| The rise of wireless sensor network technology, the logical world of information and the real physical world, together achieve a "ubiquitous computing" mode. The wireless sensor network technology is considered one of the most important technologies in the21st century. As wireless communication technology and computer technology are growing, wireless sensor networks are gradually moving towards the concept of large-scale high-tech applications, which will set off a second computer, Internet and mobile communication network in the world after the third wave of the information industry. It will be the development and widespread use of people’s social life and industrial revolution brought great impact and a great impetus.The security of wireless sensor networks is one of the important part of wireless networks. As wireless sensor networks in the military, security and other fields are widely used, wireless sensor network security issues are very important. As the wireless sensor itself supply the energy,, computing power, storage space is limited。 And many sensor networks are deployed in environments where harsh or hostile areas, which makes the wireless sensor network security is a greater threat to the sensor nodes can easily be captured.Nowadays, people did a lot of research on the security of wireless sensor networks. The use of key management, authentication and other technologies are to enhance the security of wireless sensor networks. However, these measures lack invasion adaptive capacity, can not effectively detect and wireless sensor networks exist intrusion. Intrusion detection depth as a proactive protection technology, you can detect network logs, network traffic and other activities to discover host running malicious intrusions, and for different types of intrusion respond differently. However, due to the unique nature of wireless sensor networks makes some of the existing intrusion detection mechanism is difficult to apply them, so research suitable for wireless sensor network intrusion detection method is particularly important.In this thesis, the wireless sensor network node localization, data transmission and the overall operation of such different states were studied, proposed targeted forensics-oriented wireless sensor network intrusion detection method. First, in the wireless sensor network localization process, this thesis presents a handshake between nodes using the Unicom communication method to quickly determine the confidence set of nodes (locations have been identified and the collection is strongly connected), and according to the set of nodes to calculate confidence the unknown node’s location. Node localization process is vulnerable to intrusion, which copy is the most common form of attack attack. Localization algorithm presented in this thesis, based on the further expansion of its security features, the positioning method is proposed for intrusion detection algorithms, to ensure fast, accurate positioning, while achieving node localization process of security. Second, we propose a hybrid tunnel technology to achieve wireless sensor zombie network intrusion detection algorithm. The algorithm uses the botnet temporal similarity to the existing botnet detection algorithm has been improved to be transferred from the traditional network to a wireless sensor network, enabling data transmission in wireless sensor network security detection methods. Third, this thesis based on genetic algorithm to improve the cost-sensitive detection method for wireless sensor networks. Use cost matrix to calculate the suitability of the rules, and use the most relevant five attributes instead of the original nine detection properties. Since clustering to reduce the number of attributes, the algorithm running time was gained increased, while the accuracy of the algorithm is not affected.The main work and contributions include:1. An indoor positioning algorithm in wireless sensor networks was proposed.For positioning beacon nodes using a single large error prone problem, this thesis proposes a set of confidence-based localization in wireless sensor node localization algorithm. The algorithm uses beacons handshake communication between nodes to determine each beacon node neighbors. Node to be positioned outward positioning request after near each beacon node to send their location information and the neighbor table information. Node,which is positioned according to the received information, generates confidence collection of nodes, and use the collection beacon nodes to calculate their coordinates. Method using a plurality of beacon nodes mutual cooperation, reducing the resulting single-point positioning error, improves the positioning accuracy. Meanwhile, the node position calculation algorithm to improve the method of calculating the position of node reduces complexity and improves the efficiency of the node location. To ensure the security of the algorithm, the proposed localization algorithm based on its intrusion detection research thesis. To copy the attack is for sensor networks common attacks. At present, many organizations are detection methods for replication attacks carried out research. Existing methods generally require precise location information of nodes, or the use of the system as the basis of the time information. Larger overhead of these methods, in order to ensure the detection rate, send and receive large amounts of data packets, thereby increasing the energy and the transmission overhead. In view of this point deficiencies, this thesis proposes an improved node replication attack detection method, using a simple method for detection of copy nodes ranging attack nodes, the use of multi-node mutual distance method to detect the pseudo-node network, without knowing each the specific location of a node, only on the relative position of the node, using the generated the three decision rule, to find the network to be detected replicate. Algorithm flexible, stable, able to achieve the proposed wireless sensor network for rapid detection of networking requirements and do not need to add additional hardware and software.2. A tunnel-based botnet wireless sensor network security detection algorithm was proposed.As the rapid development of wireless sensor networks, sensor networks has increased dramatically, which will take up a lot of IPv4addresses. For now, IPv4address number is already very scarce. To solve the insufficient number of IPv4One way is to use IPv6to replace IPv4. The IPv4network is the main component of the Internet, is very large, therefore, IPv6instead of IPv4is not a short period of time can be achieved, the middle bound for a long time after the IPv4and IPv6networks is mixed state. For this major botnet network security threat, to the IPv6network and IPv4network there is a big difference between the original IPv4network botnet detection methods can not be directly applied to the mixed IPv4/IPv6network in the past, which makes IPv4/IPv6hybrid network faces serious Internet threats.This thesis presents a tunneling protocol-based botnet detection methods. This method is mainly applied to the use of technology to achieve data transmission tunnel IPv4/IPv6hybrid networks. The method of each wireless sensor network simulation detects a node in the network. These types of nodes can be IPv4or IPv6type. This article assumes that they exchange data and control network technology is the use of the tunnel IPv4/IPv6conversion.This method uses protocol analysis technology, network communication protocol based on highly specific rules of the network layer of pure IPv4packets, IPv6packets, IPv4in IPv6packets, IPv6in IPv4packets are four types of data packets for analysis, extract the source IP address, source port, destination IP address, destination port, and network protocols quintuple. Use clustering algorithm to obtain the cluster analysis of data, according to the botnet data similar characteristics with time and space, from the data stream information to identify bots. The algorithm does not need to consider other levels of data protocols, only need to use the network layer packets to identify botnet monitoring networks, high speed, high accuracy characteristics for future hybrid network intrusion detection botnet laid the foundation.3. A genetic algorithm-based cost-sensitive security detection method for wireless sensor networks was improved.Compareid with the traditional sensor network intrusion detection methods, this thesis presents a cost-sensitive evidence genetic algorithm for intrusion detection. As the wireless sensor network in computing power, storage space and battery power and other aspects of traditional networks have significantly different. We must maximize the reduction of wireless sensor network intrusion detection algorithm complexity.Genetic algorithm is currently widely used in intrusion detection algorithms. Genetic algorithm’s key issues are the compatibility of the error. The algorithm is implemented using rule sets Michigan algorithms to generation, so that both can resolve the error compatibility issues, but they can efficiently produce the result set. In this thesis, KDDCup99data sets, the data set is now widely used, is an effective and accurate data sets. The data related to four categories of intrusion detection are Dos (denial-of-service), Probe, U2R (user-to-root) and R2L (remote-to-local). Data attributes include nine basic properties and32derived attributes. Detection methods currently used, the main properties is the use of nine basic divisions of attacks. This division of this method is proposed to improve the use properties of the five most relevant separately for each type of attack to be divided. This detection method can be greatly improved detection efficiency. Because intrusion detection more sensitive testing costs, this thesis proposes the use of cost matrix calculation rules of fit and faster to find the most appropriate division rules and greatly improves the detection efficiency of the algorithm and reduces the false alarm rate. |
