Design And Implementation Of Intrusion Detection Mechanism For IPv6-based Wireless Sensor Network

A large number of nodes in wireless sensor networks use IPv6 addresses to access the Internet to achieve a seamless connection with the Internet.After accessing the Internet,resource-constrained wireless sensor networks are threatened by both local attacks and intrusions from the Internet side.Wireless sensor networks need to build an active defense system to provide security guarantee for the applications of IPv6-based wireless sensor network.Based on this,this paper designs an intrusion detection mechanism suitable for IPv6-based wireless sensor networks.The main work is as follows:1.The security requirements of IPv6-based wireless sensor networks architecture are summarized.Then the possible attacks on IPv6-based wireless sensor networks are analyzed by combining with the security considerations of IETF standards.And the attacks behaviors and scenarios of IPv6-based Internet side and IPv6-based wireless network side are described respectively.The attacks mechanism and characteristics of reconnaissance attacks,routing attacks and denial of service attacks are studied.The above studies establish a foundation for constructing an active defense system for IPv6-based wireless sensor networks.2.The IPv6-based wireless sensor network intrusion detection architecture is designed.Based on this architecture,a security framework with an intrusion detection console as the core,a traffic generation module,a traffic capture module,a feature processing module,and an intrusion detection module as the main tools is proposed.And based on this basis,the coordination mechanism and workflow of each module are designed.3.An intrusion detection mechanism suitable for IPv6-based wireless sensor networks is proposed.The collection method and processing method of security feature data are designed for the IPv6-based Internet side and the IPv6-based wireless network side respectively;On this basis,a set of lightweight intrusion detection algorithms for IPv6-based wireless sensor networks based on k-nearest neighbors are designed;Aiming at the needs of model hyperparameters estimation in the algorithm,a method of estimating the hyperparameters of intrusion detection models using known data is designed;And the complexity of the algorithm is theoretically analyzed,proving that the efficiency of the designed algorithms is stable and can be used effectively in the intrusion detection console.4.A test and verification platform to verify and analyze the intrusion detection mechanism is established.The effectiveness of the algorithm on the IPv6-based Internet side is verified through a classic data set.By using the 6Ti SCH Simulator platform to simulate attacks and generate simulation data,the effectiveness of the algorithm on the IPv6 wireless side is verified;Using the laboratory 6Lo WPAN node and gateway to build an IPv6-based wireless sensor network,the feasibility of the proposed mechanism is verified;The results show that the intrusion detection accuracy rate is stable at around 0.9,the false positive rate is below 0.25,and the detection time of the intrusion detection mechanism meets the needs of timely detection.Compared with other schemes,the proposed mechanism can effectively reduce the false positive rate of intrusion detection under the premise of good detection efficiency and detection accuracy.