CN108040325A - A kind of witch's nodal test method based on RSSI value and credit worthiness - Google Patents

A kind of witch's nodal test method based on RSSI value and credit worthiness Download PDF

Info

Publication number
CN108040325A
CN108040325A CN201711372381.6A CN201711372381A CN108040325A CN 108040325 A CN108040325 A CN 108040325A CN 201711372381 A CN201711372381 A CN 201711372381A CN 108040325 A CN108040325 A CN 108040325A
Authority
CN
China
Prior art keywords
node
nodes
monitoring
common
sybil
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711372381.6A
Other languages
Chinese (zh)
Other versions
CN108040325B (en
Inventor
吴援明
黄桂琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201711372381.6A priority Critical patent/CN108040325B/en
Publication of CN108040325A publication Critical patent/CN108040325A/en
Application granted granted Critical
Publication of CN108040325B publication Critical patent/CN108040325B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a kind of witch's nodal test method based on RSSI value and credit worthiness, using credit worthiness model and adaptive threshold, select the suspect node that multiple qualified monitoring nodes propose monitoring node to investigate, so as to achieve the purpose that Sybil attack detects.The present invention goes out doubtful witch's node first with monitoring node roughing, the monitoring node of two high credit worthinesses is selected again, witch's node is determined using RSSI value, and in the case where energy consumption allows, the present invention has detection accuracy rapidly and efficiently, relatively low false drop rate and omission factor.

Description

Sybil node detection method based on RSSI value and credit degree
Technical Field
The invention belongs to the technical field of wireless sensor networks, and particularly relates to a design of a Sybil node detection method based on RSSI (received signal strength indicator) values and credibility.
Background
A Wireless Sensor Network (WSN) is an ad hoc Network system formed by a large number of miniature and cheap Sensor nodes deployed in a monitoring area and in a Wireless multi-hop communication manner. The intelligent household intelligent medical emergency rescue system is widely applied to various fields, and the safety of the intelligent household intelligent medical emergency rescue system is more and more prominent in medical accident rescue, city management, intelligent household, military and other applications.
There are attacks from the outside and attacks mixed into the inside to the wireless sensor network attack. The external attack refers to an attack which is not obtained by a key and can not be accessed to a node of a network, such as physical layer blocking and normal communication of an interference node, and for the attack, the attack can be responded by mechanisms such as isolation blocking areas or frequency hopping communication; for network eavesdropping, the confidentiality of the communication link may be guaranteed by encryption techniques. The internal attack means that an attacker breaks through a defense mechanism set by an encryption technology and the like through a certain technical means, pretends to be a normal node to submerge into the network, and actively initiates a targeted malicious attack behavior from the inside. Such as wormhole attacks, witch attacks, selective forwarding attacks, black hole attacks, and the like.
Sybil attacks have unique features, and thus are extremely destructive. Generally, a malicious node (e.g., S in fig. 1) refers to a node that is tampered with by external capture, and a witch node (e.g., S1, S2 in fig. 1) refers to a node identity forged by the malicious node, and does not actually exist. The Sybil attack means that malicious nodes forge a plurality of Sybil nodes and attract neighbor nodes to forward data packets to the Sybil nodes, so that transmission paths of the data packets are changed, selective forwarding is carried out, the data packets are discarded, or the energy of the neighbor nodes is rapidly consumed, so that a network is divided, and even dies rapidly.
The Sybil nodes are quickly detected, the detection accuracy is improved, the node energy is consumed as little as possible, and the method is an important content for detecting the Sybil attack of the wireless sensor network. According to the characteristic that malicious nodes forge multiple identities to appear in a network but actual geographic positions are consistent, various Sybil attack detection methods can be divided into two categories: an identity-based authentication method and a location-based detection method.
Identity-based authentication methods detect Sybil attacks by limiting the generation of valid node information. Due to the limitation of energy and computing power of the sensor nodes, the detection method needs a large amount of time consumption and computing cost, which become a disadvantage, and the detection rate of the detection method is not very high.
Location-based detection methods are proposed based on the fact that multiple witch nodes are multiple identities of malicious nodes, and in fact, they are the nature of the same physical node. In the existing position-based Sybil attack detection method, two monitoring nodes are adopted, and 3 or more monitoring nodes are also adopted, but the selection conditions of the monitoring nodes are basically not considered, so that the possibility that malicious nodes serve as the monitoring nodes exists, and the detection accuracy rate is low easily caused.
Research shows that compared with other methods, the detection method based on the RSSI (Received Signal Strength) value has no node hardware requirement and relatively low energy consumption. In addition, the RSSI has the characteristics of monotonous increasing distance, simple calculation and high detection precision. Therefore, the method for detecting the witch attack based on the RSSI is more suitable for the wireless sensor network with limited resources, and has become a mainstream method.
The credibility model is a mechanism for judging whether a node is trustworthy or not by calculating and evaluating the trustworthiness of the node. Malicious nodes can be effectively identified by examining the credit values of the nodes, and the most trusted nodes are selected for communication, so that the safety and reliability of the network are improved. The credit calculation is the core of a credit mechanism and is the comprehensive evaluation of the overall performance of the nodes. The reputation of the target node is analyzed using a reputation mechanism prior to communication to determine whether the transaction can be performed.
Disclosure of Invention
The invention aims to provide a Sybil node detection method based on RSSI value and credibility, so as to improve the accuracy of Sybil attack detection.
The technical scheme of the invention is as follows: a Sybil node detection method based on RSSI values and credibility comprises the following steps:
s1, wireless sensor network layout is carried out, and regional control of monitoring nodes is achieved.
And S2, searching suspicious nodes based on the RSSI value and the credit degree according to the network layout condition.
And S3, selecting two monitoring nodes with high credibility, checking suspicious nodes based on the RSSI values, and determining Sybil nodes.
The invention has the beneficial effects that: the method comprises the steps of firstly roughly selecting suspected Sybil nodes by using the monitoring nodes, then selecting two monitoring nodes with high credibility, and determining the Sybil nodes by using the RSSI value.
Further, step S1 comprises the following sub-steps:
s11, randomly and uniformly throwing the common nodes in a certain range, collecting surrounding data by using the common nodes, simultaneously forwarding data of other nodes as routing nodes, and converging the data to a sink node.
S12, the sink node broadcasts a Hello message to the surroundings, and the first group of common nodes which receive the Hello message reply an ACK message to the sink node and are marked as first hop nodes.
S13, broadcasting a Hello message to the surrounding by the first hop node, marking the non-first hop node which receives the Hello message as a second hop node, and simultaneously replying an ACK message to the first hop node which sends the Hello message; mutually listing the first hop node and the second hop node as neighbor nodes of the other party, and establishing a neighbor list; the neighbor list includes neighbor node information and RSSI values from itself to neighbor nodes.
And S14, sequentially obtaining a third hop node and a fourth hop node by adopting the same method as the step S13, and establishing a neighbor list of each common node.
And S15, randomly and uniformly throwing the monitoring nodes, wherein the number of the monitoring nodes is 10% of that of the common nodes.
S16, each monitoring node controls to send radius broadcast information, sends a data packet containing ID information of the monitoring node, and neighboring nodes receiving the data packet feed back information to the monitoring node and join the monitoring area of the monitoring node.
S17, each monitoring node compiles ID information for the common nodes in the monitoring area, sends Hello information to the common nodes in the monitoring area and determines the neighbor list of the monitoring node.
The beneficial effects of the above further scheme are: the wireless sensor network layout can realize the regional control of the monitoring nodes and provide an operating environment for the subsequent detection of the Sybil nodes.
Further, the radius of the monitoring area of the monitoring node is 1/2 of the communication radius of the common node.
The beneficial effects of the further scheme are as follows: the radius of the monitoring area of the monitoring node is determined to be 1/2 of the communication radius of the common node while ensuring that the monitoring node can have two monitoring nodes meeting the threshold value, so that in the monitoring area of the monitoring node, each common node is in the communication range of the other side, and the RSSI value of the other side can be known.
Further, step S2 comprises the following sub-steps:
s21, monitoring the node n M Periodically finding out common nodes with similar RSSI values in the monitoring area, if two common nodes n are found p 、n q Satisfy | d Mp -d Mq If | is less than or equal to e, n is added p 、n q As a set of suspect nodes, join the suspect list double [ i ]]Performing the following steps; wherein d is Mp Representing a node n p To n M RSSI value of (d) Mq Representing a node n q To n M E is the error and i is the suspected node number.
S22, monitoring node n M Calculating the credit degree of the common nodes in the monitoring area, and finding the common node n with the credit degree lower than the self-adaptive threshold value S And then according to the monitoring node n M Self-neighbor list Nei M [j]The RSSI value information in (1) is selected and compared with the RSSI value d MS Similar common node n a 、n b When | d MS -d aS E is less than or equal to and d MS -d bS When | ≦ e, n is added S 、n a 、n b Join the suspicion list double [ i ] as a new set of suspicion nodes]The preparation method comprises the following steps of (1) performing; wherein d is MS Representing a node n S To n M RSSI value of (d) aS Representing a node n a To n M RSSI value of (d) bS Representing a node n b To n M J represents node n M The neighbor node number of (2).
S23, checking the packet head of the data packet obtained by monitoring of the monitoring node, and if the common node n with unregistered identity is found j And newly added ordinary node n in the monitoring area i N is to be i ,n j Join into the suspicion list Doubt i as another set of suspect nodes]In (1).
The beneficial effects of the further scheme are as follows: suspicious nodes are searched layer by layer in three steps, all suspicious nodes which can become Sybil nodes are added into a suspicious list, and the missing rate of the whole algorithm is reduced.
Further, step S3 comprises the following substeps:
s31, monitoring node n M Selecting the nodes n with the highest and the next highest credit degrees r ,n y As a monitoring node (ordinary node n) r 、n y Cannot exist in the suspect list double [ i ]]In) get node n M To n r RSSI value d of Mr Node n M To n y RSSI value d of My And node n r To n y RSSI value d of ry Judging whether the three points can form a triangle by using trilateral sum theorem of the triangle, if so, containing a monitoring node n r 、n y Numbering and suspicion list Doubt [ i ]]Is sent to n r Step S32 is entered, otherwise another node n with inferior reputation degree is selected z (ordinary node n) z Cannot exist in the suspect list double [ i ]]In), the decision is repeated until a node satisfying the triangle trilateral sum theorem is found.
S32, according to the monitoring node n r Neighbor list Nei r [k]Information of (2), search for n r Self-to-suspect list double [ i]Respectively comparing the RSSI values of the suspicious nodes, and if the RSSI values of the suspicious nodes reach n r Is greater than the error e, the set of suspect nodes is selected from the suspect list, doubt i]Removing; wherein k represents a node n r The neighbor node number of (2).
S33, if the Doubt list Doubt [ i ]]If there are still remaining suspicious nodes, it will contain monitoring node n r 、n y Numbering and suspicion list Doubt [ i ]]Is sent to n y By monitoring node n y Repeating the operation of step S32; otherwise the suspicion list Doubt [ i ]]None of the suspect nodes in (a) are witch nodes.
S34, if the Doubt [ i ] has the remaining suspicious nodes, determining the Doubt [ i ] as the Sybil nodes, diffusing the Sybil node information to the whole network, and excluding the Sybil nodes; otherwise, doubting that all suspicious nodes in the double [ i ] are not Sybil nodes.
The beneficial effects of the above further scheme are: in a large number of common nodes, the monitoring node is used for selecting the common node reaching the credit threshold and in the communication range of the monitored node as the monitoring node, and the suspicious node is checked, so that the accuracy rate of detection is greatly improved.
Further, the calculation formula of the reputation degree is as follows:
Val=a×Pr+b×Power (1)
wherein Val represents node credit degree, a and b are two weight coefficients, 0 & lta & gt & lt 1 & gt, 0 & ltb & lt 1 & gt, a & ltb & lt =1 & gt, power is node residual energy, pr is node total forwarding rate, and the calculation formula is as follows:
wherein f represents the number of the forwarded data packets counted by the monitoring node from the beginning of the work, and r represents the number of the received data packets counted by the monitoring node from the beginning of the work.
The beneficial effects of the above further scheme are: malicious nodes can be effectively identified by examining the credit values of the nodes, and the most trusted node is selected for communication, so that the safety and reliability of the network are improved.
Further, the calculation formula of the adaptive threshold is as follows:
T(n)=T(n-1)*{Pt+[1-Pt]*p(n)} (3)
wherein T (n) represents the adaptive threshold value of the monitoring period of the nth round, the initial value T (0) =0.7, p (n) represents the node forwarding rate of the monitoring period of the nth round, pt represents the total forwarding rate of the monitoring area from the beginning of work to the monitoring period of the nth round, and the calculation formula is as follows:
wherein p (i) represents the node forwarding rate of the ith monitoring cycle, and A represents the number of data packets received by the monitoring area in the ith monitoring cycle.
The beneficial effects of the further scheme are as follows: and a self-adaptive detection threshold is provided, and the requirements of the network under various environments are ensured.
Drawings
Fig. 1 is a schematic diagram of a witch attack model.
Fig. 2 is a flowchart of a witch node detection method based on RSSI values and reputation according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating a layout of a wireless sensor network according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a change of a total forwarding rate of network data corresponding to values of different a and b according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a change of values of different a and b corresponding to the number of remaining nodes in the network according to the embodiment of the present invention.
Fig. 6 is a comparative graph showing the witch node detection accuracy rate varying with the number of the witch nodes according to the embodiment of the present invention.
Fig. 7 is a comparative graph showing how the witch node detection accuracy changes with the total node number according to the embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It is to be understood that the embodiments shown and described in the drawings are merely exemplary and are intended to illustrate the principles and spirit of the invention, not to limit the scope of the invention.
Before describing specific embodiments of the present invention, several points in the embodiments of the present invention are first defined and explained:
the embodiment of the invention mainly relates to three types of nodes: one is a common node responsible for collecting data and forwarding the data; one is that the monitoring node reaches the credit self-adaptive threshold and is temporarily changed into by a common node, and the RSSI value comparison and check are carried out on the own neighbor list; the other is a monitoring node which is responsible for monitoring the behaviors of the common nodes, calculating the comprehensive credibility of the common nodes and selecting the monitoring nodes, and each monitoring node is responsible for managing the common nodes in a certain area.
The embodiment of the invention provides a Sybil node detection method based on RSSI value and credit degree, as shown in figure 2, comprising the following steps S1-S3:
s1, wireless sensor network layout is carried out, and regional control of monitoring nodes is achieved.
Step S1 specifically includes the following substeps S11-S17:
and S11, randomly and uniformly throwing the common nodes in a certain range, collecting surrounding data by using the common nodes, forwarding data of other nodes by using the common nodes as routing nodes, and converging the data to a convergent node.
S12, the sink node broadcasts the Hello message to the surrounding, and the first group of common nodes which receive the Hello message reply the ACK message to the sink node and are marked as first hop nodes.
S13, broadcasting a Hello message to the surroundings by the first hop node, marking the non-first hop node which receives the Hello message as a second hop node, and simultaneously replying an ACK message to the first hop node which sends the Hello message; and mutually listing the first hop node and the second hop node as neighbor nodes of the opposite side, and establishing a neighbor list. The neighbor list includes neighbor node information and RSSI values from itself to neighbor nodes. The subsequent algorithm of the embodiment of the invention is based on the RSSI value, and the distance between the transmitter and the receiver can be deduced through the strength of the received wireless signal without additional hardware for the distance measurement based on the RSSI value.
And S14, sequentially obtaining a third hop node and a fourth hop node by adopting the same method as the step S13, and establishing a neighbor list of each common node.
And S15, randomly and uniformly throwing the monitoring nodes. The number of the monitoring nodes is in fixed proportion to the number of the common nodes, and the number of the monitoring nodes in the embodiment of the invention is 10% of the number of the common nodes.
S16, each monitoring node controls to send radius broadcast information, sends a data packet containing ID information of the monitoring node, and neighboring nodes receiving the data packet feed back information to the monitoring node and join the monitoring area of the monitoring node.
In the embodiment of the invention, the radius of the monitoring area of the monitoring node is 1/2 of the communication radius of the common node, so that each common node is in the communication range of the other side in the monitoring area of the monitoring node, and the RSSI value of the other side can be known.
S17, each monitoring node compiles ID information for the common nodes in the monitoring area, sends Hello information to the common nodes in the monitoring area, and determines the neighbor list of the monitoring node.
The wireless sensor network layout completed by step S1 is shown in fig. 3.
And S2, searching suspicious nodes based on the RSSI value and the credit degree according to the network layout condition.
Step S2 specifically includes the following substeps S21-S23:
s21, passing the monitoring node n M Periodically finding common nodes with similar RSSI values in the monitoring area, and if two common nodes n are found p 、n q Satisfy | d Mp -d Mq If | is less than or equal to e, n is p 、n q As a set of suspect nodes, join the suspect list double [ i ]]The preparation method comprises the following steps of (1) performing; wherein d is Mp Representing a node n p To n M RSSI value of d Mq Representing a node n q To n M E is the error and i is the suspected node number.
S22, monitoring node n M Calculating the credit degree of the common nodes in the monitoring area, and finding the common node n with the credit degree lower than the self-adaptive threshold value S Then according to the monitoring node n M Self neighbor list Nei M [j]The RSSI value information in (1) is selected and compared with the RSSI value d MS Similar common node n a 、n b When | d MS -d aS E is less than or equal to and d MS -d bS When | ≦ e, n is added S 、n a 、n b Join the suspicion list double [ i ] as a new set of suspicion nodes]The preparation method comprises the following steps of (1) performing; wherein d is MS Representing a node n S To n M RSSI value of d aS Representing a node n a To n M RSSI value of d bS Representing a node n b To n M RSSI value of (1), j represents node n M The neighbor node number of (2).
In the embodiment of the invention, the calculation formula of the credibility is as follows:
Val=a×Pr+b×Power (1)
wherein Val represents node credit degree, a and b are two weight coefficients, 0 & lta & gt & lt 1 & gt, 0 & ltb & lt 1 & gt, a & ltb & lt =1 & gt, power is node residual energy, pr is node total forwarding rate, and the calculation formula is as follows:
wherein f represents the number of the forwarded data packets counted by the monitoring node from the beginning of the work, and r represents the number of the received data packets counted by the monitoring node from the beginning of the work.
The calculation formula of the self-adaptive threshold value is as follows:
T(n)=T(n-1)*{Pt+[1-Pt]*p(n)} (3)
wherein T (n) represents the adaptive threshold value of the monitoring period of the nth round, the initial value T (0) =0.7, p (n) represents the node forwarding rate of the monitoring period of the nth round, pt represents the total forwarding rate of the monitoring area from the beginning of work to the monitoring period of the nth round, and the calculation formula is as follows:
wherein p (i) represents the node forwarding rate of the ith monitoring cycle, and A represents the number of data packets received by the monitoring area in the ith monitoring cycle.
The setting of the adaptive threshold value must also satisfy a fundamental requirement: the threshold value cannot be higher than the total forwarding rate of the ordinary nodes and the network, i.e. 0 to T (n) <1, T (n) < p (n), T (n) < Pt. Since p (n) ≦ 1, the threshold T (n) obviously satisfies 0<T (n) <1.
S23, checking the packet head of the data packet obtained by monitoring of the monitoring node, and if the common node n with unregistered identity is found j And newly added common node n in the monitoring area i N is to be i ,n j Join into the suspicion list Doubt i as another set of suspect nodes]In (1).
In the embodiment of the invention, the monitoring node mainly plays a role in three aspects: firstly, when a new node is added in the area, a verification message needs to be sent to the new node in order to obtain an RSSI value for the next observation and comparison; secondly, periodically checking the RSSI value of the neighbor list of the node to deal with a second Sybil attack form (the Sybil node attracts the data flow of the surrounding nodes, but does not perform illegal operation on the data, and only forwards the data normally to cause premature death of the normal nodes); and thirdly, playing a role in the process of forwarding the data packets in the region, monitoring the data packet flow (not participating in the forwarding of the data packets), counting the number of the data packets received and forwarded by the common nodes in the region, estimating the energy consumption condition of each common node, updating the comprehensive credit degree of each common node in real time, listing the common nodes lower than the threshold value as suspicious nodes, and selecting the common nodes higher than the threshold value as monitoring nodes in the region. And in consideration of the storage of the credibility, storing the credibility in a neighbor list of the monitoring node, wherein the neighbor list corresponds to each common node.
And S3, selecting two monitoring nodes with high credibility, checking suspicious nodes based on the RSSI values, and determining Sybil nodes.
Step S3 includes the following substeps S31-S34:
s31, monitoring node n M Selecting the nodes n with the highest and the next highest credit degrees r ,n y As a monitoring node (ordinary node n) r 、n y Cannot exist in the suspicion list double [ i ]]In) get node n M To n r RSSI value d of Mr Node n M To n y RSSI value d of My And node n r To n y RSSI value d of ry Judging whether the three points can form a triangle or not by utilizing the trilateral sum theorem of the triangle, and if so, containing a monitoring node n r 、n y Numbering and suspicion list Doubt [ i ]]Is sent to n r Step S32 is entered, otherwise another node n with inferior reputation degree is selected z (ordinary node n) z Cannot exist in the suspicion list double [ i ]]In), the decision is repeated until a node satisfying the triangle trilateral sum theorem is found.
S32, according to the monitoring node n r Neighbor list Nei r [k]Information of (2), search for n r Self-to-suspicion list double [ i ]]Respectively comparing the RSSI values of the suspicious nodes, and if the RSSI values of the suspicious nodes reach n r If the RSSI difference is greater than the error e, the set of suspect nodes is selected from the suspect list, doubt [ i ]]Removing; wherein k represents a node n r The neighbor node number of (2).
S33, if the Doubt list Doubt [ i ]]If there are still remaining suspicious nodes, it will contain monitoring node n r 、n y Numbering and suspicion list Doubt [ i ]]Is sent to n y By monitoring node n y Repeating the operation of step S32; otherwise the suspicion list Doubt [ i ]]None of the suspect nodes in (a) are Sybil nodes.
S34, if the Doubt [ i ] has the remaining suspicious nodes, determining the Doubt [ i ] as the Sybil nodes, diffusing the Sybil node information to the whole network, and excluding the Sybil nodes; otherwise, doubting that all suspicious nodes in the double [ i ] are not Sybil nodes.
The following further describes, by a specific example, a witch node detection method based on RSSI values and reputation provided by an embodiment of the present invention:
the operation condition of the wireless sensor network under a distributed system is considered, the nodes with fixed positions are uniformly distributed, the specific geographic positions of the nodes and the neighboring nodes are not known, and the simulation environment is stable and reliable. In addition, the transmission power of each node (including a malicious node) cannot be changed. In the embodiment of the invention, the number of the sensor nodes is changed from 50 to 600; uniformly distributed in a sensor motion area E, E is 500m 2 . The node attributes and communication parameters are set as shown in table 1.
TABLE 1
In consideration of the ranging accuracy of the RSSI value, the ranging error e in the embodiment of the present invention is 50cm.
As shown in equation (1), in the calculation of the node reputation value Val, the values of the parameter a and the parameter b will influence the selection of the monitoring node: if a is too large and b is small, the forwarding rate is emphasized when the monitoring node is selected, so that the energy consumption of each common node is uneven, and the common node with high forwarding rate is overused, so that the common node dies too early; when a is smaller and b is too large, the energy consumption is considered preferentially by selecting the monitoring nodes, and each common node is selected according to the residual energy, so that although the service life of the whole network is prolonged, a malicious node is easy to select.
36000s are simulated in the embodiment of the invention until the nodes (10 nodes) in the region are completely dead. Fig. 4 and 5 show the assignment of different values of a and b, the data forwarding rate of the corresponding network (fig. 4), and the survival of the network nodes (fig. 5). From fig. 4 and fig. 5, we can see that when a =0.9 and b =0.1, the total data forwarding rate of the network is overall higher, but the node dies too fast and the network life cycle is shorter; when a =0.1, b =0.9, although the life cycle of the network reaches the longest, the forwarding rate of the whole network is low, and the network quality is too poor. In general, in the embodiment of the present invention, a =0.5 and b =0.5 are selected as parameters for calculating the reputation value.
Assume that the interval time of each round is 50 seconds, i.e. the monitoring period of the monitoring node is 50 seconds. In practical situations, the forwarding rate of the node cannot reach 100% generally, and a random number is introduced to control the forwarding rate of the node.
The Sybil attack has two forms, and the first data packet attack form aiming at the Sybil node can be specifically expressed as black hole attack and selective forwarding attack. For black hole attack, the forwarding rate of the malicious node is set to be 0%, namely, the packet is completely lost; for selective forwarding attack, the simulation discusses the condition that the forwarding rate of the malicious node is 30% -50%. For the routing attack, which is the second form of the Sybil attack, malicious nodes are normal in performance, the forwarding rate of the routing attack is the same as that of common nodes, only local nodes are targeted during routing, and network faults can be caused after a long time.
Simulation is carried out for 36000 seconds (720 rounds), and the second and third tables show that when the forwarding rate of a malicious node with two Sybil identities is set to be suddenly reduced from 70% -100% to 0% -50% in the 50 th round and the 500 th round respectively, the rounds of the Sybil nodes are detected by the method.
TABLE 2
TABLE 3
The second and third tables show that the present invention can be detected quickly and accurately no matter what form of witch attack. In particular, in the second form of the Sybil attack, the system can be found immediately when the Sybil nodes have malicious behaviors; for the selective forwarding attack in the first form, the total forwarding rate of the node is considered in the credibility adopted by the invention, and for the common node which is captured later to become a malicious node, the node is normally represented at the early stage, and sudden drop of the forwarding rate cannot be detected immediately. The invention adds the judgment condition, so that the detection can be carried out after 3 rounds.
The detection accuracy rate is represented by dividing the number of discovered Sybil nodes by the total number of malicious nodes existing in the system, wherein the total number of malicious nodes comprises false nodes with Sybil identities and malicious nodes. Considering that the UWB approach is consistent with the detection principle of the present invention, the following two schemes are compared.
Two cases were mainly considered in the present simulation. One is the condition that the number of common nodes is fixed, and the detection rate changes along with the number of Sybil nodes; the other is the condition that the number of Sybil nodes is in fixed proportion to the number of common nodes, and the detection rate changes along with the number of the nodes.
Fig. 6 shows the change of the detection rate with the increase of the number of witch nodes with the total number of nodes being fixed (150 nodes). In general, the detection rate of the invention is 96% on average, and the average detection rate of the UWB method is 94%. With the increase of the Sybil node number, the detection rates of the two methods slightly fluctuate and have a descending trend, but compared with a UWB scheme, the trend of the method is not obvious.
FIG. 7 shows the effect of node density on detection rate. The node density represents the composition of the deployment area, wherein the quantity of the witch nodes is 20% of the total legal nodes. It can be seen from fig. 7 that the detection rates of the two methods are both affected by the node density, and under the condition of higher node density, the detection rate integrally falls, but the falling trend of the invention is slower, the integral fluctuation is not very large, and the detection rate of the UWB method falls linearly; when the number of the nodes reaches 600, the detection rate of the UWB method is reduced to 80% from about 97%, and the detection rate of the UWB method is reduced to 92% from about 97%.
Therefore, the Sybil node detection method based on the RSSI value and the credibility has high detection rate, stability and small influence of node density. The main reason is that for the distributed wireless sensor network with limited energy, the malice of the malicious node is considered, the node is screened by using the credit degree model, and a plurality of high credit monitoring nodes are selected to check the suspicious node, so that the false alarm rate is reduced, and the high detection accuracy rate is achieved. For the factor that the energy of the sensor node is limited, the invention adopts the monitoring nodes (the other settings are the same) with different communication radiuses with the common nodes to monitor the data packet and calculate the credibility, selects two monitoring nodes with high credibility to detect the Sybil attack, does not need the participation of redundant nodes, reduces the overall energy consumption of the network and prolongs the life cycle of the network.
It will be appreciated by those of ordinary skill in the art that the embodiments described herein are intended to assist the reader in understanding the principles of the invention and are to be construed as being without limitation to such specifically recited embodiments and examples. Those skilled in the art can make various other specific changes and combinations based on the teachings of the present invention without departing from the spirit of the invention, and these changes and combinations are within the scope of the invention.

Claims (10)

1. A Sybil node detection method based on RSSI values and credibility is characterized by comprising the following steps of:
s1, wireless sensor network layout is carried out, and regional control of monitoring nodes is achieved;
s2, searching suspicious nodes based on the RSSI value and the credit degree according to the network layout condition;
and S3, selecting two monitoring nodes with high credibility, checking suspicious nodes based on the RSSI values, and determining Sybil nodes.
2. The method of claim 1, wherein the step S1 comprises the following substeps:
s11, randomly and uniformly throwing common nodes in a certain range, collecting surrounding data by using the common nodes, simultaneously forwarding data of other nodes as routing nodes, and converging the data to a convergence node;
s12, broadcasting a Hello message to the periphery by the sink node, replying an ACK message to the sink node by the first group of common nodes which receive the Hello message, and marking the ACK message as a first hop node;
s13, broadcasting a Hello message to the surrounding by the first hop node, marking the non-first hop node which receives the Hello message as a second hop node, and simultaneously replying an ACK message to the first hop node which sends the Hello message; mutually listing the first hop node and the second hop node as neighbor nodes of the other party, and establishing a neighbor list;
s14, sequentially obtaining a third hop node and a fourth hop node by adopting the same method as the step S13, and establishing a neighbor list of each common node;
s15, randomly and uniformly throwing the monitoring nodes;
s16, each monitoring node controls to send radius broadcast information, sends a data packet containing ID information of the monitoring node, and feeds back information to the monitoring node by neighboring nodes receiving the data packet and adds the information into a monitoring area of the monitoring node;
s17, each monitoring node compiles ID information for the common nodes in the monitoring area, sends Hello information to the common nodes in the monitoring area and determines the neighbor list of the monitoring node.
3. The method of claim 2, wherein the neighbor list includes neighbor node information and RSSI values from itself to neighbor nodes.
4. The method of claim 2, wherein the number of the monitoring nodes is 10% of the number of the normal nodes.
5. The Sybil node detection method of claim 2, wherein a radius of a monitoring area of the monitoring node is 1/2 of a communication radius of a common node.
6. The method of claim 3, wherein the step S2 comprises the following substeps:
s21, passing the monitoring node n M Periodically seeking within a monitored areaCommon nodes with similar RSSI values, if two common nodes n p 、n q Satisfy | d Mp -d Mq If | is less than or equal to e, n is p 、n q As a set of suspect nodes, join the suspect list double [ i ]]Performing the following steps; wherein d is Mp Representing a node n p To n M RSSI value of (d) Mq Representing a node n q To n M E is an error, i is a suspected node number;
s22, monitoring node n M Calculating the credit degree of common nodes in the monitoring area, and finding out the common node n with the credit degree lower than the self-adaptive threshold value S And then according to the monitoring node n M Self neighbor list Nei M [j]The RSSI value information in (1) is selected and compared with the RSSI value d MS Similar common node n a 、n b When | d MS -d aS Is less than or equal to e and is less than or equal to d MS -d bS When | ≦ e, n is added S 、n a 、n b Join the suspicion list double [ i ] as a new set of suspicion nodes]The preparation method comprises the following steps of (1) performing; wherein d is MS Representing a node n S To n M RSSI value of d aS Representing a node n a To n M RSSI value of d bS Representing a node n b To n M RSSI value of (1), j represents node n M The number of the neighbor node;
s23, checking the packet head of the data packet obtained by monitoring of the monitoring node, and if the common node n with unregistered identity is found j And newly added ordinary node n in the monitoring area i N is to be i ,n j Join in the suspicion list double i as another set of suspicion nodes]In (1).
7. The method of claim 6, wherein the step S3 comprises the following substeps:
s31, monitoring node n M Selecting common nodes n with highest and second highest credibility r ,n y As a monitoring node, obtain a node n M To n r RSSI value d of Mr Node n M To n y RSSI value d of My And node n r To n y RSSI value d of ry Judging whether the three points can form a triangle by using trilateral sum theorem of the triangle, if so, containing a monitoring node n r 、n y Numbering and suspicion list Doubt [ i ]]Is sent to n r Step S32 is entered, otherwise another ordinary node n with the second credit degree is selected z Repeating the judgment until finding a node meeting the triangle trilateral sum theorem;
s32, according to the monitoring node n r Neighbor list Nei r [k]Information of (2), search for n r Self-to-suspicion list double [ i ]]Respectively comparing the RSSI values of the suspicious nodes, and if the RSSI values of the suspicious nodes reach n r If the RSSI difference is greater than the error e, the set of suspect nodes is selected from the suspect list, doubt [ i ]]Removing; wherein k represents a node n r The neighbor node number of (1);
s33, if the Doubt list Doubt [ i ]]If there are still remaining suspicious nodes, it will contain monitoring node n r 、n y Numbering and suspicion list Doubt [ i ]]Is sent to n y By monitoring node n y Repeating the operation of step S32; otherwise the suspicion list Doubt [ i ]]None of the suspicious nodes in the set of nodes are Sybil nodes;
s34, if the Doubt [ i ] has the remaining suspicious nodes, determining the Doubt [ i ] as the Sybil nodes, diffusing the Sybil node information to the whole network, and excluding the Sybil nodes; otherwise, doubting that all suspicious nodes in the double [ i ] are not Sybil nodes.
8. The method of detecting Sybil nodes of claim 7, wherein the common nodes n are r 、n y And n z Cannot exist in the suspicion list double [ i ]]In (1).
9. The Sybil node detection method of claim 7, wherein the reputation is calculated by the formula:
Val=a×Pr+b×Power (1)
wherein Val represents node credit degree, a and b are two weight coefficients, 0 & lta & gt & lt 1 & gt, 0 & ltb & lt 1 & gt, a & ltb & lt =1 & gt, power is node residual energy, pr is node total forwarding rate, and the calculation formula is as follows:
wherein f represents the number of the forwarded data packets counted by the monitoring node from the beginning of the work, and r represents the number of the received data packets counted by the monitoring node from the beginning of the work.
10. The method of detecting witch nodes in claim 7, wherein the adaptive threshold value is calculated by the following formula:
T(n)=T(n-1)*{Pt+[1-Pt]*p(n)} (3)
wherein T (n) represents the adaptive threshold value of the monitoring period of the nth round, the initial value T (0) =0.7, p (n) represents the node forwarding rate of the monitoring period of the nth round, pt represents the total forwarding rate of the monitoring area from the beginning of work to the monitoring period of the nth round, and the calculation formula is as follows:
wherein p (i) represents the node forwarding rate of the ith monitoring cycle, and A represents the number of data packets received by the monitoring area in the ith monitoring cycle.
CN201711372381.6A 2017-12-19 2017-12-19 Sybil node detection method based on RSSI value and credit degree Expired - Fee Related CN108040325B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711372381.6A CN108040325B (en) 2017-12-19 2017-12-19 Sybil node detection method based on RSSI value and credit degree

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711372381.6A CN108040325B (en) 2017-12-19 2017-12-19 Sybil node detection method based on RSSI value and credit degree

Publications (2)

Publication Number Publication Date
CN108040325A true CN108040325A (en) 2018-05-15
CN108040325B CN108040325B (en) 2020-05-05

Family

ID=62099796

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711372381.6A Expired - Fee Related CN108040325B (en) 2017-12-19 2017-12-19 Sybil node detection method based on RSSI value and credit degree

Country Status (1)

Country Link
CN (1) CN108040325B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995790A (en) * 2019-04-11 2019-07-09 广东电网有限责任公司 A kind of node identities authentication method, device and the equipment of industry internet
CN112929882A (en) * 2021-01-15 2021-06-08 电子科技大学 Method for identifying Sybil nodes and overlapped nodes
CN113727349A (en) * 2021-09-07 2021-11-30 沈阳化工大学 Sybil attack network node anomaly detection method based on Mahalanobis distance
CN114339766A (en) * 2021-11-27 2022-04-12 北京工业大学 City car networking Sybil attack detection method based on coarse and fine granularity tracks
CN115866605A (en) * 2023-02-14 2023-03-28 东南大学 Sybil attack detection and isolation method based on signal intensity
US11706625B2 (en) 2020-09-03 2023-07-18 Cisco Technology, Inc. Malicious black hole node detection and circumvention
CN113727349B (en) * 2021-09-07 2024-04-26 沈阳化工大学 Method for detecting abnormal network node of Sybil attack based on Mahalanobis distance

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030217151A1 (en) * 2002-03-01 2003-11-20 Roese John J. Location based data
CN105873065A (en) * 2016-03-28 2016-08-17 南京邮电大学 Safe positioning method of wireless sensor network based on trust level evaluation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030217151A1 (en) * 2002-03-01 2003-11-20 Roese John J. Location based data
CN105873065A (en) * 2016-03-28 2016-08-17 南京邮电大学 Safe positioning method of wireless sensor network based on trust level evaluation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MURAT DEMIRBAS: "《Proceedings of the 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM"06)》", 31 December 2016 *
胡宇: "《中国优秀硕士学位论文全文数据库 信息科技辑》", 15 March 2016 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995790A (en) * 2019-04-11 2019-07-09 广东电网有限责任公司 A kind of node identities authentication method, device and the equipment of industry internet
CN109995790B (en) * 2019-04-11 2021-07-23 南方电网电力科技股份有限公司 Node identity authentication method, device and equipment for industrial Internet
US11706625B2 (en) 2020-09-03 2023-07-18 Cisco Technology, Inc. Malicious black hole node detection and circumvention
CN112929882A (en) * 2021-01-15 2021-06-08 电子科技大学 Method for identifying Sybil nodes and overlapped nodes
CN112929882B (en) * 2021-01-15 2022-05-03 电子科技大学 Method for identifying Sybil nodes and overlapped nodes
CN113727349A (en) * 2021-09-07 2021-11-30 沈阳化工大学 Sybil attack network node anomaly detection method based on Mahalanobis distance
CN113727349B (en) * 2021-09-07 2024-04-26 沈阳化工大学 Method for detecting abnormal network node of Sybil attack based on Mahalanobis distance
CN114339766A (en) * 2021-11-27 2022-04-12 北京工业大学 City car networking Sybil attack detection method based on coarse and fine granularity tracks
CN114339766B (en) * 2021-11-27 2024-02-09 北京工业大学 Urban Internet of vehicles Sybil attack detection method based on coarse-fine granularity tracks
CN115866605A (en) * 2023-02-14 2023-03-28 东南大学 Sybil attack detection and isolation method based on signal intensity

Also Published As

Publication number Publication date
CN108040325B (en) 2020-05-05

Similar Documents

Publication Publication Date Title
CN108040325B (en) Sybil node detection method based on RSSI value and credit degree
Subba et al. Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation
Ahmed et al. Mitigation of black hole attacks in routing protocol for low power and lossy networks
Stetsko et al. Neighbor-based intrusion detection for wireless sensor networks
Şen et al. Intrusion detection in mobile ad hoc networks
Sun et al. A comprehensive trust-aware routing protocol with multi-attributes for WSNs
Karthigha et al. A comprehensive survey of routing attacks in wireless mobile ad hoc networks
Sasikala et al. An intelligent technique to detect jamming attack in wireless sensor networks (WSNs)
Sánchez-Casado et al. Identification of contamination zones for sinkhole detection in MANETs
Venkanna et al. Black hole attack and their counter measure based on trust management in manet: A survey
Meng et al. Evaluation of detecting malicious nodes using Bayesian model in wireless intrusion detection
Mutlu et al. A distributed cooperative trust based intrusion detection framework for MANETs
Zakhary et al. Reputation-based security protocol for MANETs in highly mobile disconnection-prone environments
Joseph et al. Performance evaluation of MANETs under black hole attack for different network scenarios
Alghamdi Novel trust-aware intrusion detection and prevention system for 5G MANET–Cloud
Ramachandran et al. A low-latency and high-throughput multipath technique to overcome black hole attack in Mobile Ad hoc network (MTBD)
Kim et al. Physical identification based trust path routing against sybil attacks on RPL in IoT networks
Zhang et al. Jamming-resilient backup nodes selection for RPL-based routing in smart grid AMI networks
Dani Detection of Denial-of-Service Attack Using Weight based Trust Aware Routing Approach.
CN103491542B (en) The sewage pool attack intrusion detection method of Multi-path route in underwater sensor network
Alsaedi et al. Energy trust system for detecting sybil attack in clustered wireless sensor networks
Ye et al. Recognition of grey hole attacks in wireless sensor networks using fuzzy logic in IoT
Taghanaki et al. A decentralized method for detecting clone ID attacks on the Internet of Things
Cucurull et al. Surviving attacks in challenged networks
Sultan et al. An Intrusion Detection Mechanism for MANETs Based on Deep Learning Artificial Neural Networks (ANNs)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200505

Termination date: 20201219