CN102595411B - Sensor-based method for detecting various attacks in cognitive radio network - Google Patents

Abstract

The invention relates to a sensor-based method for detecting various attacks in a cognitive radio network, in particular to security of the cognitive radio network. The sensor-based method comprises the steps of detecting electronic spoofing attacks, polyhedral attacks, malicious interferences and selfish behavior attacks in the cognitive wireless network. According to the method, a sensor with a plurality of fixing positions is taken as a monitor of wireless spectrums, attacks on wireless transmission is withstood according to the strength information of receiving signals detected on a channel by the sensor. Not only can various wireless network attacks be detected, but also attackers can be located, so that discipline on the attackers in the next step is prepared to achieve the purpose of ensuring secure wireless transmission in the cognitive wireless network.

Description

The detection method that sensor-based cognition wireless network is attacked polytype

Technical field

The invention belongs to wireless communication network security field, particularly relate to cognition wireless network safety, specifically refer to the detection method that a kind of sensor-based cognition wireless network is attacked polytype.

Background technology

In cognition wireless network, cognitive radio is by the wireless communication network environments of its work of interactive perception, can self adaptation and self-organizing ground change its operating characteristic and various transmitting-receiving structure and parameter, thereby effectively optimize management and the behaviour in service of frequency spectrum resource, for future, design and the application and development of all kinds of high-performance, large capacity broadband wireless communications and network system will provide brand-new approach and wide chance.Meanwhile, the attack of wireless network increases thereupon, as electronic spoofing attack, multiaspect attack, interference attack and selfish behavior are attacked.Wherein, electronic spoofing attack refers to that user revises the identity informations such as its MAC Address without authorization, other user (A.A.Pirzada are emitted in lie, C.McDonald, " Establishing trust in pure ad-hoc networks ", In Proceedings of the 27th Australasian conference on Computer science, 2004:47-54).During multiaspect is attacked, user revises the identity informations such as its MAC Address, pretend to be other multiple users, attempt to take more Internet resources [E.Shi, A.Perrig. " Designing secure sensor networks ", In Proc.IFEE, Wireless Communications, 2004:38-43].Malicious interference person sends powerful invalid signals, to interrupting the proper communication (W.Y.Xu of current other validated users, W.Trappe, Y.Y.Zhang. " The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks ", In Proc.IEEE, MobiHoc ' 05,2005:46-57).And in selfish behavior is attacked, user is by revising without authorization the parameters such as its Backoff window, improve its channel access probability, attempt to obtain more frequency spectrum resource (P.Kvasanur, N.H.Vaidya, " Detection and handling of MAC layer misbehavior in wireless networks ", In Proc.Dependable Systems and Networks, 2003:173-182).

In order to improve cognition wireless network fail safe, (the R.Chen such as R.Chen, J.Park. " Ensuring trustworthy spectrum sensing in cognitive radio networks ", In Proc.Networking Technologies for Software Defined Radio Networks, 2006:110-119; A.W.Min, X.Zhang, K.G.Shin. " Spatio-Temporal Fusion for Small-scale Primary Detection in Cognitive Radio Networks ", In Proc.IEEE, 2010:1-5) propose to utilize apart from detect counterfeit main customer attack than the method for verification and range difference verification and further improve by space diversity and the transient state difference of cooperative sensing the performance that detects counterfeit main customer attack.

Consider the error of channel measurement and the time-varying characteristics of wireless channel, (the L.Xiao such as L.Xiao, A.Reznik, W.Trappe, et al. " PHY-Authentication Protocol for Spoofing Detection in Wireless Networks ", In Proc.IEEE GLOBECOM 2010,2010:1-6) propose based on wireless channel frequency response and in conjunction with the existing security mechanism of network, be the more accurate detected electrons fraud schemes of one.

Attack for the multiaspect in wireless network, (the M.Demirbas such as M.Demirbas, Y.Song. " An RSSI-based scheme for Sybil attack detection in wireless sensor networks ", In Proc.IEEE WoWMoM 2006,2006:564-570) detect the multiaspect attack in wireless sense network by the received signal strength indicator of multiple receiving nodes.Do not needing under time synchronized and special hardware condition, (the W.Wang such as W.Wang, D.Pu, A.Wyglinski " Detecting Sybil Nodes in Wireless Networks with Physical Layer Network Coding.In Proc.Dependable Systems and Networks ", 2010:21-30) point out to realize based on physical-layer network coding the detection that multiaspect is attacked.

Detection for malicious interference and selfish behavior attack can realize (W.Xu by analyte signal intensity and network delay, K.Ma, W.Trappe, et al. " Jamming Sensor Networks:Attack and Defense Strategies ", IEEE Network Magazine, 2006,20 (3): 41-47).

To malicious interference, (the N.Aschenbruck such as N.Aschenbruck, E.Gerhards-Padilla, P.Martini. " Simulative Evaluation of Adaptive Jamming Detection in Wireless Multi-hop Network ", In Proc.Distributed Computing Systems Workshops (ICDCSW), 2010:213-220) propose to utilize monitoring RSSI, the carrier sense time, the parameters such as the transmission rate that packet is expected detect, and (the Z.Lu such as Z.Lu, W.Wang, C.Wang. " From Jammer to Gambler:Modeling and Detection of Jamming Attacks against Time-Critical Traffic ", In Proc.IEEE INFOCOM 2011) introduce invalid signals and detected than measure coefficient.

Attack for the selfish behavior in CSMA/CA system, (the Z.Lu such as Z.Lu, W.Wang, On Order Gain of Backoff Misbehaving Nodes in CSMA/CA-based Wireless Networks.In Proc.IEEE INFOCOM2010) identify selfish user by the characteristic income that contrasts selfish user and honest user.

Summary of the invention

The detection method that the object of the present invention is to provide a kind of sensor-based cognition wireless network to attack polytype.

The present invention includes following steps:

Step 1: in the coverage of cognition wireless network, place M transducer, by training, initialization system detected parameters, it is (x that i transducer is placed on to coordinate _i, y _i) position, i=1,2,3 ... M;

Step 2: with received signal strength (the Received Signal Strength) RSS of sensor measurement active user signal, be engraved in the each user's who broadcasts in Common Control Channel spectrum allocation may while simultaneously detecting this;

M transducer, at the upper RSS that measures of K frequency (channel), used P _rthe RSS of the user u that (u, i, l) representative sensor i records on l channel, wherein, 1≤u≤S, 1≤i≤M, 1≤l≤K, thus obtain M × K n dimensional vector n

?

i transducer is at the average power P of K frequency _av(i) represent; The each user's of sensor monitoring throughput, and monitor Common Control Channel, obtain the schedule information of network, comprise channel resource and correlation time that each user gets, and the specified transmitting power P of each user _t(u) etc.;

Step 3: transducer, according to the measurement result of step 2, passes through formula calculate the current channel gain vector of user u

wherein,

for M × K n dimensional vector n, P _t(u) be the specified transmitting power of each user (seeing step 2);

Step 4: transducer, according to the result of step 3, contrasts reference value with the channel vector of the user u of sensor record

adopt following formula to calculate the test statistics L (u) of electronic spoofing attack and the test statistics L (u, v) that multiaspect is attacked;

$\left\{\begin{array}{c}L\left(u\right)={\left|\right|\hat{G}\left(u\right)-\frac{{\stackrel{\‾}{G}}^T\left(u\right)\hat{G}\left(u\right)}{{\left|\right|\stackrel{\‾}{G}\left(u\right)\left|\right|}^2}\stackrel{\‾}{G}\left(u\right)\left|\right|}^2/{\left|\right|\hat{G}\left(u\right)\left|\right|}^2\\ L(u,v)={\left|\right|\hat{G}\left(v\right)-\frac{{\stackrel{\‾}{G}}^T\left(u\right)\hat{G}\left(v\right)}{{\left|\right|\stackrel{\‾}{G}\left(u\right)\left|\right|}^2}\stackrel{\‾}{G}\left(u\right)\left|\right|}^2/{\left|\right|\hat{G}\left(v\right)\left|\right|}^2\end{array}\right.$

Test statistics L (u) has compared current this user's of channel gain vector of user u channel reference vector; Test statistics L (u, v) has contrasted the current channel vector of user u and every other user v (the channel reference vector of u ≠ v);

Step 5: transducer, according to the result of calculation of step 4, is done following operation:

3), if L (u) is greater than inspection threshold alpha, send electronic spoofing attack warning;

4) if arbitrary L (u, v) is less than inspection threshold value θ, sends multiaspect and attack warning;

Step 6: if the actual busy channel resource of user much larger than the network allocation result recording in step 2, transducer sends selfish behavior alarm; If transducer finds that this user's RSS, much larger than threshold value τ, sends malicious interference alarm;

