CN114172704A - Abnormal node detection method based on BSM data packet space-time relation - Google Patents
Abnormal node detection method based on BSM data packet space-time relation Download PDFInfo
- Publication number
- CN114172704A CN114172704A CN202111426698.XA CN202111426698A CN114172704A CN 114172704 A CN114172704 A CN 114172704A CN 202111426698 A CN202111426698 A CN 202111426698A CN 114172704 A CN114172704 A CN 114172704A
- Authority
- CN
- China
- Prior art keywords
- bsm
- senderpseudo
- nodes
- integral
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 41
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 38
- 230000010354 integration Effects 0.000 claims description 18
- 230000002093 peripheral effect Effects 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000012549 training Methods 0.000 claims description 3
- 238000012800 visualization Methods 0.000 claims description 2
- 238000013507 mapping Methods 0.000 claims 1
- 238000000034 method Methods 0.000 abstract description 38
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000004088 simulation Methods 0.000 description 4
- 230000001133 acceleration Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- HCTVWSOKIJULET-LQDWTQKMSA-M phenoxymethylpenicillin potassium Chemical compound [K+].N([C@H]1[C@H]2SC([C@@H](N2C1=O)C([O-])=O)(C)C)C(=O)COC1=CC=CC=C1 HCTVWSOKIJULET-LQDWTQKMSA-M 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000704 physical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an abnormal node detection method based on the time-space relation of BSM data packets. The desired data is extracted from the BSM packet. And after receiving the packed data, the detector calculates the estimated information source of each sender, and performs integral operation according to an integral rule to generate an integral table. And classifying the estimated information source and the BSM data packet sender according to the integral table to finish detection. The method accurately detects most abnormal nodes in the scene, divides the abnormal nodes into Sybil nodes and malicious nodes, and ensures that the Sybil nodes and the malicious nodes can be respectively processed efficiently in the follow-up process, thereby ensuring the driving safety of normal nodes. According to the method, the abnormal nodes in the scene can be found out more accurately in the scene with lower attack probability, the normal nodes are prevented from being judged as the abnormal nodes by mistake, most of the abnormal nodes in the scene can be found out more stably, and the missing report is avoided.
Description
Technical Field
The invention belongs to the technical field of network information security, relates to an abnormal node detection technology, and particularly relates to an abnormal node detection method based on the time-space relation of a BSM data packet.
Background
The vehicle internet (vanhicular ad hoc networks, VANET) is an important component of Intelligent Transport Systems (ITS), and plays a key role in improving traffic conditions and driving safety. Therefore, it is necessary to study how to ensure the security of VANET.
However, since VANET has a highly dynamic nature of the structural topology, it is easily stolen or counterfeited by a malicious vehicle, thus launching a Sybil attack. The Sybil attack is an identity-based attack, and an attacker acquires a plurality of false identities through an illegal way to participate in network communication so as to achieve the illegal purpose. The Sybil attack is extremely harmful to normal vehicles in VANET. Firstly, the malicious node can generate a Sybil node by stealing or forging the identity, so as to cause the false impression of road congestion, thereby forcing the normal vehicle to decelerate, and even controlling the running track of the normal vehicle. Secondly, the Sybil attack can be combined with other network attack modes, such as DoS attack, replay attack and the like, so that the concealment of the attacks is improved, and the effect of the existing detection method is reduced. It can be seen from the work of some researchers that the detection of single DoS attacks, dossisruptive attacks and the like has higher accuracy and recall rate, but the detection accuracy and recall rate are reduced after the attacks are combined with Sybil attacks. This is evident in the detection of the DoSDirmptive attack, with the recall rate decreasing from the initial 98.87% to 53.18%. Therefore, it is important to study how to accurately detect the skill of Sybil attacking abnormal nodes.
Researchers have proposed some methods that can be performed on Sybil attacks against abnormal nodes. For example, researchers have proposed a resource-based test method that can detect part of Sybil attacking abnormal nodes, but this method is too harsh for use scenarios and occupies very large wireless network resources. According to the method, most Sybil attack abnormal nodes can be effectively detected, but the method has high requirements on traffic flow density. Although the above problems are overcome by the method, it is also proposed by researchers to locate an attacker by using TDoA technology and acquire beacon information of neighboring nodes through three receivers on a vehicle, which requires multiple receivers, resulting in high cost. Therefore, how to simply, accurately and inexpensively detect Sybil attack abnormal nodes is a problem worthy of research.
Disclosure of Invention
The invention aims to provide an abnormal node detection method based on the time-space relation of BSM data packets, which is used for solving the problems of lower detection performance, harsh use conditions and overhigh cost of the existing detection method.
The technical scheme for solving the problems is as follows: the abnormal node detection method based on the BSM data packet space-time relation comprises the following steps:
Step 2, extracting BSMiPseudonyms of (Sender pseudo) are includedi) Sending time (sendTime)i) Time of reception (rcvTime)i) Position information (Pos)i) Speed information (Spd)i) Generate a new packagei). And packaging all the packages, sending the packages to the detector, and executing the step 3.
Step 3, after the detector receives the packed data, calculating each packageiTime interval ofEach package is packagediIs/are as followsCarry in advanceCalculating each package by the set space-time relation modeliEstimated distance of transmitting source distance rcver when receivedAnd generating an EstimateDistance list after the calculation is finished, and executing the step 4.
Step 4, according to the Pos extracted in the step 2iAnd SpdiIs calculated at each packageircvTime ofiAt a time of each Vj(j ═ 0,1, …, n) Distance from rcverijGenerating DistanceiTabulated, step 5 is performed.
And 7, judging whether the detection time reaches 300s, if not, executing the steps 1-6 in a circulating mode, otherwise, executing the step 8.
Step 8, finding out each senderPseudo according to the integral tableiCorresponding senerpseudo pseudojComparison of senderPseudoiAnd senderPseudojTo senderPseudoiClassifying and carrying out senderPseudo-according to classification conditionsjAnd (6) classifying.
Based on the method, the technical scheme of the invention also comprises an abnormal node detection system based on the BSM data packet space-time relation, which comprises the following steps:
and the information collection and extraction module is used for collecting the BSM data packets sent by the peripheral nodes at the vehicle end, extracting information required to be used from the BSM data packets and transmitting the information to the next module for processing.
A pre-estimated distance list module for processing the time data transmitted by the information collecting and extracting module and calculatingAnd substituting a pre-trained space-time relation model, calculating the estimated distance of each BSM data packet, and generating an EstimateDistance list.
A Distance list generating module for processing the position, speed and time data transmitted by the information collecting and extracting module and generating the Distance required by the following integrationiList, list EstimateDistance and DistanceiThe list is passed to the next module for processing.
And the integral table generating module is used for calculating the associated pseudonym of the pseudonym of each BSM data packet sender and the error of the BSM data packet, and performing integral operation according to an integral rule to generate the integral table.
And the node classification module is used for finding the estimated source pseudonym of each sender pseudonym from the integral table and classifying the sender pseudonym and the estimated source pseudonym according to the result.
The method has the beneficial effects that:
firstly, the method utilizes the physical property that the BSM data packet has a unique signal source, and can accurately detect Sybil attack abnormal nodes in a scene only by analyzing the time information and the position information in the BSM data packet and has low missing report rate.
The method provided by the invention has the advantages that the detection is carried out at the vehicle end, so that the influence caused by error information provided by abnormal nodes when voting is carried out on a public platform under the condition that honest vehicles are few is avoided. Meanwhile, the method does not need too many receivers, only occupies little internal computing resources and public network resources in the detection process, and does not need high cost and load.
Third, the method can also keep higher accuracy and recall rate in a scene with lower attack density, and can effectively divide the malicious nodes and the Sybil nodes, thereby being greatly helpful for subsequent processing.
Drawings
Fig. 1 is a schematic flow chart of an abnormal node detection method based on BSM packet spatiotemporal relationship according to the present invention.
Fig. 2 is a schematic diagram illustrating a format of a BSM packet according to an embodiment of the present invention.
FIG. 3 is a schematic diagram illustrating generation of a spatio-temporal relationship model in step 3 according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of the integration rule and the format of the integration table in step 4 according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of simulation parameters according to an embodiment of the present invention.
FIG. 6 is a diagram illustrating the results of the testing experiment in the first embodiment of the present invention.
FIG. 7 is a graph illustrating experimental results comparing a method based on flow statistics according to a first embodiment of the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, the examples of which are set forth to illustrate the invention and are not intended to limit the scope of the invention.
Example one
As shown in fig. 1, the embodiment is an abnormal node detection method based on the BSM packet spatiotemporal relationship, and the method is composed of 8 steps. The specific description is as follows:
Step 2, extracting BSMiPseudonyms of (Sender pseudo) are includedi) Sending time (sendTime)i) Time of reception (rcvTime)i) Position information (Pos)i) Speed information (Spd)i) Generate a new packagei). And packaging all the packages, sending the packages to the detector, and executing the step 3.
Step 3, after the detector receives the packed data, calculating each packageiTime interval ofEach package is packagediIs/are as followsSubstituting a preset space-time relation model to calculate each packageiEstimated distance of transmitting source distance rcver when receivedAnd generating an EstimateDistance list after the calculation is finished, and executing the step 4.
Step 4, according to the Pos extracted in the step 2iAnd SpdiIs calculated at each packageircvTime ofiAt a time of each Vj(j ═ 0,1, …, n) Distance from rcverijGenerating DistanceiTabulated, step 5 is performed.
And 7, judging whether the detection time reaches 300s, if not, executing the steps 1-6 in a circulating mode, otherwise, executing the step 8.
Step 8, finding out each senderPseudo according to the integral tableiCorresponding senerpseudo pseudojComparison of senderPseudoiAnd senderPseudojTo senderPseudoiClassifying and carrying out senderPseudo-according to classification conditionsjAnd (6) classifying.
As shown in fig. 2, the format of the BSM packet is described as follows:
the BSM packet includes 13 fields, wherein a type field represents a type of the BSM packet, a sendTime field is a transmission time of the BSM packet, an rcvTime field is a reception time of the BSM packet, a sendpseudodo field is a pseudonym of a sender, a messageID is an ID value of the BSM packet, a pos field is a three-dimensional coordinate where the vehicle is located, a pos _ noise field is an error interval of the three-dimensional coordinate where the vehicle is located, a spd field is a speed of the vehicle when the BSM packet is transmitted, a spd _ noise field is an error interval of the speed of the vehicle when the BSM packet is transmitted, an acl field is an acceleration of the vehicle when the BSM packet is transmitted, a acl _ noise field is an error interval of the acceleration of the vehicle when the BSM packet is transmitted, a hed field is a direction of the vehicle when the BSM packet is transmitted, and a hed _ noise field is an error interval of the direction of the vehicle when the vehicle nose is transmitted the BSM packet.
As shown in fig. 3, the specific generation process of the spatio-temporal relationship model in step 3 is as follows:
in a non-attack application scene, collecting BSM data packets of peripheral nodes of each vehicle end and position information of the vehicle end when receiving the data packets, extracting time information and position information from the BSM data packets, calculating a transmitting-receiving time interval of each BSM data packet and a distance between a receiver and a sender when receiving the BSM data packets, and generating a data set. And visualizing the data set, and selecting the type of a Regression Model according to the visualization result. After the regression model type is selected, the data is brought into training to generate a space-time relation model.
As shown in fig. 4, the integration rule and the integration table format are described as follows:
the integral table consists of 3 fields, sender pseudonym (senderPseudo)i) Predictive source pseudonym (senderPseudo)j) Integral value (score).
SenderpseudojAnd senderPseudoiAnd after correlation, performing integral operation according to an integral rule to generate an integral table, and finally performing node classification according to the integral table. False positive nodes may be generated due to errors in the detection process, and the detection precision is reducedAnd (4) degree. To solve this problem, an integration rule is set:
a. if associated senderPseudojAnd senderPseudoiSame, senderPseudojThe corresponding integration increases by Threshold;
b. if associated senderPseudojAnd senderPseudoiNot the same as erroriLess than 4, senerpseudojThe corresponding integral is increased by 1, otherwise Threshold is increased.
According to the integral rule, false positive nodes generated by errors during detection can be greatly reduced, and the detection precision and the recall ratio are improved.
As shown in fig. 5, in order to evaluate the detection performance of the system in the first embodiment, an F2MD open source framework is selected for data simulation. The simulation scene is a LuST scene, the time periods are 5:00-6:00, 6:00-7:00 and 7:00-8:00 respectively, the attack type is Grid Sybil, and the attack probability is 30%. "# Normal" is the total number of Normal nodes in the data set, "# attach" is the total number of malicious nodes in the data set, and "# Sybil" is the total number of Sybil nodes in the data set.
In addition, an evaluation index is set, and precision _ subset (PS) is the proportion of the detected real global abnormal node to the detected global abnormal node; the call _ subset (RS) is the proportion of the detected real global abnormal node in the global abnormal node; precision _ Suspen _ Sybil (PSS) detected ratio of real Sybil nodes detected Sybil nodes; call _ subset _ Sybil (RSS) is the proportion of the detected real Sybil node in the Sybil node; precision _ Suspen _ atteker (PSA) is the proportion of detected real malicious nodes to detected malicious nodes; the call _ subset _ attekcer (rsa) is a proportion of the detected real malicious nodes in the malicious nodes (indexes shown by experimental results are average values of all vehicle-end detection results in the scene). The six indexes are as high as possible, and the calculation formula of the indexes is as follows
As shown in fig. 6, the detection accuracy of the method for global abnormal nodes is higher than 0.99, and under the condition of high accuracy, the recall ratio of the global abnormal nodes can be ensured to be not lower than 0.99. The method can accurately detect most abnormal nodes in the scene. On the basis, the global abnormal nodes are divided into Sybil nodes and malicious nodes, the accuracy of the divided Sybil nodes is higher than 0.99, the recall ratio is higher than 0.99, the accuracy of the divided malicious nodes is higher than 0.96, and the recall ratio is higher than 0.98. The method is proved to be capable of effectively dividing the abnormal nodes into Sybil nodes and malicious nodes, and ensuring that the Sybil nodes and the malicious nodes can be respectively processed efficiently in the follow-up process, so that the driving safety of normal nodes is ensured.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
As shown in fig. 7, in order to prove that the method is advantageous in a low attack probability scenario, the method and the method based on traffic statistics are subjected to a comparative test in the same environment. The simulation scene is a LuST scene, the time periods are 5:00-6:00, 6:00-7:00 and 7:00-8:00 respectively, the attack type is Grid Sybil, and the attack probability is 5%, 10% and 60%. The experimental result shows that when the attack probability is 60%, the detection Precision (PS) of the method based on the flow statistics reaches 0.8857 at most, and the method proposed herein reaches 0.9978 at most, which shows that the method proposed herein has better detection precision compared with the method based on the flow statistics. When the attack probability is reduced to 10%, the peak value of the detection accuracy of the method based on the traffic statistics is reduced to 0.4054, and the lowest value reaches 0.3117, while the detection accuracy of the method proposed herein is kept above 0.98. After the attack probability is further reduced to 5%, the detection precision of the method based on the flow statistics is further reduced, and the lowest value of the detection precision of the method is kept above 0.96, so that the method is proved to find out abnormal nodes in a scene more accurately in a scene with lower attack probability, and the normal nodes are prevented from being judged as abnormal nodes by mistake.
Meanwhile, it can be seen that, as time goes on, the number of data packets increases dramatically and various complex traffic conditions occur due to the increase of the traffic density in the scene, and the recall Ratio (RS) of the traffic statistics-based method decreases rapidly. The recall ratio of the method does not float obviously, which shows that the method can more stably find out most abnormal nodes in the scene and avoid missing report.
Claims (4)
1. An abnormal node detection method based on BSM data packet space-time relation is characterized by comprising the following steps:
step 1, peripheral nodes V in 1s are collected at the vehicle end rcveriBSM packet BSM of i-0, 1, …, niRecording the position information of the vehicle when receiving each BSM data packet, and executing the step 2;
step 2, extracting BSMiThe pseudonym Sender pseudo of (1)iSending time sendTimeiReception time rcvTimeiPosition information PosiSpeed information SpdiGenerate a new packet packagei(ii) a Packaging all the packages, sending the packages to a detector, and executing the step 3;
step 3, after the detector receives the packed data, calculating each packageiTime interval ofEach package is packagediIs/are as followsSubstituting a preset space-time relation model to calculate each packageiEstimated distance of transmitting source distance rcver when receivedGenerating an EstimateDistance list after the calculation is finished, and executing the step 4;
step 4, according to the Pos extracted in the step 2iAnd SpdiIs calculated at each packageircvTime ofiAt a time of each Vjj is 0,1, …, n is a Distance of rcverijGenerating DistanceiListing, and executing the step 5;
step 5, Distance is processediEach Distance in the listijAndcalculating the difference ErrorijGenerating ErroriTabulated and Error is comparediiIs recorded as erroriExecuting the step 6;
step 6, finding out each ErroriThe minimum value in the list, and the sender pseudo udo corresponding to the minimum valuejAnd senderPseudoiCorrelating and performing integration operation according to an integration rule ScoreRule to generate an integration table, and executing the step 7;
step 7, judging whether the detection time reaches 300s, if not, executing steps 1-6 in a circulating way, otherwise, executing step 8;
step 8, finding out each senderPseudo according to the integral tableiCorresponding senerpseudo pseudojComparison of senderPseudoiAnd senderPseudojTo senderPseudoiClassifying and carrying out senderPseudo-according to classification conditionsjAnd (6) classifying.
2. The abnormal node detection method based on the BSM data packet spatio-temporal relationship as claimed in claim 1, wherein: the type and training data of the spatio-temporal relationship model in the step 3 specifically include:
under a non-attack scene, summarizing each rcverkCollecting BSMkiAnd rcverkLocation information at the time of receiving the data packet, from the BSMkiExtract sendTimeki、rcvTimeki、Posi、SpdkiAnd calculates TimeGapkiAnd receiving the BSMkiTime rcverkIn place ofDistance between the sending node i and the receiving nodeiGenerating a TimeGap-Distance mapping data set; visualizing the data set, and selecting the type of a Regression Model according to a visualization result; after the regression model type is selected, the data is brought into training to generate a space-time relation model.
3. The abnormal node detection method based on the BSM data packet spatio-temporal relationship as claimed in claim 1, wherein: the integration rule and parameter setting in step 6 specifically includes:
according to step 6, senderPseudojAnd senderPseudoiAfter correlation, performing integral operation according to an integral rule to generate an integral table, and finally performing node classification according to the integral table; setting an integration rule:
a. if associated senderPseudojAnd senderPseudoiSame, senderPseudojThe corresponding integral is increased by a Threshold integral Threshold;
b. if associated senderPseudojAnd senderPseudoiNot the same as erroriLess than 4, senerpseudojThe corresponding integral is increased by 1, otherwise Threshold is increased.
4. The abnormal node detection method based on the BSM data packet spatio-temporal relationship as claimed in claim 1, wherein: threshold is set to 49; according to the integration rule, false positive nodes generated by errors during detection are reduced, and the detection precision and the recall ratio are improved.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111426698.XA CN114172704B (en) | 2021-11-27 | 2021-11-27 | Abnormal node detection method based on space-time relation of BSM data packet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111426698.XA CN114172704B (en) | 2021-11-27 | 2021-11-27 | Abnormal node detection method based on space-time relation of BSM data packet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114172704A true CN114172704A (en) | 2022-03-11 |
CN114172704B CN114172704B (en) | 2024-03-26 |
Family
ID=80481863
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111426698.XA Active CN114172704B (en) | 2021-11-27 | 2021-11-27 | Abnormal node detection method based on space-time relation of BSM data packet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114172704B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2051468A1 (en) * | 2007-06-25 | 2009-04-22 | Deutsche Telekom AG | Method, data processing device and computer network for anomaly detection |
CN107888639A (en) * | 2016-09-30 | 2018-04-06 | 电信科学技术研究院 | Resource reservation cycle granularity P configuration, instruction and determination method, apparatus |
CN109660967A (en) * | 2019-02-18 | 2019-04-19 | 华东交通大学 | A kind of driving safety monitoring apparatus and method based on the fusion of car networking BSM information |
CN111246425A (en) * | 2020-01-14 | 2020-06-05 | 大连理工大学 | Dynamic self-adaptive safety early warning method based on DSRC vehicle-mounted V2X system and BSM simulation platform |
CN111741446A (en) * | 2020-06-16 | 2020-10-02 | 重庆大学 | V2X communication and application combined test method and system |
CN111901778A (en) * | 2020-06-22 | 2020-11-06 | 北京千方科技股份有限公司 | Vehicle abnormity early warning method and system based on V2X and storage medium |
CN112738014A (en) * | 2020-10-28 | 2021-04-30 | 北京工业大学 | Industrial control flow abnormity detection method and system based on convolution time sequence network |
CN113497801A (en) * | 2021-01-27 | 2021-10-12 | 西安理工大学 | Sybil attack detection algorithm based on timestamp chain |
CN113624246A (en) * | 2020-10-19 | 2021-11-09 | 株式会社电装 | Vehicle position correction device and vehicle position correction method |
-
2021
- 2021-11-27 CN CN202111426698.XA patent/CN114172704B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2051468A1 (en) * | 2007-06-25 | 2009-04-22 | Deutsche Telekom AG | Method, data processing device and computer network for anomaly detection |
CN107888639A (en) * | 2016-09-30 | 2018-04-06 | 电信科学技术研究院 | Resource reservation cycle granularity P configuration, instruction and determination method, apparatus |
CN109660967A (en) * | 2019-02-18 | 2019-04-19 | 华东交通大学 | A kind of driving safety monitoring apparatus and method based on the fusion of car networking BSM information |
CN111246425A (en) * | 2020-01-14 | 2020-06-05 | 大连理工大学 | Dynamic self-adaptive safety early warning method based on DSRC vehicle-mounted V2X system and BSM simulation platform |
CN111741446A (en) * | 2020-06-16 | 2020-10-02 | 重庆大学 | V2X communication and application combined test method and system |
CN111901778A (en) * | 2020-06-22 | 2020-11-06 | 北京千方科技股份有限公司 | Vehicle abnormity early warning method and system based on V2X and storage medium |
CN113624246A (en) * | 2020-10-19 | 2021-11-09 | 株式会社电装 | Vehicle position correction device and vehicle position correction method |
CN112738014A (en) * | 2020-10-28 | 2021-04-30 | 北京工业大学 | Industrial control flow abnormity detection method and system based on convolution time sequence network |
CN113497801A (en) * | 2021-01-27 | 2021-10-12 | 西安理工大学 | Sybil attack detection algorithm based on timestamp chain |
Also Published As
Publication number | Publication date |
---|---|
CN114172704B (en) | 2024-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alrehan et al. | Machine learning techniques to detect DDoS attacks on VANET system: A survey | |
Gu et al. | Support vector machine (svm) based sybil attack detection in vehicular networks | |
Grover et al. | Misbehavior detection based on ensemble learning in vanet | |
Baiad et al. | Novel cross layer detection schemes to detect blackhole attack against QoS-OLSR protocol in VANET | |
Yao et al. | Voiceprint: A novel Sybil attack detection method based on RSSI for VANETs | |
Alheeti et al. | On the detection of grey hole and rushing attacks in self-driving vehicular networks | |
Kosmanos et al. | Intrusion detection system for platooning connected autonomous vehicles | |
Xie et al. | Detecting primary user emulation attacks in cognitive radio networks via physical layer network coding | |
Verma et al. | Bloom‐filter based IP‐CHOCK detection scheme for denial of service attacks in VANET | |
Grover et al. | Sybil attack detection in VANET using neighbouring vehicles | |
Goncalves et al. | Synthesizing datasets with security threats for vehicular ad-hoc networks | |
CN104581733A (en) | Security routing method for internet of things for preventing location spoofing | |
Valentini et al. | An attacks detection mechanism for intelligent transport system | |
Shrestha et al. | Sybil attack detection in vehicular network based on received signal strength | |
Ihsan et al. | Location verification for emerging wireless vehicular networks | |
Kosmanos et al. | RF jamming classification using relative speed estimation in vehicular wireless networks | |
Dey et al. | Efficient detection and localization of dos attacks in heterogeneous vehicular networks | |
CN111641951A (en) | 5G network APT attack tracing method and system based on SA architecture | |
Swessi et al. | A comparative review of security threats datasets for vehicular networks | |
Li et al. | Rssi sequence and vehicle driving matrix based sybil nodes detection in vanet | |
Choi et al. | Wireless intrusion prevention system using dynamic random forest against wireless MAC spoofing attack | |
Kolandaisamy et al. | Markov chain based ant colony approach for mitigating DDoS attacks using integrated vehicle mode analysis in VANET | |
Ilavendhan et al. | Comparative analysis of various approaches for DoS attack detection in VANETs | |
CN114172704B (en) | Abnormal node detection method based on space-time relation of BSM data packet | |
Slimane et al. | A light boosting-based ml model for detecting deceptive jamming attacks on uavs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |