无线传感器网络人工免疫入侵检测方法

发布时间：2018-04-09 09:03

本文选题：无线传感器网络　切入点：入侵检测　出处：《江南大学》2014年硕士论文

【摘要】：无线传感器网络(Wireless Sensor Network, WSN)作为一种新型信息获取技术，已逐渐成为在国际上备受关注的、由多学科相互交叉融合的新型前沿研究领域。其传感器节点数量巨大、部署在无人区域、多跳通信易受窃听和干扰、分布性、自组织等自身特性更是使得WSN的安全研究面临着巨大的挑战。本文主要研究WSN入侵检测技术，分析了网络中存在的主要威胁与攻击，选择和提取相应的特征作为检测特征，提出了一种分级混合入侵检测算法；并将人工智能领域的最新成果——人工免疫系统引入到WSN入侵检测中来，提出了两种基于免疫算法的入侵检测算法。 (1) WSN分级混合入侵检测算法。构建WSN基站级-簇级的两级入侵检测模型。采用主成分分析法进行特征降维，降低数据存储量和计算量；簇级中普通节点采用基于K近邻直推式信度机进行异常检测，簇头采用粒子群优化参数的支持向量机对检测到的异常进行进一步误用检测分类，，保障簇内节点安全；基站级将异常检测技术与误用检测技术相结合，处理簇头提交的监测数据，可同时提高检出率和降低误报率，保障簇头安全。 (2)基于改进V-detector的WSN入侵检测算法。充分利用基站资源不受限的特点进行训练样本的选取和检测器的生成及优化；普通节点负责数据的采集与特征的选取；设立专门的检测节点，对选取的特征进行降维，并先后采用记忆检测器集和成熟检测器集进行两级入侵检测。从训练样本的筛选、检测器的生成规则、检测器的优化算法以及检测阶段的检测规则四个方面对V-detector算法进行补充和改进，使其适用于能量有限的无线传感器网络。 (3)基于粗糙集和改进树突状细胞算法(Dendritic Cell Algorithm, DCA)的WSN异常检测算法。基于生物免疫系统原理，构架无线传感器网络异常检测框架：依据粗糙集属性约简理论进行信号降维，以减少数据存储量和计算量，同时设定异常检测输入信号选取机制；改进基于免疫危险理论的DCA，设定淋巴结树突状细胞(Dendritic Cell, DC)容量并引入DC更新机制，在降低节点数据存储量的同时保证了DC的新鲜性；将迁移阈值由固定取值改为区域取值，降低节点通信能耗；并修改了抗原异常评判标准，将静态抗原异常值变为动态，实时描述网络的动态异常程度。仿真结果表明：主成分分析方法与粗糙集属性约简方法均能达到较好的降维效果；分级混合检测算法能在小样本情况下同时降低虚警率与漏警率；基于V-detector的检测算法能降低数据存储量和计算量，提高检测率，并能快速应对二次进攻；基于改进DCA的检测算法能实时检测网络异常并具有较高的检测正确率。
[Abstract]:Wireless sensor network (Wireless Sensor Network, WSN) as a new information acquisition technology, has gradually become a concern in the world, a new frontier research field from several disciplines. The huge number of sensor nodes, deployed in unattended, multi hop communication is vulnerable to eavesdropping and jamming, distributed, self the organization's own characteristics is the research on the security of the WSN faces a great challenge. This paper mainly studies the WSN intrusion detection technology, analyzes the main threats and attacks in the network, select and extract the corresponding feature as the feature detection, we propose a hierarchical hybrid intrusion detection algorithm; and the latest achievements in the field of artificial intelligence the artificial immune system is introduced into the WSN intrusion detection system, put forward two kinds of intrusion detection algorithm based on immune algorithm.
(1) WSN hybrid intrusion detection algorithm. Constructed the two level intrusion detection model WSN base station level - cluster level. Using principal component analysis method for feature reduction, reduce the data storage and calculation; ordinary node cluster level based on K nearest neighbor transductive reliability for anomaly detection, cluster head by anomaly the detection of the support vector machine and particle swarm optimization parameters further misuse detection and classification, to ensure the safety of the node in the cluster; the base station level anomaly detection and misuse detection technology combined with the process of monitoring data submitted by the cluster head, which can improve the detection rate and reduce the false alarm rate, guarantee the cluster head safety.
(2) improved intrusion detection algorithm based on V-detector WSN. The generation and optimization of full use of characteristics of restricted base resources for the selection of training samples and detectors; the ordinary node is responsible for data acquisition and feature; the establishment of specialized detection node, to reduce the dimensionality of feature selection, and has the memory detector set and the mature detector set two level intrusion detection. From the selection of training samples, generating rules of the detector, supplement and improvement of V-detector algorithm in four aspects of detection rule optimization algorithm detector and detection stage, which is suitable for energy limited wireless sensor networks.
(3) the rough set and the improved algorithm based on dendritic cells (Dendritic Cell Algorithm, DCA) anomaly detection algorithm WSN. Based on the principle of biological immune system, anomaly detection framework architecture of wireless sensor network: Based on rough set attribute reduction theory of signal reduction, to reduce the amount of data storage and computation, while setting the anomaly detection input signal selection mechanism; Improved Immune Danger Theory Based on DCA, set the lymph node dendritic cell (Dendritic Cell, DC capacity) and the introduction of DC update mechanism, while reducing the node data storage to ensure the freshness of DC; will migrate from fixed value to the threshold value of region, reduce energy consumption and change; the abnormal antigen evaluation standard, static antigen abnormal value into dynamic, real-time dynamic description of the network. The degree of abnormality
The simulation results show that the method of principal component analysis and rough set attribute reduction method can achieve a better effect of dimension reduction; hierarchical hybrid detection algorithm can also reduce the false alarm rate and false alarm rate in the case of small samples; V-detector detection algorithm can reduce the amount of data storage and computation based on and can improve the detection rate. A rapid response to the two attack; improved DCA detection algorithm can correct detection rate of real-time network anomaly detection and has high based.

【学位授予单位】：江南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP212.9;TN929.5;TP274

【参考文献】