The content of the invention
In view of this, it is an object of the invention to propose a kind of adapted telecommunication network inbreak detection method and device, base
The strategy verified in position, can detect whether the intelligent power equipment in adapted telecommunication net is under attack, and ensure adapted
The information security of telecommunication network.
The adapted telecommunication network inbreak detection method provided based on the above-mentioned purpose present invention, including:
Position subregion is carried out to sensor node in adapted telecommunication network and original state is set, by all sensings
Device node carries out positioning and obtains node initial position message;
The sensor node current location information in each region is monitored in real time, and is compared with initial position message, works as discovery
Suspicious positional information, corresponding sensor node ID and current location information are reported.
Further, sensor node carries out position subregion and sets original state side in the telecommunication network to adapted
Method includes:
Position subregion is carried out to sensor node in the network by regionalism, each network area is divided into D
× D rectangular elements, element length D, sensor communication diameter Rc, sensor sensing diameter Rs are met:Rs2≥2D2And Rc >=2Rs;
The original state for setting all nodes is unknown node.
Further, it is described to obtain node initial position message by the way that all nodes are carried out with positioning, including:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, often
Sensor generation at individual node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger;
When sensor node state is that unknown node and reading are more than fixed threshold, to its single-hop neighbor node broadcast ID and
Reading, otherwise keeps silent;
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself:
When the reading of reception is more than the reading of oneself, node state is set to cluster head node, is locally stored while resetting, the reading of reception
During less than oneself reading, then the ID and reading information of reception is saved in being locally stored;
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into
Member's node;
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through
Reading calculates corresponding sensor node initial position message, generates position topological model.
Further, the fixed threshold makes sensor node while being in the chance in the rectangular element region and cluster
Maximum, makes chance of the node not in the rectangular element in cluster minimum.
Further, monitor the sensor node current location information in each region in real time, and with initial position message ratio
Compared with, when finding suspicious positional information, by corresponding sensor node ID and current location information report including:
Described in the cluster head node periodic harvest in rectangular area each sensor node ID and current location information,
The current location information is calculated by current reading;
When the current location information of two sensor nodes shows that nodal distance is less than minimum threshold, described two pass is judged
Sensor node is abnormal nodes, and the abnormal nodes and corresponding current location information are added into blacklist;
By the current location information for the sensor node being collected into, section corresponding with ID same in white list
Point initial position message compares:
Pass through formula
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section
Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates,
ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described
Meaning node is added in blacklist;
When blacklist is that sky then waits next cycle, otherwise blacklist is sent to inspection center, and suspend the exception
The work of node and malicious node.
On the other hand, the present invention provides adapted telecommunication Network Intrusion Detection System, including;
Initial position unit is gathered, for carrying out position subregion to sensor node in adapted telecommunication network and setting just
Beginning state, node initial position message is obtained by carrying out positioning to all the sensors node;
Real time position unit is monitored, the sensor node current location information in each region is monitored in real time for unit, when
It was found that suspicious positional information, corresponding sensor node ID and current location information are reported.
Further, the collection initial position unit, including position division module, for by regionalism to described
Sensor node carries out position subregion in network, and each network area is divided into D × D rectangular elements, element length D, sensing
Device communication diameter Rc, sensor sensing diameter Rs are met:Rs2≥2D2And Rc >=2Rs, and set the original states of all nodes to be
Unknown node.
Further, the collection initial position unit, in addition to set up initial position model module, is used for:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, often
Sensor generation at individual node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger;
When sensor node state is that unknown node and reading are more than fixed threshold, to its single-hop neighbor node broadcast ID and
Reading, otherwise keeps silent;Wherein described fixed threshold makes sensor node while in the rectangular element region and cluster
Chance it is maximum, make chance of the node not in the rectangular element in cluster minimum;
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself:
When the reading of reception is more than the reading of oneself, node state is set to cluster head node, is locally stored while resetting, the reading of reception
During less than oneself reading, then the ID and reading information of reception is saved in being locally stored;
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into
Member's node;
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through
Reading calculates corresponding sensor node initial position message, generates position topological model.
Further, the monitoring real time position unit includes:
Current location information module is collected, for each to be sensed in rectangular area described in the cluster head node periodic harvest
The ID and current location information of device node, the current location information are calculated by current reading;
Abnormal nodes module is detected, for showing that nodal distance is less than most when the current location information of two sensor nodes
Small threshold value, judges described two sensor nodes as abnormal nodes, by the abnormal nodes and corresponding current location information
Add blacklist;
Malicious node module is detected, is used for:
By the current location information for the sensor node being collected into, section corresponding with ID same in white list
Point initial position message compares:
Pass through formula
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section
Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates,
ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described
Meaning node is added in blacklist;
Processing invasion node module, for being that sky then waits next cycle when blacklist, otherwise sends blacklist to inspection
Measured center, and suspend the work of the abnormal nodes and malicious node.
From the above it can be seen that the adapted telecommunication Network Intrusion Detection System that the present invention is provided, using with electricity consumption
The intelligent power equipment accessed in communication network depends on power network topology, so that physical location, which will not be produced, changes this characteristic,
By gathering initial position unit, the initial position message of each sensor node of typing sets up position topological model, and in real time
Acquisition node current location information is compared with initial position message, detection invasion node, judges in adapted telecommunication net
Whether intelligent power equipment is under attack, ensures the information security of adapted telecommunication network, simple and reliable.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference
Accompanying drawing, the present invention is described in more detail.
As shown in figure 1, the adapted telecommunication network inbreak detection method that the present invention is provided, including;
Step 101, position subregion is carried out to sensor node in adapted telecommunication network and original state is set, by right
All the sensors node carries out positioning and obtains node initial position message;
Step 102, the sensor node current location information in each region is monitored in real time, when the suspicious position letter of discovery
Breath, corresponding sensor node ID and current location information are reported.
The adapted telecommunication network inbreak detection method that the present invention is provided, be based on position verify detection method, using with
The intelligent power equipment accessed in electricity consumption communication network depends on power network topology, so that physical location will not produce change, this is special
Property, by the initial position message of each sensor node of typing, set up position topological model, and acquisition node present bit in real time
Confidence breath is compared with initial position message, detection invasion node, and then equipment-related data is compared again, judges to match somebody with somebody
Whether the intelligent power equipment in electricity consumption communication network is under attack, ensures the information security of adapted telecommunication network, simple and reliable.
Further, in step 101, position subregion is carried out to sensor node in adapted telecommunication network and sets initial
Status method includes:
Including:Step 101a, carries out position subregion, by each net by regionalism to sensor node in the network
Network region division is D × D rectangular elements, to ensure the covering of sensor node and the connectedness of network, it is desirable to element length D,
Sensor communication diameter Rc, sensor sensing diameter Rs are met:RS2≥22And Rc >=2Rs;The original state of all nodes is set
For unknown node.
Because network node distribution is distributed according to regionalism, so needing to carry out feature according to area during zoning
Carry out:
The less suburb of node needs to divide less region for ease of management, is ensureing the premise of regional nodes communication
Under a geographic area can be divided into one or several network areas.
The extreme terrains such as mountain range, river, lake, expressway are divided into regard near field according to nearby principle.
Zoning is come in the more urban district of node according to the rank in street.
Further, it is described to obtain node initial position message bag by carrying out positioning to all nodes in step 101
Include:
Step 101b, in the overcentre placement positioner of the rectangular element, locator projects laser beam to the square
Sensor generation at shape unit, each node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger.
When sensor node state is that unknown node and reading are more than fixed threshold, to its single-hop neighbor node broadcast ID and
Reading, otherwise keeps silent;Wherein, the fixed threshold makes sensor node while in the rectangular element region and cluster
Chance it is maximum, make chance of the node not in the rectangular element in cluster minimum.
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself:
When the reading of reception is more than the reading of oneself, node state is set to cluster head node, is locally stored while resetting, the reading of reception
During less than oneself reading, then the ID and reading information of reception is saved in being locally stored.
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into
Member's node.
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through
Reading calculates corresponding sensor node initial position message, generates position topological model.
By generating position topological model, the sensor node initial position message, convenient and follow-up reality are contained
When positional information be compared, with find invasion node.
Further, step 102, the sensor node current location information in each region, and and initial bit are monitored in real time
Confidence breath compares, when finding suspicious positional information, by corresponding sensor node ID and current location information report including:
Step 102a, the ID of each sensor node and current in rectangular area described in the cluster head node periodic harvest
Positional information, the current location information is calculated by current reading.
Step 102b, when the current location information of two sensor nodes shows that nodal distance is less than minimum threshold, judges
Described two sensor nodes are abnormal nodes, and the abnormal nodes and corresponding current location information are added into blacklist;
Wherein, minimum threshold draws the minimum range of normal node by a large amount of statistics, and setting one is less than minimum range number
Value, such as 1cm, when apart from showing that two nodes are almost overlapped less than minimum threshold, shows two node exceptions.
Step 102c, it is and same in white list by the current location information for the sensor node being collected into
The corresponding node initial position messages of ID compare:
Pass through formula:
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section
Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates,
ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value.
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described
Meaning node is added in blacklist;Wherein error coefficient is obtained by substantial amounts of experiment, counts the position of substantial amounts of normal node
Change, calculates rational error coefficient.
Step 102d, when blacklist is that sky then waits next cycle, otherwise sends blacklist to inspection center, and suspend
The work of the abnormal nodes and malicious node.
It can be seen that the present invention provides adapted telecommunication network inbreak detection method, the intelligence accessed in adapted telecommunication network is utilized
Energy electrical equipment depends on power network topology, so that physical location, which will not be produced, changes this characteristic, passes through each node of typing
Positional information, sets up equipment topological model;Further by dividing the band of position, real-time position information and initial bit confidence are obtained
Breath is compared, and abnormal nodes are determined by the position relationship of different sensors node, is become by identical sensor node position
Change and determine malicious node, and then find the node of invasion, thus judge intelligent power equipment in adapted telecommunication net whether by
To attack, the information security of adapted telecommunication network is ensured with this, it is simple and reliable.
On the other hand, the adapted telecommunication Network Intrusion Detection System that the present invention is provided, including;
Initial position unit 201 is gathered, for carrying out position subregion to sensor node in adapted telecommunication network and setting
Original state is put, node initial position message is obtained by carrying out positioning to all the sensors node.
Real time position unit 202 is monitored, the sensor node current location information in each region is monitored in real time for unit,
And compared with initial position message, when finding suspicious positional information, by corresponding sensor node ID and present bit confidence
Breath is reported.
The adapted telecommunication Network Intrusion Detection System that the present invention is provided, utilizes the intelligence accessed in adapted telecommunication network
Electrical equipment depends on power network topology, so that physical location, which will not be produced, changes this characteristic, by gathering initial position unit,
The positional information of each sensor node of typing, sets up position topological model, and in real time acquisition node current location information with just
Beginning positional information is compared, detection invasion node, and then equipment-related data is compared again, adapted telecommunication net is judged
In intelligent power equipment it is whether under attack, ensure adapted telecommunication network information security, it is simple and reliable.
And acquisition node positional information carries out than and then equipment-related data is compared again in real time, judge logical with electricity consumption
Whether the intelligent power equipment in letter net is under attack, ensures the information security of adapted telecommunication network, simple and reliable.
Further, collection initial position unit 201, including position division module 201a, for passing through regionalism pair
Sensor node carries out position subregion in the network, and each network area is divided into D × D rectangular elements, to ensure sensing
The covering of device node and the connectedness of network, it is desirable to which element length D, sensor communication diameter Rc, sensor sensing diameter Rs expire
Foot:Rs2≥2D2And Rc >=2Rs, and the original state of all nodes is set for unknown node.
Initial position unit 201 is gathered, in addition to sets up initial position model module 201b, is used for:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, often
Sensor generation at individual node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger.
It is further used for:When sensor node state is unknown node and reading is more than fixed threshold, to its single-hop neighbours
Node broadcasts ID and reading, otherwise keep silent;Wherein described fixed threshold makes sensor node while in the rectangle list
Chance in first region and cluster is maximum, makes chance of the node not in the rectangular element in cluster minimum.
It is further used for:When receiving broadcast ID and reading sensor node state for the unknown node and reading of oneself is big
In fixed threshold:When the reading of reception is more than the reading of oneself, node state is set to cluster head node, locally deposited while resetting
The ID and reading information of reception, when the reading of reception is less than the reading of oneself, are then saved in being locally stored by storage.
It is further used for:When the node state of sensor node remains as unknown node, and reading is more than threshold value, by node
State is set to member node.
Initial position model module 201a is set up to be additionally operable to:Cluster head node sets up white list and preservation is locally stored into middle guarantor
ID and reading information the deposit white list deposited, calculate corresponding sensor node initial position message by reading, generate position
Topological model.
By generating position topological model, the sensor node initial position message, convenient and follow-up reality are contained
When positional information be compared, with find invasion node.
Further, monitoring real time position unit 202 includes:
Collect current location information module 202a, for described in the cluster head node periodic harvest in rectangular area each
The ID and current location information of sensor node, the current location information are calculated by current reading;
Abnormal nodes module 202b is detected, shows that nodal distance is small for the current location information when two sensor nodes
In minimum threshold, described two sensor nodes are judged as abnormal nodes, by the abnormal nodes and corresponding current location
Information adds blacklist;Wherein, minimum threshold draws the minimum range of normal node, setting one by a large amount of statistics
Individual to be less than minimum range numerical value, such as 1cm, when distance less than minimum threshold shows that two nodes are almost overlapped, shows that two are saved
Point is abnormal.
Malicious node module 202c is detected, is used for:
By the current location information for the sensor node being collected into, section corresponding with ID same in white list
Point initial position message compares:
Pass through formula:
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section
Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates,
ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described
Meaning node is added in blacklist;
Processing invasion node module 202d, for being that sky then waits next cycle when blacklist, otherwise sends blacklist
To inspection center, and suspend the work of the abnormal nodes and malicious node.
It can be seen that the present invention provides adapted telecommunication network inbreak detection method and system, using being connect in adapted telecommunication network
The intelligent power equipment entered depends on power network topology, so that physical location, which will not be produced, changes this characteristic, it is each by typing
The positional information of node, sets up equipment topological model;Further by dividing the band of position, real-time position information is obtained and initial
Positional information is compared, and abnormal nodes are determined by the position relationship of different sensors node, passes through identical sensor node
Change in location determines malicious node, and then finds the node of invasion, so as to judge the intelligent power equipment in adapted telecommunication net
It is whether under attack, the information security of adapted telecommunication network is ensured with this, it is simple and reliable.
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not
It is intended to imply that the scope of the present disclosure (including claim) is limited to these examples;Under the thinking of the present invention, above example
Or can also not be combined between the technical characteristic in be the same as Example, step can be realized with random order, and be existed such as
Many other changes of upper described different aspect of the invention, for simplicity, they are provided not in details.
In addition, to simplify explanation and discussing, and in order to obscure the invention, can in the accompanying drawing provided
To show or can not show that the known power ground with integrated circuit (IC) chip and other parts is connected.Furthermore, it is possible to
Device is shown in block diagram form, to avoid obscuring the invention, and this have also contemplated that following facts, i.e., on this
The details of the embodiment of a little block diagram arrangements be depend highly on the platform that will implement the present invention (that is, these details should
It is completely in the range of the understanding of those skilled in the art).Elaborating detail (for example, circuit) with describe the present invention
In the case of exemplary embodiment, it will be apparent to those skilled in the art that can be in these no details
In the case of or implement the present invention in the case that these details are changed.Therefore, these descriptions are considered as explanation
It is property rather than restricted.
Although having been incorporated with specific embodiment of the invention, invention has been described, according to retouching above
State, many replacements of these embodiments, modifications and variations will be apparent for those of ordinary skills.Example
Such as, other memory architectures (for example, dynamic ram (DRAM)) can use discussed embodiment.
Embodiments of the invention be intended to fall within the broad range of appended claims it is all it is such replace,
Modifications and variations.Therefore, within the spirit and principles of the invention, any omission, modification, equivalent substitution, the improvement made
Deng should be included in the scope of the protection.