一种无线传感器网络选择转发攻击检测法研究

研究了无线传感器网络安全问题,由于网络容易受到攻击,针对无线传感器网络受到攻击丢失信息的缺陷,深入分析各种攻击的特征,为改善对选择转发攻击的检测效率,提出了一种基于检查点的多跳确认方案,可能够随机地选取传递路径中的部分节点为检查点,负责包的确认,提高检测效率.随机检查点选择技术能够避免部分节点成为敌方俘获的目标.进行仿真,结果表明,能在在保证检测能力的同时有效地提高了系统的健壮性,对网络整体安全的提高有实际意义.     

基于分簇的节点复制攻击入侵检测方法

部署于敌对环境的传感器网络,其节点可能被敌方俘获解析并构成恶意节点。再重新布放于网络,对网络进行攻击。针对上述问题,提出一种新的无线传感器网络节点复制攻击检测方法。这种方法将集中检测和分布检测相结合,在分簇传感器网络中分别利用簇头和基站进行复制攻击检测。仿真结果表明:该法克服了单独采用分布检测或集中检测的缺点,其检测率和通信成本均优于分布式方法,其网络生命周期优于集中式方法。     

基于分组的无线传感器网络入侵检测方案

为了有效地检测无线传感器网络所面临的各种恶意攻击,提出了一种轻量、高效、灵活的分组入侵检测方案.在该方案中,整个传感器网络被划分成若干物理位置临近、具有相似观测结果的分组,组内各传感器节点同时观测其它节点的多个属性,以便精确地检测各种攻击行为.实验结果表明,与传感器网络中现有的入侵检测方案相比,本方案具有较低的误报率和较高的检测精度.同时消耗更少的能量.     

无线传感器网络入侵检测方案的研究

无线传感器网络计算能力、存储能力、电量供应十分有效,很容易遭受各种类型的攻击。该文提出了一种轻量、高效、灵活的分组入侵检测方案,整个传感器网络被划分成若干物理位置临近、具有相似观测结果的分组,组内各传感器节点同时观测其他节点的多个属性,以便精确地检测各种攻击行为。实验结果表明,与传感器网络中现有的入侵检测方案相比,该方案具有较低的误报率同时消耗更少的能量。     

基于独立监督网络的选择性转发攻击检测

针对无线传感器网络中恶意节点的选择性转发攻击检测,提出了一种采用独立监督网络的选择性转发攻击检测(Independent Monitoring Network for Selective Forwarding Attack Detection,IMN-SF)方案。通过设置独立的监督网络来保证监督节点对转发簇头节点的监督信息安全发送到检测节点,一方面保证监督节点自身安全性,另一方面提高监督节点的监听效率,避免监听节点信息由于网络信道质量而造成的数据包丢弃。仿真结果表明,IMN-SF方案可以检测网络中发动选择性转发攻击的节点,方案具有较高的检测率和较低的误检率,同时降低节点的能量消耗,延长网络生命周期。     

一种蚁群优化的WSN分布式入侵检测模型

针对无线传感器网络中入侵者能在多个节点上移动并隐藏攻击源头的特点,提出了一种基于蚁群优化的无线传感器网络分布式入侵检测模型。分析了现有入侵检测对未知攻击检测率和误报率方面的不足,在此基础上提出了分布式入侵检测的体系结构,设计了基于蚁群优化的入侵检测算法。仿真实验表明提出的方案能够提高无线传感器网络对未知攻击的检测率和降低对正常网络流量的误报率,较好地解决了路由攻击、Sinkhole攻击问题,能够降低入侵检测的能耗。     

基于流量预测的传感器网络拒绝服务攻击检测方案

在无线传感器网络中,如何准确和迅速地检测拒绝服务攻击,以保障网络设施的可用性,是一个极具挑战性的安全问题.文中采用线性预测技术,为传感器节点建立了简单高效的ARMA(2,1)流量预测模型,进而为传感器网络设计了一种基于流量预测的拒绝服务攻击检测方案--TPDD.在该方案中,每个节点独立地完成流量预测和异常检测,无须特殊的硬件支持和节点之间的合作;为了提高方案的检测准确度,提出了一种报警评估机制,减少预测误差或信道误码所带来的误报.模拟实验结果表明,ARMA(2,1)模型具有较高的预测精度,能够实时地预测传感器网络流量;TPDD方案能够在较少的资源开销下,迅速、有效地检测拒绝服务攻击.     

