CN104702609A - Ad Hoc network route intrusion detecting method based on friend mechanism - Google Patents
Ad Hoc network route intrusion detecting method based on friend mechanism Download PDFInfo
- Publication number
- CN104702609A CN104702609A CN201510111439.6A CN201510111439A CN104702609A CN 104702609 A CN104702609 A CN 104702609A CN 201510111439 A CN201510111439 A CN 201510111439A CN 104702609 A CN104702609 A CN 104702609A
- Authority
- CN
- China
- Prior art keywords
- local
- sent
- data
- module
- hoc network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an Ad Hoc network route intrusion detecting method based on a friend mechanism and relates to the field of mobile Ad Hoc networks. The method comprises following steps that a local intrusion detecting device rapidly identifies primary friend nodes; a global intrusion detecting device performs comprehensive detection on the primary friend nodes to finally determine whether the nodes are real friend nodes and to generate the trust level of every friend node. The Ad Hoc network route intrusion detecting method based on the friend mechanism can rapidly detect attacks, save source cost of the nodes, shorten the residence time of malicious nodes inside an Ad Hoc network and effectively improve the safety of the entire Ad Hoc network.
Description
Technical field
The present invention relates to mobile Ad Hoc network field, specifically relate to a kind of mobile Ad Hoc network route intrusion detection method based on friend's mechanism.
Background technology
Mobile Ad Hoc network is a kind of wireless multi-hop peer-to-peer network without the need to infrastructure, self-organizing, network topology dynamic change, have quickly networking, configure conveniently, cost is low, survivability can wait advantage well, in mobile Ad Hoc network, each node is a router simultaneously.More and more extensive in the application of the occasions such as tactical communication, business civil area, rescue and relief work.But, compare with other networks, bring the multiple new problems such as internode collaboration, route, safety just because of its exclusive characteristic to mobile ad hoc network.Wherein, the maintenance of suitable route and routing iinformation is selected to be to provide the basis of proper network service, particularly important to the maintenance of network topology.In mobile Ad Hoc network, any node all may participate in route, is easy to the attack suffering outside or inside, and therefore routing safety research is one of key issue of further developing of mobile Ad Hoc network.Although as technology extensive use in MANET routing safety such as encryption, certification of intrusion prevention mechanism, helpless to the attack from network internal, this just needs behavioral value and response technology to complement one another with it, jointly ensures routing safety.
Summary of the invention
The object of the invention is the deficiency in order to overcome above-mentioned background technology, a kind of mobile Ad Hoc network route intrusion detection method based on friend's mechanism is provided, attack can be detected fast, accurately, save the resource overhead of node, shorten the residence time of malicious node in mobile Ad Hoc network, effectively improve the fail safe of whole mobile Ad Hoc network.
The invention provides a kind of mobile Ad Hoc network route intrusion detection method based on friend's mechanism, comprise the following steps:
The monitoring of A, local collector unit, based on the data source of Ad Hoc network, is collected the initial data needed for intrusion detection, and the initial data of collection is sent to local Audit Module; Local Audit Module carries out feature extraction and preliminary treatment to initial data, be the form of local abnormality detection module and local misuse detection module demand by the format conversion of initial data, and the data after format transformation sent to local abnormality detection module, local misuse detection module and local feedback module; Local abnormality detection module carries out abnormality test according to support vector machines algorithm to data, and test result is sent to local feedback module, local misuse detection module carries out misuse test according to SVM algorithm to data, and test result is sent to local feedback module, forwards step B to;
According to when there is malicious node in test result decision network in B, local feedback module, intrusion alarm is sent to local response unit, and generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to local outline data storehouse, forwards step C to;
The intrusion alarm that local feedback module is sent by C, local response unit is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node, forwards step D to;
The elementary list of friends that local feedback module is sent by D, local outline data storehouse and data send to overall collector unit through global detection interface, send to overall Audit Module, forward step e to through overall collector unit;
E, overall Audit Module carry out feature extraction and preliminary treatment to the data that overall collector unit is sent, be the form of global abnormal detection module and overall situation misuse detection module demand by the format conversion of data, and the data after format transformation sent to global abnormal detection module and overall situation misuse detection module; Global abnormal detection module carries out abnormality test according to SVM algorithm to data, and test result is sent to global feedback module, overall situation misuse detection module carries out misuse test according to SVM algorithm to data, and test result is sent to global feedback module, forwards step F to;
When F, global feedback module judge to there is malicious node in Ad Hoc network according to test result, send intrusion alarm to overall response unit, and generate direct list of friends, forward step G to;
The intrusion alarm that global feedback module is sent by G, overall response unit is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node, forwards step H to;
In the elementary list of friends that H, global feedback module are sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, and direct list of friends and indirect list of friends are sent to overall situation ballot unit, overall situation ballot unit according to the relation of direct friend and indirect friend to each nodes vote, determine the reliability rating that each node is final, and generate reliability rating table, reliability rating table is sent to overall outline data library storage, terminates.
