CN108040325B - Sybil node detection method based on RSSI value and credit degree - Google Patents
Sybil node detection method based on RSSI value and credit degree Download PDFInfo
- Publication number
- CN108040325B CN108040325B CN201711372381.6A CN201711372381A CN108040325B CN 108040325 B CN108040325 B CN 108040325B CN 201711372381 A CN201711372381 A CN 201711372381A CN 108040325 B CN108040325 B CN 108040325B
- Authority
- CN
- China
- Prior art keywords
- node
- nodes
- monitoring
- sybil
- common
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a Sybil node detection method based on RSSI value and credibility, which adopts a credibility model and a self-adaptive threshold to select a plurality of monitoring nodes meeting conditions to check suspicious nodes proposed by monitoring nodes, thereby achieving the purpose of detecting Sybil attack. The method comprises the steps of firstly roughly selecting suspected Sybil nodes by using the monitoring nodes, then selecting two monitoring nodes with high credibility, and determining the Sybil nodes by using the RSSI value.
Description
Technical Field
The invention belongs to the technical field of wireless sensor networks, and particularly relates to a design of a Sybil node detection method based on RSSI (received signal strength indicator) values and credibility.
Background
A Wireless Sensor Network (WSN) is an ad hoc Network system formed by a large number of miniature and cheap Sensor nodes deployed in a monitoring area and in a Wireless multi-hop communication manner. The safety protection system is widely applied to various fields, and the safety of the safety protection system is more and more prominent in medical accident rescue, city management, smart home, military and other applications.
There are attacks from the outside and attacks mixed into the inside to the wireless sensor network attack. The external attack refers to an attack which is not obtained by a key and can not be accessed to a node of a network, such as physical layer blocking and normal communication of an interference node, and for the attack, the attack can be responded by mechanisms such as isolation blocking areas or frequency hopping communication; for network eavesdropping, the confidentiality of the communication link may be guaranteed by encryption techniques. The internal attack means that an attacker breaks through a defense mechanism set by an encryption technology and the like through a certain technical means, pretends to be a normal node to submerge into the network, and actively initiates a targeted malicious attack behavior from the inside. Such as wormhole attacks, witch attacks, selective forwarding attacks, black hole attacks, and the like.
The witch attack has unique attack characteristics, so it is extremely destructive. Generally, a malicious node (e.g., S in fig. 1) refers to a node tampered with by external capture, and a witch node (e.g., S1, S2 in fig. 1) refers to a node identity forged by the malicious node, and does not actually exist. The Sybil attack means that malicious nodes forge a plurality of Sybil nodes and attract neighbor nodes to forward data packets to the Sybil nodes, so that transmission paths of the data packets are changed, selective forwarding is implemented to discard the data packets, or network segmentation and even rapid death are caused by rapid consumption of energy of the neighbor nodes.
The method has the advantages that Sybil nodes are detected quickly, the detection accuracy is improved, the node energy is consumed as little as possible, and the method is important for detecting the Sybil attack of the wireless sensor network. According to the characteristic that multiple identities forged by malicious nodes appear in the network but actual geographic positions are consistent, various Sybil attack detection methods can be divided into two main categories: an identity-based authentication method and a location-based detection method.
Identity-based authentication methods detect Sybil attacks by limiting the generation of valid node information. Due to the limitation of energy and computing power of the sensor nodes, the detection method needs a large amount of time consumption and computing cost, which become a disadvantage, and the detection rate of the detection method is not very high.
Location-based detection methods are proposed based on the fact that multiple witch nodes are multiple identities of malicious nodes, and in fact, they are the nature of the same physical node. In the existing position-based Sybil attack detection method, two monitoring nodes are adopted, and more than 3 monitoring nodes are also adopted, but the selection conditions of the monitoring nodes are basically not considered, so that the possibility that malicious nodes serve as the monitoring nodes exists, and the detection accuracy rate is low easily.
Research shows that compared with other methods, the detection method based on the RSSI (Received Signal Strength) value has no node hardware requirement and relatively small energy consumption. In addition, the RSSI has the characteristics of monotonous increasing distance, simple calculation and high detection precision. Therefore, the method for detecting the witch attack based on the RSSI is more suitable for the wireless sensor network with limited resources, and has become a mainstream method.
The credibility model is a mechanism for judging whether a node is trustworthy or not by calculating and evaluating the trustworthiness of the node. Malicious nodes can be effectively identified by examining the credit values of the nodes, and the most trusted nodes are selected for communication, so that the safety and reliability of the network are improved. The credit calculation is the core of a credit mechanism and is the comprehensive evaluation of the overall performance of the nodes. The reputation of the target node is analyzed using a reputation mechanism prior to communication to determine whether the transaction can be performed.
Disclosure of Invention
The invention aims to provide a Sybil node detection method based on RSSI value and credibility, so as to improve the accuracy of Sybil attack detection.
The technical scheme of the invention is as follows: a Sybil node detection method based on RSSI values and credibility comprises the following steps:
and S1, carrying out wireless sensor network layout to realize regional control of the monitoring nodes.
And S2, searching suspicious nodes based on the RSSI value and the credibility according to the network layout condition.
S3, selecting two monitoring nodes with high credibility, checking suspicious nodes based on the RSSI values, and determining Sybil nodes.
The invention has the beneficial effects that: the method comprises the steps of firstly roughly selecting suspected Sybil nodes by using the monitoring nodes, then selecting two monitoring nodes with high credibility, and determining the Sybil nodes by using the RSSI value.
Further, step S1 includes the following substeps:
and S11, randomly and uniformly throwing the common nodes in a certain range, collecting surrounding data by using the common nodes, forwarding data of other nodes by using the common nodes as routing nodes, and converging the data to a sink node.
S12, the sink node broadcasts the Hello message to the surrounding, the first group of ordinary nodes which receive the Hello message reply the ACK message to the sink node, and is marked as the first hop node.
S13, the first hop node broadcasts the Hello message to the surrounding, the non-first hop node which receives the Hello message is marked as a second hop node, and meanwhile, an ACK message is replied to the first hop node which sends the Hello message; mutually listing the first hop node and the second hop node as neighbor nodes of the other party, and establishing a neighbor list; the neighbor list includes neighbor node information and RSSI values from itself to neighbor nodes.
And S14, sequentially obtaining a third hop node and a fourth hop node by adopting the same method as the step S13, and establishing a neighbor list of each common node.
And S15, randomly and uniformly throwing the monitoring nodes, wherein the number of the monitoring nodes is 10% of that of the common nodes.
S16, each monitoring node controls and sends radius broadcast information, sends a data packet containing ID information of the monitoring node, and neighboring nodes receiving the data packet feed back information to the monitoring node and join the monitoring area of the monitoring node.
S17, each monitoring node compiles ID information for the ordinary nodes in the own monitoring area, sends Hello information to the ordinary nodes in the own monitoring area, and determines the own neighbor list.
The beneficial effects of the further scheme are as follows: the wireless sensor network layout can realize the regional control of the monitoring nodes and provide an operating environment for the subsequent detection of the Sybil nodes.
Further, the radius of the monitoring area of the monitoring node is 1/2 of the communication radius of the common node.
The beneficial effects of the further scheme are as follows: the radius of the monitoring area of the monitoring node is determined to be 1/2 of the communication radius of the common node while ensuring that the monitoring node can have two monitoring nodes meeting the threshold value, so that in the monitoring area of the monitoring node, each common node is in the communication range of the other side, and the RSSI value of the other side can be known.
Further, step S2 includes the following substeps:
s21, monitoring node nMPeriodically finding out common nodes with similar RSSI values in the monitoring area, if two common nodes n are foundp、nqSatisfy | dMp-dMqIf | is less than or equal to e, n isp、nqAs a set of suspect nodes, join the suspect list double [ i ]]Performing the following steps; wherein d isMpRepresenting a node npTo nMRSSI value of dMqRepresenting a node nqTo nME is the error and i is the suspected node number.
S22, for monitoring node nMCalculating the credit degree of common nodes in the monitoring area, and finding out the common node n with the credit degree lower than the self-adaptive threshold valueSThen according to the monitoring node nMSelf neighbor list NeiM[j]The RSSI value information in (1) is selected and compared with the RSSI value dMSSimilar common node na、nbWhen | dMS-daSE is less than or equal to and dMS-dbSWhen | ≦ e, n is addedS、na、nbJoin the suspicion list double [ i ] as a new set of suspicion nodes]Performing the following steps; wherein d isMSRepresenting a node nSTo nMRSSI value of daSRepresenting a node naTo nMRSSI value of dbSRepresenting a node nbTo nMJ represents node nMThe neighbor node number of (2).
S23, checking the header of the data packet monitored and obtained by the monitoring node, if finding the ordinary node n with unregistered identityjAnd newly added ordinary node n in the monitoring areaiN is to bei,njJoin in the suspicion list double i as another set of suspicion nodes]In (1).
The beneficial effects of the further scheme are as follows: suspicious nodes are searched layer by layer in three steps, all suspicious nodes which can become Sybil nodes are added into a suspicious list, and the missing rate of the whole algorithm is reduced.
Further, step S3 includes the following substeps:
s31, monitoring node nMSelecting the nodes n with the highest and the next highest credit degreesr,nyAs a monitoring node (ordinary node n)r、nyCannot exist in the suspicion list double [ i ]]In) get node nMTo nrRSSI value d ofMrNode nMTo nyRSSI value d ofMyAnd node nrTo nyRSSI value d ofryJudging whether the three points can form a triangle by utilizing the trilateral sum theorem of the triangle, if so, containing a monitoring sectionPoint nr、nyNumbering and suspicion list Doubt [ i ]]Is sent to nrStep S32 is entered, otherwise another node n with inferior reputation degree is selectedz(ordinary node n)zCannot exist in the suspicion list double [ i ]]In), the decision is repeated until a node satisfying the triangle trilateral sum theorem is found.
S32, according to the monitoring node nrNeighbor list Neir[k]Information of (2), search for nrSelf-to-suspicion list double [ i ]]Respectively comparing the RSSI values of the suspicious nodes, and if the RSSI values of the suspicious nodes reach nrIf the RSSI difference is greater than the error e, the set of suspect nodes is selected from the suspect list, Doubt [ i ]]Removing; wherein k represents a node nrThe neighbor node number of (2).
S33, if Doubt list, Doubt]If there are still remaining suspicious nodes, it will contain monitoring node nr、nyNumbering and suspicion list Doubt [ i ]]Is sent to nyBy monitoring node nyRepeating the operation of step S32; otherwise the suspicion list Doubt [ i ]]None of the suspect nodes in (a) are witch nodes.
S34, if the Doubt [ i ] has the remaining suspicious nodes, determining the Doubt [ i ] as the Sybil nodes, diffusing the Sybil node information to the whole network, and excluding the Sybil nodes; otherwise, doubting that all suspicious nodes in the double [ i ] are not Sybil nodes.
The beneficial effects of the further scheme are as follows: in a large number of common nodes, the monitoring node is used for selecting the common node reaching the credit threshold and in the communication range of the monitored node as the monitoring node, and the suspicious node is checked, so that the accuracy rate of detection is greatly improved.
Further, the calculation formula of the reputation degree is as follows:
Val=a×Pr+b×Power (1)
wherein Val represents the node reputation, a and b are two weight coefficients, 0< a <1, 0< b <1, a + b is 1, Power is the residual energy of the node, Pr is the total forwarding rate of the node, and the calculation formula is:
wherein f represents the number of the forwarded data packets counted by the monitoring node from the beginning of the work, and r represents the number of the received data packets counted by the monitoring node from the beginning of the work.
The beneficial effects of the further scheme are as follows: malicious nodes can be effectively identified by examining the credit values of the nodes, and the most trusted nodes are selected for communication, so that the safety and reliability of the network are improved.
Further, the calculation formula of the adaptive threshold value is as follows:
T(n)=T(n-1)*{Pt+[1-Pt]*p(n)} (3)
wherein T (n) represents the adaptive threshold value of the nth monitoring period, the initial value T (0) of T (0) is 0.7, p (n) represents the node forwarding rate of the nth monitoring period, Pt represents the total forwarding rate of the monitoring area from the beginning of operation to the nth monitoring period, and the calculation formula is as follows:
wherein p (i) represents the node forwarding rate of the ith monitoring period, and A represents the number of data packets received by the monitoring area in the ith monitoring period.
The beneficial effects of the further scheme are as follows: and a self-adaptive detection threshold is provided, and the requirements of the network under various environments are ensured.
Drawings
Fig. 1 is a schematic diagram of a witch attack model.
Fig. 2 is a flowchart of a witch node detection method based on RSSI values and reputation provided by an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating a layout of a wireless sensor network according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a change of a total forwarding rate of network data corresponding to values of different a and b according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a change of values of different a and b corresponding to the number of remaining nodes in the network according to the embodiment of the present invention.
Fig. 6 is a comparison graph of the witch node detection accuracy rate with the change of the number of the witch nodes according to the embodiment of the present invention.
Fig. 7 is a comparison graph of the witch node detection accuracy rate varying with the total node number according to the embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It is to be understood that the embodiments shown and described in the drawings are merely exemplary and are intended to illustrate the principles and spirit of the invention, not to limit the scope of the invention.
Before describing specific embodiments of the present invention, several points in the embodiments of the present invention are first defined and explained:
the embodiment of the invention mainly relates to three types of nodes: one is a common node responsible for collecting data and forwarding the data; one is that the monitoring node reaches the credit self-adaptive threshold and is temporarily changed into by a common node, and the RSSI value comparison and check are carried out on the own neighbor list; the other is a monitoring node which is responsible for monitoring the behaviors of the common nodes, calculating the comprehensive credibility of the common nodes and selecting the monitoring nodes, and each monitoring node is responsible for managing the common nodes in a certain area.
The embodiment of the invention provides a Sybil node detection method based on RSSI values and credibility, and as shown in FIG. 2, the method comprises the following steps of S1-S3:
and S1, carrying out wireless sensor network layout to realize regional control of the monitoring nodes.
The step S1 specifically includes the following substeps S11-S17:
and S11, randomly and uniformly throwing the common nodes in a certain range, collecting surrounding data by using the common nodes, forwarding data of other nodes by using the common nodes as routing nodes, and converging the data to a sink node.
S12, the sink node broadcasts the Hello message to the surrounding, the first group of ordinary nodes which receive the Hello message reply the ACK message to the sink node, and is marked as the first hop node.
S13, the first hop node broadcasts the Hello message to the surrounding, the non-first hop node which receives the Hello message is marked as a second hop node, and meanwhile, an ACK message is replied to the first hop node which sends the Hello message; and mutually listing the first hop node and the second hop node as neighbor nodes of the opposite side, and establishing a neighbor list. The neighbor list includes neighbor node information and RSSI values from itself to neighbor nodes. The subsequent algorithm of the embodiment of the invention is based on the RSSI value, and the distance between the transmitter and the receiver can be deduced through the strength of the received wireless signal without additional hardware for the distance measurement based on the RSSI value.
And S14, sequentially obtaining a third hop node and a fourth hop node by adopting the same method as the step S13, and establishing a neighbor list of each common node.
And S15, randomly and uniformly throwing the monitoring nodes. The number of the monitoring nodes is in fixed proportion to the number of the common nodes, and the number of the monitoring nodes in the embodiment of the invention is 10% of the number of the common nodes.
S16, each monitoring node controls and sends radius broadcast information, sends a data packet containing ID information of the monitoring node, and neighboring nodes receiving the data packet feed back information to the monitoring node and join the monitoring area of the monitoring node.
In the embodiment of the invention, the radius of the monitoring area of the monitoring node is 1/2 of the communication radius of the common node, so that in the monitoring area of the monitoring node, each common node is in the communication range of the other side, and the RSSI value of the other side can be known.
S17, each monitoring node compiles ID information for the ordinary nodes in the own monitoring area, sends Hello information to the ordinary nodes in the own monitoring area, and determines the own neighbor list.
The wireless sensor network layout is completed via step S1 as shown in fig. 3.
And S2, searching suspicious nodes based on the RSSI value and the credibility according to the network layout condition.
The step S2 specifically includes the following substeps S21-S23:
s21, monitoring node nMPeriodically find itself in the monitored areaIf two common nodes n are the common nodes with similar RSSI valuesp、nqSatisfy | dMp-dMqIf | is less than or equal to e, n isp、nqAs a set of suspect nodes, join the suspect list double [ i ]]Performing the following steps; wherein d isMpRepresenting a node npTo nMRSSI value of dMqRepresenting a node nqTo nME is the error and i is the suspected node number.
S22, for monitoring node nMCalculating the credit degree of common nodes in the monitoring area, and finding out the common node n with the credit degree lower than the self-adaptive threshold valueSThen according to the monitoring node nMSelf neighbor list NeiM[j]The RSSI value information in (1) is selected and compared with the RSSI value dMSSimilar common node na、nbWhen | dMS-daSE is less than or equal to and dMS-dbSWhen | ≦ e, n is addedS、na、nbJoin the suspicion list double [ i ] as a new set of suspicion nodes]Performing the following steps; wherein d isMSRepresenting a node nSTo nMRSSI value of daSRepresenting a node naTo nMRSSI value of dbSRepresenting a node nbTo nMJ represents node nMThe neighbor node number of (2).
In the embodiment of the invention, the calculation formula of the credibility is as follows:
Val=a×Pr+b×Power (1)
wherein Val represents the node reputation, a and b are two weight coefficients, 0< a <1, 0< b <1, a + b is 1, Power is the residual energy of the node, Pr is the total forwarding rate of the node, and the calculation formula is:
wherein f represents the number of the forwarded data packets counted by the monitoring node from the beginning of the work, and r represents the number of the received data packets counted by the monitoring node from the beginning of the work.
The calculation formula of the self-adaptive threshold value is as follows:
T(n)=T(n-1)*{Pt+[1-Pt]*p(n)} (3)
wherein T (n) represents the adaptive threshold value of the nth monitoring period, the initial value T (0) of T (0) is 0.7, p (n) represents the node forwarding rate of the nth monitoring period, Pt represents the total forwarding rate of the monitoring area from the beginning of operation to the nth monitoring period, and the calculation formula is as follows:
wherein p (i) represents the node forwarding rate of the ith monitoring period, and A represents the number of data packets received by the monitoring area in the ith monitoring period.
The setting of the adaptive threshold value must also satisfy a most basic requirement: the threshold value cannot be higher than the total forwarding rate of the normal node and network, i.e. 0< t (n) <1, t (n) < p (n), t (n) < Pt. Since p (n) ≦ 1, the threshold T (n) apparently satisfies 0< T (n) < 1.
S23, checking the header of the data packet monitored and obtained by the monitoring node, if finding the ordinary node n with unregistered identityjAnd newly added ordinary node n in the monitoring areaiN is to bei,njJoin in the suspicion list double i as another set of suspicion nodes]In (1).
In the embodiment of the invention, the monitoring node mainly plays a role in three aspects: firstly, when a new node is added in the area, a verification message needs to be sent to the new node to obtain an RSSI value for further observation and comparison; secondly, periodically checking the RSSI value of the neighbor list of the node to deal with a second Sybil attack form (the Sybil node attracts the data flow of the surrounding nodes, but does not perform illegal operation on the data, and only forwards the data normally to cause premature death of the normal nodes); and thirdly, playing a role in the process of forwarding the data packets in the region, monitoring the data packet flow (not participating in the forwarding of the data packets), counting the number of the data packets received and forwarded by the common nodes in the region, estimating the energy consumption condition of each common node, updating the comprehensive credit degree of each common node in real time, listing the common nodes lower than the threshold value as suspicious nodes, and selecting the common nodes higher than the threshold value as monitoring nodes in the region. And in consideration of the storage of the credibility, storing the credibility in a neighbor list of the monitoring node, wherein the neighbor list corresponds to each common node.
S3, selecting two monitoring nodes with high credibility, checking suspicious nodes based on the RSSI values, and determining Sybil nodes.
Step S3 includes the following substeps S31-S34:
s31, monitoring node nMSelecting the nodes n with the highest and the next highest credit degreesr,nyAs a monitoring node (ordinary node n)r、nyCannot exist in the suspicion list double [ i ]]In) get node nMTo nrRSSI value d ofMrNode nMTo nyRSSI value d ofMyAnd node nrTo nyRSSI value d ofryJudging whether the three points can form a triangle or not by utilizing the trilateral sum theorem of the triangle, and if so, containing a monitoring node nr、nyNumbering and suspicion list Doubt [ i ]]Is sent to nrStep S32 is entered, otherwise another node n with inferior reputation degree is selectedz(ordinary node n)zCannot exist in the suspicion list double [ i ]]In), the decision is repeated until a node satisfying the triangle trilateral sum theorem is found.
S32, according to the monitoring node nrNeighbor list Neir[k]Information of (2), search for nrSelf-to-suspicion list double [ i ]]Respectively comparing the RSSI values of the suspicious nodes, and if the RSSI values of the suspicious nodes reach nrIf the RSSI difference is greater than the error e, the set of suspect nodes is selected from the suspect list, Doubt [ i ]]Removing; wherein k represents a node nrThe neighbor node number of (2).
S33, if Doubt list, Doubt]If there are still remaining suspicious nodes, it will contain monitoring node nr、nyNumbering and suspicion list Doubt [ i ]]Is sent to nyBy monitoring node nyRepeating the operation of step S32; otherwise the suspicion list Doubt [ i ]]None of the suspect nodes in (a) are witch nodes.
S34, if the Doubt [ i ] has the remaining suspicious nodes, determining the Doubt [ i ] as the Sybil nodes, diffusing the Sybil node information to the whole network, and excluding the Sybil nodes; otherwise, doubting that all suspicious nodes in the double [ i ] are not Sybil nodes.
The following further describes, by a specific example, a witch node detection method based on RSSI values and reputation provided by an embodiment of the present invention:
the operation condition of the wireless sensor network under a distributed system is considered, the nodes with fixed positions are uniformly distributed, the specific geographic positions of the nodes and the neighboring nodes are not known, and the simulation environment is stable and reliable. In addition, the transmission power of each node (including a malicious node) cannot be changed. In the embodiment of the invention, the number of the sensor nodes is changed within 50-600; uniformly distributed in a sensor motion area E, E is 500m2. The node attributes and communication parameters are set as shown in table 1.
TABLE 1
In consideration of the ranging accuracy of the RSSI value, the ranging error e in the embodiment of the present invention is 50 cm.
As shown in equation (1), in the calculation of the node reputation value Val, the values of the parameter a and the parameter b will influence the selection of the monitoring node: a is too large, b is smaller, and the forwarding rate is emphasized when the monitoring node is selected, so that the energy consumption of each common node is uneven, and the common node with high forwarding rate is overused, thereby causing premature death; when a is smaller and b is too large, the energy consumption is considered preferentially by selecting the monitoring nodes, and each common node is selected according to the residual energy, so that although the service life of the whole network is prolonged, a malicious node is easy to select.
36000s are simulated in the embodiment of the invention until the nodes (10 nodes) in the region are completely dead. Fig. 4 and 5 show the assignment of different values of a and b, the data forwarding rate of the corresponding network (fig. 4), and the survival of the network nodes (fig. 5). From fig. 4 and fig. 5, it can be seen that when a is 0.9 and b is 0.1, the total data forwarding rate of the network is overall higher, but the node dies too fast and the network life cycle is shorter; when a is 0.1 and b is 0.9, although the life cycle of the network reaches the longest, the overall forwarding rate of the network is low and the network quality is poor. Considering comprehensively, the embodiment of the present invention selects a ═ 0.5 and b ═ 0.5 as parameters for calculating the reputation value.
Assume that the interval time of each round is 50 seconds, i.e. the monitoring period of the monitoring node is 50 seconds. In practical situations, the forwarding rate of the node cannot reach 100% generally, and a random number is introduced to control the forwarding rate of the node.
The Sybil attack has two forms, and the first data packet attack form aiming at the Sybil node can be specifically expressed as black hole attack and selective forwarding attack. For black hole attack, setting the forwarding rate of the malicious node to be 0%, namely completely losing packets; for selective forwarding attack, the simulation discusses the condition that the forwarding rate of the malicious node is 30% -50%. For the routing attack, which is the second form of the Sybil attack, malicious nodes are normal in performance, the forwarding rate of the routing attack is the same as that of common nodes, only local nodes are targeted during routing, and network faults can be caused after a long time.
Simulation is carried out for 36000 seconds (720 rounds), and the second and third tables show that when the forwarding rate of a malicious node with two Sybil identities is set to be suddenly reduced from 70% -100% to 0% -50% in the 50 th round and the 500 th round respectively, the rounds of the Sybil nodes are detected by the method.
TABLE 2
TABLE 3
The second and third tables show that the present invention can be detected quickly and accurately no matter what form of witch attack. In particular, in the second form of the Sybil attack, the system can be found immediately when the Sybil nodes have malicious behaviors; for the selective forwarding attack in the first form, the total forwarding rate of the node is considered in the credibility adopted by the invention, and for the common node which is captured later to become a malicious node, the node is normally represented at the early stage, and sudden drop of the forwarding rate cannot be detected immediately. The invention adds the judgment condition, so that the detection can be carried out after 3 rounds.
The detection accuracy rate is represented by dividing the number of discovered Sybil nodes by the total number of malicious nodes existing in the system, wherein the total number of malicious nodes comprises false nodes with Sybil identities and malicious nodes. Considering that the UWB approach is consistent with the detection principle of the present invention, the following two schemes are compared.
Two cases were mainly considered in the present simulation. One is the condition that the number of common nodes is fixed, and the detection rate changes along with the number of Sybil nodes; the other is the condition that the number of Sybil nodes is in fixed proportion to the number of common nodes, and the detection rate changes along with the number of the nodes.
Fig. 6 shows the change of the detection rate with the increase of the number of witch nodes with the total number of nodes being fixed (150 nodes). In general, the detection rate of the invention is 96% on average, and the average detection rate of the UWB method is 94%. With the increase of the number of Sybil nodes, the detection rates of the two methods slightly fluctuate and have a trend of decreasing, but compared with a UWB scheme, the trend of the invention is not obvious.
FIG. 7 shows the effect of node density on detection rate. The node density represents the composition of the deployment area, wherein the number of witch nodes is 20% of the total legal nodes. As can be seen from fig. 7, the detection rates of the two methods are both affected by the node density, and in the case of a large node density, the detection rate is wholly in a descending trend, but the descending trend of the present invention is slow, the whole fluctuation is not large, and the detection rate of the UWB method is linearly reduced; when the number of the nodes reaches 600, the detection rate of the UWB method is reduced to 80% from about 97%, and the detection rate of the UWB method is reduced to 92% from about 97%.
Therefore, the Sybil node detection method based on the RSSI value and the credibility has high detection rate, stability and small influence of node density. The main reason is that for the distributed wireless sensor network with limited energy, the malice of the malicious node is considered, the node is screened by using the credit degree model, and a plurality of high credit monitoring nodes are selected to check the suspicious node, so that the false alarm rate is reduced, and the high detection accuracy rate is achieved. For the factor that the energy of the sensor node is limited, the invention adopts the monitoring nodes (the other settings are the same) with different communication radiuses with the common nodes to monitor the data packet and calculate the credibility, selects two monitoring nodes with high credibility to detect the Sybil attack, does not need the participation of redundant nodes, reduces the overall energy consumption of the network and prolongs the life cycle of the network.
It will be appreciated by those of ordinary skill in the art that the embodiments described herein are intended to assist the reader in understanding the principles of the invention and are to be construed as being without limitation to such specifically recited embodiments and examples. Those skilled in the art can make various other specific changes and combinations based on the teachings of the present invention without departing from the spirit of the invention, and these changes and combinations are within the scope of the invention.
Claims (8)
1. A Sybil node detection method based on RSSI values and credibility is characterized by comprising the following steps:
s1, carrying out wireless sensor network layout to realize regional control of the monitoring nodes;
s2, searching suspicious nodes based on the RSSI value and the credit degree according to the network layout condition;
s3, selecting two monitoring nodes with high credibility, checking suspicious nodes based on RSSI values, and determining Sybil nodes;
the step S2 includes the following sub-steps:
s21, monitoring node nMPeriodically finding out common nodes with similar RSSI values in the monitoring area, if two common nodes n are foundp、nqSatisfy | dMp-dMqIf | is less than or equal to e, n isp、nqAs a set of suspect nodes, join the suspect list double [ i ]]Performing the following steps; wherein d isMpRepresenting a node npTo nMRSSI value of dMqRepresenting a node nqTo nME is an error, i is a suspected node number;
s22, for monitoring node nMCalculating the credit degree of common nodes in the monitoring area, and finding out the common node n with the credit degree lower than the self-adaptive threshold valueSThen according to the monitoring node nMSelf neighbor list NeiM[j]The RSSI value information in (1) is selected and compared with the RSSI value dMSSimilar common node na、nbWhen | dMS-daSE is less than or equal to and dMS-dbSWhen | ≦ e, n is addedS、na、nbJoin the suspicion list double [ i ] as a new set of suspicion nodes]Performing the following steps; wherein d isMSRepresenting a node nSTo nMRSSI value of daSRepresenting a node naTo nMRSSI value of dbSRepresenting a node nbTo nMJ represents node nMThe neighbor node number of (1);
s23, checking the header of the data packet monitored and obtained by the monitoring node, if finding the ordinary node n with unregistered identityjAnd newly added ordinary node n in the monitoring areaiN is to bei,njJoin in the suspicion list double i as another set of suspicion nodes]Performing the following steps;
the step S3 includes the following sub-steps:
s31, monitoring node nMSelecting common nodes n with highest and second highest credibilityr,nyAs a monitoring node, obtain node nMTo nrRSSI value d ofMrNode nMTo nyRSSI value d ofMyAnd node nrTo nyRSSI value d ofryJudging whether the three points can form a triangle or not by utilizing the trilateral sum theorem of the triangle, and if so, containing a monitoring node nr、nyNumbering and suspicion list Doubt [ i ]]Is sent to nrStep S32 is entered, otherwise another ordinary node n with inferior reputation degree is selectedzRepeating the determination until a satisfaction is foundThree sides of the triangle and nodes of the theorem;
s32, according to the monitoring node nrNeighbor list Neir[k]Information of (2), search for nrSelf-to-suspicion list double [ i ]]Respectively comparing the RSSI values of the suspicious nodes, and if the RSSI values of the suspicious nodes reach nrIf the RSSI difference is greater than the error e, the set of suspect nodes is selected from the suspect list, Doubt [ i ]]Removing; wherein k represents a node nrThe neighbor node number of (1);
s33, if Doubt list, Doubt]If there are still remaining suspicious nodes, it will contain monitoring node nr、nyNumbering and suspicion list Doubt [ i ]]Is sent to nyBy monitoring node nyRepeating the operation of step S32; otherwise the suspicion list Doubt [ i ]]None of the suspicious nodes in the set of nodes are Sybil nodes;
s34, if the Doubt [ i ] has the remaining suspicious nodes, determining the Doubt [ i ] as the Sybil nodes, diffusing the Sybil node information to the whole network, and excluding the Sybil nodes; otherwise, doubting that all suspicious nodes in the double [ i ] are not Sybil nodes.
2. The method of detecting Sybil nodes of claim 1, wherein the step S1 includes the following sub-steps:
s11, randomly and uniformly throwing the common nodes in a certain range, collecting surrounding data by using the common nodes, simultaneously forwarding data of other nodes as routing nodes, and converging the data to a convergent node;
s12, the sink node broadcasts the Hello message to the surrounding, the first group of common nodes which receive the Hello message reply the ACK message to the sink node, and is marked as a first hop node;
s13, the first hop node broadcasts the Hello message to the surrounding, the non-first hop node which receives the Hello message is marked as a second hop node, and meanwhile, an ACK message is replied to the first hop node which sends the Hello message; mutually listing the first hop node and the second hop node as neighbor nodes of the other party, and establishing a neighbor list;
s14, sequentially obtaining a third hop node and a fourth hop node by adopting the same method as the step S13, and establishing a neighbor list of each common node;
s15, randomly and uniformly throwing the monitoring nodes;
s16, each monitoring node controls and sends radius broadcast information, sends a data packet containing ID information of the monitoring node, and neighboring nodes receiving the data packet feed back information to the monitoring node and join the monitoring area of the monitoring node;
s17, each monitoring node compiles ID information for the ordinary nodes in the own monitoring area, sends Hello information to the ordinary nodes in the own monitoring area, and determines the own neighbor list.
3. The method of claim 2, wherein the neighbor list includes neighbor node information and RSSI values from itself to neighbor nodes.
4. The Sybil node detection method of claim 2, wherein the number of monitoring nodes is 10% of normal nodes.
5. The Sybil node detection method of claim 2, wherein a radius of a monitoring area of the monitoring nodes is 1/2 of a communication radius of a common node.
6. The method of detecting Sybil nodes of claim 1, wherein the common nodes n arer、nyAnd nzCannot exist in the suspicion list double [ i ]]In (1).
7. The Sybil node detection method of claim 1, wherein the reputation is calculated by the formula:
Val=a×Pr+b×Power (1)
wherein Val represents the node reputation, a and b are two weight coefficients, 0< a <1, 0< b <1, a + b is 1, Power is the residual energy of the node, Pr is the total forwarding rate of the node, and the calculation formula is:
wherein f represents the number of the forwarded data packets counted by the monitoring node from the beginning of the work, and r represents the number of the received data packets counted by the monitoring node from the beginning of the work.
8. The method of detecting witch nodes in claim 1, wherein the adaptive threshold value is calculated by the following formula:
T(n)=T(n-1)*{Pt+[1-Pt]*p(n)} (3)
wherein T (n) represents the adaptive threshold value of the nth monitoring period, the initial value T (0) of T (0) is 0.7, p (n) represents the node forwarding rate of the nth monitoring period, Pt represents the total forwarding rate of the monitoring area from the beginning of operation to the nth monitoring period, and the calculation formula is as follows:
wherein p (i) represents the node forwarding rate of the ith monitoring period, and A represents the number of data packets received by the monitoring area in the ith monitoring period.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711372381.6A CN108040325B (en) | 2017-12-19 | 2017-12-19 | Sybil node detection method based on RSSI value and credit degree |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711372381.6A CN108040325B (en) | 2017-12-19 | 2017-12-19 | Sybil node detection method based on RSSI value and credit degree |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108040325A CN108040325A (en) | 2018-05-15 |
CN108040325B true CN108040325B (en) | 2020-05-05 |
Family
ID=62099796
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711372381.6A Expired - Fee Related CN108040325B (en) | 2017-12-19 | 2017-12-19 | Sybil node detection method based on RSSI value and credit degree |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108040325B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109995790B (en) * | 2019-04-11 | 2021-07-23 | 南方电网电力科技股份有限公司 | Node identity authentication method, device and equipment for industrial Internet |
US11706625B2 (en) | 2020-09-03 | 2023-07-18 | Cisco Technology, Inc. | Malicious black hole node detection and circumvention |
CN112929882B (en) * | 2021-01-15 | 2022-05-03 | 电子科技大学 | Method for identifying Sybil nodes and overlapped nodes |
CN113727349B (en) * | 2021-09-07 | 2024-04-26 | 沈阳化工大学 | Method for detecting abnormal network node of Sybil attack based on Mahalanobis distance |
CN114339766B (en) * | 2021-11-27 | 2024-02-09 | 北京工业大学 | Urban Internet of vehicles Sybil attack detection method based on coarse-fine granularity tracks |
CN115866605B (en) * | 2023-02-14 | 2023-05-09 | 东南大学 | Method for detecting and isolating witches attack based on signal intensity |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105873065A (en) * | 2016-03-28 | 2016-08-17 | 南京邮电大学 | Safe positioning method of wireless sensor network based on trust level evaluation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1488333B1 (en) * | 2002-03-01 | 2010-10-06 | Enterasys Networks, Inc. | Location aware data network |
-
2017
- 2017-12-19 CN CN201711372381.6A patent/CN108040325B/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105873065A (en) * | 2016-03-28 | 2016-08-17 | 南京邮电大学 | Safe positioning method of wireless sensor network based on trust level evaluation |
Also Published As
Publication number | Publication date |
---|---|
CN108040325A (en) | 2018-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108040325B (en) | Sybil node detection method based on RSSI value and credit degree | |
Subba et al. | Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation | |
Qin et al. | Research on trust sensing based secure routing mechanism for wireless sensor network | |
Ahmed et al. | Mitigation of black hole attacks in routing protocol for low power and lossy networks | |
Stetsko et al. | Neighbor-based intrusion detection for wireless sensor networks | |
Şen et al. | Intrusion detection in mobile ad hoc networks | |
Karthigha et al. | A comprehensive survey of routing attacks in wireless mobile ad hoc networks | |
Coppolino et al. | Applying data mining techniques to intrusion detection in wireless sensor networks | |
Sasikala et al. | An intelligent technique to detect jamming attack in wireless sensor networks (WSNs) | |
Sánchez-Casado et al. | Identification of contamination zones for sinkhole detection in MANETs | |
Venkanna et al. | Black hole attack and their counter measure based on trust management in manet: A survey | |
Meng et al. | Evaluation of detecting malicious nodes using Bayesian model in wireless intrusion detection | |
CN109756515A (en) | Black hole attack detection and method for tracing based on suspicious degree accumulation | |
Kim et al. | Physical identification based trust path routing against sybil attacks on RPL in IoT networks | |
Joseph et al. | Performance evaluation of MANETS under black hole attack for different network scenarios | |
Ramachandran et al. | [Retracted] A Low‐Latency and High‐Throughput Multipath Technique to Overcome Black Hole Attack in Mobile Ad Hoc Network (MTBD) | |
Dani | Detection of Denial-of-Service Attack Using Weight based Trust Aware Routing Approach. | |
Sultan et al. | An Intrusion Detection Mechanism for MANETs Based on Deep Learning Artificial Neural Networks (ANNs) | |
Kareem et al. | ML-based NIDS to secure RPL from routing attacks | |
Zhang et al. | Jamming-resilient backup nodes selection for RPL-based routing in smart grid AMI networks | |
Babu et al. | Efficient enhanced intrusion identification and response system for MANETs | |
Hikal et al. | Detection of black-hole attacks in MANET using adaboost support vector machine | |
Taghanaki et al. | A decentralized method for detecting clone ID attacks on the Internet of Things | |
Ahmed et al. | Countering node misbehavior attacks using trust based secure routing protocol | |
Rajalakshmi et al. | A Hybrid Approach for Detecting and Preventing Security Attacks in MANETs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200505 Termination date: 20201219 |
|
CF01 | Termination of patent right due to non-payment of annual fee |