一种无线传感器网络预分配密钥管理方案的改进

无线传感器网络在应用二元多项式密钥预分配协议时,通常容易遭受到敌方的合谋攻击。为了更好地解决这一问题,通过减少普通节点共享的密钥个数,改变簇首间建立共享密钥的方式,改进了一种无线传感器网络的密钥预分配管理方案。分析表明,改进后的方案保留了原方案的网络高安全性等优点,而且进一步节省了普通节点的内存空间,减少了节点间的通信量,延长了网络的生存周期,能够有效地抵御敌方的合谋攻击。     

一类新的分布式随机验证无线传感网络节点克隆攻击检测

由于无线传感器网络节点的无人值守性,攻击者很容易捕获并复制节点,利用节点的安全证书把复制节点发布到无线传感器网络的各个角落,进而秘密发动各种攻击。提出一类新的分布式节点复制攻击检测协议,协议采用随机区域单元映射和域内随机线选验证相结合的方法进行攻击检测。仿真结果显示,协议的随机验证特性使网络能量消耗均匀,延长网络的生存周期。域内线选验证使协议的通信开销和储存开销较低并具有较高的检测率。     

基于口令应答的协作式WSNs移动复制节点检测方法研究

目前,针对无线传感器网络复制节点攻击研究主要集中在对静态网络中复制节点的检测。WSNs的应用中,节点部署在一定区域形成静态网络并采集信息,为了减少节点间通信量、降低能耗,若干个节点形成一个簇,簇内选举簇头节点作为簇间通信人。静态网络采集的信息通常由汇聚节点回收,为了方便,汇聚节点通常采用移动形式加入网络,收集完后离开。如果这类在移动中收集信息的节点是复制节点,对整个WSNs的威胁比静态网络中的复制节点威胁更大。在借鉴已有的移动网络检测方案的基础上,针对静态网络分簇和移动节点位置经常变换的特点,提出了基于口令应答的协作式WSN移动复制节点检测方法CRCDS（Challenge/Response and Collaborative Detection Scheme）,有效利用静态网络的存储空间,采取静态网络和移动节点相互协作的方式,规避因移动节点位置变化对检测结果的影响,并从理论和实验上分析了该检测方法的安全性和可行性。     

Robust and efficient detection of DDoS attacks for large-scale internet

In recent years, distributed denial of service (DDoS) attacks have become a major security threat to Internet services. How to detect and defend against DDoS attacks is currently a hot topic in both industry and academia. In this paper, we propose a novel framework to robustly and efficiently detect DDoS attacks and identify attack packets. The key idea of our framework is to exploit spatial and temporal correlation of DDoS attack traffic. In this framework, we design a perimeter-based anti-DDoS system, in which traffic is analyzed only at the edge routers of an internet service provider (ISP) network. Our framework is able to detect any source-address-spoofed DDoS attack, no matter whether it is a low-volume attack or a high-volume attack. The novelties of our framework are (1) temporal-correlation based feature extraction and (2) spatial-correlation based detection. With these techniques, our scheme can accurately detect DDoS attacks and identify attack packets without modifying existing IP forwarding mechanisms at routers. Our simulation results show that the proposed framework can detect DDoS attacks even if the volume of attack traffic on each link is extremely small. Especially, for the same false alarm probability, our scheme has a detection probability of 0.97, while the existing scheme has a detection probability of 0.17, which demonstrates the superior performance of our scheme.     

Detecting node replication attacks in wireless sensor networks: A survey

A wireless sensor network (WSN) consists of a number of tiny, low-cost, and resource-constrained sensor nodes, but is often deployed in unattended and harsh environments to perform various monitoring tasks. As a result, WSNs are susceptible to many application-dependent and application-independent attacks. In this paper we consider a typical threat in the latter category known as the node replication attack, where an adversary prepares her own low-cost sensor nodes and deceives the network into accepting them as legitimate ones. To do so, the adversary only needs to physically capture one node, extract its secret credentials, reproduce the node in large quantity, and then deploy the replicas under her control into the network, possibly at strategic positions, to cripple various WSN applications with little effort. Defending against such node replication attacks has recently become an imperative research topic in sensor network security, and the design issues may involve different and more threatening challenges than detecting typical application-dependent attacks. In this survey, we classify existent detections in the literature, and explore the various proposals in each category. We look into necessary technical details and make certain comparisons, so as to demonstrate their respective contributions as well as limitations. We also present the technical challenges and indicate some possible directions for future research.     

An efficient homomorphic MAC-based scheme against data and tag pollution attacks in network coding-enabled wireless networks

Recent research efforts have shown that wireless networks can benefit from network coding (NC) technology in terms of bandwidth, robustness to packet losses, delay and energy consumption. However, NC-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted packets that prevent the destination nodes from decoding correctly. Due to recoding, occurred at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research effort has been devoted to schemes against data pollution attacks. Homomorphic MAC-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modifies tags appended to the end of the transmitted packets. Therefore, in this paper, we propose an efficient homomorphic message authentication code-based scheme, called HMAC, providing resistance against data pollution attacks and tag pollution attacks in NC-enabled wireless networks. Our proposed scheme makes use of three types of homomorphic tags (i.e., MACs, D-MACs and one signature) which are appended to the end of the coded packet. Our results show that the proposed HMAC scheme is more efficient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead.     

基于信任模型使用随机分散路由的安全数据收集协议

在无线传感器网络(WSNs)安全问题中,节点复制、节点损坏和拒绝服务是其存在的三种主要攻击方式.节点复制攻击方式直接危害传感器节点、破坏力强、对网络安全造成严重影响.现有的多路径路由算法产生的路由路径是确定的,攻击者一旦得到路由算法,便可计算出正确的路由路径,危及经此路径传送的所有信息.基于节点行为信任模型和节点复制攻...     

An efficient dynamic-identity based signature scheme for secure network coding

The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes.     

Pair-wise path key establishment in wireless sensor networks

When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.     

一种基于量子密码的卫星网络窃听攻击检测方法

鉴于窃听攻击是对卫星网络实施各类高级攻击行为的基础,结合量子密码在未来卫星网络的应用趋势,提出了一种基于量子密码的卫星网络窃听攻击检测方法。首先,基于卫星网络节点在空间分布上的分层特点,构建了层簇式的卫星网络窃听攻击检测模型。实际检测过程中,相邻卫星节点检测到窃听攻击威胁时,将相关预警信息经簇首节点融合后通过安全信道传送到地面控制中心,随后再根据地面控制中心反馈的安全链路构建方案构建节点间的安全通信链路。最后,对方案的安全性及有效性进行了分析。相关成果可为进一步深入开展卫星网络安全防护技术研究打下一定的基础。     

Securing DSR against wormhole attacks in multirate ad hoc networks

A wormhole attack is one of the hardest problems to detect whereas it can be easily implanted in any type of wireless ad hoc network. A wormhole attack can easily be launched by the attacker without having knowledge of the network or compromising any legitimate nodes. Most existing solutions either require special hardware devices or make strong assumptions in order to detect wormhole attacks which limit the usability of these solutions. In this paper, we present a security enhancement to dynamic source routing (DSR) protocol against wormhole attacks for ad hoc networks which relies on calculation of round trip time (RTT). Our protocol secures DSR against a wormhole attack in ad hoc networks for multirate transmissions. We also consider the processing and queuing delays of each participating node in the calculation of RTTs between neighbors which to date has not been addressed in the existing literature. This work provides two test cases that show that not taking multirate transmission into consideration results in miss identifying a wormhole attack.