基于Hilbert填充曲线的海洋无线传感网源节点位置隐私保护方法

节点位置保护对于海洋无线传感器网络(MWSNs)至关重要,尤其是对于无人值守的环境。然而,由于大多数静态部署,传感器的能量、存储和通信能力的限制,MWSNs容易受到各种位置(和衍生)攻击的影响。该文从攻击和防御两个方面研究节点位置隐私保护问题。首先,针对两种重要节点(包括基站和源节点)提出了一种新的二相定位攻击,它可以在少量的本地无线传输监视中找到基站节点,反向跟踪源节点的位置。与现有方法不同,提出的攻击根据传输方向确定节点位置,从而突破现有的防御。然后,为了抵御这种攻击,该文设计了一种基于Hilbert填充曲线的传感器网络路由节点位置隐私保护方法(HLPS)。攻防理论分析与对抗实验表明,该方法能够保护目标节点的位置隐私,具有较小的通信和计算开销。     

无线传感器网络中用于目标跟踪的节点规划算法

利用无线传感器网络进行目标跟踪时,由于各传感器节点的能量有限,数据蕴含的有效信息又各不相同,因此有必要规划参与目标跟踪的节点集和参与方式,以降低系统开销。本文提出了一种新的基于领导节点的节点规划算法,综合考虑收集数据和领导节点迁移过程中的通信开销,以最大化目标跟踪的性能。求解中以跟踪过程中的误差矩阵作为目标度量,采用高斯-赛德尔（Gauss-Seidel）和凸松弛等方法,使得复杂的带约束优化问题能够在接近O（N3）的时间复杂度内得到求解。仿真结果表明,与对比算法相比,本算法在相同的通信能量约束下能够达到更好的跟踪性能。     

基于信息覆盖的无线传感器网络访问控制机制

通过周期性地信息扩散,设计THC(two-hop cover)算法,使传感器节点能够在用户移动过程中及时得到用户的认证信息.基于THC算法,引入Merkle散列树和单向链等安全机制,采用分布式的访问控制模式,提出了适用于随机移动用户的传感器网络访问控制机制.分析和实验表明,本机制既适用移动用户,也适用静止用户,计算、通信、存储开销低,能够抵制节点捕获、重放、DoS等攻击.     

基于感应数据值的无线传感器网络分簇算法

提出了一种无线传感器网络的分簇算法,用于协助基于簇的入侵检测方案检测网络中的各种恶意攻击行为.它将整个网络划分成若干个簇,使得簇内各传感器节点物理位置临近,并且采集的数据值接近.这一特性使得识别异常节点非常容易,并且保证入侵检测方案具有较高的检测精度和较低的误报率.该算法也使得网内数据处理变得异常简单,从而能够有效节省传感器节点的能量,延长网络的寿命.     

一种基站可移动传感器网络再编程协议

 本文针对基站可移动传感器网络实现了一再编程协议MovPro.该协议可以将新的二进制程序通过多跳的形式下发到网络内的节点上并使之运行.该协议的大致过程描述为,当基站在网络内移动时,基站将数据发送给它移动轨迹上的节点.节点收到部分二进制代码后通过窗口交换的形式将二进制代码传播到整个网络.MovPro是第一个在基站可移动传感器网络的真实系统.本文通过多种方式减少通信开销,并通过二级存储的方式减少外部flash的写次数.实验表明MovPro适用于基站可移动传感器网络.     

实现位置及时间绑定的密钥分发——防御传感器网络节点复制攻击的新方法

提出了一种新的防御思路:通过使复制节点无法与邻居节点建立成对密钥的方式,来达到消除复制节点攻击威胁的目的,由此设计了一种基于多项式的成对密钥分发方法LTB(location and time binding).LTB把每个节点的密钥信息与其部署位置和时间信息绑定起来,使每个节点只能在其部署位置与邻居节点建立成对密钥.由于复制节点的部署位置不同于原捕获节点,因此LTB能够有效阻止其与邻居节点建立成对密钥.LTB相比现有各种周期性复制节点检测机制的优势是它彻底消除了复制节点攻击隐患而且协议开销更低,通信开销从O(pn3/2)下降到O(n),其中,p是检测周期数,n是网络节点个数.     

移动ad hoc网络预分配非对称密钥管理方案

为了降低移动ad hoc网络非对称密钥管理中的通信开销,基于组合公钥思想,将ElGamal方案与预分配密钥方式相结合,提出一种基于身份的预分配非对称密钥管理方案(PAKMS)。该方案通过私钥生成中心为节点预分配主密钥子集及基于时间获得节点密钥更新的方式,从方法上降低了移动ad hoc网络非对称密钥管理中的通信开销;私钥生成中心为节点预分配主密钥子集的方式也使节点在网络运行阶段不再依赖私钥生成中心为节点分配和更新密钥。由此,弱化了基于身份密钥管理中存在的私钥托管问题对网络安全的影响。与典型方案对比分析表明,该方案在提供节点密钥更新服务的情况下能够有效降低网络通信开销。此外,对方案的安全性进行了详细证明。     

基于动态调整节点包发送速率的基站保护策略

无线传感器网络中,为了抵御全局流量监测的攻击者,提出了一种基于节点包发送速率动态调整的基站位置隐私保护策略SRA。SRA通过调整全网节点的发包率,实现源节点到基站的流量隐藏,继而能够有效抵御全局流量分析的攻击者。理论表明,SRA能够有抵御全局流量的攻击者对基站的定位。更进一步地,提出了基于贪心选择路径的基站位置隐私保护策略GCR,进一步降低网络通信开销。实验表明,与SRA相比,GCR能够有效保护基站的位置隐私且具有较低的通信开销。     

基于室内无线传感器网络射频信号的老年人跌倒检测研究

利用无线信号的自然衰减,在不显著增加通信开销的基础上,提出了一种新的老年人跌倒行为的检测方法.给出阶段相关性这一概念并用以区分体域传感器网络节点与室内传感器网络节点信号在人运动与静止条件下的统计相关性.给出了最小通信决策集合的概念,通过对比最小通信决策集合的内容,提出了老年人位置估计方法和跌倒行为检测算法;利用仿真工具...     

一种同时保障隐私性与完整性的无线传感器网络可恢复数据聚合方案

该文针对无线传感器网络(WSNs)数据聚合与安全目标之间的矛盾,基于隐私同态和聚合消息验证码技术提出一种同时保障数据隐私性与完整性的可恢复数据聚合方案。该方案支持由聚合结果恢复出各感知数据,从而一方面能够验证感知数据和聚合数据的完整性,另一方面能够对原始数据进行任意所需的处理,不受聚合函数类型的限制。安全分析表明该方案不仅支持数据隐私性、完整性,还能够抵抗未授权聚合攻击,聚合节点俘获攻击,且能够在一定范围内检测及定位恶意节点。性能分析表明,该方案相比其他算法在通信和计算开销方面具有显著优势。为了评估方案性能和可行性,基于TinyOS给出了算法的原型实现。实验结果表明,该方案开销较低,对于资源受限的WSNs是高效可行的。     

Detection of Replica Node Attack Based on Exponential Moving Average Model in Wireless Sensor Networks

Due to the broadcast nature of wireless communication, wireless sensor networks (WSNs) are susceptible to several attacks. Amongst them, replica attack is one of the predominates as it facilitates the attackers to perform some other attacks. So, it is of immense significance to design a competent security method for WSNs. Introducing a trust method is the primary concern for assisting well-organized use of the available energy in each node in the energy restricted environment. In order to tradeoff between energy usage and attack detection, energy-based prediction approach is deemed to be a suitable one. A statistical method, exponential moving average (EMA) model based replica detection is proposed to detect replica node attack based on energy consumption threshold in WSNs. The difference between actual and predicted energy consumption exceeding the threshold level is considered as malicious. In this paper, future energy drop of a sensor node is forecasted using statistical measure instead of probabilistic method. In EMA model, the transition from higher power consuming state (active state) to lower power consuming states (sleep and sense states) is controlled by a fixed schedule. The accumulated average time of the node was in any state in the past is used to estimate the time duration of a node that spends in that state. Unlike Markov Model, the estimations of energy are made periodically. By this, computational overhead on the microcontroller of the sensor is greatly reduced in EMA approach. The simulation results taken using TRM simulator shows that choosing the threshold value which is neither too large nor too small results in optimum level of detection accuracy and lifetime of the network.

     

A Zone-Based Node Replica Detection Scheme for Wireless Sensor Networks

Wireless sensor networks (WSN) are susceptible to various kinds of attack, and node replication attack is one of them. It is considered to be one of the most serious attacks in WSN. In this type of attack, an adversary deploys clones of a legitimate node. These clones participate in all network activities and behave identically same as the legitimate node. Therefore, detection of clones in the network is a challenging task. Most of the work reported in the literature for clone detection is location dependent. In this paper, we have proposed a location independent zone-based node replica detection technique. In the proposed scheme, the network is dynamically divided into a number of zones. Each zone has a zone-leader, and they share their membership list among themselves. It is the responsibility of the zone-leader to detect the clone. The proposed technique is a deterministic one. We have compared our scheme with LSM, RED, and P-MPC and observed that it has a higher clone detection probability and a lower communication cost.     

FBDR-Fuzzy Based DDoS Attack Detection and Recovery Mechanism for Wireless Sensor Networks

Wireless sensor networks (WSN) is considered as one of the exploring technology for its deployment of the massive number of dedicated sensor nodes which sense the environment and collect the data. The collected data are sent to the sink node through the intermediate nodes. Since the sensors node data are exposed to the internet, there is a possibility of vulnerability in the WSN. The common attack that affects most of the sensor nodes is the Distributed Denial of Services (DDoS) attack. This paper aims to identify the DDoS (Flooding) attack quickly and to recover the data of sensor nodes using the fuzzy logic mechanism. Fuzzy based DDoS attack Detection and Recovery mechanism (FBDR) uses type 1 fuzzy logic to detect the occurrence of DDoS attack in a node. Similarly fuzzy- type 2 is used for the recovery of data from the DDoS attack. Both the type 1 fuzzy-based rule and type 2 fuzzy-based rule perform well in terms of identifying the DDoS attack and recover the data under attack. It also helps to reduce the energy consumption of each node and improves the lifetime of the network. The proposed FBDR scheme is also compared with other related existing schemes. The proposed method saves energy usage by up to 20% compared with the related schemes. The experimental results represent that the FBDR method works better than other similar schemes.

     

Distributed detection of replica node attacks with group deployment knowledge in wireless sensor networks

Several protocols have been proposed to mitigate the threat against wireless sensor networks due to an attacker finding vulnerable nodes, compromising them, and using these nodes to eavesdrop or undermine the operation of the network. A more dangerous threat that has received less attention, however, is that of replica node attacks, in which the attacker compromises a node, extracts its keying materials, and produces a large number of replicas to be spread throughout the network. Such attack enables the attacker to leverage the compromise of a single node to create widespread effects on the network. To defend against these attacks, we propose distributed detection schemes to identify and revoke replicas. Our schemes are based on the assumption that nodes are deployed in groups, which is realistic for many deployment scenarios. By taking advantage of group deployment knowledge, the proposed schemes perform replica detection in a distributed, efficient, and secure manner. Through analysis and simulation experiments, we show that our schemes achieve effective and robust replica detection capability with substantially lower communication, computational, and storage overheads than prior work in the literature.     

A ranging based scheme for detecting the wormhole attack in wireless sensor networks

Wireless sensor networks have been widely used in general and military scenarios. And this leads to a need for more security. Wireless sensor network are easy vulnerable to attack and compromise. Wormhole attack is a harmful against routing protocol which can drop data randomly or disturbing routing path. In this paper, we proposed a novel method to detect the wormhole attack based on statistical analysis. In the proposed method, a sensor can detect the fake neighbors which are caused by wormhole through the neighbor discovery process, and then a k-means clustering based method is used to detect wormhole attack according to the neighbor information. That is, by using this proposed method, we can detect the wormhole only by the neighbor information without any special requirement. We did some experiments to evaluate the performance of this method, and the experimental results show that our method can achieve satisfying results.     

Node coloring based replica detection technique in wireless sensor networks

Node replication attack possess a higher level of threat in wireless sensor networks. A replicated node takes advantage of having legal identity of the compromised node to control the network traffic and inject malicious information into the network. Several techniques have been proposed to detect node replication in wireless sensor networks. However, in most of these techniques, the responsibility for replica detection lies either with the base station or a few randomly selected witness nodes. In this paper, we propose a technique for detecting replicas without the participation of base station and witness nodes. In the proposed scheme, each node is assigned with a color (value), which is unique within its neighborhood. A color conflict within the neighborhood of a node is detected as a replica. We made a comparison of the proposed scheme with RED (Conti et al. in IEEE Trans Dependable Secure Comput 8(5):685–698, 2011), LSM (Parno et al. in Proceedings of IEEE symposium on security and privacy. IEEE, pp 49–63, 2005), and SET (Choi et al. in Proceedings of third international conference on security and privacy in communications networks and the workshops, SecureComm 2007. IEEE, pp 341–350, 2007). Parameters considered for comparison are detection probability, communication complexity and storage overhead. We observed that the proposed scheme has a higher detection probability, and lower communication and storage overhead.     

Detection method of LDoS attacks based on combination of ANN ＆ KPCA

Low-rate denial-of-service (LDoS) attack is a new type of attack mode for TCP protocol.Characteristics of low average rate and strong concealment make it difficult for detection by traditional DoS detecting methods.According to characteristics of LDoS attacks,a new LDoS queue future was proposed from the router queue,the kernel principal component analysis (KPCA) method was combined with neural network,and a new method was present to detect LDoS attacks.The method reduced the dimensionality of queue feature via KPCA algorithm and made the reduced dimension data as the inputs of neural network.For the good sell-learning ability,BP neural network could generate a great LDoS attack classifier and this classifier was used to detect the attack.Experiment results show that the proposed approach has the characteristics of effectiveness and low algorithm complexity,which helps the design of high performance router.     

基于简化云与K/N投票的选择性转发攻击检测方法

针对无线传感器网络中恶意节点产生的选择性转发攻击行为,该文提出一种有效的攻击检测方法。该方法将简化云模型引入信任评估中,结合改进的K/N投票算法确定目标节点的信任值,将目标节点信任值与信任阈值比较,进行选择性转发攻击节点的判定。仿真结果表明,当信任阈值为0.8时,经过5个时间段后,该方法能够有效地检测出网络中的选择性转发攻击节点,具有较高的检测率和较低的误检率。     

On the Detection of Clones in Sensor Networks Using Random Key Predistribution

Random key predistribution security schemes are well suited for use in sensor networks due to their low overhead. However, the security of a network using predistributed keys can be compromised by cloning attacks. In this attack, an adversary breaks into a sensor node, reprograms it, and inserts several copies of the node back into the sensor network. Cloning gives the adversary an easy way to build an army of malicious nodes that can cripple the sensor network. In this paper, we propose an algorithm that a sensor network can use to detect the presence of clones. Keys that are present on the cloned nodes are detected by looking at how often they are used to authenticate nodes in the network. Simulations verify that the proposed method accurately detects the presence of clones in the system and supports their removal. We quantify the extent of false positives and false negatives in the clone detection process.     

基于多维度分析的APT邮件攻击检测

电子邮件是APT (Advanced Persistent Threat)攻击中常用的攻击载体,本文针对APT邮件攻击提出了一种基于多维度分析的APT邮件攻击检测方法。首先,提取邮件头部和邮件正文信息,邮件附件文件还原;然后,分别通过邮件头部、邮件正文、情报检测、文件内容深度检测、邮件异常行为检测和邮件站点自学习等多维度进行分析;最后基于分析结果将邮件归类为普通邮件和可疑APT攻击特征的邮件。本文提出的方法既结合传统的邮件威胁攻击特征,并融入情报检测和附件深度检测,且考虑邮件异常行为分析,最后结合客户业务进行自学习分析,有效地提高了APT邮件攻击的检测准确率,为APT邮件攻击检测提供一种良好的检测方案。