CN112533170A - Malicious node identification method based on time credit sequence - Google Patents
Malicious node identification method based on time credit sequence Download PDFInfo
- Publication number
- CN112533170A CN112533170A CN202011424377.1A CN202011424377A CN112533170A CN 112533170 A CN112533170 A CN 112533170A CN 202011424377 A CN202011424377 A CN 202011424377A CN 112533170 A CN112533170 A CN 112533170A
- Authority
- CN
- China
- Prior art keywords
- node
- reputation
- value
- nodes
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/38—Services specially adapted for particular environments, situations or purposes for collecting sensor information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a malicious node identification method based on a time credit sequence, which relates to the safety technology of an infinite ultrasonic sensor and comprises the steps of calculating a node credit value according to the communication frequency ratio, calculating a node credit threshold value, dividing credit intervals, judging and dividing nodes and the like. The method mainly identifies the malicious nodes by judging the similarity of the node reputation value sequence and dividing the reputation interval through the calculation of the threshold value, has the advantages of low calculation complexity, high identification accuracy and high efficiency, and overcomes the defects of low identification rate and low identification speed caused by insufficient data volume of the malicious nodes.
Description
Technical Field
The invention relates to an infinite ultrasonic sensor safety technology, in particular to a wireless ultrasonic sensor malicious node identification method based on a time credit sequence.
Background
At present, with the wide application of Wireless Sensor Networks (WSNs) in various fields, the requirements of users on the security of sensor nodes are increasingly improved, and whether sensors are safe or not determines the practicability of the Wireless Sensor Networks (WSNs) in a certain sense.
Due to long-term exposure to a harsh deployment environment and the open nature of WSNs, it is decided that a node is in an environment that may be destroyed or trapped at any time, starting from the runtime of the node. When the WSN is captured, an attacker can decrypt the node and maliciously tamper with the program and put the node back into the network again, the captured and tampered node becomes a malicious node, and the captured and tampered node can launch almost all attacks on the network with the aim of destroying the WSN. Therefore, a security mechanism based on cryptography cannot defend a malicious node from entering the wireless sensor network to launch an attack behavior, and an effective and reliable identification method is needed to solve the problem. How to quickly and efficiently identify the malicious attacks and isolate the nodes becomes a key for preventing and controlling the malicious node attacks and improving the safety.
Because the attack methods adopt a mode of capturing nodes and have the same ID and key information and the like as those of legal nodes, the traditional cryptology security mechanism cannot identify the attack methods. But the reputation value of the node is calculated through the evaluation of the communication behavior of the node in a period of time, and the normal communication times and the total communication times of the node are sorted. And further identifying malicious nodes and sub-attack nodes through interval division. The method has the advantages of no need of complex distribution and encryption operation, rapidness and high efficiency, and is very suitable for maintaining a node network which is relatively stable.
Disclosure of Invention
The invention mainly aims to provide a wireless ultrasonic sensor malicious node identification method based on a time credit sequence. And further identifying malicious nodes and sub-attack nodes through interval division.
The technical scheme adopted by the invention is as follows: a malicious node identification method based on a time reputation sequence comprises the following steps:
step 1, calculating node reputation valueThe reputation value of the node is the evaluation of the communication behavior of the node in a period of time, and the influence of the current communication behavior on the reputation value of the node is calculated according to the normal communication times and the total communication times of the node, so that the influence of the historical behavior is reduced;
step 3, dividing the reputation interval into a low reputation interval, a medium reputation interval and a high reputation interval, wherein the node with the reputation value in the low reputation interval is regarded as a malicious node, the node with the reputation value in the high reputation interval is judged as a normal node, and a sub-aggressive node with the reputation value in the medium reputation interval is further identified;
step 4, aiming at the nodes of the middle reputation area, the reputation value of each node is in the same time interval∆tPerforming periodic update every timenThe node reputations for each time interval form a reputation sequence:
Further, the step 1 comprises:
calculating a node reputation value according to the formula:
wherein, let i, j, k be three arbitrary nodes, T1For direct reputation evaluation of node i to node j, T2Indicating that i gets an indirect reputation value for j through k,T tru representing a node credit value, c representing a confidence factor of the node i for evaluating the node, if the value of c is higher, indicating that the node judges the node more believable; the lower the value of c is, the more untrustworthy the value of c is, and the value of c is related to the times of successful communication between the nodes.
Further, the step 2 includes:
calculating a node reputation span threshold phi as shown in the formula:
whereinδAndψfor setting the dual threshold, exp represents an exponential function with e as base, xtIs the t-th sampling value of the signal to be detected,a second set of time series averages representing node N, phi being a node reputation span threshold.
Still further, the step 3 includes: judging nodeNThe reputation interval in which the reputation value is located,T tru greater than a threshold valueψNode ofNDetermining the node when the credit value is in the high credit areaNIs a normal node;T tru less than thresholdδNode ofNThe credit value is in a low credit area, and judgment is madeFixed nodeNIs a malicious node;T tru less than thresholdψAnd is greater thanδThe node is in a medium reputation region.
Still further, the step 4 includes: for nodes of a single reputation region, the reputation value of each node is at the same time interval∆tPerforming periodic update every timenThe node reputations for a time interval constitute one
A reputation sequence, then nodeNGroup i time series ofA i N A reputation matrix can be definedT(A i N ):
Wherein the content of the first and second substances,is a nodeNIn the first placeinThe node reputation value for the group time,is a nodeNIn the first placein+A node reputation value for a set of 1 times,is a nodeNIn the first placein+2The node reputation value for the group time,is a nodeNIn the first placein+n-Node reputation values for 1 set of times.
Still further, the step 5 includes: if the node reputation sequence similarity is positive similarity orIf the node reputation sequence similarity is negative, the node is judged to be a normal node, and if the node reputation sequence similarity is negative, the node reputation sequence similarity is judged to be normalThe node enters the observation period and passesfIf the credit value of the nodes in each observation period is still not increased, judging the nodes as malicious nodes;
the sequence nodes are determined according to the following formula:
wherein the content of the first and second substances,
if two time seriesThen, thenIndicating that they are identical if the two time series are identicalThen, thenIndicating a negative correlation between them.
The invention has the advantages that:
the invention calculates the credit value of the node by evaluating the communication behavior of the node in a period of time, and arranges the normal communication times and the total communication times of the node. And further identifying malicious nodes and sub-attack nodes through interval division. The method has the advantages of low calculation complexity, high identification accuracy and high speed, and the classification of the nodes is concise, concise and clearer due to the division of the intervals.
In addition to the objects, features and advantages described above, other objects, features and advantages of the present invention are also provided. The present invention will be described in further detail below with reference to the drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention.
FIG. 1 is a flow chart of a malicious node identification method based on a time reputation sequence according to the present invention;
FIG. 2 is a diagram of different node reputation intervals of the present invention;
FIG. 3 is a graph of the relationship between threshold and number of malicious nodes in a high reputation interval according to the present invention;
fig. 4 is a malicious node identification rate graph of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1 to 4, a malicious node identification method based on a time-reputation sequence includes the following steps:
step 1, calculating node reputation valueThe reputation value of the node is the evaluation of the communication behavior of the node in a period of time, and the influence of the current communication behavior on the reputation value of the node is calculated according to the normal communication times and the total communication times of the node, so that the influence of the historical behavior is reduced;
step 3, dividing the reputation interval into a low reputation interval, a medium reputation interval and a high reputation interval, wherein the node with the reputation value in the low reputation interval is regarded as a malicious node, the node with the reputation value in the high reputation interval is judged as a normal node, and a sub-aggressive node with the reputation value in the medium reputation interval is further identified;
step 4, aiming at the nodes of the middle reputation area, the reputation value of each node is in the same time interval∆tPerforming periodic update every timenThe node reputations for each time interval form a reputation sequence:
The invention calculates the credit value of the node by evaluating the communication behavior of the node in a period of time, and arranges the normal communication times and the total communication times of the node. And further identifying malicious nodes and sub-attack nodes through interval division. The method has the advantages of low calculation complexity, high identification accuracy and high speed, and the classification of the nodes is concise, concise and clearer due to the division of the intervals.
The malicious nodes are nodes which are intercepted by an attacker and then are replaced after being tampered in a certain network, and have serious threats to the network and users, after being replaced in the network, the malicious nodes can prevent data transmission and input forged data or insert malicious codes into the whole wireless sensor network, and as each node in the sensor network has expansibility, namely the codes injected by the malicious nodes can be spread at a very high speed and influence adjacent nodes, so that the codes can be spread and potentially damage the whole wireless sensor network, and the malicious nodes can further cause great waste of the limited node resources.
A wireless sensor malicious node detection scheme based on a statistical method is designed by a Sliva team of foreign scholars, namely, a set of rules are defined by communication behaviors of normal nodes, next nodes are judged according to the defined rules, if the rules are not met, the nodes are defined as malicious nodes, the malicious nodes can be identified to a certain degree by the scheme, but the scheme also has certain defects, namely, the problems and influences caused by node interaction cannot be processed. The method adopts a mode of setting the threshold value by using the control precision, can judge the attribute of the node more accurately, and effectively avoids the problem of node interaction.
Specifically, the method is embodied as follows:
computing node reputation valuesT tru The reputation value of the node is the evaluation of the communication behavior of the node in a period of time, and the influence of the current communication behavior on the reputation value of the node is calculated according to the normal communication times and the total communication times of the node, so that the influence of the historical behavior is reduced. Calculating a node reputation value according to the formula:
wherein, let i, j, k be three arbitrary nodes, T1For direct reputation evaluation of node i to node j, T2Indicating that i gets an indirect reputation value for j through k,T tru representing a node credit value, c representing a confidence factor of the node i for evaluating the node, if the value of c is higher, indicating that the node judges the node more believable; the lower the value of c is, the more untrustworthy the value of c is, and the value of c is related to the times of successful communication between the nodes.
ComputingNode reputation span threshold phi and carrying out interval division on the nodes, if the node reputation sequence similarity is positive similarity orIf the node reputation sequence similarity is negative, the node is judged to be a normal node, and if the node reputation sequence similarity is negative, the node reputation sequence similarity is judged to be normalThe node enters the observation period and passesfAnd if the reputation value of the node in each observation period is still not increased, judging the node as a malicious node.
The specific formula is as follows:
whereinδAndψfor setting the dual threshold, exp represents an exponential function with e as base, xtIs the t-th sampling value of the signal to be detected,a second set of time series averages representing node N, phi being a node reputation span threshold.
Dividing the reputation interval into a low reputation interval, a medium reputation interval and a high reputation interval, wherein the node with the reputation value in the low reputation interval is regarded as a malicious node, the node with the reputation value in the high reputation interval is judged as a normal node, and a sub-aggressive node with the reputation value in the medium reputation interval is further identified (a)T tru Greater than a threshold valueψNode ofNDetermining the node when the credit value is in the high credit areaNIs a normal node;T tru less than thresholdδNode ofNDetermining the node when the credit value is in the low credit areaNIs a malicious node;T tru less than thresholdψAnd is greater thanδAnd the node is in the medium reputation region).
For nodes of a single reputation region, the reputation value of each node is at the same time interval∆tCarry out periodic cleaningNew, each timenThe node reputations of a time interval form a reputation sequence, and then the nodesNGroup i time series ofA i N A reputation matrix can be definedT(A i N ):
Wherein the content of the first and second substances,is a nodeNIn the first placeinThe node reputation value for the group time,is a nodeNIn the first placein+A node reputation value for a set of 1 times,is a nodeNIn the first placein+2The node reputation value for the group time,is a nodeNIn the first placein+n-Node reputation values for 1 set of times.
Computing node reputation time seriesT(AN 2) AndT'(AN 2) Similarity of fromTo represent the similarity of two time series.
Wherein the content of the first and second substances,
if two time seriesThen, thenIndicating that they are identical if the two time series are identicalThen, thenIndicating a negative correlation between them.
If a certain node is judged to be a malicious node, pulling the malicious node into a blacklist by the cluster head, and broadcasting the position and other related information of the malicious node to members in the cluster; if the node is determined to be a normal node, the parameters of the node are updated to enter the next evaluation period.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (6)
1. A malicious node identification method based on a time reputation sequence is characterized by comprising the following steps
The following steps:
step 1, calculating node reputation valueThe reputation value of the node is the evaluation of the communication behavior of the node in a period of time, and the influence of the current communication behavior on the reputation value of the node is calculated according to the normal communication times and the total communication times of the node, so that the influence of the historical behavior is reduced;
step 2, calculating node reputation span thresholdIf the node reputation sequence similarity is positive similarity orIf the node reputation sequence similarity is negative, the node is judged to be a normal node, and if the node reputation sequence similarity is negative, the node reputation sequence similarity is judged to be normalThe node enters the observation period and passesfIf the credit value of the nodes in each observation period is still not increased, judging the nodes as malicious nodes;
step 3, dividing the reputation interval into a low reputation interval, a medium reputation interval and a high reputation interval, wherein the node with the reputation value in the low reputation interval is regarded as a malicious node, the node with the reputation value in the high reputation interval is judged as a normal node, and a sub-aggressive node with the reputation value in the medium reputation interval is further identified;
step 4, aiming at the nodes of the middle reputation area, the reputation value of each node is in the same time interval∆tPerforming periodic update every timenThe node reputations for each time interval form a reputation sequence:
step 5, calculating the node reputation time sequenceSimilarity of fromTo represent the similarity of two time series;
step 6, if the cluster is judged to be a malicious node, pulling the malicious node into a blacklist by the cluster head, and broadcasting the relevant information of the malicious node to members in the cluster; if the node is determined to be a normal node, the parameters of the node are updated to enter the next evaluation period.
2. The method of claim 1 for identifying malicious nodes based on temporal reputation sequences, which
Characterized in that the step 1 comprises:
calculating a node reputation value according to the formula:
wherein, let i, j, k be three arbitrary nodes, T1For direct reputation evaluation of node i to node j, T2Indicating that i gets an indirect reputation value for j through k,T tru representing a node credit value, c representing a confidence factor of the node i for evaluating the node, if the value of c is higher, indicating that the node judges the node more believable; the lower the value of c is, the more untrustworthy the value of c is, and the value of c is related to the times of successful communication between the nodes.
3. The method of claim 1 for identifying malicious nodes based on temporal reputation sequences, which
Characterized in that the step 2 comprises:
calculating a node reputation span threshold phi as shown in the formula:
4. The method of claim 1 for identifying malicious nodes based on temporal reputation sequences, which
Characterized in that said step 3 comprises: judging nodeNReputation value being atThe interval of the reputation of (a),T tru greater than a threshold valueψNode ofNDetermining the node when the credit value is in the high credit areaNIs a normal node;T tru less than thresholdδNode ofNDetermining the node when the credit value is in the low credit areaNIs a malicious node;T tru less than thresholdψAnd is greater thanδThe node is in a medium reputation region.
5. The method of claim 1 for identifying malicious nodes based on temporal reputation sequences, which
Characterized in that the step 4 comprises: for nodes of a single reputation region, the reputation value of each node is at the same time interval∆tPerforming periodic update every timenThe node reputations for a time interval constitute one
A reputation sequence, then nodeNGroup i time series ofA i N A reputation matrix can be definedT(A i N ):
Wherein the content of the first and second substances,is a nodeNIn the first placeinThe node reputation value for the group time,is a nodeNIn the first placein+A node reputation value for a set of 1 times,is a nodeNIn the first placein+2The node reputation value for the group time,is just a sectionDotNIn the first placein+n-Node reputation values for 1 set of times.
6. The method of claim 1 for identifying malicious nodes based on temporal reputation sequences, which
Characterized in that said step 5 comprises: if the node reputation sequence similarity is positive similarity orIf the node reputation sequence similarity is negative, the node is judged to be a normal node, and if the node reputation sequence similarity is negative, the node reputation sequence similarity is judged to be normalThe node enters the observation period and passesfIf the credit value of the nodes in each observation period is still not increased, judging the nodes as malicious nodes;
the sequence nodes are determined according to the following formula:
wherein the content of the first and second substances,
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011424377.1A CN112533170A (en) | 2020-12-08 | 2020-12-08 | Malicious node identification method based on time credit sequence |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011424377.1A CN112533170A (en) | 2020-12-08 | 2020-12-08 | Malicious node identification method based on time credit sequence |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112533170A true CN112533170A (en) | 2021-03-19 |
Family
ID=74998240
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011424377.1A Pending CN112533170A (en) | 2020-12-08 | 2020-12-08 | Malicious node identification method based on time credit sequence |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112533170A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108763925A (en) * | 2018-05-16 | 2018-11-06 | 首都师范大学 | A kind of sensor attack detection method measured based on fusion interval and history |
CN114189381A (en) * | 2021-12-10 | 2022-03-15 | 哈尔滨工程大学 | Identification method for Tor anonymous communication network malicious exit relay node |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404718A (en) * | 2017-08-16 | 2017-11-28 | 中国民航大学 | A kind of wireless sensor network malicious node detection method |
CN108124261A (en) * | 2017-12-11 | 2018-06-05 | 重庆邮电大学 | It is a kind of to merge credit assessment and the safe clustering method of wireless sense network for mechanism of patrolling |
CN108391300A (en) * | 2018-03-15 | 2018-08-10 | 东北大学 | Credible routing algorithm based on credit worthiness in a kind of opportunistic network |
CN111510502A (en) * | 2020-04-28 | 2020-08-07 | 吉林科创电力有限公司 | PBFT consensus propagation optimization method based on dynamic reputation value |
-
2020
- 2020-12-08 CN CN202011424377.1A patent/CN112533170A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404718A (en) * | 2017-08-16 | 2017-11-28 | 中国民航大学 | A kind of wireless sensor network malicious node detection method |
CN108124261A (en) * | 2017-12-11 | 2018-06-05 | 重庆邮电大学 | It is a kind of to merge credit assessment and the safe clustering method of wireless sense network for mechanism of patrolling |
CN108391300A (en) * | 2018-03-15 | 2018-08-10 | 东北大学 | Credible routing algorithm based on credit worthiness in a kind of opportunistic network |
CN111510502A (en) * | 2020-04-28 | 2020-08-07 | 吉林科创电力有限公司 | PBFT consensus propagation optimization method based on dynamic reputation value |
Non-Patent Citations (2)
Title |
---|
滕志军,庞宝贺,孙铭阳,谢露莹,郭力文: "基于环境参数优化和时间信誉序列的恶意节点识别模型", 《西北工业大学学报》 * |
胡向东,邢有权,何文祥: "融合信誉评估与巡查机制的WSN能量高效安全成簇算法", 《电讯技术》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108763925A (en) * | 2018-05-16 | 2018-11-06 | 首都师范大学 | A kind of sensor attack detection method measured based on fusion interval and history |
CN114189381A (en) * | 2021-12-10 | 2022-03-15 | 哈尔滨工程大学 | Identification method for Tor anonymous communication network malicious exit relay node |
CN114189381B (en) * | 2021-12-10 | 2023-08-01 | 哈尔滨工程大学 | Method for identifying malicious exit relay node of Tor anonymous communication network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Huang et al. | A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems | |
Khan et al. | An enhanced multi-stage deep learning framework for detecting malicious activities from autonomous vehicles | |
Qassim et al. | Anomalies Classification Approach for Network-based Intrusion Detection System. | |
CN112671701B (en) | Vehicle-mounted terminal intrusion detection method based on vehicle-mounted network abnormal behavior feature driving | |
US8307459B2 (en) | Botnet early detection using hybrid hidden markov model algorithm | |
CN112533170A (en) | Malicious node identification method based on time credit sequence | |
US11115823B1 (en) | Internet-of-things device classifier | |
CN104899513A (en) | Data diagram detection method for industrial control system malicious data attack | |
CN110768946A (en) | Industrial control network intrusion detection system and method based on bloom filter | |
Hui et al. | Research intrusion detection techniques from the perspective of machine learning | |
Hammad et al. | Intrusion detection system using feature selection with clustering and classification machine learning algorithms on the unsw-nb15 dataset | |
Shang et al. | Discovering unknown advanced persistent threat using shared features mined by neural networks | |
Marchetti et al. | Identification of correlated network intrusion alerts | |
Chourib | Detecting selected network covert channels using machine learning | |
Nguyen et al. | A new anomaly traffic detection based on fuzzy logic approach in wireless sensor networks | |
AsSadhan et al. | A robust anomaly detection method using a constant false alarm rate approach | |
Jeevaraj | Feature Selection Model using Naive Bayes ML Algorithm for WSN Intrusion Detection System | |
Ahmed et al. | Enhancing intrusion detection using statistical functions | |
CN113709097B (en) | Network risk sensing method and defense method | |
Saini et al. | Modelling intrusion detection system using hidden Markov model: A review | |
Song et al. | Hidden target recognition method for high-speed network security threats based on attack graph theory | |
KR100656340B1 (en) | Apparatus for analyzing the information of abnormal traffic and Method thereof | |
Al-Dayil et al. | Detecting social media mobile botnets using user activity correlation and artificial immune system | |
Shan-Shan et al. | The APT detection method based on attack tree for SDN | |
Xu et al. | Multi-Dimensional Security Indicator Design and Optimization for DDoS Detection in Edge Computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210319 |