、0(表示为口)中驻留了决策agent,负责其区域内信息的汇总与决策,如节点L上的决策agent就负责汇总节点D、 E、 M、 L节点上监视agent所收集的信息。 [0044] The decision-making agent responsible for monitoring an area network, each node need not reside in, decision-making agent summary information monitoring agent, and the behavior sequence within a certain period of time the node information aggregated form, then the routing protocol comparison, if the routing protocol is in line with the behavior of a normal node, if the behavior does not meet the routing protocol, it is determined that the intruder intruder, the guard decision-making agent blocking command is transmitted to the agent; FIG. 5, three nodes C, L , 0 (indicated as port) resident in the decision-making agent, responsible for its aggregation and decision information within the region, such as a decision-making agent at the node L is responsible for summing node D, E, monitoring information collected by the agent being M, L node .

[0045] 阻击agent接收到决策agent发送的防护命令之后,激活在入侵者周围的节点上的阻击agent,形成一道移动防火墙将入侵者包围隔离,同时将其通信链路断开,阻止入侵者发送与接收任何报文。 [0045] After receiving the blocking agent to the shield transmitted command decision-making agent, blocking agent on the node activation surrounding the intruder, the intruder is formed surrounded by an isolation mobile firewall, while its communication link is disconnected, the transmission stop intruders and receive any message.

[0046] 如图2所示,所述监视agent,包括:监听模块、过滤模块、编码模块和第一通信模块,其中: [0046] 2, the monitoring Agent, comprising: a monitoring module, a filter module, a first encoding module and a communications module, wherein:

[0047] 监听模块负责收集监视agent所能收到所有邻居节点的通信内容,无线通信是无方向性的,任何在其通信范围内的节点均可收到其信息,所以节点之间的通信能够被第三方监听; [0047] The monitoring module is responsible for collecting the monitoring agent can receive all neighbor nodes of the communication content, a non-directional wireless communication, any node within its communication range can receive its information, communication between nodes can be third party monitor;

[0048] 过滤模块对监听模块收到的初始信息进行过滤,滤除一些保持连接的等不必要的信息,并将滤除后的信息传输给编码模块,比如用于节点之间保持联接的hello报文就可过滤掉; [0048] The filter module of the monitoring module receives the initial information is filtered, filter out unnecessary information and the like to maintain the connection, and transmits the information to the filtered encoding module, such as for holding coupling between the nodes hello messages can be filtered out;

[0049] 编码模块负责对过滤后的重要信息进行压縮编码,以减少agent之间的通信量, 并将压縮后的信息由第一通信模块传输给决策agent。 [0049] Important information responsible for the filtration compression encoding to reduce the amount of communication between the agent, the compressed encoded block transmitted to the decision-making agent by the first communication module.

[0050] 如图3所示,所述决策agent,包括:第二通信模块、分析模块、响应模块、策略库模块,其中: [0050] As shown in FIG. 3, the decision Agent, comprising: a second communication module, an analysis module, a response module, the policy library module, wherein:

[0051] 第二通信模块,用于与监视agent进行通信,收集监视agent对邻居节点的监视信息; [0051] The second communication module configured to communicate with the monitoring agent, the monitoring agent monitoring information collected on neighbor nodes;

[0052] 响应模块负责在节点动态变化的过程中,定时向周围的节点发送查询报文,受到 [0052] The module is responsible for the processing node in response to dynamically changing, periodically sends a query to the surrounding nodes, by

查询报文的监视agent后将监视收集的信息通过第二通信模块发给决策agent ; Information will monitor the agent query messages sent to monitor the collection of the decision-making agent through the second communication module;

[0053] 分析模块,用于对监视agent发来的各节点信息进行综合判断,采用基于规范的 [0053] The analysis module for each node of the information sent by the monitoring agent comprehensive judgment, based norms

入侵检测方法,从策略库模块取出路由协议规范,对节点行为进行判断,如果某个节点的行 Intrusion detection method, taken out from the policy repository routing protocol specification module determines the behavior of the node, if a node line

为只有少数不正常,则不一定是入侵节点,可能是线路故障,若多次判断均出现不正常,判 Is only a few is not normal, it is not necessarily a node invasion, might be a line fault, if the judge were repeatedly appear abnormal, sentenced

定该节点为入侵节点; Given this node is node invasion;

[0054] 策略库模块中存储路由协议规范,并供分析模块调用; [0054] the policy module library stored routing protocol specification, and calls for an analysis module;

[0055] 如图4所示,所述阻击agent,包括:第三通信模块、定位模块、隔离模块和休眠模块,其中: [0055] As shown, the blocking agent 4, comprising: a third communication module, a positioning module, and a sleep module isolation module, wherein:

[0056] 第三通信模块用于接收决策agent的阻击命令,定位模块用于确定入侵者的位置,如果入侵者位于阻击agent所在节点的周围,启动隔离模块功能; [0056] The third decision-making agent communication means for receiving the check command, the positioning means for determining the position of the intruder, the intruder is located around the node where the blocking agent, the isolation module start function;

[0057] 隔离模块,其负责阻止入侵节点的路由请求和报文发送,也不再向入侵节点转发报文。 [0057] isolation module, which is responsible for preventing the invasion node route request and sending the message, not again invade node forwards packets. 无线自组网络中节点必须通过邻居节点的转发才能加入网络,此时虽然入侵节点在网络中,但它被阻击agent所隔离,不能参与任何网络功能,这样最大程度地减少了对网络的危害。 Wireless ad hoc network nodes must be added by forwarding to the neighbor nodes in the network, although this time the invasion of nodes in the network, but it was blocking agent by isolation, can not participate in any network capabilities, so to minimize the harm to the network.

[0058] 休眠模块负责在两种情况下结束阻击agent,—是在设定时间内定位不到入侵者时,就是入侵者不在阻击agent所在节点的周围;二是入侵者死亡不再需要阻击agent隔离时,休眠模块能防止阻击agent大量长时间占用节点资源,只有当入侵者存在时,才需要阻击agent隔离,入侵者死亡,阻击agent也应自行休眠。 [0058] hibernation module is responsible for the end of the blocking agent in both cases - is positioned within the set time is less than an intruder, the intruder is around where the node agent is not in check; the second is the death of the intruder blocking agent is no longer needed when isolation, sleep module blocking agent to prevent the prolonged occupation of a large number of node resources only when there is an intruder only needs blocking agent isolation, death intruder, blocking agent should sleep on their own.

[0059] 如图6所示,中显示入侵节点H(表示为A )开始发动拒绝服务攻击,它向整个网络泛洪发送大量无用数据报文或路由查询报文,数据报从入侵者周围节点开始向整个网络扩散,大量占用和消耗网络资源,导致其他节点无法正常传送报文,图中:一一表示攻击报文传播路线。 [0059] As shown in FIG. 6, the display node invasion H (denoted as A) starting a denial of service attack, it sends a large number of useless packets or routing data query message to the entire network flooding, datagrams from node around the intruder It began to spread to the entire network, intensive and consumes network resources, leading to other nodes can not properly transmit messages, the figure: eleven represents the attack packet propagation path.

[0060] 本实施例工作时包括入侵检测和入侵响应两个过程: Including intrusion detection and response procedure when two [0060] Example embodiments of the present work:

[0061] 首先是入侵检测,节点F、G、 I、D是H的邻居,在节点F、G、 I、D上的监视agent时刻监视节点H的行为并将其行为进行编码,当H节点连续发送查询报文时,其行为的编码为"6666665", F节点上的监视agent将编码发往C节点上的决策agent, D节点上监视agent 的监视数据发向L节点上的决策agent,G、1节点上监视agent的监视数据发往0节点上的决策agent。 [0061] First, detection, the nodes F, G, I, D is H neighbor, the monitoring agent monitoring the time behavior of nodes on the node H, F, G, I, D and behavior of the encoding, if Node H continuously transmitting a query message, encodes the action is "6666665", monitors the F node agent encoded sent to decision-making agent on node C, decision-making agent on a monitoring agent on the D-node monitors the data sent to the node L, the monitoring agent G, 1 node watcher data to the decision-making agent on the 0 node. 决策agent调用策略库中的路由规范进行判断。 Decision-making agent call routing policy specification library judge.

[0062] 判断为入侵行为后,下一步进行入侵响应,决策agent的响应模块开始产生阻击命令,发给阻击agent,在节点C、 L、 0上的决策agent判断有入侵后,分别产生阻击agent 命令,节点C上决策agent产生的阻击agent命令沿CF链路到达入侵者H的邻节点F,到达后将节点F与入侵者H的链路FH中断,拒绝H节点的任何路由报文。 After the [0062] intrusion is determined, the next step in response to the invasion, the decision-making agent response module begins to generate blocking command issued blocking agent, after the node C, L, the decision on the determination 0 intrusion agent, generate blocking agent decision-making agent to produce on command, the command node C blocking agent in CF links reach the intruder H neighbor node F, node F after reaching the intruder H link FH interrupt reject any message routing node H. 同样,节点L和0上的决策agent产生的阻击agent命令分别到达入侵者的另外三个邻居节点D、 I、 G,同时将其与节点H的链路DH、IH、GH断开。 Similarly, the decision node L 0 and the blocking agent command generating agent reaches each of the other three neighbors intruder D, I, G, while the link with the node H DH, IH, GH disconnected. 这样入侵者H虽然在网络中,但已完全被其周围节点隔离。 Although H intruder in the network, but it has been completely isolated from the surrounding nodes.

[0063] 如图7所示,阻击agent命令传输到入侵者周围四个节点,激活阻击agent形成一道移动防火墙,如图中的虚线,将入侵者隔离。 [0063] As shown in FIG. 7, the command to the blocking agent intruder around four nodes, blocking the activating agent is formed a firewall movement, as shown by a broken line, the intruder isolation. 图中,(D表示阻击agent驻留的节点,一表示阻击agent移动路线,X表示中断链路连接。 FIG, (D represents a blocking agent resident node, indicates a moving path blocking agent, X represents a breaking the link connection.

[0064] 从上述分析可以看出,遍布整个网络的监视agent实现对每个节点的监控,将节点的行为编码后发送到决策agent,决策agent进行判断。 [0064] As can be seen from the above analysis, throughout the network monitoring agent implementation of monitoring of each node, the transmitting node after the agent behavior to decision coding, decision-making agent is determined. 如果发现入侵者,则决策agent 发出阻击agent命令,由阻击agent将入侵者包围并隔离,最终消除入侵的影响,实现网络的正常运转,整个过程是自动进行的,无需人工干预,实现了实时的主动入侵防护。 If you find the intruder, the decision agent issuing the command blocking agent, agent will be surrounded by the blocking intruders and isolation, and ultimately eliminate the impact of the invasion, to achieve the normal operation of the network, the whole process is automatic, without human intervention, to achieve real-time proactive intrusion prevention.

Claims (8)

