CN115866605A - Sybil attack detection and isolation method based on signal intensity - Google Patents
Sybil attack detection and isolation method based on signal intensity Download PDFInfo
- Publication number
- CN115866605A CN115866605A CN202310107313.6A CN202310107313A CN115866605A CN 115866605 A CN115866605 A CN 115866605A CN 202310107313 A CN202310107313 A CN 202310107313A CN 115866605 A CN115866605 A CN 115866605A
- Authority
- CN
- China
- Prior art keywords
- node
- dis
- packet
- rssi
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 34
- 238000001514 detection method Methods 0.000 title claims abstract description 18
- 230000005540 biological transmission Effects 0.000 claims description 21
- 238000000034 method Methods 0.000 claims description 19
- 241001481828 Glyptocephalus cynoglossus Species 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 claims description 7
- 238000004891 communication Methods 0.000 claims description 6
- 238000004088 simulation Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000007123 defense Effects 0.000 description 4
- 238000005265 energy consumption Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000000052 comparative effect Effects 0.000 description 2
- 230000001186 cumulative effect Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a Sybil attack detection and isolation method based on signal intensity, which comprises the following steps: s1, analyzing and calculating the relation among transmitting power, node distance and signal strength; s2, the normal node monitors neighbor nodes, the RSSI distribution of the corresponding neighbor nodes is obtained by using point estimation, and the NBR _ Info is updated; s3, inquiring NBR _ Info of the received DIS packet, and judging the legality of the packet according to the sample mean and standard deviation of RSSI distribution; s4, storing a source address, RSSI and arrival time into a DIS _ Cache table for a legal DIS data packet; s5, introducing an anchor node for broadcasting information of the DIS packet to assist normal node positioning; and the invention defines two physical address identifications by using the signal strength RSSI, is used for positioning the neighbor nodes in coarse granularity, compares the neighbor nodes with the source address in the packet, and can effectively detect the Sybil attack and isolate the malicious nodes.
Description
Technical Field
The invention relates to a Sybil attack detection and isolation method based on signal strength, in particular to detection and malicious node isolation of Sybil attacks in an RPL network.
Background
The internet of things is one of the most rapidly developing networks at present, and expands the traditional internet into a physical world of everything interconnection including various internet of things devices. By connecting various devices and sensors into the Internet through wired and wireless connections, people can sense surrounding objects through the IOT, and the purpose of interconnection of everything is achieved. Meanwhile, the internet of things (IoT) is a wide technical and research field, and the core component of the IoT is a Low power and loss Network (LLN), which is a WSN formed by a large number of resource-limited sensors. These resource-constrained devices have less on-board memory and lower computing power, while communication technologies are affected by high packet loss rates, frame size limitations, low data rates, short communication ranges, and dynamically changing network topologies, and therefore many of the commonly used routing protocols are not applicable to LLNs. For the development of LLN, the RPL protocol was proposed by the Internet Engineering Task Force (IETF) working group for connecting these devices.
Due to the lack of a corresponding security mechanism and weak computing and storage energy of the LLN node, the RPL network is vulnerable to various routing attacks. The Sybil attack is a malicious attack which is common in the wireless sensor network and can cause very serious consequences, and the malicious nodes broadcast DIS packets through the generated false identities to reset trickle timers of the neighbor nodes, so that the network is flooded with control data packets to consume the energy of the nodes. The life cycle of the sensor and the whole network is an important property of the wireless sensing network, and because of the limitation of physical environment, when the sensor battery is exhausted, the energy is difficult to be supplemented to the sensor node in time, so that the node is down, and even a network 'black hole' can be formed. Most of the existing work aiming at the Sybil attack only solves the detection of the malicious behavior of the Sybil attack, and does not provide corresponding defense measures to reduce the influence of the attack on the network. Even if some works implement malicious behavior isolation measures, the isolation is performed at the network level, namely, the reply to the corresponding packet is stopped after the attack is identified, and the granularity of the isolation measures is not enough, and the required time is too long. By utilizing the property that the position of the node cannot be changed, part of work is to accurately position the malicious node through cooperation among multiple nodes, but when the transmitting power of the malicious node is continuously changed, the accurate positioning methods cannot position the malicious node, and the change of the transmitting power is easy to realize for the malicious node. And part of the Sybil attacks with the changed power are detected by analyzing the change of the energy, so that the Sybil attacks without changing the power cannot be detected.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a novel lightweight and effective mechanism to identify malicious attacks in an RPL protocol-oriented Internet of things scene.
For this purpose, the technical scheme provided by the invention is a Sybil attack detection and isolation method based on signal intensity, which comprises the following steps:
s1, analyzing a radio signal model to obtain the relation among the transmitting power, the node distance and the signal strength;
s2, the normal node monitors neighbor nodes, the RSSI distribution of the corresponding neighbor nodes is obtained by using point estimation, and the NBR _ Info is updated;
s3, inquiring the NBR _ Info of the received DIS packet, and judging the legality of the packet according to the sample mean and standard deviation of RSSI distribution;
s4, storing a source address, RSSI and arrival time into a DIS _ Cache table for a legal DIS data packet;
s5, introducing an anchor node for broadcasting information of the DIS packet to assist normal node positioning;
s6, selecting the anchor node with the maximum RSSI as an anchor head node by the normal node;
s7, after receiving the DIS _ A, the normal node queries the DIS _ Cache, compares the arrival time with the source address, and judges the timeliness of the DIS _ A;
s8, if the DIS _ A is not expired, finding DIS information corresponding to the DIS _ A, and calculating a physical address identifier D;
s9, searching a Black List Black _ List according to the D, if the Black List Black _ List is a malicious physical address identifier, discarding the packet and updating the mean value D of the table entry in the Black _ List by using point estimation;
s10, searching DIS _ Info according to D, comparing the node IDs after finding the corresponding table entry, and verifying the validity of the physical address identifier;
s11, if the node is a legal physical node, responding to the DIS packet, and updating a corresponding table entry in DIS _ Info by using point estimation; if the node is a malicious node, the node is isolated, and D is added into a Black List.
In step S1, the signal propagation model is analyzed, and the node is located according to the signal strength. Since the witch attack node may change the source address, i.e., the source IP address and the source MAC address, in the broadcasted DIS packet, it is not feasible to distinguish the source of the packet only from the source address in the packet in a network in which the witch attack occurs. Therefore, the relative position of the neighbor node is obtained through the signal strength, and two physical address identifiers are defined: RSSI and D. When the power of the packet sending node is fixed, the RSSI is only related to the distance between two nodes, so the RSSI is used for recording the information of normal neighbor nodes. And D is an identification independent of the transmitting node power, so all nodes including malicious nodes can be located. Since we are directed to the RPL network of the fixed node, the relative position between the nodes is fixed, and therefore, by comparing the consistency of the physical address identifier and the source address in the packet, the malicious nodes can be respectively identified. In S1, the most widely used signal propagation model at present is a log-normal shadowing model (log-normal shadowing model), and the energy intensity of a packet received by a receiver is calculated by the following formula:
wherein ,
is the energy intensity of the received packet at the receiving node which is at a distance d from the packet-sending node, and is greater or less than>
For the radio transmission power of the packet-sending node, <' > or>
Is a near-ground reference distance (near-earth reference distance), ->
Is for the reference node->
Is lost, is taken>
Is a path loss index and depends on the circumstances>
Is gaussian random noise.
It can be seen that in the same scenario, the signal strength RSSI is related to the transmission power and the distance, and thus can be used to indicate the relative position between nodes.
Further, in the foregoing S2, only normal sensor nodes maintain fixed radio transmission power through the signal propagation model analyzed in the foregoing, so coarse-grained positioning between normal nodes can be performed through RSSI. So for a normal node, it records the RSSI of the neighbor node packets. In consideration of the existence of Gaussian noise, the RSSI of the fixed neighbor packet follows Gaussian distribution, so that the mean value and the standard deviation of the RSSI of the sample are continuously updated through point estimation and are used for subsequently judging whether the difference value is overlarge or not. In this step S2, when the radio transmission power of the node is fixed, the RSSI is related to the distance and can be used for positioning, while for a normal node, the radio transmission power is often fixed, so for a given pair of a transmitting node and a receiving node, the RSSI thereof is gaussian distributed, so we can use the sample mean and standard deviation to replace the overall expectation and standard deviation by point estimation, so for each neighbor node, we update the mean and standard deviation using the following method:
wherein 
Is the mean value of the sample>
RSSI is the signal strength of the newly received packet, based on the sample standard deviation>
The number of packets corresponding to the neighbor node.
In step S3, for the received DIS packet, the NBR _ Info is queried according to the source address. If the packet is the DIS packet sent by the normal node, the RSSI of the current packet and the corresponding entry in the NBR _ Info
The interpolation value of (1) is less than 3s under the probability of 99.7%, and by utilizing the characteristics, when the difference value is too large, the current node judges the DIS packet as a false DIS packet sent by a malicious node. That is, in S3, according to the source address look-up table NBR _ Info in the packet, the RSSI of the current packet and the record->
Is greater than or equal to>
According to the characteristics of the gaussian distribution, when the following formula is satisfied:
and judging the validity of the packet, wherein the packet is transmitted by a valid neighbor node.
Furthermore, in the foregoing S4, since the malicious node cannot be located by using the RSSI, and needs to cooperate with the neighboring node to obtain the location of the malicious node, it is necessary to record the relevant information of the current DIS packet for subsequent calculation. And if the previous step is temporarily judged to be a legal packet, storing the relevant information of the DIS packet in a DIS _ Cache table for subsequent calculation with the auxiliary data packet of the anchor node. And storing a source address, arrival time and RSSI (received signal strength indicator) of the DIS packet in the DIS _ Cache table, wherein the source address is used for judging the packets from the same source subsequently, the arrival time is used for judging timeliness when receiving the DIS _ A packet of the anchor node, and the RSSI is used for calculating a physical address identifier D subsequently.
Furthermore, in the foregoing S5, because cooperation between nodes is required, in order to avoid an excessive number of cooperation request data packets and response packets, the anchor node is introduced to broadcast the corresponding cooperation data packets in the present solution, so as to reduce packet interaction. A reserved field of 16 bits exists in the DIS packet, so that the anchor node stores an 8-bit source ID and an 8-bit rssi in the reserved field, and then the anchor node broadcasts the modified DIS packet (called DIS _ a packet). That is, in S5, considering that DIS is a broadcast data packet, an anchor node is introduced to broadcast an auxiliary data packet DIS _ a, and cooperates with a normal node, when the anchor node receives the DIS packet, it records 8-bit id and 8-bit RSSI of the DIS source address, then puts the two data into a 16-bit reserved address in the original DIS packet, and then obtains and broadcasts the DIS _ a data packet.
Furthermore, in the foregoing S6, considering that the anchor node may cover the entire network, all partial nodes may receive auxiliary packets of multiple anchor nodes, and all nodes may select the anchor node with the strongest signal as the anchor head node according to the RSSI, and then receive only the DIS _ a packet of the anchor head node for cooperation. In other words, in this step, the normal node is often in the communication range of the plurality of anchor nodes, and only needs to cooperate with one of the anchor nodes when calculating the physical address identifier, so that the anchor node with the maximum RSSI is selected as the anchor head node according to the RSSI of the anchor node, and the data packets of other anchor nodes are ignored.
In step S7, when the normal node receives the DIS _ a packet sent by the anchor head node, it first determines whether the DIS _ a is expired according to the source address lookup table DIS _ Cache and the arrival times of the corresponding DIS packet and DIS _ a packet. When receiving the DIS _ A auxiliary data packet sent by the anchor head node, the node extracts the ID and RSSI of the original DIS packet stored in the reserved field. And then the nodes inquire the DIS _ Cache table according to the ID to find DIS packet data corresponding to the DIS _ A. After finding the corresponding entry, comparing the arrival time of DIS and DIS _ A, when the difference between DIS and DIS _ A is larger, it means that DIS _ A is not the reply of DIS in the record. This is because the malicious node continuously changes power, and the anchor node and the current node may not receive the DIS packet sent by the malicious node at the same time because the packet replied by the anchor node and the packet in the current node record are not the same malicious DIS packet.
In step S8, a physical address identifier D is obtained by calculation according to the information in DIS _ a and the DIS information recorded in the table DIS _ Cache:
wherein ,
for the signal strength when the anchor node receives the corresponding DIS data packet, in conjunction with the signal strength of the anchor node>
In order to record the signal strength of the corresponding DIS packet in the DIS _ Cache, the correspondence is determined by the source address of the DIS, and since the physical address identifier D is irrelevant to the radio transmission power, all nodes including a malicious node are positioned, and the relative positions corresponding to the current node and the anchor node are obtained.
After the timeliness of DIS _ a is verified, it indicates that both the anchor node and the current node receive the corresponding DIS packet in the DIS _ a packet information, and thus, the corresponding DIS packet can be used for calculating the physical address identifier D. Assuming that node C sends DIS packets and node B acts as an anchor node for assisting positioning, according to the signal propagation model, the RSSI of the packets sent by C received by nodes a and B is as follows:
wherein 
and />
Respectively representing the signal strength index of packets sent by node C as received by nodes a and B,
for the radio transmission power of the packet-sending node C, <' >>
Is a near-ground reference distance (near-earth reference distance), and/or>
Is for the reference sectionPoint->
In conjunction with a path loss of->
Is a path loss index and depends on the circumstances>
and />
Is a corresponding Gaussian random noise, and->
and />
Representing the distance between nodes a and B and the packet-originating node C. Thus D resulting from the cooperation of two nodes is:
wherein 
And represents the difference of random noise. It can thus be seen that D is a variable independent of the transmission power of the packet, which is related only to the ratio of the distances of the two nodes from the packet-transmitting node and can thus be used to indicate the relative position between the nodes, referred to as the physical address identity to indicate a physical node.
In step S9, the black list is queried according to the physical address identifier D, and whether the physical node is added to the black list and isolated is determined. Since the physical address identifier D is the only identifier of the malicious node, packets of all malicious nodes in the blacklist are lost. Therefore, the Sybil attack is fundamentally solved, and the detection of the network cannot be interfered by different false identities in the packet.
In step S10, for the non-isolated physical node, whether the source address in the DIS packet is the same as the source address recorded in the corresponding table entry is determined according to the D lookup table DIS _ Info. Because D can be positioned to each node, and only a malicious node can use a plurality of false identity broadcast DIS packets, the same physical address identifier D can correspond to a plurality of source logical addresses, and when a second DIS packet broadcasted by the malicious node is received, the same physical address identifier D is calculated, but the source addresses in the two packets are different, so that the malicious node is judged; if the packet is not in the blacklist, the DIS packet is proved to be the first malicious packet sent out by a normal node or a malicious node. Therefore, it is necessary to distinguish between the two cases, and the DIS _ Info data table is queried according to D. If the physical address identifier D does not exist in the table, inserting a new entry; if so, the source address of the current packet is compared to the source address in the entry.
Finally, in S11, after being determined as a malicious node, the physical address identifier D is added to the blacklist, and the DIS packet is discarded. For normal neighbor nodes, the physical address identifier D always corresponds to a source address, so that when a normal DIS packet is received, the point estimation is utilized to update the average value of corresponding entries in DIS _ Info
And according to trickle mechanism of RPL protocol making DIO packet response to said DIS packet; if the two source addresses are different, the fact that one physical address corresponds to a plurality of source logical addresses means that packets sent by the same node have different source addresses proves that the physical node identified by the D is a malicious node, and therefore the malicious node needs to be isolated and added into a blacklist to achieve accurate isolation of the malicious node. If the two source addresses are the same, indicating that it is a normal DIS packet, the node will respond according to the trickle protocol of the RPL, resetting the trickle timer, and then responding to the DIO packet.
The invention has the following beneficial effects: the invention solves the Sybil attack fundamentally by providing a scheme of positioning coarse-grained nodes and isolating fine-grained nodes by using signal strength. The invention obtains the relationship among signal strength, transmitting power and node distance by analyzing a signal propagation model, positions the neighbor nodes under different conditions by defining two different physical address identifications, positions the normal neighbor nodes and anchor nodes by RSSI, and positions all nodes including malicious nodes by defining the difference D of the RSSI of two receivers of the same packet sending node. Due to the excellent property that the physical address identifier D is independent of the transmitting power, the method is very effective in coarse-grained positioning of the nodes, is very high in calculation efficiency, and can be used for well positioning and isolating the malicious nodes. The two physical address identifiers are used for positioning the coarse granularity of the nodes, so that the source of the packet can be analyzed with small computational complexity and few packet interactions, and malicious packets are preliminarily eliminated. The malicious node is positioned by using the physical address identifier D, so that the source of the malicious packet is tracked, the detection and isolation of the node on the malicious node are not influenced by the network scale and the packet sending rate, and the stability is better. In the RPL network with the Sybil attack nodes, the invention is superior to the related scheme in performance indexes such as energy, packet interaction, packet arrival rate, isolation efficiency and the like, and can ensure that the network nodes have no standard RPL network with malicious nodes and have very excellent performance.
Drawings
FIG. 1 is a Sybil attack detection and isolation method based on signal strength;
FIG. 2 (a) and FIG. 2 (b) are two different topological diagrams in a simulation environment;
FIG. 3 (a) and FIG. 3 (b) are schematic diagrams comparing the number of DIO packets in different schemes;
FIG. 4 (a) and FIG. 4 (b) are schematic diagrams comparing the total energy consumption of the network under different schemes;
FIG. 5 (a) and FIG. 5 (b) are schematic diagrams comparing cumulative density functions of network node energy consumption under different schemes;
FIG. 6 (a) and FIG. 6 (b) are schematic diagrams comparing PDRs under different schemes;
fig. 7 (a) and 7 (b) are schematic diagrams comparing the present invention with the comparison scheme Gini in the efficiency of isolating malicious nodes.
Detailed Description
The following provides a simulation result compared with the existing witch attack detection and positioning scheme as an embodiment, but this embodiment is only for example and is intended to explain the present invention, and should not be construed as a limitation of the present invention.
Example 1: the invention obtains two physical address identifications by using RSSI, carries out light-weight coarse-grained positioning on nodes, analyzes the characteristics of Sybil attack, and provides a light-weight and effective Sybil attack detection and isolation scheme by combining the characteristics of an RPL network.
As shown in fig. 1, the method for detecting and isolating witch attack based on signal strength according to the present invention includes the following steps:
s1, analyzing a radio signal model to obtain the relation among transmitting power, node distance and signal strength;
s2, the normal node monitors neighbor nodes, the RSSI distribution of the corresponding neighbor nodes is obtained by using point estimation, and the NBR _ Info is updated;
s3, inquiring the NBR _ Info of the received DIS packet, and judging the legality of the packet according to the sample mean and standard deviation of RSSI distribution;
s4, storing a source address, RSSI and arrival time into a DIS _ Cache table for a legal DIS data packet;
s5, introducing an anchor node for broadcasting information of the DIS packet to assist normal node positioning;
s6, selecting the anchor node with the maximum RSSI as an anchor head node by the normal node;
s7, after receiving the DIS _ A, the normal node queries the DIS _ Cache, compares the arrival time with the source address, and judges the timeliness of the DIS _ A;
s8, if the DIS _ A is not expired, finding DIS information corresponding to the DIS _ A, and calculating a physical address identifier D;
s9, searching a Black List Black _ List according to the D, if the packet is a malicious physical address identifier, discarding the packet and updating the mean value D of the table entries in the Black _ List by using point estimation;
s10, searching DIS _ Info according to D, comparing the node IDs after finding the corresponding table entry, and verifying the validity of the physical address identifier;
s11, if the node is a legal physical node, responding to the DIS packet, and updating a corresponding table entry in DIS _ Info by using point estimation; if the node is a malicious node, the node is isolated, and D is added into a Black List.
In step S1, the signal propagation model is analyzed, and the node is located according to the signal strength. Since the witch attack node may change the source address, i.e., the source IP address and the source MAC address, in the broadcasted DIS packet, it is not feasible to distinguish the source of the packet only from the source address in the packet in a network in which the witch attack occurs. Therefore, the relative position of the neighbor node is obtained through the signal strength, and two physical address identifiers are defined: RSSI and D. When the power of the packet sending node is fixed, the RSSI is only related to the distance between two nodes, so the RSSI is used for recording the information of normal neighbor nodes. And D is an identification independent of the transmitting node power, so all nodes including malicious nodes can be located. Since we are directed to the RPL network of fixed nodes, the relative positions between the nodes are fixed, and therefore, by comparing the physical address identifiers with the source addresses in the packets, the malicious nodes can be respectively extracted. In S1, the most widely used signal propagation model at present is a log-normal shadowing model (log-normal shadowing model), and the energy intensity of a packet received by a receiver is calculated by the following formula:
wherein ,
is the energy intensity of the received packet at the receiving node which is at a distance d from the packet-sending node, and is greater or less than>
For the radio transmission power of a packet-issuing node, <' >>
Is a near-ground reference distance (near-earth reference distance), and/or>
Is for the reference node->
Is lost, is taken>
Is a path loss index and depends on the circumstances>
Is gaussian random noise. It can be seen that in the same scenario, the signal strength RSSI is related to the transmission power and distance, and therefore can be used to represent the relative location between nodes.
Further, in the foregoing S2, only normal sensor nodes maintain fixed radio transmission power through the signal propagation model analyzed in the foregoing, so coarse-grained positioning between normal nodes can be performed through RSSI. So for a regular node it records the RSSI of the neighbor node packets. In consideration of the existence of Gaussian noise, the RSSI of the fixed neighbor packet follows Gaussian distribution, so that the mean value and the standard deviation of the RSSI of the sample are continuously updated through point estimation and are used for subsequently judging whether the difference value is overlarge or not. In this step S2, when the radio transmission power of the node is fixed, the RSSI is related to the distance and can be used for positioning, while for a normal node, the radio transmission power is often fixed, so for a given pair of a transmitting node and a receiving node, the RSSI thereof is gaussian distributed, so we can use the sample mean and standard deviation to replace the overall expectation and standard deviation by point estimation, so for each neighbor node, we update the mean and standard deviation using the following method:
wherein 
Is the mean value of the sample>
RSSI is the signal strength of the newly received packet, based on the sample standard deviation>
The number of packets corresponding to the neighbor node.
In step S3, for the received DIS packet, the NBR _ Info is queried according to the source address. If the packet is the DIS packet sent by the normal node, the RSSI of the current packet and the corresponding entry in the NBR _ Info
The interpolation value of (1) is less than 3s under the probability of 99.7%, and by utilizing the characteristics, when the difference value is too large, the current node judges the DIS packet as a false DIS packet sent by a malicious node. That is, in S3, according to the source address look-up table NBR _ Info in the packet, the RSSI of the current packet and the record->
Is greater than or equal to>
According to the characteristics of the gaussian distribution, when the following formula is satisfied:
and judging the validity of the packet, wherein the packet is transmitted by a valid neighbor node.
Furthermore, in the foregoing S4, since the malicious node cannot be located by using the RSSI, and needs to cooperate with the neighboring node to obtain the location of the malicious node, it is necessary to record the relevant information of the current DIS packet for subsequent calculation. If the previous step is temporarily judged to be a legal packet, the related information of the DIS packet is stored in a DIS _ Cache table and is used for calculating the subsequent auxiliary data packet of the anchor node. And storing a source address, arrival time and RSSI (received signal strength indicator) of the DIS packet in the DIS _ Cache table, wherein the source address is used for judging the packets from the same source subsequently, the arrival time is used for judging timeliness when receiving the DIS _ A packet of the anchor node, and the RSSI is used for calculating a physical address identifier D subsequently.
In step S5, since cooperation between nodes is required, in order to avoid excessive cooperation request data packets and response packets, the anchor node is introduced to broadcast the corresponding cooperation data packets in the solution, thereby reducing packet interaction. A reserved field of 16 bits exists in the DIS packet, so that the anchor node stores an 8-bit source ID and an 8-bit rssi in the reserved field, and then the anchor node broadcasts the modified DIS packet (called DIS _ a packet). That is, in S5, considering that DIS is a broadcast data packet, an anchor node is introduced to broadcast an auxiliary data packet DIS _ a, and cooperates with a normal node, when the anchor node receives the DIS packet, it records 8-bit id and 8-bit RSSI of the DIS source address, then puts the two data into a 16-bit reserved address in the original DIS packet, and then obtains and broadcasts the DIS _ a data packet.
Furthermore, in the foregoing S6, considering that the anchor node may cover the entire network, all partial nodes may receive auxiliary packets of multiple anchor nodes, and all nodes may select the anchor node with the strongest signal as the anchor head node according to the RSSI, and then receive only the DIS _ a packet of the anchor head node for cooperation. In other words, in this step, the normal node is often in the communication range of the plurality of anchor nodes, and only needs to cooperate with one of the anchor nodes when calculating the physical address identifier, so that the anchor node with the maximum RSSI is selected as the anchor head node according to the RSSI of the anchor node, and the data packets of other anchor nodes are ignored.
In step S7, when the normal node receives the DIS _ a packet sent by the anchor head node, it first determines whether the DIS _ a is expired according to the source address lookup table DIS _ Cache and the arrival times of the corresponding DIS packet and DIS _ a packet. When receiving the DIS _ A auxiliary data packet sent by the anchor head node, the node extracts the ID and RSSI of the original DIS packet stored in the reserved field. And then the nodes inquire the DIS _ Cache table according to the ID to find DIS packet data corresponding to the DIS _ A. After finding the corresponding entry, comparing the arrival time of DIS and DIS _ A, when the difference between DIS and DIS _ A is larger, it means that DIS _ A is not the reply of DIS in the record. This is because the malicious node continuously changes power, and the anchor node and the current node may not receive the DIS packet sent by the malicious node at the same time because the packet replied by the anchor node and the packet in the current node record are not the same malicious DIS packet.
In step S8, a physical address identifier D is obtained by calculation according to the information in DIS _ a and the DIS information recorded in the DIS _ Cache table:
wherein ,
for the signal strength when the anchor node receives the corresponding DIS data packet, ->
In order to record the signal strength of the corresponding DIS packet in the DIS _ Cache, the correspondence is determined by the source address of the DIS, and the physical address identifier D is irrelevant to the radio transmission power, so that all nodes including malicious nodes are positioned, and the relative positions corresponding to the current node and the anchor node are obtained.
After the timeliness of DIS _ a is verified, it indicates that both the anchor node and the current node receive the corresponding DIS packet in the DIS _ a packet information, and thus, the corresponding DIS packet can be used for calculating the physical address identifier D. Assuming that node C sends DIS packets and node B acts as an anchor node for assisting positioning, according to the signal propagation model, the RSSI of the packets sent by C received by nodes a and B is as follows:
wherein 
and />
Respectively representing the signal strength index of packets sent by node C as received by nodes a and B,
for the radio transmission power of the transmitting node C>
Is a near-ground reference distance (near-earth reference distance), ->
Is for the reference node->
In conjunction with a path loss of->
Is a path loss index and depends on the circumstances>
and />
Is a corresponding Gaussian random noise>
and />
Representing the distance between nodes a and B and the packet-originating node C. Thus D resulting from the cooperation of two nodes is:
wherein 
And represents the difference of random noise. It can thus be seen that D is a variable independent of the transmission power of the packet, which is related only to the ratio of the distances of the two nodes from the packet-transmitting node and can thus be used to indicate the relative position between the nodes, referred to as the physical address identity to indicate a physical node.
In step S9, the black list is queried according to the physical address identifier D, and whether the physical node is added to the black list and isolated is determined. Since the physical address identifier D is the only identifier of the malicious node, all packets of the malicious node in the blacklist are lost. Therefore, the Sybil attack is fundamentally solved, and the detection of the network cannot be interfered by different false identities in the packet.
In step S10, for the non-isolated physical node, whether the source address in the DIS packet is the same as the source address recorded in the corresponding table entry is determined according to the D lookup table DIS _ Info. Because D can be positioned to each node, and only a malicious node can use a plurality of false identity broadcast DIS packets, the same physical address identifier D can correspond to a plurality of source logical addresses, and when a second DIS packet broadcast by the malicious node is received, the same physical address identifier D is calculated, but the source addresses in the two packets are different, so that the malicious node is judged; if the packet is not in the blacklist, the DIS packet is proved to be the first malicious packet sent out by a normal node or a malicious node. Therefore, it is necessary to distinguish between the two cases, and the DIS _ Info data table is queried according to D. If the physical address identifier D does not exist in the table, inserting a new entry; if so, the source address of the current packet is compared to the source address in the entry.
Finally, in S11, after being determined as a malicious node, the physical address identifier D is added to the blacklist, and the DIS packet is discarded. For normal neighbor nodes, the physical address identifier D always corresponds to a source address, so that when a normal DIS packet is received, the point estimation is utilized to update the average value of corresponding entries in DIS _ Info
And according to trickle mechanism of RPL protocol making DIO packet response to said DIS packet; if the two source addresses are different, the fact that one physical address corresponds to a plurality of source logical addresses means that packets sent by the same node have different source addresses proves that the physical node identified by the D is a malicious node, and therefore the malicious node needs to be isolated and added into a blacklist to achieve accurate isolation of the malicious node. If the two source addresses are the same, indicating that it is a normal DIS packet, the node will respond according to the trickle protocol of the RPL, resetting the trickle timer, and then responding to the DIO packet.
The following are simulation experiment results:
the simulation experiment parameters are configured as follows:
(1) A simulation platform: a Cooja simulation platform in Contiki 3.0;
(2) Simulation time: 1 hour;
(3) Normal node UDP packet transmission interval: 5s;
(4) The malicious node broadcasts DIS interval: 2s;
(5) The present invention uses two different network topologies, as shown in fig. 2 (a) and fig. 2 (b):
a)Topo1
i. deployment range: 1000m by 1000m
Number of common nodes: 30
Anchor node number: 4
b)Topo2
Deployment range: 1500m
v. number of common nodes: 50
Number of anchor nodes: 9
(6) Malicious node occupation ratio: 10 percent;
comparative scheme (this invention is subsequently referred to as CLFI):
1. standard RPL networks (hereinafter referred to as RPL);
2. a standard RPL network (subsequently called RPL-Sybil) where malicious nodes exist;
pu C et al, "Sybil attach in RPL-based Internet of Things in the fields of industries and defenses", published in IEEE Internet of fields Journal in 2020, deployed in networks with malicious nodes (hereafter referred to as Gini).
Fig. 3 (a) and 3 (b) show the number of DIO packets in the simulation environment according to different schemes. In the Sybil attack, malicious nodes broadcast DIS packets by using false identities, so that a network trickle mechanism becomes effective, the nodes immediately reply DIO packets, and meanwhile, as trickle timers are reset to be minimum intervals, the nodes broadcast a large number of DIO packets in a short time. Therefore, the most direct effect of the witch attack on the network is to generate a large number of DIO packets, and the network is flooded with a large number of control data packets to affect other performance indicators in the network. Therefore, the total number of DIO data packets in the network in the whole simulation process is considered to be compared, and the performance of various schemes on Sybil attack can be intuitively felt through the performance index. As can be seen from fig. 3 (a) and fig. 3 (b), if no defensive measures are taken against the witch attack, the network will be flooded with a large number of control packets, which will indirectly affect the lifetime of the nodes, and thus the life cycle of the entire network, and also affect the forwarding of UDP packets. It can be seen that CLFI and Gini both significantly reduce the effects of witch attack on the network, and since Gini performs detection based on a time window when detecting the witch attack, it is determined that the reversion of DIO is slowed down when determining the witch attack, but a sufficient number of windows are required to isolate the witch attack, and therefore more DIO packets are still replied before complete isolation. And the CLFI scheme provided by the inventor can complete the isolation of the Sybil attack while detecting the Sybil attack, and further influence of the attack node on the network is prevented.
A comparison of the performance indicators of network energy consumption is shown in fig. 4 (a), 4 (b), 5 (a), and 5 (b), the witch attack consumes the node energy by broadcasting DIS to reset the trickle mechanism of the neighboring nodes, and the node energy is the most important property in the WSN, which directly determines the life cycle of the network. Wherein (a) in fig. 4 and (b) in fig. 4 represent the overall consumption of network energy, it can be seen that both the CLFI scheme of the present invention and the Gini scheme of comparison can greatly mitigate the effect of the witch attack. Compared with Gini, the CLFI consumes less energy, is closer to an RPL network without attack, can obviously reduce the influence of Sybil attack, and prolongs the life cycle of the network. Fig. 5 shows the cumulative distribution function of energy consumption of a single node under different schemes, and according to the CDF, the maximum energy consumed by the single node in each scheme can also be seen, that is, the end of each curve can see that both schemes are good in effect, but in the scheme of the present invention, the single node consumption is also very close to the attack-free network, which shows that both the detection and isolation effects of the present invention are very good.
Fig. 6 (a) and fig. 6 (b) show PDRs (packet arrival rates) at the sink node in different schemes, where the PDR represents the arrival rate of packets sent by each sender at the sink node, and thus is one of the most important indexes for measuring the performance of the RPL network, and directly determines whether data collected by the sender can be safely acquired by people through the sink node. It can be seen that when no defense measure is taken, a certain packet loss behavior exists in the node, and after a corresponding defense strategy is taken, the PDR is greatly improved. The PDR of Gini and CLFI is improved, and the invention has better performance due to detection and isolation.
The differences in the isolation efficiency of the CLFI of the present invention and the comparative scheme Gini compared in (a) of fig. 7, and (b) of fig. 7. In terms of the isolation manner, gini is based on isolation of the entire network, and when the window detected as having the witch attack reaches a corresponding threshold, the entire network is isolated, that is, the entire network does not respond to any DIS packet, and the isolation packet is broadcast to notify other nodes in the network. It can be seen that all nodes complete isolation within a short time of adjacency. In terms of isolation time, gini's time granularity is window time, and all isolation actually completed is often times of the isolation window, and the isolation delay time is long. Meanwhile, gini has too large isolation granularity, so that DIS packets of the whole network are not responded, and if a new node or a disconnected node seeks to join the network, timely response cannot be obtained. The CLFI scheme of the invention is based on the attack isolation of node granularity, so that the normal node needs to isolate the malicious node in each communication range, and the isolation times are increased on the whole. However, as can be seen from the figure, in a short time after the simulation begins, the CLFI of us begins to be isolated in a large batch, and meanwhile, it is also shown that malicious nodes having a large influence on the nodes can be successfully isolated in a short time, so that the influence of the malicious nodes on the network is limited.
In conclusion, the Sybil attack detection and isolation method based on the signal strength can effectively detect and isolate the Sybil attack through light-weight coarse-grained location and node-level malicious node isolation, can approach a standard RPL network without attack in performance, and has high availability.
It should be noted that any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and that the scope of the preferred embodiments of the present invention includes alternative implementations in which functions may be executed out of order from that shown or discussed, including substantially the same way or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of patentable embodiments.
In the description herein, references to the terms "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it should be understood that the above embodiments are exemplary and not to be construed as limiting the invention, and that those skilled in the art can make changes, modifications, substitutions and alterations to the above embodiments without departing from the spirit and scope of the invention.
Claims (10)
1. A Sybil attack detection and isolation method based on signal strength is characterized by comprising the following steps:
s1, analyzing a radio signal model to obtain the relation among the transmitting power, the node distance and the signal strength;
s2, the normal node monitors neighbor nodes, the RSSI distribution of the corresponding neighbor nodes is obtained by using point estimation, and the NBR _ Info is updated;
s3, for the received DIS packet, querying the NBR _ Info, and judging the packet validity according to the sample mean and standard deviation of RSSI distribution;
s4, storing a source address, RSSI and arrival time into a DIS _ Cache table for a legal DIS data packet;
s5, introducing an anchor node for broadcasting information of the DIS packet to assist normal node positioning;
s6, selecting the anchor node with the maximum RSSI as an anchor head node by the normal node;
s7, after receiving the DIS _ A, the normal node queries the DIS _ Cache, compares the arrival time with the source address, and judges the timeliness of the DIS _ A;
s8, if the DIS _ A is not expired, finding DIS information corresponding to the DIS _ A, and calculating a physical address identifier D;
s9, searching a Black List Black _ List according to the D, if the packet is a malicious physical address identifier, discarding the packet and updating the mean value D of the table entries in the Black _ List by using point estimation;
s10, searching DIS _ Info according to D, comparing the node IDs after finding the corresponding table entry, and verifying the validity of the physical address identifier;
s11, if the node is a legal physical node, responding to the DIS packet, and updating a corresponding table entry in DIS _ Info by using point estimation; if the node is a malicious node, the node is isolated, and D is added into a Black List.
2. The method as claimed in claim 1, wherein in S1, the most widely used signal propagation model is log-normal shadowing (log-normal shadowing) model, and the energy intensity of the received packet at the receiving end is calculated by the following formula:
wherein ,
is from the node of the packetThe energy intensity of a packet received at a receiving node in proximity to d, based on the time at which the packet was received>
For the radio transmission power of the packet-sending node, <' > or>
Is a near-ground reference distance (near-earth reference distance), ->
Is for the reference node->
In conjunction with a path loss of->
Is a path loss index and depends on the circumstances>
Is gaussian random noise.
3. The method as claimed in claim 2, wherein in S2, when the radio transmission power of the nodes is fixed, the RSSI is related to the distance and is therefore used for positioning, and for normal nodes, the radio transmission power is often fixed, so for a given pair of the transmitting node and the receiving node, the RSSI is subject to gaussian distribution, the sample mean and standard deviation are used to replace the overall expected and standard deviation by point estimation, and for each neighbor node, the mean and standard deviation are updated using the following method:
wherein 
Is the mean value of the sample>
RSSI is the signal strength of the newly received packet, based on the sample standard deviation>
The number of packets corresponding to the neighbor node.
4. The method of claim 3, wherein in S3, the look-up table is looked up based on source addresses in packets
Calculating the RSSI of the current packet and the record in the table->
Is greater than or equal to>
According to the characteristics of the gaussian distribution, when the following formula is satisfied:
and judging the validity of the packet, wherein the packet is transmitted by a valid neighbor node.
5. The method as claimed in claim 4, wherein in the step S4, since the malicious node cannot be located by using the RSSI and needs to cooperate with the neighboring nodes to obtain the location of the malicious node, the related information of the current DIS packet needs to be recorded first for subsequent calculation.
6. The method for detecting and isolating Sybil attacks according to claim 5, wherein in S5, considering that DIS is a broadcast data packet, an anchor node is introduced to broadcast an auxiliary data packet DIS _ A to cooperate with a normal node, when the anchor node receives the DIS packet, the anchor node records 8bit ID and 8bit RSSI of a DIS source address, then the two data are placed into a 16bit reserved address in an original DIS packet, and then the DIS _ A data packet is obtained and broadcast.
7. The method as claimed in claim 6, wherein in S6, the normal nodes are within a communication range of a plurality of anchor nodes, and only one of the anchor nodes needs to cooperate when calculating the physical address identifier, and according to the RSSI of the anchor nodes, the anchor node with the largest RSSI is selected as the anchor head node, and the data packets of other anchor nodes are ignored.
8. The method for detecting and isolating Sybil attacks according to claim 7, wherein in S7, when a normal node receives a DIS _ A packet sent by an anchor head node, it is determined whether DIS _ A expires or not according to a source address lookup table DIS _ Cache and arrival times of corresponding DIS packets and DIS _ A packets.
9. The method for detecting and isolating witch attack based on signal strength as claimed in claim 8, wherein in S8, a physical address identifier D is calculated according to information in DIS _ a and DIS information recorded in DIS _ Cache table:
wherein ,
for the signal strength when the anchor node receives the corresponding DIS data packet, ->
For recording signal strength of corresponding DIS packet in DIS _ Cache, its correspondence is determined by source address of DIS, because of physical address identification D and radio transmission powerAnd (4) irrelevant, positioning all nodes including the malicious node to obtain the relative positions of the corresponding current node and the anchor node.
10. The method of claim 9, wherein in S9, a Black List is queried according to the calculated physical address identifier D to determine whether a physical node is isolated;
in S10, for an un-isolated physical node, according to the D lookup table DIS _ Info, determining whether a source address in the DIS packet is the same as a source address recorded in a corresponding table entry, because D can be located to each node, and only a malicious node broadcasts the DIS packet using a plurality of false identities, the same physical address identifier D corresponds to a plurality of source logical addresses, and when a second DIS packet broadcasted by the malicious node is received, it calculates the same physical address identifier D, but the source addresses in the two packets are different, and thus the node is determined to be a malicious node;
in S11, after being determined as a malicious node, the physical address identifier D is added to the blacklist, and the DIS packet is discarded, and for a normal neighbor node, the physical address identifier D always corresponds to a source address, so that when a normal DIS packet is received, the point estimation is used to update the mean value of the corresponding entry in the DIS _ Info
And responding to the DIS packet with DIO packet according to trickle mechanism of RPL protocol. />
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310107313.6A CN115866605B (en) | 2023-02-14 | 2023-02-14 | Method for detecting and isolating witches attack based on signal intensity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310107313.6A CN115866605B (en) | 2023-02-14 | 2023-02-14 | Method for detecting and isolating witches attack based on signal intensity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115866605A true CN115866605A (en) | 2023-03-28 |
| CN115866605B CN115866605B (en) | 2023-05-09 |
Family
ID=85657971
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310107313.6A Active CN115866605B (en) | 2023-02-14 | 2023-02-14 | Method for detecting and isolating witches attack based on signal intensity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115866605B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478756A (en) * | 2009-01-16 | 2009-07-08 | 南京邮电大学 | Method for detecting Sybil attack |
| CN103297973A (en) * | 2013-06-04 | 2013-09-11 | 河海大学常州校区 | Method for detecting Sybil attack in underwater wireless sensor networks |
| CN103701771A (en) * | 2013-11-26 | 2014-04-02 | 中国十七冶集团有限公司 | Novel method for detecting Sybil attack in Internet of Things |
| CN105636053A (en) * | 2016-02-04 | 2016-06-01 | 中国人民解放军装甲兵工程学院 | Detection method oriented to Sybil attack in WSN |
| US20170365171A1 (en) * | 2016-06-19 | 2017-12-21 | Autotalks Ltd. | Rssi based v2x communication plausability check |
| CN108040325A (en) * | 2017-12-19 | 2018-05-15 | 电子科技大学 | A kind of witch's nodal test method based on RSSI value and credit worthiness |
| US20190208422A1 (en) * | 2018-01-03 | 2019-07-04 | Helium Systems , Inc. | Systems and methods for providing and using a decentralized wireless network |
| CN110536265A (en) * | 2019-08-16 | 2019-12-03 | 南通大学 | The Sybil attack detection method that identity can trace back under a kind of car networking environment |
-
2023
- 2023-02-14 CN CN202310107313.6A patent/CN115866605B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478756A (en) * | 2009-01-16 | 2009-07-08 | 南京邮电大学 | Method for detecting Sybil attack |
| CN103297973A (en) * | 2013-06-04 | 2013-09-11 | 河海大学常州校区 | Method for detecting Sybil attack in underwater wireless sensor networks |
| CN103701771A (en) * | 2013-11-26 | 2014-04-02 | 中国十七冶集团有限公司 | Novel method for detecting Sybil attack in Internet of Things |
| CN105636053A (en) * | 2016-02-04 | 2016-06-01 | 中国人民解放军装甲兵工程学院 | Detection method oriented to Sybil attack in WSN |
| US20170365171A1 (en) * | 2016-06-19 | 2017-12-21 | Autotalks Ltd. | Rssi based v2x communication plausability check |
| CN108040325A (en) * | 2017-12-19 | 2018-05-15 | 电子科技大学 | A kind of witch's nodal test method based on RSSI value and credit worthiness |
| US20190208422A1 (en) * | 2018-01-03 | 2019-07-04 | Helium Systems , Inc. | Systems and methods for providing and using a decentralized wireless network |
| CN110536265A (en) * | 2019-08-16 | 2019-12-03 | 南通大学 | The Sybil attack detection method that identity can trace back under a kind of car networking environment |
Non-Patent Citations (4)
| Title |
|---|
| MISRA SATYAJAYANT 等: "On identifying power control performing sybil nodes in wireless sensor networks using RSSI" * |
| 杨恒;魏立线;杨晓元;: "无线传感器网络中的Sybil攻击检测方案", 计算机工程 * |
| 王伟;王召巴;: "无线传感器网络抗Sybil攻击的MPRR-RSSI定位算法" * |
| 章曙光;汪乾;王浩;钟娟;: "异构无线传感器网络中基于AOA的女巫攻击检测方案", 中国科学技术大学学报 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115866605B (en) | 2023-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhao et al. | An energy-efficient region-based RPL routing protocol for low-power and lossy networks | |
| Thirukrishna et al. | Revamp energy efficiency in homogeneous wireless sensor networks using optimized radio energy algorithm (OREA) and power-aware distance source routing protocol | |
| KR101755596B1 (en) | Apparatus for reducing sub tree routing overhead and recovering method in RPL based IoT Wireless Network | |
| Dagdeviren et al. | Design and evaluation of algorithms for energy efficient and complete determination of critical nodes for wireless sensor network reliability | |
| Škraba et al. | Cross-layer optimization for high density sensor networks: Distributed passive routing Decisions | |
| Karuppiah et al. | An improvised hierarchical black hole detection algorithm in Wireless Sensor Networks | |
| Tian et al. | QoI-aware DODAG construction in RPL-based event detection wireless sensor networks | |
| Shi et al. | QoS aware routing protocol through cross-layer approach in asynchronous duty-cycled WSNs | |
| Taghanaki et al. | DEEM: A Decentralized and Energy Efficient Method for detecting sinkhole attacks on the internet of things | |
| Elshakankiri et al. | Energy efficient routing protocol for wireless sensor networks | |
| CN115866605B (en) | Method for detecting and isolating witches attack based on signal intensity | |
| Soundararajan et al. | Region Centric GL Feature Approximation Based Secure Routing for Improved QoS in MANET. | |
| Sachithanantham et al. | Enhanced energy efficient routing protocol (EEE-RP) to forward the data packets and to improve QoS in wireless sensor networks by means of machine learning methods | |
| Yadav et al. | A Route Stable Energy and Mobility aware routing protocol for IoT | |
| CN112929882B (en) | Method for identifying Sybil nodes and overlapped nodes | |
| Li et al. | Coordinate-free distributed algorithm for boundary detection in wireless sensor networks | |
| Babu et al. | Routing protocols in ipv6 enabled lowpan: A survey | |
| Premkumar et al. | Game theory based Ad-hoc On Demand Distance Vector Routing Protocol to Extend the Wireless Sensor Networks Life Time | |
| Khelil et al. | Distributed algorithm for coverage and connectivity in wireless sensor networks | |
| CN115622820B (en) | Internet of things intrusion detection method based on statistical analysis | |
| Tong et al. | A novel scheme based on coarse‐grained localization and fine‐grained isolation for defending against Sybil attack in low power and lossy networks | |
| US20230269009A1 (en) | Signal-quality determination for presence sensing | |
| Mohanapriya et al. | A survey on top-k query processing in MANETs | |
| Gawanmeh | Optimizing lifetime of homogeneous wireless sensor networks for vehicular monitoring | |
| Hussaini et al. | Design and development of a new algorithm for detecting and localization of multiple attacks in wireless sensor network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |