| With the rapid development of microelectronic design,embedded computation and wireless communication techniques,Wireless Sensor Networks(WSNs)have received wide attention from both academia and industry,due to its promising characteristics of low cost and easy maintenance.However,WSNs is vulnerable to a variety of security threats which can damage the routine network operations,owing to its inherent nature of open medium,limited system resources and lack of security infrastructure.Specifically,since the sensor nodes are deployed in an unattended manner,the attacker is able to physically capture and compromise the sensor nodes,and launch a various types of attacks with the help of compromised nodes.Moreover,the attacker can also generate the replicas of the compromised nodes and place them at multiple locations,or propagate worms into the network so as to enhance the effects of the attacks and extend the influence range.To address the misbehavior of the compromised nodes,most of the existing researches focus on the approaches that provides attackresilience to the network and protocols.These prevention-based approaches mitigate the impacts of the attacks on the sensor networks,but cannot settle the threats from the root.They require continuous upgrade with the emergence of new types of attacks.The fast detection of compromised nodes becomes an inevitable issue of the security researches in WSNs,since if the compromised nodes are identified and removed at the early stage of the attacks,damage caused by attacks can be constrained.To address this issue,a study of the threat model on the sensor networks,and the identification of the attack source from the perceptive of anomaly detection is presented in this dissertation.A novel anomaly detection based security solution for WSNs is proposed,aiming at rapidly detect and remove compromised nodes,and suppress the impacts of the derivative attacks such as node clone and worm propagation.More specifically,in order to protect the data security against false data injection(FDI)attacks,a malicious aggregator detection scheme is proposed in this dissertation,based on the state estimation,threshold-based determination and sequential hypothesis testing(SHT).Furthermore,a replica node identification scheme based on the deployment knowledge and location anomaly detection techniques,and a worm propagation detection scheme based on the biased sequential probability ratio testing(B-SPRT)techniques are proposed in this dissertation.Moreover,in order to provide the support for the performance evaluation of the proposed schemes,a novel type of secure collection and analysis system(Sec CAS)are presented with the integration of corresponding security technologies.The main contribution of this dissertation are described as follows:Firstly,a data model of sensor network aggregation based on hierarchicalbayesian spatialtemporal(HBST)modeling approach is proposed in this dissertation.The author proves that the data model can be approximated by a first-order autoregressive(AR(1))process.Based on this conclusion,a framework of false data injection detection is proposed,which is integrated of a local false data detection mechanism based on second-order divided difference filtering(DDF-2),and a malicious aggregator identification mechanism based on sequential probability-ratio testing(SPRT).In order to evaluate the security performance of the proposed scheme under the extreme conditions,the author present a security analysis based on the infinite two-player repeated games.The analysis result indicates that the proposed scheme can constrained the attackers of profits even in the worst case.Furthermore,both the theoretic and simulation analysis are presented to evaluate the performance of proposed scheme in terms of effectiveness,efficiency and overhead.The evaluation results show that the proposed scheme achieves high detection rate and low false positive rates with a small amount of detection samples.Secondly,a model of worm propagation based on the epidemic theory is proposed in this dissertation with the knowledge of the pattern of worm infection.With this model,the author presents an analysis on the impact of the node density,Qo S,the ratio of compromised nodes and mobility model on the infect cycle and throughput in different stages of worm infection,and derives the expected worm code throughput in the path of worm propagation.Based on these analysis,the author propose an anomaly traffic analysis based fast worm propagation detection for mobile sensor networks.This framework is constructed by the extraction,store and maintenance mechanism for worm propagation patterns,the traversalalgorithm forsuspicious data transmission path based on depth first search(DFS),and the suspicious path determination mechanism based on biased sequential probability testing(B-SPRT).The security analysis indicates that the proposed scheme can generate multiple sample which leads the SPRT process to the alternative hypothesis,which results in faster detection of the worm propagation path.Moreover,a simulation is also presented to evaluate the performance of the proposed scheme.The simulation results show that the proposed scheme can suppress the impact of worm propagation by detect and delete the infected at an early stage,and keep high accuracy detection rate and false positive rate regardless the influence of the Qo S and node mobility.Thirdly,a node replica attack detection scheme for static wireless sensor networks based on group random deployment strategy and location anomaly detection is proposed in this dissertation.This scheme describes the location distribution using the group random deployment strategy and model the node replica detection as a location anomaly problem,and solve the problem using the location anomaly detection approach.To measure the deviation between the location claim and actual location of the replica nodes,a metric named ideal expectation similarity(IES)is proposed in this scheme.Furthermore,an optimized computation method based on locality sensitivity hashing(LSH)is proposed to degrade the complexity of the IES computation.A heuristic security analysis is presented to evaluate the security performance under different attack strategies.The analysis results demonstrate that the proposed scheme increase the cost to launch a node replica attack.Moreover,a simulation analysis is presented to evaluate the impact of node density,location deviation on the performance under different attack strategies.The simulation results show that the proposed scheme is robust to the different Qo S and attack strategies.Fourthly,to address the challenges existing in the field of data collection and analysis in sensor networks such as real-time data state tracking,intelligent network reconfiguration.A secure data collection and analysis system(Sec CAS)for heterogeneous sensor networks are presented in this dissertation.This system works with the functionalities including real-time update of collected data and network topology,remote configuration of the system parameters,and integrates the implementation of cryptographic and anomaly detection algorithms,which provides support for performance evaluation of the proposed anomaly detection based security schemes.Moreover,an experimental analysis is proposed to evaluate the effectiveness and efficiency of the proposed system.The results indicate that compared to similar design,the proposed Sec CAS system significantly improves the packet delivery rate,and reduces the overhead caused by configuration of network parameters. |
PDF Full Text Request