河图雷达武汉东湖表面波浪探测实验

中国中国--PAGE1SinkholeAttackDetectioninClustered-basedSelf-organizingNetworksZhangFangjiao1,2,ZHAI (1.SchoolofComputing,BeijingUniversityofPostsandTelecommunications;2.InstituteofInformationEngineering,ChineseAcademyofScience)Abstract:Self-organizingnetworkshasvastappliedforegroundinthefuturebecauseofitslow-cost,save-power,andeasyimplementationetc.Butinsuchmanyapplications,someofthemplacehighdemandsonit.Andsafetybecomescriticalforwideapplication.Sinkholeattackisacommonattack,10whicheasilyiscombinedwithotherattackstocausemoredamage.Inthispaper,amethodtodetectthesinkholeattackisproposed.Twoargumentsareraisedtohelpdetectthenodessufferingfromsinkholeattack,CreditRatingandFlowdifference.Keywords:sinkholeattack;detection;self-organizingnetworks; 15Aself-organizingnetworkisamulti-hoptemporaryautonomoussystemmadeupofagroupofmobilenodeswithwirelesstransmittersandreceivers.Notrelyingonanypresetinfrastructure,itwouldachieveautomaticorganizationandrunningofthenetworkinarbitrarymeshtopology.Togetherwithmicro-processingandwirelesscommunicationcapabilities,itiswidelyusedonoccasionswhichrequirerapiddeploymentanddynamicnetworking,suchasmilitary20communicationsandemergencycommunications.Theself-organizingnetworkisbecomingaresearchsubjectofgreatsignificanceinpracticalapplication.Withrapiddevelopmentofwirelesscommunicationandelectronicdevicestechnology,thestatehasalsofurtherincreaseditsinputinresearchanddevelopmentoflowcostlowenergyconsumptionwirelesssensor.However,thereareavarietyofattacksthatthreatennetworksecurityinself-25networks,includingSybilattacks,selectiveforwardingattack,SinkholeattackWormholeattacksandHELLOFLOODattacks.Eachnodeinnetworksisnotonlydataterminal,butalsoarouterresponsibleforforwardingdatapackets,whichmakestheroutingprotocolconsiderableinthewholenetwork.Manyoftheattacksjusttakeadvantageoftheprotocolloopholelaunchingmaliciousattackbythecapturednodewithinthenetwork,stealingprivacyinformation,30badlyaffectthenormaloperationofnetworksandendangerthesafetyofthenetwork.Atitsworst,thenetworkswouldbeparalyzed,leadingtoagreatloss.Sinkholeattack,mainlydiscussedinthispaper,isarelativelycommonattack.Thenodesattackedclaimtobeabletoprovideasingle-hop,high-qualitypathtothebasestation,whichattractstheneighbornodestochangetheoriginalroute.Andpacketssenttothebasestation35discardedorforwardedtothesinkholeattacker,whichseriouslydamagestheloadbalancingofthenetworkandalsoprovidesaplatformforotherattacks.Itiseasilycombinedwithotherattacks,causinggreaterdamagetothenetwork.Thecurrentresearchinthisareaisrare,especiallyinourcountry.Hereisanewapproachtotestifnodesaresufferingfromsinkholeattackbasedonpriorworks.Theprocessismainlycompletedbythetwo40attributesofnodes,CreditratingandTrafficdifference.Boththesinglenodeattackedandmanycollaboratingnodescouldbedetectedeffectivelywhichisthemaincontributionofthepaper.Briefauthorintroduction:ZhangFangjiao(1989-),female,astudentfromBeijingUniversityofPostsandTelecommunications,researchinsecurityofInternetofThingsandmobileInternetandsoonTherestofthepaperisorganizedasfollows.InSectionII,someresearchworkbeforeaboutsinkholeattackisintroducedbriefly.InSectionIII,thenewapproachweraiseisdiscussedthoroughly,akeypointinthepaper.SectionIVtellssimulationandanalysisoftheidea.Finally,45wesummarizeourworkinafew1RelatedSofar,someresearchershaveputforwardvarioussolutionstosinkholeattackathomeandabroad,aconsiderablepartofwhicharesafepoliciesbasedonencryptionalgorithm,suchasSARin[1]andSEAD[2].Thesesecureroutingprotocolscouldprovidebetterguaranteeforsecure50routing.Butthesestrategiesneedtoaddcomplexencryptionalgorithm,decryptionalgorithmandrespondingprotocol,whicharemuchmorecomplicatedandpayahighpriceforsecurity.Ofcourse,therearealsosomeothermethodsrelativelysimplethatcouldsolvethesinkholeattack.M.Al-shurmanetalin[3]mentionthatredundantroutingsareusedtotestnodes.Atleastthreedifferentroutingaredetectedandthesourcenodepingsthem.Thesourcenodechecksreplies55frommaliciousnodesandthedestinationtojudgethenodesafeornot.Onlywhenthesaferoutingisrecognized,doesthenodesendstoreddata.S.Martietalproposetwoconcepts-WatchdogandPathraterin[4].ItisassumedthatnodeAcouldmonitorthecontentsofnodeC,whileCcanalsomonitorA.WhensendingpacketstonexthopnodeC,nodeA,knowingDisthenexthopofC,canlistenpacketsCforwardingtoD.So,everynodeistheWatchdogofothernodes.Ifnot60forwardingthepacketfromitpriornode,thenextnodeisjudgedabnormalanditmaybeI.Adaetalin[5]usethecreditratingtocheckthecredibilityofnodesinthenetwork.Thismethodreliesontheexactpathofpacketsgothrough.Ifpacketsaresuccessfullytransferredthroughapath,thenthecreditratingofnodesonthepathwouldbeincreased.Onthecontrary,decreasethecreditratingofnodes.Othernodesremainasbefore.Ourworkisjustspiredbytheidea.Inthe65recognitionandunderstandingofsinkholeattack,manyinnovativesolutionsalsoemerge,whichhavehugeimprovementinperformance.[6,7]refertoanapproachbyvalidatingtheresponseinformationfromthenexthopneighbornode.WhennodeCinformsnodeAthatnodeBisthenexthop,nodeAdoesnotimmediatelybelieveitandwouldsendenquirypackettoNodeBtocheckifthereisaroutefromBtodestination. Themethodsmentionedabovecouldavoidthesinkholeattacktosomedegree,buttheyaimedatsinglemaliciousnode,notconsideringthecasethatsomemaliciousnodesactcooperativelywitheachother.Then,theresultsobtainedarefalse.However,afewstudieshavebeendoneformutualcooperation.In[8],theapproachbyvalidatingtheresponseinformationfromthenexthopneighbornodeisimprovedtobesuitabletomanymaliciousnodes.Thesourcenodeexaminesneighbor75nodetovalidatetodeterminetheauthenticityofinformationreceivedandadoptrecursivemulti-hopauthenticationtopreventanaccompliceattack.Inordernottofallintoinfiniteloopverification,anadjustableparametervariableisintroduced.However,itisdifficulttoknowwhattheparameterisonearth.Ourworkcouldalsoplayacertainroleinavoidingmostofmanymaliciousnodesattack.802SinkholeattackTocompletethesinkholeattackdetectionprocess,twoparametersareraised,creditratingandflowdifference.Thedetailedexplanationisgivenbelow.Creditratingrepresentscredibilityofthesensornode,thatishowmuchIcouldtrustthenode. canbecalculatedaccordingtothealgorithm.Supposethecreditratingofthesensornodei

{1,2,3，……，m})inanyclusterisCi.Anditsinitialvalueequalszero.Whenapacketisforwardedsuccessfullythroughalink,thenallthenode’screditratingvalueincreasesonthelink.Instead,thenode’scredibilitydecreases.Thesensornodesleftremainthevalue.Therewouldbehighestandlowestcreditratingineachclusterarea,whichcanbecalculatedbytheclusterheadutilizingstatisticmethods.WenamethemChandClrespectively.Flowdifferenceisdefinedasthetrafficgapbetweenleavingthenodeandenteringthenode.Normally,thevalueshouldbenon-negativebecausethenodehastotransferthedatagatheredbyitselfinadditiontoforwardothernodes’packets.SinkholeAttackScenario:weproposedonemethodusedtodetectthenodesthatareundersinkholeattack.ThetopologyisdepictedasFig.1.Inthefigure,S1representscollectioncomposedofsuspiciousnodesandthecollectionS2containsnodesattackedbysinkhole.Therearenclusterareasinthemonitoringarea,aninteger.Everyclusterareacontainsmcommonnodes,anintegertoo.Themonitoringdevicemonitorsthetrafficofeachclusterhead.Andclusterheadskeeptrackofthecommonnodes’creditratingandflowdifferenceincorrespondingclusterareaperiodically.

Fig.1Self-organizingNetworkTheprocesstodetectthenodessufferfromsinkholeattackisshowninFig.2.Itcanberoughlydividedintothreesteps.Step1:tomonitorclusterheads’Themonitordevicetracksanddisplaysflowchangeofalltheclusterheadsintheself-organizingnetworkonareal-timebasis.Asisknowntoall,theflowofclusternodesshouldbeverysmoothforaperiod.AndwesetittoT.Itisimpossibleformajorchange.IfthenumberofpacketstransferringfromoneclusterheadtothebasestationdropssharplyandsuchphenomenonlastsforT1ormuchlonger,therespondingclusterareaisjudgedtobeabnormal.T1isin1-minuteunitandrangesfrom1to10.Next,theclusterareawouldbeanalyzedandtestedparticularly.Step2:toformsuspiciousnodessetThereexistssuchacasethatmanymaliciousnodescollaboratewitheachothertoincreasetheircreditratingssothattheircreditratingsareextravagantlyhigh.Thus,wethinknodesarenotcredibleuntiltheircreditratingsarebetweenClandCh.Supposeclusterarea1isabnormal.

Troughcontinuouscycledetectiontonodesinclusterarea1,placethenodeswhosecreditratingsarelessthanClormorethanChintothesuspiciousnodessetS1.Then,nodesinS1wouldbeanalyzedfurtherbytheflowdifference.Similarly,checkthenodesinS1cyclicallytoseewethertheirflowdifferenceisnegativeornot.Iftheywere,theywouldbecategorizedtodevelopnewsetS2,containingthenodesreallysufferingfromsinkholeattack.Inthisstep,nodeswithhighercreditratingareexcludedbecauseofbigdataflowitself.Step3:toformsinkholeattacknodessetAfterstep2,thenodesfinallyarefixedthataresufferingsinkhole.Anwarningisproducedinthemonitoringdeviceinordertodefendagainstanddealwithsinkholeattack.Byconductingtheabovethreesteps,nodeshavebeenattackedaredetectedeffectivelyandalsoanalarmwarningsendstothemonitordeviceandgainpeople’sattention.Itcouldbeagainstagreatloss.Themostmeaningfulisthattheapproachnotonlycansolvethesinglemaliciousnodeattackinself-organizingnetworks,butalsocandetectseveralcollaboratingmaliciousnodes,whichisthemostimportantthinginthearticle.Fig.2SinkholeAttackNodesDetection

Inthepaper,basedontheattributesofsinkholeattack,twoparametersareproposedtopreventit,CreditratingandFlowdifference.Thesimulationalsoprovesthefeasibilityoftheapproachforbothsinglemaliciousnodeandcoordinatedattackofmanynodes,whichisthemaincontributionofthepaper.Infuture,wewouldperfectthemethodabove,especiallyinsimulationandYCHu,DBJohnson,APerrig.SEAD:secureefficientdistancevectorroutingformobilewirelessadhocnetworks[J].The