CN104702610A - Routing intrusion detection system for mobile Ad-Hoc network - Google Patents
Routing intrusion detection system for mobile Ad-Hoc network Download PDFInfo
- Publication number
- CN104702610A CN104702610A CN201510111451.7A CN201510111451A CN104702610A CN 104702610 A CN104702610 A CN 104702610A CN 201510111451 A CN201510111451 A CN 201510111451A CN 104702610 A CN104702610 A CN 104702610A
- Authority
- CN
- China
- Prior art keywords
- local
- sent
- module
- global
- overall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention discloses a routing intrusion detection system for a mobile Ad-Hoc network and relates to the mobile Ad-Hoc network field. The system comprises a local intrusion detection device and a global intrusion detection device, the local intrusion detection device comprises a local collecting unit, a local detecting unit, a local responding unit and a local outline database; the local detecting unit comprises a local auditing module, a local abnormal detection module, a local misuse detecting module and a local feedback module; the global intrusion detection device comprises a global detection interface, a global collecting unit, a global detecting unit, a global responding unit, a global voting unit and a global outline database; the global detecting unit comprises a global auditing module, a global abnormal detection module, a global misuse detecting module and a local feedback module. The attack can be quickly and exactly detected by the routing intrusion detection system for the mobile Ad-Hoc network, the resource cost of the node is saved, the stay time of the malicious node in the Ad-Hoc network is shortened, and the safety of the whole Ad-Hoc network is raised.
Description
Technical field
The present invention relates to mobile Ad Hoc network field, specifically relate to a kind of route intruding detection system for Ad Hoc network.
Background technology
Mobile Ad Hoc network is a kind of wireless multi-hop peer-to-peer network without the need to infrastructure, self-organizing, network topology dynamic change, have quickly networking, configure conveniently, cost is low, survivability can wait advantage well, in mobile Ad Hoc network, each node is a router simultaneously.More and more extensive in the application of the occasions such as tactical communication, business civil area, rescue and relief work.But, compare with other networks, bring the multiple new problems such as internode collaboration, route, safety just because of its exclusive characteristic to mobile ad hoc network.Wherein, the maintenance of suitable route and routing iinformation is selected to be to provide the basis of proper network service, particularly important to the maintenance of network topology.In mobile Ad Hoc network, any node all may participate in route, is easy to the attack suffering outside or inside, and therefore routing safety research is one of key issue of further developing of mobile Ad Hoc network.Although as technology extensive use in MANET routing safety such as encryption, certification of intrusion prevention mechanism, helpless to the attack from network internal, this just needs behavioral value and response technology to complement one another with it, jointly ensures routing safety.
Summary of the invention
The object of the invention is the deficiency in order to overcome above-mentioned background technology, a kind of route intruding detection system for mobile Ad Hoc network is provided, attack can be detected fast, accurately, save the resource overhead of node, shorten the residence time of malicious node in Ad Hoc network, effectively improve the fail safe of whole Ad Hoc network.
The invention provides a kind of route intruding detection system for mobile Ad Hoc network, comprise local invasion detecting device and overall invasion detecting device,
Described local invasion detecting device comprises local collector unit, local detecting unit, local response unit and local outline data storehouse; Described local detecting unit comprises local Audit Module, local abnormality detection module, local misuse detection module and local feedback module;
Described overall invasion detecting device comprises global detection interface, overall collector unit, global detection unit, overall response unit, overall situation ballot unit and overall outline data storehouse; Described global detection unit comprises overall Audit Module, global abnormal detection module, overall situation misuse detection module and global feedback module;
Described local collector unit is used for: monitor the data source based on Ad Hoc network, collects the initial data needed for intrusion detection, and the initial data of collection is sent to local Audit Module;
Described local Audit Module is used for: carry out feature extraction and preliminary treatment to the initial data that local collector unit is sent, be the form of local abnormality detection module and local misuse detection module demand by the format conversion of initial data, and the data after format transformation sent to local abnormality detection module, local misuse detection module and local feedback module;
Described local abnormality detection module is used for: carry out abnormality test according to support vector machines algorithm to the data that local Audit Module is sent, and test result is sent to local feedback module;
Described this locality misuse detection module is used for: carry out misuse test according to SVM algorithm to the data that local Audit Module is sent, and test result is sent to local feedback module;
Described local feedback module is used for: the test result sent according to local abnormality detection module and local misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is malicious node in AdHoc network, intrusion alarm is sent to local response unit, and generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to overall outline data storehouse;
Described local response unit is used for: broadcasted in the ad hoc network by the intrusion alarm that local feedback module is sent, and is removed from Ad Hoc grid by malicious node;
Described local outline data storehouse is used for: the elementary list of friends sent by local feedback module and data send to global detection interface;
Described global detection interface is used for: the elementary list of friends send local outline data storehouse and data send to overall collector unit;
Described overall collector unit is used for: the elementary list of friends sent by global detection interface and data send to overall Audit Module;
Described overall Audit Module is used for: carry out feature extraction and preliminary treatment to the data that overall collector unit is sent, it is the form of global abnormal detection module and overall situation misuse detection module demand by the format conversion of data, and the data after format transformation being sent to global abnormal detection module and overall situation misuse detection module, the elementary list of friends sent by overall collector unit sends to global feedback module;
Described global abnormal detection module is used for: carry out abnormality test according to SVM algorithm to the data that overall Audit Module is sent, and test result is sent to global feedback module;
Described overall situation misuse detection module is used for: carry out misuse test according to SVM algorithm to the data that overall Audit Module is sent, and test result is sent to global feedback module;
Described global feedback module is used for: the test result sent according to global abnormal test module and overall situation misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is malicious node in AdHoc network, intrusion alarm is sent to overall response unit, and generate direct list of friends, in the elementary list of friends simultaneously sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, direct list of friends and indirect list of friends is sent to overall situation ballot unit;
Described overall response unit is used for: broadcasted in the ad hoc network by the intrusion alarm that global feedback module is sent, and is removed from Ad Hoc grid by malicious node;
Described overall situation ballot unit is used for: the direct list of friends that reception global feedback module is sent and indirect list of friends, according to the relation of direct friend and indirect friend to each nodes vote, determine the reliability rating that each node is final, and generate reliability rating table, reliability rating table is sent to overall outline data storehouse;
Described overall outline data storehouse is used for: store the reliability rating table that overall situation ballot unit is sent.
On the basis of technique scheme, the test result that described local feedback module is sent according to local abnormality detection module and local misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is not malicious node in Ad Hoc network, generate elementary list of friends, and the data that elementary list of friends and local Audit Module are sent are sent to overall outline data storehouse.
On the basis of technique scheme, the test result that described global feedback module is sent according to global abnormal test module and overall situation misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is not malicious node in Ad Hoc network, generate direct list of friends, in the elementary list of friends simultaneously sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, direct list of friends and indirect list of friends is sent to overall situation ballot unit.
Compared with prior art, advantage of the present invention is as follows:
(1) the present invention first identifies elementary friend's node fast by local invasion detecting device, by overall invasion detecting device, comprehensive detection is carried out to elementary friend's node again, finally determine whether node is real friend's node, and generate the reliability rating of each friend's node, can fast detecting go out to attack, save the resource overhead of node, shorten the residence time of malicious node in Ad Hoc network, effectively improve the fail safe of whole Ad Hoc network.
(2) the present invention adopts friend's mechanism, node in network is divided into direct friend and indirect friend, by the intercommunication cooperative relationship of direct friend and indirect friend, effectively resist the malicious act of selfish node and collusion deception node in the decision-making power problem and network that between node, each sticks to his own view causes, effectively improve the reliability detected.
(3) the present invention does not need the support of the complex technologys such as signature management, trust management and detecting and alarm predefine when detecting, by using SVM (Support Vector Machine, SVMs) algorithm and friend mechanism, rapidly and efficiently can select correlative character from mass of redundancy data, system resources in computation consumption is lower, real-time, flexibility is high.
Accompanying drawing explanation
Fig. 1 is the structured flowchart for the route intruding detection system of mobile Ad Hoc network in the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
Shown in Figure 1, the embodiment of the present invention provides a kind of route intruding detection system for mobile Ad Hoc network, comprises local invasion detecting device and overall invasion detecting device.
Local invasion detecting device comprises local collector unit, local detecting unit, local response unit and local outline data storehouse; Local detecting unit comprises local Audit Module, local abnormality detection module, local misuse detection module and local feedback module.
Overall situation invasion detecting device comprises global detection interface, overall collector unit, global detection unit, overall response unit, overall situation ballot unit and overall outline data storehouse; Global detection unit comprises overall Audit Module, global abnormal detection module, overall situation misuse detection module and global feedback module.
Local collector unit is used for: monitor the data source based on Ad Hoc network, collects the initial data needed for intrusion detection, and the initial data of collection is sent to local Audit Module.
Local Audit Module is used for: carry out feature extraction and preliminary treatment to the initial data that local collector unit is sent, be the form of local abnormality detection module and local misuse detection module demand by the format conversion of initial data, and the data after format transformation sent to local abnormality detection module, local misuse detection module and local feedback module.
Local abnormality detection module is used for: carry out abnormality test according to support vector machines algorithm to the data that local Audit Module is sent, and test result is sent to local feedback module.
Local misuse detection module is used for: carry out misuse test according to SVM algorithm to the data that local Audit Module is sent, and test result is sent to local feedback module.
Local feedback module is used for: the test result sent according to local abnormality detection module and local misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is malicious node in Ad Hoc network, intrusion alarm is sent to local response unit, and generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to overall outline data storehouse; When there is not malicious node in Ad Hoc network, generate elementary list of friends, and the data that elementary list of friends and local Audit Module are sent are sent to overall outline data storehouse.
Local response unit is used for: the intrusion alarm sent by local feedback module is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node.
Local outline data storehouse is used for: the elementary list of friends sent by local feedback module and data send to global detection interface.
Global detection interface is used for: the elementary list of friends send local outline data storehouse and data send to overall collector unit.
Overall situation collector unit is used for: the elementary list of friends sent by global detection interface and data send to overall Audit Module.
Overall situation Audit Module is used for: carry out feature extraction and preliminary treatment to the data that overall collector unit is sent, it is the form of global abnormal detection module and overall situation misuse detection module demand by the format conversion of data, and the data after format transformation being sent to global abnormal detection module and overall situation misuse detection module, the elementary list of friends sent by overall collector unit sends to global feedback module.
Global abnormal detection module is used for: carry out abnormality test according to SVM algorithm to the data that overall Audit Module is sent, and test result is sent to global feedback module.
Overall situation misuse detection module is used for: carry out misuse test according to SVM algorithm to the data that overall Audit Module is sent, and test result is sent to global feedback module.
Global feedback module is used for: the test result sent according to global abnormal test module and overall situation misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is malicious node in Ad Hoc network, intrusion alarm is sent to overall response unit, and generate direct list of friends, in the elementary list of friends simultaneously sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, direct list of friends and indirect list of friends is sent to overall situation ballot unit; When there is not malicious node in Ad Hoc network, generate direct list of friends, in the elementary list of friends simultaneously sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, direct list of friends and indirect list of friends is sent to overall situation ballot unit.
Overall situation response unit is used for: intrusion alarm global feedback module sent is broadcasted in Ad Hoc network, and is removed from Ad Hoc grid by malicious node.
Overall situation ballot unit is used for: the direct list of friends that reception global feedback module is sent and indirect list of friends, according to the relation of direct friend and indirect friend to each nodes vote, determine the reliability rating that each node is final, and generate reliability rating table, reliability rating table is sent to overall outline data storehouse.
Overall situation outline data storehouse is used for: store the reliability rating table that overall situation ballot unit is sent.
Those skilled in the art can carry out various modifications and variations to the embodiment of the present invention, if these amendments and modification are within the scope of the claims in the present invention and equivalent technologies thereof, then these revise and modification also within protection scope of the present invention.
The prior art that the content do not described in detail in specification is known to the skilled person.
Claims (3)
1. for a route intruding detection system for mobile Ad Hoc network, it is characterized in that: comprise local invasion detecting device and overall invasion detecting device,
Described local invasion detecting device comprises local collector unit, local detecting unit, local response unit and local outline data storehouse; Described local detecting unit comprises local Audit Module, local abnormality detection module, local misuse detection module and local feedback module;
Described overall invasion detecting device comprises global detection interface, overall collector unit, global detection unit, overall response unit, overall situation ballot unit and overall outline data storehouse; Described global detection unit comprises overall Audit Module, global abnormal detection module, overall situation misuse detection module and global feedback module;
Described local collector unit is used for: monitor the data source based on Ad Hoc network, collects the initial data needed for intrusion detection, and the initial data of collection is sent to local Audit Module;
Described local Audit Module is used for: carry out feature extraction and preliminary treatment to the initial data that local collector unit is sent, be the form of local abnormality detection module and local misuse detection module demand by the format conversion of initial data, and the data after format transformation sent to local abnormality detection module, local misuse detection module and local feedback module;
Described local abnormality detection module is used for: carry out abnormality test according to support vector machines algorithm to the data that local Audit Module is sent, and test result is sent to local feedback module;
Described this locality misuse detection module is used for: carry out misuse test according to SVM algorithm to the data that local Audit Module is sent, and test result is sent to local feedback module;
Described local feedback module is used for: the test result sent according to local abnormality detection module and local misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is malicious node in AdHoc network, intrusion alarm is sent to local response unit, and generate elementary list of friends, the data that elementary list of friends and local Audit Module are sent are sent to overall outline data storehouse;
Described local response unit is used for: broadcasted in the ad hoc network by the intrusion alarm that local feedback module is sent, and is removed from Ad Hoc grid by malicious node;
Described local outline data storehouse is used for: the elementary list of friends sent by local feedback module and data send to global detection interface;
Described global detection interface is used for: the elementary list of friends send local outline data storehouse and data send to overall collector unit;
Described overall collector unit is used for: the elementary list of friends sent by global detection interface and data send to overall Audit Module;
Described overall Audit Module is used for: carry out feature extraction and preliminary treatment to the data that overall collector unit is sent, it is the form of global abnormal detection module and overall situation misuse detection module demand by the format conversion of data, and the data after format transformation being sent to global abnormal detection module and overall situation misuse detection module, the elementary list of friends sent by overall collector unit sends to global feedback module;
Described global abnormal detection module is used for: carry out abnormality test according to SVM algorithm to the data that overall Audit Module is sent, and test result is sent to global feedback module;
Described overall situation misuse detection module is used for: carry out misuse test according to SVM algorithm to the data that overall Audit Module is sent, and test result is sent to global feedback module;
Described global feedback module is used for: the test result sent according to global abnormal test module and overall situation misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is malicious node in AdHoc network, intrusion alarm is sent to overall response unit, and generate direct list of friends, in the elementary list of friends simultaneously sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, direct list of friends and indirect list of friends is sent to overall situation ballot unit;
Described overall response unit is used for: broadcasted in the ad hoc network by the intrusion alarm that global feedback module is sent, and is removed from Ad Hoc grid by malicious node;
Described overall situation ballot unit is used for: the direct list of friends that reception global feedback module is sent and indirect list of friends, according to the relation of direct friend and indirect friend to each nodes vote, determine the reliability rating that each node is final, and generate reliability rating table, reliability rating table is sent to overall outline data storehouse;
Described overall outline data storehouse is used for: store the reliability rating table that overall situation ballot unit is sent.
2. as claimed in claim 1 for the route intruding detection system of mobile Ad Hoc network, it is characterized in that: the test result that described local feedback module is sent according to local abnormality detection module and local misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is not malicious node in Ad Hoc network, generate elementary list of friends, and the data that elementary list of friends and local Audit Module are sent are sent to overall outline data storehouse.
3. as claimed in claim 1 for the route intruding detection system of mobile Ad Hoc network, it is characterized in that: the test result that described global feedback module is sent according to global abnormal test module and overall situation misuse detection module, judge whether there is malicious node in Ad Hoc network, when there is not malicious node in Ad Hoc network, generate direct list of friends, in the elementary list of friends simultaneously sent according to overall Audit Module, each internodal trusting relationship generates indirect list of friends, direct list of friends and indirect list of friends is sent to overall situation ballot unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510111451.7A CN104702610B (en) | 2015-03-13 | 2015-03-13 | Route intruding detection system for moving Ad Hoc networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510111451.7A CN104702610B (en) | 2015-03-13 | 2015-03-13 | Route intruding detection system for moving Ad Hoc networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104702610A true CN104702610A (en) | 2015-06-10 |
| CN104702610B CN104702610B (en) | 2017-07-28 |
Family
ID=53349379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510111451.7A Expired - Fee Related CN104702610B (en) | 2015-03-13 | 2015-03-13 | Route intruding detection system for moving Ad Hoc networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104702610B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615051A (en) * | 2022-03-09 | 2022-06-10 | 黄河水利职业技术学院 | Network security detection method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101013976A (en) * | 2007-02-05 | 2007-08-08 | 南京邮电大学 | Mixed intrusion detection method of wireless sensor network |
| CN101340292A (en) * | 2008-08-07 | 2009-01-07 | 上海交通大学 | Invasion detection method of radio self-organization network |
-
2015
- 2015-03-13 CN CN201510111451.7A patent/CN104702610B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101013976A (en) * | 2007-02-05 | 2007-08-08 | 南京邮电大学 | Mixed intrusion detection method of wireless sensor network |
| CN101340292A (en) * | 2008-08-07 | 2009-01-07 | 上海交通大学 | Invasion detection method of radio self-organization network |
Non-Patent Citations (2)
| Title |
|---|
| SHUKOR ABD RAZAK,NORMALIA SAMIAN: "《A Friend Mechanism for Mobile Ad Hoc Networks》", 《INFORMATION ASSURANCE AND SECURITY,2008. ISIAS"08. FOURTH INTERNATIONAL CONFERENCE ON》 * |
| SHUKOR ABD RAZAK,STEVEN FURNELL: "《A Two-Tier Intrusion Detection System for Mobile Ad Hoc Networks – A Friend Approach》", 《IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS,ISI 2006》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615051A (en) * | 2022-03-09 | 2022-06-10 | 黄河水利职业技术学院 | Network security detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104702610B (en) | 2017-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109922162B (en) | Flat building equipment Internet of things monitoring system and method based on block chain | |
| Ghori et al. | Bluetooth low energy mesh networks: Survey of communication and security protocols | |
| Hosen et al. | Blockchain-based transaction validation protocol for a secure distributed IoT network | |
| Mori et al. | A self-configurable new generation children tracking system based on mobile ad hoc networks consisting of Android mobile terminals | |
| Bartoli et al. | A novel emergency management platform for smart public safety | |
| Gaur et al. | Trusted and secure clustering in mobile pervasive environment | |
| Liu et al. | Artificial intelligence aware and security-enhanced traceback technique in mobile edge computing | |
| Venkatachalam et al. | Cross-layer hidden Markov analysis for intrusion detection | |
| Smys et al. | Performance optimization of wireless adhoc networks with authentication | |
| Akhtar et al. | Classification of selfish and regular nodes based on reputation values in MANET using adaptive decision boundary | |
| Srinath et al. | Ac: Cluster based secure routing protocol for wsn | |
| CN104702609A (en) | Ad Hoc network route intrusion detecting method based on friend mechanism | |
| Vamsi et al. | Secure data aggregation and intrusion detection in wireless sensor networks | |
| Lalar et al. | An efficient tree-based clone detection scheme in wireless sensor network | |
| Sharma et al. | Secure and reliable resource allocation and caching in aerial-terrestrial cloud networks (ATCNs) | |
| Zhou et al. | An energy-efficient random verification protocol for the detection of node clone attacks in wireless sensor networks | |
| CN104702610A (en) | Routing intrusion detection system for mobile Ad-Hoc network | |
| CN106411916A (en) | Internet of things security group communication method | |
| CN103200568A (en) | Method and device for node location in wireless sensor network and sensor nodes | |
| Gupta et al. | Fog computing& IoT: Overview, architecture and applications | |
| Kumar et al. | A Survey on Advance Black/Grey hole Detection and Prevention Techniques in DSR & AODV Protocols | |
| AU2018101627A4 (en) | An apparatus and method based on trust index of wireless node for multiple / best route discovery in the wireless sensor network platform. | |
| Vinayagam et al. | A Energy Balanced Geo Cluster Head Set Based Multi-Hop Routing for Wireless Sensor Network. | |
| Maddar et al. | Trust intrusion detection system based on location for wireless sensor network | |
| CN105188065B (en) | A kind of wireless Mesh netword trust metrics system based on multiple criteria decision making (MCDM) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170728 Termination date: 20190313 |