Within channel coherence time, transducer finds that the actual shared channel resource of some users distributes to this user's channel resource much larger than Common Control Channel, and this user is decided to be selfish behavior assailant so; In given time slot, transducer finds that the RSS value of all the sensors is all greater than specific threshold value τ, and decoding error appears in corresponding common control information in a large number, or a large amount of packet losses of transmission channel, thinks to have intruder;

Step 7: attack warning if occur in step 2～6, adopt the location algorithm based on received signal strength to position assailant;

When sending, transducer attacks warning, the average value P of the RSS that calculating sensor i records on K frequency _av(i), P _av(i)=(P _r(u, i, 1)+P _r(u, i, 2)+... + P _r(u, i, k))/k, the then following formula seat offence person's of employing position:

$\mathrm{Loc}=\frac{1}{\underset{i=1}{\overset{M}{\mathrm{\Σ}}}{P}_{\mathrm{av}}\left(i\right)}\left[\begin{array}{cc}{x}_1& x_2...x_M\\ y_1& y_2...y_M\end{array}\right]\left[\begin{array}{c}{P}_{\mathrm{av}}\left(1\right)\\ P_{\mathrm{av}}\left(2\right)\\ L\\ P_{\mathrm{av}}\left(M\right)\end{array}\right]$

Here calculate weight factor by the received signal strength value of each transducer of normalization, and predict that assailant is in the centroid position place of fixed coordinates transducer;

Step 8: if do not attack warning in step 2～6, transducer upgrades the channel reference vector of user u,

repeat steps 2 through 7.

In step 1, described system detected parameters can comprise at least one in inspection thresholding θ and the specified threshold τ of interference attack etc. that the inspection threshold alpha, multiaspect of electronic spoofing attack attack.

In step 4, the Measuring Time of transducer and signal operation time are less than channel coherence time.

The present invention proposes the detection method that sensor-based cognition wireless network is attacked polytype, comprises the detection that electronic spoofing attack, multiaspect attack, malicious interference and selfish behavior in cognition wireless network are attacked.The method utilizes the transducer of multiple fixed positions as the human observer of wireless frequency spectrum, and received signal strength (Received Signal Strength, the RSS) information recording on channel according to transducer is resisted the attack for wireless transmission.The method not only can detect plurality of wireless networks simultaneously and attack, and can also position assailant, prepares thereby discipline assailant as a warning for next step, reaches the object of guaranteeing wireless transmission safety in cognition wireless network.

Embodiment

In order more clearly to understand technology contents of the present invention, describe in detail especially exemplified by following examples.

The detection method that sensor-based cognition wireless network is attacked polytype, concrete steps are as follows:

Step 1: place M transducer in cognition wireless network.By training, initialization system detected parameters: the inspection threshold alpha of electronic spoofing attack, the inspection thresholding θ that multiaspect is attacked and the specified threshold τ of interference attack;

On different geographical position in cognition network coverage, place M transducer, it is (x that i transducer is placed on coordinate _i, y _i) position, i=1,2,3 ... M.

Step 2: the received signal strength RSS of sensor measurement active user signal is engraved in the each user's who broadcasts in Common Control Channel spectrum allocation may simultaneously while detecting this.

Consider a quasi-static wireless network environment, its transceiver place and surrounding environment all remain static, or translational speed is very slow, make radio channel response kept stable within adjacent channel measurement interval.For simplifying the analysis, suppose that each time slot only has an assailant, it can implement electronic spoofing attack, and multiaspect is attacked or interference attack.In cognitive user communication process, unless there is malicious interference user, otherwise each moment only has a cognitive user sending data, the sensor record of all fixed positions receives this user's the communication information, if there is assailant in next moment, all cognitive user are mourned in silence maintenance, stop sending data.Only there is malicious interference user, suppose that each time slot only has a cognitive user to transmit,

M transducer, at the upper RSS that measures of K frequency (channel), used P _rthe RSS of the user u that (u, i, l) representative sensor i records on l channel, wherein, 1≤u≤S, 1≤i≤M, 1≤l≤K, thus obtain M × K n dimensional vector n

?

i transducer is at the average power P of K frequency _av(i) represent.The each user's of sensor monitoring throughput, and monitor Common Control Channel, obtain the schedule information of network, comprise channel resource and correlation time that each user gets, and the specified transmitting power P of each user _t(u) etc.

