CN102404739A - Detection method for wormhole attacks in Ad Hoc network - Google Patents
Detection method for wormhole attacks in Ad Hoc network Download PDFInfo
- Publication number
- CN102404739A CN102404739A CN2011102883621A CN201110288362A CN102404739A CN 102404739 A CN102404739 A CN 102404739A CN 2011102883621 A CN2011102883621 A CN 2011102883621A CN 201110288362 A CN201110288362 A CN 201110288362A CN 102404739 A CN102404739 A CN 102404739A
- Authority
- CN
- China
- Prior art keywords
- node
- time
- chi
- hello
- route messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a wireless network security technology and discloses a detection method for wormhole attacks in an Ad Hoc network. When a node transmits or receives a routing message, time ruler information (Ruler: T0, Gt and delta T) is set up in the routing message, wherein the T0 is initial time when the node sets up the time ruler information, the delta T is an allowable time range for the node to transmit information, the Gt is the minimal time interval of the node to continuously transmit route packages to an adjacent node of the node twice; the node sets up and stores the neighbor lists of all nodes adjacent to the node, and receives time ruler calibration marks and neighbor validity marks, and the element items in the lists are the time ruler information (Ruler: T0, Gt and deltaT) of the adjacent nodes. As the dissemination speed of the message between two nodes is determined, the length of a one-hop link through which some message passes can be measured through measuring the dissemination time of the message, and then, whether a wormhole exists or not can be found. The implementation equipment of the method is low in cost, and the method is effective detection means for protecting the network from the wormhole attacks.
Description
Technical field
The present invention relates to a kind of wireless network secure technology, the detection method that the worm hole is attacked in particularly a kind of Ad Hoc network.
Background technology
Ad Hoc network is a kind of multi-hop wireless network that does not rely on static infrastructure, self-organizing; Have the networking convenience, do not receive advantages such as time and spatial constraints; Can be widely used in military communication, disaster assistance etc. can't or the inconvenience occasion of laying network infrastructure, have very wide application prospect.Compare with the fixed network that tradition is wired, move the characteristics such as resource-constrained that Ad Hoc network (MANET) has management that open media, dynamic topology, distributed collaborative, nothing concentrate and control centre and node.This make to move Ad Hoc network and is easy to receive various attack, as eavesdrop, distort, playback and denial of service etc.
The worm hole is attacked (wormhole attack) and is claimed the tunnel attack again.In Ad Hoc wireless network, a malicious node is delivered to another position in the network through a privately owned passage (tunnel) then, and resets at a local monitored data bag.When the transmission range in tunnel is failed scope greater than a jump set, will be through the packet of tunnel transmission than arriving the destination through the time of normal multi-hop route data packets transmitted cost less or shorter jumping figure.This can create a deceitful impression, and promptly the two ends, tunnel are very approaching each other.Because the path of process of passing through tunnel is lacked than the jumping figure that normal route needs; For the Routing Protocol of selecting shortest path; The attack of worm hole can make a large amount of network traffics through malicious nodes, thereby further initiates packet loss or attack such as distort advantage is provided for malicious node.
Existing most Ad Hoc network routing protocol such as AODV (rfc3561.Ad hoc On-Demand Distance Vector (AODV) Routing), DSR (rfc4728. " The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks for IPv4 "), DSDV (C.E.Perkins, and P.Bhagwat, " Highly Dynamic Destination-Sequenced Di stance-Vector (DSDV) for Mobile Computers; " Proc.ACM Conf.Communications Architectures and Protocols (SIGCOMM ' 94), London, UK; August 1994, pp.234-244.) and various safe Routing Protocol such as SAODV (M.G. Zapata, and N.Asokan; " Secure Ad hoc On-Demand Distance Vector Routing, " ACM Mobile Computing and Communications Review, vol.3; No.6, July 2002, pp.106-107.), SRP (P.Papadimitratos; And Z.J.Haas, " Secure Routing for Mobile Ad hoc Networks, " Proc.Communication Networks and Distributed Systems; Modeling and Simulation Conf. (CNDS ' 02), San Antonio, Texas; January 2002, pp.27-31.), DSDV (C.E.Perkins, and P.Bhagwat; " Highly Dynamic Destination-Sequenced Distance-Vector (DSDV) for Mobile Computers, " Proc.ACM Conf.Communications Architectures and Protocols (SIGCOMM ' 94), London; UK, August 1994, pp.234-244.), ARAN (K.Sanzgiri; B.Dahill; B.N.Levine, C.Shields and E.M.Royer, " A Secure Routing Protocol for Ad hoc Networks "; Proc.10th IEEE Int ' l.Conf.Network Protocols (ICNP ' 02); IEEE Press, 2002, pp.78-87.) grade all can't be resisted the attack of worm hole.
At present, the method that more existing detections and defence worm hole are attacked fetters (Packet Leash) mechanism (referring to document Y.C.Hu such as bag; A.Perrig, and D.B.Johnson, " Packet leashes:A defense against wormhole attacks in wire-less networks; " In Proceedings of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, vol.3, pp.1976-1986; 2003.), based on the detection of directional antenna (referring to document L.Hu and D.Evans, " Using Directional Antennas to Prevent Wormhole Attacks "; Network and Distributed System Security Symposium; San Diego, CA, 5-6 February2004.) and the visualization network topology (referring to document W.Wang; B.Bhargava; " Visualization of Wormholes in Sensor Networks ", ACM WiSE ' 04, October 2004) etc. method.The shortcoming of these methods mainly shows it to the computational accuracy of node and having relatively high expectations of speed or equipment cost, thereby in the application of reality, is faced with many difficulties.
Summary of the invention
The objective of the invention is to overcome the deficiency that prior art exists, provide a kind of equipment input cost low, can fast and effeciently detect the method that the worm hole is attacked in the Ad Hoc network.
Technical scheme of the present invention provides the detection method that the worm hole is attacked in a kind of Ad Hoc network, and when node transmission or reception route messages, foundation comprises T in route messages
0, Δ T and G
tThe time chi information Ruler of three key elements: (T
0, G
t, Δ T), wherein, T
0Initial time during for node chi settling time information, Δ T are the permission time range that node sends information, G
tBe the minimum interval of node to the double transmission route of its adjacent node bag; The neighbor list of all nodes adjacent with it is set up and stored to node, and the element entry that comprises in the tabulation is: the time chi information Ruler of adjacent node: (T
0, G
t, Δ T), time of reception chi calibration mark and neighbours' validity flag.
When node sends route messages, comprise following operating procedure:
(1) judges whether the route messages that will send is the HELLO acknowledge message of HELLO_ACK form, if forward step (7) to;
(2) whether the time chi information of inspection present node is set up, if do not set up, forwards step (4) to;
(3) read the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), obtain the system time T of present node
c, confirm the transmitting time T of route messages
s, T
sSatisfy simultaneously
Wherein, k is a positive integer, forwards step (8) to;
(4) judge whether the route messages that will send is the HELLO informational message of HELLO_INFO form, if not, forward step (6) to;
(5) confirm that node sends the permission time range of information
Wherein, c is a propagation of wireless signal speed, and R is the transmission radius of node; Confirm that node sends the minimum interval G of route bag continuously to its adjacent node
t>2 Δ T; Set up and store the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), forward step (8) to;
(6) delete this route messages;
(7) confirm the transmitting time T of route messages
s, T
sSatisfy simultaneously
Wherein, T
cBe the system time of present node, T
rFor present node receives the time from the HELLO informational message of the HELLO_INFO form of adjacent node, k is a positive integer; Time-delay T
s-T
cAfter, forward step (8) to; Simultaneously, create the HELLO informational message of HELLO_INFO form, circulation execution in step (1);
(8) send this route messages immediately.
When node receives route messages, comprise following operating procedure:
(1) in the neighbor list of present node, searches the corresponding time of reception chi information Ruler of adjacent node that sends this route messages: (T
0, G
t, Δ T);
(2) if the corresponding time of reception chi information of adjacent node exists, then continue next step, otherwise forward step (11) to;
Whether the route messages of (3) judging this reception is the HELLO acknowledge message of HELLO_ACK form, if then continue, otherwise forwards step (8) to;
(4) read the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), obtain the system time T of present node
c, calculate the link propagation delay time of route messages from the sending node to the present node that is received
The time of reception chi information Ruler that inquiry is corresponding
r: (T
0, G
t, Δ T) and calibration mark; If calibration mark is correcting state not, then revise the zero-time T in this time of reception chi information
0=T
0-t
d, and calibration mark is set to correcting state; If calibration mark is correcting state, then do not do any operation;
(5) read the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), obtain the system time T of present node
c, press T
d=(T
c-T
0) rem G
tResult of calculation, if T
d<2 Δ T (the attention formula has been corrected one's mistakes) then continue, otherwise forward step (10) to;
(6) the neighbours' validity flag that the neighbor node that sends this HELLO acknowledge message is set in the neighbor list is an effective status, is provided with simultaneously that all are that the validity flag of the route table items of next-hop node is an effective status with this neighbor node in the routing table;
(7) handle this route messages according to employed Routing Protocol, forward step (14) to;
(8) whether the time of reception chi information of the inspection adjacent node corresponding with sending node is corrected, if, then continuation, otherwise forward step (10) to;
(9) read time of reception chi information Ruler
r: (T
0, G
t, Δ T); Obtain the system time T of present node
c, press T
d=(T
c-T
0) rem G
tResult of calculation, if T
d<Δ T then forwards step (6) to, otherwise continues;
(10) neighbor node that sends this HELLO acknowledge message being set is disarmed state, and all are set in the routing table simultaneously is disarmed state with this neighbor node as the route table items of next-hop node, forwards step (14) to;
(11) judge whether the route messages that receives is the HELLO informational message, if not, forward step (13) to;
(12) from the HELLO informational message, read G
tWith Δ T information, obtain the system time T of present node
cCreate time of reception chi Ruler
r: (T
0, G
t, Δ T), with its with neighbor list in store with the corresponding element of this adjacent node, and time of reception chi calibration mark is set to not correcting state; From time T
cBeginning, time-delay kG
tAfter the time of (the attention formula has been corrected one's mistakes), the step (1) during from node transmission route messages begins to carry out, and replys the HELLO acknowledge message to this adjacent node;
(13) create and broadcast the HELLO informational message;
(14) delete this route messages.
The attack of worm hole is a kind of attack means of difficult defence in Ad Hoc network.Referring to accompanying drawing 1, it is to utilize outband channel to set up the sketch map of the worm hole attack in tunnel in the Ad Hoc network; In Fig. 1, A, B, S and X are normal node, and M1 and M2 attack node, and R is the transmission radius of normal node.Node S finds effective neighbours through checking the HELLO acknowledge message that other node is replied.In the coverage of normal node S, normal node A is arranged and attack node M 1, can set up normal link between normal node node S and the A; Normal node B is arranged in the coverage of normal node X and attack node M 2, can make up normal link between normal node nodes X and the B; Distance between attack node M 1 and the M2 is greater than the transmission radius of all nodes, and outer wireless channel---privately owned passage is set up the tunnel through band to attack node.For utilizing outband channel to set up the worm hole attack method in tunnel, the length that its characteristic mainly shows as the tunnel is usually much larger than the one hop link length of normal node.When the present invention was employed in the node transmission or receives route messages, foundation comprised T in route messages
0, Δ T and G
tThe time chi information Ruler of three key elements: (T
0, G
t, Δ T) because the propagation velocity of message between two nodes confirm,, can measure the length of the one hop link of certain message process therefore through the propagation time of measuring message, whether the existence that can find the tunnel reaches and detects the worm hole and attack purpose.
The operation principle that the present invention adopts the time chi to detect the worm hole is:
After all adjacent nodes connected in the Ad Hoc network, all nodes must send the route bag according to its pre-designed time chi.Each node basis that receives the route bag and the corresponding time of reception chi of sender's (from the route bag, knowing) are judged the legitimacy through the path of route bag.Because the route bag is to send according to specific interval, transmit under the situation of radius at the distance variable between sender and the recipient and don't above the sender, the time of reception of route bag point should be on the interval that can foresee.The present invention selects for use transmission or time of reception chi to detect respectively according to receiving the route bag.
Node in the Ad Hoc network can add or deviated from network at any time.When node added Ad Hoc network, the HELLO message of the single-hop of elder generation's broadcasting was always set up with the direct of other node and is connected.All route messages that comprise HELLO message send according to the transmitting time chi.Because the signal cover of normal node is limited, the route bag also is limited from the time-delay that the sender arrives the recipient.
As shown in Figure 1, suppose the transmission radius R of the distance of S and X, and disregard route messages that nodes X and node A will have different time delay to the HELLO acknowledge message that node S replys so in the time-delay of attacking on the node greater than S.
After node S has sent a HELLO informational message, confirmed the transmitting time chi of S:
Ruler
s:(T
0,G
t,ΔT),
This HELLO informational message will arrive node A through normal channel, and the tunnel of setting up through M1 and M2 arrives nodes X, and because its life span only has 1 to jump, so can not arrive Node B.According to model hypothesis, receive the HELLO informational message after, node A, X several G that must immediately or delay time
tThe HELLO acknowledge message is replied in the back.If be respectively t from the HELLO acknowledge message of node A with from the time point that the HELLO acknowledge message of X arrives node S
SArAnd t
SXr, check whether both satisfy the inequality of being confirmed by the transmitting time chi:
T
0+kgG
t<t<T
0+kgG
t+2ΔT(k=0,1,2L),
If do not satisfy, then the neighbours of correspondence are set to disarmed state in neighbor list, otherwise are effective status.
Through analyzing time of reception point t
SArSatisfy this inequality, and t
SXrDo not satisfy, so node A is judged as effective neighbours of node S, and nodes X is judged as invalid neighbours.
In Fig. 1, establishing S is initiate node, and after receiving the HELLO informational message of node S, node A and nodes X also will be broadcasted the HELLO informational message again on the original transmitting time chi of oneself except replying the HELLO acknowledge message.Again broadcasting the HELLO informational message is in order to let node S set up the time of reception chi corresponding to this node (A or X).
Node S receives the HELLO informational message from node A, calculates and store the corresponding time of reception chi of sender therewith:
Ruler
r:(T
0,G
t,ΔT),
After this, node A certain scale on its transmitting time chi sends the route bag, and the time point of establishing this route bag arrival node S is t
ArNode S inspection time of reception point t
ArWhether satisfy the scope that the time of reception chi corresponding with the sender confirmed:
T
0+kG
t<t<T
0+kG
t+ΔT(k=1,2,3,L),
If do not satisfy, it is invalid that the state of node S node A in neighbor node table is set to, otherwise be effective status.
Compared with prior art, advantage of the present invention is: through the propagation time of measuring message, thereby measure the length of the one hop link of certain message process, whether the existence that can find the tunnel is a kind of effective detection means of defending the worm hole to attack.
Description of drawings
Fig. 1 is the sketch map of worm hole attack method in the Ad Hoc network;
Fig. 2 is the flow chart that the node that provides of the embodiment of the invention sends route messages;
Fig. 3 is the flow chart that the node that provides of the embodiment of the invention receives route messages;
Fig. 4 is a comparison diagram of using in a kind of Ad of detection Hoc network that the embodiment of the invention provides network packet packet loss and node mobility relation curve before and after the attack method of worm hole.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is further described.
Embodiment 1
1, described network of present embodiment and node are done following the setting:
(1) wireless transmitter of each normal node all has identical transmission radius R in the network.
(2) have at least two to attack node in the network, set up the tunnel, and suppose that attack node all nodes in network just get in the whole Ad Hoc network after all having accomplished initialization through being with outer high bandwidth wireless channel.
(3) all nodes adopt the SAODV route of revising, and except the encryption that keeps original route messages, increase the encryption to HELLO message.In addition, in HELLO message, increase some and be used for the field of setting-up time.
(4) node sends the route bag according to time chi described below.The 1st the route bag that node sends is the HELLO message bag of band additional information, and this message is called the HELLO informational message.Any one node must be replied the HELLO message of an affirmation after receiving the HELLO informational message, this message is called the HELLO acknowledge message.
(5) each node all has timekeeping system.Do not require that the node in the network is a time synchronized, the different nodes system time maybe be also different.But require node can the transmitting time of route bag be accurate to microsecond at least.
Comprise two main contents in the time chi detection scheme that the worm hole that present embodiment provided is attacked; A transmitting time that is network node according to transmitting time chi control route messages, another is that network node receives from using corresponding time of reception chi to detect the validity of the link of route messages process after neighbours' the message.
The purpose of worm hole attack detecting is in order to defend or weaken the harm of worm hole attack.The result of worm hole attack detecting is certain neighbour's a the state of validity, promptly is " falseness " neighbours, still true neighbours.Obviously, in the Ad Hoc network in worm hole was arranged, " falseness " neighbours were caused by the worm hole.In order to prevent the attack of worm hole attack node, should avoid the use of " falseness " neighbours and transmit packet.Therefore, after detecting the state of validity of neighbors,, also should carry out suitable setting to routing table except needs are provided with in the neighbor list the state of validity of corresponding element.
In the AODV Routing Protocol, comprise the IP address of destination node and the address of next-hop node in the route table items.In order to prevent that next-hop node from being " falseness " neighbours, should in route table items, add a sign VN, in order to the validity of expression next-hop node.When sending data-message, have only when certain route table items be effectively, and its next-hop node also is effectively, just can use this route table items to send data-message.After node is used the time chi and checked out the state of validity of certain neighbor node, should be provided with that all are the VN the state of validity of the route table items of next-hop node with these neighbours in the routing table.
For the ease of statement, in the present embodiment, the HELLO informational message is called HELLO_INFO, and the HELLO acknowledge message is called HELLO_ACK.Except having the function of stipulating in the AODV Routing Protocol, HELLO_INFO and HELLO_ACK also are used for the foundation of time chi.
Each node sends the route bag according to certain rules.Be embodied in, the route bag always sends on the time point that oneself can calculate, and preestablishes the minimum interval of double transmission route bag.Because the transmission radius of each node is constant, the time that therefore receives from the route bag of certain specific nodes also is in foreseeable scope.
The time chi comprises three key elements: the initial time T during node chi settling time information
0, node is to the minimum interval G of the double transmission route of its adjacent node bag
t, node sends the permission time range Δ T of information, confirmed that these three key elements have also just confirmed one the information of time chi, its note made Ruler: (T
0, G
t, Δ T).The length of time chi is unlimited, and each time point on it (or claiming time scale) arranges from start time point according to its scale size successively, and two adjacent time points are spaced apart G
t
In practical application; Each normal node storage inside one the time chi that oneself is used to send route messages in the network; Claim " transmitting time chi " and check the some of route messages time of reception point, claim by " time of reception chi " the time chi with corresponding being used to of each neighbors.The transmitting time of route messages must be corresponding to certain scale on the transmitting time chi.
2, the foundation of time chi and storage means
(1) foundation of transmitting time chi
When node will send first HELLO informational message, the time that record sends was T
0, according to the transmission radius R calculating allowed band of oneself
(c is the skyborne propagation velocity of wireless signal) set a minimum interval G again
t, and with Δ T and G
tAppend in this message and send.So the transmitting time chi is set up, later on T on the transmitting time chi
k=T
0+ kgG
t(k=1,2,3L) go up transmission route bag.The transmitting time chi of a node is in case confirm with regard to no longer change, up to its deviated from network.
(2) foundation of time of reception chi:
Return the HELLO acknowledge message as other node to this node,, can calculate this HELLO acknowledge message, remember and make t from the time-delay that the sender arrives this node according to putting and the transmitting time chi its time of advent
dReceive from after this sender HELLO informational message that when this node signing in a little is T
r, calculate the starting time T of transmitting time point in native system of this HELLO informational message
0=T
r-t
d, from the HELLO informational message, read about the transmitting time chi allowed band Δ T of sending node and blanking time G
t, and with these two numerical value respectively as the Δ T and the G of time of reception chi
tSo the time of reception chi about this sending node is set up.
(3) storage of time chi
Each network node has only a transmitting time chi.Because after three key elements having confirmed the time chi, all scales on the time chi just can calculate, therefore as long as three key elements of storage transmitting time chi.
For general node, its neighbor node has a plurality of.For make and all neighbor nodes between link can both be detected respectively, each node should be stored the time of reception chi corresponding with its all neighbor nodes.In the internal memory of node, the time of reception chi should be with neighbor node tabulation storage, so that find corresponding time of reception chi through the identity information (IP or MAC Address) of neighbor node.In addition; From the process of setting up of time of reception chi (above (2) joint), find out; After receiving the HELLO informational message of neighbor node for the first time; The starting time of the time of reception chi of creating need deduct the propagation delay from the neighbor node to the present node, promptly need proofread and correct the time of reception chi of firm establishment.Therefore, with the time of reception chi, also should store the sign whether this time of reception chi of expression has been corrected.And each element in the neighbor node tabulation should comprise: the identity of neighbor node (IP or MAC Address), time of reception chi Ruler
r: (T
0, G
t, Δ T), calibration mark CF and neighbours' the state of validity etc.
3, concrete steps
When (1) node sends route messages
Referring to accompanying drawing 2, the flow chart when it is present embodiment node transmission route messages comprises the establishment and the use of transmitting time chi, when node sends route messages msg, carries out as follows:
1. judge whether the route messages that will send is HELLO_ACK.If, forwarded for the 7. step to, otherwise, continue.
2. check whether the transmitting time chi of present node is set up,, then forwarded for the 4. step to, otherwise continue if set up.
3. utilize the transmitting time of this route messages of transmitting time chi control of present node.Specifically comprise:
Obtain the system time T of present node
cRead the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T); Seek transmitting time T
s, must satisfy:
Wherein k is an integer, and under the situation that satisfies variety of protocol standard (consensus standards of network layer, Access Layer etc.), requires T
sAs far as possible little; Cushion this route messages, buffer time is T
s-T
cForwarded for the 8. step to.
4. judge whether the message that will send is HELLO_INFO.If continue, otherwise changeed for the 6. step.
5. set up and store the transmitting time chi of present node.At first obtain the T of the system time of present node as the transmitting time chi
0Calculate the permission time of transmitting time chi by the transmission radius R of present node
Satisfying G
tTake all factors into consideration detection performance that improves the tunnel and G blanking time that selects the transmitting time chi settling time that reduces route under the condition of>2 Δ T
t, blanking time G
tMore little, route is short more settling time, blanking time G
tBig more, it is good more that the tunnel detects performance; The transmitting time chi information Ruler of storage present node
s: (T
0, G
t, Δ T); In the route messages that will send, add two information, i.e. G of the transmitting time chi of present node
tWith Δ T.Forwarded for the 8. step to.
6. this moment, the transmitting time chi of present node is set up as yet, and the route messages that will send neither HELLO_INFO, and then the transmitting time of uncontrollable this route messages can only be deleted it.Forward the 9. step to.
7. when the route messages that will send is HELLO_ACK; This route messages should be as the answer of HELLO_INFO message is sent to certain neighbor node (destination node); The time point of its transmission is not to utilize the transmitting time chi of present node to calculate, but receives the time T from these neighbours' HELLO_INFO message by present node
rFrom then on the G that obtains in the message
tCalculate.Particularly, the transmitting time point T of HELLO_ACK message
sMust satisfy:
T wherein
cBe the system time of present node, k is a positive integer, and under the situation that satisfies the variety of protocol standard, requires T
sAs much as possible little.Time-delay T
s-T
cAfter, forward next step execution to, create HELLO_INFO message simultaneously, from 1. step execution.
8. send this route messages immediately.
9. the route messages that will send is disposed.
(2) node sends and when receiving route messages
Referring to accompanying drawing 3, the flow chart when it is present embodiment node reception route messages comprises the establishment and the use of time of reception chi, after node receives the route messages msg from certain neighbors, carries out as follows:
1. in present node, search the time of reception chi corresponding with the neighbors that sends this route messages.The time of reception chi of all neighborss of present node should be to be stored as tabular form, so that search.
If 2. corresponding time of reception chi exists, then continue next step, otherwise forwarded for (11) step to.
3. judge whether this route messages is HELLO_ACK,, otherwise forwarded for the 8. step to if then continue.
4. at first calculate the propagation delay of this message from sending node (promptly sending the neighbors of this route messages) to present node.Calculation Method is: the transmitting time chi information Ruler that reads present node
s: (T
0, G
t, Δ T); Obtain the system time T of present node
cCalculate the link propagation delay
Propagation delay if the time of reception chi corresponding with sending node was not corrected, is then proofreaied and correct it after calculating and accomplishing.Concrete way: the time of reception chi information Ruler that inquiry is corresponding
r: (T
0, G
t, Δ T) and calibration mark; If the time of reception chi is not corrected, then revise the starting time of time of reception chi, i.e. T
0=T
0-t
d, calibration mark is set then, make it represent correcting state; If the time of reception chi is corrected, then do not do any operation.
5. utilize the transmitting time chi of present node to detect the validity of the link of this HELLO_ACK message process,, otherwise forwarded for the 10. step to if effectively, get into next step.Concrete detection method: the transmitting time chi Ruler that reads present node
s: (T
0, G
t, Δ T); Obtain the system time T of present node
c, be the some time of advent of HELLO_ACK; Calculate T
cTo the transmitting time chi less than T
cMaximum scale apart from T
d, i.e. T
d=(T
c-T
0) rem G
tIf T
d<2g Δ T, then effective, otherwise invalid.If effectively then continue, otherwise forwarded for the 10. step to.
6. the neighbor node that sends this HELLO_ACK message is set for effectively, the corresponding element of this neighbours in the neighbor list promptly is set for effectively, be provided with simultaneously that all are that the VN of the route table items of next-hop node is an effective status with this neighbor node in the routing table.Get into next step.
7. handle this route messages according to the SAODV Routing Protocol.Forwarded for (14) step to.
8. whether the inspection time of reception chi corresponding with sending node is corrected.If then continue, otherwise forwarded for the 10. step to.
9. utilize the time of reception chi corresponding to detect the validity of sending node,, forward the to and 6. go on foot, otherwise get into next step if effective to the link of present node with sending node.Read time of reception chi information Ruler
r: (T
0, G
t, Δ T); Obtain the system time T of present node
c, be the some time of advent of HELLO_ACK message; Calculate T
cTo the time of reception chi less than T
cMaximum scale apart from T
d, i.e. T
d=(T
c-T
0) rem G
tIf T
d<Δ T, then effective, otherwise invalid.If invalid then continue, otherwise forwarded for the 6. step to.
10. the neighbor node that sends this HELLO_ACK message is set is invalid, is provided with promptly that the corresponding element of these neighbours is invalid in the neighbor list, and all are set in the routing table simultaneously is disarmed state with this neighbor node as the VN of the route table items of next-hop node.Jump to the execution of (14) step.
(11) judge whether the route messages that receives is HELLO_INFO, if then get into next step, otherwise forwarded for (13) step to.
(12) create and the corresponding time of reception chi of neighbor node that sends this HELLO_INFO message, and reply a HELLO_ACK to this neighbor node.Particular content comprises: from HELLO_INFO message, read G
tWith Δ T information; Obtain the system time T of present node
c, promptly for this reason the time of advent of HELLO_INFO message point; Create time of reception chi Ruler
r: (T
0, G
t, Δ T), with its with neighbor list in store with the corresponding element of these neighbours, and not calibration mark is set; From time T
cBeginning, time-delay kG
tHELLO_ACK message is replied to this neighbor node in the back, from Fig. 2 1. begin carry out.
(13) create and broadcast HELLO_INFO message, from 1. carrying out of Fig. 2.The purpose of broadcasting HELLO_INFO message is in order to set up the time of reception chi corresponding with this neighbor node.
(14) delete this route messages.
(15) disposing to this route messages.
4, effect is detected in network worm hole
Select the Omnet++4.1 platform for use, carry out the worm hole by the described method of present embodiment and detect based on the time chi.In detecting network, 50 network nodes are ground, the two dimensional surface field random distribution of 2000 * 2000m2 at area.In 50 network nodes, comprise 5 information source node and 5 worm holes attack nodes, the communication range of all normal node is that radius is 323 meters a border circular areas, the length maximum that the tunnel between the node is attacked in the worm hole can reach 1000 meters.The translational speed of each node is in 1~10m/s scope; And for stochastic finite moves: before beginning to move, direction of picked at random moves fixing distance with certain speed then in 360 degree scopes; After arriving the destination; After the original place rest regular hour, direction of picked at random still moves fixing distance with certain speed again.All normal node in the network are all moved the SAODV Routing Protocol.
Referring to accompanying drawing 3, it is the comparison diagram that the present embodiment technical scheme is implemented front and back network packet packet loss and node mobility relation curve.From figure, find out that when not using chi detection method of described time of present embodiment (curve I among the figure), the packet loss of network packet about about 35%, reaches as high as 40% greatly.And after having used chi detection method of described time of present embodiment, the network packet packet loss decreases drastically.Wherein, time interval G
tEqual the corresponding network packet packet loss of the time chi (curve II) of 6 times of Δ T between 12.5~25%; And the time interval equals the corresponding network packet packet loss of the time chi (curve III) of 12 times of Δ T between 11~20%; And under the identical situation of node mobility; The latter always is slightly less than the former, and the network packet loss rate that promptly bigger time chi of the time interval is corresponding is littler, and the performance of whole network is better.
Fig. 3 result shows that after using time chi detection method of the present invention, the performance of network obviously improves.Simultaneously, can also see:
(1) to certain time interval G
tRegular time chi, the performance of whole network improves along with the increase of node motion speed.On the whole, after the translational speed of node increased, in the regular hour, each (normally) node can directly be communicated by letter with more other node, thereby can set up more time of reception chi.Increase if comprise the quantity of the time of reception chi that each (normally) intranodal is set up in the network in worm hole, then the found probability in worm hole also will increase in the network, thereby cause having more worm hole to come to light and isolated by normal node.
(2) when the translational speed of network node fixedly the time, time interval G
tThe network performance that bigger time chi is corresponding is better.The time-delay of the single-hop of route bag is to calculate less than the difference of the maximum scale of putting the time of advent according on the time point of its arrival and corresponding transmitting time chi or the time of reception chi.When having the tunnel in the network, this computational methods might not be exactly correct, and the single-hop time-delay of promptly calculating maybe be littler than the single-hop time-delay of reality.Therefore, this just possibly bring erroneous judgement, and it is legal that some illegal one hop link will be judged as.Through analyzing, for the network of the transmission constant radius of normal node, normal node detects the probability of illegal link and the time interval G of time chi
tRelevant, and as time interval G
tBig more, the probability that then detects illegal link is just big more.The G of the time chi of therefore, in the network that comprises the worm hole, using
tBig more, then the probability that is detected of all worm holes is just big more, just will have more worm hole to come to light and isolates.
Claims (3)
1. the detection method that the worm hole is attacked in the Ad Hoc network is characterized in that: node sends or when receiving route messages, in route messages, sets up to comprise T
0, Δ T and G
tThe time chi information Ruler of three key elements: (T
0, G
t, Δ T), wherein, T
0Initial time during for node chi settling time information, Δ T are the permission time range that node sends information, G
tBe the minimum interval of node to the double transmission route of its adjacent node bag; The neighbor list of all nodes adjacent with it is set up and stored to node, and the element entry that comprises in the tabulation is: the time chi information Ruler of adjacent node: (T
0, G
t, Δ T), time of reception chi calibration mark and neighbours' validity flag.
2. the detection method that the worm hole is attacked in a kind of Ad Hoc network according to claim 1 when it is characterized in that node sends route messages, comprises following operating procedure:
(1) judges whether the route messages that will send is the HELLO acknowledge message of HELLO_ACK form, if forward step (7) to;
(2) whether the time chi information of inspection present node is set up, if do not set up, forwards step (4) to;
(3) read the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), obtain the system time T of present node
c, confirm the transmitting time T of route messages
s, T
sSatisfy simultaneously
Wherein, k is a positive integer, forwards step (8) to;
(4) judge whether the route messages that will send is the HELLO informational message of HELLO_INFO form, if not, forward step (6) to;
(5) confirm that node sends the permission time range of information
Wherein, c is a propagation of wireless signal speed, and R is the transmission radius of node; Confirm that node sends the minimum interval G of route bag continuously to its adjacent node
t>2 Δ T; Set up and store the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), forward step (8) to;
(6) delete this route messages;
(7) confirm the transmitting time T of route messages
s, T
sSatisfy simultaneously
Wherein, T
cBe the system time of present node, T
rFor present node receives the time from the HELLO informational message of the HELLO_INFO form of adjacent node, k is a positive integer; Time-delay T
s-T
cAfter, forward step (8) to; Simultaneously, create the HELLO informational message of HELLO_INFO form, circulation execution in step (1);
(8) send this route messages immediately.
3. the detection method that the worm hole is attacked in a kind of Ad Hoc network according to claim 1 when it is characterized in that node receives route messages, comprises following operating procedure:
(1) in the neighbor list of present node, searches the corresponding time of reception chi information Ruler of adjacent node that sends this route messages: (T
0, G
t, Δ T);
(2) if the corresponding time of reception chi information of adjacent node exists, then continue next step, otherwise forward step (11) to;
Whether the route messages of (3) judging this reception is the HELLO acknowledge message of HELLO_ACK form, if then continue, otherwise forwards step (8) to;
(4) read the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), obtain the system time T of present node
c, calculate the link propagation delay time of route messages from the sending node to the present node that is received
The time of reception chi information Ruler that inquiry is corresponding
r: (T
0, G
t, Δ T) and calibration mark; If calibration mark is correcting state not, then revise the zero-time T in this time of reception chi information
0=T
0-t
d, and calibration mark is set to correcting state; If calibration mark is correcting state, then do not do any operation;
(5) read the transmitting time chi information Ruler of present node
s: (T
0, G
t, Δ T), obtain the system time T of present node
c, press T
d=(T
c-T
0) rem G
tResult of calculation, if T
d<2 Δ T (the attention formula has been corrected one's mistakes) then continue, otherwise forward step (10) to;
(6) the neighbours' validity flag that the neighbor node that sends this HELLO acknowledge message is set in the neighbor list is an effective status, is provided with simultaneously that all are that the validity flag of the route table items of next-hop node is an effective status with this neighbor node in the routing table;
(7) handle this route messages according to employed Routing Protocol, forward step (14) to;
(8) whether the time of reception chi information of the inspection adjacent node corresponding with sending node is corrected, if, then continuation, otherwise forward step (10) to;
(9) read time of reception chi information Ruler
r: (T
0, G
t, Δ T); Obtain the system time T of present node
c, press T
d=(T
c-T
0) rem G
tResult of calculation, if T
d<Δ T then forwards step (6) to, otherwise continues;
(10) neighbor node that sends this HELLO acknowledge message being set is disarmed state, and all are set in the routing table simultaneously is disarmed state with this neighbor node as the route table items of next-hop node, forwards step (14) to;
(11) judge whether the route messages that receives is the HELLO informational message, if not, forward step (13) to;
(12) from the HELLO informational message, read G
tWith Δ T information, obtain the system time T of present node
cCreate time of reception chi Ruler
r: (T
0, G
t, Δ T), with its with neighbor list in store with the corresponding element of this adjacent node, and time of reception chi calibration mark is set to not correcting state; From time T
cBeginning, time-delay kG
tAfter the time of (the attention formula has been corrected one's mistakes), the step (1) during from node transmission route messages begins to carry out, and replys the HELLO acknowledge message to this adjacent node;
(13) create and broadcast the HELLO informational message;
(14) delete this route messages.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110288362.1A CN102404739B (en) | 2011-09-26 | 2011-09-26 | Detection method for wormhole attacks in Ad Hoc network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110288362.1A CN102404739B (en) | 2011-09-26 | 2011-09-26 | Detection method for wormhole attacks in Ad Hoc network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102404739A true CN102404739A (en) | 2012-04-04 |
CN102404739B CN102404739B (en) | 2014-03-19 |
Family
ID=45886420
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110288362.1A Expired - Fee Related CN102404739B (en) | 2011-09-26 | 2011-09-26 | Detection method for wormhole attacks in Ad Hoc network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102404739B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105009643A (en) * | 2013-03-05 | 2015-10-28 | 高通股份有限公司 | Internet routing over a service-oriented architecture bus |
CN111556054A (en) * | 2020-04-28 | 2020-08-18 | 南京大学 | Method for detecting wormhole attack aiming at SDN |
CN114124566A (en) * | 2021-12-07 | 2022-03-01 | 广州尚航信息科技股份有限公司 | Network attack remote real-time monitoring method and system for exchange unit |
CN114629697A (en) * | 2022-02-28 | 2022-06-14 | 北京工业大学 | Wormhole attack detection method and system of wireless sensor network |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101772126A (en) * | 2010-01-19 | 2010-07-07 | 南京邮电大学 | Bug wormhole attack method aiming at safe, high-efficiency distance vector routing protocol |
CN102035726A (en) * | 2010-11-11 | 2011-04-27 | 北京航空航天大学 | Wormhole attack defense method based on multipath routing and trust mechanism in Ad hoc network |
-
2011
- 2011-09-26 CN CN201110288362.1A patent/CN102404739B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101772126A (en) * | 2010-01-19 | 2010-07-07 | 南京邮电大学 | Bug wormhole attack method aiming at safe, high-efficiency distance vector routing protocol |
CN102035726A (en) * | 2010-11-11 | 2011-04-27 | 北京航空航天大学 | Wormhole attack defense method based on multipath routing and trust mechanism in Ad hoc network |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105009643A (en) * | 2013-03-05 | 2015-10-28 | 高通股份有限公司 | Internet routing over a service-oriented architecture bus |
CN105009643B (en) * | 2013-03-05 | 2018-11-13 | 高通股份有限公司 | Interconnection path in Service-Oriented Architecture Based bus by |
CN111556054A (en) * | 2020-04-28 | 2020-08-18 | 南京大学 | Method for detecting wormhole attack aiming at SDN |
CN114124566A (en) * | 2021-12-07 | 2022-03-01 | 广州尚航信息科技股份有限公司 | Network attack remote real-time monitoring method and system for exchange unit |
CN114629697A (en) * | 2022-02-28 | 2022-06-14 | 北京工业大学 | Wormhole attack detection method and system of wireless sensor network |
Also Published As
Publication number | Publication date |
---|---|
CN102404739B (en) | 2014-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Khalil et al. | LITEWORP: a lightweight countermeasure for the wormhole attack in multihop wireless networks | |
Gupta et al. | WHOP: Wormhole attack detection protocol using hound packet | |
Wang et al. | An end-to-end detection of wormhole attack in wireless ad-hoc networks | |
Qazi et al. | Securing DSR against wormhole attacks in multirate ad hoc networks | |
Nagrath et al. | Wormhole attacks in wireless adhoc networks and their counter measurements: A survey | |
Verma et al. | New approach through detection and prevention of wormhole attack in MANET | |
Nandy et al. | Study of various attacks in MANET and elaborative discussion of rushing attack on DSR with clustering scheme | |
Gupta et al. | Movement based or neighbor based tehnique for preventing wormhole attack in MANET | |
Lyu et al. | SGOR: Secure and scalable geographic opportunistic routing with received signal strength in WSNs | |
CN102404739B (en) | Detection method for wormhole attacks in Ad Hoc network | |
Sharma et al. | An approach to defend against wormhole attack in ad hoc network using digital signature | |
Sharma et al. | Various approaches to detect Wormhole attack in wireless sensor networks | |
Sakthivel et al. | Detection and prevention of wormhole attacks in MANETs using path tracing approach | |
Prasannajit et al. | An approach towards detection of wormhole attack in sensor networks | |
Shree et al. | Wormhole attack in wireless sensor network | |
CN108282791B (en) | Ad Hoc data transmission method based on directional antenna | |
Ronghui et al. | Detecting and locating wormhole attacks in wireless sensor networks using beacon nodes | |
Muthusenthil et al. | Location verification technique for cluster based geographical routing in MANET | |
Sorathiya et al. | Algorithm to detect and recover wormhole attack in MANETs | |
Dwivedi et al. | An efficient approach for detection of wormhole attack in mobile ad-hoc network | |
Banerjee et al. | A comparative study on wormhole attack prevention schemes in mobile ad-hoc network | |
Singh et al. | An approach to improve the performance of WSN during wormhole attack using promiscuous mode | |
Gul et al. | A comparison of detection techniques for attacks on MANETs | |
Banerjee et al. | Wormhole Attack Mitigation In MANET: A Cluster Based Avoidance Technique | |
Mudgal et al. | Study of various wormhole attack detection techniques in mobile ad hoc network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140319 Termination date: 20160926 |