• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Detecting and adaptive responding mechanism for mobile WSN①

    2020-10-09 07:38:24ZhaoMinQinDanyangGuoRuolinXuGuangchao
    High Technology Letters 2020年3期

    Zhao Min(趙 敏), Qin Danyang②, Guo Ruolin, Xu Guangchao

    (Key Laboratory of Electronic and Communication Engineering, Heilongjiang University, Harbin 150080, P.R.China)

    Abstract

    Key words: mobile wireless sensor network (WSN), network security, intrusion detection, adaptive response

    0 Introduction

    The inherent mobility,complexity, and variability make mobile wireless sensor network (WSN) vulnerable to attacks and damage, while bringing potential safety hazard to sensitive information in the military field and private information in the civilian domain[1,2]. In the process of communication, it is difficult to achieve complete protection of information by relying only on encryption technology and authentication technology[3-5]. Thus, in order to ensure higher security, it is essential to deploy a defense system on key nodes of the network system. Compared with firewalls, intrusion detection system is an active defense technology, which can make up for the deficiencies of the firewall technology. Such a detection system can actively collect information in network or system in real time to analyze and estimate. If the information is against the relevant security rules, there will be an alarm and relative response to protect the whole system. Most of the current intrusion detection methods[6,7]seldom consider the attack response, which has great limitations in the practical application of dealing with unknown attacks. Refs[8-10] showed how the isolated nodes operate to defense predetermined attacks, but the defense effect is not ideal when dealing with uncertainties and various types of intrusion attacks, and the blind isolation attacks have a great negative impact on the network. Ref.[11] proposed an effective intrusion responding mechanism based on agents’ collaboration. Ref.[12] proposed a protection mechanism based on neighbor trust for mobile WSN.

    Aiming at the security problem of mobile WSN, the typical intrusion attacks will be analyzed deeply. Considering the one-sidedness and separation of the existing detection and intrusion responding method, a novel intrusion detection and adaptive responding mechanism will be proposed for mobile WSN, combining knowledge-based intrusion detection (KBID) with anomaly-based intrusion detection (ABID), so as to protect mobile sensor networks from various practical attacks. In addition, a cluster method[13]will be adopted to improve scalability and alleviate the overhead.

    The subsequent sections are organized as follows: typical intrusion attacks and intrusion detection methods for mobile WSN is analyzed comprehensively in Section 1. Section 2 presents an effective intrusion detecting method for multiple types of mobile WSN, and an adaptive responding mechanism model is established. Section 3 simulations the proposed intrusion detecting and adaptive responding mechanism are performed in terms of the success delivery rate, false alarm rate, rationality of response behavior and the network performance degradation. Section 4 summarizes the paper and presents the conclusions.

    1 Related work

    The limited energy, the mobility of nodes, the large scale of distribution, and the dynamic topology make mobile WSN be vulnerable to various attacks[14]. In this regard, the protection mechanisms of 2 typical mobile WSNs[15,16]will be described briefly as follows. This work will compare the proposed mechanism with these 2 existing mechanisms for performance in the Section 3.

    (1) Cost-sensitive intrusion responding: cost-sensitive intrusion responding model will estimate the topology dependent index (TDI), which indicates the times of the routing service of the nodes being interrupted when a intruder is isolated. After estimating the attack damage index (ADI), the loss attack will be calculated according to the number of affected nodes so as to indicate the damage caused by the attack to the mobile sensor network. When ADI is greater than TDI, the node will respond to the intrusion by complete isolation; when ADI is less than TDI, the node will respond to the intrusion by relocation; when ADI is close to TDI, the attack will be temporarily isolated when ADI is twice greater than TDI. The intrusion responding types adopted in such model can be normal, recovery, complete isolation, temporary isolation, and relocation.

    The cost-sensitive model is applicable to active routing protocols such as optimized link state routing (OLSR), which requires the complete network topology rather than reactive routing protocols such as ad hoc on-demand distance vector routing (AODV) based on partial topology information.

    (2) Generalized intrusion detecting and responding mechanism: generalized intrusion detecting and responding method mainly adopts the combination of anomaly-based and knowledge-based intrusion detection to ensure the mobile WSN lying in safe state facing to various attacks. The architecture of the mechanism consists of a data collection module, a training module, a test module, an attack identification and inference module, and an attack recognition module. In the case of an intrusion, the cluster head will invoke the attack identification and inference module to obtain the rules from the knowledge base to defend against intrusion. If an unknown attacker occurs, the interpreter will keep the rule path and look for a match for the rule path in the current test sliding window. If a match is found, a new rule will be established and a set of additional new rules will be stored in the knowledge base to confirm the new rule detection.

    Though some unknown attacks can be detected and mobile WSN will be protected against typical attacks in some degree, the attacker being isolated, as the primary defensing method, will affect the network performance much more seriously.

    2 Intrusion detecting and adaptive responding

    2.1 Key assumption

    Detecting anomalies in the network will ask for a training model based on anomaly-based intrusion detection. Such model depends on the data tracking and traffic patterns of normal events. However, data resources reflecting normal activities or events are not available for mobile sensor networks currently. Thus, assume that there is no abnormal behavior in network initialization. Moreover, in order to improve the scalability of the adaptive responding mechanism, a clustered mobile network organizing model is introduced, where the network nodes are divided into management nodes (MNs), cluster heads (CHs) and cluster nodes (CNs) according to different functions. In addition, a security mechanism[17]is further introduced to protect the communication between MNs, CHs, and CNs. Details will not be mentioned since the intrusion detection and intrusion response are focused on in this paper.

    2.2 Adaptive responding mechanism

    The architecture model will be established and the adaptive responding mechanism will be presented in this part. Intrusion detecting and responding process, as shown in Fig.1, mainly includes 3 stages: data collecting, training and testing.

    2.2.1 Intrusion detecting architecture

    (1) Data collecting: this stage depends on the sensors collecting the data periodically so as to monitor the whole network. In particular, CHs will collect the data from CNs in their virtual clusters every TI (time of interval), which are presented as matrix and stored in the network characteristic matrix (NCM) and the performance matrix (PM). Then, CHs will report these matrices to MNs.

    Fig.1 Proposed intrusion detecting and adaptive responding architecture

    Here AODV is taken as a basic routing algorithm[18]to illustrate the principle of detecting and responding mechanism.

    The network characteristic matrix NCM is

    NCM={RREP,RREQ,RERR,TTL,

    RREQ_scr_seq,RREP_dest_seq,

    RREQ_dest_seq}

    which is composed of 7 parameters with the physical significance shown in Table 1.

    Table 1 Parameters in NCM

    NCM is a two-dimensional matrix ofr×cwith the number of rowsrand the number of columnscdepending on matrix parameters. Its number of rows is 7, the 1st row stores the RREP sequences, the 2nd row stores the RREQ sequences, the 3rd row stores the RERR sequences, the 4th row stores the TTL sequences, the 5th row stores the RREQ_scr_seq sequences, the 6th row stores the RREP_dest_seq sequences, and the 7th row stores the RREQ_dest_seq sequences. Moreover, the rows represent different parameters, and the columns represent the data content contained in the parameters. The length of each column depends on the length of the different parameter data. Each row is added as an equal-length sequence by zero padding at the end of the sequence. So, the storage structure is dynamically allocated by the intrusion detecting and adaptive responding mechanism monitor. PM consists of network performance parameters derived from the parameters of NCM.

    The performance matrix PM is

    PM={RPO,PDR,CPD,throughput}

    which consists of 4 parameters with the physical significance shown in Table 2.

    Table 2 Parameters in PM

    (3) Testing: in order to fully evaluate the performance, a comprehensive test, corresponding to the system structure in Fig.1, will be operated in 3 phases, including the intrusion detection phase, the attack identification phase, the intruder identification phase.

    IntrusiondetectionDuring the intrusion detection phase, MN utilizes the parameters in NCM as well as the chi-square test to identify intrusions in the network. Chi-square test is a ranging based method and has a lower computational cost than other tests such as the Hotelling T2. MN first calculates the probability distribution of each NCM parameter and stores the result as an observation value. Then, using the expected value above, the MN performs a hypothesis test on the zero hypothesisH0[j] for each parameterjof NCM in TI, i.e. Eq.(1).

    (1)

    wherejandk(1≤k≤M) have the same meaning as above. Finally, the MN performs joint hypothesis testing on all parameters of NCM.

    If the joint null hypothesisH0(the observation of each parameter of NCM meets the expected value) is rejected, it assumes that an intrusion has occurred in the TI, and then proceeds to the attack identification phase.

    The initial training model of NCM is updated mainly by exponentially weighted moving average (EWMA) as

    (2)

    AttackidentificationIf a network intrusion is detected, MN will enter the attack identification phase. In such phase, a rule-based approach will be adopted to identify the current attacks. The proposed adaptive responding mechanism is designed to have the knowledge base used throughout the testing phase, which consists of facts, rules, and inference engines.

    A rule model for attack and intruder identification is established according to the analyses on typical attacks in mobile WSN with the knowledge base model of the adaptive protection mechanism shown in Fig.2, where the inference engine will use forward links on the rule set and look for target conditions to represent the known attacks so as to identify the attack.

    Fig.2 The knowledge base for adaptive responding mechanism

    IntruderidentificationThe MN will initiate the intruder identification after an attack is identified. In this phase, the MN will select a known attack-oriented intruder identification rule. For example, when a black hole attack occurs, it is necessary to analyze RREP packets of all nodes in the latest time interval to find the node that has generated the false route reply packet with the highest target sequence number.

    When the intruder is identified, it will be isolated, no matter what kind of the attack there is or whether the intruder isolation is the best choice or not. Such fixed intrusion response will affect the network performance seriously. Therefore, in order to improve the overall effectiveness of the protection mechanism, an adaptive responding mechanism will be presented and described in the next section.

    2.2.2 Adaptive responding mechanism

    (1) Architecture: after the intrusion detection, the MN will perform the proposed adaptive responding mechanism with the architecture shown in Fig.3.

    Fig.3 Knowledge base for adaptive responding mechanisms

    The general process of the proposed adaptive responding mechanism has 3 steps. Firstly, the MN will calculate the COA based on the detection information and the allegation information. Then the NPD will be evaluated using the parameters in PM to measure the severity of the attack. Finally, an appropriate responding behavior will be selected to achieve the effective security protection. Among them, the responding behavior selection is based on the decision table, which will provide the responding selection criteria according to COA, NPD and the suitability of the behavior in the current environment.

    (2) Intrusion responding behavior: based on the list of intrusion responding behaviors in the literature, first, the appropriateness of the responding behavior is judged based on the magnitude of the adverse effects that the responding behavior may have on network performance. Then, further analyze the effectiveness of the responding behavior in reducing the damage caused by the intrusion and preventing further attacks from the invading nodes. Finally, based on the confidence on attacks and the impact of attacks on network performance degradation, a list of adaptive responding behavior with 3 intrusion responding behaviors is presented below.

    CompleteisolationSuch responding behavior will be adopted when the detected attack is highly credible and the attack is severe to cause the network performance declining. The complete isolation may change the network topology or even cause global routing discovery, but the security performance of the network will be assured significantly.

    AttackerbypassWhen the confidence of the detected attack is quite high and the network performance degradation cannot be negligible, the responding mechanism will find one or multiple nodes to replace the attack rather than initializing a new RREQ, so as to reduce the global repairing overhead as well as to prevent further attacks.

    NopunishmentWhen the confidence on attack detection is not high enough or the attack is not serious, and the network performance degradation can be tolerable, the proposed adaptive responding mechanism will simply ignore the attack temporarily, so as to avoid the negative impact on network performance.

    2.3 Technical model

    COA and NPD are two key factors in the proposed adaptive responding mechanism.

    2.3.1 Calculations of COA and NPD

    The single detection based intrusion response is unreliable according to the probabilistic nature of intrusion detection. To improve the probability of identifying intruders correctly, the MN will adopt a test sliding window (TSW). Thus, the proposed adaptive responding mechanism will respond to the intrusion only when it is determined that the node is an intruder node in multiple time intervals. Specifically, the intrusion response occurs only when a node is determined to be an intruding node in multiple TSWs with a time intervalp, wherepis the size of the TSW, that is, the checking times, anddis the minimum times to detect when the detected node is confirmed as an attacker. Different combinations ofpanddwill give different results. The detection of an intrusion node in a TSW is a Bernoulli test. In other words, the tests performed in the TSW are the same and independent repeated experiments with two possible outcomes: detection or no detection. Therefore, the probability of intrusion determination in the Bernoulli test sequence is known by

    (3)

    The curves in Fig.4 show howPcvaries as a function of the number of the required detectionsdin the condition of different values of probability of a single detectionPand the TSW sizep=5. It can be seen that, whenP=80% andd=1, 2 or 3, the probability of identifying a node as an intruder will exceed 90%.

    Fig.4 Probability of correctly identifying intruders

    In the current TSW, the MN will perform the proposed adaptive intrusion responding mechanism, as shown in Algorithm 1, for all nodes identified as intruders. Based on the detection information and the allegation information, the MN will estimate the confidence on attack (COA) by

    COA=ω1·CI+ω2·Pc

    (4)

    where,ωiis the weighting factor to satisfyw1+w2=1;CIrepresents the confidence interval of the chi-square test during the intrusion detection phase; Eq.(3) will return the confidence ofPclying in [0,1]. Then the MN will evaluate the network performance degradation (NPD) based on Eq.(5). This is the weighted sum of changes of parameter values (i.e. THA, RPO, PDR, CPD) in the PM from not attacked to its current. NPD is defined as

    NPD=ω1·ΔTHA+ω2·ΔTHA+ω3·ΔRPO

    +ω4·ΔRPD

    (5)

    whereΔrepresents the change value of each parameter. Once the COA and NPD are obtained, the MN will assign a confidence level to COA and NPD. Considering the practical application of mobile WSN, 4 COA levels

    are defined as shown in Table 3. For NPD, similar level divisions are adopted with different mapping from NPD to degrading degree.

    Table 3 Mappings of COA values and COA levels

    2.3.2 Establishment of decision tables

    COA level and NPD level set above are adopted to establish the decision table as shown in Table 4 to select the intrusion response. The knowledge base is assumed to be built in initialization phase and the intrusion responding selection parameters can be configured and modified for different network environments.

    The first 2 lines of Table 4 indicate the decision conditions (i.e. COA level and NPD level), and the last 3 lines indicate the responding operations (i.e. complete isolation, attackers bypass, and no punishment). M, L, H in Table 4 mean medium, low and high, respectively, and H+ is High plus meaning the level is very high. If the selected intrusion response is complete isolation or attackers bypass, the MN will notify all nodes with intrusion responding behavior by broadcasting an allegation packet (AP).

    If the relative response is no punishment, the MN will ignore the attack.When the CN receives packet AP, the broadcasting address and source address of the packet should be checked firstly to avoid duplicated APs. If the accused nodeVjhas been blacklisted permanently or temporarily, the CN will ignore and remove the AP to prevent unnecessary network traffic, as shown in Algorithm 2. Otherwise, the CN will check the intrusion responding behavior in the alleged packet.

    Table 4 Decision table for adaptive responding mechanism

    If the intrusion responding behavior is complete isolation, the CN will add the intruderVjto the blacklist and broadcast the blacklist to isolate the intruder in the whole network. After receiving the updated blacklist, the nodes will immediately delete all packets from the blacklist node, and ignore the rest relative packets, as shown in Algorithm 3 (1).

    If the intrusion responding behavior is attackers bypass, the CN will add intruderVjto the temporary blacklist table and notify the other nodes to ignore and delete relative routing packets, including routing inquiry, routing reply, and packets generated or forwarded by intrusion nodesVj, so as to prevent further attacks. All nodes exclude intrudersVjfrom the new route discoveries, that is, they choose paths thatVjare not included. However, the node will still forward the data packet received fromVjto the existing route to maintain the current data forwarding service, as shown in Algorithm 3(2). Accepting the data forwarding service fromVjcan reduce the likelihood of adverse effects on network performance until the node finds a new route aroundVj. This responding behavior also applies for the condition thatVjlies in the critical location or the isolated nodeVjmay cause a significant negative impact on network performance.

    Algorithm1Intrusion responding mechanism

    For all detected and identified nodes Vi in a TSW Calculate COA value using Eq.(4). Calculate NPD value using Eq.(5). Assign COA level based on calculated COA value (Table 3). Assign NPD level based on calculated NPD value. Search decision table (Table 4) using COA and NPD levels and identify intrusion responding behavior (IRB) If (IRB== COMPLETEISOLATION)MN blacklists Vi and broadcasts Accusation packet (AP) withIRB = COMPLETEISOLATION Else If (IRB== ATTACKERBYPASS) MN temporarily blacklists Vi and broadcasts AP with IRB = ATTACKERBYPASS Else: MN sets IRB to no punishment End If End IfEnd If

    Algorithm2Accusation packet handling

    Each CN Vi maintains its local blacklist table (BLT) and temporary blacklist (TBLT). If CN Vi receives an AP for CN Vj. If CN Vi has node Vj in its BLT or TBLT then ignore AP Else: CN Vi checks IRB in AP. If (IRB== COMPLETEISOLATION) CN adds node Vj to its BLT and rebroad-casts AP. CN isolates intruding node Vj Else CN adds node Vj to its TBLT and re-broadcasts AP. CN routes around intruder Vj End If End If End If

    Algorithm3Intrusion responding behavior

    (1) Complete isolation If node Vi receives packet from node Vj If node Vj is in node Vi BLT ignore all packets and drop all packets queued from Vj Else: handle and process packet End If End If (2) Attacker bypass If node Vj is in node Vi TBLT If node Vi receives routing packet from node Vj Ignore and drop RREQ, RREP and RERR packets from Vj End If If node Vi receives data packet from node Vj des-tined for node Vk. Node Vi forwards data packets towards node Vk End If Node Vj removes route entries including node Vj from its route table Else: Handle and process packet End If End If

    3 Simulating results and performance analyses

    The performance of the proposed adaptive responding mechanism will be evaluated in various attack scenarios. The simulation environments are built based on GloMoSim V2.03 with the simulating parameters and configuration parameters shown in Tables 5 and 6, respectively.

    Table 5 Simulation parameter

    Table 6 Configuration parameters

    3.1 Evaluation of the attack identification

    Various attack scenarios[19-22]are adopted to evaluate the successful delivery rate (SDR) and false alarm rate (FAR) for the proposed adaptive responding mechanism. SDR refers to the percentage of correctly detecting the intrusion and correctly identifying the type of attack and the number of intruder nodes. FAR refers to the percentage of the nodes with normal behavior being identified as the intruder by mistake.

    The typical attack types will be introduced to test the performance of the proposed adaptive responding mechanism. Simulations for each condition will be performed for 40 times. Simulating results of SDR and FAR at each tested mean speed under flooding attack, black hole and gray hole attack and rushing attack in different network scale are shown in Fig 5, where flooding attacks are formed by malicious RREQ broadcasting (i.e. denial of service attack) in Fig.5(a), black hole and gray hole attacks are formed by forged RREP packets in Fig.5(b), and rushing attacks are formed by forged RREQ packets in Fig.5(c). As shown in Fig.5, the detecting and adaptive responding mechanism shows high SDR and low FAR in all 3 attack scenarios. However, the performance of proposed mechanism is slightly degraded when the average tested node speed is higher than 12 m/s.This is because fast motion tends to increase the frequency of link failures, and the time required for route discovery increases.

    (a) SDR and FAR under flooding attack

    (b) SDR and FAR under black and gray hole

    (c) SDR and FAR under rushing attack

    3.2 Evaluations of the intrusion responding behavior

    3.2.1 Evaluation under black hole attack

    In this scenario, the performance of the proposed mechanism is evaluated by launching a black hole attack by a random intrusion node. Simulations in different network scales are performed for 20 times to obtain the statistical results. The simulation parameters, configuration parameters and COA mapping parameters shown in Table 5, Table 6, and Table 3 are adopted. The adaptive responding mechanism takes the decision table in Table 4 to select the intrusion responding behavior.

    Fig.6 shows proposed mechanism for selecting adaptive responding behavior (i.e., complete isolation, attacker bypass or no punishment) when resisting intrusions at different network sizes (25, 50, 100, 150, and 200 nodes). Simulating results show that the complete isolation is always selected to defense the black hole attack. For a large network (i.e. more than 100 nodes in the network), there is a (on average) 26% chance to choose the attacker bypass as the response by the proposed adaptive responding mechanism, on average 23% chance to choose to ignore the intrusion. For a small network (25 and 50 nodes), there is about 90% chance for the mechanism to choose the complete isolation to respond to the intrusion, but the chance drops to 53% for the network with 100 nodes. This is because black hole attacks usually cause great damage to the network. Selecting complete isolation can minimize the negative impact on the network.

    In addition, the same experiment is repeated by adjusting the NPD level settings and changing the way to launch black hole attacks in large networks to investigate the differences of selection of intrusion responding behavior in small and large networks. Fig.7 shows the results of the improved NPD level settings. The selection of intrusion responding behavior is not much different between a small network and a large network in black hole attacks, and mainly responds to intruders by complete isolation. Inferred from Fig.6 and Fig.7, the intruder must adjust the way it initiates BH to produce the same side effects in a small network and a large network, in order to improve performance of large networks, so a protection mechanism must be employed.

    Fig.6 Selection of intrusion responding behavior in black hole attack

    Fig.7 Selection of intrusion responding behavior in black hole attack in improved NPD levels

    3.2.2 Evaluation under flooding attack

    In this scenario, the performance of the proposed mechanism is evaluated by launching a flooding attack. Experiment with the methods used in black hole attacks and the improved NPD level settings are shown in Fig.8. There is a 78% chance to choose the complete isolation as the response by the proposed adaptive responding mechanism, on average 18% chance to choose the attacker bypass and 5% chance to choose to ignore the intrusion. Because flooding attack is a serious intrusion attack, which usually causes considerable damage to the network. It is reasonable for the proposed mechanism mostly to choose complete isolation to respond to the intrusion. In addition, it can be seen from Fig.8 the proposed mechanism has good scalability for large networks.

    Fig.8 Selection of intrusion responding behavior in flooding attack

    3.2.3 Evaluation under rushing attack

    Finally, the selection of adaptive responding behavior of proposed mechanism under rushing attack is evaluated. Fig.9 shows that no punishment is chosen as the response by the proposed mechanism in most cases. And complete isolation or attacker bypass is chosen as the response by the proposed mechanism in a few cases. This result is basically independent of the network sizes.This is because a rushing attack is a minor attack, and the damage to the network performance is usually very small. If strict measures will be taken when the attack causes less damage to the network, this will lead to degradation of network performance. So the proposed mechanism ignores attacks in most cases to reduce the damage to the network.However, the proposed mechanism chooses complete isolation or attacker bypass to response intruders when rushing attacks greatly reduce network performance. Therefore, the proposed mechanism generally shows great flexibility and effectiveness.

    Fig.9 Selection of intrusion responding behavior in rushing attack

    3.3 Impact of adaptive responding mechanism on network performance

    In this scenario, flooding attack, black hole attack, gray hole attack, rushing attack and combined attacks will be introduced to test the performance of the proposed adaptive responding mechanism,and NPD is used as a metric to analyze the effectiveness of the proposed mechanism.Simulations for a network of 25 nodes and 50 nodes will be performed for 30 times, respectively, and each responding mechanism is performed 10 times.

    Fig.10 and Fig.11 show the effects of 3 responding mechanisms on NPD in a network of 25 nodes and 50 nodes, respectively.It can be seen that the proposed mechanism in both network sizes has the least negative impact on the (average) NPD when resisting intrusions. And the adaptive responding mechanism not only reduces the NPD in various serious attacks, but also significantly reduces the NPD when dealing with some minor attacks such as rushing attacks or gray hole attacks.

    3.4 Comparison

    Now compare the proposed mechanism with cost-sensitive intrusion responding mechanism(CSIR) and generalized intrusion detecting and responding mechanism(GIDR). Fig.10 and Fig.11 show the comparison of the effects of the generalized intrusion detecting and responding mechanism (fixed intrusion responding (isolation) and the proposed mechanism (adaptive responding) on NPD. The results show that the fixed intrusion responding (isolation) reduces the NPD by between 2% and 12%. And the adaptive responding reduces the NPD by between 3% and 5%. It shows that the proposed mechanism is superior to that in the negative impact on network performance.

    Fig.11 Effectiveness of responding against various attacks in a 50-node network

    Table 7 compares the responding selection criteria, responding behaviors, attack types, evaluation parameters, network performance impact, scalability, and network consumption of the proposed mechanism and cost-sensitive intrusion response mechanism. Both mechanisms have been implemented using GloMoSim. The comparison shows that the proposed mechanism is superior to the cost-sensitive intrusion responding mechanism in terms of network performance impact, network consumption and scalability.

    In addition, the SDR and FAR of these 3 mechanisms are compared in the 50 nodes network in the black hole attack and rushing attack scenarios.As shown in Fig.11, the 3 mechanisms can show good performance in a serious attack such as a black hole attack, because the attack is highly destructive and easy to detect. But the proposed mechanism for SDR and FAR is also superior to others. In the weak attack such asa rushing attack, the proposed mechanism has obvious advantages compared to the other two mechanisms. Not only SDR and FAR of the proposed mechanism are superior to the other two mechanisms, but also its performance is stable.

    Table 7 Comparison of cost-sensitive models and the proposed responding mechanisms

    (a) SDR and FAR under black hole

    (b) SDR and FAR under rushing attack

    4 Conclusion

    Aiming at the security requirements caused by the wide use of user information in current developing applications, an intrusion detecting and adaptive responding mechanism is proposed for mobile WSN. The mechanism first uses a test sliding window to improve the accuracy of intrusion detecting on the network, and then adoptes adaptive responding behavior lists and decision tables to select reasonable responding behavior to respond to intruders to protect the network.

    The simulation results show that the proposed mechanism can achieve high SDR and low FAR in a series of attacks, and can choose reasonable responding behaviors in the face of different attacks. Compared with the other two mechanisms, the proposed mechanism has the least impact on network performance when resisting intrusion.In addition, the network overhead of the proposed mechanism is less than 5% of the total network traffic, having good performance.It can provide technical support for future network security.However, the proposed mechanism takes more time to identify and respond to intrusions for unknown attacks than known attacks. We will further improve the efficiency of dealing with unknown attacks in future research.

    国产精品国产av在线观看| 免费黄色在线免费观看| 婷婷色麻豆天堂久久| 免费人成在线观看视频色| 欧美3d第一页| 国产精品久久久久久av不卡| 91aial.com中文字幕在线观看| 欧美日韩综合久久久久久| 韩国高清视频一区二区三区| 免费观看的影片在线观看| 少妇高潮的动态图| 国产久久久一区二区三区| 小蜜桃在线观看免费完整版高清| 不卡视频在线观看欧美| 国产亚洲一区二区精品| 亚洲精品影视一区二区三区av| 丰满人妻一区二区三区视频av| 国内揄拍国产精品人妻在线| 久久久亚洲精品成人影院| 国产老妇女一区| 欧美+日韩+精品| 亚洲,欧美,日韩| 欧美97在线视频| 九九爱精品视频在线观看| 最近的中文字幕免费完整| 热99国产精品久久久久久7| 中国国产av一级| 搞女人的毛片| 久久99热6这里只有精品| 五月天丁香电影| 免费观看av网站的网址| 91久久精品国产一区二区成人| 久久久久久国产a免费观看| 我的女老师完整版在线观看| 搡女人真爽免费视频火全软件| 亚洲第一区二区三区不卡| 国产毛片a区久久久久| kizo精华| 国产伦精品一区二区三区四那| 如何舔出高潮| 中文乱码字字幕精品一区二区三区| 在线观看美女被高潮喷水网站| 亚洲最大成人av| 久久99热这里只频精品6学生| 亚洲精品国产色婷婷电影| av国产免费在线观看| 91aial.com中文字幕在线观看| 亚洲精品成人久久久久久| 91aial.com中文字幕在线观看| 汤姆久久久久久久影院中文字幕| 男女啪啪激烈高潮av片| 91狼人影院| 免费少妇av软件| 真实男女啪啪啪动态图| 少妇 在线观看| 秋霞在线观看毛片| av国产久精品久网站免费入址| 国产免费视频播放在线视频| 欧美性感艳星| 人妻一区二区av| 又大又黄又爽视频免费| 麻豆久久精品国产亚洲av| 你懂的网址亚洲精品在线观看| 91狼人影院| 人妻一区二区av| 91精品一卡2卡3卡4卡| 天堂网av新在线| 在线观看一区二区三区激情| 熟妇人妻不卡中文字幕| 久久精品国产亚洲网站| 搡老乐熟女国产| 久久99热这里只有精品18| 午夜福利网站1000一区二区三区| 美女脱内裤让男人舔精品视频| 久久久久久久久久人人人人人人| 1000部很黄的大片| 91午夜精品亚洲一区二区三区| 日本色播在线视频| 五月玫瑰六月丁香| 成人国产麻豆网| 亚洲欧美成人综合另类久久久| 精品国产乱码久久久久久小说| 欧美性猛交╳xxx乱大交人| 亚洲内射少妇av| 欧美zozozo另类| 日本一二三区视频观看| 69av精品久久久久久| 男男h啪啪无遮挡| 国产亚洲精品久久久com| 国产在视频线精品| 亚洲最大成人手机在线| 男插女下体视频免费在线播放| 免费观看无遮挡的男女| 国产成人福利小说| 九色成人免费人妻av| 亚洲自偷自拍三级| 99久久中文字幕三级久久日本| 精品久久久久久久久av| 国产av不卡久久| 舔av片在线| 久久久久久国产a免费观看| 久久久国产一区二区| 国产男人的电影天堂91| av免费在线看不卡| 最近最新中文字幕免费大全7| xxx大片免费视频| 成年女人在线观看亚洲视频 | 国产久久久一区二区三区| 观看免费一级毛片| 国产日韩欧美在线精品| 国产 一区 欧美 日韩| 亚洲天堂国产精品一区在线| 涩涩av久久男人的天堂| 99久久人妻综合| 国产一区有黄有色的免费视频| 国产日韩欧美在线精品| 国产一区有黄有色的免费视频| 伊人久久国产一区二区| 久久久久久久国产电影| 久久精品国产鲁丝片午夜精品| 欧美亚洲 丝袜 人妻 在线| 日本黄大片高清| 国产精品无大码| av网站免费在线观看视频| 国产永久视频网站| 国产高潮美女av| 九九在线视频观看精品| 国产欧美亚洲国产| 国产成人精品福利久久| 久久久久性生活片| 日韩亚洲欧美综合| 国产中年淑女户外野战色| 久久久久精品性色| 日韩 亚洲 欧美在线| 丰满少妇做爰视频| 男男h啪啪无遮挡| 一本久久精品| 最近2019中文字幕mv第一页| 日本欧美国产在线视频| 男人和女人高潮做爰伦理| 97热精品久久久久久| 一个人观看的视频www高清免费观看| 卡戴珊不雅视频在线播放| 男人爽女人下面视频在线观看| 韩国av在线不卡| 国产v大片淫在线免费观看| 国产日韩欧美亚洲二区| 中文字幕亚洲精品专区| av在线app专区| 男女那种视频在线观看| 午夜免费观看性视频| 亚洲欧美成人精品一区二区| 啦啦啦啦在线视频资源| 99热6这里只有精品| 亚洲av成人精品一区久久| 日韩在线高清观看一区二区三区| av福利片在线观看| 亚洲欧美精品自产自拍| 日产精品乱码卡一卡2卡三| 亚洲熟女精品中文字幕| 亚洲一级一片aⅴ在线观看| 久久综合国产亚洲精品| 欧美成人一区二区免费高清观看| 国产淫片久久久久久久久| 免费看日本二区| 亚洲精品乱码久久久v下载方式| kizo精华| 看免费成人av毛片| 插逼视频在线观看| 22中文网久久字幕| 美女主播在线视频| 久久久精品94久久精品| 卡戴珊不雅视频在线播放| 亚洲精品日本国产第一区| 日韩 亚洲 欧美在线| 别揉我奶头 嗯啊视频| 赤兔流量卡办理| 亚洲色图av天堂| 亚洲人与动物交配视频| 91精品国产九色| 亚洲人成网站高清观看| 特级一级黄色大片| 高清午夜精品一区二区三区| 久久久午夜欧美精品| 亚洲精品视频女| 在线观看一区二区三区| 国产男女内射视频| 国产精品女同一区二区软件| 成年人午夜在线观看视频| 少妇熟女欧美另类| 亚洲av在线观看美女高潮| 久久精品国产亚洲网站| 99热这里只有精品一区| 欧美激情国产日韩精品一区| 永久免费av网站大全| 国产黄频视频在线观看| 国产男人的电影天堂91| av卡一久久| 亚洲精品日本国产第一区| 国产精品久久久久久精品古装| 99久久精品一区二区三区| .国产精品久久| 一区二区三区精品91| 成人国产av品久久久| 日本av手机在线免费观看| 天天躁日日操中文字幕| 一本一本综合久久| 超碰97精品在线观看| 中文字幕制服av| 日韩电影二区| 欧美激情久久久久久爽电影| 亚洲av日韩在线播放| eeuss影院久久| 国产真实伦视频高清在线观看| 亚洲成人精品中文字幕电影| 日韩精品有码人妻一区| 男女下面进入的视频免费午夜| 丰满乱子伦码专区| 亚洲欧美清纯卡通| 一级av片app| 天堂网av新在线| 中国美白少妇内射xxxbb| 国产高清不卡午夜福利| 麻豆久久精品国产亚洲av| 日本色播在线视频| 一本色道久久久久久精品综合| a级毛片免费高清观看在线播放| 欧美成人a在线观看| 在线免费十八禁| 亚洲国产精品国产精品| 国产精品不卡视频一区二区| 高清午夜精品一区二区三区| 亚洲成人精品中文字幕电影| 亚洲内射少妇av| 久久韩国三级中文字幕| 乱系列少妇在线播放| 国产欧美日韩一区二区三区在线 | 亚洲av免费在线观看| 日韩强制内射视频| 嫩草影院入口| 国产 精品1| 晚上一个人看的免费电影| 国产欧美日韩精品一区二区| 久久女婷五月综合色啪小说 | 18禁裸乳无遮挡动漫免费视频 | 欧美日本视频| 亚洲精品亚洲一区二区| 国产成年人精品一区二区| 国产免费一区二区三区四区乱码| 国产视频内射| 国产高清三级在线| 免费大片黄手机在线观看| 亚洲激情五月婷婷啪啪| 麻豆国产97在线/欧美| 午夜福利视频1000在线观看| 欧美成人午夜免费资源| 五月玫瑰六月丁香| 国产亚洲91精品色在线| 69av精品久久久久久| 久久久久久久大尺度免费视频| 赤兔流量卡办理| 亚洲电影在线观看av| 伦精品一区二区三区| 亚洲精品视频女| 噜噜噜噜噜久久久久久91| 一级黄片播放器| 大又大粗又爽又黄少妇毛片口| 国内少妇人妻偷人精品xxx网站| 高清av免费在线| 午夜爱爱视频在线播放| 亚洲丝袜综合中文字幕| 男的添女的下面高潮视频| 大码成人一级视频| 日韩免费高清中文字幕av| 丝袜喷水一区| 一级毛片黄色毛片免费观看视频| 七月丁香在线播放| 99久久中文字幕三级久久日本| 五月天丁香电影| 成人综合一区亚洲| 白带黄色成豆腐渣| 亚洲精品日韩av片在线观看| 18禁在线无遮挡免费观看视频| 国产色爽女视频免费观看| 男人舔奶头视频| 在线观看美女被高潮喷水网站| 亚洲精品成人av观看孕妇| 精品视频人人做人人爽| 色综合色国产| 久久国产乱子免费精品| 97超碰精品成人国产| 亚洲精品亚洲一区二区| 九九久久精品国产亚洲av麻豆| 午夜福利视频1000在线观看| 亚洲人成网站在线播| 高清视频免费观看一区二区| 成人亚洲欧美一区二区av| 国产女主播在线喷水免费视频网站| 夜夜看夜夜爽夜夜摸| 高清av免费在线| 亚洲aⅴ乱码一区二区在线播放| 欧美日韩亚洲高清精品| 美女被艹到高潮喷水动态| 日韩av在线免费看完整版不卡| 大码成人一级视频| 亚洲国产精品成人综合色| 国产免费一区二区三区四区乱码| 亚洲精品视频女| 成人免费观看视频高清| 久久精品久久久久久噜噜老黄| 欧美日韩视频高清一区二区三区二| 韩国高清视频一区二区三区| 欧美高清性xxxxhd video| 亚洲经典国产精华液单| 国产精品福利在线免费观看| 爱豆传媒免费全集在线观看| 国产高清国产精品国产三级 | 久久久久久久久久人人人人人人| 亚洲一区二区三区欧美精品 | 在线 av 中文字幕| 蜜桃久久精品国产亚洲av| 欧美少妇被猛烈插入视频| 久久影院123| 国产老妇伦熟女老妇高清| 亚洲最大成人av| 高清av免费在线| 成人漫画全彩无遮挡| 99热这里只有是精品在线观看| 日本免费在线观看一区| 少妇人妻一区二区三区视频| 在线观看三级黄色| 超碰av人人做人人爽久久| 亚洲国产成人一精品久久久| 亚洲国产成人一精品久久久| 国产又色又爽无遮挡免| 亚洲欧美精品自产自拍| 亚洲精品视频女| 在线精品无人区一区二区三 | 九草在线视频观看| 精华霜和精华液先用哪个| 国产免费视频播放在线视频| 亚洲精品日本国产第一区| 亚洲三级黄色毛片| 在线a可以看的网站| 黄片无遮挡物在线观看| 高清日韩中文字幕在线| 91精品伊人久久大香线蕉| 丰满少妇做爰视频| 国产v大片淫在线免费观看| 亚洲av中文字字幕乱码综合| 免费大片黄手机在线观看| 深夜a级毛片| 少妇的逼好多水| 亚洲精品日本国产第一区| 久久久精品免费免费高清| www.av在线官网国产| 观看免费一级毛片| 欧美区成人在线视频| 在线观看一区二区三区| 综合色av麻豆| 亚洲人成网站在线播| 三级男女做爰猛烈吃奶摸视频| av免费在线看不卡| 美女xxoo啪啪120秒动态图| 婷婷色综合www| 高清视频免费观看一区二区| 亚洲精品日韩在线中文字幕| 日本wwww免费看| 18禁在线无遮挡免费观看视频| 一级av片app| 午夜福利在线观看免费完整高清在| 九九久久精品国产亚洲av麻豆| 精品人妻熟女av久视频| 成人欧美大片| 午夜日本视频在线| 激情五月婷婷亚洲| 美女高潮的动态| 免费黄频网站在线观看国产| 黄色日韩在线| 中文字幕av成人在线电影| 国国产精品蜜臀av免费| av国产精品久久久久影院| 少妇人妻一区二区三区视频| 午夜亚洲福利在线播放| 欧美成人一区二区免费高清观看| 好男人视频免费观看在线| 直男gayav资源| 熟女电影av网| 久久人人爽人人片av| 中文乱码字字幕精品一区二区三区| 久久女婷五月综合色啪小说 | 欧美另类一区| 69av精品久久久久久| 久久久久久久大尺度免费视频| 欧美最新免费一区二区三区| 男男h啪啪无遮挡| 如何舔出高潮| 国产精品一区二区三区四区免费观看| 日韩三级伦理在线观看| 好男人在线观看高清免费视频| 国产乱人偷精品视频| 国产免费一级a男人的天堂| av国产精品久久久久影院| 白带黄色成豆腐渣| 2022亚洲国产成人精品| 激情五月婷婷亚洲| 国产欧美日韩一区二区三区在线 | 精品久久久久久久人妻蜜臀av| 1000部很黄的大片| 欧美少妇被猛烈插入视频| 国产爽快片一区二区三区| 男女边摸边吃奶| 黄色怎么调成土黄色| 中文字幕亚洲精品专区| 免费看不卡的av| 国产极品天堂在线| 国产亚洲最大av| 啦啦啦啦在线视频资源| 99久久人妻综合| 汤姆久久久久久久影院中文字幕| 男人舔奶头视频| 成人国产av品久久久| 国产国拍精品亚洲av在线观看| 亚州av有码| 一区二区三区乱码不卡18| 国产综合懂色| 国产午夜福利久久久久久| 国产成年人精品一区二区| 校园人妻丝袜中文字幕| 晚上一个人看的免费电影| 亚洲三级黄色毛片| 免费av不卡在线播放| 成人国产av品久久久| av黄色大香蕉| 午夜福利在线观看免费完整高清在| 国产视频首页在线观看| videos熟女内射| 亚洲欧美精品自产自拍| 国产精品三级大全| av线在线观看网站| 女人久久www免费人成看片| 男女下面进入的视频免费午夜| 色播亚洲综合网| 熟女av电影| 亚洲熟女精品中文字幕| 免费不卡的大黄色大毛片视频在线观看| 欧美成人a在线观看| 18+在线观看网站| 身体一侧抽搐| 观看美女的网站| 在线 av 中文字幕| 亚洲人与动物交配视频| 免费黄色在线免费观看| 国产精品人妻久久久影院| 亚洲av国产av综合av卡| 日本免费在线观看一区| 麻豆成人av视频| 亚洲欧美成人精品一区二区| 国产精品伦人一区二区| 亚洲无线观看免费| 久久久久久久久大av| 国产欧美亚洲国产| 免费av观看视频| 18禁裸乳无遮挡动漫免费视频 | 国产在视频线精品| 高清视频免费观看一区二区| 久久精品综合一区二区三区| 日韩av免费高清视频| 免费看av在线观看网站| 成人亚洲精品一区在线观看 | 国产精品人妻久久久久久| 久久久久精品久久久久真实原创| 久久久久国产精品人妻一区二区| 免费看光身美女| 免费电影在线观看免费观看| 亚洲成人久久爱视频| 高清午夜精品一区二区三区| 激情 狠狠 欧美| 夜夜爽夜夜爽视频| 国产 一区精品| 亚洲婷婷狠狠爱综合网| 看免费成人av毛片| 又大又黄又爽视频免费| 成人鲁丝片一二三区免费| 国产有黄有色有爽视频| 一区二区三区四区激情视频| tube8黄色片| 亚洲精品自拍成人| 99九九线精品视频在线观看视频| 天堂网av新在线| 日韩大片免费观看网站| 欧美丝袜亚洲另类| 日本-黄色视频高清免费观看| 欧美另类一区| 亚洲国产精品国产精品| 亚洲怡红院男人天堂| 久久午夜福利片| 亚洲三级黄色毛片| 久久久午夜欧美精品| 在现免费观看毛片| 国产在线一区二区三区精| 91午夜精品亚洲一区二区三区| 毛片女人毛片| 一级毛片aaaaaa免费看小| 日韩精品有码人妻一区| 性插视频无遮挡在线免费观看| 国产免费又黄又爽又色| 99久久中文字幕三级久久日本| 国产乱来视频区| 大陆偷拍与自拍| 国产男女内射视频| 丝袜喷水一区| 久久热精品热| 亚洲欧美中文字幕日韩二区| 特级一级黄色大片| 26uuu在线亚洲综合色| 最后的刺客免费高清国语| 尤物成人国产欧美一区二区三区| 欧美bdsm另类| 少妇人妻精品综合一区二区| 亚洲精品一二三| 精品午夜福利在线看| 精品人妻一区二区三区麻豆| 日韩欧美精品v在线| 干丝袜人妻中文字幕| 夫妻性生交免费视频一级片| 噜噜噜噜噜久久久久久91| 免费人成在线观看视频色| 少妇高潮的动态图| 3wmmmm亚洲av在线观看| 老司机影院成人| 美女脱内裤让男人舔精品视频| 国产一区二区亚洲精品在线观看| 精品视频人人做人人爽| 亚洲欧美日韩无卡精品| 国产中年淑女户外野战色| 在线天堂最新版资源| 大片免费播放器 马上看| 欧美潮喷喷水| 久久久久精品久久久久真实原创| av网站免费在线观看视频| 欧美日韩视频高清一区二区三区二| 中文在线观看免费www的网站| 国产精品一区二区性色av| 禁无遮挡网站| 成年女人在线观看亚洲视频 | 99热网站在线观看| 丝瓜视频免费看黄片| 日韩av在线免费看完整版不卡| 精品一区二区三区视频在线| 99久久九九国产精品国产免费| 嫩草影院新地址| 亚洲精品成人av观看孕妇| 国产日韩欧美亚洲二区| 国产高潮美女av| 久久6这里有精品| 男人添女人高潮全过程视频| 国产亚洲5aaaaa淫片| av女优亚洲男人天堂| 国产爱豆传媒在线观看| 欧美zozozo另类| 亚洲,欧美,日韩| 亚洲激情五月婷婷啪啪| 日韩av免费高清视频| av专区在线播放| 亚洲欧洲国产日韩| 国产视频首页在线观看| av在线老鸭窝| 成人黄色视频免费在线看| 春色校园在线视频观看| 亚洲精华国产精华液的使用体验| 久久久成人免费电影| 国产视频内射| 亚洲天堂av无毛| 日韩 亚洲 欧美在线| 亚洲电影在线观看av| 视频中文字幕在线观看| 日韩电影二区| 亚洲一级一片aⅴ在线观看| 国产日韩欧美在线精品| 国产精品av视频在线免费观看| 亚洲人与动物交配视频| 亚洲激情五月婷婷啪啪| 欧美xxxx黑人xx丫x性爽| av在线app专区| 成人亚洲精品一区在线观看 | 亚洲精品国产av成人精品| 亚洲欧美日韩东京热| 丝袜美腿在线中文| 国产伦在线观看视频一区| 国产欧美另类精品又又久久亚洲欧美| 婷婷色av中文字幕| 91午夜精品亚洲一区二区三区| 亚洲婷婷狠狠爱综合网| av.在线天堂| 毛片一级片免费看久久久久| 国产大屁股一区二区在线视频| 日本午夜av视频| 少妇人妻精品综合一区二区| 插逼视频在线观看| 禁无遮挡网站| 免费看光身美女| 中国国产av一级| 国产毛片在线视频| 欧美国产精品一级二级三级 | 日韩成人伦理影院| av一本久久久久| 丝瓜视频免费看黄片| 少妇丰满av| 51国产日韩欧美| 天堂中文最新版在线下载 | 午夜福利视频1000在线观看| 国产欧美亚洲国产| 日本爱情动作片www.在线观看| 人人妻人人澡人人爽人人夜夜|