KR100812335B1 - A routing attack exclusion method using reliability scoring system in ad hoc network - Google Patents

Abstract

A routing attack exclusion method using a reliability scoring system in an Ad Hoc network is provided to recognize a wrong node using a routing error signal and a claim check signal and exclude the wrong node in path assignment later, thereby configuring a stable Ad Hoc network system. A node(100) for an Ad Hoc network system comprises a data generation/relay unit(110), a reception checking unit(120), a claim reporting unit(130), a claim check/verification unit(140) and a reliability value processing unit(150). The data generation/relay unit generates, or relays and transmits data. The reception checking unit generates reception check signal when data transmitted from a different node is received as a final destination and transmits the reception check signal in a reverse direction. The claim reporting unit transmits an RERR(Routing Error) signal to a source node when the reception check signal is not received from a target node of a final destination during operation as a relay node, and reports a claim to the source node. The claim check/verification unit transmits a claim check signal to a relay node nearest to the target node, wherein a previous good node receiving the claim check signal transmits a claim verification signal to the target node. The reliability value processing unit recognizes a node of a next path as a wrong node when the claim check signal is received and excludes the node in path assignment later.

Description

A Routing Attack Exclusion Method using Reliability Scoring System in Ad Hoc Network}

1 is a schematic diagram showing a data transmission scheme of a conventional ad hoc network system.

2 is a diagram illustrating a method for avoiding a routing attack according to the prior art.

3 is a diagram illustrating a routing path setup according to the prior art.

4 is a schematic diagram illustrating nodes of an ad hoc network system according to an embodiment of the present invention.

5 is a schematic diagram showing the determination of malicious nodes by the configuration of nodes in an ad hoc network system according to an embodiment of the present invention.

Figure 6 is a block diagram showing the function of the confidence value processing unit 150 according to an embodiment of the present invention.

7 is a graph showing a change in the confidence value of the routing error generating node according to an embodiment of the present invention.

8 is a graph showing a change in the confidence value of the abnormal node according to an embodiment of the present invention.

<Description of Drawing>

10: originating node 20: relay node

30: destination node 100: node

110: data generation / relay unit 130: claim reporting unit

120: receipt confirmation unit 140: claim confirmation and claim verification unit

150: confidence value processing unit

The present invention relates to an ad hoc network system and a node. More specifically, the present invention relates to an ad hoc network system and a node capable of determining a malicious node in an ad hoc network and excluding the node when transmitting data later.

Ad-Hoc network system refers to a network that does not have an infrastructure autonomously configured by nodes, and does not require a base network device such as a base station or an access point to configure and maintain the network. Do not.

Ad-hoc nodes communicate with each other using a wireless interface, overcome the limitations of communication distance of the wireless interface by the multi-hop routing function, and the network topology changes dynamically because the nodes are free to move. The ad hoc network system may be completely standalone or may interwork with an underlying network system such as the Internet via an Internet gateway. Applications include emergency rescue, emergency meetings, and military networks on the battlefield.

Such an ad hoc network system can be freely configured, so that data can be transmitted through various paths, while malicious nodes easily intervene and there is a problem such as data leakage.

In this case, we only refer to the problem that the data is not transmitted to the target node by the malicious node, and the problem such as data leakage is beyond the scope of the invention.

1 is a schematic diagram showing a data transmission method of a general ad hoc network system, which is made up of a plurality of nodes, when an event such as data transmission occurs, an originating node 10 generating and transmitting data among the nodes; A relay node 20 for relaying the data and a destination node 30 as a destination of the data are formed.

The originating node 10 transmits data by designating a routing path to the destination node 30, and the destination node 30 transmits a received message to the originating node 10 when the data is received. The data has been received, and the data relay therebetween is performed by one or more relay nodes 20.

This flow is a state of normal data transmission. If a malicious node with a malicious node is included in the path, the normal data transmission is not performed by a routing attack by the malicious node.

Note that a routing attack prevents a malicious node from forwarding normal packets (data, signals) to the network, incorrectly forwards them to its normal path, or generates abnormal packets to redirect and forward to the network. It is the act of paralyzing the network by increasing the load of the packet and causing confusion.

Conventionally, as a method of avoiding the above-mentioned routing attack, as shown in FIG. 2, if two or more candidate routing paths are set, and packets are not normally sent and received, the routing path is selected as another alternative path and attempted routing avoids a malicious node. have.

That is, as shown in FIG. 2, the first, second, and third paths (the number of paths can be set) are set, and first, when the transmission is attempted through the first path and the acknowledgment message is not received from the destination node, the transmission is performed. It judges that this has failed, and attempts to transmit in the second and third paths in order to evade malicious nodes.

However, this approach involves the following problems.

First, since the routing path setting generally selects the node at the shortest distance, the alternate paths also often pass through the malicious node as a problem as shown in FIG. 3. After all, this means that the routing path establishment method by the shortest distance means that data transmission is impossible because it is difficult to remove the malicious node on the routing path, which is the most problematic factor.

Next, the alternative path usage method includes a timer to wait for the transmission of the received message from the target node for a predetermined time to determine whether the data transmission through the priority path is normal, and the received message has not been transmitted during the time. If not, the data will be retransmitted through the next alternate path. The use of such a timer can result in data retransmission time delays, which can be confusing because the network must consume as much time delay and network resources as it retransmits to other alternate candidate paths until routing is successful.

The present invention has been created to solve the above problems, and each node constituting the ad hoc network detects a malicious node that is directly connected to it, thereby excluding the malicious node from further routing, thereby providing a stable ad hoc network system. And to operate the node.

In addition, it is an additional object of eliminating disadvantages caused when nodes on a flexible ad hoc network are misidentified as a malicious node due to undesired reasons (communication failure, location change, etc.).

In order to achieve the above object, an ad hoc network system according to the present invention comprises: an originating node for generating and transmitting data; A relay node for relaying data; A destination node that is the destination of the data, and the destination node transmits an acknowledgment signal back to the originating node when the data is received, and the relay node receives a routing error (if the acknowledgment signal has not been transmitted within a certain time). RERR (Routing Error) signal is generated and transmitted to the originating node. At this time, the first relay node relaying the routing error signal deducts the trust value of the node reporting the routing error and delivers it to the originating node. If an error signal is received, the claim confirmation signal is transmitted to the relay node (formerly good node, PGN, Previous Good Node) closest to the destination node side among the relay nodes that have transmitted the routing error signal, and the claim confirmation signal is received. The previous good node verifies that the next node is a malicious node, if the next node is a malicious node (routing attack node). It is characterized by excluding from routing routing designation.

Here, the relay node preferably configures a timer such that the previous good node first determines the routing failure.

In addition, if the previous good node that has received the claim confirmation signal generates a claim verification signal and transmits it to the destination node, and if it does not receive an acknowledgment signal for the claim verification signal from the destination node, the previous good node may malicious the next node. It is desirable to recognize it as a node and exclude it from further routing.

The originating node receiving the routing error signal further transmits a claim confirmation signal to the next node of the previous good node, so that the next node of the previous good node recognizes the claim warning.

In addition, instead of excluding a node that is recognized as a malicious node from a later path designation, a trust value is set, and if the node is recognized as a malicious node, the trust value is deducted. It is preferable to exclude from, and it is preferable to reduce the decremented confidence value at regular intervals.

When the confidence value is less than or equal to the reference value and then recovers, it is preferable that the confidence value is deducted immediately below the reference value when the evil node performs the evil operation.

There are two cases in which a node calculates the confidence value of a neighbor node. As mentioned above, the first relay node that delivers the routing error signal immediately deducts the confidence value of the node that generated the routing error signal, and gradually recovers the confidence value over time. In addition, if a bad node is determined through the claim verification process, the trust value is immediately deducted, and over time, the trust value is gradually restored. The confidence value is in the range of 0 to 1, close to 1 when the confidence is good, and close to 0 when the confidence is bad. The input confidence value is 1 or 0, the deduction factor for the routing error signal is k1, and the deduction factor for the bad node is k2 after the verdict of the malicious node is determined, and k1 <k2 is set so that the routing error signal is transmitted. The confidence value of the generated node is deducted at a small rate, and the claims are verified to reduce the trust value of the node determined to be a malicious node at a larger rate than that.

In addition, when a routing error signal is generated, the confidence value of the node is

Confidence value = 'input confidence value' × k1 + 'old confidence value' × (1-k1)

Where k1: Deduction proportional constant when generating routing error

Input confidence value: 1 for normal operation, 0 for routing error

First previous confidence value: 1

It is preferable that the deduction and recovery be made by.

Likewise, if it turns out to be a malicious node, the confidence value of that node is

Confidence value = 'input confidence value' × k2 + 'old confidence value' × (1-k2)

k2: Deduction proportional constant when determining malicious node

It is preferable that the deduction and recovery be made by.

Meanwhile, in order to achieve the above object, a node of an ad hoc network system according to the present invention includes a data generation / relay unit for generating or relaying and transmitting data; A reception acknowledgment unit configured to generate an acknowledgment signal and transmit the data in a reverse direction when the data transmitted from another node is received as a final destination; A claim reporting unit for generating and transmitting a routing error signal to the originating node when the acknowledgment signal is not received from the node (the destination node) serving as the final destination (routing failure) when the relay node is operated; If a routing error signal is received as the originating node, a claim confirmation signal is sent to the relay node (formerly good node) closest to the destination node among the relay nodes that have sent the routing error signal, and the previous good node receiving the claim confirmation signal is the destination. Claim confirmation and verification unit for transmitting a claim verification signal to the node; If a confirmation signal is received from the destination node for the claim verification signal, and no confirmation signal is received from the destination node, the next node is determined to be a malicious node, and the trust value of the next node is deducted and the confidence value is lowered below the threshold. And a trust value processor for excluding the malicious node from the path designation.

Here, when operating as a relay node, it is further provided with a timer waiting for a predetermined time that the acknowledgment signal is to be transmitted, the timer is preferably configured so that the previous good node first determines the routing failure.

The data generation / relay unit may generate and transmit a claim verification signal toward a destination node of a previous data transmission path when the claim confirmation signal is received, and the confidence value processor may receive an acknowledgment signal for the claim verification signal from the destination node. If not, it is desirable to recognize the node of the next path as a malicious node and ultimately exclude it from routing routing.

Here, the trust value processing unit sets a trust value instead of immediately excluding a node recognized as a malicious node in a later path designation, and if the node is recognized as a malicious node, the trust value is deducted, and the trust value is equal to or less than a predetermined reference value. In this case, it is preferable to exclude from later routing.

In this case, it is preferable that the confidence value processing unit recovers the scored confidence value at regular intervals.

In this case, when the confidence value is less than or equal to the reference value and then recovers, it is preferable that the confidence value is deducted immediately below the reference value when the evil node performs the evil operation.

Here, when the trust value calculated by the trust value processor generates a routing error signal, the trust value of the node is expressed by the following equation.

Confidence value = 'input confidence value' × k1 + 'previous confidence value' × (1-k1)

Where k1: proportional constant when reporting routing error

Input confidence value: 1 for normal operation, 0 for malicious behavior

First previous confidence value: 1

It is preferable that the deduction and recovery by

If it turns out to be a malicious node (routing attack), its confidence value is expressed as

Confidence value = 'input confidence value' × k2 + 'previous confidence value' × (1-k2)

k2: proportional constant when determining the malicious node (routing attack)

Input confidence value: 1 for normal operation, 0 for malicious behavior

First previous confidence value: 1

It is preferable that the deduction and recovery be made by.

Hereinafter, with reference to the accompanying drawings, it will be described in detail a preferred embodiment of the present invention.

4 is a schematic diagram illustrating a node of an ad hoc network system according to an embodiment of the present invention.

Referring to FIG. 4, the node 100 of the ad hoc network system according to the present embodiment includes a data generation / relay unit 110 for generating or relaying data and transmitting the data; A reception acknowledgment unit 120 for generating a reception acknowledgment signal and transmitting the data in a reverse direction when receiving data transmitted from another node as a final destination; A claim report unit 130 for reporting a claim by transmitting a routing error signal to an originating node when the reception node does not receive an acknowledgment signal from a node (the destination node) serving as a relay node (routing node); If a routing error signal is received as the originating node, a claim confirmation signal is sent to the relay node (formerly good node) closest to the destination node among the relay nodes that have sent the routing error signal, and the previous good node receiving the claim confirmation signal is the destination. Claim verification and verification unit 140 for transmitting a claim verification signal to the node; When the claim confirmation signal is received, the confidence value processing unit 150 recognizes the node of the next path as a malicious node and excludes it from future path designation.

Node 100 is an element forming an ad hoc network system, each node includes: an originating node for generating and transmitting data according to a situation, and a relay node for relaying data; Can act as a destination node to be the destination of data. Therefore, the node 100 has all the elements necessary for data generation / transmission / relay / storage and so on in the network system.

The data generation / relay unit 110 is an element that generates and transmits data or relays data received from another node and transmitted to another node. When the node 100 performs a function of an originating node, When playing the role of relay node, the latter role is played.

The acknowledgment unit 120 generates an acknowledgment signal and transmits it in the reverse direction when receiving the data transmitted from another node as the final destination, that is, the originating node when the node 100 performs the function of the destination node. When receiving the data generated / transmitted from the node, the acknowledgment is notified to the originating node so that the originating node can determine whether the originating node achieves its purpose (data transmission to the destination node).

When the node 100 does not receive an acknowledgment signal from a node (the destination node) which is the final destination when the node 100 operates as a relay node (routing failure), the claim report unit 130 sends a claim by sending a routing error signal to the originating node. The element to declare. The first relay node relaying the routing error signal deducts the trust value of the node that generated the routing error signal and delivers it to the originating node.

The claim check and verification unit 140 receives the routing error signal from the relay node when the node 100 operates as the originating node, and then generates a claim confirmation signal to relay the routing error signal closest to the destination node. It is a functional element that sends to a node (formerly good node) and the previous good node performs a test transmission of the claim verification signal to the destination node.

According to this configuration, when there are several relay nodes between the originating node and the destination node, the number of routing error signals corresponding to the number of relay nodes is transmitted from the plurality of relay nodes that have not received the acknowledgment signal from the destination node. It is not difficult to determine the previous good node closest to the destination node, but receiving routing error signals from non-previous good nodes wastes a lot of resources and puts a lot of load on the originating node. It is desirable to configure the means such that only the previous good node can generate a routing error signal and send it to the originating node.

To this end, each of the nodes 100 further includes a timer which, when operating as a relay node, waits for a predetermined time that an acknowledgment signal is to be transmitted, wherein the timer causes the previous good node to first determine a routing failure. desirable. Specifically, the timer setting of the relay node is decreased as the next step is performed so that the timer of the node closest to the target node is started first.

In this configuration, when the routing failure fails, the previous good node includes the previous relay node and the timer operates first. Therefore, the routing error signal is first generated and transmitted to the originating node. Since other relay nodes will be transmitted to the originating node, the other relay nodes relay the routing error signal, and do not generate and transmit a separate routing error signal. Thus, in the routing error signal, only the routing error signal of the previous good node is transmitted to the originating node. Of course, for this purpose, relay nodes should be configured not to generate routing error signals if they relay routing error signals.

The claim check and verification unit 140 checks the claim with the relay node (formerly good node) closest to the target node among the various relay nodes that have transmitted the routing error signal when the node 100 receives the routing error signal as the originating node. As an element for transmitting a signal, through this, the previous good node can confirm through the originating node that it is the previous good node.

The confidence value processing unit 150 recognizes that the relay node that has received the claim confirmation signal is a previous good node, transmits a claim verification signal to the destination node, and sends a node next to itself when it has not received an acknowledgment from the destination node. Recognized as a node of evil. This recognition is stored in the storage of the previous good node, excluding the bad node from later routing. That is, the recognition and storing of the malicious node and excluding it from the path specification are performed by the previous good node, that is, the node that has been directly connected to the malicious node immediately, and the other nodes do not discriminate against the malicious node.

If you look at it, you can see that only the nodes that you checked are judged as malicious nodes. That is, although the originating node also participates in the determination of the malicious node, the role of defining the malicious node and excluding it from future routing is limited to only the previous good node. It is of course also possible for the previous good node to propagate the information that the node following it is a malicious node to other nodes, but it must be taken into account if the previous good node spreads false information as the bad node. Therefore, it is desirable to make the basic principle that all nodes do not determine whether they are malicious nodes for nodes that they have not experienced directly. Of course, because of this, the malicious node is certain, and if the malicious node is included in another data transmission path, by repeating the above-described process, the node is determined to be a malicious node by another previous good node, and participation in network routing is restricted. do.

Referring to Fig. 5, the originating node transmits data (packet, signal) toward the destination node. ①, the relay node relays the data. If a malicious node (marked with ●) exists in the path, the data is sent to a node other than the destination node or discarded, so that the destination node cannot receive the data. In this case, the relay nodes before the malicious node wait for using the timer to receive the acknowledgment signal of the target node. ② If the acknowledgment node fails to receive the acknowledgment signal, the previous good node receives a routing error signal. Claims are made by creating and sending them to the originating node. At this time, the first relay node that delivers the routing error deducts the trust value of the node that generated the routing error, and transmits the routing error signal to the originating node. The originating node receiving the routing error signal transmits a claim acknowledgment signal to the previous good node. ④, the previous good node receiving the claim acknowledgment signal confirms that it is a previous good node, and verifies the claim to the destination node. Test transfer the signal. The destination node receives the claim verification signal and sends the acknowledgment signal to the previous good node. If the intermediate malicious node does not transmit the claim verification signal to the destination node, the destination node cannot receive the claim verification signal and claims Since the verification confirmation signal cannot be transmitted and the previous good node does not receive the claim verification confirmation signal, the next node in the path is regarded as a malicious node and the credit score is deducted. The confidence score is accumulated and the confidence score drops below a predetermined threshold, and the previous good node determines the next node in the path as a malicious node.

After confirming that the originating node has failed routing, propagate the routing request (RREQ) again, and the destination node sends a routing reply (RREP, Routing Reply), and the previous good node receives the routing response sent from the malicious node with low trust. Drop the signal without passing it to the originating node. The originating node extracts the routing path from the various routing response signals delivered from the destination. The extracted routing path does not include the malicious node at the source.

On the other hand, in the aspect of the above embodiment, the previous good node itself may be a malicious node. That is, the fake previous good node may generate and transmit a routing error signal to the originating node without transmitting the data transmitted through the originating node and the relay node before it to the destination node.

In this case, the first relay node that delivers the routing error signal will repeat the process of deducting the confidence value of the node that generated the routing error, and ultimately lower the confidence value of the fake previous good node below the reference value. Later, the originating node makes a routing request to the destination node, and the destination node responds to the routing, so that the routing response signal sent through the fake pre-good node receives a routing error signal that recognizes that the trust value of the fake pre-good node is low. Delivery is originally blocked by the first relay node that delivered. As a result, the originating node may select a routing path from a list of routing paths that do not include the fake previous good node.

There is a problem in the above embodiment, which is that the countermeasure against a well-intentioned node is insufficient. Since each node is free to move due to the characteristics of the ad hoc network system, even a well-intentioned node may not properly relay the transmitted data according to time.

Since it is unreasonable to assume such a node as a malicious node, it is desirable to prepare a countermeasure.

For example, when the data generation / relay unit 110 of a predetermined node receives the claim confirmation signal, it generates and transmits a claim verification signal toward a destination node of a previous data transmission path, and verifies the claim from the destination node. When the acknowledgment signal for the signal is not received, the confidence value processor may recognize the node of the next path as a malicious node and exclude it from future path designation.

This is to check whether the node, which is supposed to be a malicious node, is operated again. It is to identify the case where a malfunction occurred due to an unexpected reason at the time of data transmission and then returned to normal. In other words, even if the initial data of the originating node is not normally relayed, it is not immediately assumed to be a malicious node, but the previous good node itself receiving the claim confirmation signal generates a separate claim verification signal and transmits it to the destination node of the initial data transmission. When the acknowledgment signal is transmitted from the target node and the acknowledgment signal is transmitted, the node immediately after the node is recognized as a normal node instead of a malicious node.

In the above example, one more chance is given, but it is also possible to configure a system that gives several opportunities.

To this end, the trust value processing unit 150 sets a trust value instead of immediately excluding a node recognized as a malicious node from a later path designation, and deducts the trust value if it is recognized as a malicious node, and sets the trust value to a predetermined value. It can also be configured to exclude from future routing if the reference value is below.

If the confidence value is less than or equal to the reference value, the confidence value processing unit 150 may be configured to recover the deducted confidence value at regular intervals for additional relief. In such a case, the maximal consideration is given to the node recognized as the malicious node, and when the malicious node later performs a routing attack again, that is, when the confidence value is less than or equal to the reference value, the malicious node performs the malicious action. In the case of performing the step, it is desirable to deduct the confidence value immediately below the reference value and exclude it from the path specification later.

6 and 7 are diagrams related to the above case, and FIG. 6 is a block diagram showing the function of the trust value processing unit 150 in the above example, and FIG. 7 is a diagram illustrating a time-dependent trust value of a routing attack node in determining a routing attack. 8 illustrates an example of a change, and FIG. 8 illustrates an example of a time-dependent trust value of a routing error reporting node when reporting a routing error.

When the node of the next path is determined to be a routing attack node (a malicious node), the trust value processing unit 150 immediately updates the trust score, and periodically updates the trust score every time elapses. The initial confidence value is initially '1'. The input confidence value is '1' if the trust is good and '0' if the trust is bad. Nodes found to be malicious nodes have an input confidence value of '0' and normal nodes have an input confidence value of '1'. Using this, the confidence value of the routing error reporting node when generating a routing error signal is expressed as

[Equation 1]

 Confidence value = ‘input confidence value’ × k1 + ‘old confidence value’ × (1-k1)

k1: proportionality constant

Input confidence value: 1 for normal operation, 0 for malicious behavior

First previous confidence value: 1

Is calculated.

In the routing attack determination, the trust value of the routing attack node (malicious node) is expressed by the following equation.

[Equation 2]

Confidence value = 'input confidence value' × k2 + 'old confidence value' × (1-k2)

k2: proportionality constant

Input confidence value: 1 for normal operation, 0 for malicious behavior

First previous confidence value: 1

Is calculated.

k1 and k2 are proportional constants that determine the ratio of the old and new values. As the value of k increases, it approaches the new state quickly. As the value of k decreases, it approaches the new state slowly.

Fig. 7 is a graph showing a change in the confidence value of a node reporting a routing error in the case where a routing error occurs, and shows a case where k1 = 0.05 and a bad node discrimination threshold (reference value) are set to 0.85. The node that reported the routing error was initially in the best state with a confidence value of 1, but after one attempt to report a routing error, the input confidence value was 0, resulting in a confidence value of 0.95, and after two attempts, the input confidence value became 0. As a result, the confidence value is 0.9025. Since the confidence value after four attempts is set to 0.8145 and the threshold value is set to 0.85, participation in network routing path selection candidates is restricted afterwards. After that, if normal routing is performed without reporting a routing error, the confidence value gradually recovers. However, if the routing error is reported continuously, the confidence value continues to fall below the reference threshold and the routing error reporting node is excluded from the routing path candidate.

Fig. 8 is a graph showing a change in the trust value of a malicious node when a malicious node is determined by a routing attack. The figure shows a case where k2 = 0.1 and a malicious node discrimination threshold (reference value) is set to 0.85. The unhealthy node was initially in the best state with a confidence value of 1, but after one attempt at a routing attack, the input trust value was 0, resulting in a confidence value of 0.9, and after two attempts, the input trust value was 0. 0.81. Since the threshold value is set to 0.85, participation in network routing is restricted afterwards. The malicious node will not be able to do any routing activity and will not be able to attack. Since the malicious node does not perform a routing attack, the node's input trust value is 1, and the trust score is restored every predetermined period. That is, after three periodic updates, a way to participate in network activity is opened beyond the threshold. When a malicious node attempts a routing attack again, the trust value is deducted from a single routing attack and falls below the threshold. After that, the malicious node's confidence score is updated four times before it can join the network. The malicious node may join the network at approximately every 3-4 update cycles, but if only one routing attack is made, it is immediately excluded from network activity.

Such behavior is that a well-behaved node usually has a trust value of "1", and if a single occurrence of a behavior that is determined to be a routing attack due to a temporary situation change is not immediately determined to be a malicious node, it is a repeated routing attack. It is a deferment to determine as a malicious node only when an action to be determined occurs. It is to satisfy both the relief of the malicious node and the exclusion of the malicious node, which may be well-meaning, and the user can appropriately adjust it if necessary. .

In the case of a routing error signal, the trust value decreases more slowly than the malicious node of the routing attack, so that the previous good node can participate in network routing normally for a longer time than the candidate malicious node, and the normal previous good node can detect the next malicious node. When normal routing is performed by removing from the routing path, the normal previous good node does not generate a routing error, thereby recovering the trust value, thereby continuing to participate in network routing.

As described above, the ad hoc network system and node according to the present invention recognize a malicious node by using a routing error signal and a claim confirmation signal, and exclude it from later routing, thereby configuring a stable ad hoc network system.

In addition, a remedy for a good node recognized as a malicious node due to the characteristics of the ad hoc network system is provided to prevent the case where the good node is excluded from the ad hoc network system.

Claims (14)

An originating node for generating and sending data; A relay node for relaying the data; A destination node which is a destination of the data, The destination node transmits a reception acknowledgment signal back to the originating node when the data is received; When the acknowledgment signal is not transmitted within a predetermined time (routing failure), the relay node generates a routing error (RERR) signal and transmits it to the originating node. The relay node deducts the trust value of the node reporting the routing error and delivers it to the originating node. When the originating node receives the routing error signal, the originating node transmits a claim acknowledgment signal to a relay node (formerly good node) that is closest to the destination node side among the relay nodes that have transmitted the routing error signal. The previous good node receiving the claim confirmation signal verifies that the next node is a malicious node, and if the next node is a malicious node (routing attack node), excludes it from routing routing. Network system. The method of claim 1, And wherein the relay node includes a timer for the previous good node to first determine a routing failure. The method of claim 1, The previous good node receiving the claim confirmation signal generates a claim verification signal and transmits it to the destination node, and when the acknowledgment signal for the claim verification signal is not received from the destination node, the previous good node is the next node. Ad hoc network system, characterized in that it is recognized as a malicious node and excluded from future routing. The method of claim 3, wherein The originating node receiving the routing error signal further sends a claim confirmation signal to the next node of the previous good node, so that the next node of the previous good node recognizes the claim alert. system. The method according to any one of claims 1 to 4, Instead of excluding a node recognized as a malicious node from a later path designation, a trust value is set, and if the node is recognized as a malicious node, the trust value is deducted. Ad hoc network system, characterized in that excluded from. The method of claim 5, wherein The reduced confidence value is an ad hoc network system, characterized in that to recover at regular intervals. The method of claim 6, And if the confidence value is less than or equal to the reference value and then recovers, if the malicious node performs the evil operation, the trust value is deducted immediately below the reference value. The method of claim 5, wherein The confidence value is for the node that generated the routing error signal, Confidence value = 'input confidence value' × k1 + 'old confidence value' × (1-k1) (Where k1: proportional constant when generating routing error Input confidence value: 1 for normal operation, 0 for routing error First previous confidence value: 1) Deduction and recovery are made by In addition, the confidence value is a node that turns out to be a malicious node (routing attack node), Confidence value = 'input confidence value' × k2 + 'old confidence value' × (1-k2) (k2: proportional constant when determining the evil node Input confidence value: 1 for normal operation, 0 for routing error First previous confidence value: 1) Ad hoc network system characterized in that the deduction and recovery by. A data generation / relay unit for generating or relaying data and transmitting the data; A reception acknowledgment unit configured to generate an acknowledgment signal and transmit the data in a reverse direction when the data transmitted from another node is received as a final destination; A claim reporting unit for generating and transmitting a routing error signal to the originating node when the acknowledgment signal is not received from the node (the destination node) serving as the final destination (routing failure) when operating as a relay node; If a routing error signal is received as the originating node, a claim confirmation signal is transmitted to the relay node (formerly good node) closest to the destination node among the relay nodes which have transmitted the routing error signal, and the previous good node receiving the claim confirmation signal. Claim confirmation and verification unit for transmitting a claim verification signal to the destination node; If a confirmation signal is received from the destination node for the claim verification signal and no confirmation signal is received from the destination node, the next node is determined to be a malicious node, and the confidence value of the next node is deducted to lower the confidence value below the threshold. A trust value processor that ultimately excludes malicious nodes from routing A node of an ad hoc network system, comprising: a. The method of claim 9, When operating as the relay node, further comprising a timer for waiting for a predetermined time that the acknowledgment signal is transmitted, And the timer is configured such that the previous good node first determines a routing failure. The method of claim 9, The trust value processing unit sets a trust value instead of immediately excluding a node recognized as a malicious node from a later path designation, and when the node is recognized as a malicious node, deducts the trust value, and the trust value is less than or equal to a predetermined reference value. Node of an ad hoc network system, wherein the node is excluded from future routing. The method of claim 11, And the confidence value processing unit recovers the credited confidence value at regular intervals. The method of claim 12, And if the confidence value is less than or equal to the reference value and then recovers the confidence value, the trust value processor immediately decreases the confidence value to be less than or equal to the reference value when the malicious node performs the evil operation. The method of claim 11, The confidence value calculated by the confidence value processing unit is a node that has generated a routing error signal. Confidence value = 'input confidence value' × k1 + 'previous confidence value' × (1-k1) (Where k1: proportional constant when reporting routing error Input confidence value: 1 for normal operation, 0 for malicious behavior First previous confidence value: 1) Deduction and recovery are made by For a node that turns out to be a malicious node (routing attack), Confidence value = 'input confidence value' × k2 + 'previous confidence value' × (1-k2) (k2: Proportional constant when determining malicious node (routing attack) Input confidence value: 1 for normal operation, 0 for malicious behavior First previous confidence value: 1) A node of an ad hoc network system, characterized in that the deduction and recovery are performed.

Images