CN103491542B - The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network - Google Patents
The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network Download PDFInfo
- Publication number
- CN103491542B CN103491542B CN201310410590.0A CN201310410590A CN103491542B CN 103491542 B CN103491542 B CN 103491542B CN 201310410590 A CN201310410590 A CN 201310410590A CN 103491542 B CN103491542 B CN 103491542B
- Authority
- CN
- China
- Prior art keywords
- node
- event
- base station
- hop
- neighbor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to the sewage pool attack intrusion detection method of Multi-path route in a kind of underwater sensor network, including three phases: (1), suspect node cognitive phase: event node being arrived to the jumping figure path equal to three jumpings of base station, the second hop node is considered as suspect node;The path that the jumping figure of base station is jumped be more than or equal to four is arrived for event node, according to whether the previous dive node of base station on any two paths arriving base station is neighbor node, it is judged that whether path exists suspect node;(2), cesspool node determines the stage;(3), cesspool node isolation stage: event node is to base station repeats cesspool node, and cesspool node is noticed the whole network and deletes from network by base station。The present invention can effectively detect the malicious attack of cesspool node, it is ensured that the safety of network;The hardware condition of node is not had strict restriction, not by the restriction such as specific information or specific node, there is good autgmentability yet。
Description
Technical field
The invention belongs to underwater sensor network field of communication security, the method being specifically related to the sewage pool attack intrusion detection of Multi-path route in a kind of underwater sensor network。
Background technology
Underwater wireless sensor network (UnderwaterWirelessSensorNetworks is called for short UWSNs) is to propose for the application in underwater environment。UWSNs is made up of a large amount of underwater sensor nodes, by the wireless communication networks of a kind of distributed self-organizing that underwater sound communication is formed。Underwater sensor node monitors collection data message collaboratively, after fusion treatment, sends water surface base station to, then sends user to again through radio communication or wire communication。There is the features such as distributed, low cost due to UWSNs; can for promoting that marine environmental management, protection of resources, disaster monitoring early warning, ocean engineering, offshore production operation and ocean military activity etc. provide superior technique support and information platform, therefore underwater wireless sensor network has broad application prospects。But the security capabilities of underwater wireless sensor network is had significantly high requirement by user in most of applied environments, therefore safety becomes the restriction wide variety of key of underwater sensor network。
But, UWSNs, compared with ground sensors network, is faced with many restrictions, and main manifestations is the following aspects:
(1) restriction of node hardware resources。The hardware condition of sensor node itself is limited, and such as aspects such as memory space, computing capabilitys, sensor node deployment is under water simultaneously, it is impossible to utilizing the existing energy to supplement energy, and underwater sound communication is big compared with electromagnetic communication transmitting power, energy expenditure is more;
(2) safety problem of node under water。Underwater environment is complicated and changeable, such as seawater salinity, pressure etc., makes node be likely to face the danger such as erosion, loss at any time, it is often more important that to all suffer from the attack of malicious node, invasion etc. at any time, causes node to be put in the bag, inefficacy etc.;
(3) network node of underwater sensor Numerous, it is necessary to the data volume of perception is also relatively bulky, for a data-centered network, underwater sensor network needs data are processed, it is very difficult to reach end-to-end safety;
(4) the non-intellectual of network topology, variability。Node is often rendered to target area randomly, and due to the factor of current, the node under water that untethered is fixed has certain mobility, causes the variability of network topology, the problem bringing secure context。
(5) in some application places, owing to cannot ensure the physical security of node, such as the region that enemy controls, underwater sensor network is more susceptible to attack than traditional network, and the kind attacked is more diversified。
