CN103763703A - Wireless network attack detection method based on mathematical morphology - Google Patents
Wireless network attack detection method based on mathematical morphology Download PDFInfo
- Publication number
- CN103763703A CN103763703A CN201410010848.2A CN201410010848A CN103763703A CN 103763703 A CN103763703 A CN 103763703A CN 201410010848 A CN201410010848 A CN 201410010848A CN 103763703 A CN103763703 A CN 103763703A
- Authority
- CN
- China
- Prior art keywords
- node
- staircase curve
- wireless network
- structural element
- mathematical morphology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a wireless network attack detection method based on mathematical morphology. The method comprises the steps that preset sampling rate is adopted to collect link quality indicating parameters generated when each node of a wireless network transmits data; the obtained link quality indicating parameters of each node are sequentially drawn on a two-dimensional coordinate system to form a staircase curve chart; the erosion operation in the mathematical morphology is adopted to erode the staircase curve chart of each node gradually, and particle fractions during each erosion are calculated and obtained; the cumulative distribution function of all the particle fractions of each node is calculated, and the obtained cumulative distribution function is drawn on the two-dimensional coordinate system to obtain a particle distribution staircase curve; according to the particle distribution staircase curve of each node, whether the node is attacked or not is judged in real time. The wireless network attack detection method based on the mathematical morphology can detect an attack to the wireless network in real time, is high in safety and simple in calculation mode, reduces detection cost, and can be widely applied in the safety monitoring field of the wireless network.
Description
Technical field
The present invention relates to network attack detection field, particularly relate to a kind of wireless network attack detection method based on mathematical morphology.
Background technology
Solving at present the common method adopting of radio sensing network safety problem is to encrypt or authentication.Even if encryption can guarantee that cipher-text message that assailant obtains transmission can not crack and draw clear-text message, and authentication can guarantee whether message was modified from legal node and checking message.But employing encryption method, the distribution of key often energy consumption is larger, and extensibility and adaptability are lower, and the cost of layout and the computing cost that need are too large, and adopt authentication method, and the computing capability of node is limited, and shared key is relatively fragile.Generally speaking, adopt the method for encryption in current technology or authentication to guarantee the safety of transfer of data, its computation complexity and energy consumption are higher, system cost is high, and above two kinds of methods all can not realize the detection that invasion is attacked, while there is " spy " node in a radio sensing network, cannot monitor in real time the attack of this node, thereby its fail safe is restricted.
Summary of the invention
In order to solve above-mentioned technical problem, the object of this invention is to provide simple, the low-cost and safe wireless network attack detection method based on mathematical morphology of a kind of account form.
The technical solution adopted for the present invention to solve the technical problems is:
A wireless network attack detection method based on mathematical morphology, comprising:
The link-quality indication parameter that S1, each node that adopts default sampling rate to gather respectively wireless network produce when transmission data;
S2, the link-quality indication parameter of each node obtaining is plotted in to two-dimensional coordinate successively fastens and form staircase curve figure;
S3, adopt the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, calculate the particulate mark while obtaining each erosion simultaneously;
S4, calculate each node all particulate marks cumulative distribution function and the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate fastens and obtain Particle Distribution staircase curve;
S5, according to the Particle Distribution staircase curve of each node obtaining, whether this node of real-time judge under attack.
Further, described step S3, comprising:
S31, calculate the gross area in subgraph region of the staircase curve figure of each node, and to adopt the length of side be that 1 unit square is as structural element;
S32, the erosion computing based in mathematical morphology, used structural element to go to corrode subgraph region identical with structural element length in the staircase curve figure of each node, calculates the area in the subgraph region being etched simultaneously;
The area in subgraph region that S33, calculating are etched and the ratio of the gross area in subgraph region, and the particulate mark using it as this erosion;
S34, that whether the staircase curve figure that judges this node corrodes is complete, if so, finishes, otherwise in the horizontal direction of structural element, increases after a unit square as new structural element, and return to step S32.
Further, described step S4, comprising:
S41, all particulate marks of each node are arranged in order to its cumulative distribution function of rear calculating according to the length of structural element;
S42, using the length of structural element as abscissa, cumulative distribution function value is as ordinate, the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate and fastens and obtain Particle Distribution staircase curve.
Further, described step S2, it is specially:
Using sampling sequence number as abscissa, and link-quality indication parameter, as ordinate, is plotted in successively two-dimensional coordinate by all link-quality indication parameters of each node obtaining and fastens formation staircase curve figure.
Further, described step S5, it is specially:
The Particle Distribution staircase curve of each node obtaining is compared with the standard Particle Distribution staircase curve that in standard database, this node is corresponding, thereby whether under attack according to this node of comparison result real-time judge, if comparison result is consistent, judge that this node is not under attack, if comparison result is inconsistent, judge that this node is under attack.
The invention has the beneficial effects as follows: a kind of wireless network attack detection method based on mathematical morphology of the present invention, after the link-quality indication parameter that each node that adopts default sampling rate to gather respectively wireless network produces when transmission data, the link-quality indication parameter of each node obtaining is plotted in to two-dimensional coordinate successively and fastens formation staircase curve figure, then adopt the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, calculate the particulate mark while obtaining each erosion simultaneously, and then calculate each node all particulate marks cumulative distribution function and the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate fastens and obtain Particle Distribution staircase curve, finally according to the Particle Distribution staircase curve of each node obtaining, whether this node of real-time judge is under attack, this method can real-time monitor the attack to wireless network, safe, and account form is simple, cost of layout and computing cost have been reduced, reduced testing cost.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described.
Fig. 1 is the flow chart of a kind of wireless network attack detection method based on mathematical morphology of the present invention;
Fig. 2 corrodes the schematic diagram of the staircase curve figure of a node in a specific embodiment of the present invention;
Fig. 3 is the Particle Distribution staircase curve figure of a node in a specific embodiment of the present invention.
Embodiment
For the ease of following description, the following explanation of nouns of given first:
LQI:Link Quality Indicator, represents link-quality indication, is used to refer to the height of communication connection intensity, and unit is dBm.LQI can directly read in the header file in each packet receiving, and is the parameter that while sending data, acquiescence sends, and its data are convenient to collect and extract, and are the integers between 0-255.
With reference to Fig. 1, the invention provides a kind of wireless network attack detection method based on mathematical morphology, comprising:
The link-quality indication parameter that S1, each node that adopts default sampling rate to gather respectively wireless network produce when transmission data;
S2, the link-quality indication parameter of each node obtaining is plotted in to two-dimensional coordinate successively fastens and form staircase curve figure;
S3, adopt the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, calculate the particulate mark while obtaining each erosion simultaneously;
S4, calculate each node all particulate marks cumulative distribution function and the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate fastens and obtain Particle Distribution staircase curve;
S5, according to the Particle Distribution staircase curve of each node obtaining, whether this node of real-time judge under attack.
Be further used as preferred embodiment, described step S3, comprising:
S31, calculate the gross area in subgraph region of the staircase curve figure of each node, and to adopt the length of side be that 1 unit square is as structural element;
S32, the erosion computing based in mathematical morphology, used structural element to go to corrode subgraph region identical with structural element length in the staircase curve figure of each node, calculates the area in the subgraph region being etched simultaneously;
The area in subgraph region that S33, calculating are etched and the ratio of the gross area in subgraph region, and the particulate mark using it as this erosion;
S34, that whether the staircase curve figure that judges this node corrodes is complete, if so, finishes, otherwise in the horizontal direction of structural element, increases after a unit square as new structural element, and return to step S32.
Be further used as preferred embodiment, described step S4, comprising:
S41, all particulate marks of each node are arranged in order to its cumulative distribution function of rear calculating according to the length of structural element;
S42, using the length of structural element as abscissa, cumulative distribution function value is as ordinate, the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate and fastens and obtain Particle Distribution staircase curve.
Be further used as preferred embodiment, described step S2, it is specially:
Using sampling sequence number as abscissa, and link-quality indication parameter, as ordinate, is plotted in successively two-dimensional coordinate by all link-quality indication parameters of each node obtaining and fastens formation staircase curve figure.
Be further used as preferred embodiment, described step S5, it is specially:
The Particle Distribution staircase curve of each node obtaining is compared with the standard Particle Distribution staircase curve that in standard database, this node is corresponding, thereby whether under attack according to this node of comparison result real-time judge, if comparison result is consistent, judge that this node is not under attack, if comparison result is inconsistent, judge that this node is under attack.
Below in conjunction with specific embodiment, the present invention will be further described, and one embodiment of the invention are as follows:
With reference to Fig. 1, a kind of wireless network attack detection method based on mathematical morphology, comprising:
The link-quality indication parameter that S1, each node that adopts default sampling rate to gather respectively wireless network produce when transmission data.
S2, the link-quality indication parameter of each node obtaining is plotted in to two-dimensional coordinate successively fastens and form staircase curve figure, it is specially:
Using sampling sequence number as abscissa, and link-quality indication parameter, as ordinate, is plotted in successively two-dimensional coordinate by all link-quality indication parameters of each node obtaining and fastens formation staircase curve figure.
S3, adopt the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, calculate the particulate mark while obtaining each erosion simultaneously, specifically comprise the following steps:
S31, calculate the gross area in subgraph region of the staircase curve figure of each node, and to adopt the length of side be that 1 unit square is as structural element;
S32, the erosion computing based in mathematical morphology, used structural element to go to corrode subgraph region identical with structural element length in the staircase curve figure of each node, calculates the area in the subgraph region being etched simultaneously; Erosion is a kind of computing comparatively common in mathematical morphology, can be understood as " wiping ", in this step, using structural element to go to corrode subgraph region identical with structural element length in the staircase curve figure of each node can be understood as: take structural element as unit, wipe subgraph region identical with structural element length in the staircase curve figure of each node, shown in Fig. 2, in Fig. 2, dotted portion represents the subgraph region that this foursquare structural element of staircase curve Tu Bei unit is wiped, the subgraph region being etched;
The area in subgraph region that S33, calculating are etched and the ratio of the gross area in subgraph region, and the particulate mark using it as this erosion; It should be noted that the gross area in subgraph region here refers to the gross area in the subgraph region under the initial condition of staircase curve figure of each node; As shown in Figure 2, the gross area in the subgraph region under the initial condition of the staircase curve figure of this node is the subgraph region that is etched in 57, Fig. 2 totally 5 unit square, and the area in the subgraph region being this time etched is 5, therefore, calculating corresponding particulate mark is 5/57;
S34, that whether the staircase curve figure that judges this node corrodes is complete, if so, finishes, otherwise in the horizontal direction of structural element, increases after a unit square as new structural element, and return to step S32; If judgement staircase curve figure does not corrode complete, in the horizontal direction of structural element, increase after a unit square as new structural element, continue to corrode the staircase curve of this node, the staircase curve figure of the foursquare structural element of Dui Tu2Zhong Bei unit after corroding for example, adopting a length is 2, wide is that the structural element of 1 rectangle continues to corrode, the like, until this staircase curve figure corrodes complete;
Here be erosion by calculating staircase curve figure afterwards the gross area in remaining subgraph region to judge whether this node corrodes complete, if the gross area in the remaining subgraph region of this node is 0, represent to corrode complete.
S4, calculate each node all particulate marks cumulative distribution function and the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate fastens and obtain Particle Distribution staircase curve:
S41, all particulate marks of each node are arranged in order to its cumulative distribution function of rear calculating according to the length of structural element; The cumulative distribution function value of the particulate mark that the length of certain structural element obtaining is here corresponding is the particulate mark sum corresponding to several structural elements of the length length that is less than or equal to this structural element, and it is 1 the particulate mark of structural element and the particulate mark sum of the structural element that length is 2 that the cumulative distribution function value that for example corresponding length is 2 equals length;
S42, using the length of structural element as abscissa, cumulative distribution function value is as ordinate, the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate to be fastened and obtains Particle Distribution staircase curve, shown in Fig. 3, Fig. 3 is for to corrode the Particle Distribution staircase curve of rear acquisition to the staircase curve figure of Fig. 2, in Fig. 3, the length of structural element is 6 to 8 o'clock, the value of Particle Distribution staircase curve does not change, and there is no the subgraph region identical with the structural element length of these length in the staircase curve figure of presentation graphs 2; In Fig. 3, the line segment of the overstriking at corresponding 11 places represents, with the structural element that length is 11 corrode corrode after this staircase curve figure complete.
S5, according to the Particle Distribution staircase curve of each node obtaining, whether this node of real-time judge under attack, it is specially:
The Particle Distribution staircase curve of each node obtaining is compared with the standard Particle Distribution staircase curve that in standard database, this node is corresponding, thereby whether under attack according to this node of comparison result real-time judge, if comparison result is consistent, judge that this node is not under attack, if comparison result is inconsistent, judge that this node is under attack.Because concerning the wireless network of a known topological structure, the link-quality indication parameter of its each node is fixed, therefore after can gathering the link-quality indication parameter of each node, execution step S2 to S4, obtain the standard Particle Distribution staircase curve of each node, and according to the standard Particle Distribution staircase curve Criterion database of all nodes of wireless network, thereby in the actual transmissions data of wireless network, with reference to this standard database, according to the Particle Distribution staircase curve of each node obtaining, judge that whether this node is under attack.If because the attack that certain node in known topological structure is subject to " spy " node in other topological structures of same geographic area data theft or while copying for example, its link-quality indication parameter meeting is because of the corresponding change that is interfered, thereby the Particle Distribution staircase curve waveform finally obtaining also obvious variation can occur.It should be noted that, because the data volume of link-quality indication parameter is very large, whether waveform or further feature that current technology is difficult to the initial data of the link-quality indication parameter from collecting come decision node under attack, the present invention is by being converted to Particle Distribution staircase curve by the link-quality indication parameter of collection, can the initial data gathering not made under the prerequisite of any change, intuitively, know quickly the variation of link-quality indication parameter, thereby whether judge in time node under attack, greatly improved the fail safe of wireless network.
More than that better enforcement of the present invention is illustrated, but the invention is not limited to described embodiment, those of ordinary skill in the art also can make all equivalent variations or replacement under the prerequisite without prejudice to spirit of the present invention, and the modification that these are equal to or replacement are all included in the application's claim limited range.
Claims (5)
1. the wireless network attack detection method based on mathematical morphology, is characterized in that, comprising:
The link-quality indication parameter that S1, each node that adopts default sampling rate to gather respectively wireless network produce when transmission data;
S2, the link-quality indication parameter of each node obtaining is plotted in to two-dimensional coordinate successively fastens and form staircase curve figure;
S3, adopt the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, calculate the particulate mark while obtaining each erosion simultaneously;
S4, calculate each node all particulate marks cumulative distribution function and the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate fastens and obtain Particle Distribution staircase curve;
S5, according to the Particle Distribution staircase curve of each node obtaining, whether this node of real-time judge under attack.
2. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, is characterized in that, described step S3, comprising:
S31, calculate the gross area in subgraph region of the staircase curve figure of each node, and to adopt the length of side be that 1 unit square is as structural element;
S32, the erosion computing based in mathematical morphology, used structural element to go to corrode subgraph region identical with structural element length in the staircase curve figure of each node, calculates the area in the subgraph region being etched simultaneously;
The area in subgraph region that S33, calculating are etched and the ratio of the gross area in subgraph region, and the particulate mark using it as this erosion;
S34, that whether the staircase curve figure that judges this node corrodes is complete, if so, finishes, otherwise in the horizontal direction of structural element, increases after a unit square as new structural element, and return to step S32.
3. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, is characterized in that, described step S4, comprising:
S41, all particulate marks of each node are arranged in order to its cumulative distribution function of rear calculating according to the length of structural element;
S42, using the length of structural element as abscissa, cumulative distribution function value is as ordinate, the cumulative distribution function of acquisition is plotted in to two-dimensional coordinate and fastens and obtain Particle Distribution staircase curve.
4. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, is characterized in that, described step S2, and it is specially:
Using sampling sequence number as abscissa, and link-quality indication parameter, as ordinate, is plotted in successively two-dimensional coordinate by all link-quality indication parameters of each node obtaining and fastens formation staircase curve figure.
5. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, is characterized in that, described step S5, and it is specially:
The Particle Distribution staircase curve of each node obtaining is compared with the standard Particle Distribution staircase curve that in standard database, this node is corresponding, thereby whether under attack according to this node of comparison result real-time judge, if comparison result is consistent, judge that this node is not under attack, if comparison result is inconsistent, judge that this node is under attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410010848.2A CN103763703B (en) | 2014-01-09 | 2014-01-09 | Wireless network attack detection method based on mathematical morphology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410010848.2A CN103763703B (en) | 2014-01-09 | 2014-01-09 | Wireless network attack detection method based on mathematical morphology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103763703A true CN103763703A (en) | 2014-04-30 |
CN103763703B CN103763703B (en) | 2017-05-10 |
Family
ID=50530848
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410010848.2A Expired - Fee Related CN103763703B (en) | 2014-01-09 | 2014-01-09 | Wireless network attack detection method based on mathematical morphology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103763703B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106101101A (en) * | 2016-06-13 | 2016-11-09 | 深圳先进技术研究院 | Wireless sensor network data compression method and system |
CN108881277A (en) * | 2018-07-10 | 2018-11-23 | 广东工业大学 | The method, device and equipment of monitoring wireless sensor network node invasion |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2211265A1 (en) * | 2009-01-19 | 2010-07-28 | Fujitsu Limited | Elliptic curve arithmetic processing unit and elliptic curve arithmetic processing program and method |
CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
-
2014
- 2014-01-09 CN CN201410010848.2A patent/CN103763703B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2211265A1 (en) * | 2009-01-19 | 2010-07-28 | Fujitsu Limited | Elliptic curve arithmetic processing unit and elliptic curve arithmetic processing program and method |
CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
Non-Patent Citations (2)
Title |
---|
WEN MIN: "《electrical and control engineering》", 27 June 2010 * |
周志艳: "《农作物虫害的机器检测与监测技术研究进展》", 《昆虫学报》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106101101A (en) * | 2016-06-13 | 2016-11-09 | 深圳先进技术研究院 | Wireless sensor network data compression method and system |
CN108881277A (en) * | 2018-07-10 | 2018-11-23 | 广东工业大学 | The method, device and equipment of monitoring wireless sensor network node invasion |
CN108881277B (en) * | 2018-07-10 | 2021-04-16 | 广东工业大学 | Method, device and equipment for monitoring wireless sensor network node intrusion |
Also Published As
Publication number | Publication date |
---|---|
CN103763703B (en) | 2017-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102853871B (en) | Oil level monitoring method and system | |
CN105049291B (en) | A method of detection exception of network traffic | |
CN101556142B (en) | Visual detection method of ice coating thickness of overhead lines | |
CN109617868B (en) | DDOS attack detection method and device and detection server | |
CN101710848B (en) | Cooperative frequency spectrum sensing method based on fuzzy integral and optimization theory | |
CN103973697B (en) | A kind of thing network sensing layer intrusion detection method | |
CN112788066A (en) | Abnormal flow detection method and system for Internet of things equipment and storage medium | |
CN107025755A (en) | A kind of parking lot monitoring system and method | |
CN110071829A (en) | DNS tunnel detection method, device and computer readable storage medium | |
CN108092847A (en) | A kind of electric power LTE wireless terminal remote on-line monitoring methods | |
KR101187023B1 (en) | A network abnormal traffic analysis system | |
CN103763703A (en) | Wireless network attack detection method based on mathematical morphology | |
CN103686737A (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
CN110011966B (en) | Intelligent substation process layer network flow anomaly detection method | |
CN103179602A (en) | Method and device for detecting abnormal data of wireless sensor network | |
CN107888424A (en) | Warning information recognition methods and device, NMS | |
CN106713307A (en) | Method and system for detecting consistency of flow tables in SDN (Software-defined Networking) | |
CN113721569A (en) | Attack intrusion detection device and method for distributed control system | |
CN105516164A (en) | P2P botnet detection method based on fractal and self-adaptation fusion | |
CN114867022B (en) | FDI attack detection method in wireless sensor network positioning process | |
CN112995130B (en) | Electric power thing networking data transmission system | |
CN109118731B (en) | Method and system for monitoring and early warning of ice and snow on power transmission line | |
JP4987019B2 (en) | Attack traffic detection method and attack traffic detection apparatus | |
CN106453226A (en) | Method for detection of address entropy | |
CN109264172A (en) | Transmission method, device and the bottle stopper of temperature data in a kind of bottle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170510 Termination date: 20220109 |
|
CF01 | Termination of patent right due to non-payment of annual fee |