CN104702609B - Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism - Google Patents

Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism Download PDF

Info

Publication number
CN104702609B
CN104702609B CN201510111439.6A CN201510111439A CN104702609B CN 104702609 B CN104702609 B CN 104702609B CN 201510111439 A CN201510111439 A CN 201510111439A CN 104702609 B CN104702609 B CN 104702609B
Authority
CN
China
Prior art keywords
global
sent
local
data
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510111439.6A
Other languages
Chinese (zh)
Other versions
CN104702609A (en
Inventor
苏文桂
裴庆祺
王仙
马立川
李红宁
李俚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Guangxi University
Original Assignee
Xidian University
Guangxi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University, Guangxi University filed Critical Xidian University
Priority to CN201510111439.6A priority Critical patent/CN104702609B/en
Publication of CN104702609A publication Critical patent/CN104702609A/en
Application granted granted Critical
Publication of CN104702609B publication Critical patent/CN104702609B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Intrusion detection method is route the invention discloses a kind of mobile Ad Hoc networks based on friend's mechanism, is related to mobile Ad Hoc networks field, this method comprises the following steps:Local invasion detecting device quickly recognizes primary friend's node, and global invasion detecting device carries out comprehensive detection to primary friend's node, final to determine whether node is real friend's node, and generates the reliability rating of each friend's node.The present invention can quick detection go out attack, save the resource overhead of node, shorten residence time of the malicious node in Ad Hoc networks, effectively improve the security of whole Ad Hoc networks.

Description

Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism
Technical field
The present invention relates to mobile Ad Hoc networks field, a kind of mobile Ad Hoc nets based on friend's mechanism are specifically related to Network route intrusion detection method.
Background technology
Mobile Ad Hoc networks be it is a kind of without infrastructure, self-organizing, network topology dynamic change wireless multi-hop pair Deng network, have the advantages that quickly networking, configuration are convenient, cost is low, survivability energy is good, each node in mobile Ad Hoc networks It is simultaneously a router.It is more and more extensive in the application of the occasions such as tactical communication, business civil area, rescue and relief work.However, Compared with other networks, it is more to mobile ad hoc network to bring internode collaboration, route, safety etc. just because of its exclusive characteristic Plant new problem.Wherein, select the maintenance of suitable route and routing iinformation to be to provide the basis of proper network service, network is opened up The maintenance flutterred is particularly important.Any node may all participate in route in mobile Ad Hoc networks, it is easy to by outside or inside Attack, therefore routing safety research be one of key issue that mobile Ad Hoc networks further develop.It is used as intrusion prevention Although the technologies such as the encryption of mechanism, certification extensive use in MANET routing safety, to the attack from network internal Helpless, this is accomplished by therewith complementing one another behavioral value and response technology, and routing safety is ensured jointly.
The content of the invention
The invention aims to overcome the shortcomings of above-mentioned background technology, there is provided a kind of mobile Ad based on friend's mechanism Hoc network route intrusion detection method, can quickly, accurately detect attack, saves the resource overhead of node, shortens malice and saves Residence time of the point in mobile Ad Hoc networks, effectively improves the security of whole mobile Ad Hoc networks.
The present invention provides a kind of mobile Ad Hoc networks route intrusion detection method based on friend's mechanism, including following step Suddenly:
A, it is collected locally data source of the unit monitors based on Ad Hoc networks, collects the initial data needed for intrusion detection, And the initial data of collection is sent to local Audit Module;Local Audit Module carries out feature extraction and pre- place to initial data Reason, the form of initial data is converted to the form of local abnormality detection module and local misuse detection module demand, and will be turned The data changed after form are sent to local abnormality detection module, local misuse detection module and local feedback module;It is local abnormal Detection module carries out abnormality test to data according to support vector machines algorithm, and test result is sent into local feedback mould Block, local misuse detection module carries out misuse test to data according to SVM algorithm, and test result is sent into local feedback mould Block, goes to step B;
When B, local feedback module judge to there is malicious node in network according to test result, sent to local response unit Intrusion alarm, and primary list of friends is generated, the data that primary list of friends and local Audit Module are sent are sent to locally Outline data storehouse, goes to step C;
The intrusion alarm that C, local response unit send local feedback module is broadcasted in Ad Hoc networks, and will malice Node is removed from Ad Hoc grids, goes to step D;
The primary list of friends and data that local feedback module is sent in D, local outline data storehouse are through global detection interface Global collector unit is sent to, global Audit Module is sent to through global collector unit, step E is gone to;
The data that E, global Audit Module are sent to global collector unit carry out feature extraction and pretreatment, by the lattice of data Formula is converted to the form of global abnormal detection module and global misuse detection module demand, and the data after format transformation are sent To global abnormal detection module and global misuse detection module;Global abnormal detection module carries out different according to SVM algorithm to data Often test, and test result is sent to global feedback module, overall situation misuse detection module is missed according to SVM algorithm to data With test, and test result is sent to global feedback module, goes to step F;
It is single to the overall situation response when F, global feedback module judge to there is malicious node in Ad Hoc networks according to test result Member sends intrusion alarm, and generates direct list of friends, goes to step G;
The intrusion alarm that G, global response unit send global feedback module is broadcasted in Ad Hoc networks, and will malice Node is removed from Ad Hoc grids, goes to step H;
Trusting relationship in the primary list of friends that H, global feedback module are sent according to global Audit Module between each node Indirect list of friends is generated, and direct list of friends and indirect list of friends are sent to global ballot unit, overall situation ballot is single Member is voted according to each node of relation pair of direct friend and indirect friend, determines the final reliability rating of each node, and raw Into reliability rating table, reliability rating table is sent to global outline data library storage, terminated.
On the basis of above-mentioned technical proposal, step B is further comprising the steps of:Local feedback module is sentenced according to test result When determining malicious node is not present in Ad Hoc networks, the primary list of friends of generation, by primary list of friends and local Audit Module The data sent are sent to local outline data storehouse, go to step D.
On the basis of above-mentioned technical proposal, step F is further comprising the steps of:Global feedback module is sentenced according to test result When determining malicious node is not present in Ad Hoc networks, direct list of friends is generated, step H is gone to.
Compared with prior art, advantages of the present invention is as follows:
(1) present invention first passes through local invasion detecting device and quickly recognizes primary friend's node, then is examined by overall situation invasion Survey device and comprehensive detection is carried out to primary friend's node, it is final to determine whether node is real friend's node, and generate each The reliability rating of friend's node, can quick detection go out attack, save node resource overhead, shorten malicious node in Ad Hoc Residence time in network, effectively improves the security of whole Ad Hoc networks.
(2) present invention uses friend's mechanism, and the node in network is divided into direct friend and indirect friend, passes through direct friend The intercommunication cooperative relationship of friendly and indirect friend, effectively resists between node selfish in decision-making power problem caused by each sticks to his own view and network The malicious act of node and collusion deception node, effectively improves the reliability of detection.
(3) need not be signed in detection management, trust management and detecting and alarm of the present invention such as predefines at the complex technology Support, can be quickly high by using SVM (Support Vector Machine, SVMs) algorithms and friend's mechanism What is imitated selects correlative character from mass of redundancy data, and system resources in computation consumption is relatively low, real-time, and flexibility is high.
Brief description of the drawings
Fig. 1 is the flow of the mobile Ad Hoc networks route intrusion detection method based on friend's mechanism in the embodiment of the present invention Figure.
Embodiment
Below in conjunction with the accompanying drawings and specific embodiment is described in further detail to the present invention.
Shown in Figure 1, the embodiment of the present invention provides a kind of mobile Ad Hoc networks route invasion based on friend's mechanism Detection method, comprises the following steps:
S1, it is collected locally data source of the unit monitors based on Ad Hoc networks, collects the initial data needed for intrusion detection, And the initial data of collection is sent to local Audit Module;Local Audit Module carries out feature extraction and pre- place to initial data Reason, the form of initial data is converted to the form of local abnormality detection module and local misuse detection module demand, and will be turned The data changed after form are sent to local abnormality detection module, local misuse detection module and local feedback module;It is local abnormal Detection module carries out abnormality test to data according to support vector machines algorithm, and test result is sent into local feedback mould Block, local misuse detection module carries out misuse test to data according to SVM algorithm, and test result is sent into local feedback mould Block, goes to step S2.
S2, local feedback module judge to whether there is malicious node in network according to test result, if there is malicious node, Intrusion alarm then is sent to local response unit, and generates primary list of friends, by primary list of friends and local Audit Module The data sent are sent to local outline data storehouse, go to step S3;If in the absence of malicious node, the primary friend's row of generation Table, the data that primary list of friends and local Audit Module are sent are sent to local outline data storehouse, go to step S4.
The intrusion alarm that S3, local response unit send local feedback module is broadcasted in Ad Hoc networks, and will be disliked Meaning node is removed from Ad Hoc grids, goes to step S4.
The primary list of friends and data that local feedback module is sent in S4, local outline data storehouse are through global detection interface Global collector unit is sent to, global Audit Module is sent to through global collector unit, step S5 is gone to.
The data that S5, global Audit Module are sent to global collector unit carry out feature extraction and pretreatment, by data Form is converted to the form of global abnormal detection module and global misuse detection module demand, and the data after format transformation are sent out Give global abnormal detection module and global misuse detection module;Global abnormal detection module is carried out according to SVM algorithm to data Abnormality test, and test result is sent to global feedback module, overall situation misuse detection module is carried out according to SVM algorithm to data Misuse test, and test result is sent to global feedback module, go to step S6.
S6, global feedback module judge to whether there is malicious node in Ad Hoc networks according to test result, disliked if existing Meaning node, then send intrusion alarm to global response unit, and generates direct list of friends, goes to step S7;If in the absence of evil Meaning node, then generate direct list of friends, go to step S8.
The intrusion alarm that S7, global response unit send global feedback module is broadcasted in Ad Hoc networks, and will be disliked Meaning node is removed from Ad Hoc grids, goes to step S8.
Trusting relationship in the primary list of friends that S8, global feedback module are sent according to global Audit Module between each node Indirect list of friends is generated, and direct list of friends and indirect list of friends are sent to global ballot unit, overall situation ballot is single Member is voted according to each node of relation pair of direct friend and indirect friend, determines the final reliability rating of each node, and raw Into reliability rating table, reliability rating table is sent to global outline data library storage, terminated.
Those skilled in the art can carry out various modifications and variations to the embodiment of the present invention, if these modifications and change Type is within the scope of the claims in the present invention and its equivalent technologies, then these modifications and variations are also in protection scope of the present invention Within.
The prior art that the content not being described in detail in specification is known to the skilled person.

Claims (1)

1. a kind of mobile Ad Hoc networks route intrusion detection method based on friend's mechanism, it is characterised in that including following step Suddenly:
A, it is collected locally data source of the unit monitors based on Ad Hoc networks, collects the initial data needed for intrusion detection, and will The initial data of collection is sent to local Audit Module;Local Audit Module carries out feature extraction and pretreatment to initial data, The form of initial data is converted to the form of local abnormality detection module and local misuse detection module demand, and lattice will be changed Data after formula are sent to local abnormality detection module, local misuse detection module and local feedback module;Local abnormality detection Module carries out abnormality test according to support vector machines algorithm to data, and test result is sent into local feedback module, this Ground misapplies detection module and carries out misuse test to data according to SVM algorithm, and test result is sent into local feedback module, turns To step B;
When B, local feedback module judge to there is malicious node in network according to test result, send and invade to local response unit Alarm, and primary list of friends is generated, the data that primary list of friends and local Audit Module are sent are sent to local profile Database, goes to step C;It is raw when local feedback module judges malicious node is not present in Ad Hoc networks according to test result Into primary list of friends, the data that primary list of friends and local Audit Module are sent are sent to local outline data storehouse, turn To step D;
The intrusion alarm that C, local response unit send local feedback module is broadcasted in Ad Hoc networks, and by malicious node Removed from Ad Hoc grids, go to step D;
The primary list of friends and data that local feedback module is sent in D, local outline data storehouse are sent through global detection interface To global collector unit, global Audit Module is sent to through global collector unit, step E is gone to;
The data that E, global Audit Module are sent to global collector unit carry out feature extraction and pretreatment, and the form of data is turned The form of global abnormal detection module and global misuse detection module demand is changed to, and the data after format transformation are sent to entirely Office's abnormality detection module and global misuse detection module;Global abnormal detection module carries out abnormal survey to data according to SVM algorithm Examination, and test result is sent to global feedback module, overall situation misuse detection module carries out misuse survey according to SVM algorithm to data Examination, and test result is sent to global feedback module, go to step F;
When F, global feedback module judge to there is malicious node in Ad Hoc networks according to test result, sent out to global response unit Intrusion alarm is sent, and generates direct list of friends, step G is gone to;Global feedback module judges Ad Hoc nets according to test result When malicious node is not present in network, direct list of friends is generated, step H is gone to;
The intrusion alarm that G, global response unit send global feedback module is broadcasted in Ad Hoc networks, and by malicious node Removed from Ad Hoc grids, go to step H;
Trusting relationship in the primary list of friends that H, global feedback module are sent according to global Audit Module between each node is generated Indirect list of friends, and direct list of friends and indirect list of friends are sent to global ballot unit, overall situation ballot unit root According to each node ballot of the relation pair of direct friend and indirect friend, the final reliability rating of each node is determined, and generate letter Appoint table of grading, reliability rating table is sent to global outline data library storage, terminate.
CN201510111439.6A 2015-03-13 2015-03-13 Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism Expired - Fee Related CN104702609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510111439.6A CN104702609B (en) 2015-03-13 2015-03-13 Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510111439.6A CN104702609B (en) 2015-03-13 2015-03-13 Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism

Publications (2)

Publication Number Publication Date
CN104702609A CN104702609A (en) 2015-06-10
CN104702609B true CN104702609B (en) 2017-07-25

Family

ID=53349378

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510111439.6A Expired - Fee Related CN104702609B (en) 2015-03-13 2015-03-13 Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism

Country Status (1)

Country Link
CN (1) CN104702609B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915513B (en) * 2016-04-12 2019-01-04 内蒙古大学 The lookup method and device of the malicious service supplier of composite services in cloud system
US10068034B2 (en) * 2016-09-07 2018-09-04 Mellanox Technologies Tlv Ltd. Efficient matching of TCAM rules using hash tables in RAM

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217396A (en) * 2007-12-29 2008-07-09 华中科技大学 An Ad hoc network invasion detecting method and system based on trust model
CN101340292A (en) * 2008-08-07 2009-01-07 上海交通大学 Invasion detection method of radio self-organization network
CN103002438A (en) * 2011-09-15 2013-03-27 中国人民解放军总参谋部第六十一研究所 Network behavior monitoring method based on support vector machine (SVM) and trust control
CN103107911A (en) * 2011-11-11 2013-05-15 无锡南理工科技发展有限公司 Mixed type self-adaption mobile network intrusion detection system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8710983B2 (en) * 2012-05-07 2014-04-29 Integrated Security Corporation Intelligent sensor network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217396A (en) * 2007-12-29 2008-07-09 华中科技大学 An Ad hoc network invasion detecting method and system based on trust model
CN101340292A (en) * 2008-08-07 2009-01-07 上海交通大学 Invasion detection method of radio self-organization network
CN103002438A (en) * 2011-09-15 2013-03-27 中国人民解放军总参谋部第六十一研究所 Network behavior monitoring method based on support vector machine (SVM) and trust control
CN103107911A (en) * 2011-11-11 2013-05-15 无锡南理工科技发展有限公司 Mixed type self-adaption mobile network intrusion detection system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"利用朋友机制生成一类无标度网络";裴伟东 等;《吉林大学学报(信息科学版)》;20070715;第25卷(第4期);第371-378页 *
"认知无线网络中收敛感知算法安全性检测";李红宁 等;《西安电子科技大学学报(自然科学版)》;20131122;第41卷(第3期);第157-161页 *

Also Published As

Publication number Publication date
CN104702609A (en) 2015-06-10

Similar Documents

Publication Publication Date Title
Maleh et al. A global hybrid intrusion detection system for wireless sensor networks
Davoody-Beni et al. Application of IoT in smart grid: Challenges and solutions
CN106899435B (en) A kind of complex attack recognition methods towards wireless invasive detection system
Jin et al. Multi-agent trust-based intrusion detection scheme for wireless sensor networks
Mirzaee et al. Smart grid security and privacy: From conventional to machine learning issues (threats and countermeasures)
Bandecchi et al. Intrusion Detection Scheme in Secure Zone Based System
Desnitsky et al. Security event analysis in XBee-based wireless mesh networks
Luo et al. Selective forwarding attack detection and network recovery mechanism based on cloud-edge cooperation in software-defined wireless sensor network
CN104702609B (en) Mobile Ad Hoc networks route intrusion detection method based on friend's mechanism
Erroutbi et al. Secure and lightweight HMAC mutual authentication protocol for communication between IoT devices and fog nodes
Liu et al. Security cooperation model based on topology control and time synchronization for wireless sensor networks
Akhtar et al. Classification of selfish and regular nodes based on reputation values in MANET using adaptive decision boundary
Huang et al. An efficient hybrid IDS deployment architecture for multi-hop clustered wireless sensor networks
Forootaninia et al. An improved watchdog technique based on power-aware hierarchical design for ids in wireless sensor networks
Vamsi et al. Secure data aggregation and intrusion detection in wireless sensor networks
CN104702610B (en) Route intruding detection system for moving Ad Hoc networks
CN106411916A (en) Internet of things security group communication method
Ahmed et al. Malicious attack detection in underwater wireless sensor network
Yuan [Retracted] Sensor Network Security Risk Prediction and Control Method Based on Big Data Analysis
Zeng et al. A blockchain scheme based on DAG structure security solution for IIoT
Liu et al. A new Sybil attack detection for wireless body sensor network
Yang et al. Authentication Techniques for Improving the Reliability of the Nodes in the MANET
Shi et al. Privacy protection and intrusion detection system of wireless sensor network based on artificial neural network
Wang A three-tier scheme for sybil attack detection in heterogeneous IWSN
Kumar et al. A Survey on Advance Black/Grey hole Detection and Prevention Techniques in DSR & AODV Protocols

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170725

Termination date: 20190313

CF01 Termination of patent right due to non-payment of annual fee