Underwater sensor network is due to above constraints, and be generally disposed in nobody and nurse in the environment of even inclement condition, so being vulnerable to various attack, especially from the attack of internal node such as Sybil attack, selective forwarding attack, wormhole attack etc., wherein most common a kind of attack is sewage pool attack。It is to attack node by luring about flow on a large scale, single-hop high-quality route is formed between base station and assailant, thus weakening selective forwarding, cause loss or the amendment of any information bag from this region, generally it claims to pass through a single-hop high-quality arrival base-station node path, attract the neighbor node of surrounding, thus changing the direction of network signal transmission, moreover, after this operation, this attack can also will be delivered to the packet of base-station node and be transmitted to assailant, brings serious harm to network。
In recent years, the Research Literature being correlated with resisting sewage pool attack is as follows:
E.C.H.Ngai, J.Liu, andM.R.Lyu publishes an article " Ontheintruderdetectionfor cesspool attackinwirelesssensornetworks " at 2006 " ProceedingsoftheIEEEInternationalConferenceonCommunicati ons ", propose for sewage pool attack detection method, base station sends the solicited message comprising affected node ID to network, affected node reverts back comprises its ID, the information of its down hop and associated costs, the information structuring network flow graph then passing through base station determines attack node, the method is only suitable for static wireless sensor network, and the node newly increased can not participate in before detection process, therefore do not have ageing。
LeeHaeYoung, ChoTaeHo were at " Proceedingsofthe4 in 2007thInternationalConferenceonUbiquitousIntelligenceandComput ing:BuildingSmartworldsinRealandCyberSpaces.LectureNotes inComputerScience " publish an article " Fuzzy-basedreliabledatadeliveryforcounteringselectivefor wardinginsensornetworks ", literary composition proposes based on fuzzy logic method, namely fuzzy logic determines the path number that transmission message adopts, fuzzy logic considers the energy of network and the number of malicious node simultaneously, this method is really the improvement of multi-path routing method, but the path number of transmission message changes along with the difference of condition, yet suffer from the transmission of redundant message, the energy resource that extra consumption network is in short supply。
EdithC.H.Ngai et al. was at " ComputerCommunications in 2007, SpecialissueonsecurityonWirelessadhocSensorNetworks " publish an article " Anefficientintruderdetectionalgorithmagainst cesspool attacksinWirelessSensorNetworks ", the method proposing the detection cesspool attack of a kind of novelty in literary composition, first pass through the concordance checking data, find out the list of suspect node: assailant is found out by analysis of statistical data in base station, owing to common sensor node has similar sensed data in identical environment, so whole network is divided into many subregions by author, the relatively diversity of they data, by comparing and the discordance of normal node data, find out malicious node;Secondly by determining that attacking node process finds out the position of malicious node: base station utilizes the information replied in bag of other nodes received: the ID of own node, the ID of next-hop node and routing weights tectonic network flow information tree, root vertex attacks node exactly, the method can effectively detect attack node, but can expend certain energy cost。
Zhou Lingling et al. is in 2008 " computer engineering and application ", publish an article " the sewage pool attack detection in wireless sensor network ", propose the attack detection method based on multiple spot monitoring with return information: utilize transmission and the confirmation of base station and internodal data bag, in conjunction with the packet statistics analysis that node is received and dispatched by the monitoring mechanism of neighbor node, detection sewage pool attack, The method avoids the AES of complexity and authentication, have higher reliability compared with multipath security mechanism。
MalihehBahekmat et al. published an article " Anovelalgorithmfordetecting cesspool attacksinWSNs " at 2012 " InternationalJournalofComputerTheoryandEngineering ", a kind of method detection malicious node utilizing energy expenditure is proposed: when a node transmits data to base station, first directly send one to base station and control packet, then according to route hop-by-hop transmit this control packet to base station;After base station receives control packet, compare controlling certain control information of control area in packet with the original corresponding control information controlled in packet, if two information are inconsistent, then show there is malicious node;Base station starts to detect the path that data transmit afterwards, make mistake once node is detected repeatedly in a packet, base station is verified each path of this node and compares the new route of this node, judge whether this node is malicious node, but the method relates to routing procedure in detection process, inevitably produce high communication overhead。
