• <tr id="yyy80"></tr>
  • <sup id="yyy80"></sup>
  • <tfoot id="yyy80"><noscript id="yyy80"></noscript></tfoot>
  • 99热精品在线国产_美女午夜性视频免费_国产精品国产高清国产av_av欧美777_自拍偷自拍亚洲精品老妇_亚洲熟女精品中文字幕_www日本黄色视频网_国产精品野战在线观看 ?

    Detecting and adaptive responding mechanism for mobile WSN①

    2020-10-09 07:38:24ZhaoMinQinDanyangGuoRuolinXuGuangchao
    High Technology Letters 2020年3期

    Zhao Min(趙 敏), Qin Danyang②, Guo Ruolin, Xu Guangchao

    (Key Laboratory of Electronic and Communication Engineering, Heilongjiang University, Harbin 150080, P.R.China)

    Abstract

    Key words: mobile wireless sensor network (WSN), network security, intrusion detection, adaptive response

    0 Introduction

    The inherent mobility,complexity, and variability make mobile wireless sensor network (WSN) vulnerable to attacks and damage, while bringing potential safety hazard to sensitive information in the military field and private information in the civilian domain[1,2]. In the process of communication, it is difficult to achieve complete protection of information by relying only on encryption technology and authentication technology[3-5]. Thus, in order to ensure higher security, it is essential to deploy a defense system on key nodes of the network system. Compared with firewalls, intrusion detection system is an active defense technology, which can make up for the deficiencies of the firewall technology. Such a detection system can actively collect information in network or system in real time to analyze and estimate. If the information is against the relevant security rules, there will be an alarm and relative response to protect the whole system. Most of the current intrusion detection methods[6,7]seldom consider the attack response, which has great limitations in the practical application of dealing with unknown attacks. Refs[8-10] showed how the isolated nodes operate to defense predetermined attacks, but the defense effect is not ideal when dealing with uncertainties and various types of intrusion attacks, and the blind isolation attacks have a great negative impact on the network. Ref.[11] proposed an effective intrusion responding mechanism based on agents’ collaboration. Ref.[12] proposed a protection mechanism based on neighbor trust for mobile WSN.

    Aiming at the security problem of mobile WSN, the typical intrusion attacks will be analyzed deeply. Considering the one-sidedness and separation of the existing detection and intrusion responding method, a novel intrusion detection and adaptive responding mechanism will be proposed for mobile WSN, combining knowledge-based intrusion detection (KBID) with anomaly-based intrusion detection (ABID), so as to protect mobile sensor networks from various practical attacks. In addition, a cluster method[13]will be adopted to improve scalability and alleviate the overhead.

    The subsequent sections are organized as follows: typical intrusion attacks and intrusion detection methods for mobile WSN is analyzed comprehensively in Section 1. Section 2 presents an effective intrusion detecting method for multiple types of mobile WSN, and an adaptive responding mechanism model is established. Section 3 simulations the proposed intrusion detecting and adaptive responding mechanism are performed in terms of the success delivery rate, false alarm rate, rationality of response behavior and the network performance degradation. Section 4 summarizes the paper and presents the conclusions.

    1 Related work

    The limited energy, the mobility of nodes, the large scale of distribution, and the dynamic topology make mobile WSN be vulnerable to various attacks[14]. In this regard, the protection mechanisms of 2 typical mobile WSNs[15,16]will be described briefly as follows. This work will compare the proposed mechanism with these 2 existing mechanisms for performance in the Section 3.

    (1) Cost-sensitive intrusion responding: cost-sensitive intrusion responding model will estimate the topology dependent index (TDI), which indicates the times of the routing service of the nodes being interrupted when a intruder is isolated. After estimating the attack damage index (ADI), the loss attack will be calculated according to the number of affected nodes so as to indicate the damage caused by the attack to the mobile sensor network. When ADI is greater than TDI, the node will respond to the intrusion by complete isolation; when ADI is less than TDI, the node will respond to the intrusion by relocation; when ADI is close to TDI, the attack will be temporarily isolated when ADI is twice greater than TDI. The intrusion responding types adopted in such model can be normal, recovery, complete isolation, temporary isolation, and relocation.

    The cost-sensitive model is applicable to active routing protocols such as optimized link state routing (OLSR), which requires the complete network topology rather than reactive routing protocols such as ad hoc on-demand distance vector routing (AODV) based on partial topology information.

    (2) Generalized intrusion detecting and responding mechanism: generalized intrusion detecting and responding method mainly adopts the combination of anomaly-based and knowledge-based intrusion detection to ensure the mobile WSN lying in safe state facing to various attacks. The architecture of the mechanism consists of a data collection module, a training module, a test module, an attack identification and inference module, and an attack recognition module. In the case of an intrusion, the cluster head will invoke the attack identification and inference module to obtain the rules from the knowledge base to defend against intrusion. If an unknown attacker occurs, the interpreter will keep the rule path and look for a match for the rule path in the current test sliding window. If a match is found, a new rule will be established and a set of additional new rules will be stored in the knowledge base to confirm the new rule detection.

    Though some unknown attacks can be detected and mobile WSN will be protected against typical attacks in some degree, the attacker being isolated, as the primary defensing method, will affect the network performance much more seriously.

    2 Intrusion detecting and adaptive responding

    2.1 Key assumption

    Detecting anomalies in the network will ask for a training model based on anomaly-based intrusion detection. Such model depends on the data tracking and traffic patterns of normal events. However, data resources reflecting normal activities or events are not available for mobile sensor networks currently. Thus, assume that there is no abnormal behavior in network initialization. Moreover, in order to improve the scalability of the adaptive responding mechanism, a clustered mobile network organizing model is introduced, where the network nodes are divided into management nodes (MNs), cluster heads (CHs) and cluster nodes (CNs) according to different functions. In addition, a security mechanism[17]is further introduced to protect the communication between MNs, CHs, and CNs. Details will not be mentioned since the intrusion detection and intrusion response are focused on in this paper.

    2.2 Adaptive responding mechanism

    The architecture model will be established and the adaptive responding mechanism will be presented in this part. Intrusion detecting and responding process, as shown in Fig.1, mainly includes 3 stages: data collecting, training and testing.

    2.2.1 Intrusion detecting architecture

    (1) Data collecting: this stage depends on the sensors collecting the data periodically so as to monitor the whole network. In particular, CHs will collect the data from CNs in their virtual clusters every TI (time of interval), which are presented as matrix and stored in the network characteristic matrix (NCM) and the performance matrix (PM). Then, CHs will report these matrices to MNs.

    Fig.1 Proposed intrusion detecting and adaptive responding architecture

    Here AODV is taken as a basic routing algorithm[18]to illustrate the principle of detecting and responding mechanism.

    The network characteristic matrix NCM is

    NCM={RREP,RREQ,RERR,TTL,

    RREQ_scr_seq,RREP_dest_seq,

    RREQ_dest_seq}

    which is composed of 7 parameters with the physical significance shown in Table 1.

    Table 1 Parameters in NCM

    NCM is a two-dimensional matrix ofr×cwith the number of rowsrand the number of columnscdepending on matrix parameters. Its number of rows is 7, the 1st row stores the RREP sequences, the 2nd row stores the RREQ sequences, the 3rd row stores the RERR sequences, the 4th row stores the TTL sequences, the 5th row stores the RREQ_scr_seq sequences, the 6th row stores the RREP_dest_seq sequences, and the 7th row stores the RREQ_dest_seq sequences. Moreover, the rows represent different parameters, and the columns represent the data content contained in the parameters. The length of each column depends on the length of the different parameter data. Each row is added as an equal-length sequence by zero padding at the end of the sequence. So, the storage structure is dynamically allocated by the intrusion detecting and adaptive responding mechanism monitor. PM consists of network performance parameters derived from the parameters of NCM.

    The performance matrix PM is

    PM={RPO,PDR,CPD,throughput}

    which consists of 4 parameters with the physical significance shown in Table 2.

    Table 2 Parameters in PM

    (3) Testing: in order to fully evaluate the performance, a comprehensive test, corresponding to the system structure in Fig.1, will be operated in 3 phases, including the intrusion detection phase, the attack identification phase, the intruder identification phase.

    IntrusiondetectionDuring the intrusion detection phase, MN utilizes the parameters in NCM as well as the chi-square test to identify intrusions in the network. Chi-square test is a ranging based method and has a lower computational cost than other tests such as the Hotelling T2. MN first calculates the probability distribution of each NCM parameter and stores the result as an observation value. Then, using the expected value above, the MN performs a hypothesis test on the zero hypothesisH0[j] for each parameterjof NCM in TI, i.e. Eq.(1).

    (1)

    wherejandk(1≤k≤M) have the same meaning as above. Finally, the MN performs joint hypothesis testing on all parameters of NCM.

    If the joint null hypothesisH0(the observation of each parameter of NCM meets the expected value) is rejected, it assumes that an intrusion has occurred in the TI, and then proceeds to the attack identification phase.

    The initial training model of NCM is updated mainly by exponentially weighted moving average (EWMA) as

    (2)

    AttackidentificationIf a network intrusion is detected, MN will enter the attack identification phase. In such phase, a rule-based approach will be adopted to identify the current attacks. The proposed adaptive responding mechanism is designed to have the knowledge base used throughout the testing phase, which consists of facts, rules, and inference engines.

    A rule model for attack and intruder identification is established according to the analyses on typical attacks in mobile WSN with the knowledge base model of the adaptive protection mechanism shown in Fig.2, where the inference engine will use forward links on the rule set and look for target conditions to represent the known attacks so as to identify the attack.

    Fig.2 The knowledge base for adaptive responding mechanism

    IntruderidentificationThe MN will initiate the intruder identification after an attack is identified. In this phase, the MN will select a known attack-oriented intruder identification rule. For example, when a black hole attack occurs, it is necessary to analyze RREP packets of all nodes in the latest time interval to find the node that has generated the false route reply packet with the highest target sequence number.

    When the intruder is identified, it will be isolated, no matter what kind of the attack there is or whether the intruder isolation is the best choice or not. Such fixed intrusion response will affect the network performance seriously. Therefore, in order to improve the overall effectiveness of the protection mechanism, an adaptive responding mechanism will be presented and described in the next section.

    2.2.2 Adaptive responding mechanism

    (1) Architecture: after the intrusion detection, the MN will perform the proposed adaptive responding mechanism with the architecture shown in Fig.3.

    Fig.3 Knowledge base for adaptive responding mechanisms

    The general process of the proposed adaptive responding mechanism has 3 steps. Firstly, the MN will calculate the COA based on the detection information and the allegation information. Then the NPD will be evaluated using the parameters in PM to measure the severity of the attack. Finally, an appropriate responding behavior will be selected to achieve the effective security protection. Among them, the responding behavior selection is based on the decision table, which will provide the responding selection criteria according to COA, NPD and the suitability of the behavior in the current environment.

    (2) Intrusion responding behavior: based on the list of intrusion responding behaviors in the literature, first, the appropriateness of the responding behavior is judged based on the magnitude of the adverse effects that the responding behavior may have on network performance. Then, further analyze the effectiveness of the responding behavior in reducing the damage caused by the intrusion and preventing further attacks from the invading nodes. Finally, based on the confidence on attacks and the impact of attacks on network performance degradation, a list of adaptive responding behavior with 3 intrusion responding behaviors is presented below.

    CompleteisolationSuch responding behavior will be adopted when the detected attack is highly credible and the attack is severe to cause the network performance declining. The complete isolation may change the network topology or even cause global routing discovery, but the security performance of the network will be assured significantly.

    AttackerbypassWhen the confidence of the detected attack is quite high and the network performance degradation cannot be negligible, the responding mechanism will find one or multiple nodes to replace the attack rather than initializing a new RREQ, so as to reduce the global repairing overhead as well as to prevent further attacks.

    NopunishmentWhen the confidence on attack detection is not high enough or the attack is not serious, and the network performance degradation can be tolerable, the proposed adaptive responding mechanism will simply ignore the attack temporarily, so as to avoid the negative impact on network performance.

    2.3 Technical model

    COA and NPD are two key factors in the proposed adaptive responding mechanism.

    2.3.1 Calculations of COA and NPD

    The single detection based intrusion response is unreliable according to the probabilistic nature of intrusion detection. To improve the probability of identifying intruders correctly, the MN will adopt a test sliding window (TSW). Thus, the proposed adaptive responding mechanism will respond to the intrusion only when it is determined that the node is an intruder node in multiple time intervals. Specifically, the intrusion response occurs only when a node is determined to be an intruding node in multiple TSWs with a time intervalp, wherepis the size of the TSW, that is, the checking times, anddis the minimum times to detect when the detected node is confirmed as an attacker. Different combinations ofpanddwill give different results. The detection of an intrusion node in a TSW is a Bernoulli test. In other words, the tests performed in the TSW are the same and independent repeated experiments with two possible outcomes: detection or no detection. Therefore, the probability of intrusion determination in the Bernoulli test sequence is known by

    (3)

    The curves in Fig.4 show howPcvaries as a function of the number of the required detectionsdin the condition of different values of probability of a single detectionPand the TSW sizep=5. It can be seen that, whenP=80% andd=1, 2 or 3, the probability of identifying a node as an intruder will exceed 90%.

    Fig.4 Probability of correctly identifying intruders

    In the current TSW, the MN will perform the proposed adaptive intrusion responding mechanism, as shown in Algorithm 1, for all nodes identified as intruders. Based on the detection information and the allegation information, the MN will estimate the confidence on attack (COA) by

    COA=ω1·CI+ω2·Pc

    (4)

    where,ωiis the weighting factor to satisfyw1+w2=1;CIrepresents the confidence interval of the chi-square test during the intrusion detection phase; Eq.(3) will return the confidence ofPclying in [0,1]. Then the MN will evaluate the network performance degradation (NPD) based on Eq.(5). This is the weighted sum of changes of parameter values (i.e. THA, RPO, PDR, CPD) in the PM from not attacked to its current. NPD is defined as

    NPD=ω1·ΔTHA+ω2·ΔTHA+ω3·ΔRPO

    +ω4·ΔRPD

    (5)

    whereΔrepresents the change value of each parameter. Once the COA and NPD are obtained, the MN will assign a confidence level to COA and NPD. Considering the practical application of mobile WSN, 4 COA levels

    are defined as shown in Table 3. For NPD, similar level divisions are adopted with different mapping from NPD to degrading degree.

    Table 3 Mappings of COA values and COA levels

    2.3.2 Establishment of decision tables

    COA level and NPD level set above are adopted to establish the decision table as shown in Table 4 to select the intrusion response. The knowledge base is assumed to be built in initialization phase and the intrusion responding selection parameters can be configured and modified for different network environments.

    The first 2 lines of Table 4 indicate the decision conditions (i.e. COA level and NPD level), and the last 3 lines indicate the responding operations (i.e. complete isolation, attackers bypass, and no punishment). M, L, H in Table 4 mean medium, low and high, respectively, and H+ is High plus meaning the level is very high. If the selected intrusion response is complete isolation or attackers bypass, the MN will notify all nodes with intrusion responding behavior by broadcasting an allegation packet (AP).

    If the relative response is no punishment, the MN will ignore the attack.When the CN receives packet AP, the broadcasting address and source address of the packet should be checked firstly to avoid duplicated APs. If the accused nodeVjhas been blacklisted permanently or temporarily, the CN will ignore and remove the AP to prevent unnecessary network traffic, as shown in Algorithm 2. Otherwise, the CN will check the intrusion responding behavior in the alleged packet.

    Table 4 Decision table for adaptive responding mechanism

    If the intrusion responding behavior is complete isolation, the CN will add the intruderVjto the blacklist and broadcast the blacklist to isolate the intruder in the whole network. After receiving the updated blacklist, the nodes will immediately delete all packets from the blacklist node, and ignore the rest relative packets, as shown in Algorithm 3 (1).

    If the intrusion responding behavior is attackers bypass, the CN will add intruderVjto the temporary blacklist table and notify the other nodes to ignore and delete relative routing packets, including routing inquiry, routing reply, and packets generated or forwarded by intrusion nodesVj, so as to prevent further attacks. All nodes exclude intrudersVjfrom the new route discoveries, that is, they choose paths thatVjare not included. However, the node will still forward the data packet received fromVjto the existing route to maintain the current data forwarding service, as shown in Algorithm 3(2). Accepting the data forwarding service fromVjcan reduce the likelihood of adverse effects on network performance until the node finds a new route aroundVj. This responding behavior also applies for the condition thatVjlies in the critical location or the isolated nodeVjmay cause a significant negative impact on network performance.

    Algorithm1Intrusion responding mechanism

    For all detected and identified nodes Vi in a TSW Calculate COA value using Eq.(4). Calculate NPD value using Eq.(5). Assign COA level based on calculated COA value (Table 3). Assign NPD level based on calculated NPD value. Search decision table (Table 4) using COA and NPD levels and identify intrusion responding behavior (IRB) If (IRB== COMPLETEISOLATION)MN blacklists Vi and broadcasts Accusation packet (AP) withIRB = COMPLETEISOLATION Else If (IRB== ATTACKERBYPASS) MN temporarily blacklists Vi and broadcasts AP with IRB = ATTACKERBYPASS Else: MN sets IRB to no punishment End If End IfEnd If

    Algorithm2Accusation packet handling

    Each CN Vi maintains its local blacklist table (BLT) and temporary blacklist (TBLT). If CN Vi receives an AP for CN Vj. If CN Vi has node Vj in its BLT or TBLT then ignore AP Else: CN Vi checks IRB in AP. If (IRB== COMPLETEISOLATION) CN adds node Vj to its BLT and rebroad-casts AP. CN isolates intruding node Vj Else CN adds node Vj to its TBLT and re-broadcasts AP. CN routes around intruder Vj End If End If End If

    Algorithm3Intrusion responding behavior

    (1) Complete isolation If node Vi receives packet from node Vj If node Vj is in node Vi BLT ignore all packets and drop all packets queued from Vj Else: handle and process packet End If End If (2) Attacker bypass If node Vj is in node Vi TBLT If node Vi receives routing packet from node Vj Ignore and drop RREQ, RREP and RERR packets from Vj End If If node Vi receives data packet from node Vj des-tined for node Vk. Node Vi forwards data packets towards node Vk End If Node Vj removes route entries including node Vj from its route table Else: Handle and process packet End If End If

    3 Simulating results and performance analyses

    The performance of the proposed adaptive responding mechanism will be evaluated in various attack scenarios. The simulation environments are built based on GloMoSim V2.03 with the simulating parameters and configuration parameters shown in Tables 5 and 6, respectively.

    Table 5 Simulation parameter

    Table 6 Configuration parameters

    3.1 Evaluation of the attack identification

    Various attack scenarios[19-22]are adopted to evaluate the successful delivery rate (SDR) and false alarm rate (FAR) for the proposed adaptive responding mechanism. SDR refers to the percentage of correctly detecting the intrusion and correctly identifying the type of attack and the number of intruder nodes. FAR refers to the percentage of the nodes with normal behavior being identified as the intruder by mistake.

    The typical attack types will be introduced to test the performance of the proposed adaptive responding mechanism. Simulations for each condition will be performed for 40 times. Simulating results of SDR and FAR at each tested mean speed under flooding attack, black hole and gray hole attack and rushing attack in different network scale are shown in Fig 5, where flooding attacks are formed by malicious RREQ broadcasting (i.e. denial of service attack) in Fig.5(a), black hole and gray hole attacks are formed by forged RREP packets in Fig.5(b), and rushing attacks are formed by forged RREQ packets in Fig.5(c). As shown in Fig.5, the detecting and adaptive responding mechanism shows high SDR and low FAR in all 3 attack scenarios. However, the performance of proposed mechanism is slightly degraded when the average tested node speed is higher than 12 m/s.This is because fast motion tends to increase the frequency of link failures, and the time required for route discovery increases.

    (a) SDR and FAR under flooding attack

    (b) SDR and FAR under black and gray hole

    (c) SDR and FAR under rushing attack

    3.2 Evaluations of the intrusion responding behavior

    3.2.1 Evaluation under black hole attack

    In this scenario, the performance of the proposed mechanism is evaluated by launching a black hole attack by a random intrusion node. Simulations in different network scales are performed for 20 times to obtain the statistical results. The simulation parameters, configuration parameters and COA mapping parameters shown in Table 5, Table 6, and Table 3 are adopted. The adaptive responding mechanism takes the decision table in Table 4 to select the intrusion responding behavior.

    Fig.6 shows proposed mechanism for selecting adaptive responding behavior (i.e., complete isolation, attacker bypass or no punishment) when resisting intrusions at different network sizes (25, 50, 100, 150, and 200 nodes). Simulating results show that the complete isolation is always selected to defense the black hole attack. For a large network (i.e. more than 100 nodes in the network), there is a (on average) 26% chance to choose the attacker bypass as the response by the proposed adaptive responding mechanism, on average 23% chance to choose to ignore the intrusion. For a small network (25 and 50 nodes), there is about 90% chance for the mechanism to choose the complete isolation to respond to the intrusion, but the chance drops to 53% for the network with 100 nodes. This is because black hole attacks usually cause great damage to the network. Selecting complete isolation can minimize the negative impact on the network.

    In addition, the same experiment is repeated by adjusting the NPD level settings and changing the way to launch black hole attacks in large networks to investigate the differences of selection of intrusion responding behavior in small and large networks. Fig.7 shows the results of the improved NPD level settings. The selection of intrusion responding behavior is not much different between a small network and a large network in black hole attacks, and mainly responds to intruders by complete isolation. Inferred from Fig.6 and Fig.7, the intruder must adjust the way it initiates BH to produce the same side effects in a small network and a large network, in order to improve performance of large networks, so a protection mechanism must be employed.

    Fig.6 Selection of intrusion responding behavior in black hole attack

    Fig.7 Selection of intrusion responding behavior in black hole attack in improved NPD levels

    3.2.2 Evaluation under flooding attack

    In this scenario, the performance of the proposed mechanism is evaluated by launching a flooding attack. Experiment with the methods used in black hole attacks and the improved NPD level settings are shown in Fig.8. There is a 78% chance to choose the complete isolation as the response by the proposed adaptive responding mechanism, on average 18% chance to choose the attacker bypass and 5% chance to choose to ignore the intrusion. Because flooding attack is a serious intrusion attack, which usually causes considerable damage to the network. It is reasonable for the proposed mechanism mostly to choose complete isolation to respond to the intrusion. In addition, it can be seen from Fig.8 the proposed mechanism has good scalability for large networks.

    Fig.8 Selection of intrusion responding behavior in flooding attack

    3.2.3 Evaluation under rushing attack

    Finally, the selection of adaptive responding behavior of proposed mechanism under rushing attack is evaluated. Fig.9 shows that no punishment is chosen as the response by the proposed mechanism in most cases. And complete isolation or attacker bypass is chosen as the response by the proposed mechanism in a few cases. This result is basically independent of the network sizes.This is because a rushing attack is a minor attack, and the damage to the network performance is usually very small. If strict measures will be taken when the attack causes less damage to the network, this will lead to degradation of network performance. So the proposed mechanism ignores attacks in most cases to reduce the damage to the network.However, the proposed mechanism chooses complete isolation or attacker bypass to response intruders when rushing attacks greatly reduce network performance. Therefore, the proposed mechanism generally shows great flexibility and effectiveness.

    Fig.9 Selection of intrusion responding behavior in rushing attack

    3.3 Impact of adaptive responding mechanism on network performance

    In this scenario, flooding attack, black hole attack, gray hole attack, rushing attack and combined attacks will be introduced to test the performance of the proposed adaptive responding mechanism,and NPD is used as a metric to analyze the effectiveness of the proposed mechanism.Simulations for a network of 25 nodes and 50 nodes will be performed for 30 times, respectively, and each responding mechanism is performed 10 times.

    Fig.10 and Fig.11 show the effects of 3 responding mechanisms on NPD in a network of 25 nodes and 50 nodes, respectively.It can be seen that the proposed mechanism in both network sizes has the least negative impact on the (average) NPD when resisting intrusions. And the adaptive responding mechanism not only reduces the NPD in various serious attacks, but also significantly reduces the NPD when dealing with some minor attacks such as rushing attacks or gray hole attacks.

    3.4 Comparison

    Now compare the proposed mechanism with cost-sensitive intrusion responding mechanism(CSIR) and generalized intrusion detecting and responding mechanism(GIDR). Fig.10 and Fig.11 show the comparison of the effects of the generalized intrusion detecting and responding mechanism (fixed intrusion responding (isolation) and the proposed mechanism (adaptive responding) on NPD. The results show that the fixed intrusion responding (isolation) reduces the NPD by between 2% and 12%. And the adaptive responding reduces the NPD by between 3% and 5%. It shows that the proposed mechanism is superior to that in the negative impact on network performance.

    Fig.11 Effectiveness of responding against various attacks in a 50-node network

    Table 7 compares the responding selection criteria, responding behaviors, attack types, evaluation parameters, network performance impact, scalability, and network consumption of the proposed mechanism and cost-sensitive intrusion response mechanism. Both mechanisms have been implemented using GloMoSim. The comparison shows that the proposed mechanism is superior to the cost-sensitive intrusion responding mechanism in terms of network performance impact, network consumption and scalability.

    In addition, the SDR and FAR of these 3 mechanisms are compared in the 50 nodes network in the black hole attack and rushing attack scenarios.As shown in Fig.11, the 3 mechanisms can show good performance in a serious attack such as a black hole attack, because the attack is highly destructive and easy to detect. But the proposed mechanism for SDR and FAR is also superior to others. In the weak attack such asa rushing attack, the proposed mechanism has obvious advantages compared to the other two mechanisms. Not only SDR and FAR of the proposed mechanism are superior to the other two mechanisms, but also its performance is stable.

    Table 7 Comparison of cost-sensitive models and the proposed responding mechanisms

    (a) SDR and FAR under black hole

    (b) SDR and FAR under rushing attack

    4 Conclusion

    Aiming at the security requirements caused by the wide use of user information in current developing applications, an intrusion detecting and adaptive responding mechanism is proposed for mobile WSN. The mechanism first uses a test sliding window to improve the accuracy of intrusion detecting on the network, and then adoptes adaptive responding behavior lists and decision tables to select reasonable responding behavior to respond to intruders to protect the network.

    The simulation results show that the proposed mechanism can achieve high SDR and low FAR in a series of attacks, and can choose reasonable responding behaviors in the face of different attacks. Compared with the other two mechanisms, the proposed mechanism has the least impact on network performance when resisting intrusion.In addition, the network overhead of the proposed mechanism is less than 5% of the total network traffic, having good performance.It can provide technical support for future network security.However, the proposed mechanism takes more time to identify and respond to intrusions for unknown attacks than known attacks. We will further improve the efficiency of dealing with unknown attacks in future research.

    日本欧美国产在线视频| 亚洲av国产av综合av卡| 色5月婷婷丁香| 老师上课跳d突然被开到最大视频| 成人二区视频| 在线亚洲精品国产二区图片欧美 | 亚洲欧美一区二区三区国产| 大片免费播放器 马上看| 国产综合精华液| 国产亚洲最大av| 精品一区在线观看国产| 51国产日韩欧美| 国产日韩欧美在线精品| 黄色日韩在线| 日韩不卡一区二区三区视频在线| 嫩草影院入口| 韩国高清视频一区二区三区| 久久久久网色| 全区人妻精品视频| 大陆偷拍与自拍| 欧美最新免费一区二区三区| 日韩av不卡免费在线播放| 最近最新中文字幕免费大全7| av在线天堂中文字幕| 午夜福利视频1000在线观看| 久久久久久久大尺度免费视频| 黄色欧美视频在线观看| 亚洲国产精品999| 特级一级黄色大片| 国产女主播在线喷水免费视频网站| 亚洲熟女精品中文字幕| 日本与韩国留学比较| 日本wwww免费看| 国产视频首页在线观看| 国产精品久久久久久av不卡| 亚洲最大成人手机在线| 最近的中文字幕免费完整| 亚洲欧美中文字幕日韩二区| 如何舔出高潮| 亚洲精品一二三| 大陆偷拍与自拍| 汤姆久久久久久久影院中文字幕| 最近最新中文字幕免费大全7| 午夜免费鲁丝| 国产免费一区二区三区四区乱码| 午夜激情福利司机影院| 欧美成人午夜免费资源| 韩国av在线不卡| 色婷婷久久久亚洲欧美| 69人妻影院| 国产高清国产精品国产三级 | 国产高清不卡午夜福利| 免费看av在线观看网站| 久久6这里有精品| 日韩伦理黄色片| 成人毛片60女人毛片免费| 精品国产三级普通话版| 亚州av有码| 色网站视频免费| 在线播放无遮挡| 狠狠精品人妻久久久久久综合| 一二三四中文在线观看免费高清| 少妇被粗大猛烈的视频| 国产国拍精品亚洲av在线观看| 嫩草影院精品99| 亚洲高清免费不卡视频| 国产 精品1| 蜜桃久久精品国产亚洲av| 国产大屁股一区二区在线视频| 国产伦在线观看视频一区| 国产高清不卡午夜福利| 色网站视频免费| 国产黄色视频一区二区在线观看| 精品人妻熟女av久视频| 欧美3d第一页| 女的被弄到高潮叫床怎么办| 男人添女人高潮全过程视频| 免费看光身美女| 午夜福利网站1000一区二区三区| 精华霜和精华液先用哪个| 午夜激情久久久久久久| 亚洲aⅴ乱码一区二区在线播放| 久久久久九九精品影院| 欧美丝袜亚洲另类| 女的被弄到高潮叫床怎么办| 亚洲人成网站在线播| 中文在线观看免费www的网站| 国产精品国产av在线观看| 精品酒店卫生间| 亚洲欧美一区二区三区黑人 | 能在线免费看毛片的网站| 亚洲欧美日韩卡通动漫| 青青草视频在线视频观看| 性插视频无遮挡在线免费观看| 精品一区二区三区视频在线| 国产 精品1| 亚洲不卡免费看| 成人美女网站在线观看视频| 日韩一区二区视频免费看| 人妻系列 视频| 26uuu在线亚洲综合色| 日本与韩国留学比较| 国产午夜精品久久久久久一区二区三区| 在线观看av片永久免费下载| 欧美日韩视频精品一区| 亚洲欧洲国产日韩| 中文精品一卡2卡3卡4更新| 一边亲一边摸免费视频| 禁无遮挡网站| 美女被艹到高潮喷水动态| 中文字幕av成人在线电影| 综合色av麻豆| 亚洲人成网站在线播| 欧美最新免费一区二区三区| 一本色道久久久久久精品综合| 美女cb高潮喷水在线观看| 午夜精品国产一区二区电影 | 日韩三级伦理在线观看| 少妇人妻 视频| 亚洲综合色惰| 精品久久国产蜜桃| 日本爱情动作片www.在线观看| 男人爽女人下面视频在线观看| 国产一级毛片在线| 全区人妻精品视频| xxx大片免费视频| 日韩 亚洲 欧美在线| 国产精品不卡视频一区二区| av免费观看日本| 六月丁香七月| 亚洲三级黄色毛片| 久久99蜜桃精品久久| 日韩av免费高清视频| 永久免费av网站大全| 尾随美女入室| 亚洲经典国产精华液单| 国内精品美女久久久久久| 国产永久视频网站| 亚洲成人精品中文字幕电影| 日韩大片免费观看网站| 深爱激情五月婷婷| 精品久久久精品久久久| 美女被艹到高潮喷水动态| 亚洲一区二区三区欧美精品 | 免费看日本二区| 白带黄色成豆腐渣| 免费不卡的大黄色大毛片视频在线观看| 男人和女人高潮做爰伦理| 成年女人在线观看亚洲视频 | 在线亚洲精品国产二区图片欧美 | 丝袜脚勾引网站| 久久久欧美国产精品| 国产精品福利在线免费观看| 国语对白做爰xxxⅹ性视频网站| 国产色婷婷99| 黄片无遮挡物在线观看| 一区二区三区免费毛片| 日韩欧美一区视频在线观看 | h日本视频在线播放| 亚洲美女视频黄频| av国产久精品久网站免费入址| a级毛色黄片| 99re6热这里在线精品视频| 寂寞人妻少妇视频99o| 五月玫瑰六月丁香| 蜜桃亚洲精品一区二区三区| 永久网站在线| 国产亚洲最大av| 欧美 日韩 精品 国产| 黄色日韩在线| 日韩强制内射视频| 尤物成人国产欧美一区二区三区| 日韩一本色道免费dvd| 亚洲精品国产色婷婷电影| 亚洲精品中文字幕在线视频 | 亚洲图色成人| 国产爱豆传媒在线观看| 色播亚洲综合网| 国产色婷婷99| 国产精品成人在线| 日本一二三区视频观看| 精品少妇黑人巨大在线播放| 少妇丰满av| 国产免费一区二区三区四区乱码| 国产精品不卡视频一区二区| 亚洲av免费在线观看| 97精品久久久久久久久久精品| 99re6热这里在线精品视频| 日韩制服骚丝袜av| 99热全是精品| 老司机影院毛片| 国产男女内射视频| 免费看日本二区| 国产有黄有色有爽视频| 青青草视频在线视频观看| 久久精品国产鲁丝片午夜精品| 国产精品一区二区性色av| 久久影院123| 成年av动漫网址| 纵有疾风起免费观看全集完整版| 毛片一级片免费看久久久久| 免费看不卡的av| 最新中文字幕久久久久| 日本欧美国产在线视频| 国产精品.久久久| 国产男人的电影天堂91| 欧美极品一区二区三区四区| 大话2 男鬼变身卡| 亚洲国产精品成人综合色| 久久久a久久爽久久v久久| 永久免费av网站大全| 九色成人免费人妻av| 国产精品嫩草影院av在线观看| 久久久久久久亚洲中文字幕| 少妇高潮的动态图| 日韩一本色道免费dvd| 日韩大片免费观看网站| 久久精品久久精品一区二区三区| 三级国产精品片| 看黄色毛片网站| 边亲边吃奶的免费视频| 色吧在线观看| 丝袜美腿在线中文| 建设人人有责人人尽责人人享有的 | 男女那种视频在线观看| 日本一本二区三区精品| 国产又色又爽无遮挡免| 精品人妻偷拍中文字幕| 欧美性猛交╳xxx乱大交人| 51国产日韩欧美| 一级毛片aaaaaa免费看小| 日本免费在线观看一区| 国产成年人精品一区二区| 欧美成人一区二区免费高清观看| videos熟女内射| h日本视频在线播放| 日韩中字成人| 精品久久久久久久末码| 国产综合懂色| 老司机影院毛片| 亚洲欧美成人综合另类久久久| 观看美女的网站| 一区二区三区乱码不卡18| 美女xxoo啪啪120秒动态图| 久久精品熟女亚洲av麻豆精品| 久久精品国产a三级三级三级| 国产爽快片一区二区三区| 欧美高清性xxxxhd video| 久久精品国产a三级三级三级| 精品亚洲乱码少妇综合久久| 精品视频人人做人人爽| 成人欧美大片| 国产又色又爽无遮挡免| 欧美精品一区二区大全| 亚洲国产精品专区欧美| 色播亚洲综合网| 婷婷色av中文字幕| 亚洲人成网站在线观看播放| 国产成人精品久久久久久| 大码成人一级视频| 如何舔出高潮| 欧美亚洲 丝袜 人妻 在线| 性色avwww在线观看| 在线播放无遮挡| 亚洲一级一片aⅴ在线观看| 成年免费大片在线观看| 国产高潮美女av| 免费观看无遮挡的男女| a级一级毛片免费在线观看| 99热国产这里只有精品6| 丝袜脚勾引网站| 国产黄片美女视频| 亚洲av一区综合| 亚洲人成网站高清观看| 久久99热这里只有精品18| 一级黄片播放器| 在线天堂最新版资源| 天美传媒精品一区二区| 亚洲丝袜综合中文字幕| 亚洲一级一片aⅴ在线观看| 成人二区视频| 蜜臀久久99精品久久宅男| 国产亚洲av嫩草精品影院| 国产一区二区三区综合在线观看 | 久久ye,这里只有精品| 中文在线观看免费www的网站| 国产午夜精品久久久久久一区二区三区| 亚洲最大成人手机在线| 久久久久久久久久久免费av| 久久99热这里只频精品6学生| 亚洲丝袜综合中文字幕| 国产精品人妻久久久影院| 在线亚洲精品国产二区图片欧美 | 日韩中字成人| 国产精品一区www在线观看| 国产白丝娇喘喷水9色精品| 夫妻午夜视频| 亚洲在线观看片| 3wmmmm亚洲av在线观看| 婷婷色av中文字幕| 久久99精品国语久久久| 熟女人妻精品中文字幕| 麻豆久久精品国产亚洲av| 国产成人a∨麻豆精品| 中文资源天堂在线| av免费在线看不卡| 成年av动漫网址| av在线观看视频网站免费| 亚洲av免费高清在线观看| www.av在线官网国产| 国国产精品蜜臀av免费| 国产日韩欧美在线精品| 一本色道久久久久久精品综合| 中文字幕制服av| 亚洲激情五月婷婷啪啪| 久久久久网色| 精品国产一区二区三区久久久樱花 | 国产黄色免费在线视频| 在线免费十八禁| 日韩,欧美,国产一区二区三区| 国产av不卡久久| av黄色大香蕉| 精品一区二区免费观看| 女的被弄到高潮叫床怎么办| 国产 一区精品| 国产精品99久久99久久久不卡 | 婷婷色综合www| 国产欧美亚洲国产| 色视频在线一区二区三区| 免费人成在线观看视频色| 久久久久久伊人网av| 在线亚洲精品国产二区图片欧美 | 嘟嘟电影网在线观看| 男女啪啪激烈高潮av片| 99久久精品国产国产毛片| 看十八女毛片水多多多| av国产精品久久久久影院| 亚洲欧美成人精品一区二区| 久久久精品94久久精品| 可以在线观看毛片的网站| 免费电影在线观看免费观看| 久久久久久久久久久丰满| 欧美日韩精品成人综合77777| 在线免费观看不下载黄p国产| 肉色欧美久久久久久久蜜桃 | 身体一侧抽搐| 最近手机中文字幕大全| 国产有黄有色有爽视频| 亚洲综合精品二区| 白带黄色成豆腐渣| 久久韩国三级中文字幕| 黄色一级大片看看| 午夜免费鲁丝| 天天一区二区日本电影三级| 午夜免费鲁丝| 日韩国内少妇激情av| 国产精品爽爽va在线观看网站| 男女无遮挡免费网站观看| 亚洲一级一片aⅴ在线观看| 精品亚洲乱码少妇综合久久| 国产成人91sexporn| 久久久久久久大尺度免费视频| 国产精品成人在线| 女人被狂操c到高潮| 男人舔奶头视频| 国内精品宾馆在线| 三级国产精品欧美在线观看| 日韩亚洲欧美综合| 日本-黄色视频高清免费观看| 好男人视频免费观看在线| 五月开心婷婷网| 在线观看美女被高潮喷水网站| 观看免费一级毛片| 日日啪夜夜撸| 少妇高潮的动态图| 日本与韩国留学比较| 少妇猛男粗大的猛烈进出视频 | 成年女人看的毛片在线观看| 国产亚洲91精品色在线| 麻豆乱淫一区二区| 久久久久久久久久久免费av| 国产成人福利小说| 欧美日韩亚洲高清精品| 三级国产精品欧美在线观看| 日本av手机在线免费观看| 中文在线观看免费www的网站| 男人舔奶头视频| 国产成人a∨麻豆精品| 日韩一区二区视频免费看| 日韩不卡一区二区三区视频在线| 亚洲欧美中文字幕日韩二区| 天天一区二区日本电影三级| xxx大片免费视频| 国产一级毛片在线| av在线蜜桃| 欧美激情在线99| 波多野结衣巨乳人妻| 亚洲国产av新网站| 国产亚洲最大av| 99九九线精品视频在线观看视频| 干丝袜人妻中文字幕| 肉色欧美久久久久久久蜜桃 | 丝瓜视频免费看黄片| 日韩一本色道免费dvd| 精品久久久久久久末码| 日韩在线高清观看一区二区三区| 国产成人91sexporn| 韩国高清视频一区二区三区| 肉色欧美久久久久久久蜜桃 | 国产伦理片在线播放av一区| 我的女老师完整版在线观看| 免费黄色在线免费观看| 成人亚洲精品一区在线观看 | 久久久午夜欧美精品| 国模一区二区三区四区视频| 精品国产一区二区三区久久久樱花 | 爱豆传媒免费全集在线观看| 国产淫语在线视频| 亚洲内射少妇av| 亚洲人成网站高清观看| 亚洲欧美成人综合另类久久久| 最近的中文字幕免费完整| 99精国产麻豆久久婷婷| 色视频在线一区二区三区| 精品一区二区三卡| 美女国产视频在线观看| 晚上一个人看的免费电影| 国产爱豆传媒在线观看| 久久久久九九精品影院| 亚洲色图av天堂| 综合色av麻豆| 中文字幕久久专区| 亚洲怡红院男人天堂| 久久人人爽人人片av| 免费观看在线日韩| 久久韩国三级中文字幕| 99re6热这里在线精品视频| 一边亲一边摸免费视频| 乱码一卡2卡4卡精品| 免费观看a级毛片全部| 麻豆成人午夜福利视频| 欧美日韩综合久久久久久| 国产精品精品国产色婷婷| 欧美一级a爱片免费观看看| 日韩视频在线欧美| 亚洲欧美成人综合另类久久久| 三级国产精品片| 两个人的视频大全免费| 午夜激情福利司机影院| 五月伊人婷婷丁香| 国产综合懂色| 欧美国产精品一级二级三级 | 欧美一级a爱片免费观看看| 街头女战士在线观看网站| 午夜激情福利司机影院| 五月伊人婷婷丁香| 国产综合懂色| 久久久久久国产a免费观看| 亚洲精华国产精华液的使用体验| 一区二区三区四区激情视频| 国产有黄有色有爽视频| 国产美女午夜福利| 亚洲天堂av无毛| 99久久人妻综合| 国产一区亚洲一区在线观看| 波多野结衣巨乳人妻| 综合色丁香网| 欧美日韩综合久久久久久| 中文乱码字字幕精品一区二区三区| 男人舔奶头视频| 蜜桃亚洲精品一区二区三区| 高清日韩中文字幕在线| 免费人成在线观看视频色| 青春草亚洲视频在线观看| 国产探花极品一区二区| 欧美xxxx黑人xx丫x性爽| 国产午夜福利久久久久久| 国产美女午夜福利| 亚洲成人中文字幕在线播放| 老女人水多毛片| 国产男女内射视频| 亚洲在久久综合| 欧美xxxx黑人xx丫x性爽| 我的老师免费观看完整版| 国产乱来视频区| av播播在线观看一区| 九九爱精品视频在线观看| 国产精品人妻久久久影院| 国产精品国产av在线观看| av在线播放精品| 亚洲国产高清在线一区二区三| 亚洲人与动物交配视频| 少妇被粗大猛烈的视频| 亚洲av成人精品一区久久| 欧美国产精品一级二级三级 | 欧美潮喷喷水| 精品少妇久久久久久888优播| 亚洲成人av在线免费| 国产老妇伦熟女老妇高清| 午夜福利在线在线| 国产久久久一区二区三区| 97超视频在线观看视频| 午夜免费男女啪啪视频观看| 久久韩国三级中文字幕| 永久免费av网站大全| 欧美3d第一页| 日韩大片免费观看网站| 亚洲欧美成人精品一区二区| 美女内射精品一级片tv| 国产乱人视频| 中文字幕亚洲精品专区| 国产成人精品婷婷| 内射极品少妇av片p| 69人妻影院| www.av在线官网国产| 日韩欧美精品v在线| 少妇高潮的动态图| 亚洲自偷自拍三级| 内地一区二区视频在线| 国产精品偷伦视频观看了| 最近的中文字幕免费完整| 交换朋友夫妻互换小说| 久久国内精品自在自线图片| 欧美激情久久久久久爽电影| 久久久久久国产a免费观看| 丝袜喷水一区| 各种免费的搞黄视频| 国产精品秋霞免费鲁丝片| 狂野欧美激情性xxxx在线观看| 亚洲天堂国产精品一区在线| 久久久久精品久久久久真实原创| 成人二区视频| 久久久久久久久久久免费av| 国产69精品久久久久777片| 特大巨黑吊av在线直播| 亚洲国产高清在线一区二区三| 色播亚洲综合网| av天堂中文字幕网| 精品久久久精品久久久| 精品熟女少妇av免费看| 国产在视频线精品| 老司机影院毛片| 女人十人毛片免费观看3o分钟| 综合色丁香网| 日韩欧美一区视频在线观看 | 国产一区二区在线观看日韩| 男人爽女人下面视频在线观看| 色网站视频免费| 少妇裸体淫交视频免费看高清| 久久99热这里只频精品6学生| 一级爰片在线观看| 国产精品久久久久久精品电影| 别揉我奶头 嗯啊视频| 亚洲av成人精品一二三区| 嘟嘟电影网在线观看| 亚洲精品成人久久久久久| 亚洲成人一二三区av| 精品人妻视频免费看| 久热久热在线精品观看| 国产黄色免费在线视频| 秋霞在线观看毛片| av播播在线观看一区| 亚洲精品456在线播放app| 国产精品福利在线免费观看| 免费看av在线观看网站| 欧美日韩视频精品一区| 国产欧美日韩一区二区三区在线 | 成人国产麻豆网| 丝瓜视频免费看黄片| 美女国产视频在线观看| 国产一区有黄有色的免费视频| 国产成年人精品一区二区| 国产色婷婷99| 国产成年人精品一区二区| 内射极品少妇av片p| 好男人在线观看高清免费视频| 美女主播在线视频| 可以在线观看毛片的网站| 国产成人a∨麻豆精品| 亚洲精品视频女| 亚洲图色成人| 嫩草影院精品99| 欧美三级亚洲精品| 极品教师在线视频| 精品久久国产蜜桃| 波野结衣二区三区在线| 建设人人有责人人尽责人人享有的 | 人妻夜夜爽99麻豆av| 欧美极品一区二区三区四区| 久久久久久久午夜电影| 精品国产一区二区三区久久久樱花 | 天天躁日日操中文字幕| 交换朋友夫妻互换小说| 99久久人妻综合| 欧美性感艳星| 亚洲第一区二区三区不卡| 女的被弄到高潮叫床怎么办| 久久精品综合一区二区三区| 插逼视频在线观看| 欧美丝袜亚洲另类| 国产精品久久久久久精品电影| 国产伦在线观看视频一区| 在线 av 中文字幕| 一区二区av电影网| 91狼人影院| 国产老妇伦熟女老妇高清| 亚洲av成人精品一二三区| 欧美老熟妇乱子伦牲交| 亚洲av免费高清在线观看| 视频区图区小说| 亚洲精品一二三| 日韩亚洲欧美综合| 亚洲av成人精品一二三区| 亚洲无线观看免费| 国产淫片久久久久久久久|