On the basis of technique scheme, step B is further comprising the steps of: when local feedback module judges there is not malicious node in Ad Hoc network according to test result, generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to local outline data storehouse, forwards step D to.
On the basis of technique scheme, step F is further comprising the steps of: when global feedback module judges there is not malicious node in Ad Hoc network according to test result, generate direct list of friends, forward step H to.
Compared with prior art, advantage of the present invention is as follows:
(1) the present invention first identifies elementary friend's node fast by local invasion detecting device, by overall invasion detecting device, comprehensive detection is carried out to elementary friend's node again, finally determine whether node is real friend's node, and generate the reliability rating of each friend's node, can fast detecting go out to attack, save the resource overhead of node, shorten the residence time of malicious node in Ad Hoc network, effectively improve the fail safe of whole Ad Hoc network.
(2) the present invention adopts friend's mechanism, node in network is divided into direct friend and indirect friend, by the intercommunication cooperative relationship of direct friend and indirect friend, effectively resist the malicious act of selfish node and collusion deception node in the decision-making power problem and network that between node, each sticks to his own view causes, effectively improve the reliability detected.
(3) the present invention does not need the support of the complex technologys such as signature management, trust management and detecting and alarm predefine when detecting, by using SVM (Support Vector Machine, SVMs) algorithm and friend mechanism, rapidly and efficiently can select correlative character from mass of redundancy data, system resources in computation consumption is lower, real-time, flexibility is high.
Accompanying drawing explanation
Fig. 1 is the flow chart based on the mobile Ad Hoc network route intrusion detection method of friend's mechanism in the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
Shown in Figure 1, the embodiment of the present invention provides a kind of Ad Hoc network route intrusion detection method based on friend's mechanism, comprises the following steps:
The monitoring of S1, local collector unit, based on the data source of Ad Hoc network, is collected the initial data needed for intrusion detection, and the initial data of collection is sent to local Audit Module; Local Audit Module carries out feature extraction and preliminary treatment to initial data, be the form of local abnormality detection module and local misuse detection module demand by the format conversion of initial data, and the data after format transformation sent to local abnormality detection module, local misuse detection module and local feedback module; Local abnormality detection module carries out abnormality test according to support vector machines algorithm to data, and test result is sent to local feedback module, local misuse detection module carries out misuse test according to SVM algorithm to data, and test result is sent to local feedback module, forwards step S2 to.
S2, local feedback module judge whether there is malicious node in network according to test result, if there is malicious node, then send intrusion alarm to local response unit, and generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to local outline data storehouse, forwards step S3 to; If there is not malicious node, then generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to local outline data storehouse, forwards step S4 to.
The intrusion alarm that local feedback module is sent by S3, local response unit is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node, forwards step S4 to.
The elementary list of friends that local feedback module is sent by S4, local outline data storehouse and data send to overall collector unit through global detection interface, send to overall Audit Module, forward step S5 to through overall collector unit.
S5, overall Audit Module carry out feature extraction and preliminary treatment to the data that overall collector unit is sent, be the form of global abnormal detection module and overall situation misuse detection module demand by the format conversion of data, and the data after format transformation sent to global abnormal detection module and overall situation misuse detection module; Global abnormal detection module carries out abnormality test according to SVM algorithm to data, and test result is sent to global feedback module, overall situation misuse detection module carries out misuse test according to SVM algorithm to data, and test result is sent to global feedback module, forwards step S6 to.
S6, global feedback module judge whether there is malicious node in Ad Hoc network according to test result, if there is malicious node, then send intrusion alarm to overall response unit, and generate direct list of friends, forward step S7 to; If there is not malicious node, then generate direct list of friends, forward step S8 to.
The intrusion alarm that global feedback module is sent by S7, overall response unit is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node, forwards step S8 to.
In the elementary list of friends that S8, global feedback module are sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, and direct list of friends and indirect list of friends are sent to overall situation ballot unit, overall situation ballot unit according to the relation of direct friend and indirect friend to each nodes vote, determine the reliability rating that each node is final, and generate reliability rating table, reliability rating table is sent to overall outline data library storage, terminates.
Those skilled in the art can carry out various modifications and variations to the embodiment of the present invention, if these amendments and modification are within the scope of the claims in the present invention and equivalent technologies thereof, then these revise and modification also within protection scope of the present invention.
The prior art that the content do not described in detail in specification is known to the skilled person.
Claims (3)
1., based on a mobile Ad Hoc network route intrusion detection method for friend's mechanism, it is characterized in that, comprise the following steps:
The monitoring of A, local collector unit, based on the data source of Ad Hoc network, is collected the initial data needed for intrusion detection, and the initial data of collection is sent to local Audit Module; Local Audit Module carries out feature extraction and preliminary treatment to initial data, be the form of local abnormality detection module and local misuse detection module demand by the format conversion of initial data, and the data after format transformation sent to local abnormality detection module, local misuse detection module and local feedback module; Local abnormality detection module carries out abnormality test according to support vector machines algorithm to data, and test result is sent to local feedback module, local misuse detection module carries out misuse test according to SVM algorithm to data, and test result is sent to local feedback module, forwards step B to;
According to when there is malicious node in test result decision network in B, local feedback module, intrusion alarm is sent to local response unit, and generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to local outline data storehouse, forwards step C to;
The intrusion alarm that local feedback module is sent by C, local response unit is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node, forwards step D to;
The elementary list of friends that local feedback module is sent by D, local outline data storehouse and data send to overall collector unit through global detection interface, send to overall Audit Module, forward step e to through overall collector unit;
E, overall Audit Module carry out feature extraction and preliminary treatment to the data that overall collector unit is sent, be the form of global abnormal detection module and overall situation misuse detection module demand by the format conversion of data, and the data after format transformation sent to global abnormal detection module and overall situation misuse detection module; Global abnormal detection module carries out abnormality test according to SVM algorithm to data, and test result is sent to global feedback module, overall situation misuse detection module carries out misuse test according to SVM algorithm to data, and test result is sent to global feedback module, forwards step F to;
When F, global feedback module judge to there is malicious node in Ad Hoc network according to test result, send intrusion alarm to overall response unit, and generate direct list of friends, forward step G to;
The intrusion alarm that global feedback module is sent by G, overall response unit is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node, forwards step H to;
In the elementary list of friends that H, global feedback module are sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, and direct list of friends and indirect list of friends are sent to overall situation ballot unit, overall situation ballot unit according to the relation of direct friend and indirect friend to each nodes vote, determine the reliability rating that each node is final, and generate reliability rating table, reliability rating table is sent to overall outline data library storage, terminates.
2. as claimed in claim 1 based on the mobile Ad Hoc network route intrusion detection method of friend's mechanism, it is characterized in that: step B is further comprising the steps of: when local feedback module judges there is not malicious node in Ad Hoc network according to test result, generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to local outline data storehouse, forwards step D to.
3. as claimed in claim 1 based on the mobile Ad Hoc network route intrusion detection method of friend's mechanism, it is characterized in that: step F is further comprising the steps of: when global feedback module judges there is not malicious node in Ad Hoc network according to test result, generate direct list of friends, forward step H to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510111439.6A CN104702609B (en) | 2015-03-13 | 2015-03-13 | Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510111439.6A CN104702609B (en) | 2015-03-13 | 2015-03-13 | Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104702609A true CN104702609A (en) | 2015-06-10 |
CN104702609B CN104702609B (en) | 2017-07-25 |
Family
ID=53349378
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510111439.6A Expired - Fee Related CN104702609B (en) | 2015-03-13 | 2015-03-13 | Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104702609B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105915513A (en) * | 2016-04-12 | 2016-08-31 | 内蒙古大学 | Method and device for searching malicious service provider of combined service in cloud system |
CN107800631A (en) * | 2016-09-07 | 2018-03-13 | 特拉维夫迈络思科技有限公司 | It is effectively matched using the TCAM of the hash table in RAM is regular |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217396A (en) * | 2007-12-29 | 2008-07-09 | 华中科技大学 | An Ad hoc network invasion detecting method and system based on trust model |
CN101340292A (en) * | 2008-08-07 | 2009-01-07 | 上海交通大学 | Invasion detection method of radio self-organization network |
CN103002438A (en) * | 2011-09-15 | 2013-03-27 | 中国人民解放军总参谋部第六十一研究所 | Network behavior monitoring method based on support vector machine (SVM) and trust control |
CN103107911A (en) * | 2011-11-11 | 2013-05-15 | 无锡南理工科技发展有限公司 | Mixed type self-adaption mobile network intrusion detection system |
US20130335219A1 (en) * | 2012-05-07 | 2013-12-19 | Integrated Security Corporation | Intelligent sensor network |
-
2015
- 2015-03-13 CN CN201510111439.6A patent/CN104702609B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217396A (en) * | 2007-12-29 | 2008-07-09 | 华中科技大学 | An Ad hoc network invasion detecting method and system based on trust model |
CN101340292A (en) * | 2008-08-07 | 2009-01-07 | 上海交通大学 | Invasion detection method of radio self-organization network |
CN103002438A (en) * | 2011-09-15 | 2013-03-27 | 中国人民解放军总参谋部第六十一研究所 | Network behavior monitoring method based on support vector machine (SVM) and trust control |
CN103107911A (en) * | 2011-11-11 | 2013-05-15 | 无锡南理工科技发展有限公司 | Mixed type self-adaption mobile network intrusion detection system |
US20130335219A1 (en) * | 2012-05-07 | 2013-12-19 | Integrated Security Corporation | Intelligent sensor network |
Non-Patent Citations (2)
Title |
---|
李红宁 等: ""认知无线网络中收敛感知算法安全性检测"", 《西安电子科技大学学报(自然科学版)》 * |
裴伟东 等: ""利用朋友机制生成一类无标度网络"", 《吉林大学学报(信息科学版)》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105915513A (en) * | 2016-04-12 | 2016-08-31 | 内蒙古大学 | Method and device for searching malicious service provider of combined service in cloud system |
CN105915513B (en) * | 2016-04-12 | 2019-01-04 | 内蒙古大学 | The lookup method and device of the malicious service supplier of composite services in cloud system |
CN107800631A (en) * | 2016-09-07 | 2018-03-13 | 特拉维夫迈络思科技有限公司 | It is effectively matched using the TCAM of the hash table in RAM is regular |
Also Published As
Publication number | Publication date |
---|---|
CN104702609B (en) | 2017-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Mittal et al. | Analysis of security and energy efficiency for shortest route discovery in low‐energy adaptive clustering hierarchy protocol using Levenberg‐Marquardt neural network and gated recurrent unit for intrusion detection system | |
CN109922162B (en) | Flat building equipment Internet of things monitoring system and method based on block chain | |
Maleh et al. | A global hybrid intrusion detection system for wireless sensor networks | |
Davoody-Beni et al. | Application of IoT in smart grid: Challenges and solutions | |
Sedjelmaci et al. | An efficient intrusion detection framework in cluster‐based wireless sensor networks | |
Wazid et al. | RAD‐EI: A routing attack detection scheme for edge‐based Internet of Things environment | |
CN111404914A (en) | Ubiquitous power Internet of things terminal safety protection method under specific attack scene | |
Beigi-Mohammadi et al. | An intrusion detection system for smart grid neighborhood area network | |
Han et al. | Intrusion detection algorithm based on neighbor information against sinkhole attack in wireless sensor networks | |
Venkatachalam et al. | Cross-layer hidden Markov analysis for intrusion detection | |
Singh et al. | PCTBC: Power control tree-based cluster approach for sybil attack in wireless sensor networks | |
Vegesna | Incorporating Wireless Sensor Networks and the Internet of Things: A Hierarchical and Security-Based Analysis | |
Kadam et al. | Performance investigation of DMV (detecting malicious vehicle) and D&PMV (detection and prevention of misbehave/malicious vehicles): Future road map | |
Ahamed Ahanger et al. | Distributed Blockchain‐Based Platform for Unmanned Aerial Vehicles | |
Akhtar et al. | Classification of selfish and regular nodes based on reputation values in MANET using adaptive decision boundary | |
CN104702609A (en) | Ad Hoc network route intrusion detecting method based on friend mechanism | |
Ambili et al. | A secure software defined networking based framework for IoT networks | |
Vamsi et al. | Secure data aggregation and intrusion detection in wireless sensor networks | |
Sharma et al. | Secure and reliable resource allocation and caching in aerial-terrestrial cloud networks (ATCNs) | |
Lalar et al. | An efficient tree-based clone detection scheme in wireless sensor network | |
Zhou et al. | An energy-efficient random verification protocol for the detection of node clone attacks in wireless sensor networks | |
CN106411916A (en) | Internet of things security group communication method | |
Karim et al. | Fault tolerant, energy efficient and secure clustering scheme for mobile machine‐to‐machine communications | |
CN104702610A (en) | Routing intrusion detection system for mobile Ad-Hoc network | |
Kumar et al. | A Survey on Advance Black/Grey hole Detection and Prevention Techniques in DSR & AODV Protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170725 Termination date: 20190313 |
|
CF01 | Termination of patent right due to non-payment of annual fee |