SinaHamedheidari, RezaRafeh publishes an article at 2013 " Computers&Security " " Anovelagent-basedapproachtodetect cesspool attacksinWirelessSensorNetworks ", and this algorithm mainly has two parts composition network design stage and the structure stage of network and the maintenance phase of network namely to keep the range of stability of network。The network random placement stage complete after theagents start to perform agentcycling, sending and receiving from before the data of certain node, theagent and this node first have to perform athree-stepnegotiation, as judging that whether this node credible;If neighbor node is trusty, this node is set to trusty by neighbor node Matrix List;When anagent returns from another node, calculate the signal intensity received, if this value is less than threshold value, this neighbor node is deleted from neighbor list, re-execute searching neighbor node process, re-execute evaluation algorithm。But the method relates to hardware condition and cyclic process in detection process, unavoidably may require that high communication overhead and hardware cost。
Therefore, currently for cesspool detection technique it not also a ripe technology, it is common to there is the problem that
(1) based on the detection scheme of jumping figure, based on game theoretic detection scheme, internodal cipher key technique and certain is relatively big for detection scheme expense in storage resource and energy of Routing Protocol, and ageing low it is unfavorable for resource-constrained sensor network;
(2) omnidirectional antenna is needed, the signal receiver that clock accuracy is higher, the hardware condition that mobile agent etc. is supported, significantly increase the cost of network and the complexity of realization。
Summary of the invention
In order to overcome the deficiencies in the prior art, the invention provides the sewage pool attack intrusion detection method of Multi-path route in a kind of underwater sensor network。
In underwater sensor network, the sewage pool attack intrusion detection method of Multi-path route, comprises the steps:
(1) identify suspect node, be broadly divided into two kinds of situation: a, event node arrive base station jumping figure equal to three jumping paths, namely event node through to second hop node arrive base station path;B, event node arrive the path that the jumping figure of base station is jumped be more than or equal to four, namely event node through to the second hop node then through to the 3rd hop node, the forth jump node, or more hop node, finally arrive the path of base station;
(2) determine cesspool node, be divided into two kinds of situations in described step (1) equally;
(3) isolation cesspool node, whenever detecting cesspool node, event node record and to base station repeats cesspool node, cesspool node is noticed the whole network and deletes from network by base station。
Specifically comprising the following steps that of identification suspect node in aforesaid step (1)
(1a) within the clock cycle often taken turns, event node jumps broadcast inquiry bag in communication range at one;
(1b) receive the node of the routing inquiry bag that event node sends, reply routing inquiry bag to event node at once;
(1c) after event node receives the routing inquiry bag of reply, the route list information recorded in the routing inquiry bag that statistics is replied;
(1d) event node analyzes route list information, if in described step (1b) in the routing inquiry bag of certain node reverts back routing iinformation list in list and only just can arrive base station through own node, then arrive the jumping figure of base station for event node equal to the situation in the path of three jumpings, then this node i.e. the second hop node is considered as suspect node;
(1e) event node analyzes route list information, if described step (1b) is listed except through own node in the routing iinformation list in the routing inquiry bag of some node reverts back, also need to get to base station through the 3rd hop node, the forth jump node or more hop node, it is event node and arrives the jumping figure situation be more than or equal to the path of four jumpings of base station, assuming that at least there are two event node in network reaches the path of base station, event node arbitrarily selects the path arriving base station at two these node places;
(1f) event node is within the clock cycle often taken turns, and along two paths that described step (1e) is selected, on two paths, the previous dive node of base station sends neighbor queries bag;
(1g), after the previous dive node of base station receives neighbor queries bag on two paths, neighbor queries bag is replied along inverse path to event node at once;
(1h) after event node receives the neighbor queries bag of reply, carry out statistics and analysis, identify suspect node:
If the previous dive node of two base stations exists mutually in the neighbor list of the other side, when being absent from collusion attack, then it represents that be absent from suspect node on this two paths;
If the previous dive node of two base stations is absent from mutually in the neighbor list of the other side, then event node on this two paths and the node outside base station are considered as suspect node;
If the previous dive node of one of them base station exists in the neighbor list of the other side, but the neighbor list of Correspondent Node does not record the previous dive node of this base station, then event node on path, Correspondent Node place and the node outside base station is considered as suspect node。
Routing inquiry bag in aforesaid step (1a) referred within the clock cycle often taken turns, it is desirable to receive the node of routing inquiry bag, replied the next-hop node of record in self route list and the id information of next-hop node。
Neighbor queries bag in aforesaid step (1f) referred within the clock cycle often taken turns, it is desirable to receive the node of neighbor queries bag, replied the id information of the one of the record node jumping in communication range and these nodes in self neighbor list。
Specifically comprising the following steps that of determination cesspool node in aforesaid step (2)
(2a) within the clock cycle often taken turns, event node sends neighbor queries bag to the second hop node;
(2b) receive the second hop node of the neighbor queries bag of event node, reply neighbor queries bag to event node at once;
(2c) after event node receives the neighbor queries bag of reply, carry out statistics and analysis, first inquire about oneself whether in the neighbor list of the second hop node, if it was not then the second hop node is just for cesspool node;If in the neighbor list of the second hop node, then continue to judge;
(2d) event node continues to analyze the neighbor list information that the second hop node is replied, and for there is event node and the neighbor node of the second hop node simultaneously, event node directly sends data query bag to this neighbor node;
(2e) for only existing in the neighbor list of the second hop node but the not neighbor node in the neighbor list of event node, event node to the second hop node and by the second hop node and only exist the second hop node neighbor list in node send data query bag;
(2f) neighbor node in described step (2e), within the clock cycle often taken turns, replys data query bag to event node;
(2g) after event node receives the data query bag of reply, analyze and add up its packet number of times mutual with the second hop node that the neighbor node of the second hop node records and the ACK total number that the second hop node is replied, these two values are compared with its packet number of times mutual with neighbor node of the second hop node record and the ACK total number of reply, if data are inconsistent, then showing that the second hop node is cesspool node, event node will record cesspool node;If data consistent, then show that the second hop node is security node;
(2h) when base station jumping figure being arrived be more than or equal to four jumpings for event node, the second hop node determining security node is called event node, the 3rd hop node that will detect is called the second hop node after event node, repeat step (2a) ~ (2g), it is judged that the 3rd hop node is security node or cesspool node;
(2i) the forth jump node, the fifth jump node are judged successively, until judging that final node is security node or cesspool node。
Data query bag in aforesaid step (2d) refers within the clock cycle often taken turns, require to reply and receive the node of data query bag and the packet number of times that its neighbor node is mutual, and the total number of ACK that the node receiving data query bag receives with its neighbor node。
Compared with the detection method of existing sewage pool attack, the method have the advantages that:
(1) malicious attack of cesspool node can effectively be detected, it is ensured that the safety of network。
(2) hardware condition of node and network is not had strict restriction, not by the restriction such as specific information or specific node, there is good autgmentability yet。
Accompanying drawing explanation
Fig. 1 is the schematic diagram of cesspool node attack behavior characteristics;
Fig. 2 is suspect node identification process flow diagram flow chart of the present invention;
Fig. 3 is that cesspool node of the present invention determines process flow diagram flow chart;
Specific embodiment
For further setting forth that the present invention reaches technological means and effect that predetermined goal of the invention is taked, below in conjunction with accompanying drawing and preferred embodiment, to such as rear according to the detailed description of the invention。
According to the attack pattern that the cesspool node of Multi-path route in underwater sensor network presents, the present invention summarizes the typical malicious act of cesspool node, progressively differentiates cesspool node, including three phases:
(1) suspect node cognitive phase: be divided into two kinds of situations:
A, event node arrive the jumping figure path equal to three jumpings of base station, and the second hop node is considered as suspect node;
B, event node arrive the path that the jumping figure of base station is jumped be more than or equal to four, according to whether the previous dive node of base station on any two paths arriving base station is neighbor node, it is judged that whether there is suspect node on path;
Wherein, the node of the routing inquiry request initiated in event node and network;Event node arrives the jumping figure of base station and refers to that event node through arriving the path of base station to the second hop node equal to the path of three jumpings;Event node arrive base station jumping figure be more than or equal to four jump path refer to event node through to the second hop node then through the path finally arriving base station to the 3rd hop node, the forth jump node or more hop node。
(2) cesspool node determines the stage: be divided into above-mentioned two situations equally。
A, event node arrive the base station jumping figure path equal to three jumpings。Judge that event node is whether in the neighbor list of the second hop node, and the packet number of times mutual with the second hop node that record of the neighbor node comparing the packet number of times mutual with neighbor node that the second hop node records and ACK number and the second hop node and ACK number whether consistent, it is judged that whether suspect node is cesspool node;
B, event node arrive the path that the jumping figure of base station is jumped be more than or equal to four。The method of discrimination of the second hop node is identical with the method described in a;In time judging that the second hop node is security node, second hop node is set to event node, the 3rd hop node that will detect is called the second hop node that namely will detect, method described in a judges whether the 3rd hop node is cesspool node, judges whether the forth jump node, the fifth jump node etc. are cesspool node by that analogy;
(3) cesspool node isolation stage: whenever detecting cesspool node, event node is to base station repeats cesspool node, and cesspool node is noticed the whole network and deletes from network by base station。
Below in conjunction with accompanying drawing, the invention will be further described。
Sewage pool attack model as shown in Figure 1, it is as follows that it attacks implementation process:
Event node such as A arrives the routing inquiry bag of base station to the neighbor node broadcast jumped at one in communication range, malicious node such as C is by exaggerating self certain performance, as comprised the minimum jumping figure arriving base station, and optimal path cost etc., or claim the high-quality route that can form few jumping even single-hop between base station and own node, then reply routing inquiry bag to event node。
Cesspool node utilizes this kind of mode to lure the event node of surrounding, claim the high-quality route that can form few jumping even single-hop between base station and own node, thus weakening the selective forwarding function of other nodes, then the packet obtained modified or abandon, thus forming cavity in malicious node peripheral region, bring serious harm to network。
Specifically comprising the following steps that of the flow chart of the cognitive phase of suspect node as shown in Figure 2
A () is within the clock cycle often taken turns, event node jumps broadcast inquiry bag in communication range at one, routing inquiry bag refers within the clock cycle often taken turns, require to receive the node of routing inquiry bag, reply the id information of next-hop node that himself route list records and next-hop node;
B () receives the node of the routing inquiry bag that event node sends, reply routing inquiry bag to event node at once;
C () event node receives the routing inquiry bag of reply after, the route list information recorded in the routing inquiry bag that statistics is replied;
D () event node analyzes route list information, only just can arrive base station through own node for listing in the routing iinformation list of certain node reverts back in step (b), then this node i.e. the second hop node is considered as suspect node;
E () event node analyzes route list information, for step (b) is listed except through own node in the routing iinformation list of some node reverts back, also need to get to base station through the 3rd hop node, the forth jump node or more hop node, assuming that at least there are two event node in network reaches the path of base station, event node arbitrarily selects the path arriving base station at two these node places;
F () event node is within the clock cycle often taken turns, two paths selected in step (e), on two paths, the previous dive node of base station sends neighbor queries bag, neighbor queries bag refers within the clock cycle often taken turns, require to receive the node of neighbor queries bag, reply the id information of the node in the jumping communication range that himself neighbor list records and these nodes;
G the previous dive node of base station receives neighbor queries bag on () two paths after, reply neighbor queries bag along inverse path to event node at once;
H () event node is added up and is analyzed after receiving the neighbor queries bag of reply, identify suspect node:
If the previous dive node of two base stations exists mutually in the neighbor list of the other side, when being absent from collusion attack, then it represents that be absent from suspect node on this two paths;
If the previous dive node of two base stations is absent from mutually in the neighbor list of the other side, then event node on this two paths and other nodes outside base station are considered as suspect node;
If the previous dive node of one of them base station exists in the neighbor list of the other side, but does not record this node in the neighbor list of Correspondent Node, then by path, Correspondent Node place, event node and other nodes outside base station are considered as suspect node。
Specifically comprising the following steps that of the flow chart in the determination stage of cesspool node as shown in Figure 3
A (), within the clock cycle often taken turns, event node sends neighbor queries bag to the second hop node;
B () receives the second hop node of the neighbor queries bag of event node, reply neighbor queries bag to event node at once;
C () event node receives the routing inquiry bag of reply after, carry out adding up and analyzing, first inquire about oneself whether in the neighbor list of the second hop node, if it was not then the second hop node is just for cesspool node;If in the neighboring node list of the second hop node, then continue to judge;
D () event node continues to analyze the neighbor list information that the second hop node is replied, for there is event node and the neighbor node of the second hop node simultaneously, event node directly sends data query bag to these neighbor nodes, data query bag refers within the clock cycle often taken turns, require to reply and receive the node of data query bag and the packet number of times that its neighbor node is mutual, and the ACK total number that the node receiving data query bag receives with its neighbor node;
(e) for only existing in the neighbor list of the second hop node but the not neighbor node in the neighbor list of event node, event node to the second hop node and by the second hop node and only exist the second hop node neighbor list in node send data query bag;
F the neighbor node in () step (e), within the clock cycle often taken turns, replys data query bag to event node at once;
G () event node receives the data query bag of reply after, analyze and add up its packet number of times mutual with the second hop node that the neighbor node of the second hop node records and the ACK total number that the second hop node is replied, these two values are compared with its packet number of times mutual with neighbor node of the second hop node record and the ACK total number of reply, if data are inconsistent, then showing that the second hop node is cesspool node, event node will record cesspool node;If data consistent, then show that the second hop node is security node;
When () arrives base station jumping figure be more than or equal to four jumpings for event node h, the second hop node that last round of detecting is security node is called event node, the 3rd hop node that will detect is considered as the second hop node that namely will detect, repeat step (a) ~ (g), it is judged that the 3rd hop node is security node or cesspool node;
(i) judge according to above-mentioned steps that the forth jump node, the fifth jump node etc. are security node or cesspool node successively。
It should be noted last that; the above is only embodiments of the present invention; although the present invention being described in detail with reference to preferred embodiment; for those skilled in the art; under the premise without departing from the principles of the invention; can also making some improvement, these improvement also should be regarded as protection scope of the present invention。
Claims (4)
1. the sewage pool attack intrusion detection method of Multi-path route in underwater sensor network, it is characterised in that: comprise the steps:
(1) identify suspect node, be broadly divided into two kinds of situation: a, event node arrive base station jumping figure equal to three jumping paths, namely event node through to second hop node arrive base station path;B, event node arrive the path that the jumping figure of base station is jumped be more than or equal to four, namely event node through to the second hop node then through to the 3rd hop node, the forth jump node, or more hop node, finally arrive the path of base station;
Specifically comprising the following steps that of described identification suspect node
(1a) within the clock cycle often taken turns, event node jumps broadcast inquiry bag in communication range at one;
(1b) receive the node of the routing inquiry bag that event node sends, reply routing inquiry bag to event node at once;
(1c) after event node receives the routing inquiry bag of reply, the route list information recorded in the routing inquiry bag that statistics is replied;
(1d) event node analyzes route list information, if in described step (1b) in the routing inquiry bag of certain node reverts back routing iinformation list in list and only just can arrive base station through own node, then arrive the jumping figure of base station for event node equal to the situation in the path of three jumpings, then this node i.e. the second hop node is considered as suspect node;
(1e) event node analyzes route list information, if described step (1b) is listed except through own node in the routing iinformation list in the routing inquiry bag of some node reverts back, also need to get to base station through the 3rd hop node, the forth jump node or more hop node, it is event node and arrives the jumping figure situation be more than or equal to the path of four jumpings of base station, assuming that at least there are two event node in network reaches the path of base station, event node arbitrarily selects the path arriving base station at two these node places;
(1f) event node is within the clock cycle often taken turns, and along two paths that described step (1e) is selected, on two paths, the previous dive node of base station sends neighbor queries bag;
(1g), after the previous dive node of base station receives neighbor queries bag on two paths, neighbor queries bag is replied along inverse path to event node at once;
(1h) after event node receives the neighbor queries bag of reply, carry out statistics and analysis, identify suspect node:
If the previous dive node of two base stations exists mutually in the neighbor list of the other side, when being absent from collusion attack, then it represents that be absent from suspect node on this two paths;
If the previous dive node of two base stations is absent from mutually in the neighbor list of the other side, then event node on this two paths and the node outside base station are considered as suspect node;
If the previous dive node of one of them base station exists in the neighbor list of the other side, but the neighbor list of Correspondent Node does not record the previous dive node of this base station, then event node on path, Correspondent Node place and the node outside base station is considered as suspect node;
(2) determine cesspool node, specifically comprise the following steps that
(2a) within the clock cycle often taken turns, event node sends neighbor queries bag to the second hop node;
(2b) receive the second hop node of the neighbor queries bag of event node, reply neighbor queries bag to event node at once;
(2c) after event node receives the neighbor queries bag of reply, carry out statistics and analysis, first inquire about oneself whether in the neighbor list of the second hop node, if it was not then the second hop node is just for cesspool node;If in the neighbor list of the second hop node, then continue to judge;
(2d) event node continues to analyze the neighbor list information that the second hop node is replied, and for there is event node and the neighbor node of the second hop node simultaneously, event node directly sends data query bag to this neighbor node;
(2e) for only existing in the neighbor list of the second hop node but the not neighbor node in the neighbor list of event node, event node to the second hop node and by the second hop node and only exist the second hop node neighbor list in node send data query bag;
(2f) neighbor node in described step (2e), within the clock cycle often taken turns, replys data query bag to event node;
(2g) after event node receives the data query bag of reply, analyze and add up its packet number of times mutual with the second hop node that the neighbor node of the second hop node records and the ACK total number that the second hop node is replied, these two values are compared with its packet number of times mutual with neighbor node of the second hop node record and the ACK total number of reply, if data are inconsistent, then showing that the second hop node is cesspool node, event node will record cesspool node;If data consistent, then show that the second hop node is security node;
(2h) when base station jumping figure being arrived be more than or equal to four jumpings for event node, the second hop node determining security node is called event node, the 3rd hop node that will detect is called the second hop node after event node, repeat step (2a) ~ (2g), it is judged that the 3rd hop node is security node or cesspool node;
(2i) the forth jump node, the fifth jump node are judged successively, until judging that final node is security node or cesspool node;
(3) isolation cesspool node, after detecting cesspool node, event node record and to base station repeats cesspool node, cesspool node is noticed the whole network and deletes from network by base station。
2. the sewage pool attack intrusion detection method of Multi-path route in underwater sensor network according to claim 1, it is characterized in that, routing inquiry bag in described step (1a) refers within the clock cycle often taken turns, require to receive the node of routing inquiry bag, reply the next-hop node of record in self route list and the id information of next-hop node。
3. the sewage pool attack intrusion detection method of Multi-path route in underwater sensor network according to claim 1, it is characterized in that, neighbor queries bag in described step (1f) refers within the clock cycle often taken turns, require to receive the node of neighbor queries bag, reply the id information of the one of the record node jumping in communication range and these nodes in self neighbor list。
4. the sewage pool attack intrusion detection method of Multi-path route in underwater sensor network according to claim 1, it is characterized in that, data query bag in described step (2d) refers within the clock cycle often taken turns, require to reply and receive the node of data query bag and the packet number of times that its neighbor node is mutual, and the total number of ACK that the node receiving data query bag receives with its neighbor node。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310410590.0A CN103491542B (en) | 2013-09-10 | 2013-09-10 | The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310410590.0A CN103491542B (en) | 2013-09-10 | 2013-09-10 | The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103491542A CN103491542A (en) | 2014-01-01 |
| CN103491542B true CN103491542B (en) | 2016-06-22 |
Family
ID=49831432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310410590.0A Active CN103491542B (en) | 2013-09-10 | 2013-09-10 | The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103491542B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994506B (en) * | 2015-07-20 | 2018-06-19 | 大连海事大学 | A kind of mobile base station guarded by location method and system based on attacker's detection |
| CN108307345B (en) * | 2018-01-31 | 2020-08-21 | 鲁东大学 | Node in wireless sensor network |
| CN110855375B (en) * | 2019-12-02 | 2021-09-28 | 河海大学常州校区 | Source node privacy protection method based on position push in underwater acoustic sensor network |
| CN111431630B (en) * | 2020-05-25 | 2021-05-11 | 河海大学常州校区 | AUV (autonomous underwater vehicle) cooperation source node position privacy protection method based on anonymous cluster in UASNs (Universal asynchronous receiver network) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123389A (en) * | 2011-02-28 | 2011-07-13 | 河海大学常州校区 | Safe positioning method of wireless sensor network |
| CN102769845A (en) * | 2012-06-15 | 2012-11-07 | 哈尔滨工程大学 | Wormhole detecting method based on specific triple-jump channel path in wireless sensor network |
-
2013
- 2013-09-10 CN CN201310410590.0A patent/CN103491542B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123389A (en) * | 2011-02-28 | 2011-07-13 | 河海大学常州校区 | Safe positioning method of wireless sensor network |
| CN102769845A (en) * | 2012-06-15 | 2012-11-07 | 哈尔滨工程大学 | Wormhole detecting method based on specific triple-jump channel path in wireless sensor network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103491542A (en) | 2014-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bhattasali et al. | Sleep deprivation attack detection in wireless sensor network | |
| Chen et al. | Trust-aware and low energy consumption security topology protocol of wireless sensor network | |
| Azzabi et al. | A survey on wireless sensor networks security issues and military specificities | |
| Bhattasali et al. | A survey of recent intrusion detection systems for wireless sensor network | |
| Hai et al. | A lightweight intrusion detection framework for wireless sensor networks | |
| Luo et al. | CREDND: A novel secure neighbor discovery algorithm for wormhole attack | |
| Erdene-Ochir et al. | Resiliency of wireless sensor networks: Definitions and analyses | |
| Labraoui et al. | Secure DV‐Hop localization scheme against wormhole attacks in wireless sensor networks | |
| Benzerbadj et al. | Surveillance of sensitive fenced areas using duty-cycled wireless sensor networks with asymmetrical links | |
| CN103297973B (en) | Witch's intrusion detection method in underwater sensor network | |
| Daia et al. | Sensor networks attacks classifications and mitigation | |
| CN103491542B (en) | The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network | |
| Tumrongwittayapak et al. | Detecting sinkhole attacks in wireless sensor networks | |
| Sahraoui et al. | Secure routing optimization in hierarchical cluster-based wireless sensor networks | |
| CN108040325A (en) | A kind of witch's nodal test method based on RSSI value and credit worthiness | |
| Dwivedi et al. | Detection and prevention analysis of wormhole attack in wireless sensor network | |
| Almesaeed et al. | Sybil attack detection scheme based on channel profile and power regulations in wireless sensor networks | |
| Karuppiah et al. | A novel energy-efficient sybil node detection algorithm for intrusion detection system in wireless sensor networks | |
| Ssu et al. | -Barrier Coverage With A Directional Sensing Model | |
| Staniec et al. | Interference mitigation in WSN by means of directional antennas and duty cycle control | |
| Ramachandran et al. | A low-latency and high-throughput multipath technique to overcome black hole attack in Mobile Ad hoc network (MTBD) | |
| Al-Nasser et al. | A comprehensive survey on routing and security in mobile wireless sensor networks | |
| Louazani et al. | A time Petri net model for wormhole attack detection in wireless sensor networks | |
| Alajmi et al. | A new approach for detecting and monitoring of selective forwarding attack in wireless sensor networks | |
| Pawa | Analysis of low energy adaptive clustering hierarchy (LEACH) protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |