节点文献
基于邻居分类协同的WSNs入侵攻击检测与安全防护技术研究
Neighbor-Classification Detection Protocols and Curity Technology for WSNs
【作者】 黎明曦;
【导师】 熊焰;
【作者基本信息】 中国科学技术大学 , 计算机应用技术, 2013, 博士
【摘要】 无线传感器网络(Wireless Sensor Networks,WSNs)是信息科学领域中一个新兴的研究领域,通常由大量可搭载传感器模块的无线通信节点组成,将其部署在某个区域内可以实施采集和监控其中的环境特征参数。无线传感器网络是一种特殊的移动自组织网络,是物联网(Internet of Things, IoT)技术的重要组成部分。由于其具有部署灵活,自主维护控制等特点,因此对于一些传统网络不适合运用和无法部署的应用环境具有特别好的适用性。随着微电子技术和无线通信技术的不断发展,无线传感器网络的研究也逐渐从基础理论的探索发展到对于实际系统的研究和开发,而网络运行的安全问题逐渐成为制约其发展的一个重要因素。现阶段对于无线传感器网络安全机制的研究多是基于传统网络的安全机制进行改进,使得其适用于在传感器节点上实现分布式安全。但是,由于传感器节点的计算性能和存储性能都十分有限,不能满足传统网络安全机制的计算复杂度需求,因此在实际应用时无法有效应对具有强大计算能力的攻击者的攻击。研究表明,对无线传感器网络的攻击行为与传统网络攻击模式有很大的区别,往往都具有明确的针对性,制定对应的特定防护策略需要从分析特殊的攻击模式开始,充分运用无线传感器网络节点众多,广泛分布的特性,利用多点协同计算和特征数据分析的方式对恶意行为进行识别和处理。论文分别从入侵节点检测、入侵节点处理和入侵节点跟踪三个方面对无线传感器网络的安全问题进行了研究,并取得了如下的一些研究成果:(1)基于协同测距的传感器节点邻居分类机制。文中根据节点间的相对位置信息给出一种邻居节点分类的方法,为入侵节点检测提供一种易于获取却难以伪造的特征数据,传感器节点可以通过对比和分析相互的邻居节点分类信息准确判断和处理网络中存在的入侵节点。实验结果证明,运用节点分类数据作为安全检测的依据可以在具备较高的检测概率的同时,降低系统的开销,并使得检测协议具有更好的鲁棒性。(2)基于邻居分类机制的入侵节点检测协议(NCDP)。由于硬件条件的限制,节点的传输距离有限,通常只能获取相邻节点与自己的距离,通过分析和运用节点与相邻节点的间距信息就能判断网络中节点的规模和运行状态。文中将基于邻居分类机制和多节点测距辅助方法研究如何在低测距精度下实现运用感知数据实现对入侵攻击的检测。实验结果证明,在具有相同检测概率时,文中设计的NCDP协议比RED等常见检测协议具有更低的系统开销,而由于采用了节点邻居分类数据作为检测依据也使得攻击者难以通过伪造数据隐藏其真实身份。(3)基于区域节点统计的sybil攻击防护协议。sybil攻击是一种特殊的入侵攻击模式。本文设计了一种基于区域统计的检测协议用于识别网络可能存在的sybil节点及其攻击行为。首先,协议运用节点间的测距信息作为检测依据,易于在系统中实现。其次,协议中采用“饿死处理”机制处理网络中存在的sybil节点,有效避免了因为sybil攻击可能造成的网络中大量节点失效的问题。最后,在30个节点的真实系统中进行实验的结果表明,本协议可以高概率检测出网络中的sybil节点,并且具有低能耗和低延迟的特点。(4)移动入侵节点的跟踪定位机制当入侵节点发现自己被系统屏蔽后,可以采用移动位置的方式继续对网络造成危害,文中提出了一种基于节点通信数据的移动入侵节点跟踪定位机制,通过交换邻居分类信息可以实现对入侵节点的快速识别和定位,提高检测效率,降低网络的通信能耗。
【Abstract】 Wireless sensor networks (WSNs) are a new direction of development in the field of information science that usually be composed of a large number of wireless communication nodes. These nodes can be equipped with some sensor modules. We can deploy some nodes in a region for collection and monitoring of environmental characteristic parameters. Wireless sensor network is a special kind of mobile ad hoc networks, which is an important part of the Internet of Things (Internet of Things, IoT). Because of its flexible deployment and autonomous maintenance control, it is useful in the application environment which is not suitable for traditional networks. With the continuous development of microelectronics technology and wireless communication technology, more attention has been paid to not only the research of WSNs technology but also the application of WSNs and IoT. Therefore, the security issues of WSNs are becoming an important factor restricting the development.At present, the security mechanism for wireless sensor network is based on the improvement of traditional network security mechanisms which can be applied in distributed system. However, the computational performance and storage performance of sensor nodes are very limited and cannot meet the demand of the computational complexity of the traditional network security mechanisms. It means that these improved traditional protocols cannot effectively deal with the attackers with powerful computing capability in practical applications. Our research shows that the aggressive behavior against wireless sensor networks and traditional network attack patterns are quite different, because the attacker in the WSNs is often targeted. Therefore, the researches of the specific protection strategies need to start from the analysis of the special attack mode. In fact, we can make full use of the characteristics of WSNs to design the security mechanism based on multi-nodes collaborative computing and characteristic analysis.In this dissertation, we discussed three security issues of WSNs:the intrusion node detects, intrusion node processing and intrusion node tracking.(1) The multi-range-assisted neighbor classification mechanismThe neighbor classification mechanism we proposed in this dissertation is a neighbor-evidence-based method which can be used to detect malicious nodes by analyzing the classification of nodes’neighbors. Our mechanism is hard to be interfered by adversaries while can obtain good performance. The experiment result shows that the multi-range-assisted neighbor classification mechanism can detect malicious nodes in a high probability with low overhead and high robust.(2) The neighbor classification detection protocol against intrusion nodesDue to the hardware limitations of nodes, its transmission distance is limited so a node can only gauge the distance to his adjacent nodes. Our research is focus on the detection of the network operation status by analyzing the distance between nodes. The detection protocol we proposed can be used in the WSNs with Low-precision ranging mechanism. Our protocol can detect the false claims from intrusion nodes, because all claims from neighbors of intrusion nodes can be used to discern the false claims. The experiment result confirmed that NCDP can obtain the same detection probability like RED or other solutions with low overhead. Meanwhile, NCDP can deal with malicious false claims from intrusion nodes.(3) The regional statistics detection scheme against sybil AttacksMany variants of intrusion attacks were spawned such as the sybil attack. In this dissertation, we proposed a regional statistics detection scheme (RSDs) against sybil attacks, which is an effective solution to three key issues:firstly, we address the sybil attack by a RSSI-based distributed detection mechanism; secondly, our protocol can prevented the network from a large number of nodes failure caused by sybil attacks; Thirdly, the RSDs has been verified can maintain a high detection probability with low system overhead by implement experiments. Finally, we run our protocol in a prototype detection system with30nodes that the experiment result confirmed its high efficiency.(4) The tracking and positioning mechanism for mobile intrusion nodesWhen intrusion nodes have been shield by his neighbors, they would move to other regions to re-execute the malicious behavior. In this dissertation, we proposed a tracking and positioning mechanism for mobile intrusion nodes by which the intrusion nodes can be identified and located rapidly with high probability and low energy consumption.