A 6lowpan network intrusion detection method based on improved knn

Abstract

The invention relates to an improved KNN-based 6LoWPAN network intrusion detection method, which belongs to the technical field of wireless communication. The present invention selects quantifiable security features (that is, network element features) that can reflect the security state of the 6LoWPAN network element itself for training, and establishes a 6LoWPAN network feature space. The present invention provides the acquisition method and processing method of network element characteristic data, performs weight distribution and transfer zero point processing on characteristics, so as to alleviate the bias caused by large and small influence factors (referring to the numerical value after characteristic quantization) and realize simplified calculation; The construction and update of the network element state data table is realized by extracting the network element characteristic data in real time, and then the clustering effect based on the KNN algorithm forms a normal profile updated according to the real-time network state in the 6LoWPAN network feature space; the present invention improves the KNN algorithm, And redefine the basis for judging intrusion to meet the requirements of 6LoWPAN network intrusion detection.

Description

technical field [0001] The invention belongs to the technical field of wireless communication, and relates to an improved KNN-based 6LoWPAN network intrusion detection method. Background technique [0002] IP is an important trend in the development of wireless sensor network technology, and adopting IPv6 technology is an inevitable choice for wireless sensor network IP. The existing wireless sensor network private protocol communication is often related to specific applications, with poor scalability and portability, and it is difficult for external network users to directly access the nodes in the wireless sensor network. Through IPv6 technology, the wireless sensor network can be seamlessly connected with the Internet, so as to realize the free communication based on IP protocol between people and people, people and things, things and things. The Internet Engineering Task Force (IETF) actively promotes IPv6-based wireless sensor network technology, and core standards suc...

AI Technical Summary

Problems solved by technology

At the same time, the security risks of 6LoWPAN itself have not been properly resolved

[0004] The security protection mechanism provided by 6LoWPAN is not enough to protect ICMP abuse and Smurf attacks caused by multicasting in large-scale networks caused by heterogeneity and distribution during neighbor discovery, path MTU discovery, address configuration, etc.

However, it is difficult for KNN to be directly used in 6LoWPAN wireless sensor network

The nature of lazy learning makes it difficult for KNN-based anomaly detection schemes to be applied in an online detection manner, especially when the communication cost is constrained

Lazy learning is driven by test data. Each upcoming test data needs to learn the normal contour independently online, which will generate a large computational complexity (reflected in the distance calculation), because the test samples and training samples need to be calculated one by one. The similarity between them consumes a lot of resources; at the same time, there is an imbalance problem in the samples (that is, the number of samples in some categories is large, while the number of other samples is small); so parameter selection and data preprocessing are required, otherwise the nearest neighbor The classifier may make wrong predictions

[0008] To sum up: 1.6LoWPAN network is different from traditional IPv6 network because of its characteristics, intrusion detection is difficult; 2.6LoWPAN network node behavior and data flow in the network change frequently and randomly, it is difficult to define normal data profile, making online detection difficult

Images