CN114172704A - Abnormal node detection method based on BSM data packet space-time relation - Google Patents

Abnormal node detection method based on BSM data packet space-time relation Download PDF

Info

Publication number
CN114172704A
CN114172704A CN202111426698.XA CN202111426698A CN114172704A CN 114172704 A CN114172704 A CN 114172704A CN 202111426698 A CN202111426698 A CN 202111426698A CN 114172704 A CN114172704 A CN 114172704A
Authority
CN
China
Prior art keywords
bsm
senderpseudo
nodes
integral
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111426698.XA
Other languages
Chinese (zh)
Other versions
CN114172704B (en
Inventor
赖英旭
张兆宜
陈业
刘静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN202111426698.XA priority Critical patent/CN114172704B/en
Publication of CN114172704A publication Critical patent/CN114172704A/en
Application granted granted Critical
Publication of CN114172704B publication Critical patent/CN114172704B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an abnormal node detection method based on the time-space relation of BSM data packets. The desired data is extracted from the BSM packet. And after receiving the packed data, the detector calculates the estimated information source of each sender, and performs integral operation according to an integral rule to generate an integral table. And classifying the estimated information source and the BSM data packet sender according to the integral table to finish detection. The method accurately detects most abnormal nodes in the scene, divides the abnormal nodes into Sybil nodes and malicious nodes, and ensures that the Sybil nodes and the malicious nodes can be respectively processed efficiently in the follow-up process, thereby ensuring the driving safety of normal nodes. According to the method, the abnormal nodes in the scene can be found out more accurately in the scene with lower attack probability, the normal nodes are prevented from being judged as the abnormal nodes by mistake, most of the abnormal nodes in the scene can be found out more stably, and the missing report is avoided.

Description

Abnormal node detection method based on BSM data packet space-time relation
Technical Field
The invention belongs to the technical field of network information security, relates to an abnormal node detection technology, and particularly relates to an abnormal node detection method based on the time-space relation of a BSM data packet.
Background
The vehicle internet (vanhicular ad hoc networks, VANET) is an important component of Intelligent Transport Systems (ITS), and plays a key role in improving traffic conditions and driving safety. Therefore, it is necessary to study how to ensure the security of VANET.
However, since VANET has a highly dynamic nature of the structural topology, it is easily stolen or counterfeited by a malicious vehicle, thus launching a Sybil attack. The Sybil attack is an identity-based attack, and an attacker acquires a plurality of false identities through an illegal way to participate in network communication so as to achieve the illegal purpose. The Sybil attack is extremely harmful to normal vehicles in VANET. Firstly, the malicious node can generate a Sybil node by stealing or forging the identity, so as to cause the false impression of road congestion, thereby forcing the normal vehicle to decelerate, and even controlling the running track of the normal vehicle. Secondly, the Sybil attack can be combined with other network attack modes, such as DoS attack, replay attack and the like, so that the concealment of the attacks is improved, and the effect of the existing detection method is reduced. It can be seen from the work of some researchers that the detection of single DoS attacks, dossisruptive attacks and the like has higher accuracy and recall rate, but the detection accuracy and recall rate are reduced after the attacks are combined with Sybil attacks. This is evident in the detection of the DoSDirmptive attack, with the recall rate decreasing from the initial 98.87% to 53.18%. Therefore, it is important to study how to accurately detect the skill of Sybil attacking abnormal nodes.
Researchers have proposed some methods that can be performed on Sybil attacks against abnormal nodes. For example, researchers have proposed a resource-based test method that can detect part of Sybil attacking abnormal nodes, but this method is too harsh for use scenarios and occupies very large wireless network resources. According to the method, most Sybil attack abnormal nodes can be effectively detected, but the method has high requirements on traffic flow density. Although the above problems are overcome by the method, it is also proposed by researchers to locate an attacker by using TDoA technology and acquire beacon information of neighboring nodes through three receivers on a vehicle, which requires multiple receivers, resulting in high cost. Therefore, how to simply, accurately and inexpensively detect Sybil attack abnormal nodes is a problem worthy of research.
Disclosure of Invention
The invention aims to provide an abnormal node detection method based on the time-space relation of BSM data packets, which is used for solving the problems of lower detection performance, harsh use conditions and overhigh cost of the existing detection method.
The technical scheme for solving the problems is as follows: the abnormal node detection method based on the BSM data packet space-time relation comprises the following steps:
step 1, peripheral nodes V in 1s are collected at the vehicle end (rcver)i(i-0, 1, …, n) BSM packet (BSM)i) And recording the position information of the vehicle when receiving each BSM data packet, and executing the step 2.
Step 2, extracting BSMiPseudonyms of (Sender pseudo) are includedi) Sending time (sendTime)i) Time of reception (rcvTime)i) Position information (Pos)i) Speed information (Spd)i) Generate a new packagei). And packaging all the packages, sending the packages to the detector, and executing the step 3.
Step 3, after the detector receives the packed data, calculating each packageiTime interval of
Figure BDA0003378903980000021
Each package is packagediIs/are as follows
Figure BDA0003378903980000022
Carry in advanceCalculating each package by the set space-time relation modeliEstimated distance of transmitting source distance rcver when received
Figure BDA0003378903980000023
And generating an EstimateDistance list after the calculation is finished, and executing the step 4.
Step 4, according to the Pos extracted in the step 2iAnd SpdiIs calculated at each packageircvTime ofiAt a time of each Vj(j ═ 0,1, …, n) Distance from rcverijGenerating DistanceiTabulated, step 5 is performed.
Step 5, Distance is processediEach Distance in the listijAnd
Figure BDA0003378903980000024
calculating the difference ErrorijGenerating ErroriTabulated and Error is comparediiIs recorded as erroriStep 6 is executed.
Step 6, finding out each ErroriThe minimum value in the list is the corresponding senerpseudojAnd senderPseudoiAnd (4) associating and performing integration operation according to an integration rule (ScoreRule) to generate an integration table, and executing the step 7.
And 7, judging whether the detection time reaches 300s, if not, executing the steps 1-6 in a circulating mode, otherwise, executing the step 8.
Step 8, finding out each senderPseudo according to the integral tableiCorresponding senerpseudo pseudojComparison of senderPseudoiAnd senderPseudojTo senderPseudoiClassifying and carrying out senderPseudo-according to classification conditionsjAnd (6) classifying.
Based on the method, the technical scheme of the invention also comprises an abnormal node detection system based on the BSM data packet space-time relation, which comprises the following steps:
and the information collection and extraction module is used for collecting the BSM data packets sent by the peripheral nodes at the vehicle end, extracting information required to be used from the BSM data packets and transmitting the information to the next module for processing.
A pre-estimated distance list module for processing the time data transmitted by the information collecting and extracting module and calculating
Figure BDA0003378903980000031
And substituting a pre-trained space-time relation model, calculating the estimated distance of each BSM data packet, and generating an EstimateDistance list.
A Distance list generating module for processing the position, speed and time data transmitted by the information collecting and extracting module and generating the Distance required by the following integrationiList, list EstimateDistance and DistanceiThe list is passed to the next module for processing.
And the integral table generating module is used for calculating the associated pseudonym of the pseudonym of each BSM data packet sender and the error of the BSM data packet, and performing integral operation according to an integral rule to generate the integral table.
And the node classification module is used for finding the estimated source pseudonym of each sender pseudonym from the integral table and classifying the sender pseudonym and the estimated source pseudonym according to the result.
The method has the beneficial effects that:
firstly, the method utilizes the physical property that the BSM data packet has a unique signal source, and can accurately detect Sybil attack abnormal nodes in a scene only by analyzing the time information and the position information in the BSM data packet and has low missing report rate.
The method provided by the invention has the advantages that the detection is carried out at the vehicle end, so that the influence caused by error information provided by abnormal nodes when voting is carried out on a public platform under the condition that honest vehicles are few is avoided. Meanwhile, the method does not need too many receivers, only occupies little internal computing resources and public network resources in the detection process, and does not need high cost and load.
Third, the method can also keep higher accuracy and recall rate in a scene with lower attack density, and can effectively divide the malicious nodes and the Sybil nodes, thereby being greatly helpful for subsequent processing.
Drawings
Fig. 1 is a schematic flow chart of an abnormal node detection method based on BSM packet spatiotemporal relationship according to the present invention.
Fig. 2 is a schematic diagram illustrating a format of a BSM packet according to an embodiment of the present invention.
FIG. 3 is a schematic diagram illustrating generation of a spatio-temporal relationship model in step 3 according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of the integration rule and the format of the integration table in step 4 according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of simulation parameters according to an embodiment of the present invention.
FIG. 6 is a diagram illustrating the results of the testing experiment in the first embodiment of the present invention.
FIG. 7 is a graph illustrating experimental results comparing a method based on flow statistics according to a first embodiment of the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, the examples of which are set forth to illustrate the invention and are not intended to limit the scope of the invention.
Example one
As shown in fig. 1, the embodiment is an abnormal node detection method based on the BSM packet spatiotemporal relationship, and the method is composed of 8 steps. The specific description is as follows:
step 1, peripheral nodes V in 1s are collected at the vehicle end (rcver)i(i-0, 1, …, n) BSM packet (BSM)i) And recording the position information of the vehicle when receiving each BSM data packet, and executing the step 2.
Step 2, extracting BSMiPseudonyms of (Sender pseudo) are includedi) Sending time (sendTime)i) Time of reception (rcvTime)i) Position information (Pos)i) Speed information (Spd)i) Generate a new packagei). And packaging all the packages, sending the packages to the detector, and executing the step 3.
Step 3, after the detector receives the packed data, calculating each packageiTime interval of
Figure BDA0003378903980000041
Each package is packagediIs/are as follows
Figure BDA0003378903980000042
Substituting a preset space-time relation model to calculate each packageiEstimated distance of transmitting source distance rcver when received
Figure BDA0003378903980000043
And generating an EstimateDistance list after the calculation is finished, and executing the step 4.
Step 4, according to the Pos extracted in the step 2iAnd SpdiIs calculated at each packageircvTime ofiAt a time of each Vj(j ═ 0,1, …, n) Distance from rcverijGenerating DistanceiTabulated, step 5 is performed.
Step 5, Distance is processediEach Distance in the listijAnd
Figure BDA0003378903980000044
calculating the difference ErrorijGenerating ErroriTabulated and Error is comparediiIs recorded as erroriStep 6 is executed.
Step 6, finding out each ErroriThe minimum value in the list is the corresponding senerpseudojAnd senderPseudoiAnd (4) associating and performing integration operation according to an integration rule (ScoreRule) to generate an integration table, and executing the step 7.
And 7, judging whether the detection time reaches 300s, if not, executing the steps 1-6 in a circulating mode, otherwise, executing the step 8.
Step 8, finding out each senderPseudo according to the integral tableiCorresponding senerpseudo pseudojComparison of senderPseudoiAnd senderPseudojTo senderPseudoiClassifying and carrying out senderPseudo-according to classification conditionsjAnd (6) classifying.
As shown in fig. 2, the format of the BSM packet is described as follows:
the BSM packet includes 13 fields, wherein a type field represents a type of the BSM packet, a sendTime field is a transmission time of the BSM packet, an rcvTime field is a reception time of the BSM packet, a sendpseudodo field is a pseudonym of a sender, a messageID is an ID value of the BSM packet, a pos field is a three-dimensional coordinate where the vehicle is located, a pos _ noise field is an error interval of the three-dimensional coordinate where the vehicle is located, a spd field is a speed of the vehicle when the BSM packet is transmitted, a spd _ noise field is an error interval of the speed of the vehicle when the BSM packet is transmitted, an acl field is an acceleration of the vehicle when the BSM packet is transmitted, a acl _ noise field is an error interval of the acceleration of the vehicle when the BSM packet is transmitted, a hed field is a direction of the vehicle when the BSM packet is transmitted, and a hed _ noise field is an error interval of the direction of the vehicle when the vehicle nose is transmitted the BSM packet.
As shown in fig. 3, the specific generation process of the spatio-temporal relationship model in step 3 is as follows:
in a non-attack application scene, collecting BSM data packets of peripheral nodes of each vehicle end and position information of the vehicle end when receiving the data packets, extracting time information and position information from the BSM data packets, calculating a transmitting-receiving time interval of each BSM data packet and a distance between a receiver and a sender when receiving the BSM data packets, and generating a data set. And visualizing the data set, and selecting the type of a Regression Model according to the visualization result. After the regression model type is selected, the data is brought into training to generate a space-time relation model.
As shown in fig. 4, the integration rule and the integration table format are described as follows:
the integral table consists of 3 fields, sender pseudonym (senderPseudo)i) Predictive source pseudonym (senderPseudo)j) Integral value (score).
SenderpseudojAnd senderPseudoiAnd after correlation, performing integral operation according to an integral rule to generate an integral table, and finally performing node classification according to the integral table. False positive nodes may be generated due to errors in the detection process, and the detection precision is reducedAnd (4) degree. To solve this problem, an integration rule is set:
a. if associated senderPseudojAnd senderPseudoiSame, senderPseudojThe corresponding integration increases by Threshold;
b. if associated senderPseudojAnd senderPseudoiNot the same as erroriLess than 4, senerpseudojThe corresponding integral is increased by 1, otherwise Threshold is increased.
According to the integral rule, false positive nodes generated by errors during detection can be greatly reduced, and the detection precision and the recall ratio are improved.
As shown in fig. 5, in order to evaluate the detection performance of the system in the first embodiment, an F2MD open source framework is selected for data simulation. The simulation scene is a LuST scene, the time periods are 5:00-6:00, 6:00-7:00 and 7:00-8:00 respectively, the attack type is Grid Sybil, and the attack probability is 30%. "# Normal" is the total number of Normal nodes in the data set, "# attach" is the total number of malicious nodes in the data set, and "# Sybil" is the total number of Sybil nodes in the data set.
In addition, an evaluation index is set, and precision _ subset (PS) is the proportion of the detected real global abnormal node to the detected global abnormal node; the call _ subset (RS) is the proportion of the detected real global abnormal node in the global abnormal node; precision _ Suspen _ Sybil (PSS) detected ratio of real Sybil nodes detected Sybil nodes; call _ subset _ Sybil (RSS) is the proportion of the detected real Sybil node in the Sybil node; precision _ Suspen _ atteker (PSA) is the proportion of detected real malicious nodes to detected malicious nodes; the call _ subset _ attekcer (rsa) is a proportion of the detected real malicious nodes in the malicious nodes (indexes shown by experimental results are average values of all vehicle-end detection results in the scene). The six indexes are as high as possible, and the calculation formula of the indexes is as follows
Figure BDA0003378903980000061
Figure BDA0003378903980000062
Figure BDA0003378903980000063
Figure BDA0003378903980000064
Figure BDA0003378903980000065
Figure BDA0003378903980000066
As shown in fig. 6, the detection accuracy of the method for global abnormal nodes is higher than 0.99, and under the condition of high accuracy, the recall ratio of the global abnormal nodes can be ensured to be not lower than 0.99. The method can accurately detect most abnormal nodes in the scene. On the basis, the global abnormal nodes are divided into Sybil nodes and malicious nodes, the accuracy of the divided Sybil nodes is higher than 0.99, the recall ratio is higher than 0.99, the accuracy of the divided malicious nodes is higher than 0.96, and the recall ratio is higher than 0.98. The method is proved to be capable of effectively dividing the abnormal nodes into Sybil nodes and malicious nodes, and ensuring that the Sybil nodes and the malicious nodes can be respectively processed efficiently in the follow-up process, so that the driving safety of normal nodes is ensured.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
As shown in fig. 7, in order to prove that the method is advantageous in a low attack probability scenario, the method and the method based on traffic statistics are subjected to a comparative test in the same environment. The simulation scene is a LuST scene, the time periods are 5:00-6:00, 6:00-7:00 and 7:00-8:00 respectively, the attack type is Grid Sybil, and the attack probability is 5%, 10% and 60%. The experimental result shows that when the attack probability is 60%, the detection Precision (PS) of the method based on the flow statistics reaches 0.8857 at most, and the method proposed herein reaches 0.9978 at most, which shows that the method proposed herein has better detection precision compared with the method based on the flow statistics. When the attack probability is reduced to 10%, the peak value of the detection accuracy of the method based on the traffic statistics is reduced to 0.4054, and the lowest value reaches 0.3117, while the detection accuracy of the method proposed herein is kept above 0.98. After the attack probability is further reduced to 5%, the detection precision of the method based on the flow statistics is further reduced, and the lowest value of the detection precision of the method is kept above 0.96, so that the method is proved to find out abnormal nodes in a scene more accurately in a scene with lower attack probability, and the normal nodes are prevented from being judged as abnormal nodes by mistake.
Meanwhile, it can be seen that, as time goes on, the number of data packets increases dramatically and various complex traffic conditions occur due to the increase of the traffic density in the scene, and the recall Ratio (RS) of the traffic statistics-based method decreases rapidly. The recall ratio of the method does not float obviously, which shows that the method can more stably find out most abnormal nodes in the scene and avoid missing report.

Claims (4)

1. An abnormal node detection method based on BSM data packet space-time relation is characterized by comprising the following steps:
step 1, peripheral nodes V in 1s are collected at the vehicle end rcveriBSM packet BSM of i-0, 1, …, niRecording the position information of the vehicle when receiving each BSM data packet, and executing the step 2;
step 2, extracting BSMiThe pseudonym Sender pseudo of (1)iSending time sendTimeiReception time rcvTimeiPosition information PosiSpeed information SpdiGenerate a new packet packagei(ii) a Packaging all the packages, sending the packages to a detector, and executing the step 3;
step 3, after the detector receives the packed data, calculating each packageiTime interval of
Figure FDA0003378903970000011
Each package is packagediIs/are as follows
Figure FDA0003378903970000012
Substituting a preset space-time relation model to calculate each packageiEstimated distance of transmitting source distance rcver when received
Figure FDA0003378903970000013
Generating an EstimateDistance list after the calculation is finished, and executing the step 4;
step 4, according to the Pos extracted in the step 2iAnd SpdiIs calculated at each packageircvTime ofiAt a time of each Vjj is 0,1, …, n is a Distance of rcverijGenerating DistanceiListing, and executing the step 5;
step 5, Distance is processediEach Distance in the listijAnd
Figure FDA0003378903970000014
calculating the difference ErrorijGenerating ErroriTabulated and Error is comparediiIs recorded as erroriExecuting the step 6;
step 6, finding out each ErroriThe minimum value in the list, and the sender pseudo udo corresponding to the minimum valuejAnd senderPseudoiCorrelating and performing integration operation according to an integration rule ScoreRule to generate an integration table, and executing the step 7;
step 7, judging whether the detection time reaches 300s, if not, executing steps 1-6 in a circulating way, otherwise, executing step 8;
step 8, finding out each senderPseudo according to the integral tableiCorresponding senerpseudo pseudojComparison of senderPseudoiAnd senderPseudojTo senderPseudoiClassifying and carrying out senderPseudo-according to classification conditionsjAnd (6) classifying.
2. The abnormal node detection method based on the BSM data packet spatio-temporal relationship as claimed in claim 1, wherein: the type and training data of the spatio-temporal relationship model in the step 3 specifically include:
under a non-attack scene, summarizing each rcverkCollecting BSMkiAnd rcverkLocation information at the time of receiving the data packet, from the BSMkiExtract sendTimeki、rcvTimeki、Posi、SpdkiAnd calculates TimeGapkiAnd receiving the BSMkiTime rcverkIn place of
Figure FDA0003378903970000015
Distance between the sending node i and the receiving nodeiGenerating a TimeGap-Distance mapping data set; visualizing the data set, and selecting the type of a Regression Model according to a visualization result; after the regression model type is selected, the data is brought into training to generate a space-time relation model.
3. The abnormal node detection method based on the BSM data packet spatio-temporal relationship as claimed in claim 1, wherein: the integration rule and parameter setting in step 6 specifically includes:
according to step 6, senderPseudojAnd senderPseudoiAfter correlation, performing integral operation according to an integral rule to generate an integral table, and finally performing node classification according to the integral table; setting an integration rule:
a. if associated senderPseudojAnd senderPseudoiSame, senderPseudojThe corresponding integral is increased by a Threshold integral Threshold;
b. if associated senderPseudojAnd senderPseudoiNot the same as erroriLess than 4, senerpseudojThe corresponding integral is increased by 1, otherwise Threshold is increased.
4. The abnormal node detection method based on the BSM data packet spatio-temporal relationship as claimed in claim 1, wherein: threshold is set to 49; according to the integration rule, false positive nodes generated by errors during detection are reduced, and the detection precision and the recall ratio are improved.
CN202111426698.XA 2021-11-27 2021-11-27 Abnormal node detection method based on space-time relation of BSM data packet Active CN114172704B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111426698.XA CN114172704B (en) 2021-11-27 2021-11-27 Abnormal node detection method based on space-time relation of BSM data packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111426698.XA CN114172704B (en) 2021-11-27 2021-11-27 Abnormal node detection method based on space-time relation of BSM data packet

Publications (2)

Publication Number Publication Date
CN114172704A true CN114172704A (en) 2022-03-11
CN114172704B CN114172704B (en) 2024-03-26

Family

ID=80481863

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111426698.XA Active CN114172704B (en) 2021-11-27 2021-11-27 Abnormal node detection method based on space-time relation of BSM data packet

Country Status (1)

Country Link
CN (1) CN114172704B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2051468A1 (en) * 2007-06-25 2009-04-22 Deutsche Telekom AG Method, data processing device and computer network for anomaly detection
CN107888639A (en) * 2016-09-30 2018-04-06 电信科学技术研究院 Resource reservation cycle granularity P configuration, instruction and determination method, apparatus
CN109660967A (en) * 2019-02-18 2019-04-19 华东交通大学 A kind of driving safety monitoring apparatus and method based on the fusion of car networking BSM information
CN111246425A (en) * 2020-01-14 2020-06-05 大连理工大学 Dynamic self-adaptive safety early warning method based on DSRC vehicle-mounted V2X system and BSM simulation platform
CN111741446A (en) * 2020-06-16 2020-10-02 重庆大学 V2X communication and application combined test method and system
CN111901778A (en) * 2020-06-22 2020-11-06 北京千方科技股份有限公司 Vehicle abnormity early warning method and system based on V2X and storage medium
CN112738014A (en) * 2020-10-28 2021-04-30 北京工业大学 Industrial control flow abnormity detection method and system based on convolution time sequence network
CN113497801A (en) * 2021-01-27 2021-10-12 西安理工大学 Sybil attack detection algorithm based on timestamp chain
CN113624246A (en) * 2020-10-19 2021-11-09 株式会社电装 Vehicle position correction device and vehicle position correction method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2051468A1 (en) * 2007-06-25 2009-04-22 Deutsche Telekom AG Method, data processing device and computer network for anomaly detection
CN107888639A (en) * 2016-09-30 2018-04-06 电信科学技术研究院 Resource reservation cycle granularity P configuration, instruction and determination method, apparatus
CN109660967A (en) * 2019-02-18 2019-04-19 华东交通大学 A kind of driving safety monitoring apparatus and method based on the fusion of car networking BSM information
CN111246425A (en) * 2020-01-14 2020-06-05 大连理工大学 Dynamic self-adaptive safety early warning method based on DSRC vehicle-mounted V2X system and BSM simulation platform
CN111741446A (en) * 2020-06-16 2020-10-02 重庆大学 V2X communication and application combined test method and system
CN111901778A (en) * 2020-06-22 2020-11-06 北京千方科技股份有限公司 Vehicle abnormity early warning method and system based on V2X and storage medium
CN113624246A (en) * 2020-10-19 2021-11-09 株式会社电装 Vehicle position correction device and vehicle position correction method
CN112738014A (en) * 2020-10-28 2021-04-30 北京工业大学 Industrial control flow abnormity detection method and system based on convolution time sequence network
CN113497801A (en) * 2021-01-27 2021-10-12 西安理工大学 Sybil attack detection algorithm based on timestamp chain

Also Published As

Publication number Publication date
CN114172704B (en) 2024-03-26

Similar Documents

Publication Publication Date Title
Alrehan et al. Machine learning techniques to detect DDoS attacks on VANET system: A survey
Gu et al. Support vector machine (svm) based sybil attack detection in vehicular networks
Grover et al. Misbehavior detection based on ensemble learning in vanet
Baiad et al. Novel cross layer detection schemes to detect blackhole attack against QoS-OLSR protocol in VANET
Yao et al. Voiceprint: A novel Sybil attack detection method based on RSSI for VANETs
Alheeti et al. On the detection of grey hole and rushing attacks in self-driving vehicular networks
Kosmanos et al. Intrusion detection system for platooning connected autonomous vehicles
Xie et al. Detecting primary user emulation attacks in cognitive radio networks via physical layer network coding
Verma et al. Bloom‐filter based IP‐CHOCK detection scheme for denial of service attacks in VANET
Grover et al. Sybil attack detection in VANET using neighbouring vehicles
Goncalves et al. Synthesizing datasets with security threats for vehicular ad-hoc networks
CN104581733A (en) Security routing method for internet of things for preventing location spoofing
Valentini et al. An attacks detection mechanism for intelligent transport system
Shrestha et al. Sybil attack detection in vehicular network based on received signal strength
Ihsan et al. Location verification for emerging wireless vehicular networks
Kosmanos et al. RF jamming classification using relative speed estimation in vehicular wireless networks
Dey et al. Efficient detection and localization of dos attacks in heterogeneous vehicular networks
CN111641951A (en) 5G network APT attack tracing method and system based on SA architecture
Swessi et al. A comparative review of security threats datasets for vehicular networks
Li et al. Rssi sequence and vehicle driving matrix based sybil nodes detection in vanet
Choi et al. Wireless intrusion prevention system using dynamic random forest against wireless MAC spoofing attack
Kolandaisamy et al. Markov chain based ant colony approach for mitigating DDoS attacks using integrated vehicle mode analysis in VANET
Ilavendhan et al. Comparative analysis of various approaches for DoS attack detection in VANETs
CN114172704B (en) Abnormal node detection method based on space-time relation of BSM data packet
Slimane et al. A light boosting-based ml model for detecting deceptive jamming attacks on uavs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant