USST_Arts_112400453基于Ad Hoc一种针对AODV黑洞攻击的检测策略

VIP免费

3.0 牛悦 2025-01-09 4 4 3.03MB 65 页 15积分

侵权投诉

摘要

传统意义上，一般研究的无线通信网络是仅限于一跳的无线网络，例如生活

人们经常使用的蜂窝移动通信系统和无线局域网。军事上的需求促使一种新型的

无线网络出现-移动 Ad Hoc 网络，它与传统无线通信网络有着明显的差别，该网

络中不需要类似于基站、无线路由等固定的移动交换中心，并且，网络中的每个

节点所拥有的功能一般是相同的。距离相距较远节点间的通信通过中间节点多跳

转发实现，这就使得移动 Ad Hoc 网络中的节点既做为终端用户运行应用程序，同

时拥有路由器转发信息的功能。

网络的便捷根本性的改变了人类获取信息以及沟通交流的方式，但是网络安

全问题的研究题伴随的着网络的发展一刻没有停止过。网络安全一直人们研究的

热点，众多的研究团体对有线网络以及无线网络的安全问题做了大量的研究，并

将解决方案应用于生活和工作。移动 Ad Hoc 网络同样面临着网络安全的问题，开

放性的体系结构是该网络的一个关键特点，遗憾的是，这个特点也使得它相对于

其他有线网络更容易受到攻击。另外，暴露在空中的无线信道使得任何人都有机

会监听网络的信息；复杂的加密算法并不能直接应用于移动 Ad Hoc网络的节点中，

因为节点由于成本的考虑，其计算能力和内存大小通常有限的；节约节点电池能

量是维持网络长时间运行的一个有效的方法，但是攻击者不断请求节点信息使其

一直处于工作状态，这加快了节点电量的消耗，从而达到降低网络使用寿命的目

的。

移动 Ad Hoc 网络中的节点可以任意移动的，网络的拓扑结构不断变化，因此

在这样的网络中找到一条合适的路由显得尤其重要。从 20 世纪 80 年代，针对移

动Ad Hoc 网络设计大量的路由协议，常见的协议包括 DSDV、DSR、AODV 等。

黑洞攻击是按需路由协议（如 DSR,AODV）中一种常见的攻击方式，由于网络中

节点的对等性，恶意节点通过擅自伪造应答信息通知源节点它拥有一条到达目的

节点最新、最近的路由，源节点并不对应答信息的真伪进行鉴别，从而建立源节

点到目的节点的路由，导致网络中的数据都流向恶意节点。恶意节点将收到的数

据都直接丢弃，造成网络正常通信的瘫痪。

基于此，本文详细分析 AODV 协议的工作机制以及针对其的黑洞攻击方式，

通过阅读大量文献，研究了当前针对黑洞攻击不同的检测策略。然后，修改了 NS-2

中AODV 协议的源代码，实现了恶意节点发动黑洞攻击的方式，并验证了黑洞攻

击的效果，仿真数据表明，受到黑洞攻击的网络会出现大量丢包的情况；严重的

情况下，甚至网络运行期间的几乎全部数据都被丢弃（此时，恶意节点通常处于

网络的中心）。

同时，本文提出了一种针对 AODV协议黑洞攻击的检测策略，称为 SAB-AODV

协议（Security Against Blackhole-AODV）。运行该协议的网络节点能够在进行正常

的路由发现前，发现恶意节点。同时通过比较网络的分组投递率和设定的阈值，

节点可以再次发起检测新加入恶意节点的过程，仿真模拟结果表明提出的检测策

略能够有效的发现多个恶意节点。在 SAB-AODV 协议的基础上，又进一步改进了

触发检测黑洞节点过程的条件，分析了网络分组投递率、端到端的平均时延、标

准化的路由开销三个评价标准。

关键词：移动 Ad hoc 网络 AODV 路由协议黑洞攻击安全 NS-2

ABSTRACT

Traditionally Speaking, the research for wireless communication network is generally

limited to one-hop count, such as cellular mobile communication systems and wireless

LAN. Military needs promotes a new type of wireless network-Mobile Ad Hoc Network,

it is obviously different from traditional wireless communication network. The newly

network does not need base stations or wireless mobile switching center, and the

function of each node in the network is equal. The communication between nodes which

are far away is achieved by multiple-hop intermediate nodes, this makes nodes not only

running as end-user, but also has the function as a router to forward data packet in

mobile Ad Hoc network.

The convenience of network fundamentally changes the access to information and the

approach of communication, but the research of network security issues have not been

stopped with the development of network. Network security has been the hot spot

research, many groups did a lot of security research about cable network and wireless

network. Mobile Ad Hoc Networks is also facing the problem of network security, and

open architecture is a key feature of the network. Unfortunately, this feature makes it

vulnerable to be attacked compared to the wired network. In addition, radio channel

allows any person has the opportunity to monitor the information; the complex

encryption algorithm can not be directly applied to the nodes in Mobile Ad Hoc

Networks, because the computing power and memory size is usually limited; Saving the

battery power is an effective way to maintain the network to run in a long time, but the

attackers can reapeatly request information that make the node continuously working all

the time, this speeds up the node's power, so as to achieve the purpose of reducing the

network lifetime.

Mobile Ad Hoc network nodes can move in random way, which the network topology is

always changing. It is important to find a suitable route while the network topology is

changing. From the 1980s, a large number of routing protocols are designed for mobile

Ad Hoc networks, such as DSDV、DSR、AODV et al. Black hole attack is a common

attack in on-demand routing protocol(such as DSR, AODV). Due to the nodes in the

network are equivalent, malicious nodes make a forged response to notify the source

node that it has a new, less hop count route to the destination node, the source node do

not identify the authenticity of response information and establish the route to send the

data to the malicious node. The malicious node discard the received data, resulting in

network traffic to a standstill.

Based on the aboved description, a detailed analysis of the AODV mechanism and black

hole attack against AODV are discussed in this paper. By reading the literatures, the

current detection strategies of the black hole attack are also discussed. Then, by

modifying the AODV protocol source code in NS-2, the malicious node's function that

can launch blackhole attack is achieved. Simulation results show that a lot of packet are

discarded in the network that being attacked by malicious node; Worsely, almost all of

the data may be discarded during the whole time of the network (In this case, the

malicious node is usually at the center of a network).

Meanwhile, this paper proposes a detecting strategy to black hole attacks against AODV

protocol, which is called SAB-AODV protocol(Security Against Blackhole-AODV).

Before launching a route discovery process, the source node which run the SAB-AODV

protocol can find malicious nodes. By comparing packet delivery ratio and threshold

value, the source node can initiate the detecing process again. Simulation results show

that the proposed strategy can effectively detect multiple malicious nodes. On the basis

of SAB-AODV protocol, the condition for triggering detection process is improved,

then analyze the three standardized evaluation criteria: network packet delivery ratio,

average end to end delay, normalized routing overhead.

Key Word：Mobile Ad hoc Network, AODV protocol, Blackhole Attack,

NS-2

摘要

ABSTRACT

第一章绪论 ................................................................................................................. 1

1.1 概述 ..................................................................................................................... 1

1.2 移动 Ad Hoc 网络的特点 .................................................................................. 3

1.2.1 无基础设施 .............................................................................................. 3

1.2.2 动态变化的网络拓扑结构 ...................................................................... 3

1.2.3 物理层的局限 .......................................................................................... 3

1.2.4 有限的的链路带宽和质量 ...................................................................... 4

1.2.5 节点能量有限 .......................................................................................... 4

1.2.6 网络的鲁棒性和可靠性 .......................................................................... 4

1.2.7 网络安全 .................................................................................................. 4

1.2.8 服务质量 .................................................................................................. 4

1.3 论文的主要工作 ................................................................................................ 5

1.4 论文结构 ............................................................................................................ 5

第二章移动 Ad Hoc 网络面临的安全攻击和安全技术 .......................................... 7

2.1 移动 Ad Hoc 网络的路由技术 .......................................................................... 7

2.1.1 移动 Ad Hoc 网络协议设计目标 ............................................................ 7

2.1.2 移动 Ad Hoc 网络的路由方法 ................................................................ 8

2.2 移动 Ad Hoc 网络面临的安全问题 ................................................................ 9

2.2.1 被动攻击 ................................................................................................ 9

2.2.2 主动攻击 .............................................................................................. 10

2.3 移动 Ad Hoc 网络中的黑洞攻击方式 ............................................................. 11

2.3.1 被动黑洞攻击 ...................................................................................... 12

2.3.2 主动黑洞攻击 ...................................................................................... 13

2.4 移动 Ad Hoc 网络黑洞攻击检测策略的研究 ................................................ 14

2.4.1 单个节点的黑洞攻击 ............................................................................ 14

2.4.2 多个节点的合作式黑洞攻击 ................................................................ 20

2.5 本章小结 .......................................................................................................... 23

第三章针对 AODV 协议的黑洞攻击研究与仿真 ................................................. 24

3.1 AODV 路由协议概述 ....................................................................................... 24

3.1.1 AODV 的消息控制分组 ......................................................................... 24

3.1.2 AODV 路由协议机制 ............................................................................. 26

3.2 针对 AODV 协议黑洞攻击的实现 ................................................................. 29

3.2.1 NS-2 中的 AODV 协议 ............................................................................. 30

3.2.2 一种黑洞攻击的实现方式 .................................................................... 33

3.2.3 移植针对 AODV 黑洞攻击的协议 .......................................................... 34

3.3 针对 AODV 协议的黑洞攻击仿真实验 ......................................................... 36

3.3.1 性能评价指标 ........................................................................................ 36

3.3.2 实验：针对无线 Ad Hoc 网络的黑洞攻击仿真实验 .......................... 37

3.3.3 实验：AODV 和针对 AODV 黑洞攻击仿真实验 ..................................... 39

3.4 本章小结 .......................................................................................................... 42

第四章一种针对 AODV 黑洞攻击的检测策略 ..................................................... 43

4.1 SAB-AODV 路由协议 ..................................................................................... 43

4.1.1 改进的 AODV 路由消息控制帧 ........................................................... 43

4.1.2 SAB-AODV 路由协议工作机制 ........................................................... 44

4.1.3 关于网络时间的讨论 ............................................................................ 46

4.1.4 网络分组投递率的计算 ........................................................................ 47

4.1.5 实验：SAB-AODV 协议仿真实验 ...................................................... 48

4.2 修改的 SAB-AODV 协议 ............................................................................... 50

4.2.1 修改 SAB-AODV 协议 ......................................................................... 51

4.2.2 实验：修改 SAB-AODV 协议仿真实验 .................................................. 52

4.3 本章小结 .......................................................................................................... 54

第五章总结与展望 ................................................................................................... 55

5.1 论文总结 .......................................................................................................... 55

5.2 存在的问题 ...................................................................................................... 56

5.3 研究展望 .......................................................................................................... 56

参考文献 ........................................................................................................................ 57

在读期间公开发表的论文和承担科研项目及取得成果 ............................................ 60

致谢 ................................................................................................................................ 61

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

15 积分 4人已下载

立即下载 VIP免费下载

USST_Arts_112400453基于Ad Hoc一种针对AODV黑洞攻击的检测策略.pdf

共65页,预览7页

还剩页未读，继续阅读

USST_Arts_112400453基于Ad Hoc一种针对AODV黑洞攻击的检测策略

相关推荐

开通VIP享超值会员特权

作者详情

相关内容

推荐作者

热门标签

举报选择: