物联网中基于信任抗丢包攻击的安全路由机制  被引量：21

作　　者：张光华[1,2] 杨耀红[1] 张冬雯[1] 李军[3] ZHANG Guang-hua;YANG Yao-hong;ZHANG Dong-wen;LI Jun(College of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang 050018,China;State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China;College of Mathematics and Information Science,Hebei Normal University,Shijiazhuang 050024,China)

机构地区：[1]河北科技大学信息科学与工程学院,石家庄050018 [2]西安电子科技大学综合业务网理论及关键技术国家重点实验室,西安710071 [3]河北师范大学数学与信息科学学院,石家庄050024

出　　处：《计算机科学》2019年第6期153-161,共9页Computer Science

基　　金：国家重点研发计划项目(2016YFB0800703);国家自然科学基金项目(61572255);河北省高等学校科学技术研究项目(ZD2018236)资助

摘　　要：在开放的物联网环境下,节点在路由过程中极易遭到恶意丢包攻击(包括黑洞攻击和灰洞攻击),这将严重影响网络的连通性,并导致网络的数据包投递率下降以及端到端延时增加。为此,在RPL协议的基础上,提出了一种基于信任的安全路由机制。根据节点在数据转发过程中的行为表现,引入惩罚因子来评估节点间的直接信任关系,通过熵为直接信任值和间接信任值分配权重,进而得到被评估节点的综合信任值。利用模糊集合理论对节点间的信任关系进行等级划分,为路由节点选取信任等级较高的邻居节点进行数据转发,而信任等级较低的邻居节点将被隔离出网络。此外,为了避免正常节点由于某些非入侵因素而被当作恶意节点隔离出网络,为这类节点提供一个给定的恢复时间,从而进一步判断是否将其隔离出网络。利用Contiki操作系统及其自带的Cooja网络模拟器对所提方案进行仿真,实验结果表明,在节点数目和恶意节点比例不同时,本方案的恶意节点检测率、误检率、数据包投递率和端到端延时4个指标均有所改善。在安全性方面,本方案的恶意节点检测率和误检率明显优于tRPL协议;在路由性能方面,本方案的数据包投递率和端到端延时明显优于tRPL协议和MRHOF-RPL协议。仿真分析结果充分说明:所提方案不仅能够有效识别恶意节点,而且能够在恶意攻击存在的情况下保持较好的路由性能。In an open Internet of Things environment,nodes are vulnerable to malicious packet dropping attacks(including black hole attacks and gray hole attacks)in the routing process,which will seriously affect the connectivity of the network and lead to the decrease of packet delivery rate and the increase of end-to-end delay.For this reason,this paper proposed a trust-based secure routing mechanism on the basis of RPL protocol.According to the behavior of the nodes in the data forwarding process,the penalty factor is introduced to evaluate the direct trust relationship between the nodes,the entropy is used to assign weights to the direct trust value and the indirect trust value,so that the comprehensive trust value of the evaluated nodes is obtained.The fuzzy set theory is used to classify the trust relationship between nodes,and the neighbor nodes with higher trust level are selected for the routing node to forward data,while the neighbor nodes with lower trust level are isolated from the network.In addition,in order to prevent normal nodes from being isolated from the network as malicious nodes due to some non-intrusion factors,a given recovery time will be provided to further determine whether to isolate them from the network.This paper used Contiki operating system and its Cooja network simulator to carry out the simulation experiment of this scheme.The results show that the malicious node detection rate,false detection rate,packet delivery rate and end-to-end delay of this scheme are improved when the number of nodes and the proportion of malicious nodes are different.In terms of security,the malicious node detection rate and false detection rate of this scheme are significantly better than tRPL protocol.In terms of routing performance,the packet delivery rate and end-to-end delay of this scheme are significantly better than tRPL protocol and MRHOF-RPL protocol.The simulation analysis results fully demonstrate that this scheme can not only effectively identify malicious nodes,but also maintain better routing perfor

关 键 词：物联网 信任评估 丢包攻击 恶意检测 RPL协议 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]