CN107333233A - A kind of adapted telecommunication network inbreak detection method and device - Google Patents

A kind of adapted telecommunication network inbreak detection method and device Download PDF

Info

Publication number
CN107333233A
CN107333233A CN201710369775.XA CN201710369775A CN107333233A CN 107333233 A CN107333233 A CN 107333233A CN 201710369775 A CN201710369775 A CN 201710369775A CN 107333233 A CN107333233 A CN 107333233A
Authority
CN
China
Prior art keywords
node
reading
sensor
sensor node
current location
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710369775.XA
Other languages
Chinese (zh)
Other versions
CN107333233B (en
Inventor
张勇
王立涛
刘志永
郝悍勇
邓伟
杜长宇
张�浩
王娟
王昕�
钮丹阳
张冬梅
张鹍
李彦
高峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing University of Posts and Telecommunications
Beijing China Power Information Technology Co Ltd
Economic and Technological Research Institute of State Grid Shandong Electric Power Co Ltd
Taiyuan Power Supply Co of State Grid Shanxi Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing University of Posts and Telecommunications
Beijing Guodiantong Network Technology Co Ltd
Economic and Technological Research Institute of State Grid Shandong Electric Power Co Ltd
Taiyuan Power Supply Co of State Grid Shanxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing University of Posts and Telecommunications, Beijing Guodiantong Network Technology Co Ltd, Economic and Technological Research Institute of State Grid Shandong Electric Power Co Ltd, Taiyuan Power Supply Co of State Grid Shanxi Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710369775.XA priority Critical patent/CN107333233B/en
Publication of CN107333233A publication Critical patent/CN107333233A/en
Application granted granted Critical
Publication of CN107333233B publication Critical patent/CN107333233B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W16/00Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
    • H04W16/18Network planning tools
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

The invention discloses a kind of adapted telecommunication network inbreak detection method, including:Position subregion is carried out to sensor node in adapted telecommunication network and original state is set, node initial position message is obtained by carrying out positioning to all the sensors node;The sensor node current location information in each region is monitored in real time, and is compared with initial position message, and when finding suspicious positional information, corresponding sensor node ID and current location information are reported.The adapted telecommunication Network Intrusion Detection System that the present invention is provided, power network topology is depended on using the intelligent power equipment accessed in adapted telecommunication network, change this characteristic so as to which physical location will not be produced, the initial position message of each sensor node of typing, and acquisition node current location information is compared with initial position message in real time, judge whether the intelligent power equipment in adapted telecommunication net is under attack, ensure the information security of adapted telecommunication network, it is simple and reliable.

Description

A kind of adapted telecommunication network inbreak detection method and device
Technical field
The present invention relates to Internet communication technology field, particularly relate to a kind of adapted telecommunication network inbreak detection method and Device.
Background technology
In recent years, wireless, autonomous communications network and sensor network cause the extensive concern of academic military and industrial quarters, Wireless self-organization network be it is a kind of without static infrastructure, non-stop layer, multi-hop mobile radio network.Possesses no fixed base The features such as Infrastructure, wireless access, mobility, quick random placement, be widely used at present military communication, disaster relief operations, The various fields such as environmental monitoring, power communication.
Wireless communication technology uses wireless access technology, and network with user terminal is built using wireless communication technology Vertical connection.But, electric power cordless communication network in operation, can easily be led because of wireless access by the interference of various factors Security reliability is caused to be difficult to ensure that and cause potential safety hazard.Potential safety hazard in the presence of being run for electric power cordless communication network Analyzed, and the equipment of invasion is detected from the network operation time, take safeguard procedures to be necessary.
The content of the invention
In view of this, it is an object of the invention to propose a kind of adapted telecommunication network inbreak detection method and device, base The strategy verified in position, can detect whether the intelligent power equipment in adapted telecommunication net is under attack, and ensure adapted The information security of telecommunication network.
The adapted telecommunication network inbreak detection method provided based on the above-mentioned purpose present invention, including:
Position subregion is carried out to sensor node in adapted telecommunication network and original state is set, by all sensings Device node carries out positioning and obtains node initial position message;
The sensor node current location information in each region is monitored in real time, and is compared with initial position message, works as discovery Suspicious positional information, corresponding sensor node ID and current location information are reported.
Further, sensor node carries out position subregion and sets original state side in the telecommunication network to adapted Method includes:
Position subregion is carried out to sensor node in the network by regionalism, each network area is divided into D × D rectangular elements, element length D, sensor communication diameter Rc, sensor sensing diameter Rs are met:Rs2≥2D2And Rc >=2Rs;
The original state for setting all nodes is unknown node.
Further, it is described to obtain node initial position message by the way that all nodes are carried out with positioning, including:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, often Sensor generation at individual node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger;
When sensor node state is that unknown node and reading are more than fixed threshold, to its single-hop neighbor node broadcast ID and Reading, otherwise keeps silent;
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself: When the reading of reception is more than the reading of oneself, node state is set to cluster head node, is locally stored while resetting, the reading of reception During less than oneself reading, then the ID and reading information of reception is saved in being locally stored;
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into Member's node;
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through Reading calculates corresponding sensor node initial position message, generates position topological model.
Further, the fixed threshold makes sensor node while being in the chance in the rectangular element region and cluster Maximum, makes chance of the node not in the rectangular element in cluster minimum.
Further, monitor the sensor node current location information in each region in real time, and with initial position message ratio Compared with, when finding suspicious positional information, by corresponding sensor node ID and current location information report including:
Described in the cluster head node periodic harvest in rectangular area each sensor node ID and current location information, The current location information is calculated by current reading;
When the current location information of two sensor nodes shows that nodal distance is less than minimum threshold, described two pass is judged Sensor node is abnormal nodes, and the abnormal nodes and corresponding current location information are added into blacklist;
By the current location information for the sensor node being collected into, section corresponding with ID same in white list Point initial position message compares:
Pass through formula
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates, ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described Meaning node is added in blacklist;
When blacklist is that sky then waits next cycle, otherwise blacklist is sent to inspection center, and suspend the exception The work of node and malicious node.
On the other hand, the present invention provides adapted telecommunication Network Intrusion Detection System, including;
Initial position unit is gathered, for carrying out position subregion to sensor node in adapted telecommunication network and setting just Beginning state, node initial position message is obtained by carrying out positioning to all the sensors node;
Real time position unit is monitored, the sensor node current location information in each region is monitored in real time for unit, when It was found that suspicious positional information, corresponding sensor node ID and current location information are reported.
Further, the collection initial position unit, including position division module, for by regionalism to described Sensor node carries out position subregion in network, and each network area is divided into D × D rectangular elements, element length D, sensing Device communication diameter Rc, sensor sensing diameter Rs are met:Rs2≥2D2And Rc >=2Rs, and set the original states of all nodes to be Unknown node.
Further, the collection initial position unit, in addition to set up initial position model module, is used for:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, often Sensor generation at individual node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger;
When sensor node state is that unknown node and reading are more than fixed threshold, to its single-hop neighbor node broadcast ID and Reading, otherwise keeps silent;Wherein described fixed threshold makes sensor node while in the rectangular element region and cluster Chance it is maximum, make chance of the node not in the rectangular element in cluster minimum;
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself: When the reading of reception is more than the reading of oneself, node state is set to cluster head node, is locally stored while resetting, the reading of reception During less than oneself reading, then the ID and reading information of reception is saved in being locally stored;
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into Member's node;
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through Reading calculates corresponding sensor node initial position message, generates position topological model.
Further, the monitoring real time position unit includes:
Current location information module is collected, for each to be sensed in rectangular area described in the cluster head node periodic harvest The ID and current location information of device node, the current location information are calculated by current reading;
Abnormal nodes module is detected, for showing that nodal distance is less than most when the current location information of two sensor nodes Small threshold value, judges described two sensor nodes as abnormal nodes, by the abnormal nodes and corresponding current location information Add blacklist;
Malicious node module is detected, is used for:
By the current location information for the sensor node being collected into, section corresponding with ID same in white list Point initial position message compares:
Pass through formula
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates, ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described Meaning node is added in blacklist;
Processing invasion node module, for being that sky then waits next cycle when blacklist, otherwise sends blacklist to inspection Measured center, and suspend the work of the abnormal nodes and malicious node.
From the above it can be seen that the adapted telecommunication Network Intrusion Detection System that the present invention is provided, using with electricity consumption The intelligent power equipment accessed in communication network depends on power network topology, so that physical location, which will not be produced, changes this characteristic, By gathering initial position unit, the initial position message of each sensor node of typing sets up position topological model, and in real time Acquisition node current location information is compared with initial position message, detection invasion node, judges in adapted telecommunication net Whether intelligent power equipment is under attack, ensures the information security of adapted telecommunication network, simple and reliable.
Brief description of the drawings
Adapted telecommunication network inbreak detection method one embodiment schematic diagram that Fig. 1 provides for the present invention;
Adapted telecommunication network inbreak detection method another embodiment schematic diagram that Fig. 2 provides for the present invention;
Adapted telecommunication Network Intrusion Detection System one embodiment schematic diagram that Fig. 3 provides for the present invention;
Adapted telecommunication Network Intrusion Detection System another embodiment schematic diagram that Fig. 4 provides for the present invention.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference Accompanying drawing, the present invention is described in more detail.
As shown in figure 1, the adapted telecommunication network inbreak detection method that the present invention is provided, including;
Step 101, position subregion is carried out to sensor node in adapted telecommunication network and original state is set, by right All the sensors node carries out positioning and obtains node initial position message;
Step 102, the sensor node current location information in each region is monitored in real time, when the suspicious position letter of discovery Breath, corresponding sensor node ID and current location information are reported.
The adapted telecommunication network inbreak detection method that the present invention is provided, be based on position verify detection method, using with The intelligent power equipment accessed in electricity consumption communication network depends on power network topology, so that physical location will not produce change, this is special Property, by the initial position message of each sensor node of typing, set up position topological model, and acquisition node present bit in real time Confidence breath is compared with initial position message, detection invasion node, and then equipment-related data is compared again, judges to match somebody with somebody Whether the intelligent power equipment in electricity consumption communication network is under attack, ensures the information security of adapted telecommunication network, simple and reliable.
Further, in step 101, position subregion is carried out to sensor node in adapted telecommunication network and sets initial Status method includes:
Including:Step 101a, carries out position subregion, by each net by regionalism to sensor node in the network Network region division is D × D rectangular elements, to ensure the covering of sensor node and the connectedness of network, it is desirable to element length D, Sensor communication diameter Rc, sensor sensing diameter Rs are met:RS2≥22And Rc >=2Rs;The original state of all nodes is set For unknown node.
Because network node distribution is distributed according to regionalism, so needing to carry out feature according to area during zoning Carry out:
The less suburb of node needs to divide less region for ease of management, is ensureing the premise of regional nodes communication Under a geographic area can be divided into one or several network areas.
The extreme terrains such as mountain range, river, lake, expressway are divided into regard near field according to nearby principle.
Zoning is come in the more urban district of node according to the rank in street.
Further, it is described to obtain node initial position message bag by carrying out positioning to all nodes in step 101 Include:
Step 101b, in the overcentre placement positioner of the rectangular element, locator projects laser beam to the square Sensor generation at shape unit, each node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger.
When sensor node state is that unknown node and reading are more than fixed threshold, to its single-hop neighbor node broadcast ID and Reading, otherwise keeps silent;Wherein, the fixed threshold makes sensor node while in the rectangular element region and cluster Chance it is maximum, make chance of the node not in the rectangular element in cluster minimum.
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself: When the reading of reception is more than the reading of oneself, node state is set to cluster head node, is locally stored while resetting, the reading of reception During less than oneself reading, then the ID and reading information of reception is saved in being locally stored.
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into Member's node.
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through Reading calculates corresponding sensor node initial position message, generates position topological model.
By generating position topological model, the sensor node initial position message, convenient and follow-up reality are contained When positional information be compared, with find invasion node.
Further, step 102, the sensor node current location information in each region, and and initial bit are monitored in real time Confidence breath compares, when finding suspicious positional information, by corresponding sensor node ID and current location information report including:
Step 102a, the ID of each sensor node and current in rectangular area described in the cluster head node periodic harvest Positional information, the current location information is calculated by current reading.
Step 102b, when the current location information of two sensor nodes shows that nodal distance is less than minimum threshold, judges Described two sensor nodes are abnormal nodes, and the abnormal nodes and corresponding current location information are added into blacklist; Wherein, minimum threshold draws the minimum range of normal node by a large amount of statistics, and setting one is less than minimum range number Value, such as 1cm, when apart from showing that two nodes are almost overlapped less than minimum threshold, shows two node exceptions.
Step 102c, it is and same in white list by the current location information for the sensor node being collected into The corresponding node initial position messages of ID compare:
Pass through formula:
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates, ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value.
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described Meaning node is added in blacklist;Wherein error coefficient is obtained by substantial amounts of experiment, counts the position of substantial amounts of normal node Change, calculates rational error coefficient.
Step 102d, when blacklist is that sky then waits next cycle, otherwise sends blacklist to inspection center, and suspend The work of the abnormal nodes and malicious node.
It can be seen that the present invention provides adapted telecommunication network inbreak detection method, the intelligence accessed in adapted telecommunication network is utilized Energy electrical equipment depends on power network topology, so that physical location, which will not be produced, changes this characteristic, passes through each node of typing Positional information, sets up equipment topological model;Further by dividing the band of position, real-time position information and initial bit confidence are obtained Breath is compared, and abnormal nodes are determined by the position relationship of different sensors node, is become by identical sensor node position Change and determine malicious node, and then find the node of invasion, thus judge intelligent power equipment in adapted telecommunication net whether by To attack, the information security of adapted telecommunication network is ensured with this, it is simple and reliable.
On the other hand, the adapted telecommunication Network Intrusion Detection System that the present invention is provided, including;
Initial position unit 201 is gathered, for carrying out position subregion to sensor node in adapted telecommunication network and setting Original state is put, node initial position message is obtained by carrying out positioning to all the sensors node.
Real time position unit 202 is monitored, the sensor node current location information in each region is monitored in real time for unit, And compared with initial position message, when finding suspicious positional information, by corresponding sensor node ID and present bit confidence Breath is reported.
The adapted telecommunication Network Intrusion Detection System that the present invention is provided, utilizes the intelligence accessed in adapted telecommunication network Electrical equipment depends on power network topology, so that physical location, which will not be produced, changes this characteristic, by gathering initial position unit, The positional information of each sensor node of typing, sets up position topological model, and in real time acquisition node current location information with just Beginning positional information is compared, detection invasion node, and then equipment-related data is compared again, adapted telecommunication net is judged In intelligent power equipment it is whether under attack, ensure adapted telecommunication network information security, it is simple and reliable.
And acquisition node positional information carries out than and then equipment-related data is compared again in real time, judge logical with electricity consumption Whether the intelligent power equipment in letter net is under attack, ensures the information security of adapted telecommunication network, simple and reliable.
Further, collection initial position unit 201, including position division module 201a, for passing through regionalism pair Sensor node carries out position subregion in the network, and each network area is divided into D × D rectangular elements, to ensure sensing The covering of device node and the connectedness of network, it is desirable to which element length D, sensor communication diameter Rc, sensor sensing diameter Rs expire Foot:Rs2≥2D2And Rc >=2Rs, and the original state of all nodes is set for unknown node.
Initial position unit 201 is gathered, in addition to sets up initial position model module 201b, is used for:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, often Sensor generation at individual node represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger.
It is further used for:When sensor node state is unknown node and reading is more than fixed threshold, to its single-hop neighbours Node broadcasts ID and reading, otherwise keep silent;Wherein described fixed threshold makes sensor node while in the rectangle list Chance in first region and cluster is maximum, makes chance of the node not in the rectangular element in cluster minimum.
It is further used for:When receiving broadcast ID and reading sensor node state for the unknown node and reading of oneself is big In fixed threshold:When the reading of reception is more than the reading of oneself, node state is set to cluster head node, locally deposited while resetting The ID and reading information of reception, when the reading of reception is less than the reading of oneself, are then saved in being locally stored by storage.
It is further used for:When the node state of sensor node remains as unknown node, and reading is more than threshold value, by node State is set to member node.
Initial position model module 201a is set up to be additionally operable to:Cluster head node sets up white list and preservation is locally stored into middle guarantor ID and reading information the deposit white list deposited, calculate corresponding sensor node initial position message by reading, generate position Topological model.
By generating position topological model, the sensor node initial position message, convenient and follow-up reality are contained When positional information be compared, with find invasion node.
Further, monitoring real time position unit 202 includes:
Collect current location information module 202a, for described in the cluster head node periodic harvest in rectangular area each The ID and current location information of sensor node, the current location information are calculated by current reading;
Abnormal nodes module 202b is detected, shows that nodal distance is small for the current location information when two sensor nodes In minimum threshold, described two sensor nodes are judged as abnormal nodes, by the abnormal nodes and corresponding current location Information adds blacklist;Wherein, minimum threshold draws the minimum range of normal node, setting one by a large amount of statistics Individual to be less than minimum range numerical value, such as 1cm, when distance less than minimum threshold shows that two nodes are almost overlapped, shows that two are saved Point is abnormal.
Malicious node module 202c is detected, is used for:
By the current location information for the sensor node being collected into, section corresponding with ID same in white list Point initial position message compares:
Pass through formula:
|s′AB-sAB|=| ρMAcosα-ρMBcosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent section Point M change in location, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates, ρMBRepresent the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, is disliked described Meaning node is added in blacklist;
Processing invasion node module 202d, for being that sky then waits next cycle when blacklist, otherwise sends blacklist To inspection center, and suspend the work of the abnormal nodes and malicious node.
It can be seen that the present invention provides adapted telecommunication network inbreak detection method and system, using being connect in adapted telecommunication network The intelligent power equipment entered depends on power network topology, so that physical location, which will not be produced, changes this characteristic, it is each by typing The positional information of node, sets up equipment topological model;Further by dividing the band of position, real-time position information is obtained and initial Positional information is compared, and abnormal nodes are determined by the position relationship of different sensors node, passes through identical sensor node Change in location determines malicious node, and then finds the node of invasion, so as to judge the intelligent power equipment in adapted telecommunication net It is whether under attack, the information security of adapted telecommunication network is ensured with this, it is simple and reliable.
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not It is intended to imply that the scope of the present disclosure (including claim) is limited to these examples;Under the thinking of the present invention, above example Or can also not be combined between the technical characteristic in be the same as Example, step can be realized with random order, and be existed such as Many other changes of upper described different aspect of the invention, for simplicity, they are provided not in details.
In addition, to simplify explanation and discussing, and in order to obscure the invention, can in the accompanying drawing provided To show or can not show that the known power ground with integrated circuit (IC) chip and other parts is connected.Furthermore, it is possible to Device is shown in block diagram form, to avoid obscuring the invention, and this have also contemplated that following facts, i.e., on this The details of the embodiment of a little block diagram arrangements be depend highly on the platform that will implement the present invention (that is, these details should It is completely in the range of the understanding of those skilled in the art).Elaborating detail (for example, circuit) with describe the present invention In the case of exemplary embodiment, it will be apparent to those skilled in the art that can be in these no details In the case of or implement the present invention in the case that these details are changed.Therefore, these descriptions are considered as explanation It is property rather than restricted.
Although having been incorporated with specific embodiment of the invention, invention has been described, according to retouching above State, many replacements of these embodiments, modifications and variations will be apparent for those of ordinary skills.Example Such as, other memory architectures (for example, dynamic ram (DRAM)) can use discussed embodiment.
Embodiments of the invention be intended to fall within the broad range of appended claims it is all it is such replace, Modifications and variations.Therefore, within the spirit and principles of the invention, any omission, modification, equivalent substitution, the improvement made Deng should be included in the scope of the protection.

Claims (9)

1. a kind of adapted telecommunication network inbreak detection method, it is characterised in that including:
Position subregion is carried out to sensor node in adapted telecommunication network and original state is set, by all the sensors section Point carries out positioning and obtains node initial position message;
The sensor node current location information in each region is monitored in real time, and is compared with initial position message, works as discovery Suspicious positional information, corresponding sensor node ID and current location information are reported.
2. adapted telecommunication network inbreak detection method according to claim 1, it is characterised in that described pair is logical with electricity consumption Sensor node carries out position subregion and sets original state method to include in communication network:
Position subregion is carried out to sensor node in the network by regionalism, each network area is divided into D × D squares Shape unit, element length D, sensor communication diameter Rc, sensor sensing diameter Rs are met:Rs2≥2D2And Rc >=2Rs;
The original state for setting all nodes is unknown node.
3. adapted telecommunication network inbreak detection method according to claim 2, it is characterised in that described by all Node, which carries out positioning acquisition node initial position message, to be included:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, Mei Gejie Sensor generation at point represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger;
When sensor node state is unknown node and reading is more than fixed threshold, ID and reading are broadcasted to its single-hop neighbor node Number, otherwise keeps silent;
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself:Receive Reading when being more than oneself reading, node state is set to cluster head node, is locally stored while resetting, the reading of reception is less than During the reading of oneself, then the ID and reading information of reception is saved in being locally stored;
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into member's section Point;
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through reading Corresponding sensor node initial position message is calculated, position topological model is generated.
4. adapted telecommunication network inbreak detection method according to claim 3, it is characterised in that the fixed threshold makes The chance of sensor node simultaneously in the rectangular element region and cluster is maximum, makes the node not in the rectangular element Chance in cluster is minimum.
5. adapted telecommunication network inbreak detection method according to claim 4, it is characterised in that the real-time monitoring is every The sensor node current location information in individual region, and be compared with initial position message, when the suspicious positional information of discovery, By corresponding sensor node ID and current location information report including:
Described in the cluster head node periodic harvest in rectangular area each sensor node ID and current location information, it is described Current location information is calculated by current reading;
When the current location information of two sensor nodes shows that nodal distance is less than minimum threshold, described two sensors are judged Node is abnormal nodes, and the abnormal nodes and corresponding current location information are added into blacklist;
By the current location information for the sensor node being collected into, at the beginning of node corresponding with ID same in white list Beginning positional information compares:
Pass through formula:
|s′AB-sAB|=| ρMA cosα-ρMB cosβ-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent node M position Put change, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates, ρMBTable Show the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, and the malice is saved Point is added in blacklist;
When blacklist is that sky then waits next cycle, otherwise blacklist is sent to inspection center, and suspend the abnormal nodes With the work of malicious node.
6. a kind of adapted telecommunication Network Intrusion Detection System, it is characterised in that including;
Initial position unit is gathered, for carrying out position subregion to sensor node in adapted telecommunication network and setting initial shape State, node initial position message is obtained by carrying out positioning to all the sensors node;
Monitor real time position unit, monitor the sensor node current location information in each region in real time for unit, and with it is first Beginning positional information is compared, when finding suspicious positional information, by corresponding sensor node ID and current location information Report.
7. adapted telecommunication Network Intrusion Detection System according to claim 1, it is characterised in that the collection initial bit Unit, including position division module are put, will for carrying out position subregion to sensor node in the network by regionalism Each network area is divided into D × D rectangular elements, and element length D, sensor communication diameter Rc, sensor sensing diameter Rs expire Foot:Rs2≥2D2And Rc >=2Rs, and the original state of all nodes is set for unknown node.
8. adapted telecommunication Network Intrusion Detection System according to claim 7, it is characterised in that the collection initial bit Unit is put, in addition to sets up initial position model module, is used for:
In the overcentre placement positioner of the rectangular element, locator projects laser beam to the rectangular element, Mei Gejie Sensor generation at point represents the reading with the laser beam distance of projection, and the nearlyer reading of distance is bigger;
When sensor node state is unknown node and reading is more than fixed threshold, ID and reading are broadcasted to its single-hop neighbor node Number, otherwise keeps silent;Wherein described fixed threshold makes sensor node while in the rectangular element region and cluster Chance is maximum, makes chance of the node not in the rectangular element in cluster minimum;
It is more than fixed threshold when receiving broadcast ID and reading sensor node state for unknown node and the reading of oneself:Receive Reading when being more than oneself reading, node state is set to cluster head node, is locally stored while resetting, the reading of reception is less than During the reading of oneself, then the ID and reading information of reception is saved in being locally stored;
When the node state of sensor node remains as unknown node, and reading is more than threshold value, and node state is set into member's section Point;
Cluster head node sets up white list and the ID that middle preservation is locally stored and reading information of preservation is stored in into white list, passes through reading Corresponding sensor node initial position message is calculated, position topological model is generated.
9. adapted telecommunication Network Intrusion Detection System according to claim 8, it is characterised in that the real-time position of monitoring Putting unit includes:
Current location information module is collected, for each sensor section in rectangular area described in the cluster head node periodic harvest The ID and current location information of point, the current location information are calculated by current reading;
Abnormal nodes module is detected, for showing that nodal distance is less than Minimum Threshold when the current location information of two sensor nodes Value, judges described two sensor nodes as abnormal nodes, and the abnormal nodes and corresponding current location information are added Blacklist;
Malicious node module is detected, is used for:
By the current location information for the sensor node being collected into, at the beginning of node corresponding with ID same in white list Beginning positional information compares:
Pass through formula
|s′AB-sAB|=| ρMA cosα-ρMB cos β-sAB|
Same sensor node change in location is calculated, wherein M represents sensor node to be detected, | s 'AB-sAB| represent node M position Put change, ρMAThe polar diameter of M during using A as the origin of coordinates is represented, cos α represent the polar angle cosine value of M when A is the origin of coordinates, ρMBTable Show the polar diameter of M during using B as the origin of coordinates, when cos β are represented using B as the origin of coordinates, M polar angle cosine value;
When the change in location of same sensor node is more than error coefficient, it is malicious node to determine the node, and the malice is saved Point is added in blacklist;
Processing invasion node module, for being that sky then waits next cycle when blacklist, otherwise sends blacklist into detection The heart, and suspend the work of the abnormal nodes and malicious node.
CN201710369775.XA 2017-05-23 2017-05-23 Intrusion detection method and device for power distribution and utilization communication network Active CN107333233B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710369775.XA CN107333233B (en) 2017-05-23 2017-05-23 Intrusion detection method and device for power distribution and utilization communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710369775.XA CN107333233B (en) 2017-05-23 2017-05-23 Intrusion detection method and device for power distribution and utilization communication network

Publications (2)

Publication Number Publication Date
CN107333233A true CN107333233A (en) 2017-11-07
CN107333233B CN107333233B (en) 2020-04-28

Family

ID=60193893

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710369775.XA Active CN107333233B (en) 2017-05-23 2017-05-23 Intrusion detection method and device for power distribution and utilization communication network

Country Status (1)

Country Link
CN (1) CN107333233B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101872536A (en) * 2010-06-24 2010-10-27 北京航空航天大学 System for monitoring intrusion on basis of wireless sensor network
CN103702280A (en) * 2013-11-26 2014-04-02 中国十七冶集团有限公司 Secure routing protocol of Internet of Things based on node position detection
WO2014101099A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Trilateration processing of abnormal location data
CN104427466A (en) * 2013-08-28 2015-03-18 高德软件有限公司 Terminal device positioning method and terminal device
CN104955149A (en) * 2015-06-10 2015-09-30 重庆邮电大学 Indoor WLAN (wireless local area network) passive intrusion detection and positioning method based on fuzzy rule updating

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101872536A (en) * 2010-06-24 2010-10-27 北京航空航天大学 System for monitoring intrusion on basis of wireless sensor network
WO2014101099A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Trilateration processing of abnormal location data
CN104427466A (en) * 2013-08-28 2015-03-18 高德软件有限公司 Terminal device positioning method and terminal device
CN103702280A (en) * 2013-11-26 2014-04-02 中国十七冶集团有限公司 Secure routing protocol of Internet of Things based on node position detection
CN104955149A (en) * 2015-06-10 2015-09-30 重庆邮电大学 Indoor WLAN (wireless local area network) passive intrusion detection and positioning method based on fuzzy rule updating

Also Published As

Publication number Publication date
CN107333233B (en) 2020-04-28

Similar Documents

Publication Publication Date Title
Xu A survey of sensor network applications
US7336958B2 (en) Data transmission path establishing method, radio communication network system, and sensor network system
Yi et al. Confident information coverage hole detection in sensor networks for uranium tailing monitoring
CN102665253B (en) Event detection method on basis of wireless sensor network
Balzano et al. SNOT-WiFi: sensor network-optimized training for wireless fingerprinting
CN102724681A (en) Sensor network coverage hole detection method combining with energy efficiency
Kobayashi et al. Wireless technologies to assist search and localization of victims of wide-scale natural disasters by unmanned aerial vehicles
Lin et al. An incremental deployment algorithm for wireless sensor networks using one or multiple autonomous agents
Chu et al. Decentralized boundary detection without location information in wireless sensor networks
CN107071800A (en) A kind of cluster wireless sensor network method of data capture and device
CN110012422A (en) A kind of wireless sensor network mobile base station barrier-avoiding method in complicated region
CN107333233A (en) A kind of adapted telecommunication network inbreak detection method and device
Das et al. A review on coverage-hole boundary detection algorithms in wireless sensor networks
KR20140012854A (en) Sensor node deployment method of sensor network
Yang et al. A clustering-based algorithm for device-free localization in IoT
CN103546966A (en) Node positioning method of wireless sensor based on field environment
CN108494592A (en) Soil moisture monitoring system based on sensor network and monitoring soil moisture method
Guo et al. Distributed topological convex hull estimation of event region in wireless sensor networks without location information
Lalem et al. Boundary node failure detection in wireless sensor networks
CN212433900U (en) Underground cable intelligent anti-theft alarm device and system
Serna et al. A convex hull-based approximation of forest fire shape with distributed wireless sensor networks
Kotwal et al. Development of range free three dimensional localisation in wireless sensor networks
Chen et al. Optimal self boundary recognition with two-hop information for ad hoc networks
Hwang et al. 2-Connected relay node placement scheme in disjoint wireless sensor networks
CN105472630A (en) Wireless sensor network edge node identification method based on triangular discrimination

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100070 Fengtai District, Feng Feng Road, the era of wealth on the 1st floor of the world's 28 floor, Beijing

Applicant after: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd.

Applicant after: STATE GRID CORPORATION OF CHINA

Applicant after: RESEARCH INSTITUTE OF ECONOMICS AND TECHNOLOGY, STATE GRID SHANDONG ELECTRIC POWER Co.

Applicant after: Beijing University of Posts and Telecommunications

Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Applicant after: TAIYUAN POWER SUPPLY COMPANY OF STATE GRID SHANXI ELECTRIC POWER Co.

Address before: 100070 Fengtai District, Feng Feng Road, the era of wealth on the 1st floor of the world's 28 floor, Beijing

Applicant before: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd.

Applicant before: State Grid Corporation of China

Applicant before: RESEARCH INSTITUTE OF ECONOMICS AND TECHNOLOGY, STATE GRID SHANDONG ELECTRIC POWER Co.

Applicant before: Beijing University of Posts and Telecommunications

Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Applicant before: TAIYUAN POWER SUPPLY COMPANY OF STATE GRID SHANXI ELECTRIC POWER Co.

CB02 Change of applicant information
TA01 Transfer of patent application right

Effective date of registration: 20190729

Address after: 100085 Beijing city Haidian District Qinghe small Camp Road No. 15

Applicant after: BEIJING CHINA POWER INFORMATION TECHNOLOGY Co.,Ltd.

Applicant after: STATE GRID CORPORATION OF CHINA

Applicant after: RESEARCH INSTITUTE OF ECONOMICS AND TECHNOLOGY, STATE GRID SHANDONG ELECTRIC POWER Co.

Applicant after: Beijing University of Posts and Telecommunications

Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Applicant after: TAIYUAN POWER SUPPLY COMPANY OF STATE GRID SHANXI ELECTRIC POWER Co.

Address before: 100070 Fengtai District, Feng Feng Road, the era of wealth on the 1st floor of the world's 28 floor, Beijing

Applicant before: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd.

Applicant before: STATE GRID CORPORATION OF CHINA

Applicant before: RESEARCH INSTITUTE OF ECONOMICS AND TECHNOLOGY, STATE GRID SHANDONG ELECTRIC POWER Co.

Applicant before: Beijing University of Posts and Telecommunications

Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Applicant before: TAIYUAN POWER SUPPLY COMPANY OF STATE GRID SHANXI ELECTRIC POWER Co.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant