CN109257762B - Power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis - Google Patents
Power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis Download PDFInfo
- Publication number
- CN109257762B CN109257762B CN201811060770.XA CN201811060770A CN109257762B CN 109257762 B CN109257762 B CN 109257762B CN 201811060770 A CN201811060770 A CN 201811060770A CN 109257762 B CN109257762 B CN 109257762B
- Authority
- CN
- China
- Prior art keywords
- base station
- wireless
- power distribution
- wireless signal
- signal intensity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B17/00—Monitoring; Testing
- H04B17/30—Monitoring; Testing of propagation channels
- H04B17/309—Measuring or estimating channel quality parameters
- H04B17/318—Received signal strength
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0083—Determination of parameters used for hand-off, e.g. generation or modification of neighbour cell lists
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/20—Selecting an access point
Abstract
A power distribution terminal illegal wireless communication link detection method based on wireless signal intensity cluster analysis is characterized in that when a power distribution terminal does not need cell reselection, signal intensity data of all wireless base stations within 24 hours can be received to obtain Euclidean distance and average Euclidean distance between wireless signal intensities of all base stations, and 2 times of the average Euclidean distance is used as a density cluster radius; and performing density clustering by using a DBSCAN algorithm in combination with Euclidean distances between the wireless signal strengths of all base stations when the power distribution and utilization terminal needs to perform cell reselection, so as to form a clustered cluster. If the clustering result only has one cluster and no noise point, judging the reselected cell base station as a normal base station; and if the clustering result contains a plurality of clusters or noise points, judging the cluster or noise point with the maximum signal intensity change rate as a pseudo base station, and prohibiting the power distribution terminal from reselecting and accessing the base station. The method can improve the identification and protection capability of the wireless pseudo base station.
Description
Technical Field
The invention belongs to the technical field of power distribution network communication and information of a power system, and particularly relates to a power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis.
Background
With the rapid improvement of the permeability of distributed energy, in order to meet the requirement of large-scale access of intermittent clean energy, researchers propose an energy internet which combines and applies an advanced power electronic technology, an information technology and an intelligent management technology and forms a large number of distributed power sources, distributed energy storage devices and various power loads into a main framework of a power network. In the energy internet, a distributed energy system can realize the cooperative optimal utilization of cold, heat and electricity by means of a communication technology, so that the energy utilization efficiency is improved, and the energy utilization cost is reduced; and the source load, production and marketing are promoted to cooperate through the response of the demand side, so that the intermittent clean energy consumption capacity is obviously improved, and the gradual replacement of the traditional fossil energy is promoted. Secure and reliable communication of the distributed users, the energy storage devices and the power supply system is an important basis for achieving the aforementioned objectives.
In recent years, network attacks on industrial control systems such as power and energy have been increasing. In the energy internet, the distribution and power utilization terminals are huge in quantity and wide in distribution, and due to cost consideration, the traditional special communication channel of the power system cannot be adopted, and most of the distribution and power utilization terminals are accessed into a wireless virtual private network provided by a telecommunication service provider through a wireless communication base station and are in two-way communication with a distribution and metering system main station. It should be noted that if a powered terminal accesses a pseudo base station and establishes an illegal wireless communication link, it may be subject to man-in-the-middle attacks. Although the power distribution and utilization terminal adopts a symmetric encryption mode for encryption and identity authentication, malicious codes can be injected into the electric meter, and the safe and stable operation of the power grid can be directly threatened in a scene that large-scale controllable loads are controlled maliciously. In order to improve the safety protection level of the power distribution and utilization terminal in the energy internet, an illegal wireless communication link detection method needs to be researched.
The GPRS communication mode of the 2G is only provided with one-way authentication of the wireless base station to the communication terminal, and the power distribution and utilization terminal can be accessed to a pseudo base station and is subjected to malicious attack when being accessed to the wireless virtual private network. When the pseudo base station is used for attack destruction, an attacker can firstly measure and detect the carrier information of a target cell through signal acquisition equipment. After detecting the frequency point information of the target cell, the pseudo base station transmits the system broadcast information which is consistent with the system broadcast information set by an operator on the specific frequency range of the target cell by adopting higher transmission power. When the power distribution terminal receives the broadcast of the pseudo base station system, the pseudo base station can change the parameter configuration of GPRS cell reselection and improve the transmitting power to force the terminal to carry out cell reselection due to the lack of a perfect wireless base station authentication mechanism of GPRS. After the terminal is accessed to the pseudo base station to establish an illegal wireless communication link, an attacker can obtain key information such as an identity code (IMSI) and an international equipment identity (IMEI) of the terminal, so that the security of network communication between power distribution terminals is sharply reduced. Once the single-point protection of the key of the power distribution and utilization terminal is broken through, the power distribution and utilization terminal can be directly attacked. Although the power distribution terminal is symmetrically encrypted, the situation that the Spanish electric meter which adopts the same 128-bit symmetric encryption is cracked and then injected with malicious codes is rare.
The measures for defending against the pseudo base station in mobile communication terminals such as mobile phones mainly include: broadcast information of a wireless communication base station includes a Location Area Code (LAC), a base station number (Cell ID, CID), and a Received Signal Strength Indication (RSSI). For a communication terminal operating in a GPRS state of 2G, although there is no authentication for the network on the wireless base station side, the terminal may determine that the received base station information identifies an abnormality, such as an abnormal LAC or CID (e.g., LAC ═ 10 or 10000, CID ═ 10), according to a setting rule of the base station information; secondly, for wireless communication terminals such as mobile phones with satellite positioning function and the like, the latitude and longitude data of the base station can be inquired and obtained according to the number of the base station, and then the distance between the communication terminal and the wireless base station can be calculated according to the latitude and longitude of the communication terminal. A wireless base station can be identified as a pseudo base station when the distance significantly exceeds the wireless base station signal transmission distance. It should be noted that the measures taken by the aforementioned handset terminals to defend against the pseudo base station are not applicable to the power distribution terminals. Because the power distribution and utilization terminal is not provided with the satellite positioning module, the authenticity of the wireless communication base station can not be judged according to the longitude and latitude information of the power distribution and utilization terminal by adopting a method similar to a mobile phone terminal.
The distribution terminal may receive signals from a plurality of surrounding wireless communication base stations during operation. The strength of the wireless signal received by the distribution terminal of each wireless base station is mainly related to the distance between the distribution terminal and the communication base station, weather (rain, fog and snow), house shielding and other environmental factors. Because the position of the power distribution and utilization terminal, the distance between the power distribution and utilization terminal and the wireless communication base station and whether the power distribution and utilization terminal is shielded or not are fixed and unchanged, under the condition that the weather condition is unchanged, the intensity of a radio signal received by the power distribution and utilization terminal mainly depends on the position of the power distribution and utilization terminal. Under the condition that the distance of a wireless communication base station and a house blocking factor are unchanged, the strength of a wireless signal received by the power distribution and utilization terminal is mainly influenced by weather conditions and has obvious correlation. When the weather is good, the received signal intensity of each base station is good, and when the weather is fog and rains, the signal intensity of each base station is obviously attenuated.
The wireless communication pseudo base station is a subject which is stricken by telecommunication service providers such as China telecom, China Mobile and the like. To avoid the attack, the wireless communication pseudo base station usually takes a gun to change places. Whenever the pseudo base station is powered on, the signal strength can be increased from 0 to a level with strength obviously higher than that of the normal wireless communication base station, so as to trick the wireless communication terminal into reselecting the cell to access the pseudo base station. Referring to fig. 1, a comparison graph of wireless signal strengths of a real communication base station and a pseudo base station shows that the wireless signal strength variation curves of the real communication base station and the pseudo base station are significantly different, but the wireless signal strengths of the real communication base station and the pseudo base station have similar variation trends.
And when the pseudo base station is detected, keeping the clustering radius of the density clustering unchanged, and updating the clustering radius of the density clustering until the pseudo base station is not detected to be accessed. Because a 24-hour time window is adopted during signal intensity density clustering, the difference between the wireless signal intensity of the normal base station and the pseudo base station caused by the jumping moment of the pseudo base station signal intensity can be detected, and the existence of the pseudo base station can not be detected until the jumping moment rolls out of the time window along with the time window, namely 24 hours after the jumping moment, so that the clustering parameters of the density clustering are updated. For the wireless communication base station which is stopped and restarted due to maintenance, the power distribution and utilization terminal can be operated for access only after waiting for 24 hours due to the fact that the signal intensity of the base station has mutation.
Disclosure of Invention
The invention aims to provide a power distribution terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis, aiming at the problems that the conventional power distribution terminal only depends on secret key encryption authentication and lacks a technical method for detecting and identifying an illegal wireless communication link, so that the power distribution terminal is prevented from accessing the illegal communication link, and the safety protection level is improved.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows: a power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis comprises the following steps:
step 1) selecting wireless signal intensity data of all wireless base stations which can detect signals by a power distribution terminal within the past 24 hours, carrying out normalization processing on the detected wireless signal intensity data, and calculating Euclidean distances and average Euclidean distances between the wireless signal intensity data of all the wireless base stations within the time range; setting a density clustering parameter, namely setting the radius of the density clustering to be 2 times of the average Euclidean distance of the wireless signal intensity of each wireless base station, wherein the number of samples in the radius of the density clustering is at least 2;
step 2) judging whether the power distribution and utilization terminal needs cell reselection, if not, entering step 1), otherwise, entering step 3);
step 3) when the power distribution and utilization terminal needs to perform cell reselection, normalizing the time and the wireless signal intensity data of each wireless base station within the past 24 hours of the time; calculating Euclidean distances among wireless signal intensity data of different wireless base stations in the period of time; clustering according to the existing DBSCAAN density clustering algorithm by combining the density clustering parameters set in the step 1);
step 4), judging a clustering result: if the clustering result is only one type and does not contain noise points, judging the reselected cell base station to be a normal base station, and entering the step 1); if the clustering result has multiple types or contains noise points, judging that the wireless base station corresponding to the type or the noise point with the maximum wireless signal intensity accumulated change amplitude in the period of time is a pseudo base station, keeping the density clustering parameter unchanged, entering step 2) to detect whether the pseudo base station is accessed, and entering step 1) when the pseudo base station is not detected.
The above mentioned normalization processing of the detected wireless signal strength data, whether the power distribution terminal needs cell reselection, calculation of euclidean distance of wireless signal strength of each wireless base station, and clustering according to the existing dbscaan density clustering algorithm are all the conventional technologies in the art.
Aiming at the characteristic that the variation trends of the pseudo base station and the real communication base station on the wireless signal strength are obviously different, when the power distribution and utilization terminal normally operates and does not perform cell reselection switching on the wireless base stations, the Euclidean distance between the wireless signal strengths of all the wireless base stations within the last 24 hours is calculated, and 2 times of the average Euclidean distance is used as the radius of density clustering; and when the condition that the base station needs to be switched when the cell reselection condition is met is detected, performing density clustering on the wireless signal intensity data of each base station in the past 24 hours according to the determined clustering parameters. Because the change trends of the signal intensity of the real base stations are similar, and the signal intensity of the pseudo base station is suddenly changed, if all the base stations are clustered into one type and have no noise point, the base stations are normal base stations, and the wireless base station switching can be carried out; otherwise, a cluster or a noise point with the largest accumulated signal intensity change in the past 24 hours (a noise point is formed when a single pseudo base station exists, and 2 pseudo base stations are only one type, so that when the number of the pseudo base stations is less than 2, only the noise point is formed, but not the cluster) is judged as the pseudo base station, and the access of the power distribution terminal to the base station is forbidden, so that the access to the pseudo base station is avoided.
The following describes in detail the power distribution terminal illegal wireless communication link detection method based on signal strength density clustering according to the present invention with reference to the accompanying drawings and specific embodiments.
Drawings
Fig. 1 is a graph of the difference between the wireless signal strength curves of a real communication base station and a pseudo base station.
FIG. 2 is a schematic diagram of DBSCAN algorithm clustering.
Fig. 3 is an actual wireless signal strength curve of the wireless base station in the embodiment.
Fig. 4 is a schematic diagram of the DBSCAN algorithm clustering of the wireless base station in the embodiment.
Fig. 5 is a clustering result analysis diagram.
Detailed Description
The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The invention relates to a power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal strength density cluster analysis, which mainly comprises the steps of determining the wireless signal strength historical time period width of a wireless base station, carrying out normalization processing on wireless signal strength data of the time period, carrying out signal strength density cluster based on a DBSCAN clustering algorithm, and judging the class attribute of each cluster, so that the cluster to which a pseudo base station belongs is marked as an abnormal class, and power distribution and utilization terminal equipment is not reselected to access the pseudo base station, and the method comprises the following specific steps:
step 1) selecting wireless signal intensity data of all wireless base stations which can detect signals by a power distribution terminal within the past 24 hours, carrying out normalization processing on the detected wireless signal intensity data, and calculating Euclidean distances and average Euclidean distances among the wireless signal intensity data of all the base stations within the time range; setting density clustering parameters (density clustering radius and the number of samples in the density clustering radius), namely setting the radius of the density clustering to be 2 times of the average Euclidean distance between wireless strength signals of each wireless base station, wherein the number of samples (the number of samples, namely the number of wireless base stations) in the density clustering radius is at least 2;
step 2) judging whether the power distribution and utilization terminal needs cell reselection, if not, entering step 1), otherwise, entering step 3);
step 3) when the power distribution and utilization terminal needs to perform cell reselection, normalizing the time and the wireless signal intensity data of each wireless base station within the past 24 hours of the time; calculating Euclidean distances among wireless signal intensity data of different wireless base stations in the period of time; clustering according to the existing DBSCAAN density clustering algorithm by combining the density clustering parameters set in the step 1);
step 4), judging a clustering result: if the clustering result is only one type and has no noise point, judging the reselected cell base station to be a normal base station, and entering the step 1); if the clustering result has multiple types or contains noise points, judging that the wireless base station corresponding to the type or the noise point with the maximum wireless signal intensity accumulated change amplitude in the period of time is a pseudo base station, keeping the density clustering parameter unchanged, entering step 2) to detect whether the pseudo base station is accessed, and entering step 1) when the pseudo base station is not detected.
The pseudo base station needs to invade the communication equipment of the power distribution terminal, and the power distribution terminal must be forced to perform cell reselection to access other base stations. If the power distribution and utilization terminal equipment can identify and refuse to access the pseudo base station, the power distribution and utilization terminal equipment can be ensured not to access an illegal wireless communication link. Telecommunication service providers have a complete technical means to track, locate and hit false base stations based on detected base station signals. In order to avoid attack, the pseudo base station is dare not to stay in the same region for a long time and has short duration. Therefore, as long as the newly appeared pseudo base station is not accessed in the time period of 24 hours in a whole day, the time for positioning, attacking and clearing the pseudo base station by a telecommunication service provider can be reserved, and the safety of the power distribution and utilization terminal is ensured.
The distribution power consumption terminal detects that the absolute value of different communication base station wireless signal intensity is influenced by the distance between distribution power consumption terminal and the base station, and the distribution range of the wireless signal intensity absolute value is wider. Clustering with absolute values makes it difficult to form clustered density regions. In addition, the invention uses the variation trend of the wireless signal intensity as the basis for clustering, so the wireless signal intensity data needs to be normalized according to the formula (1):
x*=(x-min)/(max-min) (1)
in the formula: min is the minimum value of the wireless signal intensity data sequence in a 24-hour time period, max is the maximum value of the data sequence, x is the original data, x*Is normalized wireless signal strength data.
The cluster similarity measurement of the method adopts Euclidean distance judgment. When the cell reselection is not needed in normal operation, the Euclidean distance and the average Euclidean distance between wireless signal intensity data of all base stations, which can be detected by the power distribution and utilization terminal in the previous 24-hour time period, are calculated at each moment, 2 times of the average Euclidean distance is used as a clustering radius for density clustering, and in order to adapt to the needs of a base station sparse area, the minimum sample number of clustered clusters is set to be 2, namely, at least 2 base stations in one class are set. Because the signal variation trend of the pseudo base station is obviously different from that of other base stations, 2 samples which are possibly not capable of meeting the requirement of the cluster of the pseudo base station cannot form the cluster of the pseudo base station, and the cluster of the pseudo base station becomes an isolated noise point.
And when the cell reselection is detected to be needed, performing density clustering based on a DBSCAN algorithm on the historical signal strength data of the wireless base station in the current 24 hours by using the previously determined clustering radius and the minimum sample number of the clusters to form various clustering clusters.
If the clustering result is only one type and does not contain noise points, all base stations are judged to be normal base stations, and the cell can be reselected to access other base stations.
If the clustering result is of multiple types or contains noise points, and the cluster or noise point to which the base station reselected and accessed by the cell belongs is of the type with the largest accumulated historical signal intensity change, the base station is judged to be a pseudo base station, the previously set clustering parameters (the clustering radius and the minimum number of samples in the clustering radius) are kept unchanged, and the clustering radius of the density clustering is updated when the pseudo base station is not detected to be accessed any more, so that the normal signal mutation phenomenon of the real base station, such as the recovery of normal operation after the base station is stopped for maintenance, is adapted.
As a classic density Clustering algorithm, the DBSCAN (sensitivity Based Spatial Clustering of Applications with noise) can divide clusters with any shapes in a state space with noise according to the distribution density of samples, and can effectively solve the problem that the number of clusters needs to be preset. The DBSCAN algorithm forms a class cluster by searching for neighboring objects within the scan radius of a particular object in the data set when the number of surrounding objects meets the minimum number of included objects for class cluster formation. The basic features of the algorithm are described below with reference to the DBSCAN clustering diagram of fig. 2:
● cluster radius (Eps): a particular object in a given dataset is searched for the neighborhood radius of its neighbors. ● cluster minimum number of samples; the minimum number of included objects, which is satisfied by a data class cluster formed by a certain object and its neighboring objects within the cluster radius, is set to 3 in fig. 2.
● core object: a plurality of adjacent samples which are not less than the minimum sample of the cluster are present in the sample neighborhood radius; the sample points a, b and c in fig. 2 are core points, and the clustering radius is 3.
● noise object: samples in the dataset that do not belong to each density cluster are noise samples, such as e-sample points.
● the density can reach: the points in the radius neighborhood of the core point a and the a are directly reachable in density; a plurality of points such as d in the radius neighborhood of the core point a, and the density among f can be reached;
● density connection: in the data set, the density of the sample a and the sample f and the density of the sample b and the sample f are both reachable, but the density of a and the density of b are not reachable, so that the density of a and the density of b are connected.
In fig. 2, after the euclidean distances between all samples are scanned, the density-connected samples, such as a, b, d, f, and g, form a cluster, c, i, j, and h form a cluster, and only 1 sample in the e-neighborhood radius is an isolated noise point.
Example 1
When a certain distribution terminal normally operates, wireless signals of 6 wireless base stations are detected, see fig. 3, and the euclidean distances between the signal strength data of the wireless base stations in the past 24 hours are shown in table 1, and the average value of the euclidean distances is calculated. It can be seen from table 1 that the average euclidean distance is about 1.0, and 2.0 is selected as the clustering radius of the density cluster.
TABLE 1 Euclidean distance analysis chart at normal operation time
| i=1 | i=2 | i=3 | i=4 | i=5 | i=6 | |
| i=1 | 0.969 | 0.918 | 0.898 | 1.015 | 0.973 | |
| i=2 | 0.969 | 0.850 | 0.857 | 0.859 | 0.885 | |
| i=3 | 0.918 | 0.850 | 0.941 | 0.809 | 0.891 | |
| i=4 | 0.898 | 0.857 | 0.941 | 0.947 | 1.086 | |
| i=5 | 1.015 | 0.859 | 0.809 | 0.947 | 0.944 | |
| i=6 | 0.973 | 0.885 | 0.891 | 1.086 | 0.944 | |
| Maximum Euclidean distance between real base stations | 1.015 | 0.969 | 0.941 | 1.086 | 1.015 | 1.086 |
When detecting that the cell needs to be reselected and accessed to other base stations, firstly, the historical wireless signal intensity data at the moment and in the previous 24-hour time period are normalized, then the Euclidean distance between the wireless signal intensity data of each wireless base station is calculated as shown in a table 2, and density clustering is carried out according to the Euclidean distance between the base stations and the clustering parameters (the clustering radius and the minimum number of samples in the clustering radius) set up before. As can be seen from fig. 4, the wireless base stations 1, 2, and 3 are core points, the clustering radius is 2, the wireless base stations 1, 2, 3, 4, 5, and 6 are all connected in density and classified as one type, and the base station 7 is far from other sample points and is a noise point. As can be seen from fig. 3, fig. 4 and table 2, after the pseudo base station 7 is added, the wireless signal strength curve is significantly different from that of the real base station, and the distance between the pseudo base station and the real base station is above 7.0, which is much greater than the maximum euclidean distance between the real base stations. Under the pulling of the pseudo base station No. 7, the mean Euclidean distance between the real base station and all other base stations is raised to be about 2.0, and the mean Euclidean distance between the pseudo base station and all other base stations is 7.735 which is obviously higher than that of other base stations. Obviously, the density clustering can identify a pseudo base station far away from a real base station according to the Euclidean distance of the wireless signal intensity variation curve.
Table 2 euclidean distance analysis table for cell reselection time
From the data shown in table 2, the effectiveness of density clustering in the process of representing the moving time window by the average euclidean distance of each station can be judged according to the average value of the euclidean distances between the pseudo base station and all other base stations and the average value of the euclidean distances between the real base station and other base stations.
To verify the effectiveness of the proposed method over a longer period of time, verification was performed in a forward scrolling manner every 15 minutes starting on the next day 00:00 in fig. 5, and the average euclidean distance at each time for each station was plotted as shown in fig. 5. It can be seen from the figure that the time period of the historical wireless signal strength data is 24 hours, the average euclidean distances between 6 real base stations and all other base stations are always aggregated in a small interval range when the corresponding signal strength jump moment occurs in the covered pseudo base station within the 24 hours, and the average euclidean distance of the pseudo base station is always obviously higher than that of the real base station. After the 23:45 and 24-hour time period of the second day moves to the time when the signal jump of the 23:45 pseudo base station on the first day is not covered any more, the average Euclidean distance between the pseudo base station and the real base station tends to be consistent, and the No. 7 base station is identical to the real base station. At this time, no pseudo base station is considered to be accessed, and the rolling updating of clustering parameters such as density clustering radius is recovered.
Claims (1)
1. A power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal strength density cluster analysis is characterized by comprising the following steps:
step 1) selecting wireless signal intensity data of all wireless base stations which can detect signals by a power distribution terminal within the past 24 hours, carrying out normalization processing on the detected wireless signal intensity data, and calculating Euclidean distances and average Euclidean distances among the wireless signal intensity data of all the wireless base stations within the time range; setting a density clustering parameter, namely setting the radius of the density clustering to be 2 times of the average Euclidean distance between the wireless signal strengths of the wireless base stations, wherein the number of samples in the radius of the density clustering is at least 2;
step 2) judging whether the power distribution and utilization terminal needs cell reselection, if not, entering step 1), otherwise, entering step 3);
step 3) when the power distribution and utilization terminal needs to perform cell reselection, normalizing the time and the wireless signal intensity data of each wireless base station within the past 24 hours of the time; calculating Euclidean distances among wireless signal intensity data of different wireless base stations in the period of time; clustering according to the existing DBSCAAN density clustering algorithm by combining the density clustering parameters set in the step 1);
step 4), judging a clustering result: if the clustering result is only one type and does not contain noise points, judging the reselected cell base station to be a normal base station, and entering the step 1); if the clustering result has multiple types or contains noise points, judging that the wireless base station corresponding to the type or the noise point with the maximum wireless signal intensity accumulated change amplitude in the period of time is a pseudo base station, keeping the density clustering parameter unchanged, entering step 2) to detect whether the pseudo base station is accessed, and entering step 1) when the pseudo base station is not detected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811060770.XA CN109257762B (en) | 2018-09-12 | 2018-09-12 | Power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811060770.XA CN109257762B (en) | 2018-09-12 | 2018-09-12 | Power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109257762A CN109257762A (en) | 2019-01-22 |
| CN109257762B true CN109257762B (en) | 2021-06-18 |
Family
ID=65047289
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811060770.XA Active CN109257762B (en) | 2018-09-12 | 2018-09-12 | Power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109257762B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153685B (en) * | 2019-06-26 | 2022-02-25 | 大唐移动通信设备有限公司 | RRC fault detection method and device |
| CN110944333B (en) * | 2019-11-11 | 2023-08-29 | 南方电网科学研究院有限责任公司 | Illegal wireless communication link detection method for power distribution and utilization terminal based on wireless signal intensity cumulative change rate |
| CN111563630A (en) * | 2020-05-11 | 2020-08-21 | 圆通速递有限公司 | Logistics service network node layout method and system based on address longitude and latitude clustering |
| CN112954678B (en) * | 2021-01-26 | 2022-10-04 | 国网电力科学研究院有限公司 | Wireless signal fingerprint construction method and system for power wireless private network terminal |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2178222A1 (en) * | 2008-10-20 | 2010-04-21 | NTT DoCoMo, Inc. | Multi-antenna measurement method and multi-antenna measurement system |
| CN102970671A (en) * | 2012-11-27 | 2013-03-13 | 中国人民解放军信息工程大学 | Communication data acquisition method, pseudo base station and pseudo terminal |
| CN103648096A (en) * | 2013-12-11 | 2014-03-19 | 北京联合大学 | Method for rapidly detecting and positioning illegal base station intrusion |
| CN104168568A (en) * | 2014-08-28 | 2014-11-26 | 中国联合网络通信集团有限公司 | Mobile terminal and method for cell identity authentication through same |
| US9002359B1 (en) * | 2012-04-12 | 2015-04-07 | Sprint Spectrum L.P. | Method and system for intelligent determination of pseudonoise (PN) offsets |
| CN104602241A (en) * | 2014-12-25 | 2015-05-06 | 中国科学院信息工程研究所 | Determination method of pseudo base station and mobile terminal |
| CN104683984A (en) * | 2015-03-11 | 2015-06-03 | 无锡北邮感知技术产业研究院有限公司 | Wireless communication signal real-time monitoring and processing method and system |
| CN104735648A (en) * | 2013-12-23 | 2015-06-24 | 中国移动通信集团上海有限公司 | Pseudo base station interference analyzing and monitoring method and device |
| CN104766427A (en) * | 2015-04-27 | 2015-07-08 | 太原理工大学 | Detection method for illegal invasion of house based on Wi-Fi |
| CN105451332A (en) * | 2015-11-13 | 2016-03-30 | 中国石油大学(华东) | Mobile phone based method for positioning pseudo base station |
| CN105516986A (en) * | 2016-01-08 | 2016-04-20 | 中国联合网络通信集团有限公司 | Method for detecting pseudo base station, terminal, data processor and system |
| CN105744528A (en) * | 2016-04-29 | 2016-07-06 | 宇龙计算机通信科技(深圳)有限公司 | Fake base station identification method and device and terminal |
| CN105992210A (en) * | 2015-02-09 | 2016-10-05 | 中国移动通信集团湖北有限公司 | Mobile pseudo base station positioning method and system, positioning device and positioning server |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7162285B2 (en) * | 2003-09-19 | 2007-01-09 | Raytheon Company | Detector and method for detecting telephone-activated devices in idle state |
| US8885569B2 (en) * | 2011-12-19 | 2014-11-11 | Ofinno Technologies, Llc | Beamforming signaling in a wireless network |
| US9696701B2 (en) * | 2013-12-07 | 2017-07-04 | Svv Technology Innovations, Inc. | Radio frequency occupancy sensing load control |
| EP3187002B1 (en) * | 2014-08-31 | 2021-04-07 | Ubiquiti Inc. | Methods and apparatuses for monitoring and improving wireless network health |
-
2018
- 2018-09-12 CN CN201811060770.XA patent/CN109257762B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2178222A1 (en) * | 2008-10-20 | 2010-04-21 | NTT DoCoMo, Inc. | Multi-antenna measurement method and multi-antenna measurement system |
| US9002359B1 (en) * | 2012-04-12 | 2015-04-07 | Sprint Spectrum L.P. | Method and system for intelligent determination of pseudonoise (PN) offsets |
| CN102970671A (en) * | 2012-11-27 | 2013-03-13 | 中国人民解放军信息工程大学 | Communication data acquisition method, pseudo base station and pseudo terminal |
| CN103648096A (en) * | 2013-12-11 | 2014-03-19 | 北京联合大学 | Method for rapidly detecting and positioning illegal base station intrusion |
| CN104735648A (en) * | 2013-12-23 | 2015-06-24 | 中国移动通信集团上海有限公司 | Pseudo base station interference analyzing and monitoring method and device |
| CN104168568A (en) * | 2014-08-28 | 2014-11-26 | 中国联合网络通信集团有限公司 | Mobile terminal and method for cell identity authentication through same |
| CN104602241A (en) * | 2014-12-25 | 2015-05-06 | 中国科学院信息工程研究所 | Determination method of pseudo base station and mobile terminal |
| CN105992210A (en) * | 2015-02-09 | 2016-10-05 | 中国移动通信集团湖北有限公司 | Mobile pseudo base station positioning method and system, positioning device and positioning server |
| CN104683984A (en) * | 2015-03-11 | 2015-06-03 | 无锡北邮感知技术产业研究院有限公司 | Wireless communication signal real-time monitoring and processing method and system |
| CN104766427A (en) * | 2015-04-27 | 2015-07-08 | 太原理工大学 | Detection method for illegal invasion of house based on Wi-Fi |
| CN105451332A (en) * | 2015-11-13 | 2016-03-30 | 中国石油大学(华东) | Mobile phone based method for positioning pseudo base station |
| CN105516986A (en) * | 2016-01-08 | 2016-04-20 | 中国联合网络通信集团有限公司 | Method for detecting pseudo base station, terminal, data processor and system |
| CN105744528A (en) * | 2016-04-29 | 2016-07-06 | 宇龙计算机通信科技(深圳)有限公司 | Fake base station identification method and device and terminal |
Non-Patent Citations (2)
| Title |
|---|
| 移动大数据时代:无线网络的挑战与机遇;张平; 崔琪楣; 侯延昭; 徐瑨;《科学通报》;20150228;全文 * |
| 路网环境下敏感位置匿名区域的生成方法;戴佳筑; 华亮;《计算机科学》;20160315;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109257762A (en) | 2019-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109257762B (en) | Power distribution and utilization terminal illegal wireless communication link detection method based on wireless signal intensity density cluster analysis | |
| CN101808274B (en) | Terminal and network searching method thereof | |
| EP3906652B1 (en) | Protecting a telecommunications network using network components as blockchain nodes | |
| CN104168568B (en) | A kind of mobile terminal and its method for carrying out cell identity certification | |
| US10284373B2 (en) | Smart grid secure communications method and apparatus | |
| Wang et al. | Sybil attack detection based on RSSI for wireless sensor network | |
| CN101217396A (en) | An Ad hoc network invasion detecting method and system based on trust model | |
| CN105681272A (en) | Method for detecting and defensing fishing WiFi of mobile terminal | |
| Misra et al. | Detection of identity-based attacks in wireless sensor networks using signalprints | |
| CN111031006A (en) | Intelligent power grid communication anomaly detection method based on network flow | |
| CN103297973A (en) | Method for detecting Sybil attack in underwater wireless sensor networks | |
| Rafeh et al. | Detecting sybil nodes in wireless sensor networks using two-hop messages | |
| Hu et al. | An algorithm for energy detection based on noise variance estimation under noise uncertainty | |
| CN101977384B (en) | Active protection method of wireless MESH network intrusion based on signal detection | |
| Jamshidi et al. | A New Algorithm to Defend Against Sybil Attack in StaticWireless Sensor Networks Using Mobile Observer Sensor Nodes. | |
| CN110337094B (en) | Secure transmission system for D2D content sharing and method thereof | |
| Bin et al. | Rogue base stations detection for advanced metering infrastructure based on signal strength clustering | |
| CN109787996B (en) | Camouflage attack detection method based on DQL algorithm in fog calculation | |
| CN110944333B (en) | Illegal wireless communication link detection method for power distribution and utilization terminal based on wireless signal intensity cumulative change rate | |
| CN112929882B (en) | Method for identifying Sybil nodes and overlapped nodes | |
| CN105142149A (en) | RSS-based WLAN spoofing attack detection method | |
| Zhang | Malicious base station and detecting malicious base station signal | |
| CN106851645A (en) | A kind of power system APN private network defence methods attacked towards pseudo-base station | |
| Chen et al. | Development and implementation of anti phishing wi-fi and information security protection app based on android | |
| Talha et al. | A framework for MAC layer wireless intrusion detection & response for smart grid applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |