【作者】 沈士根；

【导师】 曹奇英；

【作者基本信息】 东华大学 ， 模式识别与智能系统， 2013， 博士

【摘要】 无线传感器网络(Wireless Sensor Networks)由大量部署在监测区域内的廉价微型传感器节点组成,通过无线网络通信传输方式形成一个自组织、自适应、多跳的智能网络系统,其目的是协作地实时监测、感知和采集各种环境或监测对象的信息(如温度、湿度、气压等),再通过基站发送给管理者。当前,其在工农业、城市管理、生物医疗、环境监测、军事等众多领域已被公认具有十分广阔的应用前景。无线传感器网络作为一种任务型网络,不仅要进行数据的传输,而且要进行数据融合、任务的协同控制等。如何保证任务执行的机密性、数据产生的可靠性以及数据传输的安全性,就成为无线传感器网络安全问题需要全面考虑的内容。可以说,安全问题是制约无线传感器网络发展的一个非常关键因素。博弈论是研究两个或多个参与者谋略和决策问题的理论,能为无线传感器网络安全的研究提供新颖的思路。自组织、无控制中心、动态拓扑、资源有限是无线传感器网络的主要特点,这些特点决定了每一个节点在通信时会有自己的决策。那么,当节点需要做出决策时,哪一种是最优的?节点也许会表现自私而寻求只对自身有益的决策,甚至会表现恶意而选择破坏网络性能的决策。这些情况利用非合作博弈能找到很好的答案。当然,这里的非合作博弈包括了多种形式,如信号博弈、随机博弈、微分博弈等。另外,还可以选择演化博弈对节点行为的动态演化进行研究。因此,博弈论方法为无线传感器网络安全中多方面关键问题研究提供了可行的新思路和新技术,这将是一个重要的充满前景的研究方向。本文研究瞄准无线传感器网络安全中的入侵检测、信任、恶意程序传播、可生存性等重要研究领域,利用博弈论方法解决入侵检测系统何时开启、信任决策和演化、恶意程序传播与优化控制、可生存性评估中的攻击行为预测等关键问题。(1)基于信号博弈的无线传感器网络入侵检测最优策略研究入侵检测系统是无线传感器网络安全的重要保障,能积极主动地防范内外部攻击。在无线传感器网络中使用入侵检测系统可以隔离恶意节点,使得后续的路由不再经过恶意节点,这样可以减轻恶意节点带来的损失。但是入侵检测系统的使用需要较多的计算资源,相对于节点资源有限的现状,将入侵检测系统始终处于开启状态不是最优的选择。因此,何时开启入侵检测系统的策略,成为入侵检测系统能否在无线传感器网络中有效应用的关键。本部分主要研究成果如下：1)基于信号博弈构建了一种“无线传感器网络入侵检测博弈”模型用于研究恶意传感器节点和入侵检测代理之间的策略选择,这个模型满足了入侵检测代理对传感器节点的类型(正常或恶意)未知的实际场景；2)建立并证明了“无线传感器网络入侵检测博弈”模型存在均衡的定理,这些定理为入侵检测代理在决定是否采取动作“保卫”(即启动入侵检测代理)或“空闲”(即不启动入侵检测代理)时提供最优的策略,也就是说,使用这些最优策略将使入侵检测代理不必始终采取动作“保卫”,这样可以节省因采取动作“保卫”导致的能量消耗；3)基于完美贝叶斯均衡设计了无线传感器网络入侵检测系统运行机制和相应的算法；4)构建的模拟实验验证了“无线传感器网络入侵检测博弈”模型的有效性。(2)基于演化博弈的无线传感器网络节点信任演化动力学研究基于信任的安全机制是最近几年应用到无线传感器网络中的安全技术。与加密等安全技术相比,信任是在以无线传感器网络节点为中心的环境中,帮助各传感器节点建立信心,推动传感器节点之间的协作,降低与其它传感器节点合作的风险。信任过程的建立涉及信任证据的收集和存储,在考虑上下文环境的前提下计算信任度、信任决策、反馈交互行为等。这些过程循环往复,不断演化具备动力学特性其中信任决策决定了是否与网络中其它传感器节点进行协作的问题,而揭示传感器节点信任演化动力学规律可为信任关系的量化与预测提供依据。因此,研究无线传感器网络信任决策和信任演化动力学过程对保障无线传感器网络安全和稳定起重要作用。本部分主要研究成果如下：1)建立了适用于传感器节点信任决策的“无线传感器网络信任博弈”模型,该模型能在传感器节点进行信任决策时正确地反映传感器节点选择不同动作的收益情况；2)在“无线传感器网络信任博弈”模型中绑定激励机制参数后,也就是说,若在实际的无线传感器网络信任管理系统中引入激励机制,能有效地减少传感器节点选择动作“不信任”(即对相互通信采取不合作的行为)的比例,从而使各传感器节点向选择动作“信任”(即在相互通信时采取合作的行为)转化,达到改善无线传感器网络稳定性和安全性的目的；3)得到了与“无线传感器网络信任博弈”相关的演化稳定策略定理,这些定理给出了达到演化稳定策略的条件并且能为无线传感器网络信任管理系统的实际设计奠定理论基础。(3)基于微分博弈的无线传感器网络恶意程序传播机制研究与其它网络环境类似的是,恶意程序对无线传感器网络而言也是一个严峻的安全问题。近期研究表明,这种恶意程序在无线传感器网络中容易传播流行。恶意程序一旦利用传感器节点的系统软件漏洞在无线传感器网络中广泛传播后,它们就能窃听传感器节点感知的数据,甚至可以采用耗尽传感器节点能量的方法使传感器节点完全处于瘫痪状态,从而严重影响整个无线传感器网络数据的机密性和整个网络工作的稳定性。要防御这些恶意程序,首先要对恶意程序的传播模型进行深入研究。确切地说,无线传感器网络恶意程序传播模型能够充分地反映恶意程序在无线传感器网络中的真实传播过程,暴露其传播规律,预测可能的威胁,为控制无线传感器网络环境中恶意程序的传播提供可靠的理论依据。因此,研究恶意程序的传播及传播过程中出现的优化控制决策问题对保障整个无线传感器网络的安全起重要作用。本部分主要研究成果如下：1)通过扩展经典流行病模型得到了一种新的流行病传播模型,该模型能准确地反映出传感器节点因节省能量消耗而周期性地进入休眠状态以及传感器节点在能量耗尽时将失去功能等特性；2)建立了一个“无线传感器网络系统”和“恶意程序”之间的零和“恶意程序防御微分博弈”模型,该模型能体现“无线传感器网络系统”和“恶意程序”双方在恶意程序传播时的交互情况,能反映它们之间的收益得失；3)在考虑“恶意程序”最大化破坏无线传感器网络的前提下,为“无线传感器网络系统”得到了最优的控制策略,这些策略能明显地抑制恶意程序在无线传感器网络中的传播,同时因计算方便而易于在资源有限的传感器节点上实现。(4)基于随机博弈的受攻击无线传感器网络可生存性评估研究无线传感器网络可生存性反映的是某些传感器点在出现故障或遭受攻击时,网络仍能及时完成关键任务的能力。满足高可生存性是无线传感器网络研究人员工作的终极目标。目前,容错、容侵、自再生是最常见的无线传感器网络可生存保障技术。然而,要使用这些可生存性保障技术,网络可生存性评估是前提和关键。通过网络可生存性评估,利用具体数值较准确地描述网络的可生存性状况,实现量化分析,可为提高无线传感器网络的可生存能力提供适时启动可生存性保障机制的决策依据。因此,可生存性评估对加强无线传感器网络的可生存性具有重要的指导意义。本部分主要研究成果如下：1)在“恶意攻击者”和“无线传感器网络系统”之间建立一个零和两人“攻击预测随机博弈”模型,该模型能得到理性“恶意攻击者”在不同的传感器节点状态中的攻击概率,从而为“恶意攻击者”的故意攻击行为和连续时间马尔可夫链的随机性之间建立联系；2)利用连续时间马尔可夫链建立了受攻击传感器节点的生命期模型,该模型能描述一个传感器节点在被攻击的情况下所导致的不同状态,从而可以得到计算受攻击传感器节点的平均无故障时间；3)构建了受攻击无线传感器网络的可生存性评估机制,包括可靠度、生存期及稳态可用度,从而为设计高可生存的无线传感器网络奠定了理论基础。总之,博弈论为研究无线传感器网络安全提供了新途径,本文取得的研究成果将支撑“智慧城市”建设,对丰富和促进无线传感器网络入侵检测、信任、恶意程序传播、可生存性等领域的基础理论和方法,具有重要的科学意义。更多还原

【Abstract】 Wireless Sensor Networks (WSNs) are composed of a large number of micro and low-priced sensor nodes deployed in sensing fields, whose aim is, cooperatively and instantly, to monitor, sense, and collect varieties of data information on monitoring objects, such as temperature, humidity, and air pressure and so on. By the method of wireless communications, these sensor nodes form a self-organized, self-adapted, and multi-hoped network system that is intelligent and transmits information sensed to administrators through the Base Station. It has been known that WSNs can be applied in a broad of fields, such as industry, agriculture, city control, medical treatment, environmental monitoring, and military and so forth.As task networks, WSNs not only transfer data sensed by sensor nodes, but also perform the fusion of these data and control coordinately different missions. During the process of these works, secure problems of how to guarantee confidentiality of performing tasks, reliability of producing data, and security of transmitting data, have been concerned by researchers. These problems have been a key factor to determine the development of WSNs.Game theory is a sort of mathematical tools to study decision problems between two players or among multiple ones, which can be a novel way for researching secure problems in WSNs. There are characteristics such as self-organization, lacking control center, dynamic topology, and limited sources in the typical WSNs. These characteristics will influence the behavior decision of sensor nodes during their communications. Then, the problem that will arise is:which strategy is optimal during the decision of sensor nodes? Sensor nodes maybe behave selfishly to seek their decisions only beneficial to their own profits, or even act maliciously and thus select their decisions to break the performance of the whole WSNs. These cases above can be solved by different non-cooperative games including signaling game, stochastic game, differential game, and so on. In addition, evolutionary game can be employed to explore the dynamic evolution of sensor nodes’behaviors. Therefore, applying game theory provides practical new thoughts to study several key secure problems in WSNs, which has become an important research direction full of future prospects.This dissertation is to target important research fields in WSNs security involving intrusion detection, trust, malware propagation, and survivability. Correspondingly, with game theory, some key problems including when to launch intrusion detection system (IDS), how to evolve trust decisions, how to propagate and control malwares, and how to predict attacked behaviors in survivability evaluation, are solved, respectively.(1) Signaling game based strategies optimal to IDS in WSNsAs an important shield to WSNs security, IDS is able to defend actively inside and outside attacks. IDS in WSNs can isolate those malicious sensor nodes to make following routings not pass them, and thus the loss resulted by malicious sensor nodes will be alleviated. However, plenty of computation resources must be required to make use of the IDS in WSNs. Due to limited resources of sensor nodes, it is not an optimal strategy that renders the IDS be in work state over time. Therefore, the strategy of when to launch IDS in WSNs has become a key factor to apply IDS effectively.The main results in this part lie as follows. 1) An Intrusion Detection Game based on the signaling game is formulated to study strategies of malicious sensor nodes and IDS agents, which satisfies such a situation that the IDS agent is uncertain about the type of its opponent;2) The theorems of equilibriums of the Intrusion Detection Game are set up and proven, which provide the optimal strategy for the IDS agent to decide whether to take Defend or Idle. That is, the IDS agents are not always on Defend and thus their energy are saved;3) Based on the Perfect Bayesian equilibrium, the IDS agent and the corresponding algorithm are designed;4) Simulation experiments to support the efficiency of the WSNs Intrusion Detection Game are constructed.(2) Evolutionary game based trust evolution dynamics of sensor nodes in WSNsRecently, the security mechanism based on trust, one of security technology, has been applied in WSNs. Contrast to cryptographic measures, trust among sensor nodes in WSNs will help other sensor nodes construct their confidence, promote their cooperation, and depress their risks to cooperate with others. Generally, trust proofs must be collected and stored in a trust management system. The trust level values of sensor nodes are considered to be computed and actions between sensor nodes are recorded. These processes satisfying the characteristic of dynamics are repeatedly performed and evolved. Based on a trust management system, a sensor node can determine whether to cooperate with others by making a trust decision. Moreover, disclosing principles of trust evolving is able to provide supports to quantify trust level values. Therefore, the trust decision of sensor nodes and its dynamics that will be studied constitute building blocks to secure and stabilize the whole WSNs.The main results in this part lie as follows.1) A WSNs trust game among sensor nodes is formulated, which is able to reflect properly the utilities of sensor nodes when they are making their decisions;2) It has been found that the incentive mechanism bound with the trust level of a sensor node is able to reduce greatly the rate of sensor nodes selecting the strategy Distrust and thus improve effectively WSNs in their security as well as stability;3) The theorems of evolutionarily stable strategies related to the trust game are attained, which provide various conditions to achieve these strategies and can be used to set up the theoretical foundation to guide the design of a trust management system for WSNs.(3) Differentia! game based optimal strategies against malware propagation in WSNsSimilar to other network environments, malware propagation in WSNs has become one of severe security problems. Recent studies have shown that malwares are prone to propagate in WSNs. Once these malwares have spread broadly due to software and hardware bugs of sensor nodes, they are able to listen in data sensed by sensor nodes, or even render sensor nodes dysfunctional by exhausting their energy reserves. These malicious behaviors will affect seriously confidentiality of data in WSNs as well as stability of the whole WSNs. In order to be able to devise the corresponding control strategies, modeling the propagation of the malware in WSNs should be considered firstly. Exactly, the malware propagation model is fully able to reflect the actual propagation process made by malwares in WSNs, to disclose malware propagation laws, and to predict possible threats. It thus provides a theoretical basis for controlling the malware spread in WSNs. Therefore, solving the problem of how to explore the malware propagation and make optimal strategies to control malwares effectively is important to guarantee the security of the whole WSNs.The main results in this part lie as follows.1) A malware propagation model by developing the epidemic theory is constructed, which is able to reflect the facts that sensor nodes are required to make themselves into the scheduled sleep mode for saving their energy, and that any sensor nodes will be dead after exhausting their power;2) A two-player zero-sum malware-defense differential game is formulated, which is able to reflect the interactions between the system and the malware, and the overall cost inflicted by the system and the malware;3) The interesting optimal strategies for the system and the malware are attained, respectively, which are able to suppress the propagation of the malware evidently and, due to their convenience to implement, are very suitable for sensor nodes.(4) Stochastic game based survivability evaluation towards attacked WSNsWSNs survivability is to reflect the ability to finish timely key missions when some sensor nodes have emerged hardware faults or suffered from malicious attacks. Satisfying high survivability has become an eventual aim for WSNs researchers. Currently, general survival technologies for WSNs consist of fault-tolerance, intrusion-tolerance, and self-regeneration and so on. In order to employ these survival technologies, the network survivability evaluation to realize quantity analysis must be performed firstly. The specific evaluation values attained can describe accurately the survival status of WSNs, and provide the decision basis for launching timely corresponding technologies to improve the survivability of WSNs. Therefore, solving the problem of how to measure the survivability is important to design a highly survival WSNs.The main results in this part lie as follows.1) A two-player zero-sum attack-prediction stochastic game between the attacker and the system is formulated, which is able to attain the attack probabilities adopted by the attacker in different states and set up the relation between the intention of attack behaviors and the randomness of continuous-time Markov chain (CTMC);2) The lifetime model of an attacked sensor node with CTMC is set up, which is able to depict the different states. Thus, the Mean Time to Failure (MTTF) of an attacked sensor node can be computed;3) A mechanism of survivability evaluation for attacked WSNs is constructed, which is composed of the reliability, survival lifetime, and availability in the steady state. These survivability evaluation metrics will be used to set up the theoretical foundation to guide the design of highly survival WSNs.In summary, game theory has provided a novel way for exploring problems of WSNs security. Results obtained above will give supports to construct intelligent cities and are significant to improve WSNs fundamental theory and methods in fields of intrusion detection, trust, malware propagation, and survivability.更多还原