CN108881277A - The method, device and equipment of monitoring wireless sensor network node invasion - Google Patents
The method, device and equipment of monitoring wireless sensor network node invasion Download PDFInfo
- Publication number
- CN108881277A CN108881277A CN201810750541.4A CN201810750541A CN108881277A CN 108881277 A CN108881277 A CN 108881277A CN 201810750541 A CN201810750541 A CN 201810750541A CN 108881277 A CN108881277 A CN 108881277A
- Authority
- CN
- China
- Prior art keywords
- cluster result
- cluster
- sensor network
- link
- wireless sensor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
The invention discloses a kind of methods of monitoring wireless sensor network node invasion, the clustering algorithm based on mathematical morphology, the clustering algorithm based on distance and the clustering algorithm based on level can be carried out respectively to received signal strength indicator of the network node each in wireless sensor network when transmitting data and link-quality instruction, final cluster result is determined according to three obtained cluster result, and according to the size relation of final cluster result and wireless sensor network interior joint quantity, the network node of illegal invasion is judged whether there is.As it can be seen that this method, which has merged three kinds of clustering methods, obtains final cluster result, therefore cluster result is more accurate, and confidence level is higher, effectively realizes the purpose of illegal invasion node in monitoring wireless sensor network.In addition, being acted on corresponding with the effect of the above method the present invention also provides device, equipment and the computer readable storage medium of a kind of invasion of monitoring wireless sensor network node.
Description
Technical field
The present invention relates to wireless network secure field, in particular to a kind of monitoring wireless sensor network node invasion
Method, apparatus, equipment and computer readable storage medium.
Background technique
With the development of network technology, wireless network has entered into the every aspect of life, and the safety of wireless network is also opened
Beginning causes more and more to pay close attention to.
The method that wireless sensor network safety problem generallys use encryption and certification is solved, encryption can guarantee attacker
Even if the cipher-text message for obtaining transmission, which can not crack, obtains clear-text message, certification can guarantee message from legal node
And whether verifying message is modified.
But both the above method belongs to Passive Defence and can not achieve intrusion detection.Using the side of encryption or certification
Method come guarantee data transmission safety, computation complexity and energy consumption are higher, and system cost is high, and most importantly encrypt
Or the method for certification can seldom support intrusion detection, it, can not when there is the invasion of malicious node in a wireless sensor network
The attack of this node is monitored in real time, thus its safety is restricted.
As it can be seen that how to solve to provide a kind of method of reliable monitoring wireless sensor network node invasion, have very much
Research significance.
Summary of the invention
The object of the present invention is to provide method, apparatus, equipment and the meters of a kind of invasion of monitoring wireless sensor network node
Calculation machine readable storage medium storing program for executing leads to safety because that can not implement monitoring invasion node to solve traditional wireless sensor networks
Lower problem.
In order to solve the above technical problems, the present invention provides a kind of method of monitoring wireless sensor network node invasion,
Including:
Determine received signal strength indicator and link of each network node when transmitting data in wireless sensor network
Quality instruction;
Link-quality instruction is clustered using the clustering algorithm based on mathematical morphology, obtains the first cluster
As a result;
The received signal strength indicator and link-quality instruction are gathered using the clustering algorithm based on distance
Class obtains the second cluster result;
The received signal strength indicator and link-quality instruction are gathered using the clustering algorithm based on level
Class obtains third cluster result;
According to first cluster result, second cluster result, the third cluster result, final cluster is determined
As a result;
According to the size relation of the number of nodes in the final cluster result and the wireless sensor network, judgement
It whether there is the network node of illegal invasion in the wireless sensor network.
Wherein, described according to first cluster result, second cluster result, the third cluster result, it determines
Finally cluster result includes:
It is in advance respectively first cluster result, second cluster result, third cluster result imparting first
Weight coefficient, the second weight coefficient, third weight coefficient, wherein first weight coefficient, the second weight coefficient, Yi Jisuo
State third weight coefficient and be 1;
According to first cluster result, second cluster result, the third cluster result and described first
Weight coefficient, the second weight coefficient, third weight coefficient, determine final cluster result;
The size relation according to the number of nodes in the final cluster result and the wireless sensor network,
Judge that the network node in the wireless sensor network with the presence or absence of illegal invasion includes:
Judge whether the final cluster result is greater than the number of nodes in the wireless sensor network;
If more than then there are the network nodes of illegal invasion in the wireless sensor network.
Wherein, first weight coefficient, second weight coefficient and the third weight coefficient are 1/3.
Wherein, described that link-quality instruction is clustered using the clustering algorithm based on mathematical morphology, it obtains
First cluster result includes:
It is indicated according to the link-quality, determines link-quality staircase curve, the horizontal seat of the link-quality staircase curve
It is designated as sampling sequence number, ordinate is link-quality instruction;
Determine the subgraph region between the link-quality staircase curve and axis of abscissas;
Multiple operation is carried out to the subgraph region using the erosion operation in mathematical morphology, obtains multiple particles point
Number;
According to the particle score, Particle Distribution curve is determined;
According to the particle curve, first cluster result is determined.
Wherein, described to utilize the clustering algorithm based on distance to the received signal strength indicator and the link-quality
Instruction is clustered, and obtaining the second cluster result includes:
It is indicated according to the received signal strength indicator and the link-quality, determines data aggregate distribution map, it is described
The abscissa for closing distribution map is the received signal strength indicator, and ordinate is link-quality instruction;
The poly- of first preset times is carried out according to the data aggregate distribution map based on the clustering algorithm of distance using described
Class operation obtains multiple cluster results;
Determine the maximum cluster result of mean profile value in the cluster result, and the mean profile value is maximum
Cluster result is as second cluster result.
Wherein, described to utilize the clustering algorithm based on level to the received signal strength indicator and the link-quality
Instruction is clustered, and obtaining third cluster result includes:
It is indicated according to the received signal strength indicator and the link-quality, determines the data aggregate distribution map;
Cluster operation is carried out according to the data aggregate distribution map based on the clustering algorithm of level using described, is set
Shape figure;
The dendrogram is intercepted by the interception way of the second preset times, determines multiple cluster results;
Determine the maximum cluster result of mean profile value in the cluster result, the mean profile value is maximum poly-
Class result is as the third cluster result.
Wherein, the total quantity at data aggregate distribution map midpoint is denoted as n, the n points are divided into multiple classes, and i is
1 is to the positive integer between n, the then calculation formula of the mean profile valueWherein, ρ (i) is described
The profile value of data aggregate distribution map midpoint i;The profile value of the point iWherein, δ (i) is institute
The diversity factor of point i and current affiliated class are stated, ε (i) indicates the minimum value of the diversity factor of the point i and each class.
The present invention also provides a kind of devices of monitoring wireless sensor network node invasion, including:
Indicate determining module:For determining reception of each network node when transmitting data in wireless sensor network
Signal strength instruction and link-quality instruction;
First cluster module:For indicating to carry out to the link-quality using the clustering algorithm based on mathematical morphology
Cluster, obtains the first cluster result;
Second cluster module:For using the clustering algorithm based on distance to the received signal strength indicator and described
Link-quality instruction is clustered, and the second cluster result is obtained;
Third cluster module:For using the clustering algorithm based on level to the received signal strength indicator and described
Link-quality instruction is clustered, and third cluster result is obtained;
Final cluster result determining module:According to first cluster result, second cluster result, the third
Cluster result determines final cluster result;
Judgment module:For according to the number of nodes in the final cluster result and the wireless sensor network
Size relation judges the network node that whether there is illegal invasion in the wireless sensor network.
In addition, the present invention also provides a kind of equipment of monitoring wireless sensor network node invasion, including:
Memory:For storing computer program;
Processor:For executing the computer program to realize a kind of monitoring wireless sensor network as described above
The step of method of node invasion.
Finally, being deposited on the computer readable storage medium the present invention also provides a kind of computer readable storage medium
Computer program is contained, a kind of monitoring wireless sensor as described above is realized when the computer program is executed by processor
The step of method of network node invasion.
As it can be seen that a kind of method of monitoring wireless sensor network node invasion provided by the present invention, can determine wireless
Received signal strength indicator and link-quality instruction of each network node when transmitting data in sensor network, and dock
It receives signal strength instruction and link strength instruction carries out the clustering algorithm based on mathematical morphology, gathering based on distance respectively
Class algorithm and clustering algorithm based on level determine final cluster result according to three obtained cluster result, and according to
The size relation of final cluster result and wireless sensor network interior joint quantity, judges whether there is the network of illegal invasion
Node.As it can be seen that this method, which has merged three kinds of clustering methods, obtains final cluster result, therefore cluster result is more accurate, can
Reliability is higher, effectively realizes the purpose of illegal invasion node in monitoring wireless sensor network.
In addition, the present invention also provides device, equipment and the computers of a kind of invasion of monitoring wireless sensor network node
Readable storage medium storing program for executing, effect is corresponding with the effect of the above method, and which is not described herein again.
Detailed description of the invention
For the clearer technical solution for illustrating the embodiment of the present invention or the prior art, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without creative efforts, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is a kind of realization stream of the embodiment of the method for monitoring wireless sensor network node invasion provided by the invention
Cheng Tu;
Fig. 2 is the schematic diagram for wiping subgraph region in GSD clustering algorithm provided by the invention using structural element;
Fig. 3 is the Particle Distribution curve provided by the invention determined using GSD clustering algorithm;
Fig. 4 is the cluster result schematic diagram provided by the invention determined using PAM clustering algorithm;
Fig. 5 is the profile diagram of the cluster result provided by the invention obtained according to PAM clustering algorithm;
Fig. 6 is the dendrogram provided by the invention determined using HAC clustering algorithm;
Fig. 7 is a kind of structural frames of the Installation practice of monitoring wireless sensor network node invasion provided by the invention
Figure.
Specific embodiment
Method, apparatus, the equipment that core of the invention is to provide a kind of monitoring wireless sensor network node invasion calculate
Machine readable storage medium storing program for executing effectively realizes the purpose of illegal invasion node in monitoring wireless sensor network.
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawing and specific embodiment party
The present invention is described in further detail for formula.Obviously, described embodiments are only a part of the embodiments of the present invention, and
The embodiment being not all of.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work
Under the premise of every other embodiment obtained, shall fall within the protection scope of the present invention.
It is situated between below to a kind of embodiment of the method for monitoring wireless sensor network node invasion provided by the invention
It continues.
This method embodiment realizes that cluster is that a data object is divided into multiple groups or cluster based on clustering algorithm
Process, the object in same group or cluster have very high similitude, but very dissimilar with the object in other clusters.With regard to this implementation
For example, certain specific datas that different sensors node generates in wireless sensor network are all different, so to one
The certain specific datas being collected into network carry out clustering, can reflect out the sensor node number in network, such as
There is invasion node to be added in fruit network, will lead to the variation of cluster result, to reflect sensor node number in network
Variation judges whether there is invasion accordingly, realizes intrusion detection.
Referring to Fig. 1, this method embodiment mainly includes:
Step S101:Determine received signal strength of each network node when transmitting data in wireless sensor network
Instruction and link-quality instruction.
It is used to judge whether there is the foundation of illegal invasion node as shown in step S101, in the present embodiment to receive letter
The instruction of number intensity and link-quality instruction.Wherein, received signal strength indicator (Received Signal Strength
Indicator, abbreviation RSSI) it is a kind of parameter for judging link quality, it decides whether to increase transmission intensity to guarantee
Data are sent to, it decays with the increase of distance, and regime values range is [- 113, -93].Link-quality indicates (Link
Quality Indicator, abbreviation LQI) it is a kind of parameter for indicating the height of communication connection intensity, unit is dBm
(decibel milliwatt), LQI range are the integers between 0-255.RSSI and LQI can be in each data packet received
It is directly read in header file, is the parameter that default is sent when sending data, therefore the two parameters are wireless sensor networks
In it is most basic be also be easier to collect and extract parameter.
The existing research to RSSI and LQI is primarily used to positioning and ranging.It is generated when sending data using node
RSSI and LQI calculates the physical distance between wireless sensing node and node, to finally judge the position of node.
Step S102:Link-quality instruction is clustered using the clustering algorithm based on mathematical morphology, is obtained
First cluster result.
It should be noted that.First cluster result involved in the present invention and the second cluster cited below
As a result, third cluster result, final cluster result refer to the number of cluster.
Clustering algorithm (Granulometric Size Distribution, abbreviation GSD) based on mathematical morphology,
Realize that step may be summarized to be:
It is indicated according to the link-quality, determines link-quality staircase curve, the horizontal seat of the link-quality staircase curve
It is designated as sampling sequence number, ordinate is link-quality instruction;It determines between the link-quality staircase curve and axis of abscissas
Subgraph region;Multiple operation is carried out to the subgraph region using the erosion operation in mathematical morphology, obtains multiple particles
Score;According to the particle score, Particle Distribution curve is determined;According to the particle curve, the first cluster knot is determined
Fruit.
Step S103:Using the clustering algorithm based on distance to the received signal strength indicator and the link-quality
Instruction is clustered, and the second cluster result is obtained.
Based on the algorithm (Partitioning Around Medoid, abbreviation PAM) of distance cluster, implementation step can
To be summarised as:
It is indicated according to the received signal strength indicator and the link-quality, determines data aggregate distribution map, it is described
The abscissa for closing distribution map is the received signal strength indicator, and ordinate is link-quality instruction;It is based on using described
The clustering algorithm of distance carries out the cluster operation of the first preset times according to the data aggregate distribution map, obtains multiple clusters
As a result;Determine the maximum cluster result of mean profile value in the cluster result, and the mean profile value is maximum poly-
Class result is as second cluster result.
About mean profile value, circular can be as follows:
The total quantity at data aggregate distribution map midpoint is denoted as n, the n points are divided into multiple classes, and i is 1 to n
Between positive integer, then the calculation formula of the mean profile value beWherein, ρ (i) is the data
The profile value of Joint Distribution figure midpoint i;The profile value of the point iWherein, δ (i) is the point
The diversity factor of i and current affiliated class, ε (i) indicate the minimum value of the diversity factor of the point i and each class.
Step S104:Using the clustering algorithm based on level to the received signal strength indicator and the link-quality
Instruction is clustered, and third cluster result is obtained.
Algorithm (Hierarchical Agglomerative Clustering, abbreviation HAC) based on hierarchical clustering,
Realize that step may be summarized to be:
It is indicated according to the received signal strength indicator and the link-quality, determines the data aggregate distribution map;Benefit
Cluster operation is carried out according to the data aggregate distribution map based on the clustering algorithm of level with described, obtains dendrogram;Pass through
The interception way of two preset times intercepts the dendrogram, determines multiple cluster results;It determines in the cluster result
The maximum cluster result of mean profile value is clustered as the third and is tied by the maximum cluster result of mean profile value
Fruit.
Step S105:According to first cluster result, second cluster result, the third cluster result, determine
Final cluster result.
Tri- kinds of clustering algorithms of GSD, PAM and HAC used above from different perspectives believe the feature in sensor network
Number:RSSI and LQI carries out analysis cluster, and each clustering algorithm generates a cluster result and clusters number, to PAM and HAC
Profile diagram is generated to obtain optimal cluster result by the method for silhouette coefficient, and the number of cluster, which reflects in network, to be sensed
The number of device node.Because single clustering algorithm is easy to produce deviation, cause result unreliable, so to three clustering algorithms
Cluster result be weighted and averaged, obtain a more acurrate reliable cluster result, sensor node in real time monitoring network
Number, when there is new invasion node that network is added, cluster result be will change, to achieve the effect that monitoring invasion.
It therefore, can in advance be respectively first cluster result, second cluster result, third cluster knot
Fruit assigns the first weight coefficient, the second weight coefficient, third weight coefficient.The knot that GSD, PAM and HAC can be finally clustered
Fruit is weighted and averaged:
Wherein,Respectively GSD, PAM and HAC cluster as a result, i.e. the first cluster result, the
Two cluster results and third cluster result.ω1、ω2And ω2It is that tri- clustering algorithms of GSD, PAM and HAC each account for respectively
Weight, i.e. the first weight coefficient, the second weight coefficient and third weight coefficient, and ω1+ω2+ω3=1.Because in this reality
It applies three clustering algorithms in example to be from different angles analyzed and processed RSSI and LQI data, it is possible to will be above-mentioned
Three weight coefficients are disposed as 1/3.
Step S106:According to the size of the number of nodes in the final cluster result and the wireless sensor network
Relationship judges the network node that whether there is illegal invasion in the wireless sensor network.
Specifically, can be by judging whether the final cluster result is greater than the section in the wireless sensor network
Point quantity;If more than then there are the network nodes of illegal invasion in the wireless sensor network;If it is not greater, then showing
The network node of illegal invasion is not present in wireless sensor network.
By experiments have shown that, using under identical hardware condition, using GSD, PAM and HAC clustering algorithm to RSSI and
LQI is clustered, and whether can be according to the variation of cluster result, and then monitors the variation of nodes quantity.It is not mentioning
High hardware cost in the case where not changing initial data, using the characteristic of data itself, carries out multi-cluster processing to data,
And comprehensive cluster result, the information of nodes quantity is obtained, whether detecting the variation of network interior joint number, judges net
The addition that whether there is new malicious node in network, realizes intrusion detection.Cost of layout and computing cost are reduced, is improved
Network security.
The realization process of three kinds of following clustering algorithms is described in detail respectively:
First, the clustering algorithm based on mathematical morphology, that is, GSD cluster implementation process specifically can be as follows:
The LQI data being collected into are converted into ladder equation, two-dimensional coordinate is plotted in order and fastens (X, Y coordinate system),
It forms link-quality and indicates staircase curve figure, abscissa is sampling sequence number, and ordinate is link-quality.This staircase curve and seat
The region formed between parameter X-axis is referred to as subgraph region.Then it " is corroded " step by step with the erosion operation in mathematical morphology
(erasing) subgraph region is 0 until subgraph region area.Specific step is as follows:
11) the subgraph region gross area is calculated.
12) determine the unit square that side length is 1 as basic structural element.
13) use this structural element as " erasing rubber " go " to corrode " in (erasing) subgraph region with and only with this structural elements
Plain size corresponding region in vertical direction, and the area in the region fallen by " erosion " is calculated, as shown in Figure 2.Scheming
In 2, side length is that 1 unit square usually wipes subgraph region as structural elements, and dotted portion is the subgraph area being " erased "
Domain, this region with and it is only corresponding in vertical direction with this structural element size.It can be seen that be " erased "
Region is altogether 5 unit squares, area 5, and the subgraph region gross area is 57, then particle score is 5/57.Next
Structural element is increased to a unit square in the horizontal direction, forms a new structural element, and is used to cut remainder
Subgraph region, and obtain corresponding particle score.So circulation increases a unit pros in the horizontal direction every time
Shape, the structural element new as one go to wipe remaining subgraph region, until subgraph region is all wiped free of.
14) the ratio between the area fallen by " erosion " and subgraph region gross area are found out, this ratio is referred to as particle score.
15) basic structural element is increased to a unit square in the horizontal direction every time, forms a new structure
Element, then repeatedly step 3) and step 4), until all subgraph regions are all wiped by structural element.
Erasing can all generate a particle score every time in this way, arrange to obtain one according to the length sequence of structural element
The set of particle score.The cumulative distribution function of this particle score is found out, and is converted to ladder equation, is plotted in X, Y plane is sat
Mark is fastened, and abscissa is the length (quantity of unit square) of structural element, and ordinate is accumulation of particulates distribution.This accumulation
Distribution curve is the Particle Distribution curve of link-quality, as shown in Figure 3.Fig. 3 shows the particle point of ladder equation in Fig. 2
Cloth curve, wherein ordinate is accumulation of particulates distribution, and abscissa is the length scale of structural element.As can be known from Fig. 3, particle
Cumulative distribution is all unchanged from the structural element that the structural element that length is 5 is 9 to length, indicate subgraph region in not with
Corresponding construction element area size corresponding region in vertical direction.
Clustering processing finally is carried out to Particle Distribution curve, the result of curve cluster reflects nodes number.
The realization principle that the algorithm monitors illegal invasion node is as follows:It is big vulnerable to interference and with distance due to link-quality
Small and change characteristic, the link-quality Particle Distribution curve ripple of different nodes
Second, the clustering algorithm based on distance, that is, PAM cluster implementation process specifically can be as follows:
Using the RSSI data being collected into as abscissa (X axis coordinate), the LQI data being collected into are as ordinate (Y-axis
Coordinate).RSSI the and LQI data that each sampled point is collected into are drawn in order as a two-dimensional coordinate point (RSSI, LQI)
System is fastened (X, Y coordinate system) in two-dimensional coordinate, forms RSSI-LQI data aggregate distribution map, abscissa RSSI, and ordinate is
LQI。
Then it is clustered with PAM algorithm, the core concept of PAM algorithm is centered on randomly selecting K object
Point replaces to subsequent repetitiousness central node with other non-central nodes, improves clustering result quality.Then generation clusters every time
Profile diagram, and optimal classification number is determined by comparing profile diagram.Specific step is as follows for PAM cluster:
21) RSSI and LQI data are painted into two-dimentional X, Y coordinate is fastened, and RSSI-LQI data aggregate distribution map is formed.
22) this joint data is clustered with PAM clustering algorithm, cluster result is as shown in Fig. 4.Fig. 4 indicates primary
The cluster result of PAM cluster, X-axis abscissa are RSSI, and Y axis ordinate is LQI.This figure is indicated all RSSI and LQI data
Four classes are divided into, illustrate that in this wireless sensor network, one shares 4 nodes and transmitting.
23) profile diagram for generating this time cluster, as shown in figure 5, Fig. 5 shows the profile diagram of cluster result in Fig. 4.It is vertical
Coordinate is classification number, and abscissa is profile value size, and this time the mean profile value of cluster is 0.8932.It can be seen that 4
The profile value of each data in cluster has been painted into reference axis, can intuitively observe very much the excellent degree of each cluster.And
Calculate the mean profile value of this time clusterN is the sample size of cluster.
24) it is repeated as many times, chooses the maximum cluster result of mean profile value as the second cluster result.
It should be noted that the selection of optimal classification number may not be really for given RSSI and LQI data acquisition system
It is fixed.In the present invention using the excellent degree of cluster profile diagram test data classification every time, statistically significantly classification is determined,
To help to select a suitable classification number.It repeats step (23) at least 50 times, chooses maximum mean profile value, it is this time poly-
Class result is optimum cluster as a result, cluster number is optimum cluster number.
It can solve the uncertain problem of optimal classification number selection by choosing the maximum value of mean profile value in this way, together
When the excellent degree classified also farthest be guaranteed.It is saved by obtained optimum cluster number to determine in network
Point number.
The principle that the algorithm monitors illegal invasion node is as follows:If the node in a known topological structure is in data
Be disposed in suddenly in transmission process in other topological structures of same geographic area " spy " node attack (data theft,
Duplication etc.), therefore RSSI and LQI can interfere corresponding change, finally obtained optimal classification number is caused to generate variation.It is logical
PAM cluster is crossed, and the profile diagram by clustering generation every time obtains optimal classification number, can not appoint to initial data
Under the premise of what changes, the variation of nodes number is intuitively observed very much, to judge network whether under fire.
Third, the clustering algorithm based on level, that is, HAC cluster implementation process specifically can be as follows:
Using the RSSI data being collected into as abscissa (X axis coordinate), the LQI data being collected into are as ordinate (Y-axis
Coordinate).RSSI the and LQI data that each sampled point is collected into are drawn in order as a two-dimensional coordinate point (RSSI, LQI)
System is fastened (X, Y coordinate system) in two-dimensional coordinate, forms RSSI-LQI data aggregate distribution map, abscissa RSSI, and ordinate is
LQI。
Then it is clustered with HAC algorithm.The method of hierarchical clustering can be cohesion or division, depend on
Hierachical decomposition is to be formed by bottom-up (merging) or in a manner of top-down (division).It here can using the method for cohesion
To be the cluster for carrying out level, the hierarchy clustering method of cohesion uses bottom-up strategy.From enabling each object form oneself
Cluster start, and iteratively cluster is merged into increasing cluster, until all objects are all in a cluster, Huo Zheman
Some termination condition of foot.Merging step, two immediate clusters found out according to certain similarity measurement, and merge them,
Form a cluster.Because each iteration merges two clusters, wherein each cluster contains at least one object, therefore condensing method is most
Need n times iteration more.The process for carrying out representational level cluster usually using a kind of tree structure for being referred to as dendrogram, shows object
It is how to be grouped aggregation step by step.Specific step is as follows for HAC cluster:
31) RSSI and LQI data are painted into two-dimentional X, Y coordinate is fastened, and RSSI-LQI data aggregate distribution map is formed.
32) this joint data is clustered with HAC clustering algorithm, finally obtains a dendrogram, cluster result is as schemed
Shown in 6.Fig. 6 indicates to carry out the dendrogram that hierarchical clustering obtains according to the method for cohesion to RSSI and LQI data, according to interception
The difference of standard, obtained cluster number is also different, and such as intercepting standard 2 indicates that cluster number is 3, and interception standard 3 indicates poly-
Class number is 2, and so on.Further processing is exactly that the cluster result obtained to each interception standard does silhouette coefficient figure
The mean profile coefficient of analysis, the cluster result which interception standard obtains just uses that interception standard closer to 1.
33) in dendrogram, according to different interception standards, determining cluster number is also different, as shown in Figure 6.Then
Using silhouette coefficient method, silhouette coefficient analysis is carried out to different cluster results, profile diagram is obtained, is obtained according to profile diagram
Optimum cluster result.
The principle that HAC clustering algorithm monitors illegal invasion node is as follows:If the node in a known topological structure exists
" spy " node attack (data being disposed in suddenly in data transmission procedure in other topological structures of same geographic area
Steal, duplication etc.), therefore RSSI and LQI can interfere corresponding change, finally obtained optimal classification number is caused to generate change
Change.It is clustered by HAC, and optimal classification number is obtained by the profile diagram that different interception standards generates, it can be not to original
Under the premise of beginning data carry out any change, the variation of nodes number is intuitively observed very much, to judge network
Whether under fire.
In conclusion a kind of method of monitoring wireless sensor network node invasion provided by the present embodiment, it can be true
Determine received signal strength indicator and link-quality instruction of each network node when transmitting data in wireless sensor network,
And to received signal strength indicator and link strength instruction carry out respectively clustering algorithm based on mathematical morphology, based on away from
From clustering algorithm and based on the clustering algorithm of level, final cluster result is determined according to three obtained cluster result,
And according to the size relation of final cluster result and wireless sensor network interior joint quantity, illegal invasion is judged whether there is
Network node.As it can be seen that this method, which has merged three kinds of clustering methods, obtains final cluster result, therefore cluster result is more
Accurately, confidence level is higher, effectively realizes the purpose of illegal invasion node in monitoring wireless sensor network.
It is situated between below to a kind of device of monitoring wireless sensor network node invasion provided in an embodiment of the present invention
It continues, a kind of device that monitoring wireless sensor network node is invaded described below and a kind of above-described wireless biography of monitoring
The method of sensor network node invasion can correspond to each other reference.
Referring to Fig. 7, which includes:
Indicate determining module 701:For determining each network node connecing when transmitting data in wireless sensor network
Receive signal strength instruction and link-quality instruction;
First cluster module 702:For using the clustering algorithm based on mathematical morphology to the link-quality indicate into
Row cluster, obtains the first cluster result;
Second cluster module 703:For utilizing the clustering algorithm based on distance to the received signal strength indicator and institute
It states link-quality instruction to be clustered, obtains the second cluster result;
Third cluster module 704:For utilizing the clustering algorithm based on level to the received signal strength indicator and institute
It states link-quality instruction to be clustered, obtains third cluster result;
Final cluster result determining module 705:According to first cluster result, second cluster result, described
Three clusters are as a result, determine final cluster result;
Judgment module 706:For according to the number of nodes in the final cluster result and the wireless sensor network
Size relation, judge in the wireless sensor network whether there is illegal invasion network node.
A kind of device of monitoring wireless sensor network node invasion provided in this embodiment is for realizing one kind above-mentioned
The method of monitoring wireless sensor network node invasion, therefore specific embodiment in the device is visible one of above
The embodiment part of the method for monitoring wireless sensor network node invasion, for example, instruction determining module 701, first clusters mould
Block 702, the second cluster module 703, third cluster module 704, final cluster result determining module 705, judgment module 706,
It is respectively used to step S101, S102, S103 in the method for realizing a kind of above-mentioned monitoring wireless sensor network node invasion,
S104, S105, S106.So specific embodiment is referred to the description of corresponding various pieces embodiment, herein not
Reinflated introduction.
In addition, due to a kind of monitoring wireless sensor network node invasion provided in this embodiment device for realizing
A kind of method of monitoring wireless sensor network node invasion above-mentioned, therefore its effect is corresponding with the effect of the above method,
Which is not described herein again.
In addition, the present invention also provides a kind of equipment of monitoring wireless sensor network node invasion, including:
Memory:For storing computer program;
Processor:For executing the computer program to realize a kind of monitoring wireless sensor network as described above
The step of method of node invasion.
Finally, being deposited on the computer readable storage medium the present invention also provides a kind of computer readable storage medium
Computer program is contained, a kind of monitoring wireless sensor as described above is realized when the computer program is executed by processor
The step of method of network node invasion.
Due to a kind of equipment of monitoring wireless sensor network node invasion provided by the invention, computer-readable storage
Medium may refer to for realizing a kind of method of monitoring wireless sensor network node invasion above-mentioned, embodiments thereof
The description of embodiment of the method is stated, here not reinflated introduction, in addition, its effect is corresponding with the effect of the above method, here
It repeats no more.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with its
The difference of its embodiment, same or similar part may refer to each other between each embodiment.For disclosed in embodiment
For device, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method
Part illustrates.
Professional further appreciates that, list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, hard in order to clearly demonstrate
The interchangeability of part and software generally describes each exemplary composition and step according to function in the above description.
These functions are implemented in hardware or software actually, the specific application and design constraint item depending on technical solution
Part.Professional technician can use different methods to achieve the described function each specific application, but this
Realization should not be considered as beyond the scope of the present invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly use hardware, processor
The combination of the software module or the two of execution is implemented.Software module can be placed in random access memory (RAM), memory, only
Read memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM,
Or in technical field well known to any other form of storage medium in.
Above to a kind of method, apparatus of monitoring wireless sensor network node invasion provided by the present invention, equipment with
And computer readable storage medium is described in detail.Specific case used herein is to the principle of the present invention and implementation
Mode is expounded, and the above description of the embodiment is only used to help understand the method for the present invention and its core ideas.It should
It points out, it for those skilled in the art, without departing from the principle of the present invention, can also be to this
Some improvement and modification can also be carried out for invention, and these improvements and modifications also fall within the scope of protection of the claims of the present invention.
Claims (10)
1. a kind of method of monitoring wireless sensor network node invasion, which is characterized in that including:
Determine received signal strength indicator and link-quality of each network node when transmitting data in wireless sensor network
Instruction;
Link-quality instruction is clustered using the clustering algorithm based on mathematical morphology, obtains the first cluster result;
The received signal strength indicator and link-quality instruction are clustered using the clustering algorithm based on distance, obtained
To the second cluster result;
The received signal strength indicator and link-quality instruction are clustered using the clustering algorithm based on level, obtained
To third cluster result;
According to first cluster result, second cluster result, the third cluster result, final cluster result is determined;
According to the size relation of the number of nodes in the final cluster result and the wireless sensor network, the nothing is judged
It whether there is the network node of illegal invasion in line sensor network.
2. the method as described in claim 1, which is characterized in that it is described according to first cluster result, it is described second cluster
As a result, the third cluster result determines that final cluster result includes:
It is in advance respectively first cluster result, second cluster result, the third cluster result the first weight of imparting
Coefficient, the second weight coefficient, third weight coefficient, wherein first weight coefficient, the second weight coefficient and described
Three weight coefficients and be 1;
According to first cluster result, second cluster result, the third cluster result and first weight system
Number, the second weight coefficient, third weight coefficient, determine final cluster result;
The size relation according to the number of nodes in the final cluster result and the wireless sensor network, judges institute
Stating the network node in wireless sensor network with the presence or absence of illegal invasion includes:
Judge whether the final cluster result is greater than the number of nodes in the wireless sensor network;
If more than then there are the network nodes of illegal invasion in the wireless sensor network.
3. method according to claim 2, which is characterized in that first weight coefficient, second weight coefficient and
The third weight coefficient is 1/3.
4. the method as described in claim 1, which is characterized in that described to utilize the clustering algorithm based on mathematical morphology to described
Link-quality instruction is clustered, and obtaining the first cluster result includes:
It is indicated according to the link-quality, determines that link-quality staircase curve, the abscissa of the link-quality staircase curve are
Sampling sequence number, ordinate are link-quality instruction;
Determine the subgraph region between the link-quality staircase curve and axis of abscissas;
Multiple operation is carried out to the subgraph region using the erosion operation in mathematical morphology, obtains multiple particle scores;
According to the particle score, Particle Distribution curve is determined;
According to the particle curve, first cluster result is determined.
5. method as claimed in claim 4, which is characterized in that described to be believed using the clustering algorithm based on distance the reception
The instruction of number intensity and link-quality instruction are clustered, and obtaining the second cluster result includes:
It is indicated according to the received signal strength indicator and the link-quality, determines data aggregate distribution map, the joint point
The abscissa of Butut is the received signal strength indicator, and ordinate is link-quality instruction;
It is transported based on the clustering algorithm of distance according to the cluster that the data aggregate distribution map carries out the first preset times using described
It calculates, obtains multiple cluster results;
It determines the maximum cluster result of mean profile value in the cluster result, and the maximum cluster of the mean profile value is tied
Fruit is as second cluster result.
6. method as claimed in claim 5, which is characterized in that described to be believed using the clustering algorithm based on level the reception
The instruction of number intensity and link-quality instruction are clustered, and obtaining third cluster result includes:
It is indicated according to the received signal strength indicator and the link-quality, determines the data aggregate distribution map;
Cluster operation is carried out according to the data aggregate distribution map based on the clustering algorithm of level using described, obtains dendrogram;
The dendrogram is intercepted by the interception way of the second preset times, determines multiple cluster results;
The maximum cluster result of mean profile value in the cluster result is determined, by the maximum cluster result of mean profile value
As the third cluster result.
7. such as method described in claim 5 or 6, which is characterized in that remember the total quantity at data aggregate distribution map midpoint
For n, the n points are divided into multiple classes, and i is 1 to the positive integer between n, then the calculation formula of the mean profile value isWherein, ρ (i) is the profile value of data aggregate distribution map midpoint i;The profile value of the point iWherein, δ (i) be the point i and it is current belonging to class diversity factor, ε (i) indicate the point i with
The minimum value of the diversity factor of each class.
8. a kind of device of monitoring wireless sensor network node invasion, which is characterized in that including:
Indicate determining module:For determining, reception signal of each network node when transmitting data is strong in wireless sensor network
Degree instruction and link-quality instruction;
First cluster module:For being clustered using the clustering algorithm based on mathematical morphology to link-quality instruction,
Obtain the first cluster result;
Second cluster module:For utilizing the clustering algorithm based on distance to the received signal strength indicator and the link matter
Amount instruction is clustered, and the second cluster result is obtained;
Third cluster module:For utilizing the clustering algorithm based on level to the received signal strength indicator and the link matter
Amount instruction is clustered, and third cluster result is obtained;
Final cluster result determining module:According to first cluster result, second cluster result, third cluster knot
Fruit determines final cluster result;
Judgment module:For being closed according to the size of the number of nodes in the final cluster result and the wireless sensor network
System judges the network node that whether there is illegal invasion in the wireless sensor network.
9. a kind of equipment of monitoring wireless sensor network node invasion, which is characterized in that including:
Memory:For storing computer program;
Processor:For executing the computer program to realize a kind of monitoring nothing as described in claim 1-7 any one
The step of method of line sensor network nodes invasion.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes that a kind of monitoring as described in claim 1-7 any one is wireless when the computer program is executed by processor
The step of method of sensor network nodes invasion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810750541.4A CN108881277B (en) | 2018-07-10 | 2018-07-10 | Method, device and equipment for monitoring wireless sensor network node intrusion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810750541.4A CN108881277B (en) | 2018-07-10 | 2018-07-10 | Method, device and equipment for monitoring wireless sensor network node intrusion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108881277A true CN108881277A (en) | 2018-11-23 |
| CN108881277B CN108881277B (en) | 2021-04-16 |
Family
ID=64300558
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810750541.4A Active CN108881277B (en) | 2018-07-10 | 2018-07-10 | Method, device and equipment for monitoring wireless sensor network node intrusion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108881277B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109936848A (en) * | 2019-03-01 | 2019-06-25 | 广东工业大学 | A kind of detection method, device and the computer readable storage medium of puppet access point |
| CN110266680A (en) * | 2019-06-17 | 2019-09-20 | 辽宁大学 | A kind of industrial communication method for detecting abnormality based on dual similarity measurement |
| RU2744808C2 (en) * | 2019-05-07 | 2021-03-16 | Федеральное государственное бюджетное образовательное учреждение высшего образования "Владимирский Государственный Университет имени Александра Григорьевича и Николая Григорьевича Столетовых" (ВлГУ) | Method for local positioning of an information security intruder node in mobile data transmission systems |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286872A (en) * | 2008-05-29 | 2008-10-15 | 上海交通大学 | Distributed intrusion detection method in wireless sensor network |
| US20090303042A1 (en) * | 2008-06-04 | 2009-12-10 | National Chiao Tung University | Intruder detection system and method |
| US20130335219A1 (en) * | 2012-05-07 | 2013-12-19 | Integrated Security Corporation | Intelligent sensor network |
| CN103763703A (en) * | 2014-01-09 | 2014-04-30 | 广州中国科学院先进技术研究所 | Wireless network attack detection method based on mathematical morphology |
| CN104010311A (en) * | 2014-05-30 | 2014-08-27 | 广州中国科学院先进技术研究所 | Wireless sensor network intrusion detection method based on PAM clustering algorithm |
-
2018
- 2018-07-10 CN CN201810750541.4A patent/CN108881277B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286872A (en) * | 2008-05-29 | 2008-10-15 | 上海交通大学 | Distributed intrusion detection method in wireless sensor network |
| US20090303042A1 (en) * | 2008-06-04 | 2009-12-10 | National Chiao Tung University | Intruder detection system and method |
| US20130335219A1 (en) * | 2012-05-07 | 2013-12-19 | Integrated Security Corporation | Intelligent sensor network |
| CN103763703A (en) * | 2014-01-09 | 2014-04-30 | 广州中国科学院先进技术研究所 | Wireless network attack detection method based on mathematical morphology |
| CN104010311A (en) * | 2014-05-30 | 2014-08-27 | 广州中国科学院先进技术研究所 | Wireless sensor network intrusion detection method based on PAM clustering algorithm |
Non-Patent Citations (3)
| Title |
|---|
| XIAOLING WU: ""A Granulometric Size Distribution based Intrusion Detection Method for WSN"", 《IEEE》 * |
| XIAOLING WU: ""RSSI and LQI Data Clustering Techniques to Determine the Number of Nodes in Wireless Sensor Networks"", 《MISSOURI UNIVERSITY OF SCIENCE AND TECHNOLOGY SCHOLARS" MINE》 * |
| 汪麟: ""周界入侵检测中基于WSN的目标定位算法"", 《计算机工程》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109936848A (en) * | 2019-03-01 | 2019-06-25 | 广东工业大学 | A kind of detection method, device and the computer readable storage medium of puppet access point |
| RU2744808C2 (en) * | 2019-05-07 | 2021-03-16 | Федеральное государственное бюджетное образовательное учреждение высшего образования "Владимирский Государственный Университет имени Александра Григорьевича и Николая Григорьевича Столетовых" (ВлГУ) | Method for local positioning of an information security intruder node in mobile data transmission systems |
| CN110266680A (en) * | 2019-06-17 | 2019-09-20 | 辽宁大学 | A kind of industrial communication method for detecting abnormality based on dual similarity measurement |
| CN110266680B (en) * | 2019-06-17 | 2021-08-24 | 辽宁大学 | Industrial communication anomaly detection method based on dual similarity measurement |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108881277B (en) | 2021-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905450B (en) | Intelligent grid embedded device network check and evaluation system and check and evaluation method | |
| CN111935170B (en) | Network abnormal flow detection method, device and equipment | |
| CN108881277A (en) | The method, device and equipment of monitoring wireless sensor network node invasion | |
| CN108684038B (en) | Hidden data attack detection method based on fog calculation and hierarchical trust evaluation mechanism | |
| CN105553998A (en) | Network attack abnormality detection method | |
| CN104639311B (en) | The polymerization and system of electricity consumption privacy and integrity protection in a kind of intelligent grid | |
| CN111049680B (en) | Intranet transverse movement detection system and method based on graph representation learning | |
| CN106209862A (en) | A kind of steal-number defence implementation method and device | |
| CN103905451A (en) | System and method for trapping network attack of embedded device of smart power grid | |
| CN108123939A (en) | Malicious act real-time detection method and device | |
| Aminanto et al. | Another fuzzy anomaly detection system based on ant clustering algorithm | |
| Han et al. | FNFD: A fast scheme to detect and verify non-technical loss fraud in smart grid | |
| CN109936848A (en) | A kind of detection method, device and the computer readable storage medium of puppet access point | |
| Ahuja et al. | Ascertain the efficient machine learning approach to detect different ARP attacks | |
| Krishnan Sadhasivan et al. | A fusion of multiagent functionalities for effective intrusion detection system | |
| CN107274331A (en) | Robust watermarking embedding grammar and detection method and device for data flow | |
| CN107612927B (en) | Safety detection method for power dispatching automation system | |
| CN106713293A (en) | Cloud platform malicious behavior detecting system and method | |
| CN108683654A (en) | A kind of network vulnerability evaluation method based on zero-day attacks figure | |
| Chen | A New Detection Method for Distributed Denial-of-Service Attack Traffic based on Statistical Test. | |
| CN110290110A (en) | A kind of recognition methods of encryption malicious traffic stream and system based on redundancy detection framework | |
| CN108322454B (en) | Network security detection method and device | |
| CN108924150A (en) | Edge side based on reverse transmittance nerve network clones node integrated testing method | |
| Chang et al. | A simulation model of cyber threats for energy metering devices in a secondary distribution network | |
| CN104010311A (en) | Wireless sensor network intrusion detection method based on PAM clustering algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |