CN101917733A - Method for detecting flooding attack by wireless self-organizing network route query - Google Patents
Method for detecting flooding attack by wireless self-organizing network route query Download PDFInfo
- Publication number
- CN101917733A CN101917733A CN 201010250860 CN201010250860A CN101917733A CN 101917733 A CN101917733 A CN 101917733A CN 201010250860 CN201010250860 CN 201010250860 CN 201010250860 A CN201010250860 A CN 201010250860A CN 101917733 A CN101917733 A CN 101917733A
- Authority
- CN
- China
- Prior art keywords
- node
- message
- routing inquiry
- route
- inquiry message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a method for detecting flooding attack by wireless self-organizing network route query, which comprises the following steps: (1) monitoring and counting route query messages produced by nodes around the node by each node and judging whether the route query messages are normal or forged by using a method for monitoring whether each route query message has a route reply message; (2) checking the counting record of the route query messages by each node per se every other set time; and if the quantity of the forged route query messages produced by a certain node around the node is found to reach or exceed a set threshold within the set time, then judging the node to be an attacking node and blacklisting the node; and (3) directly discarding and not forwarding the received route query messages sent by nodes in the blacklist any more by each node. The method only counts the forged messages of the flooding attack, separates out attacking nodes, increases correct detection rate and reduces misinformation rate to prevent the flooding attack.
Description
Technical field
The present invention relates to a kind of detection method of ad hoc routing inquiry extensive aggression, exactly, relate to a kind ofly in wireless self-organization network, utilize routing inquiry in the reaction equation Routing Protocol and routing reply mechanism and the detection method of the flooding attack by wireless self-organizing network route query realized; The network security technology field that belongs to data communication.
Background technology
Wireless self-organization network is a kind of novel mobile multi-hop cordless communication network, this network does not rely on any fixing infrastructure and administrative center, but keep the connection between each node in the network by mutual cooperation between mobile node and self, realize the transmission of data simultaneously.Compare with cable network, the special character of wireless self-organization network is: network topology may change in real time, is difficult to pre-determine, thereby causes the routing inquiry of traditional cable network and routing mechanism to turn round well.Based on these characteristics, wireless self-organization network generally adopts the reaction equation routing algorithm, promptly can not find in route-caching in the specified path, just sends query message and obtains route, and therefrom select an only route.
The content of this reaction equation routing algorithm generally includes: the source node elder generation of desire transmission packet is node broadcasts routing inquiry message towards periphery; When each node is received this routing inquiry message,, then this query message is transmitted to its other adjacent node on every side if the destination node of inquiry is not this node self; If the destination node of query message is this node just, then this node will be constructed a route reply message, and sends it back to source node; Carry in this route reply message from source node to by a reachable path the query node.If source node is not received the route reply message, think that then the destination node of inquiry does not exist; If receive the route reply message, then take out reachable path and send datagram according to this path, record the path to simultaneously in the route-caching of self; If a routing inquiry message has obtained a plurality of route reply messages, then from these many reachable paths, select an optimal path to send datagram according to the route selection algorithm of setting.But this reaction equation routing algorithm can bring a lot of safety problems.Following brief description it.
The prior art document is found by retrieval, Yi Ping, Zhong Yiping ﹠amp; Zhang Shiyong is published in the paper " Flooding attack and defence in Ad hoc networks " (extensive aggression and strick precaution in the Ad hoc network) in " Journal of Computer Research and Development " (system engineering and electronic technology " English edition "), proposes a kind of attack to wireless self-organization network execution highly significant: Adhoc Flooding Attack (AHFA).This attack is to utilize reaction equation routing algorithm leak, can make at short notice that large-scale network service paralyses.The summary of the principle of this attack is: utilize each node in the reaction equation routing algorithm all will transmit the characteristic of routing inquiry message, attack the routing inquiry message that node is forged with higher frequency broadcasting, this routing inquiry message is repeatedly duplicated, transmits by neighbor node on every side again and diffusion rapidly in wireless network, thereby the large-scale wireless network of very fast injection causes network congestion even paralysis.
In order to prevent the extensive aggression of routing inquiry, the mechanism of taking precautions against of the detection of adopting at present is the speed that node produces the routing inquiry message around the statistics, pipes off producing the too fast node of query message speed.But the detection effect of this detection method will depend on the detection threshold of setting: the speed that produces query message at arbitrary period is higher than the node of set point and all thinks malicious node.The problem of this moment is: if the threshold value that is provided with is too high, may make the lower attack node of the frequency that floods become fish that has escape the net; Yet if the threshold value that is provided with is low excessively, will cause normal node is to attack node because produce more routing inquiry message and be mistaken as accidentally in certain short time period probably also.Just, detecting accuracy and rate of false alarm becomes one group of inverse relation, all depends on the detection threshold size of setting.This detection threshold how to set the key that just becomes said method.
Summary of the invention
In view of this, the objective of the invention is at above-mentioned the deficiencies in the prior art, a kind of detection method of wireless self-organizing network route query message extensive aggression is provided, this method makes network node when detecting and add up the generation speed of routing inquiry message, only add up the routing inquiry message that extensive aggression is forged, and normal routing inquiry message is ignored, the characteristic of the routing inquiry message of forging at the extensive aggression node just, to attack node separates, thereby widen the distance between correct verification and measurement ratio and the rate of false alarm, improve correct verification and measurement ratio and reduce rate of false alarm, prevent extensive aggression preferably.
In order to reach the foregoing invention purpose, the invention provides a kind of detection method of wireless self-organizing network route query message extensive aggression, it is characterized in that, comprise following operating procedure:
(1) in the wireless self-organization network that uses the reaction equation Routing Protocol, the routing inquiry message of its node generation is on every side monitored and added up to each node, and adopt and intercept the way whether each routing inquiry message has route answer message, judge that this routing inquiry message is normal query message or the query message of forging;
(2) every setting-up time, each node is checked the routing inquiry counting messages record of oneself, meet or exceed setting threshold if find the routing inquiry message amount of the forgery that certain node around it produces in this setting-up time, think that promptly this node is the attack node, and blacklist it;
(3) each node it is received, be derived from the routing inquiry message that node sent in its blacklist, directly abandon and no longer transmit.
Described reaction equation Routing Protocol is dynamic source routing protocol DSR (Dynamic Source Routing); In dynamic source routing protocol, when can not find the route of destination node, source node broadcasting routing inquiry message RREQ (Route Requests), the RREQ that each node receives non-node of destination node will transmit, when having only destination node to receive this RREQ message, return route reply message RREP (Route Replies); Source node, just sends datagram after obtaining route receiving the RREP message.
Described source node is the node that produces the routing inquiry message, and described destination node is the terminal node that the routing inquiry message will be sought.
Described each node monitoring and add up that node produces around it routing inquiry message is meant that each node all will be monitored, sequence number, the IP address of source node, the IP address of destination node and the generation time of message of statistics and the stored record routing inquiry message that node produces around it.
Describedly intercept the monitoring under promiscuous mode of network element node, statistics and the stored record that are meant in the wireless network and be arranged in the communicating by letter or the various messages of transmission of all nodes that this node of network is intercepted scope, comprise not being to be transmitted to this node the message that is destination node.
Whether the described routing inquiry message of intercepting has the judgement way of route answer message to be: node is for each routing inquiry message of its stored record, all to answer message, and return and judge whether this routing inquiry message is normal message by whether there being corresponding route to answer message in the route that setting-up time receive this routing inquiry message; It is that source node is given in loopback that described route is answered message, send and/or received power by regulating, be not less than in the scope of intercepting on the basis of transmission range twice, no matter route is answered message from where, and the neighbor node of source node can both listen to the route of each routing inquiry message that source node should receive and answer message.
Described normal routing inquiry message is meant that the destination node of this message is the node that exists really in the network, after after a while, source node can receive the route answer message that its destination node is replied certainly, and this route answer message also can be listened to by the neighbor node of source node; The routing inquiry message of described forgery is meant what this routing inquiry message was forged by source node; For the query message that makes extensive aggression many as far as possible, the destination node of forging the routing inquiry message is non-existent node in the network normally, so just make that forging the routing inquiry message is farthest transmitted, and then its routing inquiry occurs and can not get answering, the neighbor node of its source node can not listen to the situation that route is answered message.
Described each node is checked the routing inquiry counting messages record of oneself, be meant that each node checks the generation speed of routing inquiry message of the forgery of the neighbor node around it: if generation speed is slower, think that then destination node is temporarily unreachable, or source node is handled once in a while wrong; If generation speed is very fast, then think the routing inquiry message that malicious attack nodes is forged in the production that floods.
Described blacklist is to be the record register of the malicious attack nodes of sign with what detect with the IP address.
Compared with prior art, the inventive method has following beneficial effect:
The present invention is based on the detection method of the extensive aggression of intercepting the route reply message, be that node produces routing inquiry message speed around calculating, and according to the characteristics of the routing inquiry message of forging, not that all routing inquiry messages are all detected and add up, just detect and add up the routing inquiry message that those do not return the route reply message, make like this and detect and the more targeted and convenience of statistics; And, return the route reply message accordingly in case listen to, just the source node of the pairing routing inquiry message of this route reply message is deleted it from the source node tabulation of the routing inquiry message of the dont answer of original stored record.
Because another basis for estimation of the present invention is: the node that produces the routing inquiry message of many unusually forgeries is malicious attack nodes certainly.Therefore, when detecting and add up, surpass the source node of routing inquiry message that setting-up time also do not return the route reply message just as the source node of the routing inquiry message of forging, be stored in the source node tabulation of the routing inquiry message that is recorded in corresponding forgery.Yet, if in the unit interval section of setting, the quantity of the routing inquiry message of the forgery that this source node produces seldom, or be lower than setting threshold, then think due to network failure or other the improper reason, thereby this source node is deleted it from the source node tabulation of the routing inquiry message of forgery.Opposite, if in the unit interval section of setting, the quantity of the routing inquiry message of the forgery that this source node produces is a lot, promptly be greater than or equal to setting threshold, thinking that then this source node is exactly the source-attack node that floods, is the record register of the malicious attack nodes of sign so just this source node is listed in the IP address: blacklist.After, that each node receives it, as to be derived from its blacklist routing inquiry message that node sent all directly abandons and no longer forwarding.Like this, just can greatly improve network transmission performance, make the verification and measurement ratio of routing inquiry extensive aggression and rate of false alarm all be significantly improved.In a word, the present invention can detect the extensive aggression of routing inquiry well in wireless self-organization network, have popularizing application prospect.
Description of drawings
Fig. 1 is the proper communication transmission range of Wireless Telecom Equipment and the comparison schematic diagram of intercepting scope thereof.
Fig. 2 is the method flow block diagram that the present invention detects routing inquiry message extensive aggression node.
Fig. 3 is the structural representation of the routing inquiry message tabulation of dont answer among the present invention.
Fig. 4 is the structural representation of the routing inquiry counting messages table forged among the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and Examples.
Referring to Fig. 1~Fig. 4, introduce the detection method of wireless self-organizing network route query message extensive aggression of the present invention, this method comprises following operating procedure:
Step 1, in the wireless self-organization network that uses the reaction equation Routing Protocol, the routing inquiry message (referring to shown in Figure 1) of its node generation is on every side monitored and added up to each node, and intercept each routing inquiry message and whether have route to answer message: when a routing inquiry source node (among Fig. 1, represent with Magen David) produce a routing inquiry message and with after its broadcasting, each neighbor node around it (is the hop node on the route, represent with triangle among Fig. 1, and represent communication range with the solid line circle) just this routing inquiry message accounting is arrived in separately " tabulation of dont answer routing inquiry message "; And unlatching mixes listen mode, wait for return (the with dashed lines circle represents that one of them has the scope of intercepting of the triangular nodes of stain among Fig. 1, and as seen from Figure 1: the radius of intercepting scope is not less than the twice of the radius of communication range usually) of the pairing route answer of this routing inquiry message message.Return if there is route to answer message, think that then its corresponding routing inquiry message is a normal message, just from " tabulation of dont answer routing inquiry message ", leave out this message, be about to this source node of deletion from stored record; Do not answer message if return route, think that then it is the routing inquiry message of forging.
Embodiments of the invention adopt Routing Protocol be dynamic source routing protocol DSR (The dynamicsource routing protocol), practical application is not limited to this agreement.
In the DSR Routing Protocol, when each node runs into unknown node or route disappearance, all can broadcast routing inquiry (RREQ) message, and wait for returning of route answer (RREP) message.Record in the RREQ message: the IP address of the sequence number of routing inquiry message, source node, the IP address of destination node and the generation time of message.When a node is received a RREQ message, and find (this node is RREQ) when oneself being a hop node of this message routing, then with sequence number, source node IP address, the destination node IP address of this RREQ message and receive that the time of this RREQ message all records in " the routing inquiry message tabulation of dont answer " (referring to shown in Figure 3) of self maintained, and the opening timing device, wait for returning of RREP message that the IP address of test serial number, source node and destination node is all identical.
Whenever certain node listens to route in the network when answering message (RREP), just should scan its " routing inquiry message tabulation of dont answer ", the routing inquiry message entry deletion of correspondence is got final product.
The effect that finds the RREQ message of forgery in this way is very significant.Because for normal node, the most situations of its RREQ that sends all can be returned RREP.Yet for attacking the RREQ that node is forged, many as much as possible and propagate far as best one can in order to make this RREQ be replicated the number of times of forwarding, its destination node generally all is a non-existent node in the network.Therefore, can not return RREP in most cases.Utilize this specific character of the extensive aggression of routing inquiry message, can make a distinction the routing inquiry message of normal routing inquiry message and forgery easily effectively, thereby improve verification and measurement ratio, reduction rate of false alarm.In general, the RREP that no matter returns from which direction can be listened to by the neighbor node around it.Because it is littler than the signal strength threshold that receives message to intercept the signal strength threshold of message, so, exponential decay model according to signal strength signal intensity, the radius of intercepting scope generally is the twice above (as shown in Figure 1) of proper communication distance, so just make all nodes in each node communication scope all can drop on intercepting in the scope of neighbor node around it, thereby guarantee all can be listened to from the RREP that where returns.Even have part RREP to become " fish that has escape the net ", also can not influence above-mentioned judgment mechanism.If be mistaken as the negligible amounts of the RREQ that is forgery because do not listen to the RREP that returns in the unit interval, also be not enough to allow detection method of the present invention think that this node is to attack node.
Of the present inventionly intercept the monitoring under promiscuous mode of each node, statistics and the stored record that are meant in the wireless network and be arranged in the communicating by letter or the various messages of transmission of all nodes that this node of network is intercepted scope, comprise not being to be transmitted to this node the message that is destination node.
Step 2, detect based on the threshold value of intercepting route answer message: every setting-up time, each node scans, checks oneself " the routing inquiry message tabulation of dont answer ", seek overtime routing inquiry message of not replying, and it is counted in " the routing inquiry counting messages table of forgery " (referring to shown in Figure 4).If have a node to exceed a setting threshold, then this node transferred in the blacklist at the routing inquiry message number of this section forgery of accumulative total in the time.Above-mentioned testing process of the present invention as shown in Figure 2.
The setting-up time of this step is the response time of detection method of the present invention at interval.If the interval of setting-up time is shorter, can increase the weight of each node, be the operand of wireless device, influence the processing and the forwarding speed of data message.But the interval of setting-up time is long, can cause detection method to lose efficacy.Concrete setting-up time length is at interval wanted view network equipment performance and network condition and is decided.
The overtime of this step is to preestablish a time, and the RREQ message that also do not return RREP in thinking during this period of time is forgery.If default overtime duration is too short, then rate of false alarm is higher, and default overtime duration is long, and then the response of detection method also prolongs (because of determining that the time whether a RREQ forges is elongated) thereupon.Therefore, how to determine that overtime duration also wants view network situation and decide; Normally do some earlier and test to determine that average RREQ inquiry will be waited for how long just can receive corresponding RREP.
In every time interval through setting, each node begins scanning.With " the routing inquiry counting messages table of forgery " all zero clearings (only adding up the setting-up time routing inquiry message amount of interior forgery at interval), then, check each the dont answer query message in " the routing inquiry message tabulation of dont answer " earlier.And the time of receiving this routing inquiry message of comparing record in current time and this table, if the difference of time is greater than time-out time, think that then this routing inquiry message is the routing inquiry message of forging, from " the routing inquiry message tabulation of dont answer ", delete this, simultaneously in " the routing inquiry counting messages table of forgery ", allow " the routing inquiry message number of the forgery that produces in the assay intervals time " in the respective items (referring to Fig. 4) of this query source node to add 1.After scanning one time, reexamine " the routing inquiry counting messages table of forgery ", the routing inquiry message amount of seeking the forgery of unit interval generation surpasses the source node of threshold value.If can find, then it is deleted from " the routing inquiry counting messages table of forgery " and pipe off; For the source node item that does not surpass threshold value, then zero clearing when scanning next time.
Step 3, that each node receives it, be derived from the routing inquiry message that node sent in its blacklist, directly abandon and no longer transmit.
The present invention adopts the blacklist maintenance mechanism, prevents to report by mistake, blacklist is attacked or malicious node becomes the situation of normal node.
The inventive method has carried out implementing test, and the result of test is successful, has realized goal of the invention.The above only is the introduction of the inventive method and preferred embodiment thereof, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (9)
1. the detection method of a wireless self-organizing network route query message extensive aggression is characterized in that, comprises following operating procedure:
(1) in the wireless self-organization network that uses the reaction equation Routing Protocol, the routing inquiry message of its node generation is on every side monitored and added up to each node, and adopt and intercept the way whether each routing inquiry message has route answer message, judge that this routing inquiry message is normal query message or the query message of forging;
(2) every setting-up time, each node is checked the routing inquiry counting messages record of oneself, meet or exceed setting threshold if find the routing inquiry message amount of the forgery that certain node around it produces in this setting-up time, think that promptly this node is the attack node, and blacklist it;
(3) each node it is received, be derived from the routing inquiry message that node sent in its blacklist, directly abandon and no longer transmit.
2. method according to claim 1 is characterized in that: described reaction equation Routing Protocol is dynamic source routing protocol DSR; In dynamic source routing protocol, when can not find the route of destination node, source node broadcasting routing inquiry message RREQ, the RREQ that each node receives non-node of destination node will transmit, when having only destination node to receive this RREQ message, return route reply message RREP; Source node, just sends datagram after obtaining route receiving the RREP message.
3. method according to claim 1 is characterized in that: described source node is the node that produces the routing inquiry message, and described destination node is the terminal node that the routing inquiry message will be sought.
4. method according to claim 1 is characterized in that: described each node monitoring and add up that node produces around it routing inquiry message is meant that each node all will be monitored, sequence number, the IP address of source node, the IP address of destination node and the generation time of message of statistics and the stored record routing inquiry message that node produces around it.
5. method according to claim 1, it is characterized in that: describedly intercept the monitoring under promiscuous mode of network element node, statistics and the stored record that are meant in the wireless network and be arranged in the communicating by letter or the various messages of transmission of all nodes that this node of network is intercepted scope, comprise not being to be transmitted to this node the message that is destination node.
6. method according to claim 1, it is characterized in that: whether the described routing inquiry message of intercepting has the judgement way of route answer message to be: node is for each routing inquiry message of its stored record, all to answer message, and return and judge whether this routing inquiry message is normal message by whether there being corresponding route to answer message in the route that setting-up time receive this routing inquiry message; It is that source node is given in loopback that described route is answered message, send and/or received power by regulating, be not less than in the scope of intercepting on the basis of transmission range twice, no matter route is answered message from where, and the neighbor node of source node can both listen to the route of each routing inquiry message that source node should receive and answer message.
7. according to the described method of claim 1, it is characterized in that: described normal routing inquiry message is meant that the destination node of this message is the node that exists really in the network, after after a while, source node can receive the route answer message that its destination node is replied certainly, and this route answer message also can be listened to by the neighbor node of source node; The routing inquiry message of described forgery is meant what this routing inquiry message was forged by source node; For the query message that makes extensive aggression many as far as possible, the destination node of forging the routing inquiry message is non-existent node in the network normally, so just make that forging the routing inquiry message is farthest transmitted, and then its routing inquiry occurs and can not get answering, the neighbor node of its source node can not listen to the situation that route is answered message.
8. method according to claim 1, it is characterized in that: described each node is checked the routing inquiry counting messages record of oneself, be meant that each node checks the generation speed of routing inquiry message of the forgery of the neighbor node around it: if generation speed is slower, think that then destination node is temporarily unreachable, or source node is handled once in a while wrong; If generation speed is very fast, then think the routing inquiry message that malicious attack nodes is forged in the production that floods.
9. method according to claim 1 is characterized in that: described blacklist is to be the record register of the malicious attack nodes of sign with what detect with the IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102508602A CN101917733B (en) | 2010-08-06 | 2010-08-06 | Method for detecting flooding attack by wireless self-organizing network route query |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102508602A CN101917733B (en) | 2010-08-06 | 2010-08-06 | Method for detecting flooding attack by wireless self-organizing network route query |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101917733A true CN101917733A (en) | 2010-12-15 |
| CN101917733B CN101917733B (en) | 2012-11-21 |
Family
ID=43325092
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102508602A Expired - Fee Related CN101917733B (en) | 2010-08-06 | 2010-08-06 | Method for detecting flooding attack by wireless self-organizing network route query |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101917733B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685736A (en) * | 2012-05-22 | 2012-09-19 | 上海交通大学 | Adaptive attack detection method of wireless network |
| CN103297957A (en) * | 2013-05-13 | 2013-09-11 | 西安电子科技大学 | Defending method of wireless ad hoc network routing inquiry flooding attacks |
| CN103458478A (en) * | 2013-09-03 | 2013-12-18 | 清华大学 | Source hiding method and system based on dynamic forged sources |
| CN104184746A (en) * | 2014-09-12 | 2014-12-03 | 网神信息技术(北京)股份有限公司 | Method and device for processing data through gateway |
| CN104270229A (en) * | 2014-09-12 | 2015-01-07 | 汉柏科技有限公司 | Method and device for preventing continuous oscillation of load balancing link |
| CN104378369A (en) * | 2014-11-11 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | Wireless flooding attack prevention method |
| CN109587288A (en) * | 2018-12-29 | 2019-04-05 | 成都西加云杉科技有限公司 | A kind of mailing address requesting method, terminal and Wireless Fidelity controller |
| CN110365667A (en) * | 2019-07-03 | 2019-10-22 | 杭州迪普科技股份有限公司 | Attack message means of defence, device, electronic equipment |
| CN112887213A (en) * | 2019-11-29 | 2021-06-01 | 北京百度网讯科技有限公司 | Message cleaning method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267313A (en) * | 2008-04-23 | 2008-09-17 | 华为技术有限公司 | Flooding attack detection method and detection device |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| WO2009105913A1 (en) * | 2008-02-26 | 2009-09-03 | Lucent Technologies Inc. | Method for preventing attack of message flood and network element |
-
2010
- 2010-08-06 CN CN2010102508602A patent/CN101917733B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009105913A1 (en) * | 2008-02-26 | 2009-09-03 | Lucent Technologies Inc. | Method for preventing attack of message flood and network element |
| CN101267313A (en) * | 2008-04-23 | 2008-09-17 | 华为技术有限公司 | Flooding attack detection method and detection device |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685736A (en) * | 2012-05-22 | 2012-09-19 | 上海交通大学 | Adaptive attack detection method of wireless network |
| CN103297957B (en) * | 2013-05-13 | 2015-11-25 | 西安电子科技大学 | The defence method of wireless self-networking routing inquiry extensive aggression |
| CN103297957A (en) * | 2013-05-13 | 2013-09-11 | 西安电子科技大学 | Defending method of wireless ad hoc network routing inquiry flooding attacks |
| CN103458478A (en) * | 2013-09-03 | 2013-12-18 | 清华大学 | Source hiding method and system based on dynamic forged sources |
| CN103458478B (en) * | 2013-09-03 | 2016-03-23 | 清华大学 | Based on source hiding method and the system in dynamic forgery source |
| CN104184746A (en) * | 2014-09-12 | 2014-12-03 | 网神信息技术(北京)股份有限公司 | Method and device for processing data through gateway |
| CN104270229A (en) * | 2014-09-12 | 2015-01-07 | 汉柏科技有限公司 | Method and device for preventing continuous oscillation of load balancing link |
| CN104184746B (en) * | 2014-09-12 | 2019-12-31 | 网神信息技术(北京)股份有限公司 | Method and device for processing data by gateway |
| CN104378369A (en) * | 2014-11-11 | 2015-02-25 | 上海斐讯数据通信技术有限公司 | Wireless flooding attack prevention method |
| CN109587288A (en) * | 2018-12-29 | 2019-04-05 | 成都西加云杉科技有限公司 | A kind of mailing address requesting method, terminal and Wireless Fidelity controller |
| CN110365667A (en) * | 2019-07-03 | 2019-10-22 | 杭州迪普科技股份有限公司 | Attack message means of defence, device, electronic equipment |
| CN112887213A (en) * | 2019-11-29 | 2021-06-01 | 北京百度网讯科技有限公司 | Message cleaning method and device |
| CN112887213B (en) * | 2019-11-29 | 2023-04-18 | 北京百度网讯科技有限公司 | Message cleaning method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101917733B (en) | 2012-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101917733B (en) | Method for detecting flooding attack by wireless self-organizing network route query | |
| Ahmed et al. | Mitigation of black hole attacks in routing protocol for low power and lossy networks | |
| Stetsko et al. | Neighbor-based intrusion detection for wireless sensor networks | |
| Le et al. | Specification-based IDS for securing RPL from topology attacks | |
| Ukey et al. | Detection of packet dropping attack using improved acknowledgement based scheme in MANET | |
| Coppolino et al. | An intrusion detection system for critical information infrastructures using wireless sensor network technologies | |
| Yu et al. | A distributed and cooperative black hole node detection and elimination mechanism for ad hoc networks | |
| Labraoui et al. | Secure DV‐Hop localization scheme against wormhole attacks in wireless sensor networks | |
| Rassam et al. | A sinkhole attack detection scheme in mintroute wireless sensor networks | |
| CN109756515B (en) | Black hole attack detection and tracking method based on suspicion degree accumulation | |
| Gurung et al. | A review of black-hole attack mitigation techniques and its drawbacks in mobile ad-hoc network | |
| Sokullu et al. | An investigation on IEEE 802.15. 4 MAC layer attacks | |
| Wagh et al. | Elimination of internal attacksfor PUMA in MANET | |
| CN101895889A (en) | Method for detecting black hole attack in wireless ad hoc network | |
| Radosavac et al. | Cross-layer attacks in wireless ad hoc networks | |
| CN108900517A (en) | A kind of Security routing defence method based on HWMP agreement | |
| Bharti et al. | Performance Analysis of Wireless Sensor Networks under adverse scenario of attack | |
| Kim et al. | CADE: Cumulative acknowledgement based detection of selective forwarding attacks in wireless sensor networks | |
| Bansal et al. | Distributed cross layer approach for detecting multilayer attacks in wireless multi-hop networks | |
| Sidhu et al. | A comprehensive study of routing layer intrusions in zigbee based wireless sensor networks | |
| Labraoui et al. | Secure range-free localization scheme in wireless sensor networks | |
| Regassa et al. | Efficient Attacker Node (s) Detection and Isolation Schemes in MANETs OLSR Protocol | |
| CN112929882A (en) | Method for identifying Sybil nodes and overlapped nodes | |
| Chan et al. | Tcbwd: Topological comparison-based byzantine wormhole detection for manet | |
| Baburajan et al. | A review paper on watchdog mechanism in wireless sensor network to eliminate false malicious node detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121121 Termination date: 20160806 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |