CN103701771A - Novel method for detecting Sybil attack in Internet of Things - Google Patents
Novel method for detecting Sybil attack in Internet of Things Download PDFInfo
- Publication number
- CN103701771A CN103701771A CN201310605262.6A CN201310605262A CN103701771A CN 103701771 A CN103701771 A CN 103701771A CN 201310605262 A CN201310605262 A CN 201310605262A CN 103701771 A CN103701771 A CN 103701771A
- Authority
- CN
- China
- Prior art keywords
- node
- sybil
- things
- internet
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y02B60/50—
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a novel method for detecting a Sybil attack in the Internet of Things. According to the method, the Sybil attack in the Internet of Things is judged comprehensively according to the energy of a node and the intensity value of a received signal by adopting a method of carrying detection parameters at the tail part of a data packet in a protocol implementation stage, and the detection precision is improved by the mutual supervision of a cluster head node and a member node. A practical and feasible method for detecting the Sybil attack is provided for networks, particularly the Internet of Things, the safety of the Internet of Things can be improved effectively, such as routing, resource allocation, abnormal behavior detection. The novel method has the advantages of easiness in implementation, high detection efficiency, high anti-attack capacity and the like.
Description
Technical field
The present invention be a kind of for information network, particularly detect Internet of Things Routing Protocol and be subject to the new method that Sybil attacks, belong to Internet of Things safety applications technical field.
Background technology
Internet of Things is a kind of can structure under the environment of network infrastructure in advance, the network that the peer to peer network being comprised of mobile node is a kind of self-organizing temporarily, manage certainly.In network, each node can add at any time and exit, topological structure frequent variations, and because the communication overlay face of each node is little, inter-node communication usually will forward through the multi-hop of other node.These features make Internet of Things except having the multiple threat such as information leakage, the information that general wireless network faces is distorted, Replay Attack, denial of service, Internet of Things also faces the easy victim physical manipulation of node, and obtain and revise all information that are stored in Internet of things node, thereby the threat of control section network, it is also a kind of of the attack pattern that is wherein harmful to very much that Sybil attacks.The target that Sybil attacks is to destroy the Distributed-solution that relies on multinode cooperation and multipath route.In Sybil attacks, malicious node is stated false identity by playing the part of other node or passing through, thereby other node table in network is revealed to multiple identities.The a series of nodes that exist Sybil node puppet to create at other node, but in fact those nodes do not exist, and all data that mail to those nodes, will be obtained by Sybil node.
Three kinds of characteristic features during Sybil attacks are: direct communication and indirect communication, the identity of forging and usurping, attack are simultaneously attacked with non-simultaneously.
(1) direct and indirect communication
Direct communication: a kind of method of implementing Sybil attack is that Sybil node and other legal node directly communicate, when legal node sends information to Sybil node, malicious node can be monitored these information.Equally, the information sent from Sybil node is actually to be sent by malicious node.
Indirect communication: in this attack pattern, do not have legal node can be directly and Sybil node communicate, yet one or more malicious node is claimed and can be arrived Sybil node.Therefore the information that mails to Sybil node is routed to these malicious nodes.
(2) identity of forging and stealing
Forged identity: in some cases, assailant can construct a plurality of ID of Sybil arbitrarily.Such as, if node ID is comprised of 32 integers, assailant only need just can obtain node ID by 32 random numbers of simple generation so.
Usurp identity: if there is security mechanism to identify the legitimacy of node ID in Internet of Things, assailant is just difficult to forge new ID so.Such as, itself just has the security mechanism that prevents from inserting new ID the name space of identity ID.In this case, assailant must usurp the legal identity of other node.
(3) attack simultaneously and non-attack simultaneously
Attack: assailant may attempt to utilize its all identity ID that have participation network communication simultaneously simultaneously, yet for a specific physical equipment, at a time, can only there is an identity, assailant can be by recycling different identity, and form the illusion of simultaneously using a plurality of ID.
Non-attack simultaneously: although assailant may have a plurality of identity, in a specific period, assailant only uses one of them identity.Assailant can be by an identity is exitted network, and utilize another one identity to rejoin network and realize this attack pattern.An identity can leave and add network repeatedly, also may only use once.
Summary of the invention
Object of the present invention will overcome the above problems exactly, provide a kind of and attack new method for detection of Internet of Things Sybil, employing in the agreement execution phase in the packet afterbody method of detected parameters information incidentally, according to the member node state information of storing in node received signal strength and node, comprehensively judge that the Sybil in Internet of Things attacks; And improve accuracy of detection by the mutual supervision of leader cluster node and member node.
Technical scheme of the present invention is achieved in that a kind of for detection of Internet of Things Sybil attack new method, is characterized in: the detection to Sybil node:
1) by node energy, the abnormal nodes in judgement Internet of Things;
2) by the Sybil in the received signal strength value judgement Internet of Things of node, attack, by the nodal distance receiving
with the front once nodal distance value of record
compare, if think Sybil attack has occurred over threshold value;
3), by four detection node, adopt the method for triangle location to complete the detection that Sybil is attacked;
4) the mutual supervision and by leader cluster node and member node has improved accuracy of detection;
5) adopt in the agreement execution phase in the packet afterbody method of detected parameters information incidentally, effectively reduce network energy consumption;
So just can complete and in Internet of Things, detect Sybil attack.
Meaning of the present invention is as wireless communication networks, particularly Internet of Things provides the method that the detection Sybil of a practical attacks, for the attack detecting in information security field provides new method, with more flexibly, the detection that Sybil is attacked of the thinking Design and implementation of more realistic reality, concrete beneficial effect:
1) according to node energy value and received signal strength, focus on to detect for Internet of Things route and endanger large Sybil attack, comprehensively improve routing protocol security performance.
2) for the Sybil of Internet of Things leader cluster node and member node, attack, the mutual supervision by leader cluster node and member node is to improve accuracy of detection.
3) employing, in the agreement execution phase in the incidentally method detection Sybil attack of detected parameters information of packet afterbody, has effectively reduced energy consumption.
4) to attack be the maximum a kind of attack of harm in Internet of Things to Sybil, other attack method mostly therewith attack method be combined with, reach the object of attack, so resolve Sybil, attack guaranteeing that the safety of the whole network has great meaning.
Accompanying drawing explanation
Fig. 1 is that four nodes detect Sybil attack schematic diagram.
Embodiment
According to the position of the signal strength signal intensity computing node of receiving node, can judge whether Internet of Things Sybil occurs and attack.Suppose to have following network environment: a two dimensional surface bunch network; All nodes have identical primary power, computing capability, communication capacity; Once node deployment completes, its position is fixed; Before node initializing completes, network is safe.Introduce the detection method that Sybil attacks below.
In the Jakes of Internet of Things channel space, the signal strength signal intensity that reception antenna receives
it is transmitting-receiving range
dfunction, the received signal strength of node is:
In formula,
for transmit signal strength (
), now suppose that transmit receive antenna gain is 1,
the channel gain of Rayleigh distributed,
hthe impulse response of channel model,
for the attenuation gradient of distance-energy,
the received power of node, received power is with the distance of large scale decline
drelevant, simultaneously also relevant with the Jakes channel model of Rayleigh distributed.
According to formula (1), obtain node
iwith node
jthe ratio of received signal strength:
In the time of in the early stage, the initial energy value of node can be thought identical, and Internet of Things is a static network, internodal relative position does not change substantially, so again by formula (2) can think RSSI ratio only and distance dependent be.Transmission information in bunch head is in the situation that energy is identical, and the ratio of the receiving intensity of signal is only proportional to the ratio of distance
, from formula (2)
, now
represent node
ireceive another node
jsignal strength signal intensity during signal.
Node location is changeless, and it should have unique positional information so.Sybil attacks a node while occurring and forges a plurality of effective No. ID, sends harmful information.So only need to prove a plurality of No. ID only corresponding to same node, so just can think Sybil attack.
Four nodes just can be determined the geographical position of the node being associated with it, detect Sybil attack method as shown in Figure 1.Wherein
with
two identity that a node has,
,
,
,
four detection node.
with
two different identity of a node, when Sybil attacking network,
with
capital sends information.
If above formula is set up, because positional information is unique node, but have two No. ID, illustrate that Sybil attack has occurred this Internet of Things.
New method of the present invention is divided into election of cluster head, bunch foundation, and tdma slot distributes and transfer of data four-stage.For the ease of being formulated detection algorithm, some parameters that table 1 provides algorithm to be used while realizing.
The parameter that table 1 detection algorithm is used
Parameter name | Functional description |
Leader cluster node | |
Member node | |
Represent node No. ID | |
Represent node vNo. ID | |
Leader cluster node receives Energy value while once sending information before node | |
Leader cluster node receives Energy value during this transmission information of node | |
Leader cluster node records RSSI value while once sending information before node | |
Leader cluster node records RSSI value during this transmission information of node | |
Message( ) | Node The information gathering |
Location( ) | Node Positional information |
The warning message that node sends | |
The threshold value of energy abnormality juding | |
The threshold value of RSSI abnormality juding | |
The threshold value that range error is judged |
What in Internet of Things, Sybil attacked harm maximum is outside invasion, and external node has been intercepted and captured the key of legal node, and the inner node that disguises oneself as endangers network, and the present invention mainly discusses this attack.In experiment, choose at random several leader cluster nodes, network is divided into several bunches, leader cluster node is directly communicated by letter with member node, and member node is only communicated by letter with the leader cluster node of affiliated bunch.Because the function of two kinds of nodes is different, so the method that judgement Sybil attacks is also different.Member node judges (impact of network environment is larger owing to being subject to, and energy value and RSSI value are all averaged) from the variation of energy value and RSSI value.Leader cluster node adopts the detection method of multi-parameter, to increase the precision of detection.Below provide respectively the detection method of member node and leader cluster node.
(1) detect member node the algorithm that Sybil attacks occurs
Suppose certain member node only and a node direct communication (this node can be leader cluster node, can be also member node, detects principle identical, supposes that this node is leader cluster node herein), provide concrete detection method below:
STEP2: leader cluster node
the energy value of sending and RSSI value are compared to judgement
whether be abnormal node:
If all set up formula (4), (5), this node is abnormal nodes, thinks that so Sybil attack has occurred this node.
STEP3: by leader cluster node
the issue information of flooding is notified its adjacent leader cluster node
, inform
there is Sybil and attack in node.
(2) detect leader cluster node the algorithm that Sybil attacks occurs
Suppose a leader cluster node and 4 above member node direct communications, provide concrete detection method below:
STEP2: the RSSI value and the energy value that send according to leader cluster node, member node
according to formula (1), calculate the nodal distance that makes new advances and receive
, will
with the front once nodal distance value of record
compare:
STEP6: if
information occurs, illustrated that 4 member node think that leader cluster node is abnormal.
STEP8: Internet of Things re-establishes new bunch head, the node of new bunch of first generation Sybil attack is notified to neighbor node around, and the node that Sybil attack occurs is excluded to network.
Detect Sybil attack step:
(1) the election of cluster head stage
Candidate cluster head node, to the information of the whole network broadcast oneself, announces oneself to be leader cluster node.Synchronization can only have the information of a leader cluster node broadcast oneself.Candidate cluster head node
huse plaintext broadcasting packet
give own node around, tell when front-wheel number
with a bunch head
.
1) now carry out leader cluster node detection algorithm.Suppose a leader cluster node and four above member node direct communications: leader cluster node
to member node
send control information, member node
the energy value of sending and RSSI value are compared to judgement bunch head
whether be abnormal node, if abnormal nodes member node no longer to this leader cluster node, send data.
2) the RSSI value and the energy value that according to leader cluster node, send, member node
the nodal distance that calculating makes new advances and receives
, will
with the front once nodal distance value of record
compare, if be greater than detection threshold,
think that leader cluster node is abnormal.
3)
node sends abnormal information to adjacent member node, by
node detects leader cluster node again, if be greater than detection threshold
think that leader cluster node is abnormal.
4)
node sends abnormal information to adjacent member node
, now indicate 2 member node (
with
) think that leader cluster node is abnormal.
5) if
information occurs, illustrate that 4 member node think that leader cluster node is abnormal, now can show that Sybil attack occurs leader cluster node.
6) one take turns later Internet of Things and re-elect a bunch head, the node that new bunch of first generation Sybil attacks is notified to node around, and excludes network by there is the node that Sybil attacks.
(2) bunch establishment stage
Each non-leader cluster node determines oneself to belong to which bunch.Each node may be received several broadcasting packets from different leader cluster nodes
, node is just strong and weak according to the signal of receiving message, chooses the transmission source of the broadcasting packet that signal is the strongest as the leader cluster node of oneself.Then register the cipher key flag of this leader cluster node
, and send
to leader cluster node notice, add this bunch.
(3) tdma slot allocated phase
Each leader cluster node according to be registered to it bunch node number, create the time slot allocation of a TDMA.Leader cluster node sends a schedule information to bunch member node, thereby guarantees that each bunch of member has the time period of own transmission data.
(4) data transfer phase
After bunch foundation completes, the TDMA that bunch member node starts at oneself image data send to a bunch head in the time period.A bunch service data blending algorithm after a frame end, sends to base station the data after merging.Each bunch is assigned with a different CDMA code word, so the transfer of data of each bunch can not affect the transfer of data of other bunch.In this stage, can carry out member node detection algorithm.
1) member node
to leader cluster node
send detection information, bunch head
right
the energy value of sending and RSSI value compare judges member
whether there is Sybil attack.
Claims (1)
1. for detection of Internet of Things Sybil, attack a new method, it is characterized in that: the detection to Sybil node:
A) by node energy, the abnormal nodes in judgement Internet of Things;
B) by the Sybil in the received signal strength value judgement Internet of Things of node, attack, by the nodal distance receiving
with the front once nodal distance value of record
compare, if think Sybil attack has occurred over threshold value;
C), by four detection node, adopt the method for triangle location to complete the detection that Sybil is attacked;
D) the mutual supervision and by leader cluster node and member node has improved accuracy of detection;
E) adopt in the agreement execution phase in the packet afterbody method of detected parameters information incidentally, effectively reduce network energy consumption;
So just can complete and in Internet of Things, detect Sybil attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310605262.6A CN103701771A (en) | 2013-11-26 | 2013-11-26 | Novel method for detecting Sybil attack in Internet of Things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310605262.6A CN103701771A (en) | 2013-11-26 | 2013-11-26 | Novel method for detecting Sybil attack in Internet of Things |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103701771A true CN103701771A (en) | 2014-04-02 |
Family
ID=50363168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310605262.6A Pending CN103701771A (en) | 2013-11-26 | 2013-11-26 | Novel method for detecting Sybil attack in Internet of Things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103701771A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635072A (en) * | 2014-11-06 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Controlled account identification method and device |
CN105636053A (en) * | 2016-02-04 | 2016-06-01 | 中国人民解放军装甲兵工程学院 | Detection method oriented to Sybil attack in WSN |
CN112653682A (en) * | 2020-12-16 | 2021-04-13 | 深圳前海微众银行股份有限公司 | Method and device for detecting block chain eclipse attack |
CN113225741A (en) * | 2021-05-17 | 2021-08-06 | 国网山东省电力公司济南供电公司 | Distributed hybrid Sybil attack detection method and system for mobile self-organizing network |
CN115866605A (en) * | 2023-02-14 | 2023-03-28 | 东南大学 | Sybil attack detection and isolation method based on signal intensity |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070094494A1 (en) * | 2005-10-26 | 2007-04-26 | Honeywell International Inc. | Defending against sybil attacks in sensor networks |
KR100892086B1 (en) * | 2007-07-09 | 2009-04-06 | 에스케이 텔레콤주식회사 | Method for Detecting Sybil Attack in Ubiquitous Sensor Networks |
CN101478756A (en) * | 2009-01-16 | 2009-07-08 | 南京邮电大学 | Method for detecting Sybil attack |
-
2013
- 2013-11-26 CN CN201310605262.6A patent/CN103701771A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070094494A1 (en) * | 2005-10-26 | 2007-04-26 | Honeywell International Inc. | Defending against sybil attacks in sensor networks |
KR100892086B1 (en) * | 2007-07-09 | 2009-04-06 | 에스케이 텔레콤주식회사 | Method for Detecting Sybil Attack in Ubiquitous Sensor Networks |
CN101478756A (en) * | 2009-01-16 | 2009-07-08 | 南京邮电大学 | Method for detecting Sybil attack |
Non-Patent Citations (1)
Title |
---|
王江涛,杨庚,孙源,陈生寿: "攻击检测安全LEACH路由协议", 《应用科学学报》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635072A (en) * | 2014-11-06 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Controlled account identification method and device |
CN105635072B (en) * | 2014-11-06 | 2018-11-27 | 阿里巴巴集团控股有限公司 | Regulated account recognition methods and device |
CN105636053A (en) * | 2016-02-04 | 2016-06-01 | 中国人民解放军装甲兵工程学院 | Detection method oriented to Sybil attack in WSN |
CN105636053B (en) * | 2016-02-04 | 2019-03-29 | 中国人民解放军装甲兵工程学院 | A kind of detection method attacked towards Sybil in WSN |
CN112653682A (en) * | 2020-12-16 | 2021-04-13 | 深圳前海微众银行股份有限公司 | Method and device for detecting block chain eclipse attack |
CN113225741A (en) * | 2021-05-17 | 2021-08-06 | 国网山东省电力公司济南供电公司 | Distributed hybrid Sybil attack detection method and system for mobile self-organizing network |
CN115866605A (en) * | 2023-02-14 | 2023-03-28 | 东南大学 | Sybil attack detection and isolation method based on signal intensity |
CN115866605B (en) * | 2023-02-14 | 2023-05-09 | 东南大学 | Method for detecting and isolating witches attack based on signal intensity |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101478756A (en) | Method for detecting Sybil attack | |
Dong et al. | Preserving source-location privacy through redundant fog loop for wireless sensor networks | |
CN107835510B (en) | Phantom routing-based wireless sensor network source node position privacy protection method | |
Baadache et al. | Struggling against simple and cooperative black hole attacks in multi-hop wireless ad hoc networks | |
Athmani et al. | Hierarchical energy efficient intrusion detection system for black hole attacks in WSNs | |
CN103701771A (en) | Novel method for detecting Sybil attack in Internet of Things | |
El Kaissi et al. | DAWWSEN: A defense mechanism against wormhole attacks in wireless sensor networks | |
Choudhary et al. | Preventing black hole attack in AODV using timer-based detection mechanism | |
Hiremani et al. | Eliminating co-operative blackhole and grayhole attacks using modified EDRI table in MANET | |
Raju et al. | A simple and efficient mechanism to detect and avoid wormhole attacks in mobile ad hoc networks | |
Nitnaware et al. | Black hole attack detection and prevention strategy in DYMO for MANET | |
Heurtefeux et al. | Enhancing RPL resilience against routing layer insider attacks | |
Raje et al. | Routing in wireless sensor network using fuzzy based trust model | |
Moudni et al. | Modified AODV routing protocol to improve security and performance against black hole attack | |
Gambhir et al. | PPN: Prime product number based malicious node detection scheme for MANETs | |
Virmani et al. | Exponential trust based mechanism to detect black hole attack in wireless sensor network | |
Sharma et al. | Modified AODV Protocol to Prevent Black Hole Attack in Mobile Ad-hoc Network | |
Sun et al. | Self-propagating mal-packets in wireless sensor networks: Dynamics and defense implications | |
Upadhyay et al. | Detecting and avoiding wormhole attack in MANET using statistical analysis approach | |
Kumar et al. | Consensus based algorithm to detecting malicious nodes in mobile adhoc network | |
Kamatchi et al. | Securing data from black hole attack using aodv routing for mobile ad hoc networks | |
Rana et al. | Wireless ad hoc network: detection of malicious node by using neighbour-based authentication approach | |
Singh et al. | An approach to improve the performance of WSN during wormhole attack using promiscuous mode | |
Chaba et al. | Performance Analysis of Disable IP Broadcast Technique for Prevention of Flooding-Based DDoS Attack in MANET. | |
FIHRI et al. | The impact of black-hole attack on AODV protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140402 |