6LoWPAN network intrusion detection method based on improved KNN

Abstract

The present invention relates to a 6LoWPAN network intrusion detection method based on an improved KNN, belonging to the technical field of wireless communication. The quantization safety features (namely network element features) capable of reflecting the safety state of a 6LoWPAN network element itself are selected for training so that a 6LoWPAN network feature space is established. The presentinvention provides an obtaining mode and a processing mode of the network element feature data for weight distribution for the features and zero point transfer processing so as to relieve the bias caused by large and smaller influence factors (namely values after feature quantization) and achieve simplification calculation; the network element feature data is extracted in real time to achieve construction and update of a network element state data table so as to form a normal outline updated according to the network real-time state in the 6LoWPAN network feature space based on the clustering effect of the KNN algorithm; and moreover, the KNN algorithm is improved and the basis for determining the intrusion is redefined to adapt the requirements of the 6LoWPAN network intrusion detection.

Description

technical field [0001] The invention belongs to the technical field of wireless communication, and relates to an improved KNN-based 6LoWPAN network intrusion detection method. Background technique [0002] IP is an important trend in the development of wireless sensor network technology, and adopting IPv6 technology is an inevitable choice for wireless sensor network IP. The existing wireless sensor network private protocol communication is often related to specific applications, with poor scalability and portability, and it is difficult for external network users to directly access the nodes in the wireless sensor network. Through IPv6 technology, the wireless sensor network can be seamlessly connected with the Internet, so as to realize the free communication based on IP protocol between people and people, people and things, things and things. The Internet Engineering Task Force (IETF) actively promotes IPv6-based wireless sensor network technology, and core standards suc...

AI Technical Summary

Problems solved by technology

At the same time, the security risks of 6LoWPAN itself have not been properly resolved

[0004] The security protection mechanism provided by 6LoWPAN is not enough to protect ICMP abuse and Smurf attacks caused by multicasting in large-scale networks caused by heterogeneity and distribution during neighbor discovery, path MTU discovery, address configuration, etc.

However, it is difficult for KNN to be directly used in 6LoWPAN wireless sensor network

The nature of lazy learning makes it difficult for KNN-based anomaly detection schemes to be applied in an online detection manner, especially when the communication cost is constrained

Lazy learning is driven by test data. Each upcoming test data needs to learn the normal contour independently online, which will generate a large computational complexity (reflected in the distance calculation), because the test samples and training samples need to be calculated one by one. The similarity between them consumes a lot of resources; at the same time, there is an imbalance problem in the samples (that is, the number of samples in some categories is large, while the number of other samples is small); so parameter selection and data preprocessing are required, otherwise the nearest neighbor The classifier may make wrong predictions

[0008] To sum up: 1.6LoWPAN network is different from traditional IPv6 network because of its characteristics, intrusion detection is difficult; 2.6LoWPAN network node behavior and data flow in the network change frequently and randomly, it is difficult to define normal data profile, making online detection difficult

Images