CN105429939A - Intrusion detection method of radio frequency identification system based on ontology - Google Patents
Intrusion detection method of radio frequency identification system based on ontology Download PDFInfo
- Publication number
- CN105429939A CN105429939A CN201510701560.4A CN201510701560A CN105429939A CN 105429939 A CN105429939 A CN 105429939A CN 201510701560 A CN201510701560 A CN 201510701560A CN 105429939 A CN105429939 A CN 105429939A
- Authority
- CN
- China
- Prior art keywords
- label
- information point
- static
- frequency identification
- radio frequency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Radar Systems Or Details Thereof (AREA)
Abstract
The invention provides an intrusion detection method of a radio frequency identification system based on ontology. Based on an ontology semantic definition rule, a radio frequency identification intrusion detection system and a method of a two-grade defense system are established with the combination of the tracking of radio frequency identification tags and the positioning technology. To accomplish the design of the method, the invention specifically brings forward an ontology-based inference engine to provide the inference capability of tag clone for the radio frequency identification intrusion detection system. By employing the tracking of the radio frequency identification tags and the positioning technology, a model with the combination of semantic position and physical position is designed to fight against tag clone. An advanced engine based on the ontology semantic rule can provide an advanced automatic inference capability for a radio frequency identification misuse detection system (RIDS). When a tag object is duplicated, or a clone attack occurs, the engine can accurately provide the formalized model for intrusion detection.
Description
Technical field
For RFID tag cloning attack problem day by day serious in radio-frequency recognition system, the present invention devises a kind of radio-frequency recognition system label cloning attack intruding detection system based on ontology semantical definition rule, and devise a kind of method that can clone's label is followed the trail of and be located, the invention belongs to the network security domain of definition.
Background technology
Along with the development of computer and technology of Internet of things, radio-frequency recognition system obtains lasting development, and different application types is constantly in increase, and in numerous application scenarios, the safety problem of most challenge is label clone.In order to tackle this threat, researcher is mainly through tag encryption, and authentication and these three kinds of countermeasures of access control are dealt with.
The execution degree of difficulty of this several countermeasure, needs, at label cost, to weigh between level of security and hardware capability.But, those big companies having huge scale terminal use but encourage developer to reduce the cost of label, therefore, between the electricity that low cost label is limited, and its limited Storage and Processing resource capability, want to utilize this countermeasure of enhancing tag encryption algorithm to deal with label clone and be difficult to realize.In addition, in order to be supplied to the enough electric power of encrypted component, labeling requirement is read in shorter distance, and this will reduce the read rate of card reader greatly.Although had a lot of improved plan for above-mentioned scheme, still have large quantity research to point out, this scheme can not protect label not to be subjected to cloning attack thoroughly.
First, this solution is unsafe in itself, in radio-frequency recognition system, the limited function of label causes it to become a ring the most weak in whole system chain: assailant utilizes simple equipment and technology can break through the security protection of radio-frequency (RF) identification easily.In addition, under the prerequisite not improving label cost, a kind of intrinsically safe RFID tag can not be developed and solve all known bugs.Secondly, existing solution mainly concentrates on and prevents label from cloning, and does not relate to the advanced prevention to label clone.Emphasis point of the present invention is then real-time detectability when being by providing label cloning attack to occur, and provides a kind of label cloning attack intrusion detection method of radio-frequency recognition system.
Ontology is philosophical concept, and it is the philosophia perennis of the essence that research exists.But in nearly decades, this word is applied to computer circle, and plays more and more important effect in artificial intelligence, computer language and data base theory.Have now been formed one of a computer science aspect about building the method for body and the methodological emerging domain of definition.
Body is the normative document of a formal definitions words and phrases relation, and a complete body needs to have a taxonomic hierarchies and a series of reasoning principle, and the easy steps building body is:
Step 1: list the entry involved by research topic
Step 2: carry out concluding and revising according to the build-in attribute of entry and exclusive feature, class and hierarchical disaggregated model are set up to entry
Step 3: add relationship entry and disaggregated model
Step 4: as required, adds the object of example as concept
By the reasoning principle of body, can complete the detection of radio frequency identification label cloning attack in radio-frequency recognition system, the intrusion detection method proposed for the present invention provides powerful misuse to detect inferential capability.In this programme, provide one based on ontological intrusion detection method, the method carrys out tags detected clone by the integrated information deriving from radio frequency identification middleware.Concretely, propose a kind of semantic address and physical address of utilizing and complete reviewing of radio frequency identification label and location technology, realize the misuse detection method of a radio-frequency recognition system.This method is based on following 2 points: (1) utilizes ontological semantic rules to set up one about " RFID tag is reviewed and located " model, (2) utilize ontology to obtain the discernible formalization statement of computer, set up the defense system of a two-stage to resist label clone.Combining RF identification tag review and location technology utilizes ontological semantic rules to build a reasoning detecting and alarm, this engine can be supplied to the advanced automated reasoning ability of misuse detection system one and define " RFID tag is reviewed and located " model, is used for inferring whether real label suffers cloning attack.
Summary of the invention
Technical problem: the object of this invention is to provide a kind of based on ontological radio-frequency recognition system intrusion detection method, can Real-Time Monitoring and identify clone's label in radio-frequency recognition system, utilize information checking mutual between multidate information point and static information point, the tag reader identified in radio-frequency recognition system is abnormal, and then completes the detection of label cloning attack in radio frequency recognition system.
Technical scheme: method of the present invention utilizes reviewing and location technology of RFID tag, build a secondary label clone defense mechanism, with ontological semantic rules, formal statement is carried out and modeling to this mechanism, and use this model to design and infer engine accordingly, carry out the detection of label cloning attack in radio frequency recognition system.
One, architecture
Intrusion detection comprises two kinds of basic detection methods: abnormality detection and misuse detect.The target of abnormality detection is, the behavior of definition and description user, and rely on and set up index, the deviation by quantifying detects abnormal behaviour.Misuse detects and then relates to another function, the normal behaviour of more known user and attack behavior, and it is formally established in different models.
The mechanism that the method choice that the present invention proposes adopts misuse to detect carries out intrusion detection, and this kind of method depends on a misuse based on ontology semantic rules and detect application program and be identified in label clone behavior in radio-frequency recognition system.Analysis the method builds misuse testing mechanism based on following points reason: (1) can be understood for the things generation forming label clone scene clearly based on the misuse detection system of ontology semantic rules, reduces the rate of false alarm of detection thus.(2) testing result can obtain showing more intuitively, when user needs computer language formalization to state the information obtained, this inferential capability just needing this misuse detection system to have to judge that whether label is legal, and then Audit data is processed simply and effectively.
Misuse detection utilizes reviewing of RFID tag and location technology to meet the following demand of intruding detection system: in the physical location situation of known legitimate label, detect the clone's label in radio-frequency recognition system in real time.Reviewing of RFID tag refers to by radio-frequency (RF) identification supply chain with location, produces and store the intrinsic behavioral characteristics of RFID tag.These behavioral characteristics can build one and utilize the label object that position event is relevant, and complete the retrieval in tracking system.Except above-mentioned behavioral characteristics, label object also has corresponding static nature.The fixed route composition information point provided in radio-frequency (RF) identification supply chain, in addition, information point can also refer to the regular service conditions making label object.The information of above-mentioned all generations all can contribute in record of the audit.Concept hierarchy carries out the structure of domain of definition ontology model, and concrete structure information is shown in method flow.
Two, method flow
The idiographic flow of the reasoning clone label invasion in this intrusion detection method is as follows:
Step 1: the data in treatment and analysis record of the audit, completes the initial analysis read and write data in radio frequency recognition system, according to the data record comprised in audit, sets following detected rule:
1) determine near radio-frequency identification reader and carried out the physical address of the label of read-write operation,
2) when the physical address detected does not belong in original information point, add a new multidate information point, this new information point also need by the use form that extracts from record of the audit and correlation time stamp carry out characterization;
3) when the physical address detected belongs in existing information point, upgrade in time existing multidate information point, but now a new read-write operation completes, and original information point by the new use form extracted from record of the audit and correlation time stamp carry out characterization;
4) when detecting that physical address belongs to an existing information point, upgrade the use form in existing multidate information point, read-write operation completes before, the read-write operation that existing information point will be stabbed and just carried out update time;
Step 2: perform first order label filtration, utilizes the detected rule in step 1 to detect in system to have the RFID tag of invalid sequence number;
Step 3: perform second level label filtration, the RFID tag having invalid sequence number detected in step 2 is screened further, accurately judge that whether these labels are clone's labels, according to the data be stored in dynamic and static state object, set following detected rule:
1) in a very short time window, there are two the different multidate information of not bordering on physical address points at least simultaneously, then infer that label is cloned;
2) a multidate information point has appeared in a static object, and on geographical position, its discord static information point is bordered on, then infer that label is cloned;
3) a multidate information point has appeared in a static object, and on geographical position, it and static information point are bordered on, then infer that label suffers cloning attack;
4) when the use form of a multidate information point does not conform to its corresponding static information point service condition, and read-write operation number is in an admissible threshold value, then infer that label suffers cloning attack.
Ontological semantic rules is utilized to construct " RFID tag is reviewed and located " model
" RFID tag is reviewed and located " model specifies out Static and dynamic object, position with a kind of uniqueness and the mode shared, and the information such as record of the audit.But conveniently inference technology is applied to and compares label Static and dynamic object part, and these information must be showed by formal with machine-readable form with good definition.
Therefore, we will define a body and describe " RFID tag is reviewed and located " model, and model covers related notion, attribute and relation.The semantic criteria of this body are network ontology language (WebOntologyLanguage, OWL), are subdivided into four logical gates clearly, and called after " is reviewed and locates ".Next four logical gates are described respectively:
(1) the static object model of label, as shown in Figure 1, each concept and lower categorical conception thereof carry out complete enumerating in detail to the frame diagram of body in Table 1, the concrete domain of definition comprises: RFID tag object, static path, static information point, user's service condition, semantic address.
(2) dynamic object model of label, as shown in Figure 2, each concept and lower categorical conception thereof to carry out complete enumerating in detail to the frame diagram of body in table 2.The concrete domain of definition comprises: RFID tag object, dynamic route, multidate information point, user's type of service, physical address.
(3) address information model, as shown in Figure 3, each concept and lower categorical conception thereof to carry out complete enumerating in detail to the frame diagram of body in table 3.The concrete domain of definition comprises: semantic address, physical address, radio-frequency identification reader, building, room.
(4) record of the audit model, as shown in Figure 4, each concept and lower categorical conception thereof to carry out complete enumerating in detail to the frame diagram of body in table 4.The concrete domain of definition comprises: record of the audit.
So far, the ontology-based semantic model of whole " RFID tag is reviewed and located " builds complete, the domain model built utilizes network ontology language generate rule to be a .owl file, the reasoning from logic engine proposed by M.Esposito is inserted in this ontology model, the domain of definition knowledge-based reasoning process be stored in ontology knowledge base can show by this engine, thus makes this model can complete the reasoning process of clone's label detection.
Beneficial effect: the present invention proposes a kind of based on ontology semantical definition rule, utilize reviewing and location in semantic address and physical address radio frequency identification label completion system, and build the intrusion detection method of a secondary defense system, under the prerequisite not improving label cost, effectively complete the Real-Time Monitoring of radio frequency recognition system and the identification to label cloning attack.Be specifically described below.
Low cost: a lot of research center of gravity for RFID tag safety is all conceived to strengthen the cryptographic algorithm of label and improve at present, but between the electricity that low cost label is limited, and low Storage and Processing resource capability, want to utilize strengthen this countermeasure of tag encryption algorithm deal with label clone be very be difficult to realize, if rely on the fail safe of this mode to label to promote, the production cost of label will increase greatly, the intrusion detection method that the present invention proposes is then when not improving label cost, provide one based on ontological radio-frequency (RF) identification intruding detection system (RIDS), this system carrys out tags detected clone by the integrated information deriving from radio frequency identification middleware, this intrusion detection method has accomplished advanced prevention to label cloning attack.
