无线传感器网络虚假数据过滤及恶意节点定位问题研究

发布时间：2018-08-19 10:31

【摘要】：随着嵌入式计算技术、传感器技术和通信技术的迅猛发展,无线传感器网络由此应运而生,并在军事、环境监测和保护、医疗护理、建筑、工业、农业、智能家居系统、仓储管理等许多领域得到广泛应用,现已被誉为新世纪三大高科技产业之一。和传统的网络不同,无线传感器网络是将大量廉价微型传感器节点随机部署在监控区域,通过自组织方式构成无线网络,各节点协作感知、采集和处理监控区域中对象的信息,并通过多跳的方式将信息传输给汇聚节点和用户,每个节点除采集和处理数据外,还具有路由器的功能、动态搜索、定位和连接的功能。传感器网络节点通常部署在野外或敌方区域,由于价格低廉、抗捕获能力较弱,攻击者可利用捕获到的节点,获取其中的敏感信息,并将之改造成为恶意节点。由于这类节点和正常节点一样拥有合法的密钥等私密信息,基于密码学机制的安全认证方案无法识别出这类恶意节点。攻击者就可通过这些恶意节点独立或相互配合发动各种类型的攻击,若不加以防范,这些攻击将导致正常的请求达不到满足,消耗网络有限的资源,造成部分网络临时或永久瘫痪,同时引发错误警报,影响用户决策。本文围绕虚假数据途中过滤、防范选择性丢弃的途中过滤和恶意节点的溯源追踪等问题展开研究。主要研究工作与创新特色如下： 1)虚假数据的途中过滤。针对当前的途中过滤策略难以有效应对恶意节点之间的协同攻击问题,提出了一种基于邻居节点监听的虚假数据过滤策略。该策略中,每个节点保存两跳邻居信息,接收数据包节点通过监听上游节点是否发送ACK包来判断上游节点是生成数据包的节点还是中间转发节点,从而确保恶意节点不能利用已俘获的节点成功伪造其他区域发生的事件而不被识别出来,在绝大多数情况下,虚假数据包将在一跳之内被过滤掉。该策略提高了途中过滤效率,降低了恶意节点对网络的影响,延长了网络生存期。 2)防范选择性丢弃的途中过滤。现有的虚假数据途中过滤策略中,一个隐含的基本前提就是假设途中节点是正常节点。当途中恶意节点有选择性的丢弃合法数据包时,现有的途中过滤策略无法判断出丢弃的数据包是虚假数据包还是被恶意节点丢弃的合法数据包。针对该问题,提出了一种防范选择性丢弃的虚假数据途中过滤策略。该策略采用逐步认证的方式递交数据包,不仅可过滤虚假数据,而且可识别出合法数据被选择性丢弃的行为。此外,由于数据包中附加的是T个节点的最新单向链密钥,而不是传统策略的MAC,确保一个合法数据包不会因恶意节点附加错误MAC而被途中节点或Sink过滤掉。 3)恶意节点的溯源追踪。虚假数据过滤策略虽然能有效过滤虚假数据,但不能消除恶意节点对网络的破坏作用,针对该情况,提出了两种快速追踪定位恶意攻击节点的策略。针对稠密节点的网络环境,提出了一种基于邻居节点信息的溯源追踪策略。利用相互通信的两个节点及其共同邻居节点保存接收到的数据包特征信息,Sink节点可逐跳溯源追踪至攻击节点。该方法不需要收集大量攻击数据包便可定位攻击节点,且溯源追踪过程不受路由变化的影响。针对稀疏节点的网络环境,提出了一种基于两跳邻居的边标记策略。该策略将网络中节点分为标记节点和非标记节点,只有标记节点才需概率性标记数据包,从而将重构攻击路径长度降为现有概率边标记策略的1/2,定位攻击节点需收集的攻击数据包大大降低。
[Abstract]:With the rapid development of embedded computing technology, sensor technology and communication technology, wireless sensor networks emerge at the historic moment and are widely used in many fields, such as military, environmental monitoring and protection, medical care, construction, industry, agriculture, smart home system, warehouse management and so on. Now it has been praised as one of the three high-tech industries in the new century. Unlike traditional networks, wireless sensor networks (WSNs) deploy a large number of inexpensive micro-sensor nodes randomly in the monitoring area to form a wireless network by self-organizing. Each node cooperatively senses, collects and processes the information of the objects in the monitoring area, and transmits the information to the sink node and the user through multi-hop mode, each node. Besides collecting and processing data, it also has the function of router, dynamic search, location and connection.
Sensor network nodes are usually deployed in the field or enemy area. Because of the low price and weak anti-capture ability, attackers can use the captured nodes to obtain sensitive information and transform it into malicious nodes. Security authentication schemes can not identify such malicious nodes. Attackers can launch various types of attacks independently or in coordination with each other through these malicious nodes. If not prevented, these attacks will lead to normal requests can not be met, consume limited network resources, cause temporary or permanent network paralysis, and cause errors. Alerts affect user decisions.
This paper focuses on the filtering of false data on the way, the filtering of selective discarding on the way and the traceability of malicious nodes.
1) On-the-way filtering of false data. To solve the problem that the current on-the-way filtering strategy is difficult to effectively deal with the cooperative attack between malicious nodes, a new false data filtering strategy based on neighbor node sniffing is proposed. Packets determine whether the upstream node is a node that generates packets or an intermediate forwarding node, thus ensuring that malicious nodes can not use the captured node to successfully forge events in other areas without being recognized. In most cases, false packets will be filtered out within one hop. It reduces the impact of malicious nodes on the network and prolongs the lifetime of the network.
2) Prevent selective drop-in-the-way filtering. An implicit basic premise of the existing filter strategy for false data in-the-way is to assume that the nodes in the path are normal. When malicious nodes selectively discard legitimate packets on the way, the existing filter strategy can not determine whether the discarded packets are false or are being discarded. To solve this problem, this paper proposes an on-the-way filtering strategy to prevent selectively discarded false data. This strategy delivers data packets with step-by-step authentication, which not only filters false data, but also identifies the selectively discarded behavior of legitimate data. The latest one-way chain key of each node, rather than the traditional MAC strategy, ensures that a legitimate packet will not be filtered out by the on-going node or Sink due to malicious nodes attaching erroneous MAC.
3) Traceability of malicious nodes. Although the false data filtering strategy can effectively filter the false data, it can not eliminate the destructive effect of malicious nodes on the network. In view of this situation, two strategies are proposed to quickly track and locate malicious attack nodes. Tracing strategy. By using two communicating nodes and their common neighbors to store the received packet feature information, the Sink node can track the source to the attacking node hop by hop. This method can locate the attacking node without collecting a large number of attack packets, and the tracing process is not affected by routing changes. In the network environment, an edge marking strategy based on two-hop neighbors is proposed, which divides the nodes into labeled nodes and unlabeled nodes, and only labeled nodes need probabilistic labeled packets. Thus, the reconstructed attack path length is reduced to 1/2 of the existing probabilistic edge marking strategy, and the size of attack packets to be collected by the attacking nodes is located. It's a big drop.
【学位授予单位】：中国科学技术大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP212.9;TN929.5

【参考文献】