CN103763703B - Wireless network attack detection method based on mathematical morphology - Google Patents
Wireless network attack detection method based on mathematical morphology Download PDFInfo
- Publication number
- CN103763703B CN103763703B CN201410010848.2A CN201410010848A CN103763703B CN 103763703 B CN103763703 B CN 103763703B CN 201410010848 A CN201410010848 A CN 201410010848A CN 103763703 B CN103763703 B CN 103763703B
- Authority
- CN
- China
- Prior art keywords
- node
- staircase curve
- wireless network
- structural element
- mathematical morphology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a wireless network attack detection method based on mathematical morphology. The method comprises the steps that preset sampling rate is adopted to collect link quality indicating parameters generated when each node of a wireless network transmits data; the obtained link quality indicating parameters of each node are sequentially drawn on a two-dimensional coordinate system to form a staircase curve chart; the erosion operation in the mathematical morphology is adopted to erode the staircase curve chart of each node gradually, and particle fractions during each erosion are calculated and obtained; the cumulative distribution function of all the particle fractions of each node is calculated, and the obtained cumulative distribution function is drawn on the two-dimensional coordinate system to obtain a particle distribution staircase curve; according to the particle distribution staircase curve of each node, whether the node is attacked or not is judged in real time. The wireless network attack detection method based on the mathematical morphology can detect an attack to the wireless network in real time, is high in safety and simple in calculation mode, reduces detection cost, and can be widely applied in the safety monitoring field of the wireless network.
Description
Technical field
The present invention relates to network attack detection field, more particularly to a kind of wireless network attack based on mathematical morphology
Detection method.
Background technology
The method for solving the generally employing of radio sensing network safety problem at present is encryption or certification.Encryption can ensure that attacks
Even if the cipher-text message of the person's of hitting acquisition transmission can not be cracked draws clear-text message, and certification can ensure that message from legal
Whether node and checking message are modified.But encryption method is adopted, often energy consumption is larger for the distribution of key, extensibility
Relatively low with adaptability, the cost of layout and computing cost of needs is too big, and adopts authentication method, and the computing capability of node is limited,
Shared key is relatively fragile.Generally speaking, the peace of data transfer is ensured using the method for the encryption in current technology or certification
Entirely, its computation complexity and energy consumption are higher, and system cost is high, and both the above method can not be realized to Network Intrusion
Detection, when occurring " spy " node in a radio sensing network, it is impossible to monitor the attack of this node in real time, thus its
Security is restricted.
The content of the invention
In order to solve above-mentioned technical problem, it is an object of the invention to provide a kind of calculation is simple, inexpensive and pacifies
The wireless network attack detection method based on mathematical morphology of Quan Xinggao.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of wireless network attack detection method based on mathematical morphology, including:
S1, gather the link that each node of wireless network is produced in transmission data respectively using default sampling rate
Quality indication parameter;
S2, the link-quality of each node for obtaining being indicated, parameter is plotted in successively two-dimensional coordinate and fastens that to form ladder bent
Line chart;
S3, using the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, at the same calculate obtain
Obtain particulate fraction when corroding every time;
S4, calculate each node all particulate fractions cumulative distribution function and by obtain cumulative distribution function draw
Fasten in two-dimensional coordinate and obtain Particle Distribution staircase curve;
S5, according to the Particle Distribution staircase curve of each node for obtaining, whether the real-time judge node under attack.
Further, step S3, including:
S31, calculate each node staircase curve figure subgraph region the gross area, and adopt the length of side for 1 unit just
It is square as structural element;
S32, based on the erosion computing in mathematical morphology, the staircase curve figure for corroding each node is removed using structural element
In with structural element length identical subgraph region, while calculating the area in subgraph region being etched;
The ratio of the gross area of the area and subgraph region in the subgraph region that S33, calculating are etched, and invade as this time
The particulate fraction of erosion;
S34, judge whether the staircase curve figure of the node corrodes and finish, if so, then terminate, otherwise in the water of structural element
Increase square upwards after a unit square as new structural element, and return to step S32.
Further, step S4, including:
S41, all particulate fractions of each node are arranged in order according to the length of structural element after calculate its iterated integral
Cloth function;
S42, using the length of structural element as abscissa, cumulative distribution function value is used as ordinate, the accumulation that will be obtained
Distribution function is plotted in two-dimensional coordinate to be fastened and obtains Particle Distribution staircase curve.
Further, step S2, it is specially:
Using sampling sequence number as abscissa, link-quality indicates parameter as ordinate, by the institute of each node for obtaining
There is link-quality to indicate that parameter is plotted in successively two-dimensional coordinate and fastens to form staircase curve figure.
Further, step S5, it is specially:
By the Particle Distribution staircase curve normalized particle corresponding with the node in standard database of each node for obtaining
Distribution staircase curve is compared, so as to according to comparison result real-time judge, whether the node is under attack, if comparison result one
Cause, then judge that the node is not affected by attacking, if comparison result is inconsistent, judge that the node is under attack.
The invention has the beneficial effects as follows:A kind of wireless network attack detection method based on mathematical morphology of the present invention,
The link-quality that each node for gathering wireless network respectively using default sampling rate is produced in transmission data indicates ginseng
After number, the link-quality of each node for obtaining is indicated into that parameter is plotted in successively two-dimensional coordinate and fastens to form staircase curve figure,
Then using the erosion computing in mathematical morphology, the staircase curve figure of each node is progressively corroded, while calculate obtaining each
Particulate fraction during erosion, so calculate all particulate fractions of each node cumulative distribution function and will obtain iterated integral
Cloth function is plotted in two-dimensional coordinate to be fastened and obtains Particle Distribution staircase curve, finally according to the Particle Distribution of each node for obtaining
Whether staircase curve, real-time judge node is under attack, and this method can real-time monitor the attack to wireless network, safety
Property it is high, and calculation is simple, reduces cost of layout and computing cost, that is, reduce testing cost.
Description of the drawings
With reference to the accompanying drawings and examples the invention will be further described.
Fig. 1 is a kind of flow chart of wireless network attack detection method based on mathematical morphology of the present invention;
Fig. 2 is the schematic diagram of the staircase curve figure that a node is corroded in a specific embodiment of the invention;
Fig. 3 is the Particle Distribution staircase curve figure of a node in a specific embodiment of the invention.
Specific embodiment
For the ease of following description, following explanation of nouns is given first:
LQI:Link Quality Indicator, represent link-quality instruction, are used to refer to communicate to connect the height of intensity
Low, unit is dBm.LQI can directly read in the header file in each packet for receiving, and be silent when sending data
Recognize the parameter of transmission, its data is easy to collect and is extracted, be the integer between 0-255.
Reference Fig. 1, the invention provides a kind of wireless network attack detection method based on mathematical morphology, including:
S1, gather the link that each node of wireless network is produced in transmission data respectively using default sampling rate
Quality indication parameter;
S2, the link-quality of each node for obtaining being indicated, parameter is plotted in successively two-dimensional coordinate and fastens that to form ladder bent
Line chart;
S3, using the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, at the same calculate obtain
Obtain particulate fraction when corroding every time;
S4, calculate each node all particulate fractions cumulative distribution function and by obtain cumulative distribution function draw
Fasten in two-dimensional coordinate and obtain Particle Distribution staircase curve;
S5, according to the Particle Distribution staircase curve of each node for obtaining, whether the real-time judge node under attack.
It is further used as preferred embodiment, step S3, including:
S31, calculate each node staircase curve figure subgraph region the gross area, and adopt the length of side for 1 unit just
It is square as structural element;
S32, based on the erosion computing in mathematical morphology, the staircase curve figure for corroding each node is removed using structural element
In with structural element length identical subgraph region, while calculating the area in subgraph region being etched;
The ratio of the gross area of the area and subgraph region in the subgraph region that S33, calculating are etched, and invade as this time
The particulate fraction of erosion;
S34, judge whether the staircase curve figure of the node corrodes and finish, if so, then terminate, otherwise in the water of structural element
Increase square upwards after a unit square as new structural element, and return to step S32.
It is further used as preferred embodiment, step S4, including:
S41, all particulate fractions of each node are arranged in order according to the length of structural element after calculate its iterated integral
Cloth function;
S42, using the length of structural element as abscissa, cumulative distribution function value is used as ordinate, the accumulation that will be obtained
Distribution function is plotted in two-dimensional coordinate to be fastened and obtains Particle Distribution staircase curve.
It is further used as preferred embodiment, step S2, it is specially:
Using sampling sequence number as abscissa, link-quality indicates parameter as ordinate, by the institute of each node for obtaining
There is link-quality to indicate that parameter is plotted in successively two-dimensional coordinate and fastens to form staircase curve figure.
It is further used as preferred embodiment, step S5, it is specially:
By the Particle Distribution staircase curve normalized particle corresponding with the node in standard database of each node for obtaining
Distribution staircase curve is compared, so as to according to comparison result real-time judge, whether the node is under attack, if comparison result one
Cause, then judge that the node is not affected by attacking, if comparison result is inconsistent, judge that the node is under attack.
With reference to specific embodiment, the present invention will be further described, and one embodiment of the invention is as follows:
Reference Fig. 1, a kind of wireless network attack detection method based on mathematical morphology, including:
S1, gather the link that each node of wireless network is produced in transmission data respectively using default sampling rate
Quality indication parameter.
S2, the link-quality of each node for obtaining being indicated, parameter is plotted in successively two-dimensional coordinate and fastens that to form ladder bent
Line chart, it is specially:
Using sampling sequence number as abscissa, link-quality indicates parameter as ordinate, by the institute of each node for obtaining
There is link-quality to indicate that parameter is plotted in successively two-dimensional coordinate and fastens to form staircase curve figure.
S3, using the erosion computing in mathematical morphology, progressively corrode the staircase curve figure of each node, at the same calculate obtain
Particulate fraction when corroding every time is obtained, following steps are specifically included:
S31, calculate each node staircase curve figure subgraph region the gross area, and adopt the length of side for 1 unit just
It is square as structural element;
S32, based on the erosion computing in mathematical morphology, the staircase curve figure for corroding each node is removed using structural element
In with structural element length identical subgraph region, while calculating the area in subgraph region being etched;Erosion is Mathematical Morphology
Relatively conventional a kind of computing in, it can be understood as " erasing ", structural element goes to corrode each node used in this step
Can be understood as with structural element length identical subgraph region in staircase curve figure:With structural element as unit, each is wiped
With structural element length identical subgraph region in the staircase curve figure of node, with reference to shown in Fig. 2, dotted portion is represented in Fig. 2
The staircase curve figure is by the subgraph region of the foursquare structural element erasing of unit, that is, the subgraph region being etched;
The ratio of the gross area of the area and subgraph region in the subgraph region that S33, calculating are etched, and invade as this time
The particulate fraction of erosion;It should be noted that here the gross area in subgraph region refers to the initial of the staircase curve figure of each node
The gross area in the subgraph region under state;As shown in Figure 2, subgraph region under the original state of the staircase curve figure of the node
The gross area is the subgraph region being etched in 57, Fig. 2 totally 5 unit squares, i.e., the area in the subgraph region being this time etched
For 5, therefore, corresponding particulate fraction is calculated for 5/57;
S34, judge whether the staircase curve figure of the node corrodes and finish, if so, then terminate, otherwise in the water of structural element
Increase square upwards after a unit square as new structural element, and return to step S32;If judging staircase curve figure not
Erosion is finished, then as new structural element after increasing a unit square in the horizontal direction of structural element, continue to invade
The staircase curve of the node is lost, such as to, by the staircase curve figure after the foursquare structural element erosion of unit, adopting one in Fig. 2
Individual length is 2, and the structural element of a width of 1 rectangle continues to corrode, the like, finish until the staircase curve figure corrodes;
Judging the node here by the gross area in remaining subgraph region after the erosion for calculating staircase curve figure is
It is no to corrode what is finished, if the gross area in the remaining subgraph region of the node is 0, then it represents that erosion is finished.
S4, calculate each node all particulate fractions cumulative distribution function and by obtain cumulative distribution function draw
Fasten in two-dimensional coordinate and obtain Particle Distribution staircase curve:
S41, all particulate fractions of each node are arranged in order according to the length of structural element after calculate its iterated integral
Cloth function;The cumulative distribution function value of the corresponding particulate fraction of length of certain structural element for obtaining here be length less than etc.
In the corresponding particulate fraction sum of several structural elements of the length of the structural element, for example, correspond to the cumulative distribution that length is 2
Functional value is equal to the particulate fraction of the structural element that length is 1 and the particulate fraction sum of structural element that length is 2;
S42, using the length of structural element as abscissa, cumulative distribution function value is used as ordinate, the accumulation that will be obtained
Distribution function is plotted in two-dimensional coordinate to be fastened and obtains Particle Distribution staircase curve, and with reference to shown in Fig. 3, Fig. 3 is that the ladder to Fig. 2 is bent
The Particle Distribution staircase curve that line chart is obtained after corroding, when the length of structural element is 6 to 8 in Fig. 3, Particle Distribution staircase curve
Value be not changed in, represent in the staircase curve figure of Fig. 2 without structural element length identical subgraph region with these length;
The line segment of overstriking in Fig. 3 at correspondence 11 represents, is corroded to be corroded after the staircase curve figure with the structural element that length is 11 and finishes.
S5, according to the Particle Distribution staircase curve of each node for obtaining, whether the real-time judge node under attack, its
Specially:
By the Particle Distribution staircase curve normalized particle corresponding with the node in standard database of each node for obtaining
Distribution staircase curve is compared, so as to according to comparison result real-time judge, whether the node is under attack, if comparison result one
Cause, then judge that the node is not affected by attacking, if comparison result is inconsistent, judge that the node is under attack.Because to one
For knowing the wireless network of topological structure, the link-quality of its each node indicates that parameter is fixed, therefore can gather every
The link-quality of individual node indicates after parameter that execution step S2 to S4, the normalized particle distribution ladder for obtaining each node is bent
Line, and standard database is set up according to the normalized particle distribution staircase curve of all nodes of wireless network, so as in wireless network
In the actual transmissions data of network, with reference to the standard database, judged according to the Particle Distribution staircase curve of each node for obtaining
Whether the node is under attack.If because certain node in known topological structure is subject to other topological structures of same geographic area
In " spy " node attack such as data theft or when replicating, its link-quality indicates that parameter can be corresponding because being interfered
Change, thus the Particle Distribution staircase curve waveform for finally giving can also occur significantly change.It should be noted that because chain
The data volume of road quality indication parameter is very big, and current technology is difficult from the initial data of the link-quality instruction parameter for collecting
Waveform or further feature come whether decision node is under attack, and the present invention indicates that Parameter Switch is by the link-quality by collection
Particle Distribution staircase curve, can intuitively, quickly know chain on the premise of the initial data not to gathering makes any change
The change of road quality indication parameter, so as to judge whether egress is under attack in time, substantially increases the peace of wireless network
Quan Xing.
It is more than that the preferable enforcement to the present invention is illustrated, but the invention is not limited to the enforcement
Example, those of ordinary skill in the art can also make a variety of equivalent variations on the premise of without prejudice to spirit of the invention or replace
Change, the modification of these equivalents or replacement are all contained in the application claim limited range.
Claims (4)
1. a kind of wireless network attack detection method based on mathematical morphology, it is characterised in that include:
S1, gather the link-quality that each node of wireless network is produced in transmission data respectively using default sampling rate
Indicate parameter;
S2, the link-quality of each node for obtaining is indicated into that parameter is plotted in successively two-dimensional coordinate and fastens to form staircase curve
Figure;
S3, using the erosion computing in mathematical morphology, the staircase curve figure of each node is progressively corroded, while calculate obtaining every
Particulate fraction during secondary erosion;
S4, calculate each node all particulate fractions cumulative distribution function and the cumulative distribution function of acquisition is plotted in into two
Dimension coordinate is fastened and obtains Particle Distribution staircase curve;
S5, according to the Particle Distribution staircase curve of each node for obtaining, whether the real-time judge node under attack;
Step S3, including:
S31, calculate each node staircase curve figure subgraph region the gross area, and adopt the length of side for 1 unit square
As structural element;
S32, based on the erosion computing in mathematical morphology, gone using structural element in the staircase curve figure for corrode each node with
Structural element length identical subgraph region, while calculating the area in the subgraph region being etched;
The ratio of the gross area of the area and subgraph region in the subgraph region that S33, calculating are etched, and as this erosion
Particulate fraction;
S34, judge whether the staircase curve figure of the node corrodes and finish, if so, then terminate, otherwise in the level side of structural element
Increase after a unit square as new structural element upwards, and return to step S32.
2. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, it is characterised in that
Step S4, including:
S41, all particulate fractions of each node are arranged in order according to the length of structural element after calculate its cumulative distribution letter
Number;
S42, using the length of structural element as abscissa, cumulative distribution function value is used as ordinate, the cumulative distribution that will be obtained
Function is plotted in two-dimensional coordinate to be fastened and obtains Particle Distribution staircase curve.
3. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, it is characterised in that
Step S2, it is specially:
Using sampling sequence number as abscissa, link-quality indicates parameter as ordinate, by all chains of each node for obtaining
Road quality indication parameter is plotted in successively two-dimensional coordinate and fastens to form staircase curve figure.
4. a kind of wireless network attack detection method based on mathematical morphology according to claim 1, it is characterised in that
Step S5, it is specially:
By the normalized particle distribution corresponding with the node in standard database of the Particle Distribution staircase curve of each node for obtaining
Staircase curve is compared, so as to according to comparison result real-time judge, whether the node is under attack, if comparison result is consistent,
Judge that the node is not affected by attacking, if comparison result is inconsistent, judge that the node is under attack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410010848.2A CN103763703B (en) | 2014-01-09 | 2014-01-09 | Wireless network attack detection method based on mathematical morphology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410010848.2A CN103763703B (en) | 2014-01-09 | 2014-01-09 | Wireless network attack detection method based on mathematical morphology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103763703A CN103763703A (en) | 2014-04-30 |
| CN103763703B true CN103763703B (en) | 2017-05-10 |
Family
ID=50530848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410010848.2A Expired - Fee Related CN103763703B (en) | 2014-01-09 | 2014-01-09 | Wireless network attack detection method based on mathematical morphology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103763703B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101101A (en) * | 2016-06-13 | 2016-11-09 | 深圳先进技术研究院 | Wireless sensor network data compression method and system |
| CN108881277B (en) * | 2018-07-10 | 2021-04-16 | 广东工业大学 | Method, device and equipment for monitoring wireless sensor network node intrusion |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2211265A1 (en) * | 2009-01-19 | 2010-07-28 | Fujitsu Limited | Elliptic curve arithmetic processing unit and elliptic curve arithmetic processing program and method |
| CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
-
2014
- 2014-01-09 CN CN201410010848.2A patent/CN103763703B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2211265A1 (en) * | 2009-01-19 | 2010-07-28 | Fujitsu Limited | Elliptic curve arithmetic processing unit and elliptic curve arithmetic processing program and method |
| CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
Non-Patent Citations (1)
| Title |
|---|
| 《农作物虫害的机器检测与监测技术研究进展》;周志艳;《昆虫学报》;20101231;第53卷(第1期);第98-109页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103763703A (en) | 2014-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109302408B (en) | Network security situation assessment method | |
| CN106341414A (en) | Bayesian network-based multi-step attack security situation assessment method | |
| CN106209843A (en) | A kind of data flow anomaly towards Modbus agreement analyzes method | |
| CN105376255A (en) | Android platform intrusion detection method based on K-means cluster | |
| CN101383694A (en) | Defense method and system rejecting service attack based on data mining technology | |
| CN103581186A (en) | Network security situation awareness method and system | |
| CN101710848B (en) | Cooperative frequency spectrum sensing method based on fuzzy integral and optimization theory | |
| CN105119919A (en) | Attack behavior detection method based on flow abnormity and feature analysis | |
| CN112788066A (en) | Abnormal flow detection method and system for Internet of things equipment and storage medium | |
| CN104618908B (en) | The method and apparatus that distributed cognition wireless network is attacked anti-distort perception data | |
| CN109347823A (en) | A kind of CAN bus method for detecting abnormality based on comentropy | |
| CN104734916A (en) | Efficient multistage anomaly flow detection method based on TCP | |
| CN107864128B (en) | Network behavior based scanning detection method and device and readable storage medium | |
| CN106357434A (en) | Detection method, based on entropy analysis, of traffic abnormity of smart grid communication network | |
| CN103763703B (en) | Wireless network attack detection method based on mathematical morphology | |
| CN106330611A (en) | Anonymous protocol classification method based on statistical feature classification | |
| CN103401878B (en) | Frequency spectrum perception data tampering attack detection method | |
| CN111666652B (en) | Steam heating network steam trap inspection emission operation scheduling method and operation scheduling system | |
| CN117097569A (en) | Network security situation diagnosis method and system based on multi-node relevance | |
| Chen et al. | Quantitative threat assessment of denial of service attacks on service availability | |
| CN103686737A (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
| CN110086829A (en) | A method of Internet of Things unusual checking is carried out based on machine learning techniques | |
| CN101888296A (en) | Method, device, equipment and system for detecting shadow user | |
| CN111565201B (en) | Multi-attribute-based industrial internet security assessment method and system | |
| CN108881277A (en) | The method, device and equipment of monitoring wireless sensor network node invasion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170510 Termination date: 20220109 |