摘要
在无线传感器网络中,被俘获的恶意节点可以发动虚假数据注入攻击,即不断发布虚假数据耗尽网络资源,为应对此类型攻击需快速追踪定位到攻击节点,提出一种基于邻居节点信息的溯源追踪策略.在本策略中,每个节点保存两跳邻居节点信息,通过单向链密钥对发送数据包节点进行认证,避免了恶意节点伪造其他节点身份发送数据,相互通信的两个节点及其共同邻居节点记录接收到的数据包特征信息,当网络中存在虚假数据注入攻击时,因途中转发节点的邻居节点都存储有数据包的特征信息,Sink节点可以依据此类信息逐跳溯源追踪至攻击节点,因为利用了传感器节点的部分存储空间,本方法不需要收集大量攻击数据包便可定位攻击节点,同时,本方法的特性保证了溯源追踪过程不受路由变化的影响,更加健壮.理论分析和实验结果都表明该策略不仅能以较高的效率定位到恶意节点,而且能容忍路由的动态变化且能够应对合谋攻击.
Malicious nodes could launch false data injection attacks in wireless sensor networks and they could send a lot of forged packets in order to exhaust network resources. In order to address this type of attacks, we should locate attacking nodes as soon as pos- sible. Traceback mechanism based on neighbor information is proposed in this paper. Each node holds information of two-hop neigh- bors and verifies forwarding nodes using one-way secrete key chain. Therefore, malicious nodes cannot send packets by forged identi- fies. Sensor nodes sending, receiving packets and their neighbors store feature information of packets. Sink node can traceback to attac- king nodes hop-by-hop using feature information stored. In this scheme, we don ' t need a large number of false packets to locate attac- king nodes because some storage space is used in forwarding nodes. The analysis and experiments show that we could locate malicious nodes efficiently and it works in normal even if route paths change.
出处
《小型微型计算机系统》
CSCD
北大核心
2015年第3期483-487,共5页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(60873221)资助
安徽省教育厅自然科学重点项目(KJ2008A103)资助
