Method for positioning DoS attack source based on father node controllable routing algorithm

Abstract

The invention discloses a method for positioning a DoS attack source based on a father node controllable routing algorithm. The method comprises two steps of 1, directly positioning the attack source to a routing node accessed by the attack source by extracting router node identifier information carried by a marked attack data packet, and locking a dubious link by reversely looking up an address mapping link table of a routing node; and 2, looking up a route search tree, detecting whether the dubious link is a unique terminal node, and if yes, determining the terminal node to be the attack source node; if no, increasing the father node selection cost of the terminal node, thus allowing a sub-path of the terminal node to diffuse to adjacent routes, determining a dubious branch via a packet probability marking technology under a new routing relation until the dubious branch becomes the unique terminal node. The method provided by the invention has the beneficial effects as follows: 1, the positioning result is more accurate; 2, loss possibility of normal data during a DoS attack determination process is effectively reduced; and 3, good grouped delivery rate can be provided during gathering of large volumes of business.

Description

technical field [0001] The invention relates to a method for locating a DoS attack source, in particular to a method for locating a DoS attack source based on a parent node controllable routing algorithm, and belongs to the technical field of wireless communication. Background technique [0002] Wireless Mesh network is a multi-hop network, and its topology is a mesh structure, also called wireless mesh network, or WMN (Wireless Mesh Network) for short. It is a new wireless network technology and a multi-hop network. [0003] In the wireless Mesh network, the reliability of message transmission is better than that of WLAN, and it has a certain fault recovery capability. It is a self-configuring and self-healing multi-hop network. The advantage of being able to cover a wide range. Wireless Mesh networks have been widely used in military, commercial, educational and personal communication fields. [0004] The architecture and topology of wireless mesh networks face more seri...

AI Technical Summary

Problems solved by technology

[0005] (1) The openness of the wireless channel makes it easier to launch DoS attacks. Malicious nodes in the wireless network can easily eavesdrop on the wireless link signal, obtain and tamper with the data sent by the nodes within the signal range.

Even, the DoS attack source node can send a wireless interference signal, place an interference source, or use one or more nodes to send a large amount of junk data, causing extreme network congestion and paralyzing the wireless Mesh network

[0006] (2) Decentralized authentication and multi-hop transmission make wireless Mesh networks vulnerable to threats. Decentralized authentication and multi-hop transmission make wireless Mesh networks vulnerable to threats, which prevents existing mature security defense systems from being directly used in wireless Mesh networks

The dynamic nature of the topology structure of the wireless Mesh network greatly reduces the credibility of the nodes in the network, and the security authentication is very difficult.

[0007] (3) The dual identity of the terminal node brings greater security threats In the wireless Mesh network, the terminal node is also required to have a routing function

If a key node (multiple communication links pass through the node) is threatened or maliciously does not obey the routing rules, it is easy to threaten the security of the entire network

[0008] (4) The dissemination of false routing information brings disastrous consequences to the entire network sexual consequences

[0010] At present, the DoS attack detection technology is quite mature. However, many DoS attacks are intended to occupy transmission resources. DoS attacks detected at the target node can only be extremely passive defenses. The best way to defend against DoS attacks is to isolate them from the source

[0011] In the paper "Anomaly detection for DOS routing attack by a attack source location method", the packet probabilistic marking technology is proposed to locate the attack source to the router where it is accessed, and the route is used to isolate the attack source and reduce the damage of DoS attacks. , this method can effectively reduce the damage of DoS attacks, but due to the dual roles of terminal identities in the Mesh network, this method has the problem of being unable to accurately confirm the source of the attack

like figure 1 As shown, the routing node rout1 finds that the source of the attack data packet is the node node1 through the address mapping list, but it cannot confirm whether the source of the DoS attack is node1 or node2. If the link is directly isolated, it will seriously affect the normal communication of a legitimate node

Images