CN109936848A - A kind of detection method, device and the computer readable storage medium of puppet access point - Google Patents
A kind of detection method, device and the computer readable storage medium of puppet access point Download PDFInfo
- Publication number
- CN109936848A CN109936848A CN201910156412.7A CN201910156412A CN109936848A CN 109936848 A CN109936848 A CN 109936848A CN 201910156412 A CN201910156412 A CN 201910156412A CN 109936848 A CN109936848 A CN 109936848A
- Authority
- CN
- China
- Prior art keywords
- cluster
- access point
- value
- data
- profile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses detection method, device and the computer readable storage mediums of a kind of pseudo- access point, obtain the RSSI data and LQI data of each access point;Using the RSSI data of each access point as abscissa, LQI data as ordinate, joint data are obtained;Cluster is iterated to joint data using PAM algorithm, obtains the first cluster number;Joint data are handled using HAC clustering algorithm, obtain the second cluster number.Number, the second cluster number and preset weighted value are clustered according to first, determines final access point number.When access point number is greater than preset value, then the prompt information in the presence of pseudo- access point is exported.The technical solution utilizes the characteristic of data itself, carries out multi-cluster processing, and comprehensive cluster result to data, obtains the infomation detection puppet access point of number of access point in network in real time, has achieved the purpose that reduce cost, reduced False Rate.
Description
Technical field
The present invention relates to technical field of network security, more particularly to detection method, device and the meter of a kind of pseudo- access point
Calculation machine readable storage medium storing program for executing.
Background technique
A kind of more typical attack is two-sided demon's attack in Wi-Fi network.Two-sided demon's attack is exactly one in fact
The fraudulent access point to be stashed with neighbouring network name, attacker use identical service set (Service Set
Identifier, SSID) the i.e. pseudo- access point of one fraudulent access point of creation.Because the SSID and user of pseudo- access point are common
SSID is the same, and has stronger signal, therefore can cheat easily user and be attached thereto.After establishing connection, attacker
Webpage can be replaced, for example is substituted for the homemade interface of attacker, causes economic loss to user.Attacker can also pass through
Connection between user and pseudo- access point, steals the information on user's computer to a certain extent.Such attack is difficult to detect
It looks into, attacker even only needs a notebook that can create a pseudo- access point.
It is most common two based on characteristic fingerprint and based on client in the detection method attacked at present for two-sided demon
Kind detection method.Method based on characteristic fingerprint is usually that suspicious radio frequency is scanned from intranet Site Survey, then and in advance
The radio frequency grant column list of the characteristic fingerprint first defined is verified compared to relatively.Characteristic fingerprint generally includes signal strength, penetrates
Frequency measurement, MAC Address, vendor name and service group id etc..If it find that the characteristic fingerprint of some radio frequency is not in grant column list
In, then illustrate that there is the access points for starting two-sided demon's attack in network.This detection method is usually required by wireless network
Administrator operates, it usually needs the cost price of the server apparatus of enterprise-level, consuming is high, and is easy by internal staff
Attack.
Client-based method usually extracts unique wireless network traffic feature from the flow of network communication,
Usual network flow characteristic includes: inter-packet gap arrival time value and wireless flow two-way time value, by analyzing these network flows
Whether measure feature is attacked extremely to detect two-sided demon.But influence inter-packet gap arrival time value and wireless flow two-way time value
Factor not just merely because two-sided demon attacks, it is also possible to because of interference, the change of network topology, bandwidth and congestion etc.
Many factors, so testing result is difficult caused by determining whether to be attacked as two-sided demon.
It is that those skilled in the art are urgently to be resolved as it can be seen that how reducing the cost of pseudo- access point detection, reducing False Rate
Problem.
Summary of the invention
The purpose of the embodiment of the present invention is that providing detection method, device and the computer-readable storage medium of a kind of pseudo- access point
Matter can reduce the cost of pseudo- access point detection, reduce False Rate.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of detection method of pseudo- access point, comprising:
Obtain the RSSI data and LQI data of each access point;
Using the RSSI data of each described access point as abscissa, LQI data as ordinate, joint data are obtained;
Cluster is iterated to the joint data using PAM algorithm, obtains the first cluster number;
The joint data are handled using HAC clustering algorithm, obtain the second cluster number;
According to the first cluster number, the second cluster number and preset weighted value, determine to access
Point number;
Judge whether described access point number is greater than preset value;
If so, there is the prompt information of pseudo- access point in output.
Optionally, described that cluster is iterated to the joint data using PAM algorithm, obtain the first cluster number packet
It includes:
The joint data are clustered using PAM algorithm, obtain cluster profile diagram, and calculate the cluster profile diagram
The first mean profile value;
Judge to cluster whether number is greater than or equal to default cluster value;
If it is not, then return it is described the joint data are clustered using PAM algorithm, obtain cluster profile diagram, and count
The step of calculating the first mean profile value of the cluster profile diagram;
If so, choosing the maximum first mean profile value of value from each first mean profile value as the
One cluster number.
Optionally, described that the joint data are handled using HAC clustering algorithm, obtain the second cluster number packet
It includes:
The joint data are clustered using HAC clustering algorithm, obtain dendrogram;
The dendrogram is intercepted according to preset each interception standard, it is corresponding poly- to obtain each interception standard
Class result;
According to silhouette coefficient method, the corresponding profile diagram of each cluster result is obtained, and calculate each profile diagram pair
The the second mean profile value answered;
The maximum second mean profile value of value is chosen from each second mean profile value as the second cluster
Number.
It is optionally, described to cluster number and preset weighted value according to the first cluster number, described second,
Determine that access point number includes:
According to the following formula, access point number N is calculated;
Wherein,Indicate the first cluster number;ω1Indicate the weighted value of the first cluster number;Indicate that second is poly-
Class number;ω2Indicate the weighted value of the second cluster number.
Optionally, further includes:
When described access point number is less than preset value, then the prompt information of access point failure is shown.
The embodiment of the invention also provides a kind of detection devices of pseudo- access point, including acquiring unit, associated units, first
Cluster cell, the second cluster cell, determination unit, judging unit and output unit;
The acquiring unit, for obtaining the RSSI data and LQI data of each access point;
The associated units, for sitting the RSSI data of each described access point as abscissa, LQI data as vertical
Mark, obtains joint data;
It is poly- to obtain first for being iterated cluster to the joint data using PAM algorithm for first cluster cell
Class number;
It is poly- to obtain second for handling using HAC clustering algorithm the joint data for second cluster cell
Class number;
The determination unit, for according to the first cluster number, the second cluster number and preset
Weighted value determines access point number;
The judging unit, for judging whether described access point number is greater than preset value;If so, triggering the output
Unit;
The output unit, for exporting the prompt information in the presence of pseudo- access point.
Optionally, first cluster cell includes computation subunit, judgment sub-unit and selection subelement;
The computation subunit obtains cluster profile diagram for clustering using PAM algorithm to the joint data,
And calculate the first mean profile value of the cluster profile diagram;
The judgment sub-unit clusters whether number is greater than or equal to default cluster value for judging;If it is not, then returning to institute
State computation subunit;If so, triggering the selection subelement;
The selection subelement, it is average for choosing value maximum one first from each first mean profile value
Profile value is as the first cluster number.
Optionally, second cluster cell includes obtaining subelement, interception subelement, computation subunit and choosing son list
Member;
It is described to obtain subelement, for clustering using HAC clustering algorithm to the joint data, obtain dendrogram;
The interception subelement is obtained for intercepting according to preset each interception standard to the dendrogram
It is each to intercept the corresponding cluster result of standard;
The computation subunit, for obtaining the corresponding profile diagram of each cluster result according to silhouette coefficient device, and
Calculate the corresponding second mean profile value of each profile diagram;
The selection subelement, it is average for choosing value maximum one second from each second mean profile value
Profile value is as the second cluster number.
Optionally, the determination unit is specifically used for according to the following formula, calculating access point number N;
Wherein,Indicate the first cluster number;ω1Indicate the weighted value of the first cluster number;Indicate that second is poly-
Class number;ω2Indicate the weighted value of the second cluster number.
It optionally, further include prompt unit;
The prompt unit, for when described access point number is less than preset value, then showing the prompt of access point failure
Information.
The embodiment of the invention also provides a kind of detection devices of pseudo- access point, comprising:
Memory, for storing computer program;
Processor, the step of for executing the computer program to realize the detection method such as above-mentioned pseudo- access point.
The embodiment of the invention also provides a kind of computer readable storage medium, deposited on the computer readable storage medium
Computer program is contained, the step of the detection method such as above-mentioned pseudo- access point is realized when the computer program is executed by processor
Suddenly.
The RSSI data and LQI data of each access point are obtained it can be seen from above-mentioned technical proposal;By each access point
RSSI data, as ordinate, obtain joint data as abscissa, LQI data;It is changed using PAM algorithm to joint data
Generation cluster, obtains the first cluster number;Joint data are handled using HAC clustering algorithm, obtain the second cluster number.It is poly-
The number of class reflects the number of access point in network.In order to keep testing result more accurate credible, the first cluster of foundation number,
Second cluster number and preset weighted value, determine a final access point number.Judge the access point number
Whether preset value is greater than;When access point number is greater than preset value, then illustrates there is pseudo- access point, then export in the presence of pseudo- access point
Prompt information.The technical solution utilizes data itself in the case where not improving hardware cost and detection method complexity
Characteristic carries out multi-cluster processing, and comprehensive cluster result to data, obtains the information of number of access point in network, detection in real time
Pseudo- access point, improves internet security, has achieved the purpose that reduce cost, has reduced False Rate.
Detailed description of the invention
In order to illustrate the embodiments of the present invention more clearly, attached drawing needed in the embodiment will be done simply below
It introduces, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ordinary skill people
For member, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of the detection method of pseudo- access point provided in an embodiment of the present invention;
Fig. 2 is a kind of cluster profile diagram for showing profile value provided in an embodiment of the present invention;
Fig. 3 is a kind of interception schematic diagram of different interception standards provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of the detection device of pseudo- access point provided in an embodiment of the present invention;
Fig. 5 is a kind of hardware structural diagram of the detection device of pseudo- access point provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, rather than whole embodiments.Based on this
Embodiment in invention, those of ordinary skill in the art are without making creative work, obtained every other
Embodiment belongs to the scope of the present invention.
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description
The present invention is described in further detail.
Next, a kind of detection method of puppet access point provided by the embodiment of the present invention is discussed in detail.Fig. 1 is the present invention
A kind of flow chart of the detection method for pseudo- access point that embodiment provides, this method comprises:
S101: the RSSI data and LQI data of each access point are obtained.
Received signal strength indicator ((Received Signal Strength Indicator, RSSI) and link-quality
Instruction (Link Quality Indicator, LQI) generates when sending data using equipment commonly used to carry out positioning and ranging
RSSI data and LQI data calculate the physical distance between equipment, to judge the position of sending device.Sending device is
For each access point in network.
RSSI is used to judge link quality, decides whether to increase transmission intensity to guarantee being sent to for data.LQI is used to refer to
The height of bright communication connection intensity, unit is dBm (decibel milliwatt), and LQI range is the integer between 0-255.
In WI-FI environment, RSSI and LQI have correlation.It in embodiments of the present invention, can be using specific sampling
Rate carries out received signal strength indicator (RSSI) to each access point in WI-FI network and link-quality indicates (LQI) data
It collects.
S102: using the RSSI data of each access point as abscissa, LQI data as ordinate, joint data are obtained.
RSSI the and LQI data collected in the same position to different access points in WI-FI network are all different,
So carrying out clustering to RSSI the and LQI data that access points all in a WI-FI network are collected, WI- can reflect out
Access point number in FI network can have stronger signal in network, will lead to poly- if there is pseudo- access point to be added in network
The variation of class result judges whether there is pseudo- access point to reflect the variation of access point number in WI-FI network accordingly.
In embodiments of the present invention, based on distance cluster algorithm (Partitioning Around Medoid, PAM) and
Algorithm (Hierarchical Agglomerative Clustering, HAC) based on hierarchical clustering, the reception to being collected into
Signal strength indicates that (RSSI) and link-quality instruction (LQI) data carry out clustering processing.
When handling data using PAM algorithm and HAC clustering algorithm, need to locate the data of acquisition in advance
Reason, each access point have its corresponding RSSI data and LQI data, in the concrete realization, can be by each access point
RSSI data and LQI data are plotted in two-dimensional coordinate in order and fasten (X, Y seat as a two-dimensional coordinate point (RSSI, LQI)
Mark system), form RSSI-LQI data aggregate distribution map, abscissa RSSI, ordinate LQI.
S103: cluster is iterated to joint data using PAM algorithm, obtains the first cluster number.
The core concept of PAM algorithm is point centered on randomly selecting K object, then repeatedly with other non-central sections
It puts to replace central node, improves clustering result quality.The profile diagram clustered every time is then generated, and is determined by comparing silhouette coefficient
Determine optimal classification number.
In the concrete realization, it can use PAM algorithm to cluster joint data, obtain cluster profile diagram, and calculate
Cluster the first mean profile value of profile diagram.
Cluster profile diagram is defined as follows,
Wherein, δ (i) indicates the diversity factor of access point i and current affiliated class, is measured with Euclidean distance;ε (i) table
Show the minimum value of access point i and other each cluster diversity factoies.ρ (i) indicates the profile value of cluster profile diagram, indicates closer to 1
Cluster result is more accurate.
When assessed using silhouette coefficient cluster result, to calculation and object silhouette coefficient in each cluster in cluster result,
Then it is averaged to obtain mean profile value, which is the quality assessment result of the cluster result.
It in embodiments of the present invention, can for the ease of distinguishing the mean profile value that PAM algorithm and HAC clustering algorithm obtain
It is referred to as the first mean profile value with the mean profile value that will be obtained based on PAM algorithm, is averaged what is obtained based on HAC clustering algorithm
Profile value is referred to as the second mean profile value.
Wherein, obtained mean profile value is clustered every timeIt can be calculated according to following formula,
Wherein, n indicates the sample size of cluster.
It shows that the cluster profile diagram of profile value, ordinate are classification number as shown in Figure 2, indicates that cluster result obtains in figure
To 4 clusters (classification), abscissa is profile value size, and this time the mean profile value of cluster is 0.8932.It can be seen that 4
The profile value of each data in cluster has been painted into reference axis, can intuitively observe very much the excellent degree of each cluster.
In embodiments of the present invention, it in order to improve the excellent degree of cluster, can be often based on by the way of repeatedly clustering
PAM algorithm executes the corresponding cluster number of primary cluster and adds 1.It is every to have executed primary cluster, it can be determined that whether cluster number is big
In or equal to default cluster value.
Default cluster value can be set according to actual needs, generally being greater than the setting of default cluster value 50 times.
When clustering number less than default cluster value, then Returning utilization PAM algorithm clusters joint data, is gathered
Class profile diagram, and the step of calculating the first mean profile value of cluster profile diagram.
Every primary cluster of execution can obtain a first mean profile value.When cluster number is greater than or equal to default gather
When class value, then the maximum first mean profile value of value is chosen from each first mean profile value as the first cluster
Number.
Maximum value by choosing mean profile value can solve optimal classification number and select uncertain problem, classify simultaneously
Excellent degree be also farthest guaranteed.
S104: joint data are handled using HAC clustering algorithm, obtain the second cluster number.
HAC clustering algorithm can be it is cohesion or division, depending on hierachical decomposition be with bottom-up (cohesion) or
It is formed in a manner of top-down (division).In embodiments of the present invention, hierarchical clustering can be carried out using the method for cohesion.
The hierarchy clustering method of cohesion uses bottom-up strategy, since enabling each object form oneself cluster, and
And iteratively cluster is merged into increasing cluster, until all objects are all in a cluster, or meet some and terminate item
Part.Merging step, two immediate clusters is being found out according to certain similarity measurement, and merge them, form a cluster.Cause
Merge two clusters for each iteration, wherein each cluster contains at least one object, therefore condensing method at most needs n times iteration.
In embodiments of the present invention, the process of representational level cluster is carried out using a kind of tree structure for being referred to as dendrogram, clustering processing
Detailed process is as follows:
Joint data are clustered using HAC clustering algorithm, obtain dendrogram.According to preset each interception standard
Dendrogram is intercepted, the corresponding cluster result of each interception standard is obtained.
In dendrogram, according to different interception standards, determining cluster number is also different.Difference as shown in Figure 3 is cut
The interception schematic diagram of standard is taken, interception standard is to be intercepted in different levels, for example, selection interception standard 2 obtains three
A cluster;Selection interception standard 3 obtains two clusters.
In embodiments of the present invention, the corresponding profile diagram of each cluster result can be obtained, and count according to silhouette coefficient method
Calculate the corresponding second mean profile value of each profile diagram;Value maximum one second is chosen from each second mean profile value to be averaged
Profile value is as the second cluster number.
Using silhouette coefficient method, silhouette coefficient analysis is carried out to the cluster result that different interception standards generates, is obtained
Profile diagram, and calculate the mean profile value for the cluster that different interception standards generate.The cluster result which interception standard generates obtains
The mean profile value arrived is maximum, corresponding interception standard is just chosen, to obtain optimum cluster result.
S105: number, the second cluster number and preset weighted value are clustered according to first, determines access point
Number.
In order to keep cluster result more accurate credible, the cluster result of PAM and HAC are added in embodiments of the present invention
Weight average.
Specifically, access point number N can be calculated according to the following formula;
Wherein,Indicate the first cluster number;ω1Indicate the weighted value of the first cluster number;Indicate that second is poly-
Class number;ω2Indicate the weighted value of the second cluster number.
S106: judge whether access point number is greater than preset value.
The number of safety in network access point is Given information, and preset value is the number of secure entry point.
When the access point number determined based on each clustering algorithm is greater than preset value, then illustrate there is transmission pair in network
The pseudo- access point of face demon attack, can execute S107 at this time.
S107: there is the prompt information of pseudo- access point in output.
The RSSI data and LQI data of each access point are obtained it can be seen from above-mentioned technical proposal;By each access point
RSSI data, as ordinate, obtain joint data as abscissa, LQI data;It is changed using PAM algorithm to joint data
Generation cluster, obtains the first cluster number;Joint data are handled using HAC clustering algorithm, obtain the second cluster number.It is poly-
The number of class reflects the number of access point in network.In order to keep testing result more accurate credible, the first cluster of foundation number,
Second cluster number and preset weighted value, determine a final access point number.Judge the access point number
Whether preset value is greater than;When access point number is greater than preset value, then illustrates there is pseudo- access point, then export in the presence of pseudo- access point
Prompt information.The technical solution utilizes data itself in the case where not improving hardware cost and detection method complexity
Characteristic carries out multi-cluster processing, and comprehensive cluster result to data, obtains the information of number of access point in network, detection in real time
Pseudo- access point, improves internet security, has achieved the purpose that reduce cost, has reduced False Rate.
In practical applications, it is also possible to the case where being in abnormal operation there are secure entry point, when some or it is certain
When secure entry point breaks down, correspondingly, the access point number determined according to above-mentioned clustering algorithm can be less than secure accessing
The actual number of point.Therefore, when access point number is less than preset value, then the prompt information of access point failure is shown.
By showing the prompt information of access point failure, it can find that in time secure accessing point failure is asked in order to staff
Topic, and effectively handled, to reduce the influence of secure accessing point failure bring.
Fig. 4 is a kind of structural schematic diagram of the detection device of pseudo- access point provided in an embodiment of the present invention, including obtains single
Member 41, associated units 42, the first cluster cell 43, the second cluster cell 44, determination unit 45, judging unit 46 and output unit
47;
Acquiring unit 41, for obtaining the RSSI data and LQI data of each access point;
Associated units 42, for as abscissa, LQI data as ordinate, obtaining the RSSI data of each access point
Joint data;
First cluster cell 43 obtains the first cluster for being iterated cluster to joint data using PAM algorithm
Number;
Second cluster cell 44 obtains the second cluster for handling using HAC clustering algorithm joint data
Number;
Determination unit 45 is determined for clustering number, the second cluster number and preset weighted value according to first
Access point number out;
Judging unit 46, for judging whether access point number is greater than preset value;If so, triggering output unit;
Output unit 47, for exporting the prompt information in the presence of pseudo- access point.
Optionally, the first cluster cell includes computation subunit, judgment sub-unit and selection subelement;
Computation subunit obtains cluster profile diagram, and calculate poly- for clustering using PAM algorithm to joint data
First mean profile value of class profile diagram;
Judgment sub-unit clusters whether number is greater than or equal to default cluster value for judging;If it is not, then returning to calculating
Unit;If so, subelement is chosen in triggering;
Subelement is chosen, is made for choosing the maximum first mean profile value of value from each first mean profile value
For the first cluster number.
Optionally, the second cluster cell includes obtaining subelement, interception subelement, computation subunit and choosing subelement;
Subelement is obtained, for clustering using HAC clustering algorithm to joint data, obtains dendrogram;
Subelement is intercepted, for intercepting according to preset each interception standard to dendrogram, obtains each interception mark
Quasi- corresponding cluster result;
Computation subunit, for obtaining the corresponding profile diagram of each cluster result, and calculate each wheel according to silhouette coefficient device
Exterior feature schemes corresponding second mean profile value;
Subelement is chosen, is made for choosing the maximum second mean profile value of value from each second mean profile value
For the second cluster number.
Optionally, determination unit is specifically used for according to the following formula, calculating access point number N;
Wherein,Indicate the first cluster number;ω1Indicate the weighted value of the first cluster number;Indicate that second is poly-
Class number;ω2Indicate the weighted value of the second cluster number.
It optionally, further include prompt unit;
Prompt unit, for when access point number is less than preset value, then showing the prompt information of access point failure.
The explanation of feature may refer to the related description of embodiment corresponding to Fig. 1 in embodiment corresponding to Fig. 4, here no longer
It repeats one by one.
The RSSI data and LQI data of each access point are obtained it can be seen from above-mentioned technical proposal;By each access point
RSSI data, as ordinate, obtain joint data as abscissa, LQI data;It is changed using PAM algorithm to joint data
Generation cluster, obtains the first cluster number;Joint data are handled using HAC clustering algorithm, obtain the second cluster number.It is poly-
The number of class reflects the number of access point in network.In order to keep testing result more accurate credible, the first cluster of foundation number,
Second cluster number and preset weighted value, determine a final access point number.Judge the access point number
Whether preset value is greater than;When access point number is greater than preset value, then illustrates there is pseudo- access point, then export in the presence of pseudo- access point
Prompt information.The technical solution utilizes data itself in the case where not improving hardware cost and detection method complexity
Characteristic carries out multi-cluster processing, and comprehensive cluster result to data, obtains the information of number of access point in network, detection in real time
Pseudo- access point, improves internet security, has achieved the purpose that reduce cost, has reduced False Rate.
Fig. 5 is a kind of hardware structural diagram of the detection device 50 of pseudo- access point provided in an embodiment of the present invention, comprising:
Memory 51, for storing computer program;
Processor 52, the step of for executing computer program to realize the detection method such as above-mentioned pseudo- access point.
The embodiment of the invention also provides a kind of computer readable storage medium, it is stored on computer readable storage medium
Computer program, when computer program is executed by processor the step of the realization such as detection method of above-mentioned pseudo- access point.
It is provided for the embodiments of the invention detection method, device and the computer-readable storage of a kind of pseudo- access point above
Medium is described in detail.Each embodiment is described in a progressive manner in specification, what each embodiment stressed
It is the difference from other embodiments, the same or similar parts in each embodiment may refer to each other.For embodiment
For disclosed device, since it is corresponded to the methods disclosed in the examples, so be described relatively simple, related place referring to
Method part illustration.It should be pointed out that for those skilled in the art, not departing from the principle of the invention
Under the premise of, it can be with several improvements and modifications are made to the present invention, these improvement and modification also fall into the claims in the present invention
Protection scope in.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
Claims (10)
1. a kind of detection method of puppet access point characterized by comprising
Obtain the RSSI data and LQI data of each access point;
Using the RSSI data of each described access point as abscissa, LQI data as ordinate, joint data are obtained;
Cluster is iterated to the joint data using PAM algorithm, obtains the first cluster number;
The joint data are handled using HAC clustering algorithm, obtain the second cluster number;
According to the first cluster number, the second cluster number and preset weighted value, access point is determined
Number;
Judge whether described access point number is greater than preset value;
If so, there is the prompt information of pseudo- access point in output.
2. the method according to claim 1, wherein described change to the joint data using PAM algorithm
Generation cluster, obtaining the first cluster number includes:
The joint data are clustered using PAM algorithm, obtain cluster profile diagram, and calculate the of the cluster profile diagram
One mean profile value;
Judge to cluster whether number is greater than or equal to default cluster value;
If it is not, then return it is described the joint data are clustered using PAM algorithm, obtain cluster profile diagram, and calculate institute
The step of stating the first mean profile value of cluster profile diagram;
If so, it is poly- as first to choose the maximum first mean profile value of value from each first mean profile value
Class number.
3. the method according to claim 1, wherein it is described using HAC clustering algorithm to the joint data into
Row processing, obtaining the second cluster number includes:
The joint data are clustered using HAC clustering algorithm, obtain dendrogram;
The dendrogram is intercepted according to preset each interception standard, obtains the corresponding cluster knot of each interception standard
Fruit;
According to silhouette coefficient method, the corresponding profile diagram of each cluster result is obtained, and it is corresponding to calculate each profile diagram
Second mean profile value;
The maximum second mean profile value of value is chosen from each second mean profile value as the second cluster number.
4. the method according to claim 1, wherein described gather according to the first cluster number, described second
Class number and preset weighted value determine that access point number includes:
According to the following formula, access point number N is calculated;
Wherein,Indicate the first cluster number;ω1Indicate the weighted value of the first cluster number;Indicate the second cluster
Number;ω2Indicate the weighted value of the second cluster number.
5. method according to any of claims 1-4, which is characterized in that further include:
When described access point number is less than preset value, then the prompt information of access point failure is shown.
6. a kind of detection device of puppet access point, which is characterized in that including acquiring unit, associated units, the first cluster cell, the
Two cluster cells, determination unit, judging unit and output unit;
The acquiring unit, for obtaining the RSSI data and LQI data of each access point;
The associated units, for as abscissa, LQI data as ordinate, obtaining the RSSI data of each described access point
To joint data;
First cluster cell obtains the first cluster for being iterated cluster to the joint data using PAM algorithm
Number;
Second cluster cell obtains the second cluster for handling using HAC clustering algorithm the joint data
Number;
The determination unit, for according to the first cluster number, the second cluster number and preset weight
Value, determines access point number;
The judging unit, for judging whether described access point number is greater than preset value;If so, the triggering output is single
Member;
The output unit, for exporting the prompt information in the presence of pseudo- access point.
7. device according to claim 6, which is characterized in that first cluster cell includes computation subunit, judgement
Subelement and selection subelement;
The computation subunit obtains cluster profile diagram, and count for clustering using PAM algorithm to the joint data
Calculate the first mean profile value of the cluster profile diagram;
The judgment sub-unit clusters whether number is greater than or equal to default cluster value for judging;If it is not, then returning to the meter
Operator unit;If so, triggering the selection subelement;
The selection subelement, for choosing maximum first mean profile of value from each first mean profile value
Value is as the first cluster number.
8. device according to claim 6, which is characterized in that second cluster cell includes obtaining subelement, interception
Subelement, computation subunit and selection subelement;
It is described to obtain subelement, for clustering using HAC clustering algorithm to the joint data, obtain dendrogram;
The interception subelement obtains each section for intercepting according to preset each interception standard to the dendrogram
Take the corresponding cluster result of standard;
The computation subunit, for obtaining the corresponding profile diagram of each cluster result, and calculate according to silhouette coefficient device
The corresponding second mean profile value of each profile diagram;
The selection subelement, for choosing maximum second mean profile of value from each second mean profile value
Value is as the second cluster number.
9. a kind of detection device of puppet access point characterized by comprising
Memory, for storing computer program;
Processor realizes the inspection of the pseudo- access point as described in claim 1 to 5 any one for executing the computer program
The step of survey method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the detection side of the pseudo- access point as described in any one of claim 1 to 5 when the computer program is executed by processor
The step of method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910156412.7A CN109936848A (en) | 2019-03-01 | 2019-03-01 | A kind of detection method, device and the computer readable storage medium of puppet access point |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910156412.7A CN109936848A (en) | 2019-03-01 | 2019-03-01 | A kind of detection method, device and the computer readable storage medium of puppet access point |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109936848A true CN109936848A (en) | 2019-06-25 |
Family
ID=66986329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910156412.7A Pending CN109936848A (en) | 2019-03-01 | 2019-03-01 | A kind of detection method, device and the computer readable storage medium of puppet access point |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109936848A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110544047A (en) * | 2019-09-10 | 2019-12-06 | 东北电力大学 | Bad data identification method |
CN113507447A (en) * | 2021-06-17 | 2021-10-15 | 北京邮电大学 | Self-adaptive enhancement method and device for network traffic data |
CN113706459A (en) * | 2021-07-15 | 2021-11-26 | 电子科技大学 | Detection and simulation restoration device for abnormal brain area of autism patient |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104010311A (en) * | 2014-05-30 | 2014-08-27 | 广州中国科学院先进技术研究所 | Wireless sensor network intrusion detection method based on PAM clustering algorithm |
EP3396400A1 (en) * | 2017-04-27 | 2018-10-31 | Deutsche Telekom AG | A system and method for clustering wi-fi fingerprints for indoor-outdoor detection |
CN108881277A (en) * | 2018-07-10 | 2018-11-23 | 广东工业大学 | The method, device and equipment of monitoring wireless sensor network node invasion |
-
2019
- 2019-03-01 CN CN201910156412.7A patent/CN109936848A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104010311A (en) * | 2014-05-30 | 2014-08-27 | 广州中国科学院先进技术研究所 | Wireless sensor network intrusion detection method based on PAM clustering algorithm |
EP3396400A1 (en) * | 2017-04-27 | 2018-10-31 | Deutsche Telekom AG | A system and method for clustering wi-fi fingerprints for indoor-outdoor detection |
CN108881277A (en) * | 2018-07-10 | 2018-11-23 | 广东工业大学 | The method, device and equipment of monitoring wireless sensor network node invasion |
Non-Patent Citations (1)
Title |
---|
XIAOLING WU: "RSSI and LQI Data Clustering Techniques to Determine the Number of Nodes in Wireless Sensor Networks", 《MISSOURI UNIVERSITY OF SCIENCE AND TECHNOLOGY SCHOLARS" MINE》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110544047A (en) * | 2019-09-10 | 2019-12-06 | 东北电力大学 | Bad data identification method |
CN113507447A (en) * | 2021-06-17 | 2021-10-15 | 北京邮电大学 | Self-adaptive enhancement method and device for network traffic data |
CN113706459A (en) * | 2021-07-15 | 2021-11-26 | 电子科技大学 | Detection and simulation restoration device for abnormal brain area of autism patient |
CN113706459B (en) * | 2021-07-15 | 2023-06-20 | 电子科技大学 | Detection and simulation repair device for abnormal brain area of autism patient |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Distributed intrusion detection system in a multi-layer network architecture of smart grids | |
US8880604B2 (en) | Determination of a spammer through social network characterization | |
CN104683984B (en) | The real-time monitoring process method of wireless communication signals and system | |
CN109936848A (en) | A kind of detection method, device and the computer readable storage medium of puppet access point | |
US20100071061A1 (en) | Method and Apparatus for Whole-Network Anomaly Diagnosis and Method to Detect and Classify Network Anomalies Using Traffic Feature Distributions | |
CN104639311B (en) | The polymerization and system of electricity consumption privacy and integrity protection in a kind of intelligent grid | |
CN108289088A (en) | Abnormal traffic detection system and method based on business model | |
CN109067586A (en) | Ddos attack detection method and device | |
WO2005041040A1 (en) | System and method for detection and location of rogue wireless access users in a computer network | |
CN106992902B (en) | Wireless network coverage blind area detection method and system | |
CN114374626B (en) | Router performance detection method under 5G network condition | |
CN109218170A (en) | A kind of IP address-based mail abnormal login detecting method and system | |
CN113965341A (en) | Intrusion detection system based on software defined network | |
CN108881277B (en) | Method, device and equipment for monitoring wireless sensor network node intrusion | |
CN110475246A (en) | Malice anchor node detection method based on isolated forest and sequential probability ratio test | |
Sharma et al. | WLI-FCM and artificial neural network based cloud intrusion detection system | |
CN105207835A (en) | Determination method of network element working state of wireless local area network and apparatus thereof | |
CN108234435A (en) | A kind of automatic testing method based on IP classification | |
CN114240031A (en) | 5G network bearing quality evaluation method facing power service | |
CN111490991B (en) | Multiple server connection request system and method based on communication equipment | |
Choi et al. | Wireless intrusion prevention system using dynamic random forest against wireless MAC spoofing attack | |
CN104010311A (en) | Wireless sensor network intrusion detection method based on PAM clustering algorithm | |
CN109150623B (en) | Method for resisting SSDF attack of malicious user based on round robin reputation value | |
Li et al. | A complete evaluation of the Chinese IP geolocation databases | |
CN105487936A (en) | Information system security evaluation method for classified protection under cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190625 |