CN102006586A - Wireless Mesh network intrusion detection system and detection method thereof - Google Patents
Wireless Mesh network intrusion detection system and detection method thereof Download PDFInfo
- Publication number
- CN102006586A CN102006586A CN2010105646708A CN201010564670A CN102006586A CN 102006586 A CN102006586 A CN 102006586A CN 2010105646708 A CN2010105646708 A CN 2010105646708A CN 201010564670 A CN201010564670 A CN 201010564670A CN 102006586 A CN102006586 A CN 102006586A
- Authority
- CN
- China
- Prior art keywords
- node
- detection
- state machine
- network
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a wireless Mesh network intrusion detection system and a detection method thereof in the technical field of network safety. The system comprises a data acquisition module, a detection recording module, a node dummy management module, a characteristic detection module and a response module. The detection method comprises the following steps of: forming a finite-state machine according to a routing protocol of a wireless Mesh network; deploying the intrusion detection system and determining a node which performs intrusion detection; starting state machine-based intrusion detection; and establishing an anomaly-misuse detection mapping table to realize the intrusion detection. A routing protocol state machine can be adequately applied to the intrusion detection by establishing a node dummy so as to provide a detection basis for the detection of a detection node; the problem of inaccurate intrusion detection in the wireless Mesh network is solved by adopting an intrusion detection system deployment strategy; and the resource consumption of the network by the overall intrusion detection can be reduced by starting the timing selection of the detection system.
Description
Technical field
What the present invention relates to is the device and method in a kind of network security technology field, specifically is a kind of wireless Mesh netword intruding detection system and detection method thereof.
Background technology
(Wireless Mesh Network WMN), is the network of a dynamic self-organization to wireless Mesh netword.Node in the network is set up automatically and is kept and other internodal connections.These characteristics have brought many characteristics for the WMN network, such as lower preceding current cost, robustness and reliable service coverage.Yet, wireless Mesh netword because of the routing algorithm of its open wireless channel, cooperation, lack characteristics such as centralized monitor and cause its risk that is subjected to network intrusions and chance sharply to increase, the very important and urgent problem that the invador is the wireless Mesh netword security fields is found and is removed in the design safety measure.Yet want to avoid fully network under attack and unrealistic, therefore will find intrusion behavior, so that the network of taking suitable measure reparation to be invaded by intruding detection system.
Traditional intrusion detection method depends on known abnormal behaviour mode, and detects according to the affair character that monitors.If it is known that assailant's behavior is a detection system, so this method has higher detection rate and lower false alarm rate.But along with the variation of attacking kind, a lot of new attack behaviors can not detect for this system.
Find through literature search prior art, easy equality (easily flat, Wu Yue, Liu Ning etc., Intrusion Detection Technique based on finite state machine, invasion detection method of radio self-organization network, China, patent of invention, 200810041454,2009.1.7) a kind of wireless self-organization network intruding detection system based on finite state machine has been proposed.The inventor has designed the intrusion detection algorithm that a kind of listening state with the tester is defined as finite state machine.Detection node shifts according to the listening state that the message of the detected node that it listened to carries out self, if detection node is transferred to abnormality in the snoop procedure, suspects that then this moment, detected node was the suspicion malicious node, and produces corresponding alarm.This detection method can be found the unknown attack mode, but because the Routing Protocol description is the behavior of detected node, therefore in this invention, the Routing Protocol of describing the detected node lawful acts must be translated to the finite state machine of describing tester's listening state, to unavoidably produce distortion, the effect that influence detects.
Summary of the invention
The present invention is directed to the prior art above shortcomings, a kind of wireless Mesh netword intruding detection system and detection method thereof are provided, make Routing Protocol state function apply to suitably in the intrusion detection by setting up the node dummy, provide the detection foundation for detection node detects; By taking the intruding detection system deployment strategy, solve owing to the inaccurate problem of intrusion detection in the Wireless Mesh networking; By the selection on opportunity of open detection system, can reduce the resource consumption of whole intrusion detection to network.
The present invention is achieved by the following technical solutions:
The present invention relates to a kind of wireless Mesh netword intruding detection system, comprise: data collection module, the detection record module, node dummy administration module, feature detection module and respond module, wherein: data collection module is with the transmitting-receiving message of detection node and monitor the message ghost and export node dummy administration module to, the affiliated area detection case of detection record module records detection node record and by safeguarding that detection record discerns detection node and can reduce detection range according to strategy, node dummy administration module produces the state transitions incident and exports the feature detection module to, respond module is connected with the feature detection module and starts when receiving the warning information that the feature detection module sends and detecting malicious node in network, the detection record module is connected with data collection module and receives the information of the detection node that data collection module sends, described node dummy is meant: be used for the intrusion detection needs and the virtual network node created out, be used for judging whether detected node has abnormal behaviour at network.
Described node dummy administration module comprises: resource ASM, incident generate submodule, state machine management submodule and abnormality processing submodule, wherein: transmitting-receiving message copy and the monitoring message copy and the analog node dummy resource operating position of the detection node that resource ASM reception data collection module sends, state machine management submodule receives the state transitions incident that the incident generation module sends, the abnormality alarming signal that abnormality processing submodule accepting state machine management submodule sends.
The mode that described resource ASM adopts finite state machine is to analog node dummy's behavior modeling and simulate the resource operating position and abnormal behaviour is detected; This finite state machine is made up of a group node and one group of corresponding transfer function a directed graph.
The present invention relates to the detection method of said system, comprise the steps:
Described distributed collaborative intrusion detection is meant: IDS Agent runs in the network on each node, carries out local data separately and collects and intrusion detection, in case find abnormal behaviour is arranged then the intrusion detection and the response that trigger whole network.
Described intrusion detection framework based on mobile Agent is meant: choose monitoring, data collection and the intrusion detection of detection agency to realize taking timesharing, fixed point to detect of resident monitoring network on the individual nodes in network.
A) Traffic Anomaly open detection Network Based: be deployed with the monitor node of monitoring in real time for the networking flow in the current network, when network traffics take place by unusual rise sharply or during rapid drawdown, think and abnormality to occur, opening machine intruding detection system in this zone in the network;
B) for the detection node of state machine intruding detection system for the node that had detected after a period of time in do not detected, the node in the state machine intruding detection system need be safeguarded a node detection record sheet;
C) other detection node find that the broadcasting that certain node sends unusually also will trigger the state machine intrusion detection that other nodes are correlated with in the network.
Compared with prior art, the present invention has following beneficial effect:
1, by setting up the node dummy in the detection node, the node dummy loads the framework of Routing Protocol state machine, thereby makes Routing Protocol state function apply to suitably in the intrusion detection, provides the detection foundation for detection node detects;
2, by taking the intruding detection system deployment strategy, can make detection node in the normal network message of processing self, Maintenance Point dummy and detected node are synchronous, solve because the characteristics that exist in the Wireless Mesh networking the inaccurate problem of intrusion detection that (such as hidden terminal, node motion, and the message processing capability of detection node self and operational capability are limited etc.) causes.
3, by the selection on opportunity of open detection system, can reduce the resource consumption of whole intrusion detection to network.
4, using the finite state machine testing to detect with misuse matches, only can solve and to adopt the misuse intrusion detection to threaten the shortcoming that realizes complete detection and early warning, also can solve the shortcoming of the attack algorithm that abnormality detection such as only adopting the finite state machine testing can't accurately judge detected node and adopted the various attack that network faced.
Description of drawings
Fig. 1 is a structural representation of the present invention.
Fig. 2 is the node finite state machine figure that sends datagram.
Fig. 3 is node processing RREQ finite state machine figure.
Fig. 4 is that node is transmitted RREP finite state machine figure.
Fig. 5 is node for data forwarding message finite state machine figure.
Fig. 6 is that node is transmitted RERR message finite state machine figure.
Fig. 7 is that black hole attack is violated forwarding data message state transition diagram.
Embodiment
Below embodiments of the invention are elaborated, present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
As shown in Figure 1, present embodiment comprises: comprising: data collection module, the detection record module, node dummy administration module, feature detection module and respond module, wherein: data collection module is with the transmitting-receiving message of detection node and monitor the message ghost and export node dummy administration module to, the affiliated area detection case of detection record module records detection node record and by safeguarding that detection record discerns detection node and can reduce detection range according to strategy, node dummy administration module produces the state transitions incident and exports the feature detection module to, respond module is connected with the feature detection module and starts when receiving the warning information that the feature detection module sends and detecting malicious node in network, the detection record module is connected with data collection module and receives the information of the detection node that data collection module sends, described node dummy is meant: be used for the intrusion detection needs and the virtual network node created out, be used for judging whether detected node has abnormal behaviour at network.
Described node dummy administration module comprises: resource ASM, incident generate submodule, state machine management submodule and abnormality processing submodule, wherein: transmitting-receiving message copy and the monitoring message copy and the analog node dummy resource operating position of the detection node that resource ASM reception data collection module sends, state machine management submodule receives the state transitions incident that the incident generation module sends, the abnormality alarming signal that abnormality processing submodule accepting state machine management submodule sends.
The mode that described resource ASM adopts finite state machine is to analog node dummy's behavior modeling and simulate the resource operating position and abnormal behaviour is detected; This finite state machine is made up of a group node and one group of corresponding transfer function a directed graph.
Said system realizes intrusion detection by following steps:
Routing Protocol in the present embodiment uses DSR (The dynamic source routing protocol, dynamic source routing protocol), attacks and uses black hole attack, and practical application is not limited thereto.
Transmission for data message, press DSR route standard and form finite state machine, as shown in Figure 2, initial state sends datagram for the upper strata demand, querying node self routing table, then enter " source routing is arranged " state if inquire the source routing that arrives destination node, if no respective sources route then enters " no source routing " state.
When node enters under " no source routing " state, initiation is closed on RREQ route requests message, in the DSR route, when node sent RREQ for the first time, will produce a ttl value was 1, the RREQ message that indiffusion is only sought in a hop node.Node is transferred to " waiting for RREP " state.
When node enters " waiting for RREP " state, after receiving first RREP routing reply message, transfer to " source routing is arranged " state; In addition, in the DSR agreement in order to prevent the RREQ storm, be that source node is initiated too much route requests in order to search out destination node, designed the RREQ transmission rate upper limit according to the exponential back algorithm, when node is in " waiting for RREP " state above behind the current time-out time, transfer to " RREQ is initialization " state, and the time-out time index is risen.
After node enters " RREQ is initialization " state, will produce the RREQ route requests message of diffusion, transfer in " waiting for RREP " state.
After node enters " source routing is arranged " state, will send first data message to destination node, and transfer under " transfer of data " state; In addition, because the route requests message transmits at the whole network by the form of broadcasting, so source node may be received a plurality of RREP routing reply messages, DSR agreement regulation source node will adopt the RREP source routing of receiving at first, so state of living in was constant after source node was received follow-up RREP message.
After node enters " transfer of data " state, can receive follow-up RREP message equally, current state is constant; In addition, node can send the data message that adopts source routing according to current, until DTD; Receive the routing error message of route intermediate node transmission when source node after, will turn back to " no source routing " state.
For receiving route requests message (RREQ), press DSR route standard and form finite state machine, as shown in Figure 3, after receiving RREQ, node gets the hang of 1.State 1 time, node updates self routing table gets the hang of 2.State 2 times,, get the hang of 3 if node is a destination node; If node is not a destination node, get the hang of 4.State 3 times, the route among the former RREQ is advanced counter-rotating, obtain the counter-rotating route, get the hang of 5.In state 4 times, querying node routing table, if there is the route that arrives destination node, the afterbody that relevant routing iinformation is appended to the message source route gets the hang of 3; If do not exist, will self add the afterbody of RREQ source routing to, get the hang of 6.Node produces RREP routing reply message state 5 times according to the counter-rotating route, gets the hang of 7.In state 6 times, the ttl value of node updates RREQ, if ttl is not 0, then node with added in the source routing self RREQ transmit, get the hang of 8; Otherwise RREQ is abandoned, enter state of termination.State 7 times, node will be waited for a delay time.The DSR agreement is replied the storm defining node time answer RREP that will delay time in order to prevent RREP, delay time d=H* (h-1+r), wherein H is a fixing time-delay constant, and h is current complete by the jumping figure of source node to destination node, and r is a time-delay factor at random; After wait finished, node got the hang of 8.Node sends to the RREP that produces in the network when the state 8 of being in, and gets the hang of 9.State 9 times, if node is received new RREQ, then think the RREQ of repetition, abandon and do not transmit.
For receiving route reply message (RREP), press DSR route standard and form finite state machine, as shown in Figure 4, after receiving RREP, node gets the hang of 1.State 1 time, node updates self routing table gets the hang of 2.State 2 times, node is transmitted the RREP message, enters state of termination.
For receiving data packets, press DSR route standard and form finite state machine, as shown in Figure 5, receive data message when node, get the hang of 1.When node at state 1, upgrade message ttl, get the hang of 2.When node gets the hang of 2, be 0 as if the ttl value, dropping packets enters state of termination; If link layer makes a mistake, get the hang of 3; If above-mentioned 2 conditions do not satisfy, E-Packet, enter state of termination.When node is positioned at state 3, if the contained route_error number of current message has surpassed the upper limit, then dropping packets enters state of termination; Otherwise produce the RERR message according to the source data message information, get the hang of 4.Node sends the RERR message at state 4, gets the hang of 5.Node got the hang of 5 o'clock, will rescue message, entered state of termination.
For receiving routing error message (RERR), press DSR route standard and form finite state machine, as shown in Figure 6, node receives that RERR gets the hang of 1.Node upgrades routing table in state 1, the downright bad route of will being correlated with is left out, and gets the hang of 2.Node is transmitted RERR in state 2, enter state of termination.
In the wireless Mesh netword that uses the DSR Routing Protocol, having a kind of black hole attack is to attack at the node for data forwarding message.Black hole attack is that a kind of passive hidden is attacked in wireless network, and the data message that self is received all abandons, thereby destroys the normal data transfer in the network.The state transition diagram of comparison DSR agreement, black hole attack will be transferred in the abnormality, in transmitting the data message state transitions as shown in Figure 7.Be specially, state 2 times, and ttl value is not under 0 the situation, dropping packets.Therefore will transfer in the abnormality.The Last status of the unusual transfer of its correspondence is a state 2, and incident is a dropping packets.
Table 1 is unusual-and misuse detects mapping table
Claims (10)
1. wireless Mesh netword intruding detection system, it is characterized in that, comprise: data collection module, the detection record module, node dummy administration module, feature detection module and respond module, wherein: data collection module is with the transmitting-receiving message of detection node and monitor the message ghost and export node dummy administration module to, the affiliated area detection case of detection record module records detection node record and by safeguarding that detection record discerns detection node and can reduce detection range according to strategy, node dummy administration module produces the state transitions incident and exports the feature detection module to, respond module is connected with the feature detection module and starts when receiving the warning information that the feature detection module sends and detecting malicious node in network, the detection record module is connected with data collection module and receives the information of the detection node that data collection module sends, described node dummy is meant: be used for the intrusion detection needs and the virtual network node created out, be used for judging whether detected node has abnormal behaviour at network.
2. wireless Mesh netword intruding detection system according to claim 1, it is characterized in that, described node dummy administration module comprises: the resource ASM, incident generates submodule, state machine management submodule and abnormality processing submodule, wherein: transmitting-receiving message copy and the monitoring message copy and the analog node dummy resource operating position of the detection node that resource ASM reception data collection module sends, state machine management submodule receives the state transitions incident that the incident generation module sends, the abnormality alarming signal that abnormality processing submodule accepting state machine management submodule sends.
3. wireless Mesh netword intruding detection system according to claim 2, it is characterized in that the mode that described resource ASM adopts finite state machine is to analog node dummy's behavior modeling and simulate the resource operating position and abnormal behaviour is detected; This finite state machine is made up of a group node and one group of corresponding transfer function a directed graph.
4. the detection method according to the described system of above-mentioned arbitrary claim is characterized in that, comprises the steps:
Step 1, at first the Routing Protocol according to wireless Mesh netword forms finite state machine;
Step 2 is disposed intruding detection system, the node of determining to carry out intrusion detection;
Step 3 is opened the intrusion detection based on state machine;
Step 4 is set up unusual-misuse and is detected mapping table, realizes intrusion detection.
5. detection method according to claim 4, it is characterized in that, described step 1 specifically is meant: for each detection node in the network is created the node dummy, load the finite state machine program that Routing Protocol produces by the node dummy then and utilize the condition of the message of the detected object that detection node perceives as state transitions, still being in the normal envelope then after the each behavior of node dummy, the detected node of its mapping does not take place unusual, when transferring to abnormality, show that the detected node of its mapping carried out not meeting the abnormal behaviour of agreement.
6. detection method according to claim 4, it is characterized in that, described step 2 specifically is meant: use the distributed collaborative intrusion detection, each node is provided with intrusion detection agent, so that for having the neighbor node of adjacent message interaction to set up the node dummy with this node or setting up intrusion detection framework based on mobile Agent; Zoning in state machine intrusion detection network then, each zone contains the node that is mounted with intrusion detection agent more than.
7. detection method according to claim 4, it is characterized in that, described distributed collaborative intrusion detection is meant: IDS Agent runs in the network on each node, carry out local data separately and collect and intrusion detection, trigger the intrusion detection and the response of whole network in case discovery has abnormal behaviour.
8. detection method according to claim 4, it is characterized in that described intrusion detection framework based on mobile Agent is meant: in network, choose monitoring, data collection and the intrusion detection of detection agency to realize taking timesharing, fixed point to detect of resident monitoring network on the individual nodes.
9. detection method according to claim 4 is characterized in that, described unlatching is adopted in following three kinds of modes any one based on the intrusion detection of state machine:
A) Traffic Anomaly open detection Network Based: be deployed with the monitor node of monitoring in real time for the networking flow in the current network, when network traffics take place by unusual rise sharply or during rapid drawdown, think and abnormality to occur, opening machine intruding detection system in this zone in the network;
B) for the detection node of state machine intruding detection system for the node that had detected after a period of time in do not detected, the node in the state machine intruding detection system need be safeguarded a node detection record sheet;
C) other detection node find that the broadcasting that certain node sends unusually also will trigger the state machine intrusion detection that other nodes are correlated with in the network.
10. detection method according to claim 4, it is characterized in that, described step 4 specifically is meant: the node dummy after limited state machine is transferred to abnormality under it carries out abnormal alarm, and upload immediate status and anomalous event, after via the node dummy finite state machine corresponding protocols and immediate status thereof and anomalous event being uploaded to intruding detection system under this node dummy, by intruding detection system unusually-misuse detect in the mapping table that retrieval obtains respective entries and in characteristic matching misuse detection algorithm storehouse retrieval obtain the respective detection algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010564670.8A CN102006586B (en) | 2010-11-30 | 2010-11-30 | Wireless Mesh network intrusion detection system and detection method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010564670.8A CN102006586B (en) | 2010-11-30 | 2010-11-30 | Wireless Mesh network intrusion detection system and detection method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102006586A true CN102006586A (en) | 2011-04-06 |
| CN102006586B CN102006586B (en) | 2013-01-09 |
Family
ID=43813572
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010564670.8A Expired - Fee Related CN102006586B (en) | 2010-11-30 | 2010-11-30 | Wireless Mesh network intrusion detection system and detection method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102006586B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685736A (en) * | 2012-05-22 | 2012-09-19 | 上海交通大学 | Adaptive attack detection method of wireless network |
| CN103297973A (en) * | 2013-06-04 | 2013-09-11 | 河海大学常州校区 | Method for detecting Sybil attack in underwater wireless sensor networks |
| CN104601553A (en) * | 2014-12-26 | 2015-05-06 | 北京邮电大学 | Internet-of-things tampering invasion detection method in combination with abnormal monitoring |
| CN104982051A (en) * | 2012-12-28 | 2015-10-14 | 英特尔公司 | Instruction for accelerating snow 3G wireless security algorithm |
| CN107425999A (en) * | 2017-04-20 | 2017-12-01 | 电子科技大学 | A kind of safety detection node dynamic deployment method of low overhead |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340292A (en) * | 2008-08-07 | 2009-01-07 | 上海交通大学 | Invasion detection method of radio self-organization network |
| CN101355416A (en) * | 2008-08-07 | 2009-01-28 | 上海交通大学 | Active protection system for wireless self-organizing network |
| CN101567812A (en) * | 2009-03-13 | 2009-10-28 | 华为技术有限公司 | Method and device for detecting network attack |
-
2010
- 2010-11-30 CN CN201010564670.8A patent/CN102006586B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340292A (en) * | 2008-08-07 | 2009-01-07 | 上海交通大学 | Invasion detection method of radio self-organization network |
| CN101355416A (en) * | 2008-08-07 | 2009-01-28 | 上海交通大学 | Active protection system for wireless self-organizing network |
| CN101567812A (en) * | 2009-03-13 | 2009-10-28 | 华为技术有限公司 | Method and device for detecting network attack |
Non-Patent Citations (3)
| Title |
|---|
| 易平等: "Malicious node detection in Ad Hoc networks using timed automata", 《WIRELESS, MOBILE AND SENSOR NETWORKS 2007 (CCWMSN07)》 * |
| 易平等: "基于免疫机制的无线Mesh网络安全模型", 《上海交通大学学报》 * |
| 易平等: "基于时间自动机的Ad hoc网络入侵检测", 《电子与信息学报》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685736A (en) * | 2012-05-22 | 2012-09-19 | 上海交通大学 | Adaptive attack detection method of wireless network |
| CN104982051A (en) * | 2012-12-28 | 2015-10-14 | 英特尔公司 | Instruction for accelerating snow 3G wireless security algorithm |
| CN104982051B (en) * | 2012-12-28 | 2018-11-27 | 英特尔公司 | For accelerating the device, method and system of wireless security algorithm |
| CN109348478A (en) * | 2012-12-28 | 2019-02-15 | 英特尔公司 | For accelerating the device, method and system of wireless security algorithm |
| CN103297973A (en) * | 2013-06-04 | 2013-09-11 | 河海大学常州校区 | Method for detecting Sybil attack in underwater wireless sensor networks |
| CN103297973B (en) * | 2013-06-04 | 2016-09-07 | 河海大学常州校区 | Witch's intrusion detection method in underwater sensor network |
| CN104601553A (en) * | 2014-12-26 | 2015-05-06 | 北京邮电大学 | Internet-of-things tampering invasion detection method in combination with abnormal monitoring |
| CN107425999A (en) * | 2017-04-20 | 2017-12-01 | 电子科技大学 | A kind of safety detection node dynamic deployment method of low overhead |
| CN107425999B (en) * | 2017-04-20 | 2020-11-10 | 电子科技大学 | Low-overhead dynamic deployment method for security detection nodes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102006586B (en) | 2013-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3111346B1 (en) | Distributed processing system | |
| US20150288604A1 (en) | Sensor Network Gateway | |
| CN102006586B (en) | Wireless Mesh network intrusion detection system and detection method thereof | |
| US10050865B2 (en) | Maintaining routing information | |
| CN101917733B (en) | Method for detecting flooding attack by wireless self-organizing network route query | |
| CN103686737B (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
| Ju et al. | An improved intrusion detection scheme based on weighted trust evaluation for wireless sensor networks | |
| Prathapani et al. | Intelligent honeypot agent for blackhole attack detection in wireless mesh networks | |
| Zhijie et al. | Intrusion detection for wireless sensor network based on traffic prediction model | |
| CN102711107A (en) | Wireless sensor network intrusion detection method based on key node | |
| CN102968872A (en) | Intelligent household security and protection system for preventing burglary | |
| CN107483413A (en) | Two-way intruding detection system and method based on cloud computing, cognitive radio networks | |
| Aschenbruck et al. | A security architecture and modular intrusion detection system for WSNs | |
| WO2015130752A1 (en) | Sensor network gateway | |
| CN102088741B (en) | Method for coping with malicious interference in wireless sensor network (WSN) | |
| Pan | Zigbee wireless network attack and detection | |
| CN202887363U (en) | Household intelligent safe-guard system for preventing burglary | |
| Mamatha et al. | Quantitative Behavior Based Intrusion Detection System for MANETS | |
| Coppolino et al. | A hidden markov model based intrusion detection system for wireless sensor networks | |
| Efendi et al. | 6LoWPAN-based Wireless Home Automation: From Secure System Development to Building Energy Management. | |
| Chen et al. | ExtHT: A hybrid tracing method for cyber-attacks in power industrial control systems | |
| CN106572434A (en) | Wireless network equipment and method for searching for mobile intelligent terminals through same | |
| Flathagen et al. | Integrating wireless sensor networks in the NATO network enabled capability using web services | |
| Sonwalkar et al. | Design and implementation of enhanced security model for wireless sensor network on ARM processor | |
| CN101316265B (en) | Light measurement method for counterfeit attack source in sensor network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130109 Termination date: 20161130 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |