首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到19条相似文献,搜索用时 109 毫秒
1.
胡琪  张娇  张玉军  李忠诚 《软件学报》2011,22(5):1009-1019
分析了移动自组网(mobile ad hoc network,简称MANET)暴露拓扑带来的安全问题,提出了一种拓扑隐藏的安全多路径路由协议.在路由发现过程中,不在路由包中携带任何路径信息,从而有效隐藏网络拓扑.通过按需的邻居发现进行身份认证并建立路由表项,最终采用排除节点的方法实现多路径的选取;在路由维护过程中,设计了专门的错误发现机制以检验所选路径的有效性和安全性.该协议综合考虑时间因素和路径长度因素,实现了安全的最短路径确定.安全分析表明,该方案可以抵御黑洞攻击、虫洞攻击、rushing攻击和sybil等典型攻击,同时对一般类型的攻击也具有抵御能力.仿真结果表明,与SRP(secure routing protocol)这种典型的安全多路径方案相比,该方案能够找到更多节点不相交的多路径;在普通场景中,该方案没有对协议性能带来额外影响;在黑洞攻击场景中,该方案只需付出一定的信令开销即可大幅度提高数据包转发率,可有效抵御黑洞攻击.  相似文献   

2.
MANET网络现有的路由协议由于未考虑到路由安全,使其在实际网络环境中容易受到攻击。ARAN(Authenticated Routing for Ad hoc Networks)采用证书技术对路由进行认证,可以有效防范这些攻击,但带来的网络开销和路由发现延迟较大。论文提出了一种基于ID签名算法的安全路由协议可以有效减少网络开销,仿真结果表明在网络开销和路由发现延迟方面明显优于ARAN。  相似文献   

3.
DSR协议下3种攻击的影响比较与仿真研究   总被引:1,自引:0,他引:1       下载免费PDF全文
蔡继文  易平  周雍恺  田野  柳宁 《计算机工程》2009,35(21):155-158
针对移动Ad Hoc网络的动态拓扑容易遭受各种网络攻击的特点,研究和比较现有的多种攻击模型,在动态源路由(DSR)协议下提出将黑洞节点按主动攻击和被动攻击进行分类的方法。在NS2网络仿真平台上实现包括RREQ洪泛攻击、被动型黑洞攻击和主动型黑洞攻击在内的3种攻击模式。通过仿真实验评估和比较这3种攻击对网络性能的影响,得出结论,就破坏性而言,RREQ洪泛攻击强于黑洞攻击,而主动型黑洞攻击强于被动型黑洞攻击。  相似文献   

4.
时延容忍网络是一种在大部分时间内源节点和目的节点之间不存在端到端路径,而依靠存储转发机制实现异步通信的无线自组织网络。针对其黑洞攻击的问题,设计一种能够检测黑洞节点的安全路由协议。分析时延容忍传感器网络模型和黑洞攻击模型,给出基于传递证据的恶意节点检测方案,并将其与路由协议相融合。仿真结果表明,该协议可准确识别出恶意节点,并且在传感器网络环境中具有较好的路由性能。将安全路由协议应用于水下环境监测或城市交通控制等领域,可以避免其网络环境遭受恶意节点的攻击,保证网络的可靠性与稳定性。  相似文献   

5.
防范篡改攻击、获取正确的路由信息是安全路由协议设计的主要目标.基于MANET网络成熟的距离向量路由协议DSDV,分析已有安全设计方案SEAD安全性,设计了一个新的安全DSDV路由协议S-DSDV,并采用串空间方法证明其能够防范篡改攻击,为网络节点获取正确的路由信息.  相似文献   

6.
基于邻居节点监测的MANET路由安全机制   总被引:1,自引:0,他引:1       下载免费PDF全文
提出了一种适用于MANET按需路由协议的路由安全机制NRR。该方法通过邻居节点监测机制、节点名誉机制和路由修复机制3个组成部分,实现了完全分布式的入侵检测,能防御典型的内部节点攻击,并能修复因攻击而造成的受损路由,最大程度地保证了路由协议的稳定性。  相似文献   

7.
基于SVM的MANET路由层入侵检测*   总被引:1,自引:0,他引:1  
针对MANET(移动自组织网络)路由层的攻击,通过对MANET路由层AODV(Ad hoc on-demand distance vector)路由协议交互行为的分析,提取了9个路由交互过程特征,将入侵检测问题转换为对正常行为和异常行为分类识别问题,采用SVM(支持向量机)算法,设计了一种分布式异常检测系统。仿真结果表明,使用该检测系统的检测率达到97%以上,从而验证了该系统的可行性,同时也验证了所提取的路由交互行为特征的有效性。  相似文献   

8.
移动Ad hoc网络AODV路由协议安全性分析和改进   总被引:8,自引:0,他引:8  
文中分析了移动Ad hoe网络的路由特点和路由安全;重点剖析了AODV路由协议的工作过程并对其中的路由重建过程进行了改进,加快了路由的修复速度;探讨了该协议存在的主要安全隐患——路由表溢出攻击和黑洞问题,对于黑洞问题,在分析已有解决方案存在重大漏洞的基础上提出了一种基于对目的节点进行测试的解决方案,该方案不仅有效地解决了黑洞问题而且从根本上消除了原方案所存在的重大漏洞。  相似文献   

9.
蒋一波  王雨晨  王万良  张祯  陈琼 《计算机科学》2013,40(Z11):170-174,191
移动Ad hoc网络(MANET,Mobile Ad hoc Networks)正得到越来越广泛的应用,相应的网络安全问题也开始得到广泛的关注。研究MANET网络可能遭遇的攻击方式,提出基于机器学习技术的入侵检测性能评估模型,并提出一个综合评价指标,比较了7种机器学习算法在MANET网络入侵检测中的性能表现,对于构建安全有效的MANET网络具有重要的意义。使用GloMoSim仿真工具对MANET网络正常行为及黑洞、洪水、丢包3种入侵行为进行模拟,并详细分析了各种攻击情况下,7种机器学习算法的性能表现。分析结果显示,该评估模型能较好地反映出各种机器学习算法的性能,其中,多层感知器、逻辑回归和支持向量机具有较高的检测率及较低的误报率。  相似文献   

10.
为提高移动自组织网络(mobile ad hoc network,MANET)路由协议效率并增强其网络可扩展性,通过对P2P(peep-to-peer)网络与MANET的交叉研究,在DSR协议基础上引入Chord算法,提出基于网络物理拓扑的分级路由模型LPDSR.采用按需建环机制和分级路由算法,降低查询复杂度,减少绕路问题.LPDSR算法性能分析和NS-2仿真结果表明,该路由模型的网络可扩展性明显提高.  相似文献   

11.
详细剖析了MANET路由协议中存在的黑洞问题,提出了一种综合、有效的解决方案.  相似文献   

12.
A black hole attack on a MANET refers to an attack by a malicious node, which forcibly acquires the route from a source to a destination by the falsification of sequence number and hop count of the routing message. A selective black hole is a node that can optionally and alternately perform a black hole attack or perform as a normal node. In this paper, several IDS (intrusion detection system) nodes are deployed in MANETs in order to detect and prevent selective black hole attacks. The IDS nodes must be set in sniff mode in order to perform the so-called ABM (Anti-Blackhole Mechanism) function, which is mainly used to estimate a suspicious value of a node according to the abnormal difference between the routing messages transmitted from the node. When a suspicious value exceeds a threshold, an IDS nearby will broadcast a block message, informing all nodes on the network, asking them to cooperatively isolate the malicious node. This study employs ns2 to validate the effect of the proposed IDS deployment, as IDS nodes can rapidly block a malicious node, without false positives, if a proper threshold is set.  相似文献   

13.
刘伟  柴乔林 《计算机工程与设计》2007,28(20):4888-4890,4894
移动Ad hoc网络(MANETs)在民用设施和国防事业方面得到广泛应用.动态变化的拓扑结构是Ad hoc网络的一大特征,也正是这种动态性使得Ad hoc网络特别容易受到安全方面的攻击.重点讨论在AODV协议下的黑洞攻击和灰洞攻击,并根据攻击的特点,提出了一种利用虫洞原理防御的策略.  相似文献   

14.
ABSTRACT

Security is an essential service for mobile network communications. Routing plays an important role in the security of mobile ad-hoc networks (MANETs). A wide variety of attacks targets the weakness of MANETs. By attacking the routing protocols, attackers can absorb network traffic, injecting themselves into the path between the source and destination. The black hole attack is one of the routing attacks where a malicious node advertise itself as having the shortest path to all nodes in the network by sending fake route reply. In this paper, a defense scheme for detecting black hole node is proposed. The detection is based on the timing information and destination sequence numbers maintained in the Neighborhood Route Monitoring Table. The table maintains the record of time of Reply. A black hole node will send a route reply message without checking the routing table as the legitimate node normally does. This reduced reply time is used to detect the black hole node. To improve the security further, the destination sequence number is checked with the threshold value, which is dynamically updated. The simulation results demonstrate that the protocol not only detects black hole attack but also improves the overall performance.  相似文献   

15.
多维MANET可靠性建模研究   总被引:1,自引:1,他引:0  
移动自组织网络(MANET,Mobile Ad hoc Network)是一种不依赖固定基础设施且不需要中心控制的动态无线网络。由于其开放自治的无线网络环境及无中心、动态拓扑等特性,导致MANET无法保障通讯的持续性,同时容易受到各种安全攻击。因此相对于传统网络,MANET在网络的可靠性上存在很大的局限性。综合考虑了影响MANET可靠性的两大因素,即节点移动性和安全攻击,提出了多维MANET可靠性模型,并对模型结果进行了实验分析,进一步指出了影响MANET系统可靠性的关键参数。  相似文献   

16.
Mobile ad hoc network (MANET) is an appealing technology that has attracted lots of research efforts. On-demand routing protocol such as AODV may suffer from frequent topological changes. Due to frequent communication failures, multipath MANET is preferred than single-path MANET in many applications as former is used for achieving robustness and load balancing and improving reliability. Although multipath MANET is attractive solution, there are still some major flaws that prevent commercial growth. Security is one of these main barriers; MANETs are known to be particularly vulnerable to security attack. The paper presents a design of robust and secure framework for multipath MANET. In this paper, we propose not only a robust multipath routing protocol but also an extended security scheme. We discuss security analysis for proposed security scheme. And we also conduct simulation to evaluate such a framework through different performance metrics. Results show that the proposed routing protocol achieves better performance in terms of various metrics than other protocols.  相似文献   

17.
移动自组网是由一组带有无线收发装置的移动节点组成的无需固定设置支持的临时性的通信网络,路由在整个网络安全中起着重要作用。剖析了AODV路由协议中存在的路由黑洞问题,并在分析了已有解决方案基础上,提出了一种基于节点邻居集的解决方案,实验和分析表明本方案在对原AODV协议流程和控制包做了少量修改的情况下,能够检测黑洞攻击、发现到达目的节点的可信路由。  相似文献   

18.
Anbarasan  M.  Prakash  S.  Antonidoss  A.  Anand  M. 《Multimedia Tools and Applications》2020,79(13-14):8929-8949

MANET(Mobile Adhoc Networks) possess the open system condition, absence of central server, mobile nodes that make helpless to security assault while conventional security components couldn’t meet MANET security prerequisites in view of restricted correspondence data transfer capacity, calculation power, memory and battery limit in addition to the vitality enabled environment. The trusted MANETs provide a reliable path and efficient communication but the secrecy of the trust values sometimes may be overheard by the masqueraders. Due to the need of the clustered MANETs the exchange of mathematical values remains to be a necessary part. In the proposed security of the trusted MANETs is focused so as to provide rigid and robust networks when additional resources are added. For clustering of the nodes LEACH protocol is suggested in which the CHs and CMs are fixed for the data transfer in the network. The energy is disseminated in the LEACH as to avoid the battery drain and network fatal. Hence to add resistance and to make an authentic network, the encryption and decoding is incorporated as a further supplementary to avoid the denial of service attacks, we have utilized DoS Pliancy Algorithm in which the acknowledgment based flooding attacks is focused. Likewise the encoded messages from the source node in one cluster can be recoded in the transmission stage itself to reproduce the messages. Contrasted with the past works, QoS of our proposed work has been made strides when tested with black hole and sink hole attacks. Simulation results shows that the DoS pliancy scheme works better and efficient when compared to the existing trust based systems.

  相似文献   

19.
大规模移动自组网络安全技术综述   总被引:1,自引:1,他引:1  
移动自组网络具有重要的军事价值和广阔的商业应用前景.其无中心控制、多跳等特征使移动自组网络安全问题更加严峻.特别是,当节点数增加时,网络的组成难度、可用性、安全性都会受到极大的影响.在对国内外有关移动自组网络研究现状综述的基础上,重点对大规模移动自组网络安全涉及的关键技术,如安全模型与安全方案、安全分簇技术、组密钥管理技术等方面的研究现状进行了深入分析与探讨;最后,指出了大规模移动自组网络安全技术的主要研究方向,即:大规模移动自组网络的安全组网技术、移动自组网络的协议安全证明技术、大规模移动自组网络的密钥管理技术、大规模移动自组网络模型模拟和安全性论证.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号