  1. 一种无线自组织网络主动防护系统,其特征在于,包括:监视agent、决策agent、阻击agent,其中:监视agent设置在每个节点,负责收集其周围每个邻居节点的行为信息,并将收集到的行为信息传输给决策agent;决策agent负责监控网络中的一个区域,决策agent汇总该区域内监视agent的信息,并将汇总的信息形成某个节点一段时期内的行为序列,再与路由协议进行对比,如果行为符合路由协议则是正常节点,如果行为不符合路由协议,则判断为入侵者,发现入侵者后,决策agent将防护命令传输给阻击agent;阻击agent接收到决策agent发送的防护命令之后,激活在入侵者周围的节点上的阻击agent,形成一道移动防火墙将入侵者包围隔离,同时将其通信链路断开,阻止入侵者发送与接收任何报文。 A wireless ad hoc network active protection system comprising: monitoring agent, decision agent, blocking agent, wherein: the monitoring agent is provided in each node, which is responsible for collecting around each neighbor node behavior information, and collect to conduct information to the decision-making agent; decision-making agent is responsible for monitoring a LAN in the decision-making agent summary information agent to monitor the region, and action sequences within a certain period of time node information aggregated form, and then routing protocol comparison, if the routing protocol is in line with the behavior of a normal node, if the behavior does not meet the routing protocol, it is determined that an intruder, the intruder found, the decision-making agent protection command is transmitted to the blocking agent; blocking agent receives the transmitted guard decision-making agent after the command, the node activation of the intruder blocking agent on surrounding, forming a moving intruder surrounded firewall isolation, while its communication link is disconnected, to prevent any intruder sending and receiving packets.
  2. 2. 根据权利要求1所述的无线自组织网络主动防护系统,其特征是,所述监视agent,包括:监听模块、过滤模块、编码模块和第一通信模块,其中:监听模块负责收集监视agent所能收到所有邻居节点的通信内容;过滤模块对监听模块收到的初始信息进行过滤,滤除保持连接的信息,并将滤除后的信息传输给编码模块;编码模块负责对过滤后的重要信息进行压縮编码,并将压縮后的信息由第一通信模块传输给决策agent 。 The wireless ad-hoc network system of active protection according to claim 1, characterized in that said monitoring agent, comprising: a monitoring module, a filter module, a first encoding module and a communications module, wherein: the monitoring module is responsible for collecting the monitoring agent You can receive the contents of all neighbor nodes of the communication; information filtering module for the monitoring module receives the initial filter, to filter out information holding connection, and transmits the information to the encoding module filtered; coding module is responsible for the filtered important information coding, the compressed information is transmitted by the first communication module to a decision-making agent.
  3. 3. 根据权利要求1所述的无线自组织网络主动防护系统,其特征是,所述决策agent,其采用查询应答方式与监视agent之间进行交互,在节点动态变化的过程中,定时向周围的节点发送查询报文,收到查询报文的监视agent后将监视收集的信息通过第一通信模块发给决策agent 。 The wireless ad-hoc network system of active protection according to claim 1, characterized in that said decision Agent, which interaction between the query using the monitoring Agent answer mode, the processing node dynamically changing timing to the surrounding the node sends a query message, the monitoring agent will receive information query message sent to monitor the decision-making agent collected by the first communication module.
  4. 4. 根据权利要求1所述的无线自组织网络主动防护系统,其特征是,所述决策agent,其定时向周围节点广播查询报文,报文的传输范围由决策agent的监视范围所定,监视范围为以决策agent为中心一跳或几跳的范围。 The wireless ad hoc network active protection system according to claim 1, wherein said decision-making agent, its timing to the surrounding nodes broadcasts a query packet, the packet transmission range of a predetermined range of decision by the monitoring agent and monitoring range to the center of decision-making agent for the range of a few hops or hop.
  5. 5. 根据权利要求1所述的无线自组织网络主动防护系统,其特征是,所述决策agent,由于网络节点的动态特性,当某个区域的决策agent由于节点移动、节点退出而空缺或决策agent遭到攻击而失效时,此时监视agent就收不到决策agent的查询报文,当超过了设定的时间限度,就推断该区域的决策agent已经不存在,该区域的节点则选举一个节点驻留决策agent,并由该节点从周围节点请求一个决策agent,该请求报文达到周围区域的某个决策agent时,该决策agent复制一份,复制后的决策agent移动到请求节点,当有多个决策agent响应时,最先到达的决策agent发挥作用,随后到达的抛弃。 The wireless ad hoc network active protection system according to claim 1, wherein said decision-making agent, because of the dynamic characteristics of the network node, when a decision-making agent node area due to the movement, vacancies or decision node exits when the agent was attacked and disabled. a monitoring agent agent's decision not receive a query message, when more than the time limit set, it is concluded that the decision-making agent in the region does not exist, the nodes in the region is to elect a decision-making agent resident node, the node from the surrounding nodes by requesting a decision-making agent, the request packet reaches a decision area around the agent, the copy of the decision-making agent, the replication agent after the decision to move to the requesting node, when when there are multiple decision-making agent response, the first to reach the decision-making role of the agent, and then abandoned it arrives.
  6. 6. 根据权利要求5所述的无线自组织网络主动防护系统,其特征是,所述选举一个节点驻留决策agent,采用竞争方式进行选举,哪个节点先申请哪个节点作为决策agent的驻留节点,或哪个节点资源充足哪个作为决策agent的驻留节点。 The wireless ad hoc network active protection system according to claim 5, characterized in that the election of a decision-making agent resident node, a competitive election mode, which is the first node which node application resident node as the decision-making agent which as a decision-making agent resident node, which node or adequate resources.
  7. 7. 根据权利要求1或3或4或5或6所述的无线自组织网络主动防护系统,其特征是,所述决策agent,包括:第二通信模块、分析模块、响应模块、策略库模块,其中:第二通信模块,用于与监视agent进行通信,收集监视agent对邻居节点的监视信息;分析模块,用于对监视agent发来的各节点信息进行综合判断,采用基于规范的入侵检测方法,从策略库模块取出路由协议规范,对节点行为进行判断,如果某个节点的行为只有少数不正常,则不一定是入侵节点,可能是线路故障,若多次判断均出现不正常,判定该节点为入侵节点,并将判断结果传输给响应模块;策略库模块中存储路由协议规范,并供分析模块调用;响应模块根据分析模块的有入侵节点的判断结果,产生防护命令,用以激活阻击agent。 The wireless ad-hoc network or active protection system of claim 4 or 5, or as claimed in claim 1 or 36, characterized in that said decision Agent, comprising: a second communication module, an analysis module, a response module, the policy library module wherein: the second communication module for communicating with the monitoring agent, the monitoring agent monitoring information collected on neighbor nodes; analysis module for each node of the information sent by the monitoring agent comprehensive judgment, based intrusion detection specification method, remove from the policy library module routing protocol specification, node behavior to determine if the behavior of a node is only a few is not normal, it is not necessarily a node invasion, it might be a line fault, if the judge were repeatedly appear abnormal, determination the node is a node invasion, and the determination result to the response module; policy repository storing a routing protocol specification module and analysis module for the call; a response module according to the determination result of intrusion node analysis module, generating protection order to activate blocking agent.
  8. 8.根据权利要求1所述的无线自组织网络主动防护系统,其特征是,所述阻击agent,包括:第三通信模块、定位模块、隔离模块和休眠模块,其中:第三通信模块用于接收决策agent的防护命令,定位模块用于确定入侵者的位置,如果入侵者位于阻击agent所在节点的周围,启动隔离模块功能;隔离模块,其负责阻止入侵节点的路由请求和报文发送,也不再向入侵节点转发报文;休眠模块负责在两种情况下结束阻击agent, 一是在设定时间内定位不到入侵者时,就是入侵者不在阻击agent所在节点的周围;二是入侵者死亡不再需要阻击agent隔离时,休眠模块能防止阻击agent大量长时间占用节点资源,只有当入侵者存在时,才需要阻击agent隔离,入侵者死亡,阻击agent自行休眠。 8. The wireless ad hoc network active protection system according to claim 1, characterized in that the blocking Agent, comprising: a third communication module, a positioning module, and a sleep module isolation module, wherein: a third communication module receiving a command decision protective agent, the positioning means for determining the position of the intruder, the intruder is located around the node where the blocking agent, the isolation module start function; isolation module, which is responsible for routing request packets and to prevent the invasion of the node, but also not forward packets to invade node; dormant end module is responsible for blocking agent in both cases, when one is positioned within the set time is less than an intruder, the intruder is located around the node agent is not in check; the second is an intruder when death is no longer required blocking agent isolation, sleep module blocking agent to prevent prolonged occupation of a large number of node resources only when there is an intruder only needs blocking agent isolation, intruder death, self-blocking agent dormant.
CN 200810041455 2008-08-07 2008-08-07 Active protection system for wireless self-organizing network CN101355416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810041455 CN101355416B (en) 2008-08-07 2008-08-07 Active protection system for wireless self-organizing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810041455 CN101355416B (en) 2008-08-07 2008-08-07 Active protection system for wireless self-organizing network

Publications (2)

Publication Number Publication Date
CN101355416A CN101355416A (en) 2009-01-28
CN101355416B true CN101355416B (en) 2010-07-28

Family

ID=40308029

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810041455 CN101355416B (en) 2008-08-07 2008-08-07 Active protection system for wireless self-organizing network

Country Status (1)

Country Link
CN (1) CN101355416B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9055105B2 (en) * 2009-05-29 2015-06-09 Nokia Technologies Oy Method and apparatus for engaging in a service or activity using an ad-hoc mesh network
CN101977384B (en) * 2010-10-19 2012-11-21 河源市特灵通通讯有限公司 Active protection method of wireless MESH network intrusion based on signal detection
CN102006586B (en) * 2010-11-30 2013-01-09 上海交通大学 Wireless Mesh network intrusion detection system and detection method thereof
CN102291712B (en) * 2011-08-16 2014-09-03 清华大学 Adaptive active defense realizing method and system in WSN (wireless sensor network)
CN103561030A (en) * 2013-11-07 2014-02-05 国家电网公司 Wireless self-organizing network intrusion detection method and device

Also Published As

Publication number Publication date
CN101355416A (en) 2009-01-28

Similar Documents

Publication Publication Date Title
Bansal et al. Observation-based cooperation enforcement in ad hoc networks
Shi et al. Designing secure sensor networks
Liu et al. An acknowledgment-based approach for the detection of routing misbehavior in MANETs
Li et al. Smart community: an internet of things application
Keromytis et al. SOS: An architecture for mitigating DDoS attacks
Wu et al. A survey of attacks and countermeasures in mobile ad hoc networks
Biswas et al. Security threats in mobile ad hoc network
Sterne et al. A general cooperative intrusion detection architecture for MANETs
Anantvalee et al. A survey on intrusion detection in mobile ad hoc networks
Di Pietro et al. Security in wireless ad-hoc networks–a survey
Wood et al. Denial of service in sensor networks
Brutch et al. Challenges in intrusion detection for wireless ad-hoc networks
Raymond et al. Denial-of-service in wireless sensor networks: Attacks and defenses
Deng et al. Routing security in wireless ad hoc networks
Djahel et al. Mitigating packet dropping problem in mobile ad hoc networks: Proposals and challenges
Douligeris et al. DDoS attacks and defense mechanisms: classification and state-of-the-art
Tseng et al. A specification-based intrusion detection system for AODV
Karakehayov Using REWARD to detect team black-hole attacks in wireless sensor networks
KR100813007B1 (en) Wireless sensor network and adaptive method for monitoring the security thereof
Park et al. LiSP: A lightweight security protocol for wireless sensor networks
US8069216B2 (en) Method and apparatus for alerting nodes of a malicious node in a mobile ad-hoc communication system
Singh et al. Hello flood attack and its countermeasures in wireless sensor networks
Zhang et al. Security in Mobile Ad-hoc networks
CN101159748B (en) Entity authentication method in wireless sensor network
CN100471141C (en) Mixed intrusion detection method of wireless sensor network

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted
C17 Cessation of patent right