Step 3: transducer, according to the measurement result of step 2, passes through formula

calculate the current channel gain vector of user u

The yield value of cognitive user u on all K (carrier wave) channels forms gain vector

consider channel measurement error, we use the measured value of the effective channel gain vector of transducer precedence record user u

represent.

Step 4: transducer, according to step 3 result, contrasts with the reference value of the channel vector of the user u of sensor record,

adopt following formula to calculate the test statistics L (u) of electronic spoofing attack and the test statistics L (u, v) that multiaspect is attacked.

$\left\{\begin{array}{c}L\left(u\right)={\left|\right|\hat{G}\left(u\right)-\frac{{\stackrel{\‾}{G}}^T\left(u\right)\hat{G}\left(u\right)}{{\left|\right|\stackrel{\‾}{G}\left(u\right)\left|\right|}^2}\stackrel{\‾}{G}\left(u\right)\left|\right|}^2/{\left|\right|\hat{G}\left(u\right)\left|\right|}^2\\ L(u,v)={\left|\right|\hat{G}\left(v\right)-\frac{{\stackrel{\‾}{G}}^T\left(u\right)\hat{G}\left(v\right)}{{\left|\right|\stackrel{\‾}{G}\left(u\right)\left|\right|}^2}\stackrel{\‾}{G}\left(u\right)\left|\right|}^2/{\left|\right|\hat{G}\left(v\right)\left|\right|}^2\end{array}\right.$

Test statistics L (u) has compared current this user's of channel gain vector of user u channel reference vector; Test statistics L (u, v) has contrasted the current channel vector of user u and every other user v (the channel reference vector of u ≠ v).The Measuring Time of transducer and signal operation time are less than channel coherence time.

Step 5: transducer, according to the result of calculation of step 4, is done following operation.

5), if L (u) is greater than inspection threshold alpha, send electronic spoofing attack warning;

6) if arbitrary L (u, v) is less than inspection threshold value θ, sends multiaspect and attack warning;

Step 6: if the actual busy channel resource of this user much larger than the network allocation result recording in step 2, transducer sends selfish behavior alarm; If transducer finds that this user's RSS, much larger than threshold value τ, sends malicious interference alarm.

Within channel coherence time, transducer finds that the actual shared channel resource of some users distributes to this user's channel resource much larger than Common Control Channel, and this user is decided to be selfish behavior assailant so; Similarly, in given time slot, transducer finds that the RSS value of all the sensors is all greater than specific threshold value τ, and decoding error appears in corresponding common control information in a large number, or a large amount of packet losses of transmission channel, thinks to have intruder;

Step 7: attack warning if occur in step 2～6, adopt the location algorithm based on received signal strength to position assailant;

When sending, transducer attacks warning, the average value P of the RSS that calculating sensor i records on K frequency _av(i), P _av(i)=(P _r(u, i, 1)+P _r(u, i, 2)+... + P _r(u, i, k))/k; Then adopt following formula seat offence person's position:

$\mathrm{Loc}=\frac{1}{\underset{i=1}{\overset{M}{\mathrm{\Σ}}}{P}_{\mathrm{av}}\left(i\right)}\left[\begin{array}{cc}{x}_1& x_2...x_M\\ y_1& y_2...y_M\end{array}\right]\left[\begin{array}{c}{P}_{\mathrm{av}}\left(1\right)\\ P_{\mathrm{av}}\left(2\right)\\ L\\ P_{\mathrm{av}}\left(M\right)\end{array}\right]$

Here calculate weight factor by the received signal strength value of each transducer of normalization, and predict that assailant is in the centroid position place of fixed coordinates transducer.

Step 8: if do not attack warning in step 2-6, transducer upgrades the channel reference vector of user u,

repeating step (2)～(7).

The detection method that has adopted above-mentioned sensor-based cognition wireless network to attack polytype, can in cognition wireless network, detect various attacks type simultaneously, and logical the assailant who has identified is positioned, and then discipline this assailant as a warning for next step and prepare, to guarantee the safety of wireless transmission in cognition wireless network.

Claims (1)

1. the detection method that sensor-based cognition wireless network is attacked polytype, is characterized in that comprising the following steps:

Step 1: in the coverage of cognition wireless network, place M transducer, by training, initialization system detected parameters, it is (x that i transducer is placed on to coordinate _i, y _i) position, i=1,2,3 ... M; Described system detected parameters comprises at least one in the specified threshold τ of inspection thresholding θ that the inspection threshold alpha, multiaspect of electronic spoofing attack are attacked and interference attack;

Step 2: with the received signal strength RSS of sensor measurement active user signal, be engraved in the each user's who broadcasts in Common Control Channel spectrum allocation may while simultaneously detecting this;

M transducer measured RSS on K frequency, uses P _rthe RSS of the user u that (u, i, l) representative sensor i records on l channel, wherein, 1≤u≤S, 1≤i≤M, 1≤l≤K, thus obtain M × K n dimensional vector n

?

i transducer is at the average power P of K frequency _av(i) represent; The each user's of sensor monitoring throughput, and monitor Common Control Channel, obtain the schedule information of network, comprise channel resource and correlation time that each user gets, and the specified transmitting power P of each user _t(u);

Step 3: transducer, according to the measurement result of step 2, passes through formula

calculate the current channel gain vector of user u wherein,

for M × K n dimensional vector n, P _t(u) be the specified transmitting power of each user;

Step 4: transducer, according to the result of step 3, contrasts reference value with the channel vector of the user u of sensor record

adopt following formula to calculate the test statistics L (u) of electronic spoofing attack and the test statistics L (u, v) that multiaspect is attacked;

$\left\{\begin{array}{c}L\left(u\right)={\left|\right|\hat{G}\left(u\right)-\frac{{\stackrel{\‾}{G}}^T\left(u\right)\hat{G}\left(u\right)}{{\left|\right|\stackrel{\‾}{G}\left(u\right)\left|\right|}^2}\stackrel{\‾}{G}\left(u\right)\left|\right|}^2/{\left|\right|\hat{G}\left(u\right)\left|\right|}^2\\ L(u,v)={\left|\right|\hat{G}\left(v\right)-\frac{{\stackrel{\‾}{G}}^T\left(u\right)\hat{G}\left(v\right)}{{\left|\right|\stackrel{\‾}{G}\left(u\right)\left|\right|}^2}\stackrel{\‾}{G}\left(u\right)\left|\right|}^2{/\left|\right|\hat{G}\left(v\right)\left|\right|}^2\end{array}\right.$

Test statistics L (u) has compared current this user's of channel gain vector of user u channel reference vector; Test statistics L (u, v) has contrasted the current channel vector of user u and every other user v (the channel reference vector of u ≠ v);

Step 5: transducer, according to the result of calculation of step 4, is done following operation:

1), if L (u) is greater than inspection threshold alpha, send electronic spoofing attack warning;

2) if arbitrary L (u, v) is less than inspection threshold value θ, sends multiaspect and attack warning;

Step 6: if the actual busy channel resource of user much larger than the network allocation result recording in step 2, transducer sends selfish behavior alarm; If transducer finds that this user's RSS, much larger than threshold value τ, sends malicious interference alarm;

Within channel coherence time, transducer finds that the actual shared channel resource of some users distributes to this user's channel resource much larger than Common Control Channel, and this user is decided to be selfish behavior assailant so; In given time slot, transducer finds that the RSS value of all the sensors is all greater than specific threshold value τ, and decoding error appears in corresponding common control information in a large number, or a large amount of packet losses of transmission channel, thinks to have intruder;

Step 7: attack warning if occur in step 2～6, adopt the location algorithm based on received signal strength to position assailant;

When sending, transducer attacks warning, the average value P of the RSS that calculating sensor i records on K frequency _av(i), P _av(i)=(P _r(u, i, 1)+P _r(u, i, 2)+... + P _r(u, i, k))/k, the then following formula seat offence person's of employing position:

$\mathrm{Loc}=\frac{1}{\underset{i=1}{\overset{M}{\mathrm{\Σ}}}{P}_{\mathrm{av}}\left(i\right)}\left[\begin{array}{cc}{x}_1& x_2\·\·\·x_M\\ y_1& y_2\·\·\·y_M\end{array}\right]\left[\begin{array}{c}{P}_{\mathrm{av}}\left(1\right)\\ P_{\mathrm{av}}\left(2\right)\\ L\\ P_{\mathrm{av}}\left(M\right)\end{array}\right]$

Here calculate weight factor by the received signal strength value of each transducer of normalization, and predict that assailant is in the centroid position place of fixed coordinates transducer;

Step 8: if do not attack warning in step 2～6, transducer upgrades the channel reference vector of user u,

repeat steps 2 through 7.