Fail safe: in the settling mode of the label of high cost, due to its tag storage amount, data-handling capacity is relatively strong, and developer designs some schemes to resist label cloning attack, as tag deactivations, cryptographic algorithm, authentication and Hash codes.But, cannot confirm whether cryptographic algorithm can accomplish the protection of radio frequency identification label thoroughly.In the settling mode of low cost label, between its less tag storage amount and size restrictions, the solution being similar to the so complicated cryptographic algorithm of hash function cannot be used in low cost label, in order to address this problem, some do not need the lightweight encryption algorithm of hash function to be in succession suggested, and fact proved the cracking of the cryptographic algorithm of these lightweights person more open to attack.The intrusion detection method that this programme proposes then can solve the problem that label is cracked completely, in target radio frequency recognition system, the inference engine utilizing the method to design a radio frequency identification label to carry out reviewing and locating, the appearance of clone's label can be identified fast in systems in which, and then in time illegal label cleared up or freeze.
Accompanying drawing explanation
Fig. 1 is static object model ontology Organization Chart,
Fig. 2 is dynamic object model body frame composition,
Fig. 3 is address information model ontology Organization Chart,
Fig. 4 is address information model ontology Organization Chart,
Fig. 5 is semantic address and physical address division figure in radio-frequency recognition system.
Embodiment
The idiographic flow of the reasoning clone label invasion in this intrusion detection method is as follows:
Step 1: the data in treatment and analysis record of the audit, completes the initial analysis read and write data in radio frequency recognition system, according to the data record comprised in audit, sets following detected rule:
1) determine near radio-frequency identification reader and carried out the physical address of the label of read-write operation,
2) when the physical address detected does not belong in original information point, add a new multidate information point, this new information point also need by the use form that extracts from record of the audit and correlation time stamp carry out characterization;
3) when the physical address detected belongs in existing information point, upgrade in time existing multidate information point, but now a new read-write operation completes, and original information point by the new use form extracted from record of the audit and correlation time stamp carry out characterization;
4) when detecting that physical address belongs to an existing information point, upgrade the use form in existing multidate information point, read-write operation completes before, the read-write operation that existing information point will be stabbed and just carried out update time;
Step 2: perform first order label filtration, utilizes the detected rule in step 1 to detect in system to have the RFID tag of invalid sequence number;
Step 3: perform second level label filtration, the RFID tag having invalid sequence number detected in step 2 is screened further, accurately judge that whether these labels are clone's labels, according to the data be stored in dynamic and static state object, set following detected rule:
1) in a very short time window, there are two the different multidate information of not bordering on physical address points at least simultaneously, then infer that label is cloned;
2) a multidate information point has appeared in a static object, and on geographical position, its discord static information point is bordered on, then infer that label is cloned;
3) a multidate information point has appeared in a static object, and on geographical position, it and static information point are bordered on, then infer that label suffers cloning attack;
4) when the use form of a multidate information point does not conform to its corresponding static information point service condition, and read-write operation number is in an admissible threshold value, then infer that label suffers cloning attack.
Set up RFID tag to review and location model
By the feature of foregoing description, can build the intrusion detection mechanism of a two-stage, wherein first order defence can detect all invalid tag serial number.Second level defence can detect the label object being introduced into radio-frequency (RF) identification supply chain, whether has been subjected to cloning attack.
In first order defence, the scene that clone's label is detected is as follows:
(1) legal label appears at different positions simultaneously.
At synchronization, the multiple RFID tag having same ID are detected simultaneously in a radio-frequency (RF) identification supply chain.
(2) legal label moves past in rapidly in the transfer of radio-frequency (RF) identification supply chain.
At synchronization, a RFID tag is detected a position, but next interval very short moment has appeared at another one apart from far position.
In the defence of the second level, by as follows for the scene that the illegal label in cloning attack regarded as by a legal label:
(1) legitimate tag is moving according to off path in radio-frequency (RF) identification supply chain.
Label is not moving according to the static fixed route of radio-frequency (RF) identification supply chain definition, and such as, in market, label for clothing moves to the toilet in market from the warehouse of clothes shop.
The mode of (2) legitimate tag with exception in radio-frequency (RF) identification supply chain is utilized.
In a specific time, the RFID tag of same ID is detected too continually, considerably beyond its expection use amount.
In order to each dynamic and static state feature about label object is carried out formalization statement, the RFID tag that this method sets up a physically based deformation position and semantic locations is reviewed and location model.
Physical location is used to determine an accurate area, the landmark near needing.Use semantic locations then to mean, a geographical position covers more physical location usually.For radio-frequency recognition system, physical location refers to the area covered by radio-frequency identification reader, and semantic locations can be then a country, a city, a building, room in a building etc.According to the typical apply of REID in indoor, define the indoor environment semantic locations that some are general, namely build, room, corridor etc., these semantic locations are associated with on-site city and country.
The static object of each correlation tag object represents the fixed route of an information point, and these objects are all be made up of the semantic locations in radio-frequency (RF) identification supply chain.Each information point has concrete information to describe out, this extremely careful standardization is absolutely necessary, such as, a label object is placed on one and is positioned in a room of Nanjing clothes shop, if detect that this room is not that room as expected, so just, mean, this label may be subjected to replication attacks.
The dynamic object of each correlation tag object then represents the expansion path of an information point, and these objects are all be made up of the physical location in radio-frequency (RF) identification supply chain.Physical location can, by the read-write operation of radio-frequency (RF) identification, utilize record of the audit to infer.The logical construction of a typical record of the audit is as follows: label ID, Reader ID, and radio-frequency (RF) identification operates, timestamp.The physical location having carried out the RFID tag object of read-write operation at reader can be inferred by these data.
In order to determine the corresponding physical location of which semantic locations.Semantic locations is subdivided into a lot of physical location, in order to the Minimum Area representing that a RFID tag can be localized.Instantiation, as shown in Figure 5, the wherein plane perspective view of a part representative building, b part represents the corresponding architectural perspective of physical address that each radio-frequency identification reader covers, and c part represents the corresponding architectural perspective in semantic address corresponding to physical location.
Carry out specification division by such as figure mode, from record of the audit, physical location accurately can be obtained, and identify rapidly the semantic locations corresponding to label object, thus verify the consistency of the static action representated by it.In addition, the information point of service condition and each static object of expecting is also needed to be associated: such as, in the warehouse being positioned at Nanjing clothes shop, the reading ID of a RFID tag object has exceeded the threshold value of a normal behaviour, so this label has probably been subjected to cloning attack, and carries out fraudulent read-write operation.
Table 1 is static object model specific rules Verbose Listing,
| Role | The domain of definition | Codomain | Backward attribute | Transitivity |
| Have static information point | Static path | Static information point | It is its static information point | No |
| Have static path ID | Static path | Data type: character string | - | - |
| Be associated | Static path | RFID tag object | Have static path | No |
| Have service condition | Static information point | Service condition | It is its service condition | No |
| Have semantic address | Static information point | Semantic address | It is its semantic address | No |
| Have static information point ID | Static information point | Data type: character string | - | - |
| Have label ID | RFID tag object | Data type: character string | - | - |
| Have label data | RFID tag object | Data type: character string | - | - |
| Have semantic address name | Semantic address | Data type: character string | - | - |
| Have service condition title | Service condition | Data type: character string | - | - |
| Have maximum | Service condition | Data type: character string | - | - |
Table 2 is dynamic object model specific rules Verbose Listings,
| Role | The domain of definition | Codomain | Backward attribute | Transitivity |
| Have multidate information point | Dynamic route | Multidate information point | It is its multidate information point | No |
| Have dynamic route ID | Dynamic route | Data type: character string | - | - |
| Be associated | Dynamic route | RFID tag object | Have dynamic route | No |
| Have type of service | Multidate information point | Type of service | It is its type of service | No |
| Have physical address | Multidate information point | Physical address | It is its physical address | No |
| Have operation counter | Type of service | Data type: integer | - | - |
| Have timestamp | Type of service | Data type: time | - | - |
| Have label ID | RFID tag object | Data type: character string | - | - |
| Have label data | RFID tag object | Data type: character string | - | - |
| Have effective ID | RFID tag object | Data type: Boolean type | - | - |
| Be cloned | RFID tag object | Data type: Boolean type | - | - |
| Attacked | RFID tag object | Data type: Boolean type | - | - |
| Have physics address ID | Physical address | Data type: character string | - | - |
Table 3 is address information model specific rules Verbose Listings,
| Role | The domain of definition | Codomain | Backward attribute | Transitivity |
| It is its part | Semantic address | Semantic address | Have a part | Be |
| Have address name | Semantic address | Data type: character string | - | - |
| Have physics address ID | Physical address | Data type: character string | - | - |
| Map | Physical address | Semantic address | That map is correlated with | - |
| Comprise | Radio-frequency identification reader | Physical address | Involved | No |
| Have Reader ID | Radio-frequency identification reader | Data type: character string | - | - |
| Have address | Building | Data type: character string | - | - |
| Have floor | Building | Data type: character string | - | - |
| Have room | Building | Data type: character string | - | - |
| At floor | Room | Data type: character string | - | - |
| Border on it | Room | Room | - | - |
Table 4 is record of the audit model specific rules Verbose Listings.
| Role | The domain of definition | Codomain | Backward attribute | Transitivity |
| Have operation | Record of the audit | Radio-frequency (RF) identification operates | It is its operation | No |
| Have label | Record of the audit | RFID tag object | It is its label | No |
| Have reader | Record of the audit | Radio-frequency identification reader | It is its reader | No |
| Have timestamp | Record of the audit | Data type: time | - | - |
Claims (1)
1. based on an ontological radio-frequency recognition system intrusion detection method, it is characterized in that, the idiographic flow of the reasoning clone label invasion in this intrusion detection method is as follows:
Step 1: the data in treatment and analysis record of the audit, completes the initial analysis read and write data in radio frequency recognition system, according to the data record comprised in audit, sets following detected rule:
1) determine near radio-frequency identification reader and carried out the physical address of the label of read-write operation,
2) when the physical address detected does not belong in original information point, add a new multidate information point, this new information point also need by the use form that extracts from record of the audit and correlation time stamp carry out characterization;
3) when the physical address detected belongs in existing information point, upgrade in time existing multidate information point, but now a new read-write operation completes, and original information point by the new use form extracted from record of the audit and correlation time stamp carry out characterization;
4) when detecting that physical address belongs to an existing information point, upgrade the use form in existing multidate information point, read-write operation completes before, the read-write operation that existing information point will be stabbed and just carried out update time;
Step 2: perform first order label filtration, utilizes the detected rule in step 1 to detect in system to have the RFID tag of invalid sequence number;
Step 3: perform second level label filtration, the RFID tag having invalid sequence number detected in step 2 is screened further, accurately judge that whether these labels are clone's labels, according to the data be stored in dynamic and static state object, set following detected rule:
1) in a very short time window, there are two the different multidate information of not bordering on physical address points at least simultaneously, then infer that label is cloned;
2) a multidate information point has appeared in a static object, and on geographical position, its discord static information point is bordered on, then infer that label is cloned;
3) a multidate information point has appeared in a static object, and on geographical position, it and static information point are bordered on, then infer that label suffers cloning attack;
4) when the use form of a multidate information point does not conform to its corresponding static information point service condition, and read-write operation number is in an admissible threshold value, then infer that label suffers cloning attack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510701560.4A CN105429939A (en) | 2015-10-26 | 2015-10-26 | Intrusion detection method of radio frequency identification system based on ontology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510701560.4A CN105429939A (en) | 2015-10-26 | 2015-10-26 | Intrusion detection method of radio frequency identification system based on ontology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105429939A true CN105429939A (en) | 2016-03-23 |
Family
ID=55507881
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510701560.4A Pending CN105429939A (en) | 2015-10-26 | 2015-10-26 | Intrusion detection method of radio frequency identification system based on ontology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105429939A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676497A (en) * | 2021-10-22 | 2021-11-19 | 广州锦行网络科技有限公司 | Data blocking method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080129452A1 (en) * | 2006-12-05 | 2008-06-05 | International Business Machines Corporation | Middleware for query processing across a network of rfid databases |
| CN101236593A (en) * | 2007-02-02 | 2008-08-06 | 中国科学院声学研究所 | Binary mode collision-proof method with safe mechanism in RFID |
| CN101645138A (en) * | 2009-09-14 | 2010-02-10 | 西安交通大学 | Radio frequency identification (RFID) privacy authenticating method |
| CN103345690A (en) * | 2013-07-19 | 2013-10-09 | 中山大学 | Anti-fake method based on RFID and physical unclonable function |
| CN104112106A (en) * | 2014-06-27 | 2014-10-22 | 广州中长康达信息技术有限公司 | Physical unclonability-based RFID lightweight class authentication method |
-
2015
- 2015-10-26 CN CN201510701560.4A patent/CN105429939A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080129452A1 (en) * | 2006-12-05 | 2008-06-05 | International Business Machines Corporation | Middleware for query processing across a network of rfid databases |
| CN101236593A (en) * | 2007-02-02 | 2008-08-06 | 中国科学院声学研究所 | Binary mode collision-proof method with safe mechanism in RFID |
| CN101645138A (en) * | 2009-09-14 | 2010-02-10 | 西安交通大学 | Radio frequency identification (RFID) privacy authenticating method |
| CN103345690A (en) * | 2013-07-19 | 2013-10-09 | 中山大学 | Anti-fake method based on RFID and physical unclonable function |
| CN104112106A (en) * | 2014-06-27 | 2014-10-22 | 广州中长康达信息技术有限公司 | Physical unclonability-based RFID lightweight class authentication method |
Non-Patent Citations (1)
| Title |
|---|
| M.ESPOSITO: "An Ontology-based Intrusion Detection for RFID Systems", 《TECHNOLOGICAL DEVELOPMENTS IN NETWORKING, EDUCATION AND AUTOMATION》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676497A (en) * | 2021-10-22 | 2021-11-19 | 广州锦行网络科技有限公司 | Data blocking method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Das et al. | Anomaly detection in industrial control systems using logical analysis of data | |
| Handa et al. | Machine learning in cybersecurity: A review | |
| Hu et al. | A survey of intrusion detection on industrial control systems | |
| Linkov et al. | Fundamental concepts of cyber resilience: Introduction and overview | |
| Ham et al. | Linear SVM‐based android malware detection for reliable IoT services | |
| Yang et al. | Physical security and safety of IoT equipment: A survey of recent advances and opportunities | |
| Yu et al. | A data leakage prevention method based on the reduction of confidential and context terms for smart mobile devices | |
| CN106060043A (en) | Abnormal flow detection method and device | |
| Regazzoni et al. | Protecting artificial intelligence IPs: a survey of watermarking and fingerprinting for machine learning | |
| AU2020102142A4 (en) | Technique for multilayer protection from quantifiable vulnerabilities in industrial cyber physical system | |
| Jahromi et al. | An ensemble deep federated learning cyber-threat hunting model for Industrial Internet of Things | |
| Ajdani et al. | Introduced a new method for enhancement of intrusion detection with random forest and PSO algorithm | |
| Ruan et al. | Deep learning for cybersecurity in smart grids: Review and perspectives | |
| Muneer et al. | Cyber security event detection using machine learning technique | |
| Pi et al. | Defending active learning against adversarial inputs in automated document classification | |
| Fu | Computer network intrusion anomaly detection with recurrent neural network | |
| Hong et al. | [Retracted] Abnormal Access Behavior Detection of Ideological and Political MOOCs in Colleges and Universities | |
| Ding et al. | A deep learning‐based classification scheme for cyber‐attack detection in power system | |
| Hegazy | Tag Eldien, AS; Tantawy, MM; Fouda, MM; TagElDien, HA Real-time locational detection of stealthy false data injection attack in smart grid: Using multivariate-based multi-label classification approach | |
| Ulfath et al. | Hybrid CNN-GRU framework with integrated pre-trained language transformer for SMS phishing detection | |
| Agarwal et al. | Analyzing malicious activities and detecting adversarial behavior in cryptocurrency based permissionless blockchains: An Ethereum usecase | |
| Yu et al. | An graph-based adaptive method for fast detection of transformed data leakage in IOT via WSN | |
| Li et al. | Faire: Repairing fairness of neural networks via neuron condition synthesis | |
| CN105429939A (en) | Intrusion detection method of radio frequency identification system based on ontology | |
| Mokhtari et al. | Measurement data intrusion detection in industrial control systems based on unsupervised learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160323 |
|
| RJ01 | Rejection of invention patent application after publication |