首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到17条相似文献,搜索用时 218 毫秒
1.
传统虚假数据过滤方案无法过滤从非转发区域注入的虚假数据。为解决该问题,提出一种基于阈值机制的虚假数据过滤方案。节点在部署后建立到Sink的转发路径,每个数据包包含f个检测节点的消息验证码(MAC)以及2个安全阈值,转发节点分别对MAC和安全阈值进行正确性验证。理论分析及仿真实验结果表明,该方案能有效识别与过滤任意区域注入的虚假数据,并且具有较低的能量开销。  相似文献   

2.
张君君  侯晓磊 《计算机仿真》2020,37(2):339-342,364
传感器网络遭受外来攻击时,节点会被注入大量虚假信息,在浪费通信资源的同时也会影响用户正常决策,干扰传感器网络安全运行。提出传感器网络多路虚假数据分层过滤方法。在网络部署完成后分配全局节点对应密钥,通过密集认证构建封闭区域,随后利用密钥确定簇内节点与验证节点的对应关系,转发需检测的数据包,判断其包含的节点码、哈希值以及MAC信息数量是否准确,最后使用sink节点对数据包做校对与丢弃,完成多路虚假数据分层过滤。仿真结果表明,所提方法虚假数据过滤效率高,节点能耗少,性能和鲁棒性均具有明显优势。  相似文献   

3.
任秀丽  张晨 《计算机工程》2012,38(24):115-118
在无线传感器网络中,节点被俘获后会向网络中注入大量虚假数据。为此,提出一种途中过滤增强方案。使用加密密钥和验证密钥防止途中节点篡改数据,采用安全性增强方案解决途中节点遭到破坏而无法传递和检测数据的问题,利用备份节点的密钥验证转发数据的正确性,由此过滤虚假数据,并引入MAX_FALSE参数,消除不完全虚假数据对基站接收数据的影响。仿真结果表明,与SEF、DEF、FIMA相比,该方案的过滤能力更强,能耗更少。  相似文献   

4.
已有传感器网络虚假数据过滤机制采用随机策略部署节点,由转发节点对数据包中附带的t个MAC(Message Authentication Code)签名进行验证,从而实现对虚假数据的识别和过滤。然而,在实际应用中,随机部署往往在网络中形成部分稀疏区域,无法被t个拥有不同密钥分区的节点同时覆盖。提出利用覆盖算法对节点进行部署,在均衡覆盖质量及网络开销的情况下,证明了适用于虚假数据过滤的最优节点覆盖度为2t,并进一步推导了一些相关的覆盖结论。理论分析及仿真实验表明,与随机部署相比,最优覆盖算法极大提高t个密钥分区同时覆盖的概率。例如,当400个节点部署于50?50m2的区域时,随机部署和最优覆盖算法保证t个密钥分区同时覆盖的概率分别为9%和92%。  相似文献   

5.
已有传感器网络中,过滤机制只能在转发过程中过滤虚假数据而无法过滤重复数据,且无法防范协同攻击.提出了一种基于单向哈希链的过滤方案HFS.在HFS中,节点在部署后将密钥和初始哈希值预分发给部分中间节点存储,每个数据包附带t个MAC和新鲜哈希值,转发节点同时对数据包中检测节点之间相对位置关系的合法性、MAC 和哈希值的正确性以及哈希值的新鲜性进行验证.理论分析及仿真实验结果表明,HFS 可同时过滤传感器网络中的虚假数据和重复数据,并能有效对抗协同攻击.  相似文献   

6.
陈丛  周力臻 《计算机仿真》2021,38(3):346-350
针对现有网络虚假数据追踪与过滤方法中存在的追踪定位精度低、过滤覆盖范围小的问题,提出基于Python爬虫技术的虚假数据溯源与途中过滤.将虚假数据覆盖的网络划分为相同大小的网格,根据一定概率标记数据包;分析Python爬虫抓取过程,以适用多场景、界面可视化、负载均衡为系统设计目标,设计爬虫管理器、采集器与内嵌浏览器硬件设备;结合系统爬取数据流程描述各软件模块的协作方式;在系统中部署节点,建立协作关系区域,利用布隆过滤器生成数据包,通过共享密钥证明MAC是否合法,启动溯源过程;在溯源途中若节点不存在任何一个密钥,则将其过滤,完成虚假数据溯源与途中过滤.仿真结果证明,上述方对虚假数据的过滤效果较高,且对虚假数据溯源定位精度较高.  相似文献   

7.
陈丛  周力臻 《计算机仿真》2021,38(3):346-350
针对现有网络虚假数据追踪与过滤方法中存在的追踪定位精度低、过滤覆盖范围小的问题,提出基于Python爬虫技术的虚假数据溯源与途中过滤.将虚假数据覆盖的网络划分为相同大小的网格,根据一定概率标记数据包;分析Python爬虫抓取过程,以适用多场景、界面可视化、负载均衡为系统设计目标,设计爬虫管理器、采集器与内嵌浏览器硬件设备;结合系统爬取数据流程描述各软件模块的协作方式;在系统中部署节点,建立协作关系区域,利用布隆过滤器生成数据包,通过共享密钥证明MAC是否合法,启动溯源过程;在溯源途中若节点不存在任何一个密钥,则将其过滤,完成虚假数据溯源与途中过滤.仿真结果证明,上述方对虚假数据的过滤效果较高,且对虚假数据溯源定位精度较高.  相似文献   

8.
无线传感器网络高覆盖、低延迟途中过滤方法研究   总被引:1,自引:0,他引:1       下载免费PDF全文
传感器节点可能被攻击者俘获用来发送大量虚假数据,从而耗尽整个网络的资源。途中过滤是应对此类攻击的有效方法。本文研究了途中过滤方法中经常被忽视的两项指标:覆盖性与实时性。本文提出了自适应的分组算法,提高了网络覆盖率;途中节点动态决定先转发后认证还是先认证后转发。如果网络中未发生虚假数据注入攻击,则途中节点首先转发数据报,然后进行验证,可以降低网络延迟;如果网络中发生虚假数据注入攻击,途中检测节点可以快速切换到先认证后转发模式,而其他节点仍然保持先转发后认证模式,提高了数据传输的实时性。我们将本方法与传统方法进行对比,显示本方法在付出有限代价的前提下能够提高覆盖率并降低系统延迟。  相似文献   

9.
无线传感器网络中虚假数据过滤机制工作效率较低的根本原因在于在提高密钥共享度的同时无法保证密钥的安全性.提出了一种高效率的虚假数据过滤机制.构造簇头生成树,在源簇和中转簇之间建立关联;基于负荷指数提出了一种密钥分发策略,靠近源簇的中转簇存储源簇的多个密钥,提高了密钥共享度,且密钥在中转节点中分布较均匀;来自同一个源簇的多个密钥由中转簇中不同节点存储,保障了密钥的安全性.理论分析及仿真实验表明,该方案在提高虚假数据过滤效率的同时能均衡节点通信开销,并具有较低的能量消耗和存储开销.  相似文献   

10.
一种改进的虚假数据过滤方法   总被引:1,自引:0,他引:1       下载免费PDF全文
祝青  郭赛球 《计算机工程》2012,38(5):158-160
传统的虚假数据过滤方法存在无法均衡节点开销和过滤概率低下问题。为此,提出一种改进的虚假数据过滤方法。依据网络中节点能量的不均衡性构造成簇,通过节点的负载计算和密钥分发实现虚假数据过滤。仿真实验结果表明,该方法能均衡网络中节点的开销,提高虚假数据过滤概率。  相似文献   

11.
虚假数据攻击不仅误导用户做出错误的决定,同时也耗尽了宝贵的网络资源。以往的过滤机制通常依赖于对偶密钥来进行数据认证,然而当一定数量的中转节点的密钥被妥协后,这类认证机制即失去效用。提出一种新的用于过滤虚假数据的鲁棒认证机制(robust authentication scheme,RAS),每个合法事件均被分成几个较小的事件块,节点利用基于单向哈希链的动态认证令牌技术及所预置的取自新密钥池的密钥对每个小事件块进行签名。在过滤阶段,中转节点将验证接收到的数据报告的真实性,并丢弃虚假的数据报告。从而,即使妥协节点拥有所有的签名密钥也无法伪造或篡改数据。理论分析与实验结果表明,RAS具有相对更高的过滤能力和安全性。  相似文献   

12.
Statistical en-route filtering (SEF) schemes can detect and eliminate false data injection attacks in wireless sensor networks. However, SEF does not address the identification of the compromised nodes which are injecting false reports. Therefore, we have proposed an immunity-based SEF to identify compromised nodes and achieve earlier detection of false reports. In the proposed scheme, each node has a list of neighborhood nodes and assigns credibility to each neighboring node. Each node can update the credibility of a neighboring node based on the success or failure of filtering and communication, and can then use the updated credibility as the probability of the next communication. In this article, some simulation results show that the immunity-based SEF outperforms the original SEF.  相似文献   

13.
曹燕华  章志明  余敏 《计算机应用》2014,34(6):1567-1572
传统的无线传感器网络虚假数据过滤方案只对网络中的虚假数据报告进行过滤,网络中的妥协节点依然可以不断向网络中注入虚假数据,耗费网络资源。为了掐断虚假数据包产生的源头,提出了一种基于信任管理的虚假数据过滤方案。该方案通过分簇的方式,将多个被俘获的节点合谋伪造的虚假数据报告限定在一个簇内,同时引入信任管理机制来检测节点是否被妥协,从而隔离妥协节点。分析结果表明,该方案不仅能有效过滤虚假数据,还能隔离妥协节点,且具备很强的妥协容忍能力。  相似文献   

14.
As one of the widely used applications in wireless sensor networks, target tracking has attracted considerable attention. Although many tracking techniques have been developed, it is still a challenging problem if the network is under cyber attacks. Inaccurate or false information is maliciously broadcast by the compromised nodes to their neighbors. They are likely to threaten the security of the system and result in performance deterioration. In this paper, a distributed Kalman filtering technique with trust-based dynamic combination strategy is developed to improve resilience against cyber attacks. Furthermore, it is efficient in terms of communication load, only local instantaneous estimates are exchanged with the neighboring nodes. Numerical results are provided to evaluate the performance of the proposed approach by considering random, false data injection and replay attacks.  相似文献   

15.
Wireless sensor networks have recently emerged as a promising computing model for many civilian and military applications. Sensor nodes in such a network are subject to varying forms of attacks since they are left unattended after deployment. Compromised nodes can, for example, tamper with legitimate reports or inject false reports in order to either distract the user from reaching the right decision or deplete the precious energy of relay nodes. Most of the current designs take the en-network detection approach: misbehaved nodes are detected by their neighboring watchdog nodes; false reports are detected and dropped by trusted en-route relay nodes, etc. However en-network designs are insufficient to defend collaborative attacks when many compromised nodes collude with each other in the network.In this paper we propose COOL, a COmpromised nOde Locator for detecting and locating compromised nodes once they misbehave in the network. It is based on the observation that for a well-behaved sensor node, the set of outgoing messages should be equal to the set of incoming and locally generated or dropped messages. However, comparing the message sets for different nodes is not enough to identify attacks as their sanity is unknown. We exploit a proven collision-resilient hashing scheme, termed incremental hashing, to sign the incoming, outgoing and locally generated/dropped message sets. The hash values are then sent to the sink for trusted comparisons. We discuss how to securely collect these hash values and then confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation. Through identifying and excluding compromised nodes, the COOL protocol prevents further damages from these nodes and forms a reliable and energy-conserving sensor network.  相似文献   

16.
《Computer Communications》2007,30(11-12):2365-2374
When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.  相似文献   

17.
虚假数据攻击不仅误导基站做出错误的决定,同时也会耗尽宝贵的网络资源。提出了一个鲁棒性虚假数据过滤方案(a Robust Filtering False Date scheme,RFFD)。该方案主要包括一个密钥管理架构及与之对应的虚假数据过滤安全机制两个部分。理论分析和模拟实验表明,与SEF方案相比,RFFD方案过滤虚假数据包的性能显著提高。  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号